The vhost::proxy vhost template file uses the ssl_path var.
Unfortuantely this isn't defined in params so we get errors like:
Unknown variable: 'httpd::params::ssl_path'. at /etc/puppetlabs/code/modules/httpd/manifests/vhost/proxy.pp:37:15
Fix that by defining a value. Note this value should be correct for
debuntu, but is probably wrong for RHEL/CentOS.
Change-Id: Idbb1ac60a17d5506c4dd0d19eb10c1a45741c3b5
Evaluating the template from the vhost defined type rather than the
module where it originates causes problems when dereferencing the
variables in the ERB file. If they are not accessed via the internal
scope object, they can't be found when using puppet 4. The scope object
is also useless when the variables are defined in a defined type and not
a class.
This patch adds a new parameter, $content, which overrides the $template
parameter. If provided, $content indicates the literal string content
for the vhost, as opposed to a reference to a template that needs to be
rendered. This can be used like this:
$content = template('example/example.vhost.erb')
httpd::vhost { 'vhostname':
content => $content,
priority => 50
}
This way the template is evaluated when the template() function is
called and has access to variables in that scope.
Change-Id: Ibe3c609d92f3321f43f4794062a64b119b07a1d0
When running on CentOS, that problem still persists: when trying
to access files under a vhost, apache was failing with
Access denied because search permissions are missing.
So running chcon on the docroot for each vhost
Please note that this change was reverted before. That was caused
by puppet-cgit sending a dummy location "MEANINGLESS ARGUMENT"
to docroot argument of vhost. To avoid that failure, execute only
the chcon call if docroot exists and is a directory.
Change-Id: I4ab7d4cc6d2115bd8f980be7f14a6a4557ffeb87
We are reverting as this breaks our gitXX.o.o servers, which are centos-7. EG:
(/Stage[main]/Cgit/Httpd::Vhost[git.openstack.org]/Exec[update_context_MEANINGLESS ARGUMENT]/returns) chcon: cannot access ‘MEANINGLESS’: No such file or directory
This reverts commit 10844f7c9e84d1640039e1c6d73930b9b599c304.
Change-Id: I06435e6203bd8770bc6a817d3f0b33a05d84bdf6
When running on CentOS, two problems appeared:
- when using proxy, apache was failing with an error 500,
fixed by enabling httpd_can_network_connect
- when trying to access files under a vhost, apache was
failing with Access denied because search permissions
are missing. So running chcon on the docroot for each vhost
Change-Id: I87c4c0e51f05eab8f5c8e094c2c54504e60b97af
Order and intendation of those parameters are changed
to follow Puppet Style Guide recommendation [0].
Moreover, it will allow to an user to find much faster
a variable in a list of variables.
[0]. https://docs.puppetlabs.com/guides/style_guide.html
Change-Id: If2443cbc57671784cfcb31bbe0ada0c09f78c996
Enable Server Name Indication (SNI) on Ubuntu 12.04 LTS which runs
Apache 2.2. This allows running multiple HTTPS sites from one IP
address/TCP port when SubjectAltNames are specified in the
certificate, but MSIE on WinXP does not support this extension and
so will cease working for HTTPS sites managed by this module. Note
that this behavior is already implicit on Apache 2.4 based platforms
(such as Ubuntu 14.04 LTS).
Change-Id: I05c8e335f68d9461d8d81a3d12343d1920a738d4
We recently introduced on bf7ce40e2fe7e28dab11ee2fb0ae26a50b5fa8bd the
use of mod_version. The module is enabled and installed by default on
Ubuntu Trusty 14.04, CentOS 6 and CentOS 7.
On Ubuntu Precise 12.04 the module comes installed, but not enabled by
default. This is needed to maintain compatibility with downstream pool
of servers.
Change-Id: I01a8a12b959e3cbecd0355562db0393404ae54bf
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
While working on puppet-lodgeit acceptance tests we found that the
configuration file that `httpd::mod::proxy` creates was not being picked
up by Apache because it was missing the prefix `.conf`. This transition
is required to configure httpd modules correctly on Apache >= 2.4
To prevent Apache from loading two the same configuration twice, we
remove the file without extension, so this change does not affect
running systems.
This change has fixes for `httpd::mod::proxy` and `httpd::mod::redirect`
as they have the same issue. We added tests as well to increase the
confidence on the fix.
The acceptance will be fixed on the follow-up patch, as the redirect
grants are broken for 2.4 as well.
Change-Id: I82241038d687316f91f18209fe8323c12422e2f8
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
According to
https://docs.puppetlabs.com/puppet/3.8/reference/lang_datatypes.html
there is no way to end a single-quoted string with a literal
backslash, so fold this content into the preceding double-quoted
string in an effort to satisfy the linter as well.
Change-Id: Ic639cd2fc1c7953cbf4311ce7c958f9bdb61e31b
If any locations are being excluded from reverse-proxying, we need
to be able to specify a DocumentRoot to serve up un-proxied files.
Change-Id: I1c5fe6f73b5983886578975e89c5e4148b506795
A user of httpd::vhost::proxy may wish to exclude certain URLs from
being proxied. This change allows the template to be populated with
such exclusions.
