From aa79f8417b8fba750852719e24d858f6bb0700fd Mon Sep 17 00:00:00 2001 From: Jason Guiditta Date: Fri, 5 Feb 2016 08:43:55 -0500 Subject: [PATCH] Update apache to de1bee73d362a1a952136077ff400a15550b3d8d de1bee73d362a1a952136077ff400a15550b3d8d Merge pull request #1359 from hunner/fix_passenger_spec 8871f0be57b66d3b4259efa2bb00b3eec11e0e35 Disable passenger tests other than vhost c9b73f0bec2a3e3d05034df3c95e76bfff1c49e8 Merge pull request #1340 from SlavaValAl/master d8c59a4d53a247653b193a53e8d8c8b8973327a2 Merge pull request #1339 from timogoebel/feature_root_directory_options a85588aa66dbd9c83f3cb0434bc99256618728f3 add parameter root_directory_options 7e57138aa9a27ffbd07069243efffaa39a7a865c Merge pull request #1355 from BigAl/MODULES-3017 c1e70c9e589e600fb4914ab21a8d82f6c3e88010 Merge pull request #1338 from timogoebel/feature_more_file_mode 5a1fdd32b14b630a98fe9d48d128c463d1b437e3 Merge pull request #1347 from jyaworski/add_apache_version_fact 595a55ccaaf64c603b4f951059fae59d4eca0797 Merge pull request #1356 from hunner/fix_pagespeed_spec fe1dae9f59c756b86d05dd4e3e921b2838031e6d Need to know where mod_dir is b1f60c7c4297de78350a10cbede8ed1149df0fdd allow status code on redirect match to be optional and not a requirement as per apache documentation http://httpd.apache.org/docs/2.2/mod/mod_alias.html#redirectmatch c1ba7e6b813d072f54cc45a7e28bc8f3e7bc1746 Merge pull request #1354 from hunner/fix_passenger 9996cb23a118ee14806197a8597be1c0cbe2e70b Fix passenger on redhat systems 5150b35c48d888c95504bbc91242163354a0f8e2 Merge pull request #1296 from whotwagner/master 4c4ddaa6ef352ed85b592c0913a5331315817e67 Merge pull request #1350 from rvincentatprokarmadotcom/master 2f78dab061378ed6e0e5b7c6aa670dd2625dea14 Bugfix: require concat, not file f077061b72515a9b336604f22ef7af1801fb2dd5 Merge pull request #1352 from tphoney/ldap_parameters ed74be3277eac484254e0bb887c736b35c14389e adding docs and tests for ldap parameter additions 9fa1dd71aef812bde52337ea6a4b589d53ca10f1 Added support cache related options to apache::mod::ldap 3d34f69f60ef39555a990efe2ca0881d8b3dfc7a Merge pull request #1351 from tphoney/threadlimit-order f0a9223d6c906f23da217099e20515c13d9ccb31 Merge pull request #1322 from BigAl/bug/MODULES-2958 a91d9d7293c0cb26b9bf7b1344ced6fb3dfadcd4 ThreadLimit needs to be above MaxClients or it is ignored. https://bz.apache.org/bugzilla/show_bug.cgi?id=46113 5e431279017e900966fc843d75a97c943448d016 Add apache_version fact 081bdc449f992114598bb0ca3f7a331f1f5cd114 Merge pull request #1344 from fbarbeira/patch-1 44f5231c184934e61e56854438e9413b354b2ac8 Merge pull request #1343 from DavidS/fm-4049-update-msync c748b4502da5534e0ffafd24e5b688e2c1585cd8 (FM-4049) Update to current msync configs [2c99161] 5532bd08e9d71f56c65701c8134a726db48751a6 Remove white space. 2c54785de4f76ed431eaa2d1060458408f62f6b3 Specify owning permissions for logroot directory 95694e6ef16f899caa308bb0c7e4a6cd65e775c0 Merge pull request #1337 from derdanne/gentoo-fix-modules fc3bea1dace807b786c437edcd5311c8d3a3a19a add file_mode to mod manifests 2c6a22a19777990d7e55e7ae7c70c10273804b16 Merge pull request #1333 from timogoebel/filemode 2c67206b2a1b212dff468dfc54ba49c76cd545a2 Merge pull request #1335 from timogoebel/fix_wildcard_ip f2fc48e15159ea30626c4816cb5233b28a6066c5 Merge pull request #1336 from tphoney/fm-3801 6d4fcd8160d315a02a4e1fe441e550710f9b7e40 work around pup_5016, debian8 2015.2 service fault dbfc3844541b745cef87251a32db94ab6178bd1a update module handling for gentoo when used apache 2.4 add module authnz_external as external package in gentoo 7b17dad57ee5cc2aec51d553950cc093eefcaf06 fix vhosts listen to wildcard ip 0f01b59c8ccb303b78ac1cd433d6144f844d6daf add paramter to set config file permissions ac31d2ec0fcaf2e962cc3d5b0590b512d69744d8 MODULES-2958 : correct CustomLog syslog entry 1dfc02d9036e501570aebabc8d02945073e33a6d Added support for modsecurity parameter SecPcreMatchLimit and SecPcreMatchLimitRecursion Change-Id: Ic0a5cabbddd05772bf35c5db253573696ecc1ab2 Update ceph to 185f76380b57d7c420729be10bf70ef3a3c046ae 185f76380b57d7c420729be10bf70ef3a3c046ae mon: fix service provider for redhat systems Change-Id: I3a60e1bdaf66d3adc9b8cecdfe69bad3626ff58f Update contrail to 95616bdf12d90012034b484149d731b5c690da96 95616bdf12d90012034b484149d731b5c690da96 Merge branch 'IPnett-manage_named_conf' acbe7ba0f678c932cc451c41265ce30dbdc4ee35 Merge branch 'manage_named_conf' of https://github.com/IPnett/puppet-contrail into IPnett-manage_named_conf a0506ddaa0095445d305e29bcbaf9a831ff13681 Merge branch 'nhicher-allow_user_to_set_kmod_path' c843dbbe645a9b4ecc89a3898c33c75f51cec512 Allow user to set kmod path 41813eea424439dea0d73ee5535cd5244c01f3f9 do not manage named_conf by default as contrail-dns insists on rewriting the file at every time, resulting in a food fight with puppet Change-Id: Ie921c76c5af96fea6c029b1c0e29eccfcce3001a Update elasticsearch to da7b6a59fb8aca125499735ed53edb5fcfab3cbc da7b6a59fb8aca125499735ed53edb5fcfab3cbc Merge pull request #579 from electrical/integration_fixing e5edaa82dab6fc1c9f83083644c7315043bf44ab Switch back to use community plugin 03b97697e9339e4472295ceaa1e714798fdeac67 Merge pull request #578 from electrical/fix_integration efff777486afb8386afcf3f1dd8bd02e1cb6edf9 Fix unit test df2614015915adf13134128a531af5e559b62187 Fix integration testing d13b78f24366f7907131789f7cf0ff75d2eed696 Merge pull request #574 from electrical/plugin_source cbbbdbd7ae9682e1b64931ef6354c417c93ea208 Add before relation to the source file ff3ccb4e91b2411de91550172801bb1c26231eaf Merge pull request #569 from electrical/plugin_batch 1dcdb39d2c9c28c66d4e0943489edd9713d13327 Add batch flag and install_options param to plugin dbb6c52c4ecc2d3a174ed5b55c0805ffb9c04121 Merge pull request #566 from electrical/logdir 44c099e3905ee6a487b739b2a6ddf24a0b9ece3e Add support for custom log directory 5ef100dda47bce591b5847ece72f00be1dc913ad Merge pull request #491 from buzzdeee/OpenBSD 8dcc61d5e9ac1ac464e9e31ec8dff828e892b0b8 Merge pull request #564 from electrical/package_upgrade 2890d762a3951faabe8d001c6ac7a4f4242c0ec6 Ensure we notify the services if we upgrade the package 6974f8664ab0cbfcedd9f67f5911a5dcb203d686 Merge pull request #563 from electrical/remove_plugin_dir 902ed0586ee236b9e688204563d7cc1b6185cdc4 Remove plugin dir when the package changes cc1e6b961047ba899f153abe30bdef8d8b2d2f6d pass plugindir parameter value from the main elasticsearch class down to the native plugins type. That's necessary for installations in non-default locations. a2888ffc43e8a8a2f43df0c50da8043cad024f3c Some changes to support OpenBSD: e36fc4a437b302b1bd91e4923b3ffb95fd0562e8 Merge pull request #560 from electrical/release/0.10.2 4691ec2d50698529642a6472a8c5f20339e82261 Update for release 0a66ed4a351eeebc84595eabd0db85ae4a69113a Merge pull request #559 from derdanne/master b6844797223c11f4211b182a9be13036f2e83996 add Gentoo support Change-Id: I4abe7bc9eb365d81ef493ba9c53a5dc622268933 Update fluentd to bbbf775ffc112b11035cb1334a4ebfd2e97caa84 bbbf775ffc112b11035cb1334a4ebfd2e97caa84 Add CentOS 6 support to the module metadata 75486c3350d13cc04ceb956ef9b8b1fc917a608c Increment version 82f71961c51276f3ce913c84ba034d58cb6e0ea2 Update summary bcfaa87ecb867cff18e21dce607ffa78a412f29d Update README 31a87e2c30eb144d0958be2a061c61742bf95181 Add CentOS 6 to the travis build matrix 4e916c99e05bb9a74ef4fdfa36c2fa5a12a22250 Merge pull request #3 from soylent/feature/centos-6 81759fa4975d4bf7598318c712ac3488c8a18ac8 Support CentOS 6.x b6f5cd48b35a0b5a609a03ea1163cbe3c7bad6e2 Update tdagent.rb fd64c0fdd9f8a610f312f286fd93318939981b76 Backward compatibilty patch for ruby 1.8.7 d846d922c49e9b7d3d8fadf89b9f9bff9cbed5a8 Use travis to run the both unit and acceptance tests bb3cc5880ddf17abd268eda5234724fa6c0d1b92 Increment the module version f51af7115e26c10b25d30d3a89ee7f8f5543da19 Fix the issue with td-agent service being enabled on each run on EL7 29298fd4ed7effff3ea244bed19d4d6b0762e8c5 Add build status icon to the README 0e001fdbed9fb8a7e51e01e4952299479f04a436 Fix travis build configuration 8a13ad2473888936f9a65ea8e1652fb88a48600d Update CHANGELOG 220eb62fec00d25e6d1416393336fcffb729a0c1 Run acceptance tests in docker containers 91039c681fd3125b0ea7072ea4b6ff37efc0b3f6 Update CHANGELOG f3bacf95e63f63a135fa0df1f62437f0b676a470 Fix formatting d08a0ea802651667007a96b0f4e7f37c6a01d11a Update README b2cce97e5ed91a70c51db7e7c0a6d69cc623648f Purge unmanaged config files 9f56948f9bdc4e00aa0a4967a8d21d09ebacb389 Update README Change-Id: I34a967573bc9182a2884c3ee2bb24930ec6e55de Update mongodb to e5f62b3fd2f54f73d6a002e7ccec21d4136c3606 e5f62b3fd2f54f73d6a002e7ccec21d4136c3606 Merge pull request #259 from DavidS/fm-4049-update-msync d566e9723d3200d966bc201ca8313f91e70edd91 (FM-4049) Update to current msync configs [2c99161] Change-Id: Ic7834b6adbcd69fb686e40be5f07ab3af51abe98 Update mysql to 6598be8eed273201a87f9dfb37193c0ebd81c89f 6598be8eed273201a87f9dfb37193c0ebd81c89f Merge pull request #796 from jhriggs/ticket/3028-fix_grants_with_ANSI_QUOTES 31c17b04840e87602b944631b1c8b3fdbccd9725 (#3028) Fix mysql_grant with MySQL ANSI_QUOTES mode aa29170f5bc1de679a5ff886ce7bdd43f45fd105 Merge pull request #795 from DavidS/fm-4049-update-msync 7889a85d37bced0aeb5055e3c93fd57a111e35a7 (FM-4049) Update to current msync configs [2c99161] Change-Id: Ia3220a83e0bdd1af7b043ad76e2499795320dc40 Update n1k_vsm to 91772fa53dd3ed2686d2e8b0303c77ea6faefe68 91772fa53dd3ed2686d2e8b0303c77ea6faefe68 Merge "Update .gitreview for new namespace" 6fd439cdaed2a280f70931baba5707cccc696636 Update .gitreview for new namespace Change-Id: Ifd9be2c63f207c6e0cae180ac3a8a84b13619b9d Update opendaylight to bdd2a70d305c29a1ab9db03d10debe179cb84003 bdd2a70d305c29a1ab9db03d10debe179cb84003 Move from template to file_line for Karaf features c74614b050587b26f6868c780b431aa9848116f0 Add start of line to log level config check regex ed49501a3474afd56685f4bada09f86aea39e182 Update enable_l3 param to also accept booleans 58c5416883bc2f0f51deab5d06ee50d56cfbd52d Add basic cfg file checks to Beaker generic tests a2dbe0504a31af442237bb05be58ed63eedebaa6 Add port tests to supported OS rspec-puppet tests 2119e9b190f0832f1902c51679b24bcf1d455810 Add docs for ODL OVSDB enable/disable L3 param 4cc6ba0a78a71999a379da55f707e0d06050c714 Add Beaker tests for enable_l3 param 1354cd8308210eefb8551ced8c15e02008c6ebfe Add rspec-puppet tests for enable_l3 flag d88045ff2f7d59336f18d5883e0404d9a77c6fed Add docs for log level param 5b0c75286b2784d1aa1a1bac99d2affdf29a3dcf Add Beaker tests for log level param 7efa464e7c5ff660e40073bde287539055a69196 Update vagrant-odl box list in README 53bc9a8317ce84c71ee31298f83e55927e9e3a73 Add rspec-puppet tests for log level param 5b30fa2e87f4eb82e7f4da00c9df07e3d9379ea5 Update OS distro/version support 7f21f93aa2b49ad43b3218db5a8a9d96410c8d36 Add CentOS 7 Vagrant box config'd for testing 6c1cca8114e418317cd34b129d28b4d17a708d76 Add param to configure ODL logger levels b9ff109375081ee87486381c5ca37b820d4272e3 Update ODL to Beryllium ERP RC1 d3eae1932bc7818e802c6a74f528f6415737e2b4 Update ODL to Beryllium ERP 201601200134 Change-Id: I6f79fffb2e7a79f1d723e11c423ebd64ac0d85d1 Update pacemaker to 973d35a918cf6051a917e96165eaae6dbed6690a 973d35a918cf6051a917e96165eaae6dbed6690a Merge pull request #71 from mbaldessari/property_suport f4b87d118582fe2338ad83d91ea1d6343360afe6 Initial pcs property support Change-Id: If05a3c17eccaf3e32e38804c4481e5160b435893 Update rabbitmq to 1c635016237f16f99245f904885d534e17521842 1c635016237f16f99245f904885d534e17521842 Merge pull request #427 from DavidS/fm-4049-update-msync 5d7b2b0e7c6607bb65954b1a589fa59659ac042b (FM-4049) Update to current msync configs [2c99161] dc0964da2399da6a4a2654419b8479257e59d76a Merge pull request #407 from bogdando/fix_MODULES-2754 8f75ff5cfea7945a0d6a4074184a7279a81349d4 Add the config_management_variables param 888a4e9d87e2f3376b7099213002879c98c10dec Merge pull request #424 from firefly4268/MODULE2940-addition_auth_backends_variable d10bcfef1412aec9d8e9d87beea86bf4b2a00051 Merge pull request #426 from bmjen/mnesia_base d3bb807c19f3831e6237065258abade9989067d8 Addition of auth_backends array and tests. c4ed9c3cef840aeabc5fc6f1f2768c26c5bd4e8f Updates install.pp to ensure that mnesia_base directory exists. Change-Id: I0a434166989a2fcdc3725fe9b99a99c83ee53e6b Update sensu to 8f4fc5780071c4895dec559eafc6030511b0caaa 8f4fc5780071c4895dec559eafc6030511b0caaa Merge pull request #462 from jcochard/master f355a8ab8d14429b396756cb30e8cf55a1a6542d Merge pull request #466 from jaxxstorm/redaction_support 77e0d22e4ff38a3915f1f67664a3e85c4c7190dd Merge pull request #468 from EslamElHusseiny/create_resources_defaults 013a8acfb35af57c0b3e8de7fc0de49350904c3c add defaults for create_resources() add defaults for create_resources() of handlers, checks edit README.md with usage of handlers, and checks defaults 3e39df495e78c3e3d17d5616123f1274899afce5 Merge pull request #467 from EslamElHusseiny/mutators c23c7646536d2aded141674a63d13eef74f90cce add create_resources() for mutators the same way for handlers, checks 1bd841e1d6b420b9ae9eb06cd3fa858720555800 Redact should be an empty array by default 4f9e9ee1765f859a18b840f1375d909aa257e905 Adding readme for redaction 37054b47d8002353f4557abf2350b7534b4e6b0c Adding support for redaction 87cc758c5282448d9cd11175bf48b97bc826e085 support purging with enterprise version Change-Id: I8ed85aac66a88ce82db00975e2945edbbddb354c Update uchiwa to c1f9e42d4d15bb51a2ecc02f20fe49d40b8bf7af c1f9e42d4d15bb51a2ecc02f20fe49d40b8bf7af Merge pull request #66 from Yelp/multiple_backends eb986305719ba6a57b6b39dc0b5b418cc56f69e9 Update docstrings to reflect host array option 486e0ff666af2464bd1b5c028f2fc05ebe058846 Undo Gemfile.lock changes e90222e999a38e244f8e996aa53dcad00fb26755 Allow multiple backends Change-Id: I448182f2b8bd721d17fa79dda1aeb3624a88b325 --- Puppetfile | 26 +- apache/.gitignore | 1 + apache/.rspec | 2 + apache/.travis.yml | 15 +- apache/CONTRIBUTING.md | 6 +- apache/Gemfile | 22 +- apache/README.md | 573 ++++++++++-------- apache/Rakefile | 3 +- apache/lib/facter/apache_version.rb | 8 + .../puppet/parser/functions/enclose_ipv6.rb | 18 +- apache/manifests/balancer.pp | 2 +- apache/manifests/fastcgi/server.pp | 2 +- apache/manifests/init.pp | 25 +- apache/manifests/mod.pp | 10 +- apache/manifests/mod/alias.pp | 1 + apache/manifests/mod/auth_cas.pp | 1 + apache/manifests/mod/auth_mellon.pp | 1 + apache/manifests/mod/authnz_ldap.pp | 1 + apache/manifests/mod/autoindex.pp | 1 + apache/manifests/mod/cgid.pp | 1 + apache/manifests/mod/dav_fs.pp | 1 + apache/manifests/mod/deflate.pp | 1 + apache/manifests/mod/dir.pp | 1 + apache/manifests/mod/disk_cache.pp | 1 + apache/manifests/mod/event.pp | 3 +- apache/manifests/mod/expires.pp | 1 + apache/manifests/mod/ext_filter.pp | 1 + apache/manifests/mod/fastcgi.pp | 1 + apache/manifests/mod/fcgid.pp | 1 + apache/manifests/mod/geoip.pp | 1 + apache/manifests/mod/info.pp | 1 + apache/manifests/mod/itk.pp | 3 +- apache/manifests/mod/ldap.pp | 6 + apache/manifests/mod/mime.pp | 1 + apache/manifests/mod/mime_magic.pp | 1 + apache/manifests/mod/negotiation.pp | 1 + apache/manifests/mod/nss.pp | 1 + apache/manifests/mod/pagespeed.pp | 1 + apache/manifests/mod/passenger.pp | 16 + apache/manifests/mod/peruser.pp | 3 +- apache/manifests/mod/php.pp | 2 +- apache/manifests/mod/prefork.pp | 2 +- apache/manifests/mod/proxy.pp | 1 + apache/manifests/mod/proxy_html.pp | 1 + apache/manifests/mod/remoteip.pp | 1 + apache/manifests/mod/rpaf.pp | 1 + apache/manifests/mod/security.pp | 5 + apache/manifests/mod/setenvif.pp | 1 + apache/manifests/mod/ssl.pp | 1 + apache/manifests/mod/status.pp | 3 +- apache/manifests/mod/suphp.pp | 1 + apache/manifests/mod/userdir.pp | 1 + apache/manifests/mod/worker.pp | 2 +- apache/manifests/mod/wsgi.pp | 1 + apache/manifests/params.pp | 63 +- apache/manifests/vhost.pp | 10 +- apache/manifests/vhost/custom.pp | 2 +- apache/spec/acceptance/class_spec.rb | 73 ++- apache/spec/acceptance/default_mods_spec.rb | 29 +- apache/spec/acceptance/itk_spec.rb | 38 +- apache/spec/acceptance/mod_pagespeed_spec.rb | 1 + apache/spec/acceptance/mod_passenger_spec.rb | 50 +- .../acceptance/nodesets/centos-59-x64.yml | 10 + .../acceptance/nodesets/centos-64-x64-pe.yml | 12 + .../acceptance/nodesets/centos-65-x64.yml | 10 + apache/spec/acceptance/prefork_worker_spec.rb | 21 +- apache/spec/acceptance/service_spec.rb | 21 +- apache/spec/acceptance/vhost_spec.rb | 27 + apache/spec/classes/apache_spec.rb | 20 +- apache/spec/classes/mod/ldap_spec.rb | 14 +- apache/spec/defines/mod_spec.rb | 14 + apache/spec/defines/vhost_spec.rb | 35 ++ apache/spec/spec_helper_acceptance.rb | 16 + apache/spec/unit/apache_version_spec.rb | 20 + .../parser/functions/enclose_ipv6_spec.rb | 8 +- apache/templates/httpd.conf.erb | 2 +- apache/templates/mod/ldap.conf.erb | 15 + apache/templates/mod/security.conf.erb | 4 +- apache/templates/mod/worker.conf.erb | 2 +- apache/templates/vhost/_access_log.erb | 2 +- apache/templates/vhost/_redirect.erb | 10 + ceph/manifests/mon.pp | 1 + ceph/spec/acceptance/ceph_usecases_spec.rb | 5 +- contrail/manifests/control/config.pp | 13 +- contrail/manifests/vrouter/config.pp | 5 + contrail/templates/vrouter/agent_param.erb | 2 +- elasticsearch/CHANGELOG.md | 26 + elasticsearch/README.md | 1 - .../provider/elasticsearch_plugin/plugin.rb | 35 +- .../lib/puppet/type/elasticsearch_plugin.rb | 4 + elasticsearch/manifests/config.pp | 18 +- elasticsearch/manifests/init.pp | 1 + elasticsearch/manifests/instance.pp | 38 +- elasticsearch/manifests/package.pp | 20 +- elasticsearch/manifests/params.pp | 43 ++ elasticsearch/manifests/plugin.pp | 28 +- elasticsearch/manifests/service.pp | 21 + elasticsearch/manifests/service/openbsd.pp | 156 +++++ elasticsearch/manifests/service/openrc.pp | 195 ++++++ elasticsearch/metadata.json | 2 +- .../spec/acceptance/021_es2x_spec.rb | 4 + .../spec/acceptance/022_upgrade_spec.rb | 48 ++ .../spec/acceptance/integration001.rb | 2 +- .../classes/000_elasticsearch_init_spec.rb | 4 +- elasticsearch/spec/classes/001_hiera_spec.rb | 4 + .../defines/004_elasticsearch_plugin_spec.rb | 2 +- .../005_elasticsearch_instance_spec.rb | 61 ++ .../etc/init.d/elasticsearch.OpenBSD.erb | 27 + .../etc/init.d/elasticsearch.openrc.erb | 87 +++ fluentd/.travis.yml | 26 + fluentd/CHANGELOG.md | 10 +- fluentd/Gemfile | 6 +- fluentd/README.md | 23 +- fluentd/Rakefile | 4 +- .../puppet/parser/functions/fluent_config.rb | 40 +- .../lib/puppet/provider/package/tdagent.rb | 7 +- fluentd/manifests/install.pp | 5 +- fluentd/manifests/install_repo.pp | 2 +- fluentd/manifests/params.pp | 8 + fluentd/manifests/service.pp | 1 + fluentd/metadata.json | 7 +- .../spec/acceptance/nodesets/centos-6-x64.yml | 12 + .../spec/acceptance/nodesets/centos-7-x64.yml | 12 + .../acceptance/nodesets/debian-7-amd64.yml | 11 + .../acceptance/nodesets/debian-78-x64.yml | 11 - fluentd/spec/acceptance/nodesets/default.yml | 11 - .../nodesets/ubuntu-server-1404-x64.yml | 8 +- fluentd/spec/classes/service_spec.rb | 4 +- fluentd/spec/spec_helper_acceptance.rb | 4 +- mongodb/.gitignore | 3 +- mongodb/.rspec | 2 + mongodb/.sync.yml | 9 - mongodb/.travis.yml | 19 +- mongodb/CONTRIBUTING.md | 6 +- mongodb/Gemfile | 21 +- mongodb/Rakefile | 3 +- mongodb/spec/spec_helper.rb | 8 +- mongodb/spec/spec_helper_local.rb | 3 + mysql/.gitignore | 2 +- mysql/.rspec | 2 + mysql/.sync.yml | 12 +- mysql/.travis.yml | 19 +- mysql/Gemfile | 27 +- mysql/Rakefile | 3 +- .../lib/puppet/provider/mysql_grant/mysql.rb | 2 +- mysql/spec/spec_helper.rb | 10 +- mysql/spec/spec_helper_local.rb | 3 + opendaylight/CONTRIBUTING.markdown | 7 +- opendaylight/README.markdown | 127 +++- opendaylight/Rakefile | 10 - opendaylight/Vagrantfile | 35 ++ opendaylight/manifests/config.pp | 27 +- opendaylight/manifests/init.pp | 10 +- opendaylight/manifests/install.pp | 10 +- opendaylight/manifests/params.pp | 3 +- opendaylight/metadata.json | 4 +- opendaylight/spec/acceptance/class_spec.rb | 73 +++ .../spec/acceptance/nodesets/fedora-20.yml | 12 - .../spec/acceptance/nodesets/fedora-21.yml | 12 - .../spec/classes/opendaylight_spec.rb | 236 +++++++- opendaylight/spec/spec_helper.rb | 122 +++- opendaylight/spec/spec_helper_acceptance.rb | 125 +++- opendaylight/templates/custom.properties.erb | 8 +- .../org.apache.karaf.features.cfg.erb | 51 -- .../templates/org.ops4j.pax.logging.cfg.erb | 55 ++ pacemaker/README.md | 17 +- pacemaker/manifests/property.pp | 70 +++ pacemaker/manifests/stonith.pp | 18 +- pacemaker/tests/init.pp | 17 + rabbitmq/.gitignore | 1 + rabbitmq/.rspec | 2 + rabbitmq/.travis.yml | 15 +- rabbitmq/CONTRIBUTING.md | 6 +- rabbitmq/Gemfile | 22 +- rabbitmq/README.md | 22 + rabbitmq/Rakefile | 3 +- rabbitmq/manifests/config.pp | 2 + rabbitmq/manifests/init.pp | 7 + rabbitmq/manifests/install.pp | 9 + rabbitmq/manifests/params.pp | 2 + rabbitmq/spec/classes/rabbitmq_spec.rb | 83 +++ rabbitmq/spec/spec_helper.rb | 6 + rabbitmq/templates/rabbitmq.config.erb | 9 +- sensu/README.md | 57 +- .../provider/sensu_client_config/json.rb | 10 +- sensu/lib/puppet/type/sensu_client_config.rb | 7 + sensu/manifests/client/config.pp | 1 + sensu/manifests/init.pp | 14 +- sensu/manifests/rabbitmq/config.pp | 2 +- sensu/manifests/redis/config.pp | 2 +- sensu/spec/classes/sensu_client_spec.rb | 3 + uchiwa/Gemfile | 2 - uchiwa/manifests/init.pp | 23 +- uchiwa/spec/classes/uchiwa_spec.rb | 10 + uchiwa/templates/etc/sensu/uchiwa.json.erb | 37 +- 195 files changed, 3029 insertions(+), 913 deletions(-) create mode 100644 apache/.rspec create mode 100644 apache/lib/facter/apache_version.rb create mode 100644 apache/spec/acceptance/nodesets/centos-59-x64.yml create mode 100644 apache/spec/acceptance/nodesets/centos-64-x64-pe.yml create mode 100644 apache/spec/acceptance/nodesets/centos-65-x64.yml create mode 100644 apache/spec/unit/apache_version_spec.rb create mode 100644 elasticsearch/manifests/service/openbsd.pp create mode 100644 elasticsearch/manifests/service/openrc.pp create mode 100644 elasticsearch/spec/acceptance/022_upgrade_spec.rb create mode 100644 elasticsearch/templates/etc/init.d/elasticsearch.OpenBSD.erb create mode 100644 elasticsearch/templates/etc/init.d/elasticsearch.openrc.erb create mode 100644 fluentd/.travis.yml create mode 100644 fluentd/spec/acceptance/nodesets/centos-6-x64.yml create mode 100644 fluentd/spec/acceptance/nodesets/centos-7-x64.yml create mode 100644 fluentd/spec/acceptance/nodesets/debian-7-amd64.yml delete mode 100644 fluentd/spec/acceptance/nodesets/debian-78-x64.yml delete mode 100644 fluentd/spec/acceptance/nodesets/default.yml create mode 100644 mongodb/.rspec delete mode 100644 mongodb/.sync.yml create mode 100644 mongodb/spec/spec_helper_local.rb create mode 100644 mysql/.rspec create mode 100644 mysql/spec/spec_helper_local.rb delete mode 100644 opendaylight/spec/acceptance/nodesets/fedora-20.yml delete mode 100644 opendaylight/spec/acceptance/nodesets/fedora-21.yml delete mode 100644 opendaylight/templates/org.apache.karaf.features.cfg.erb create mode 100644 opendaylight/templates/org.ops4j.pax.logging.cfg.erb create mode 100644 pacemaker/manifests/property.pp create mode 100644 rabbitmq/.rspec diff --git a/Puppetfile b/Puppetfile index 90132c15e..92c7c7a4c 100644 --- a/Puppetfile +++ b/Puppetfile @@ -3,7 +3,7 @@ mod 'aodh', :git => 'https://github.com/openstack/puppet-aodh.git' mod 'apache', - :commit => '5a277163de3807235f7f2fb4b11ec3d1f0b2d05f', + :commit => 'de1bee73d362a1a952136077ff400a15550b3d8d', :git => 'https://github.com/puppetlabs/puppetlabs-apache.git' mod 'cassandra', @@ -15,7 +15,7 @@ mod 'ceilometer', :git => 'https://github.com/openstack/puppet-ceilometer.git' mod 'ceph', - :commit => '45c81859a5ff37c6cbbce0d260801e9f25354515', + :commit => '185f76380b57d7c420729be10bf70ef3a3c046ae', :git => 'https://github.com/stackforge/puppet-ceph.git' mod 'certmonger', @@ -35,7 +35,7 @@ mod 'concat', :git => 'https://github.com/puppetlabs/puppetlabs-concat.git' mod 'contrail', - :commit => '83471677d5b7b7a1e26c7ccb20f5ab355f41efae', + :commit => '95616bdf12d90012034b484149d731b5c690da96', :git => 'https://github.com/redhat-cip/puppet-contrail.git' mod 'corosync', @@ -47,7 +47,7 @@ mod 'datacat', :git => 'http://github.com/richardc/puppet-datacat' mod 'elasticsearch', - :commit => 'dbceae869eef2dde4ff3ad5504ec002bb4a98c3c', + :commit => 'da7b6a59fb8aca125499735ed53edb5fcfab3cbc', :git => 'https://github.com/elastic/puppet-elasticsearch.git' mod 'firewall', @@ -55,7 +55,7 @@ mod 'firewall', :git => 'https://github.com/puppetlabs/puppetlabs-firewall.git' mod 'fluentd', - :commit => 'ddc5f0e4c6c53d15f0cbd34f74bfaa91a0fb299f', + :commit => 'bbbf775ffc112b11035cb1334a4ebfd2e97caa84', :git => 'https://github.com/soylent/konstantin-fluentd.git' mod 'git', @@ -139,15 +139,15 @@ mod 'module-data', :git => 'https://github.com/ripienaar/puppet-module-data.git' mod 'mongodb', - :commit => 'b25bdb3ce7dcb3e60a4427806fe72cc93625de13', + :commit => 'e5f62b3fd2f54f73d6a002e7ccec21d4136c3606', :git => 'https://github.com/puppetlabs/puppetlabs-mongodb.git' mod 'mysql', - :commit => 'bc1c44afa4b2e2075aa5992d1528d840bf554a34', + :commit => '6598be8eed273201a87f9dfb37193c0ebd81c89f', :git => 'https://github.com/puppetlabs/puppetlabs-mysql.git' mod 'n1k_vsm', - :commit => '3ee42190ffb1cc7df53a2a61c453601a52a349bb', + :commit => '91772fa53dd3ed2686d2e8b0303c77ea6faefe68', :git => 'https://github.com/stackforge/puppet-n1k-vsm.git' mod 'nagios', @@ -171,7 +171,7 @@ mod 'ntp', :git => 'https://github.com/puppetlabs/puppetlabs-ntp' mod 'opendaylight', - :commit => 'bb401b1349363c75310d102d1de49f66f3003a31', + :commit => 'bdd2a70d305c29a1ab9db03d10debe179cb84003', :git => 'https://github.com/dfarrell07/puppet-opendaylight.git' mod 'openstack_extras', @@ -183,7 +183,7 @@ mod 'openstacklib', :git => 'https://github.com/openstack/puppet-openstacklib.git' mod 'pacemaker', - :commit => '00d99b66931d520af202b94d0a2fe3b43f11d8ee', + :commit => '973d35a918cf6051a917e96165eaae6dbed6690a', :git => 'https://github.com/redhat-openstack/puppet-pacemaker.git' mod 'puppet', @@ -195,7 +195,7 @@ mod 'qpid', :git => 'https://github.com/dprince/puppet-qpid' mod 'rabbitmq', - :commit => '45692304e66e4acfca06969574012b22def8f69b', + :commit => '1c635016237f16f99245f904885d534e17521842', :git => 'https://github.com/puppetlabs/puppetlabs-rabbitmq.git' mod 'redis', @@ -215,7 +215,7 @@ mod 'sahara', :git => 'https://github.com/openstack/puppet-sahara.git' mod 'sensu', - :commit => '9bc7f4aa1bff8b2bb612f54d72df0a2730c7a0ea', + :commit => '8f4fc5780071c4895dec559eafc6030511b0caaa', :git => 'https://github.com/sensu/sensu-puppet.git' mod 'snmp', @@ -267,7 +267,7 @@ mod 'tuskar', :git => 'https://github.com/openstack/puppet-tuskar.git' mod 'uchiwa', - :commit => 'a197642f71c8e5437d132d05444aff019f8ff817', + :commit => 'c1f9e42d4d15bb51a2ecc02f20fe49d40b8bf7af', :git => 'https://github.com/Yelp/puppet-uchiwa.git' mod 'vcsrepo', diff --git a/apache/.gitignore b/apache/.gitignore index b5db85e05..319027749 100644 --- a/apache/.gitignore +++ b/apache/.gitignore @@ -5,5 +5,6 @@ spec/fixtures/ .vagrant/ .bundle/ coverage/ +log/ .idea/ *.iml diff --git a/apache/.rspec b/apache/.rspec new file mode 100644 index 000000000..16f9cdb01 --- /dev/null +++ b/apache/.rspec @@ -0,0 +1,2 @@ +--color +--format documentation diff --git a/apache/.travis.yml b/apache/.travis.yml index c418ab5f2..e6314a470 100644 --- a/apache/.travis.yml +++ b/apache/.travis.yml @@ -1,18 +1,19 @@ --- sudo: false language: ruby +cache: bundler bundler_args: --without system_tests -script: "bundle exec rake validate && bundle exec rake lint && bundle exec rake spec SPEC_OPTS='--format documentation'" +script: "bundle exec rake validate lint spec" matrix: fast_finish: true include: - - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 3.0" - - rvm: 2.1.5 - env: PUPPET_GEM_VERSION="~> 3.0" - - rvm: 2.1.5 - env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" - rvm: 2.1.6 env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" + - rvm: 2.1.5 + env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" + - rvm: 2.1.5 + env: PUPPET_GEM_VERSION="~> 3.0" + - rvm: 1.9.3 + env: PUPPET_GEM_VERSION="~> 3.0" notifications: email: false diff --git a/apache/CONTRIBUTING.md b/apache/CONTRIBUTING.md index f1cbde4bb..bfeaa701c 100644 --- a/apache/CONTRIBUTING.md +++ b/apache/CONTRIBUTING.md @@ -159,7 +159,7 @@ If you already have those gems installed, make sure they are up-to-date: With all dependencies in place and up-to-date we can now run the tests: ```shell -% rake spec +% bundle exec rake spec ``` This will execute all the [rspec tests](http://rspec-puppet.com/) tests @@ -178,8 +178,8 @@ installed on your system. You can run them by issuing the following command ```shell -% rake spec_clean -% rspec spec/acceptance +% bundle exec rake spec_clean +% bundle exec rspec spec/acceptance ``` This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml), diff --git a/apache/Gemfile b/apache/Gemfile index bfe64b186..ced190e77 100644 --- a/apache/Gemfile +++ b/apache/Gemfile @@ -1,7 +1,7 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" def location_for(place, fake_version = nil) - if place =~ /^(git:[^#]*)#(.*)/ + if place =~ /^(git[:@][^#]*)#(.*)/ [fake_version, { :git => $1, :branch => $2, :require => false }].compact elsif place =~ /^file:\/\/(.*)/ ['>= 0', { :path => File.expand_path($1), :require => false }] @@ -11,14 +11,16 @@ def location_for(place, fake_version = nil) end group :development, :unit_tests do - gem 'rspec-core', '3.1.7', :require => false - gem 'puppetlabs_spec_helper', :require => false - gem 'simplecov', :require => false - gem 'puppet_facts', :require => false - gem 'json', :require => false + gem 'json', :require => false + gem 'metadata-json-lint', :require => false + gem 'puppet_facts', :require => false + gem 'puppet-blacksmith', :require => false + gem 'puppetlabs_spec_helper', :require => false + gem 'rspec-puppet', '>= 2.3.2', :require => false + gem 'simplecov', :require => false end - group :system_tests do + gem 'beaker-puppet_install_helper', :require => false if beaker_version = ENV['BEAKER_VERSION'] gem 'beaker', *location_for(beaker_version) end @@ -27,12 +29,10 @@ group :system_tests do else gem 'beaker-rspec', :require => false end - gem 'serverspec', :require => false - gem 'beaker-puppet_install_helper', :require => false + gem 'master_manipulator', :require => false + gem 'serverspec', :require => false end - - if facterversion = ENV['FACTER_GEM_VERSION'] gem 'facter', facterversion, :require => false else diff --git a/apache/README.md b/apache/README.md index 38277a326..464d2bc36 100644 --- a/apache/README.md +++ b/apache/README.md @@ -66,7 +66,6 @@ [`apache::version`]: #class-apacheversion [`apache::vhost`]: #define-apachevhost [`apache::vhost::custom`]: #define-apachevhostcustom -[`apache::vhost::WSGIImportScript`]: #wsgiimportscript [Apache HTTP Server]: http://httpd.apache.org [Apache modules]: http://httpd.apache.org/docs/current/mod/ [array]: https://docs.puppetlabs.com/puppet/latest/reference/lang_data_array.html @@ -290,19 +289,19 @@ To temporarily disable full Puppet management, set the [`purge_configs`][] param To have Puppet install Apache with the default parameters, declare the [`apache`][] class: -~~~ puppet +``` puppet class { 'apache': } -~~~ +``` The Puppet module applies a default configuration based on your operating system; Debian, Red Hat, FreeBSD, and Gentoo systems each have unique default configurations. These defaults work in testing environments but are not suggested for production, and Puppet recommends customizing the class's parameters to suit your site. Use the [Reference](#reference) section to find information about the class's parameters and their default values. You can customize parameters when declaring the `apache` class. For instance, this declaration installs Apache without the apache module's [default virtual host configuration][Configuring virtual hosts], allowing you to customize all Apache virtual hosts: -~~~ puppet +``` puppet class { 'apache': default_vhost => false, } -~~~ +``` ## Usage @@ -314,41 +313,41 @@ The default [`apache`][] class sets up a virtual host on port 80, listening on a To configure basic [name-based virtual hosts][], specify the [`port`][] and [`docroot`][] parameters in the [`apache::vhost`][] define: -~~~ puppet +``` puppet apache::vhost { 'vhost.example.com': port => '80', docroot => '/var/www/vhost', } -~~~ +``` **Note**: Apache processes virtual hosts in alphabetical order, and server administrators can prioritize Apache's virtual host processing by prefixing a virtual host's configuration file name with a number. The [`apache::vhost`][] define applies a default [`priority`][] of 15, which Puppet interprets by prefixing the virtual host's file name with `15-`. This all means that if multiple sites have the same priority, or if you disable priority numbers by setting the `priority` parameter's value to 'false', Apache still processes virtual hosts in alphabetical order. To configure user and group ownership for `docroot`, use the [`docroot_owner`][] and [`docroot_group`][] parameters: -~~~ puppet +``` puppet apache::vhost { 'user.example.com': port => '80', docroot => '/var/www/user', docroot_owner => 'www-data', docroot_group => 'www-data', } -~~~ +``` #### Configuring virtual hosts with SSL To configure a virtual host to use [SSL encryption][] and default SSL certificates, set the [`ssl`][] parameter. You must also specify the [`port`][] parameter, typically with a value of '443', to accommodate HTTPS requests: -~~~ puppet +``` puppet apache::vhost { 'ssl.example.com': port => '443', docroot => '/var/www/ssl', ssl => true, } -~~~ +``` To configure a virtual host to use SSL and specific SSL certificates, use the paths to the certificate and key in the [`ssl_cert`][] and [`ssl_key`][] parameters, respectively: -~~~ puppet +``` puppet apache::vhost { 'cert.example.com': port => '443', docroot => '/var/www/cert', @@ -356,11 +355,11 @@ apache::vhost { 'cert.example.com': ssl_cert => '/etc/ssl/fourth.example.com.cert', ssl_key => '/etc/ssl/fourth.example.com.key', } -~~~ +``` To configure a mix of SSL and unencrypted virtual hosts at the same domain, declare them with separate [`apache::vhost`] defines: -~~~ puppet +``` puppet # The non-ssl virtual host apache::vhost { 'mix.example.com non-ssl': servername => 'mix.example.com', @@ -375,11 +374,11 @@ apache::vhost { 'mix.example.com ssl': docroot => '/var/www/mix', ssl => true, } -~~~ +``` To configure a virtual host to redirect unencrypted connections to SSL, declare them with separate [`apache::vhost`] defines and redirect unencrypted requests to the virtual host with SSL enabled: -~~~ puppet +``` puppet apache::vhost { 'redirect.example.com non-ssl': servername => 'redirect.example.com', port => '80', @@ -394,33 +393,33 @@ apache::vhost { 'redirect.example.com ssl': docroot => '/var/www/redirect', ssl => true, } -~~~ +``` #### Configuring virtual host port and address bindings -Virtual hosts listen on all IP addresses ('*') by default. To configure the virtual host to listen on a specific IP address, use the [`ip`][] parameter: +Virtual hosts listen on all IP addresses ('\*') by default. To configure the virtual host to listen on a specific IP address, use the [`ip`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'ip.example.com': ip => '127.0.0.1', port => '80', docroot => '/var/www/ip', } -~~~ +``` It is also possible to configure more than one IP address per vhost by using an array of IP addresses for the [`ip`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'ip.example.com': ip => ['127.0.0.1','169.254.1.1'], port => '80', docroot => '/var/www/ip', } -~~~ +``` To configure a virtual host with [aliased servers][], refer to the aliases using the [`serveraliases`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'aliases.example.com': serveraliases => [ 'aliases.example.org', @@ -429,11 +428,11 @@ apache::vhost { 'aliases.example.com': port => '80', docroot => '/var/www/aliases', } -~~~ +``` To set up a virtual host with a wildcard alias for the subdomain mapped to a same-named directory, such as 'http://example.com.loc' mapped to `/var/www/example.com`, define the wildcard alias using the [`serveraliases`][] parameter and the document root with the [`virtual_docroot`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'subdomain.loc': vhost_name => '*', port => '80', @@ -441,11 +440,11 @@ apache::vhost { 'subdomain.loc': docroot => '/var/www', serveraliases => ['*.loc',], } -~~~ +``` To configure a virtual host with [filter rules][], pass the filter directives as an [array][] using the [`filters`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'subdomain.loc': port => '80', filters => [ @@ -456,13 +455,13 @@ apache::vhost { 'subdomain.loc': ], docroot => '/var/www/html', } -~~~ +``` #### Configuring virtual hosts for apps and processors To set up a virtual host with [suPHP][], use the [`suphp_engine`][] parameter to enable the suPHP engine, [`suphp_addhandler`][] parameter to define a MIME type, [`suphp_configpath`][] to set which path suPHP passes to the PHP interpreter, and the [`directory`][] parameter to configure Directory, File, and Location directive blocks: -~~~ puppet +``` puppet apache::vhost { 'suphp.example.com': port => '80', docroot => '/home/appuser/myphpapp', @@ -478,11 +477,11 @@ apache::vhost { 'suphp.example.com': }, ], } -~~~ +``` You can use a set of parameters to configure a virtual host to use the [Web Server Gateway Interface][] (WSGI) for [Python][] applications: -~~~ puppet +``` puppet apache::vhost { 'wsgi.example.com': port => '80', docroot => '/var/www/pythonapp', @@ -501,53 +500,53 @@ apache::vhost { 'wsgi.example.com': wsgi_process_group => 'wsgi', wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, } -~~~ +``` Starting in Apache 2.2.16, Apache supports [FallbackResource][], a simple replacement for common RewriteRules. You can set a FallbackResource using the [`fallbackresource`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'wordpress.example.com': port => '80', docroot => '/var/www/wordpress', fallbackresource => '/index.php', } -~~~ +``` **Note**: The `fallbackresource` parameter only supports the 'disabled' value since Apache 2.2.24. To configure a virtual host with a designated directory for [Common Gateway Interface][] (CGI) files, use the [`scriptalias`][] parameter to define the `cgi-bin` path: -~~~ puppet +``` puppet apache::vhost { 'cgi.example.com': port => '80', docroot => '/var/www/cgi', scriptalias => '/usr/lib/cgi-bin', } -~~~ +``` To configure a virtual host for [Rack][], use the [`rack_base_uris`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'rack.example.com': port => '80', docroot => '/var/www/rack', rack_base_uris => ['/rackapp1', '/rackapp2'], } -~~~ +``` #### Configuring IP-based virtual hosts You can configure [IP-based virtual hosts][] to listen on any port and have them respond to requests on specific IP addresses. In this example, we set the server to listen on ports 80 and 81 because the example virtual hosts are _not_ declared with a [`port`][] parameter: -~~~ puppet +``` puppet apache::listen { '80': } apache::listen { '81': } -~~~ +``` Then we configure the IP-based virtual hosts with the [`ip_based`][] parameter: -~~~ puppet +``` puppet apache::vhost { 'first.example.com': ip => '10.0.0.10', docroot => '/var/www/first', @@ -559,11 +558,11 @@ apache::vhost { 'second.example.com': docroot => '/var/www/second', ip_based => true, } -~~~ +``` You can also configure a mix of IP- and [name-based virtual hosts][], and in any combination of [SSL][SSL encryption] and unencrypted configurations. First, we add two IP-based virtual hosts on an IP address (in this example, 10.0.0.10). One uses SSL and the other is unencrypted: -~~~ puppet +``` puppet apache::vhost { 'The first IP-based virtual host, non-ssl': servername => 'first.example.com', ip => '10.0.0.10', @@ -580,11 +579,11 @@ apache::vhost { 'The first IP-based vhost, ssl': docroot => '/var/www/first-ssl', ssl => true, } -~~~ +``` Next, we add two name-based virtual hosts listening on a second IP address (10.0.0.20): -~~~ puppet +``` puppet apache::vhost { 'second.example.com': ip => '10.0.0.20', port => '80', @@ -596,11 +595,11 @@ apache::vhost { 'third.example.com': port => '80', docroot => '/var/www/third', } -~~~ +``` To add name-based virtual hosts that answer on either 10.0.0.10 or 10.0.0.20, you **must** set the [`add_listen`][] parameter to 'false' to disable the default Apache setting of `Listen 80`, as it conflicts with the preceding IP-based virtual hosts. -~~~ puppet +``` puppet apache::vhost { 'fourth.example.com': port => '80', docroot => '/var/www/fourth', @@ -612,7 +611,7 @@ apache::vhost { 'fifth.example.com': docroot => '/var/www/fifth', add_listen => false, } -~~~ +``` ### Installing Apache modules @@ -627,17 +626,17 @@ The Puppet apache module supports installing many common [Apache modules][], oft For example, you can install the `mod_ssl` Apache module with default settings by declaring the [`apache::mod::ssl`][] class: -~~~ puppet +``` puppet class { 'apache::mod::ssl': } -~~~ +``` [`apache::mod::ssl`][] has several parameterized options that you can set when declaring it. For instance, to enable `mod_ssl` with compression enabled, set the [`ssl_compression`][] parameter to 'true': -~~~ puppet +``` puppet class { 'apache::mod::ssl': ssl_compression => true, } -~~~ +``` Note that some modules have prerequisites, which are documented in their references under [`apache::mod::`][]. @@ -645,11 +644,11 @@ Note that some modules have prerequisites, which are documented in their referen You can pass the name of any module that your operating system's package manager can install to the [`apache::mod`][] define to install it. Unlike the specific-module classes, the [`apache::mod`][] define doesn't tailor the installation based on other installed modules or with specific parameters---Puppet only grabs and installs the module's package, leaving detailed configuration up to you. -For example, to install the [`mod_authnz_external`][] Apache module, declare the define with the 'mod_authnz_external' name: +For example, to install the [`mod_authnz_external`][] Apache module, declare the define with the 'mod\_authnz\_external' name: -~~~ puppet +``` puppet apache::mod { 'mod_authnz_external': } -~~~ +``` There's several optional parameters you can specify when defining Apache modules this way. See the [define's reference][`apache::mod`] for details. @@ -657,7 +656,7 @@ There's several optional parameters you can specify when defining Apache modules Add the [`apache::fastcgi::server`][] define to allow [FastCGI][] servers to handle requests for specific files. For example, the following defines a FastCGI server at 127.0.0.1 (localhost) on port 9000 to handle PHP requests: -~~~ puppet +``` puppet apache::fastcgi::server { 'php': host => '127.0.0.1:9000', timeout => 15, @@ -666,17 +665,17 @@ apache::fastcgi::server { 'php': fcgi_alias => '/php.fcgi', file_type => 'application/x-httpd-php' } -~~~ +``` You can then use the [`custom_fragment`] parameter to configure the virtual host to have the FastCGI server handle the specified file type: -~~~ puppet +``` puppet apache::vhost { 'www': ... custom_fragment => 'AddType application/x-httpd-php .php' ... } -~~~ +``` ### Load balancing examples @@ -684,23 +683,23 @@ Apache supports load balancing across groups of servers through the [`mod_proxy` To enable load balancing with [exported resources][], export the [`apache::balancermember`][] define from the load balancer member server: -~~~ puppet +``` puppet @@apache::balancermember { "${::fqdn}-puppet00": balancer_cluster => 'puppet00', url => "ajp://${::fqdn}:8009", options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], } -~~~ +``` Then, on the proxy server, create the load balancing group: -~~~ puppet +``` puppet apache::balancer { 'puppet00': } -~~~ +``` To enable load balancing without exporting resources, declare the following on the proxy server: -~~~ puppet +``` puppet apache::balancer { 'puppet00': } apache::balancermember { "${::fqdn}-puppet00": @@ -708,26 +707,26 @@ apache::balancermember { "${::fqdn}-puppet00": url => "ajp://${::fqdn}:8009", options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], } -~~~ +``` Then declare the `apache::balancer` and `apache::balancermember` defines on the proxy server. If you need to use the [ProxySet](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset) directive on the balancer, use the [`proxy_set`](#proxy_set) parameter of `apache::balancer`: -~~~ puppet +``` puppet apache::balancer { 'puppet01': proxy_set => { 'stickysession' => 'JSESSIONID', }, } -~~~ +``` ## Reference - [**Public Classes**](#public-classes) - [Class: apache](#class-apache) - [Class: apache::dev](#class-apachedev) - - [Classes: apache::mod::*](#classes-apachemodname) + - [Classes: apache::mod::\*](#classes-apachemodname) - [**Private Classes**](#private-classes) - [Class: apache::confd::no_accf](#class-apacheconfdno_accf) - [Class: apache::default_confd_files](#class-apachedefault_confd_files) @@ -763,15 +762,15 @@ When this class is declared with the default options, Puppet: - Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system. - Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system. -- Configures the server with a default virtual host and standard port ('80') and address ('*') bindings. +- Configures the server with a default virtual host and standard port ('80') and address ('\*') bindings. - Creates a document root directory determined by your operating system, typically `/var/www`. - Starts the Apache service. You can simply declare the default `apache` class: -~~~ puppet +``` puppet class { 'apache': } -~~~ +``` You can establish a default virtual host in this class, by using the [`apache::vhost`][] define, or both. You can also configure additional specific virtual hosts with the [`apache::vhost`][] define. Puppet recommends customizing the `apache` class's declaration with the following parameters, as its default settings are not optimized for production. @@ -885,7 +884,7 @@ Configures a default [SSL][SSL encryption] virtual host. Valid options: Boolean. If 'true', Puppet automatically configures the following virtual host using the [`apache::vhost`][] define: -~~~ puppet +``` puppet apache::vhost { 'default-ssl': port => 443, ssl => true, @@ -894,7 +893,7 @@ apache::vhost { 'default-ssl': serveradmin => $serveradmin, access_log_file => "ssl_${access_log_file}", } -~~~ +``` **Note**: SSL virtual hosts only respond to HTTPS queries. @@ -914,13 +913,13 @@ Configures a specific dev package to use. Valid options: String. Default: 'OS d Example for using httpd 2.4 from the IUS yum repo: -~~~ puppet +``` puppet include ::apache::dev class { 'apache': apache_name => 'httpd24u', dev_packages => 'httpd24u-devel', } -~~~ +``` ##### `docroot` @@ -992,19 +991,19 @@ Changes the error log's verbosity. Valid options: 'alert', 'crit', 'debug', 'eme Define additional [`LogFormat`][] directives. Valid options: A [Hash][], such as: -~~~ puppet +``` puppet $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' } -~~~ +``` There are a number of predefined `LogFormats` in the `httpd.conf` that Puppet creates: -~~~ httpd +``` httpd LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded -~~~ +``` If your `log_formats` parameter contains one of those, it will be overwritten with **your** definition. @@ -1160,6 +1159,14 @@ Controls how Apache handles `TRACE` requests (per [RFC 2616][]) via the [`TraceE Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom built rpms. This can either be 'true' or 'false, defaults to 'true'. +##### `file_mode` + +The desired permissions mode for config files, in symbolic or numeric notation. This value must be a string. Defaults to '0644'. + +##### `root_directory_options` + +Array of the desired options for the / directory in httpd.conf. Defaults to 'FollowSymLinks'. + ##### `vhost_dir` Changes your virtual host configuration files' location. Default: determined by your operating system. @@ -1171,13 +1178,12 @@ Changes your virtual host configuration files' location. Default: determined by ##### `vhost_include_pattern` -Defines the pattern for files included from the `vhost_dir`. This defaults to '*', also for BC with previous versions of this module. +Defines the pattern for files included from the `vhost_dir`. This defaults to '\*', also for BC with previous versions of this module. However, you may want to set this to a value like '[^.#]\*.conf[^~]' to make sure files accidentally created in this directory (from version control systems, editor backups or the like) are *not* included in your server configuration. -A value of '*.conf' is what is shipped by some operating systems. Also note that this module will, by default, create config files ending -in '.conf'. +A value of '\*.conf' is what is shipped by some operating systems. Also note that this module will, by default, create config files ending in '.conf'. ##### `user` @@ -1221,23 +1227,23 @@ The default value is determined by your operating system: Enables specific [Apache modules][]. You can enable and configure an Apache module by declaring its class. For example, to install and enable [`mod_alias`][] with no icons, you can declare the [`apache::mod::alias`][] class with the `icons_options` parameter set to 'None': -~~~ puppet +``` puppet class { 'apache::mod::alias': icons_options => 'None', } -~~~ +``` The following Apache modules have supported classes, many of which allow for parameterized configuration. You can install other Apache modules with the [`apache::mod`][] define. * `actions` * `alias` (see [`apache::mod::alias`][]) * `auth_basic` -* `auth_cas`* (see [`apache::mod::auth_cas`][]) -* `auth_mellon`* (see [`apache::mod::auth_mellon`][]) +* `auth_cas`\* (see [`apache::mod::auth_cas`][]) +* `auth_mellon`\* (see [`apache::mod::auth_mellon`][]) * `auth_kerb` * `authn_core` * `authn_file` -* `authnz_ldap`* +* `authnz_ldap`\* * `authz_default` * `authz_user` * `autoindex` @@ -1246,10 +1252,10 @@ The following Apache modules have supported classes, many of which allow for par * `cgid` * `dav` * `dav_fs` -* `dav_svn`* -* `deflate` +* `dav_svn`\* +* `deflate\` * `dev` -* `dir`* +* `dir`\* * `disk_cache` (see [`apache::mod::disk_cache`][]) * `event` (see [`apache::mod::event`][]) * `expires` @@ -1260,40 +1266,40 @@ The following Apache modules have supported classes, many of which allow for par * `geoip` (see [`apache::mod::geoip`][]) * `headers` * `include` -* `info`* +* `info`\* * `itk` * `ldap` * `mime` -* `mime_magic`* +* `mime_magic`\* * `negotiation` -* `nss`* +* `nss`\* * `pagespeed` (see [`apache::mod::pagespeed`][]) -* `passenger`* (see [`apache::mod::passenger`][]) +* `passenger`\* (see [`apache::mod::passenger`][]) * `perl` * `peruser` * `php` (requires [`mpm_module`][] set to `prefork`) -* `prefork`* -* `proxy`* +* `prefork`\* +* `proxy`\* * `proxy_ajp` * `proxy_balancer` -* `proxy_html` +* `proxy_html` (see [`apache::mod::proxy_html`][]) * `proxy_http` * `python` * `reqtimeout` -* `remoteip`* +* `remoteip`\* * `rewrite` -* `rpaf`* +* `rpaf`\* * `setenvif` * `security` -* `shib`* (see [`apache::mod::shib`]) +* `shib`\* (see [`apache::mod::shib`]) * `speling` -* `ssl`* (see [`apache::mod::ssl`][]) -* `status`* (see [`apache::mod::status`][]) +* `ssl`\* (see [`apache::mod::ssl`][]) +* `status`\* (see [`apache::mod::status`][]) * `suphp` -* `userdir`* +* `userdir`\* * `version` * `vhost_alias` -* `worker`* +* `worker`\* * `wsgi` (see [`apache::mod::wsgi`][]) * `xsendfile` @@ -1324,11 +1330,11 @@ Installs and configures [`mod_disk_cache`][] on Apache 2.2, or [`mod_cache_disk` You can specify the cache root by passing a path as a string to the `cache_root` parameter. -~~~ puppet +``` puppet class {'::apache::mod::disk_cache': cache_root => '/path/to/cache', } -~~~ +``` ##### Class: `apache::mod::event` @@ -1351,6 +1357,8 @@ Installs and manages [`mod_auth_cas`][]. Its parameters share names with the Apa The `cas_login_url` and `cas_validate_url` parameters are required; several other parameters have 'undef' default values. +**Note**: The auth\_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL. See [https://github.com/Jasig/mod_auth_cas]() + **Parameters within `apache::mod::auth_cas`**: - `cas_authoritative`: Determines whether an optional authorization directive is authoritative and binding. Default: 'undef'. @@ -1372,11 +1380,11 @@ The `cas_login_url` and `cas_validate_url` parameters are required; several othe Installs and manages [`mod_auth_mellon`][]. Its parameters share names with the Apache module's directives. -~~~ puppet +``` puppet class{ 'apache::mod::auth_mellon': mellon_cache_size => 101, } -~~~ +``` **Parameters within `apache::mod::auth_mellon`**: @@ -1411,14 +1419,14 @@ Installs [`mod_expires`][] and uses the `expires.conf.erb` template to generate Installs and configures [`mod_ext_filter`][]. -~~~ puppet +``` puppet class { 'apache::mod::ext_filter': ext_filter_define => { 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength', 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"', }, } -~~~ +``` **Parameters within `apache::mod::ext_filter`**: @@ -1430,7 +1438,7 @@ Installs and configures [`mod_fcgid`][]. The class makes no effort to individually parameterize all available options. Instead, configure `mod_fcgid` using the `options` [hash][]. For example: -~~~ puppet +``` puppet class { 'apache::mod::fcgid': options => { 'FcgidIPCDir' => '/var/run/fcgidsock', @@ -1438,13 +1446,13 @@ class { 'apache::mod::fcgid': 'AddHandler' => 'fcgid-script .fcgi', }, } -~~~ +``` For a full list of options, see the [official `mod_fcgid` documentation][`mod_fcgid`]. If you include `apache::mod::fcgid`, you can set the [`FcgidWrapper`][] per directory, per virtual host. The module must be loaded first; Puppet will not automatically enable it if you set the `fcgiwrapper` parameter in `apache::vhost`. -~~~ puppet +``` puppet include apache::mod::fcgid apache::vhost { 'example.org': @@ -1456,7 +1464,7 @@ apache::vhost { 'example.org': } }, } -~~~ +``` ##### Class: `apache::mod::geoip` @@ -1500,17 +1508,27 @@ Installs and manages [`mod_passenger`][]. Installs and configures [`mod_ldap`][]. Allows you to modify the [`LDAPTrustedGlobalCert`](https://httpd.apache.org/docs/2.2/mod/mod_ldap.html#ldaptrustedglobalcert) Directive: -~~~puppet +```puppet class { 'apache::mod::ldap': ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt' ldap_trusted_global_cert_type => 'CA_DER', + ldap_shared_cache_size => '500000', + ldap_cache_entries => '1024', + ldap_cache_ttl => '600', + ldap_opcache_entries => '1024', + ldap_opcache_ttl => '600', } -~~~ +``` **Parameters within `apache::mod::ldap`:** - `ldap_trusted_global_cert_file`: Path and file name of the trusted CA certificates to use when establishing SSL or TLS connections to an LDAP server. - `ldap_trusted_global_cert_type`: The global trust certificate format. Defaults to 'CA_BASE64'. +- `ldap_shared_cache_size`: Size in bytes of the shared-memory cache. +- `ldap_cache_entries`: Maximum number of entries in the primary LDAP cache. +- `ldap_cache_ttl`: Time that cached items remain valid. +- `ldap_opcache_entries`: Number of entries used to cache LDAP compare operations. +- `ldap_opcache_ttl`: Time that entries in the operation cache remain valid. ##### Class: `apache::mod::negotiation` @@ -1531,7 +1549,7 @@ While this Apache module requires the `mod-pagespeed-stable` package, Puppet **d - `inherit_vhost_config`: Default: 'on'. - `filter_xhtml`: Default: false. -- `cache_path`: Default: '/var/cache/mod_pagespeed/'. +- `cache_path`: Default: '/var/cache/mod\_pagespeed/'. - `log_dir`: Default: '/var/log/pagespeed'. - `memcache_servers`: Default: []. - `rewrite_level`: Default: 'CoreFilters'. @@ -1565,6 +1583,18 @@ While this Apache module requires the `mod-pagespeed-stable` package, Puppet **d The class's parameters correspond to the module's directives. See the [module's documentation][`mod_pagespeed`] for details. +##### Class: `apache::mod::passenger` + +Installs and configures mod\_passenger + +**Parameters within `apache::mod::passenger`**: + +- `manage_repo`: Manage phusionpassenger.com repository. Default: true. + +TODO: The parameters section is incomplete. + +**Note**: The passenger module isn't available on RH/CentOS without providing dependency packages provided by EPEL and mod\_passengers own custom repository. See the `manage_repo` parameter above and [https://www.phusionpassenger.com/library/install/apache/install/oss/el7/]() + ##### Class: `apache::mod::php` Installs and configures [`mod_php`][]. @@ -1581,6 +1611,10 @@ Default values depend on your operating system. - `template`: Defines the path to the `php.conf` template Puppet uses to generate the configuration file. - `content`: Adds arbitrary content to `php.conf`. +##### Class: `apache::mod::proxy_html` + +**Note**: There is no official package available for mod\_proxy\_html and thus it must be made available by means outside of the control of the apache module. + ##### Class: `apache::mod::reqtimeout` Installs and configures [`mod_reqtimeout`][]. @@ -1595,6 +1629,8 @@ Installs the [Shibboleth](http://shibboleth.net/) Apache module `mod_shib`, whic Defining this class enables Shibboleth-specific parameters in `apache::vhost` instances. +**Note**: The shibboleth module isn't available on RH/CentOS without providing dependency packages provided by Shibboleth's repositories. See [http://wiki.aaf.edu.au/tech-info/sp-install-guide]() + ##### Class: `apache::mod::ssl` Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template to generate its configuration. @@ -1641,10 +1677,12 @@ Installs and configures Trustwave's [`mod_security`][]. It is enabled and runs b - `content_types`: A list of one or more allowed [MIME types][MIME `content-type`]. Default: 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf' - `crs_package`: Names the package that installs CRS rules. Default: `modsec_crs_package` in [`apache::params`][]. - `modsec_dir`: Defines the path where Puppet installs the modsec configuration and activated rules links. Default: 'On', set by `modsec_dir` in [`apache::params`][]. -${modsec_dir}/activated_rules. +${modsec\_dir}/activated\_rules. - `modsec_secruleengine`: Configures the modsec rules engine. Valid options: 'On', 'Off', and 'DetectionOnly'. Default: `modsec_secruleengine` in [`apache::params`][]. - `restricted_extensions`: A space-separated list of prohibited file extensions. Default: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'. - `restricted_headers`: A list of restricted headers separated by slashes and spaces. Default: 'Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'. +- `secpcrematchlimit`: Sets the number for the match limit in the PCRE library. Default: '1500' +- `secpcrematchlimitrecursion`: Sets the number for the match limit recursion in the PCRE library. Default: '1500' ##### Class: `apache::mod::wsgi` @@ -1658,7 +1696,7 @@ Otherwise, Puppet follows it literally. - `package_name`: Names the package that installs `mod_wsgi`. Default: undef. - `wsgi_python_home`: Defines the [`WSGIPythonHome`][] directive, such as '/path/to/venv'. Valid options: path. Default: undef. - `wsgi_python_path`: Defines the [`WSGIPythonPath`][] directive, such as '/path/to/venv/site-packages'. Valid options: path. Default: undef. -- `wsgi_socket_prefix`: Defines the [`WSGISocketPrefix`][] directive, such as "\${APACHE_RUN_DIR}WSGI". Default: `wsgi_socket_prefix` in [`apache::params`][]. +- `wsgi_socket_prefix`: Defines the [`WSGISocketPrefix`][] directive, such as "\${APACHE\_RUN\_DIR}WSGI". Default: `wsgi_socket_prefix` in [`apache::params`][]. The class's parameters correspond to the module's directives. See the [module's documentation][`mod_wsgi`] for details. @@ -1750,7 +1788,7 @@ Specifies whether the configuration file should be present. Valid options: 'abse ##### `confdir` -Sets the directory in which Puppet places configuration files. Default: '$::apache::confd_dir'. +Sets the directory in which Puppet places configuration files. Default: '$::apache::confd\_dir'. ##### `content` @@ -1812,7 +1850,7 @@ Sets the [MIME `content-type`][] of the file to be processed by the FastCGI serv #### Define: `apache::listen` -Adds [`Listen`][] directives to `ports.conf` in the Apache configuration directory that define the Apache server's or a virtual host's listening address and port. The [`apache::vhost`][] class uses this define, and titles take the form '', ':', or ':'. +Adds [`Listen`][] directives to `ports.conf` in the Apache configuration directory that define the Apache server's or a virtual host's listening address and port. The [`apache::vhost`][] class uses this define, and titles take the form '\', '\:\', or '\:\'. #### Define: `apache::mod` @@ -1852,7 +1890,7 @@ Specifies a path to the module. Default: [`lib_path`][]/[`lib`][]. Don't manuall #### Define: `apache::namevirtualhost` -Enables [name-based virtual hosts][] and adds all related directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles can take the forms '\*', '*:', '\_default_:, '', or ':'. +Enables [name-based virtual hosts][] and adds all related directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles can take the forms '\*', '\*:\', '\_default\_:\, '\', or '\:\'. #### Define: `apache::vhost` @@ -1876,7 +1914,7 @@ Specifies that only requests with particular environment variables be logged. De ##### `access_log_file` -Sets the filename of the `*_access.log` placed in [`logroot`][]. Given a virtual host---for instance, example.com---it defaults to 'example.com_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com_access.log' for unencrypted virtual hosts. +Sets the filename of the `*_access.log` placed in [`logroot`][]. Given a virtual host---for instance, example.com---it defaults to 'example.com\_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com\_access.log' for unencrypted virtual hosts. ##### `access_log_format` @@ -1914,7 +1952,7 @@ Passes a list of [Hashes][Hash] to the virtual host to create [`Alias`][], [`Ali For example: -~~~ puppet +``` puppet aliases => [ { aliasmatch => '^/image/(.*)\.jpg$', path => '/files/jpg.images/$1.jpg', @@ -1932,7 +1970,7 @@ aliases => [ path => '/usr/share/nagios/html', }, ], -~~~ +``` For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs a corresponding context, such as `` or ``. Puppet creates the directives in the order specified in the `aliases` parameter. As described in the [`mod_alias`][] documentation, add more specific `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more general ones to avoid shadowing. @@ -1992,7 +2030,7 @@ Specifies whether `*_error.log` directives should be configured. Defaults to 'tr ##### `error_log_file` -Points to the `*_error.log` file. Given a vhost, example.com, it defaults to 'example.com_ssl_error.log' for SSL vhosts and 'example.com_access_error.log' for non-SSL vhosts. +Points to the `*_error.log` file. Given a vhost, example.com, it defaults to 'example.com\_ssl\_error.log' for SSL vhosts and 'example.com_access_error.log' for non-SSL vhosts. ##### `error_log_pipe` @@ -2006,14 +2044,14 @@ Sends all error log messages to syslog. Defaults to 'undef'. A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for this vhost. Defaults to '[]'. Example: -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': error_documents => [ { 'error_code' => '503', 'document' => '/service-unavail' }, { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' }, ], } -~~~ +``` ##### `ensure` @@ -2027,7 +2065,7 @@ Sets the [FallbackResource](http://httpd.apache.org/docs/current/mod/mod_dir.htm [Filters](http://httpd.apache.org/docs/2.2/mod/mod_filter.html) enable smart, context-sensitive configuration of output content filters. -~~~ puppet +``` puppet apache::vhost { "$::fqdn": filters => [ 'FilterDeclare COMPRESS', @@ -2036,7 +2074,7 @@ Sets the [FallbackResource](http://httpd.apache.org/docs/current/mod/mod_dir.htm 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', ], } -~~~ +``` ##### `force_type` @@ -2068,7 +2106,7 @@ Configures [ITK](http://mpm-itk.sesse.net/) in a hash. Keys can be: Usage typically looks like: -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', itk => { @@ -2076,7 +2114,7 @@ apache::vhost { 'sample.example.net': group => 'somegroup', }, } -~~~ +``` ##### `auth_kerb` @@ -2084,7 +2122,7 @@ Enable [`mod_auth_kerb`][] parameters for a virtual host. Valid values are 'true Usage typically looks like: -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': auth_kerb => true, krb_method_negotiate => 'on', @@ -2097,7 +2135,7 @@ apache::vhost { 'sample.example.net': auth_require => 'valid-user', }, } -~~~ +``` Related parameters follow the names of `mod_auth_kerb` directives: @@ -2122,7 +2160,7 @@ This option enables credential saving functionality. Default is 'off' ##### `logroot` -Specifies the location of the virtual host's logfiles. Defaults to '/var/log//'. +Specifies the location of the virtual host's logfiles. Defaults to '/var/log/\/'. ##### `$logroot_ensure` @@ -2133,6 +2171,14 @@ Determines whether or not to remove the logroot directory for a virtual host. Va Overrides the mode the logroot directory is set to. Defaults to undef. Do NOT give people write access to the directory the logs are stored in without being aware of the consequences; see http://httpd.apache.org/docs/2.4/logs.html#security for details. +##### `logroot_owner` + +Sets individual user access to the logroot directory. Defaults to 'undef'. + +##### `logroot_group` + +Sets group access to the [`logroot`][] directory. Defaults to 'undef'. + ##### `log_level` Specifies the verbosity of the error log. Defaults to 'warn' for the global server configuration and can be overridden on a per-vhost basis. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'. @@ -2149,17 +2195,17 @@ Boolean. Only valid if apache::mod::security is included. Used to disable mod_ Array of mod_security IDs to remove from the vhost. Also takes a hash allowing removal of an ID from a specific location. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': modsec_disable_ids => [ 90015, 90016 ], } -~~~ +``` -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': modsec_disable_ids => { '/location1' => [ 90015, 90016 ] }, } -~~~ +``` ###### `modsec_disable_ips` @@ -2187,12 +2233,12 @@ Sets the [ProxyErrorOverride Directive](http://httpd.apache.org/docs/current/mod Sets the [`Options`][] for the specified virtual host. Default: ['Indexes','FollowSymLinks','MultiViews'], as demonstrated below: -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … options => ['Indexes','FollowSymLinks','MultiViews'], } -~~~ +``` **Note**: If you use the [`directories`][] parameter of [`apache::vhost`][], 'Options', 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`. @@ -2258,7 +2304,7 @@ Specifies the destination address of a [ProxyPass](http://httpd.apache.org/docs/ Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. Optionally parameters and location options can be added as an array. -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … proxy_pass => [ @@ -2279,7 +2325,7 @@ apache::vhost { 'site.name.fdqn': 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], }, ], } -~~~ +``` `reverse_urls` is optional and can be an array or a string. It is useful when used with `mod_proxy_balancer`. `reverse_cookies` is optional and is used to set ProxyPassReverseCookiePath and/or ProxyPassReverseCookieDomain. @@ -2300,11 +2346,11 @@ This directive is equivalent to proxy_pass, but takes regular expressions, see [ ##### `rack_base_uris` -Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Defaults to 'undef'. +Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the \_rack.erb template. Defaults to 'undef'. #####`passenger_base_uris` -Used to specify that the given URI is a Phusion Passenger-served application. The file paths specified are listed as passenger application roots for [Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI) in the _passenger_base_uris.erb template. Defaults to 'undef'. +Used to specify that the given URI is a Phusion Passenger-served application. The file paths specified are listed as passenger application roots for [Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI) in the \_passenger\_base\_uris.erb template. Defaults to 'undef'. ##### `redirect_dest` @@ -2314,43 +2360,43 @@ Specifies the address to redirect to. Defaults to 'undef'. Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … redirect_source => ['/images','/downloads'], redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], } -~~~ +``` ##### `redirect_status` Specifies the status to append to the redirect. Defaults to 'undef'. -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … redirect_status => ['temp','permanent'], } -~~~ +``` ##### `redirectmatch_regexp` & `redirectmatch_status` & `redirectmatch_dest` Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays. Defaults to 'undef'. -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … redirectmatch_status => ['404','404'], redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], redirectmatch_dest => ['http://www.example.com/1','http://www.example.com/2'], } -~~~ +``` ##### `request_headers` Modifies collected [request headers](http://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, etc. Defaults to 'undef'. -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … request_headers => [ @@ -2358,23 +2404,23 @@ apache::vhost { 'site.name.fdqn': 'unset MirrorID', ], } -~~~ +``` ##### `rewrites` Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'. Defaults to 'undef'. For example, you can specify that anyone trying to access index.html is served welcome.html -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] } -~~~ +``` The parameter allows rewrite conditions that, when true, execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ @@ -2385,11 +2431,11 @@ apache::vhost { 'site.name.fdqn': }, ], } -~~~ +``` You can also apply multiple conditions. For instance, rewrite index.html to welcome.html only when the browser is Lynx or Mozilla (version 1 or 2) -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ @@ -2400,11 +2446,11 @@ apache::vhost { 'site.name.fdqn': }, ], } -~~~ +``` Multiple rewrites and conditions are also possible -~~~ puppet +``` puppet apache::vhost { 'site.name.fdqn': … rewrites => [ @@ -2429,7 +2475,7 @@ apache::vhost { 'site.name.fdqn': }, ], } -~~~ +``` Refer to the [`mod_rewrite` documentation](http://httpd.apache.org/docs/current/mod/mod_rewrite.html) for more details on what is possible with rewrite rules and conditions. @@ -2443,7 +2489,7 @@ Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', for exa Passes an array of hashes to the vhost to create either ScriptAlias or ScriptAliasMatch statements per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). -~~~ puppet +``` puppet scriptaliases => [ { alias => '/myscript', @@ -2462,7 +2508,7 @@ scriptaliases => [ path => '/usr/share/neatscript', }, ] -~~~ +``` The ScriptAlias and ScriptAliasMatch directives are created in the order specified. As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases before more general ones to avoid shadowing. @@ -2484,11 +2530,11 @@ Used by HTTPD to set environment variables for vhosts. Defaults to '[]'. Example: -~~~ puppet +``` puppet apache::vhost { 'setenv.example.com': setenv => ['SPECIAL_PATH /foo/bin'], } -~~~ +``` ##### `setenvif` @@ -2506,7 +2552,7 @@ Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file= To set up a virtual host with suPHP -~~~ puppet +``` puppet apache::vhost { 'suphp.example.com': port => '80', docroot => '/home/appuser/myphpapp', @@ -2517,17 +2563,17 @@ apache::vhost { 'suphp.example.com': 'suphp' => { user => 'myappuser', group => 'myappgroup' }, } } -~~~ +``` ##### `vhost_name` -Enables name-based virtual hosting. If no IP is passed to the virtual host, but the vhost is assigned a port, then the vhost name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the vhost name is set to the title of the resource. Defaults to '*'. +Enables name-based virtual hosting. If no IP is passed to the virtual host, but the vhost is assigned a port, then the vhost name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the vhost name is set to the title of the resource. Defaults to '\*'. ##### `virtual_docroot` Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. -~~~ puppet +``` puppet apache::vhost { 'subdomain.loc': vhost_name => '*', port => '80', @@ -2535,7 +2581,7 @@ apache::vhost { 'subdomain.loc': docroot => '/var/www', serveraliases => ['*.loc',], } -~~~ +``` ##### `wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, `wsgi_script_aliases`, & `wsgi_pass_authorization` @@ -2555,7 +2601,7 @@ Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). To set up a virtual host with WSGI -~~~ puppet +``` puppet apache::vhost { 'wsgi.example.com': port => '80', docroot => '/var/www/pythonapp', @@ -2569,11 +2615,11 @@ apache::vhost { 'wsgi.example.com': wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, wsgi_chunked_request => 'On', } -~~~ +``` #### Parameter `directories` for `apache::vhost` -The `directories` parameter within the `apache::vhost` class passes an array of hashes to the vhost to create [Directory](http://httpd.apache.org/docs/current/mod/core.html#directory), [File](http://httpd.apache.org/docs/current/mod/core.html#files), and [Location](http://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '< Directory /path/to/directory>...