Merge remote-tracking branch 'upstream/master' into geoip_scanproxyhe…

…aderfield
xbezdick · Jun 1, 2015 · dbbd1d9 · dbbd1d9
2 parents 4673e29 + bf061e6
commit dbbd1d9
Show file tree

Hide file tree

Showing 17 changed files with 247 additions and 18 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -14,5 +14,10 @@ matrix:
     env: PUPPET_GEM_VERSION="~> 3.0"
   - rvm: 2.1.5
     env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes"
+  - rvm: 2.1.6
+    env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes"
+  allow_failures:
+    - rvm: 2.1.6
+      env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes"
 notifications:
   email: false
diff --git a/README.md b/README.md
@@ -331,6 +331,10 @@ Changes the location of the default [Documentroot](https://httpd.apache.org/docs
 
 Enables custom error documents. Defaults to 'false'.
 
+#####`group`
+
+Changes the group that Apache will answer requests as. The parent process will continue to be run as root, but resource accesses by child processes will be done under this group. By default, puppet will attempt to manage this group as a resource under `::apache`. If this is not what you want, set [`manage_group`](#manage_group) to 'false'. Defaults to the OS-specific default user for apache, as detected in `::apache::params`.
+
 #####`httpd_dir`
 
 Changes the base location of the configuration directories used for the apache service. This is useful for specially repackaged HTTPD builds, but might have unintended consequences when used in combination with the default distribution packages. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, '/usr/local/etc/apache22' on FreeBSD, and '/etc/apache2' on Gentoo.
@@ -353,7 +357,7 @@ Specifies the location where apache module files are stored. It should not be co
 
 #####`loadfile_name`
 
-Sets the file name for the module loadfile. Should be in the format *.load.  This can be used to set the module load order.
+Sets the file name for the module loadfile. Should be in the format \*.load.  This can be used to set the module load order.
 
 #####`log_level`
 
@@ -367,6 +371,17 @@ Define additional [LogFormats](https://httpd.apache.org/docs/current/mod/mod_log
   $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' }
 ```
 
+There are a number of predefined LogFormats in the httpd.conf that Puppet writes out:
+
+```httpd
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+```
+
+If your `$log_formats` contains one of those, they will be overwritten with **your** definition.
+
 #####`logroot`
 
 Changes the directory where Apache log files for the virtual host are placed. Defaults to '/var/log/httpd' on RedHat, '/var/log/apache2' on Debian, '/var/log/apache22' on FreeBSD, and '/var/log/apache2' on Gentoo.
@@ -469,6 +484,10 @@ Controls how TRACE requests per RFC 2616 are handled. More information about [Tr
 
 Changes the location of the configuration directory your virtual host configuration files are placed in. Defaults to 'etc/httpd/conf.d' on RedHat, '/etc/apache2/sites-available' on Debian, '/usr/local/etc/apache22/Vhosts' on FreeBSD, and '/etc/apache2/vhosts.d' on Gentoo.
 
+#####`user`
+
+Changes the user that Apache will answer requests as. The parent process will continue to be run as root, but resource accesses by child processes will be done under this user. By default, puppet will attept to manage this user as a resource under `::apache`. If this is not what you want, set [`manage_user`](#manage_user) to 'false'. Defaults to the OS-specific default user for apache, as detected in `::apache::params`.
+
 #####`apache_name`
 
 The name of the Apache package to install. This is automatically detected in `::apache::params`. You might need to override this if you are using a non-standard Apache package, such as those from Red Hat's software collections.
@@ -541,6 +560,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl
 * `auth_basic`
 * `auth_cas`* (see [`apache::mod::auth_cas`](#class-apachemodauthcas) below)
 * `auth_kerb`
+* `authn_core`
 * `authn_file`
 * `authnz_ldap`*
 * `authz_default`
@@ -1357,11 +1377,11 @@ Sets [PassengerPreStart](https://www.phusionpassenger.com/documentation/Users%20
 
 #####`php_flags & values`
 
-Allows per-vhost setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Defaults to '[]'.
+Allows per-vhost setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Defaults to '{}'.
 
 #####`php_admin_flags & values`
 
-Allows per-vhost setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Defaults to '[]'.
+Allows per-vhost setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Defaults to '{}'.
 
 #####`port`
 
@@ -1924,9 +1944,10 @@ Allows configuration settings for [directory indexing](http://httpd.apache.org/d
     apache::vhost { 'sample.example.net':
       docroot     => '/path/to/directory',
       directories => [
-        { path          => '/path/to/directory',
-          options       => ['Indexes','FollowSymLinks','MultiViews'],
-          index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'],
+        { path           => '/path/to/directory',
+          directoryindex => 'disabled', # this is needed on Apache 2.4 or mod_autoindex doesn't work
+          options        => ['Indexes','FollowSymLinks','MultiViews'],
+          index_options  => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'],
         },
       ],
     }
@@ -1948,6 +1969,23 @@ Sets the [default ordering](http://httpd.apache.org/docs/current/mod/mod_autoind
     }
 ```
 
