From d25883ac591f67bbfca3ec69d6637cc36998dcb4 Mon Sep 17 00:00:00 2001 From: Pi3r Date: Sun, 7 Sep 2014 22:05:19 +0200 Subject: [PATCH 01/24] Clean-up hash lookup and avoid local undef var --- manifests/mod.pp | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/manifests/mod.pp b/manifests/mod.pp index 4ffde61b1..88cdcd6a5 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -18,11 +18,10 @@ # Determine if we have special lib $mod_libs = $::apache::params::mod_libs - $mod_lib = $mod_libs[$mod] # 2.6 compatibility hack if $lib { $_lib = $lib - } elsif $mod_lib { - $_lib = $mod_lib + } elsif has_key($mod_libs, $mod) { # 2.6 compatibility hack + $_lib = $mod_libs[$mod] } else { $_lib = "mod_${mod}.so" } @@ -48,11 +47,10 @@ # Determine if we have a package $mod_packages = $::apache::params::mod_packages - $mod_package = $mod_packages[$mod] # 2.6 compatibility hack if $package { $_package = $package - } elsif $mod_package { - $_package = $mod_package + } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack + $_package = $mod_packages[$mod] } else { $_package = undef } From 304d66c3ae98066faa9aadfe762aa32eb993d628 Mon Sep 17 00:00:00 2001 From: Moritz Kobel Date: Wed, 22 Oct 2014 16:43:25 +0200 Subject: [PATCH 02/24] Add params to proxy_pass to provide ProxyPass key=value connection settings --- README.md | 3 ++- templates/vhost/_proxy.erb | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 28c541d44..1418696bf 100644 --- a/README.md +++ b/README.md @@ -1135,7 +1135,7 @@ apache::vhost { 'site.name.fdqn': proxy_pass => [ { 'path' => '/a', 'url' => 'http://backend-a/' }, { 'path' => '/b', 'url' => 'http://backend-b/' }, - { 'path' => '/c', 'url' => 'http://backend-a/c' }, + { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => 'max=20 ttl=120 retry=300' }, { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, ], @@ -1143,6 +1143,7 @@ apache::vhost { 'site.name.fdqn': ``` `reverse_urls` is optional and can be an array or a string. It is useful when used with `mod_proxy_balancer`. +`params` is an optional parameter. It allows to provide the ProxyPass key=value parameters (Connection settings). #####`rack_base_uris` diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 045c90691..0f21af2ec 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -7,7 +7,8 @@ ProxyPreserveHost On <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> - ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> + ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if proxy['params'].nil? == false -%> <%= proxy['params'] %> <%- end -%> + > <%- if proxy['reverse_urls'].nil? -%> ProxyPassReverse <%= proxy['url'] %> From b4e5213ad1014f0c6a65c90bfd52965385c28ed4 Mon Sep 17 00:00:00 2001 From: Moritz Kobel Date: Thu, 23 Oct 2014 13:16:44 +0200 Subject: [PATCH 03/24] cleanup condition --- templates/vhost/_proxy.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 0f21af2ec..190239de9 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -7,7 +7,7 @@ ProxyPreserveHost On <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> - ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if proxy['params'].nil? == false -%> <%= proxy['params'] %> <%- end -%> + ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if !proxy['params'].nil? -%> <%= proxy['params'] %> <%- end -%> > <%- if proxy['reverse_urls'].nil? -%> From 7b9ad0dbc2570855962ada4e04f9f4f26005400e Mon Sep 17 00:00:00 2001 From: Ben Sandberg Date: Thu, 23 Oct 2014 14:06:21 -0700 Subject: [PATCH 04/24] passenger concat needs to be wrapped in a check --- manifests/vhost.pp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/manifests/vhost.pp b/manifests/vhost.pp index fd942fe5e..0841dfff4 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -795,10 +795,12 @@ # - $passenger_min_instances # - $passenger_start_timeout # - $passenger_pre_start - concat::fragment { "${name}-passenger": - target => "${priority_real}-${filename}.conf", - order => 290, - content => template('apache/vhost/_passenger.erb'), + if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { + concat::fragment { "${name}-passenger": + target => "${priority_real}-${filename}.conf", + order => 290, + content => template('apache/vhost/_passenger.erb'), + } } # Template uses: From 760a3444814f34a902d838a9837e9f8c595f42c5 Mon Sep 17 00:00:00 2001 From: Thomas Mueller Date: Fri, 24 Oct 2014 14:02:20 +0200 Subject: [PATCH 05/24] (MODULES-1457) apache::vhost: SSLCACertificatePath can't be unset The SSLCACertificatePath is always set. The check for @ssl_certs_dir only covers "undef". As there is a default value in ::apache::params for ssl_certs_dir it needs to be overriden with an empty string. Right now the _ssl.erb template outputs 'SSLCACertificatePath ""' for an empty string, which triggers a failing reload of httpd. This patch just adds a "&& @ssl_certs_dir != ''" to the condition. On a Puppet master passenger vhost it's probably security relevant setting, as it enables all system CA signed certificates access. Related patch: https://github.com/puppetlabs/puppetlabs-apache/pull/787 --- templates/vhost/_ssl.