Support Apache 2.4.3

Apache version 2.4.3 changes the Order Allow,Deny security
configuration options. This patch modifies the input parameters
as well as the vhost templates in order to support it.

Change-Id: I179ffa924fed204c45a08ba19ea4acdc519edda2

manifests/application.pp

@@ -21,6 +21,7 @@
 class storyboard::application (
 
   # Installation parameters
+  $install_root           = '/var/lib/storyboard',
   $www_root               = '/var/lib/storyboard/www',
   $server_admin           = undef,
   $hostname               = $::fqdn,
@@ -62,10 +63,10 @@ class storyboard::application (
 
   # Create the storyboard configuration directory.
   file { '/etc/storyboard':
-    ensure  => directory,
-    owner   => $storyboard::params::user,
-    group   => $storyboard::params::group,
-    mode    => '0700',
+    ensure => directory,
+    owner  => $storyboard::params::user,
+    group  => $storyboard::params::group,
+    mode   => '0700',
   }
 
   # Configure the StoryBoard API
@@ -105,7 +106,7 @@ class storyboard::application (
   }
 
   # Create the root dir
-  file { '/var/lib/storyboard':
+  file { $install_root:
     ensure => directory,
     owner  => $storyboard::params::user,
     group  => $storyboard::params::group,
@@ -113,18 +114,18 @@ class storyboard::application (
 
   # Create the log dir
   file { '/var/log/storyboard':
-    ensure  => directory,
-    owner   => $storyboard::params::user,
-    group   => $storyboard::params::group,
+    ensure => directory,
+    owner  => $storyboard::params::user,
+    group  => $storyboard::params::group,
   }
 
   # Install the wsgi app
-  file { '/var/lib/storyboard/storyboard.wsgi':
+  file { "${install_root}/storyboard.wsgi":
     source  => '/opt/storyboard/storyboard/api/app.wsgi',
     owner   => $storyboard::params::user,
     group   => $storyboard::params::group,
     require => [
-      File['/var/lib/storyboard'],
+      File[$install_root],
       Exec['install-storyboard'],
     ],
     notify  => Service['httpd'],
@@ -155,17 +156,20 @@ class storyboard::application (
 
   # Copy the downloaded source into the configured www_root
   file { $www_root:
-    ensure      => directory,
-    owner       => $storyboard::params::user,
-    group       => $storyboard::params::group,
-    require     => Puppi::Netinstall['storyboard-webclient'],
-    source      => '/opt/storyboard-webclient/dist',
-    recurse     => true,
-    purge       => true,
-    force       => true,
-    notify      => Service['httpd'],
+    ensure  => directory,
+    owner   => $storyboard::params::user,
+    group   => $storyboard::params::group,
+    require => Puppi::Netinstall['storyboard-webclient'],
+    source  => '/opt/storyboard-webclient/dist',
+    recurse => true,
+    purge   => true,
+    force   => true,
+    notify  => Service['httpd'],
   }
 
+  # Check vhost permission set.
+  $new_vhost_perms = (versioncmp($::apache::apache_version, '2.4') >= 0)
+
   # Are we setting up TLS or non-TLS?
   if defined(Class['storyboard::cert']) {
     # Set up storyboard as HTTPS

manifests/cert.pp

@@ -35,12 +35,12 @@ class storyboard::cert (
 
   if $ssl_cert_file != undef {
     file { $ssl_cert:
-      owner   => 'root',
-      group   => 'ssl-cert',
-      mode    => '0640',
-      source  => $ssl_cert_file,
-      before  => Class['storyboard::application'],
-      notify  => Class['storyboard::application'],
+      owner  => 'root',
+      group  => 'ssl-cert',
+      mode   => '0640',
+      source => $ssl_cert_file,
+      before => Class['storyboard::application'],
+      notify => Class['storyboard::application'],
     }
   }
   elsif $ssl_cert_content != undef {
@@ -59,12 +59,12 @@ class storyboard::cert (
 
   if $ssl_key_file != undef {
     file { $ssl_key:
-      owner   => 'root',
-      group   => 'ssl-cert',
-      mode    => '0640',
-      source  => $ssl_key_file,
-      before  => Class['storyboard::application'],
-      notify  => Class['storyboard::application'],
+      owner  => 'root',
+      group  => 'ssl-cert',
+      mode   => '0640',
+      source => $ssl_key_file,
+      before => Class['storyboard::application'],
+      notify => Class['storyboard::application'],
     }
   }
   elsif $ssl_key_content != undef {
@@ -91,12 +91,12 @@ class storyboard::cert (
 
   if $ssl_ca_file != undef {
     file { $resolved_ssl_ca:
-      owner   => 'root',
-      group   => 'ssl-cert',
-      mode    => '0640',
-      source  => $ssl_ca_file,
-      before  => Class['storyboard::application'],
-      notify  => Class['storyboard::application'],
+      owner  => 'root',
+      group  => 'ssl-cert',
+      mode   => '0640',
+      source => $ssl_ca_file,
+      before => Class['storyboard::application'],
+      notify => Class['storyboard::application'],
     }
   }
   elsif $ssl_ca_content != undef {

templates/storyboard_http.vhost.erb

@@ -14,4 +14,12 @@
   ErrorLog ${APACHE_LOG_DIR}/storyboard-error.log
   CustomLog ${APACHE_LOG_DIR}/storyboard-access.log combined
 
+  <Directory "<%= scope.lookupvar("storyboard::application::install_root") %>">
+    <% if @new_vhost_perms %>
+      Require all granted
+    <% else %>
+      Order allow,deny
+      Allow from all
+    <% end %>
+  </Directory>
 </VirtualHost>

templates/storyboard_https.vhost.erb

@@ -50,5 +50,14 @@
     WSGIDaemonProcess storyboard user=<%= scope.lookupvar("storyboard::params::user") %> group=<%= scope.lookupvar("storyboard::params::group") %> threads=5 python-path=/usr/local/lib/python2.7/dist-packages
     WSGIScriptAlias /api /var/lib/storyboard/storyboard.wsgi
     WSGIPassAuthorization On
+
+    <Directory "<%= scope.lookupvar("storyboard::application::install_root") %>">
+      <% if @new_vhost_perms %>
+        Require all granted
+      <% else %>
+        Order allow,deny
+        Allow from all
+      <% end %>
+    </Directory>
   </VirtualHost>
 </IfModule>