+######`index_style_sheet`
+
+Sets the [IndexStyleSheet](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet) which adds a CSS stylesheet to the directory index.
+
+```puppet
+    apache::vhost { 'sample.example.net':
+      docroot     => '/path/to/directory',
+      directories => [
+        { path              => '/path/to/directory',
+          options           => ['Indexes','FollowSymLinks','MultiViews'],
+          index_options     => ['FancyIndexing'],
+          index_style_sheet => '/styles/style.css',
+        },
+      ],
+    }
+```
+
 ######`options`
 
 Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block.

diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp
@@ -22,6 +22,9 @@
       ::apache::mod { 'log_config': }
       ::apache::mod { 'unixd': }
     }
+    'Suse': {
+      ::apache::mod { 'log_config': }
+    }
     default: {}
   }
   case $::osfamily {
@@ -34,13 +37,12 @@
   if $all {
     case $::osfamily {
       'debian': {
+        include ::apache::mod::authn_core
         include ::apache::mod::reqtimeout
-        if versioncmp($apache_version, '2.4') >= 0 {
-          ::apache::mod { 'authn_core': }
-        }
       }
       'redhat': {
         include ::apache::mod::actions
+        include ::apache::mod::authn_core
         include ::apache::mod::cache
         include ::apache::mod::mime
         include ::apache::mod::mime_magic
@@ -61,16 +63,14 @@
         ::apache::mod { 'substitute': }
         ::apache::mod { 'usertrack': }
 
-        if versioncmp($apache_version, '2.4') >= 0 {
-          ::apache::mod { 'authn_core': }
-        }
-        else {
+        if versioncmp($apache_version, '2.4') < 0 {
           ::apache::mod { 'authn_alias': }
           ::apache::mod { 'authn_default': }
         }
       }
       'freebsd': {
         include ::apache::mod::actions
+        include ::apache::mod::authn_core
         include ::apache::mod::cache
         include ::apache::mod::disk_cache
         include ::apache::mod::headers
@@ -88,7 +88,6 @@
         ::apache::mod { 'auth_digest': }
         ::apache::mod { 'auth_form': }
         ::apache::mod { 'authn_anon': }
-        ::apache::mod { 'authn_core': }
         ::apache::mod { 'authn_dbm': }
         ::apache::mod { 'authn_socache': }
         ::apache::mod { 'authz_dbd': }

