From a34212cd0a4542ed066c7b1ce48183270685122b Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Thu, 28 Apr 2016 17:20:42 +0200 Subject: [PATCH 01/19] Tabula rasa --- README.md | 236 --------- manifests/dotconf.pp | 107 ----- manifests/htpasswd.pp | 112 ----- manifests/init.pp | 527 --------------------- manifests/listen.pp | 42 -- manifests/module.pp | 139 ------ manifests/params.pp | 158 ------ manifests/passenger.pp | 41 -- manifests/redhat.pp | 9 - manifests/spec.pp | 22 - manifests/ssl.pp | 67 --- manifests/vhost.pp | 275 ----------- manifests/virtualhost.pp | 117 ----- metadata.json | 26 +- spec/classes/apache_spec.rb | 199 -------- spec/defines/apache_virtualhost_spec.rb | 67 --- templates/00-NameVirtualHost.conf.erb | 3 - templates/listen.conf.erb | 6 - templates/module/proxy.conf.erb | 17 - templates/spec.erb | 8 - templates/virtualhost/vhost.conf.erb | 77 --- templates/virtualhost/virtualhost.conf.erb | 16 - tests/vhost.pp | 7 - 23 files changed, 5 insertions(+), 2273 deletions(-) delete mode 100644 README.md delete mode 100644 manifests/dotconf.pp delete mode 100644 manifests/htpasswd.pp delete mode 100644 manifests/init.pp delete mode 100644 manifests/listen.pp delete mode 100644 manifests/module.pp delete mode 100644 manifests/params.pp delete mode 100644 manifests/passenger.pp delete mode 100644 manifests/redhat.pp delete mode 100644 manifests/spec.pp delete mode 100644 manifests/ssl.pp delete mode 100644 manifests/vhost.pp delete mode 100644 manifests/virtualhost.pp delete mode 100644 spec/classes/apache_spec.rb delete mode 100644 spec/defines/apache_virtualhost_spec.rb delete mode 100644 templates/00-NameVirtualHost.conf.erb delete mode 100644 templates/listen.conf.erb delete mode 100644 templates/module/proxy.conf.erb delete mode 100644 templates/spec.erb delete mode 100644 templates/virtualhost/vhost.conf.erb delete mode 100644 templates/virtualhost/virtualhost.conf.erb delete mode 100644 tests/vhost.pp diff --git a/README.md b/README.md deleted file mode 100644 index 5ee018e..0000000 --- a/README.md +++ /dev/null @@ -1,236 +0,0 @@ -# Puppet module: apache - -This is a Puppet apache module from the second generation of Example42 Puppet Modules. - -Made by Alessandro Franceschi / Lab42 - -Official site: http://www.example42.com - -Official git repository: http://github.com/example42/puppet-apache - -Released under the terms of Apache 2 License. - -This module requires functions provided by the Example42 Puppi module. - -For detailed info about the logic and usage patterns of Example42 modules read README.usage on Example42 main modules set. - -## USAGE - Module specific usage - -* Install apache with a custom httpd.conf template and some virtual hosts - - class { 'apache': - template => 'example42/apache/httpd.conf.erb', - } - - apache::vhost { 'mysite': - docroot => '/path/to/docroot', - template => 'example42/apache/vhost/mysite.com.erb', - } - - -* Install mod ssl - - include apache::ssl - - -* Manage basic auth users (Here user joe is created with the $crypt_password on the defined htpasswd_file - - apache::htpasswd { 'joe': - crypt_password => 'B5dPQYYjf.jjA', - htpasswd_file => '/etc/httpd/users.passwd', - } - - -* Manage custom configuration files (created in conf.d, source or content can be defined) - - apache::dotconf { 'trac': - content => template("site/trac/apache.conf.erb") - } - - -* Add other listening ports (a relevant NameVirtualHost directive is automatically created) - - apache::listen { '8080': } - - -* Add other listening ports without creating a relevant NameVirtualHost directive - - apache::listen { '8080': - $namevirtualhost = false, - } - - -* Add an apache module and manage its configuraton - - apache::module { 'proxy': - templatefile => 'site/apache/module/proxy.conf.erb', - } - - -* Install mod passenger - - include apache::passenger - - -## USAGE - Basic management - -* Install apache with default settings - - class { "apache": } - -* Disable apache service. - - class { "apache": - disable => true - } - -* Disable apache service at boot time, but don't stop if is running. - - class { "apache": - disableboot => true - } - -* Remove apache package - - class { "apache": - absent => true - } - -* Enable auditing without making changes on existing apache configuration files - - class { "apache": - audit_only => true - } - -* Install apache with a specific version - - class { "apache": - version => '2.2.22' - } - - -## USAGE - Default server management - -* Simple way to manage default apache configuration - - apache::vhost { 'default': - docroot => '/var/www/document_root', - server_name => false, - priority => '', - template => 'apache/virtualhost/vhost.conf.erb', - } - -* Using a source file to create the vhost - - apache::vhost { 'default': - source => 'puppet:///files/web/default.conf', - template => '', - } - - -## USAGE - Overrides and Customizations - -* Use custom sources for main config file - - class { "apache": - source => [ "puppet:///modules/lab42/apache/apache.conf-${hostname}" , "puppet:///modules/lab42/apache/apache.conf" ], - } - - -* Use custom source directory for the whole configuration dir - - class { "apache": - source_dir => "puppet:///modules/lab42/apache/conf/", - source_dir_purge => false, # Set to true to purge any existing file not present in $source_dir - } - -* Use custom template for main config file - - class { "apache": - template => "example42/apache/apache.conf.erb", - } - -* Define custom options that can be used in a custom template without the - need to add parameters to the apache class - - class { "apache": - template => "example42/apache/apache.conf.erb", - options => { - 'LogLevel' => 'INFO', - 'UsePAM' => 'yes', - }, - } - -* Automaticallly include a custom subclass - - class { "apache:" - my_class => 'apache::example42', - } - -## USAGE - Hiera Support -* Manage apache configuration using Hiera - -```yaml -apache::template: 'modules/apache/apache2.conf.erb' -apache::options: - timeout: '300' - keepalive: 'On' - maxkeepaliverequests: '100' - keepalivetimeout: '5' -``` - -* Defining Apache resources using Hiera - -```yaml -apache::virtualhost_hash: - 'mysite.com': - documentroot: '/var/www/mysite.com' - aliases: 'www.mysite.com' -apache::htpasswd_hash: - 'myuser': - crypt_password: 'password1' - htpasswd_file: '/etc/apache2/users.passwd' -apache::listen_hash: - '8080': - namevirtualhost: '*' -apache::module_hash: - 'status': - ensure: present -``` - -## USAGE - Example42 extensions management -* Activate puppi (recommended, but disabled by default) - Note that this option requires the usage of Example42 puppi module - - class { "apache": - puppi => true, - } - -* Activate puppi and use a custom puppi_helper template (to be provided separately with - a puppi::helper define ) to customize the output of puppi commands - - class { "apache": - puppi => true, - puppi_helper => "myhelper", - } - -* Activate automatic monitoring (recommended, but disabled by default) - This option requires the usage of Example42 monitor and relevant monitor tools modules - - class { "apache": - monitor => true, - monitor_tool => [ "nagios" , "monit" , "munin" ], - } - -* Activate automatic firewalling - This option requires the usage of Example42 firewall and relevant firewall tools modules - - class { "apache": - firewall => true, - firewall_tool => "iptables", - firewall_src => "10.42.0.0/24", - firewall_dst => "$ipaddress_eth0", - } - - -[![Build Status](https://travis-ci.org/example42/puppet-apache.png?branch=master)](https://travis-ci.org/example42/puppet-apache) diff --git a/manifests/dotconf.pp b/manifests/dotconf.pp deleted file mode 100644 index 6306b1a..0000000 --- a/manifests/dotconf.pp +++ /dev/null @@ -1,107 +0,0 @@ -# = Define: apache::dotconf -# -# General Apache define to be used to create generic custom .conf files -# Very simple wrapper to a normal file type -# Use source or template to define the source -# -# == Parameters -# -# [*source*] -# Sets the content of source parameter for the dotconf file -# If defined, apache dotconf file will have the param: source => $source -# -# [*template*] -# Sets the path to the template to use as content for dotconf file -# If defined, apache dotconf file has: content => content("$template") -# Note source and template parameters are mutually exclusive: don't use both -# -# == Usage -# apache::dotconf { "sarg": source => 'puppet://$servername/sarg/sarg.conf' } -# or -# apache::dotconf { "trac": content => template("trac/apache.conf.erb") } -# -define apache::dotconf ( - $enable = true, - $source = '' , - $content = '' , - $priority = '', - $ensure = present, -) { - - $manage_file_source = $source ? { - '' => undef, - default => $source, - } - - $manage_file_content = $content ? { - '' => undef, - default => $content, - } - - # Config file path - if $priority != '' { - $dotconf_path = "${apache::dotconf_dir}/${priority}-${name}.conf" - } else { - $dotconf_path = "${apache::dotconf_dir}/${name}.conf" - } - - # Config file enable path - if $priority != '' { - $dotconf_enable_path = "${apache::config_dir}/conf-enabled/${priority}-${name}.conf" - } else { - $dotconf_enable_path = "${apache::config_dir}/conf-enabled/${name}.conf" - } - - file { "Apache_${name}.conf": - ensure => $ensure, - path => $dotconf_path, - mode => $apache::config_file_mode, - owner => $apache::config_file_owner, - group => $apache::config_file_group, - require => Package['apache'], - notify => $apache::manage_service_autorestart, - source => $manage_file_source, - content => $manage_file_content, - audit => $apache::manage_audit, - } - - # Some OS specific settings: - # Ubuntu 14 uses conf-available / conf-enabled folders - case $::operatingsystem { - /(?i:Ubuntu)/ : { - case $::lsbmajdistrelease { - /14/ : { - $dotconf_link_ensure = $enable ? { - true => $dotconf_path, - false => absent, - } - - file { "ApacheDotconfEnabled_${name}": - ensure => $dotconf_link_ensure, - path => $dotconf_enable_path, - require => Package['apache'], - } - } - default: { } - } - } - /(?i:Debian)/ : { - case $::lsbmajdistrelease { - /8/ : { - $dotconf_link_ensure = $enable ? { - true => $dotconf_path, - false => absent, - } - - file { "ApacheDotconfEnabled_${name}": - ensure => $dotconf_link_ensure, - path => $dotconf_enable_path, - require => Package['apache'], - } - } - default: { } - } - } - default: { } - } -} diff --git a/manifests/htpasswd.pp b/manifests/htpasswd.pp deleted file mode 100644 index 1a5ae88..0000000 --- a/manifests/htpasswd.pp +++ /dev/null @@ -1,112 +0,0 @@ -# = Define apache::htpasswd -# -# This define managed apache htpasswd files -# Based on CamptoCamp Apache module: -# https://github.com/camptocamp/puppet-apache/blob/master/manifests/auth/htpasswd.pp -# -# == Parameters -# -# [*ensure*] -# Define if the add (present) or remove the user (set as $name) -# Default: 'present', -# -# [*htpasswd_file*] -# Path of the htpasswd file to manage. -# Default: "${apache::params::config_dir}/htpasswd" -# -# [*username*] -# Define username when you want to put the username in different files -# Default: $name -# -# [*crypt_password*] -# Crypted password (as it appears in htpasswd) -# Default: false (either crypt_password or clear_password must be set) -# -# [*clear_password*] -# Clear password (as it appears in htpasswd) -# Default: false (either crypt_password or clear_password must be set) -# -# -# == Usage -# -# Set clear password='mypass' to user 'my_user' on default htpasswd file: -# apache::htpasswd { 'myuser': -# clear_password => 'my_pass', -# } -# -# Set crypted password to user 'my_user' on custom htpasswd file: -# apache::htpasswd { 'myuser': -# crypt_password => 'B5dPQYYjf.jjA', -# htpasswd_file => '/etc/httpd/users.passwd', -# } -# -# Set the same user in different files -# apache::htpasswd { 'myuser': -# crypt_password => 'password1', -# htpasswd_file => '/etc/httpd/users.passwd' -# } -# -# apache::htpasswd { 'myuser2': -# crypt_password => 'password2', -# username => 'myuser', -# htpasswd_file => '/etc/httpd/httpd.passwd' -# } -# -define apache::htpasswd ( - $ensure = 'present', - $htpasswd_file = '', - $username = $name, - $crypt_password = false, - $clear_password = false ) { - - include apache - - $real_htpasswd_file = $htpasswd_file ? { - '' => "${apache::params::config_dir}/htpasswd", - default => $htpasswd_file, - } - - case $ensure { - - 'present': { - if $crypt_password and $clear_password { - fail 'Choose only one of crypt_password OR clear_password !' - } - - if !$crypt_password and !$clear_password { - fail 'Choose one of crypt_password OR clear_password !' - } - - if $crypt_password { - exec { "test -f ${real_htpasswd_file} || OPT='-c'; htpasswd -b \${OPT} ${real_htpasswd_file} ${username} '${crypt_password}'": - unless => "grep -q '${username}:${crypt_password}' ${real_htpasswd_file}", - path => '/bin:/sbin:/usr/bin:/usr/sbin', - } - } - - if $clear_password { - exec { "test -f ${real_htpasswd_file} || OPT='-c'; htpasswd -bp \$OPT ${real_htpasswd_file} ${username} ${clear_password}": - unless => "egrep '^${username}:' ${real_htpasswd_file} && grep ${username}:\$(mkpasswd -S \$(egrep '^${username}:' ${real_htpasswd_file} |cut -d : -f 2 |cut -c-2) ${clear_password}) ${real_htpasswd_file}", - path => '/bin:/sbin:/usr/bin:/usr/sbin', - } - } - } - - 'absent': { - exec { "htpasswd -D ${real_htpasswd_file} ${username}": - onlyif => "egrep -q '^${username}:' ${real_htpasswd_file}", - notify => Exec["delete ${real_htpasswd_file} after remove ${username}"], - path => '/bin:/sbin:/usr/bin:/usr/sbin', - } - - exec { "delete ${real_htpasswd_file} after remove ${username}": - command => "rm -f ${real_htpasswd_file}", - onlyif => "wc -l ${real_htpasswd_file} | egrep -q '^0[^0-9]'", - refreshonly => true, - path => '/bin:/sbin:/usr/bin:/usr/sbin', - } - } - - default: { } - } -} diff --git a/manifests/init.pp b/manifests/init.pp deleted file mode 100644 index 63a705f..0000000 --- a/manifests/init.pp +++ /dev/null @@ -1,527 +0,0 @@ -# = Class: apache -# -# This is the main apache class -# -# -# == Parameters -# -# Standard class parameters -# Define the general class behaviour and customizations -# -# [*my_class*] -# Name of a custom class to autoload to manage module's customizations -# If defined, apache class will automatically "include $my_class" -# Can be defined also by the (top scope) variable $apache_myclass -# -# [*source*] -# Sets the content of source parameter for main configuration file -# If defined, apache main config file will have the param: source => $source -# Can be defined also by the (top scope) variable $apache_source -# -# [*source_dir*] -# If defined, the whole apache configuration directory content is retrieved -# recursively from the specified source -# (source => $source_dir , recurse => true) -# Can be defined also by the (top scope) variable $apache_source_dir -# -# [*source_dir_purge*] -# If set to true (default false) the existing configuration directory is -# mirrored with the content retrieved from source_dir -# (source => $source_dir , recurse => true , purge => true) -# Can be defined also by the (top scope) variable $apache_source_dir_purge -# -# [*template*] -# Sets the path to the template to use as content for main configuration file -# If defined, apache main config file has: content => content("$template") -# Note source and template parameters are mutually exclusive: don't use both -# Can be defined also by the (top scope) variable $apache_template -# -# [*options*] -# An hash of custom options to be used in templates for arbitrary settings. -# Can be defined also by the (top scope) variable $apache_options -# -# [*service_autorestart*] -# Automatically restarts the apache service when there is a change in -# configuration files. Default: true, Set to false if you don't want to -# automatically restart the service. -# -# [*service_requires*] -# Overwrites the service dependencies, which are by default: Package['apache']. -# Set this parameter to a custom set of requirements, if you want to let the -# Apache service depend on more than just the package dependency. -# -# [*absent*] -# Set to 'true' to remove package(s) installed by module -# Can be defined also by the (top scope) variable $apache_absent -# -# [*disable*] -# Set to 'true' to disable service(s) managed by module -# Can be defined also by the (top scope) variable $apache_disable -# -# [*disableboot*] -# Set to 'true' to disable service(s) at boot, without checks if it's running -# Use this when the service is managed by a tool like a cluster software -# Can be defined also by the (top scope) variable $apache_disableboot -# -# [*monitor*] -# Set to 'true' to enable monitoring of the services provided by the module -# Can be defined also by the (top scope) variables $apache_monitor -# and $monitor -# -# [*monitor_tool*] -# Define which monitor tools (ad defined in Example42 monitor module) -# you want to use for apache checks -# Can be defined also by the (top scope) variables $apache_monitor_tool -# and $monitor_tool -# -# [*monitor_target*] -# The Ip address or hostname to use as a target for monitoring tools. -# Default is the fact $ipaddress -# Can be defined also by the (top scope) variables $apache_monitor_target -# and $monitor_target -# -# [*puppi*] -# Set to 'true' to enable creation of module data files that are used by puppi -# Can be defined also by the (top scope) variables $apache_puppi and $puppi -# -# [*puppi_helper*] -# Specify the helper to use for puppi commands. The default for this module -# is specified in params.pp and is generally a good choice. -# You can customize the output of puppi commands for this module using another -# puppi helper. Use the define puppi::helper to create a new custom helper -# Can be defined also by the (top scope) variables $apache_puppi_helper -# and $puppi_helper -# -# [*firewall*] -# Set to 'true' to enable firewalling of the services provided by the module -# Can be defined also by the (top scope) variables $apache_firewall -# and $firewall -# -# [*firewall_tool*] -# Define which firewall tool(s) (ad defined in Example42 firewall module) -# you want to use to open firewall for apache port(s) -# Can be defined also by the (top scope) variables $apache_firewall_tool -# and $firewall_tool -# -# [*firewall_src*] -# Define which source ip/net allow for firewalling apache. Default: 0.0.0.0/0 -# Can be defined also by the (top scope) variables $apache_firewall_src -# and $firewall_src -# -# [*firewall_dst*] -# Define which destination ip to use for firewalling. Default: $ipaddress -# Can be defined also by the (top scope) variables $apache_firewall_dst -# and $firewall_dst -# -# [*debug*] -# Set to 'true' to enable modules debugging -# Can be defined also by the (top scope) variables $apache_debug and $debug -# -# [*audit_only*] -# Set to 'true' if you don't intend to override existing configuration files -# and want to audit the difference between existing files and the ones -# managed by Puppet. -# Can be defined also by the (top scope) variables $apache_audit_only -# and $audit_only -# -# Default class params - As defined in apache::params. -# Note that these variables are mostly defined and used in the module itself, -# overriding the default values might not affected all the involved components. -# Set and override them only if you know what you're doing. -# Note also that you can't override/set them via top scope variables. -# -# [*package*] -# The name of apache package -# -# [*service*] -# The name of apache service -# -# [*service_status*] -# If the apache service init script supports status argument -# -# [*process*] -# The name of apache process -# -# [*process_args*] -# The name of apache arguments. Used by puppi and monitor. -# Used only in case the apache process name is generic (java, ruby...) -# -# [*process_user*] -# The name of the user apache runs with. Used by puppi and monitor. -# -# [*config_dir*] -# Main configuration directory. Used by puppi -# -# [*config_file*] -# Main configuration file path -# -# [*config_file_mode*] -# Main configuration file path mode -# -# [*config_file_owner*] -# Main configuration file path owner -# -# [*config_file_group*] -# Main configuration file path group -# -# [*config_file_init*] -# Path of configuration file sourced by init script -# -# [*config_file_default_purge*] -# Set to 'true' to purge the default configuration file -# -# [*pid_file*] -# Path of pid file. Used by monitor -# -# [*data_dir*] -# Path of application data directory. Used by puppi -# -# [*log_dir*] -# Base logs directory. Used by puppi -# -# [*log_file*] -# Log file(s). Used by puppi -# -# [*port*] -# The listening port, if any, of the service. -# This is used by monitor, firewall and puppi (optional) components -# Note: This doesn't necessarily affect the service configuration file -# Can be defined also by the (top scope) variable $apache_port -# -# [*ssl_port*] -# The ssl port, used if apache::ssl is included and monitor/firewall -# are enabled -# -# [*protocol*] -# The protocol used by the the service. -# This is used by monitor, firewall and puppi (optional) components -# Can be defined also by the (top scope) variable $apache_protocol -# -# [*version*] -# The version of apache package to be installed -# -# -# == Examples -# -# You can use this class in 2 ways: -# - Set variables (at top scope level on in a ENC) and "include apache" -# - Call apache as a parametrized class -# -# See README for details. -# -# -# == Author -# Alessandro Franceschi -# -class apache ( - $my_class = params_lookup( 'my_class' ), - $source = params_lookup( 'source' ), - $source_dir = params_lookup( 'source_dir' ), - $source_dir_purge = params_lookup( 'source_dir_purge' ), - $template = params_lookup( 'template' ), - $service_autorestart = params_lookup( 'service_autorestart' , 'global' ), - $options = params_lookup( 'options' ), - $absent = params_lookup( 'absent' ), - $disable = params_lookup( 'disable' ), - $disableboot = params_lookup( 'disableboot' ), - $monitor = params_lookup( 'monitor' , 'global' ), - $monitor_tool = params_lookup( 'monitor_tool' , 'global' ), - $monitor_target = params_lookup( 'monitor_target' , 'global' ), - $puppi = params_lookup( 'puppi' , 'global' ), - $puppi_helper = params_lookup( 'puppi_helper' , 'global' ), - $firewall = params_lookup( 'firewall' , 'global' ), - $firewall_tool = params_lookup( 'firewall_tool' , 'global' ), - $firewall_src = params_lookup( 'firewall_src' , 'global' ), - $firewall_dst = params_lookup( 'firewall_dst' , 'global' ), - $debug = params_lookup( 'debug' , 'global' ), - $audit_only = params_lookup( 'audit_only' , 'global' ), - $package = params_lookup( 'package' ), - $service = params_lookup( 'service' ), - $service_status = params_lookup( 'service_status' ), - $service_requires = params_lookup( 'service_requires' ), - $process = params_lookup( 'process' ), - $process_args = params_lookup( 'process_args' ), - $process_user = params_lookup( 'process_user' ), - $config_dir = params_lookup( 'config_dir' ), - $config_file = params_lookup( 'config_file' ), - $config_file_mode = params_lookup( 'config_file_mode' ), - $config_file_owner = params_lookup( 'config_file_owner' ), - $config_file_group = params_lookup( 'config_file_group' ), - $config_file_init = params_lookup( 'config_file_init' ), - $config_file_default_purge = params_lookup( 'config_file_default_purge'), - $pid_file = params_lookup( 'pid_file' ), - $data_dir = params_lookup( 'data_dir' ), - $log_dir = params_lookup( 'log_dir' ), - $log_file = params_lookup( 'log_file' ), - $port = params_lookup( 'port' ), - $ssl_port = params_lookup( 'ssl_port' ), - $protocol = params_lookup( 'protocol' ), - $version = params_lookup( 'version' ), - $dotconf_hash = params_lookup( 'dotconf_hash'), - $htpasswd_hash = params_lookup( 'htpasswd_hash'), - $listen_hash = params_lookup( 'listen_hash'), - $module_hash = params_lookup( 'module_hash'), - $vhost_hash = params_lookup( 'vhost_hash'), - $virtualhost_hash = params_lookup( 'virtualhost_hash'), - ) inherits apache::params { - - $bool_source_dir_purge=any2bool($source_dir_purge) - $bool_service_autorestart=any2bool($service_autorestart) - $bool_absent=any2bool($absent) - $bool_disable=any2bool($disable) - $bool_disableboot=any2bool($disableboot) - $bool_monitor=any2bool($monitor) - $bool_puppi=any2bool($puppi) - $bool_firewall=any2bool($firewall) - $bool_debug=any2bool($debug) - $bool_audit_only=any2bool($audit_only) - - ## Integration with Hiera - if $dotconf_hash != {} { - validate_hash($dotconf_hash) - create_resources('apache::dotconf', $dotconf_hash) - } - if $htpasswd_hash != {} { - validate_hash($htpasswd_hash) - create_resources('apache::htpasswd', $htpasswd_hash) - } - if $listen_hash != {} { - validate_hash($listen_hash) - create_resources('apache::listen', $listen_hash) - } - if $module_hash != {} { - validate_hash($module_hash) - create_resources('apache::module', $module_hash) - } - if $vhost_hash != {} { - validate_hash($vhost_hash) - create_resources('apache::vhost', $vhost_hash) - } - if $virtualhost_hash != {} { - validate_hash($virtualhost_hash) - create_resources('apache::virtualhost', $virtualhost_hash) - } - - ### Calculation of variables that dependes on arguments - $vdir = $::operatingsystem ? { - /(?i:Ubuntu|Debian|Mint)/ => "${apache::config_dir}/sites-available", - SLES => "${apache::config_dir}/vhosts.d", - default => "${apache::config_dir}/conf.d", - } - - case $::operatingsystem { - /(?i:Ubuntu)/ : { - case $::lsbmajdistrelease { - /14/ : { - $dotconf_dir = "${apache::config_dir}/conf-available" - } - default: { - $dotconf_dir = "${apache::config_dir}/conf.d" - } - } - } - /(?i:Debian)/ : { - case $::lsbmajdistrelease { - /8/ : { - $dotconf_dir = "${apache::config_dir}/conf-available" - } - default: { - $dotconf_dir = "${apache::config_dir}/conf.d" - } - } - } - default: { - $dotconf_dir = "${apache::config_dir}/conf.d" - } - } - - ### Definition of some variables used in the module - $manage_package = $apache::bool_absent ? { - true => 'absent', - false => $apache::version ? { - '' => 'present', - default => $apache::version, - }, - } - - $manage_service_enable = $apache::bool_disableboot ? { - true => false, - default => $apache::bool_disable ? { - true => false, - default => $apache::bool_absent ? { - true => false, - false => true, - }, - }, - } - - $manage_service_ensure = $apache::bool_disable ? { - true => 'stopped', - default => $apache::bool_absent ? { - true => 'stopped', - default => 'running', - }, - } - - $manage_service_autorestart = $apache::bool_service_autorestart ? { - true => 'Service[apache]', - false => undef, - } - - $manage_file = $apache::bool_absent ? { - true => 'absent', - default => 'present', - } - - if $apache::bool_absent == true - or $apache::bool_disable == true - or $apache::bool_monitor == false - or $apache::bool_disableboot == true { - $manage_monitor = false - } else { - $manage_monitor = true - } - - if $apache::bool_absent == true or $apache::bool_disable == true { - $manage_firewall = false - } else { - $manage_firewall = true - } - - $manage_audit = $apache::bool_audit_only ? { - true => 'all', - false => undef, - } - - $manage_file_replace = $apache::bool_audit_only ? { - true => false, - false => true, - } - - $manage_file_source = $apache::source ? { - '' => undef, - default => $apache::source, - } - - $manage_file_content = $apache::template ? { - '' => undef, - default => template($apache::template), - } - - ### Managed resources - package { 'apache': - ensure => $apache::manage_package, - name => $apache::package, - } - - service { 'apache': - ensure => $apache::manage_service_ensure, - name => $apache::service, - enable => $apache::manage_service_enable, - hasstatus => $apache::service_status, - pattern => $apache::process, - require => $service_requires, - } - - file { 'apache.conf': - ensure => $apache::manage_file, - path => $apache::config_file, - mode => $apache::config_file_mode, - owner => $apache::config_file_owner, - group => $apache::config_file_group, - require => Package['apache'], - notify => $apache::manage_service_autorestart, - source => $apache::manage_file_source, - content => $apache::manage_file_content, - replace => $apache::manage_file_replace, - audit => $apache::manage_audit, - } - - # The whole apache configuration directory can be recursively overriden - if $apache::source_dir and $apache::source_dir != '' { - file { 'apache.dir': - ensure => directory, - path => $apache::config_dir, - require => Package['apache'], - notify => $apache::manage_service_autorestart, - source => $apache::source_dir, - recurse => true, - purge => $apache::bool_source_dir_purge, - force => $apache::bool_source_dir_purge, - replace => $apache::manage_file_replace, - audit => $apache::manage_audit, - } - } - - if $apache::config_file_default_purge { - apache::vhost { 'default': - enable => false, - priority => '', - } - } - - ### Include custom class if $my_class is set - if $apache::my_class and $apache::my_class != '' { - include $apache::my_class - } - - - ### Provide puppi data, if enabled ( puppi => true ) - if $apache::bool_puppi == true { - $classvars=get_class_args() - puppi::ze { 'apache': - ensure => $apache::manage_file, - variables => $classvars, - helper => $apache::puppi_helper, - } - } - - - ### Service monitoring, if enabled ( monitor => true ) - if $apache::monitor_tool { - monitor::port { "apache_${apache::protocol}_${apache::port}": - protocol => $apache::protocol, - port => $apache::port, - target => $apache::monitor_target, - tool => $apache::monitor_tool, - enable => $apache::manage_monitor, - } - monitor::process { 'apache_process': - process => $apache::process, - service => $apache::service, - pidfile => $apache::pid_file, - user => $apache::process_user, - argument => $apache::process_args, - tool => $apache::monitor_tool, - enable => $apache::manage_monitor, - } - } - - - ### Firewall management, if enabled ( firewall => true ) - if $apache::bool_firewall == true { - firewall { "apache_${apache::protocol}_${apache::port}": - source => $apache::firewall_src, - destination => $apache::firewall_dst, - protocol => $apache::protocol, - port => $apache::port, - action => 'allow', - direction => 'input', - tool => $apache::firewall_tool, - enable => $apache::manage_firewall, - } - } - - - ### Debugging, if enabled ( debug => true ) - if $apache::bool_debug == true { - file { 'debug_apache': - ensure => $apache::manage_file, - path => "${settings::vardir}/debug-apache", - mode => '0640', - owner => 'root', - group => 'root', - content => inline_template('<%= scope.to_hash.reject { |k,v| k.to_s =~ /(uptime.*|path|timestamp|free|.*password.*|.*psk.*|.