Support Apache 2.4.3

Apache version 2.4.3 changes the Order Allow,Deny security configuration options. This patch modifies the input parameters as well as the vhost templates in order to support it. Change-Id: I179ffa924fed204c45a08ba19ea4acdc519edda2
2014-08-13 17:24:59 -07:00 · 2014-08-13 17:24:59 -07:00 · 05cee0f709
commit 05cee0f709
parent fb38fa63b3
4 changed files with 58 additions and 37 deletions
--- a/manifests/application.pp
+++ b/manifests/application.pp
@ -21,6 +21,7 @@
 class storyboard::application (

  # Installation parameters
+  $install_root           = '/var/lib/storyboard',
  $www_root               = '/var/lib/storyboard/www',
  $server_admin           = undef,
  $hostname               = $::fqdn,
@ -105,7 +106,7 @@ class storyboard::application (
  }

  # Create the root dir
-  file { '/var/lib/storyboard':
+  file { $install_root:
    ensure => directory,
    owner  => $storyboard::params::user,
    group  => $storyboard::params::group,
@ -119,12 +120,12 @@ class storyboard::application (
  }

  # Install the wsgi app
-  file { '/var/lib/storyboard/storyboard.wsgi':
+  file { "${install_root}/storyboard.wsgi":
    source  => '/opt/storyboard/storyboard/api/app.wsgi',
    owner   => $storyboard::params::user,
    group   => $storyboard::params::group,
    require => [
-      File['/var/lib/storyboard'],
+      File[$install_root],
      Exec['install-storyboard'],
    ],
    notify  => Service['httpd'],
@ -166,6 +167,9 @@ class storyboard::application (
    notify  => Service['httpd'],
  }

+  # Check vhost permission set.
+  $new_vhost_perms = (versioncmp($::apache::apache_version, '2.4') >= 0)
+
  # Are we setting up TLS or non-TLS?
  if defined(Class['storyboard::cert']) {
    # Set up storyboard as HTTPS
--- a/templates/storyboard_http.vhost.erb
+++ b/templates/storyboard_http.vhost.erb
@ -14,4 +14,12 @@
  ErrorLog ${APACHE_LOG_DIR}/storyboard-error.log
  CustomLog ${APACHE_LOG_DIR}/storyboard-access.log combined

+  <Directory "<%= scope.lookupvar("storyboard::application::install_root") %>">
+    <% if @new_vhost_perms %>
+      Require all granted
+    <% else %>
+      Order allow,deny
+      Allow from all
+    <% end %>
+  </Directory>
 </VirtualHost>
--- a/templates/storyboard_https.vhost.erb
+++ b/templates/storyboard_https.vhost.erb
@ -50,5 +50,14 @@
    WSGIDaemonProcess storyboard user=<%= scope.lookupvar("storyboard::params::user") %> group=<%= scope.lookupvar("storyboard::params::group") %> threads=5 python-path=/usr/local/lib/python2.7/dist-packages
    WSGIScriptAlias /api /var/lib/storyboard/storyboard.wsgi
    WSGIPassAuthorization On
+
+    <Directory "<%= scope.lookupvar("storyboard::application::install_root") %>">
+      <% if @new_vhost_perms %>
+        Require all granted
+      <% else %>
+        Order allow,deny
+        Allow from all
+      <% end %>
+    </Directory>
  </VirtualHost>
 </IfModule>