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index 70213f48c..516992558 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -7,7 +7,7 @@ <%- if @ssl_chain -%> SSLCertificateChainFile "<%= @ssl_chain %>" <%- end -%> - <%- if @ssl_certs_dir -%> + <%- if @ssl_certs_dir && @ssl_certs_dir != '' -%> SSLCACertificatePath "<%= @ssl_certs_dir %>" <%- end -%> <%- if @ssl_ca -%> From e440b809f1151f3baf7a8d6fbf9f62372cc385d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Wed, 22 Oct 2014 12:15:04 +0200 Subject: [PATCH 06/24] allow disabling default vhosts under 2.4 when disabling the default vhost(s) under 2.4, there's nothing to include in $sites-enabled/, which causes the following error: The apache2 configtest failed. Output of config test was: apache2: Syntax error on line 46 of /etc/apache2/apache2.conf: No matches for the wildcard '*' in '/etc/apache2/sites-enabled', failing (use IncludeOptional if required) Action 'configtest' failed. The Apache error log may have more information. by using IncludeOptional (as recommended), we allow the use of httpd as simple web server, with single purpose configuration, without having to define a (default) vhost. --- templates/httpd.conf.erb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 68d6b50ae..e1075e38c 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -70,7 +70,11 @@ IncludeOptional "<%= @confd_dir %>/*.conf" Include "<%= @confd_dir %>/*.conf" <%- end -%> <% if @vhost_load_dir != @confd_dir -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> +IncludeOptional "<%= @vhost_load_dir %>/*" +<%- else -%> Include "<%= @vhost_load_dir %>/*" +<%- end -%> <% end -%> <% if @error_documents -%> From bd4ad7b2c80ae7f52f508a4bf732698a0238a5a6 Mon Sep 17 00:00:00 2001 From: Jeff Tickle Date: Thu, 16 Oct 2014 14:00:55 -0400 Subject: [PATCH 07/24] Added ssl_protocol parameter to apache::mod::ssl makes it easier to fix things like POODLE --- README.md | 1 + manifests/mod/ssl.pp | 1 + templates/mod/ssl.conf.erb | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1418696bf..a4ab395c9 100644 --- a/README.md +++ b/README.md @@ -710,6 +710,7 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t class { 'apache::mod::ssl': ssl_compression => false, ssl_options => [ 'StdEnvVars' ], + ssl_protocol => 'all -SSLv2 -SSLv3', } ``` diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp index 7e115fb66..293e9319c 100644 --- a/manifests/mod/ssl.pp +++ b/manifests/mod/ssl.pp @@ -2,6 +2,7 @@ $ssl_compression = false, $ssl_options = [ 'StdEnvVars' ], $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', + $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], $apache_version = $::apache::apache_version, $package_name = undef, ) { diff --git a/templates/mod/ssl.conf.erb b/templates/mod/ssl.conf.erb index 35ec92afd..e92e37e7a 100644 --- a/templates/mod/ssl.conf.erb +++ b/templates/mod/ssl.conf.erb @@ -21,7 +21,7 @@ SSLCryptoDevice builtin SSLHonorCipherOrder On SSLCipherSuite <%= @ssl_cipher %> - SSLProtocol all -SSLv2 -SSLv3 + SSLProtocol <%= @ssl_protocol.compact.join(' ') %> <% if @ssl_options -%> SSLOptions <%= @ssl_options.compact.join(' ') %> <% end -%> From 6cbc3d04506b75c2834a10f2755948804fde1d1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Tue, 28 Oct 2014 15:14:26 +0100 Subject: [PATCH 08/24] fix ssl_protocol docs to be in line with code --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a4ab395c9..02932ff34 100644 --- a/README.md +++ b/README.md @@ -710,7 +710,7 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t class { 'apache::mod::ssl': ssl_compression => false, ssl_options => [ 'StdEnvVars' ], - ssl_protocol => 'all -SSLv2 -SSLv3', + ssl_protocol => [ 'all', '-SSLv2', '-SSLv3'], } ``` From f27d4f87302144426d85c8b92913a97d839d7dd4 Mon Sep 17 00:00:00 2001 From: Martin Konrad Date: Fri, 6 Jun 2014 22:23:19 -0400 Subject: [PATCH 09/24] Support parameters along with proxy_pass --- README.md | 4 +++- templates/vhost/_proxy.erb | 1 - 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 02932ff34..a2f2a4e56 100644 --- a/README.md +++ b/README.md @@ -1128,7 +1128,7 @@ Specifies the destination address of a [ProxyPass](http://httpd.apache.org/docs/ #####`proxy_pass` -Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. +Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. Optionally parameters can be added as an array. ```puppet apache::vhost { 'site.name.fdqn': @@ -1139,6 +1139,8 @@ apache::vhost { 'site.name.fdqn': { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => 'max=20 ttl=120 retry=300' }, { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, + { 'path' => '/d', 'url' => 'http://backend-a/d', + 'params' => ['retry=0', 'timeout=5'] }, ], } ``` diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 190239de9..847715795 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -8,7 +8,6 @@ <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if !proxy['params'].nil? -%> <%= proxy['params'] %> <%- end -%> - > <%- if proxy['reverse_urls'].nil? -%> ProxyPassReverse <%= proxy['url'] %> From 63ed0d31e2b9adddf6bae57f984bf007fc404db8 Mon Sep 17 00:00:00 2001 From: Martin Konrad Date: Mon, 18 Aug 2014 14:27:27 -0400 Subject: [PATCH 10/24] Support keywords along with proxy_pass, use hash for params --- README.md | 4 +++- templates/vhost/_proxy.erb | 8 +++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a2f2a4e56..0e24abfd8 100644 --- a/README.md +++ b/README.md @@ -1140,7 +1140,9 @@ apache::vhost { 'site.name.fdqn': { 'path' => '/l', 'url' => 'http://backend-xy', 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, { 'path' => '/d', 'url' => 'http://backend-a/d', - 'params' => ['retry=0', 'timeout=5'] }, + 'params' => { 'retry' => '0', 'timeout' => '5' }, }, + { 'path' => '/e', 'url' => 'http://backend-a/e', + 'keywords' => ['nocanon', 'interpolate'] }, ], } ``` diff --git a/templates/vhost/_proxy.erb b/templates/vhost/_proxy.erb index 847715795..dd25e2c87 100644 --- a/templates/vhost/_proxy.erb +++ b/templates/vhost/_proxy.erb @@ -7,7 +7,13 @@ ProxyPreserveHost On <%- end -%> <%- [@proxy_pass].flatten.compact.each do |proxy| -%> - ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> <%- if !proxy['params'].nil? -%> <%= proxy['params'] %> <%- end -%> + ProxyPass <%= proxy['path'] %> <%= proxy['url'] -%> + <%- if proxy['params'] -%> + <%- proxy['params'].each_pair do |key, value| -%> <%= key %>=<%= value -%> + <%- end -%> + <%- end -%> + <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> + <%- end %> > <%- if proxy['reverse_urls'].nil? -%> ProxyPassReverse <%= proxy['url'] %> From 92c6c9a1d7e1ef45e8068e9e2ed627b80070a05a Mon Sep 17 00:00:00 2001 From: Martin Konrad Date: Mon, 18 Aug 2014 17:22:40 -0400 Subject: [PATCH 11/24] Add some tests for ProxyPass parameters --- tests/vhost_proxypass.pp | 60 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 tests/vhost_proxypass.pp diff --git a/tests/vhost_proxypass.pp b/tests/vhost_proxypass.pp new file mode 100644 index 000000000..968de4195 --- /dev/null +++ b/tests/vhost_proxypass.pp @@ -0,0 +1,60 @@ +## vhost with proxyPass directive +# NB: Please see the other vhost_*.pp example files for further +# examples. + +# Base class. Declares default vhost on port 80 and default ssl +# vhost on port 443 listening on all interfaces and serving +# $apache::docroot +class { 'apache': } + +# Most basic vhost with proxy_pass +apache::vhost { 'first.example.com': + port => 80, + docroot => '/var/www/first', + proxy_pass => [ + { + 'path' => '/first', + 'url' => "http://localhost:8080/first" + }, + ], +} + +# vhost with proxy_pass and parameters +apache::vhost { 'second.example.com': + port => 80, + docroot => '/var/www/second', + proxy_pass => [ + { + 'path' => '/second', + 'url' => "http://localhost:8080/second", + 'params' => {'retry' => '0', 'timeout' => '5'} + }, + ], +} + +# vhost with proxy_pass and keywords +apache::vhost { 'third.example.com': + port => 80, + docroot => '/var/www/third', + proxy_pass => [ + { + 'path' => '/third', + 'url' => "http://localhost:8080/third", + 'keywords' => ['noquery', 'interpolate'] + }, + ], +} + +# vhost with proxy_pass, parameters and keywords +apache::vhost { 'fourth.example.com': + port => 80, + docroot => '/var/www/fourth', + proxy_pass => [ + { + 'path' => '/fourth', + 'url' => "http://localhost:8080/fourth", + 'params' => {'retry' => '0', 'timeout' => '5'}, + 'keywords' => ['noquery', 'interpolate'] + }, + ], +} \ No newline at end of file From b1b7689a7f0d15ab490873b4b68b754ae4f6e7c6 Mon Sep 17 00:00:00 2001 From: Tim Hartmann Date: Thu, 23 Oct 2014 15:50:15 -0400 Subject: [PATCH 12/24] Linting and adding some tests Adding tests --- spec/defines/vhost_spec.rb | 16 +++++++++--- tests/vhost_proxypass.pp | 50 +++++++++++++++++++++----------------- 2 files changed, 41 insertions(+), 25 deletions(-) diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 3eac5ffb4..84a95bf44 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -172,8 +172,13 @@ 'proxy_dest' => '/', 'proxy_pass' => [ { - 'path' => '/a', - 'url' => 'http://backend-a/' + 'path' => '/a', + 'url' => 'http://backend-a/', + 'keywords' => ['noquery', 'interpolate'], + 'params' => { + 'retry' => '0', + 'timeout' => '5' + } } ], 'suphp_addhandler' => 'foo', @@ -296,7 +301,12 @@ it { is_expected.to contain_concat__fragment('rspec.example.com-action') } it { is_expected.to contain_concat__fragment('rspec.example.com-block') } it { is_expected.to contain_concat__fragment('rspec.example.com-error_document') } - it { is_expected.to contain_concat__fragment('rspec.example.com-proxy') } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /retry=0/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /timeout=5/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /noquery interpolate/) } it { is_expected.to contain_concat__fragment('rspec.example.com-rack') } it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') } it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') } diff --git a/tests/vhost_proxypass.pp b/tests/vhost_proxypass.pp index 968de4195..e911f85f9 100644 --- a/tests/vhost_proxypass.pp +++ b/tests/vhost_proxypass.pp @@ -9,37 +9,40 @@ # Most basic vhost with proxy_pass apache::vhost { 'first.example.com': - port => 80, - docroot => '/var/www/first', - proxy_pass => [ + port => 80, + docroot => '/var/www/first', + proxy_pass => [ { - 'path' => '/first', - 'url' => "http://localhost:8080/first" + 'path' => '/first', + 'url' => 'http://localhost:8080/first' }, ], } # vhost with proxy_pass and parameters apache::vhost { 'second.example.com': - port => 80, - docroot => '/var/www/second', - proxy_pass => [ + port => 80, + docroot => '/var/www/second', + proxy_pass => [ { 'path' => '/second', - 'url' => "http://localhost:8080/second", - 'params' => {'retry' => '0', 'timeout' => '5'} + 'url' => 'http://localhost:8080/second', + 'params' => { + 'retry' => '0', + 'timeout' => '5' + } }, ], } # vhost with proxy_pass and keywords apache::vhost { 'third.example.com': - port => 80, - docroot => '/var/www/third', - proxy_pass => [ + port => 80, + docroot => '/var/www/third', + proxy_pass => [ { - 'path' => '/third', - 'url' => "http://localhost:8080/third", + 'path' => '/third', + 'url' => 'http://localhost:8080/third', 'keywords' => ['noquery', 'interpolate'] }, ], @@ -47,14 +50,17 @@ # vhost with proxy_pass, parameters and keywords apache::vhost { 'fourth.example.com': - port => 80, - docroot => '/var/www/fourth', - proxy_pass => [ + port => 80, + docroot => '/var/www/fourth', + proxy_pass => [ { - 'path' => '/fourth', - 'url' => "http://localhost:8080/fourth", - 'params' => {'retry' => '0', 'timeout' => '5'}, + 'path' => '/fourth', + 'url' => 'http://localhost:8080/fourth', + 'params' => { + 'retry' => '0', + 'timeout' => '5' + }, 'keywords' => ['noquery', 'interpolate'] }, ], -} \ No newline at end of file +} From 