Skip to content

Commit

Permalink
Update apache to 3d23958
Browse files Browse the repository at this point in the history
3d23958 Merge pull request #1128 from dgarbus/geoip_scanproxyheaderfield
4c5e171 Merge pull request #1127 from tmuellerleile/add-openssl-conf-cmd
22b2dd9 Merge pull request #1142 from mhaskel/merge_1.5.x_to_master
44bc721 makes the acceptance tests more robust by ensuring selinux is disabled on all runs.
4f38629 fixes bug introduced by PR1133
27d7074 Updated changelog
c054232 Amazon Linux does not support systemd. Having the versioncmp makes this fail on newer versions (which do not yet support systemd). Run this on 2015.03 and you end up with an apache server that will not start.
09ce83e Incorrect date in the changelog
c7ce06c Add ssl_openssl_conf_cmd param (apache::mod::ssl and apache::vhost)
5e321ce Merge pull request #1140 from hunner/add_puppet_helper
4069e79 Add the helper to install puppet/pe/puppet-agent
f71a8de Adding docs for apache::mod::geoip per puppetlabs/puppetlabs-apache#1128
dbbd1d9 Merge remote-tracking branch 'upstream/master' into geoip_scanproxyheaderfield
4673e29 Add the ability to specify GeoIPScanProxyHeaderField for mod_geoip

Change-Id: I6ef385033c21b262107970bb84f5cc197fbfe8a0
  • Loading branch information
xbezdick committed Jun 19, 2015
1 parent a7dd957 commit 0e2e7fc
Show file tree
Hide file tree
Showing 15 changed files with 81 additions and 40 deletions.
2 changes: 1 addition & 1 deletion Puppetfile
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
mod 'apache',
:commit => '84219d81079b901a1400660757e399c365dacbda',
:commit => '3d239583434ec7f07246b319038a822b6eb3fda6',
:git => 'https://github.com/puppetlabs/puppetlabs-apache.git'

mod 'aviator',
Expand Down
4 changes: 2 additions & 2 deletions apache/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
##2015-06-16 - Supported Release 1.5.0
##2015-06-11 - Supported Release 1.5.0
### Summary
This release primarily adds Suse compatibility. It also adds a handful of other
parameters for greater configuration control.

### Features
- Now compatible with concat 1.x and 2.x
- Add `apache::lib_path` parameter
- Add `apache::service_restart` parameter
- Add `apache::vhost::geoip_enable` parameter
Expand All @@ -29,6 +28,7 @@ parameters for greater configuration control.
- Fix alias module being declared even when vhost is absent
- Fix proxy\_pass\_match handling in vhost's proxy template
- Fix userdir access permissions
- Fix issue where the module was trying to use systemd on Amazon Linux.

##2015-04-28 - Supported Release 1.4.1

Expand Down
1 change: 1 addition & 0 deletions apache/Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ group :system_tests do
gem 'beaker-rspec', :require => false
end
gem 'serverspec', :require => false
gem 'beaker-puppet_install_helper', :require => false
end


Expand Down
45 changes: 40 additions & 5 deletions apache/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -666,14 +666,44 @@ These are the default settings:

```puppet
class {'apache::mod::geoip':
$enable => false,
$db_file => '/usr/share/GeoIP/GeoIP.dat',
$flag => 'Standard',
$output => 'All',
enable => false,
db_file => '/usr/share/GeoIP/GeoIP.dat',
flag => 'Standard',
output => 'All',
}
```

The parameter `db_file` can be a single directory or a hash of directories.
#####`enable`

Boolean. Enable or Disable mod_geoip globally. Defaults to false.

#####`db_file`

The full path to your GeoIP database file. Defaults to `/usr/share/GeoIP/GeoIP.dat`. This parameter optionally takes an array of paths for multiple GeoIP database files.

#####`flag`

GeoIP Flag. Defaults to 'Standard'.

#####`output`

Defines which output variables to use. Defaults to 'All'.

#####`enable_utf8`

Boolean. Changes the output from ISO-8859-1 (Latin-1) to UTF-8.

#####`scan_proxy_headers`

Boolean. Enables the GeoIPScanProxyHeaders option. More information can be found [here](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Proxy-Related_Directives).