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -281,6 +281,12 @@
           require => Package['httpd'],
         }
       }
+      'Suse': {
+        $pidfile              = '/var/run/httpd2.pid'
+        $error_log            = 'error.log'
+        $scriptalias          = '/usr/lib/cgi-bin'
+        $access_log_file      = 'access.log'
+      }
       default: {
         fail("Unsupported osfamily ${::osfamily}")
       }

diff --git a/manifests/mod.pp b/manifests/mod.pp
@@ -126,5 +126,40 @@
         notify  => Class['apache::service'],
       }
     }
+  } elsif $::osfamily == 'Suse' {
+    $enable_dir = $::apache::mod_enable_dir
+    file{ "${_loadfile_name} symlink":
+      ensure  => link,
+      path    => "${enable_dir}/${_loadfile_name}",
+      target  => "${mod_dir}/${_loadfile_name}",
+      owner   => 'root',
+      group   => $::apache::params::root_group,
+      mode    => '0644',
+      require => [
+        File[$_loadfile_name],
+        Exec["mkdir ${enable_dir}"],
+      ],
+      before  => File[$enable_dir],
+      notify  => Class['apache::service'],
+    }
+    # Each module may have a .conf file as well, which should be
+    # defined in the class apache::mod::module
+    # Some modules do not require this file.
+    if defined(File["${mod}.conf"]) {
+      file{ "${mod}.conf symlink":
+        ensure  => link,
+        path    => "${enable_dir}/${mod}.conf",
+        target  => "${mod_dir}/${mod}.conf",
+        owner   => 'root',
+        group   => $::apache::params::root_group,
+        mode    => '0644',
+        require => [
+          File["${mod}.conf"],
+          Exec["mkdir ${enable_dir}"],
+        ],
+        before  => File[$enable_dir],
+        notify  => Class['apache::service'],
+      }
+    }
   }
 }
diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp
@@ -6,6 +6,7 @@
 
   $icons_path = $::osfamily ? {
     'debian'  => '/usr/share/apache2/icons',
+    'Suse'    => '/usr/share/apache2/icons',
     'redhat'  => $ver24 ? {
       true    => '/usr/share/httpd/icons',
       default => '/var/www/icons',

diff --git a/manifests/mod/authn_core.pp b/manifests/mod/authn_core.pp
@@ -0,0 +1,7 @@
+class apache::mod::authn_core(
+  $apache_version = $::apache::apache_version
+) {
+  if versioncmp($apache_version, '2.4') >= 0 {
+    ::apache::mod { 'authn_core': }
+  }
+}
diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp
@@ -60,7 +60,7 @@
         }
       }
     }
-    'debian', 'freebsd' : {
+    'debian', 'freebsd', 'Suse' : {
       ::apache::mpm{ 'prefork':
         apache_version => $apache_version,
       }

diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp
@@ -62,7 +62,7 @@
         }
       }
     }
-    'debian', 'freebsd': {
+    'debian', 'freebsd', 'Suse': {
       ::apache::mpm{ 'worker':
         apache_version => $apache_version,
       }

diff --git a/manifests/mpm.pp b/manifests/mpm.pp
@@ -68,6 +68,38 @@
     'redhat': {
       # so we don't fail
     }
+    'Suse': {
+      file { "${::apache::mod_enable_dir}/${mpm}.conf":
+        ensure  => link,
+        target  => "${::apache::mod_dir}/${mpm}.conf",
+        require => Exec["mkdir ${::apache::mod_enable_dir}"],
+        before  => File[$::apache::mod_enable_dir],
+        notify  => Class['apache::service'],
+      }
+
+      if versioncmp($apache_version, '2.4') >= 0 {
+        file { "${::apache::mod_enable_dir}/${mpm}.load":
+          ensure  => link,
+          target  => "${::apache::mod_dir}/${mpm}.load",
+          require => Exec["mkdir ${::apache::mod_enable_dir}"],
+          before  => File[$::apache::mod_enable_dir],
+          notify  => Class['apache::service'],
+        }
+
+        if $mpm == 'itk' {
+            file { "${lib_path}/mod_mpm_itk.so":
+              ensure => link,
+              target => "${lib_path}/mpm_itk.so"
+            }
+        }
+      }
+
+      if versioncmp($apache_version, '2.4') < 0 {
+        package { "apache2-${mpm}":
+          ensure => present,
+        }
+      }
+    }
     default: {
       fail("Unsupported osfamily ${::osfamily}")
     }

