diff --git a/.travis.yml b/.travis.yml index ecf7d9076..742380f6b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,5 +14,10 @@ matrix: env: PUPPET_GEM_VERSION="~> 3.0" - rvm: 2.1.5 env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes" + - rvm: 2.1.6 + env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" + allow_failures: + - rvm: 2.1.6 + env: PUPPET_GEM_VERSION="~> 4.0" STRICT_VARIABLES="yes" notifications: email: false diff --git a/README.md b/README.md index 268b071b1..087bbc869 100644 --- a/README.md +++ b/README.md @@ -331,6 +331,10 @@ Changes the location of the default [Documentroot](https://httpd.apache.org/docs Enables custom error documents. Defaults to 'false'. +#####`group` + +Changes the group that Apache will answer requests as. The parent process will continue to be run as root, but resource accesses by child processes will be done under this group. By default, puppet will attempt to manage this group as a resource under `::apache`. If this is not what you want, set [`manage_group`](#manage_group) to 'false'. Defaults to the OS-specific default user for apache, as detected in `::apache::params`. + #####`httpd_dir` Changes the base location of the configuration directories used for the apache service. This is useful for specially repackaged HTTPD builds, but might have unintended consequences when used in combination with the default distribution packages. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, '/usr/local/etc/apache22' on FreeBSD, and '/etc/apache2' on Gentoo. @@ -353,7 +357,7 @@ Specifies the location where apache module files are stored. It should not be co #####`loadfile_name` -Sets the file name for the module loadfile. Should be in the format *.load. This can be used to set the module load order. +Sets the file name for the module loadfile. Should be in the format \*.load. This can be used to set the module load order. #####`log_level` @@ -367,6 +371,17 @@ Define additional [LogFormats](https://httpd.apache.org/docs/current/mod/mod_log $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' } ``` +There are a number of predefined LogFormats in the httpd.conf that Puppet writes out: + +```httpd +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +``` + +If your `$log_formats` contains one of those, they will be overwritten with **your** definition. + #####`logroot` Changes the directory where Apache log files for the virtual host are placed. Defaults to '/var/log/httpd' on RedHat, '/var/log/apache2' on Debian, '/var/log/apache22' on FreeBSD, and '/var/log/apache2' on Gentoo. @@ -469,6 +484,10 @@ Controls how TRACE requests per RFC 2616 are handled. More information about [Tr Changes the location of the configuration directory your virtual host configuration files are placed in. Defaults to 'etc/httpd/conf.d' on RedHat, '/etc/apache2/sites-available' on Debian, '/usr/local/etc/apache22/Vhosts' on FreeBSD, and '/etc/apache2/vhosts.d' on Gentoo. +#####`user` + +Changes the user that Apache will answer requests as. The parent process will continue to be run as root, but resource accesses by child processes will be done under this user. By default, puppet will attept to manage this user as a resource under `::apache`. If this is not what you want, set [`manage_user`](#manage_user) to 'false'. Defaults to the OS-specific default user for apache, as detected in `::apache::params`. + #####`apache_name` The name of the Apache package to install. This is automatically detected in `::apache::params`. You might need to override this if you are using a non-standard Apache package, such as those from Red Hat's software collections. @@ -541,6 +560,7 @@ There are many `apache::mod::[name]` classes within this module that can be decl * `auth_basic` * `auth_cas`* (see [`apache::mod::auth_cas`](#class-apachemodauthcas) below) * `auth_kerb` +* `authn_core` * `authn_file` * `authnz_ldap`* * `authz_default` @@ -1357,11 +1377,11 @@ Sets [PassengerPreStart](https://www.phusionpassenger.com/documentation/Users%20 #####`php_flags & values` -Allows per-vhost setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Defaults to '[]'. +Allows per-vhost setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Defaults to '{}'. #####`php_admin_flags & values` -Allows per-vhost setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Defaults to '[]'. +Allows per-vhost setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Defaults to '{}'. #####`port` @@ -1924,9 +1944,10 @@ Allows configuration settings for [directory indexing](http://httpd.apache.org/d apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], - index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], + { path => '/path/to/directory', + directoryindex => 'disabled', # this is needed on Apache 2.4 or mod_autoindex doesn't work + options => ['Indexes','FollowSymLinks','MultiViews'], + index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], }, ], } @@ -1948,6 +1969,23 @@ Sets the [default ordering](http://httpd.apache.org/docs/current/mod/mod_autoind } ``` +######`index_style_sheet` + +Sets the [IndexStyleSheet](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet) which adds a CSS stylesheet to the directory index. + +```puppet + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], + index_options => ['FancyIndexing'], + index_style_sheet => '/styles/style.css', + }, + ], + } +``` + ######`options` Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp index 145c4feeb..0d8969ca6 100644 --- a/manifests/default_mods.pp +++ b/manifests/default_mods.pp @@ -22,6 +22,9 @@ ::apache::mod { 'log_config': } ::apache::mod { 'unixd': } } + 'Suse': { + ::apache::mod { 'log_config': } + } default: {} } case $::osfamily { @@ -34,13 +37,12 @@ if $all { case $::osfamily { 'debian': { + include ::apache::mod::authn_core include ::apache::mod::reqtimeout - if versioncmp($apache_version, '2.4') >= 0 { - ::apache::mod { 'authn_core': } - } } 'redhat': { include ::apache::mod::actions + include ::apache::mod::authn_core include ::apache::mod::cache include ::apache::mod::mime include ::apache::mod::mime_magic @@ -61,16 +63,14 @@ ::apache::mod { 'substitute': } ::apache::mod { 'usertrack': } - if versioncmp($apache_version, '2.4') >= 0 { - ::apache::mod { 'authn_core': } - } - else { + if versioncmp($apache_version, '2.4') < 0 { ::apache::mod { 'authn_alias': } ::apache::mod { 'authn_default': } } } 'freebsd': { include ::apache::mod::actions + include ::apache::mod::authn_core include ::apache::mod::cache include ::apache::mod::disk_cache include ::apache::mod::headers @@ -88,7 +88,6 @@ ::apache::mod { 'auth_digest': } ::apache::mod { 'auth_form': } ::apache::mod { 'authn_anon': } - ::apache::mod { 'authn_core': } ::apache::mod { 'authn_dbm': } ::apache::mod { 'authn_socache': } ::apache::mod { 'authz_dbd': } diff --git a/manifests/init.pp b/manifests/init.pp index 22b2361ae..9e6da9813 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -281,6 +281,12 @@ require => Package['httpd'], } } + 'Suse': { + $pidfile = '/var/run/httpd2.pid' + $error_log = 'error.log' + $scriptalias = '/usr/lib/cgi-bin' + $access_log_file = 'access.log' + } default: { fail("Unsupported osfamily ${::osfamily}") } diff --git a/manifests/mod.pp b/manifests/mod.pp index bc52d2e20..920114a7c 100644 --- a/manifests/mod.pp +++ b/manifests/mod.pp @@ -126,5 +126,40 @@ notify => Class['apache::service'], } } + } elsif $::osfamily == 'Suse' { + $enable_dir = $::apache::mod_enable_dir + file{ "${_loadfile_name} symlink": + ensure => link, + path => "${enable_dir}/${_loadfile_name}", + target => "${mod_dir}/${_loadfile_name}", + owner => 'root', + group => $::apache::params::root_group, + mode => '0644', + require => [ + File[$_loadfile_name], + Exec["mkdir ${enable_dir}"], + ], + before => File[$enable_dir], + notify => Class['apache::service'], + } + # Each module may have a .conf file as well, which should be + # defined in the class apache::mod::module + # Some modules do not require this file. + if defined(File["${mod}.conf"]) { + file{ "${mod}.conf symlink": + ensure => link, + path => "${enable_dir}/${mod}.conf", + target => "${mod_dir}/${mod}.conf", + owner => 'root', + group => $::apache::params::root_group, + mode => '0644', + require => [ + File["${mod}.conf"], + Exec["mkdir ${enable_dir}"], + ], + before => File[$enable_dir], + notify => Class['apache::service'], + } + } } } diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp index c1f60fd62..2f078f645 100644 --- a/manifests/mod/alias.pp +++ b/manifests/mod/alias.pp @@ -6,6 +6,7 @@ $icons_path = $::osfamily ? { 'debian' => '/usr/share/apache2/icons', + 'Suse' => '/usr/share/apache2/icons', 'redhat' => $ver24 ? { true => '/usr/share/httpd/icons', default => '/var/www/icons', diff --git a/manifests/mod/authn_core.pp b/manifests/mod/authn_core.pp new file mode 100644 index 000000000..c5ce5b107 --- /dev/null +++ b/manifests/mod/authn_core.pp @@ -0,0 +1,7 @@ +class apache::mod::authn_core( + $apache_version = $::apache::apache_version +) { + if versioncmp($apache_version, '2.4') >= 0 { + ::apache::mod { 'authn_core': } + } +} diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp index 035e8818a..91567de11 100644 --- a/manifests/mod/prefork.pp +++ b/manifests/mod/prefork.pp @@ -60,7 +60,7 @@ } } } - 'debian', 'freebsd' : { + 'debian', 'freebsd', 'Suse' : { ::apache::mpm{ 'prefork': apache_version => $apache_version, } diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp index 02a1beae3..25925f807 100644 --- a/manifests/mod/worker.pp +++ b/manifests/mod/worker.pp @@ -62,7 +62,7 @@ } } } - 'debian', 'freebsd': { + 'debian', 'freebsd', 'Suse': { ::apache::mpm{ 'worker': apache_version => $apache_version, } diff --git a/manifests/mpm.pp b/manifests/mpm.pp index 2478184f5..9e7734945 100644 --- a/manifests/mpm.pp +++ b/manifests/mpm.pp @@ -68,6 +68,38 @@ 'redhat': { # so we don't fail } + 'Suse': { + file { "${::apache::mod_enable_dir}/${mpm}.conf": + ensure => link, + target => "${::apache::mod_dir}/${mpm}.conf", + require => Exec["mkdir ${::apache::mod_enable_dir}"], + before => File[$::apache::mod_enable_dir], + notify => Class['apache::service'], + } + + if versioncmp($apache_version, '2.4') >= 0 { + file { "${::apache::mod_enable_dir}/${mpm}.load": + ensure => link, + target => "${::apache::mod_dir}/${mpm}.load", + require => Exec["mkdir ${::apache::mod_enable_dir}"], + before => File[$::apache::mod_enable_dir], + notify => Class['apache::service'], + } + + if $mpm == 'itk' { + file { "${lib_path}/mod_mpm_itk.so": + ensure => link, + target => "${lib_path}/mpm_itk.so" + } + } + } + + if versioncmp($apache_version, '2.4') < 0 { + package { "apache2-${mpm}": + ensure => present, + } + } + } default: { fail("Unsupported osfamily ${::osfamily}") } diff --git a/manifests/params.pp b/manifests/params.pp index ce5edec12..b5d142136 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -417,6 +417,66 @@ $wsgi_socket_prefix = undef $docroot = '/var/www/localhost/htdocs' $error_documents_path = '/usr/share/apache2/error' + } elsif $::osfamily == 'Suse' { + $user = 'wwwrun' + $group = 'wwwrun' + $root_group = 'root' + $apache_name = 'apache2' + $service_name = 'apache2' + $httpd_dir = '/etc/apache2' + $server_root = '/etc/apache2' + $conf_dir = $httpd_dir + $confd_dir = "${httpd_dir}/conf.d" + $mod_dir = "${httpd_dir}/mods-available" + $mod_enable_dir = "${httpd_dir}/mods-enabled" + $vhost_dir = "${httpd_dir}/sites-available" + $vhost_enable_dir = "${httpd_dir}/sites-enabled" + $conf_file = 'httpd.conf' + $ports_file = "${conf_dir}/ports.conf" + $logroot = '/var/log/apache2' + $logroot_mode = undef + $lib_path = '/usr/lib64/apache2-prefork/' + $mpm_module = 'prefork' + $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' + $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' + $ssl_certs_dir = '/etc/ssl/certs' + $suphp_addhandler = 'x-httpd-php' + $suphp_engine = 'off' + $suphp_configpath = '/etc/php5/apache2' + $mod_packages = { + 'auth_kerb' => 'apache2-mod_auth_kerb', + 'fcgid' => 'apache2-mod_fcgid', + 'perl' => 'apache2-mod_perl', + 'php5' => 'apache2-mod_php53', + 'python' => 'apache2-mod_python', + } + $mod_libs = { + 'php5' => 'libphp5.so', + } + $conf_template = 'apache/httpd.conf.erb' + $keepalive = 'Off' + $keepalive_timeout = 15 + $max_keepalive_requests = 100 + $fastcgi_lib_path = '/var/lib/apache2/fastcgi' + $mime_support_package = 'aaa_base' + $mime_types_config = '/etc/mime.types' + $docroot = '/srv/www' + $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/' + $error_documents_path = '/usr/share/apache2/error' + $dev_packages = ['libapr-util1-devel', 'libapr1-devel'] + + # + # Passenger-specific settings + # + + $passenger_conf_file = 'passenger.conf' + $passenger_conf_package_file = undef + + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $passenger_default_ruby = undef + $wsgi_socket_prefix = undef + } else { fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") } diff --git a/manifests/version.pp b/manifests/version.pp index a0c9d0dc9..527dc6d38 100644 --- a/manifests/version.pp +++ b/manifests/version.pp @@ -35,6 +35,9 @@ 'Gentoo': { $default = '2.4' } + 'Suse': { + $default = '2.2' + } default: { fail("Class['apache::version']: Unsupported osfamily: ${::osfamily}") } diff --git a/manifests/vhost.pp b/manifests/vhost.pp