*key)/ }.to_yaml %>'), - } - } -} diff --git a/manifests/listen.pp b/manifests/listen.pp deleted file mode 100644 index 093d371..0000000 --- a/manifests/listen.pp +++ /dev/null @@ -1,42 +0,0 @@ -# = Define: apache::listen -# -# This define creates a Listen statement in Apache configuration -# It adds a single configuration file to Apache conf.d with the Listen -# statement -# -# == Parameters -# -# [*namevirtualhost*] -# If to add a NameVirtualHost for this port. Default: * -# (it creates a NameVirtualHost <%= @namevirtualhost %>:<%= @port %> entry) -# Set to false to listen to the port without a NameVirtualHost -# -# == Examples -# apache::listen { '8080':} -# -define apache::listen ( - $namevirtualhost = '*', - $ensure = 'present', - $template = 'apache/listen.conf.erb', - $notify_service = true ) { - - include apache - - $manage_service_autorestart = $notify_service ? { - true => 'Service[apache]', - false => undef, - } - - file { "Apache_Listen_${name}.conf": - ensure => $ensure, - path => "${apache::config_dir}/conf.d/0000_listen_${name}.conf", - mode => $apache::config_file_mode, - owner => $apache::config_file_owner, - group => $apache::config_file_group, - require => Package['apache'], - notify => $manage_service_autorestart, - content => template($template), - audit => $apache::manage_audit, - } - -} diff --git a/manifests/module.pp b/manifests/module.pp deleted file mode 100644 index 8c60352..0000000 --- a/manifests/module.pp +++ /dev/null @@ -1,139 +0,0 @@ -# = Define: apache::module -# -# This define installs and configures apache modules -# On Debian and derivatives it places the module config -# into /etc/apache/mods-available. -# On RedHat and derivatives it just creates the configuration file, if -# provided via the templatefile => argument -# If you need to customize the module .conf file, -# add a templatefile with path to the template, -# -# == Parameters -# -# [*ensure*] -# If to enable/install the module. Default: present -# Set to absent to disable/remove the module -# -# [*templatefile*] -# Optional. Location of the template to use to configure -# the module -# -# [*install_package*] -# If a module package has to be installed. Default: false -# Set to true if the module package is not installed by default -# and you need to install the relevant package -# In this case the package name is calculated according to the operatingsystem -# and the ${name} variable. -# If the autocalculated package name for the module is not -# correct, you can explicitely set it (using a string different than -# true or false) -# -# [*notify_service*] -# If you want to restart the apache service automatically when -# the module is applied. Default: true -# -# == Examples -# apache::module { 'proxy': -# templatefile => 'apache/module/proxy.conf.erb', -# } -# -# apache::module { 'bw': -# install_package => true, -# templatefile => 'myclass/apache/bw.conf.erb', -# } -# -# apache::module { 'proxy_html': -# install_package => 'libapache2-mod-proxy-html', -# } -# -# -define apache::module ( - $ensure = 'present', - $templatefile = '', - $install_package = false, - $notify_service = true ) { - - include apache - - $manage_service_autorestart = $notify_service ? { - true => 'Service[apache]', - false => undef, - } - - if $install_package != false { - $modpackage_basename = $::operatingsystem ? { - /(?i:Ubuntu|Debian|Mint)/ => 'libapache2-mod-', - /(?i:SLES|OpenSuSE)/ => 'apache2-mod_', - default => 'mod_', - } - - $real_install_package = $install_package ? { - true => "${modpackage_basename}${name}", - default => $install_package, - } - - package { "ApacheModule_${name}": - ensure => $ensure, - name => $real_install_package, - notify => $manage_service_autorestart, - require => Package['apache'], - } - - } - - - if $templatefile != '' { - $module_conf_path = $::operatingsystem ? { - /(?i:Ubuntu|Debian|Mint)/ => "${apache::config_dir}/mods-available/${name}.conf", - default => "${apache::config_dir}/conf.d/module_${name}.conf", - } - - file { "ApacheModule_${name}_conf": - ensure => present , - path => $module_conf_path, - mode => $apache::config_file_mode, - owner => $apache::config_file_owner, - group => $apache::config_file_group, - content => template($templatefile), - notify => $manage_service_autorestart, - require => Package['apache'], - } - } - - - if $::operatingsystem == 'Debian' - or $::operatingsystem == 'Ubuntu' - or $::operatingsystem == 'Mint' { - case $ensure { - 'present': { - - $exec_a2enmod_subscribe = $install_package ? { - false => undef, - default => Package["ApacheModule_${name}"] - } - $exec_a2dismode_before = $install_package ? { - false => undef, - default => Package["ApacheModule_${name}"] - } - - exec { "/usr/sbin/a2enmod ${name}": - unless => "/bin/sh -c '[ -L ${apache::config_dir}/mods-enabled/${name}.load ] && [ ${apache::config_dir}/mods-enabled/${name}.load -ef ${apache::config_dir}/mods-available/${name}.load ]'", - notify => $manage_service_autorestart, - require => Package['apache'], - subscribe => $exec_a2enmod_subscribe, - } - } - 'absent': { - exec { "/usr/sbin/a2dismod ${name}": - onlyif => "/bin/sh -c '[ -L ${apache::config_dir}/mods-enabled/${name}.load ] && [ ${apache::config_dir}/mods-enabled/${name}.load -ef ${apache::config_dir}/mods-available/${name}.load ]'", - notify => $manage_service_autorestart, - require => Package['apache'], - before => $exec_a2dismode_before, - } - } - default: { - } - } - } - -} diff --git a/manifests/params.pp b/manifests/params.pp deleted file mode 100644 index e749694..0000000 --- a/manifests/params.pp +++ /dev/null @@ -1,158 +0,0 @@ -# Class: apache::params -# -# This class defines default parameters used by the main module class apache -# Operating Systems differences in names and paths are addressed here -# -# == Variables -# -# Refer to apache class for the variables defined here. -# -# == Usage -# -# This class is not intended to be used directly. -# It may be imported or inherited by other classes -# -class apache::params { - - ### Application specific parameters - $package_modssl = $::operatingsystem ? { - /(?i:Ubuntu|Debian|Mint)/ => 'libapache-mod-ssl', - /(?i:SLES|OpenSuSE)/ => undef, - default => 'mod_ssl', - } - - ### Application related parameters - - $package = $::operatingsystem ? { - /(?i:Ubuntu|Debian|Mint)/ => 'apache2', - /(?i:SLES|OpenSuSE)/ => 'apache2', - default => 'httpd', - } - - $service = $::operatingsystem ? { - /(?i:Ubuntu|Debian|Mint)/ => 'apache2', - /(?i:SLES|OpenSuSE)/ => 'apache2', - default => 'httpd', - } - - $service_status = $::operatingsystem ? { - default => true, - } - - $process = $::operatingsystem ? { - /(?i:Ubuntu|Debian|Mint)/ => 'apache2', - /(?i:SLES|OpenSuSE)/ => 'httpd2-prefork', - default => 'httpd', - } - - $process_args = $::operatingsystem ? { - default => '', - } - - $process_user = $::operatingsystem ? { - /(?i:Ubuntu|Debian|Mint)/ => 'www-data', - /(?i:SLES|OpenSuSE)/ => 'wwwrun', - default => 'apache', - } - - $config_dir = $::operatingsystem ? { - /(?i:Ubuntu|Debian|Mint)/ => '/etc/apache2', - /(?i:SLES|OpenSuSE)/ => '/etc/apache2', - freebsd => '/usr/local/etc/apache20', - default => '/etc/httpd', - } - - $config_file = $::operatingsystem ? { - /(?i:Ubuntu|Debian|Mint)/ => '/etc/apache2/apache2.conf', - /(?i:SLES|OpenSuSE)/ => '/etc/apache2/httpd.conf', - freebsd => '/usr/local/etc/apache20/httpd.conf', - default => '/etc/httpd/conf/httpd.conf', - } - - $config_file_mode = $::operatingsystem ? { - default => '0644', - } - - $config_file_owner = $::operatingsystem ? { - default => 'root', - } - - $config_file_group = $::operatingsystem ? { - freebsd => 'wheel', - default => 'root', - } - - $config_file_init = $::operatingsystem ? { - /(?i:Debian|Ubuntu|Mint)/ => '/etc/default/apache2', - /(?i:SLES|OpenSuSE)/ => '/etc/sysconfig/apache2', - default => '/etc/sysconfig/httpd', - } - - $pid_file = $::operatingsystem ? { - /(?i:Debian|Ubuntu|Mint)/ => '/var/run/apache2.pid', - /(?i:SLES|OpenSuSE)/ => '/var/run/httpd2.pid', - default => '/var/run/httpd.pid', - } - - $log_dir = $::operatingsystem ? { - /(?i:Debian|Ubuntu|Mint)/ => '/var/log/apache2', - /(?i:SLES|OpenSuSE)/ => '/var/log/apache2', - default => '/var/log/httpd', - } - - $log_file = $::operatingsystem ? { - /(?i:Debian|Ubuntu|Mint)/ => ['/var/log/apache2/access.log','/var/log/apache2/error.log'], - /(?i:SLES|OpenSuSE)/ => ['/var/log/apache2/access.log','/var/log/apache2/error.log'], - default => ['/var/log/httpd/access.log','/var/log/httpd/error.log'], - } - - $data_dir = $::operatingsystem ? { - /(?i:Debian|Ubuntu|Mint)/ => '/var/www', - /(?i:Suse|OpenSuse)/ => '/srv/www/htdocs', - default => '/var/www/html', - } - - $ports_conf_path = $::operatingsystem ? { - /(?i:Debian|Ubuntu|Mint)/ => '/etc/apache2/ports.conf', - default => '', - } - - $port = '80' - $ssl_port = '443' - $protocol = 'tcp' - - # General Settings - $my_class = '' - $source = '' - $source_dir = '' - $source_dir_purge = false - $config_file_default_purge = false - $template = '' - $options = '' - $service_autorestart = true - $service_requires = Package['apache'] - $absent = false - $version = '' - $disable = false - $disableboot = false - - ### General module variables that can have a site or per module default - $monitor = false - $monitor_tool = '' - $monitor_target = $::ipaddress - $firewall = false - $firewall_tool = '' - $firewall_src = '0.0.0.0/0' - $firewall_dst = $::ipaddress - $puppi = false - $puppi_helper = 'standard' - $debug = false - $audit_only = false - $dotconf_hash = {} - $htpasswd_hash = {} - $listen_hash = {} - $module_hash = {} - $vhost_hash = {} - $virtualhost_hash = {} - -} diff --git a/manifests/passenger.pp b/manifests/passenger.pp deleted file mode 100644 index 9cb409c..0000000 --- a/manifests/passenger.pp +++ /dev/null @@ -1,41 +0,0 @@ -# Class apache::passenger -# -# Apache resources specific for passenger -# -class apache::passenger { - - include apache - - case $::operatingsystem { - ubuntu,debian,mint: { - package { 'libapache2-mod-passenger': - ensure => present; - } - - exec { 'enable-passenger': - command => '/usr/sbin/a2enmod passenger', - creates => '/etc/apache2/mods-enabled/passenger.load', - notify => Service['apache'], - require => [ - Package['apache'], - Package['libapache2-mod-passenger'] - ], - } - } - - centos,redhat,scientific,fedora: { - $osver = split($::operatingsystemrelease, '[.]') - - case $osver[0] { - 5: { require yum::repo::passenger } - default: { } - } - package { 'mod_passenger': - ensure => present; - } - } - - default: { } - } - -} diff --git a/manifests/redhat.pp b/manifests/redhat.pp deleted file mode 100644 index 72a4e42..0000000 --- a/manifests/redhat.pp +++ /dev/null @@ -1,9 +0,0 @@ -# Class apache::redhat -# -# Apache resources specific for RedHat -# -class apache::redhat { - apache::dotconf { '00-NameVirtualHost': - content => template('apache/00-NameVirtualHost.conf.erb'), - } -} diff --git a/manifests/spec.pp b/manifests/spec.pp deleted file mode 100644 index ef75f69..0000000 --- a/manifests/spec.pp +++ /dev/null @@ -1,22 +0,0 @@ -# Class: apache::spec -# -# This class is used only for rpsec-puppet tests -# Can be taken as an example on how to do custom classes but should not -# be modified. -# -# == Usage -# -# This class is not intended to be used directly. -# Use it as reference -# -class apache::spec inherits apache { - - # This just a test to override the arguments of an existing resource - # Note that you can achieve this same result with just: - # class { "apache": template => "apache/spec.erb" } - - File['apache.conf'] { - content => template('apache/spec.erb'), - } - -} diff --git a/manifests/ssl.pp b/manifests/ssl.pp deleted file mode 100644 index 6d0f6d7..0000000 --- a/manifests/ssl.pp +++ /dev/null @@ -1,67 +0,0 @@ -# Class apache::ssl -# -# Apache resources specific for SSL -# -class apache::ssl { - - include apache - - case $::operatingsystem { - ubuntu,debian,mint: { - exec { 'enable-ssl': - command => '/usr/sbin/a2enmod ssl', - creates => '/etc/apache2/mods-enabled/ssl.load', - notify => Service['apache'], - require => Package['apache'], - } - } - - default: { - package { 'mod_ssl': - ensure => present, - require => Package['apache'], - notify => Service['apache'], - } - file { "${apache::config_dir}/ssl.conf": - mode => '0644', - owner => 'root', - group => 'root', - notify => Service['apache'], - } - file {['/var/cache/mod_ssl', '/var/cache/mod_ssl/scache']: - ensure => directory, - owner => 'apache', - group => 'root', - mode => '0700', - require => Package['mod_ssl'], - notify => Service['apache'], - } - } - } - - ### Port monitoring, if enabled ( monitor => true ) - if $apache::bool_monitor == true { - monitor::port { "apache_${apache::protocol}_${apache::ssl_port}": - protocol => $apache::protocol, - port => $apache::ssl_port, - target => $apache::monitor_target, - tool => $apache::monitor_tool, - enable => $apache::manage_monitor, - } - } - - ### Firewall management, if enabled ( firewall => true ) - if $apache::bool_firewall == true { - firewall { "apache_${apache::protocol}_${apache::ssl_port}": - source => $apache::firewall_src, - destination => $apache::firewall_dst, - protocol => $apache::protocol, - port => $apache::ssl_port, - action => 'allow', - direction => 'input', - tool => $apache::firewall_tool, - enable => $apache::manage_firewall, - } - } - -} diff --git a/manifests/vhost.pp b/manifests/vhost.pp deleted file mode 100644 index 8c1d89d..0000000 --- a/manifests/vhost.pp +++ /dev/null @@ -1,275 +0,0 @@ -# = Define: apache::vhost -# -# This class manages Apache Virtual Hosts configuration files -# -# == Parameters: -# [*port*] -# The port to configure the host on - -# [*ip_addr*] -# The ip to configure the host on. Default: * (all IPs) -# -# [*docroot*] -# The VirtualHost DocumentRoot -# -# [*docroot_create*] -# If the specified directory has to be created. Default: false -# -# [*ssl*] -# Set to true to enable SSL for this Virtual Host -# -# [*template*] -# Specify a custom template to use instead of the default one -# The value will be used in content => template($template) -# -# [*source*] -# Source file for vhost. Alternative to template. -# Note that if you decide to source a static file most of the other -# parameters of this define won't be used. -# Note also that if you set a source file, you've to explicitly set -# the template parameter to undef. -# -# [*priority*] -# The priority of the VirtualHost, lower values are evaluated first -# Set to '' to edit default apache value -# -# [*serveraliases*] -# An optional list of space separated ServerAliases -# -# [*env_variables*] -# An optional list of space separated environment variables (e.g ['APP_ENV dev']) -# -# [*server_admin*] -# Server admin email address -# -# [*server_name*] -# An optional way to directly set server name -# False mean, that servername is not present in generated config file -# -# [*passenger*] -# If Passenger should be enabled -# -# [*passenger_high_performance*] -# Set the PassengerHighPerformance directive -# -# [*passenger_pool_max_pool_size*] -# Set the PassengerMaxPoolSize directive -# -# [*passenger_pool_idle_time*] -# Set the PassengerPoolIdleTime directive -# -# [*passenger_max_requests*] -# Set the PassengerMaxRequests directive -# -# [*passenger_stat_throttle_rate*] -# Set the PassengerStatThrottleRate directive -# -# [*passenger_rack_auto_detect*] -# Set the RackAutoDetect directive -# -# [*passenger_rails_auto_detect*] -# Set the RailsAutoDetect directive -# -# [*passenger_rails_env*] -# Set the RailsEnv directive -# -# [*passenger_rails_base_uri*] -# Set the RackBaseURI directive -# -# [*passenger_rack_env*] -# Set the RackEnv directive -# -# [*passenger_rack_base_uri*] -# Set the RackBaseURI directive -# -# [*directory*] -# Set the VHost directory used for the directive -# -# [*directory_options*] -# Set the directory's Options -# -# [*directory_allow_override*] -# Set the directory's override configuration -# -# [*directory_require*] -# Set the Require attribute for Apache 2.4 -# -# [*aliases*] -# Set one or more Alias directives (e.g '/phpmyadmin /usr/share/phpMyAdmin' -# or ['/alias1 /path/to/alias', '/alias2 /path/to/secondalias']) -# -# [*proxy_aliases*] -# Set one or more proxy and reverse proxy directives. (e.g. '/manager http://localhost:8080/manager' -# or ['/manager http://localhost:8080/manager', '/alias3 http://remote.server.com/alias']) -# -# == Examples: -# apache::vhost { 'site.name.fqdn': -# docroot => '/path/to/docroot', -# } -# -# apache::vhost { 'mysite': -# docroot => '/path/to/docroot', -# template => 'myproject/apache/mysite.conf', -# } -# -# apache::vhost { 'my.other.site': -# docroot => '/path/to/docroot', -# directory => '/path/to', -# directory_allow_override => 'All', -# } -# -# apache::vhost { 'sitewithalias': -# docroot => '/path/to/docroot', -# aliases => '/phpmyadmin /usr/share/phpMyAdmin', -# } -# -define apache::vhost ( - $server_admin = '', - $server_name = '', - $docroot = '', - $docroot_create = false, - $docroot_owner = 'root', - $docroot_group = 'root', - $port = '80', - $ip_addr = '*', - $ssl = false, - $template = 'apache/virtualhost/vhost.conf.erb', - $source = '', - $priority = '50', - $serveraliases = '', - $env_variables = '', - $passenger = false, - $passenger_high_performance = true, - $passenger_max_pool_size = 12, - $passenger_pool_idle_time = 1200, - $passenger_max_requests = 0, - $passenger_stat_throttle_rate = 30, - $passenger_rack_auto_detect = true, - $passenger_rails_auto_detect = false, - $passenger_rails_env = '', - $passenger_rails_base_uri = '', - $passenger_rack_env = '', - $passenger_rack_base_uri = '', - $enable = true, - $directory = '', - $directory_options = '', - $directory_allow_override = 'None', - $directory_require = '', - $aliases = '', - $proxy_aliases = '' -) { - - $ensure = $enable ? { - true => present, - false => present, - absent => absent, - } - $bool_docroot_create = any2bool($docroot_create) - $bool_passenger = any2bool($passenger) - $bool_passenger_high_performance = any2bool($passenger_high_performance) - $bool_passenger_rack_auto_detect = any2bool($passenger_rack_auto_detect) - $bool_passenger_rails_auto_detect = any2bool($passenger_rails_auto_detect) - - $real_docroot = $docroot ? { - '' => "${apache::data_dir}/${name}", - default => $docroot, - } - - $real_directory = $directory ? { - '' => $apache::data_dir, - default => $directory, - } - - $server_name_value = $server_name ? { - '' => $name, - default => $server_name, - } - - $manage_file_source = $source ? { - '' => undef, - default => $source, - } - - # Server admin email - if $server_admin != '' { - $server_admin_email = $server_admin - } elsif ($name != 'default') and ($name != 'default-ssl') { - $server_admin_email = "webmaster@${name}" - } else { - $server_admin_email = 'webmaster@localhost' - } - - # Config file path - if $priority != '' { - $config_file_path = "${apache::vdir}/${priority}-${name}.conf" - } elsif ($name != 'default') and ($name != 'default-ssl') { - $config_file_path = "${apache::vdir}/${name}.conf" - } else { - $config_file_path = "${apache::vdir}/${name}" - } - - # Config file enable path - if $priority != '' { - $config_file_enable_path = "${apache::config_dir}/sites-enabled/${priority}-${name}.conf" - } elsif ($name != 'default') and ($name != 'default-ssl') { - $config_file_enable_path = "${apache::config_dir}/sites-enabled/${name}.conf" - } else { - $config_file_enable_path = "${apache::config_dir}/sites-enabled/000-${name}" - } - - $manage_file_content = $template ? { - '' => undef, - undef => undef, - default => template($template), - } - - include apache - - file { $config_file_path: - ensure => $ensure, - source => $manage_file_source, - content => $manage_file_content, - mode => $apache::config_file_mode, - owner => $apache::config_file_owner, - group => $apache::config_file_group, - require => Package['apache'], - notify => $apache::manage_service_autorestart, - } - - # Some OS specific settings: - # On Debian/Ubuntu manages sites-enabled - case $::operatingsystem { - ubuntu,debian,mint: { - $file_vhost_link_ensure = $enable ? { - true => $config_file_path, - false => absent, - absent => absent, - } - file { "ApacheVHostEnabled_${name}": - ensure => $file_vhost_link_ensure, - path => $config_file_enable_path, - require => Package['apache'], - notify => $apache::manage_service_autorestart, - } - } - redhat,centos,scientific,fedora: { - include apache::redhat - } - default: { } - } - - if $bool_docroot_create == true { - file { $real_docroot: - ensure => directory, - owner => $docroot_owner, - group => $docroot_group, - mode => '0775', - require => Package['apache'], - } - } - - if $bool_passenger == true { - include apache::passenger - } -} - diff --git a/manifests/virtualhost.pp b/manifests/virtualhost.pp deleted file mode 100644 index c36a8a8..0000000 --- a/manifests/virtualhost.pp +++ /dev/null @@ -1,117 +0,0 @@ -# = Define: apache::virtualhost -# -# NOTE: This define does the same function of apache::vhost and is -# now deprecated. Use apache::vhost instead. -# -# Basic Virtual host management define -# You can use different templates for your apache virtual host files -# Default is virtualhost.conf.erb, adapt it to your needs or create -# your custom template. -# -# == Usage: -# With standard template: -# apache::virtualhost { "www.example42.com": } -# -# With custom template (create it in MODULEPATH/apache/templates/virtualhost/) -# apache::virtualhost { "webmail.example42.com": -# templatefile => "webmail.conf.erb" -# } -# -# With custom template in custom location -# (MODULEPATH/mymod/templates/apache/vihost/) -# apache::virtualhost { "webmail.example42.com": -# templatefile => "webmail.conf.erb" -# templatepath => "mymod/apache/vihost" -# } -# -define apache::virtualhost ( - $templatefile = 'virtualhost.conf.erb' , - $templatepath = 'apache/virtualhost' , - $documentroot = '' , - $filename = '' , - $aliases = '' , - $create_docroot = true , - $enable = true , - $owner = '' , - $content = '' , - $groupowner = '' ) { - - include apache - - $real_filename = $filename ? { - '' => $name, - default => $filename, - } - - $real_documentroot = $documentroot ? { - '' => "${apache::data_dir}/${name}", - default => $documentroot, - } - - $real_owner = $owner ? { - '' => $apache::config_file_owner, - default => $owner, - } - - $real_groupowner = $groupowner ? { - '' => $apache::config_file_group, - default => $groupowner, -} - - $real_path = $::operatingsystem ? { - /(?i:Debian|Ubuntu|Mint)/ => "${apache::vdir}/${real_filename}", - default => "${apache::vdir}/${real_filename}.conf", - } - - $ensure_link = any2bool($enable) ? { - true => "${apache::vdir}/${real_filename}", - false => absent, - } - $ensure = bool2ensure($enable) - $bool_create_docroot = any2bool($enable) ? { - true => any2bool($create_docroot), - false => false, - } - - $real_content = $content ? { - '' => template("${templatepath}/${templatefile}"), - default => $content, - } - - file { "ApacheVirtualHost_${name}": - ensure => $ensure, - path => $real_path, - content => $real_content, - mode => $apache::config_file_mode, - owner => $apache::config_file_owner, - group => $apache::config_file_group, - require => Package['apache'], - notify => $apache::manage_service_autorestart, - } - - # Some OS specific settings: - # On Debian/Ubuntu manages sites-enabled - case $::operatingsystem { - ubuntu,debian,mint: { - file { "ApacheVirtualHostEnabled_${name}": - ensure => $ensure_link, - path => "${apache::config_dir}/sites-enabled/${real_filename}", - require => Package['apache'], - } - } - redhat,centos,scientific,fedora: { - include apache::redhat - } - default: { } - } - - if $bool_create_docroot == true { - file { $real_documentroot: - ensure => directory, - owner => $real_owner, - group => $real_groupowner, - mode => '0775', - } - } - -} diff --git a/metadata.json b/metadata.json index 6c20e07..05f2b64 100644 --- a/metadata.json +++ b/metadata.json @@ -1,9 +1,9 @@ { "name": "example42-apache", - "version": "2.1.12", - "summary": "Puppet module for apache", + "version": "4.0.0.alpha1", + "summary": "Puppet module for apache. Based on Tiny Puppet ", "license": "Apache-2.0", - "author": "Alessandro Franceschi, Martin Alfke", + "author": "Alessandro Franceschi, Martin Alfke @ example42", "checksums": { }, "source": "https://github.com/example42/puppet-apache", @@ -51,24 +51,8 @@ "version_requirement": ">= 3.2.0 < 5.0.0" }, { - "name": "example42/puppi", - "version_requirement": ">= 2.0.0" - }, - { - "name": "example42/monitor", - "version_requirement": ">= 2.0.0" - }, - { - "name": "example42/iptables", - "version_requirement": ">= 2.0.0" - }, - { - "name": "example42/firewall", - "version_requirement": ">= 2.0.0" - }, - { - "name": "puppetlabs/concat", - "version_requirement": ">= 1.0.0" + "name": "example42/tp", + "version_requirement": ">= 1.0.0 < 3.0.0" } ] } diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb deleted file mode 100644 index 23169fb..0000000 --- a/spec/classes/apache_spec.rb +++ /dev/null @@ -1,199 +0,0 @@ -require "#{File.join(File.dirname(__FILE__),'..','spec_helper.rb')}" - -describe 'apache' do - - let(:title) { 'apache' } - let(:node) { 'rspec.example42.com' } - let(:facts) { { :ipaddress => '10.42.42.42' , :monitor_tool => 'puppi', :operatingsystemrelease => '6.6' } } - - describe 'Test standard installation' do - it { should contain_package('apache').with_ensure('present') } - it { should contain_service('apache').with_ensure('running') } - it { should contain_service('apache').with_enable('true') } - it { should contain_file('apache.conf').with_ensure('present') } - end - - describe 'Test standard installation with monitoring and firewalling' do - let(:params) { {:monitor => true , :firewall => true, :port => '42' } } - - it { should contain_package('apache').with_ensure('present') } - it { should contain_service('apache').with_ensure('running') } - it { should contain_service('apache').with_enable('true') } - it { should contain_file('apache.conf').with_ensure('present') } - it 'should monitor the process' do - should contain_monitor__process('apache_process').with_enable(true) - end - it 'should place a firewall rule' do - should contain_firewall('apache_tcp_42').with_enable(true) - end - end - - describe 'Test decommissioning - absent' do - let(:params) { {:absent => true, :monitor => true , :firewall => true, :port => '42'} } - - it 'should remove Package[apache]' do should contain_package('apache').with_ensure('absent') end - it 'should stop Service[apache]' do should contain_service('apache').with_ensure('stopped') end - it 'should not enable at boot Service[apache]' do should contain_service('apache').with_enable('false') end - it 'should remove apache configuration file' do should contain_file('apache.conf').with_ensure('absent') end - it 'should not monitor the process' do - should contain_monitor__process('apache_process').with_enable(false) - end - it 'should remove a firewall rule' do - should contain_firewall('apache_tcp_42').with_enable(false) - end - end - - describe 'Test decommissioning - disable' do - let(:params) { {:disable => true, :monitor => true , :firewall => true, :port => '42'} } - - it { should contain_package('apache').with_ensure('present') } - it 'should stop Service[apache]' do should contain_service('apache').with_ensure('stopped') end - it 'should not enable at boot Service[apache]' do should contain_service('apache').with_enable('false') end - it { should contain_file('apache.conf').with_ensure('present') } - it 'should not monitor the process' do - should contain_monitor__process('apache_process').with_enable(false) - end - it 'should remove a firewall rule' do - should contain_firewall('apache_tcp_42').with_enable(false) - end - end - - describe 'Test decommissioning - disableboot' do - let(:params) { {:disableboot => true, :monitor => true , :firewall => true, :port => '42'} } - - it { should contain_package('apache').with_ensure('present') } - it { should_not contain_service('apache').with_ensure('present') } - it { should_not contain_service('apache').with_ensure('absent') } - it 'should not enable at boot Service[apache]' do should contain_service('apache').with_enable('false') end - it { should contain_file('apache.conf').with_ensure('present') } - it 'should not monitor the process locally' do - should contain_monitor__process('apache_process').with_enable(false) - end - it 'should keep a firewall rule' do - should contain_firewall('apache_tcp_42').with_enable(true) - end - end - - describe 'Test customizations - template' do - let(:params) { {:template => "apache/spec.erb" , :options => { 'opt_a' => 'value_a' } } } - - it 'should generate a valid template' do - should contain_file('apache.conf').with_content(/fqdn: rspec.example42.com/) - end - it 'should generate a template that uses custom options' do - should contain_file('apache.conf').with_content(/value_a/) - end - - end - - describe 'Test customizations - source' do - let(:params) { {:source => "puppet://modules/apache/spec" , :source_dir => "puppet://modules/apache/dir/spec" , :source_dir_purge => true } } - - it 'should request a valid source ' do - should contain_file('apache.conf').with_source("puppet://modules/apache/spec") - end - it 'should request a valid source dir' do - should contain_file('apache.dir').with_source("puppet://modules/apache/dir/spec") - end - it 'should purge source dir if source_dir_purge is true' do - should contain_file('apache.dir').with_purge(true) - end - end - - describe 'Test customizations - custom class' do - let(:params) { {:my_class => "apache::spec" } } - it 'should automatically include a custom class' do - should contain_file('apache.conf').with_content(/fqdn: rspec.example42.com/) - end - end - - describe 'Test service autorestart' do - it 'should automatically restart the service, by default' do - should contain_file('apache.conf').with_notify("Service[apache]") - end - end - - describe 'Test service autorestart' do - let(:params) { {:service_autorestart => "no" } } - - it 'should not automatically restart the service, when service_autorestart => false' do - should contain_file('apache.conf').with_notify(nil) - end - end - - describe 'Test Puppi Integration' do - let(:params) { {:puppi => true, :puppi_helper => "myhelper"} } - - it 'should generate a puppi::ze define' do - should contain_puppi__ze('apache').with_helper("myhelper") - end - end - - describe 'Test Monitoring Tools Integration' do - let(:params) { {:monitor => true, :monitor_tool => "puppi" } } - - it 'should generate monitor defines' do - should contain_monitor__process('apache_process').with_tool("puppi") - end - end - - describe 'Test Firewall Tools Integration' do - let(:params) { {:firewall => true, :firewall_tool => "iptables" , :protocol => "tcp" , :port => "42" } } - - it 'should generate correct firewall define' do - should contain_firewall('apache_tcp_42').with_tool("iptables") - end - end - - describe 'Test OldGen Module Set Integration' do - let(:params) { {:monitor => "yes" , :monitor_tool => "puppi" , :firewall => "yes" , :firewall_tool => "iptables" , :puppi => "yes" , :port => "42" } } - - it 'should generate monitor resources' do - should contain_monitor__process('apache_process').with_tool("puppi") - end - it 'should generate firewall resources' do - should contain_firewall('apache_tcp_42').with_tool("iptables") - end - it 'should generate puppi resources ' do - should contain_puppi__ze('apache').with_ensure("present") - end - end - - describe 'Test params lookup' do - let(:facts) { { :monitor => true , :ipaddress => '10.42.42.42', :operatingsystemrelease => '6.6' } } - let(:params) { { :port => '42' , :monitor_tool => 'puppi' } } - - it 'should honour top scope global vars' do - should contain_monitor__process('apache_process').with_enable(true) - end - end - - describe 'Test params lookup' do - let(:facts) { { :apache_monitor => true , :ipaddress => '10.42.42.42', :operatingsystemrelease => '6.6' } } - let(:params) { { :port => '42' , :monitor_tool => 'puppi' } } - - it 'should honour module specific vars' do - should contain_monitor__process('apache_process').with_enable(true) - end - end - - describe 'Test params lookup' do - let(:facts) { { :monitor => false , :apache_monitor => true , :ipaddress => '10.42.42.42', :operatingsystemrelease => '6.6' } } - let(:params) { { :port => '42' , :monitor_tool => 'puppi' } } - - it 'should honour top scope module specific over global vars' do - should contain_monitor__process('apache_process').with_enable(true) - end - end - - describe 'Test params lookup' do - let(:facts) { { :monitor => false , :ipaddress => '10.42.42.42', :operatingsystemrelease => '6.6' } } - let(:params) { { :monitor => true , :monitor_tool => 'puppi' , :firewall => true, :port => '42' } } - - it 'should honour passed params over global vars' do - should contain_monitor__process('apache_process').with_enable(true) - end - end - -end - diff --git a/spec/defines/apache_virtualhost_spec.rb b/spec/defines/apache_virtualhost_spec.rb deleted file mode 100644 index 920c577..0000000 --- a/spec/defines/apache_virtualhost_spec.rb +++ /dev/null @@ -1,67 +0,0 @@ -require "#{File.join(File.dirname(__FILE__),'..','spec_helper.rb')}" - -describe 'apache::virtualhost' do - - let(:title) { 'apache::virtualhost' } - let(:node) { 'rspec.example42.com' } - let(:facts) { { :arch => 'i386' , :operatingsystem => 'redhat' } } - let(:params) { - { 'enable' => 'true', - 'name' => 'www.example42.com', - 'documentroot' => '/store/www', - } - } - - describe 'Test apache::virtualhost on redhat' do - it 'should create a apache::virtualhost file' do - should contain_file('ApacheVirtualHost_www.example42.com').with_ensure('present') - end - it 'should populate correctly the apache::virtualhost file DocumentRoot' do - should contain_file('ApacheVirtualHost_www.example42.com').with_content(/ DocumentRoot \/store\/www/) - end - it 'should populate correctly the apache::virtualhost file ErrorLog' do - should contain_file('ApacheVirtualHost_www.example42.com').with_content(/ ErrorLog \/var\/log\/httpd\/www.example42.com-error_log/) - end - it 'should create the docroot directory' do - should contain_file('/store/www').with_ensure("directory") - end - - end - - describe 'Test apache::virtualhost on ubuntu' do - let(:facts) { { :arch => 'i386' , :operatingsystem => 'ubuntu' } } - let(:params) { - { 'enable' => 'true', - 'name' => 'www.example42.com', - } - } - - it 'should create a apache::virtualhost link in sites-enabled' do - should contain_file('ApacheVirtualHostEnabled_www.example42.com').with_ensure('/etc/apache2/sites-available/www.example42.com') - end - it 'should populate correctly the apache::virtualhost file DocumentRoot' do - should contain_file('ApacheVirtualHost_www.example42.com').with_content(/ DocumentRoot \/var\/www\/www.example42.com/) - end - it 'should populate correctly the apache::virtualhost file ErrorLog' do - should contain_file('ApacheVirtualHost_www.example42.com').with_content(/ ErrorLog \/var\/log\/apache2\/www.example42.com-error_log/) - end - it 'should create the docroot directory' do - should contain_file('/var/www/www.example42.com').with_ensure("directory") - end - - end - - describe 'Test apache::virtualhost decommissioning' do - let(:params) { - { 'enable' => 'false', - 'name' => 'www.example42.com', - 'documentroot' => '/var/www/example42.com', - } - } - - it { should contain_file('ApacheVirtualHost_www.example42.com').with_ensure('absent') } - it { should_not contain_file('/var/www/example42.com').with_ensure('directory') } - end - -end - diff --git a/templates/00-NameVirtualHost.conf.erb b/templates/00-NameVirtualHost.conf.erb deleted file mode 100644 index d15418d..0000000 --- a/templates/00-NameVirtualHost.conf.erb +++ /dev/null @@ -1,3 +0,0 @@ -# File managed by Puppet - -NameVirtualHost *:80 diff --git a/templates/listen.conf.erb b/templates/listen.conf.erb deleted file mode 100644 index a0c73b1..0000000 --- a/templates/listen.conf.erb +++ /dev/null @@ -1,6 +0,0 @@ -# File Handled by Puppet - -<% if @namevirtualhost -%> -NameVirtualHost <%= @namevirtualhost %>:<%= @name %> -<% end %> -Listen <%= @name %> diff --git a/templates/module/proxy.conf.erb b/templates/module/proxy.conf.erb deleted file mode 100644 index 4310aa9..0000000 --- a/templates/module/proxy.conf.erb +++ /dev/null @@ -1,17 +0,0 @@ -# File Managed by Puppet - - - - # This is not a forwared proxy - ProxyRequests Off - - - AddDefaultCharset off - Order deny,allow - Deny from all - Allow from all - - - ProxyVia On - - diff --git a/templates/spec.erb b/templates/spec.erb deleted file mode 100644 index 0e81074..0000000 --- a/templates/spec.erb +++ /dev/null @@ -1,8 +0,0 @@ -# This is a template used only for rspec tests - -# Yaml of the whole scope -<%= scope.to_hash.reject { |k,v| !( k.is_a?(String) && v.is_a?