< /Directory>'. +The `directories` parameter within the `apache::vhost` class passes an array of hashes to the vhost to create [Directory](http://httpd.apache.org/docs/current/mod/core.html#directory), [File](http://httpd.apache.org/docs/current/mod/core.html#files), and [Location](http://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '\< Directory /path/to/directory\>...\'. The `path` key sets the path for the directory, files, and location blocks. Its value must be a path for the 'directory', 'files', and 'location' providers, or a regex for the 'directorymatch', 'filesmatch', or 'locationmatch' providers. Each hash passed to `directories` **must** contain `path` as one of the keys. @@ -2581,7 +2627,7 @@ The `provider` key is optional. If missing, this key defaults to 'directory'. Va General `directories` usage looks something like -~~~ puppet +``` puppet apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => [ @@ -2591,18 +2637,18 @@ apache::vhost { 'files.example.net': }, ], } -~~~ +``` *Note:* At least one directory should match the `docroot` parameter. After you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block is created that matches the `docroot` parameter. Available handlers, represented as keys, should be placed within the `directory`, `files`, or `location` hashes. This looks like -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', handler => value } ], } -~~~ +``` Any handlers you do not set in these hashes are considered 'undefined' within Puppet and are not added to the virtual host, resulting in the module using their default values. Supported handlers are: @@ -2610,7 +2656,7 @@ Any handlers you do not set in these hashes are considered 'undefined' within Pu Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2619,13 +2665,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `allow` Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2634,13 +2680,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `allow_override` Sets the types of directives allowed in [.htaccess](http://httpd.apache.org/docs/current/mod/core.html#allowoverride) files. Accepts an array. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2649,7 +2695,7 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `auth_basic_authoritative` @@ -2711,7 +2757,7 @@ Sets the value for [AuthUserFile](http://httpd.apache.org/docs/current/mod/mod_a Pass a string of custom configuration directives to be placed at the end of the directory configuration. -~~~ puppet +``` puppet apache::vhost { 'monitor': … directories => [ @@ -2732,13 +2778,13 @@ Pass a string of custom configuration directives to be placed at the end of the }, ] } -~~~ +``` ###### `deny` Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2747,13 +2793,13 @@ Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) dir }, ], } -~~~ +``` ###### `error_documents` An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': directories => [ { path => '/srv/www', @@ -2765,14 +2811,14 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `ext_filter_options` Sets the [ExtFilterOptions](https://httpd.apache.org/docs/current/mod/mod_ext_filter.html) directive. Note that you must declare `class { 'apache::mod::ext_filter': }` before using this directive. -~~~ puppet +``` puppet apache::vhost { 'filter.example.org': docroot => '/var/www/filter', directories => [ @@ -2781,14 +2827,14 @@ apache::vhost { 'filter.example.org': }, ], } -~~~ +``` ###### `geoip_enable` Sets the [GeoIPEnable](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Configuration) directive. Note that you must declare `class {'apache::mod::geoip': }` before using this directive. -~~~ puppet +``` puppet apache::vhost { 'first.example.com': docroot => '/var/www/first', directories => [ @@ -2797,13 +2843,13 @@ apache::vhost { 'first.example.com': }, ], } -~~~ +``` ###### `headers` Adds lines for [Header](http://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => { @@ -2811,13 +2857,13 @@ apache::vhost { 'sample.example.net': headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', }, } -~~~ +``` ###### `index_options` Allows configuration settings for [directory indexing](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions). -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2828,13 +2874,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `index_order_default` Sets the [default ordering](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault) of the directory index. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2844,13 +2890,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `index_style_sheet` Sets the [IndexStyleSheet](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet), which adds a CSS stylesheet to the directory index. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2861,13 +2907,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `mellon_enable` Sets the [MellonEnable][`mod_auth_mellon`] directory to enable [`mod_auth_melon`][]. You can use [`apache::mod::auth_mellon`][] to install `mod_auth_mellon`. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2889,7 +2935,7 @@ apache::vhost { 'sample.example.net': }, ] } -~~~ +``` Related parameters follow the names of `mod_auth_melon` directives: @@ -2907,7 +2953,7 @@ to environment variables. Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2916,13 +2962,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `order` Sets the order of processing Allow and Deny statements as per [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2931,13 +2977,13 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` ###### `passenger_enabled` Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directive to 'on' or 'off'. Requires `apache::mod::passenger` to be included. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2946,7 +2992,7 @@ apache::vhost { 'sample.example.net': }, ], } -~~~ +``` **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. @@ -2964,7 +3010,7 @@ apache::vhost { 'sample.example.net': Sets a `Require` directive as per the [Apache Authz documentation](http://httpd.apache.org/docs/current/mod/mod_authz_core.html#require). If no `require` is set, it will default to `Require all granted`. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2973,11 +3019,11 @@ Sets a `Require` directive as per the [Apache Authz documentation](http://httpd. } ], } -~~~ +``` If `require` is set to `unmanaged` it will not be set at all. This is useful for complex authentication/authorization requirements which are handled in a custom fragment. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -2986,13 +3032,13 @@ If `require` is set to `unmanaged` it will not be set at all. This is useful for } ], } -~~~ +``` ###### `satisfy` Sets a `Satisfy` directive per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is deprecated due to a change in Apache and only works with Apache 2.2 and lower. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -3001,13 +3047,13 @@ apache::vhost { 'sample.example.net': } ], } -~~~ +``` ###### `sethandler` Sets a `SetHandler` directive per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#sethandler). -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ @@ -3016,13 +3062,13 @@ apache::vhost { 'sample.example.net': } ], } -~~~ +``` ###### `set_output_filter` Sets a `SetOutputFilter` directive per the [Apache Core documentation](http://httpd.apache.org/docs/current/mod/core.html#setoutputfilter). -~~~ puppet +``` puppet apache::vhost{ 'filter.example.net': docroot => '/path/to/directory', directories => [ @@ -3031,13 +3077,13 @@ apache::vhost{ 'filter.example.net': }, ], } -~~~ +``` ###### `rewrites` Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. -~~~ puppet +``` puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -3056,15 +3102,15 @@ apache::vhost { 'secure.example.net': }, ], } -~~~ +``` -***Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the vhost directories. +**Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the vhost directories. ###### `shib_request_setting` Allows a valid content setting to be set or altered for the application request. This command takes two parameters: the name of the content setting, and the value to set it to. Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. -~~~ puppet +``` puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -3074,7 +3120,7 @@ apache::vhost { 'secure.example.net': }, ], } -~~~ +``` ###### `shib_use_headers` @@ -3084,7 +3130,7 @@ When set to 'On', this turns on the use of request headers to publish attributes String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the vhost. -~~~ puppet +``` puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -3096,13 +3142,13 @@ apache::vhost { 'secure.example.net': }, ], } -~~~ +``` ###### `suphp` A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the vhost declaration, and can only be passed within `directories`. -~~~ puppet +``` puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ @@ -3114,7 +3160,7 @@ apache::vhost { 'secure.example.net': }, ], } -~~~ +``` #### SSL parameters for `apache::vhost` @@ -3170,25 +3216,25 @@ Specifies the SSL key. Defaults are based on your operating system: '/etc/pki/tl ##### `ssl_verify_client` -Sets the [SSLVerifyClient](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. Valid values are: 'none', 'optional', 'require', and 'optional_no_ca'. Defaults to 'undef'. +Sets the [SSLVerifyClient](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. Valid values are: 'none', 'optional', 'require', and 'optional\_no\_ca'. Defaults to 'undef'. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': … ssl_verify_client => 'optional', } -~~~ +``` ##### `ssl_verify_depth` Sets the [SSLVerifyDepth](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. Defaults to 'undef'. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': … ssl_verify_depth => 1, } -~~~ +``` ##### `ssl_proxy_verify` @@ -3198,12 +3244,12 @@ Sets the [SSLProxyVerify](http://httpd.apache.org/docs/current/mod/mod_ssl.html# Sets the [SSLProxyMachineCertificateFile](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) directive, which specifies an all-in-one file where you keep the certs and keys used for this server to authenticate itself to remote servers. This file should be a concatenation of the PEM-encoded certificate files in order of preference. Defaults to 'undef'. -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': … ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem', } -~~~ +``` ##### `ssl_proxy_check_peer_cn` @@ -3220,21 +3266,21 @@ Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslo A string: -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': … ssl_options => '+ExportCertData', } -~~~ +``` An array: -~~~ puppet +``` puppet apache::vhost { 'sample.example.net': … ssl_options => [ '+StrictRequire', '+ExportCertData' ], } -~~~ +``` ##### `ssl_openssl_conf_cmd` @@ -3246,13 +3292,13 @@ Specifies whether or not to use [SSLProxyEngine](http://httpd.apache.org/docs/cu ####Define: FastCGI Server -This type is intended for use with mod_fastcgi. It allows you to define one or more external FastCGI servers to handle specific file types. +This type is intended for use with mod\_fastcgi. It allows you to define one or more external FastCGI servers to handle specific file types. ** Note ** If using Ubuntu 10.04+, you'll need to manually enable the multiverse repository. Ex: -~~~ puppet +``` puppet apache::fastcgi::server { 'php': host => '127.0.0.1:9000', timeout => 15, @@ -3261,17 +3307,17 @@ apache::fastcgi::server { 'php': fcgi_alias => '/php.fcgi', file_type => 'application/x-httpd-php' } -~~~ +``` Within your virtual host, you can then configure the specified file type to be handled by the fastcgi server specified above. -~~~ puppet +``` puppet apache::vhost { 'www': ... custom_fragment => 'AddType application/x-httpd-php .php' ... } -~~~ +``` ##### `host` @@ -3283,7 +3329,7 @@ The number of seconds of FastCGI application inactivity allowed before the reque ##### `flush` -Force a write to the client as data is received from the application. By default, mod_fastcgi buffers data in order to free the application as quickly as possible. +Force a write to the client as data is received from the application. By default, mod\_fastcgi buffers data in order to free the application as quickly as possible. ##### `faux_path` @@ -3341,22 +3387,6 @@ The Apache module relies heavily on templates to enable the [`apache::vhost`][] ## Limitations -### Ubuntu 10.04 - -The [`apache::vhost::WSGIImportScript`][] parameter creates a statement inside the virtual host that is unsupported on older versions of Apache, causing it to fail. This will be remedied in a future refactoring. - -### RHEL/CentOS 5 - -The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested since repositories are missing compatible packages. - -### RHEL/CentOS 6 - -The [`apache::mod::passenger`][] class is not installing as the the EL6 repository is missing compatible packages. - -### RHEL/CentOS 7 - -The [`apache::mod::passenger`][] class is untested as the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] define's [`rack_base_uris`][] parameter. - ### General This module is CI tested against both [open source Puppet][] and [Puppet Enterprise][] on: @@ -3368,13 +3398,22 @@ This module is CI tested against both [open source Puppet][] and [Puppet Enterpr This module also provides functions for other distributions and operating systems, such as FreeBSD, Gentoo, and Amazon Linux, but is not formally tested on them and are subject to regressions. +### Ubuntu 10.04 + +The [`apache::vhost::wsgi_import_script`][] parameter creates a statement inside the virtual host that is unsupported on older versions of Apache, causing it to fail. This will be remedied in a future refactoring. + +### RHEL/CentOS +The [`apache::mod::auth_cas`][], [`apache::mod::passenger`][], [`apache::mod::proxy_html`][] and [`apache::mod::shib`][] classes are not functional on RH/CentOS without providing dependency packages from extra repositories. + +See their respective documentation above for related repositories and packages. + ### SELinux and custom paths If [SELinux][] is in [enforcing mode][] and you want to use custom paths for `logroot`, `mod_dir`, `vhost_dir`, and `docroot`, you need to manage the files' context yourself. You can do this with Puppet: -~~~ puppet +``` puppet exec { 'set_apache_defaults': command => 'semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"', path => '/bin:/usr/bin/:/sbin:/usr/sbin', @@ -3411,7 +3450,7 @@ apache::vhost { 'test.server': docroot => '/custom/path', additional_includes => '/custom/path/include', } -~~~ +``` You need to set the contexts using `semanage fcontext` instead of `chcon` because Puppet's `file` resources reset the values' context in the database if the resource doesn't specify it. @@ -3435,18 +3474,18 @@ This project contains tests for both [rspec-puppet][] and [beaker-rspec][] to ve #### Testing quickstart: Ruby > 1.8.7 -~~~ +``` gem install bundler bundle install bundle exec rake spec bundle exec rspec spec/acceptance RS_DEBUG=yes bundle exec rspec spec/acceptance -~~~ +``` #### Testing quickstart: Ruby = 1.8.7 -~~~ +``` gem install bundler bundle install --without system_tests bundle exec rake spec -~~~ +``` diff --git a/apache/Rakefile b/apache/Rakefile index 416807dad..636508b00 100644 --- a/apache/Rakefile +++ b/apache/Rakefile @@ -1,5 +1,6 @@ -require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet_blacksmith/rake_tasks' require 'puppet-lint/tasks/puppet-lint' +require 'puppetlabs_spec_helper/rake_tasks' PuppetLint.configuration.fail_on_warnings = true PuppetLint.configuration.send('relative') diff --git a/apache/lib/facter/apache_version.rb b/apache/lib/facter/apache_version.rb new file mode 100644 index 000000000..b45c88834 --- /dev/null +++ b/apache/lib/facter/apache_version.rb @@ -0,0 +1,8 @@ +Facter.add(:apache_version) do + setcode do + if Facter::Util::Resolution.which('apachectl') + apache_version = Facter::Util::Resolution.exec('apachectl -v 2>&1') + %r{^Server version: Apache\/([\w\.]+) \(([\w]+)\)}.match(apache_version)[1] + end + end +end diff --git a/apache/lib/puppet/parser/functions/enclose_ipv6.rb b/apache/lib/puppet/parser/functions/enclose_ipv6.rb index 968bd723e..80ffc3aca 100644 --- a/apache/lib/puppet/parser/functions/enclose_ipv6.rb +++ b/apache/lib/puppet/parser/functions/enclose_ipv6.rb @@ -28,16 +28,18 @@ module Puppet::Parser::Functions result = [] input.each do |val| - begin - ip = IPAddr.new(val) - rescue *rescuable_exceptions - raise(Puppet::ParseError, "enclose_ipv6(): Wrong argument "+ - "given #{val} is not an ip address.") + unless val == '*' + begin + ip = IPAddr.new(val) + rescue *rescuable_exceptions + raise(Puppet::ParseError, "enclose_ipv6(): Wrong argument "+ + "given #{val} is not an ip address.") + end + val = "[#{ip.to_s}]" if ip.ipv6? end - val = "[#{ip.to_s}]" if ip.ipv6? - result = [result,val] + result << val end - return result.flatten.compact + return result.uniq end end diff --git a/apache/manifests/balancer.pp b/apache/manifests/balancer.pp index 765dae629..9b7511a03 100644 --- a/apache/manifests/balancer.pp +++ b/apache/manifests/balancer.pp @@ -49,7 +49,7 @@ concat { $target: owner => '0', group => '0', - mode => '0644', + mode => $::apache::file_mode, notify => Class['Apache::Service'], } diff --git a/apache/manifests/fastcgi/server.pp b/apache/manifests/fastcgi/server.pp index afc7c8860..ec89bf778 100644 --- a/apache/manifests/fastcgi/server.pp +++ b/apache/manifests/fastcgi/server.pp @@ -15,7 +15,7 @@ path => "${::apache::confd_dir}/fastcgi-pool-${name}.conf", owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, content => template('apache/fastcgi/server.erb'), require => Exec["mkdir ${::apache::confd_dir}"], before => File[$::apache::confd_dir], diff --git a/apache/manifests/init.pp b/apache/manifests/init.pp index bb50d0b2e..41a879c5e 100644 --- a/apache/manifests/init.pp +++ b/apache/manifests/init.pp @@ -79,6 +79,8 @@ $use_optional_includes = $::apache::params::use_optional_includes, $use_systemd = $::apache::params::use_systemd, $mime_types_additional = $::apache::params::mime_types_additional, + $file_mode = $::apache::params::file_mode, + $root_directory_options = $::apache::params::root_directory_options, ) inherits ::apache::params { validate_bool($default_vhost) validate_bool($default_ssl_vhost) @@ -241,7 +243,7 @@ concat { $ports_file: owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, notify => Class['Apache::Service'], require => Package['httpd'], } @@ -273,9 +275,24 @@ $scriptalias = '/var/www/localhost/cgi-bin' $access_log_file = 'access.log' - ::portage::makeconf { 'apache2_modules': - content => $default_mods, + if is_array($default_mods) { + if versioncmp($apache_version, '2.4') >= 0 { + if defined('apache::mod::ssl') { + ::portage::makeconf { 'apache2_modules': + content => concat($default_mods, [ 'authz_core', 'socache_shmcb' ]), + } + } else { + ::portage::makeconf { 'apache2_modules': + content => concat($default_mods, 'authz_core'), + } + } + } else { + ::portage::makeconf { 'apache2_modules': + content => $default_mods, + } + } } + file { [ '/etc/apache2/modules.d/.keep_www-servers_apache-2', '/etc/apache2/vhosts.d/.keep_www-servers_apache-2' @@ -329,7 +346,7 @@ ensure => file, content => template($conf_template), notify => Class['Apache::Service'], - require => [Package['httpd'], File[$ports_file]], + require => [Package['httpd'], Concat[$ports_file]], } # preserve back-wards compatibility to the times when default_mods was diff --git a/apache/manifests/mod.pp b/apache/manifests/mod.pp index abdbfcbed..33b4de1ab 100644 --- a/apache/manifests/mod.pp +++ b/apache/manifests/mod.pp @@ -81,7 +81,7 @@ path => "${mod_dir}/${_loadfile_name}", owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, content => template('apache/mod/load.erb'), require => [ Package['httpd'], @@ -99,7 +99,7 @@ target => "${mod_dir}/${_loadfile_name}", owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, require => [ File[$_loadfile_name], Exec["mkdir ${enable_dir}"], @@ -117,7 +117,7 @@ target => "${mod_dir}/${mod}.conf", owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, require => [ File["${mod}.conf"], Exec["mkdir ${enable_dir}"], @@ -134,7 +134,7 @@ target => "${mod_dir}/${_loadfile_name}", owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, require => [ File[$_loadfile_name], Exec["mkdir ${enable_dir}"], @@ -152,7 +152,7 @@ target => "${mod_dir}/${mod}.conf", owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, require => [ File["${mod}.conf"], Exec["mkdir ${enable_dir}"], diff --git a/apache/manifests/mod/alias.pp b/apache/manifests/mod/alias.pp index 5b59baa01..eac21ba66 100644 --- a/apache/manifests/mod/alias.pp +++ b/apache/manifests/mod/alias.pp @@ -11,6 +11,7 @@ file { 'alias.conf': ensure => file, path => "${::apache::mod_dir}/alias.conf", + mode => $::apache::file_mode, content => template('apache/mod/alias.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/auth_cas.pp b/apache/manifests/mod/auth_cas.pp index 5b13af66a..0d1b9111a 100644 --- a/apache/manifests/mod/auth_cas.pp +++ b/apache/manifests/mod/auth_cas.pp @@ -39,6 +39,7 @@ file { 'auth_cas.conf': ensure => file, path => "${::apache::mod_dir}/auth_cas.conf", + mode => $::apache::file_mode, content => template('apache/mod/auth_cas.conf.erb'), require => [ Exec["mkdir ${::apache::mod_dir}"], ], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/auth_mellon.pp b/apache/manifests/mod/auth_mellon.pp index 79f6ffebb..129441bf4 100644 --- a/apache/manifests/mod/auth_mellon.pp +++ b/apache/manifests/mod/auth_mellon.pp @@ -15,6 +15,7 @@ file { 'auth_mellon.conf': ensure => file, path => "${::apache::mod_dir}/auth_mellon.conf", + mode => $::apache::file_mode, content => template('apache/mod/auth_mellon.conf.erb'), require => [ Exec["mkdir ${::apache::mod_dir}"], ], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/authnz_ldap.pp b/apache/manifests/mod/authnz_ldap.pp index b75369ffc..70d0a6363 100644 --- a/apache/manifests/mod/authnz_ldap.pp +++ b/apache/manifests/mod/authnz_ldap.pp @@ -11,6 +11,7 @@ file { 'authnz_ldap.conf': ensure => file, path => "${::apache::mod_dir}/authnz_ldap.conf", + mode => $::apache::file_mode, content => template('apache/mod/authnz_ldap.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/autoindex.pp b/apache/manifests/mod/autoindex.pp index c0969a814..c8cd0658d 100644 --- a/apache/manifests/mod/autoindex.pp +++ b/apache/manifests/mod/autoindex.pp @@ -4,6 +4,7 @@ file { 'autoindex.conf': ensure => file, path => "${::apache::mod_dir}/autoindex.conf", + mode => $::apache::file_mode, content => template('apache/mod/autoindex.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/cgid.pp b/apache/manifests/mod/cgid.pp index 4094c3281..891cdd75b 100644 --- a/apache/manifests/mod/cgid.pp +++ b/apache/manifests/mod/cgid.pp @@ -23,6 +23,7 @@ file { 'cgid.conf': ensure => file, path => "${::apache::mod_dir}/cgid.conf", + mode => $::apache::file_mode, content => template('apache/mod/cgid.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/dav_fs.pp b/apache/manifests/mod/dav_fs.pp index af037e32d..f652d4c21 100644 --- a/apache/manifests/mod/dav_fs.pp +++ b/apache/manifests/mod/dav_fs.pp @@ -12,6 +12,7 @@ file { 'dav_fs.conf': ensure => file, path => "${::apache::mod_dir}/dav_fs.conf", + mode => $::apache::file_mode, content => template('apache/mod/dav_fs.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/deflate.pp b/apache/manifests/mod/deflate.pp index 0748a54e5..e63eeca47 100644 --- a/apache/manifests/mod/deflate.pp +++ b/apache/manifests/mod/deflate.pp @@ -17,6 +17,7 @@ file { 'deflate.conf': ensure => file, path => "${::apache::mod_dir}/deflate.conf", + mode => $::apache::file_mode, content => template('apache/mod/deflate.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/dir.pp b/apache/manifests/mod/dir.pp index 6243a1bb7..bce05e0a4 100644 --- a/apache/manifests/mod/dir.pp +++ b/apache/manifests/mod/dir.pp @@ -13,6 +13,7 @@ file { 'dir.conf': ensure => file, path => "${::apache::mod_dir}/dir.conf", + mode => $::apache::file_mode, content => template('apache/mod/dir.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/disk_cache.pp b/apache/manifests/mod/disk_cache.pp index 2f0a476fa..051d69894 100644 --- a/apache/manifests/mod/disk_cache.pp +++ b/apache/manifests/mod/disk_cache.pp @@ -32,6 +32,7 @@ file { 'disk_cache.conf': ensure => file, path => "${::apache::mod_dir}/disk_cache.conf", + mode => $::apache::file_mode, content => template('apache/mod/disk_cache.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/event.pp b/apache/manifests/mod/event.pp index 389120cb7..6c70589a3 100644 --- a/apache/manifests/mod/event.pp +++ b/apache/manifests/mod/event.pp @@ -27,7 +27,7 @@ File { owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, } # Template uses: @@ -40,6 +40,7 @@ # - $serverlimit file { "${::apache::mod_dir}/event.conf": ensure => file, + mode => $::apache::file_mode, content => template('apache/mod/event.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/expires.pp b/apache/manifests/mod/expires.pp index 10542916a..1531fc54d 100644 --- a/apache/manifests/mod/expires.pp +++ b/apache/manifests/mod/expires.pp @@ -12,6 +12,7 @@ file { 'expires.conf': ensure => file, path => "${::apache::mod_dir}/expires.conf", + mode => $::apache::file_mode, content => template('apache/mod/expires.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/ext_filter.pp b/apache/manifests/mod/ext_filter.pp index b78abb607..244c2b1da 100644 --- a/apache/manifests/mod/ext_filter.pp +++ b/apache/manifests/mod/ext_filter.pp @@ -15,6 +15,7 @@ file { 'ext_filter.conf': ensure => file, path => "${::apache::mod_dir}/ext_filter.conf", + mode => $::apache::file_mode, content => template('apache/mod/ext_filter.conf.erb'), require => [ Exec["mkdir ${::apache::mod_dir}"], ], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/fastcgi.pp b/apache/manifests/mod/fastcgi.pp index 1f7e5df4f..c4da5b1e6 100644 --- a/apache/manifests/mod/fastcgi.pp +++ b/apache/manifests/mod/fastcgi.pp @@ -14,6 +14,7 @@ file { 'fastcgi.conf': ensure => file, path => "${::apache::mod_dir}/fastcgi.conf", + mode => $::apache::file_mode, content => template('apache/mod/fastcgi.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/fcgid.pp b/apache/manifests/mod/fcgid.pp index 978667033..4c0f91938 100644 --- a/apache/manifests/mod/fcgid.pp +++ b/apache/manifests/mod/fcgid.pp @@ -11,6 +11,7 @@ file { 'unixd_fcgid.conf': ensure => file, path => "${::apache::mod_dir}/unixd_fcgid.conf", + mode => $::apache::file_mode, content => template('apache/mod/unixd_fcgid.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/geoip.pp b/apache/manifests/mod/geoip.pp index 1f8fb08ee..2ff5d2191 100644 --- a/apache/manifests/mod/geoip.pp +++ b/apache/manifests/mod/geoip.pp @@ -22,6 +22,7 @@ file { 'geoip.conf': ensure => file, path => "${::apache::mod_dir}/geoip.conf", + mode => $::apache::file_mode, content => template('apache/mod/geoip.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/info.pp b/apache/manifests/mod/info.pp index f0d03eb0f..bed35af3a 100644 --- a/apache/manifests/mod/info.pp +++ b/apache/manifests/mod/info.pp @@ -10,6 +10,7 @@ file { 'info.conf': ensure => file, path => "${::apache::mod_dir}/info.conf", + mode => $::apache::file_mode, content => template('apache/mod/info.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/itk.pp b/apache/manifests/mod/itk.pp index 6f0796675..2d5bf04c1 100644 --- a/apache/manifests/mod/itk.pp +++ b/apache/manifests/mod/itk.pp @@ -35,7 +35,7 @@ File { owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, } # Template uses: @@ -47,6 +47,7 @@ # - $maxrequestsperchild file { "${::apache::mod_dir}/itk.conf": ensure => file, + mode => $::apache::file_mode, content => template('apache/mod/itk.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/ldap.pp b/apache/manifests/mod/ldap.pp index d08418671..fe9f6b80a 100644 --- a/apache/manifests/mod/ldap.pp +++ b/apache/manifests/mod/ldap.pp @@ -2,6 +2,11 @@ $apache_version = $::apache::apache_version, $ldap_trusted_global_cert_file = undef, $ldap_trusted_global_cert_type = 'CA_BASE64', + $ldap_shared_cache_size = undef, + $ldap_cache_entries = undef, + $ldap_cache_ttl = undef, + $ldap_opcache_entries = undef, + $ldap_opcache_ttl = undef, ){ if ($ldap_trusted_global_cert_file) { validate_string($ldap_trusted_global_cert_type) @@ -11,6 +16,7 @@ file { 'ldap.conf': ensure => file, path => "${::apache::mod_dir}/ldap.conf", + mode => $::apache::file_mode, content => template('apache/mod/ldap.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/mime.pp b/apache/manifests/mod/mime.pp index ace7663df..0665eb639 100644 --- a/apache/manifests/mod/mime.pp +++ b/apache/manifests/mod/mime.pp @@ -8,6 +8,7 @@ file { 'mime.conf': ensure => file, path => "${::apache::mod_dir}/mime.conf", + mode => $::apache::file_mode, content => template('apache/mod/mime.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/mime_magic.pp b/apache/manifests/mod/mime_magic.pp index c057b01f5..722b0df40 100644 --- a/apache/manifests/mod/mime_magic.pp +++ b/apache/manifests/mod/mime_magic.pp @@ -6,6 +6,7 @@ file { 'mime_magic.conf': ensure => file, path => "${::apache::mod_dir}/mime_magic.conf", + mode => $::apache::file_mode, content => template('apache/mod/mime_magic.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/negotiation.pp b/apache/manifests/mod/negotiation.pp index 02a3a0e64..b9aec3673 100644 --- a/apache/manifests/mod/negotiation.pp +++ b/apache/manifests/mod/negotiation.pp @@ -16,6 +16,7 @@ # Template uses no variables file { 'negotiation.conf': ensure => file, + mode => $::apache::file_mode, path => "${::apache::mod_dir}/negotiation.conf", content => template('apache/mod/negotiation.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], diff --git a/apache/manifests/mod/nss.pp b/apache/manifests/mod/nss.pp index d275cc493..16c285e93 100644 --- a/apache/manifests/mod/nss.pp +++ b/apache/manifests/mod/nss.pp @@ -18,6 +18,7 @@ file { 'nss.conf': ensure => file, path => "${::apache::mod_dir}/nss.conf", + mode => $::apache::file_mode, content => template('apache/mod/nss.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/pagespeed.pp b/apache/manifests/mod/pagespeed.pp index 588849c47..e787d88ef 100644 --- a/apache/manifests/mod/pagespeed.pp +++ b/apache/manifests/mod/pagespeed.pp @@ -47,6 +47,7 @@ file { 'pagespeed.conf': ensure => file, path => "${::apache::mod_dir}/pagespeed.conf", + mode => $::apache::file_mode, content => template('apache/mod/pagespeed.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/passenger.pp b/apache/manifests/mod/passenger.pp index 8d3622d30..d0b9f73fe 100644 --- a/apache/manifests/mod/passenger.pp +++ b/apache/manifests/mod/passenger.pp @@ -17,6 +17,7 @@ $passenger_use_global_queue = undef, $passenger_app_env = undef, $passenger_log_file = undef, + $manage_repo = true, $mod_package = undef, $mod_package_ensure = undef, $mod_lib = undef, @@ -52,6 +53,21 @@ $_lib_path = $mod_lib_path } + if $::osfamily == 'RedHat' and $manage_repo { + yumrepo { 'passenger': + ensure => 'present', + baseurl => 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch', + descr => 'passenger', + enabled => '1', + gpgcheck => '0', + gpgkey => 'https://packagecloud.io/gpg.key', + repo_gpgcheck => '1', + sslcacert => '/etc/pki/tls/certs/ca-bundle.crt', + sslverify => '1', + before => Apache::Mod['passenger'], + } + } + $_id = $mod_id $_path = $mod_path ::apache::mod { 'passenger': diff --git a/apache/manifests/mod/peruser.pp b/apache/manifests/mod/peruser.pp index b6a8015f9..e875a5afc 100644 --- a/apache/manifests/mod/peruser.pp +++ b/apache/manifests/mod/peruser.pp @@ -35,7 +35,7 @@ File { owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, } $mod_dir = $::apache::mod_dir @@ -52,6 +52,7 @@ # - $mod_dir file { "${::apache::mod_dir}/peruser.conf": ensure => file, + mode => $::apache::file_mode, content => template('apache/mod/peruser.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/php.pp b/apache/manifests/mod/php.pp index 1d1274f3b..3d45f87a8 100644 --- a/apache/manifests/mod/php.pp +++ b/apache/manifests/mod/php.pp @@ -50,7 +50,7 @@ path => "${::apache::mod_dir}/php5.conf", owner => 'root', group => $root_group, - mode => '0644', + mode => $::apache::file_mode, content => $manage_content, source => $source, require => [ diff --git a/apache/manifests/mod/prefork.pp b/apache/manifests/mod/prefork.pp index 91567de11..85d8b84d4 100644 --- a/apache/manifests/mod/prefork.pp +++ b/apache/manifests/mod/prefork.pp @@ -24,7 +24,7 @@ File { owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, } # Template uses: diff --git a/apache/manifests/mod/proxy.pp b/apache/manifests/mod/proxy.pp index 8c685d55b..73b054ab3 100644 --- a/apache/manifests/mod/proxy.pp +++ b/apache/manifests/mod/proxy.pp @@ -8,6 +8,7 @@ file { 'proxy.conf': ensure => file, path => "${::apache::mod_dir}/proxy.conf", + mode => $::apache::file_mode, content => template('apache/mod/proxy.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/proxy_html.pp b/apache/manifests/mod/proxy_html.pp index 8b910c251..24f332334 100644 --- a/apache/manifests/mod/proxy_html.pp +++ b/apache/manifests/mod/proxy_html.pp @@ -29,6 +29,7 @@ file { 'proxy_html.conf': ensure => file, path => "${::apache::mod_dir}/proxy_html.conf", + mode => $::apache::file_mode, content => template('apache/mod/proxy_html.