379f7a5d7643f52e5ae37c24ea7bc3f3645ee8eb Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 28 Oct 2014 12:21:55 -0400 Subject: [PATCH 13/24] Satisfy doesn't work with apache 2.4 The ability to use the more complex Require* syntax for apache 2.4 will be added eventually, but Satisfy shouldn't be tested as that is deprecated in apache. --- spec/acceptance/vhost_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index d45eaee9f..966f85cf5 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -298,7 +298,7 @@ class { 'apache': } end end - describe 'Satisfy and Auth directive' do + describe 'Satisfy and Auth directive', :unless => $apache_version == '2.4' do it 'should configure a vhost with Satisfy and Auth directive' do pp = <<-EOS class { 'apache': } From dcd805152f5e666b3dfd486ddc65ae2f72e88bc8 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Tue, 28 Oct 2014 16:49:15 -0400 Subject: [PATCH 14/24] wsgi_chunked_request doesn't work on lucid --- spec/acceptance/vhost_spec.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index 966f85cf5..483b74945 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1082,7 +1082,6 @@ class { 'apache::mod::wsgi': } wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, wsgi_pass_authorization => 'On', - wsgi_chunked_request => 'On', } EOS apply_manifest(pp, :catch_failures => true) From dda1b8020e5d523fe2d3dc4a43f90fac972ce7f7 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 29 Oct 2014 10:34:20 -0400 Subject: [PATCH 15/24] Update metadata Fix PE compatibility, update issues URL, and fix requirements to match output from PMT. --- metadata.json | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/metadata.json b/metadata.json index 79344a839..f6361a10e 100644 --- a/metadata.json +++ b/metadata.json @@ -6,7 +6,7 @@ "license": "Apache 2.0", "source": "git://github.com/puppetlabs/puppetlabs-apache.git", "project_page": "https://github.com/puppetlabs/puppetlabs-apache", - "issues_url": "https://github.com/puppetlabs/puppetlabs-apache/issues", + "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "operatingsystem_support": [ { "operatingsystem": "RedHat", @@ -67,13 +67,7 @@ ], "description": "Module for Apache configuration", "dependencies": [ - { - "name": "puppetlabs/stdlib", - "version_requirement": ">= 2.4.0" - }, - { - "name": "puppetlabs/concat", - "version_requirement": ">= 1.1.1" - } + {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0"}, + {"name":"puppetlabs/concat","version_requirement":">= 1.1.1"} ] } From 1f531b342da4f92e34041e605615905afeb0d7ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Wed, 22 Oct 2014 12:02:59 +0200 Subject: [PATCH 16/24] MODULES-1446: mod_version is now builtin MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit while we are not loading it (by default), we should make it easier for people transitioning their configuration from 2.2 to 2.4 to find issues: thus adding a warning when someone tries to load mod_version. --- things i have learned during this pr: × @hunner: There is no '&&' in puppet; only 'and'* × add puppet to PATH, so vim can check syntax. thanks @mhaskel especially for the patience. *zuhl. --- README.md | 10 ++++++++++ manifests/default_mods.pp | 8 ++++---- manifests/mod/version.pp | 8 ++++++++ 3 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 manifests/mod/version.pp diff --git a/README.md b/README.md index 0e24abfd8..a1846b526 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ * [Class: apache::mod::negotiation](#class-apachemodnegotiation) * [Class: apache::mod::deflate](#class-apachemoddeflate) * [Class: apache::mod::reqtimeout](#class-apachemodreqtimeout) + * [Class: apache::mod::version](#class-apachemodversion) * [Defined Type: apache::vhost](#defined-type-apachevhost) * [Parameter: `directories` for apache::vhost](#parameter-directories-for-apachevhost) * [SSL parameters for apache::vhost](#ssl-parameters-for-apachevhost) @@ -823,6 +824,15 @@ mod_reqtimeout configuration. } ``` +####Class: `apache::mod::reqtimeout` + +This wrapper around mod_version warns on Debian and Ubuntu systems with Apache httpd 2.4 +about loading mod_version, as on these platforms it's already built-in. + +```puppet + include '::apache::mod::version' +``` + #####`timeouts` A string or an array that sets the `RequestReadTimeout` option. Defaults to diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 7e8381f03..71759030b 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -36,10 +36,11 @@ include ::apache::mod::cache include ::apache::mod::mime include ::apache::mod::mime_magic - include ::apache::mod::vhost_alias - include ::apache::mod::suexec include ::apache::mod::rewrite include ::apache::mod::speling + include ::apache::mod::suexec + include ::apache::mod::version + include ::apache::mod::vhost_alias ::apache::mod { 'auth_digest': } ::apache::mod { 'authn_anon': } ::apache::mod { 'authn_dbm': } @@ -51,7 +52,6 @@ ::apache::mod { 'logio': } ::apache::mod { 'substitute': } ::apache::mod { 'usertrack': } - ::apache::mod { 'version': } if versioncmp($apache_version, '2.4') >= 0 { ::apache::mod { 'authn_core': } @@ -71,6 +71,7 @@ include ::apache::mod::reqtimeout include ::apache::mod::rewrite include ::apache::mod::userdir + include ::apache::mod::version include ::apache::mod::vhost_alias include ::apache::mod::speling @@ -93,7 +94,6 @@ ::apache::mod { 'logio': } ::apache::mod { 'unique_id': } ::apache::mod { 'usertrack': } - ::apache::mod { 'version': } } default: {} } diff --git a/manifests/mod/version.pp b/manifests/mod/version.pp new file mode 100644 index 000000000..c0e405686 --- /dev/null +++ b/manifests/mod/version.pp @@ -0,0 +1,8 @@ +class apache::mod::version { + + if ($::osfamily == 'debian' and versioncmp($apache_version, '2.4') >= 0) { + warning("${module_name}: module version_module is built-in and can't be loaded") + } else { + ::apache::mod { 'version': } + } +} From 4e86abe59446aac4b1621ebc3f1d77fafc2a9762 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Wed, 29 Oct 2014 15:37:22 -0400 Subject: [PATCH 17/24] Relying on missing fact Ubuntu 10.04 with PE3.3 is missing the operatingsystemmajrelease fact, so check either operatingsystemmajrelease or operatingsystemrelease. --- manifests/mod/dav_svn.