(String) ) }.to_yaml %> - -# Custom Options -<%= @options['opt_a'] %> -<%= @options['opt_b'] %> diff --git a/templates/virtualhost/vhost.conf.erb b/templates/virtualhost/vhost.conf.erb deleted file mode 100644 index 6f96bf2..0000000 --- a/templates/virtualhost/vhost.conf.erb +++ /dev/null @@ -1,77 +0,0 @@ -# File Managed by Puppet - -:<%= @port %>> - ServerAdmin <%= @server_admin_email ||= 'webmaster@localhost' %> - DocumentRoot <%= @real_docroot %> -<% if @server_name_value != false -%> - ServerName <%= @server_name_value %> -<% end -%> -<% if @serveraliases != "" -%> -<% if @serveraliases.is_a? Array -%> - ServerAlias <%= @serveraliases.flatten.join(" ") %> -<% else -%> - ServerAlias <%= @serveraliases %> -<% end -%> -<% end -%> -<% if @env_variables != "" -%> -<% if @env_variables.is_a? Array -%> -<% @env_variables.each do |envvars| -%> - SetEnv <%= envvars %> -<% end -%> -<% end -%> -<% end -%> - - ErrorLog <%= scope.lookupvar('apache::log_dir') %>/<%= @name %>-error_log - CustomLog <%= scope.lookupvar('apache::log_dir') %>/<%= @name %>-access_log common - -<% if @bool_passenger -%> - PassengerHighPerformance <%= @bool_passenger_high_performance ? "On" : "Off" %> - PassengerMaxPoolSize <%= @passenger_max_pool_size %> - PassengerPoolIdleTime <%= @passenger_pool_idle_time %> - PassengerMaxRequests <%= @passenger_max_requests %> - PassengerStatThrottleRate <%= @passenger_stat_throttle_rate %> - RackAutoDetect <%= @bool_passenger_rack_auto_detect ? "On" : "Off" %> - RailsAutoDetect <%= @bool_passenger_rails_auto_detect ? "On" : "Off" %> - - <% if @passenger_rails_env != '' %>RailsEnv <%= @passenger_rails_env %><% end %> - <% if @passenger_rack_env != '' %>RackEnv <%= @passenger_rack_env %><% end %> - <% if @passenger_rails_base_uri != '' %>RailsBaseURI <%= @passenger_rails_base_uri %><% end %> - <% if @passenger_rack_base_uri != '' %>RackBaseURI <%= @passenger_rack_base_uri %><% end %> - -<% end -%> -<% if @directory_options != "" || @directory_allow_override != "None" || @directory_require != "" -%> - > -<% if @directory_options != "" -%> - Options <%= @directory_options %> -<% end -%> -<% if @directory_allow_override != "None" -%> - AllowOverride <%= @directory_allow_override %> -<% end -%> -<% if @directory_require != "" -%> - Require <%= @directory_require %> -<% end -%> - -<% end -%> - -<% if @aliases != "" -%> -<% if @aliases.is_a? Array -%> -<% @aliases.each do |singlealias| %> - Alias <%= singlealias %> -<% end -%> -<% else -%> - Alias <%= @aliases %> -<% end -%> -<% end -%> -<% if @proxy_aliases != "" -%> -<% if @proxy_aliases.is_a? Array -%> -<% @proxy_aliases.each do |singleproxyalias| %> - - ProxyPass <%= singleproxyalias %> - ProxyPassReverse <%= singleproxyalias %> -<% end -%> -<% else -%> - ProxyPass <%= @proxy_aliases %> - ProxyPassReverse <%= @proxy_aliases %> -<% end -%> -<% end -%> - diff --git a/templates/virtualhost/virtualhost.conf.erb b/templates/virtualhost/virtualhost.conf.erb deleted file mode 100644 index 1dee1c3..0000000 --- a/templates/virtualhost/virtualhost.conf.erb +++ /dev/null @@ -1,16 +0,0 @@ -# File Managed by Puppet - - - ServerAdmin webmaster@<%= @name %> - DocumentRoot <%= @real_documentroot %> - ServerName <%= @name %> -<% if @aliases != "" -%> -<% if @aliases.is_a? Array -%> - ServerAlias <%= @aliases.flatten.join(" ") %> -<% else -%> - ServerAlias <%= @aliases %> -<% end -%> -<% end -%> - ErrorLog <%= scope.lookupvar('apache::log_dir')%>/<%= @name %>-error_log - CustomLog <%= scope.lookupvar('apache::log_dir')%>/<%= @name %>-access_log common - diff --git a/tests/vhost.pp b/tests/vhost.pp deleted file mode 100644 index 7e66efd..0000000 --- a/tests/vhost.pp +++ /dev/null @@ -1,7 +0,0 @@ -include apache - -apache::vhost { 'testsite': - docroot => '/var/www/test', - env_variables => ['APP_ENV dev'], -} - From af7134f07f4c7c06c5a31a9232b460eade039fe9 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Thu, 28 Apr 2016 17:41:58 +0200 Subject: [PATCH 02/19] Added a sample, untested, core skeleton , with local tp data --- data/apache/default.yaml | 19 +++++++++++++++++++ data/apache/hiera.yaml | 5 +++++ data/apache/osfamily/Debian.yaml | 20 ++++++++++++++++++++ data/apache/osfamily/FreeBSD.yaml | 5 +++++ data/apache/osfamily/RedHat.yaml | 17 +++++++++++++++++ data/apache/osfamily/Suse.yaml | 16 ++++++++++++++++ manifests/init.pp | 31 +++++++++++++++++++++++++++++++ manifests/profile/loadbalancer.pp | 12 ++++++++++++ 8 files changed, 125 insertions(+) create mode 100644 data/apache/default.yaml create mode 100644 data/apache/hiera.yaml create mode 100644 data/apache/osfamily/Debian.yaml create mode 100644 data/apache/osfamily/FreeBSD.yaml create mode 100644 data/apache/osfamily/RedHat.yaml create mode 100644 data/apache/osfamily/Suse.yaml create mode 100644 manifests/init.pp create mode 100644 manifests/profile/loadbalancer.pp diff --git a/data/apache/default.yaml b/data/apache/default.yaml new file mode 100644 index 0000000..b88d0dd --- /dev/null +++ b/data/apache/default.yaml @@ -0,0 +1,19 @@ +--- + apache::settings: + package_name: 'httpd' + service_name: 'httpd' + config_file_path: '/etc/httpd/conf/httpd.conf' + config_dir_path: '/etc/httpd' + tcp_port: '80' + pid_file_path: '/var/run/httpd.pid' + log_file_path: [ '/var/log/httpd/access.log' , '/var/log/httpd/error.log' ] + log_dir_path: '/var/log/httpd' + data_dir_path: '/var/www/html' + process_name: 'httpd' + process_user: 'apache' + process_group: 'apache' + + apache::options::init: + + apache::options::config: + diff --git a/data/apache/hiera.yaml b/data/apache/hiera.yaml new file mode 100644 index 0000000..b8dc1a8 --- /dev/null +++ b/data/apache/hiera.yaml @@ -0,0 +1,5 @@ +--- + :hierarchy: + - "%{title}/osfamily/%{osfamily}" + - "%{title}/default" + - default diff --git a/data/apache/osfamily/Debian.yaml b/data/apache/osfamily/Debian.yaml new file mode 100644 index 0000000..d21cc09 --- /dev/null +++ b/data/apache/osfamily/Debian.yaml @@ -0,0 +1,20 @@ +--- + apache::settings: + package_name: 'apache2' + service_name: 'apache2' + config_file_path: '/etc/apache2/apache2.conf' + init_file_path: '/etc/default/apache2' + config_dir_path: '/etc/apache2' + mods-available_dir_path: '/etc/apache2/mods-available' + mods-enabled_dir_path: '/etc/apache2/mods-enabled' + sites-available_dir_path: '/etc/apache2/sites-available' + sites-enabled_dir_path: '/etc/apache2/sites-enabled' + conf_dir_path: '/etc/apache2/conf.d' + pid_file_path: '/var/run/apache2.pid' + log_file_path: [ '/var/log/apache2/access.log' , '/var/log/apache2/error.log' ] + log_dir_path: '/var/log/apache2' + data_dir_path: '/var/www' + process_name: 'apache2' + process_user: 'www-data' + process_group: 'www-data' + diff --git a/data/apache/osfamily/FreeBSD.yaml b/data/apache/osfamily/FreeBSD.yaml new file mode 100644 index 0000000..af98396 --- /dev/null +++ b/data/apache/osfamily/FreeBSD.yaml @@ -0,0 +1,5 @@ +--- + apache::settings: + config_file_path: '/usr/local/etc/apache20/httpd.conf' + config_dir_path: '/usr/local/etc/apache20' + config_file_group: 'wheel' diff --git a/data/apache/osfamily/RedHat.yaml b/data/apache/osfamily/RedHat.yaml new file mode 100644 index 0000000..89d90fe --- /dev/null +++ b/data/apache/osfamily/RedHat.yaml @@ -0,0 +1,17 @@ +--- + apache::settings: + package_name: 'httpd' + service_name: 'httpd' + config_file_path: '/etc/httpd/conf/httpd.conf' + config_file_mode: '0644' + config_dir_path: '/etc/httpd' + conf_dir_path: '/etc/httpd/conf.d' + init_file_path: '/etc/sysconfig/httpd' + tcp_port: '80' + pid_file_path: '/var/run/httpd.pid' + log_file_path: [ '/var/log/httpd/access.log' , '/var/log/httpd/error.log' ] + log_dir_path: '/var/log/httpd' + data_dir_path: '/var/www/html' + process_name: 'httpd' + process_user: 'apache' + process_group: 'apache' diff --git a/data/apache/osfamily/Suse.yaml b/data/apache/osfamily/Suse.yaml new file mode 100644 index 0000000..536d6d5 --- /dev/null +++ b/data/apache/osfamily/Suse.yaml @@ -0,0 +1,16 @@ +--- + apache::settings: + package_name: 'apache2' + service_name: 'apache2' + + config_file_path: '/etc/apache2/httpd.conf' + init_file_path: '/etc/default/apache2' + config_dir_path: '/etc/apache2' + pid_file_path: '/var/run/httpd2.pid' + log_file_path: [ '/var/log/apache2/access.log' , '/var/log/apache2/error.log' ] + log_dir_path: '/var/log/apache2' + data_dir_path: '/var/www/htdocs' + process_name: 'httpd2-prefork' + process_user: 'wwwrun' + process_group: 'wwwrun' + diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000..0a0777a --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,31 @@ +class apache ( + + Variant[Boolean,String] $ensure = present, + + Hash $confs = { }, + Hash $dirs = { }, + + Hash $options = { }, + Hash $settings = { }, + + Array $profiles = [], + + String[1] $data_module = 'apache', + +) { + + tp::install { 'apache': + options_hash => $options, + settings_hash => $settings, + data_module => $data_module, + conf_hash => $confs, + dir_hash => $dirs, + } + + if $profiles != [] { + $profiles.each |$kl| { + include $kl + } + } + +} diff --git a/manifests/profile/loadbalancer.pp b/manifests/profile/loadbalancer.pp new file mode 100644 index 0000000..3144f2c --- /dev/null +++ b/manifests/profile/loadbalancer.pp @@ -0,0 +1,12 @@ +class apache::profile::loadbalancer ( + Hash $options = { }, + String[1] $template = 'apache/profile/loadbalancer/loadbalancer.conf.erb', +) { + + tp::conf { 'apache::loadbalancer.conf': + base_dir => 'conf', + template => $template, + options_hash => pick_default($options,$::apache::options, { ), + data_module => pick_default($::apache::data_module, 'apache'), + } +} From 402218fc865f2a02d5b57415d2ffe11faf73809b Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Thu, 28 Apr 2016 22:34:32 +0200 Subject: [PATCH 03/19] Imported httpd.conf from puppetlabs apache module --- templates/profile/base/httpd.conf.erb | 138 ++++++++++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 templates/profile/base/httpd.conf.erb diff --git a/templates/profile/base/httpd.conf.erb b/templates/profile/base/httpd.conf.erb new file mode 100644 index 0000000..448d1fe --- /dev/null +++ b/templates/profile/base/httpd.conf.erb @@ -0,0 +1,138 @@ +# Security +ServerTokens <%= @server_tokens %> +ServerSignature <%= scope.function_bool2httpd([@server_signature]) %> +TraceEnable <%= scope.function_bool2httpd([@trace_enable]) %> + +ServerName "<%= @servername %>" +ServerRoot "<%= @server_root %>" +PidFile <%= @pidfile %> +Timeout <%= @timeout %> +KeepAlive <%= @keepalive %> +MaxKeepAliveRequests <%= @max_keepalive_requests %> +KeepAliveTimeout <%= @keepalive_timeout %> +LimitRequestFieldSize <%= @limitreqfieldsize %> + +<%- if @rewrite_lock and scope.function_versioncmp([@apache_version, '2.2']) <= 0 -%> +RewriteLock <%= @rewrite_lock %> +<%- end -%> + +User <%= @user %> +Group <%= @group %> + +AccessFileName .htaccess + +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require all denied +<%- else -%> + Order allow,deny + Deny from all + Satisfy all +<%- end -%> + + + + Options <%= Array(@root_directory_options).join(' ') %> + AllowOverride None + + +<% if @default_charset -%> +AddDefaultCharset <%= @default_charset %> +<% end -%> + +<%- if scope.function_versioncmp([@apache_version, '2.4']) < 0 -%> +DefaultType <%= @default_type %> +<%- end -%> +HostnameLookups Off +ErrorLog "<%= @logroot %>/<%= @error_log %>" +LogLevel <%= @log_level %> +EnableSendfile <%= @sendfile %> +<%- if @allow_encoded_slashes -%> +AllowEncodedSlashes <%= @allow_encoded_slashes %> +<%- end -%> + +#Listen 80 + +<% if @apxs_workaround -%> +# Workaround: without this hack apxs would be confused about where to put +# LoadModule directives and fail entire procedure of apache package +# installation/reinstallation. This problem was observed on FreeBSD (apache22). +#LoadModule fake_module libexec/apache22/mod_fake.so +<% end -%> + +Include "<%= @mod_load_dir %>/*.load" +<% if @mod_load_dir != @confd_dir and @mod_load_dir != @vhost_load_dir -%> +Include "<%= @mod_load_dir %>/*.conf" +<% end -%> +Include "<%= @ports_file %>" + +<% unless @log_formats.has_key?('combined') -%> +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +<% end -%> +<% unless @log_formats.has_key?('common') -%> +LogFormat "%h %l %u %t \"%r\" %>s %b" common +<% end -%> +<% unless @log_formats.has_key?('referer') -%> +LogFormat "%{Referer}i -> %U" referer +<% end -%> +<% unless @log_formats.has_key?('agent') -%> +LogFormat "%{User-agent}i" agent +<% end -%> +<% unless @log_formats.has_key?('forwarded') -%> +LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded +<% end -%> +<% if @log_formats and !@log_formats.empty? -%> + <%- @log_formats.sort.each do |nickname,format| -%> +LogFormat "<%= format -%>" <%= nickname %> + <%- end -%> +<% end -%> + +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> +IncludeOptional "<%= @confd_dir %>/*.conf" +<%- else -%> +Include "<%= @confd_dir %>/*.conf" +<%- end -%> +<% if @vhost_load_dir != @confd_dir -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> +IncludeOptional "<%= @vhost_load_dir %>/<%= @vhost_include_pattern %>" +<%- else -%> +Include "<%= @vhost_load_dir %>/<%= @vhost_include_pattern %>" +<%- end -%> +<% end -%> + +<% if @error_documents -%> +# /usr/share/apache2/error on debian +Alias /error/ "<%= @error_documents_path %>/" + +"> + AllowOverride None + Options IncludesNoExec + AddOutputFilter Includes html + AddHandler type-map var +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require all granted +<%- else -%> + Order allow,deny + Allow from all +<%- end -%> + LanguagePriority en cs de es fr it nl sv pt-br ro + ForceLanguagePriority Prefer Fallback + + +ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +ErrorDocument 410 /error/HTTP_GONE.html.var +ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var +<% end -%> From df9bef5ee1af4e97c73c08efd17fe6fe01018dca Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Thu, 28 Apr 2016 22:39:16 +0200 Subject: [PATCH 04/19] Old module variables converted to options --- templates/profile/base/httpd.conf.erb | 106 +++++++++++++------------- 1 file changed, 54 insertions(+), 52 deletions(-) diff --git a/templates/profile/base/httpd.conf.erb b/templates/profile/base/httpd.conf.erb index 448d1fe..a54de33 100644 --- a/templates/profile/base/httpd.conf.erb +++ b/templates/profile/base/httpd.conf.erb @@ -1,27 +1,29 @@ -# Security -ServerTokens <%= @server_tokens %> -ServerSignature <%= scope.function_bool2httpd([@server_signature]) %> -TraceEnable <%= scope.function_bool2httpd([@trace_enable]) %> - -ServerName "<%= @servername %>" -ServerRoot "<%= @server_root %>" -PidFile <%= @pidfile %> -Timeout <%= @timeout %> -KeepAlive <%= @keepalive %> -MaxKeepAliveRequests <%= @max_keepalive_requests %> -KeepAliveTimeout <%= @keepalive_timeout %> -LimitRequestFieldSize <%= @limitreqfieldsize %> - -<%- if @rewrite_lock and scope.function_versioncmp([@apache_version, '2.2']) <= 0 -%> -RewriteLock <%= @rewrite_lock %> +# File managed by Tiny Puppet +# Template derived from puppetlabs-apahe module + +ServerTokens <%= @options@['server_tokens'] %> +ServerSignature <%= scope.function_bool2httpd(@options['server_signature']) %> +TraceEnable <%= scope.function_bool2httpd(@options['trace_enable']) %> + +ServerName "<%= @options['servername'] %>" +ServerRoot "<%= @options['server_root'] %>" +PidFile <%= @options['pidfile'] %> +Timeout <%= @options['timeout'] %> +KeepAlive <%= @options['keepalive'] %> +MaxKeepAliveRequests <%= @options['max_keepalive_requests'] %> +KeepAliveTimeout <%= @options['keepalive_timeout'] %> +LimitRequestFieldSize <%= @options['limitreqfieldsize'] %> + +<%- if @options['rewrite_lock'] and scope.function_versioncmp([@options['apache_version'], '2.2']) <= 0 -%> +RewriteLock <%= @options['rewrite_lock'] %> <%- end -%> -User <%= @user %> -Group <%= @group %> +User <%= @options['user'] %> +Group <%= @options['group'] %> AccessFileName .htaccess -<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> +<%- if scope.function_versioncmp([@options['apache_version'], '2.4']) >= 0 -%> Require all denied <%- else -%> Order allow,deny @@ -31,84 +33,84 @@ AccessFileName .htaccess - Options <%= Array(@root_directory_options).join(' ') %> + Options <%= Array(@options['root_directory_options']).join(' ') %> AllowOverride None -<% if @default_charset -%> -AddDefaultCharset <%= @default_charset %> +<% if @options['default_charset'] -%> +AddDefaultCharset <%= @options['default_charset'] %> <% end -%> -<%- if scope.function_versioncmp([@apache_version, '2.4']) < 0 -%> -DefaultType <%= @default_type %> +<%- if scope.function_versioncmp([@options['apache_version'], '2.4']) < 0 -%> +DefaultType <%= @options['default_type'] %> <%- end -%> HostnameLookups Off -ErrorLog "<%= @logroot %>/<%= @error_log %>" -LogLevel <%= @log_level %> -EnableSendfile <%= @sendfile %> -<%- if @allow_encoded_slashes -%> -AllowEncodedSlashes <%= @allow_encoded_slashes %> +ErrorLog "<%= @options['logroot'] %>/<%= @options['error_log'] %>" +LogLevel <%= @options['log_level'] %> +EnableSendfile <%= @options['sendfile'] %> +<%- if @options['allow_encoded_slashes'] -%> +AllowEncodedSlashes <%= @options['allow_encoded_slashes'] %> <%- end -%> #Listen 80 -<% if @apxs_workaround -%> +<% if @options['apxs_workaround'] -%> # Workaround: without this hack apxs would be confused about where to put # LoadModule directives and fail entire procedure of apache package # installation/reinstallation. This problem was observed on FreeBSD (apache22). #LoadModule fake_module libexec/apache22/mod_fake.so <% end -%> -Include "<%= @mod_load_dir %>/*.load" -<% if @mod_load_dir != @confd_dir and @mod_load_dir != @vhost_load_dir -%> -Include "<%= @mod_load_dir %>/*.conf" +Include "<%= @options['mod_load_dir'] %>/*.load" +<% if @options['mod_load_dir'] != @options['confd_dir'] and @options['mod_load_dir'] != @options['vhost_load_dir'] -%> +Include "<%= @options['mod_load_dir'] %>/*.conf" <% end -%> -Include "<%= @ports_file %>" +Include "<%= @options['ports_file'] %>" -<% unless @log_formats.has_key?('combined') -%> +<% unless @options['log_formats'].has_key?('combined') -%> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined <% end -%> -<% unless @log_formats.has_key?('common') -%> +<% unless @options['log_formats'].has_key?('common') -%> LogFormat "%h %l %u %t \"%r\" %>s %b" common <% end -%> -<% unless @log_formats.has_key?('referer') -%> +<% unless @options['log_formats'].has_key?('referer') -%> LogFormat "%{Referer}i -> %U" referer <% end -%> -<% unless @log_formats.has_key?('agent') -%> +<% unless @options['log_formats'].has_key?('agent') -%> LogFormat "%{User-agent}i" agent <% end -%> -<% unless @log_formats.has_key?('forwarded') -%> +<% unless @options['log_formats'].has_key?('forwarded') -%> LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded <% end -%> -<% if @log_formats and !@log_formats.empty? -%> - <%- @log_formats.sort.each do |nickname,format| -%> +<% if @options['log_formats'] and !@options['log_formats'].empty? -%> + <%- @options['log_formats'].sort.each do |nickname,format| -%> LogFormat "<%= format -%>" <%= nickname %> <%- end -%> <% end -%> -<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> -IncludeOptional "<%= @confd_dir %>/*.conf" +<%- if scope.function_versioncmp([@options['apache_version'], '2.4']) >= 0 -%> +IncludeOptional "<%= @options['confd_dir'] %>/*.conf" <%- else -%> -Include "<%= @confd_dir %>/*.conf" +Include "<%= @options['confd_dir'] %>/*.conf" <%- end -%> -<% if @vhost_load_dir != @confd_dir -%> -<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> -IncludeOptional "<%= @vhost_load_dir %>/<%= @vhost_include_pattern %>" +<% if @options['vhost_load_dir'] != @options['confd_dir'] -%> +<%- if scope.function_versioncmp([@options['apache_version'], '2.4']) >= 0 -%> +IncludeOptional "<%= @options['vhost_load_dir'] %>/<%= @options['vhost_include_pattern'] %>" <%- else -%> -Include "<%= @vhost_load_dir %>/<%= @vhost_include_pattern %>" +Include "<%= @options['vhost_load_dir'] %>/<%= @options['vhost_include_pattern'] %>" <%- end -%> <% end -%> -<% if @error_documents -%> +<% if @options['error_documents'] -%> # /usr/share/apache2/error on debian -Alias /error/ "<%= @error_documents_path %>/" +Alias /error/ "<%= @options['error_documents_path'] %>/" -"> +"> AllowOverride None Options IncludesNoExec AddOutputFilter Includes html AddHandler type-map var -<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> +<%- if scope.function_versioncmp([@options['apache_version'], '2.4']) >= 0 -%> Require all granted <%- else -%> Order allow,deny From da58bb0e2c00115775aa505d0d0cb8dd523c9c7e Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Thu, 28 Apr 2016 22:51:22 +0200 Subject: [PATCH 05/19] Options converted to settings where applicable --- templates/profile/base/httpd.conf.erb | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/templates/profile/base/httpd.conf.erb b/templates/profile/base/httpd.conf.erb index a54de33..9cb2575 100644 --- a/templates/profile/base/httpd.conf.erb +++ b/templates/profile/base/httpd.conf.erb @@ -7,7 +7,7 @@ TraceEnable <%= scope.function_bool2httpd(@options['trace_enable']) %> ServerName "<%= @options['servername'] %>" ServerRoot "<%= @options['server_root'] %>" -PidFile <%= @options['pidfile'] %> +PidFile <%= @settings['pid_file_path'] %> Timeout <%= @options['timeout'] %> KeepAlive <%= @options['keepalive'] %> MaxKeepAliveRequests <%= @options['max_keepalive_requests'] %> @@ -18,8 +18,8 @@ LimitRequestFieldSize <%= @options['limitreqfieldsize'] %> RewriteLock <%= @options['rewrite_lock'] %> <%- end -%> -User <%= @options['user'] %> -Group <%= @options['group'] %> +User <%= @settings['process_user'] %> +Group <%= @settings['process_group'] %> AccessFileName .htaccess @@ -45,7 +45,7 @@ AddDefaultCharset <%= @options['default_charset'] %> DefaultType <%= @options['default_type'] %> <%- end -%> HostnameLookups Off -ErrorLog "<%= @options['logroot'] %>/<%= @options['error_log'] %>" +ErrorLog "<%= @settings['log_dir_path'] %>/<%= @options['error_log'] %>" LogLevel <%= @options['log_level'] %> EnableSendfile <%= @options['sendfile'] %> <%- if @options['allow_encoded_slashes'] -%> @@ -61,9 +61,9 @@ AllowEncodedSlashes <%= @options['allow_encoded_slashes'] %> #LoadModule fake_module libexec/apache22/mod_fake.so <% end -%> -Include "<%= @options['mod_load_dir'] %>/*.load" -<% if @options['mod_load_dir'] != @options['confd_dir'] and @options['mod_load_dir'] != @options['vhost_load_dir'] -%> -Include "<%= @options['mod_load_dir'] %>/*.conf" +Include "<%= @settings['mod_dir_path'] %>/*.load" +<% if @settings['mod_dir_path'] != @settings['conf_dir_path'] and @settings['mod_dir_path'] != @settings['vhost_dir_path'] -%> +Include "<%= @settings['mod_dir_path'] %>/*.conf" <% end -%> Include "<%= @options['ports_file'] %>" @@ -89,15 +89,15 @@ LogFormat "<%= format -%>" <%= nickname %> <% end -%> <%- if scope.function_versioncmp([@options['apache_version'], '2.4']) >= 0 -%> -IncludeOptional "<%= @options['confd_dir'] %>/*.conf" +IncludeOptional "<%= @settings['conf_dir_path'] %>/*.conf" <%- else -%> -Include "<%= @options['confd_dir'] %>/*.conf" +Include "<%= @settings['conf_dir_path'] %>/*.conf" <%- end -%> -<% if @options['vhost_load_dir'] != @options['confd_dir'] -%> +<% if @settings['vhost_dir_path'] != @settings['conf_dir_path'] -%> <%- if scope.function_versioncmp([@options['apache_version'], '2.4']) >= 0 -%> -IncludeOptional "<%= @options['vhost_load_dir'] %>/<%= @options['vhost_include_pattern'] %>" +IncludeOptional "<%= @settings['vhost_dir_path']/<%= @options['vhost_include_pattern'] %>" <%- else -%> -Include "<%= @options['vhost_load_dir'] %>/<%= @options['vhost_include_pattern'] %>" +Include "<%= @settings['vhost_dir_path'] %>/<%= @options['vhost_include_pattern'] %>" <%- end -%> <% end -%> From d602f103fdd7ff30bafc13be50fbccc8e1b9b398 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Thu, 28 Apr 2016 23:02:51 +0200 Subject: [PATCH 06/19] Added sample options data with os overrisde sample --- data/apache/default.yaml | 13 ++++++++++++- data/apache/osfamily/Debian.yaml | 1 + data/apache/osfamily/Suse.yaml | 4 ++++ templates/profile/base/httpd.conf.erb | 2 +- 4 files changed, 18 insertions(+), 2 deletions(-) diff --git a/data/apache/default.yaml b/data/apache/default.yaml index b88d0dd..b29205c 100644 --- a/data/apache/default.yaml +++ b/data/apache/default.yaml @@ -8,7 +8,9 @@ pid_file_path: '/var/run/httpd.pid' log_file_path: [ '/var/log/httpd/access.log' , '/var/log/httpd/error.log' ] log_dir_path: '/var/log/httpd' + mod_dir_path: '/var/lib/apache/modules' data_dir_path: '/var/www/html' + vhost_dir_path: '/etc/httpd/conf.d' process_name: 'httpd' process_user: 'apache' process_group: 'apache' @@ -16,4 +18,13 @@ apache::options::init: apache::options::config: - + apache_version: 2.4 + server_tokens: OS + server_signature: On + trace_enable: On + servername: "%{::fqdn}" # Note: Variables interpolation here still not suppored + keepalive: Off + keepalive_timeout: 15 + max_keepalive_requests: 100 + timeout: 120 + limitreqfieldsize: 8190 diff --git a/data/apache/osfamily/Debian.yaml b/data/apache/osfamily/Debian.yaml index d21cc09..a99762d 100644 --- a/data/apache/osfamily/Debian.yaml +++ b/data/apache/osfamily/Debian.yaml @@ -9,6 +9,7 @@ mods-enabled_dir_path: '/etc/apache2/mods-enabled' sites-available_dir_path: '/etc/apache2/sites-available' sites-enabled_dir_path: '/etc/apache2/sites-enabled' + vhost_dir_path: '/etc/apache2/sites-available' conf_dir_path: '/etc/apache2/conf.d' pid_file_path: '/var/run/apache2.pid' log_file_path: [ '/var/log/apache2/access.log' , '/var/log/apache2/error.log' ] diff --git a/data/apache/osfamily/Suse.yaml b/data/apache/osfamily/Suse.yaml index 536d6d5..970d3c8 100644 --- a/data/apache/osfamily/Suse.yaml +++ b/data/apache/osfamily/Suse.yaml @@ -14,3 +14,7 @@ process_user: 'wwwrun' process_group: 'wwwrun' + apache::options::config: + + apache::options::config: + apache_version: 2.2 diff --git a/templates/profile/base/httpd.conf.erb b/templates/profile/base/httpd.conf.erb index 9cb2575..0eccc19 100644 --- a/templates/profile/base/httpd.conf.erb +++ b/templates/profile/base/httpd.conf.erb @@ -6,7 +6,7 @@ ServerSignature <%= scope.function_bool2httpd(@options['server_signature']) %> TraceEnable <%= scope.function_bool2httpd(@options['trace_enable']) %> ServerName "<%= @options['servername'] %>" -ServerRoot "<%= @options['server_root'] %>" +ServerRoot "<%= @settings['config_dir_path'] %>" PidFile <%= @settings['pid_file_path'] %> Timeout <%= @options['timeout'] %> KeepAlive <%= @options['keepalive'] %> From bc979f23fd7ebbbd5fa0d894cbffa3d0516bd6fd Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Thu, 28 Apr 2016 23:23:58 +0200 Subject: [PATCH 07/19] Brutal import of vhost fragments from puppetlabs-apache cat puppetlabs-apache/templates/vhost/_* > templates/vhost/vhost.conf.erb --- templates/vhost/vhost.conf.erb | 1020 ++++++++++++++++++++++++++++++++ 1 file changed, 1020 insertions(+) create mode 100644 templates/vhost/vhost.conf.erb diff --git a/templates/vhost/vhost.conf.erb b/templates/vhost/vhost.conf.erb new file mode 100644 index 0000000..c957a51 --- /dev/null +++ b/templates/vhost/vhost.conf.erb @@ -0,0 +1,1020 @@ +<% @_access_logs.each do |log| -%> +<% env ||= "env=#{log['env']}" if log['env'] -%> +<% env ||= '' -%> +<% format ||= "\"#{log['format']}\"" if log['format'] -%> +<% format ||= 'combined' -%> +<% if log['file'] -%> +<% if log['file'].chars.first == '/' -%> +<% destination = "#{log['file']}" -%> +<% else -%> +<% destination = "#{@logroot}/#{log['file']}" -%> +<% end -%> +<% elsif log['syslog'] -%> +<% destination = log['syslog'] -%> +<% elsif log['pipe'] -%> +<% destination = log['pipe'] -%> +<% else -%> +<% destination ||= "#{@logroot}/#{@name}_access_ssl.log" if @ssl -%> +<% destination ||= "#{@logroot}/#{@name}_access.log" -%> +<% end -%> + CustomLog "<%= destination %>" <%= format %> <%= env %> +<% end -%> +<% if @action -%> + + Action <%= @action %> /cgi-bin virtual +<% end -%> +<% Array(@additional_includes).each do |include| -%> + + ## Load additional static includes +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 && @use_optional_includes -%> + IncludeOptional "<%= include %>" +<%- else -%> + Include "<%= include %>" +<%- end -%> +<% end -%> +<% if @aliases and ! @aliases.empty? -%> + ## Alias declarations for resources outside the DocumentRoot + <%- [@aliases].flatten.compact.each do |alias_statement| -%> + <%- if alias_statement["path"] != '' -%> + <%- if alias_statement["alias"] and alias_statement["alias"] != '' -%> + Alias <%= alias_statement["alias"] %> "<%= alias_statement["path"] %>" + <%- elsif alias_statement["aliasmatch"] and alias_statement["aliasmatch"] != '' -%> + AliasMatch <%= alias_statement["aliasmatch"] %> "<%= alias_statement["path"] %>" + <%- elsif alias_statement["scriptalias"] and alias_statement["scriptalias"] != '' -%> + ScriptAlias <%= alias_statement["scriptalias"] %> "<%= alias_statement["path"] %>" + <%- elsif alias_statement["scriptaliasmatch"] and alias_statement["scriptaliasmatch"] != '' -%> + ScriptAliasMatch <%= alias_statement["scriptaliasmatch"] %> "<%= alias_statement["path"] %>" + <%- end -%> + <%- end -%> + <%- end -%> +<% end -%> +<%- if @allow_encoded_slashes -%> + + AllowEncodedSlashes <%= @allow_encoded_slashes %> +<%- end -%> +<% if @auth_kerb -%> + + ## Kerberos directives + <%- if @krb_method_negotiate -%> + KrbMethodNegotiate <%= @krb_method_negotiate %> + <%- end -%> + <%- if @krb_method_k5passwd -%> + KrbMethodK5Passwd <%= @krb_method_k5passwd %> + <%- end -%> + <%- if @krb_authoritative -%> + KrbAuthoritative <%= @krb_authoritative %> + <%- end -%> + <%- if @krb_auth_realms and @krb_auth_realms.length >= 1 -%> + KrbAuthRealms <%= @krb_auth_realms.join(' ') %> + <%- end -%> + <%- if @krb_5keytab -%> + Krb5Keytab <%= @krb_5keytab %> + <%- end -%> + <%- if @krb_local_user_mapping -%> + KrbLocalUserMapping <%= @krb_local_user_mapping %> + <%- end -%> + <%- if @krb_verify_kdc -%> + KrbVerifyKDC <%= @krb_verify_kdc %> + <%- end -%> + <%- if @krb_servicename -%> + KrbServiceName <%= @krb_servicename %> + <%- end -%> + <%- if @krb_save_credentials -%> + KrbSaveCredentials <%= @krb_save_credentials -%> + <%- end -%> + +<% end -%> +<% if @block and ! @block.empty? -%> + + ## Block access statements +<% if @block.include? 'scm' -%> + # Block access to SCM directories. + + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require all denied + <%- else -%> + Deny From All + <%- end -%> + +<% end -%> +<% end -%> +<% if @add_default_charset -%> + + AddDefaultCharset <%= @add_default_charset %> +<% end -%> +<% if @custom_fragment -%> + + ## Custom fragment + <%= @custom_fragment %> +<% end -%> +<% if @_directories and ! @_directories.empty? -%> + + <%- scope.setvar('_template_scope', {}) -%> + ## Directories, there should at least be a declaration for <%= @docroot %> + <%- [@_directories].flatten.compact.each do |directory| -%> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%> + <%- scope.function_warning(["Apache::Vhost: Using allow is deprecated in your Apache version"]) -%> + <%- end -%> + <%- if directory['deny'] and ! [ false, 'false', '' ].include?(directory['deny']) -%> + <%- scope.function_warning(["Apache::Vhost: Using deny is deprecated in your Apache version"]) -%> + <%- end -%> + <%- if directory['order'] and ! [ false, 'false', '' ].include?(directory['order']) -%> + <%- scope.function_warning(["Apache::Vhost: Using order is deprecated in your Apache version"]) -%> + <%- end -%> + <%- if directory['satisfy'] and ! [ false, 'false', '' ].include?(directory['satisfy']) -%> + <%- scope.function_warning(["Apache::Vhost: Using satisfy is deprecated in your Apache version"]) -%> + <%- end -%> + <%- end -%> + <%- if directory['path'] and directory['path'] != '' -%> + <%- if directory['provider'] and directory['provider'].match('(directory|location|files|proxy)') -%> + <%- if /^(.*)match$/ =~ directory['provider'] -%> + <%- provider = $1.capitalize + 'Match' -%> + <%- else -%> + <%- provider = directory['provider'].capitalize -%> + <%- end -%> + <%- else -%> + <%- provider = 'Directory' -%> + <%- end -%> + <%- path = directory['path'] -%> + + <<%= provider %> "<%= path %>"> + <%- if directory['headers'] -%> + <%- Array(directory['headers']).each do |header| -%> + Header <%= header %> + <%- end -%> + <%- end -%> + <%- if ! directory['geoip_enable'].nil? -%> + GeoIPEnable <%= scope.function_bool2httpd([directory['geoip_enable']]) %> + <%- end -%> + <%- if directory['options'] -%> + Options <%= Array(directory['options']).join(' ') %> + <%- end -%> + <%- if provider == 'Directory' -%> + <%- if directory['index_options'] -%> + IndexOptions <%= Array(directory['index_options']).join(' ') %> + <%- end -%> + <%- if directory['index_order_default'] -%> + IndexOrderDefault <%= Array(directory['index_order_default']).join(' ') %> + <%- end -%> + <%- if directory['index_style_sheet'] -%> + IndexStyleSheet '<%= directory['index_style_sheet'] %>' + <%- end -%> + <%- if directory['allow_override'] -%> + AllowOverride <%= Array(directory['allow_override']).join(' ') %> + <%- elsif provider == 'Directory' -%> + AllowOverride None + <%- end -%> + <%- end -%> + <%- scope.lookupvar('_template_scope')[:item] = directory -%> +<%= scope.function_template(["apache/vhost/_require.erb"]) -%> + <%- if directory['limit'] && directory['limit'] != '' -%> + <%- Array(directory['limit']).each do |lim| -%> + > + <%- scope.lookupvar('_template_scope')[:item] = lim -%> + <%= scope.function_template(["apache/vhost/_require.erb"]) -%> + + <%- end -%> + <%- end -%> + <%- if directory['addhandlers'] and ! directory['addhandlers'].empty? -%> + <%- [directory['addhandlers']].flatten.compact.each do |addhandler| -%> + )$"> + SetHandler <%= addhandler['handler'] %> + + <%- end -%> + <%- end -%> + <%- if directory['sethandler'] and directory['sethandler'] != '' -%> + SetHandler <%= directory['sethandler'] %> + <%- end -%> + <%- if directory['passenger_enabled'] and directory['passenger_enabled'] != '' -%> + PassengerEnabled <%= directory['passenger_enabled'] %> + <%- end -%> + <%- if directory['php_flags'] and ! directory['php_flags'].empty? -%> + <%- directory['php_flags'].sort.each do |flag,value| -%> + <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> + php_flag <%= "#{flag} #{value}" %> + <%- end -%> + <%- end -%> + <%- if directory['php_values'] and ! directory['php_values'].empty? -%> + <%- directory['php_values'].sort.each do |key,value| -%> + php_value <%= "#{key} #{value}" %> + <%- end -%> + <%- end -%> + <%- if directory['php_admin_flags'] and ! directory['php_admin_flags'].empty? -%> + <%- directory['php_admin_flags'].sort.each do |flag,value| -%> + <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> + php_admin_flag <%= "#{flag} #{value}" %> + <%- end -%> + <%- end -%> + <%- if directory['php_admin_values'] and ! directory['php_admin_values'].empty? -%> + <%- directory['php_admin_values'].sort.each do |key,value| -%> + php_admin_value <%= "#{key} #{value}" %> + <%- end -%> + <%- end -%> + <%- if directory['directoryindex'] and directory['directoryindex'] != '' -%> + DirectoryIndex <%= directory['directoryindex'] %> + <%- end -%> + <%- if directory['additional_includes'] and ! directory['additional_includes'].empty? -%> + <%- directory['additional_includes'].each do |include| -%> + Include '<%= "#{include}" %>' + <%- end -%> + <%- end -%> + <%- if directory['error_documents'] and ! directory['error_documents'].empty? -%> + <%- [directory['error_documents']].flatten.compact.each do |error_document| -%> + ErrorDocument <%= error_document['error_code'] %> <%= error_document['document'] %> + <%- end -%> + <%- end -%> + <%- if directory['auth_type'] -%> + AuthType <%= directory['auth_type'] %> + <%- end -%> + <%- if directory['auth_name'] -%> + AuthName "<%= directory['auth_name'] %>" + <%- end -%> + <%- if directory['auth_digest_algorithm'] -%> + AuthDigestAlgorithm <%= directory['auth_digest_algorithm'] %> + <%- end -%> + <%- if directory['auth_digest_domain'] -%> + AuthDigestDomain <%= Array(directory['auth_digest_domain']).join(' ') %> + <%- end -%> + <%- if directory['auth_digest_nonce_lifetime'] -%> + AuthDigestNonceLifetime <%= directory['auth_digest_nonce_lifetime'] %> + <%- end -%> + <%- if directory['auth_digest_provider'] -%> + AuthDigestProvider <%= directory['auth_digest_provider'] %> + <%- end -%> + <%- if directory['auth_digest_qop'] -%> + AuthDigestQop <%= directory['auth_digest_qop'] %> + <%- end -%> + <%- if directory['auth_digest_shmem_size'] -%> + AuthDigestShmemSize <%= directory['auth_digest_shmem_size'] %> + <%- end -%> + <%- if directory['auth_basic_authoritative'] -%> + AuthBasicAuthoritative <%= directory['auth_basic_authoritative'] %> + <%- end -%> + <%- if directory['auth_basic_fake'] -%> + AuthBasicFake <%= directory['auth_basic_fake'] %> + <%- end -%> + <%- if directory['auth_basic_provider'] -%> + AuthBasicProvider <%= directory['auth_basic_provider'] %> + <%- end -%> + <%- if directory['auth_user_file'] -%> + AuthUserFile <%= directory['auth_user_file'] %> + <%- end -%> + <%- if directory['auth_group_file'] -%> + AuthGroupFile <%= directory['auth_group_file'] %> + <%- end -%> + <%- if directory['auth_merging'] -%> + AuthMerging <%= directory['auth_merging'] %> + <%- end -%> + <%- if directory['fallbackresource'] -%> + FallbackResource <%= directory['fallbackresource'] %> + <%- end -%> + <%- if directory['expires_active'] -%> + ExpiresActive <%= directory['expires_active'] %> + <%- end -%> + <%- if directory['expires_default'] -%> + ExpiresDefault <%= directory['expires_default'] %> + <%- end -%> + <%- if directory['expires_by_type'] -%> + <%- Array(directory['expires_by_type']).each do |rule| -%> + ExpiresByType <%= rule %> + <%- end -%> + <%- end -%> + <%- if directory['ext_filter_options'] -%> + ExtFilterOptions <%= directory['ext_filter_options'] %> + <%- end -%> + <%- if directory['force_type'] -%> + ForceType <%= directory['force_type'] %> + <%- end -%> + <%- if directory['ssl_options'] -%> + SSLOptions <%= Array(directory['ssl_options']).join(' ') %> + <%- end -%> + <%- if directory['suphp'] and @suphp_engine == 'on' -%> + suPHP_UserGroup <%= directory['suphp']['user'] %> <%= directory['suphp']['group'] %> + <%- end -%> + <%- if directory['fcgiwrapper'] -%> + FcgidWrapper <%= directory['fcgiwrapper']['command'] %> <%= directory['fcgiwrapper']['suffix'] %> <%= directory['fcgiwrapper']['virtual'] %> + <%- end -%> + <%- if directory['rewrites'] -%> + # Rewrite rules + RewriteEngine On + <%- directory['rewrites'].flatten.compact.each do |rewrite_details| -%> + <%- if rewrite_details['comment'] -%> + #<%= rewrite_details['comment'] %> + <%- end -%> + <%- if rewrite_details['rewrite_base'] -%> + RewriteBase <%= rewrite_details['rewrite_base'] %> + <%- end -%> + <%- if rewrite_details['rewrite_cond'] -%> + <%- Array(rewrite_details['rewrite_cond']).each do |commands| -%> + <%- Array(commands).each do |command| -%> + RewriteCond <%= command %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- Array(rewrite_details['rewrite_rule']).each do |commands| -%> + <%- Array(commands).each do |command| -%> + RewriteRule <%= command %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- end -%> + <%- if directory['setenv'] -%> + <%- Array(directory['setenv']).each do |setenv| -%> + SetEnv <%= setenv %> + <%- end -%> + <%- end -%> + <%- if directory['set_output_filter'] -%> + SetOutputFilter <%= directory['set_output_filter'] %> + <%- end -%> + <%- if @shibboleth_enabled -%> + <%- if directory['shib_require_session'] and ! directory['shib_require_session'].empty? -%> + ShibRequireSession <%= directory['shib_require_session'] %> + <%- end -%> + <%- if directory['shib_request_settings'] and ! directory['shib_request_settings'].empty? -%> + <%- directory['shib_request_settings'].each do |key,value| -%> + ShibRequestSetting <%= key %> <%= value %> + <%- end -%> + <%- end -%> + <%- if directory['shib_use_headers'] and ! directory['shib_use_headers'].empty? -%> + ShibUseHeaders <%= directory['shib_use_headers'] %> + <%- end -%> + <%- end -%> + <%- if directory['mellon_enable'] -%> + MellonEnable "<%= directory['mellon_enable'] %>" + <%- if directory['mellon_endpoint_path'] -%> + MellonEndpointPath "<%= directory['mellon_endpoint_path'] %>" + <%- end -%> + <%- if directory['mellon_sp_private_key_file'] -%> + MellonSPPrivateKeyFile "<%= directory['mellon_sp_private_key_file'] %>" + <%- end -%> + <%- if directory['mellon_sp_cert_file'] -%> + MellonSPCertFile "<%= directory['mellon_sp_cert_file'] %>" + <%- end -%> + <%- if directory['mellon_sp_metadata_file'] -%> + MellonSPMetadataFile "<%= directory['mellon_sp_metadata_file'] %>" + <%- end -%> + <%- if directory['mellon_idp_metadata_file'] -%> + MellonIDPMetadataFile "<%= directory['mellon_idp_metadata_file'] %>" + <%- end -%> + <%- if directory['mellon_set_env_no_prefix'] -%> + <%- directory['mellon_set_env_no_prefix'].each do |key, value| -%> + MellonSetEnvNoPrefix "<%= key %>" "<%= value %>" + <%- end -%> + <%- end -%> + <%- if directory['mellon_user'] -%> + MellonUser "<%= directory['mellon_user'] %>" + <%- end -%> + <%- if directory['mellon_saml_response_dump'] -%> + MellonSamlResponseDump "<%= directory['mellon_saml_response_dump'] %>" + <%- end -%> + <%- if directory['mellon_cond'] -%> + <%- Array(directory['mellon_cond']).each do |cond| -%> + MellonCond <%= cond %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- if directory['custom_fragment'] -%> + <%= directory['custom_fragment'] %> + <%- end -%> + > + <%- end -%> + <%- end -%> +<% end -%> + + ## Vhost docroot +<% if @virtual_docroot -%> + VirtualDocumentRoot "<%= @virtual_docroot %>" +<% elsif @docroot -%> + DocumentRoot "<%= @docroot %>" +<% end -%> +<% if @error_documents and ! @error_documents.empty? -%> + <%- [@error_documents].flatten.compact.each do |error_document| -%> + <%- if error_document["error_code"] != '' and error_document["document"] != '' -%> + ErrorDocument <%= error_document["error_code"] %> <%= error_document["document"] %> + <%- end -%> + <%- end -%> +<% end -%> +<% if @fallbackresource -%> + + FallbackResource <%= @fallbackresource %> +<% end -%> +<% if @fastcgi_server -%> + + FastCgiExternalServer <%= @fastcgi_server %> -socket <%= @fastcgi_socket -%> +<% unless @fastcgi_idle_timeout.nil? %> -idle-timeout <%= @fastcgi_idle_timeout %><% end %> +<% end -%> +<% if @fastcgi_dir -%> + + "> + Options +ExecCGI + AllowOverride All + SetHandler fastcgi-script + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require all granted + <%- else -%> + Order allow,deny + Allow From All + <%- end -%> + AuthBasicAuthoritative Off + + + AllowEncodedSlashes On + ServerSignature Off +<% end -%> + +# ************************************ +# Vhost template in module puppetlabs-apache +# Managed by Puppet +# ************************************ + +> +<% if @servername -%> + ServerName <%= @servername %> +<% end -%> +<% if @serveradmin -%> + ServerAdmin <%= @serveradmin %> +<% end -%> +<% if @filters and ! @filters.empty? -%> + + ## Filter module rules + ## as per http://httpd.apache.org/docs/2.2/mod/mod_filter.html + <%- Array(@filters).each do |filter| -%> + <%- if filter != '' -%> + <%= filter %> + <%- end -%> + <%- end -%> +<% end -%> +<% if @headers and ! @headers.empty? -%> + + ## Header rules + ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header + <%- Array(@headers).each do |header_statement| -%> + <%- if header_statement != '' -%> + Header <%= header_statement %> + <%- end -%> + <%- end -%> +<% end -%> +<% if @itk and ! @itk.empty? -%> + + ## ITK statement + + <%- if @itk["user"] and @itk["group"] -%> + AssignUserId <%= @itk["user"] %> <%= @itk["group"] %> + <%- end -%> + <%- if @itk["assignuseridexpr"] -%> + AssignUserIdExpr <%= @itk["assignuseridexpr"] %> + <%- end -%> + <%- if @itk["assigngroupidexpr"] -%> + AssignGroupIdExpr <%= @itk["assigngroupidexpr"] %> + <%- end -%> + <%- if @itk["maxclientvhost"] -%> + MaxClientsVHost <%= @itk["maxclientvhost"] %> + <%- end -%> + <%- if @itk["nice"] -%> + NiceValue <%= @itk["nice"] %> + <%- end -%> + <%- if @kernelversion >= '3.5.0' -%> + <%- if @itk["limituidrange"] -%> + LimitUIDRange <%= @itk["limituidrange"] %> + <%- end -%> + <%- if @itk["limitgidrange"] -%> + LimitGIDRange <%= @itk["limitgidrange"] %> + <%- end -%> + <%- end -%> + +<% end -%> +<% if @jk_mounts and not @jk_mounts.empty? -%> + + <%- @jk_mounts.each do |jk| -%> + <%- if jk.is_a?(Hash) -%> + <%- if jk.has_key?('mount') and jk.has_key?('worker') -%> + JkMount <%= jk['mount'] %> <%= jk['worker'] %> + <%- elsif jk.has_key?('unmount') and jk.has_key?('worker') -%> + JkUnMount <%= jk['unmount'] %> <%= jk['worker'] %> + <%- end -%> + <%- end -%> + <%- end -%> +<% end -%> +<% if @error_log or @log_level -%> + + ## Logging +<% end -%> +<% if @error_log -%> + ErrorLog "<%= @error_log_destination %>" +<% end -%> +<% if @log_level -%> + LogLevel <%= @log_level %> +<% end -%> +<% if @passenger_app_root -%> + PassengerAppRoot <%= @passenger_app_root %> +<% end -%> +<% if @passenger_app_env -%> + PassengerAppEnv <%= @passenger_app_env %> +<% end -%> +<% if @passenger_ruby -%> + PassengerRuby <%= @passenger_ruby %> +<% end -%> +<% if @passenger_min_instances -%> + PassengerMinInstances <%= @passenger_min_instances %> +<% end -%> +<% if @passenger_start_timeout -%> + PassengerStartTimeout <%= @passenger_start_timeout %> +<% end -%> +<% if @passenger_pre_start -%> + PassengerPreStart <%= @passenger_pre_start %> +<% end -%> +<% if @passenger_user -%> + PassengerUser <%= @passenger_user %> +<% end -%> +<% if @passenger_high_performance -%> + PassengerHighPerformance <%= scope.function_bool2httpd([@passenger_high_performance]) %> +<% end -%> +<% if @passenger_base_uris -%> + + ## Enable passenger base uris +<% Array(@passenger_base_uris).each do |uri| -%> + PassengerBaseURI <%= uri %> +<% end -%> +<% end -%> +<% if @php_values and not @php_values.empty? -%> + <%- @php_values.sort.each do |key,value| -%> + <%- if value.is_a? String -%> + php_value <%= key %> "<%= value %>" + <%- else -%> + php_value <%= key %> <%= value %> + <%- end -%> + <%- end -%> +<% end -%> +<% if @php_flags and not @php_flags.empty? -%> + <%- @php_flags.sort.each do |key,flag| -%> + <%-# normalize flag -%> + <%- if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%> + php_flag <%= key %> <%= flag %> + <%- end -%> +<% end -%> +<% if @php_admin_values and not @php_admin_values.empty? -%> + <%- @php_admin_values.sort.each do |key,value| -%> + php_admin_value <%= key %> <%= value %> + <%- end -%> +<% end -%> +<% if @php_admin_flags and not @php_admin_flags.empty? -%> + <%- @php_admin_flags.sort.each do |key,flag| -%> + <%-# normalize flag -%> + <%- if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%> + php_admin_flag <%= key %> <%= flag %> + <%- end -%> +<% end -%> +<% if @proxy_dest or @proxy_pass or @proxy_pass_match or @proxy_dest_match -%> + + ## Proxy rules + ProxyRequests Off +<%- end -%> +<% if @proxy_preserve_host -%> + ProxyPreserveHost On +<% else -%> + ProxyPreserveHost Off +<%- end -%> +<%- if defined?(@proxy_add_headers) -%> + <%- if @proxy_add_headers -%> + ProxyAddHeaders On + <%- else -%> + ProxyAddHeaders Off + <%- end -%> +<%- end -%> +<% if @proxy_error_override -%> + ProxyErrorOverride On +<%- end -%> +<%- [@proxy_pass].flatten.compact.each do |proxy| -%> + ProxyPass <%= proxy['path'] %> <%= proxy['url'] -%> + <%- if proxy['params'] -%> + <%- proxy['params'].keys.sort.each do |key| -%> <%= key %>=<%= proxy['params'][key] -%> + <%- end -%> + <%- end -%> + <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> + <%- end %> + <%- if not proxy['reverse_cookies'].nil? -%> + <%- Array(proxy['reverse_cookies']).each do |reverse_cookies| -%> + <%- if reverse_cookies['path'] -%> + ProxyPassReverseCookiePath <%= reverse_cookies['path'] %> <%= reverse_cookies['url'] %> + <%- end -%> + <%- if reverse_cookies['domain'] -%> + ProxyPassReverseCookieDomain <%= reverse_cookies['domain'] %> <%= reverse_cookies['url'] %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- if proxy['reverse_urls'].nil? -%> + ProxyPassReverse <%= proxy['path'] %> <%= proxy['url'] %> + <%- else -%> + <%- Array(proxy['reverse_urls']).each do |reverse_url| -%> + ProxyPassReverse <%= proxy['path'] %> <%= reverse_url %> + <%- end -%> + <%- end -%> + <%- if proxy['setenv'] -%> + <%- Array(proxy['setenv']).each do |setenv_var| -%> + SetEnv <%= setenv_var %> + <%- end -%> + <%- end -%> + <%- if proxy['options'] -%> + <%- proxy['options'].keys.sort.each do |key| -%> + <%= key %> <%= proxy['options'][key] %> + <%- end -%> + <%- end -%> +<% end -%> +<% [@proxy_pass_match].flatten.compact.each do |proxy| %> + ProxyPassMatch <%= proxy['path'] %> <%= proxy['url'] -%> + <%- if proxy['params'] -%> + <%- proxy['params'].keys.sort.each do |key| -%> <%= key %>=<%= proxy['params'][key] -%> + <%- end -%> + <%- end -%> + <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> + <%- end %> + <%- if proxy['reverse_urls'].nil? -%> + ProxyPassReverse <%= proxy['path'] %> <%= proxy['url'] %> + <%- else -%> + <%- Array(proxy['reverse_urls']).each do |reverse_url| -%> + ProxyPassReverse <%= proxy['path'] %> <%= reverse_url %> + <%- end -%> + <%- end -%> + <%- if proxy['setenv'] -%> + <%- Array(proxy['setenv']).each do |setenv_var| -%> + SetEnv <%= setenv_var %> + <%- end -%> + <%- end -%> +<% end -%> +<% if @proxy_dest -%> +<%- Array(@no_proxy_uris).each do |uri| -%> + ProxyPass <%= uri %> ! +<% end -%> + ProxyPass / <%= @proxy_dest %>/ + ProxyPassReverse / <%= @proxy_dest %>/ +<% end -%> +<% if @proxy_dest_match -%> +<%- Array(@no_proxy_uris_match).each do |uri| -%> + ProxyPassMatch <%= uri %> ! +<% end -%> + ProxyPassMatch / <%= @proxy_dest_match %>/ + ProxyPassReverse / <%= @proxy_dest_reverse_match %>/ +<% end -%> +<% if @rack_base_uris -%> + + ## Enable rack +<% Array(@rack_base_uris).each do |uri| -%> + RackBaseURI <%= uri %> +<% end -%> +<% end -%> +<% if @redirect_source and @redirect_dest -%> +<% @redirect_dest_a = Array(@redirect_dest) -%> +<% @redirect_source_a = Array(@redirect_source) -%> +<% @redirect_status_a = Array(@redirect_status) -%> + + ## Redirect rules + <%- @redirect_source_a.each_with_index do |source, i| -%> +<% @redirect_dest_a[i] ||= @redirect_dest_a[0] -%> +<% @redirect_status_a[i] ||= @redirect_status_a[0] -%> + Redirect <%= "#{@redirect_status_a[i]} " %><%= source %> <%= @redirect_dest_a[i] %> + <%- end -%> +<% end -%> +<%- if @redirectmatch_status and @redirectmatch_regexp and @redirectmatch_dest -%> +<% @redirectmatch_status_a = Array(@redirectmatch_status) -%> +<% @redirectmatch_regexp_a = Array(@redirectmatch_regexp) -%> +<% @redirectmatch_dest_a = Array(@redirectmatch_dest) -%> + + ## RedirectMatch rules + <%- @redirectmatch_status_a.each_with_index do |status, i| -%> +<% @redirectmatch_status_a[i] ||= @redirectmatch_status_a[0] -%> +<% @redirectmatch_regexp_a[i] ||= @redirectmatch_regexp_a[0] -%> +<% @redirectmatch_dest_a[i] ||= @redirectmatch_dest_a[0] -%> + RedirectMatch <%= "#{@redirectmatch_status_a[i]} " %> <%= @redirectmatch_regexp_a[i] %> <%= @redirectmatch_dest_a[i] %> + <%- end -%> +<%- elsif @redirectmatch_regexp and @redirectmatch_dest -%> +<% @redirectmatch_regexp_a = Array(@redirectmatch_regexp) -%> +<% @redirectmatch_dest_a = Array(@redirectmatch_dest) -%> + + ## RedirectMatch rules + <%- @redirectmatch_regexp_a.each_with_index do |status, i| -%> +<% @redirectmatch_regexp_a[i] ||= @redirectmatch_regexp_a[0] -%> +<% @redirectmatch_dest_a[i] ||= @redirectmatch_dest_a[0] -%> + RedirectMatch <%= @redirectmatch_regexp_a[i] %> <%= @redirectmatch_dest_a[i] %> + <%- end -%> +<% end -%> +<% if @request_headers and ! @request_headers.empty? -%> + + ## Request header rules + ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader + <%- Array(@request_headers).each do |request_statement| -%> + <%- if request_statement != '' -%> + RequestHeader <%= request_statement %> + <%- end -%> + <%- end -%> +<% end -%> +<%- _item = scope.lookupvar('_template_scope')[:item] -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if _item['require'] && _item['require'] != '' && _item['require'] !~ /unmanaged/i -%> + <%- if _item['require'].is_a?(Hash) -%> + <%- case _item['require']['enforce'].downcase -%> + <%- when 'all','none','any' then -%> + > + <%- Array(_item['require']['requires']).each do |req| -%> + Require <%= req.strip %> + <%- end -%> + > + <%- else -%> + <%- scope.function_warning(["Apache::Vhost: Require can only overwritten with all, none or any."]) -%> + <%- end -%> + <%- else -%> + <%- Array(_item['require']).each do |req| -%> + Require <%= req %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- if _item['auth_require'] -%> + Require <%= _item['auth_require'] %> + <%- end -%> + <%- if !(_item['require'] && _item['require'] != '') && _item['require'] !~ /unmanaged/i && !(_item['auth_require']) -%> + Require all granted + <%- end -%> +<%- else -%> + <%- if _item['auth_require'] -%> + Require <%= _item['auth_require'] %> + <%- end -%> + <%- if _item['order'] and _item['order'] != '' -%> + Order <%= Array(_item['order']).join(',') %> + <%- else -%> + Order allow,deny + <%- end -%> + <%- if _item['deny'] and ! [ false, 'false', '' ].include?(_item['deny']) -%> + <%- if _item['deny'].kind_of?(Array) -%> + <%- Array(_item['deny']).each do |restrict| -%> + Deny <%= restrict %> + <%- end -%> + <%- else -%> + Deny <%= _item['deny'] %> + <%- end -%> + <%- end -%> + <%- if _item['allow'] and ! [ false, 'false', '' ].include?(_item['allow']) -%> + <%- if _item['allow'].kind_of?(Array) -%> + <%- Array(_item['allow']).each do |access| -%> + Allow <%= access %> + <%- end -%> + <%- else -%> + Allow <%= _item['allow'] %> + <%- end -%> + <%- elsif [ 'from all', 'from All' ].include?(_item['deny']) -%> + <%- elsif ! _item['deny'] and [ false, 'false', '' ].include?(_item['allow']) -%> + Deny from all + <%- else -%> + Allow from all + <%- end -%> + <%- if _item['satisfy'] and _item['satisfy'] != '' -%> + Satisfy <%= _item['satisfy'] %> + <%- end -%> +<%- end -%> +<%- if @rewrites -%> + ## Rewrite rules + RewriteEngine On + <%- if @rewrite_base -%> + RewriteBase <%= @rewrite_base %> + <%- end -%> + + <%- [@rewrites].flatten.compact.each do |rewrite_details| -%> + <%- if rewrite_details['comment'] -%> + #<%= rewrite_details['comment'] %> + <%- end -%> + <%- if rewrite_details['rewrite_base'] -%> + RewriteBase <%= rewrite_details['rewrite_base'] %> + <%- end -%> + <%- if rewrite_details['rewrite_cond'] -%> + <%- Array(rewrite_details['rewrite_cond']).each do |commands| -%> + <%- Array(commands).each do |command| -%> + RewriteCond <%= command %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- if rewrite_details['rewrite_map'] -%> + <%- Array(rewrite_details['rewrite_map']).each do |commands| -%> + <%- Array(commands).each do |command| -%> + RewriteMap <%= command %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- Array(rewrite_details['rewrite_rule']).each do |commands| -%> + <%- Array(commands).each do |command| -%> + RewriteRule <%= command %> + <%- end -%> + + <%- end -%> + <%- end -%> +<%- end -%> +<%# reverse compatibility -%> +<% if @rewrite_rule and !@rewrites -%> + ## Rewrite rules + RewriteEngine On + <%- if @rewrite_base -%> + RewriteBase <%= @rewrite_base %> + <%- end -%> + <%- if @rewrite_cond -%> + <%- Array(@rewrite_cond).each do |cond| -%> + RewriteCond <%= cond %> + <%- end -%> + <%- end -%> + RewriteRule <%= @rewrite_rule %> +<%- end -%> +<%- if @scriptaliases.is_a?(Array) -%> +<%- aliases = @scriptaliases -%> +<%- elsif @scriptaliases.is_a?(Hash) -%> +<%- aliases = [@scriptaliases] -%> +<%- else -%> +<%- # Nothing to do with any other data type -%> +<%- aliases = [] -%> +<%- end -%> +<%- if @scriptalias or !aliases.empty? -%> + ## Script alias directives +<%# Combine scriptalais and scriptaliases into a single data structure -%> +<%# for backward compatibility and ease of implementation -%> +<%- aliases << { 'alias' => '/cgi-bin', 'path' => @scriptalias } if @scriptalias -%> +<%- aliases.flatten.compact! -%> +<%- aliases.each do |salias| -%> + <%- if salias["path"] != '' -%> + <%- if salias["alias"] and salias["alias"] != '' -%> + ScriptAlias <%= salias['alias'] %> "<%= salias['path'] %>" + <%- elsif salias["aliasmatch"] and salias["aliasmatch"] != '' -%> + ScriptAliasMatch <%= salias['aliasmatch'] %> "<%= salias['path'] %>" + <%- end -%> + <%- end -%> +<%- end -%> +<%- end -%> +<% if @modsec_disable_vhost -%> + SecRuleEngine Off +<% end -%> +<% if @_modsec_disable_ids.is_a?(Hash) -%> +<% @_modsec_disable_ids.each do |location,rules| -%> + > +<% Array(rules).each do |rule| -%> + SecRuleRemoveById <%= rule %> +<% end -%> + +<% end -%> +<% end -%> +<% ips = Array(@modsec_disable_ips).join(',') %> +<% if ips != '' %> + SecRule REMOTE_ADDR "<%= ips %>" "nolog,allow,id:1234123455" + SecAction "phase:2,pass,nolog,id:1234123456" +<% end -%> +<% if @_modsec_disable_msgs.is_a?(Hash) -%> +<% @_modsec_disable_msgs.each do |location,rules| -%> + > +<% Array(rules).each do |rule| -%> + SecRuleRemoveByMsg "<%= rule %>" +<% end -%> + +<% end -%> +<% end -%> +<% if @_modsec_disable_tags.is_a?(Hash) -%> +<% @_modsec_disable_tags.each do |location,rules| -%> + > +<% Array(rules).each do |rule| -%> + SecRuleRemoveByTag "<%= rule %>" +<% end -%> + +<% end -%> +<% end -%> +<% if @modsec_body_limit -%> + SecRequestBodyLimit <%= @modsec_body_limit %> +<% end -%> +<% if @serveraliases and ! @serveraliases.empty? -%> + + ## Server aliases + <%- Array(@serveraliases).each do |serveralias| -%> + ServerAlias <%= serveralias %> + <%- end -%> +<% end -%> + ServerSignature Off +<% if @setenv and ! @setenv.empty? -%> + + ## SetEnv/SetEnvIf for environment variables + <%- Array(@setenv).each do |envvar| -%> + SetEnv <%= envvar %> + <%- end -%> +<% end -%> +<% if @setenvif and ! @setenvif.empty? -%> + <%- Array(@setenvif).each do |envifvar| -%> + SetEnvIf <%= envifvar %> + <%- end -%> +<% end -%> +<% if @setenvifnocase and ! @setenvifnocase.empty? -%> + <%- Array(@setenvifnocase).each do |envifncvar| -%> + SetEnvIfNoCase <%= envifncvar %> + <%- end -%> +<% end -%> +<% if @ssl -%> + + ## SSL directives + SSLEngine on + SSLCertificateFile "<%= @ssl_cert %>" + SSLCertificateKeyFile "<%= @ssl_key %>" + <%- if @ssl_chain -%> + SSLCertificateChainFile "<%= @ssl_chain %>" + <%- end -%> + <%- if @ssl_certs_dir && @ssl_certs_dir != '' -%> + SSLCACertificatePath "<%= @ssl_certs_dir %>" + <%- end -%> + <%- if @ssl_ca -%> + SSLCACertificateFile "<%= @ssl_ca %>" + <%- end -%> + <%- if @ssl_crl_path -%> + SSLCARevocationPath "<%= @ssl_crl_path %>" + <%- end -%> + <%- if @ssl_crl -%> + SSLCARevocationFile "<%= @ssl_crl %>" + <%- end -%> + <%- if @ssl_crl_check && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + SSLCARevocationCheck "<%= @ssl_crl_check %>" + <%- end -%> + <%- if @ssl_protocol -%> + SSLProtocol <%= [@ssl_protocol].flatten.compact.join(' ') %> + <%- end -%> + <%- if @ssl_cipher -%> + SSLCipherSuite <%= @ssl_cipher %> + <%- end -%> + <%- if @ssl_honorcipherorder -%> + SSLHonorCipherOrder <%= @ssl_honorcipherorder %> + <%- end -%> + <%- if @ssl_verify_client -%> + SSLVerifyClient <%= @ssl_verify_client %> + <%- end -%> + <%- if @ssl_verify_depth -%> + SSLVerifyDepth <%= @ssl_verify_depth %> + <%- end -%> + <%- if @ssl_options -%> + SSLOptions <%= Array(@ssl_options).join(' ') %> + <%- end -%> + <%- if @ssl_openssl_conf_cmd -%> + SSLOpenSSLConfCmd <%= @ssl_openssl_conf_cmd %> + <%- end -%> +<% end -%> +<% if @ssl_proxyengine -%> + + # SSL Proxy directives + SSLProxyEngine On + <%- if @ssl_proxy_verify -%> + SSLProxyVerify <%= @ssl_proxy_verify %> + <%- end -%> + <%- if @ssl_proxy_check_peer_cn -%> + SSLProxyCheckPeerCN <%= @ssl_proxy_check_peer_cn %> + <%- end -%> + <%- if @ssl_proxy_check_peer_name -%> + SSLProxyCheckPeerName <%= @ssl_proxy_check_peer_name %> + <%- end -%> + <%- if @ssl_proxy_check_peer_expire -%> + SSLProxyCheckPeerExpire <%= @ssl_proxy_check_peer_expire %> + <%- end -%> + <%- if @ssl_proxy_machine_cert -%> + SSLProxyMachineCertificateFile "<%= @ssl_proxy_machine_cert %>" + <%- end -%> + <%- if @ssl_proxy_protocol -%> + SSLProxyProtocol <%= [@ssl_proxy_protocol].flatten.compact.join(' ') %> + <%- end -%> +<% end -%> +<% if @suexec_user_group -%> + + SuexecUserGroup <%= @suexec_user_group %> +<% end -%> +<% if @suphp_engine == 'on' -%> + <%- if @suphp_addhandler -%> + suPHP_AddHandler <%= @suphp_addhandler %> + <%- end -%> + <%- if @suphp_engine -%> + suPHP_Engine <%= @suphp_engine %> + <%- end -%> + <%- if @suphp_configpath -%> + suPHP_ConfigPath "<%= @suphp_configpath %>" + <%- end -%> +<% end -%> +<% if @wsgi_application_group -%> + WSGIApplicationGroup <%= @wsgi_application_group %> +<% end -%> +<% if @wsgi_daemon_process and @wsgi_daemon_process_options -%> + WSGIDaemonProcess <%= @wsgi_daemon_process %> <%= @wsgi_daemon_process_options.collect { |k,v| "#{k}=#{v}"}.sort.join(' ') %> +<% elsif @wsgi_daemon_process and !@wsgi_daemon_process_options -%> + WSGIDaemonProcess <%= @wsgi_daemon_process %> +<% end -%> +<% if @wsgi_import_script and @wsgi_import_script_options -%> + WSGIImportScript <%= @wsgi_import_script %> <%= @wsgi_import_script_options.collect { |k,v| "#{k}=#{v}"}.sort.join(' ') %> +<% end -%> +<% if @wsgi_process_group -%> + WSGIProcessGroup <%= @wsgi_process_group %> +<% end -%> +<% if @wsgi_script_aliases and ! @wsgi_script_aliases.empty? -%> + <%- @wsgi_script_aliases.keys.sort.each do |key| -%> + <%- if key != '' and @wsgi_script_aliases[key] != ''-%> + WSGIScriptAlias <%= key %> "<%= @wsgi_script_aliases[key] %>" + <%- end -%> + <%- end -%> +<% end -%> +<% if @wsgi_pass_authorization -%> + WSGIPassAuthorization <%= @wsgi_pass_authorization %> +<% end -%> +<% if @wsgi_chunked_request -%> + WSGIChunkedRequest <%= @wsgi_chunked_request %> +<% end -%> From 6e10d96fb1ab53084bd78d2197fb12de2965a311 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Thu, 28 Apr 2016 23:46:29 +0200 Subject: [PATCH 08/19] Added apache::vhost sample define with template Puppetlabs vhost fragments are not a good place for a POF. Used as default a simple vhost template imported from example42-apache and quickly adapted with tp data --- manifests/vhost.pp | 18 + templates/vhost/puppetlabs.conf.erb | 1020 ++++++++++++++++++++++++++ templates/vhost/vhost.conf.erb | 1036 +-------------------------- 3 files changed, 1070 insertions(+), 1004 deletions(-) create mode 100644 manifests/vhost.pp create mode 100644 templates/vhost/puppetlabs.conf.erb diff --git a/manifests/vhost.pp b/manifests/vhost.pp new file mode 100644 index 0000000..22c6b65 --- /dev/null +++ b/manifests/vhost.pp @@ -0,0 +1,18 @@ +define apache::vhost ( + Variant[Boolean,String] $ensure = present, + + String[1] $template = 'apache/vhost/vhost.conf.erb', + Hash $options = { }, + + Hash $settings = { }, + String[1] $data_module = 'apache', +) { + + tp::conf { "apache::${title}": + base_dir => 'vhost', + template => $template, + options_hash => $options + $::apache::options, + data_module => pick_default($::apache::data_module, $data_module), + } + +} diff --git a/templates/vhost/puppetlabs.conf.erb b/templates/vhost/puppetlabs.conf.erb new file mode 100644 index 0000000..c957a51 --- /dev/null +++ b/templates/vhost/puppetlabs.conf.erb @@ -0,0 +1,1020 @@ +<% @_access_logs.each do |log| -%> +<% env ||= "env=#{log['env']}" if log['env'] -%> +<% env ||= '' -%> +<% format ||= "\"#{log['format']}\"" if log['format'] -%> +<% format ||= 'combined' -%> +<% if log['file'] -%> +<% if log['file'].chars.first == '/' -%> +<% destination = "#{log['file']}" -%> +<% else -%> +<% destination = "#{@logroot}/#{log['file']}" -%> +<% end -%> +<% elsif log['syslog'] -%> +<% destination = log['syslog'] -%> +<% elsif log['pipe'] -%> +<% destination = log['pipe'] -%> +<% else -%> +<% destination ||= "#{@logroot}/#{@name}_access_ssl.log" if @ssl -%> +<% destination ||= "#{@logroot}/#{@name}_access.log" -%> +<% end -%> + CustomLog "<%= destination %>" <%= format %> <%= env %> +<% end -%> +<% if @action -%> + + Action <%= @action %> /cgi-bin virtual +<% end -%> +<% Array(@additional_includes).each do |include| -%> + + ## Load additional static includes +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 && @use_optional_includes -%> + IncludeOptional "<%= include %>" +<%- else -%> + Include "<%= include %>" +<%- end -%> +<% end -%> +<% if @aliases and ! @aliases.empty? -%> + ## Alias declarations for resources outside the DocumentRoot + <%- [@aliases].flatten.compact.each do |alias_statement| -%> + <%- if alias_statement["path"] != '' -%> + <%- if alias_statement["alias"] and alias_statement["alias"] != '' -%> + Alias <%= alias_statement["alias"] %> "<%= alias_statement["path"] %>" + <%- elsif alias_statement["aliasmatch"] and alias_statement["aliasmatch"] != '' -%> + AliasMatch <%= alias_statement["aliasmatch"] %> "<%= alias_statement["path"] %>" + <%- elsif alias_statement["scriptalias"] and alias_statement["scriptalias"] != '' -%> + ScriptAlias <%= alias_statement["scriptalias"] %> "<%= alias_statement["path"] %>" + <%- elsif alias_statement["scriptaliasmatch"] and alias_statement["scriptaliasmatch"] != '' -%> + ScriptAliasMatch <%= alias_statement["scriptaliasmatch"] %> "<%= alias_statement["path"] %>" + <%- end -%> + <%- end -%> + <%- end -%> +<% end -%> +<%- if @allow_encoded_slashes -%> + + AllowEncodedSlashes <%= @allow_encoded_slashes %> +<%- end -%> +<% if @auth_kerb -%> + + ## Kerberos directives + <%- if @krb_method_negotiate -%> + KrbMethodNegotiate <%= @krb_method_negotiate %> + <%- end -%> + <%- if @krb_method_k5passwd -%> + KrbMethodK5Passwd <%= @krb_method_k5passwd %> + <%- end -%> + <%- if @krb_authoritative -%> + KrbAuthoritative <%= @krb_authoritative %> + <%- end -%> + <%- if @krb_auth_realms and @krb_auth_realms.length >= 1 -%> + KrbAuthRealms <%= @krb_auth_realms.join(' ') %> + <%- end -%> + <%- if @krb_5keytab -%> + Krb5Keytab <%= @krb_5keytab %> + <%- end -%> + <%- if @krb_local_user_mapping -%> + KrbLocalUserMapping <%= @krb_local_user_mapping %> + <%- end -%> + <%- if @krb_verify_kdc -%> + KrbVerifyKDC <%= @krb_verify_kdc %> + <%- end -%> + <%- if @krb_servicename -%> + KrbServiceName <%= @krb_servicename %> + <%- end -%> + <%- if @krb_save_credentials -%> + KrbSaveCredentials <%= @krb_save_credentials -%> + <%- end -%> + +<% end -%> +<% if @block and ! @block.empty? -%> + + ## Block access statements +<% if @block.include? 'scm' -%> + # Block access to SCM directories. + + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require all denied + <%- else -%> + Deny From All + <%- end -%> + +<% end -%> +<% end -%> +<% if @add_default_charset -%> + + AddDefaultCharset <%= @add_default_charset %> +<% end -%> +<% if @custom_fragment -%> + + ## Custom fragment + <%= @custom_fragment %> +<% end -%> +<% if @_directories and ! @_directories.empty? -%> + + <%- scope.setvar('_template_scope', {}) -%> + ## Directories, there should at least be a declaration for <%= @docroot %> + <%- [@_directories].flatten.compact.each do |directory| -%> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%> + <%- scope.function_warning(["Apache::Vhost: Using allow is deprecated in your Apache version"]) -%> + <%- end -%> + <%- if directory['deny'] and ! [ false, 'false', '' ].include?(directory['deny']) -%> + <%- scope.function_warning(["Apache::Vhost: Using deny is deprecated in your Apache version"]) -%> + <%- end -%> + <%- if directory['order'] and ! [ false, 'false', '' ].include?(directory['order']) -%> + <%- scope.function_warning(["Apache::Vhost: Using order is deprecated in your Apache version"]) -%> + <%- end -%> + <%- if directory['satisfy'] and ! [ false, 'false', '' ].include?(directory['satisfy']) -%> + <%- scope.function_warning(["Apache::Vhost: Using satisfy is deprecated in your Apache version"]) -%> + <%- end -%> + <%- end -%> + <%- if directory['path'] and directory['path'] != '' -%> + <%- if directory['provider'] and directory['provider'].match('(directory|location|files|proxy)') -%> + <%- if /^(.