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/remoteip.pp b/apache/manifests/mod/remoteip.pp index 564390e94..abceb08c7 100644 --- a/apache/manifests/mod/remoteip.pp +++ b/apache/manifests/mod/remoteip.pp @@ -19,6 +19,7 @@ file { 'remoteip.conf': ensure => file, path => "${::apache::mod_dir}/remoteip.conf", + mode => $::apache::file_mode, content => template('apache/mod/remoteip.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/rpaf.pp b/apache/manifests/mod/rpaf.pp index 12b86eb8b..f21c43ebd 100644 --- a/apache/manifests/mod/rpaf.pp +++ b/apache/manifests/mod/rpaf.pp @@ -12,6 +12,7 @@ file { 'rpaf.conf': ensure => file, path => "${::apache::mod_dir}/rpaf.conf", + mode => $::apache::file_mode, content => template('apache/mod/rpaf.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/security.pp b/apache/manifests/mod/security.pp index 4571e2fd2..95018a680 100644 --- a/apache/manifests/mod/security.pp +++ b/apache/manifests/mod/security.pp @@ -3,6 +3,8 @@ $activated_rules = $::apache::params::modsec_default_rules, $modsec_dir = $::apache::params::modsec_dir, $modsec_secruleengine = $::apache::params::modsec_secruleengine, + $secpcrematchlimit = $::apache::params::secpcrematchlimit, + $secpcrematchlimitrecursion = $::apache::params::secpcrematchlimitrecursion, $allowed_methods = 'GET HEAD POST OPTIONS', $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', @@ -32,9 +34,12 @@ # Template uses: # - $modsec_dir + # - secpcrematchlimit + # - secpcrematchlimitrecursion file { 'security.conf': ensure => file, content => template('apache/mod/security.conf.erb'), + mode => $::apache::file_mode, path => "${::apache::mod_dir}/security.conf", owner => $::apache::params::user, group => $::apache::params::group, diff --git a/apache/manifests/mod/setenvif.pp b/apache/manifests/mod/setenvif.pp index c73102dfb..63d3e321b 100644 --- a/apache/manifests/mod/setenvif.pp +++ b/apache/manifests/mod/setenvif.pp @@ -4,6 +4,7 @@ file { 'setenvif.conf': ensure => file, path => "${::apache::mod_dir}/setenvif.conf", + mode => $::apache::file_mode, content => template('apache/mod/setenvif.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/ssl.pp b/apache/manifests/mod/ssl.pp index a653baded..dcc31ce8f 100644 --- a/apache/manifests/mod/ssl.pp +++ b/apache/manifests/mod/ssl.pp @@ -73,6 +73,7 @@ file { 'ssl.conf': ensure => file, path => "${::apache::mod_dir}/ssl.conf", + mode => $::apache::file_mode, content => template('apache/mod/ssl.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/status.pp b/apache/manifests/mod/status.pp index 4c3f8d9e2..d11a464d7 100644 --- a/apache/manifests/mod/status.pp +++ b/apache/manifests/mod/status.pp @@ -11,7 +11,7 @@ # values are 'On' or 'Off'. Defaults to 'On'. # - $status_path is the path assigned to the Location directive which # defines the URL to access the server status. Defaults to '/server-status'. -# +# # Actions: # - Enable and configure Apache mod_status # @@ -38,6 +38,7 @@ file { 'status.conf': ensure => file, path => "${::apache::mod_dir}/status.conf", + mode => $::apache::file_mode, content => template('apache/mod/status.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/suphp.pp b/apache/manifests/mod/suphp.pp index c50beea06..5d426d794 100644 --- a/apache/manifests/mod/suphp.pp +++ b/apache/manifests/mod/suphp.pp @@ -5,6 +5,7 @@ file {'suphp.conf': ensure => file, path => "${::apache::mod_dir}/suphp.conf", + mode => $::apache::file_mode, content => template('apache/mod/suphp.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/userdir.pp b/apache/manifests/mod/userdir.pp index 4b3d0b8e8..516bb1165 100644 --- a/apache/manifests/mod/userdir.pp +++ b/apache/manifests/mod/userdir.pp @@ -11,6 +11,7 @@ file { 'userdir.conf': ensure => file, path => "${::apache::mod_dir}/userdir.conf", + mode => $::apache::file_mode, content => template('apache/mod/userdir.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/mod/worker.pp b/apache/manifests/mod/worker.pp index 2e6a6421b..9e417e0c4 100644 --- a/apache/manifests/mod/worker.pp +++ b/apache/manifests/mod/worker.pp @@ -79,7 +79,7 @@ File { owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, } # Template uses: diff --git a/apache/manifests/mod/wsgi.pp b/apache/manifests/mod/wsgi.pp index bff5b46b7..d1b821475 100644 --- a/apache/manifests/mod/wsgi.pp +++ b/apache/manifests/mod/wsgi.pp @@ -32,6 +32,7 @@ file {'wsgi.conf': ensure => file, path => "${::apache::mod_dir}/wsgi.conf", + mode => $::apache::file_mode, content => template('apache/mod/wsgi.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], diff --git a/apache/manifests/params.pp b/apache/manifests/params.pp index 28692001c..0c6f9a34f 100644 --- a/apache/manifests/params.pp +++ b/apache/manifests/params.pp @@ -31,20 +31,20 @@ # Default mime types settings $mime_types_additional = { - 'AddHandler' => { - 'type-map' => 'var' - }, - 'AddType' => { - 'text/html' => '.shtml' - }, - 'AddOutputFilter' => { - 'INCLUDES' => '.shtml' - }, + 'AddHandler' => { 'type-map' => 'var', }, + 'AddType' => { 'text/html' => '.shtml', }, + 'AddOutputFilter' => { 'INCLUDES' => '.shtml', }, } # should we use systemd module? $use_systemd = true + # Default mode for files + $file_mode = '0644' + + # Default options for / directory + $root_directory_options = ['FollowSymLinks'] + $vhost_include_pattern = '*' if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' { @@ -88,9 +88,8 @@ $suphp_addhandler = 'php5-script' $suphp_engine = 'off' $suphp_configpath = undef - # NOTE: The module for Shibboleth is not available to RH/CentOS without an additional repository. http://wiki.aaf.edu.au/tech-info/sp-install-guide - # NOTE: The auth_cas module isn't available to RH/CentOS without enabling EPEL. $mod_packages = { + # NOTE: The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL. 'auth_cas' => 'mod_auth_cas', 'auth_kerb' => 'mod_auth_kerb', 'auth_mellon' => 'mod_auth_mellon', @@ -106,6 +105,10 @@ default => undef, }, 'pagespeed' => 'mod-pagespeed-stable', + # NOTE: The passenger module isn't available on RH/CentOS without + # providing dependency packages provided by EPEL and passenger + # repositories. See + # https://www.phusionpassenger.com/library/install/apache/install/oss/el7/ 'passenger' => 'mod_passenger', 'perl' => 'mod_perl', 'php5' => $::apache::version::distrelease ? { @@ -115,6 +118,9 @@ 'proxy_html' => 'mod_proxy_html', 'python' => 'mod_python', 'security' => 'mod_security', + # NOTE: The module for Shibboleth is not available on RH/CentOS without + # providing dependency packages provided by Shibboleth's repositories. + # See http://wiki.aaf.edu.au/tech-info/sp-install-guide 'shibboleth' => 'shibboleth', 'ssl' => 'mod_ssl', 'wsgi' => 'mod_wsgi', @@ -156,6 +162,8 @@ $modsec_crs_package = 'mod_security_crs' $modsec_crs_path = '/usr/lib/modsecurity.d' $modsec_dir = '/etc/httpd/modsecurity.d' + $secpcrematchlimit = 1500 + $secpcrematchlimitrecursion = 1500 $modsec_secruleengine = 'On' $modsec_default_rules = [ 'base_rules/modsecurity_35_bad_robots.data', @@ -178,7 +186,7 @@ 'base_rules/modsecurity_crs_49_inbound_blocking.conf', 'base_rules/modsecurity_crs_50_outbound.conf', 'base_rules/modsecurity_crs_59_outbound_blocking.conf', - 'base_rules/modsecurity_crs_60_correlation.conf' + 'base_rules/modsecurity_crs_60_correlation.conf', ] } elsif $::osfamily == 'Debian' { $user = 'www-data' @@ -258,6 +266,8 @@ $modsec_crs_package = 'modsecurity-crs' $modsec_crs_path = '/usr/share/modsecurity-crs' $modsec_dir = '/etc/modsecurity' + $secpcrematchlimit = 1500 + $secpcrematchlimitrecursion = 1500 $modsec_secruleengine = 'On' $modsec_default_rules = [ 'base_rules/modsecurity_35_bad_robots.data', @@ -280,7 +290,7 @@ 'base_rules/modsecurity_crs_49_inbound_blocking.conf', 'base_rules/modsecurity_crs_50_outbound.conf', 'base_rules/modsecurity_crs_59_outbound_blocking.conf', - 'base_rules/modsecurity_crs_60_correlation.conf' + 'base_rules/modsecurity_crs_60_correlation.conf', ] $alias_icons_path = '/usr/share/apache2/icons' $error_documents_path = '/usr/share/apache2/error' @@ -442,19 +452,20 @@ $suphp_configpath = '/etc/php5/apache2' $mod_packages = { # NOTE: I list here only modules that are not included in www-servers/apache - 'auth_kerb' => 'www-apache/mod_auth_kerb', - 'fcgid' => 'www-apache/mod_fcgid', - 'passenger' => 'www-apache/passenger', - 'perl' => 'www-apache/mod_perl', - 'php5' => 'dev-lang/php', - 'proxy_html' => 'www-apache/mod_proxy_html', - 'proxy_fcgi' => 'www-apache/mod_proxy_fcgi', - 'python' => 'www-apache/mod_python', - 'wsgi' => 'www-apache/mod_wsgi', - 'dav_svn' => 'dev-vcs/subversion', - 'xsendfile' => 'www-apache/mod_xsendfile', - 'rpaf' => 'www-apache/mod_rpaf', - 'xml2enc' => 'www-apache/mod_xml2enc', + 'auth_kerb' => 'www-apache/mod_auth_kerb', + 'authnz_external' => 'www-apache/mod_authnz_external', + 'fcgid' => 'www-apache/mod_fcgid', + 'passenger' => 'www-apache/passenger', + 'perl' => 'www-apache/mod_perl', + 'php5' => 'dev-lang/php', + 'proxy_html' => 'www-apache/mod_proxy_html', + 'proxy_fcgi' => 'www-apache/mod_proxy_fcgi', + 'python' => 'www-apache/mod_python', + 'wsgi' => 'www-apache/mod_wsgi', + 'dav_svn' => 'dev-vcs/subversion', + 'xsendfile' => 'www-apache/mod_xsendfile', + 'rpaf' => 'www-apache/mod_rpaf', + 'xml2enc' => 'www-apache/mod_xml2enc', } $mod_libs = { 'php5' => 'libphp5.so', diff --git a/apache/manifests/vhost.pp b/apache/manifests/vhost.pp index df271a98f..e909788df 100644 --- a/apache/manifests/vhost.pp +++ b/apache/manifests/vhost.pp @@ -43,6 +43,8 @@ $logroot = $::apache::logroot, $logroot_ensure = 'directory', $logroot_mode = undef, + $logroot_owner = undef, + $logroot_group = undef, $log_level = undef, $access_log = true, $access_log_file = false, @@ -307,6 +309,8 @@ if ! defined(File[$logroot]) { file { $logroot: ensure => $logroot_ensure, + owner => $logroot_owner, + group => $logroot_group, mode => $logroot_mode, require => Package['httpd'], before => Concat["${priority_real}${filename}.conf"], @@ -504,7 +508,7 @@ path => "${::apache::vhost_dir}/${priority_real}${filename}.conf", owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, order => 'numeric', require => Package['httpd'], notify => Class['apache::service'], @@ -523,7 +527,7 @@ target => "${::apache::vhost_dir}/${priority_real}${filename}.conf", owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, require => Concat["${priority_real}${filename}.conf"], notify => Class['apache::service'], } @@ -748,7 +752,7 @@ # - $redirectmatch_status_a # - $redirectmatch_regexp_a # - $redirectmatch_dest - if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp and $redirectmatch_dest) { + if ($redirect_source and $redirect_dest) or ($redirectmatch_regexp and $redirectmatch_dest) { concat::fragment { "${name}-redirect": target => "${priority_real}${filename}.conf", order => 180, diff --git a/apache/manifests/vhost/custom.pp b/apache/manifests/vhost/custom.pp index d85e4d091..12567f5db 100644 --- a/apache/manifests/vhost/custom.pp +++ b/apache/manifests/vhost/custom.pp @@ -30,7 +30,7 @@ target => "${::apache::vhost_dir}/${priority}-${filename}.conf", owner => 'root', group => $::apache::params::root_group, - mode => '0644', + mode => $::apache::file_mode, require => Apache::Custom_config[$filename], } } diff --git a/apache/spec/acceptance/class_spec.rb b/apache/spec/acceptance/class_spec.rb index cd13985f6..aff79eb08 100644 --- a/apache/spec/acceptance/class_spec.rb +++ b/apache/spec/acceptance/class_spec.rb @@ -3,15 +3,13 @@ describe 'apache class' do context 'default parameters' do - it 'should work with no errors' do - pp = <<-EOS - class { 'apache': } + let(:pp) do + <<-EOS + class { 'apache': } EOS - - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end + # Run it twice and test for idempotency + it_behaves_like "a idempotent resource" describe package($package_name) do it { is_expected.to be_installed } @@ -33,43 +31,42 @@ class { 'apache': } context 'custom site/mod dir parameters' do # Using puppet_apply as a helper - it 'should work with no errors' do - pp = <<-EOS - if $::osfamily == 'RedHat' and "$::selinux" == "true" { - $semanage_package = $::operatingsystemmajrelease ? { - '5' => 'policycoreutils', - default => 'policycoreutils-python', - } + let(:pp) do + <<-EOS + if $::osfamily == 'RedHat' and "$::selinux" == "true" { + $semanage_package = $::operatingsystemmajrelease ? { + '5' => 'policycoreutils', + default => 'policycoreutils-python', + } - package { $semanage_package: ensure => installed } - exec { 'set_apache_defaults': - command => 'semanage fcontext -a -t httpd_sys_content_t "/apache_spec(/.*)?"', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - subscribe => Package[$semanage_package], - refreshonly => true, + package { $semanage_package: ensure => installed } + exec { 'set_apache_defaults': + command => 'semanage fcontext -a -t httpd_sys_content_t "/apache_spec(/.*)?"', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + subscribe => Package[$semanage_package], + refreshonly => true, + } + exec { 'restorecon_apache': + command => 'restorecon -Rv /apache_spec', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + before => Service['httpd'], + require => Class['apache'], + subscribe => Exec['set_apache_defaults'], + refreshonly => true, + } } - exec { 'restorecon_apache': - command => 'restorecon -Rv /apache_spec', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - before => Service['httpd'], - require => Class['apache'], - subscribe => Exec['set_apache_defaults'], - refreshonly => true, + file { '/apache_spec': ensure => directory, } + file { '/apache_spec/apache_custom': ensure => directory, } + class { 'apache': + mod_dir => '/apache_spec/apache_custom/mods', + vhost_dir => '/apache_spec/apache_custom/vhosts', } - } - file { '/apache_spec': ensure => directory, } - file { '/apache_spec/apache_custom': ensure => directory, } - class { 'apache': - mod_dir => '/apache_spec/apache_custom/mods', - vhost_dir => '/apache_spec/apache_custom/vhosts', - } EOS - - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) end + # Run it twice and test for idempotency + it_behaves_like "a idempotent resource" + describe service($service_name) do if (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') pending 'Should be enabled - Bug 760616 on Debian 8' diff --git a/apache/spec/acceptance/default_mods_spec.rb b/apache/spec/acceptance/default_mods_spec.rb index 8cfc531b1..3f2852696 100644 --- a/apache/spec/acceptance/default_mods_spec.rb +++ b/apache/spec/acceptance/default_mods_spec.rb @@ -4,18 +4,16 @@ describe 'apache::default_mods class' do describe 'no default mods' do # Using puppet_apply as a helper - it 'should apply with no errors' do - pp = <<-EOS + let(:pp) do + <<-EOS class { 'apache': default_mods => false, } EOS - - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end + # Run it twice and test for idempotency + it_behaves_like "a idempotent resource" describe service($service_name) do it { is_expected.to be_running } end @@ -54,8 +52,8 @@ class { 'apache': describe 'alternative default mods' do # Using puppet_apply as a helper - it 'should apply with no errors' do - pp = <<-EOS + let(:pp) do + <<-EOS class { 'apache': default_mods => [ 'info', @@ -74,11 +72,8 @@ class { 'apache': setenv => 'TEST1 one', } EOS - - apply_manifest(pp, :catch_failures => true) - shell('sleep 10') - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end + it_behaves_like "a idempotent resource" describe service($service_name) do it { is_expected.to be_running } @@ -86,18 +81,16 @@ class { 'apache': end describe 'change loadfile name' do - it 'should apply with no errors' do - pp = <<-EOS + let(:pp) do + <<-EOS class { 'apache': default_mods => false } ::apache::mod { 'auth_basic': loadfile_name => 'zz_auth_basic.load', } EOS - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end - + # Run it twice and test for idempotency + it_behaves_like "a idempotent resource" describe service($service_name) do it { is_expected.to be_running } end diff --git a/apache/spec/acceptance/itk_spec.rb b/apache/spec/acceptance/itk_spec.rb index 5be43b1fe..059589a3f 100644 --- a/apache/spec/acceptance/itk_spec.rb +++ b/apache/spec/acceptance/itk_spec.rb @@ -28,27 +28,25 @@ describe 'apache::mod::itk class', :if => service_name do describe 'running puppet code' do # Using puppet_apply as a helper - it 'should work with no errors' do - pp = case variant - when :prefork - <<-EOS - class { 'apache': - mpm_module => 'prefork', - } - class { 'apache::mod::itk': } - EOS - when :itk_only - <<-EOS - class { 'apache': - mpm_module => 'itk', - } - EOS - end - - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) + let(:pp) do + case variant + when :prefork + <<-EOS + class { 'apache': + mpm_module => 'prefork', + } + class { 'apache::mod::itk': } + EOS + when :itk_only + <<-EOS + class { 'apache': + mpm_module => 'itk', + } + EOS + end end + # Run it twice and test for idempotency + it_behaves_like "a idempotent resource" end describe service(service_name) do diff --git a/apache/spec/acceptance/mod_pagespeed_spec.rb b/apache/spec/acceptance/mod_pagespeed_spec.rb index 2434fbb4e..009df6a10 100644 --- a/apache/spec/acceptance/mod_pagespeed_spec.rb +++ b/apache/spec/acceptance/mod_pagespeed_spec.rb @@ -1,4 +1,5 @@ require 'spec_helper_acceptance' +require_relative './version.rb' describe 'apache::mod::pagespeed class' do context "default pagespeed config" do diff --git a/apache/spec/acceptance/mod_passenger_spec.rb b/apache/spec/acceptance/mod_passenger_spec.rb index 086c93eea..5798545ea 100644 --- a/apache/spec/acceptance/mod_passenger_spec.rb +++ b/apache/spec/acceptance/mod_passenger_spec.rb @@ -2,9 +2,11 @@ require_relative './version.rb' describe 'apache::mod::passenger class' do + pending 'This cannot run in the same test run as apache::vhost with passenger + as the passenger.conf file is not yet managed by puppet and will be wiped out + between tests and not replaced' case fact('osfamily') when 'Debian' - mod_dir = '/etc/apache2/mods-available/' conf_file = "#{$mod_dir}/passenger.conf" load_file = "#{$mod_dir}/zpassenger.load" @@ -49,38 +51,34 @@ conf_file = "#{$mod_dir}/passenger.conf" load_file = "#{$mod_dir}/zpassenger.load" # sometimes installs as 3.0.12, sometimes as 3.0.19 - so just check for the stable part - passenger_root = '/usr/lib/ruby/gems/1.8/gems/passenger-3.0.1' + passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' passenger_ruby = '/usr/bin/ruby' - passenger_tempdir = '/var/run/rubygem-passenger' passenger_module_path = 'modules/mod_passenger.so' rackapp_user = 'apache' rackapp_group = 'apache' end pp_rackapp = <<-EOS - /* a simple ruby rack 'hellow world' app */ - file { '/var/www/passenger': - ensure => directory, - owner => '#{rackapp_user}', - group => '#{rackapp_group}', - require => Class['apache::mod::passenger'], - } - file { '/var/www/passenger/config.ru': - ensure => file, - owner => '#{rackapp_user}', - group => '#{rackapp_group}', - content => "app = proc { |env| [200, { \\"Content-Type\\" => \\"text/html\\" }, [\\"hello world\\"]] }\\nrun app", - require => File['/var/www/passenger'] , - } - apache::vhost { 'passenger.example.com': - port => '80', - docroot => '/var/www/passenger/public', - docroot_group => '#{rackapp_group}' , - docroot_owner => '#{rackapp_user}' , - custom_fragment => "PassengerRuby #{passenger_ruby}\\nRailsEnv development" , - require => File['/var/www/passenger/config.ru'] , - } - host { 'passenger.example.com': ip => '127.0.0.1', } + /* a simple ruby rack 'hello world' app */ + file { '/var/www/passenger': + ensure => directory, + owner => '#{rackapp_user}', + group => '#{rackapp_group}', + } + file { '/var/www/passenger/config.ru': + ensure => file, + owner => '#{rackapp_user}', + group => '#{rackapp_group}', + content => "app = proc { |env| [200, { \\"Content-Type\\" => \\"text/html\\" }, [\\"hello world\\"]] }\\nrun app", + } + apache::vhost { 'passenger.example.com': + port => '80', + docroot => '/var/www/passenger/public', + docroot_group => '#{rackapp_group}', + docroot_owner => '#{rackapp_user}', + require => File['/var/www/passenger/config.ru'], + } + host { 'passenger.example.com': ip => '127.0.0.1', } EOS case fact('osfamily') diff --git a/apache/spec/acceptance/nodesets/centos-59-x64.yml b/apache/spec/acceptance/nodesets/centos-59-x64.yml new file mode 100644 index 000000000..2ad90b86a --- /dev/null +++ b/apache/spec/acceptance/nodesets/centos-59-x64.yml @@ -0,0 +1,10 @@ +HOSTS: + centos-59-x64: + roles: + - master + platform: el-5-x86_64 + box : centos-59-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box + hypervisor : vagrant +CONFIG: + type: git diff --git a/apache/spec/acceptance/nodesets/centos-64-x64-pe.yml b/apache/spec/acceptance/nodesets/centos-64-x64-pe.yml new file mode 100644 index 000000000..7d9242f1b --- /dev/null +++ b/apache/spec/acceptance/nodesets/centos-64-x64-pe.yml @@ -0,0 +1,12 @@ +HOSTS: + centos-64-x64: + roles: + - master + - database + - dashboard + platform: el-6-x86_64 + box : centos-64-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box + hypervisor : vagrant +CONFIG: + type: pe diff --git a/apache/spec/acceptance/nodesets/centos-65-x64.yml b/apache/spec/acceptance/nodesets/centos-65-x64.yml new file mode 100644 index 000000000..4e2cb809e --- /dev/null +++ b/apache/spec/acceptance/nodesets/centos-65-x64.yml @@ -0,0 +1,10 @@ +HOSTS: + centos-65-x64: + roles: + - master + platform: el-6-x86_64 + box : centos-65-x64-vbox436-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-65-x64-virtualbox-nocm.box + hypervisor : vagrant +CONFIG: + type: foss diff --git a/apache/spec/acceptance/prefork_worker_spec.rb b/apache/spec/acceptance/prefork_worker_spec.rb index 22eaaddea..668716144 100644 --- a/apache/spec/acceptance/prefork_worker_spec.rb +++ b/apache/spec/acceptance/prefork_worker_spec.rb @@ -33,17 +33,16 @@ class { 'apache': describe 'apache::mod::worker class' do describe 'running puppet code' do # Using puppet_apply as a helper - it 'should work with no errors' do - pp = <<-EOS + let(:pp) do + <<-EOS class { 'apache': mpm_module => 'worker', } EOS - - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end + + # Run it twice and test for idempotency + it_behaves_like "a idempotent resource" end describe service($service_name) do @@ -59,17 +58,15 @@ class { 'apache': describe 'apache::mod::prefork class' do describe 'running puppet code' do # Using puppet_apply as a helper - it 'should work with no errors' do - pp = <<-EOS + let(:pp) do + <<-EOS class { 'apache': mpm_module => 'prefork', } EOS - - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end + # Run it twice and test for idempotency + it_behaves_like "a idempotent resource" end describe service($service_name) do diff --git a/apache/spec/acceptance/service_spec.rb b/apache/spec/acceptance/service_spec.rb index c3124c846..c62a34973 100644 --- a/apache/spec/acceptance/service_spec.rb +++ b/apache/spec/acceptance/service_spec.rb @@ -2,18 +2,17 @@ describe 'apache::service class' do describe 'adding dependencies in between the base class and service class' do - it 'should work with no errors' do - pp = <<-EOS - class { 'apache': } - file { '/tmp/test': - require => Class['apache'], - notify => Class['apache::service'], - } + let(:pp) do + <<-EOS + class { 'apache': } + file { '/tmp/test': + require => Class['apache'], + notify => Class['apache::service'], + } EOS - - # Run it twice and test for idempotency - apply_manifest(pp, :catch_failures => true) - expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero end + + # Run it twice and test for idempotency + it_behaves_like "a idempotent resource" end end diff --git a/apache/spec/acceptance/vhost_spec.rb b/apache/spec/acceptance/vhost_spec.rb index b9b3a80ac..90b42e0e6 100644 --- a/apache/spec/acceptance/vhost_spec.rb +++ b/apache/spec/acceptance/vhost_spec.rb @@ -1106,6 +1106,33 @@ class { 'apache': service_ensure => stopped, } end end + # Passenger isn't even in EPEL on el-5 + if (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') != '5') + describe 'rack_base_uris' do + before :all do + pp = "if $::osfamily == 'RedHat' { include epel }" + apply_manifest(pp, :catch_failures => true) + end + + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + rack_base_uris => ['/test'], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/25-test.server.conf") do + it { is_expected.to be_file } + it { is_expected.to contain 'RackBaseURI /test' } + end + end + end + describe 'no_proxy_uris' do it 'applies cleanly' do pp = <<-EOS diff --git a/apache/spec/classes/apache_spec.rb b/apache/spec/classes/apache_spec.rb index a76676452..2fe53f409 100644 --- a/apache/spec/classes/apache_spec.rb +++ b/apache/spec/classes/apache_spec.rb @@ -504,7 +504,7 @@ it { is_expected.to contain_file("/opt/rh/root/etc/httpd/conf/httpd.conf").with( 'ensure' => 'file', 'notify' => 'Class[Apache::Service]', - 'require' => ['Package[httpd]', 'File[/etc/httpd/conf/ports.conf]'], + 'require' => ['Package[httpd]', 'Concat[/etc/httpd/conf/ports.conf]'], ) } end @@ -835,9 +835,27 @@ ) } end + context 'with a custom file_mode parameter' do + let :params do { + :file_mode => '0640' + } + end + it { is_expected.to contain_concat("/etc/httpd/conf/ports.conf").with( + 'mode' => '0640', + ) + } + end + context 'with a custom root_directory_options parameter' do + let :params do { + :root_directory_options => ['-Indexes', '-FollowSymLinks'] + } + end + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{Options -Indexes -FollowSymLinks} } + end context 'default vhost defaults' do it { is_expected.to contain_apache__vhost('default').with_ensure('present') } it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('absent') } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{Options FollowSymLinks} } end context 'without default non-ssl vhost' do let :params do { diff --git a/apache/spec/classes/mod/ldap_spec.rb b/apache/spec/classes/mod/ldap_spec.rb index 2b82d8d1b..f51cafd4f 100644 --- a/apache/spec/classes/mod/ldap_spec.rb +++ b/apache/spec/classes/mod/ldap_spec.rb @@ -32,12 +32,22 @@ it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_BASE64 ca\.pem$/) } end - context 'ldap_trusted_global_cert_file and ldap_trusted_global_cert_type params' do + context 'set multiple ldap params' do let(:params) {{ :ldap_trusted_global_cert_file => 'ca.pem', - :ldap_trusted_global_cert_type => 'CA_DER' + :ldap_trusted_global_cert_type => 'CA_DER', + :ldap_shared_cache_size => '500000', + :ldap_cache_entries => '1024', + :ldap_cache_ttl => '600', + :ldap_opcache_entries => '1024', + :ldap_opcache_ttl => '600' }} it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPTrustedGlobalCert CA_DER ca\.pem$/) } + it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPSharedCacheSize 500000$/) } + it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPCacheEntries 1024$/) } + it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPCacheTTL 600$/) } + it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPOpCacheEntries 1024$/) } + it { is_expected.to contain_file('ldap.conf').with_content(/^LDAPOpCacheTTL 600$/) } end end #Debian diff --git a/apache/spec/defines/mod_spec.rb b/apache/spec/defines/mod_spec.rb index e4e984529..1697190a3 100644 --- a/apache/spec/defines/mod_spec.rb +++ b/apache/spec/defines/mod_spec.rb @@ -34,6 +34,20 @@ end end + describe "with file_mode set" do + let :pre_condition do + "class {'::apache': file_mode => '0640'}" + end + let :title do + 'spec_m' + end + it "should manage the module load file" do + is_expected.to contain_file('spec_m.load').with({ + :mode => '0640', + } ) + end + end + describe "with shibboleth module and package param passed" do # name/title for the apache::mod define let :title do diff --git a/apache/spec/defines/vhost_spec.rb b/apache/spec/defines/vhost_spec.rb index 40d93a0ee..12653e9b1 100644 --- a/apache/spec/defines/vhost_spec.rb +++ b/apache/spec/defines/vhost_spec.rb @@ -170,6 +170,8 @@ 'logroot' => '/var/www/logs', 'logroot_ensure' => 'directory', 'logroot_mode' => '0600', + 'logroot_owner' => 'root', + 'logroot_group' => 'root', 'log_level' => 'crit', 'access_log' => false, 'access_log_file' => 'httpd_access_log', @@ -567,6 +569,39 @@ it { is_expected.to_not contain_concat__fragment('NameVirtualHost [::1]:80') } end + context 'vhost with wildcard ip address' do + let :params do + { + 'port' => '80', + 'ip' => '*', + 'ip_based' => true, + 'servername' => 'example.com', + 'docroot' => '/var/www/html', + 'add_listen' => true, + 'ensure' => 'present' + } + end + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernelversion => '3.6.2', + :is_pe => false, + } + end + + it { is_expected.to compile } + it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( + :content => /[.\/m]*[.\/m]*$/ ) } + it { is_expected.to contain_concat__fragment('Listen *:80') } + it { is_expected.to_not contain_concat__fragment('NameVirtualHost *:80') } + end + context 'set only aliases' do let :params do { diff --git a/apache/spec/spec_helper_acceptance.rb b/apache/spec/spec_helper_acceptance.rb index cdaec445d..307f7b710 100644 --- a/apache/spec/spec_helper_acceptance.rb +++ b/apache/spec/spec_helper_acceptance.rb @@ -16,6 +16,12 @@ # Readable test descriptions c.formatter = :documentation + # detect the situation where PUP-5016 is triggered and skip the idempotency tests in that case + # also note how fact('puppetversion') is not available because of PUP-4359 + if fact('osfamily') == 'Debian' && fact('operatingsystemmajrelease') == '8' && shell('puppet --version').stdout =~ /^4\.2/ + c.filter_run_excluding :skip_pup_5016 => true + end + # Configure all nodes in nodeset c.before :suite do # net-tools required for netstat utility being used by be_listening @@ -62,3 +68,13 @@ class { 'epel': } end end end + +shared_examples "a idempotent resource" do + it 'should apply with no errors' do + apply_manifest(pp, :catch_failures => true) + end + + it 'should apply a second time without changes', :skip_pup_5016 do + apply_manifest(pp, :catch_changes => true) + end +end diff --git a/apache/spec/unit/apache_version_spec.rb b/apache/spec/unit/apache_version_spec.rb new file mode 100644 index 000000000..30f6ef991 --- /dev/null +++ b/apache/spec/unit/apache_version_spec.rb @@ -0,0 +1,20 @@ +require 'spec_helper' + +describe Facter::Util::Fact do + before do + Facter.clear + end + + describe 'apache_version' do + context 'with value' do + before :each do + Facter::Util::Resolution.stubs(:which).with('apachectl').returns(true) + Facter::Util::Resolution.stubs(:exec).with('apachectl -v 2>&1').returns('Server version: Apache/2.4.16 (Unix) + Server built: Jul 31 2015 15:53:26') + end + it do + expect(Facter.fact(:apache_version).value).to eq('2.4.16') + end + end + end +end diff --git a/apache/spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb b/apache/spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb index 508f62aea..b162127d0 100644 --- a/apache/spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb +++ b/apache/spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb @@ -28,6 +28,10 @@ expect { scope.function_enclose_ipv6(['127.0.0.1']) }.to_not raise_error end + it "should not raise a ParseError when given * as ip string" do + expect { scope.function_enclose_ipv6(['*']) }.to_not raise_error + end + it "should not raise a ParseError when given an array of ip strings" do expect { scope.function_enclose_ipv6([['127.0.0.1','fe80::1']]) }.to_not raise_error end @@ -49,8 +53,8 @@ end it "should embrace ipv6 adresses within an array of ip addresses" do - result = scope.function_enclose_ipv6([['127.0.0.1','fe80::1','[fe80::1]']]) - expect(result).to(eq(['127.0.0.1','[fe80::1]','[fe80::1]'])) + result = scope.function_enclose_ipv6([['127.0.0.1','fe80::1','[fe80::2]']]) + expect(result).to(eq(['127.0.0.1','[fe80::1]','[fe80::2]'])) end it "should embrace a single ipv6 adresse" do diff --git a/apache/templates/httpd.conf.erb b/apache/templates/httpd.conf.erb index 9c854cfc3..448d1fec5 100644 --- a/apache/templates/httpd.conf.erb +++ b/apache/templates/httpd.conf.erb @@ -31,7 +31,7 @@ AccessFileName .htaccess - Options FollowSymLinks + Options <%= Array(@root_directory_options).join(' ') %> AllowOverride None diff --git a/apache/templates/mod/ldap.conf.erb b/apache/templates/mod/ldap.conf.erb index fbb4b9213..424fbe8ee 100644 --- a/apache/templates/mod/ldap.conf.erb +++ b/apache/templates/mod/ldap.conf.erb @@ -12,3 +12,18 @@ <% if @ldap_trusted_global_cert_file -%> LDAPTrustedGlobalCert <%= @ldap_trusted_global_cert_type %> <%= @ldap_trusted_global_cert_file %> <% end -%> +<%- if @ldap_shared_cache_size -%> +LDAPSharedCacheSize <%= @ldap_shared_cache_size %> +<%- end -%> +<%- if @ldap_cache_entries -%> +LDAPCacheEntries <%= @ldap_cache_entries %> +<%- end -%> +<%- if @ldap_cache_ttl -%> +LDAPCacheTTL <%= @ldap_cache_ttl %> +<%- end -%> +<%- if @ldap_opcache_entries -%> +LDAPOpCacheEntries <%= @ldap_opcache_entries %> +<%- end -%> +<%- if @ldap_opcache_ttl -%> +LDAPOpCacheTTL <%= @ldap_opcache_ttl %> +<%- end -%> diff --git a/apache/templates/mod/security.conf.erb b/apache/templates/mod/security.conf.erb index 7b2da7613..a71f5887d 100644 --- a/apache/templates/mod/security.conf.erb +++ b/apache/templates/mod/security.conf.erb @@ -37,8 +37,8 @@ SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" - SecPcreMatchLimit 1000 - SecPcreMatchLimitRecursion 1000 + SecPcreMatchLimit <%= @secpcrematchlimit %> + SecPcreMatchLimitRecursion <%= @secpcrematchlimitrecursion %> SecRule TX:/^MSC_/ "!@streq 0" \ "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" diff --git a/apache/templates/mod/worker.conf.erb b/apache/templates/mod/worker.conf.erb index ad2bc4461..8ad6451c7 100644 --- a/apache/templates/mod/worker.conf.erb +++ b/apache/templates/mod/worker.conf.erb @@ -1,11 +1,11 @@ ServerLimit <%= @serverlimit %> StartServers <%= @startservers %> + ThreadLimit <%= @threadlimit %> MaxClients <%= @maxclients %> MinSpareThreads <%= @minsparethreads %> MaxSpareThreads <%= @maxsparethreads %> ThreadsPerChild <%= @threadsperchild %> MaxRequestsPerChild <%= @maxrequestsperchild %> - ThreadLimit <%= @threadlimit %> ListenBacklog <%= @listenbacklog %> diff --git a/apache/templates/vhost/_access_log.erb b/apache/templates/vhost/_access_log.erb index d1ec426a4..894daa7ce 100644 --- a/apache/templates/vhost/_access_log.erb +++ b/apache/templates/vhost/_access_log.erb @@ -10,7 +10,7 @@ <% destination = "#{@logroot}/#{log['file']}" -%> <% end -%> <% elsif log['syslog'] -%> -<% destination = "syslog" -%> +<% destination = log['syslog'] -%> <% elsif log['pipe'] -%> <% destination = log['pipe'] -%> <% else -%> diff --git a/apache/templates/vhost/_redirect.erb b/apache/templates/vhost/_redirect.erb index 69bbfd09d..209da646c 100644 --- a/apache/templates/vhost/_redirect.erb +++ b/apache/templates/vhost/_redirect.erb @@ -22,4 +22,14 @@ <% @redirectmatch_dest_a[i] ||= @redirectmatch_dest_a[0] -%> RedirectMatch <%= "#{@redirectmatch_status_a[i]} " %> <%= @redirectmatch_regexp_a[i] %> <%= @redirectmatch_dest_a[i] %> <%- end -%> +<%- elsif @redirectmatch_regexp and @redirectmatch_dest -%> +<% @redirectmatch_regexp_a = Array(@redirectmatch_regexp) -%> +<% @redirectmatch_dest_a = Array(@redirectmatch_dest) -%> + + ## RedirectMatch rules + <%- @redirectmatch_regexp_a.each_with_index do |status, i| -%> +<% @redirectmatch_regexp_a[i] ||= @redirectmatch_regexp_a[0] -%> +<% @redirectmatch_dest_a[i] ||= @redirectmatch_dest_a[0] -%> + RedirectMatch <%= @redirectmatch_regexp_a[i] %> <%= @redirectmatch_dest_a[i] %> + <%- end -%> <% end -%> diff --git a/ceph/manifests/mon.pp b/ceph/manifests/mon.pp index f1429e7df..d341d46f2 100644 --- a/ceph/manifests/mon.pp +++ b/ceph/manifests/mon.pp @@ -88,6 +88,7 @@ $init = 'sysvinit' Service { name => "ceph-mon-${id}", + provider => 'init', start => "service ceph start mon.