#####`scan_proxy_header_field`

Specifies which header that mod_geoip should look at to determine the client's IP address.

#####`use_last_xforwarededfor_ip`

Boolean. If a comma-separated list of IP addresses is found, use the last IP address for the client's IP.

####Class: `apache::mod::info`

Expand Down Expand Up @@ -823,6 +853,7 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t
ssl_compression => false,
ssl_cryptodevice => 'builtin',
ssl_options => [ 'StdEnvVars' ],
ssl_openssl_conf_cmd => undef,
ssl_cipher => 'HIGH:MEDIUM:!aNULL:!MD5',
ssl_honorcipherorder => 'On',
ssl_protocol => [ 'all', '-SSLv2', '-SSLv3' ],
Expand Down Expand Up @@ -2251,6 +2282,10 @@ An array:
}
```

#####`ssl_openssl_conf_cmd`

Sets the [SSLOpenSSLConfCmd](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters. Defaults to 'undef'.

#####`ssl_proxyengine`

Specifies whether or not to use [SSLProxyEngine](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Valid values are 'true' and 'false'. Defaults to 'false'.
Expand Down
2 changes: 1 addition & 1 deletion apache/manifests/default_mods.pp
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
if versioncmp($apache_version, '2.4') >= 0 {
# Lets fork it
# Do not try to load mod_systemd on RHEL/CentOS 6 SCL.
if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !($::operatingsystem == 'Amazon' and versioncmp($::operatingsystemrelease, '2014.09') <= 0 ) ) {
if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !($::operatingsystem == 'Amazon') ) {
::apache::mod { 'systemd': }
}
::apache::mod { 'unixd': }
Expand Down
2 changes: 2 additions & 0 deletions apache/manifests/mod/geoip.pp
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
$output = 'All',
$enable_utf8 = undef,
$scan_proxy_headers = undef,
$scan_proxy_header_field = undef,
$use_last_xforwarededfor_ip = undef,
) {
::apache::mod { 'geoip': }
Expand All @@ -16,6 +17,7 @@
# - output
# - enable_utf8
# - scan_proxy_headers
# - scan_proxy_header_field
# - use_last_xforwarededfor_ip
file { 'geoip.conf':
ensure => file,
Expand Down
2 changes: 2 additions & 0 deletions apache/manifests/mod/ssl.pp
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
$ssl_compression = false,
$ssl_cryptodevice = 'builtin',
$ssl_options = [ 'StdEnvVars' ],
$ssl_openssl_conf_cmd = undef,
$ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5',
$ssl_honorcipherorder = 'On',
$ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ],
Expand Down Expand Up @@ -57,6 +58,7 @@
# $ssl_cipher
# $ssl_honorcipherorder
# $ssl_options
# $ssl_openssl_conf_cmd
# $session_cache
# $ssl_mutex
# $ssl_random_seed_bytes
Expand Down
2 changes: 2 additions & 0 deletions apache/manifests/vhost.pp
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
$ssl_verify_client = undef,
$ssl_verify_depth = undef,
$ssl_options = undef,
$ssl_openssl_conf_cmd = undef,
$ssl_proxyengine = false,
$priority = undef,
$default_vhost = false,
Expand Down Expand Up @@ -729,6 +730,7 @@
# - $ssl_verify_client
# - $ssl_verify_depth
# - $ssl_options
# - $ssl_openssl_conf_cmd
# - $apache_version
if $ssl {
concat::fragment { "${name}-ssl":
Expand Down
12 changes: 0 additions & 12 deletions apache/spec/acceptance/basic_spec.rb

This file was deleted.

9 changes: 9 additions & 0 deletions apache/spec/classes/mod/ssl_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -136,5 +136,14 @@
end
it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLRandomSeed startup file:/dev/urandom 1024$})}
end

context 'setting ssl_openssl_conf_cmd' do
let :params do
{
:ssl_openssl_conf_cmd => 'DHParameters "foo.pem"',
}
end
it { is_expected.to contain_file('ssl.conf').with_content(/^\s+SSLOpenSSLConfCmd DHParameters "foo.pem"$/)}
end
