Support Apache 2.4.3

Apache version 2.4.3 changes the Order Allow,Deny security
configuration options. This patch modifies the input parameters
as well as the vhost templates in order to support it.

Change-Id: I179ffa924fed204c45a08ba19ea4acdc519edda2
This commit is contained in:
Michael Krotscheck 2014-08-13 17:24:59 -07:00
parent fb38fa63b3
commit 05cee0f709
4 changed files with 58 additions and 37 deletions

View File

@ -21,6 +21,7 @@
class storyboard::application ( class storyboard::application (
# Installation parameters # Installation parameters
$install_root = '/var/lib/storyboard',
$www_root = '/var/lib/storyboard/www', $www_root = '/var/lib/storyboard/www',
$server_admin = undef, $server_admin = undef,
$hostname = $::fqdn, $hostname = $::fqdn,
@ -62,10 +63,10 @@ class storyboard::application (
# Create the storyboard configuration directory. # Create the storyboard configuration directory.
file { '/etc/storyboard': file { '/etc/storyboard':
ensure => directory, ensure => directory,
owner => $storyboard::params::user, owner => $storyboard::params::user,
group => $storyboard::params::group, group => $storyboard::params::group,
mode => '0700', mode => '0700',
} }
# Configure the StoryBoard API # Configure the StoryBoard API
@ -105,7 +106,7 @@ class storyboard::application (
} }
# Create the root dir # Create the root dir
file { '/var/lib/storyboard': file { $install_root:
ensure => directory, ensure => directory,
owner => $storyboard::params::user, owner => $storyboard::params::user,
group => $storyboard::params::group, group => $storyboard::params::group,
@ -113,18 +114,18 @@ class storyboard::application (
# Create the log dir # Create the log dir
file { '/var/log/storyboard': file { '/var/log/storyboard':
ensure => directory, ensure => directory,
owner => $storyboard::params::user, owner => $storyboard::params::user,
group => $storyboard::params::group, group => $storyboard::params::group,
} }
# Install the wsgi app # Install the wsgi app
file { '/var/lib/storyboard/storyboard.wsgi': file { "${install_root}/storyboard.wsgi":
source => '/opt/storyboard/storyboard/api/app.wsgi', source => '/opt/storyboard/storyboard/api/app.wsgi',
owner => $storyboard::params::user, owner => $storyboard::params::user,
group => $storyboard::params::group, group => $storyboard::params::group,
require => [ require => [
File['/var/lib/storyboard'], File[$install_root],
Exec['install-storyboard'], Exec['install-storyboard'],
], ],
notify => Service['httpd'], notify => Service['httpd'],
@ -155,17 +156,20 @@ class storyboard::application (
# Copy the downloaded source into the configured www_root # Copy the downloaded source into the configured www_root
file { $www_root: file { $www_root:
ensure => directory, ensure => directory,
owner => $storyboard::params::user, owner => $storyboard::params::user,
group => $storyboard::params::group, group => $storyboard::params::group,
require => Puppi::Netinstall['storyboard-webclient'], require => Puppi::Netinstall['storyboard-webclient'],
source => '/opt/storyboard-webclient/dist', source => '/opt/storyboard-webclient/dist',
recurse => true, recurse => true,
purge => true, purge => true,
force => true, force => true,
notify => Service['httpd'], notify => Service['httpd'],
} }
# Check vhost permission set.
$new_vhost_perms = (versioncmp($::apache::apache_version, '2.4') >= 0)
# Are we setting up TLS or non-TLS? # Are we setting up TLS or non-TLS?
if defined(Class['storyboard::cert']) { if defined(Class['storyboard::cert']) {
# Set up storyboard as HTTPS # Set up storyboard as HTTPS

View File

@ -35,12 +35,12 @@ class storyboard::cert (
if $ssl_cert_file != undef { if $ssl_cert_file != undef {
file { $ssl_cert: file { $ssl_cert:
owner => 'root', owner => 'root',
group => 'ssl-cert', group => 'ssl-cert',
mode => '0640', mode => '0640',
source => $ssl_cert_file, source => $ssl_cert_file,
before => Class['storyboard::application'], before => Class['storyboard::application'],
notify => Class['storyboard::application'], notify => Class['storyboard::application'],
} }
} }
elsif $ssl_cert_content != undef { elsif $ssl_cert_content != undef {
@ -59,12 +59,12 @@ class storyboard::cert (
if $ssl_key_file != undef { if $ssl_key_file != undef {
file { $ssl_key: file { $ssl_key:
owner => 'root', owner => 'root',
group => 'ssl-cert', group => 'ssl-cert',
mode => '0640', mode => '0640',
source => $ssl_key_file, source => $ssl_key_file,
before => Class['storyboard::application'], before => Class['storyboard::application'],
notify => Class['storyboard::application'], notify => Class['storyboard::application'],
} }
} }
elsif $ssl_key_content != undef { elsif $ssl_key_content != undef {
@ -91,12 +91,12 @@ class storyboard::cert (
if $ssl_ca_file != undef { if $ssl_ca_file != undef {
file { $resolved_ssl_ca: file { $resolved_ssl_ca:
owner => 'root', owner => 'root',
group => 'ssl-cert', group => 'ssl-cert',
mode => '0640', mode => '0640',
source => $ssl_ca_file, source => $ssl_ca_file,
before => Class['storyboard::application'], before => Class['storyboard::application'],
notify => Class['storyboard::application'], notify => Class['storyboard::application'],
} }
} }
elsif $ssl_ca_content != undef { elsif $ssl_ca_content != undef {

View File

@ -14,4 +14,12 @@
ErrorLog ${APACHE_LOG_DIR}/storyboard-error.log ErrorLog ${APACHE_LOG_DIR}/storyboard-error.log
CustomLog ${APACHE_LOG_DIR}/storyboard-access.log combined CustomLog ${APACHE_LOG_DIR}/storyboard-access.log combined
<Directory "<%= scope.lookupvar("storyboard::application::install_root") %>">
<% if @new_vhost_perms %>
Require all granted
<% else %>
Order allow,deny
Allow from all
<% end %>
</Directory>
</VirtualHost> </VirtualHost>

View File

@ -50,5 +50,14 @@
WSGIDaemonProcess storyboard user=<%= scope.lookupvar("storyboard::params::user") %> group=<%= scope.lookupvar("storyboard::params::group") %> threads=5 python-path=/usr/local/lib/python2.7/dist-packages WSGIDaemonProcess storyboard user=<%= scope.lookupvar("storyboard::params::user") %> group=<%= scope.lookupvar("storyboard::params::group") %> threads=5 python-path=/usr/local/lib/python2.7/dist-packages
WSGIScriptAlias /api /var/lib/storyboard/storyboard.wsgi WSGIScriptAlias /api /var/lib/storyboard/storyboard.wsgi
WSGIPassAuthorization On WSGIPassAuthorization On
<Directory "<%= scope.lookupvar("storyboard::application::install_root") %>">
<% if @new_vhost_perms %>
Require all granted
<% else %>
Order allow,deny
Allow from all
<% end %>
</Directory>
</VirtualHost> </VirtualHost>
</IfModule> </IfModule>