*)match$/ =~ directory['provider'] -%> + <%- provider = $1.capitalize + 'Match' -%> + <%- else -%> + <%- provider = directory['provider'].capitalize -%> + <%- end -%> + <%- else -%> + <%- provider = 'Directory' -%> + <%- end -%> + <%- path = directory['path'] -%> + + <<%= provider %> "<%= path %>"> + <%- if directory['headers'] -%> + <%- Array(directory['headers']).each do |header| -%> + Header <%= header %> + <%- end -%> + <%- end -%> + <%- if ! directory['geoip_enable'].nil? -%> + GeoIPEnable <%= scope.function_bool2httpd([directory['geoip_enable']]) %> + <%- end -%> + <%- if directory['options'] -%> + Options <%= Array(directory['options']).join(' ') %> + <%- end -%> + <%- if provider == 'Directory' -%> + <%- if directory['index_options'] -%> + IndexOptions <%= Array(directory['index_options']).join(' ') %> + <%- end -%> + <%- if directory['index_order_default'] -%> + IndexOrderDefault <%= Array(directory['index_order_default']).join(' ') %> + <%- end -%> + <%- if directory['index_style_sheet'] -%> + IndexStyleSheet '<%= directory['index_style_sheet'] %>' + <%- end -%> + <%- if directory['allow_override'] -%> + AllowOverride <%= Array(directory['allow_override']).join(' ') %> + <%- elsif provider == 'Directory' -%> + AllowOverride None + <%- end -%> + <%- end -%> + <%- scope.lookupvar('_template_scope')[:item] = directory -%> +<%= scope.function_template(["apache/vhost/_require.erb"]) -%> + <%- if directory['limit'] && directory['limit'] != '' -%> + <%- Array(directory['limit']).each do |lim| -%> + > + <%- scope.lookupvar('_template_scope')[:item] = lim -%> + <%= scope.function_template(["apache/vhost/_require.erb"]) -%> + + <%- end -%> + <%- end -%> + <%- if directory['addhandlers'] and ! directory['addhandlers'].empty? -%> + <%- [directory['addhandlers']].flatten.compact.each do |addhandler| -%> + )$"> + SetHandler <%= addhandler['handler'] %> + + <%- end -%> + <%- end -%> + <%- if directory['sethandler'] and directory['sethandler'] != '' -%> + SetHandler <%= directory['sethandler'] %> + <%- end -%> + <%- if directory['passenger_enabled'] and directory['passenger_enabled'] != '' -%> + PassengerEnabled <%= directory['passenger_enabled'] %> + <%- end -%> + <%- if directory['php_flags'] and ! directory['php_flags'].empty? -%> + <%- directory['php_flags'].sort.each do |flag,value| -%> + <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> + php_flag <%= "#{flag} #{value}" %> + <%- end -%> + <%- end -%> + <%- if directory['php_values'] and ! directory['php_values'].empty? -%> + <%- directory['php_values'].sort.each do |key,value| -%> + php_value <%= "#{key} #{value}" %> + <%- end -%> + <%- end -%> + <%- if directory['php_admin_flags'] and ! directory['php_admin_flags'].empty? -%> + <%- directory['php_admin_flags'].sort.each do |flag,value| -%> + <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> + php_admin_flag <%= "#{flag} #{value}" %> + <%- end -%> + <%- end -%> + <%- if directory['php_admin_values'] and ! directory['php_admin_values'].empty? -%> + <%- directory['php_admin_values'].sort.each do |key,value| -%> + php_admin_value <%= "#{key} #{value}" %> + <%- end -%> + <%- end -%> + <%- if directory['directoryindex'] and directory['directoryindex'] != '' -%> + DirectoryIndex <%= directory['directoryindex'] %> + <%- end -%> + <%- if directory['additional_includes'] and ! directory['additional_includes'].empty? -%> + <%- directory['additional_includes'].each do |include| -%> + Include '<%= "#{include}" %>' + <%- end -%> + <%- end -%> + <%- if directory['error_documents'] and ! directory['error_documents'].empty? -%> + <%- [directory['error_documents']].flatten.compact.each do |error_document| -%> + ErrorDocument <%= error_document['error_code'] %> <%= error_document['document'] %> + <%- end -%> + <%- end -%> + <%- if directory['auth_type'] -%> + AuthType <%= directory['auth_type'] %> + <%- end -%> + <%- if directory['auth_name'] -%> + AuthName "<%= directory['auth_name'] %>" + <%- end -%> + <%- if directory['auth_digest_algorithm'] -%> + AuthDigestAlgorithm <%= directory['auth_digest_algorithm'] %> + <%- end -%> + <%- if directory['auth_digest_domain'] -%> + AuthDigestDomain <%= Array(directory['auth_digest_domain']).join(' ') %> + <%- end -%> + <%- if directory['auth_digest_nonce_lifetime'] -%> + AuthDigestNonceLifetime <%= directory['auth_digest_nonce_lifetime'] %> + <%- end -%> + <%- if directory['auth_digest_provider'] -%> + AuthDigestProvider <%= directory['auth_digest_provider'] %> + <%- end -%> + <%- if directory['auth_digest_qop'] -%> + AuthDigestQop <%= directory['auth_digest_qop'] %> + <%- end -%> + <%- if directory['auth_digest_shmem_size'] -%> + AuthDigestShmemSize <%= directory['auth_digest_shmem_size'] %> + <%- end -%> + <%- if directory['auth_basic_authoritative'] -%> + AuthBasicAuthoritative <%= directory['auth_basic_authoritative'] %> + <%- end -%> + <%- if directory['auth_basic_fake'] -%> + AuthBasicFake <%= directory['auth_basic_fake'] %> + <%- end -%> + <%- if directory['auth_basic_provider'] -%> + AuthBasicProvider <%= directory['auth_basic_provider'] %> + <%- end -%> + <%- if directory['auth_user_file'] -%> + AuthUserFile <%= directory['auth_user_file'] %> + <%- end -%> + <%- if directory['auth_group_file'] -%> + AuthGroupFile <%= directory['auth_group_file'] %> + <%- end -%> + <%- if directory['auth_merging'] -%> + AuthMerging <%= directory['auth_merging'] %> + <%- end -%> + <%- if directory['fallbackresource'] -%> + FallbackResource <%= directory['fallbackresource'] %> + <%- end -%> + <%- if directory['expires_active'] -%> + ExpiresActive <%= directory['expires_active'] %> + <%- end -%> + <%- if directory['expires_default'] -%> + ExpiresDefault <%= directory['expires_default'] %> + <%- end -%> + <%- if directory['expires_by_type'] -%> + <%- Array(directory['expires_by_type']).each do |rule| -%> + ExpiresByType <%= rule %> + <%- end -%> + <%- end -%> + <%- if directory['ext_filter_options'] -%> + ExtFilterOptions <%= directory['ext_filter_options'] %> + <%- end -%> + <%- if directory['force_type'] -%> + ForceType <%= directory['force_type'] %> + <%- end -%> + <%- if directory['ssl_options'] -%> + SSLOptions <%= Array(directory['ssl_options']).join(' ') %> + <%- end -%> + <%- if directory['suphp'] and @suphp_engine == 'on' -%> + suPHP_UserGroup <%= directory['suphp']['user'] %> <%= directory['suphp']['group'] %> + <%- end -%> + <%- if directory['fcgiwrapper'] -%> + FcgidWrapper <%= directory['fcgiwrapper']['command'] %> <%= directory['fcgiwrapper']['suffix'] %> <%= directory['fcgiwrapper']['virtual'] %> + <%- end -%> + <%- if directory['rewrites'] -%> + # Rewrite rules + RewriteEngine On + <%- directory['rewrites'].flatten.compact.each do |rewrite_details| -%> + <%- if rewrite_details['comment'] -%> + #<%= rewrite_details['comment'] %> + <%- end -%> + <%- if rewrite_details['rewrite_base'] -%> + RewriteBase <%= rewrite_details['rewrite_base'] %> + <%- end -%> + <%- if rewrite_details['rewrite_cond'] -%> + <%- Array(rewrite_details['rewrite_cond']).each do |commands| -%> + <%- Array(commands).each do |command| -%> + RewriteCond <%= command %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- Array(rewrite_details['rewrite_rule']).each do |commands| -%> + <%- Array(commands).each do |command| -%> + RewriteRule <%= command %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- end -%> + <%- if directory['setenv'] -%> + <%- Array(directory['setenv']).each do |setenv| -%> + SetEnv <%= setenv %> + <%- end -%> + <%- end -%> + <%- if directory['set_output_filter'] -%> + SetOutputFilter <%= directory['set_output_filter'] %> + <%- end -%> + <%- if @shibboleth_enabled -%> + <%- if directory['shib_require_session'] and ! directory['shib_require_session'].empty? -%> + ShibRequireSession <%= directory['shib_require_session'] %> + <%- end -%> + <%- if directory['shib_request_settings'] and ! directory['shib_request_settings'].empty? -%> + <%- directory['shib_request_settings'].each do |key,value| -%> + ShibRequestSetting <%= key %> <%= value %> + <%- end -%> + <%- end -%> + <%- if directory['shib_use_headers'] and ! directory['shib_use_headers'].empty? -%> + ShibUseHeaders <%= directory['shib_use_headers'] %> + <%- end -%> + <%- end -%> + <%- if directory['mellon_enable'] -%> + MellonEnable "<%= directory['mellon_enable'] %>" + <%- if directory['mellon_endpoint_path'] -%> + MellonEndpointPath "<%= directory['mellon_endpoint_path'] %>" + <%- end -%> + <%- if directory['mellon_sp_private_key_file'] -%> + MellonSPPrivateKeyFile "<%= directory['mellon_sp_private_key_file'] %>" + <%- end -%> + <%- if directory['mellon_sp_cert_file'] -%> + MellonSPCertFile "<%= directory['mellon_sp_cert_file'] %>" + <%- end -%> + <%- if directory['mellon_sp_metadata_file'] -%> + MellonSPMetadataFile "<%= directory['mellon_sp_metadata_file'] %>" + <%- end -%> + <%- if directory['mellon_idp_metadata_file'] -%> + MellonIDPMetadataFile "<%= directory['mellon_idp_metadata_file'] %>" + <%- end -%> + <%- if directory['mellon_set_env_no_prefix'] -%> + <%- directory['mellon_set_env_no_prefix'].each do |key, value| -%> + MellonSetEnvNoPrefix "<%= key %>" "<%= value %>" + <%- end -%> + <%- end -%> + <%- if directory['mellon_user'] -%> + MellonUser "<%= directory['mellon_user'] %>" + <%- end -%> + <%- if directory['mellon_saml_response_dump'] -%> + MellonSamlResponseDump "<%= directory['mellon_saml_response_dump'] %>" + <%- end -%> + <%- if directory['mellon_cond'] -%> + <%- Array(directory['mellon_cond']).each do |cond| -%> + MellonCond <%= cond %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- if directory['custom_fragment'] -%> + <%= directory['custom_fragment'] %> + <%- end -%> + > + <%- end -%> + <%- end -%> +<% end -%> + + ## Vhost docroot +<% if @virtual_docroot -%> + VirtualDocumentRoot "<%= @virtual_docroot %>" +<% elsif @docroot -%> + DocumentRoot "<%= @docroot %>" +<% end -%> +<% if @error_documents and ! @error_documents.empty? -%> + <%- [@error_documents].flatten.compact.each do |error_document| -%> + <%- if error_document["error_code"] != '' and error_document["document"] != '' -%> + ErrorDocument <%= error_document["error_code"] %> <%= error_document["document"] %> + <%- end -%> + <%- end -%> +<% end -%> +<% if @fallbackresource -%> + + FallbackResource <%= @fallbackresource %> +<% end -%> +<% if @fastcgi_server -%> + + FastCgiExternalServer <%= @fastcgi_server %> -socket <%= @fastcgi_socket -%> +<% unless @fastcgi_idle_timeout.nil? %> -idle-timeout <%= @fastcgi_idle_timeout %><% end %> +<% end -%> +<% if @fastcgi_dir -%> + + "> + Options +ExecCGI + AllowOverride All + SetHandler fastcgi-script + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require all granted + <%- else -%> + Order allow,deny + Allow From All + <%- end -%> + AuthBasicAuthoritative Off + + + AllowEncodedSlashes On + ServerSignature Off +<% end -%> + +# ************************************ +# Vhost template in module puppetlabs-apache +# Managed by Puppet +# ************************************ + +> +<% if @servername -%> + ServerName <%= @servername %> +<% end -%> +<% if @serveradmin -%> + ServerAdmin <%= @serveradmin %> +<% end -%> +<% if @filters and ! @filters.empty? -%> + + ## Filter module rules + ## as per http://httpd.apache.org/docs/2.2/mod/mod_filter.html + <%- Array(@filters).each do |filter| -%> + <%- if filter != '' -%> + <%= filter %> + <%- end -%> + <%- end -%> +<% end -%> +<% if @headers and ! @headers.empty? -%> + + ## Header rules + ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header + <%- Array(@headers).each do |header_statement| -%> + <%- if header_statement != '' -%> + Header <%= header_statement %> + <%- end -%> + <%- end -%> +<% end -%> +<% if @itk and ! @itk.empty? -%> + + ## ITK statement + + <%- if @itk["user"] and @itk["group"] -%> + AssignUserId <%= @itk["user"] %> <%= @itk["group"] %> + <%- end -%> + <%- if @itk["assignuseridexpr"] -%> + AssignUserIdExpr <%= @itk["assignuseridexpr"] %> + <%- end -%> + <%- if @itk["assigngroupidexpr"] -%> + AssignGroupIdExpr <%= @itk["assigngroupidexpr"] %> + <%- end -%> + <%- if @itk["maxclientvhost"] -%> + MaxClientsVHost <%= @itk["maxclientvhost"] %> + <%- end -%> + <%- if @itk["nice"] -%> + NiceValue <%= @itk["nice"] %> + <%- end -%> + <%- if @kernelversion >= '3.5.0' -%> + <%- if @itk["limituidrange"] -%> + LimitUIDRange <%= @itk["limituidrange"] %> + <%- end -%> + <%- if @itk["limitgidrange"] -%> + LimitGIDRange <%= @itk["limitgidrange"] %> + <%- end -%> + <%- end -%> + +<% end -%> +<% if @jk_mounts and not @jk_mounts.empty? -%> + + <%- @jk_mounts.each do |jk| -%> + <%- if jk.is_a?(Hash) -%> + <%- if jk.has_key?('mount') and jk.has_key?('worker') -%> + JkMount <%= jk['mount'] %> <%= jk['worker'] %> + <%- elsif jk.has_key?('unmount') and jk.has_key?('worker') -%> + JkUnMount <%= jk['unmount'] %> <%= jk['worker'] %> + <%- end -%> + <%- end -%> + <%- end -%> +<% end -%> +<% if @error_log or @log_level -%> + + ## Logging +<% end -%> +<% if @error_log -%> + ErrorLog "<%= @error_log_destination %>" +<% end -%> +<% if @log_level -%> + LogLevel <%= @log_level %> +<% end -%> +<% if @passenger_app_root -%> + PassengerAppRoot <%= @passenger_app_root %> +<% end -%> +<% if @passenger_app_env -%> + PassengerAppEnv <%= @passenger_app_env %> +<% end -%> +<% if @passenger_ruby -%> + PassengerRuby <%= @passenger_ruby %> +<% end -%> +<% if @passenger_min_instances -%> + PassengerMinInstances <%= @passenger_min_instances %> +<% end -%> +<% if @passenger_start_timeout -%> + PassengerStartTimeout <%= @passenger_start_timeout %> +<% end -%> +<% if @passenger_pre_start -%> + PassengerPreStart <%= @passenger_pre_start %> +<% end -%> +<% if @passenger_user -%> + PassengerUser <%= @passenger_user %> +<% end -%> +<% if @passenger_high_performance -%> + PassengerHighPerformance <%= scope.function_bool2httpd([@passenger_high_performance]) %> +<% end -%> +<% if @passenger_base_uris -%> + + ## Enable passenger base uris +<% Array(@passenger_base_uris).each do |uri| -%> + PassengerBaseURI <%= uri %> +<% end -%> +<% end -%> +<% if @php_values and not @php_values.empty? -%> + <%- @php_values.sort.each do |key,value| -%> + <%- if value.is_a? String -%> + php_value <%= key %> "<%= value %>" + <%- else -%> + php_value <%= key %> <%= value %> + <%- end -%> + <%- end -%> +<% end -%> +<% if @php_flags and not @php_flags.empty? -%> + <%- @php_flags.sort.each do |key,flag| -%> + <%-# normalize flag -%> + <%- if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%> + php_flag <%= key %> <%= flag %> + <%- end -%> +<% end -%> +<% if @php_admin_values and not @php_admin_values.empty? -%> + <%- @php_admin_values.sort.each do |key,value| -%> + php_admin_value <%= key %> <%= value %> + <%- end -%> +<% end -%> +<% if @php_admin_flags and not @php_admin_flags.empty? -%> + <%- @php_admin_flags.sort.each do |key,flag| -%> + <%-# normalize flag -%> + <%- if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%> + php_admin_flag <%= key %> <%= flag %> + <%- end -%> +<% end -%> +<% if @proxy_dest or @proxy_pass or @proxy_pass_match or @proxy_dest_match -%> + + ## Proxy rules + ProxyRequests Off +<%- end -%> +<% if @proxy_preserve_host -%> + ProxyPreserveHost On +<% else -%> + ProxyPreserveHost Off +<%- end -%> +<%- if defined?(@proxy_add_headers) -%> + <%- if @proxy_add_headers -%> + ProxyAddHeaders On + <%- else -%> + ProxyAddHeaders Off + <%- end -%> +<%- end -%> +<% if @proxy_error_override -%> + ProxyErrorOverride On +<%- end -%> +<%- [@proxy_pass].flatten.compact.each do |proxy| -%> + ProxyPass <%= proxy['path'] %> <%= proxy['url'] -%> + <%- if proxy['params'] -%> + <%- proxy['params'].keys.sort.each do |key| -%> <%= key %>=<%= proxy['params'][key] -%> + <%- end -%> + <%- end -%> + <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> + <%- end %> + <%- if not proxy['reverse_cookies'].nil? -%> + <%- Array(proxy['reverse_cookies']).each do |reverse_cookies| -%> + <%- if reverse_cookies['path'] -%> + ProxyPassReverseCookiePath <%= reverse_cookies['path'] %> <%= reverse_cookies['url'] %> + <%- end -%> + <%- if reverse_cookies['domain'] -%> + ProxyPassReverseCookieDomain <%= reverse_cookies['domain'] %> <%= reverse_cookies['url'] %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- if proxy['reverse_urls'].nil? -%> + ProxyPassReverse <%= proxy['path'] %> <%= proxy['url'] %> + <%- else -%> + <%- Array(proxy['reverse_urls']).each do |reverse_url| -%> + ProxyPassReverse <%= proxy['path'] %> <%= reverse_url %> + <%- end -%> + <%- end -%> + <%- if proxy['setenv'] -%> + <%- Array(proxy['setenv']).each do |setenv_var| -%> + SetEnv <%= setenv_var %> + <%- end -%> + <%- end -%> + <%- if proxy['options'] -%> + <%- proxy['options'].keys.sort.each do |key| -%> + <%= key %> <%= proxy['options'][key] %> + <%- end -%> + <%- end -%> +<% end -%> +<% [@proxy_pass_match].flatten.compact.each do |proxy| %> + ProxyPassMatch <%= proxy['path'] %> <%= proxy['url'] -%> + <%- if proxy['params'] -%> + <%- proxy['params'].keys.sort.each do |key| -%> <%= key %>=<%= proxy['params'][key] -%> + <%- end -%> + <%- end -%> + <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> + <%- end %> + <%- if proxy['reverse_urls'].nil? -%> + ProxyPassReverse <%= proxy['path'] %> <%= proxy['url'] %> + <%- else -%> + <%- Array(proxy['reverse_urls']).each do |reverse_url| -%> + ProxyPassReverse <%= proxy['path'] %> <%= reverse_url %> + <%- end -%> + <%- end -%> + <%- if proxy['setenv'] -%> + <%- Array(proxy['setenv']).each do |setenv_var| -%> + SetEnv <%= setenv_var %> + <%- end -%> + <%- end -%> +<% end -%> +<% if @proxy_dest -%> +<%- Array(@no_proxy_uris).each do |uri| -%> + ProxyPass <%= uri %> ! +<% end -%> + ProxyPass / <%= @proxy_dest %>/ + ProxyPassReverse / <%= @proxy_dest %>/ +<% end -%> +<% if @proxy_dest_match -%> +<%- Array(@no_proxy_uris_match).each do |uri| -%> + ProxyPassMatch <%= uri %> ! +<% end -%> + ProxyPassMatch / <%= @proxy_dest_match %>/ + ProxyPassReverse / <%= @proxy_dest_reverse_match %>/ +<% end -%> +<% if @rack_base_uris -%> + + ## Enable rack +<% Array(@rack_base_uris).each do |uri| -%> + RackBaseURI <%= uri %> +<% end -%> +<% end -%> +<% if @redirect_source and @redirect_dest -%> +<% @redirect_dest_a = Array(@redirect_dest) -%> +<% @redirect_source_a = Array(@redirect_source) -%> +<% @redirect_status_a = Array(@redirect_status) -%> + + ## Redirect rules + <%- @redirect_source_a.each_with_index do |source, i| -%> +<% @redirect_dest_a[i] ||= @redirect_dest_a[0] -%> +<% @redirect_status_a[i] ||= @redirect_status_a[0] -%> + Redirect <%= "#{@redirect_status_a[i]} " %><%= source %> <%= @redirect_dest_a[i] %> + <%- end -%> +<% end -%> +<%- if @redirectmatch_status and @redirectmatch_regexp and @redirectmatch_dest -%> +<% @redirectmatch_status_a = Array(@redirectmatch_status) -%> +<% @redirectmatch_regexp_a = Array(@redirectmatch_regexp) -%> +<% @redirectmatch_dest_a = Array(@redirectmatch_dest) -%> + + ## RedirectMatch rules + <%- @redirectmatch_status_a.each_with_index do |status, i| -%> +<% @redirectmatch_status_a[i] ||= @redirectmatch_status_a[0] -%> +<% @redirectmatch_regexp_a[i] ||= @redirectmatch_regexp_a[0] -%> +<% @redirectmatch_dest_a[i] ||= @redirectmatch_dest_a[0] -%> + RedirectMatch <%= "#{@redirectmatch_status_a[i]} " %> <%= @redirectmatch_regexp_a[i] %> <%= @redirectmatch_dest_a[i] %> + <%- end -%> +<%- elsif @redirectmatch_regexp and @redirectmatch_dest -%> +<% @redirectmatch_regexp_a = Array(@redirectmatch_regexp) -%> +<% @redirectmatch_dest_a = Array(@redirectmatch_dest) -%> + + ## RedirectMatch rules + <%- @redirectmatch_regexp_a.each_with_index do |status, i| -%> +<% @redirectmatch_regexp_a[i] ||= @redirectmatch_regexp_a[0] -%> +<% @redirectmatch_dest_a[i] ||= @redirectmatch_dest_a[0] -%> + RedirectMatch <%= @redirectmatch_regexp_a[i] %> <%= @redirectmatch_dest_a[i] %> + <%- end -%> +<% end -%> +<% if @request_headers and ! @request_headers.empty? -%> + + ## Request header rules + ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader + <%- Array(@request_headers).each do |request_statement| -%> + <%- if request_statement != '' -%> + RequestHeader <%= request_statement %> + <%- end -%> + <%- end -%> +<% end -%> +<%- _item = scope.lookupvar('_template_scope')[:item] -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + <%- if _item['require'] && _item['require'] != '' && _item['require'] !~ /unmanaged/i -%> + <%- if _item['require'].is_a?(Hash) -%> + <%- case _item['require']['enforce'].downcase -%> + <%- when 'all','none','any' then -%> + > + <%- Array(_item['require']['requires']).each do |req| -%> + Require <%= req.strip %> + <%- end -%> + > + <%- else -%> + <%- scope.function_warning(["Apache::Vhost: Require can only overwritten with all, none or any."]) -%> + <%- end -%> + <%- else -%> + <%- Array(_item['require']).each do |req| -%> + Require <%= req %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- if _item['auth_require'] -%> + Require <%= _item['auth_require'] %> + <%- end -%> + <%- if !(_item['require'] && _item['require'] != '') && _item['require'] !~ /unmanaged/i && !(_item['auth_require']) -%> + Require all granted + <%- end -%> +<%- else -%> + <%- if _item['auth_require'] -%> + Require <%= _item['auth_require'] %> + <%- end -%> + <%- if _item['order'] and _item['order'] != '' -%> + Order <%= Array(_item['order']).join(',') %> + <%- else -%> + Order allow,deny + <%- end -%> + <%- if _item['deny'] and ! [ false, 'false', '' ].include?(_item['deny']) -%> + <%- if _item['deny'].kind_of?(Array) -%> + <%- Array(_item['deny']).each do |restrict| -%> + Deny <%= restrict %> + <%- end -%> + <%- else -%> + Deny <%= _item['deny'] %> + <%- end -%> + <%- end -%> + <%- if _item['allow'] and ! [ false, 'false', '' ].include?(_item['allow']) -%> + <%- if _item['allow'].kind_of?(Array) -%> + <%- Array(_item['allow']).each do |access| -%> + Allow <%= access %> + <%- end -%> + <%- else -%> + Allow <%= _item['allow'] %> + <%- end -%> + <%- elsif [ 'from all', 'from All' ].include?(_item['deny']) -%> + <%- elsif ! _item['deny'] and [ false, 'false', '' ].include?(_item['allow']) -%> + Deny from all + <%- else -%> + Allow from all + <%- end -%> + <%- if _item['satisfy'] and _item['satisfy'] != '' -%> + Satisfy <%= _item['satisfy'] %> + <%- end -%> +<%- end -%> +<%- if @rewrites -%> + ## Rewrite rules + RewriteEngine On + <%- if @rewrite_base -%> + RewriteBase <%= @rewrite_base %> + <%- end -%> + + <%- [@rewrites].flatten.compact.each do |rewrite_details| -%> + <%- if rewrite_details['comment'] -%> + #<%= rewrite_details['comment'] %> + <%- end -%> + <%- if rewrite_details['rewrite_base'] -%> + RewriteBase <%= rewrite_details['rewrite_base'] %> + <%- end -%> + <%- if rewrite_details['rewrite_cond'] -%> + <%- Array(rewrite_details['rewrite_cond']).each do |commands| -%> + <%- Array(commands).each do |command| -%> + RewriteCond <%= command %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- if rewrite_details['rewrite_map'] -%> + <%- Array(rewrite_details['rewrite_map']).each do |commands| -%> + <%- Array(commands).each do |command| -%> + RewriteMap <%= command %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- Array(rewrite_details['rewrite_rule']).each do |commands| -%> + <%- Array(commands).each do |command| -%> + RewriteRule <%= command %> + <%- end -%> + + <%- end -%> + <%- end -%> +<%- end -%> +<%# reverse compatibility -%> +<% if @rewrite_rule and !@rewrites -%> + ## Rewrite rules + RewriteEngine On + <%- if @rewrite_base -%> + RewriteBase <%= @rewrite_base %> + <%- end -%> + <%- if @rewrite_cond -%> + <%- Array(@rewrite_cond).each do |cond| -%> + RewriteCond <%= cond %> + <%- end -%> + <%- end -%> + RewriteRule <%= @rewrite_rule %> +<%- end -%> +<%- if @scriptaliases.is_a?(Array) -%> +<%- aliases = @scriptaliases -%> +<%- elsif @scriptaliases.is_a?(Hash) -%> +<%- aliases = [@scriptaliases] -%> +<%- else -%> +<%- # Nothing to do with any other data type -%> +<%- aliases = [] -%> +<%- end -%> +<%- if @scriptalias or !aliases.empty? -%> + ## Script alias directives +<%# Combine scriptalais and scriptaliases into a single data structure -%> +<%# for backward compatibility and ease of implementation -%> +<%- aliases << { 'alias' => '/cgi-bin', 'path' => @scriptalias } if @scriptalias -%> +<%- aliases.flatten.compact! -%> +<%- aliases.each do |salias| -%> + <%- if salias["path"] != '' -%> + <%- if salias["alias"] and salias["alias"] != '' -%> + ScriptAlias <%= salias['alias'] %> "<%= salias['path'] %>" + <%- elsif salias["aliasmatch"] and salias["aliasmatch"] != '' -%> + ScriptAliasMatch <%= salias['aliasmatch'] %> "<%= salias['path'] %>" + <%- end -%> + <%- end -%> +<%- end -%> +<%- end -%> +<% if @modsec_disable_vhost -%> + SecRuleEngine Off +<% end -%> +<% if @_modsec_disable_ids.is_a?(Hash) -%> +<% @_modsec_disable_ids.each do |location,rules| -%> + > +<% Array(rules).each do |rule| -%> + SecRuleRemoveById <%= rule %> +<% end -%> + +<% end -%> +<% end -%> +<% ips = Array(@modsec_disable_ips).join(',') %> +<% if ips != '' %> + SecRule REMOTE_ADDR "<%= ips %>" "nolog,allow,id:1234123455" + SecAction "phase:2,pass,nolog,id:1234123456" +<% end -%> +<% if @_modsec_disable_msgs.is_a?(Hash) -%> +<% @_modsec_disable_msgs.each do |location,rules| -%> + > +<% Array(rules).each do |rule| -%> + SecRuleRemoveByMsg "<%= rule %>" +<% end -%> + +<% end -%> +<% end -%> +<% if @_modsec_disable_tags.is_a?(Hash) -%> +<% @_modsec_disable_tags.each do |location,rules| -%> + > +<% Array(rules).each do |rule| -%> + SecRuleRemoveByTag "<%= rule %>" +<% end -%> + +<% end -%> +<% end -%> +<% if @modsec_body_limit -%> + SecRequestBodyLimit <%= @modsec_body_limit %> +<% end -%> +<% if @serveraliases and ! @serveraliases.empty? -%> + + ## Server aliases + <%- Array(@serveraliases).each do |serveralias| -%> + ServerAlias <%= serveralias %> + <%- end -%> +<% end -%> + ServerSignature Off +<% if @setenv and ! @setenv.empty? -%> + + ## SetEnv/SetEnvIf for environment variables + <%- Array(@setenv).each do |envvar| -%> + SetEnv <%= envvar %> + <%- end -%> +<% end -%> +<% if @setenvif and ! @setenvif.empty? -%> + <%- Array(@setenvif).each do |envifvar| -%> + SetEnvIf <%= envifvar %> + <%- end -%> +<% end -%> +<% if @setenvifnocase and ! @setenvifnocase.empty? -%> + <%- Array(@setenvifnocase).each do |envifncvar| -%> + SetEnvIfNoCase <%= envifncvar %> + <%- end -%> +<% end -%> +<% if @ssl -%> + + ## SSL directives + SSLEngine on + SSLCertificateFile "<%= @ssl_cert %>" + SSLCertificateKeyFile "<%= @ssl_key %>" + <%- if @ssl_chain -%> + SSLCertificateChainFile "<%= @ssl_chain %>" + <%- end -%> + <%- if @ssl_certs_dir && @ssl_certs_dir != '' -%> + SSLCACertificatePath "<%= @ssl_certs_dir %>" + <%- end -%> + <%- if @ssl_ca -%> + SSLCACertificateFile "<%= @ssl_ca %>" + <%- end -%> + <%- if @ssl_crl_path -%> + SSLCARevocationPath "<%= @ssl_crl_path %>" + <%- end -%> + <%- if @ssl_crl -%> + SSLCARevocationFile "<%= @ssl_crl %>" + <%- end -%> + <%- if @ssl_crl_check && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + SSLCARevocationCheck "<%= @ssl_crl_check %>" + <%- end -%> + <%- if @ssl_protocol -%> + SSLProtocol <%= [@ssl_protocol].flatten.compact.join(' ') %> + <%- end -%> + <%- if @ssl_cipher -%> + SSLCipherSuite <%= @ssl_cipher %> + <%- end -%> + <%- if @ssl_honorcipherorder -%> + SSLHonorCipherOrder <%= @ssl_honorcipherorder %> + <%- end -%> + <%- if @ssl_verify_client -%> + SSLVerifyClient <%= @ssl_verify_client %> + <%- end -%> + <%- if @ssl_verify_depth -%> + SSLVerifyDepth <%= @ssl_verify_depth %> + <%- end -%> + <%- if @ssl_options -%> + SSLOptions <%= Array(@ssl_options).join(' ') %> + <%- end -%> + <%- if @ssl_openssl_conf_cmd -%> + SSLOpenSSLConfCmd <%= @ssl_openssl_conf_cmd %> + <%- end -%> +<% end -%> +<% if @ssl_proxyengine -%> + + # SSL Proxy directives + SSLProxyEngine On + <%- if @ssl_proxy_verify -%> + SSLProxyVerify <%= @ssl_proxy_verify %> + <%- end -%> + <%- if @ssl_proxy_check_peer_cn -%> + SSLProxyCheckPeerCN <%= @ssl_proxy_check_peer_cn %> + <%- end -%> + <%- if @ssl_proxy_check_peer_name -%> + SSLProxyCheckPeerName <%= @ssl_proxy_check_peer_name %> + <%- end -%> + <%- if @ssl_proxy_check_peer_expire -%> + SSLProxyCheckPeerExpire <%= @ssl_proxy_check_peer_expire %> + <%- end -%> + <%- if @ssl_proxy_machine_cert -%> + SSLProxyMachineCertificateFile "<%= @ssl_proxy_machine_cert %>" + <%- end -%> + <%- if @ssl_proxy_protocol -%> + SSLProxyProtocol <%= [@ssl_proxy_protocol].flatten.compact.join(' ') %> + <%- end -%> +<% end -%> +<% if @suexec_user_group -%> + + SuexecUserGroup <%= @suexec_user_group %> +<% end -%> +<% if @suphp_engine == 'on' -%> + <%- if @suphp_addhandler -%> + suPHP_AddHandler <%= @suphp_addhandler %> + <%- end -%> + <%- if @suphp_engine -%> + suPHP_Engine <%= @suphp_engine %> + <%- end -%> + <%- if @suphp_configpath -%> + suPHP_ConfigPath "<%= @suphp_configpath %>" + <%- end -%> +<% end -%> +<% if @wsgi_application_group -%> + WSGIApplicationGroup <%= @wsgi_application_group %> +<% end -%> +<% if @wsgi_daemon_process and @wsgi_daemon_process_options -%> + WSGIDaemonProcess <%= @wsgi_daemon_process %> <%= @wsgi_daemon_process_options.collect { |k,v| "#{k}=#{v}"}.sort.join(' ') %> +<% elsif @wsgi_daemon_process and !@wsgi_daemon_process_options -%> + WSGIDaemonProcess <%= @wsgi_daemon_process %> +<% end -%> +<% if @wsgi_import_script and @wsgi_import_script_options -%> + WSGIImportScript <%= @wsgi_import_script %> <%= @wsgi_import_script_options.collect { |k,v| "#{k}=#{v}"}.sort.join(' ') %> +<% end -%> +<% if @wsgi_process_group -%> + WSGIProcessGroup <%= @wsgi_process_group %> +<% end -%> +<% if @wsgi_script_aliases and ! @wsgi_script_aliases.empty? -%> + <%- @wsgi_script_aliases.keys.sort.each do |key| -%> + <%- if key != '' and @wsgi_script_aliases[key] != ''-%> + WSGIScriptAlias <%= key %> "<%= @wsgi_script_aliases[key] %>" + <%- end -%> + <%- end -%> +<% end -%> +<% if @wsgi_pass_authorization -%> + WSGIPassAuthorization <%= @wsgi_pass_authorization %> +<% end -%> +<% if @wsgi_chunked_request -%> + WSGIChunkedRequest <%= @wsgi_chunked_request %> +<% end -%> diff --git a/templates/vhost/vhost.conf.erb b/templates/vhost/vhost.conf.erb index c957a51..fa198da 100644 --- a/templates/vhost/vhost.conf.erb +++ b/templates/vhost/vhost.conf.erb @@ -1,1020 +1,48 @@ -<% @_access_logs.each do |log| -%> -<% env ||= "env=#{log['env']}" if log['env'] -%> -<% env ||= '' -%> -<% format ||= "\"#{log['format']}\"" if log['format'] -%> -<% format ||= 'combined' -%> -<% if log['file'] -%> -<% if log['file'].chars.first == '/' -%> -<% destination = "#{log['file']}" -%> -<% else -%> -<% destination = "#{@logroot}/#{log['file']}" -%> -<% end -%> -<% elsif log['syslog'] -%> -<% destination = log['syslog'] -%> -<% elsif log['pipe'] -%> -<% destination = log['pipe'] -%> -<% else -%> -<% destination ||= "#{@logroot}/#{@name}_access_ssl.log" if @ssl -%> -<% destination ||= "#{@logroot}/#{@name}_access.log" -%> -<% end -%> - CustomLog "<%= destination %>" <%= format %> <%= env %> -<% end -%> -<% if @action -%> - - Action <%= @action %> /cgi-bin virtual -<% end -%> -<% Array(@additional_includes).each do |include| -%> - - ## Load additional static includes -<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 && @use_optional_includes -%> - IncludeOptional "<%= include %>" -<%- else -%> - Include "<%= include %>" -<%- end -%> -<% end -%> -<% if @aliases and ! @aliases.empty? -%> - ## Alias declarations for resources outside the DocumentRoot - <%- [@aliases].flatten.compact.each do |alias_statement| -%> - <%- if alias_statement["path"] != '' -%> - <%- if alias_statement["alias"] and alias_statement["alias"] != '' -%> - Alias <%= alias_statement["alias"] %> "<%= alias_statement["path"] %>" - <%- elsif alias_statement["aliasmatch"] and alias_statement["aliasmatch"] != '' -%> - AliasMatch <%= alias_statement["aliasmatch"] %> "<%= alias_statement["path"] %>" - <%- elsif alias_statement["scriptalias"] and alias_statement["scriptalias"] != '' -%> - ScriptAlias <%= alias_statement["scriptalias"] %> "<%= alias_statement["path"] %>" - <%- elsif alias_statement["scriptaliasmatch"] and alias_statement["scriptaliasmatch"] != '' -%> - ScriptAliasMatch <%= alias_statement["scriptaliasmatch"] %> "<%= alias_statement["path"] %>" - <%- end -%> - <%- end -%> - <%- end -%> -<% end -%> -<%- if @allow_encoded_slashes -%> - - AllowEncodedSlashes <%= @allow_encoded_slashes %> -<%- end -%> -<% if @auth_kerb -%> - - ## Kerberos directives - <%- if @krb_method_negotiate -%> - KrbMethodNegotiate <%= @krb_method_negotiate %> - <%- end -%> - <%- if @krb_method_k5passwd -%> - KrbMethodK5Passwd <%= @krb_method_k5passwd %> - <%- end -%> - <%- if @krb_authoritative -%> - KrbAuthoritative <%= @krb_authoritative %> - <%- end -%> - <%- if @krb_auth_realms and @krb_auth_realms.length >= 1 -%> - KrbAuthRealms <%= @krb_auth_realms.join(' ') %> - <%- end -%> - <%- if @krb_5keytab -%> - Krb5Keytab <%= @krb_5keytab %> - <%- end -%> - <%- if @krb_local_user_mapping -%> - KrbLocalUserMapping <%= @krb_local_user_mapping %> - <%- end -%> - <%- if @krb_verify_kdc -%> - KrbVerifyKDC <%= @krb_verify_kdc %> - <%- end -%> - <%- if @krb_servicename -%> - KrbServiceName <%= @krb_servicename %> - <%- end -%> - <%- if @krb_save_credentials -%> - KrbSaveCredentials <%= @krb_save_credentials -%> - <%- end -%> - -<% end -%> -<% if @block and ! @block.empty? -%> - - ## Block access statements -<% if @block.include? 'scm' -%> - # Block access to SCM directories. - - <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> - Require all denied - <%- else -%> - Deny From All - <%- end -%> - -<% end -%> -<% end -%> -<% if @add_default_charset -%> - - AddDefaultCharset <%= @add_default_charset %> -<% end -%> -<% if @custom_fragment -%> - - ## Custom fragment - <%= @custom_fragment %> -<% end -%> -<% if @_directories and ! @_directories.empty? -%> - - <%- scope.setvar('_template_scope', {}) -%> - ## Directories, there should at least be a declaration for <%= @docroot %> - <%- [@_directories].flatten.compact.each do |directory| -%> - <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> - <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%> - <%- scope.function_warning(["Apache::Vhost: Using allow is deprecated in your Apache version"]) -%> - <%- end -%> - <%- if directory['deny'] and ! [ false, 'false', '' ].include?(directory['deny']) -%> - <%- scope.function_warning(["Apache::Vhost: Using deny is deprecated in your Apache version"]) -%> - <%- end -%> - <%- if directory['order'] and ! [ false, 'false', '' ].include?(directory['order']) -%> - <%- scope.function_warning(["Apache::Vhost: Using order is deprecated in your Apache version"]) -%> - <%- end -%> - <%- if directory['satisfy'] and ! [ false, 'false', '' ].include?(directory['satisfy']) -%> - <%- scope.function_warning(["Apache::Vhost: Using satisfy is deprecated in your Apache version"]) -%> - <%- end -%> - <%- end -%> - <%- if directory['path'] and directory['path'] != '' -%> - <%- if directory['provider'] and directory['provider'].match('(directory|location|files|proxy)') -%> - <%- if /^(.