${id}", stop => "service ceph stop mon.${id}", status => "service ceph status mon.${id}", diff --git a/ceph/spec/acceptance/ceph_usecases_spec.rb b/ceph/spec/acceptance/ceph_usecases_spec.rb index 523ce2905..fb3725dc2 100644 --- a/ceph/spec/acceptance/ceph_usecases_spec.rb +++ b/ceph/spec/acceptance/ceph_usecases_spec.rb @@ -28,7 +28,7 @@ pp = <<-EOS class { 'ceph::repo': } class { 'ceph': - fsid => generate('/usr/bin/uuidgen'), + fsid => '82274746-9a2c-426b-8c51-107fb0d890c6', mon_host => $::ipaddress, authentication_type => 'none', osd_pool_default_size => '1', @@ -44,9 +44,8 @@ class { 'ceph': ceph::osd { '/srv/data': } EOS - # due to the generate() the above is not idempotent - # so we don't run twice as usual apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) shell 'sleep 10' # we need to wait a bit until the OSD is up diff --git a/contrail/manifests/control/config.pp b/contrail/manifests/control/config.pp index 22013d28b..f7064cf3e 100644 --- a/contrail/manifests/control/config.pp +++ b/contrail/manifests/control/config.pp @@ -14,6 +14,9 @@ # [*dns_config*] # (optional) Hash of parameters for /etc/contrail/dns/contrail-dns.conf # +# [*manage_named_conf*] +# (optional) Boolean to manage or not /etc/contrail/contrail-named.conf file +# # [*control_config*] # (optional) Hash of parameters for /etc/contrail/contrail-control.conf # @@ -24,6 +27,7 @@ $secret, $forwarder = '8.8.8.8', $dns_config = {}, + $manage_named_conf = true, $control_config = {}, $control_nodemgr_config = {}, ) { @@ -51,9 +55,10 @@ $forwarders_option = '' } - file { '/etc/contrail/dns/contrail-named.conf' : - ensure => file, - content => template('contrail/contrail-named.conf.erb'), + if $manage_named_conf { + file { '/etc/contrail/dns/contrail-named.conf' : + ensure => file, + content => template('contrail/contrail-named.conf.erb'), + } } - } diff --git a/contrail/manifests/vrouter/config.pp b/contrail/manifests/vrouter/config.pp index f90e80389..1ebc18c01 100644 --- a/contrail/manifests/vrouter/config.pp +++ b/contrail/manifests/vrouter/config.pp @@ -16,6 +16,10 @@ # (optional) Network device # Defaults to 'eth0' # +# [*kmod_path*] +# (optional) full path for vrouter.ko +# Defaults to '/lib/modules/${::kernelrelease}/extra/net/vrouter/vrouter.ko +# # [*compute_device*] # (optional) Network device for Openstack compute # Defaukts to 'eth0; @@ -56,6 +60,7 @@ $vhost_ip = '127.0.0.1', $discovery_ip = '127.0.0.1', $device = 'eth0', + $kmod_path = "/lib/modules/${::kernelrelease}/extra/net/vrouter/vrouter.ko", $compute_device = 'eth0', $mask = '24', $netmask = '255.255.255.0', diff --git a/contrail/templates/vrouter/agent_param.erb b/contrail/templates/vrouter/agent_param.erb index dc82562d6..d528dac3c 100644 --- a/contrail/templates/vrouter/agent_param.erb +++ b/contrail/templates/vrouter/agent_param.erb @@ -1,7 +1,7 @@ LOG=/var/log/contrail.log CONFIG=/etc/contrail/agent.conf prog=/usr/bin/contrail-vrouter-agent -kmod=/lib/modules/3.10.0-229.el7.x86_64/extra/net/vrouter/vrouter.ko +kmod=<%= @kmod_path %> pname=contrail-vrouter-agent LIBDIR=/usr/lib64 VHOST_CFG=/etc/sysconfig/network-scripts/ifcfg-vhost0 diff --git a/elasticsearch/CHANGELOG.md b/elasticsearch/CHANGELOG.md index e7be456af..c82d38886 100644 --- a/elasticsearch/CHANGELOG.md +++ b/elasticsearch/CHANGELOG.md @@ -1,3 +1,29 @@ +##0.10.2 ( Jan 19, 2016 ) + +###Summary +Bugfix release and adding Gentoo support + +####Features +* Added Gentoo support + +####Bugfixes +* Create init script when set to unmanaged +* init_template variable was not passed on correctly to other classes / defines +* Fix issue with plugin type that caused run to stall +* Export ES_GC_LOG_FILE in init scripts + +####Changes +* Improve documentation about init_defaults +* Update common files +* Removed recurse option on data directory management +* Add retry functionality to plugin type + +####Testing changes + +####Known bugs +* Possible package conflicts when using ruby/python defines with main package name + + ##0.10.1 ( Dec 17, 2015 ) ###Summary diff --git a/elasticsearch/README.md b/elasticsearch/README.md index 413637871..0b5deaa42 100644 --- a/elasticsearch/README.md +++ b/elasticsearch/README.md @@ -127,7 +127,6 @@ elasticsearch::plugin{ 'jetty': } ``` - ####Using a proxy You can also use a proxy if required by setting the `proxy_host` and `proxy_port` options: ```puppet diff --git a/elasticsearch/lib/puppet/provider/elasticsearch_plugin/plugin.rb b/elasticsearch/lib/puppet/provider/elasticsearch_plugin/plugin.rb index 6fb29b0f5..72329c9f1 100644 --- a/elasticsearch/lib/puppet/provider/elasticsearch_plugin/plugin.rb +++ b/elasticsearch/lib/puppet/provider/elasticsearch_plugin/plugin.rb @@ -4,8 +4,15 @@ desc "A provider for the resource type `elasticsearch_plugin`, which handles plugin installation" - commands :plugin => '/usr/share/elasticsearch/bin/plugin' - commands :es => '/usr/share/elasticsearch/bin/elasticsearch' + os = Facter['osfamily'].value + if os == 'OpenBSD' + commands :plugin => '/usr/local/elasticsearch/bin/plugin' + commands :es => '/usr/local/elasticsearch/bin/elasticsearch' + commands :javapathhelper => '/usr/local/bin/javaPathHelper' + else + commands :plugin => '/usr/share/elasticsearch/bin/plugin' + commands :es => '/usr/share/elasticsearch/bin/elasticsearch' + end def exists? es_version @@ -70,11 +77,18 @@ def install2x commands end + def install_options + return @resource[:install_options].join(' ') if @resource[:install_options].is_a?(Array) + return @resource[:install_options] + end + def create es_version commands = [] commands << @resource[:proxy_args].split(' ') if @resource[:proxy_args] + commands << install_options if @resource[:install_options] commands << 'install' + commands << '--batch' if is22x? commands << install1x if is1x? commands << install2x if is2x? debug("Commands: #{commands.inspect}") @@ -100,11 +114,23 @@ def destroy def es_version return @es_version if @es_version + es_save = ENV['ES_INCLUDE'] + java_save = ENV['JAVA_HOME'] + + os = Facter['osfamily'].value + if os == 'OpenBSD' + ENV['JAVA_HOME'] = javapathhelper('-h', 'elasticsearch').chomp + ENV['ES_INCLUDE'] = '/etc/elasticsearch/elasticsearch.in.sh' + end begin version = es('-version') rescue + ENV['ES_INCLUDE'] = es_save if es_save + ENV['JAVA_HOME'] = java_save if java_save raise "Unknown ES version. Got #{version.inspect}" ensure + ENV['ES_INCLUDE'] = es_save if es_save + ENV['JAVA_HOME'] = java_save if java_save @es_version = version.scan(/\d+\.\d+\.\d+(?:\-\S+)?/).first debug "Found ES version #{@es_version}" end @@ -118,6 +144,11 @@ def is2x? (Puppet::Util::Package.versioncmp(@es_version, '2.0.0') >= 0) && (Puppet::Util::Package.versioncmp(@es_version, '3.0.0') < 0) end + def is22x? + (Puppet::Util::Package.versioncmp(@es_version, '2.2.0') >= 0) && (Puppet::Util::Package.versioncmp(@es_version, '3.0.0') < 0) + end + + def plugin_version(plugin_name) vendor, plugin, version = plugin_name.split('/') return @es_version if is2x? && version.nil? diff --git a/elasticsearch/lib/puppet/type/elasticsearch_plugin.rb b/elasticsearch/lib/puppet/type/elasticsearch_plugin.rb index 145880f28..6cf9c34a9 100644 --- a/elasticsearch/lib/puppet/type/elasticsearch_plugin.rb +++ b/elasticsearch/lib/puppet/type/elasticsearch_plugin.rb @@ -28,4 +28,8 @@ defaultto '/usr/share/elasticsearch/plugins' end + newparam(:install_options) do + desc 'Installation options' + end + end diff --git a/elasticsearch/manifests/config.pp b/elasticsearch/manifests/config.pp index a7b5d830b..fc2a89a31 100644 --- a/elasticsearch/manifests/config.pp +++ b/elasticsearch/manifests/config.pp @@ -48,7 +48,7 @@ mode => '0644', } - file { $elasticsearch::params::logdir: + file { $elasticsearch::logdir: ensure => 'directory', group => undef, mode => '0644', @@ -59,12 +59,6 @@ ensure => 'directory', } - file { "${elasticsearch::params::homedir}/bin": - ensure => 'directory', - recurse => true, - mode => '0755', - } - file { $elasticsearch::datadir: ensure => 'directory', } @@ -115,10 +109,12 @@ } $new_init_defaults = { 'CONF_DIR' => $elasticsearch::configdir } - augeas { "${elasticsearch::params::defaults_location}/elasticsearch": - incl => "${elasticsearch::params::defaults_location}/elasticsearch", - lens => 'Shellvars.lns', - changes => template("${module_name}/etc/sysconfig/defaults.erb"), + if $elasticsearch::params::defaults_location { + augeas { "${elasticsearch::params::defaults_location}/elasticsearch": + incl => "${elasticsearch::params::defaults_location}/elasticsearch", + lens => 'Shellvars.lns', + changes => template("${module_name}/etc/sysconfig/defaults.erb"), + } } file { '/etc/elasticsearch/elasticsearch.yml': diff --git a/elasticsearch/manifests/init.pp b/elasticsearch/manifests/init.pp index 0792cb59e..3aeb440e0 100644 --- a/elasticsearch/manifests/init.pp +++ b/elasticsearch/manifests/init.pp @@ -230,6 +230,7 @@ $init_template = "${module_name}/etc/init.d/${elasticsearch::params::init_template}", $config = undef, $datadir = $elasticsearch::params::datadir, + $logdir = $elasticsearch::params::logdir, $plugindir = $elasticsearch::params::plugindir, $plugintool = $elasticsearch::params::plugintool, $java_install = false, diff --git a/elasticsearch/manifests/instance.pp b/elasticsearch/manifests/instance.pp index a3bd6739f..ec78edd70 100644 --- a/elasticsearch/manifests/instance.pp +++ b/elasticsearch/manifests/instance.pp @@ -64,6 +64,9 @@ # [*init_defaults_file*] # Defaults file as puppet resource # +# [*service_flags*] +# Service flags used for the OpenBSD service configuration, defaults to undef. +# # === Authors # # * Richard Pijnenburg @@ -74,10 +77,12 @@ $config = undef, $configdir = undef, $datadir = undef, + $logdir = undef, $logging_file = undef, $logging_config = undef, $logging_template = undef, $logging_level = $elasticsearch::default_logging_level, + $service_flags = undef, $init_defaults = undef, $init_defaults_file = undef, $init_template = $elasticsearch::init_template @@ -200,6 +205,34 @@ $dirs = $instance_datadir } + # Manage instance log directory + if ($logdir == undef) { + $instance_logdir = "${elasticsearch::logdir}/${name}" + } else { + $instance_logdir = $logdir + } + + if(has_key($instance_config, 'path.logs')) { + $instance_logdir_config = { 'path.logs' => $instance_logdir } + } elsif(has_key($instance_config, 'path')) { + if(has_key($instance_config['path'], 'logs')) { + $instance_logdir_config = { 'path' => { 'logs' => $instance_logdir } } + } else { + $instance_logdir_config = { 'path.logs' => $instance_logdir } + } + } else { + $instance_logdir_config = { 'path.logs' => $instance_logdir } + } + + file { $instance_logdir: + ensure => 'directory', + owner => $elasticsearch::elasticsearch_user, + group => undef, + mode => '0644', + require => Class['elasticsearch::package'], + before => Elasticsearch::Service[$name], + } + exec { "mkdir_datadir_elasticsearch_${name}": command => "mkdir -p ${dirs}", creates => $instance_datadir, @@ -248,7 +281,7 @@ } # build up new config - $instance_conf = merge($main_config, $instance_node_name, $instance_config, $instance_datadir_config) + $instance_conf = merge($main_config, $instance_node_name, $instance_config, $instance_datadir_config, $instance_logdir_config) # defaults file content # ensure user did not provide both init_defaults and init_defaults_file @@ -262,7 +295,7 @@ $global_init_defaults = { } } - $instance_init_defaults_main = { 'CONF_DIR' => $instance_configdir, 'CONF_FILE' => "${instance_configdir}/elasticsearch.yml", 'LOG_DIR' => "/var/log/elasticsearch/${name}", 'ES_HOME' => '/usr/share/elasticsearch' } + $instance_init_defaults_main = { 'CONF_DIR' => $instance_configdir, 'CONF_FILE' => "${instance_configdir}/elasticsearch.yml", 'LOG_DIR' => $instance_logdir, 'ES_HOME' => '/usr/share/elasticsearch' } if (is_hash($init_defaults)) { $instance_init_defaults = $init_defaults @@ -307,6 +340,7 @@ elasticsearch::service { $name: ensure => $ensure, status => $status, + service_flags => $service_flags, init_defaults => $init_defaults_new, init_defaults_file => $init_defaults_file, init_template => $init_template, diff --git a/elasticsearch/manifests/package.pp b/elasticsearch/manifests/package.pp index 5e3caa9f5..e8d7e26ff 100644 --- a/elasticsearch/manifests/package.pp +++ b/elasticsearch/manifests/package.pp @@ -37,15 +37,19 @@ # set params: in operation if $elasticsearch::ensure == 'present' { + Package[$elasticsearch::package_name] ~> Elasticsearch::Service <| |> + Package[$elasticsearch::package_name] ~> Exec['remove_plugin_dir'] + # Create directory to place the package file + $package_dir = $elasticsearch::package_dir exec { 'create_package_dir_elasticsearch': cwd => '/', path => ['/usr/bin', '/bin'], - command => "mkdir -p ${elasticsearch::package_dir}", - creates => $elasticsearch::package_dir, + command => "mkdir -p ${package_dir}", + creates => $package_dir, } - file { $elasticsearch::package_dir: + file { $package_dir: ensure => 'directory', purge => $elasticsearch::purge_package_dir, force => $elasticsearch::purge_package_dir, @@ -53,7 +57,6 @@ require => Exec['create_package_dir_elasticsearch'], } - # Check if we want to install a specific version or not if $elasticsearch::version == false { @@ -77,7 +80,6 @@ default: { fail("software provider \"${elasticsearch::package_provider}\".") } } - $package_dir = $elasticsearch::package_dir $filenameArray = split($elasticsearch::package_url, '/') $basefilename = $filenameArray[-1] @@ -167,9 +169,15 @@ if ($elasticsearch::package_provider == 'package') { package { $elasticsearch::package_name: - ensure => $package_ensure, + ensure => $package_ensure, } + exec { 'remove_plugin_dir': + refreshonly => true, + command => "rm -rf ${elasticsearch::plugindir}", + } + + } else { fail("\"${elasticsearch::package_provider}\" is not supported") } diff --git a/elasticsearch/manifests/params.pp b/elasticsearch/manifests/params.pp index 0e2d76b00..249c1fcc0 100644 --- a/elasticsearch/manifests/params.pp +++ b/elasticsearch/manifests/params.pp @@ -72,6 +72,10 @@ $elasticsearch_user = 'elasticsearch' $elasticsearch_group = 'elasticsearch' } + 'OpenBSD': { + $elasticsearch_user = '_elasticsearch' + $elasticsearch_group = '_elasticsearch' + } default: { fail("\"${module_name}\" provides no user/group default value for \"${::kernel}\"") @@ -87,6 +91,9 @@ 'Darwin': { $download_tool = 'curl --insecure -o' } + 'OpenBSD': { + $download_tool = 'ftp -o' + } default: { fail("\"${module_name}\" provides no download tool default value for \"${::kernel}\"") @@ -105,6 +112,16 @@ $plugintool = "${homedir}/bin/plugin" $datadir = '/usr/share/elasticsearch/data' } + 'OpenBSD': { + $configdir = '/etc/elasticsearch' + $logdir = '/var/log/elasticsearch' + $package_dir = '/var/cache/elasticsearch' + $installpath = undef + $homedir = '/usr/local/elasticsearch' + $plugindir = "${homedir}/plugins" + $plugintool = "${homedir}/bin/plugin" + $datadir = '/var/elasticsearch/data' + } default: { fail("\"${module_name}\" provides no config directory default value for \"${::kernel}\"") @@ -124,6 +141,12 @@ 'OpenSuSE': { $package = [ 'elasticsearch' ] } + 'Gentoo': { + $package = [ 'app-misc/elasticsearch' ] + } + 'OpenBSD': { + $package = [ 'elasticsearch' ] + } default: { fail("\"${module_name}\" provides no package default value for \"${::operatingsystem}\"") @@ -211,6 +234,26 @@ $init_template = 'elasticsearch.systemd.erb' $pid_dir = '/var/run/elasticsearch' } + 'Gentoo': { + $service_name = 'elasticsearch' + $service_hasrestart = true + $service_hasstatus = true + $service_pattern = $service_name + $service_providers = 'openrc' + $defaults_location = '/etc/conf.d' + $init_template = 'elasticsearch.openrc.erb' + $pid_dir = '/run/elasticsearch' + } + 'OpenBSD': { + $service_name = 'elasticsearch' + $service_hasrestart = true + $service_hasstatus = true + $service_pattern = undef + $service_providers = 'openbsd' + $defaults_location = undef + $init_template = 'elasticsearch.OpenBSD.erb' + $pid_dir = '/var/run/elasticsearch' + } default: { fail("\"${module_name}\" provides no service parameters for \"${::operatingsystem}\"") diff --git a/elasticsearch/manifests/plugin.pp b/elasticsearch/manifests/plugin.pp index 5e8dc0190..e84747dd9 100644 --- a/elasticsearch/manifests/plugin.pp +++ b/elasticsearch/manifests/plugin.pp @@ -68,13 +68,14 @@ # * Richard Pijnenburg # define elasticsearch::plugin( - $instances, - $module_dir = undef, - $ensure = 'present', - $url = undef, - $source = undef, - $proxy_host = undef, - $proxy_port = undef, + $instances, + $module_dir = undef, + $ensure = 'present', + $url = undef, + $source = undef, + $proxy_host = undef, + $proxy_port = undef, + $install_options = undef ) { include elasticsearch @@ -117,6 +118,7 @@ file { $file_source: ensure => 'file', source => $source, + before => Elasticsearch_plugin[$name], } } elsif ($url != undef) { @@ -127,11 +129,13 @@ 'installed', 'present': { elasticsearch_plugin { $name: - ensure => 'present', - source => $file_source, - url => $url, - proxy_args => $proxy, - notify => $notify_service, + ensure => 'present', + source => $file_source, + url => $url, + proxy_args => $proxy, + plugin_dir => $::elasticsearch::plugindir, + install_options => $install_options, + notify => $notify_service, } } diff --git a/elasticsearch/manifests/service.pp b/elasticsearch/manifests/service.pp index 7cd0dfa36..f620208ac 100644 --- a/elasticsearch/manifests/service.pp +++ b/elasticsearch/manifests/service.pp @@ -50,6 +50,9 @@ # [*init_template*] # Service file as a template # +# [*service_flags*] +# Service flags, used on OpenBSD for service configuration +# # === Authors # # * Richard Pijnenburg @@ -60,6 +63,7 @@ $init_defaults_file = undef, $init_defaults = undef, $init_template = undef, + $service_flags = undef, ) { case $elasticsearch::real_service_provider { @@ -73,6 +77,14 @@ init_template => $init_template, } } + 'openbsd': { + elasticsearch::service::openbsd { $name: + ensure => $ensure, + status => $status, + init_template => $init_template, + service_flags => $service_flags, + } + } 'systemd': { elasticsearch::service::systemd { $name: ensure => $ensure, @@ -82,6 +94,15 @@ init_template => $init_template, } } + 'openrc': { + elasticsearch::service::openrc { $name: + ensure => $ensure, + status => $status, + init_defaults_file => $init_defaults_file, + init_defaults => $init_defaults, + init_template => $init_template, + } + } default: { fail("Unknown service provider ${elasticsearch::real_service_provider}") } diff --git a/elasticsearch/manifests/service/openbsd.pp b/elasticsearch/manifests/service/openbsd.pp new file mode 100644 index 000000000..771646007 --- /dev/null +++ b/elasticsearch/manifests/service/openbsd.pp @@ -0,0 +1,156 @@ +# == Define: elasticsearch::service::openbsd +# +# This class exists to coordinate all service management related actions, +# functionality and logical units in a central place. +# +# Note: "service" is the Puppet term and type for background processes +# in general and is used in a platform-independent way. E.g. "service" means +# "daemon" in relation to Unix-like systems. +# +# +# === Parameters +# +# [*ensure*] +# String. Controls if the managed resources shall be present or +# absent. If set to absent: +# * The managed software packages are being uninstalled. +# * Any traces of the packages will be purged as good as possible. This may +# include existing configuration files. The exact behavior is provider +# dependent. Q.v.: +# * Puppet type reference: {package, "purgeable"}[http://j.mp/xbxmNP] +# * {Puppet's package provider source code}[http://j.mp/wtVCaL] +# * System modifications (if any) will be reverted as good as possible +# (e.g. removal of created users, services, changed log settings, ...). +# * This is thus destructive and should be used with care. +# Defaults to present. +# +# [*status*] +# String to define the status of the service. Possible values: +# * enabled: Service is running and will be started at boot time. +# * disabled: Service is stopped and will not be started at boot +# time. +# * running: Service is running but will not be started at boot time. +# You can use this to start a service on the first Puppet run instead of +# the system startup. +# * unmanaged: Service will not be started at boot time and Puppet +# does not care whether the service is running or not. For example, this may +# be useful if a cluster management software is used to decide when to start +# the service plus assuring it is running on the desired node. +# Defaults to enabled. The singular form ("service") is used for the +# sake of convenience. Of course, the defined status affects all services if +# more than one is managed (see service.pp to check if this is the +# case). +# +# [*pid_dir*] +# String, directory where to store the serice pid file +# +# [*init_template*] +# Service file as a template +# +# [*service_flags*] +# String, flags to pass to the service +# +# === Authors +# +# * Richard Pijnenburg +# +define elasticsearch::service::openbsd( + $ensure = $elasticsearch::ensure, + $status = $elasticsearch::status, + $pid_dir = $elasticsearch::pid_dir, + $init_template = $elasticsearch::init_template, + $service_flags = undef, +) { + + #### Service management + + # set params: in operation + if $ensure == 'present' { + + case $status { + # make sure service is currently running, start it on boot + 'enabled': { + $service_ensure = 'running' + $service_enable = true + } + # make sure service is currently stopped, do not start it on boot + 'disabled': { + $service_ensure = 'stopped' + $service_enable = false + } + # make sure service is currently running, do not start it on boot + 'running': { + $service_ensure = 'running' + $service_enable = false + } + # do not start service on boot, do not care whether currently running + # or not + 'unmanaged': { + $service_ensure = undef + $service_enable = false + } + # unknown status + # note: don't forget to update the parameter check in init.pp if you + # add a new or change an existing status. + default: { + fail("\"${status}\" is an unknown service status value") + } + } + + # set params: removal + } else { + + # make sure the service is stopped and disabled (the removal itself will be + # done by package.pp) + $service_ensure = 'stopped' + $service_enable = false + + } + + $notify_service = $elasticsearch::restart_on_change ? { + true => Service["elasticsearch-instance-${name}"], + false => undef, + } + + if ( $status != 'unmanaged' and $ensure == 'present' ) { + + # init file from template + if ($init_template != undef) { + + file { "/etc/rc.d/elasticsearch_${name}": + ensure => $ensure, + content => template($init_template), + owner => 'root', + group => '0', + mode => '0555', + before => Service["elasticsearch-instance-${name}"], + notify => $notify_service, + } + + } + + } elsif ($status != 'unmanaged') { + + file { "/etc/rc.d/elasticsearch_${name}": + ensure => 'absent', + subscribe => Service["elasticsearch-instance-${name}"], + } + + } + + if ( $status != 'unmanaged') { + + # action + service { "elasticsearch-instance-${name}": + ensure => $service_ensure, + enable => $service_enable, + name => "elasticsearch_${name}", + flags => $service_flags, + hasstatus => $elasticsearch::params::service_hasstatus, + hasrestart => $elasticsearch::params::service_hasrestart, + pattern => $elasticsearch::params::service_pattern, + } + + } + +} diff --git a/elasticsearch/manifests/service/openrc.pp b/elasticsearch/manifests/service/openrc.pp new file mode 100644 index 000000000..b1d96483c --- /dev/null +++ b/elasticsearch/manifests/service/openrc.pp @@ -0,0 +1,195 @@ +# == Define: elasticsearch::service::init +# +# This class exists to coordinate all service management related actions, +# functionality and logical units in a central place. +# +# Note: "service" is the Puppet term and type for background processes +# in general and is used in a platform-independent way. E.g. "service" means +# "daemon" in relation to Unix-like systems. +# +# +# === Parameters +# +# [*ensure*] +# String. Controls if the managed resources shall be present or +# absent. If set to absent: +# * The managed software packages are being uninstalled. +# * Any traces of the packages will be purged as good as possible. This may +# include existing configuration files. The exact behavior is provider +# dependent. Q.v.: +# * Puppet type reference: {package, "purgeable"}[http://j.mp/xbxmNP] +# * {Puppet's package provider source code}[http://j.mp/wtVCaL] +# * System modifications (if any) will be reverted as good as possible +# (e.g. removal of created users, services, changed log settings, ...). +# * This is thus destructive and should be used with care. +# Defaults to present. +# +# [*status*] +# String to define the status of the service. Possible values: +# * enabled: Service is running and will be started at boot time. +# * disabled: Service is stopped and will not be started at boot +# time. +# * running: Service is running but will not be started at boot time. +# You can use this to start a service on the first Puppet run instead of +# the system startup. +# * unmanaged: Service will not be started at boot time and Puppet +# does not care whether the service is running or not. For example, this may +# be useful if a cluster management software is used to decide when to start +# the service plus assuring it is running on the desired node. +# Defaults to enabled. The singular form ("service") is used for the +# sake of convenience. Of course, the defined status affects all services if +# more than one is managed (see service.pp to check if this is the +# case). +# +# [*init_defaults*] +# Defaults file content in hash representation +# +# [*init_defaults_file*] +# Defaults file as puppet resource +# +# [*init_template*] +# Service file as a template +# +# === Authors +# +# * Richard Pijnenburg +# +define elasticsearch::service::openrc( + $ensure = $elasticsearch::ensure, + $status = $elasticsearch::status, + $init_defaults_file = undef, + $init_defaults = undef, + $init_template = undef, +) { + + #### Service management + + # set params: in operation + if $ensure == 'present' { + + case $status { + # make sure service is currently running, start it on boot + 'enabled': { + $service_ensure = 'running' + $service_enable = true + } + # make sure service is currently stopped, do not start it on boot + 'disabled': { + $service_ensure = 'stopped' + $service_enable = false + } + # make sure service is currently running, do not start it on boot + 'running': { + $service_ensure = 'running' + $service_enable = false + } + # do not start service on boot, do not care whether currently running + # or not + 'unmanaged': { + $service_ensure = undef + $service_enable = false + } + # unknown status + # note: don't forget to update the parameter check in init.pp if you + # add a new or change an existing status. + default: { + fail("\"${status}\" is an unknown service status value") + } + } + + # set params: removal + } else { + + # make sure the service is stopped and disabled (the removal itself will be + # done by package.pp) + $service_ensure = 'stopped' + $service_enable = false + + } + + $notify_service = $elasticsearch::restart_on_change ? { + true => Service["elasticsearch-instance-${name}"], + false => undef, + } + + + if ( $status != 'unmanaged' and $ensure == 'present' ) { + + # defaults file content. Either from a hash or file + if ($init_defaults_file != undef) { + file { "${elasticsearch::params::defaults_location}/elasticsearch.${name}": + ensure => $ensure, + source => $init_defaults_file, + owner => 'root', + group => 'root', + mode => '0644', + before => Service["elasticsearch-instance-${name}"], + notify => $notify_service, + } + + } elsif ($init_defaults != undef and is_hash($init_defaults) ) { + + if(has_key($init_defaults, 'ES_USER')) { + if($init_defaults['ES_USER'] != $elasticsearch::elasticsearch_user) { + fail('Found ES_USER setting for init_defaults but is not same as elasticsearch_user setting. Please use elasticsearch_user setting.') + } + } + + $init_defaults_pre_hash = { 'ES_USER' => $elasticsearch::elasticsearch_user, 'ES_GROUP' => $elasticsearch::elasticsearch_group, 'MAX_OPEN_FILES' => '65535' } + $new_init_defaults = merge($init_defaults_pre_hash, $init_defaults) + + augeas { "defaults_${name}": + incl => "${elasticsearch::params::defaults_location}/elasticsearch.${name}", + lens => 'Shellvars.lns', + changes => template("${module_name}/etc/sysconfig/defaults.erb"), + before => Service["elasticsearch-instance-${name}"], + notify => $notify_service, + } + + } + + # init file from template + if ($init_template != undef) { + + file { "/etc/init.d/elasticsearch.${name}": + ensure => $ensure, + content => template($init_template), + owner => 'root', + group => 'root', + mode => '0755', + before => Service["elasticsearch-instance-${name}"], + notify => $notify_service, + } + + } + + } elsif ($status != 'unmanaged') { + + file { "/etc/init.d/elasticsearch.${name}": + ensure => 'absent', + subscribe => Service["elasticsearch-instance-${name}"], + } + + file { "${elasticsearch::params::defaults_location}/elasticsearch.${name}": + ensure => 'absent', + subscribe => Service["elasticsearch.${$name}"], + } + + } + + + if ( $status != 'unmanaged') { + + # action + service { "elasticsearch-instance-${name}": + ensure => $service_ensure, + enable => $service_enable, + name => "elasticsearch.${name}", + hasstatus => $elasticsearch::params::service_hasstatus, + hasrestart => $elasticsearch::params::service_hasrestart, + pattern => $elasticsearch::params::service_pattern, + } + + } + +} diff --git a/elasticsearch/metadata.json b/elasticsearch/metadata.json index 883fbfab3..db24e41b1 100644 --- a/elasticsearch/metadata.json +++ b/elasticsearch/metadata.json @@ -1,6 +1,6 @@ { "name": "elasticsearch-elasticsearch", - "version": "0.10.1", + "version": "0.10.2", "source": "https://github.com/elastic/puppet-elasticsearch", "author": "elasticsearch", "license": "Apache-2.0", diff --git a/elasticsearch/spec/acceptance/021_es2x_spec.rb b/elasticsearch/spec/acceptance/021_es2x_spec.rb index f119facaf..2a3bc26c4 100644 --- a/elasticsearch/spec/acceptance/021_es2x_spec.rb +++ b/elasticsearch/spec/acceptance/021_es2x_spec.rb @@ -169,6 +169,8 @@ pp = "class { 'elasticsearch': config => { 'node.name' => 'elasticsearch001', 'cluster.name' => '#{test_settings['cluster_name']}' }, manage_repo => true, repo_version => '#{test_settings['repo_version2x']}', java_install => true, version => '2.0.0' } elasticsearch::instance { 'es-01': config => { 'node.name' => 'elasticsearch001', 'http.port' => '#{test_settings['port_a']}' } } elasticsearch::plugin{'cloud-aws': instances => 'es-01' } + elasticsearch::plugin{'marvel-agent': instances => 'es-01' } + elasticsearch::plugin{'license': instances => 'es-01' } " # Run it twice and test for idempotency @@ -192,6 +194,8 @@ pp = "class { 'elasticsearch': config => { 'node.name' => 'elasticsearch001', 'cluster.name' => '#{test_settings['cluster_name']}' }, manage_repo => true, repo_version => '#{test_settings['repo_version2x']}', java_install => true, version => '2.0.1' } elasticsearch::instance { 'es-01': config => { 'node.name' => 'elasticsearch001', 'http.port' => '#{test_settings['port_a']}' } } elasticsearch::plugin{'cloud-aws': instances => 'es-01' } + elasticsearch::plugin{'marvel-agent': instances => 'es-01' } + elasticsearch::plugin{'license': instances => 'es-01' } " # Run it twice and test for idempotency diff --git a/elasticsearch/spec/acceptance/022_upgrade_spec.rb b/elasticsearch/spec/acceptance/022_upgrade_spec.rb new file mode 100644 index 000000000..80d4f8ea0 --- /dev/null +++ b/elasticsearch/spec/acceptance/022_upgrade_spec.rb @@ -0,0 +1,48 @@ +require 'spec_helper_acceptance' + +describe "elasticsearch 2x:" do + + shell("mkdir -p #{default['distmoduledir']}/another/files") + shell("cp /tmp/elasticsearch-kopf.zip #{default['distmoduledir']}/another/files/elasticsearch-kopf.zip") + + describe 'upgrading', :upgrade => true do + + describe 'Setup 2.0.0' do + it 'should run successful' do + pp = "class { 'elasticsearch': config => { 'node.name' => 'elasticsearch001', 'cluster.name' => '#{test_settings['cluster_name']}' }, manage_repo => true, repo_version => '#{test_settings['repo_version2x']}', java_install => true, version => '2.0.0' } + elasticsearch::instance { 'es-01': config => { 'node.name' => 'elasticsearch001', 'http.port' => '#{test_settings['port_a']}' } } + " + + # Run it twice and test for idempotency + apply_manifest(pp, :catch_failures => true) + expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero + + end + + it 'make sure elasticsearch runs with the correct version' do + curl_with_retries('Correct version', default, "http://localhost:#{test_settings['port_a']}/ | grep 2.0.0", 0) + end + + + end + + describe "Upgrade to 2.0.1" do + it 'Should run succesful' do + pp = "class { 'elasticsearch': config => { 'node.name' => 'elasticsearch001', 'cluster.name' => '#{test_settings['cluster_name']}' }, manage_repo => true, repo_version => '#{test_settings['repo_version2x']}', java_install => true, version => '2.0.1' } + elasticsearch::instance { 'es-01': config => { 'node.name' => 'elasticsearch001', 'http.port' => '#{test_settings['port_a']}' } } + " + + # Run it twice and test for idempotency + apply_manifest(pp, :catch_failures => true) + expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero + + end + + it 'make sure elasticsearch runs with the correct version' do + curl_with_retries('correct version', default, "http://localhost:#{test_settings['port_a']}/ | grep 2.0.1", 0) + end + end + + end + +end diff --git a/elasticsearch/spec/acceptance/integration001.rb b/elasticsearch/spec/acceptance/integration001.rb index 4de68072a..7c347f116 100644 --- a/elasticsearch/spec/acceptance/integration001.rb +++ b/elasticsearch/spec/acceptance/integration001.rb @@ -97,7 +97,7 @@ it 'should run successfully' do pp = "class { 'elasticsearch': config => { 'cluster.name' => '#{test_settings['cluster_name']}'}, java_install => true, package_url => '#{test_settings['snapshot_package']}' } elasticsearch::instance { 'es-01': config => { 'node.name' => 'elasticsearch001', 'http.port' => '#{test_settings['port_a']}' } } - elasticsearch::plugin{'lmenezes/elasticsearch-kopf': instances => 'es-01' } + elasticsearch::plugin { 'lmenezes/elasticsearch-kopf': instances => 'es-01' } " # Run it twice and test for idempotency diff --git a/elasticsearch/spec/classes/000_elasticsearch_init_spec.rb b/elasticsearch/spec/classes/000_elasticsearch_init_spec.rb index 019ebc18d..0daab3ea5 100644 --- a/elasticsearch/spec/classes/000_elasticsearch_init_spec.rb +++ b/elasticsearch/spec/classes/000_elasticsearch_init_spec.rb @@ -62,10 +62,10 @@ it { should contain_file('/usr/share/elasticsearch/scripts') } it { should contain_file('/usr/share/elasticsearch') } it { should contain_file('/usr/share/elasticsearch/lib') } - # it { should contain_file('/usr/share/elasticsearch/plugins') } - it { should contain_file('/usr/share/elasticsearch/bin').with(:mode => '0755') } it { should contain_augeas("#{defaults_path}/elasticsearch") } + it { should contain_exec('remove_plugin_dir') } + # Base files if test_pid == true it { should contain_file('/usr/lib/tmpfiles.d/elasticsearch.conf') } diff --git a/elasticsearch/spec/classes/001_hiera_spec.rb b/elasticsearch/spec/classes/001_hiera_spec.rb index 00025c9af..02080f9ee 100644 --- a/elasticsearch/spec/classes/001_hiera_spec.rb +++ b/elasticsearch/spec/classes/001_hiera_spec.rb @@ -67,6 +67,7 @@ it { should contain_file('/etc/elasticsearch/es-01/logging.yml') } it { should contain_exec('mkdir_datadir_elasticsearch_es-01') } it { should contain_file('/usr/share/elasticsearch/data/es-01') } + it { should contain_file('/var/log/elasticsearch/es-01') } it { should contain_file('/etc/init.d/elasticsearch-es-01') } it { should contain_file('/etc/elasticsearch/es-01/scripts').with(:target => '/usr/share/elasticsearch/scripts') } it { should contain_datacat_fragment('main_config_es-01') } @@ -84,6 +85,7 @@ it { should contain_file('/etc/elasticsearch/es-02/logging.yml') } it { should contain_exec('mkdir_datadir_elasticsearch_es-02') } it { should contain_file('/usr/share/elasticsearch/data/es-02') } + it { should contain_file('/var/log/elasticsearch/es-02') } it { should contain_file('/etc/init.d/elasticsearch-es-02') } it { should contain_file('/etc/elasticsearch/es-02/scripts').with(:target => '/usr/share/elasticsearch/scripts') } it { should contain_datacat_fragment('main_config_es-02') } @@ -162,6 +164,7 @@ it { should contain_file('/etc/elasticsearch/default/logging.yml') } it { should contain_exec('mkdir_datadir_elasticsearch_default') } it { should contain_file('/usr/share/elasticsearch/data/default') } + it { should contain_file('/var/log/elasticsearch/default') } it { should contain_file('/etc/init.d/elasticsearch-default') } it { should contain_file('/etc/elasticsearch/default/scripts').with(:target => '/usr/share/elasticsearch/scripts') } it { should contain_datacat_fragment('main_config_default') } @@ -179,6 +182,7 @@ it { should contain_file('/etc/elasticsearch/es-01/logging.yml') } it { should contain_exec('mkdir_datadir_elasticsearch_es-01').with(:command => 'mkdir -p /usr/share/elasticsearch/data/es-01') } it { should contain_file('/usr/share/elasticsearch/data/es-01') } + it { should contain_file('/var/log/elasticsearch/es-01') } it { should contain_file('/etc/init.d/elasticsearch-es-01') } it { should contain_file('/etc/elasticsearch/es-01/scripts').with(:target => '/usr/share/elasticsearch/scripts') } it { should contain_datacat_fragment('main_config_es-01') } diff --git a/elasticsearch/spec/defines/004_elasticsearch_plugin_spec.rb b/elasticsearch/spec/defines/004_elasticsearch_plugin_spec.rb index 1438d5c56..df6b70601 100644 --- a/elasticsearch/spec/defines/004_elasticsearch_plugin_spec.rb +++ b/elasticsearch/spec/defines/004_elasticsearch_plugin_spec.rb @@ -67,7 +67,7 @@ } end it { should contain_elasticsearch__plugin('head') } - it { should contain_file('/opt/elasticsearch/swdl/plugin.zip').with(:source => 'puppet:///path/to/my/plugin.zip') } + it { should contain_file('/opt/elasticsearch/swdl/plugin.zip').with(:source => 'puppet:///path/to/my/plugin.zip', :before => 'Elasticsearch_plugin[head]') } it { should contain_elasticsearch_plugin('head').with(:ensure => 'present', :source => '/opt/elasticsearch/swdl/plugin.zip') } end diff --git a/elasticsearch/spec/defines/005_elasticsearch_instance_spec.rb b/elasticsearch/spec/defines/005_elasticsearch_instance_spec.rb index 7e831c79e..c4e83e4fd 100644 --- a/elasticsearch/spec/defines/005_elasticsearch_instance_spec.rb +++ b/elasticsearch/spec/defines/005_elasticsearch_instance_spec.rb @@ -253,6 +253,67 @@ end + context "logs directory" do + let(:pre_condition) { 'class {"elasticsearch": }' } + + context "default" do + it { should contain_file('/var/log/elasticsearch/es-01').with( :ensure => 'directory') } + it { should contain_file('/var/log/elasticsearch/').with( :ensure => 'directory') } + end + + context "single from main config " do + let(:pre_condition) { 'class {"elasticsearch": logdir => "/var/log/elasticsearch-logs" }' } + + it { should contain_file('/var/log/elasticsearch-logs').with( :ensure => 'directory') } + it { should contain_file('/var/log/elasticsearch-logs/es-01').with( :ensure => 'directory') } + end + + context "single from instance config" do + let(:pre_condition) { 'class {"elasticsearch": }' } + let :params do { + :logdir => '/var/log/elasticsearch/logs-a' + } end + + it { should contain_file('/var/log/elasticsearch/logs-a').with( :ensure => 'directory') } + + end + + context "Conflicting setting path.logs" do + let(:pre_condition) { 'class {"elasticsearch": }' } + let :params do { + :logdir => '/var/log/elasticsearch/logs-a', + :config => { 'path.logs' => '/var/log/elasticsearch/otherlogs' } + } end + + it { should contain_file('/var/log/elasticsearch/logs-a').with( :ensure => 'directory') } + it { should_not contain_file('/var/log/elasticsearch/otherlogs').with( :ensure => 'directory') } + end + + context "Conflicting setting path => logs" do + let(:pre_condition) { 'class {"elasticsearch": }' } + let :params do { + :logdir => '/var/log/elasticsearch/logs-a', + :config => { 'path' => { 'logs' => '/var/log/elasticsearch/otherlogs' } } + } end + + it { should contain_file('/var/log/elasticsearch/logs-a').with( :ensure => 'directory') } + it { should_not contain_file('/var/log/elasticsearch/otherlogs').with( :ensure => 'directory') } + end + + context "With other path options defined" do + let(:pre_condition) { 'class {"elasticsearch": }' } + let :params do { + :logdir => '/var/log/elasticsearch/logs-a', + :config => { 'path' => { 'home' => '/var/log/elasticsearch' } } + } end + + it { should contain_file('/var/log/elasticsearch/logs-a').with( :ensure => 'directory') } + end + + + end + + context "Logging" do let(:pre_condition) { 'class {"elasticsearch": }' } diff --git a/elasticsearch/templates/etc/init.d/elasticsearch.OpenBSD.erb b/elasticsearch/templates/etc/init.d/elasticsearch.OpenBSD.erb new file mode 100644 index 000000000..bc94d1874 --- /dev/null +++ b/elasticsearch/templates/etc/init.d/elasticsearch.OpenBSD.erb @@ -0,0 +1,27 @@ +#!/bin/sh +# +# This file is managed via PUPPET + +daemon="/usr/local/elasticsearch/bin/elasticsearch" +daemon_flags="-d -Des.default.path.conf=/etc/elasticsearch/<%= @name %> -p <%= @pid_dir %>/elasticsearch-<%= @name %>.pid" +daemon_user="_elasticsearch" + +. /etc/rc.d/rc.subr + +pexp="$(/usr/local/bin/javaPathHelper -c elasticsearch) .*org.elasticsearch.bootstrap.Elasticsearch.*" + +rc_reload=NO + +rc_start() { + ${rcexec} \ + "ES_INCLUDE=\"/etc/elasticsearch/elasticsearch.in.sh\" \ + "CONF_DIR=\"/etc/elasticsearch\"" \ + JAVA_HOME=\"$(/usr/local/bin/javaPathHelper -h elasticsearch)\" \ + ${daemon} ${daemon_flags}" +} + +rc_pre() { + install -d -o _elasticsearch /var/run/elasticsearch/ +} + +rc_cmd $1 diff --git a/elasticsearch/templates/etc/init.d/elasticsearch.openrc.erb b/elasticsearch/templates/etc/init.d/elasticsearch.openrc.erb new file mode 100644 index 000000000..4c95d14f6 --- /dev/null +++ b/elasticsearch/templates/etc/init.d/elasticsearch.openrc.erb @@ -0,0 +1,87 @@ +#!/sbin/runscript + +name="Elasticsearch" +description="" + +ES_USER=${ES_USER:="elasticsearch"} +ES_INSTANCE=${SVCNAME#*.} + +if [ -n "${ES_INSTANCE}" ] && [ ${SVCNAME} != "elasticsearch" ]; then + PIDFILE="/run/elasticsearch/elasticsearch.${ES_INSTANCE}.pid" + ES_BASE_PATH="/var/lib/elasticsearch/${ES_INSTANCE}" + ES_CONF_PATH="/etc/elasticsearch/${ES_INSTANCE}" + ES_LOG_PATH="/var/log/elasticsearch/${ES_INSTANCE}" +else + PIDFILE="/run/elasticsearch/elasticsearch.pid" + ES_BASE_PATH="/var/lib/elasticsearch/_default" + ES_CONF_PATH="/etc/elasticsearch" + ES_LOG_PATH="/var/log/elasticsearch/_default" +fi + +ES_DATA_PATH="${ES_BASE_PATH}/data" +ES_WORK_PATH="${ES_BASE_PATH}/work" + +export ES_INCLUDE="/usr/share/elasticsearch/bin/elasticsearch.in.sh" +export JAVA_OPTS +export ES_JAVA_OPTS +export ES_HEAP_SIZE +export ES_HEAP_NEWSIZE +export ES_DIRECT_SIZE +export ES_USE_IPV4 + +server_command="/usr/share/elasticsearch/bin/elasticsearch" +server_args=" -p ${PIDFILE} -Des.default.path.conf=\"${ES_CONF_PATH}\" -Des.default.path.data=\"${ES_DATA_PATH}\" -Des.default.path.work=\"${ES_WORK_PATH}\" -Des.default.path.logs=\"${ES_LOG_PATH}\"" + +depend() { + use net +} + +start() { + # elasticsearch -Des.config=/path/to/config/file + # elasticsearch -Des.network.host=10.0.0.4 + + [ ! -f "${ES_INCLUDE}" ] && { + eerror "${ES_INCLUDE} must be copied into place" + return 1 + } + + local conf + local conf_file + for conf in elasticsearch.yml logging.yml; do + conf_file="${ES_CONF_PATH}/${conf}" + if [ ! -f "${conf_file}" ]; then + eerror "${conf_file} must be copied into place" + return 1 + fi + done + + ebegin "Starting ${SVCNAME}" + + if [ -n "${ES_MAX_FD}" ]; then + ulimit -n ${ES_MAX_FD} + einfo "Max open filedescriptors : ${ES_MAX_FD}" + fi + + checkpath -d -o "${ES_USER}" -m750 "/var/lib/elasticsearch" + checkpath -d -o "${ES_USER}" -m750 "/var/log/elasticsearch" + checkpath -d -o "${ES_USER}" -m750 "$(dirname "${PIDFILE}")" + checkpath -d -o "${ES_USER}" -m750 "${ES_BASE_PATH}" + checkpath -d -o "${ES_USER}" -m750 "${ES_LOG_PATH}" + + start-stop-daemon --start \ + --background \ + --chdir "${ES_BASE_PATH}" \ + --user="${ES_USER}" \ + --pidfile="${PIDFILE}" \ + --exec ${server_command} -- ${server_args} + eend $? +} + +stop() { + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop \ + --pidfile=${PIDFILE} \ + --user="${ES_USER}" \ + --retry=TERM/20/KILL/5 + eend $? +} \ No newline at end of file diff --git a/fluentd/.travis.yml b/fluentd/.travis.yml new file mode 100644 index 000000000..ab9c06a35 --- /dev/null +++ b/fluentd/.travis.yml @@ -0,0 +1,26 @@ +--- +language: ruby +sudo: required +services: + - docker +script: + - bundle exec rake $COMMAND +rvm: 2.2.3 +env: + - COMMAND=lint + - COMMAND=metadata + - COMMAND=spec PUPPET_VERSION=4.3.1 + - COMMAND=spec PUPPET_VERSION=4.2.3 + - COMMAND=spec PUPPET_VERSION=4.0.0 + - COMMAND=beaker BEAKER_set=centos-6-x64 PUPPET_INSTALL_VERSION=1.3.2 PUPPET_INSTALL_TYPE=agent + - COMMAND=beaker BEAKER_set=centos-7-x64 PUPPET_INSTALL_VERSION=1.3.2 PUPPET_INSTALL_TYPE=agent + - COMMAND=beaker BEAKER_set=debian-7-amd64 PUPPET_INSTALL_VERSION=1.3.2 PUPPET_INSTALL_TYPE=agent + - COMMAND=beaker BEAKER_set=ubuntu-server-1404-x64 PUPPET_INSTALL_VERSION=1.3.2 PUPPET_INSTALL_TYPE=agent + - COMMAND=beaker BEAKER_set=centos-6-x64 PUPPET_INSTALL_VERSION=1.2.7 PUPPET_INSTALL_TYPE=agent + - COMMAND=beaker BEAKER_set=centos-7-x64 PUPPET_INSTALL_VERSION=1.2.7 PUPPET_INSTALL_TYPE=agent + - COMMAND=beaker BEAKER_set=debian-7-amd64 PUPPET_INSTALL_VERSION=1.2.7 PUPPET_INSTALL_TYPE=agent + - COMMAND=beaker BEAKER_set=ubuntu-server-1404-x64 PUPPET_INSTALL_VERSION=1.2.7 PUPPET_INSTALL_TYPE=agent + - COMMAND=beaker BEAKER_set=centos-6-x64 PUPPET_INSTALL_VERSION=1.0.1 PUPPET_INSTALL_TYPE=agent + - COMMAND=beaker BEAKER_set=centos-7-x64 PUPPET_INSTALL_VERSION=1.0.1 PUPPET_INSTALL_TYPE=agent + - COMMAND=beaker BEAKER_set=debian-7-amd64 PUPPET_INSTALL_VERSION=1.0.1 PUPPET_INSTALL_TYPE=agent + - COMMAND=beaker BEAKER_set=ubuntu-server-1404-x64 PUPPET_INSTALL_VERSION=1.0.1 PUPPET_INSTALL_TYPE=agent diff --git a/fluentd/CHANGELOG.md b/fluentd/CHANGELOG.md index 3989a7df5..5a71ce019 100644 --- a/fluentd/CHANGELOG.md +++ b/fluentd/CHANGELOG.md @@ -1,4 +1,12 @@ -## Unreleased +## 2016-02-03 - Release v. 0.4.0 + + - Support CentOS 6 + +## 2016-01-22 - Release v. 0.3.2 + + - Purge unmanaged config files + - Manage td-agent.conf file with a fully qualified path + - Fix the issue with td-agent service being enabled on each run on EL7 ## 2015-12-02 - Release v. 0.3.1 diff --git a/fluentd/Gemfile b/fluentd/Gemfile index b14d3f3a6..5aa38ecc2 100644 --- a/fluentd/Gemfile +++ b/fluentd/Gemfile @@ -1,9 +1,13 @@ source 'https://rubygems.org' gem 'puppet', ENV.fetch('PUPPET_VERSION', '>= 3.3') + gem 'rake' gem 'puppet-lint', '>= 1.0.0' +gem 'metadata-json-lint' + gem 'puppetlabs_spec_helper', '>= 0.8.2' + gem 'beaker-rspec' gem 'beaker-puppet_install_helper' -gem 'metadata-json-lint' +gem 'pry', require: false diff --git a/fluentd/README.md b/fluentd/README.md index 40283d33b..1bd02b503 100644 --- a/fluentd/README.md +++ b/fluentd/README.md @@ -1,5 +1,7 @@ # Fluentd +[![Build Status](https://travis-ci.org/soylent/konstantin-fluentd.svg?branch=master)](https://travis-ci.org/soylent/konstantin-fluentd) + Install, configure, and manage Fluentd data collector. ## Module Description @@ -12,7 +14,7 @@ Install, configure, and manage Fluentd data collector. ## Usage -### Routing events to Elasticsearch +### Routing Events To Elasticsearch ```puppet include fluentd @@ -36,7 +38,7 @@ fluentd::config { '500_elasticsearch.conf': } ``` -### Forwarding events to Fluentd aggregator +### Forwarding Events To Fluentd Aggregator ```puppet include fluentd @@ -63,8 +65,8 @@ fluentd::config { '600_forwarding.conf': All configs employ a numbering system in the resource's title that is used for ordering. When titling your config, make sure you prefix the filename with a -number, for example, '999_catch_all.conf', '500_elasticsearch.conf'. 999 has -smaller priority than 500. +number, for example, `999_catch_all.conf`, `500_elasticsearch.conf` (999 has +smaller priority than 500) ## Reference @@ -174,7 +176,7 @@ Config Hash, please see usage examples. ## Limitations -Tested only on CentOS 7, Ubuntu 14.04, Debian 7.8 +Tested on CentOS 6, CentOS 7, Ubuntu 14.04, Debian 7.8 ## Development @@ -183,10 +185,13 @@ Bug reports and pull requests are welcome! ### Running Tests $ bundle install - $ bundle exec rspec - $ bundle exec rake beaker BEAKER_set=debian-78-x64 - $ bundle exec rake beaker BEAKER_set=ubuntu-server-1404-x64 $ bundle exec rake lint + $ bundle exec rake metadata + $ bundle exec rake spec + $ bundle exec rake beaker BEAKER_set=centos-6-x64 + $ bundle exec rake beaker BEAKER_set=centos-7-x64 + $ bundle exec rake beaker BEAKER_set=debian-7-amd64 + $ bundle exec rake beaker BEAKER_set=ubuntu-server-1404-x64 Relevant Beaker docs: https://github.com/puppetlabs/beaker/blob/master/docs/How-to-Write-a-Beaker-Test-for-a-Module.md @@ -196,7 +201,7 @@ Relevant Beaker docs: https://github.com/puppetlabs/beaker/blob/master/docs/How- ## License -Copyright 2015 SPB TV AG +Copyright 2015–2016 SPB TV AG Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/fluentd/Rakefile b/fluentd/Rakefile index 150a669d9..e22dbe29a 100644 --- a/fluentd/Rakefile +++ b/fluentd/Rakefile @@ -1,16 +1,18 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' -PuppetLint.configuration.ignore_paths = ['spec/**/*.pp', 'pkg/**/*.pp'] +PuppetLint.configuration.ignore_paths = ['spec/**/*.pp', 'pkg/**/*'] desc 'Validate manifests, templates, and ruby files' task :validate do Dir['manifests/**/*.pp'].each do |manifest| sh "puppet parser validate --noop #{manifest}" end + Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file| sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/ end + Dir['templates/**/*.erb'].each do |template| sh "erb -P -x -T '-' #{template} | ruby -c" end diff --git a/fluentd/lib/puppet/parser/functions/fluent_config.rb b/fluentd/lib/puppet/parser/functions/fluent_config.rb index ac86d86c4..c75ef8f80 100644 --- a/fluentd/lib/puppet/parser/functions/fluent_config.rb +++ b/fluentd/lib/puppet/parser/functions/fluent_config.rb @@ -1,29 +1,43 @@ +# This file must be compatible with Ruby 1.8.7 in order to work on EL6. module Puppet::Parser::Functions - newfunction(:fluent_plugin_config, type: :rvalue) do |args| + + # Generate fluentd config from Hash. + newfunction(:fluent_config, :type => :rvalue) do |args| + config = args[0] + + header = "# Managed by Puppet.\n" + + # NOTE: Hash iteration order is arbitrary in ruby 1.8.7 + # https://projects.puppetlabs.com/issues/16266 + config.keys.sort.inject(header) do |result, plugin_type| + plugin_config = config[plugin_type] + result << function_fluent_plugin_config([plugin_type, plugin_config]) + end.chomp + end + + # Generate fluentd plugin config from Hash + newfunction(:fluent_plugin_config, :type => :rvalue) do |args| plugin_type = args[0] plugin_config = args[1] tag_pattern = plugin_config.delete('tag_pattern') - config_body = plugin_config.each_with_object('') do |(key, value), result| + config_body = '' + + # NOTE: Hash iteration order is arbitrary in ruby 1.8.7 + # https://projects.puppetlabs.com/issues/16266 + plugin_config.keys.sort.each do |key| + value = plugin_config[key] + if value.is_a?(Array) value.each do |plugin_sub_config| - result << function_fluent_plugin_config([key, plugin_sub_config]) + config_body << function_fluent_plugin_config([key, plugin_sub_config]) end else - result << [key, value].join(' ') << "\n" + config_body << [key, value].join(' ') << "\n" end end "<#{plugin_type} #{tag_pattern}>\n#{config_body}\n\n" end - - newfunction(:fluent_config, type: :rvalue) do |args| - config = args[0] - - header = "# Managed by Puppet.\n" - config.each_with_object(header) do |(plugin_type, plugin_config), result| - result << function_fluent_plugin_config([plugin_type, plugin_config]) - end.chomp - end end diff --git a/fluentd/lib/puppet/provider/package/tdagent.rb b/fluentd/lib/puppet/provider/package/tdagent.rb index ddcdeed52..7f53fbd49 100644 --- a/fluentd/lib/puppet/provider/package/tdagent.rb +++ b/fluentd/lib/puppet/provider/package/tdagent.rb @@ -1,3 +1,6 @@ -Puppet::Type.type(:package).provide(:tdagent, parent: :gem, source: :gem) do - commands gemcmd: '/opt/td-agent/usr/sbin/td-agent-gem' +# This file must be compatible with Ruby 1.8.7 in order to work on EL6. +module Puppet::Parser::Functions + Puppet::Type.type(:package).provide :tdagent, :parent => :gem, :source => :gem do + commands :gemcmd => '/opt/td-agent/usr/sbin/td-agent-gem' + end end diff --git a/fluentd/manifests/install.pp b/fluentd/manifests/install.pp index df95821f5..13dcd0734 100644 --- a/fluentd/manifests/install.pp +++ b/fluentd/manifests/install.pp @@ -8,7 +8,10 @@ } -> file { $fluentd::config_path: - ensure => directory, + ensure => directory, + recurse => true, + force => true, + purge => true, } -> file { $fluentd::config_file: diff --git a/fluentd/manifests/install_repo.pp b/fluentd/manifests/install_repo.pp index 40309641e..ed0a0be0c 100644 --- a/fluentd/manifests/install_repo.pp +++ b/fluentd/manifests/install_repo.pp @@ -12,7 +12,7 @@ exec { 'rpmkey': command => "rpm --import ${fluentd::repo_gpgkey}", - path => '/usr/bin', + path => '/bin:/usr/bin', refreshonly => true, } diff --git a/fluentd/manifests/params.pp b/fluentd/manifests/params.pp index 70572bbb8..22bfbcdf7 100644 --- a/fluentd/manifests/params.pp +++ b/fluentd/manifests/params.pp @@ -36,6 +36,14 @@ $service_enable = true $service_manage = true + # NOTE: Workaround for the following issue: + # https://tickets.puppetlabs.com/browse/PUP-5296 + if $::osfamily == 'redhat' { + $service_provider = 'redhat' + } else { + $service_provider = undef + } + $config_file = '/etc/td-agent/td-agent.conf' $config_path = '/etc/td-agent/config.d' } diff --git a/fluentd/manifests/service.pp b/fluentd/manifests/service.pp index 6eafeb584..157eabdaf 100644 --- a/fluentd/manifests/service.pp +++ b/fluentd/manifests/service.pp @@ -3,6 +3,7 @@ service { $fluentd::service_name: ensure => $fluentd::service_ensure, enable => $fluentd::service_enable, + provider => $fluentd::service_provider, hasstatus => true, hasrestart => true, } diff --git a/fluentd/metadata.json b/fluentd/metadata.json index 91ca80dc5..585f314dd 100644 --- a/fluentd/metadata.json +++ b/fluentd/metadata.json @@ -17,7 +17,8 @@ { "operatingsystem": "CentOS", "operatingsystemrelease": [ - "7.0" + "6", + "7" ] }, { @@ -35,7 +36,7 @@ ], "project_page": "https://github.com/soylent/konstantin-fluentd", "source": "https://github.com/soylent/konstantin-fluentd", - "summary": "Installs, configures, and manages the Fluentd service", + "summary": "Installs, configures, and manages Fluentd data collector", "tags": [ "fluentd", "fluent", @@ -43,5 +44,5 @@ "treasuredata", "logging" ], - "version": "0.3.1" + "version": "0.4.0" } diff --git a/fluentd/spec/acceptance/nodesets/centos-6-x64.yml b/fluentd/spec/acceptance/nodesets/centos-6-x64.yml new file mode 100644 index 000000000..11a8583fd --- /dev/null +++ b/fluentd/spec/acceptance/nodesets/centos-6-x64.yml @@ -0,0 +1,12 @@ +HOSTS: + centos-6-x64: + platform: el-6-x86_64 + image: centos:6 + hypervisor: docker + docker_preserve_image: true + docker_cmd: '["/sbin/init"]' + docker_image_commands: + - 'yum install -y tar' +CONFIG: + log_level: verbose + type: foss diff --git a/fluentd/spec/acceptance/nodesets/centos-7-x64.yml b/fluentd/spec/acceptance/nodesets/centos-7-x64.yml new file mode 100644 index 000000000..4ebe189c1 --- /dev/null +++ b/fluentd/spec/acceptance/nodesets/centos-7-x64.yml @@ -0,0 +1,12 @@ +HOSTS: + centos-7-x64: + platform: el-7-x86_64 + image: centos:7 + hypervisor: docker + docker_preserve_image: true + docker_cmd: '["/sbin/init"]' + docker_image_commands: + - 'yum install -y initscripts' +CONFIG: + log_level: verbose + type: foss diff --git a/fluentd/spec/acceptance/nodesets/debian-7-amd64.yml b/fluentd/spec/acceptance/nodesets/debian-7-amd64.yml new file mode 100644 index 000000000..411fd4fa3 --- /dev/null +++ b/fluentd/spec/acceptance/nodesets/debian-7-amd64.yml @@ -0,0 +1,11 @@ +HOSTS: + debian-7-amd64: + platform: debian-7-amd64 + image: debian:7 + hypervisor: docker + docker_preserve_image: true + docker_image_commands: + - 'apt-get install -y wget' +CONFIG: + log_level: verbose + type: foss diff --git a/fluentd/spec/acceptance/nodesets/debian-78-x64.yml b/fluentd/spec/acceptance/nodesets/debian-78-x64.yml deleted file mode 100644 index 762164d67..000000000 --- a/fluentd/spec/acceptance/nodesets/debian-78-x64.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - debian-78-x64: - roles: - - master - platform: debian-7-amd64 - box: puppetlabs/debian-7.8-64-nocm - box_url: https://vagrantcloud.com/puppetlabs/boxes/debian-7.8-64-nocm - hypervisor: vagrant -CONFIG: - log_level: verbose - type: foss diff --git a/fluentd/spec/acceptance/nodesets/default.yml b/fluentd/spec/acceptance/nodesets/default.yml deleted file mode 100644 index ec395054d..000000000 --- a/fluentd/spec/acceptance/nodesets/default.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - centos-70-x64: - roles: - - master - platform: el-7-x86_64 - box: puppetlabs/centos-7.0-64-nocm - box_url: https://atlas.hashicorp.com/puppetlabs/boxes/centos-7.0-64-nocm - hypervisor: vagrant -CONFIG: - log_level: verbose - type: foss diff --git a/fluentd/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml b/fluentd/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml index 7e389e71e..1e12fb865 100644 --- a/fluentd/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml +++ b/fluentd/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml @@ -1,11 +1,9 @@ HOSTS: ubuntu-server-1404-x64: - roles: - - master platform: ubuntu-14.04-amd64 - box: puppetlabs/ubuntu-14.04-64-nocm - box_url: https://vagrantcloud.com/puppetlabs/boxes/ubuntu-14.04-64-nocm - hypervisor: vagrant + image: ubuntu:14.04 + hypervisor: docker + docker_preserve_image: true CONFIG: log_level: verbose type: foss diff --git a/fluentd/spec/classes/service_spec.rb b/fluentd/spec/classes/service_spec.rb index 47d3fe69b..e293c8dd7 100644 --- a/fluentd/spec/classes/service_spec.rb +++ b/fluentd/spec/classes/service_spec.rb @@ -4,7 +4,7 @@ context 'on RedHat based system' do let(:facts) { { osfamily: 'RedHat' } } - it { is_expected.to contain_service('td-agent') } + it { is_expected.to contain_service('td-agent').with(provider: 'redhat') } end context 'on Debian based system' do @@ -12,6 +12,6 @@ { osfamily: 'Debian', lsbdistid: 'Ubuntu', lsbdistcodename: 'trusty' } end - it { is_expected.to contain_service('td-agent') } + it { is_expected.to contain_service('td-agent').without(:provider) } end end diff --git a/fluentd/spec/spec_helper_acceptance.rb b/fluentd/spec/spec_helper_acceptance.rb index 24570f7ad..a56808ad2 100644 --- a/fluentd/spec/spec_helper_acceptance.rb +++ b/fluentd/spec/spec_helper_acceptance.rb @@ -12,8 +12,8 @@ puppet_module_install(source: module_root, module_name: 'fluentd') hosts.each do |host| - on host, puppet('module', 'install', 'puppetlabs-stdlib'), acceptable_exit_codes: [0, 1] - on host, puppet('module', 'install', 'puppetlabs-apt'), acceptable_exit_codes: [0, 1] + on host, puppet('module', 'install', 'puppetlabs-stdlib') + on host, puppet('module', 'install', 'puppetlabs-apt') end end end diff --git a/mongodb/.gitignore b/mongodb/.gitignore index ac231ef02..319027749 100644 --- a/mongodb/.gitignore +++ b/mongodb/.gitignore @@ -5,7 +5,6 @@ spec/fixtures/ .vagrant/ .bundle/ coverage/ +log/ .idea/ *.iml -.ruby-* -log/ diff --git a/mongodb/.rspec b/mongodb/.rspec new file mode 100644 index 000000000..16f9cdb01 --- /dev/null +++ b/mongodb/.rspec @@ -0,0 +1,2 @@ +--color +--format documentation diff --git a/mongodb/.sync.yml b/mongodb/.sync.yml deleted file mode 100644 index ac8379073..000000000 --- a/mongodb/.sync.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -.travis.yml: - extras: - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" -spec/spec_helper.rb: - unmanaged: true diff --git a/mongodb/.travis.yml b/mongodb/.travis.yml index 7e8ed57bb..e6314a470 100644 --- a/mongodb/.travis.yml +++ b/mongodb/.travis.yml @@ -1,24 +1,19 @@ --- sudo: false language: ruby +cache: bundler bundler_args: --without system_tests -script: "bundle exec rake validate && bundle exec rake lint && bundle exec rake spec SPEC_OPTS='--format documentation'" +script: "bundle exec rake validate lint spec" matrix: fast_finish: true include: - - rvm: 1.8.7 + - rvm: 2.1.6 + env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" + - rvm: 2.1.5 + env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" + - rvm: 2.1.5 env: PUPPET_GEM_VERSION="~> 3.0" - rvm: 1.9.3 env: PUPPET_GEM_VERSION="~> 3.0" - - rvm: 2.1.5 - env: PUPPET_GEM_VERSION="~> 3.0" - - rvm: 2.1.5 - env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" - - rvm: 2.1.6 - env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" notifications: email: false diff --git a/mongodb/CONTRIBUTING.md b/mongodb/CONTRIBUTING.md index f1cbde4bb..bfeaa701c 100644 --- a/mongodb/CONTRIBUTING.md +++ b/mongodb/CONTRIBUTING.md @@ -159,7 +159,7 @@ If you already have those gems installed, make sure they are up-to-date: With all dependencies in place and up-to-date we can now run the tests: ```shell -% rake spec +% bundle exec rake spec ``` This will execute all the [rspec tests](http://rspec-puppet.com/) tests @@ -178,8 +178,8 @@ installed on your system. You can run them by issuing the following command ```shell -% rake spec_clean -% rspec spec/acceptance +% bundle exec rake spec_clean +% bundle exec rspec spec/acceptance ``` This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml), diff --git a/mongodb/Gemfile b/mongodb/Gemfile index 2b1b7cd8d..ced190e77 100644 --- a/mongodb/Gemfile +++ b/mongodb/Gemfile @@ -1,7 +1,7 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" def location_for(place, fake_version = nil) - if place =~ /^(git:[^#]*)#(.*)/ + if place =~ /^(git[:@][^#]*)#(.*)/ [fake_version, { :git => $1, :branch => $2, :require => false }].compact elsif place =~ /^file:\/\/(.*)/ ['>= 0', { :path => File.expand_path($1), :require => false }] @@ -11,14 +11,16 @@ def location_for(place, fake_version = nil) end group :development, :unit_tests do - gem 'rspec-core', '3.1.7', :require => false - gem 'puppetlabs_spec_helper', :require => false - gem 'simplecov', :require => false - gem 'puppet_facts', :require => false - gem 'json', :require => false + gem 'json', :require => false + gem 'metadata-json-lint', :require => false + gem 'puppet_facts', :require => false + gem 'puppet-blacksmith', :require => false + gem 'puppetlabs_spec_helper', :require => false + gem 'rspec-puppet', '>= 2.3.2', :require => false + gem 'simplecov', :require => false end - group :system_tests do + gem 'beaker-puppet_install_helper', :require => false if beaker_version = ENV['BEAKER_VERSION'] gem 'beaker', *location_for(beaker_version) end @@ -27,11 +29,10 @@ group :system_tests do else gem 'beaker-rspec', :require => false end - gem 'serverspec', :require => false + gem 'master_manipulator', :require => false + gem 'serverspec', :require => false end - - if facterversion = ENV['FACTER_GEM_VERSION'] gem 'facter', facterversion, :require => false else diff --git a/mongodb/Rakefile b/mongodb/Rakefile index 181157e6e..35ce31140 100644 --- a/mongodb/Rakefile +++ b/mongodb/Rakefile @@ -1,5 +1,6 @@ -require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet_blacksmith/rake_tasks' require 'puppet-lint/tasks/puppet-lint' +require 'puppetlabs_spec_helper/rake_tasks' PuppetLint.configuration.fail_on_warnings = true PuppetLint.configuration.send('relative') diff --git a/mongodb/spec/spec_helper.rb b/mongodb/spec/spec_helper.rb index 0b30d1f95..a7f5b4ecb 100644 --- a/mongodb/spec/spec_helper.rb +++ b/mongodb/spec/spec_helper.rb @@ -1,7 +1,7 @@ require 'puppetlabs_spec_helper/module_spec_helper' -RSpec.configure do |config| - config.mock_with :rspec do |c| - c.syntax = :expect - end +# put local configuration and setup into spec_helper_local +begin + require 'spec_helper_local' +rescue LoadError end diff --git a/mongodb/spec/spec_helper_local.rb b/mongodb/spec/spec_helper_local.rb new file mode 100644 index 000000000..e35501c56 --- /dev/null +++ b/mongodb/spec/spec_helper_local.rb @@ -0,0 +1,3 @@ +RSpec.configure do |config| + config.mock_with :rspec +end diff --git a/mysql/.gitignore b/mysql/.gitignore index 874db461f..319027749 100644 --- a/mysql/.gitignore +++ b/mysql/.gitignore @@ -5,6 +5,6 @@ spec/fixtures/ .vagrant/ .bundle/ coverage/ +log/ .idea/ *.iml -log/ diff --git a/mysql/.rspec b/mysql/.rspec new file mode 100644 index 000000000..16f9cdb01 --- /dev/null +++ b/mysql/.rspec @@ -0,0 +1,2 @@ +--color +--format documentation diff --git a/mysql/.sync.yml b/mysql/.sync.yml index ac8379073..80e321eb0 100644 --- a/mysql/.sync.yml +++ b/mysql/.sync.yml @@ -1,9 +1,5 @@ --- -.travis.yml: - extras: - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" -spec/spec_helper.rb: - unmanaged: true +Gemfile: + optional: + ':development, :unit_tests': + - gem: rspec-puppet-facts diff --git a/mysql/.travis.yml b/mysql/.travis.yml index c667d4d2c..e6314a470 100644 --- a/mysql/.travis.yml +++ b/mysql/.travis.yml @@ -1,24 +1,19 @@ --- sudo: false language: ruby +cache: bundler bundler_args: --without system_tests -script: "bundle exec rake validate lint spec SPEC_OPTS='--format documentation'" +script: "bundle exec rake validate lint spec" matrix: fast_finish: true include: - - rvm: 1.8.7 + - rvm: 2.1.6 + env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" + - rvm: 2.1.5 + env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" + - rvm: 2.1.5 env: PUPPET_GEM_VERSION="~> 3.0" - rvm: 1.9.3 env: PUPPET_GEM_VERSION="~> 3.0" - - rvm: 2.1.5 - env: PUPPET_GEM_VERSION="~> 3.0" - - rvm: 2.1.5 - env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" - - rvm: 2.1.6 - env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0" - - rvm: 1.8.7 - env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0" notifications: email: false diff --git a/mysql/Gemfile b/mysql/Gemfile index ee382e2e0..6b89aaee0 100644 --- a/mysql/Gemfile +++ b/mysql/Gemfile @@ -11,22 +11,17 @@ def location_for(place, fake_version = nil) end group :development, :unit_tests do - # rspec-core 3.1.7 is the last version to support ruby 1.8 - if RUBY_VERSION < '1.9' - gem 'rspec-core', '3.1.7' - else - # newer version required to avoid BKR-537 - gem 'rspec-core', '>= 3.4' - end - - gem 'puppetlabs_spec_helper', :require => false - gem 'simplecov', :require => false - gem 'json', :require => false - gem 'metadata-json-lint', :require => false - gem 'rspec-puppet-facts', :require => false + gem 'json', :require => false + gem 'metadata-json-lint', :require => false + gem 'puppet_facts', :require => false + gem 'puppet-blacksmith', :require => false + gem 'puppetlabs_spec_helper', :require => false + gem 'rspec-puppet', '>= 2.3.2', :require => false + gem 'simplecov', :require => false + gem 'rspec-puppet-facts', :require => false end - group :system_tests do + gem 'beaker-puppet_install_helper', :require => false if beaker_version = ENV['BEAKER_VERSION'] gem 'beaker', *location_for(beaker_version) end @@ -35,12 +30,10 @@ group :system_tests do else gem 'beaker-rspec', :require => false end + gem 'master_manipulator', :require => false gem 'serverspec', :require => false - gem 'beaker-puppet_install_helper', :require => false end - - if facterversion = ENV['FACTER_GEM_VERSION'] gem 'facter', facterversion, :require => false else diff --git a/mysql/Rakefile b/mysql/Rakefile index 181157e6e..35ce31140 100644 --- a/mysql/Rakefile +++ b/mysql/Rakefile @@ -1,5 +1,6 @@ -require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet_blacksmith/rake_tasks' require 'puppet-lint/tasks/puppet-lint' +require 'puppetlabs_spec_helper/rake_tasks' PuppetLint.configuration.fail_on_warnings = true PuppetLint.configuration.send('relative') diff --git a/mysql/lib/puppet/provider/mysql_grant/mysql.rb b/mysql/lib/puppet/provider/mysql_grant/mysql.rb index 8b19d2031..47f2a3f9a 100644 --- a/mysql/lib/puppet/provider/mysql_grant/mysql.rb +++ b/mysql/lib/puppet/provider/mysql_grant/mysql.rb @@ -25,7 +25,7 @@ def self.instances # Once we have the list of grants generate entries for each. grants.each_line do |grant| # Match the munges we do in the type. - munged_grant = grant.delete("'").delete("`") + munged_grant = grant.delete("'").delete("`").delete('"') # Matching: GRANT (SELECT, UPDATE) PRIVILEGES ON (*.*) TO ('root')@('127.0.0.1') (WITH GRANT OPTION) if match = munged_grant.match(/^GRANT\s(.+)\sON\s(.+)\sTO\s(.*)@(.*?)(\s.*)?