We are reverting as this breaks our gitXX.o.o servers, which are centos-7. EG:
(/Stage[main]/Cgit/Httpd::Vhost[git.openstack.org]/Exec[update_context_MEANINGLESS ARGUMENT]/returns) chcon: cannot access ‘MEANINGLESS’: No such file or directory
This reverts commit 10844f7c9e84d1640039e1c6d73930b9b599c304.
Change-Id: I06435e6203bd8770bc6a817d3f0b33a05d84bdf6
When running on CentOS, two problems appeared:
- when using proxy, apache was failing with an error 500,
fixed by enabling httpd_can_network_connect
- when trying to access files under a vhost, apache was
failing with Access denied because search permissions
are missing. So running chcon on the docroot for each vhost
Change-Id: I87c4c0e51f05eab8f5c8e094c2c54504e60b97af
Order and intendation of those parameters are changed
to follow Puppet Style Guide recommendation [0].
Moreover, it will allow to an user to find much faster
a variable in a list of variables.
[0]. https://docs.puppetlabs.com/guides/style_guide.html
Change-Id: If2443cbc57671784cfcb31bbe0ada0c09f78c996
Infra doesn't really use this template, but in case someone else does,
update the protocol to only use TLS and update the cipher list to the
list of strong ciphers.
Change-Id: Ibd8a0e65800e022ab8bc52f6af63c3c85e84419d
Enable Server Name Indication (SNI) on Ubuntu 12.04 LTS which runs
Apache 2.2. This allows running multiple HTTPS sites from one IP
address/TCP port when SubjectAltNames are specified in the
certificate, but MSIE on WinXP does not support this extension and
so will cease working for HTTPS sites managed by this module. Note
that this behavior is already implicit on Apache 2.4 based platforms
(such as Ubuntu 14.04 LTS).
Change-Id: I05c8e335f68d9461d8d81a3d12343d1920a738d4
We recently introduced on bf7ce40e2fe7e28dab11ee2fb0ae26a50b5fa8bd the
use of mod_version. The module is enabled and installed by default on
Ubuntu Trusty 14.04, CentOS 6 and CentOS 7.
On Ubuntu Precise 12.04 the module comes installed, but not enabled by
default. This is needed to maintain compatibility with downstream pool
of servers.
Change-Id: I01a8a12b959e3cbecd0355562db0393404ae54bf
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
Apache's configuration for access control has changed on 2.4. To allow
access to served directories we need to include the new directive
"Require grant all".
We scoped the configuration to only be applied on Apache 2.4. More
information can be viewed on the Apache's upgrade document[1].
The tests were changed to ensure that the configuration is working
without any extra override, as the extra test vhost is on a custom
directory that requires the template to grant access to it.
[1] http://httpd.apache.org/docs/trunk/upgrading.html
Change-Id: I898ca049c5b3592cb70ad8c22eba8d4c681f3b22
Co-Authored-By: Bruno Tavares <btavare@thoughtworks.com>
While working on puppet-lodgeit acceptance tests we found that the
configuration file that `httpd::mod::proxy` creates was not being picked
up by Apache because it was missing the prefix `.conf`. This transition
is required to configure httpd modules correctly on Apache >= 2.4
To prevent Apache from loading two the same configuration twice, we
remove the file without extension, so this change does not affect
running systems.
This change has fixes for `httpd::mod::proxy` and `httpd::mod::redirect`
as they have the same issue. We added tests as well to increase the
confidence on the fix.
The acceptance will be fixed on the follow-up patch, as the redirect
grants are broken for 2.4 as well.
Change-Id: I82241038d687316f91f18209fe8323c12422e2f8
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
According to
https://docs.puppetlabs.com/puppet/3.8/reference/lang_datatypes.html
there is no way to end a single-quoted string with a literal
backslash, so fold this content into the preceding double-quoted
string in an effort to satisfy the linter as well.
Change-Id: Ic639cd2fc1c7953cbf4311ce7c958f9bdb61e31b
If any locations are being excluded from reverse-proxying, we need
to be able to specify a DocumentRoot to serve up un-proxied files.
Change-Id: I1c5fe6f73b5983886578975e89c5e4148b506795
A user of httpd::vhost::proxy may wish to exclude certain URLs from
being proxied. This change allows the template to be populated with
such exclusions.
Change-Id: I55a86d3c703a667daf55cb75cf559eb23a556219
CentOS 7 has offically deprecated mod_python in favor of mod_wsgi and
the package is not available anymore. This change add a note on the
module about the offically supported way to run python applications on
CentOS 7.