*)match$/ =~ directory['provider'] -%> - <%- provider = $1.capitalize + 'Match' -%> - <%- else -%> - <%- provider = directory['provider'].capitalize -%> - <%- end -%> - <%- else -%> - <%- provider = 'Directory' -%> - <%- end -%> - <%- path = directory['path'] -%> +# File Managed by Tiny Puppet - <<%= provider %> "<%= path %>"> - <%- if directory['headers'] -%> - <%- Array(directory['headers']).each do |header| -%> - Header <%= header %> - <%- end -%> - <%- end -%> - <%- if ! directory['geoip_enable'].nil? -%> - GeoIPEnable <%= scope.function_bool2httpd([directory['geoip_enable']]) %> - <%- end -%> - <%- if directory['options'] -%> - Options <%= Array(directory['options']).join(' ') %> - <%- end -%> - <%- if provider == 'Directory' -%> - <%- if directory['index_options'] -%> - IndexOptions <%= Array(directory['index_options']).join(' ') %> - <%- end -%> - <%- if directory['index_order_default'] -%> - IndexOrderDefault <%= Array(directory['index_order_default']).join(' ') %> - <%- end -%> - <%- if directory['index_style_sheet'] -%> - IndexStyleSheet '<%= directory['index_style_sheet'] %>' - <%- end -%> - <%- if directory['allow_override'] -%> - AllowOverride <%= Array(directory['allow_override']).join(' ') %> - <%- elsif provider == 'Directory' -%> - AllowOverride None - <%- end -%> - <%- end -%> - <%- scope.lookupvar('_template_scope')[:item] = directory -%> -<%= scope.function_template(["apache/vhost/_require.erb"]) -%> - <%- if directory['limit'] && directory['limit'] != '' -%> - <%- Array(directory['limit']).each do |lim| -%> - > - <%- scope.lookupvar('_template_scope')[:item] = lim -%> - <%= scope.function_template(["apache/vhost/_require.erb"]) -%> - - <%- end -%> - <%- end -%> - <%- if directory['addhandlers'] and ! directory['addhandlers'].empty? -%> - <%- [directory['addhandlers']].flatten.compact.each do |addhandler| -%> - )$"> - SetHandler <%= addhandler['handler'] %> - - <%- end -%> - <%- end -%> - <%- if directory['sethandler'] and directory['sethandler'] != '' -%> - SetHandler <%= directory['sethandler'] %> - <%- end -%> - <%- if directory['passenger_enabled'] and directory['passenger_enabled'] != '' -%> - PassengerEnabled <%= directory['passenger_enabled'] %> - <%- end -%> - <%- if directory['php_flags'] and ! directory['php_flags'].empty? -%> - <%- directory['php_flags'].sort.each do |flag,value| -%> - <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> - php_flag <%= "#{flag} #{value}" %> - <%- end -%> - <%- end -%> - <%- if directory['php_values'] and ! directory['php_values'].empty? -%> - <%- directory['php_values'].sort.each do |key,value| -%> - php_value <%= "#{key} #{value}" %> - <%- end -%> - <%- end -%> - <%- if directory['php_admin_flags'] and ! directory['php_admin_flags'].empty? -%> - <%- directory['php_admin_flags'].sort.each do |flag,value| -%> - <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> - php_admin_flag <%= "#{flag} #{value}" %> - <%- end -%> - <%- end -%> - <%- if directory['php_admin_values'] and ! directory['php_admin_values'].empty? -%> - <%- directory['php_admin_values'].sort.each do |key,value| -%> - php_admin_value <%= "#{key} #{value}" %> - <%- end -%> - <%- end -%> - <%- if directory['directoryindex'] and directory['directoryindex'] != '' -%> - DirectoryIndex <%= directory['directoryindex'] %> - <%- end -%> - <%- if directory['additional_includes'] and ! directory['additional_includes'].empty? -%> - <%- directory['additional_includes'].each do |include| -%> - Include '<%= "#{include}" %>' - <%- end -%> - <%- end -%> - <%- if directory['error_documents'] and ! directory['error_documents'].empty? -%> - <%- [directory['error_documents']].flatten.compact.each do |error_document| -%> - ErrorDocument <%= error_document['error_code'] %> <%= error_document['document'] %> - <%- end -%> - <%- end -%> - <%- if directory['auth_type'] -%> - AuthType <%= directory['auth_type'] %> - <%- end -%> - <%- if directory['auth_name'] -%> - AuthName "<%= directory['auth_name'] %>" - <%- end -%> - <%- if directory['auth_digest_algorithm'] -%> - AuthDigestAlgorithm <%= directory['auth_digest_algorithm'] %> - <%- end -%> - <%- if directory['auth_digest_domain'] -%> - AuthDigestDomain <%= Array(directory['auth_digest_domain']).join(' ') %> - <%- end -%> - <%- if directory['auth_digest_nonce_lifetime'] -%> - AuthDigestNonceLifetime <%= directory['auth_digest_nonce_lifetime'] %> - <%- end -%> - <%- if directory['auth_digest_provider'] -%> - AuthDigestProvider <%= directory['auth_digest_provider'] %> - <%- end -%> - <%- if directory['auth_digest_qop'] -%> - AuthDigestQop <%= directory['auth_digest_qop'] %> - <%- end -%> - <%- if directory['auth_digest_shmem_size'] -%> - AuthDigestShmemSize <%= directory['auth_digest_shmem_size'] %> - <%- end -%> - <%- if directory['auth_basic_authoritative'] -%> - AuthBasicAuthoritative <%= directory['auth_basic_authoritative'] %> - <%- end -%> - <%- if directory['auth_basic_fake'] -%> - AuthBasicFake <%= directory['auth_basic_fake'] %> - <%- end -%> - <%- if directory['auth_basic_provider'] -%> - AuthBasicProvider <%= directory['auth_basic_provider'] %> - <%- end -%> - <%- if directory['auth_user_file'] -%> - AuthUserFile <%= directory['auth_user_file'] %> - <%- end -%> - <%- if directory['auth_group_file'] -%> - AuthGroupFile <%= directory['auth_group_file'] %> - <%- end -%> - <%- if directory['auth_merging'] -%> - AuthMerging <%= directory['auth_merging'] %> - <%- end -%> - <%- if directory['fallbackresource'] -%> - FallbackResource <%= directory['fallbackresource'] %> - <%- end -%> - <%- if directory['expires_active'] -%> - ExpiresActive <%= directory['expires_active'] %> - <%- end -%> - <%- if directory['expires_default'] -%> - ExpiresDefault <%= directory['expires_default'] %> - <%- end -%> - <%- if directory['expires_by_type'] -%> - <%- Array(directory['expires_by_type']).each do |rule| -%> - ExpiresByType <%= rule %> - <%- end -%> - <%- end -%> - <%- if directory['ext_filter_options'] -%> - ExtFilterOptions <%= directory['ext_filter_options'] %> - <%- end -%> - <%- if directory['force_type'] -%> - ForceType <%= directory['force_type'] %> - <%- end -%> - <%- if directory['ssl_options'] -%> - SSLOptions <%= Array(directory['ssl_options']).join(' ') %> - <%- end -%> - <%- if directory['suphp'] and @suphp_engine == 'on' -%> - suPHP_UserGroup <%= directory['suphp']['user'] %> <%= directory['suphp']['group'] %> - <%- end -%> - <%- if directory['fcgiwrapper'] -%> - FcgidWrapper <%= directory['fcgiwrapper']['command'] %> <%= directory['fcgiwrapper']['suffix'] %> <%= directory['fcgiwrapper']['virtual'] %> - <%- end -%> - <%- if directory['rewrites'] -%> - # Rewrite rules - RewriteEngine On - <%- directory['rewrites'].flatten.compact.each do |rewrite_details| -%> - <%- if rewrite_details['comment'] -%> - #<%= rewrite_details['comment'] %> - <%- end -%> - <%- if rewrite_details['rewrite_base'] -%> - RewriteBase <%= rewrite_details['rewrite_base'] %> - <%- end -%> - <%- if rewrite_details['rewrite_cond'] -%> - <%- Array(rewrite_details['rewrite_cond']).each do |commands| -%> - <%- Array(commands).each do |command| -%> - RewriteCond <%= command %> - <%- end -%> - <%- end -%> - <%- end -%> - <%- Array(rewrite_details['rewrite_rule']).each do |commands| -%> - <%- Array(commands).each do |command| -%> - RewriteRule <%= command %> - <%- end -%> - <%- end -%> - <%- end -%> - <%- end -%> - <%- if directory['setenv'] -%> - <%- Array(directory['setenv']).each do |setenv| -%> - SetEnv <%= setenv %> - <%- end -%> - <%- end -%> - <%- if directory['set_output_filter'] -%> - SetOutputFilter <%= directory['set_output_filter'] %> - <%- end -%> - <%- if @shibboleth_enabled -%> - <%- if directory['shib_require_session'] and ! directory['shib_require_session'].empty? -%> - ShibRequireSession <%= directory['shib_require_session'] %> - <%- end -%> - <%- if directory['shib_request_settings'] and ! directory['shib_request_settings'].empty? -%> - <%- directory['shib_request_settings'].each do |key,value| -%> - ShibRequestSetting <%= key %> <%= value %> - <%- end -%> - <%- end -%> - <%- if directory['shib_use_headers'] and ! directory['shib_use_headers'].empty? -%> - ShibUseHeaders <%= directory['shib_use_headers'] %> - <%- end -%> - <%- end -%> - <%- if directory['mellon_enable'] -%> - MellonEnable "<%= directory['mellon_enable'] %>" - <%- if directory['mellon_endpoint_path'] -%> - MellonEndpointPath "<%= directory['mellon_endpoint_path'] %>" - <%- end -%> - <%- if directory['mellon_sp_private_key_file'] -%> - MellonSPPrivateKeyFile "<%= directory['mellon_sp_private_key_file'] %>" - <%- end -%> - <%- if directory['mellon_sp_cert_file'] -%> - MellonSPCertFile "<%= directory['mellon_sp_cert_file'] %>" - <%- end -%> - <%- if directory['mellon_sp_metadata_file'] -%> - MellonSPMetadataFile "<%= directory['mellon_sp_metadata_file'] %>" - <%- end -%> - <%- if directory['mellon_idp_metadata_file'] -%> - MellonIDPMetadataFile "<%= directory['mellon_idp_metadata_file'] %>" - <%- end -%> - <%- if directory['mellon_set_env_no_prefix'] -%> - <%- directory['mellon_set_env_no_prefix'].each do |key, value| -%> - MellonSetEnvNoPrefix "<%= key %>" "<%= value %>" - <%- end -%> - <%- end -%> - <%- if directory['mellon_user'] -%> - MellonUser "<%= directory['mellon_user'] %>" - <%- end -%> - <%- if directory['mellon_saml_response_dump'] -%> - MellonSamlResponseDump "<%= directory['mellon_saml_response_dump'] %>" - <%- end -%> - <%- if directory['mellon_cond'] -%> - <%- Array(directory['mellon_cond']).each do |cond| -%> - MellonCond <%= cond %> - <%- end -%> - <%- end -%> - <%- end -%> - <%- if directory['custom_fragment'] -%> - <%= directory['custom_fragment'] %> - <%- end -%> - > - <%- end -%> - <%- end -%> -<% end -%> - - ## Vhost docroot -<% if @virtual_docroot -%> - VirtualDocumentRoot "<%= @virtual_docroot %>" -<% elsif @docroot -%> - DocumentRoot "<%= @docroot %>" -<% end -%> -<% if @error_documents and ! @error_documents.empty? -%> - <%- [@error_documents].flatten.compact.each do |error_document| -%> - <%- if error_document["error_code"] != '' and error_document["document"] != '' -%> - ErrorDocument <%= error_document["error_code"] %> <%= error_document["document"] %> - <%- end -%> - <%- end -%> -<% end -%> -<% if @fallbackresource -%> - - FallbackResource <%= @fallbackresource %> -<% end -%> -<% if @fastcgi_server -%> - - FastCgiExternalServer <%= @fastcgi_server %> -socket <%= @fastcgi_socket -%> -<% unless @fastcgi_idle_timeout.nil? %> -idle-timeout <%= @fastcgi_idle_timeout %><% end %> -<% end -%> -<% if @fastcgi_dir -%> - - "> - Options +ExecCGI - AllowOverride All - SetHandler fastcgi-script - <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> - Require all granted - <%- else -%> - Order allow,deny - Allow From All - <%- end -%> - AuthBasicAuthoritative Off - - - AllowEncodedSlashes On - ServerSignature Off -<% end -%> - -# ************************************ -# Vhost template in module puppetlabs-apache -# Managed by Puppet -# ************************************ - -> -<% if @servername -%> - ServerName <%= @servername %> -<% end -%> -<% if @serveradmin -%> - ServerAdmin <%= @serveradmin %> -<% end -%> -<% if @filters and ! @filters.empty? -%> - - ## Filter module rules - ## as per http://httpd.apache.org/docs/2.2/mod/mod_filter.html - <%- Array(@filters).each do |filter| -%> - <%- if filter != '' -%> - <%= filter %> - <%- end -%> - <%- end -%> -<% end -%> -<% if @headers and ! @headers.empty? -%> - - ## Header rules - ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header - <%- Array(@headers).each do |header_statement| -%> - <%- if header_statement != '' -%> - Header <%= header_statement %> - <%- end -%> - <%- end -%> -<% end -%> -<% if @itk and ! @itk.empty? -%> - - ## ITK statement - - <%- if @itk["user"] and @itk["group"] -%> - AssignUserId <%= @itk["user"] %> <%= @itk["group"] %> - <%- end -%> - <%- if @itk["assignuseridexpr"] -%> - AssignUserIdExpr <%= @itk["assignuseridexpr"] %> - <%- end -%> - <%- if @itk["assigngroupidexpr"] -%> - AssignGroupIdExpr <%= @itk["assigngroupidexpr"] %> - <%- end -%> - <%- if @itk["maxclientvhost"] -%> - MaxClientsVHost <%= @itk["maxclientvhost"] %> - <%- end -%> - <%- if @itk["nice"] -%> - NiceValue <%= @itk["nice"] %> - <%- end -%> - <%- if @kernelversion >= '3.5.0' -%> - <%- if @itk["limituidrange"] -%> - LimitUIDRange <%= @itk["limituidrange"] %> - <%- end -%> - <%- if @itk["limitgidrange"] -%> - LimitGIDRange <%= @itk["limitgidrange"] %> - <%- end -%> - <%- end -%> - -<% end -%> -<% if @jk_mounts and not @jk_mounts.empty? -%> - - <%- @jk_mounts.each do |jk| -%> - <%- if jk.is_a?(Hash) -%> - <%- if jk.has_key?('mount') and jk.has_key?('worker') -%> - JkMount <%= jk['mount'] %> <%= jk['worker'] %> - <%- elsif jk.has_key?('unmount') and jk.has_key?('worker') -%> - JkUnMount <%= jk['unmount'] %> <%= jk['worker'] %> - <%- end -%> - <%- end -%> - <%- end -%> -<% end -%> -<% if @error_log or @log_level -%> - - ## Logging -<% end -%> -<% if @error_log -%> - ErrorLog "<%= @error_log_destination %>" -<% end -%> -<% if @log_level -%> - LogLevel <%= @log_level %> -<% end -%> -<% if @passenger_app_root -%> - PassengerAppRoot <%= @passenger_app_root %> -<% end -%> -<% if @passenger_app_env -%> - PassengerAppEnv <%= @passenger_app_env %> -<% end -%> -<% if @passenger_ruby -%> - PassengerRuby <%= @passenger_ruby %> +> + ServerAdmin <%= @options['server_admin_email'] ||= 'webmaster@options['localhost' %> + DocumentRoot <%= @options['real_docroot'] %> +<% if @options['server_name_value'] != false -%> + ServerName <%= @options['server_name_value'] %> <% end -%> -<% if @passenger_min_instances -%> - PassengerMinInstances <%= @passenger_min_instances %> -<% end -%> -<% if @passenger_start_timeout -%> - PassengerStartTimeout <%= @passenger_start_timeout %> -<% end -%> -<% if @passenger_pre_start -%> - PassengerPreStart <%= @passenger_pre_start %> -<% end -%> -<% if @passenger_user -%> - PassengerUser <%= @passenger_user %> -<% end -%> -<% if @passenger_high_performance -%> - PassengerHighPerformance <%= scope.function_bool2httpd([@passenger_high_performance]) %> -<% end -%> -<% if @passenger_base_uris -%> - - ## Enable passenger base uris -<% Array(@passenger_base_uris).each do |uri| -%> - PassengerBaseURI <%= uri %> -<% end -%> -<% end -%> -<% if @php_values and not @php_values.empty? -%> - <%- @php_values.sort.each do |key,value| -%> - <%- if value.is_a? String -%> - php_value <%= key %> "<%= value %>" - <%- else -%> - php_value <%= key %> <%= value %> - <%- end -%> - <%- end -%> -<% end -%> -<% if @php_flags and not @php_flags.empty? -%> - <%- @php_flags.sort.each do |key,flag| -%> - <%-# normalize flag -%> - <%- if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%> - php_flag <%= key %> <%= flag %> - <%- end -%> -<% end -%> -<% if @php_admin_values and not @php_admin_values.empty? -%> - <%- @php_admin_values.sort.each do |key,value| -%> - php_admin_value <%= key %> <%= value %> - <%- end -%> -<% end -%> -<% if @php_admin_flags and not @php_admin_flags.empty? -%> - <%- @php_admin_flags.sort.each do |key,flag| -%> - <%-# normalize flag -%> - <%- if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%> - php_admin_flag <%= key %> <%= flag %> - <%- end -%> -<% end -%> -<% if @proxy_dest or @proxy_pass or @proxy_pass_match or @proxy_dest_match -%> - - ## Proxy rules - ProxyRequests Off -<%- end -%> -<% if @proxy_preserve_host -%> - ProxyPreserveHost On +<% if @options['serveraliases'] != "" -%> +<% if @options['serveraliases'].is_a? Array -%> + ServerAlias <%= @options['serveraliases'].flatten.join(" ") %> <% else -%> - ProxyPreserveHost Off -<%- end -%> -<%- if defined?(@proxy_add_headers) -%> - <%- if @proxy_add_headers -%> - ProxyAddHeaders On - <%- else -%> - ProxyAddHeaders Off - <%- end -%> -<%- end -%> -<% if @proxy_error_override -%> - ProxyErrorOverride On -<%- end -%> -<%- [@proxy_pass].flatten.compact.each do |proxy| -%> - ProxyPass <%= proxy['path'] %> <%= proxy['url'] -%> - <%- if proxy['params'] -%> - <%- proxy['params'].keys.sort.each do |key| -%> <%= key %>=<%= proxy['params'][key] -%> - <%- end -%> - <%- end -%> - <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> - <%- end %> - <%- if not proxy['reverse_cookies'].nil? -%> - <%- Array(proxy['reverse_cookies']).each do |reverse_cookies| -%> - <%- if reverse_cookies['path'] -%> - ProxyPassReverseCookiePath <%= reverse_cookies['path'] %> <%= reverse_cookies['url'] %> - <%- end -%> - <%- if reverse_cookies['domain'] -%> - ProxyPassReverseCookieDomain <%= reverse_cookies['domain'] %> <%= reverse_cookies['url'] %> - <%- end -%> - <%- end -%> - <%- end -%> - <%- if proxy['reverse_urls'].nil? -%> - ProxyPassReverse <%= proxy['path'] %> <%= proxy['url'] %> - <%- else -%> - <%- Array(proxy['reverse_urls']).each do |reverse_url| -%> - ProxyPassReverse <%= proxy['path'] %> <%= reverse_url %> - <%- end -%> - <%- end -%> - <%- if proxy['setenv'] -%> - <%- Array(proxy['setenv']).each do |setenv_var| -%> - SetEnv <%= setenv_var %> - <%- end -%> - <%- end -%> - <%- if proxy['options'] -%> - <%- proxy['options'].keys.sort.each do |key| -%> - <%= key %> <%= proxy['options'][key] %> - <%- end -%> - <%- end -%> -<% end -%> -<% [@proxy_pass_match].flatten.compact.each do |proxy| %> - ProxyPassMatch <%= proxy['path'] %> <%= proxy['url'] -%> - <%- if proxy['params'] -%> - <%- proxy['params'].keys.sort.each do |key| -%> <%= key %>=<%= proxy['params'][key] -%> - <%- end -%> - <%- end -%> - <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> - <%- end %> - <%- if proxy['reverse_urls'].nil? -%> - ProxyPassReverse <%= proxy['path'] %> <%= proxy['url'] %> - <%- else -%> - <%- Array(proxy['reverse_urls']).each do |reverse_url| -%> - ProxyPassReverse <%= proxy['path'] %> <%= reverse_url %> - <%- end -%> - <%- end -%> - <%- if proxy['setenv'] -%> - <%- Array(proxy['setenv']).each do |setenv_var| -%> - SetEnv <%= setenv_var %> - <%- end -%> - <%- end -%> -<% end -%> -<% if @proxy_dest -%> -<%- Array(@no_proxy_uris).each do |uri| -%> - ProxyPass <%= uri %> ! + ServerAlias <%= @options['serveraliases'] %> <% end -%> - ProxyPass / <%= @proxy_dest %>/ - ProxyPassReverse / <%= @proxy_dest %>/ <% end -%> -<% if @proxy_dest_match -%> -<%- Array(@no_proxy_uris_match).each do |uri| -%> - ProxyPassMatch <%= uri %> ! -<% end -%> - ProxyPassMatch / <%= @proxy_dest_match %>/ - ProxyPassReverse / <%= @proxy_dest_reverse_match %>/ -<% end -%> -<% if @rack_base_uris -%> - - ## Enable rack -<% Array(@rack_base_uris).each do |uri| -%> - RackBaseURI <%= uri %> +<% if @options['env_variables'] != "" -%> +<% if env_variables.is_a? Array -%> +<% env_variables.each do |envvars| -%> + SetEnv <%= envvars %> <% end -%> <% end -%> -<% if @redirect_source and @redirect_dest -%> -<% @redirect_dest_a = Array(@redirect_dest) -%> -<% @redirect_source_a = Array(@redirect_source) -%> -<% @redirect_status_a = Array(@redirect_status) -%> - - ## Redirect rules - <%- @redirect_source_a.each_with_index do |source, i| -%> -<% @redirect_dest_a[i] ||= @redirect_dest_a[0] -%> -<% @redirect_status_a[i] ||= @redirect_status_a[0] -%> - Redirect <%= "#{@redirect_status_a[i]} " %><%= source %> <%= @redirect_dest_a[i] %> - <%- end -%> -<% end -%> -<%- if @redirectmatch_status and @redirectmatch_regexp and @redirectmatch_dest -%> -<% @redirectmatch_status_a = Array(@redirectmatch_status) -%> -<% @redirectmatch_regexp_a = Array(@redirectmatch_regexp) -%> -<% @redirectmatch_dest_a = Array(@redirectmatch_dest) -%> - - ## RedirectMatch rules - <%- @redirectmatch_status_a.each_with_index do |status, i| -%> -<% @redirectmatch_status_a[i] ||= @redirectmatch_status_a[0] -%> -<% @redirectmatch_regexp_a[i] ||= @redirectmatch_regexp_a[0] -%> -<% @redirectmatch_dest_a[i] ||= @redirectmatch_dest_a[0] -%> - RedirectMatch <%= "#{@redirectmatch_status_a[i]} " %> <%= @redirectmatch_regexp_a[i] %> <%= @redirectmatch_dest_a[i] %> - <%- end -%> -<%- elsif @redirectmatch_regexp and @redirectmatch_dest -%> -<% @redirectmatch_regexp_a = Array(@redirectmatch_regexp) -%> -<% @redirectmatch_dest_a = Array(@redirectmatch_dest) -%> - - ## RedirectMatch rules - <%- @redirectmatch_regexp_a.each_with_index do |status, i| -%> -<% @redirectmatch_regexp_a[i] ||= @redirectmatch_regexp_a[0] -%> -<% @redirectmatch_dest_a[i] ||= @redirectmatch_dest_a[0] -%> - RedirectMatch <%= @redirectmatch_regexp_a[i] %> <%= @redirectmatch_dest_a[i] %> - <%- end -%> -<% end -%> -<% if @request_headers and ! @request_headers.empty? -%> - - ## Request header rules - ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader - <%- Array(@request_headers).each do |request_statement| -%> - <%- if request_statement != '' -%> - RequestHeader <%= request_statement %> - <%- end -%> - <%- end -%> <% end -%> -<%- _item = scope.lookupvar('_template_scope')[:item] -%> -<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> - <%- if _item['require'] && _item['require'] != '' && _item['require'] !~ /unmanaged/i -%> - <%- if _item['require'].is_a?(Hash) -%> - <%- case _item['require']['enforce'].downcase -%> - <%- when 'all','none','any' then -%> - > - <%- Array(_item['require']['requires']).each do |req| -%> - Require <%= req.strip %> - <%- end -%> - > - <%- else -%> - <%- scope.function_warning(["Apache::Vhost: Require can only overwritten with all, none or any."]) -%> - <%- end -%> - <%- else -%> - <%- Array(_item['require']).each do |req| -%> - Require <%= req %> - <%- end -%> - <%- end -%> - <%- end -%> - <%- if _item['auth_require'] -%> - Require <%= _item['auth_require'] %> - <%- end -%> - <%- if !(_item['require'] && _item['require'] != '') && _item['require'] !~ /unmanaged/i && !(_item['auth_require']) -%> - Require all granted - <%- end -%> -<%- else -%> - <%- if _item['auth_require'] -%> - Require <%= _item['auth_require'] %> - <%- end -%> - <%- if _item['order'] and _item['order'] != '' -%> - Order <%= Array(_item['order']).join(',') %> - <%- else -%> - Order allow,deny - <%- end -%> - <%- if _item['deny'] and ! [ false, 'false', '' ].include?(_item['deny']) -%> - <%- if _item['deny'].kind_of?(Array) -%> - <%- Array(_item['deny']).each do |restrict| -%> - Deny <%= restrict %> - <%- end -%> - <%- else -%> - Deny <%= _item['deny'] %> - <%- end -%> - <%- end -%> - <%- if _item['allow'] and ! [ false, 'false', '' ].include?(_item['allow']) -%> - <%- if _item['allow'].kind_of?(Array) -%> - <%- Array(_item['allow']).each do |access| -%> - Allow <%= access %> - <%- end -%> - <%- else -%> - Allow <%= _item['allow'] %> - <%- end -%> - <%- elsif [ 'from all', 'from All' ].include?(_item['deny']) -%> - <%- elsif ! _item['deny'] and [ false, 'false', '' ].include?(_item['allow']) -%> - Deny from all - <%- else -%> - Allow from all - <%- end -%> - <%- if _item['satisfy'] and _item['satisfy'] != '' -%> - Satisfy <%= _item['satisfy'] %> - <%- end -%> -<%- end -%> -<%- if @rewrites -%> - ## Rewrite rules - RewriteEngine On - <%- if @rewrite_base -%> - RewriteBase <%= @rewrite_base %> - <%- end -%> - - <%- [@rewrites].flatten.compact.each do |rewrite_details| -%> - <%- if rewrite_details['comment'] -%> - #<%= rewrite_details['comment'] %> - <%- end -%> - <%- if rewrite_details['rewrite_base'] -%> - RewriteBase <%= rewrite_details['rewrite_base'] %> - <%- end -%> - <%- if rewrite_details['rewrite_cond'] -%> - <%- Array(rewrite_details['rewrite_cond']).each do |commands| -%> - <%- Array(commands).each do |command| -%> - RewriteCond <%= command %> - <%- end -%> - <%- end -%> - <%- end -%> - <%- if rewrite_details['rewrite_map'] -%> - <%- Array(rewrite_details['rewrite_map']).each do |commands| -%> - <%- Array(commands).each do |command| -%> - RewriteMap <%= command %> - <%- end -%> - <%- end -%> - <%- end -%> - <%- Array(rewrite_details['rewrite_rule']).each do |commands| -%> - <%- Array(commands).each do |command| -%> - RewriteRule <%= command %> - <%- end -%> - <%- end -%> - <%- end -%> -<%- end -%> -<%# reverse compatibility -%> -<% if @rewrite_rule and !@rewrites -%> - ## Rewrite rules - RewriteEngine On - <%- if @rewrite_base -%> - RewriteBase <%= @rewrite_base %> - <%- end -%> - <%- if @rewrite_cond -%> - <%- Array(@rewrite_cond).each do |cond| -%> - RewriteCond <%= cond %> - <%- end -%> - <%- end -%> - RewriteRule <%= @rewrite_rule %> -<%- end -%> -<%- if @scriptaliases.is_a?(Array) -%> -<%- aliases = @scriptaliases -%> -<%- elsif @scriptaliases.is_a?(Hash) -%> -<%- aliases = [@scriptaliases] -%> -<%- else -%> -<%- # Nothing to do with any other data type -%> -<%- aliases = [] -%> -<%- end -%> -<%- if @scriptalias or !aliases.empty? -%> - ## Script alias directives -<%# Combine scriptalais and scriptaliases into a single data structure -%> -<%# for backward compatibility and ease of implementation -%> -<%- aliases << { 'alias' => '/cgi-bin', 'path' => @scriptalias } if @scriptalias -%> -<%- aliases.flatten.compact! -%> -<%- aliases.each do |salias| -%> - <%- if salias["path"] != '' -%> - <%- if salias["alias"] and salias["alias"] != '' -%> - ScriptAlias <%= salias['alias'] %> "<%= salias['path'] %>" - <%- elsif salias["aliasmatch"] and salias["aliasmatch"] != '' -%> - ScriptAliasMatch <%= salias['aliasmatch'] %> "<%= salias['path'] %>" - <%- end -%> - <%- end -%> -<%- end -%> -<%- end -%> -<% if @modsec_disable_vhost -%> - SecRuleEngine Off -<% end -%> -<% if @_modsec_disable_ids.is_a?(Hash) -%> -<% @_modsec_disable_ids.each do |location,rules| -%> - > -<% Array(rules).each do |rule| -%> - SecRuleRemoveById <%= rule %> -<% end -%> - -<% end -%> -<% end -%> -<% ips = Array(@modsec_disable_ips).join(',') %> -<% if ips != '' %> - SecRule REMOTE_ADDR "<%= ips %>" "nolog,allow,id:1234123455" - SecAction "phase:2,pass,nolog,id:1234123456" -<% end -%> -<% if @_modsec_disable_msgs.is_a?(Hash) -%> -<% @_modsec_disable_msgs.each do |location,rules| -%> - > -<% Array(rules).each do |rule| -%> - SecRuleRemoveByMsg "<%= rule %>" -<% end -%> - -<% end -%> -<% end -%> -<% if @_modsec_disable_tags.is_a?(Hash) -%> -<% @_modsec_disable_tags.each do |location,rules| -%> - > -<% Array(rules).each do |rule| -%> - SecRuleRemoveByTag "<%= rule %>" -<% end -%> - -<% end -%> -<% end -%> -<% if @modsec_body_limit -%> - SecRequestBodyLimit <%= @modsec_body_limit %> -<% end -%> -<% if @serveraliases and ! @serveraliases.empty? -%> + ErrorLog <%= @settings['log_dir_path']) %>/<%= @options['name'] %>-error_log + CustomLog <%= @settings['log_dir_path']) %>/<%= @options['name'] %>-access_log common - ## Server aliases - <%- Array(@serveraliases).each do |serveralias| -%> - ServerAlias <%= serveralias %> - <%- end -%> +<% if @options['directory_options'] != "" || @options['directory_allow_override'] != "None" -%> + > + <% if @options['directory_options'] != "" -%> + Options <%= @options['directory_options'] %> + <% end -%> + <% if @options['directory_allow_override'] != "None" -%> + AllowOverride <%= @options['directory_allow_override'] %> + <% end -%> + <% end -%> - ServerSignature Off -<% if @setenv and ! @setenv.empty? -%> - ## SetEnv/SetEnvIf for environment variables - <%- Array(@setenv).each do |envvar| -%> - SetEnv <%= envvar %> - <%- end -%> -<% end -%> -<% if @setenvif and ! @setenvif.empty? -%> - <%- Array(@setenvif).each do |envifvar| -%> - SetEnvIf <%= envifvar %> - <%- end -%> +<% if @options['aliases'] != "" -%> +<% if @options['aliases'].is_a? Array -%> +<% aliases.each do |singlealias| %> + Alias <%= singlealias %> <% end -%> -<% if @setenvifnocase and ! @setenvifnocase.empty? -%> - <%- Array(@setenvifnocase).each do |envifncvar| -%> - SetEnvIfNoCase <%= envifncvar %> - <%- end -%> +<% else -%> + Alias <%= @options['aliases'] %> <% end -%> -<% if @ssl -%> - - ## SSL directives - SSLEngine on - SSLCertificateFile "<%= @ssl_cert %>" - SSLCertificateKeyFile "<%= @ssl_key %>" - <%- if @ssl_chain -%> - SSLCertificateChainFile "<%= @ssl_chain %>" - <%- end -%> - <%- if @ssl_certs_dir && @ssl_certs_dir != '' -%> - SSLCACertificatePath "<%= @ssl_certs_dir %>" - <%- end -%> - <%- if @ssl_ca -%> - SSLCACertificateFile "<%= @ssl_ca %>" - <%- end -%> - <%- if @ssl_crl_path -%> - SSLCARevocationPath "<%= @ssl_crl_path %>" - <%- end -%> - <%- if @ssl_crl -%> - SSLCARevocationFile "<%= @ssl_crl %>" - <%- end -%> - <%- if @ssl_crl_check && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> - SSLCARevocationCheck "<%= @ssl_crl_check %>" - <%- end -%> - <%- if @ssl_protocol -%> - SSLProtocol <%= [@ssl_protocol].flatten.compact.join(' ') %> - <%- end -%> - <%- if @ssl_cipher -%> - SSLCipherSuite <%= @ssl_cipher %> - <%- end -%> - <%- if @ssl_honorcipherorder -%> - SSLHonorCipherOrder <%= @ssl_honorcipherorder %> - <%- end -%> - <%- if @ssl_verify_client -%> - SSLVerifyClient <%= @ssl_verify_client %> - <%- end -%> - <%- if @ssl_verify_depth -%> - SSLVerifyDepth <%= @ssl_verify_depth %> - <%- end -%> - <%- if @ssl_options -%> - SSLOptions <%= Array(@ssl_options).join(' ') %> - <%- end -%> - <%- if @ssl_openssl_conf_cmd -%> - SSLOpenSSLConfCmd <%= @ssl_openssl_conf_cmd %> - <%- end -%> <% end -%> -<% if @ssl_proxyengine -%> - - # SSL Proxy directives - SSLProxyEngine On - <%- if @ssl_proxy_verify -%> - SSLProxyVerify <%= @ssl_proxy_verify %> - <%- end -%> - <%- if @ssl_proxy_check_peer_cn -%> - SSLProxyCheckPeerCN <%= @ssl_proxy_check_peer_cn %> - <%- end -%> - <%- if @ssl_proxy_check_peer_name -%> - SSLProxyCheckPeerName <%= @ssl_proxy_check_peer_name %> - <%- end -%> - <%- if @ssl_proxy_check_peer_expire -%> - SSLProxyCheckPeerExpire <%= @ssl_proxy_check_peer_expire %> - <%- end -%> - <%- if @ssl_proxy_machine_cert -%> - SSLProxyMachineCertificateFile "<%= @ssl_proxy_machine_cert %>" - <%- end -%> - <%- if @ssl_proxy_protocol -%> - SSLProxyProtocol <%= [@ssl_proxy_protocol].flatten.compact.join(' ') %> - <%- end -%> -<% end -%> -<% if @suexec_user_group -%> + - SuexecUserGroup <%= @suexec_user_group %> -<% end -%> -<% if @suphp_engine == 'on' -%> - <%- if @suphp_addhandler -%> - suPHP_AddHandler <%= @suphp_addhandler %> - <%- end -%> - <%- if @suphp_engine -%> - suPHP_Engine <%= @suphp_engine %> - <%- end -%> - <%- if @suphp_configpath -%> - suPHP_ConfigPath "<%= @suphp_configpath %>" - <%- end -%> -<% end -%> -<% if @wsgi_application_group -%> - WSGIApplicationGroup <%= @wsgi_application_group %> -<% end -%> -<% if @wsgi_daemon_process and @wsgi_daemon_process_options -%> - WSGIDaemonProcess <%= @wsgi_daemon_process %> <%= @wsgi_daemon_process_options.collect { |k,v| "#{k}=#{v}"}.sort.join(' ') %> -<% elsif @wsgi_daemon_process and !@wsgi_daemon_process_options -%> - WSGIDaemonProcess <%= @wsgi_daemon_process %> -<% end -%> -<% if @wsgi_import_script and @wsgi_import_script_options -%> - WSGIImportScript <%= @wsgi_import_script %> <%= @wsgi_import_script_options.collect { |k,v| "#{k}=#{v}"}.sort.join(' ') %> -<% end -%> -<% if @wsgi_process_group -%> - WSGIProcessGroup <%= @wsgi_process_group %> -<% end -%> -<% if @wsgi_script_aliases and ! @wsgi_script_aliases.empty? -%> - <%- @wsgi_script_aliases.keys.sort.each do |key| -%> - <%- if key != '' and @wsgi_script_aliases[key] != ''-%> - WSGIScriptAlias <%= key %> "<%= @wsgi_script_aliases[key] %>" - <%- end -%> - <%- end -%> -<% end -%> -<% if @wsgi_pass_authorization -%> - WSGIPassAuthorization <%= @wsgi_pass_authorization %> -<% end -%> -<% if @wsgi_chunked_request -%> - WSGIChunkedRequest <%= @wsgi_chunked_request %> -<% end -%> From e234b38de28a9d8d522aeb4c88cf41f620c2f6e1 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Fri, 29 Apr 2016 09:14:36 +0200 Subject: [PATCH 09/19] Quick dotconf replacement --- manifests/dotconf.pp | 23 +++++++++++++++++++++++ manifests/profile/loadbalancer.pp | 3 ++- 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 manifests/dotconf.pp diff --git a/manifests/dotconf.pp b/manifests/dotconf.pp new file mode 100644 index 0000000..0109191 --- /dev/null +++ b/manifests/dotconf.pp @@ -0,0 +1,23 @@ +define apache::dotconf ( + Variant[Boolean,String] $ensure = present, + + Variant[Undef,String] $source = undef, + Variant[Undef,String] $template = undef, + Variant[Undef,String] $epp = undef, + Variant[Undef,String] $content = undef, + + Hash $options = { }, + Hash $settings = { }, +) { + + tp::conf { "apache::${title}": + base_dir => 'conf', + template => $template, + epp => $epp, + content => $content, + source => $source, + options_hash => $options + $::apache::options, + data_module => pick_default($::apache::data_module, 'apache'), + } + +} diff --git a/manifests/profile/loadbalancer.pp b/manifests/profile/loadbalancer.pp index 3144f2c..2dc1565 100644 --- a/manifests/profile/loadbalancer.pp +++ b/manifests/profile/loadbalancer.pp @@ -6,7 +6,8 @@ tp::conf { 'apache::loadbalancer.conf': base_dir => 'conf', template => $template, - options_hash => pick_default($options,$::apache::options, { ), + options_hash => $options + $::apache::options, data_module => pick_default($::apache::data_module, 'apache'), } + } From 1ddd943e9d19ff7894e5d9c54fa5cfd7a5bd007a Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Fri, 29 Apr 2016 09:47:01 +0200 Subject: [PATCH 10/19] Quick module example. Nothing tested --- data/apache/default.yaml | 1 + data/apache/osfamily/Debian.yaml | 2 +- data/apache/osfamily/Suse.yaml | 1 + manifests/module.pp | 69 ++++++++++++++++++++++++++++++++ 4 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 manifests/module.pp diff --git a/data/apache/default.yaml b/data/apache/default.yaml index b29205c..688651f 100644 --- a/data/apache/default.yaml +++ b/data/apache/default.yaml @@ -14,6 +14,7 @@ process_name: 'httpd' process_user: 'apache' process_group: 'apache' + modpackage_prefix: 'mod_' apache::options::init: diff --git a/data/apache/osfamily/Debian.yaml b/data/apache/osfamily/Debian.yaml index a99762d..b6a891c 100644 --- a/data/apache/osfamily/Debian.yaml +++ b/data/apache/osfamily/Debian.yaml @@ -18,4 +18,4 @@ process_name: 'apache2' process_user: 'www-data' process_group: 'www-data' - + modpackage_prefix: 'libapache2-mod-' diff --git a/data/apache/osfamily/Suse.yaml b/data/apache/osfamily/Suse.yaml index 970d3c8..738dda8 100644 --- a/data/apache/osfamily/Suse.yaml +++ b/data/apache/osfamily/Suse.yaml @@ -13,6 +13,7 @@ process_name: 'httpd2-prefork' process_user: 'wwwrun' process_group: 'wwwrun' + modpackage_prefix: 'apache2-mod_' apache::options::config: diff --git a/manifests/module.pp b/manifests/module.pp new file mode 100644 index 0000000..235eb81 --- /dev/null +++ b/manifests/module.pp @@ -0,0 +1,69 @@ +define apache::module ( + Variant[Boolean,String] $ensure = present, + + Variant[Undef,String] $template = undef, + Hash $options = { }, + + Boolean $package_install = false, + String[1] $package_name = false, +) { + + include ::apache + + if $template { + tp::conf { "apache::module::${title}": + base_dir => 'mod', + template => $template, + options_hash => $options + $::apache::options, + data_module => $::apache::data_module, + settings => $::apache::module_settings, + } + } + + if $install_package { + $real_package_name = $install_package ? { + true => "${::apache::settings['modpackage_prefix']}${name}", + default => $install_package, + } + + package { $real_package_name: + ensure => $ensure, + } + } + + if $::osfamily == 'Debian' { + case $ensure { + 'present': { + + $exec_a2enmod_subscribe = $install_package ? { + false => undef, + default => Package[$real_package_name] + } + $exec_a2dismode_before = $install_package ? { + false => undef, + default => Package[$real_package_name] + } + + exec { "/usr/sbin/a2enmod ${name}": + unless => "/bin/sh -c '[ -L ${::apache::settings['config_dir_path']}/mods-enabled/${name}.load ] && [ ${::apache::settings['config_dir_path']}/mods-enabled/${name}.load -ef ${::apache::settings['config_dir_path']}/mods-available/${name}.load ]'", + # notify => $manage_service_autorestart, + # require => Package['apache'], + subscribe => $exec_a2enmod_subscribe, + } + } + 'absent': { + exec { "/usr/sbin/a2dismod ${name}": + onlyif => "/bin/sh -c '[ -L ${::apache::settings['config_dir_path']}/mods-enabled/${name}.load ] && [ ${::apache::settings['config_dir_path']}/mods-enabled/${name}.load -ef ${::apache::settings['config_dir_path']}/mods-available/${name}.load ]'", + # notify => $manage_service_autorestart, + # require => Package['apache'], + before => $exec_a2dismode_before, + } + } + default: { + } + } + } + + + +} From 16ea1938ffc685f0f5a2987f7e5661f8556cdb62 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Fri, 29 Apr 2016 09:47:32 +0200 Subject: [PATCH 11/19] Centralised data entrypoint for data_module and settings --- manifests/dotconf.pp | 9 ++++++--- manifests/init.pp | 5 ++++- manifests/profile/loadbalancer.pp | 11 +++++++---- manifests/vhost.pp | 9 +++++---- 4 files changed, 22 insertions(+), 12 deletions(-) diff --git a/manifests/dotconf.pp b/manifests/dotconf.pp index 0109191..c65f75e 100644 --- a/manifests/dotconf.pp +++ b/manifests/dotconf.pp @@ -7,17 +7,20 @@ Variant[Undef,String] $content = undef, Hash $options = { }, - Hash $settings = { }, + ) { + include ::apache + tp::conf { "apache::${title}": base_dir => 'conf', template => $template, epp => $epp, content => $content, source => $source, - options_hash => $options + $::apache::options, - data_module => pick_default($::apache::data_module, 'apache'), + options_hash => $::apache::options + $options, + data_module => $::apache::data_module, + settings => $::apache::module_settings, } } diff --git a/manifests/init.pp b/manifests/init.pp index 0a0777a..1d8e078 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -14,9 +14,12 @@ ) { + $tp_settings = tp_lookup('apache','settings',$data_module,'merge') + $module_settings = $tp_settings + $settings + tp::install { 'apache': options_hash => $options, - settings_hash => $settings, + settings_hash => $module_settings, data_module => $data_module, conf_hash => $confs, dir_hash => $dirs, diff --git a/manifests/profile/loadbalancer.pp b/manifests/profile/loadbalancer.pp index 2dc1565..8c4abb8 100644 --- a/manifests/profile/loadbalancer.pp +++ b/manifests/profile/loadbalancer.pp @@ -3,11 +3,14 @@ String[1] $template = 'apache/profile/loadbalancer/loadbalancer.conf.erb', ) { + include apache + tp::conf { 'apache::loadbalancer.conf': - base_dir => 'conf', - template => $template, - options_hash => $options + $::apache::options, - data_module => pick_default($::apache::data_module, 'apache'), + base_dir => 'conf', + template => $template, + options_hash => $::apache::options + $options, + data_module => $::apache::data_module, + settings_hash => $::apache::module_settings, } } diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 22c6b65..db516e5 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -4,15 +4,16 @@ String[1] $template = 'apache/vhost/vhost.conf.erb', Hash $options = { }, - Hash $settings = { }, - String[1] $data_module = 'apache', ) { + include ::apache + tp::conf { "apache::${title}": base_dir => 'vhost', template => $template, - options_hash => $options + $::apache::options, - data_module => pick_default($::apache::data_module, $data_module), + options_hash => $::apache::options + $options, + data_module => $::apache::data_module, + settings => $::apache::module_settings, } } From 28f91066380c8dd873a229e9f12bdadd53d1d440 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Fri, 29 Apr 2016 14:28:31 +0200 Subject: [PATCH 12/19] Added sample passenger profile --- data/apache/default.yaml | 1 + data/apache/osfamily/Debian.yaml | 1 + manifests/profile/passenger.pp | 33 ++++++++++++++++++++++++++++++++ 3 files changed, 35 insertions(+) create mode 100644 manifests/profile/passenger.pp diff --git a/data/apache/default.yaml b/data/apache/default.yaml index 688651f..1441526 100644 --- a/data/apache/default.yaml +++ b/data/apache/default.yaml @@ -15,6 +15,7 @@ process_user: 'apache' process_group: 'apache' modpackage_prefix: 