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -417,6 +417,66 @@
     $wsgi_socket_prefix   = undef
     $docroot              = '/var/www/localhost/htdocs'
     $error_documents_path = '/usr/share/apache2/error'
+  } elsif $::osfamily == 'Suse' {
+    $user                = 'wwwrun'
+    $group               = 'wwwrun'
+    $root_group          = 'root'
+    $apache_name         = 'apache2'
+    $service_name        = 'apache2'
+    $httpd_dir           = '/etc/apache2'
+    $server_root         = '/etc/apache2'
+    $conf_dir            = $httpd_dir
+    $confd_dir           = "${httpd_dir}/conf.d"
+    $mod_dir             = "${httpd_dir}/mods-available"
+    $mod_enable_dir      = "${httpd_dir}/mods-enabled"
+    $vhost_dir           = "${httpd_dir}/sites-available"
+    $vhost_enable_dir    = "${httpd_dir}/sites-enabled"
+    $conf_file           = 'httpd.conf'
+    $ports_file          = "${conf_dir}/ports.conf"
+    $logroot             = '/var/log/apache2'
+    $logroot_mode        = undef
+    $lib_path            = '/usr/lib64/apache2-prefork/'
+    $mpm_module          = 'prefork'
+    $default_ssl_cert    = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
+    $default_ssl_key     = '/etc/ssl/private/ssl-cert-snakeoil.key'
+    $ssl_certs_dir       = '/etc/ssl/certs'
+    $suphp_addhandler    = 'x-httpd-php'
+    $suphp_engine        = 'off'
+    $suphp_configpath    = '/etc/php5/apache2'
+    $mod_packages        = {
+      'auth_kerb'   => 'apache2-mod_auth_kerb',
+      'fcgid'       => 'apache2-mod_fcgid',
+      'perl'        => 'apache2-mod_perl',
+      'php5'        => 'apache2-mod_php53',
+      'python'      => 'apache2-mod_python',
+    }
+    $mod_libs             = {
+      'php5' => 'libphp5.so',
+    }
+    $conf_template          = 'apache/httpd.conf.erb'
+    $keepalive              = 'Off'
+    $keepalive_timeout      = 15
+    $max_keepalive_requests = 100
+    $fastcgi_lib_path       = '/var/lib/apache2/fastcgi'
+    $mime_support_package = 'aaa_base'
+    $mime_types_config    = '/etc/mime.types'
+    $docroot              = '/srv/www'
+    $cas_cookie_path      = '/var/cache/apache2/mod_auth_cas/'
+    $error_documents_path = '/usr/share/apache2/error'
+    $dev_packages        = ['libapr-util1-devel', 'libapr1-devel']
+
+    #
+    # Passenger-specific settings
+    #
+
+    $passenger_conf_file          = 'passenger.conf'
+    $passenger_conf_package_file  = undef
+
+    $passenger_root               = '/usr'
+    $passenger_ruby               = '/usr/bin/ruby'
+    $passenger_default_ruby       = undef
+    $wsgi_socket_prefix           = undef
+
   } else {
     fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}")
   }

diff --git a/manifests/version.pp b/manifests/version.pp
@@ -35,6 +35,9 @@
     'Gentoo': {
       $default = '2.4'
     }
+    'Suse': {
+      $default = '2.2'
+    }
     default: {
       fail("Class['apache::version']: Unsupported osfamily: ${::osfamily}")
     }

diff --git a/manifests/vhost.pp b/manifests/vhost.pp
@@ -361,7 +361,7 @@
 
   # Load mod_alias if needed and not yet loaded
   if ($scriptalias or $scriptaliases != []) or ($redirect_source and $redirect_dest) {
-    if ! defined(Class['apache::mod::alias']) {
+    if ! defined(Class['apache::mod::alias'])  and ($ensure == 'present') {
       include ::apache::mod::alias
     }
   }