$/) privileges, table, user, host, rest = match.captures diff --git a/mysql/spec/spec_helper.rb b/mysql/spec/spec_helper.rb index 6277b13b6..a7f5b4ecb 100644 --- a/mysql/spec/spec_helper.rb +++ b/mysql/spec/spec_helper.rb @@ -1,7 +1,7 @@ require 'puppetlabs_spec_helper/module_spec_helper' -require 'rspec-puppet-facts' -include RspecPuppetFacts -# The default set of platforms to test again. -ENV['UNIT_TEST_PLATFORMS'] = 'centos-6-x86_64 ubuntu-1404-x86_64' -PLATFORMS = ENV['UNIT_TEST_PLATFORMS'].split(' ') +# put local configuration and setup into spec_helper_local +begin + require 'spec_helper_local' +rescue LoadError +end diff --git a/mysql/spec/spec_helper_local.rb b/mysql/spec/spec_helper_local.rb new file mode 100644 index 000000000..9a86ccd1b --- /dev/null +++ b/mysql/spec/spec_helper_local.rb @@ -0,0 +1,3 @@ +require 'rspec-puppet-facts' +include RspecPuppetFacts + diff --git a/opendaylight/CONTRIBUTING.markdown b/opendaylight/CONTRIBUTING.markdown index 085948f69..d4d1124e4 100644 --- a/opendaylight/CONTRIBUTING.markdown +++ b/opendaylight/CONTRIBUTING.markdown @@ -171,11 +171,12 @@ There are a number of pre-defined rake tasks to simplify running common Beaker tests. ``` +[~/puppet-opendaylight]$ bundle exec rake centos_7_docker [~/puppet-opendaylight]$ bundle exec rake centos [~/puppet-opendaylight]$ bundle exec rake centos_tarball -[~/puppet-opendaylight]$ bundle exec rake fedora_20 -[~/puppet-opendaylight]$ bundle exec rake fedora_21 -[~/puppet-opendaylight]$ bundle exec rake ubuntu +[~/puppet-opendaylight]$ bundle exec rake fedora_22 +[~/puppet-opendaylight]$ bundle exec rake ubuntu_1404 +[~/puppet-opendaylight]$ bundle exec rake ubuntu_1404_docker ``` If you'd like to preserve the Beaker VM after a test run, perhaps for manual diff --git a/opendaylight/README.markdown b/opendaylight/README.markdown index 327720d35..423f687c9 100644 --- a/opendaylight/README.markdown +++ b/opendaylight/README.markdown @@ -14,6 +14,8 @@ * [Karaf Features](#karaf-features) * [Install Method](#install-method) * [Ports](#ports) + * [Log Verbosity](#log-verbosity) + * [Enabling ODL OVSDB L3](#enabling-odl-ovsdb-l3) 1. [Reference ](#reference) 1. [Limitations](#limitations) 1. [Development](#development) @@ -34,7 +36,7 @@ module's [params](#parameters). If you need a new knob, [please raise an Issue][8]. Both supported [install methods](#install-method) default to the latest -stable OpenDaylight release, which is currently [Lithium 3.2.0][18]. +stable OpenDaylight release, which is currently [a Beryllium ERP][18]. ## Setup @@ -55,21 +57,34 @@ Getting started with the OpenDaylight Puppet module is as simple as declaring the `::opendaylight` class. The [vagrant-opendaylight][11] project provides an easy way to experiment -with [applying the ODL Puppet module][12] to CentOS 7, Fedora 20 and Fedora -21 Vagrant boxes. +with [applying the ODL Puppet module][12] to CentOS 7, Fedora 22 and Fedora +23 Vagrant boxes. ``` [~/vagrant-opendaylight]$ vagrant status Current machine states: -cent7 not created (virtualbox) -cent7_pup_rpm not created (virtualbox) -cent7_ansible not created (virtualbox) -cent7_pup_tb not created (virtualbox) -cent7_rpm not created (virtualbox) -f21_pup_rpm not created (virtualbox) -f21_pup_tb not created (virtualbox) -f21_rpm not created (virtualbox) +cent7 not created (libvirt) +cent7_rpm_he_sr4 not created (libvirt) +cent7_rpm_li_sr2 not created (libvirt) +cent7_rpm_be not created (libvirt) +cent7_ansible not created (libvirt) +cent7_ansible_be not created (libvirt) +cent7_ansible_path not created (libvirt) +cent7_pup_rpm not created (libvirt) +cent7_pup_custom_logs not created (libvirt) +cent7_pup_tb not created (libvirt) +f22_rpm_li not created (libvirt) +f22_ansible not created (libvirt) +f22_pup_rpm not created (libvirt) +f23_rpm_li not created (libvirt) +f23_rpm_li_sr1 not created (libvirt) +f23_rpm_li_sr2 not created (libvirt) +f23_rpm_li_sr3 not created (libvirt) +f23_rpm_be not created (libvirt) +f23_ansible not created (libvirt) +f23_pup_rpm not created (libvirt) + [~/vagrant-opendaylight]$ vagrant up cent7_pup_rpm # A CentOS 7 VM is created and configured using the ODL Puppet mod's defaults [~/vagrant-opendaylight]$ vagrant ssh cent7_pup_rpm @@ -147,6 +162,27 @@ class { 'opendaylight': } ``` +### Log Verbosity + +It's possible to define custom logger verbosity levels via the `log_levels` +param. + +```puppet +class { 'opendaylight': + log_levels => { 'org.opendaylight.ovsdb' => 'TRACE', 'org.opendaylight.ovsdb.lib' => 'INFO' }, +} +``` + +### Enabling ODL OVSDB L3 + +To enable the ODL OVSDB L3, use the `enable_l3` flag. It's disabled by default. + +```puppet +class { 'opendaylight': + enable_l3 => true, +} +``` + ## Reference ### Classes @@ -207,6 +243,69 @@ Default: `'8080'` Valid options: A valid port number as a string or integer. +##### `log_levels` + +Custom OpenDaylight logger verbosity configuration. + +Default: `{}` + +Valid options: A hash of loggers to log levels. + +``` +{ 'org.opendaylight.ovsdb' => 'TRACE', 'org.opendaylight.ovsdb.lib' => 'INFO' } +``` + +Valid log levels are TRACE, DEBUG, INFO, WARN, and ERROR. + +The above example would add the following logging configuration to +`/opt/opendaylight/etc/org.ops4j.pax.logging.cfg`. + +``` +# Log level config added by puppet-opendaylight +log4j.logger.org.opendaylight.ovsdb = TRACE + +# Log level config added by puppet-opendaylight +log4j.logger.org.opendaylight.ovsdb.lib = INFO +``` + +To view loggers and their verbosity levels, use `log:list` at the ODL Karaf shell. + +``` +opendaylight-user@root>log:list +Logger | Level +---------------------------------- +ROOT | INFO +org.opendaylight.ovsdb | TRACE +org.opendaylight.ovsdb.lib | INFO +``` + +The main log output file is `/opt/opendaylight/data/log/karaf.log`. + +##### `enable_l3` + +Enable or disable ODL OVSDB L3 forwarding. + +Default: `'no'` + +Valid options: The strings `'yes'` or `'no'` or boolean values `true` and `false`. + +The ODL OVSDB L3 config in `/opt/opendaylight/etc/custom.properties` is set to +the value of the `enable_l3` param. + +A manifest like + +```puppet +class { 'opendaylight': + enable_l3 => true, +} +``` + +Would would result in + +``` +ovsdb.l3.fwd.enabled=yes +``` + ##### `tarball_url` Specifies the ODL tarball to use when installing via the tarball install @@ -230,12 +329,10 @@ tarball) as a string. ## Limitations -* Tested on Fedora 20, 21, CentOS 7 and Ubuntu 14.04. +* Tested on Fedora 22, 23, CentOS 7 and Ubuntu 14.04. * CentOS 7 is currently the most stable OS option. * The RPM install method is likely more reliable than the tarball install method. -* Our [Fedora 21 Beaker tests are failing][13], but it seems to be an issue -with the Vagrant image, not the Puppet mod. ## Development @@ -267,4 +364,4 @@ See our [git commit history][17] for contributor information. [15]: https://github.com/dfarrell07/puppet-opendaylight/blob/master/CHANGELOG [16]: https://github.com/dfarrell07/puppet-opendaylight/releases [17]: https://github.com/dfarrell07/puppet-opendaylight/commits/master -[18]: https://www.opendaylight.org/software/downloads/lithium +[18]: http://cbs.centos.org/repos/nfv7-opendaylight-4-testing/x86_64/os/Packages/ diff --git a/opendaylight/Rakefile b/opendaylight/Rakefile index a36f79c39..bf0758f47 100644 --- a/opendaylight/Rakefile +++ b/opendaylight/Rakefile @@ -65,16 +65,6 @@ task :centos_7_docker do sh "RS_SET=centos-7-docker INSTALL_METHOD=rpm bundle exec rake beaker" end -desc "Run Beaker tests against Fedora 20 node." -task :fedora_20 do - sh "RS_SET=fedora-20 INSTALL_METHOD=rpm bundle exec rake beaker" -end - -desc "Run Beaker tests against Fedora 21 node." -task :fedora_21 do - sh "RS_SET=fedora-21 INSTALL_METHOD=rpm bundle exec rake beaker" -end - desc "Run Beaker tests against Fedora 22 node." task :fedora_22 do sh "RS_SET=fedora-22 INSTALL_METHOD=rpm bundle exec rake beaker" diff --git a/opendaylight/Vagrantfile b/opendaylight/Vagrantfile index 015762ffc..aaacf894c 100644 --- a/opendaylight/Vagrantfile +++ b/opendaylight/Vagrantfile @@ -3,9 +3,11 @@ Vagrant.configure(2) do |config| + # Re-map sync'd dir so it has the same name as the module # Not doing this causes `puppet apply` to fail at catalog compile config.vm.synced_folder ".", "/home/vagrant/puppet-opendaylight", type: "rsync" config.vm.synced_folder ".", "/vagrant", disabled: true + config.vm.synced_folder ".", "/home/vagrant/sync", disabled: true # We run out of RAM once ODL starts with default 500MB config.vm.provider :libvirt do |libvirt| @@ -44,4 +46,37 @@ EOF f23.vm.provision "shell", inline: "systemctl start docker" f23.vm.provision "shell", inline: "systemctl enable docker" end + + config.vm.define "cent7" do |cent7| + cent7.vm.box = "centos/7" + + cent7.vm.provision "shell", inline: "yum update -y" + + # Install required gems via Bundler + cent7.vm.provision "shell", inline: "yum install -y rubygems ruby-devel gcc-c++ zlib-devel patch redhat-rpm-config make" + cent7.vm.provision "shell", inline: "gem install bundler" + cent7.vm.provision "shell", inline: "echo export PATH=$PATH:/usr/local/bin >> /home/vagrant/.bashrc" + cent7.vm.provision "shell", inline: "echo export PATH=$PATH:/usr/local/bin >> /root/.bashrc" + cent7.vm.provision "shell", inline: 'su -c "cd /home/vagrant/puppet-opendaylight; bundle install" vagrant' + cent7.vm.provision "shell", inline: 'su -c "cd /home/vagrant/puppet-opendaylight; bundle update" vagrant' + + # Git is required for cloning Puppet module deps in `rake test` + cent7.vm.provision "shell", inline: "yum install -y git" + + # Install Docker for Docker-based Beaker tests + cent7.vm.provision "shell", inline: "tee /etc/yum.repos.d/docker.repo <<-'EOF' +[dockerrepo] +name=Docker Repository +baseurl=https://yum.dockerproject.org/repo/main/centos/$releasever/ +enabled=1 +gpgcheck=1 +gpgkey=https://yum.dockerproject.org/gpg +EOF +" + cent7.vm.provision "shell", inline: "yum install -y docker-engine" + cent7.vm.provision "shell", inline: "usermod -a -G docker vagrant" + cent7.vm.provision "shell", inline: "systemctl start docker" + cent7.vm.provision "shell", inline: "systemctl enable docker" + end + end diff --git a/opendaylight/manifests/config.pp b/opendaylight/manifests/config.pp index f90cdd7ab..3a64c6899 100644 --- a/opendaylight/manifests/config.pp +++ b/opendaylight/manifests/config.pp @@ -6,13 +6,17 @@ class opendaylight::config { # Configuration of Karaf features to install file { 'org.apache.karaf.features.cfg': - ensure => file, - path => '/opt/opendaylight/etc/org.apache.karaf.features.cfg', + ensure => file, + path => '/opt/opendaylight/etc/org.apache.karaf.features.cfg', # Set user:group owners - owner => 'odl', - group => 'odl', - # Use a template to populate the content - content => template('opendaylight/org.apache.karaf.features.cfg.erb'), + owner => 'odl', + group => 'odl', + } + $features_csv = join($opendaylight::features, ',') + file_line { 'featuresBoot': + path => '/opt/opendaylight/etc/org.apache.karaf.features.cfg', + line => "featuresBoot=${features_csv}", + match => '^featuresBoot=.*$', } # Configuration of ODL NB REST port to listen on @@ -36,4 +40,15 @@ # Use a template to populate the content content => template('opendaylight/custom.properties.erb'), } + + # Set any custom log levels + file { 'org.ops4j.pax.logging.cfg': + ensure => file, + path => '/opt/opendaylight/etc/org.ops4j.pax.logging.cfg', + # Set user:group owners + owner => 'odl', + group => 'odl', + # Use a template to populate the content + content => template('opendaylight/org.ops4j.pax.logging.cfg.erb'), + } } diff --git a/opendaylight/manifests/init.pp b/opendaylight/manifests/init.pp index 979f6f36f..8c37b60ff 100644 --- a/opendaylight/manifests/init.pp +++ b/opendaylight/manifests/init.pp @@ -15,6 +15,10 @@ # If installing from a tarball, use this one. Defaults to latest ODL. # [*unitfile_url*] # OpenDaylight .service file to use for tarball installs. Defaults to one used by ODL RPM. +# [*enable_l3*] +# Enable or disable ODL OVSDB ML2 L3 forwarding. Valid: true, false, 'yes' and 'no'. +# [*log_levels*] +# Custom OpenDaylight logger verbosity configuration (TRACE, DEBUG, INFO, WARN, ERROR). # class opendaylight ( $default_features = $::opendaylight::params::default_features, @@ -24,6 +28,7 @@ $tarball_url = $::opendaylight::params::tarball_url, $unitfile_url = $::opendaylight::params::unitfile_url, $enable_l3 = $::opendaylight::params::enable_l3, + $log_levels = $::opendaylight::params::log_levels, ) inherits ::opendaylight::params { # Validate OS family @@ -46,8 +51,9 @@ } } fedora: { - # Fedora distros < 20 are EOL as of Jan 6th 2015 - if $::operatingsystemmajrelease < '20' { + # Fedora distros < 22 are EOL as of 2015-12-01 + # https://fedoraproject.org/wiki/End_of_life + if $::operatingsystemmajrelease < '22' { fail("Unsupported OS: ${::operatingsystem} ${::operatingsystemmajrelease}") } } diff --git a/opendaylight/manifests/install.pp b/opendaylight/manifests/install.pp index 26c199d56..cebb4a52d 100644 --- a/opendaylight/manifests/install.pp +++ b/opendaylight/manifests/install.pp @@ -11,18 +11,18 @@ # Choose Yum URL based on OS (CentOS vs Fedora) # NB: Currently using the CentOS CBS for both Fedora and CentOS $base_url = $::operatingsystem ? { - 'CentOS' => 'http://cbs.centos.org/repos/nfv7-opendaylight-3-candidate/$basearch/os/', - 'Fedora' => 'http://cbs.centos.org/repos/nfv7-opendaylight-3-candidate/$basearch/os/', + 'CentOS' => 'http://cbs.centos.org/repos/nfv7-opendaylight-4-testing/$basearch/os/', + 'Fedora' => 'http://cbs.centos.org/repos/nfv7-opendaylight-4-testing/$basearch/os/', } # Add OpenDaylight's Yum repository - yumrepo { 'opendaylight-3-candidate': + yumrepo { 'opendaylight-4-testing': # 'ensure' isn't supported with Puppet <3.5 # Seems to default to present, but docs don't say # https://docs.puppetlabs.com/references/3.4.0/type.html#yumrepo # https://docs.puppetlabs.com/references/3.5.0/type.html#yumrepo baseurl => $base_url, - descr => 'CentOS CBS OpenDaylight Lithium candidate repository', + descr => 'CentOS CBS OpenDaylight Berillium testing repository', enabled => 1, # NB: RPM signing is an active TODO, but is not done. We will enable # this gpgcheck once the RPM supports it. @@ -33,7 +33,7 @@ # Install the OpenDaylight RPM package { 'opendaylight': ensure => present, - require => Yumrepo['opendaylight-3-candidate'], + require => Yumrepo['opendaylight-4-testing'], } } elsif $opendaylight::install_method == 'tarball' { diff --git a/opendaylight/manifests/params.pp b/opendaylight/manifests/params.pp index f79995caa..c450a7e85 100644 --- a/opendaylight/manifests/params.pp +++ b/opendaylight/manifests/params.pp @@ -12,7 +12,8 @@ $extra_features = [] $odl_rest_port = '8080' $install_method = 'rpm' - $tarball_url = 'https://nexus.opendaylight.org/content/repositories/opendaylight.release/org/opendaylight/integration/distribution-karaf/0.3.3-Lithium-SR3/distribution-karaf-0.3.3-Lithium-SR3.tar.gz' + $tarball_url = 'https://nexus.opendaylight.org/content/repositories/staging/org/opendaylight/integration/distribution-karaf/0.4.0-Beryllium-RC1/distribution-karaf-0.4.0-Beryllium-RC1.tar.gz' $unitfile_url = 'https://github.com/dfarrell07/opendaylight-systemd/archive/master/opendaylight-unitfile.tar.gz' $enable_l3 = 'no' + $log_levels = {} } diff --git a/opendaylight/metadata.json b/opendaylight/metadata.json index 9af142490..bfb4cee53 100644 --- a/opendaylight/metadata.json +++ b/opendaylight/metadata.json @@ -44,8 +44,8 @@ { "operatingsystem": "Fedora", "operatingsystemrelease": [ - "20", - "21" + "22", + "23" ] }, { diff --git a/opendaylight/spec/acceptance/class_spec.rb b/opendaylight/spec/acceptance/class_spec.rb index 4a278c9de..3b04ad336 100644 --- a/opendaylight/spec/acceptance/class_spec.rb +++ b/opendaylight/spec/acceptance/class_spec.rb @@ -91,4 +91,77 @@ port_config_validations(odl_rest_port: 7777) end end + + describe 'testing custom logging verbosity' do + context 'using default log levels' do + # Call specialized helper fn to install OpenDaylight + install_odl + + # Call specialized helper fn for custom logger verbosity validations + log_level_validations + end + + context 'adding one custom log level' do + custom_log_levels = { 'org.opendaylight.ovsdb' => 'TRACE' } + + # Call specialized helper fn to install OpenDaylight + install_odl(log_levels: custom_log_levels) + + # Call specialized helper fn for custom logger verbosity validations + log_level_validations(log_levels: custom_log_levels) + end + + context 'adding two custom log level' do + custom_log_levels = { 'org.opendaylight.ovsdb' => 'TRACE', + 'org.opendaylight.ovsdb.lib' => 'INFO' } + + # Call specialized helper fn to install OpenDaylight + install_odl(log_levels: custom_log_levels) + + # Call specialized helper fn for custom logger verbosity validations + log_level_validations(log_levels: custom_log_levels) + end + end + + describe 'testing ODL OVSDB L3 config' do + context 'using enable_l3 default' do + # Call specialized helper fn to install OpenDaylight + install_odl + + # Call specialized helper fn for ODL OVSDB L3 config validations + enable_l3_validations + end + + context 'using "no" for enable_l3' do + # Call specialized helper fn to install OpenDaylight + install_odl(enable_l3: 'no') + + # Call specialized helper fn for ODL OVSDB L3 config validations + enable_l3_validations(enable_l3: 'no') + end + + context 'using "yes" for enable_l3' do + # Call specialized helper fn to install OpenDaylight + install_odl(enable_l3: 'yes') + + # Call specialized helper fn for ODL OVSDB L3 config validations + enable_l3_validations(enable_l3: 'yes') + end + + context 'using false for enable_l3' do + # Call specialized helper fn to install OpenDaylight + install_odl(enable_l3: false) + + # Call specialized helper fn for ODL OVSDB L3 config validations + enable_l3_validations(enable_l3: false) + end + + context 'using true for enable_l3' do + # Call specialized helper fn to install OpenDaylight + install_odl(enable_l3: true) + + # Call specialized helper fn for ODL OVSDB L3 config validations + enable_l3_validations(enable_l3: true) + end + end end diff --git a/opendaylight/spec/acceptance/nodesets/fedora-20.yml b/opendaylight/spec/acceptance/nodesets/fedora-20.yml deleted file mode 100644 index 62df704a6..000000000 --- a/opendaylight/spec/acceptance/nodesets/fedora-20.yml +++ /dev/null @@ -1,12 +0,0 @@ -HOSTS: - fedora-20: - roles: - - master - platform: fedora-20-x86_64 - box: boxcutter/fedora20 - box_url: https://atlas.hashicorp.com/boxcutter/boxes/fedora20 - hypervisor: vagrant - -CONFIG: - log_level: verbose - type: foss diff --git a/opendaylight/spec/acceptance/nodesets/fedora-21.yml b/opendaylight/spec/acceptance/nodesets/fedora-21.yml deleted file mode 100644 index e30eb7f22..000000000 --- a/opendaylight/spec/acceptance/nodesets/fedora-21.yml +++ /dev/null @@ -1,12 +0,0 @@ -HOSTS: - fedora-21: - roles: - - master - platform: fedora-21-x86_64 - box: boxcutter/fedora21 - box_url: https://atlas.hashicorp.com/boxcutter/boxes/fedora21 - hypervisor: vagrant - -CONFIG: - log_level: verbose - type: foss diff --git a/opendaylight/spec/classes/opendaylight_spec.rb b/opendaylight/spec/classes/opendaylight_spec.rb index eeec06a67..21a4ab738 100644 --- a/opendaylight/spec/classes/opendaylight_spec.rb +++ b/opendaylight/spec/classes/opendaylight_spec.rb @@ -11,7 +11,7 @@ operatingsystem = 'Fedora' # All tests for supported versions of Fedora - ['20', '21'].each do |operatingsystemmajrelease| + ['22', '23'].each do |operatingsystemmajrelease| context "#{operatingsystemmajrelease}" do let(:facts) {{ :osfamily => osfamily, @@ -22,20 +22,35 @@ # Note that this function is defined in spec_helper generic_tests - # Run test that specialize in checking rpm-based installs + # Run tests that specialize in checking rpm-based installs # NB: Only testing defaults here, specialized rpm tests elsewhere # Note that this function is defined in spec_helper rpm_install_tests(operatingsystem: operatingsystem) - # Run test that specialize in checking Karaf feature installs + # Run tests that specialize in checking Karaf feature installs # NB: Only testing defaults here, specialized Karaf tests elsewhere # Note that this function is defined in spec_helper karaf_feature_tests + + # Run tests that specialize in checking ODL's REST port config + # NB: Only testing defaults here, specialized log level tests elsewhere + # Note that this function is defined in spec_helper + odl_rest_port_tests + + # Run tests that specialize in checking custom log level config + # NB: Only testing defaults here, specialized log level tests elsewhere + # Note that this function is defined in spec_helper + log_level_tests + + # Run tests that specialize in checking ODL OVSDB L3 config + # NB: Only testing defaults here, specialized enabling L3 tests elsewhere + # Note that this function is defined in spec_helper + enable_l3_tests end end # All tests for unsupported versions of Fedora - ['19'].each do |operatingsystemmajrelease| + ['21'].each do |operatingsystemmajrelease| context "#{operatingsystemmajrelease}" do let(:facts) {{ :osfamily => osfamily, @@ -75,11 +90,26 @@ # NB: Only testing defaults here, specialized Karaf tests elsewhere # Note that this function is defined in spec_helper karaf_feature_tests + + # Run tests that specialize in checking ODL's REST port config + # NB: Only testing defaults here, specialized log level tests elsewhere + # Note that this function is defined in spec_helper + odl_rest_port_tests + + # Run test that specialize in checking custom log level config + # NB: Only testing defaults here, specialized log level tests elsewhere + # Note that this function is defined in spec_helper + log_level_tests + + # Run tests that specialize in checking ODL OVSDB L3 config + # NB: Only testing defaults here, specialized enabling L3 tests elsewhere + # Note that this function is defined in spec_helper + enable_l3_tests end end # All tests for unsupported versions of CentOS - ['5', '6', '8'].each do |operatingsystemmajrelease| + ['6'].each do |operatingsystemmajrelease| context "#{operatingsystemmajrelease}" do let(:facts) {{ :osfamily => osfamily, @@ -135,11 +165,26 @@ # NB: Only testing defaults here, specialized Karaf tests elsewhere # Note that this function is defined in spec_helper karaf_feature_tests + + # Run tests that specialize in checking ODL's REST port config + # NB: Only testing defaults here, specialized log level tests elsewhere + # Note that this function is defined in spec_helper + odl_rest_port_tests + + # Run test that specialize in checking custom log level config + # NB: Only testing defaults here, specialized log level tests elsewhere + # Note that this function is defined in spec_helper + log_level_tests + + # Run tests that specialize in checking ODL OVSDB L3 config + # NB: Only testing defaults here, specialized enabling L3 tests elsewhere + # Note that this function is defined in spec_helper + enable_l3_tests end end # All tests for unsupported versions of Ubuntu - ['12.04', '12.10', '13.04', '13.10', '14.10', '15.04'].each do |operatingsystemmajrelease| + ['12.04', '15.10'].each do |operatingsystemmajrelease| context "#{operatingsystemmajrelease}" do let(:facts) {{ :osfamily => osfamily, @@ -314,6 +359,185 @@ end end + # All custom log level tests + describe 'custom log level tests' do + # Non-OS-type tests assume CentOS 7 + # See issue #43 for reasoning: + # https://github.com/dfarrell07/puppet-opendaylight/issues/43#issue-57343159 + osfamily = 'RedHat' + operatingsystem = 'CentOS' + operatingsystemmajrelease = '7' + context 'using default log levels' do + let(:facts) {{ + :osfamily => osfamily, + :operatingsystem => operatingsystem, + :operatingsystemmajrelease => operatingsystemmajrelease, + }} + + let(:params) {{ }} + + # Run shared tests applicable to all supported OSs + # Note that this function is defined in spec_helper + generic_tests + + # Run test that specialize in checking custom log level config + # Note that this function is defined in spec_helper + log_level_tests + end + + context 'adding one custom log level' do + let(:facts) {{ + :osfamily => osfamily, + :operatingsystem => operatingsystem, + :operatingsystemmajrelease => operatingsystemmajrelease, + }} + + custom_log_levels = { 'org.opendaylight.ovsdb' => 'TRACE' } + + let(:params) {{ + :log_levels => custom_log_levels, + }} + + # Run shared tests applicable to all supported OSs + # Note that this function is defined in spec_helper + generic_tests + + # Run test that specialize in checking log level config + # Note that this function is defined in spec_helper + log_level_tests(log_levels: custom_log_levels) + end + + context 'adding two custom log levels' do + let(:facts) {{ + :osfamily => osfamily, + :operatingsystem => operatingsystem, + :operatingsystemmajrelease => operatingsystemmajrelease, + }} + + custom_log_levels = { 'org.opendaylight.ovsdb' => 'TRACE', + 'org.opendaylight.ovsdb.lib' => 'INFO' } + + let(:params) {{ + :log_levels => custom_log_levels, + }} + + # Run shared tests applicable to all supported OSs + # Note that this function is defined in spec_helper + generic_tests + + # Run test that specialize in checking log level config + # Note that this function is defined in spec_helper + log_level_tests(log_levels: custom_log_levels) + end + end + + # All OVSDB L3 enable/disable tests + describe 'OVSDB L3 enable/disable tests' do + # Non-OS-type tests assume CentOS 7 + # See issue #43 for reasoning: + # https://github.com/dfarrell07/puppet-opendaylight/issues/43#issue-57343159 + osfamily = 'RedHat' + operatingsystem = 'CentOS' + operatingsystemmajrelease = '7' + context 'using enable_l3 default' do + let(:facts) {{ + :osfamily => osfamily, + :operatingsystem => operatingsystem, + :operatingsystemmajrelease => operatingsystemmajrelease, + }} + + let(:params) {{ }} + + # Run shared tests applicable to all supported OSs + # Note that this function is defined in spec_helper + generic_tests + + # Run test that specialize in checking ODL OVSDB L3 config + # Note that this function is defined in spec_helper + enable_l3_tests + end + + context 'using "no" for enable_l3' do + let(:facts) {{ + :osfamily => osfamily, + :operatingsystem => operatingsystem, + :operatingsystemmajrelease => operatingsystemmajrelease, + }} + + let(:params) {{ + :enable_l3 => 'no', + }} + + # Run shared tests applicable to all supported OSs + # Note that this function is defined in spec_helper + generic_tests + + # Run test that specialize in checking ODL OVSDB L3 config + # Note that this function is defined in spec_helper + enable_l3_tests(enable_l3: 'no') + end + + context 'using "yes" for enable_l3' do + let(:facts) {{ + :osfamily => osfamily, + :operatingsystem => operatingsystem, + :operatingsystemmajrelease => operatingsystemmajrelease, + }} + + let(:params) {{ + :enable_l3 => 'yes', + }} + + # Run shared tests applicable to all supported OSs + # Note that this function is defined in spec_helper + generic_tests + + # Run test that specialize in checking ODL OVSDB L3 config + # Note that this function is defined in spec_helper + enable_l3_tests(enable_l3: 'yes') + end + + context 'using false for enable_l3' do + let(:facts) {{ + :osfamily => osfamily, + :operatingsystem => operatingsystem, + :operatingsystemmajrelease => operatingsystemmajrelease, + }} + + let(:params) {{ + :enable_l3 => false , + }} + + # Run shared tests applicable to all supported OSs + # Note that this function is defined in spec_helper + generic_tests + + # Run test that specialize in checking ODL OVSDB L3 config + # Note that this function is defined in spec_helper + enable_l3_tests(enable_l3: false) + end + + context 'using true for enable_l3' do + let(:facts) {{ + :osfamily => osfamily, + :operatingsystem => operatingsystem, + :operatingsystemmajrelease => operatingsystemmajrelease, + }} + + let(:params) {{ + :enable_l3 => true, + }} + + # Run shared tests applicable to all supported OSs + # Note that this function is defined in spec_helper + generic_tests + + # Run test that specialize in checking ODL OVSDB L3 config + # Note that this function is defined in spec_helper + enable_l3_tests(enable_l3: true) + end + end + # All install method tests describe 'install method tests' do # Non-OS-type tests assume CentOS 7 diff --git a/opendaylight/spec/spec_helper.rb b/opendaylight/spec/spec_helper.rb index 5df9a73b4..d541d5979 100644 --- a/opendaylight/spec/spec_helper.rb +++ b/opendaylight/spec/spec_helper.rb @@ -91,6 +91,7 @@ def karaf_feature_tests(options = {}) # The order of this list concat matters features = default_features + extra_features + features_csv = features.join(',') # Confirm properties of Karaf features config file # NB: These hashes don't work with Ruby 1.8.7, but we @@ -101,7 +102,13 @@ def karaf_feature_tests(options = {}) 'path' => '/opt/opendaylight/etc/org.apache.karaf.features.cfg', 'owner' => 'odl', 'group' => 'odl', - 'content' => /^featuresBoot=#{features.join(",")}/ + ) + } + it { + should contain_file_line('featuresBoot').with( + 'path' => '/opt/opendaylight/etc/org.apache.karaf.features.cfg', + 'line' => "featuresBoot=#{features_csv}", + 'match' => '^featuresBoot=.*$', ) } end @@ -127,11 +134,104 @@ def odl_rest_port_tests(options = {}) } end +def log_level_tests(options = {}) + # Extract params + # NB: This default value should be the same as one in opendaylight::params + # TODO: Remove this possible source of bugs^^ + log_levels = options.fetch(:log_levels, {}) + + if log_levels.empty? + # Should contain log level config file + it { + should contain_file('org.ops4j.pax.logging.cfg').with( + 'ensure' => 'file', + 'path' => '/opt/opendaylight/etc/org.ops4j.pax.logging.cfg', + 'owner' => 'odl', + 'group' => 'odl', + ) + } + # Should not contain custom log level config + it { + should_not contain_file('org.ops4j.pax.logging.cfg').with( + 'ensure' => 'file', + 'path' => '/opt/opendaylight/etc/org.ops4j.pax.logging.cfg', + 'owner' => 'odl', + 'group' => 'odl', + 'content' => /# Log level config added by puppet-opendaylight/ + ) + } + else + # Should contain log level config file + it { + should contain_file('org.ops4j.pax.logging.cfg').with( + 'ensure' => 'file', + 'path' => '/opt/opendaylight/etc/org.ops4j.pax.logging.cfg', + 'owner' => 'odl', + 'group' => 'odl', + ) + } + # Should contain custom log level config + it { + should contain_file('org.ops4j.pax.logging.cfg').with( + 'ensure' => 'file', + 'path' => '/opt/opendaylight/etc/org.ops4j.pax.logging.cfg', + 'owner' => 'odl', + 'group' => 'odl', + 'content' => /# Log level config added by puppet-opendaylight/ + ) + } + # Verify each custom log level config entry + log_levels.each_pair do |logger, level| + it { + should contain_file('org.ops4j.pax.logging.cfg').with( + 'ensure' => 'file', + 'path' => '/opt/opendaylight/etc/org.ops4j.pax.logging.cfg', + 'owner' => 'odl', + 'group' => 'odl', + 'content' => /^log4j.logger.#{logger} = #{level}/ + ) + } + end + end +end + +# Shared tests that specialize in testing enabling L3 via ODL OVSDB +def enable_l3_tests(options = {}) + # Extract params + # NB: This default value should be the same as one in opendaylight::params + # TODO: Remove this possible source of bugs^^ + enable_l3 = options.fetch(:enable_l3, 'no') + + if [true, 'yes'].include? enable_l3 + # Confirm ODL OVSDB L3 is enabled + it { + should contain_file('custom.properties').with( + 'ensure' => 'file', + 'path' => '/opt/opendaylight/etc/custom.properties', + 'owner' => 'odl', + 'group' => 'odl', + 'content' => /^ovsdb.l3.fwd.enabled=yes/ + ) + } + elsif [false, 'no'].include? enable_l3 + # Confirm ODL OVSDB L3 is disabled + it { + should contain_file('custom.properties').with( + 'ensure' => 'file', + 'path' => '/opt/opendaylight/etc/custom.properties', + 'owner' => 'odl', + 'group' => 'odl', + 'content' => /^ovsdb.l3.fwd.enabled=no/ + ) + } + end +end + def tarball_install_tests(options = {}) # Extract params # NB: These default values should be the same as ones in opendaylight::params # TODO: Remove this possible source of bugs^^ - tarball_url = options.fetch(:tarball_url, 'https://nexus.opendaylight.org/content/repositories/opendaylight.release/org/opendaylight/integration/distribution-karaf/0.3.3-Lithium-SR3/distribution-karaf-0.3.3-Lithium-SR3.tar.gz') + tarball_url = options.fetch(:tarball_url, 'https://nexus.opendaylight.org/content/repositories/staging/org/opendaylight/integration/distribution-karaf/0.4.0-Beryllium-RC1/distribution-karaf-0.4.0-Beryllium-RC1.tar.gz') unitfile_url = options.fetch(:unitfile_url, 'https://github.com/dfarrell07/opendaylight-systemd/archive/master/opendaylight-unitfile.tar.gz') osfamily = options.fetch(:osfamily, 'RedHat') @@ -255,7 +355,7 @@ def tarball_install_tests(options = {}) end # Verify that there are no unexpected resources from RPM-type installs - it { should_not contain_yumrepo('opendaylight-3-candidate') } + it { should_not contain_yumrepo('opendaylight-4-testing') } it { should_not contain_package('opendaylight') } end @@ -266,9 +366,9 @@ def rpm_install_tests(options = {}) operatingsystem = options.fetch(:operatingsystem, 'CentOS') case operatingsystem when 'CentOS' - yum_repo = 'http://cbs.centos.org/repos/nfv7-opendaylight-3-candidate/$basearch/os/' + yum_repo = 'http://cbs.centos.org/repos/nfv7-opendaylight-4-testing/$basearch/os/' when 'Fedora' - yum_repo = 'http://cbs.centos.org/repos/nfv7-opendaylight-3-candidate/$basearch/os/' + yum_repo = 'http://cbs.centos.org/repos/nfv7-opendaylight-4-testing/$basearch/os/' else fail("Unknown operatingsystem: #{operatingsystem}") end @@ -276,21 +376,21 @@ def rpm_install_tests(options = {}) # Default to CentOS 7 Yum repo URL # Confirm presence of RPM-related resources - it { should contain_yumrepo('opendaylight-3-candidate') } + it { should contain_yumrepo('opendaylight-4-testing') } it { should contain_package('opendaylight') } # Confirm relationships between RPM-related resources - it { should contain_package('opendaylight').that_requires('Yumrepo[opendaylight-3-candidate]') } - it { should contain_yumrepo('opendaylight-3-candidate').that_comes_before('Package[opendaylight]') } + it { should contain_package('opendaylight').that_requires('Yumrepo[opendaylight-4-testing]') } + it { should contain_yumrepo('opendaylight-4-testing').that_comes_before('Package[opendaylight]') } # Confirm properties of RPM-related resources # NB: These hashes don't work with Ruby 1.8.7, but we # don't support 1.8.7 so that's okay. See issue #36. it { - should contain_yumrepo('opendaylight-3-candidate').with( + should contain_yumrepo('opendaylight-4-testing').with( 'enabled' => '1', 'gpgcheck' => '0', - 'descr' => 'CentOS CBS OpenDaylight Lithium candidate repository', + 'descr' => 'CentOS CBS OpenDaylight Berillium testing repository', 'baseurl' => yum_repo, ) } @@ -313,7 +413,7 @@ def unsupported_os_tests(options = {}) it { expect { should contain_class('opendaylight::service') }.to raise_error(Puppet::Error, /#{expected_msg}/) } # Confirm that other resources fail on unsupported OSs - it { expect { should contain_yumrepo('opendaylight-3-candidate') }.to raise_error(Puppet::Error, /#{expected_msg}/) } + it { expect { should contain_yumrepo('opendaylight-4-testing') }.to raise_error(Puppet::Error, /#{expected_msg}/) } it { expect { should contain_package('opendaylight') }.to raise_error(Puppet::Error, /#{expected_msg}/) } it { expect { should contain_service('opendaylight') }.to raise_error(Puppet::Error, /#{expected_msg}/) } it { expect { should contain_file('org.apache.karaf.features.cfg') }.to raise_error(Puppet::Error, /#{expected_msg}/) } diff --git a/opendaylight/spec/spec_helper_acceptance.rb b/opendaylight/spec/spec_helper_acceptance.rb index 69e297f7d..7823a75e5 100644 --- a/opendaylight/spec/spec_helper_acceptance.rb +++ b/opendaylight/spec/spec_helper_acceptance.rb @@ -56,6 +56,8 @@ def install_odl(options = {}) default_features = options.fetch(:default_features, ['config', 'standard', 'region', 'package', 'kar', 'ssh', 'management']) odl_rest_port = options.fetch(:odl_rest_port, 8080) + log_levels = options.fetch(:log_levels, {}) + enable_l3 = options.fetch(:enable_l3, 'no') # Build script for consumption by Puppet apply it 'should work idempotently with no errors' do @@ -65,6 +67,8 @@ class { 'opendaylight': default_features => #{default_features}, extra_features => #{extra_features}, odl_rest_port=> #{odl_rest_port}, + enable_l3=> #{enable_l3}, + log_levels=> #{log_levels}, } EOS @@ -126,24 +130,35 @@ def generic_validations() it { should be_running } end - # Validations specific to the host OS - if ['fedora-20'].include? ENV['RS_SET'] - # Validations for (legecy) Fedora 20 checks - # NB: Fedora 20 support will be removed soon, it's EOL + # Should contain Karaf features config file + describe file('/opt/opendaylight/etc/org.apache.karaf.features.cfg') do + it { should be_file } + it { should be_owned_by 'odl' } + it { should be_grouped_into 'odl' } + end - # Verify ODL systemd .service file - describe file('/usr/lib/systemd/system/opendaylight.service') do - it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - it { should be_mode '644' } - end + # Should contain ODL NB port config file + describe file('/opt/opendaylight/etc/jetty.xml') do + it { should be_file } + it { should be_owned_by 'odl' } + it { should be_grouped_into 'odl' } + end - # Java 7 should be installed - describe package('java-1.7.0-openjdk') do - it { should be_installed } - end - elsif ['centos-7', 'centos-7-docker', 'fedora-21'].include? ENV['RS_SET'] + # Should contain log level config file + describe file('/opt/opendaylight/etc/org.ops4j.pax.logging.cfg') do + it { should be_file } + it { should be_owned_by 'odl' } + it { should be_grouped_into 'odl' } + end + + # Should contain ODL OVSDB L3 enable/disable config file + describe file('/opt/opendaylight/etc/custom.properties') do + it { should be_file } + it { should be_owned_by 'odl' } + it { should be_grouped_into 'odl' } + end + + if ['centos-7', 'centos-7-docker', 'fedora-22'].include? ENV['RS_SET'] # Validations for modern Red Hat family OSs # Verify ODL systemd .service file @@ -213,10 +228,82 @@ def port_config_validations(options = {}) end end +# Shared function for validations related to custom logging verbosity +def log_level_validations(options = {}) + # NB: This param default should match the one used by the opendaylight + # class, which is defined in opendaylight::params + # TODO: Remove this possible source of bugs^^ + log_levels = options.fetch(:log_levels, {}) + + if log_levels.empty? + # Should contain log level config file + describe file('/opt/opendaylight/etc/org.ops4j.pax.logging.cfg') do + it { should be_file } + it { should be_owned_by 'odl' } + it { should be_grouped_into 'odl' } + end + # Should not contain custom log level config + describe file('/opt/opendaylight/etc/org.ops4j.pax.logging.cfg') do + it { should be_file } + it { should be_owned_by 'odl' } + it { should be_grouped_into 'odl' } + its(:content) { should_not match /# Log level config added by puppet-opendaylight/ } + end + else + # Should contain log level config file + describe file('/opt/opendaylight/etc/org.ops4j.pax.logging.cfg') do + it { should be_file } + it { should be_owned_by 'odl' } + it { should be_grouped_into 'odl' } + end + # Should not contain custom log level config + describe file('/opt/opendaylight/etc/org.ops4j.pax.logging.cfg') do + it { should be_file } + it { should be_owned_by 'odl' } + it { should be_grouped_into 'odl' } + its(:content) { should match /# Log level config added by puppet-opendaylight/ } + end + # Verify each custom log level config entry + log_levels.each_pair do |logger, level| + describe file('/opt/opendaylight/etc/org.ops4j.pax.logging.cfg') do + it { should be_file } + it { should be_owned_by 'odl' } + it { should be_grouped_into 'odl' } + its(:content) { should match /^log4j.logger.