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp index d13a7d886..6e70598d0 100644 --- a/manifests/mod/dav_svn.pp +++ b/manifests/mod/dav_svn.pp @@ -5,7 +5,7 @@ include ::apache::mod::dav ::apache::mod { 'dav_svn': } - if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04') { + if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04' and $::operatingsystemrelease != '10.04') { $loadfile_name = undef } else { $loadfile_name = 'dav_svn_authz_svn.load' From 6790eec742f07c2f9150e36d54e71936d03738b7 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Thu, 30 Oct 2014 15:45:37 +0100 Subject: [PATCH 18/24] Fixes indentation of versioncmp --- manifests/default_mods.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 71759030b..09e360a49 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -120,7 +120,7 @@ ::apache::mod { 'auth_basic': } ::apache::mod { 'authn_file': } - if versioncmp($apache_version, '2.4') >= 0 { + if versioncmp($apache_version, '2.4') >= 0 { # authz_core is needed for 'Require' directive ::apache::mod { 'authz_core': id => 'authz_core_module', From 1823dc2fcdfcddeea127a7cc5be055247966c8f8 Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Thu, 30 Oct 2014 11:27:41 -0700 Subject: [PATCH 19/24] Update the test to match the fix from yesterday --- spec/acceptance/mod_dav_svn_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/acceptance/mod_dav_svn_spec.rb b/spec/acceptance/mod_dav_svn_spec.rb index 189bb15c4..7e5afed52 100644 --- a/spec/acceptance/mod_dav_svn_spec.rb +++ b/spec/acceptance/mod_dav_svn_spec.rb @@ -5,7 +5,7 @@ when 'Debian' mod_dir = '/etc/apache2/mods-available' service_name = 'apache2' - if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' + if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' or fact('operatingsystemrelease') == '10.04' authz_svn_load_file = 'dav_svn_authz_svn.load' else authz_svn_load_file = 'authz_svn.load' From 692fabc5d5c7bb4626fe96b7db4020b25ea6e94b Mon Sep 17 00:00:00 2001 From: Sander Hoentjen Date: Wed, 5 Nov 2014 11:49:32 +0100 Subject: [PATCH 20/24] add sort to LogFormats to ensure consistency between runs --- templates/httpd.conf.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index e1075e38c..54d24c8ae 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -59,7 +59,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent <% if @log_formats and !@log_formats.empty? -%> - <%- @log_formats.each do |nickname,format| -%> + <%- @log_formats.sort.each do |nickname,format| -%> LogFormat "<%= format -%>" <%= nickname %> <%- end -%> <% end -%> From c5a9ec2a61343c007a542b405e264112982709f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kundr=C3=A1t?= Date: Mon, 18 Aug 2014 18:38:26 +0200 Subject: [PATCH 21/24] Add support for specifying the docroot option for RHEL SCL httpd24 The pattern of defining these variables in the init.pp goes back into 2012. However, it's much better to use the params.pp pattern for this purpose, and it's also required to make this work with the RHEL's Software Collections. Without this patch, the Apache::Vhost['default'] is instantiated (regardless whether it's with ensure => absent or present) and bails out due to /var/www being missing on asystem which has never had RHEL6's regular httpd package installed. --- manifests/init.pp | 4 +--- manifests/params.pp | 3 +++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index b5e920457..32966b86f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -59,6 +59,7 @@ $log_level = $::apache::params::log_level, $log_formats = {}, $ports_file = $::apache::params::ports_file, + $docroot = $::apache::params::docroot, $apache_version = $::apache::version::default, $server_tokens = 'OS', $server_signature = 'On', @@ -239,7 +240,6 @@ if $::apache::conf_dir and $::apache::params::conf_file { case $::osfamily { 'debian': { - $docroot = '/var/www' $pidfile = "\${APACHE_PID_FILE}" $error_log = 'error.log' $error_documents_path = '/usr/share/apache2/error' @@ -247,7 +247,6 @@ $access_log_file = 'access.log' } 'redhat': { - $docroot = '/var/www/html' $pidfile = 'run/httpd.pid' $error_log = 'error_log' $error_documents_path = '/var/www/error' @@ -255,7 +254,6 @@ $access_log_file = 'access_log' } 'freebsd': { - $docroot = '/usr/local/www/apache22/data' $pidfile = '/var/run/httpd.pid' $error_log = 'httpd-error.log' $error_documents_path = '/usr/local/www/apache22/error' diff --git a/manifests/params.pp b/manifests/params.pp index 90f805af8..6a221fd63 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -103,6 +103,7 @@ $fastcgi_lib_path = undef $mime_support_package = 'mailcap' $mime_types_config = '/etc/mime.types' + $docroot = '/var/www/html' if $::osfamily == "RedHat" { $wsgi_socket_prefix = '/var/run/wsgi' } else { @@ -163,6 +164,7 @@ $fastcgi_lib_path = '/var/lib/apache2/fastcgi' $mime_support_package = 'mime-support' $mime_types_config = '/etc/mime.types' + $docroot = '/var/www' # # Passenger-specific settings @@ -273,6 +275,7 @@ $mime_support_package = 'misc/mime-support' $mime_types_config = '/usr/local/etc/mime.types' $wsgi_socket_prefix = undef + $docroot = '/usr/local/www/apache22/data' } else { fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") } From 6330c899c394603d06a8e8cb2ea3ae3717946249 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Tue, 30 Sep 2014 15:43:19 +0200 Subject: [PATCH 22/24] add documentation for `docroot` (in init) and apparently strip a lot of trailing white-space. thanks lighttable let's see what this breaks... --- README.md | 146 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 76 insertions(+), 70 deletions(-) diff --git a/README.md b/README.md index a1846b526..b98749b58 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ Apache is a widely-used web server, and this module provides a simplified way of * Apache modules * virtual hosts * listened-to ports -* `/etc/make.conf` on FreeBSD +* `/etc/make.conf` on FreeBSD ###Beginning with Apache @@ -182,9 +182,9 @@ To set up a virtual host with WSGI docroot => '/var/www/pythonapp', wsgi_application_group => '%{GLOBAL}', wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => { - processes => '2', - threads => '15', + wsgi_daemon_process_options => { + processes => '2', + threads => '15', display-name => '%{GROUP}', }, wsgi_import_script => '/var/www/demo.wsgi', @@ -253,7 +253,7 @@ Generates default set of include-able Apache configuration files under `${apach #####`default_mods` -Sets up Apache with default settings based on your OS. Valid values are 'true', 'false', or an array of mod names. +Sets up Apache with default settings based on your OS. Valid values are 'true', 'false', or an array of mod names. Defaults to 'true', which includes the default [HTTPD mods](https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp). @@ -310,6 +310,10 @@ SSL vhosts only respond to HTTPS queries. Sets up a default virtual host. Defaults to 'true', set to 'false' to set up [customized virtual hosts](#configure-a-virtual-host). +#####`docroot` + +Changes the location of the default [Documentroot](https://httpd.apache.org/docs/current/mod/core.html#documentroot). Defaults to '/var/www/html' on RedHat, '/var/www' on Debian, and '/usr/local/www/apache22/data' on FreeBSD. + #####`error_documents` Enables custom error documents. Defaults to 'false'. @@ -375,9 +379,9 @@ Determines which MPM is loaded and configured for the HTTPD process. Valid value * `apache::mod::itk` * `apache::mod::peruser` * `apache::mod::prefork` -* `apache::mod::worker` +* `apache::mod::worker` -*Note:* Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `$mpm_module` you must uninstall all packages that depend on your currently-installed Apache. +*Note:* Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `$mpm_module` you must uninstall all packages that depend on your currently-installed Apache. #####`package_ensure` @@ -566,7 +570,7 @@ The modules mentioned above, and other Apache modules that have templates, cause ####Class: `apache::mod::info` -Installs and manages mod_info which provides a comprehensive overview of the server configuration. +Installs and manages mod_info which provides a comprehensive overview of the server configuration. Full documentation for mod_info is available from [Apache](http://httpd.apache.org/docs/2.2/mod/mod_info.html). @@ -681,7 +685,7 @@ Overriding the default configuartion: } ``` -or +or ```puppet class {'::apache::mod::php': template => 'apache/php.conf.erb', @@ -719,7 +723,7 @@ To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` par ####Class: `apache::mod::wsgi` -Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`. +Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`. For customized parameters, which tell Apache how Python is currently configured on the operating system, @@ -963,7 +967,9 @@ Sets the list of resources to look for when a client requests an index of the di #####`docroot` -Provides the [DocumentRoot](http://httpd.apache.org/docs/current/mod/core.html#documentroot) directive, which identifies the directory Apache serves files from. Required. +Provides the +[DocumentRoot](http://httpd.apache.org/docs/current/mod/core.html#documentroot) +directive, which identifies the directory Apache serves files from. Required. #####`docroot_group` @@ -1142,7 +1148,7 @@ Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/do ```puppet apache::vhost { 'site.name.fdqn': - … + … proxy_pass => [ { 'path' => '/a', 'url' => 'http://backend-a/' }, { 'path' => '/b', 'url' => 'http://backend-b/' }, @@ -1220,7 +1226,7 @@ Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mo #####`rewrites` -Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. Defaults to 'undef'. +Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. Defaults to 'undef'. For example, you can specify that anyone trying to access index.html is served welcome.html @@ -1281,7 +1287,7 @@ Multiple rewrites and conditions are also possible rewrite_base => /apps/, rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], }, - ], + ], } ``` @@ -1342,7 +1348,7 @@ Used by HTTPD to conditionally set environment variables for vhosts. Defaults to #####`suphp_addhandler`, `suphp_configpath`, & `suphp_engine` -Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). +Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). `suphp_addhandler` defaults to 'php5-script' on RedHat and FreeBSD, and 'x-httpd-php' on Debian. @@ -1369,9 +1375,9 @@ To set up a virtual host with suPHP Enables name-based virtual hosting. If no IP is passed to the virtual host, but the vhost is assigned a port, then the vhost name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the vhost name is set to the title of the resource. Defaults to '*'. -#####`virtual_docroot` +#####`virtual_docroot` -Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. +Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. ```puppet apache::vhost { 'subdomain.loc': @@ -1407,8 +1413,8 @@ To set up a virtual host with WSGI docroot => '/var/www/pythonapp', wsgi_daemon_process => 'wsgi', wsgi_daemon_process_options => - { processes => '2', - threads => '15', + { processes => '2', + threads => '15', display-name => '%{GROUP}', }, wsgi_process_group => 'wsgi', @@ -1431,9 +1437,9 @@ General `directories` usage looks something like apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => [ - { 'path' => '/var/www/files', - 'provider' => 'files', - 'deny' => 'from all' + { 'path' => '/var/www/files', + 'provider' => 'files', + 'deny' => 'from all' }, ], } @@ -1454,15 +1460,15 @@ Any handlers you do not set in these hashes are considered 'undefined' within Pu ######`addhandlers` -Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. +Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ + directories => [ { path => '/path/to/directory', addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}], - }, + }, ], } ``` @@ -1474,10 +1480,10 @@ Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow => 'from example.org', - }, + directories => [ + { path => '/path/to/directory', + allow => 'from example.org', + }, ], } ``` @@ -1489,10 +1495,10 @@ Sets the types of directives allowed in [.htaccess](http://httpd.apache.org/docs ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow_override => ['AuthConfig', 'Indexes'], - }, + directories => [ + { path => '/path/to/directory', + allow_override => ['AuthConfig', 'Indexes'], + }, ], } ``` @@ -1559,7 +1565,7 @@ Pass a string of custom configuration directives to be placed at the end of the ```puppet apache::vhost { 'monitor': - … + … custom_fragment => ' SetHandler balancer-manager @@ -1582,24 +1588,24 @@ Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) dir ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - deny => 'from example.org', - }, + directories => [ + { path => '/path/to/directory', + deny => 'from example.org', + }, ], } ``` ######`error_documents` -An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. +An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. ```puppet apache::vhost { 'sample.example.net': - directories => [ + directories => [ { path => '/srv/www', error_documents => [ - { 'error_code' => '503', + { 'error_code' => '503', 'document' => '/service-unavail', }, ], @@ -1629,9 +1635,9 @@ Allows configuration settings for [directory indexing](http://httpd.apache.org/d ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], }, ], @@ -1645,11 +1651,11 @@ Sets the [default ordering](http://httpd.apache.org/docs/current/mod/mod_autoind ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', index_order_default => ['Descending', 'Date'], - }, + }, ], } ``` @@ -1661,9 +1667,9 @@ Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], }, ], } @@ -1676,9 +1682,9 @@ Sets the order of processing Allow and Deny statements as per [Apache core docum ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', }, ], } @@ -1791,10 +1797,10 @@ String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ - { path => '/path/to/directory', - ssl_options => '+ExportCertData', + { path => '/path/to/directory', + ssl_options => '+ExportCertData', }, - { path => '/path/to/different/dir', + { path => '/path/to/different/dir', ssl_options => [ '-StdEnvVars', '+ExportCertData'], }, ], @@ -1809,10 +1815,10 @@ A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://w apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ - { path => '/path/to/directory', - suphp => - { user => 'myappuser', - group => 'myappgroup', + { path => '/path/to/directory', + suphp => + { user => 'myappuser', + group => 'myappgroup', }, }, ], @@ -1825,7 +1831,7 @@ All of the SSL parameters for `::vhost` default to whatever is set in the base ` #####`ssl` -Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. Defaults to 'false'. +Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. Defaults to 'false'. #####`ssl_ca` @@ -1837,7 +1843,7 @@ Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/ce #####`ssl_protocol` -Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'. +Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'. If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'all -SSLv2 -SSLv3'. @@ -1899,7 +1905,7 @@ Sets the [SSLVerifyDepth](http://httpd.apache.org/docs/current/mod/mod_ssl.html# #####`ssl_options` -Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'. +Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'. A string: @@ -2148,7 +2154,7 @@ If you want to add two name-based vhosts so that they answer on either 10.0.0.10 ####Defined Type: `apache::balancer` -`apache::balancer` creates an Apache balancer cluster. Each balancer cluster needs one or more balancer members, which are declared with [`apache::balancermember`](#defined-type-apachebalancermember). +`apache::balancer` creates an Apache balancer cluster. Each balancer cluster needs one or more balancer members, which are declared with [`apache::balancermember`](#defined-type-apachebalancermember). One `apache::balancer` defined resource should be defined for each Apache load balanced set of servers. The `apache::balancermember` resources for all balancer members can be exported and collected on a single Apache load balancer server using exported resources. @@ -2164,7 +2170,7 @@ Configures key-value pairs as [ProxySet](http://httpd.apache.org/docs/current/mo #####`collect_exported` -Determines whether or not to use exported resources. Valid values 'true' and 'false', defaults