Change-Id: I9bf2e0dde6575f50db6ce12abf896b5890b42419
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
Add acceptance tests for puppet-httpd module so that once the module is
applied we check if files were created, packages were installed and
services were started.
Change-Id: I3e1430f2937bd2bc5ea789c626784af7d5d85959
Co-Authored-By: Bruno Tavares <btavare@thoughtworks.com>
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
Replace usage of httpd_mod with the httpd::mod wrapper to allow classes
to be applied as well on RedHat systems and have the httpd service
ordering fixed.
Change-Id: If790efd7b465e77c2eca7710f79e563d69ee3783
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
While writing acceptance tests for puppet-httpd we noticed that the
manifest of httpd::python is not working on Ubuntu Trusty.
The httpd::python manifest was using a non-declared
$apache::params::mod_python_package instead of
$httpd::params::mod_python_package
Change-Id: I4db9298aba7da90a017527b2fb29dcd17af28efc
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
While writing acceptance tests for puppet-httpd we noticed that the
manifest of httpd::dev was not working on Ubuntu Trusty.
That is because httpd::dev was trying to install multiple package using
the wrong syntax. Also, the one of the modules for Ubuntu was wrong and
we updated to keep applying.
Co-Authored-By: Bruno Tavares <btavare@thoughtworks.com>
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
Change-Id: Ibe1e107417b4670902f74b8c2fedc0d9d927ce9b
This allows for before => Service['httpd'] on every resource without
being explicit.
Co-Authored-By: Bruno Tavares <btavare@thoughtworks.com>
Co-Authored-By: Glauco Oliveira <gvinici@thoughtworks.com>
Change-Id: I0e991a7a63317e608cc6ef35b58dc79b518ba863
Use same target directory for zuul-cloner and
the regular git command.
Change-Id: Ia93972eb910cbff202820151a0407d36b3317dc4
Co-Authored-By: Fabien Boucher <fabien.boucher@enovance.com>
Adding this subclass to httpd configuration, to allow
modules using this manifest to setup log rotation for
apache on demand.
Please note that apache is installing a logrotate file by
default here, but naming that on same way will overwrite it,
and allow our desired log rotation.
Depends-On: I7451ecc550b50b85c55784ef598f6b45412117fc
Change-Id: I3ef60fd9386795007e5b55264cc6e91fa0b67c68
$configure_firewall defaults to true, however the related firewall
dependency is missing from the module metadata. The lower bound
used here reflects that of puppetlabs-apache v0.0.4, the upper bound is
the current release.
Change-Id: Ic628fcacf11a65786241047f58839544e3d1fc52
In anticipation of puppet 4, start trying to deal with puppet 4 things
that can be helpfully predicted by puppet lint plugins. Also fix errors
caught by the puppet-lint-unquoted_string-check and
puppet-lint-absolute_classname-check gems.
Change-Id: I9d74d25d2f2c95ec52a6db3bf070903240e1b933
The $httpd::vhost::proxy::servername parameter was not being used, and
the local variable $srvname was defaulting to the name of the defined
type. This patch copies the logic from httpd::vhost to conditionally
set $srvname to the $servername parameter if it is set, and default to
the old behavior if not.
Change-Id: I4936be856db1a1af279b7c3824606e2c0375e9a6
The http://ci.openstack.org/ documentation site has been deprecated,
replaced by redirects to corresponding paths within
http://docs.openstack.org/infra/ where other Project Infrastructure
documentation already resides.
Change-Id: I98d5d0f062520f423f041605de7572c8e3d73511
We want to drive version from git tag. That means the git repo doesn't hold
version number. So we'll set version to 0.0.0 in git and anyone using the repo
from git will know they are doing something funky and will have to ask git
what version they are running.
Change-Id: Iea80c34d4b87a2a4f89ee5429aa1714cee481c11
These tests don't work and we don't run them. We can return to
testing using rspec-puppet at a future time.
Change-Id: I0cdd922e329358c1921335d92c5261f001019713
This renames the classes and defined types from apache to httpd.
With the 'httpd' module available, we can migrate usage of 'apache'
to 'httpd.' Eventually this will free the 'apache' namespace.
A native ruby type and provider is contained in this class. It is
not namespaced to the class name so it has been renamed from a2mod
to httpd_mod.
Change-Id: I056eb28a13e7ccc95f1496019bedc332c17dd458
The content of this project is Apache 2 licensed, but we should
include a standard LICENSE file just to be clear about that.
Change-Id: Iee6320b9d7e35fbe8d3b0a9794f3e485c18ef2c8