Change-Id: I55a86d3c703a667daf55cb75cf559eb23a556219
CentOS 7 has offically deprecated mod_python in favor of mod_wsgi and
the package is not available anymore. This change add a note on the
module about the offically supported way to run python applications on
CentOS 7.
Change-Id: I9bf2e0dde6575f50db6ce12abf896b5890b42419
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
Replace usage of httpd_mod with the httpd::mod wrapper to allow classes
to be applied as well on RedHat systems and have the httpd service
ordering fixed.
Change-Id: If790efd7b465e77c2eca7710f79e563d69ee3783
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
While writing acceptance tests for puppet-httpd we noticed that the
manifest of httpd::python is not working on Ubuntu Trusty.
The httpd::python manifest was using a non-declared
$apache::params::mod_python_package instead of
$httpd::params::mod_python_package
Change-Id: I4db9298aba7da90a017527b2fb29dcd17af28efc
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
While writing acceptance tests for puppet-httpd we noticed that the
manifest of httpd::dev was not working on Ubuntu Trusty.
That is because httpd::dev was trying to install multiple package using
the wrong syntax. Also, the one of the modules for Ubuntu was wrong and
we updated to keep applying.
Co-Authored-By: Bruno Tavares <btavare@thoughtworks.com>
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
Change-Id: Ibe1e107417b4670902f74b8c2fedc0d9d927ce9b
This allows for before => Service['httpd'] on every resource without
being explicit.
Co-Authored-By: Bruno Tavares <btavare@thoughtworks.com>
Co-Authored-By: Glauco Oliveira <gvinici@thoughtworks.com>
Change-Id: I0e991a7a63317e608cc6ef35b58dc79b518ba863
Adding this subclass to httpd configuration, to allow
modules using this manifest to setup log rotation for
apache on demand.
Please note that apache is installing a logrotate file by
default here, but naming that on same way will overwrite it,
and allow our desired log rotation.
Depends-On: I7451ecc550b50b85c55784ef598f6b45412117fc
Change-Id: I3ef60fd9386795007e5b55264cc6e91fa0b67c68
In anticipation of puppet 4, start trying to deal with puppet 4 things
that can be helpfully predicted by puppet lint plugins. Also fix errors
caught by the puppet-lint-unquoted_string-check and
puppet-lint-absolute_classname-check gems.
Change-Id: I9d74d25d2f2c95ec52a6db3bf070903240e1b933
The $httpd::vhost::proxy::servername parameter was not being used, and
the local variable $srvname was defaulting to the name of the defined
type. This patch copies the logic from httpd::vhost to conditionally
set $srvname to the $servername parameter if it is set, and default to
the old behavior if not.
Change-Id: I4936be856db1a1af279b7c3824606e2c0375e9a6
This renames the classes and defined types from apache to httpd.
With the 'httpd' module available, we can migrate usage of 'apache'
to 'httpd.' Eventually this will free the 'apache' namespace.
A native ruby type and provider is contained in this class. It is
not namespaced to the class name so it has been renamed from a2mod
to httpd_mod.
Change-Id: I056eb28a13e7ccc95f1496019bedc332c17dd458
Add the rake "lint" target, and fix resulting minor errors, which were:
---
manifests/mod/python.pp - WARNING: class not documented on line 1
manifests/mod/wsgi.pp - WARNING: class not documented on line 1
manifests/vhost.pp - WARNING: variable not enclosed in {} on line 80
manifests/vhost.pp - WARNING: variable not enclosed in {} on line 82
manifests/vhost/redirect.pp - WARNING: variable not enclosed in {} on line 43
manifests/vhost/redirect.pp - WARNING: variable not enclosed in {} on line 45
---
Change-Id: I2213f314d4bf92b4ddf58dbb19a80783380a55ce
Previously users were required to realize rewrite,
headers, and expires on debian systems. This commit
removes the virtual a2mod definition which makes the
three a2mod resources consistent with other operating
systems and other a2mod resources.
Previously apache::mod::python and apache::mod::wsgi used
a case statement to determine which package to install. This
commit moves the package names to the params class and fixes
the syntax errors introduced in commit 2b79e8b when the
selectors were changed to include Scientific Linux.
Previously, commit 8a56ee91 removed local control of the apache::php_package
management in favor of "include php". However, no dependency was added to the
Modulefile and to date the php module referenced in apache::php has not been
released.
This commit reinstates apache local class management of php to the apache::php
class (at least until such time as the puppetlabs-php module is released).
Previously, it was necessary to configure a firewall
entry for every port associated with a vhost.
This commit makes the confuration of firewalls for vhosts
configurable. This configuration option has been added to spare
users from having to configure firewalls if they do not wish
to.
The apache::params::vdir directory depends on the existence of the
httpd package, and trying to include the module may cause an ordering
failure. Added the necessary explicit ordering.
The firewall module deprecated the use of jump => accept, this patch now
changes this parameter to action => accept making it compatible with the
latest release.
This patch adds Scientific Linux to the various case statements so it is
supported. This also fixed the various templates so that the log location
is variable depending on weither the OS is Redhat based or Debian based.
