diff --git a/manifests/application.pp b/manifests/application.pp
index 5e354ee..465f7ec 100644
--- a/manifests/application.pp
+++ b/manifests/application.pp
@@ -21,6 +21,7 @@
class storyboard::application (
# Installation parameters
+ $install_root = '/var/lib/storyboard',
$www_root = '/var/lib/storyboard/www',
$server_admin = undef,
$hostname = $::fqdn,
@@ -62,10 +63,10 @@ class storyboard::application (
# Create the storyboard configuration directory.
file { '/etc/storyboard':
- ensure => directory,
- owner => $storyboard::params::user,
- group => $storyboard::params::group,
- mode => '0700',
+ ensure => directory,
+ owner => $storyboard::params::user,
+ group => $storyboard::params::group,
+ mode => '0700',
}
# Configure the StoryBoard API
@@ -105,7 +106,7 @@ class storyboard::application (
}
# Create the root dir
- file { '/var/lib/storyboard':
+ file { $install_root:
ensure => directory,
owner => $storyboard::params::user,
group => $storyboard::params::group,
@@ -113,18 +114,18 @@ class storyboard::application (
# Create the log dir
file { '/var/log/storyboard':
- ensure => directory,
- owner => $storyboard::params::user,
- group => $storyboard::params::group,
+ ensure => directory,
+ owner => $storyboard::params::user,
+ group => $storyboard::params::group,
}
# Install the wsgi app
- file { '/var/lib/storyboard/storyboard.wsgi':
+ file { "${install_root}/storyboard.wsgi":
source => '/opt/storyboard/storyboard/api/app.wsgi',
owner => $storyboard::params::user,
group => $storyboard::params::group,
require => [
- File['/var/lib/storyboard'],
+ File[$install_root],
Exec['install-storyboard'],
],
notify => Service['httpd'],
@@ -155,17 +156,20 @@ class storyboard::application (
# Copy the downloaded source into the configured www_root
file { $www_root:
- ensure => directory,
- owner => $storyboard::params::user,
- group => $storyboard::params::group,
- require => Puppi::Netinstall['storyboard-webclient'],
- source => '/opt/storyboard-webclient/dist',
- recurse => true,
- purge => true,
- force => true,
- notify => Service['httpd'],
+ ensure => directory,
+ owner => $storyboard::params::user,
+ group => $storyboard::params::group,
+ require => Puppi::Netinstall['storyboard-webclient'],
+ source => '/opt/storyboard-webclient/dist',
+ recurse => true,
+ purge => true,
+ force => true,
+ notify => Service['httpd'],
}
+ # Check vhost permission set.
+ $new_vhost_perms = (versioncmp($::apache::apache_version, '2.4') >= 0)
+
# Are we setting up TLS or non-TLS?
if defined(Class['storyboard::cert']) {
# Set up storyboard as HTTPS
diff --git a/manifests/cert.pp b/manifests/cert.pp
index 4754b5b..f669283 100644
--- a/manifests/cert.pp
+++ b/manifests/cert.pp
@@ -35,12 +35,12 @@ class storyboard::cert (
if $ssl_cert_file != undef {
file { $ssl_cert:
- owner => 'root',
- group => 'ssl-cert',
- mode => '0640',
- source => $ssl_cert_file,
- before => Class['storyboard::application'],
- notify => Class['storyboard::application'],
+ owner => 'root',
+ group => 'ssl-cert',
+ mode => '0640',
+ source => $ssl_cert_file,
+ before => Class['storyboard::application'],
+ notify => Class['storyboard::application'],
}
}
elsif $ssl_cert_content != undef {
@@ -59,12 +59,12 @@ class storyboard::cert (
if $ssl_key_file != undef {
file { $ssl_key:
- owner => 'root',
- group => 'ssl-cert',
- mode => '0640',
- source => $ssl_key_file,
- before => Class['storyboard::application'],
- notify => Class['storyboard::application'],
+ owner => 'root',
+ group => 'ssl-cert',
+ mode => '0640',
+ source => $ssl_key_file,
+ before => Class['storyboard::application'],
+ notify => Class['storyboard::application'],
}
}
elsif $ssl_key_content != undef {
@@ -91,12 +91,12 @@ class storyboard::cert (
if $ssl_ca_file != undef {
file { $resolved_ssl_ca:
- owner => 'root',
- group => 'ssl-cert',
- mode => '0640',
- source => $ssl_ca_file,
- before => Class['storyboard::application'],
- notify => Class['storyboard::application'],
+ owner => 'root',
+ group => 'ssl-cert',
+ mode => '0640',
+ source => $ssl_ca_file,
+ before => Class['storyboard::application'],
+ notify => Class['storyboard::application'],
}
}
elsif $ssl_ca_content != undef {
diff --git a/templates/storyboard_http.vhost.erb b/templates/storyboard_http.vhost.erb
index d4c8923..9f9f638 100644
--- a/templates/storyboard_http.vhost.erb
+++ b/templates/storyboard_http.vhost.erb
@@ -14,4 +14,12 @@
ErrorLog ${APACHE_LOG_DIR}/storyboard-error.log
CustomLog ${APACHE_LOG_DIR}/storyboard-access.log combined
+ ">
+ <% if @new_vhost_perms %>
+ Require all granted
+ <% else %>
+ Order allow,deny
+ Allow from all
+ <% end %>
+
\ No newline at end of file
diff --git a/templates/storyboard_https.vhost.erb b/templates/storyboard_https.vhost.erb
index 5e9e793..4e3918d 100644
--- a/templates/storyboard_https.vhost.erb
+++ b/templates/storyboard_https.vhost.erb
@@ -50,5 +50,14 @@
WSGIDaemonProcess storyboard user=<%= scope.lookupvar("storyboard::params::user") %> group=<%= scope.lookupvar("storyboard::params::group") %> threads=5 python-path=/usr/local/lib/python2.7/dist-packages
WSGIScriptAlias /api /var/lib/storyboard/storyboard.wsgi
WSGIPassAuthorization On
+
+ ">
+ <% if @new_vhost_perms %>
+ Require all granted
+ <% else %>
+ Order allow,deny
+ Allow from all
+ <% end %>
+