opendev/puppet-storyboard
Code Issues Proposed changes

Support Apache 2.4.3

Browse Source 
Apache version 2.4.3 changes the Order Allow,Deny security
configuration options. This patch modifies the input parameters
as well as the vhost templates in order to support it.

Change-Id: I179ffa924fed204c45a08ba19ea4acdc519edda2
This commit is contained in:
Michael Krotscheck 2014-08-13 17:24:59 -07:00
parent fb38fa63b3
commit 05cee0f709
4 changed files with 58 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
manifests/application.pp
View File

@ -21,6 +21,7 @@
class storyboard::application ( class storyboard::application (
# Installation parameters # Installation parameters
$install_root = '/var/lib/storyboard',
$www_root = '/var/lib/storyboard/www', $www_root = '/var/lib/storyboard/www',
$server_admin = undef, $server_admin = undef,
$hostname = $::fqdn, $hostname = $::fqdn,
@ -105,7 +106,7 @@ class storyboard::application (
} }
# Create the root dir # Create the root dir
file { '/var/lib/storyboard': file { $install_root:
ensure => directory, ensure => directory,
owner => $storyboard::params::user, owner => $storyboard::params::user,
group => $storyboard::params::group, group => $storyboard::params::group,
@ -119,12 +120,12 @@ class storyboard::application (
} }
# Install the wsgi app # Install the wsgi app
file { '/var/lib/storyboard/storyboard.wsgi': file { "${install_root}/storyboard.wsgi":
source => '/opt/storyboard/storyboard/api/app.wsgi', source => '/opt/storyboard/storyboard/api/app.wsgi',
owner => $storyboard::params::user, owner => $storyboard::params::user,
group => $storyboard::params::group, group => $storyboard::params::group,
require => [ require => [
File['/var/lib/storyboard'], File[$install_root],
Exec['install-storyboard'], Exec['install-storyboard'],
], ],
notify => Service['httpd'], notify => Service['httpd'],
@ -166,6 +167,9 @@ class storyboard::application (
notify => Service['httpd'], notify => Service['httpd'],
} }
# Check vhost permission set.
$new_vhost_perms = (versioncmp($::apache::apache_version, '2.4') >= 0)
# Are we setting up TLS or non-TLS? # Are we setting up TLS or non-TLS?
if defined(Class['storyboard::cert']) { if defined(Class['storyboard::cert']) {
# Set up storyboard as HTTPS # Set up storyboard as HTTPS

8
templates/storyboard_http.vhost.erb
View File

@ -14,4 +14,12 @@
ErrorLog ${APACHE_LOG_DIR}/storyboard-error.log ErrorLog ${APACHE_LOG_DIR}/storyboard-error.log
CustomLog ${APACHE_LOG_DIR}/storyboard-access.log combined CustomLog ${APACHE_LOG_DIR}/storyboard-access.log combined
<Directory "<%= scope.lookupvar("storyboard::application::install_root") %>">
<% if @new_vhost_perms %>
Require all granted
<% else %>
Order allow,deny
Allow from all
<% end %>
</Directory>
</VirtualHost> </VirtualHost>

9
templates/storyboard_https.vhost.erb
View File

@ -50,5 +50,14 @@
WSGIDaemonProcess storyboard user=<%= scope.lookupvar("storyboard::params::user") %> group=<%= scope.lookupvar("storyboard::params::group") %> threads=5 python-path=/usr/local/lib/python2.7/dist-packages WSGIDaemonProcess storyboard user=<%= scope.lookupvar("storyboard::params::user") %> group=<%= scope.lookupvar("storyboard::params::group") %> threads=5 python-path=/usr/local/lib/python2.7/dist-packages
WSGIScriptAlias /api /var/lib/storyboard/storyboard.wsgi WSGIScriptAlias /api /var/lib/storyboard/storyboard.wsgi
WSGIPassAuthorization On WSGIPassAuthorization On
<Directory "<%= scope.lookupvar("storyboard::application::install_root") %>">
<% if @new_vhost_perms %>
Require all granted
<% else %>
Order allow,deny
Allow from all
<% end %>
</Directory>
</VirtualHost> </VirtualHost>
</IfModule> </IfModule>