to 'true'. +Determines whether or not to use exported resources. Valid values 'true' and 'false', defaults to 'true'. If you statically declare all of your backend servers, you should set this to 'false' to rely on existing declared balancer member resources. Also make sure to use `apache::balancermember` with array arguments. @@ -2242,7 +2248,7 @@ If you need to use ProxySet in the balancer config * [`apache`](#class-apache): Guides the basic setup of Apache. * `apache::dev`: Installs Apache development libraries. (*Note:* On FreeBSD, you must declare `apache::package` or `apache` before `apache::dev`.) * [`apache::mod::[name]`](#classes-apachemodname): Enables specific Apache HTTPD modules. - + ####Private Classes * `apache::confd::no_accf`: Creates the no-accf.conf configuration file in conf.d, required by FreeBSD's Apache 2.4. @@ -2261,7 +2267,7 @@ If you need to use ProxySet in the balancer config * `apache::listen`: Based on the title, controls which ports Apache binds to for listening. Adds [Listen](http://httpd.apache.org/docs/current/bind.html) directives to ports.conf in the Apache HTTPD configuration directory. Titles take the form '', ':', or ':'. * `apache::mod`: Used to enable arbitrary Apache HTTPD modules for which there is no specific `apache::mod::[name]` class. * `apache::namevirtualhost`: Enables name-based hosting of a virtual host. Adds all [NameVirtualHost](http://httpd.apache.org/docs/current/vhosts/name-based.html) directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles take the form '\*', '*:', '\_default_:, '', or ':'. -* `apache::vhost`: Allows specialized configurations for virtual hosts that have requirements outside the defaults. +* `apache::vhost`: Allows specialized configurations for virtual hosts that have requirements outside the defaults. ####Private Defined Types @@ -2280,7 +2286,7 @@ The `apache::vhost::WSGIImportScript` parameter creates a statement inside the V ###RHEL/CentOS 5 -The `apache::mod::passenger` and `apache::mod::proxy_html` classes are untested since repositories are missing compatible packages. +The `apache::mod::passenger` and `apache::mod::proxy_html` classes are untested since repositories are missing compatible packages. ###RHEL/CentOS 7 @@ -2288,7 +2294,7 @@ The `apache::mod::passenger` class is untested as the repository does not have p ###General -This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet. +This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet. The module contains support for other distributions and operating systems, such as FreeBSD and Amazon Linux, but is not formally tested on those and regressions can occur. From 87be4908f1192800ab93672e0e978002e1703612 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Igor=20Gali=C4=87?= Date: Tue, 30 Sep 2014 16:42:57 +0200 Subject: [PATCH 23/24] add spec test for (default) docroot directory , which is now a parameter to init.pp --- spec/classes/apache_spec.rb | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index dc5d6b46a..c1ecf80cc 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -23,6 +23,10 @@ it { is_expected.to contain_user("www-data") } it { is_expected.to contain_group("www-data") } it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/var/www").with( + 'ensure' => 'directory', + ) + } it { is_expected.to contain_file("/etc/apache2/sites-enabled").with( 'ensure' => 'directory', 'recurse' => 'true', @@ -225,6 +229,10 @@ it { is_expected.to contain_user("apache") } it { is_expected.to contain_group("apache") } it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/var/www/html").with( + 'ensure' => 'directory', + ) + } it { is_expected.to contain_file("/etc/httpd/conf.d").with( 'ensure' => 'directory', 'recurse' => 'true', @@ -498,6 +506,10 @@ it { is_expected.to contain_user("www") } it { is_expected.to contain_group("www") } it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/usr/local/www/apache22/data").with( + 'ensure' => 'directory', + ) + } it { is_expected.to contain_file("/usr/local/etc/apache22/Vhosts").with( 'ensure' => 'directory', 'recurse' => 'true', From d75e4d32423338f56bbeac2540fcf846860b329b Mon Sep 17 00:00:00 2001 From: Morgan Haskel Date: Fri, 7 Nov 2014 11:37:33 -0800 Subject: [PATCH 24/24] Fix unit test failures with ruby 1.8.7 rspec with 1.8.7 seems to be having issues with trailing commas and unescaped '{' or '}' within the %r{} block. --- spec/classes/apache_spec.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index c1ecf80cc..fe61a9796 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -24,7 +24,7 @@ it { is_expected.to contain_group("www-data") } it { is_expected.to contain_class("apache::service") } it { is_expected.to contain_file("/var/www").with( - 'ensure' => 'directory', + 'ensure' => 'directory' ) } it { is_expected.to contain_file("/etc/apache2/sites-enabled").with( @@ -168,7 +168,7 @@ end it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common\n} } - it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" vhost_combined\n} } end end @@ -230,7 +230,7 @@ it { is_expected.to contain_group("apache") } it { is_expected.to contain_class("apache::service") } it { is_expected.to contain_file("/var/www/html").with( - 'ensure' => 'directory', + 'ensure' => 'directory' ) } it { is_expected.to contain_file("/etc/httpd/conf.d").with( @@ -507,7 +507,7 @@ it { is_expected.to contain_group("www") } it { is_expected.to contain_class("apache::service") } it { is_expected.to contain_file("/usr/local/www/apache22/data").with( - 'ensure' => 'directory', + 'ensure' => 'directory' ) } it { is_expected.to contain_file("/usr/local/etc/apache22/Vhosts").with(