end
end
3 changes: 3 additions & 0 deletions apache/spec/defines/vhost_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,7 @@
'ssl_verify_client' => 'optional',
'ssl_verify_depth' => '3',
'ssl_options' => '+ExportCertData',
'ssl_openssl_conf_cmd' => 'DHParameters "foo.pem"',
'ssl_proxyengine' => true,
'priority' => '30',
'default_vhost' => true,
Expand Down Expand Up @@ -398,6 +399,8 @@
it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias') }
it { is_expected.to contain_concat__fragment('rspec.example.com-setenv') }
it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') }
it { is_expected.to contain_concat__fragment('rspec.example.com-ssl').with(
:content => /^\s+SSLOpenSSLConfCmd\s+DHParameters "foo.pem"$/ ) }
it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') }
it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') }
it { is_expected.to contain_concat__fragment('rspec.example.com-header') }
Expand Down
28 changes: 9 additions & 19 deletions apache/spec/spec_helper_acceptance.rb
Original file line number Diff line number Diff line change
@@ -1,25 +1,8 @@
require 'beaker-rspec/spec_helper'
require 'beaker-rspec/helpers/serverspec'
require 'beaker/puppet_install_helper'


unless ENV['RS_PROVISION'] == 'no'
# This will install the latest available package on el and deb based
# systems fail on windows and osx, and install via gem on other *nixes
foss_opts = {
:default_action => 'gem_install',
:version => (ENV['PUPPET_VERSION'] || '3.8.1'),
}

if default.is_pe?; then install_pe; else install_puppet( foss_opts ); end

hosts.each do |host|
if host['platform'] =~ /debian/
on host, 'echo \'export PATH=/var/lib/gems/1.8/bin/:${PATH}\' >> ~/.bashrc'
end

on host, "mkdir -p #{host['distmoduledir']}"
end
end
run_puppet_install_helper

UNSUPPORTED_PLATFORMS = ['Suse','windows','AIX','Solaris']

Expand All @@ -45,6 +28,13 @@
end
on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] }
on host, puppet('module','install','puppetlabs-concat', '--version 1.1.1', '--force'), { :acceptable_exit_codes => [0,1] }

# Make sure selinux is disabled before each test or apache won't work.
if ! UNSUPPORTED_PLATFORMS.include?(fact('osfamily'))
on host, puppet('apply', '-e',
%{"exec { 'setenforce 0': path => '/bin:/sbin:/usr/bin:/usr/sbin', onlyif => 'which setenforce && getenforce | grep Enforcing', }"}),
{ :acceptable_exit_codes => [0] }
end
end
end
end
3 changes: 3 additions & 0 deletions apache/templates/mod/geoip.conf.erb
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ GeoIPEnableUTF8 <%= scope.function_bool2httpd([@enable_utf8]) %>
<% if ! @scan_proxy_headers.nil? -%>
GeoIPScanProxyHeaders <%= scope.function_bool2httpd([@scan_proxy_headers]) %>
<% end -%>
<% if ! @scan_proxy_header_field.nil? -%>
GeoIPScanProxyHeaderField <%= @scan_proxy_header_field %>
<% end -%>
<% if ! @use_last_xforwarededfor_ip.nil? -%>
GeoIPUseLastXForwardedForIP <%= scope.function_bool2httpd([@use_last_xforwarededfor_ip]) %>
<% end -%>
Expand Down
3 changes: 3 additions & 0 deletions apache/templates/mod/ssl.conf.erb
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,7 @@
<% if @ssl_options -%>
SSLOptions <%= @ssl_options.compact.join(' ') %>
<% end -%>
<%- if @ssl_openssl_conf_cmd -%>
SSLOpenSSLConfCmd <%= @ssl_openssl_conf_cmd %>
<%- end -%>
</IfModule>
3 changes: 3 additions & 0 deletions apache/templates/vhost/_ssl.erb
Original file line number Diff line number Diff line change
Expand Up @@ -43,4 +43,7 @@
<%- if @ssl_options -%>
SSLOptions <%= Array(@ssl_options).join(' ') %>
<%- end -%>
<%- if @ssl_openssl_conf_cmd -%>
SSLOpenSSLConfCmd <%= @ssl_openssl_conf_cmd %>
<%- end -%>
<% end -%>

0 comments on commit 0e2e7fc

Please sign in to comment.