index bbb5e61f2..17f61e313 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -361,7 +361,7 @@ # Load mod_alias if needed and not yet loaded if ($scriptalias or $scriptaliases != []) or ($redirect_source and $redirect_dest) { - if ! defined(Class['apache::mod::alias']) { + if ! defined(Class['apache::mod::alias']) and ($ensure == 'present') { include ::apache::mod::alias } } diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index 07ef1cc27..b82eafa0d 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -218,6 +218,23 @@ end end + describe "Override existing LogFormats" do + context "When parameter log_formats is a hash" do + let :params do + { :log_formats => { + 'common' => "%v %h %l %u %t \"%r\" %>s %b", + 'combined' => "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" + } } + end + + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" common\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").without_content %r{^LogFormat "%h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" common\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").without_content %r{^LogFormat "%h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n} } + end + end + context "on Ubuntu" do let :facts do super().merge({ @@ -660,6 +677,7 @@ # Assert that load files are placed for these mods, but no conf file. [ 'auth_basic', + 'authn_core', 'authn_file', 'authz_groupfile', 'authz_host', diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 816fd99a1..47c1b1f45 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -183,6 +183,12 @@ 'provider' => 'files', 'require' => 'all granted', }, + { 'path' => '/var/www/files/indexed_directory', + 'directoryindex' => 'disabled', + 'options' => ['Indexes','FollowSymLinks','MultiViews'], + 'index_options' => ['FancyIndexing'], + 'index_style_sheet' => '/styles/style.css', + }, ], 'error_log' => false, 'error_log_file' => 'httpd_error_log', @@ -360,6 +366,14 @@ :content => /^\s+Require all denied$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( :content => /^\s+Require all granted$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+Options\sIndexes\sFollowSymLinks\sMultiViews$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+IndexOptions\sFancyIndexing$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+IndexStyleSheet\s'\/styles\/style\.css'$/ ) } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories').with( + :content => /^\s+DirectoryIndex\sdisabled$/ ) } it { is_expected.to contain_concat__fragment('rspec.example.com-additional_includes') } it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } @@ -448,7 +462,7 @@ it { is_expected.to_not contain_class('apache::mod::passenger') } it { is_expected.to_not contain_class('apache::mod::suexec') } it { is_expected.to_not contain_class('apache::mod::rewrite') } - it { is_expected.to contain_class('apache::mod::alias') } + it { is_expected.to_not contain_class('apache::mod::alias') } it { is_expected.to_not contain_class('apache::mod::proxy') } it { is_expected.to_not contain_class('apache::mod::proxy_http') } it { is_expected.to_not contain_class('apache::mod::passenger') } diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 6c50e2871..8664a43e4 100644 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -60,10 +60,18 @@ Include "<%= @mod_load_dir %>/*.conf" <% end -%> Include "<%= @ports_file %>" +<% unless @log_formats.has_key?('combined') -%> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +<% end -%> +<% unless @log_formats.has_key?('common') -%> LogFormat "%h %l %u %t \"%r\" %>s %b" common +<% end -%> +<% unless @log_formats.has_key?('referer') -%> LogFormat "%{Referer}i -> %U" referer +<% end -%> +<% unless @log_formats.has_key?('agent') -%> LogFormat "%{User-agent}i" agent +<% end -%> <% if @log_formats and !@log_formats.empty? -%> <%- @log_formats.sort.each do |nickname,format| -%> LogFormat "<%= format -%>" <%= nickname %> diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index 1f45d2c0e..529d9bdff 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -46,6 +46,9 @@ <%- end -%> <%- if directory['index_order_default'] -%> IndexOrderDefault <%= Array(directory['index_order_default']).join(' ') %> + <%- end -%> + <%- if directory['index_style_sheet'] -%> + IndexStyleSheet '<%= directory['index_style_sheet'] %>' <%- end -%> <%- if directory['allow_override'] -%> AllowOverride <%= Array(directory['allow_override']).join(' ') %>