'mod_' + passenger_package_name: 'mod_passenger' apache::options::init: diff --git a/data/apache/osfamily/Debian.yaml b/data/apache/osfamily/Debian.yaml index b6a891c..c23df23 100644 --- a/data/apache/osfamily/Debian.yaml +++ b/data/apache/osfamily/Debian.yaml @@ -18,4 +18,5 @@ process_name: 'apache2' process_user: 'www-data' process_group: 'www-data' + passenger_package_name: 'libapache2-mod-passenger' modpackage_prefix: 'libapache2-mod-' diff --git a/manifests/profile/passenger.pp b/manifests/profile/passenger.pp new file mode 100644 index 0000000..9e0799a --- /dev/null +++ b/manifests/profile/passenger.pp @@ -0,0 +1,33 @@ +class apache::profile::passenger ( + Variant[Boolean,String] $ensure = present, + Hash $options = { }, + String[1] $template = 'apache/profile/passenger/passenger.conf.erb', +) { + + include apache + + tp::conf { 'apache::passenger': + base_dir => 'conf', + template => $template, + options_hash => $::apache::options + $options, + data_module => $::apache::data_module, + settings_hash => $::apache::module_settings, + } + + package { $::apache::module_settings['passenger_package_name']: + ensure => $ensure, + } + + if $::osfamily == 'Debian' { + exec { 'enable-passenger': + command => '/usr/sbin/a2enmod passenger', + creates => '/etc/apache2/mods-enabled/passenger.load', + notify => $::apache::module_settings['service_name'], + require => [ + $::apache::module_settings['package_name'], + $::apache::module_settings['passenger_package_name'] + ], + } + } + +} From 9b24543cf4fe37c5603d4a6675307bf889280bcd Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Fri, 29 Apr 2016 15:03:47 +0200 Subject: [PATCH 13/19] Centralised management of service behaviour on change --- manifests/dotconf.pp | 17 +++++++++-------- manifests/init.pp | 4 ++++ manifests/module.pp | 11 ++++++----- manifests/profile/passenger.pp | 11 ++++++----- manifests/vhost.pp | 11 ++++++----- 5 files changed, 31 insertions(+), 23 deletions(-) diff --git a/manifests/dotconf.pp b/manifests/dotconf.pp index c65f75e..b4443ce 100644 --- a/manifests/dotconf.pp +++ b/manifests/dotconf.pp @@ -13,14 +13,15 @@ include ::apache tp::conf { "apache::${title}": - base_dir => 'conf', - template => $template, - epp => $epp, - content => $content, - source => $source, - options_hash => $::apache::options + $options, - data_module => $::apache::data_module, - settings => $::apache::module_settings, + base_dir => 'conf', + template => $template, + epp => $epp, + content => $content, + source => $source, + options_hash => $::apache::options + $options, + data_module => $::apache::data_module, + settings => $::apache::module_settings, + config_file_notify => $::apache::service_autorestart, } } diff --git a/manifests/init.pp b/manifests/init.pp index 1d8e078..fa92341 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -12,6 +12,9 @@ String[1] $data_module = 'apache', + Boolean $service_autorestart = true, + Boolean $auto_conf = false, + ) { $tp_settings = tp_lookup('apache','settings',$data_module,'merge') @@ -23,6 +26,7 @@ data_module => $data_module, conf_hash => $confs, dir_hash => $dirs, + auto_conf => $auto_conf, } if $profiles != [] { diff --git a/manifests/module.pp b/manifests/module.pp index 235eb81..762eeec 100644 --- a/manifests/module.pp +++ b/manifests/module.pp @@ -12,11 +12,12 @@ if $template { tp::conf { "apache::module::${title}": - base_dir => 'mod', - template => $template, - options_hash => $options + $::apache::options, - data_module => $::apache::data_module, - settings => $::apache::module_settings, + base_dir => 'mod', + template => $template, + options_hash => $::apache::options + $options, + data_module => $::apache::data_module, + settings => $::apache::module_settings, + config_file_notify => $::apache::service_autorestart, } } diff --git a/manifests/profile/passenger.pp b/manifests/profile/passenger.pp index 9e0799a..346ecf1 100644 --- a/manifests/profile/passenger.pp +++ b/manifests/profile/passenger.pp @@ -7,11 +7,12 @@ include apache tp::conf { 'apache::passenger': - base_dir => 'conf', - template => $template, - options_hash => $::apache::options + $options, - data_module => $::apache::data_module, - settings_hash => $::apache::module_settings, + base_dir => 'conf', + template => $template, + options_hash => $::apache::options + $options, + data_module => $::apache::data_module, + settings_hash => $::apache::module_settings, + config_file_notify => $::apache::service_autorestart, } package { $::apache::module_settings['passenger_package_name']: diff --git a/manifests/vhost.pp b/manifests/vhost.pp index db516e5..7c6b917 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -9,11 +9,12 @@ include ::apache tp::conf { "apache::${title}": - base_dir => 'vhost', - template => $template, - options_hash => $::apache::options + $options, - data_module => $::apache::data_module, - settings => $::apache::module_settings, + base_dir => 'vhost', + template => $template, + options_hash => $::apache::options + $options, + data_module => $::apache::data_module, + settings => $::apache::module_settings, + config_file_notify => $::apache::service_autorestart, } } From 55d03c6f9637255b702b4377ec04788a4626de97 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Fri, 29 Apr 2016 15:04:48 +0200 Subject: [PATCH 14/19] Added metadata files from garethr skeleton --- .fixtures.yml | 10 +- .rspec | 2 + .rubocop.yml | 480 ++++++++++++++++++++++++++++++++++++++++++++ .travis.yml | 10 +- .yardopts | 1 + Gemfile | 42 ++-- Rakefile | 63 +++++- spec/spec_helper.rb | 1 - 8 files changed, 579 insertions(+), 30 deletions(-) create mode 100644 .rspec create mode 100644 .rubocop.yml create mode 100644 .yardopts delete mode 100644 spec/spec_helper.rb diff --git a/.fixtures.yml b/.fixtures.yml index 4338bcc..b135ea4 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,11 +1,7 @@ fixtures: repositories: - "puppi": "https://github.com/example42/puppi.git" - "monitor": "https://github.com/example42/puppet-monitor.git" - "firewall": "https://github.com/example42/puppet-firewall.git" - "iptables": "https://github.com/example42/puppet-iptables.git" - "concat": "https://github.com/example42/puppet-concat.git" - "stdlib": "https://github.com/puppetlabs/puppetlabs-stdlib" + tp: "https://github.com/example42/puppet-tp" + stdlib: "https://github.com/puppetlabs/puppetlabs-stdlib" symlinks: - "apache": "#{source_dir}" + apache: "#{source_dir}" diff --git a/.rspec b/.rspec new file mode 100644 index 0000000..8c18f1a --- /dev/null +++ b/.rspec @@ -0,0 +1,2 @@ +--format documentation +--color diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 0000000..e4d810a --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,480 @@ +AllCops: + Exclude: + # Ignore HTML related things + - '**/*.erb' + # Ignore vendored gems + - 'vendor/**/*' + # Ignore code from test fixtures + - 'spec/fixtures/**/*' + +Lint/ConditionPosition: + Enabled: true + +Lint/ElseLayout: + Enabled: true + +Lint/UnreachableCode: + Enabled: true + +Lint/UselessComparison: + Enabled: true + +Lint/EnsureReturn: + Enabled: true + +Lint/HandleExceptions: + Enabled: true + +Lint/LiteralInCondition: + Enabled: true + +Lint/ShadowingOuterLocalVariable: + Enabled: true + +Lint/LiteralInInterpolation: + Enabled: true + +Style/RedundantReturn: + Enabled: true + +Lint/AmbiguousOperator: + Enabled: true + +Lint/AssignmentInCondition: + Enabled: true + +Style/SpaceBeforeComment: + Enabled: true + +# DISABLED - not useful +Style/HashSyntax: + Enabled: false + +# USES: as shortcut for non nil&valid checking a = x() and a.empty? +# DISABLED - not useful +Style/AndOr: + Enabled: false + +# DISABLED - not useful +Style/RedundantSelf: + Enabled: false + +# DISABLED - not useful +Metrics/MethodLength: + Enabled: false + +# DISABLED - not useful +Style/WhileUntilModifier: + Enabled: false + +# DISABLED - the offender is just haskell envy +Lint/AmbiguousRegexpLiteral: + Enabled: false + +# DISABLED +Lint/Eval: + Enabled: false + +# DISABLED +Lint/BlockAlignment: + Enabled: false + +# DISABLED +Lint/DefEndAlignment: + Enabled: false + +# DISABLED +Lint/EndAlignment: + Enabled: false + +# DISABLED +Lint/DeprecatedClassMethods: + Enabled: false + +# DISABLED +Lint/Loop: + Enabled: false + +# DISABLED +Lint/ParenthesesAsGroupedExpression: + Enabled: false + +Lint/RescueException: + Enabled: false + +Lint/StringConversionInInterpolation: + Enabled: false + +Lint/UnusedBlockArgument: + Enabled: false + +Lint/UnusedMethodArgument: + Enabled: false + +Lint/UselessAccessModifier: + Enabled: true + +Lint/UselessAssignment: + Enabled: true + +Lint/Void: + Enabled: true + +Style/AccessModifierIndentation: + Enabled: false + +Style/AccessorMethodName: + Enabled: false + +Style/Alias: + Enabled: false + +Style/AlignArray: + Enabled: false + +Style/AlignHash: + Enabled: false + +Style/AlignParameters: + Enabled: false + +Metrics/BlockNesting: + Enabled: false + +Style/AsciiComments: + Enabled: false + +Style/Attr: + Enabled: false + +Style/BracesAroundHashParameters: + Enabled: false + +Style/CaseEquality: + Enabled: false + +Style/CaseIndentation: + Enabled: false + +Style/CharacterLiteral: + Enabled: false + +Style/ClassAndModuleCamelCase: + Enabled: false + +Style/ClassAndModuleChildren: + Enabled: false + +Style/ClassCheck: + Enabled: false + +Metrics/ClassLength: + Enabled: false + +Style/ClassMethods: + Enabled: false + +Style/ClassVars: + Enabled: false + +Style/WhenThen: + Enabled: false + +# DISABLED - not useful +Style/WordArray: + Enabled: false + +Style/UnneededPercentQ: + Enabled: false + +Style/Tab: + Enabled: false + +Style/SpaceBeforeSemicolon: + Enabled: false + +Style/TrailingBlankLines: + Enabled: false + +Style/SpaceInsideBlockBraces: + Enabled: false + +Style/SpaceInsideBrackets: + Enabled: false + +Style/SpaceInsideHashLiteralBraces: + Enabled: false + +Style/SpaceInsideParens: + Enabled: false + +Style/LeadingCommentSpace: + Enabled: false + +Style/SingleSpaceBeforeFirstArg: + Enabled: false + +Style/SpaceAfterColon: + Enabled: false + +Style/SpaceAfterComma: + Enabled: false + +Style/SpaceAfterControlKeyword: + Enabled: false + +Style/SpaceAfterMethodName: + Enabled: false + +Style/SpaceAfterNot: + Enabled: false + +Style/SpaceAfterSemicolon: + Enabled: false + +Style/SpaceAroundEqualsInParameterDefault: + Enabled: false + +Style/SpaceAroundOperators: + Enabled: false + +Style/SpaceBeforeBlockBraces: + Enabled: false + +Style/SpaceBeforeComma: + Enabled: false + +Style/CollectionMethods: + Enabled: false + +Style/CommentIndentation: + Enabled: false + +Style/ColonMethodCall: + Enabled: false + +Style/CommentAnnotation: + Enabled: false + +Metrics/CyclomaticComplexity: + Enabled: false + +Style/ConstantName: + Enabled: false + +Style/Documentation: + Enabled: false + +Style/DefWithParentheses: + Enabled: false + +Style/DeprecatedHashMethods: + Enabled: false + +Style/DotPosition: + Enabled: false + +# DISABLED - used for converting to bool +Style/DoubleNegation: + Enabled: false + +Style/EachWithObject: + Enabled: false + +Style/EmptyLineBetweenDefs: + Enabled: false + +Style/IndentArray: + Enabled: false + +Style/IndentHash: + Enabled: false + +Style/IndentationConsistency: + Enabled: false + +Style/IndentationWidth: + Enabled: false + +Style/EmptyLines: + Enabled: false + +Style/EmptyLinesAroundAccessModifier: + Enabled: false + +Style/EmptyLiteral: + Enabled: false + +Metrics/LineLength: + Enabled: false + +Style/MethodCallParentheses: + Enabled: false + +Style/MethodDefParentheses: + Enabled: false + +Style/LineEndConcatenation: + Enabled: false + +Style/TrailingWhitespace: + Enabled: false + +Style/StringLiterals: + Enabled: false + +Style/TrailingComma: + Enabled: false + +Style/GlobalVars: + Enabled: false + +Style/GuardClause: + Enabled: false + +Style/IfUnlessModifier: + Enabled: false + +Style/MultilineIfThen: + Enabled: false + +Style/NegatedIf: + Enabled: false + +Style/NegatedWhile: + Enabled: false + +Style/Next: + Enabled: false + +Style/SingleLineBlockParams: + Enabled: false + +Style/SingleLineMethods: + Enabled: false + +Style/SpecialGlobalVars: + Enabled: false + +Style/TrivialAccessors: + Enabled: false + +Style/UnlessElse: + Enabled: false + +Style/VariableInterpolation: + Enabled: false + +Style/VariableName: + Enabled: false + +Style/WhileUntilDo: + Enabled: false + +Style/EvenOdd: + Enabled: false + +Style/FileName: + Enabled: false + +Style/For: + Enabled: false + +Style/Lambda: + Enabled: false + +Style/MethodName: + Enabled: false + +Style/MultilineTernaryOperator: + Enabled: false + +Style/NestedTernaryOperator: + Enabled: false + +Style/NilComparison: + Enabled: false + +Style/FormatString: + Enabled: false + +Style/MultilineBlockChain: + Enabled: false + +Style/Semicolon: + Enabled: false + +Style/SignalException: + Enabled: false + +Style/NonNilCheck: + Enabled: false + +Style/Not: + Enabled: false + +Style/NumericLiterals: + Enabled: false + +Style/OneLineConditional: + Enabled: false + +Style/OpMethod: + Enabled: false + +Style/ParenthesesAroundCondition: + Enabled: false + +Style/PercentLiteralDelimiters: + Enabled: false + +Style/PerlBackrefs: + Enabled: false + +Style/PredicateName: + Enabled: false + +Style/RedundantException: + Enabled: false + +Style/SelfAssignment: + Enabled: false + +Style/Proc: + Enabled: false + +Style/RaiseArgs: + Enabled: false + +Style/RedundantBegin: + Enabled: false + +Style/RescueModifier: + Enabled: false + +Style/RegexpLiteral: + Enabled: false + +Lint/UnderscorePrefixedVariableName: + Enabled: false + +Metrics/ParameterLists: + Enabled: false + +Lint/RequireParentheses: + Enabled: false + +Lint/SpaceBeforeFirstArg: + Enabled: false + +Style/ModuleFunction: + Enabled: false + +Lint/Debugger: + Enabled: false + +Style/IfWithSemicolon: + Enabled: false + +Style/Encoding: + Enabled: false diff --git a/.travis.yml b/.travis.yml index a319f1f..701454f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,8 @@ +--- +sudo: false language: ruby -bundler_args: --without development +bundler_args: --without development system_tests +before_install: rm Gemfile.lock || true rvm: - 1.8.7 - 1.9.3 @@ -10,13 +13,12 @@ script: - "bundle exec rake validate lint spec SPEC_OPTS='--format documentation'" env: - PUPPET_VERSION="~> 2.7.0" - - PUPPET_VERSION="~> 3.1.0" - PUPPET_VERSION="~> 3.2.0" - PUPPET_VERSION="~> 3.3.0" - PUPPET_VERSION="~> 3.4.0" - PUPPET_VERSION="~> 3.5.0" - PUPPET_VERSION="~> 3.6.0" - - PUPPET_VERSION="~> 3.7.0" + - PUPPET_VERSION="~> 3.7.0" STRICT_VARIABLES=yes - PUPPET_VERSION="~> 4.2" matrix: exclude: @@ -49,4 +51,4 @@ matrix: sudo: false notifications: email: - - al@lab42.it + - info@example42.com diff --git a/.yardopts b/.yardopts new file mode 100644 index 0000000..29c933b --- /dev/null +++ b/.yardopts @@ -0,0 +1 @@ +--markup markdown diff --git a/Gemfile b/Gemfile index f8ddad5..1b6a039 100644 --- a/Gemfile +++ b/Gemfile @@ -1,18 +1,36 @@ -source 'https://rubygems.org' +source ENV['GEM_SOURCE'] || "https://rubygems.org" -puppetversion = ENV['PUPPET_VERSION'] +group :test do + gem "rake" + gem "puppet", ENV['PUPPET_GEM_VERSION'] || '~> 3.8.0' + gem "rspec", '< 3.2.0' + gem "rspec-puppet", :git => 'https://github.com/rodjek/rspec-puppet.git' + gem "puppetlabs_spec_helper" + gem "metadata-json-lint" + gem "rspec-puppet-facts" + gem 'rubocop', '0.33.0' + gem 'simplecov', '>= 0.11.0' + gem 'simplecov-console' -is_ruby18 = RUBY_VERSION.start_with? '1.8' - -if is_ruby18 - gem 'rspec', "~> 3.1.0", :require => false + gem "puppet-lint-absolute_classname-check" + gem "puppet-lint-leading_zero-check" + gem "puppet-lint-trailing_comma-check" + gem "puppet-lint-version_comparison-check" + gem "puppet-lint-classes_and_types_beginning_with_digits-check" + gem "puppet-lint-unquoted_string-check" + gem 'puppet-lint-resource_reference_syntax' end -gem 'puppet', puppetversion, :require => false -gem 'puppet-lint' -gem 'puppetlabs_spec_helper', '>= 0.1.0' -gem 'rspec-puppet' -gem 'metadata-json-lint' group :development do - gem 'puppet-blacksmith' + gem "travis" + gem "travis-lint" + gem "puppet-blacksmith" + gem "guard-rake" +end + +group :system_tests do + gem "beaker" + gem "beaker-rspec" + gem "beaker-puppet_install_helper" end + diff --git a/Rakefile b/Rakefile index d7a2a69..f96b21f 100644 --- a/Rakefile +++ b/Rakefile @@ -1,12 +1,63 @@ require 'rubygems' +require 'bundler/setup' + require 'puppetlabs_spec_helper/rake_tasks' -require 'puppet-lint' -PuppetLint.configuration.send("disable_80chars") -PuppetLint.configuration.send('disable_class_parameter_defaults') +require 'puppet/version' +require 'puppet/vendor/semantic/lib/semantic' unless Puppet.version.to_f < 3.6 +require 'puppet-lint/tasks/puppet-lint' +require 'puppet-syntax/tasks/puppet-syntax' +require 'metadata-json-lint/rake_task' +require 'rubocop/rake_task' -# Blacksmith +# These gems aren't always present, for instance +# on Travis with --without development begin require 'puppet_blacksmith/rake_tasks' -rescue LoadError - puts "Blacksmith needed only to push to the Forge" +rescue LoadError # rubocop:disable Lint/HandleExceptions +end + +RuboCop::RakeTask.new + +exclude_paths = [ + "bundle/**/*", + "pkg/**/*", + "vendor/**/*", + "spec/**/*", +] + +# Coverage from puppetlabs-spec-helper requires rcov which +# doesn't work in anything since 1.8.7 +Rake::Task[:coverage].clear + +Rake::Task[:lint].clear + +PuppetLint.configuration.relative = true +PuppetLint.configuration.disable_80chars +PuppetLint.configuration.disable_class_inherits_from_params_class +PuppetLint.configuration.disable_class_parameter_defaults +PuppetLint.configuration.fail_on_warnings = true + +PuppetLint::RakeTask.new :lint do |config| + config.ignore_paths = exclude_paths +end + +PuppetSyntax.exclude_paths = exclude_paths + +desc "Run acceptance tests" +RSpec::Core::RakeTask.new(:acceptance) do |t| + t.pattern = 'spec/acceptance' end + +desc "Populate CONTRIBUTORS file" +task :contributors do + system("git log --format='%aN' | sort -u > CONTRIBUTORS") +end + +desc "Run syntax, lint, and spec tests." +task :test => [ + :metadata_lint, + :syntax, + :lint, + :rubocop, + :spec, +] diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb deleted file mode 100644 index 2c6f566..0000000 --- a/spec/spec_helper.rb +++ /dev/null @@ -1 +0,0 @@ -require 'puppetlabs_spec_helper/module_spec_helper' From 26d19c7c5ec822838eef9e46256cd3406e07bad8 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Sun, 1 May 2016 12:10:30 +0200 Subject: [PATCH 15/19] Fixed and finally tested to code --- manifests/init.pp | 7 ++++++- manifests/module.pp | 32 ++++++++++++++++---------------- manifests/profile/passenger.pp | 22 ++++++++++++---------- manifests/profile/ssl.pp | 15 +++++++++++++++ 4 files changed, 49 insertions(+), 27 deletions(-) create mode 100644 manifests/profile/ssl.pp diff --git a/manifests/init.pp b/manifests/init.pp index fa92341..ca2f7a9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -19,6 +19,11 @@ $tp_settings = tp_lookup('apache','settings',$data_module,'merge') $module_settings = $tp_settings + $settings + if $module_settings['service_name'] and $service_autorestart { + $service_notify = "Service[${module_settings['service_name']}]" + } else { + $service_notify = undef + } tp::install { 'apache': options_hash => $options, @@ -31,7 +36,7 @@ if $profiles != [] { $profiles.each |$kl| { - include $kl + include "::apache::profile::${kl}" } } diff --git a/manifests/module.pp b/manifests/module.pp index 762eeec..165e135 100644 --- a/manifests/module.pp +++ b/manifests/module.pp @@ -1,11 +1,11 @@ define apache::module ( - Variant[Boolean,String] $ensure = present, + Variant[Boolean,String] $ensure = present, - Variant[Undef,String] $template = undef, - Hash $options = { }, + Variant[Undef,String] $template = undef, + Hash $options = { }, - Boolean $package_install = false, - String[1] $package_name = false, + Boolean $package_install = false, + Variant[Boolean,String[1]] $package_name = false, ) { include ::apache @@ -21,14 +21,15 @@ } } - if $install_package { - $real_package_name = $install_package ? { - true => "${::apache::settings['modpackage_prefix']}${name}", - default => $install_package, + if $package_install { + $real_package_name = $package_install ? { + true => "${::apache::module_settings['modpackage_prefix']}${name}", + default => $package_install, } package { $real_package_name: ensure => $ensure, + notify => $::apache::service_notify, } } @@ -36,27 +37,26 @@ case $ensure { 'present': { - $exec_a2enmod_subscribe = $install_package ? { + $exec_a2enmod_subscribe = $package_install ? { false => undef, default => Package[$real_package_name] } - $exec_a2dismode_before = $install_package ? { + $exec_a2dismode_before = $package_install ? { false => undef, default => Package[$real_package_name] } exec { "/usr/sbin/a2enmod ${name}": unless => "/bin/sh -c '[ -L ${::apache::settings['config_dir_path']}/mods-enabled/${name}.load ] && [ ${::apache::settings['config_dir_path']}/mods-enabled/${name}.load -ef ${::apache::settings['config_dir_path']}/mods-available/${name}.load ]'", - # notify => $manage_service_autorestart, - # require => Package['apache'], - subscribe => $exec_a2enmod_subscribe, + notify => $::apache::service_notify, + require => Package[$::apache::module_settings['package_name']], } } 'absent': { exec { "/usr/sbin/a2dismod ${name}": onlyif => "/bin/sh -c '[ -L ${::apache::settings['config_dir_path']}/mods-enabled/${name}.load ] && [ ${::apache::settings['config_dir_path']}/mods-enabled/${name}.load -ef ${::apache::settings['config_dir_path']}/mods-available/${name}.load ]'", - # notify => $manage_service_autorestart, - # require => Package['apache'], + notify => $::apache::service_notify, + require => Package[$::apache::module_settings['package_name']], before => $exec_a2dismode_before, } } diff --git a/manifests/profile/passenger.pp b/manifests/profile/passenger.pp index 346ecf1..cef7e90 100644 --- a/manifests/profile/passenger.pp +++ b/manifests/profile/passenger.pp @@ -1,18 +1,20 @@ class apache::profile::passenger ( - Variant[Boolean,String] $ensure = present, - Hash $options = { }, - String[1] $template = 'apache/profile/passenger/passenger.conf.erb', + Variant[Boolean,String] $ensure = present, + Hash $options = { }, + Variant[Undef,String[1]] $template = undef, ) { include apache - tp::conf { 'apache::passenger': - base_dir => 'conf', - template => $template, - options_hash => $::apache::options + $options, - data_module => $::apache::data_module, - settings_hash => $::apache::module_settings, - config_file_notify => $::apache::service_autorestart, + if $template { + tp::conf { 'apache::passenger': + base_dir => 'conf', + template => $template, + options_hash => $::apache::options + $options, + data_module => $::apache::data_module, + settings_hash => $::apache::module_settings, + config_file_notify => $::apache::service_autorestart, + } } package { $::apache::module_settings['passenger_package_name']: diff --git a/manifests/profile/ssl.pp b/manifests/profile/ssl.pp new file mode 100644 index 0000000..1e537ca --- /dev/null +++ b/manifests/profile/ssl.pp @@ -0,0 +1,15 @@ +class apache::profile::ssl ( + Variant[Boolean,String] $ensure = present, + Hash $options = { }, + Variant[Undef,String[1]] $template = undef, +) { + + include apache + + apache::module { 'ssl': + template => $template, + options => $::apache::options + $options, + package_install => true, + } + +} From 319480dba698573c2951d2d76e489a23173d1892 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Wed, 4 May 2016 16:35:52 +0200 Subject: [PATCH 16/19] Use apache::module for passenger --- manifests/profile/passenger.pp | 30 +++++------------------------- manifests/profile/ssl.pp | 3 ++- 2 files changed, 7 insertions(+), 26 deletions(-) diff --git a/manifests/profile/passenger.pp b/manifests/profile/passenger.pp index cef7e90..9b44c0f 100644 --- a/manifests/profile/passenger.pp +++ b/manifests/profile/passenger.pp @@ -4,33 +4,13 @@ Variant[Undef,String[1]] $template = undef, ) { - include apache + include ::apache - if $template { - tp::conf { 'apache::passenger': - base_dir => 'conf', - template => $template, - options_hash => $::apache::options + $options, - data_module => $::apache::data_module, - settings_hash => $::apache::module_settings, - config_file_notify => $::apache::service_autorestart, - } - } - - package { $::apache::module_settings['passenger_package_name']: + ::apache::module { 'passenger': ensure => $ensure, - } - - if $::osfamily == 'Debian' { - exec { 'enable-passenger': - command => '/usr/sbin/a2enmod passenger', - creates => '/etc/apache2/mods-enabled/passenger.load', - notify => $::apache::module_settings['service_name'], - require => [ - $::apache::module_settings['package_name'], - $::apache::module_settings['passenger_package_name'] - ], - } + template => $template, + options => $::apache::options + $options, + package_install => true, } } diff --git a/manifests/profile/ssl.pp b/manifests/profile/ssl.pp index 1e537ca..faa1c5d 100644 --- a/manifests/profile/ssl.pp +++ b/manifests/profile/ssl.pp @@ -4,9 +4,10 @@ Variant[Undef,String[1]] $template = undef, ) { - include apache + include ::apache apache::module { 'ssl': + ensure => $ensure, template => $template, options => $::apache::options + $options, package_install => true, From d32aef959153a980e3604f785e120ecd9b7e1ea3 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Wed, 25 May 2016 10:31:07 +0200 Subject: [PATCH 17/19] Some stardandisations --- manifests/dotconf.pp | 15 ++++++++------- manifests/init.pp | 18 ++++++------------ manifests/install/tp.pp | 20 ++++++++++++++++++++ manifests/module.pp | 11 +++++------ manifests/profile/passenger.pp | 8 ++++---- manifests/vhost.pp | 6 +++--- templates/vhost/vhost.conf.erb | 4 ++-- 7 files changed, 48 insertions(+), 34 deletions(-) create mode 100644 manifests/install/tp.pp diff --git a/manifests/dotconf.pp b/manifests/dotconf.pp index b4443ce..919b820 100644 --- a/manifests/dotconf.pp +++ b/manifests/dotconf.pp @@ -1,18 +1,19 @@ define apache::dotconf ( - Variant[Boolean,String] $ensure = present, + Variant[Boolean,String] $ensure = '', - Variant[Undef,String] $source = undef, - Variant[Undef,String] $template = undef, - Variant[Undef,String] $epp = undef, - Variant[Undef,String] $content = undef, + Variant[Undef,String] $source = undef, + Variant[Undef,String] $template = undef, + Variant[Undef,String] $epp = undef, + Variant[Undef,String] $content = undef, - Hash $options = { }, + Hash $options = { }, ) { include ::apache tp::conf { "apache::${title}": + ensure => pick($ensure, $::apache::ensure), base_dir => 'conf', template => $template, epp => $epp, @@ -21,7 +22,7 @@ options_hash => $::apache::options + $options, data_module => $::apache::data_module, settings => $::apache::module_settings, - config_file_notify => $::apache::service_autorestart, + config_file_notify => $::apache::service_notify, } } diff --git a/manifests/init.pp b/manifests/init.pp index ca2f7a9..f1b19c5 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,9 +1,7 @@ class apache ( Variant[Boolean,String] $ensure = present, - - Hash $confs = { }, - Hash $dirs = { }, + String $install_class = '::apache::install::tp', Hash $options = { }, Hash $settings = { }, @@ -12,26 +10,22 @@ String[1] $data_module = 'apache', - Boolean $service_autorestart = true, + Boolean $auto_restart = true, Boolean $auto_conf = false, + Boolean $auto_prerequisites = true, ) { $tp_settings = tp_lookup('apache','settings',$data_module,'merge') $module_settings = $tp_settings + $settings - if $module_settings['service_name'] and $service_autorestart { + if $module_settings['service_name'] and $auto_restart { $service_notify = "Service[${module_settings['service_name']}]" } else { $service_notify = undef } - tp::install { 'apache': - options_hash => $options, - settings_hash => $module_settings, - data_module => $data_module, - conf_hash => $confs, - dir_hash => $dirs, - auto_conf => $auto_conf, + if $install_class != '' { + include $install_class } if $profiles != [] { diff --git a/manifests/install/tp.pp b/manifests/install/tp.pp new file mode 100644 index 0000000..4b59d2d --- /dev/null +++ b/manifests/install/tp.pp @@ -0,0 +1,20 @@ +class apache::install::tp ( + + Variant[Boolean,String] $ensure = present, + Hash $confs = { }, + Hash $dirs = { }, + +) { + + include ::apache + + tp::install { 'apache': + options_hash => $::apache::options, + settings_hash => $::apache::module_settings, + data_module => $::apache::data_module, + conf_hash => $confs, + dir_hash => $dirs, + auto_conf => $::apache::auto_conf, + } + +} diff --git a/manifests/module.pp b/manifests/module.pp index 165e135..407f300 100644 --- a/manifests/module.pp +++ b/manifests/module.pp @@ -1,5 +1,5 @@ define apache::module ( - Variant[Boolean,String] $ensure = present, + Variant[Boolean,String] $ensure = '', Variant[Undef,String] $template = undef, Hash $options = { }, @@ -12,12 +12,13 @@ if $template { tp::conf { "apache::module::${title}": + ensure => $ensure, base_dir => 'mod', template => $template, options_hash => $::apache::options + $options, data_module => $::apache::data_module, settings => $::apache::module_settings, - config_file_notify => $::apache::service_autorestart, + config_file_notify => $::apache::service_notify, } } @@ -28,8 +29,8 @@ } package { $real_package_name: - ensure => $ensure, - notify => $::apache::service_notify, + ensure => $ensure, + notify => $::apache::service_notify, } } @@ -65,6 +66,4 @@ } } - - } diff --git a/manifests/profile/passenger.pp b/manifests/profile/passenger.pp index 9b44c0f..2c5b864 100644 --- a/manifests/profile/passenger.pp +++ b/manifests/profile/passenger.pp @@ -1,13 +1,13 @@ class apache::profile::passenger ( - Variant[Boolean,String] $ensure = present, - Hash $options = { }, - Variant[Undef,String[1]] $template = undef, + Variant[Boolean,String] $ensure = '', + Hash $options = { }, + Variant[Undef,String[1]] $template = undef, ) { include ::apache ::apache::module { 'passenger': - ensure => $ensure, + ensure => pick($ensure, $::apache::ensure), template => $template, options => $::apache::options + $options, package_install => true, diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 7c6b917..508b5b1 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -1,6 +1,5 @@ define apache::vhost ( - Variant[Boolean,String] $ensure = present, - + Variant[Boolean,String] $ensure = '', String[1] $template = 'apache/vhost/vhost.conf.erb', Hash $options = { }, @@ -9,12 +8,13 @@ include ::apache tp::conf { "apache::${title}": + ensure => pick($ensure, $::apache::ensure), base_dir => 'vhost', template => $template, options_hash => $::apache::options + $options, data_module => $::apache::data_module, settings => $::apache::module_settings, - config_file_notify => $::apache::service_autorestart, + config_file_notify => $::apache::service_notify, } } diff --git a/templates/vhost/vhost.conf.erb b/templates/vhost/vhost.conf.erb index fa198da..8395f30 100644 --- a/templates/vhost/vhost.conf.erb +++ b/templates/vhost/vhost.conf.erb @@ -21,8 +21,8 @@ <% end -%> <% end -%> - ErrorLog <%= @settings['log_dir_path']) %>/<%= @options['name'] %>-error_log - CustomLog <%= @settings['log_dir_path']) %>/<%= @options['name'] %>-access_log common + ErrorLog <%= @settings['log_dir_path'] %>/<%= @options['name'] %>-error_log + CustomLog <%= @settings['log_dir_path'] %>/<%= @options['name'] %>-access_log common <% if @options['directory_options'] != "" || @options['directory_allow_override'] != "None" -%> > From 5389aa6c4183958de89930b6104188c24b028368 Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Wed, 25 May 2016 15:22:29 +0200 Subject: [PATCH 18/19] Better name for internal settings variable ? --- manifests/dotconf.pp | 2 +- manifests/init.pp | 6 +++--- manifests/install/tp.pp | 2 +- manifests/module.pp | 8 ++++---- manifests/profile/loadbalancer.pp | 2 +- manifests/vhost.pp | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/manifests/dotconf.pp b/manifests/dotconf.pp index 919b820..4ff984b 100644 --- a/manifests/dotconf.pp +++ b/manifests/dotconf.pp @@ -21,7 +21,7 @@ source => $source, options_hash => $::apache::options + $options, data_module => $::apache::data_module, - settings => $::apache::module_settings, + settings => $::apache::real_settings, config_file_notify => $::apache::service_notify, } diff --git a/manifests/init.pp b/manifests/init.pp index f1b19c5..a2a39ba 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -17,9 +17,9 @@ ) { $tp_settings = tp_lookup('apache','settings',$data_module,'merge') - $module_settings = $tp_settings + $settings - if $module_settings['service_name'] and $auto_restart { - $service_notify = "Service[${module_settings['service_name']}]" + $real_settings = $tp_settings + $settings + if $real_settings['service_name'] and $auto_restart { + $service_notify = "Service[${real_settings['service_name']}]" } else { $service_notify = undef } diff --git a/manifests/install/tp.pp b/manifests/install/tp.pp index 4b59d2d..616e55a 100644 --- a/manifests/install/tp.pp +++ b/manifests/install/tp.pp @@ -10,7 +10,7 @@ tp::install { 'apache': options_hash => $::apache::options, - settings_hash => $::apache::module_settings, + settings_hash => $::apache::real_settings, data_module => $::apache::data_module, conf_hash => $confs, dir_hash => $dirs, diff --git a/manifests/module.pp b/manifests/module.pp index 407f300..f85977b 100644 --- a/manifests/module.pp +++ b/manifests/module.pp @@ -17,14 +17,14 @@ template => $template, options_hash => $::apache::options + $options, data_module => $::apache::data_module, - settings => $::apache::module_settings, + settings => $::apache::real_settings, config_file_notify => $::apache::service_notify, } } if $package_install { $real_package_name = $package_install ? { - true => "${::apache::module_settings['modpackage_prefix']}${name}", + true => "${::apache::real_settings['modpackage_prefix']}${name}", default => $package_install, } @@ -50,14 +50,14 @@ exec { "/usr/sbin/a2enmod ${name}": unless => "/bin/sh -c '[ -L ${::apache::settings['config_dir_path']}/mods-enabled/${name}.load ] && [ ${::apache::settings['config_dir_path']}/mods-enabled/${name}.load -ef ${::apache::settings['config_dir_path']}/mods-available/${name}.load ]'", notify => $::apache::service_notify, - require => Package[$::apache::module_settings['package_name']], + require => Package[$::apache::real_settings['package_name']], } } 'absent': { exec { "/usr/sbin/a2dismod ${name}": onlyif => "/bin/sh -c '[ -L ${::apache::settings['config_dir_path']}/mods-enabled/${name}.load ] && [ ${::apache::settings['config_dir_path']}/mods-enabled/${name}.load -ef ${::apache::settings['config_dir_path']}/mods-available/${name}.load ]'", notify => $::apache::service_notify, - require => Package[$::apache::module_settings['package_name']], + require => Package[$::apache::real_settings['package_name']], before => $exec_a2dismode_before, } } diff --git a/manifests/profile/loadbalancer.pp b/manifests/profile/loadbalancer.pp index 8c4abb8..3caec35 100644 --- a/manifests/profile/loadbalancer.pp +++ b/manifests/profile/loadbalancer.pp @@ -10,7 +10,7 @@ template => $template, options_hash => $::apache::options + $options, data_module => $::apache::data_module, - settings_hash => $::apache::module_settings, + settings_hash => $::apache::real_settings, } } diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 508b5b1..f88c562 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -13,7 +13,7 @@ template => $template, options_hash => $::apache::options + $options, data_module => $::apache::data_module, - settings => $::apache::module_settings, + settings => $::apache::real_settings, config_file_notify => $::apache::service_notify, } From d19c8ab6f0c649396d76cfb143e2f7473ec6df7f Mon Sep 17 00:00:00 2001 From: Alessandro Franceschi Date: Fri, 27 May 2016 17:45:06 +0200 Subject: [PATCH 19/19] Added files from skeleton 4.0.0 + fixes --- .fixtures.yml | 6 +- .github/CONTRIBUTING.md | 31 +++ .github/ISSUE_TEMPLATE.md | 19 ++ .github/PULL_REQUEST_TEMPLATE.md | 12 ++ .gitignore | 22 ++- .pmtignore | 1 + .travis.yml | 50 +---- CHANGELOG | 2 + CONTRIBUTORS | 1 + Gemfile | 9 +- Guardfile | 5 + LICENSE | 191 ++++++++++++++++++- README.md | 112 +++++++++++ Rakefile | 4 +- data/apache/default.yaml | 2 - data/apache/osfamily/test.yaml | 5 + data/default.yaml | 13 ++ files/.gitkeep | 0 files/rspec/test.conf | 2 + lib/.gitkeep | 0 manifests/conf.pp | 30 +++ manifests/init.pp | 32 ++-- manifests/install/package.pp | 11 ++ manifests/install/tp.pp | 8 +- metadata.json | 56 +++--- spec/acceptance/class_spec.rb | 25 +++ spec/acceptance/nodesets/centos-511-x64.yml | 12 ++ spec/acceptance/nodesets/centos-66-x64.yml | 11 ++ spec/acceptance/nodesets/centos-7-x64.yml | 11 ++ spec/acceptance/nodesets/debian-609-x64.yml | 12 ++ spec/acceptance/nodesets/debian-78-x64.yml | 12 ++ spec/acceptance/nodesets/default.yml | 12 ++ spec/acceptance/nodesets/fedora-20-x64.yml | 12 ++ spec/acceptance/nodesets/ubuntu-1204-x64.yml | 13 ++ spec/acceptance/nodesets/ubuntu-1404-x64.yml | 12 ++ spec/classes/coverage_spec.rb | 1 + spec/classes/main_spec.rb | 56 ++++++ spec/defines/conf_spec.rb | 53 +++++ spec/fixtures/hiera.yaml | 8 + spec/fixtures/hieradata/default.yaml | 2 + spec/spec_helper.rb | 20 ++ spec/spec_helper_acceptance.rb | 22 +++ templates/.gitkeep | 0 templates/profile/base/httpd.conf.erb | 16 +- templates/rspec/test.conf.erb | 2 + templates/vhost/vhost.conf.erb | 4 +- test/init.pp | 1 + 47 files changed, 818 insertions(+), 123 deletions(-) create mode 100644 .github/CONTRIBUTING.md create mode 100644 .github/ISSUE_TEMPLATE.md create mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 .pmtignore create mode 100644 CHANGELOG create mode 100644 CONTRIBUTORS create mode 100644 Guardfile create mode 100644 README.md create mode 100644 data/apache/osfamily/test.yaml create mode 100644 data/default.yaml create mode 100644 files/.gitkeep create mode 100644 files/rspec/test.conf create mode 100644 lib/.gitkeep create mode 100644 manifests/conf.pp create mode 100644 manifests/install/package.pp create mode 100644 spec/acceptance/class_spec.rb create mode 100644 spec/acceptance/nodesets/centos-511-x64.yml create mode 100644 spec/acceptance/nodesets/centos-66-x64.yml create mode 100644 spec/acceptance/nodesets/centos-7-x64.yml create mode 100644 spec/acceptance/nodesets/debian-609-x64.yml create mode 100644 spec/acceptance/nodesets/debian-78-x64.yml create mode 100644 spec/acceptance/nodesets/default.yml create mode 100644 spec/acceptance/nodesets/fedora-20-x64.yml create mode 100644 spec/acceptance/nodesets/ubuntu-1204-x64.yml create mode 100644 spec/acceptance/nodesets/ubuntu-1404-x64.yml create mode 100644 spec/classes/coverage_spec.rb create mode 100644 spec/classes/main_spec.rb create mode 100644 spec/defines/conf_spec.rb create mode 100644 spec/fixtures/hiera.yaml create mode 100644 spec/fixtures/hieradata/default.yaml create mode 100644 spec/spec_helper.rb create mode 100644 spec/spec_helper_acceptance.rb create mode 100644 templates/.gitkeep create mode 100644 templates/rspec/test.conf.erb create mode 100644 test/init.pp diff --git a/.fixtures.yml b/.fixtures.yml index b135ea4..e7a75a0 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,7 +1,7 @@ fixtures: repositories: - tp: "https://github.com/example42/puppet-tp" - stdlib: "https://github.com/puppetlabs/puppetlabs-stdlib" + tp: "https://github.com/example42/puppet-tp.git" + tinydata: "https://github.com/example42/tinydata.git" + stdlib: "https://github.com/puppetlabs/puppetlabs-stdlib.git" symlinks: apache: "#{source_dir}" - diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 0000000..b4e98be --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1,31 @@ +## How to Contribute to This Project + +#### **Did You Find a Bug?