Add suexec support

This adds the suexec_user_group parameter to vhost and introduces a class apache::mod::suexec, which is included when the parameter is used.
xbezdick · May 2, 2014 · 9d2067c · 9d2067c
1 parent fe2d1be
commit 9d2067c
Show file tree

Hide file tree

Showing 6 changed files with 30 additions and 2 deletions.
diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp
@@ -26,6 +26,7 @@
         include ::apache::mod::mime
         include ::apache::mod::mime_magic
         include ::apache::mod::vhost_alias
+        include ::apache::mod::suexec
         include ::apache::mod::rewrite
         ::apache::mod { 'auth_digest': }
         ::apache::mod { 'authn_anon': }
@@ -38,7 +39,6 @@
         ::apache::mod { 'logio': }
         ::apache::mod { 'speling': }
         ::apache::mod { 'substitute': }
-        ::apache::mod { 'suexec': }
         ::apache::mod { 'usertrack': }
         ::apache::mod { 'version': }
 

diff --git a/manifests/mod/suexec.pp b/manifests/mod/suexec.pp
@@ -0,0 +1,3 @@
+class apache::mod::suexec {
+  ::apache::mod { 'suexec': }
+}
diff --git a/manifests/vhost.pp b/manifests/vhost.pp
@@ -174,7 +174,8 @@
     $fastcgi_socket              = undef,
     $fastcgi_dir                 = undef,
     $additional_includes         = [],
-    $apache_version              = $::apache::apache_version
+    $apache_version              = $::apache::apache_version,
+    $suexec_user_group           = undef,
   ) {
   # The base class must be included first because it is used by parameter defaults
   if ! defined(Class['apache']) {
@@ -200,6 +201,11 @@
     validate_hash($rewrites[0])
   }
 
+  if $suexec_user_group {
+    validate_re($suexec_user_group, '^\w+ \w+$',
+    "${suexec_user_group} is not supported for suexec_user_group.  Must be 'user group'.")
+  }
+
   # Deprecated backwards-compatibility
   if $rewrite_base {
     warning('Apache::Vhost: parameter rewrite_base is deprecated in favor of rewrites')
@@ -255,6 +261,10 @@
     include ::apache::mod::wsgi
   }
 
+  if $suexec_user_group {
+    include ::apache::mod::suexec
+  }
+
   # This ensures that the docroot exists
   # But enables it to be specified across multiple vhost resources
   if ! defined(File[$docroot]) {

diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb
@@ -1308,6 +1308,16 @@
         end
       end
 
+      describe 'when suexec_user_group is specified' do
+        let :params do
+          default_params.merge({
+            :suexec_user_group => 'nobody nogroup',
+          })
+        end
+
+        it { should contain_file("25-#{title}.conf").with_content %r{^  SuexecUserGroup nobody nogroup$} }
+      end
+
       describe 'redirect rules' do
         describe 'without lockstep arrays' do
           let :params do

diff --git a/templates/vhost.conf.erb b/templates/vhost.conf.erb
@@ -62,4 +62,5 @@
 <%= scope.function_template(['apache/vhost/_wsgi.erb']) -%>
 <%= scope.function_template(['apache/vhost/_custom_fragment.erb']) -%>
 <%= scope.function_template(['apache/vhost/_fastcgi.erb']) -%>
+<%= scope.function_template(['apache/vhost/_suexec.erb']) -%>
 </VirtualHost>
diff --git a/templates/vhost/_suexec.erb b/templates/vhost/_suexec.erb
@@ -0,0 +1,4 @@
+<% if @suexec_user_group -%>
+
+  SuexecUserGroup <%= @suexec_user_group %>
+<% end -%>