#{logger} = #{level}/ } + end + end + end +end + +# Shared function for validations related to ODL OVSDB L3 config +def enable_l3_validations(options = {}) + # NB: This param default should match the one used by the opendaylight + # class, which is defined in opendaylight::params + # TODO: Remove this possible source of bugs^^ + enable_l3 = options.fetch(:enable_l3, 'no') + + if [true, 'yes'].include? enable_l3 + # Confirm ODL OVSDB L3 is enabled + describe file('/opt/opendaylight/etc/custom.properties') do + it { should be_file } + it { should be_owned_by 'odl' } + it { should be_grouped_into 'odl' } + its(:content) { should match /^ovsdb.l3.fwd.enabled=yes/ } + end + elsif [false, 'no'].include? enable_l3 + # Confirm ODL OVSDB L3 is disabled + describe file('/opt/opendaylight/etc/custom.properties') do + it { should be_file } + it { should be_owned_by 'odl' } + it { should be_grouped_into 'odl' } + its(:content) { should match /^ovsdb.l3.fwd.enabled=no/ } + end + end +end # Shared function that handles validations specific to RPM-type installs def rpm_validations() - describe yumrepo('opendaylight-3-candidate') do + describe yumrepo('opendaylight-4-testing') do it { should exist } it { should be_enabled } end @@ -233,8 +320,8 @@ def tarball_validations() end # Repo checks break (not fail) when yum doesn't make sense (Ubuntu) - if ['centos-7', 'fedora-20', 'fedora-21'].include? ENV['RS_SET'] - describe yumrepo('opendaylight-3-candidate') do + if ['centos-7', 'fedora-22'].include? ENV['RS_SET'] + describe yumrepo('opendaylight-4-testing') do it { should_not exist } it { should_not be_enabled } end diff --git a/opendaylight/templates/custom.properties.erb b/opendaylight/templates/custom.properties.erb index 0dbd9e945..1fe31dc69 100644 --- a/opendaylight/templates/custom.properties.erb +++ b/opendaylight/templates/custom.properties.erb @@ -83,7 +83,13 @@ ovsdb.listenPort=6640 # ovsdb can be configured with ml2 to perform l3 forwarding. The config below enables that functionality, which is # disabled by default. -ovsdb.l3.fwd.enabled=<%= scope.lookupvar('opendaylight::enable_l3') %> +<% if [true, 'yes'].include? scope.lookupvar('opendaylight::enable_l3') -%> +ovsdb.l3.fwd.enabled=yes +<% elsif [false, 'no'].include? scope.lookupvar('opendaylight::enable_l3') -%> +ovsdb.l3.fwd.enabled=no +<% else -%> + <%- fail("Unexpected enable_l3 value: #{scope.lookupvar('opendaylight::enable_l3')}") -%> +<% end -%> # ovsdb can be configured with ml2 to perform l3 forwarding. When used in that scenario, the mac address of the default # gateway --on the external subnet-- is expected to be resolved from its inet address. The config below overrides that diff --git a/opendaylight/templates/org.apache.karaf.features.cfg.erb b/opendaylight/templates/org.apache.karaf.features.cfg.erb deleted file mode 100644 index 7ef41cf12..000000000 --- a/opendaylight/templates/org.apache.karaf.features.cfg.erb +++ /dev/null @@ -1,51 +0,0 @@ -################################################################################ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -################################################################################ - -# -# Defines if the startlvl should be respected during feature startup. The default value is true. The default -# behavior for 2.x is false (!) for this property -# -# Be aware that this property is deprecated and will be removed in Karaf 4.0. So, if you need to -# set this to false, please use this only as a temporary solution! -# -#respectStartLvlDuringFeatureStartup=true - - -# -# Defines if the startlvl should be respected during feature uninstall. The default value is true. -# If true, means stop bundles respecting the descend order of start level in a certain feature. -# -#respectStartLvlDuringFeatureUninstall=true - -# -# Comma separated list of features repositories to register by default -# -featuresRepositories = mvn:org.apache.karaf.features/standard/3.0.3/xml/features,mvn:org.apache.karaf.features/enterprise/3.0.3/xml/features,mvn:org.ops4j.pax.web/pax-web-features/3.1.4/xml/features,mvn:org.apache.karaf.features/spring/3.0.3/xml/features,mvn:org.opendaylight.integration/features-integration-index/0.3.3-Lithium-SR3/xml/features - -# -# Comma separated list of features to install at startup -# Default features: -# config,standard,region,package,kar,ssh,management -# -featuresBoot=<%= scope.lookupvar('opendaylight::features').join(",") %> - -# -# Defines if the boot features are started in asynchronous mode (in a dedicated thread) -# -featuresBootAsynchronous=false diff --git a/opendaylight/templates/org.ops4j.pax.logging.cfg.erb b/opendaylight/templates/org.ops4j.pax.logging.cfg.erb new file mode 100644 index 000000000..f46f99525 --- /dev/null +++ b/opendaylight/templates/org.ops4j.pax.logging.cfg.erb @@ -0,0 +1,55 @@ +################################################################################ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Root logger +log4j.rootLogger=INFO, async, osgi:* +log4j.throwableRenderer=org.apache.log4j.OsgiThrowableRenderer + +# CONSOLE appender not used by default +log4j.appender.stdout=org.apache.log4j.ConsoleAppender +log4j.appender.stdout.layout=org.apache.log4j.PatternLayout +log4j.appender.stdout.layout.ConversionPattern=%d{ISO8601} | %-5.5p | %-16.16t | %-32.32c{1} | %X{bundle.id} - %X{bundle.name} - %X{bundle.version} | %m%n + +# Async appender forwarding to file appender +log4j.appender.async=org.apache.log4j.AsyncAppender +log4j.appender.async.appenders=out + +# File appender +log4j.appender.out=org.apache.log4j.RollingFileAppender +log4j.appender.out.layout=org.apache.log4j.PatternLayout +log4j.appender.out.layout.ConversionPattern=%d{ISO8601} | %-5.5p | %-16.16t | %-32.32c{1} | %X{bundle.id} - %X{bundle.name} - %X{bundle.version} | %m%n +log4j.appender.out.file=${karaf.data}/log/karaf.log +log4j.appender.out.append=true +log4j.appender.out.maxFileSize=1MB +log4j.appender.out.maxBackupIndex=10 + +# Sift appender +log4j.appender.sift=org.apache.log4j.sift.MDCSiftingAppender +log4j.appender.sift.key=bundle.name +log4j.appender.sift.default=karaf +log4j.appender.sift.appender=org.apache.log4j.FileAppender +log4j.appender.sift.appender.layout=org.apache.log4j.PatternLayout +log4j.appender.sift.appender.layout.ConversionPattern=%d{ISO8601} | %-5.5p | %-16.16t | %-32.32c{1} | %m%n +log4j.appender.sift.appender.file=${karaf.data}/log/$\\{bundle.name\\}.log +log4j.appender.sift.appender.append=true +<% scope.lookupvar('opendaylight::log_levels').each_pair do |logger, level| -%> + +# Log level config added by puppet-opendaylight +log4j.logger.<%= logger %> = <%= level %> +<% end -%> diff --git a/pacemaker/README.md b/pacemaker/README.md index dd7b1088c..a2523889b 100644 --- a/pacemaker/README.md +++ b/pacemaker/README.md @@ -106,6 +106,12 @@ Finally, $resource_params are simply params that show up as options in the command immediately after the resource type without any additional keywords. +#### Properties + +Properties can be set clusterwide or per-node using the pacemaker::property +function. In the former case, when a property name is not recognized by +pacemaker the force parameter needs to be true. + #### See the pcs man page See the pcs man page for documentation for about the "pcs resource @@ -190,7 +196,16 @@ $clone_params succeeds as expected. try_sleep => 1, } # results in Debug: /usr/sbin/pcs resource create neutron-scale ocf:neutron:NeutronScale --clone globally-unique=true clone-max=3 interleave=true - + + pacemaker::property { 'global-bar': + property => 'bar', + value => 'baz', + force => true, + tries => 1, + try_sleep => 1, + } + # results in Debug: /usr/sbin/pcs property set --force bar=baz + pcmk_resource { "galera": resource_type => "galera", resource_params => 'enable_creation=true wsrep_cluster_address="gcomm://pcmk-c1a1,pcmk-c1a2,pcmk-c1a3"', diff --git a/pacemaker/manifests/property.pp b/pacemaker/manifests/property.pp new file mode 100644 index 000000000..1ac822522 --- /dev/null +++ b/pacemaker/manifests/property.pp @@ -0,0 +1,70 @@ +define pacemaker::property ( + $property, + $value = undef, + $node = undef, + $force = false, + $ensure = present, + $tries = 1, + $try_sleep = 10, +) { + if $property == undef { + fail('Must provide property') + } + if ($ensure == 'present') and ! $value { + fail('When present, must provide value') + } + + # Special-casing node branches due to https://bugzilla.redhat.com/show_bug.cgi?id=1302010 + # (Basically pcs property show will show all node properties anyway) + if $node { + if $ensure == absent { + exec { "Removing node-property ${property} on ${node}": + command => "/usr/sbin/pcs property unset --node ${node} ${property}", + onlyif => "/usr/sbin/pcs property show | grep ${property}= | grep ${node}", + require => [Exec['wait-for-settle'], + Class['::pacemaker::corosync']], + tries => $tries, + try_sleep => $try_sleep, + } + } else { + if $force { + $cmd = "/usr/sbin/pcs property set --force --node ${node} ${property}=${value}" + } else { + $cmd = "/usr/sbin/pcs property set --node ${node} ${property}=${value}" + } + exec { "Creating node-property ${property} on ${node}": + command => $cmd, + unless => "/usr/sbin/pcs property show ${property} | grep \"${property}=${value}\" | grep ${node}", + require => [Exec['wait-for-settle'], + Class['::pacemaker::corosync']], + tries => $tries, + try_sleep => $try_sleep, + } + } + } else { + if $ensure == absent { + exec { "Removing cluster-wide property ${property}": + command => "/usr/sbin/pcs property unset ${property}", + onlyif => "/usr/sbin/pcs property show | grep ${property}: ", + require => [Exec['wait-for-settle'], + Class['::pacemaker::corosync']], + tries => $tries, + try_sleep => $try_sleep, + } + } else { + if $force { + $cmd = "/usr/sbin/pcs property set --force ${property}=${value}" + } else { + $cmd = "/usr/sbin/pcs property set ${property}=${value}" + } + exec { "Creating cluster-wide property ${property}": + command => $cmd, + unless => "/usr/sbin/pcs property show ${property} | grep \"${property}=${value}\"", + require => [Exec['wait-for-settle'], + Class['::pacemaker::corosync']], + tries => $tries, + try_sleep => $try_sleep, + } + } + } +} diff --git a/pacemaker/manifests/stonith.pp b/pacemaker/manifests/stonith.pp index 16ea0dcbd..0feadaf45 100644 --- a/pacemaker/manifests/stonith.pp +++ b/pacemaker/manifests/stonith.pp @@ -1,19 +1,13 @@ class pacemaker::stonith ($disable=true) { if $disable == true { - exec {"Disable STONITH": - command => "/usr/sbin/pcs property set stonith-enabled=false", - unless => "/usr/sbin/pcs property show stonith-enabled | grep 'stonith-enabled: false'", - require => [ Exec["wait-for-settle"], - Class['::pacemaker::corosync'] - ], + pacemaker::property { 'Disable STONITH': + property => 'stonith-enabled', + value => false, } } else { - exec {"Enable STONITH": - command => "/usr/sbin/pcs property set stonith-enabled=true", - onlyif => "/usr/sbin/pcs property show stonith-enabled | grep 'stonith-enabled: false'", - require => [ Exec["wait-for-settle"], - Class['::pacemaker::corosync'] - ], + pacemaker::property { 'Enable STONITH': + property => 'stonith-enabled', + value => true, } } } diff --git a/pacemaker/tests/init.pp b/pacemaker/tests/init.pp index c0f6a0bf0..8f43b34c7 100644 --- a/pacemaker/tests/init.pp +++ b/pacemaker/tests/init.pp @@ -115,3 +115,20 @@ location => '192.168.122.3', score => 'INFINITY', } + +### Add properties +pacemaker::property { 'global-bar': + property => 'bar', + value => 'baz', + force => true, + tries => 1, + try_sleep => 1, +} + +pacemaker::property { 'node-foo': + property => 'foo', + value => 'baz', + node => 'cluster1', + tries => 1, + try_sleep => 1, +} diff --git a/rabbitmq/.gitignore b/rabbitmq/.gitignore index b5db85e05..319027749 100644 --- a/rabbitmq/.gitignore +++ b/rabbitmq/.gitignore @@ -5,5 +5,6 @@ spec/fixtures/ .vagrant/ .bundle/ coverage/ +log/ .idea/ *.iml diff --git a/rabbitmq/.rspec b/rabbitmq/.rspec new file mode 100644 index 000000000..16f9cdb01 --- /dev/null +++ b/rabbitmq/.rspec @@ -0,0 +1,2 @@ +--color +--format documentation diff --git a/rabbitmq/.travis.yml b/rabbitmq/.travis.yml index c418ab5f2..e6314a470 100644 --- a/rabbitmq/.travis.yml +++ b/rabbitmq/.travis.yml @@ -1,18 +1,19 @@ --- sudo: false language: ruby +cache: bundler bundler_args: --without system_tests -script: "bundle exec rake validate && bundle exec rake lint && bundle exec rake spec SPEC_OPTS='--format documentation'" +script: "bundle exec rake validate lint spec" matrix: fast_finish: true include: - - rvm: 1.9.3 - env: PUPPET_GEM_VERSION="~> 3.0" - - rvm: 2.1.5 - env: PUPPET_GEM_VERSION="~> 3.0" - - rvm: 2.1.5 - env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" - rvm: 2.1.6 env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" + - rvm: 2.1.5 + env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" + - rvm: 2.1.5 + env: PUPPET_GEM_VERSION="~> 3.0" + - rvm: 1.9.3 + env: PUPPET_GEM_VERSION="~> 3.0" notifications: email: false diff --git a/rabbitmq/CONTRIBUTING.md b/rabbitmq/CONTRIBUTING.md index f1cbde4bb..bfeaa701c 100644 --- a/rabbitmq/CONTRIBUTING.md +++ b/rabbitmq/CONTRIBUTING.md @@ -159,7 +159,7 @@ If you already have those gems installed, make sure they are up-to-date: With all dependencies in place and up-to-date we can now run the tests: ```shell -% rake spec +% bundle exec rake spec ``` This will execute all the [rspec tests](http://rspec-puppet.com/) tests @@ -178,8 +178,8 @@ installed on your system. You can run them by issuing the following command ```shell -% rake spec_clean -% rspec spec/acceptance +% bundle exec rake spec_clean +% bundle exec rspec spec/acceptance ``` This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml), diff --git a/rabbitmq/Gemfile b/rabbitmq/Gemfile index 275bb9a35..ced190e77 100644 --- a/rabbitmq/Gemfile +++ b/rabbitmq/Gemfile @@ -1,7 +1,7 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" def location_for(place, fake_version = nil) - if place =~ /^(git:[^#]*)#(.*)/ + if place =~ /^(git[:@][^#]*)#(.*)/ [fake_version, { :git => $1, :branch => $2, :require => false }].compact elsif place =~ /^file:\/\/(.*)/ ['>= 0', { :path => File.expand_path($1), :require => false }] @@ -11,14 +11,16 @@ def location_for(place, fake_version = nil) end group :development, :unit_tests do - gem 'rspec-core', '3.1.7', :require => false - gem 'puppetlabs_spec_helper', :require => false - gem 'simplecov', :require => false - gem 'puppet_facts', :require => false - gem 'json', :require => false + gem 'json', :require => false + gem 'metadata-json-lint', :require => false + gem 'puppet_facts', :require => false + gem 'puppet-blacksmith', :require => false + gem 'puppetlabs_spec_helper', :require => false + gem 'rspec-puppet', '>= 2.3.2', :require => false + gem 'simplecov', :require => false end - group :system_tests do + gem 'beaker-puppet_install_helper', :require => false if beaker_version = ENV['BEAKER_VERSION'] gem 'beaker', *location_for(beaker_version) end @@ -27,12 +29,10 @@ group :system_tests do else gem 'beaker-rspec', :require => false end - gem 'serverspec', :require => false - gem 'beaker-puppet_install_helper', :require => false + gem 'master_manipulator', :require => false + gem 'serverspec', :require => false end - - if facterversion = ENV['FACTER_GEM_VERSION'] gem 'facter', facterversion, :require => false else diff --git a/rabbitmq/README.md b/rabbitmq/README.md index 2dbea56d4..1a47b885a 100644 --- a/rabbitmq/README.md +++ b/rabbitmq/README.md @@ -117,6 +117,17 @@ class { 'rabbitmq': } ``` +To change Management Plugin Config Variables in rabbitmq.config, use the parameters +`config_management_variables` e.g.: + +```puppet +class { 'rabbitmq': + config_management_variables => { + 'rates_mode' => 'basic', + } +} +``` + ### Clustering To use RabbitMQ clustering facilities, use the rabbitmq parameters `config_cluster`, `cluster_nodes`, and `cluster_node_type`, e.g.: @@ -149,6 +160,13 @@ class { 'rabbitmq': Boolean, if enabled sets up the management interface/plugin for RabbitMQ. +####`auth_backends` + +An array specifying authorization/authentication backend to use. Syntax: +single quotes should be placed around array entries, ex. ['{foo, baz}', 'baz'] +Defaults to [rabbit_auth_backend_internal], and if using LDAP defaults to +[rabbit_auth_backend_internal, rabbit_auth_backend_ldap]. + ####`cluster_node_type` Choose between disc and ram nodes. @@ -185,6 +203,10 @@ the queue. You can read more about it The path to write the RabbitMQ configuration file to. +####`config_management_variables` + +Hash of configuration variables for the [Management Plugin](https://www.rabbitmq.com/management.html). + ####`config_stomp` Boolean to enable or disable stomp. diff --git a/rabbitmq/Rakefile b/rabbitmq/Rakefile index 181157e6e..35ce31140 100644 --- a/rabbitmq/Rakefile +++ b/rabbitmq/Rakefile @@ -1,5 +1,6 @@ -require 'puppetlabs_spec_helper/rake_tasks' +require 'puppet_blacksmith/rake_tasks' require 'puppet-lint/tasks/puppet-lint' +require 'puppetlabs_spec_helper/rake_tasks' PuppetLint.configuration.fail_on_warnings = true PuppetLint.configuration.send('relative') diff --git a/rabbitmq/manifests/config.pp b/rabbitmq/manifests/config.pp index c544666c3..98e620461 100644 --- a/rabbitmq/manifests/config.pp +++ b/rabbitmq/manifests/config.pp @@ -54,6 +54,8 @@ $wipe_db_on_cookie_change = $rabbitmq::wipe_db_on_cookie_change $config_variables = $rabbitmq::config_variables $config_kernel_variables = $rabbitmq::config_kernel_variables + $config_management_variables = $rabbitmq::config_management_variables + $auth_backends = $rabbitmq::auth_backends $cluster_partition_handling = $rabbitmq::cluster_partition_handling $file_limit = $rabbitmq::file_limit $default_env_variables = { diff --git a/rabbitmq/manifests/init.pp b/rabbitmq/manifests/init.pp index ae2d04bf1..e086fbfbd 100644 --- a/rabbitmq/manifests/init.pp +++ b/rabbitmq/manifests/init.pp @@ -67,6 +67,8 @@ $environment_variables = $rabbitmq::params::environment_variables, $config_variables = $rabbitmq::params::config_variables, $config_kernel_variables = $rabbitmq::params::config_kernel_variables, + $config_management_variables = $rabbitmq::config_management_variables, + $auth_backends = $rabbitmq::params::auth_backends, $key_content = undef, ) inherits rabbitmq::params { @@ -142,6 +144,11 @@ validate_hash($environment_variables) validate_hash($config_variables) validate_hash($config_kernel_variables) + validate_hash($config_management_variables) + + if $auth_backends { + validate_array($auth_backends) + } if $ssl_only and ! $ssl { fail('$ssl_only => true requires that $ssl => true') diff --git a/rabbitmq/manifests/install.pp b/rabbitmq/manifests/install.pp index 476c4e1bf..20ca0903f 100644 --- a/rabbitmq/manifests/install.pp +++ b/rabbitmq/manifests/install.pp @@ -22,4 +22,13 @@ } } + if $rabbitmq::environment_variables['MNESIA_BASE'] { + file { $rabbitmq::environment_variables['MNESIA_BASE']: + ensure => 'directory', + owner => 'root', + group => 'rabbitmq', + mode => '0775', + require => Package['rabbitmq-server'], + } + } } diff --git a/rabbitmq/manifests/params.pp b/rabbitmq/manifests/params.pp index f4bbd2111..41e060051 100644 --- a/rabbitmq/manifests/params.pp +++ b/rabbitmq/manifests/params.pp @@ -121,5 +121,7 @@ $environment_variables = {} $config_variables = {} $config_kernel_variables = {} + $config_management_variables = {} + $auth_backends = undef $file_limit = '16384' } diff --git a/rabbitmq/spec/classes/rabbitmq_spec.rb b/rabbitmq/spec/classes/rabbitmq_spec.rb index ff75acab0..67aecc7dc 100644 --- a/rabbitmq/spec/classes/rabbitmq_spec.rb +++ b/rabbitmq/spec/classes/rabbitmq_spec.rb @@ -658,6 +658,79 @@ ' {port, 389},', ' {foo, bar},', ' {log, true}']) end end + + describe 'configuring auth_backends' do + let :params do + { :auth_backends => ['{baz, foo}', 'bar'] } + end + it 'should contain auth_backends' do + verify_contents(catalogue, 'rabbitmq.config', + [' {auth_backends, [{baz, foo}, bar]},']) + end + end + + describe 'auth_backends overrides ldap_auth' do + let :params do + { :auth_backends => ['{baz, foo}', 'bar'], + :ldap_auth => true, } + end + it 'should contain auth_backends' do + verify_contents(catalogue, 'rabbitmq.config', + [' {auth_backends, [{baz, foo}, bar]},']) + end + end + + describe 'configuring shovel plugin' do + let :params do + { + :config_shovel => true + } + end + + it { should contain_rabbitmq_plugin('rabbitmq_shovel') } + + it { should contain_rabbitmq_plugin('rabbitmq_shovel_management') } + + describe 'with admin_enable false' do + let :params do + { + :config_shovel => true, + :admin_enable => false + } + end + + it { should_not contain_rabbitmq_plugin('rabbitmq_shovel_management') } + end + + describe 'with static shovels' do + let :params do + { + :config_shovel => true, + :config_shovel_statics => { + 'shovel_first' => %q({sources,[{broker,"amqp://"}]}, + {destinations,[{broker,"amqp://site1.example.com"}]}, + {queue,<<"source_one">>}), + 'shovel_second' => %q({sources,[{broker,"amqp://"}]}, + {destinations,[{broker,"amqp://site2.example.com"}]}, + {queue,<<"source_two">>}) + } + } + end + + it "should generate correct configuration" do + verify_contents(catalogue, 'rabbitmq.config', [ +' {rabbitmq_shovel,', +' [{shovels,[', +' {shovel_first,[{sources,[{broker,"amqp://"}]},', +' {destinations,[{broker,"amqp://site1.example.com"}]},', +' {queue,<<"source_one">>}]},', +' {shovel_second,[{sources,[{broker,"amqp://"}]},', +' {destinations,[{broker,"amqp://site2.example.com"}]},', +' {queue,<<"source_two">>}]}', +' ]}]}' ]) + end + end + end describe 'configuring shovel plugin' do let :params do @@ -1085,6 +1158,16 @@ end end + describe 'config_management_variables' do + let(:params) {{ :config_management_variables => { + 'rates_mode' => 'none', + }}} + it 'should set config variables' do + should contain_file('rabbitmq.config') \ + .with_content(/\{rates_mode, none\}/) + end + end + describe 'tcp_keepalive enabled' do let(:params) {{ :tcp_keepalive => true }} it 'should set tcp_listen_options keepalive true' do diff --git a/rabbitmq/spec/spec_helper.rb b/rabbitmq/spec/spec_helper.rb index 2c6f56649..a7f5b4ecb 100644 --- a/rabbitmq/spec/spec_helper.rb +++ b/rabbitmq/spec/spec_helper.rb @@ -1 +1,7 @@ require 'puppetlabs_spec_helper/module_spec_helper' + +# put local configuration and setup into spec_helper_local +begin + require 'spec_helper_local' +rescue LoadError +end diff --git a/rabbitmq/templates/rabbitmq.config.erb b/rabbitmq/templates/rabbitmq.config.erb index 4027ba590..1e62dd2f9 100644 --- a/rabbitmq/templates/rabbitmq.config.erb +++ b/rabbitmq/templates/rabbitmq.config.erb @@ -5,7 +5,9 @@ {ssl, [{versions, [<%= @ssl_versions.sort.map { |v| "'#{v}'" }.join(', ') %>]}]}, <%- end -%> {rabbit, [ -<% if @ldap_auth -%> +<% if @auth_backends -%> + {auth_backends, [<%= @auth_backends.map { |v| "#{v}" }.join(', ') %>]}, +<% elsif @ldap_auth -%> {auth_backends, [rabbit_auth_backend_internal, rabbit_auth_backend_ldap]}, <% end -%> <% if @config_cluster -%> @@ -64,6 +66,11 @@ <%= @config_kernel_variables.sort.map{|k,v| "{#{k}, #{v}}"}.join(",\n ") %> ]} <%- end -%> +<% if @config_management_variables -%>, + {rabbitmq_management, [ + <%= @config_management_variables.sort.map{|k,v| "{#{k}, #{v}}"}.join(",\n ") %> + ]} +<%- end -%> <%- if @admin_enable -%>, {rabbitmq_management, [ {listener, [ diff --git a/sensu/README.md b/sensu/README.md index 24720373d..1de69dee5 100644 --- a/sensu/README.md +++ b/sensu/README.md @@ -185,9 +185,24 @@ site.pp host: '127.0.0.1' port: '2003' mutator: "only_check_output" + 'file': + command: '/etc/sensu/handlers/file.rb' + 'mail': + command: 'mail -s 'sensu event' email@address.com' + sensu::handler_defaults: + type: 'pipe' sensu::checks: 'file_test': command: '/usr/local/bin/check_file_test.sh' + 'chef_client': + command: 'check-chef-client.rb' + sensu::check_defaults: + handlers: 'mail' + sensu::mutators: + 'tag': + command: '/etc/sensu/mutators/tag.rb' + 'graphite': + command: '/etc/sensu/plugins/graphite.rb' classes: - sensu @@ -437,6 +452,47 @@ by using the `sensu_gem` package provider: provider => sensu_gem, } +## Sensitive String Redaction + +Redaction of passwords is supported by this module. To enable it, pass a value to `sensu::redact` +and set some password values with `sensu::client_custom` + +``` + class { 'sensu': + redact => 'password', + client_custom => { + github => { + password => 'correct-horse-battery-staple', + }, + }, + } +``` + +Or with hiera: + +``` +sensu::redact + - :password" +sensu::client_custom: + - sensu::client_custom: + nexus: + password: "correct-horse-battery-staple' +``` + +This ends up like this in the uchiwa console: + +![Sensu Redaction](http://i.imgur.com/K4noGoN.png) + +You can make use of the password now when defining a check by using command substitution: + +``` +sensu::check{ 'check_password_test': + command => '/usr/local/bin/check_password_test --password :::github.password::: ', +} +``` + + + ## Dashboards The following puppet modules exist for managing dashboards @@ -446,4 +502,3 @@ The following puppet modules exist for managing dashboards ## License See LICENSE file. - diff --git a/sensu/lib/puppet/provider/sensu_client_config/json.rb b/sensu/lib/puppet/provider/sensu_client_config/json.rb index 8456bd96b..ab84a9c49 100644 --- a/sensu/lib/puppet/provider/sensu_client_config/json.rb +++ b/sensu/lib/puppet/provider/sensu_client_config/json.rb @@ -41,7 +41,7 @@ def exists? end def check_args - ['name', 'address', 'subscriptions', 'safe_mode', 'socket', 'keepalive'] + ['name', 'address', 'subscriptions', 'safe_mode', 'socket', 'keepalive', 'redact'] end def client_name @@ -76,6 +76,14 @@ def subscriptions=(value) conf['client']['subscriptions'] = value end + def redact + conf['client']['redact'] || [] + end + + def redact=(value) + conf['client']['redact'] = value + end + def custom conf['client'].reject { |k,v| check_args.include?(k) } end diff --git a/sensu/lib/puppet/type/sensu_client_config.rb b/sensu/lib/puppet/type/sensu_client_config.rb index aaf6c697d..74c0a7d49 100644 --- a/sensu/lib/puppet/type/sensu_client_config.rb +++ b/sensu/lib/puppet/type/sensu_client_config.rb @@ -45,6 +45,13 @@ def insync?(is) end end + newproperty(:redact, :array_matching => :all) do + desc "An array of strings that should be redacted in the sensu client config" + def insync?(is) + is.sort == should.sort + end + end + newproperty(:socket) do desc "A set of attributes that configure the Sensu client socket." include PuppetX::Sensu::ToType diff --git a/sensu/manifests/client/config.pp b/sensu/manifests/client/config.pp index b3dfa2d9e..c257f7209 100644 --- a/sensu/manifests/client/config.pp +++ b/sensu/manifests/client/config.pp @@ -33,6 +33,7 @@ safe_mode => $sensu::safe_mode, custom => $sensu::client_custom, keepalive => $sensu::client_keepalive, + redact => $sensu::redact, } } diff --git a/sensu/manifests/init.pp b/sensu/manifests/init.pp index fbffdc194..ddcd7ea09 100644 --- a/sensu/manifests/init.pp +++ b/sensu/manifests/init.pp @@ -267,6 +267,11 @@ # # [*path*] # String. used to set PATH in /etc/default/sensu +# +# [*redact*] +# Array of strings. Use to redact passwords from checks on the client side +# Default: [] + class sensu ( $version = 'latest', $sensu_plugin_name = 'sensu-plugin', @@ -342,11 +347,15 @@ $enterprise_dashboard_github = undef, $enterprise_dashboard_ldap = undef, $path = undef, + $redact = [], ### START Hiera Lookups ### $extensions = {}, $handlers = {}, + $handler_defaults = {}, $checks = {}, + $check_defaults = {}, + $mutators = {}, ### END Hiera Lookups ### ){ @@ -436,8 +445,9 @@ # Create resources from hiera lookups create_resources('::sensu::extension', $extensions) - create_resources('::sensu::handler', $handlers) - create_resources('::sensu::check', $checks) + create_resources('::sensu::handler', $handlers, $handler_defaults) + create_resources('::sensu::check', $checks, $check_defaults) + create_resources('::sensu::mutator', $mutators) # Include everything and let each module determine its state. This allows # transitioning to purged config and stopping/disabling services diff --git a/sensu/manifests/rabbitmq/config.pp b/sensu/manifests/rabbitmq/config.pp index ac46c4855..365e4cdf8 100644 --- a/sensu/manifests/rabbitmq/config.pp +++ b/sensu/manifests/rabbitmq/config.pp @@ -8,7 +8,7 @@ fail("Use of private class ${name} by ${caller_module_name}") } - if $sensu::_purge_config and !$sensu::server and !$sensu::client { + if $sensu::_purge_config and !$sensu::server and !$sensu::client and !$sensu::enterprise { $ensure = 'absent' } else { $ensure = 'present' diff --git a/sensu/manifests/redis/config.pp b/sensu/manifests/redis/config.pp index bfc9dc729..6ca193bb6 100644 --- a/sensu/manifests/redis/config.pp +++ b/sensu/manifests/redis/config.pp @@ -8,7 +8,7 @@ fail("Use of private class ${name} by ${caller_module_name}") } - if $sensu::_purge_config and !$sensu::server and !$sensu::api { + if $sensu::_purge_config and !$sensu::server and !$sensu::api and !$sensu::enterprise { $ensure = 'absent' } else { $ensure = 'present' diff --git a/sensu/spec/classes/sensu_client_spec.rb b/sensu/spec/classes/sensu_client_spec.rb index ba4c4fd59..87772e977 100644 --- a/sensu/spec/classes/sensu_client_spec.rb +++ b/sensu/spec/classes/sensu_client_spec.rb @@ -15,6 +15,7 @@ :address => '2.3.4.5', :socket => { 'bind' => '127.0.0.1', 'port' => 3030 }, :subscriptions => [], + :redact => [], :ensure => 'present', :custom => {} ) } @@ -25,6 +26,7 @@ :client => true, :client_address => '1.2.3.4', :subscriptions => ['all'], + :redact => ['password'], :client_name => 'myclient', :safe_mode => true, :client_custom => { 'bool' => true, 'foo' => 'bar' } @@ -36,6 +38,7 @@ :address => '1.2.3.4', :socket => { 'bind' => '127.0.0.1', 'port' => 3030 }, :subscriptions => ['all'], + :redact => ['password'], :ensure => 'present', :safe_mode => true, :custom => { 'bool' => true, 'foo' => 'bar' } diff --git a/uchiwa/Gemfile b/uchiwa/Gemfile index dc74f6855..ed3d394e5 100755 --- a/uchiwa/Gemfile +++ b/uchiwa/Gemfile @@ -1,5 +1,3 @@ -source 'https://rubygems.org' - source ENV['GEM_SOURCE'] || "https://rubygems.org" group :development, :test do diff --git a/uchiwa/manifests/init.pp b/uchiwa/manifests/init.pp index 5277872fc..832ff4de3 100755 --- a/uchiwa/manifests/init.pp +++ b/uchiwa/manifests/init.pp @@ -90,22 +90,25 @@ # [*sensu_api_endpoints*] # Array of hashes # Default: [{ -# name => 'sensu', -# ssl => false, -# port => 4567, -# user => 'sensu', -# pass => 'sensu', -# path => '', -# timeout => 5, +# name => 'sensu', +# ssl => false, +# hostname => '127.0.0.1', +# port => 4567, +# user => 'sensu', +# pass => 'sensu', +# path => '', +# timeout => 5, # }] -# An array of API endpoints to connect uchiwa to one or multiple sensu servers. +# An array of API endpoints to connect uchiwa to one or multiple sensu servers. +# The host field can be an array of hostnames or ip addresses for redundancy. +# You may also set the host field to be a single hostname or ip address string. # # [*users*] # Array of hashes # An array of user credentials to access the uchiwa dashboard. If set, it takes # precendence over 'user' and 'pass'. -# Example: -# ``` +# Example: +# ``` # [{ # 'username' => 'user1', # 'password' => 'pass1', diff --git a/uchiwa/spec/classes/uchiwa_spec.rb b/uchiwa/spec/classes/uchiwa_spec.rb index d9e4ff7d5..c180f7b69 100644 --- a/uchiwa/spec/classes/uchiwa_spec.rb +++ b/uchiwa/spec/classes/uchiwa_spec.rb @@ -152,6 +152,16 @@ } end + context 'with sensu_api_endpoints multiple hosts' do + let(:params) {{ :sensu_api_endpoints => [ { 'name' => 'foo', 'host' => ['bar', 'baz' ] } ] }} + it { + should contain_file('/etc/sensu/uchiwa.json') \ + .with_content(/"name": "foo"/) \ + .with_content(/"host": "bar"/) + .with_content(/"host": "baz"/) + } + end + context 'with multiple users' do let(:params) {{ :users => [ { 'username' => 'user1', 'password' => 'pass1', 'readonly' => true } ] }} it { diff --git a/uchiwa/templates/etc/sensu/uchiwa.json.erb b/uchiwa/templates/etc/sensu/uchiwa.json.erb index d2720fd52..9b8a1d0fc 100644 --- a/uchiwa/templates/etc/sensu/uchiwa.json.erb +++ b/uchiwa/templates/etc/sensu/uchiwa.json.erb @@ -1,19 +1,28 @@ { "sensu": [ - <%- default_endpoint = scope['uchiwa::params::sensu_api_endpoints'][0] -%> - <%- @sensu_api_endpoints.each_with_index do |endpoint, i| -%> - { - "name": "<%= endpoint['name'] || default_endpoint['name'] %>", - "host": "<%= endpoint['host'] || default_endpoint['host'] %>", - "ssl": <%= endpoint['ssl'] || default_endpoint['ssl'] %>, - "insecure": <%= endpoint['insecure'] || default_endpoint['insecure']%>, - "port": <%= endpoint['port'] || default_endpoint['port'] %>, - "user": "<%= endpoint['user'] || default_endpoint['user'] %>", - "pass": "<%= endpoint['pass'] || default_endpoint['pass'] %>", - "path": "<%= endpoint['path'] || default_endpoint['path'] %>", - "timeout": <%= endpoint['timeout'] || default_endpoint['timeout'] %> - }<%= ',' if i < (@sensu_api_endpoints.size - 1) %> - <%- end -%> + <%- + default_endpoint = scope['uchiwa::params::sensu_api_endpoints'][0] + @sensu_api_endpoints.each_with_index do |endpoint, i| + if !endpoint['host'].kind_of?(Array) + host = endpoint['host'] || default_endpoint['host'] + endpoint['host'] = [] + endpoint['host'] << host + end + endpoint['host'].each_with_index do |host,j| -%> + { + "name": "<%= endpoint['name'] || default_endpoint['name'] %>", + "host": "<%= host %>", + "ssl": <%= endpoint['ssl'] || default_endpoint['ssl'] %>, + "insecure": <%= endpoint['insecure'] || default_endpoint['insecure']%>, + "port": <%= endpoint['port'] || default_endpoint['port'] %>, + "user": "<%= endpoint['user'] || default_endpoint['user'] %>", + "pass": "<%= endpoint['pass'] || default_endpoint['pass'] %>", + "path": "<%= endpoint['path'] || default_endpoint['path'] %>", + "timeout": <%= endpoint['timeout'] || default_endpoint['timeout'] %> + }<%= ',' if j < (endpoint['host'].size - 1) %> + <%- end %> + <%= ',' if i < (@sensu_api_endpoints.size - 1) %> + <%- end -%> ], "uchiwa": { "host": "<%= @host %>",