** + + * **Ensure the bug was not already reported** by searching on GitHub under **Issues**. + * If you're unable to find an open issue addressing the problem, **open a new one**. Be sure to include a **title and clear description**, as much relevant information as possible, and a **code sample** or an **executable test case** demonstrating the expected behavior that is not occurring. + +#### **Did You Write a Patch That Fixes a Bug?** + + * Open a new GitHub pull request with the patch. + 1. Fork this project + 1. Create your feature branch: `git checkout -b my-new-feature` + 1. Commit your changes: `git commit -am 'Add some feature'` + 1. Push to the branch: `git push origin my-new-feature` + 1. Submit a pull request via GitHub's web interface + * Ensure the PR description clearly describes the problem and its solution. Include the relevant issue number if applicable. + +#### **Do You Intend to Add a New Feature or Change an Existing One?** + + * Suggest your change as a **new issue** using the label `enhancement` **BEFORE** you start writing code. + +#### **Do You Want to Sponsor Open Source Development?** + +If you need express resolution of a bug or new features you can consider the opportunity of **sponsoring** the relevant development. + + * Open an issue on GitHub (of type `bug` or `enhancement`) with the details of what you want + * Contact [example42](http://www.example42.com/#contact) referring the issue you created + * Tell us how you want to sponsor the development (sending money, gifts or offering services) + * If we agree on the conditions we will place your [company] name in the module's Sponsors List + +Thanks for contributing! :heart: diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..1d8c11a --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,19 @@ +## Expected Behavior + + +## Actual Behavior + + +## Steps to Reproduce the Problem + + 1. + 1. + 1. + +## Specifications + +Please add this info: + + 1. Output of ```facter -p``` on the failing node (at least the OS related facts) + 1. Version of Puppet and of the module + 1. The relevant Puppet code and eventually Hiera data diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..8b0f809 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,12 @@ +## Before submitting your PR + + 1. Open an **issue** and refer to its number in your PR title + 1. If it's a bug and you have the solution, go on with the PR! + 1. If it's an enhancement, please wait for our feedback before starting to work on it + 1. Please run ```puppet-lint``` on your code and ensure it's compliant + +## After submitting your PR + + 1. Verify Travis checks and eventually fix the errors + 1. Feel free to ping us if we don't reply promptly + diff --git a/.gitignore b/.gitignore index de5d125..5caea85 100644 --- a/.gitignore +++ b/.gitignore @@ -1,11 +1,13 @@ -/.gradle -/.rvmrc -build -pkg/ -Session.vim -spec/fixtures -.*.sw[a-z] -*.un~ -/Gemfile.lock +.*.sw? +/pkg +/spec/fixtures/manifests +/spec/fixtures/modules +/.rspec_system +/.vagrant /.bundle -vendor +/vendor +/Gemfile.lock +/junit +/log +.yardoc +coverage diff --git a/.pmtignore b/.pmtignore new file mode 100644 index 0000000..48b8bf9 --- /dev/null +++ b/.pmtignore @@ -0,0 +1 @@ +vendor/ diff --git a/.travis.yml b/.travis.yml index 701454f..70bbb1c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,51 +4,11 @@ language: ruby bundler_args: --without development system_tests before_install: rm Gemfile.lock || true rvm: - - 1.8.7 - 1.9.3 - 2.0.0 - - 2.1.1 - - 2.1.4 -script: - - "bundle exec rake validate lint spec SPEC_OPTS='--format documentation'" + - 2.1.0 +script: bundle exec rake test env: - - PUPPET_VERSION="~> 2.7.0" - - PUPPET_VERSION="~> 3.2.0" - - PUPPET_VERSION="~> 3.3.0" - - PUPPET_VERSION="~> 3.4.0" - - PUPPET_VERSION="~> 3.5.0" - - PUPPET_VERSION="~> 3.6.0" - - PUPPET_VERSION="~> 3.7.0" STRICT_VARIABLES=yes - - PUPPET_VERSION="~> 4.2" -matrix: - exclude: - - rvm: 1.8.7 - env: PUPPET_VERSION="~> 4.2" - # this fails on "Could not autoload package: constant Puppet::Type::Package" - # See https://travis-ci.org/DavidS/puppet-apache/jobs/39843058 - - rvm: 2.0.0 - env: PUPPET_VERSION="~> 2.7.0" - - rvm: 2.0.0 - env: PUPPET_VERSION="~> 3.1.0" - # this fails on "can't modify frozen Symbol" in /lib/puppet/util/monkey_patches.rb - # See https://travis-ci.org/DavidS/puppet-apache/jobs/39843066 - - rvm: 2.1.1 - env: PUPPET_VERSION="~> 2.7.0" - - rvm: 2.1.1 - env: PUPPET_VERSION="~> 3.1.0" - - rvm: 2.1.1 - env: PUPPET_VERSION="~> 3.2.0" - - rvm: 2.1.1 - env: PUPPET_VERSION="~> 3.3.0" - - rvm: 2.1.4 - env: PUPPET_VERSION="~> 2.7.0" - - rvm: 2.1.4 - env: PUPPET_VERSION="~> 3.1.0" - - rvm: 2.1.4 - env: PUPPET_VERSION="~> 3.2.0" - - rvm: 2.1.4 - env: PUPPET_VERSION="~> 3.3.0" -sudo: false -notifications: - email: - - info@example42.com + - PUPPET_GEM_VERSION="~> 3.8.0" STRICT_VARIABLES=yes FUTURE_PARSER=yes + - PUPPET_GEM_VERSION="~> 4.0.0" + - PUPPET_GEM_VERSION="~> 4.5.0" diff --git a/CHANGELOG b/CHANGELOG new file mode 100644 index 0000000..b894043 --- /dev/null +++ b/CHANGELOG @@ -0,0 +1,2 @@ +YYYY-MM-DD Release 4.0.0 +- First release based on example42 skeleton template v 4.0.0. diff --git a/CONTRIBUTORS b/CONTRIBUTORS new file mode 100644 index 0000000..446a9ab --- /dev/null +++ b/CONTRIBUTORS @@ -0,0 +1 @@ +example42 diff --git a/Gemfile b/Gemfile index 1b6a039..5a88809 100644 --- a/Gemfile +++ b/Gemfile @@ -2,9 +2,11 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" group :test do gem "rake" - gem "puppet", ENV['PUPPET_GEM_VERSION'] || '~> 3.8.0' + gem "puppet", ENV['PUPPET_GEM_VERSION'] || '> 4.0.0' gem "rspec", '< 3.2.0' - gem "rspec-puppet", :git => 'https://github.com/rodjek/rspec-puppet.git' + gem "rspec-puppet" + # gem "rspec-puppet", :git => 'https://github.com/rodjek/rspec-puppet.git' + gem "puppet-check" gem "puppetlabs_spec_helper" gem "metadata-json-lint" gem "rspec-puppet-facts" @@ -25,7 +27,7 @@ group :development do gem "travis" gem "travis-lint" gem "puppet-blacksmith" - gem "guard-rake" +# gem "guard-rake" end group :system_tests do @@ -33,4 +35,3 @@ group :system_tests do gem "beaker-rspec" gem "beaker-puppet_install_helper" end - diff --git a/Guardfile b/Guardfile new file mode 100644 index 0000000..fd50602 --- /dev/null +++ b/Guardfile @@ -0,0 +1,5 @@ +notification :off + +guard 'rake', :task => 'test' do + watch(%r{^manifests\/(.+)\.pp$}) +end diff --git a/LICENSE b/LICENSE index f41da01..9f71055 100644 --- a/LICENSE +++ b/LICENSE @@ -1,8 +1,192 @@ -Copyright (C) 2013 Alessandro Franceschi / Lab42 + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ -for the relevant commits Copyright (C) by the respective authors. +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION -Contact Lab42 at: info@lab42.it +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -15,3 +199,4 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + diff --git a/README.md b/README.md new file mode 100644 index 0000000..db7f3a3 --- /dev/null +++ b/README.md @@ -0,0 +1,112 @@ +#### Table of Contents + +1. [Overview](#overview) +2. [Module Descriptionl](#module-description) +3. [Setup](#setup) + * [What apache affects](#what-apache-affects) + * [Setup requirements](#setup-requirements) + * [Beginning with apache](#beginning-with-apache) +4. [Usage](#usage) +5. [Reference](#reference) +5. [Limitations](#limitations) +6. [Development](#development) + +## Overview + +This module installs and configures apache. + +It is compatible only with Puppet version 4 or newer. + +## Module Description + + +## Setup + +### What apache affects + +* Installation of apache package and eventual management of its service +* Creation of configuration files for apache +* Different profiles for different use cases + +### Setup Requirements + +This module needs the following prerequisites modules: + + - puppetlabs-stdlib + - example42-tp + +### Beginning with apache + +To simply install apache without any configuration just: + + include ::apache + +To install one of the profiles of this module (they have their own parameters and require the main class. + + include ::apache::profile:: + + To manage a configuration file (in the conf.d directory): + + apache::conf { 'example': + template => 'site/apache/example.conf.erb', + options => hiera('apache::conf::example::options'), + } + +## Usage + +The module's common paramateres entry point is the main class, which is included by all the profiles and defines. + +The most important parameters (here written as configurable via Hiera with Yaml backend, you can obviously pass them when declaring the apache class): + + # Manage installation or removal + apache::ensure: present # Default + + # Define what class to use to install apache + apache::install_class: '::apache::install::tp' # Default installation via Tiny Puppet + + # Override the settings defined in the module's data + # Default is an empty hash, here an example to override the url of the repo and the GPG key to use + apache::settings: + repo_url: 'http://packages.example.com' + key_url: 'http://packages.example.com/gpg' + + # Set any option you may want to use in templates + apache::options: + my_key: my_value # In an erb template this is accessed with \<\%= @options['my_key'] \%\> + + # Define what module to use for Tiny Puppet data: + apache::data_module: apache # Default + + # Restart service on change, by default, on all the module's classes and defines + apache::auto_restart: true # Default  + + # Automatically add, in the main class and profiles, default configurations, if they are available + apache::auto_conf: false # Default  + + # Automatically add prerequisites resources (packages, repos, users...) if they are defined + apache::auto_depend: false # Default  + + +## Reference + +### class apache + +Check [Usage](#usage) section. + + +## Limitations + +This module works only with Puppet version 4 or later. + +It supports the following Operating Systems: + + - RedHat and derivatives: 5, 6, 7 + - Debian 7, 8 + - Ubuntu 12.04, 14.04, 16.04 + + +## Development + +Development of these done is done by commission of sponsor companies or by necessity. + +Check the [CONTRIBUTING](./github/CONTRIBUTING.md) document for more informations on how to contribute. diff --git a/Rakefile b/Rakefile index f96b21f..8fd8142 100644 --- a/Rakefile +++ b/Rakefile @@ -1,6 +1,8 @@ require 'rubygems' require 'bundler/setup' +require 'puppet-check/tasks' + require 'puppetlabs_spec_helper/rake_tasks' require 'puppet/version' require 'puppet/vendor/semantic/lib/semantic' unless Puppet.version.to_f < 3.6 @@ -33,7 +35,7 @@ Rake::Task[:lint].clear PuppetLint.configuration.relative = true PuppetLint.configuration.disable_80chars -PuppetLint.configuration.disable_class_inherits_from_params_class +#PuppetLint.configuration.disable_class_inherits_from_params_class PuppetLint.configuration.disable_class_parameter_defaults PuppetLint.configuration.fail_on_warnings = true diff --git a/data/apache/default.yaml b/data/apache/default.yaml index 1441526..6b754e4 100644 --- a/data/apache/default.yaml +++ b/data/apache/default.yaml @@ -17,8 +17,6 @@ modpackage_prefix: 'mod_' passenger_package_name: 'mod_passenger' - apache::options::init: - apache::options::config: apache_version: 2.4 server_tokens: OS diff --git a/data/apache/osfamily/test.yaml b/data/apache/osfamily/test.yaml new file mode 100644 index 0000000..6e191b3 --- /dev/null +++ b/data/apache/osfamily/test.yaml @@ -0,0 +1,5 @@ +--- + apache::settings: + package_name: 'apache' + service_name: 'apache' + conf_dir_path: '/etc/apache' diff --git a/data/default.yaml b/data/default.yaml new file mode 100644 index 0000000..6751c58 --- /dev/null +++ b/data/default.yaml @@ -0,0 +1,13 @@ +--- + default::settings: + package_ensure: 'present' + service_ensure: 'running' + service_enable: true + config_file_owner: 'root' + config_file_group: 'root' + config_file_mode: '0644' + config_dir_owner: 'root' + config_dir_group: 'root' + config_dir_mode: '0755' + config_dir_purge: false + config_dir_recurse: true diff --git a/files/.gitkeep b/files/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/files/rspec/test.conf b/files/rspec/test.conf new file mode 100644 index 0000000..7217e22 --- /dev/null +++ b/files/rspec/test.conf @@ -0,0 +1,2 @@ +# Test source file for rspec tests +source_test diff --git a/lib/.gitkeep b/lib/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/manifests/conf.pp b/manifests/conf.pp new file mode 100644 index 0000000..8f0b08d --- /dev/null +++ b/manifests/conf.pp @@ -0,0 +1,30 @@ +# define apache::dotconf +# +define apache::conf ( + String $ensure = '', + + Variant[Undef,String] $source = undef, + Variant[Undef,String] $template = undef, + Variant[Undef,String] $epp = undef, + Variant[Undef,String] $content = undef, + + Hash $options = { }, + +) { + + include ::apache + + tp::conf { "apache::${title}": + ensure => pick($ensure, $::apache::ensure), + base_dir => 'conf', + template => $template, + epp => $epp, + content => $content, + source => $source, + options_hash => $::apache::options + $options, + data_module => $::apache::data_module, + settings_hash => $::apache::real_settings, + config_file_notify => $::apache::service_notify, + } + +} diff --git a/manifests/init.pp b/manifests/init.pp index a2a39ba..d2c7fd3 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,18 +1,24 @@ +# Class: apache +# =========================== +# +# This module install and configures apache. +# This main class just manages a basic installation. +# For configurations for different use cases check the classes +# in the profile directory. +# class apache ( - Variant[Boolean,String] $ensure = present, - String $install_class = '::apache::install::tp', + String $ensure = 'present', + String $install_class = '::apache::install::tp', - Hash $options = { }, - Hash $settings = { }, + Hash $options = { }, + Hash $settings = { }, - Array $profiles = [], + String[1] $data_module = 'apache', - String[1] $data_module = 'apache', - - Boolean $auto_restart = true, - Boolean $auto_conf = false, - Boolean $auto_prerequisites = true, + Boolean $auto_restart = true, + Boolean $auto_conf = false, + Boolean $auto_depend = true, ) { @@ -28,10 +34,4 @@ include $install_class } - if $profiles != [] { - $profiles.each |$kl| { - include "::apache::profile::${kl}" - } - } - } diff --git a/manifests/install/package.pp b/manifests/install/package.pp new file mode 100644 index 0000000..33063dd --- /dev/null +++ b/manifests/install/package.pp @@ -0,0 +1,11 @@ +class apache::install::package ( + String $ensure = '', +) { + + include ::apache + + package { $::apache::real_settings['package_name']: + ensure => pick($ensure, $::apache::ensure), + } + +} diff --git a/manifests/install/tp.pp b/manifests/install/tp.pp index 616e55a..b507638 100644 --- a/manifests/install/tp.pp +++ b/manifests/install/tp.pp @@ -1,20 +1,22 @@ class apache::install::tp ( - Variant[Boolean,String] $ensure = present, - Hash $confs = { }, - Hash $dirs = { }, + String $ensure = '', + Hash $confs = { }, + Hash $dirs = { }, ) { include ::apache tp::install { 'apache': + ensure => pick($ensure,$::apache::ensure), options_hash => $::apache::options, settings_hash => $::apache::real_settings, data_module => $::apache::data_module, conf_hash => $confs, dir_hash => $dirs, auto_conf => $::apache::auto_conf, + auto_repo => $::apache::auto_depend, } } diff --git a/metadata.json b/metadata.json index 05f2b64..2bbb7fb 100644 --- a/metadata.json +++ b/metadata.json @@ -1,58 +1,62 @@ { "name": "example42-apache", - "version": "4.0.0.alpha1", - "summary": "Puppet module for apache. Based on Tiny Puppet ", + "version": "4.0.0", + "author": "example42", + "summary": "Puppet 4 module for Apache", "license": "Apache-2.0", - "author": "Alessandro Franceschi, Martin Alfke @ example42", - "checksums": { - }, "source": "https://github.com/example42/puppet-apache", "project_page": "https://github.com/example42/puppet-apache", "issues_url": "https://github.com/example42/puppet-apache/issues", + "dependencies": [ + {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0 < 5.0.0"}, + {"name":"example42/tp","version_requirement":">= 1.1.0 < 3.0.0"} + ], "operatingsystem_support": [ { - "operatingsystem": "RedHat", + "operatingsystem": "Debian", "operatingsystemrelease": [ - "7" + "7", + "8" ] }, { - "operatingsystem": "Centos", + "operatingsystem": "Ubuntu", + "operatingsystemrelease": [ + "12.04", + "14.04", + "16.04" + ] + }, + { + "operatingsystem": "RedHat", "operatingsystemrelease": [ + "5", + "6", "7" ] }, { - "operatingsystem": "Debian", + "operatingsystem": "CentOS", "operatingsystemrelease": [ + "5", + "6", "7" ] }, { - "operatingsystem": "Ubuntu", + "operatingsystem": "OracleLinux", "operatingsystemrelease": [ - "14.04" + "5", + "6", + "7" ] } ], "requirements": [ - { - "name": "pe", - "version_requirement": ">= 3.0.0 < 5.0.0" - }, { "name": "puppet", - "version_requirement": ">= 3.0.0 < 5.0.0" + "version_requirement": ">= 4.0.0 < 6.0.0" } ], - "dependencies": [ - { - "name": "puppetlabs/stdlib", - "version_requirement": ">= 3.2.0 < 5.0.0" - }, - { - "name": "example42/tp", - "version_requirement": ">= 1.0.0 < 3.0.0" - } - ] + "description": "Puppet 4 module for apache" } diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb new file mode 100644 index 0000000..603b335 --- /dev/null +++ b/spec/acceptance/class_spec.rb @@ -0,0 +1,25 @@ +require 'spec_helper_acceptance' + +describe 'apache class' do + context 'default parameters' do + # Using puppet_apply as a helper + it 'should work idempotently with no errors' do + pp = <<-EOS + class { 'apache': } + EOS + + # Run it twice and test for idempotency + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) + end + + describe package('apache') do + it { is_expected.to be_installed } + end + + describe service('apache') do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + end +end diff --git a/spec/acceptance/nodesets/centos-511-x64.yml b/spec/acceptance/nodesets/centos-511-x64.yml new file mode 100644 index 0000000..155926d --- /dev/null +++ b/spec/acceptance/nodesets/centos-511-x64.yml @@ -0,0 +1,12 @@ +HOSTS: + centos-511-x64: + roles: + - master + platform: el-5-x86_64 + box: puppetlabs/centos-5.11-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/boxes/centos-5.11-64-nocm + hypervisor: vagrant + +CONFIG: + log_level: verbose + type: foss diff --git a/spec/acceptance/nodesets/centos-66-x64.yml b/spec/acceptance/nodesets/centos-66-x64.yml new file mode 100644 index 0000000..07843d5 --- /dev/null +++ b/spec/acceptance/nodesets/centos-66-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + centos-66-x64: + roles: + - master + platform: el-6-x86_64 + box: puppetlabs/centos-6.6-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/boxes/centos-6.6-64-nocm + hypervisor: vagrant +CONFIG: + log_level: verbose + type: foss diff --git a/spec/acceptance/nodesets/centos-7-x64.yml b/spec/acceptance/nodesets/centos-7-x64.yml new file mode 100644 index 0000000..028a1b5 --- /dev/null +++ b/spec/acceptance/nodesets/centos-7-x64.yml @@ -0,0 +1,11 @@ +HOSTS: + centos-7-x64: + roles: + - master + platform: el-7-x86_64 + box: puppetlabs/centos-7.0-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/boxes/centos-7.0-64-nocm + hypervisor: vagrant +CONFIG: + log_level: verbose + type: foss \ No newline at end of file diff --git a/spec/acceptance/nodesets/debian-609-x64.yml b/spec/acceptance/nodesets/debian-609-x64.yml new file mode 100644 index 0000000..e2451ea --- /dev/null +++ b/spec/acceptance/nodesets/debian-609-x64.yml @@ -0,0 +1,12 @@ +HOSTS: + debian-609-x64: + roles: + - master + platform: debian-6-amd64 + box: puppetlabs/debian-6.0.9-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/boxes/debian-6.0.9-64-nocm + hypervisor: vagrant + +CONFIG: + log_level: verbose + type: foss diff --git a/spec/acceptance/nodesets/debian-78-x64.yml b/spec/acceptance/nodesets/debian-78-x64.yml new file mode 100644 index 0000000..c4062fd --- /dev/null +++ b/spec/acceptance/nodesets/debian-78-x64.yml @@ -0,0 +1,12 @@ +HOSTS: + debian-78-x64: + roles: + - master + platform: debian-7-amd64 + box: puppetlabs/debian-7.8-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/boxes/debian-7.8-64-nocm + hypervisor: vagrant + +CONFIG: + log_level: verbose + type: foss diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml new file mode 100644 index 0000000..3f2dcaa --- /dev/null +++ b/spec/acceptance/nodesets/default.yml @@ -0,0 +1,12 @@ +HOSTS: + ubuntu-server-1204-x64: + roles: + - master + platform: ubuntu-1204-amd64 + box: puppetlabs/ubuntu-12.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/boxes/ubuntu-12.04-64-nocm + hypervisor: vagrant + +CONFIG: + log_level: verbose + type: foss diff --git a/spec/acceptance/nodesets/fedora-20-x64.yml b/spec/acceptance/nodesets/fedora-20-x64.yml new file mode 100644 index 0000000..138341f --- /dev/null +++ b/spec/acceptance/nodesets/fedora-20-x64.yml @@ -0,0 +1,12 @@ +HOSTS: + fedora-20-x64: + roles: + - master + platform: el-7-x86_64 + box: chef/fedora-20 + box_url: https://vagrantcloud.com/chef/boxes/fedora-20 + hypervisor: vagrant + +CONFIG: + log_level: verbose + type: foss diff --git a/spec/acceptance/nodesets/ubuntu-1204-x64.yml b/spec/acceptance/nodesets/ubuntu-1204-x64.yml new file mode 100644 index 0000000..b4e7d55 --- /dev/null +++ b/spec/acceptance/nodesets/ubuntu-1204-x64.yml @@ -0,0 +1,13 @@ +HOSTS: + ubuntu-1204-x64: + roles: + - master + platform: ubuntu-1204-amd64 + box: puppetlabs/ubuntu-12.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/boxes/ubuntu-12.04-64-nocm + hypervisor: vagrant + +CONFIG: + log_level: verbose + color: false + type: foss diff --git a/spec/acceptance/nodesets/ubuntu-1404-x64.yml b/spec/acceptance/nodesets/ubuntu-1404-x64.yml new file mode 100644 index 0000000..edc1d12 --- /dev/null +++ b/spec/acceptance/nodesets/ubuntu-1404-x64.yml @@ -0,0 +1,12 @@ +HOSTS: + ubuntu-1404-x64: + roles: + - master + platform: ubuntu-1404-amd64 + box: puppetlabs/ubuntu-14.04-64-nocm + box_url: https://vagrantcloud.com/puppetlabs/boxes/ubuntu-14.04-64-nocm + hypervisor: vagrant + +CONFIG: + log_level: verbose + type: foss diff --git a/spec/classes/coverage_spec.rb b/spec/classes/coverage_spec.rb new file mode 100644 index 0000000..12513b8 --- /dev/null +++ b/spec/classes/coverage_spec.rb @@ -0,0 +1 @@ +at_exit { RSpec::Puppet::Coverage.report! } diff --git a/spec/classes/main_spec.rb b/spec/classes/main_spec.rb new file mode 100644 index 0000000..d066f73 --- /dev/null +++ b/spec/classes/main_spec.rb @@ -0,0 +1,56 @@ +require 'spec_helper' + +describe 'apache' do + describe 'on test osfamily' do + let(:facts) do + { :osfamily => 'test' } + end + context 'with default options' do + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_service('apache').with_ensure('running') } + it { is_expected.to contain_package('apache').with_ensure('present') } + it { is_expected.to have_package_resource_count(1) } + it { is_expected.to have_service_resource_count(1) } + it { is_expected.to have_file_resource_count(0) } + it { is_expected.to have_class_count(2) } + end + + context 'with ensure => absent' do + let(:params) do + { :ensure => 'absent' } + end + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_service('apache').with_ensure('stopped') } + it { is_expected.to contain_package('apache').with_ensure('absent') } + end + + context 'with install_class => ""' do + let(:params) do + { :install_class => '' } + end + it { is_expected.to have_package_resource_count(0) } + it { is_expected.to have_service_resource_count(0) } + it { is_expected.to have_file_resource_count(0) } + it { is_expected.to have_class_count(1) } + end + + context 'with install_class => "::apache::install::package"' do + let(:params) do + { :install_class => '::apache::install::package' } + end + it { is_expected.to have_package_resource_count(1) } + it { is_expected.to have_file_resource_count(0) } + it { is_expected.to have_class_count(2) } + it { is_expected.to contain_class('apache::install::package') } + end + + context 'with custom settings' do + let(:params) do + { :settings => { 'package_name' => 'custom_apache' , 'service_name' => 'custom_apache'} } + end + it { is_expected.to contain_service('custom_apache').with_ensure('running') } + it { is_expected.to contain_package('custom_apache').with_ensure('present') } + end + + end +end diff --git a/spec/defines/conf_spec.rb b/spec/defines/conf_spec.rb new file mode 100644 index 0000000..00ffb47 --- /dev/null +++ b/spec/defines/conf_spec.rb @@ -0,0 +1,53 @@ +require 'spec_helper' + +describe 'apache::conf' do + describe 'on test osfamily' do + let(:facts) do + { :osfamily => 'test' } + end + + context 'with custom content' do + let(:title) { 'test.conf' } + let(:params) do + { + :content => 'my_value', + } + end + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_file('/etc/apache/test.conf').with_ensure('present') } + it { is_expected.to contain_file('/etc/apache/test.conf').with_content('my_value') } + end + + context 'with custom template and options hash' do + let(:title) { 'test.conf' } + let(:params) do + { + :template => 'apache/rspec/test.conf.erb', + :options => { 'my_key' => 'my_value', 'my_key2' => 'my_value2' }, + } + end + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_file('/etc/apache/test.conf').with ( { + :ensure => 'present', + :path => '/etc/apache/test.conf', + :content => /my_value2/, + } ) } + end + + context 'with source => test.conf' do + let(:title) { 'test.conf' } + let(:params) do + { + :source => 'puppet:///modules/apache/rspec/test.conf', + } + end + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_file('/etc/apache/test.conf').with ( { + :ensure => 'present', + :source => 'puppet:///modules/apache/rspec/test.conf', + } ) } + end + + end + +end diff --git a/spec/fixtures/hiera.yaml b/spec/fixtures/hiera.yaml new file mode 100644 index 0000000..82d964b --- /dev/null +++ b/spec/fixtures/hiera.yaml @@ -0,0 +1,8 @@ +--- +:backends: + - yaml +:yaml: + :datadir: './spec/fixtures/hieradata' +:hierarchy: + - '%{::clientcert}' + - 'default' diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml new file mode 100644 index 0000000..5e8ecb4 --- /dev/null +++ b/spec/fixtures/hieradata/default.yaml @@ -0,0 +1,2 @@ +--- +# Default key/value pairs diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb new file mode 100644 index 0000000..f2e5985 --- /dev/null +++ b/spec/spec_helper.rb @@ -0,0 +1,20 @@ +require 'puppetlabs_spec_helper/module_spec_helper' +require 'rspec-puppet-facts' + +include RspecPuppetFacts + +require 'simplecov' +require 'simplecov-console' + +SimpleCov.start do + add_filter '/spec' + add_filter '/vendor' + formatter SimpleCov::Formatter::MultiFormatter.new([ + SimpleCov::Formatter::HTMLFormatter, + SimpleCov::Formatter::Console + ]) +end + +RSpec.configure do |c| + c.hiera_config = File.expand_path(File.join(__FILE__, '../fixtures/hiera.yaml')) +end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb new file mode 100644 index 0000000..b51824b --- /dev/null +++ b/spec/spec_helper_acceptance.rb @@ -0,0 +1,22 @@ +require 'beaker-rspec/spec_helper' +require 'beaker-rspec/helpers/serverspec' +require 'beaker/puppet_install_helper' + +run_puppet_install_helper unless ENV['BEAKER_provision'] == 'no' + +RSpec.configure do |c| + # Project root + proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) + + # Readable test descriptions + c.formatter = :documentation + + # Configure all nodes in nodeset + c.before :suite do + # Install module and dependencies + puppet_module_install(:source => proj_root, :module_name => 'apache') + hosts.each do |host| + on host, puppet('module', 'install', 'puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] } + end + end +end diff --git a/templates/.gitkeep b/templates/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/templates/profile/base/httpd.conf.erb b/templates/profile/base/httpd.conf.erb index 0eccc19..280b6c9 100644 --- a/templates/profile/base/httpd.conf.erb +++ b/templates/profile/base/httpd.conf.erb @@ -1,7 +1,7 @@ # File managed by Tiny Puppet # Template derived from puppetlabs-apahe module -ServerTokens <%= @options@['server_tokens'] %> +ServerTokens <%= @options['server_tokens'] %> ServerSignature <%= scope.function_bool2httpd(@options['server_signature']) %> TraceEnable <%= scope.function_bool2httpd(@options['trace_enable']) %> @@ -88,17 +88,17 @@ LogFormat "<%= format -%>" <%= nickname %> <%- end -%> <% end -%> -<%- if scope.function_versioncmp([@options['apache_version'], '2.4']) >= 0 -%> +<% if scope.function_versioncmp([@options['apache_version'], '2.4']) >= 0 -%> IncludeOptional "<%= @settings['conf_dir_path'] %>/*.conf" -<%- else -%> +<% else -%> Include "<%= @settings['conf_dir_path'] %>/*.conf" -<%- end -%> +<% end -%> <% if @settings['vhost_dir_path'] != @settings['conf_dir_path'] -%> -<%- if scope.function_versioncmp([@options['apache_version'], '2.4']) >= 0 -%> -IncludeOptional "<%= @settings['vhost_dir_path']/<%= @options['vhost_include_pattern'] %>" -<%- else -%> +<% if scope.function_versioncmp([@options['apache_version'], '2.4']) >= 0 -%> +IncludeOptional "<%= @settings['vhost_dir_path'] %>/<%= @options['vhost_include_pattern'] %>" +<% else -%> Include "<%= @settings['vhost_dir_path'] %>/<%= @options['vhost_include_pattern'] %>" -<%- end -%> +<% end -%> <% end -%> <% if @options['error_documents'] -%> diff --git a/templates/rspec/test.conf.erb b/templates/rspec/test.conf.erb new file mode 100644 index 0000000..ea03d63 --- /dev/null +++ b/templates/rspec/test.conf.erb @@ -0,0 +1,2 @@ +<%= @options['my_key'] %> +<%= @options['my_key2'] %> diff --git a/templates/vhost/vhost.conf.erb b/templates/vhost/vhost.conf.erb index 8395f30..5b28c4b 100644 --- a/templates/vhost/vhost.conf.erb +++ b/templates/vhost/vhost.conf.erb @@ -1,7 +1,7 @@ # File Managed by Tiny Puppet -> - ServerAdmin <%= @options['server_admin_email'] ||= 'webmaster@options['localhost' %> + + ServerAdmin <%= @options['server_admin_email'] %> DocumentRoot <%= @options['real_docroot'] %> <% if @options['server_name_value'] != false -%> ServerName <%= @options['server_name_value'] %> diff --git a/test/init.pp b/test/init.pp new file mode 100644 index 0000000..3391107 --- /dev/null +++ b/test/init.pp @@ -0,0 +1 @@ +include ::apache