openstack/fuel-library
Code Issues Proposed changes

Add new module 'apache'

Browse Source 
'apache' module is needed by 'horizon' 4.1.0

173967ab8dd21a93d6f2b47ff2641d0092f729b1 v 1.2.0

Fuel-CI: disable
Partial blueprint: merge-openstack-puppet-modules

Change-Id: I0f5ff2fafe058c0263c2ace4bc0ce8f7828d3be0
This commit is contained in:
Aleksandr Didenko 2014-11-04 13:29:35 +02:00
parent 5fc3493ad6
commit 0b60cdd6a1
278 changed files with 17821 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
deployment/puppet/apache/.fixtures.yml Normal file
View File

@ -0,0 +1,6 @@
fixtures:
repositories:
stdlib: "git://github.com/puppetlabs/puppetlabs-stdlib.git"
concat: "git://github.com/puppetlabs/puppetlabs-concat.git"
symlinks:
apache: "#{source_dir}"

7
deployment/puppet/apache/.gitignore vendored Normal file
View File

@ -0,0 +1,7 @@
pkg/
Gemfile.lock
vendor/
spec/fixtures/
.vagrant/
.bundle/
coverage/

31
deployment/puppet/apache/.nodeset.yml Normal file
View File

@ -0,0 +1,31 @@
---
default_set: 'centos-64-x64'
sets:
'centos-59-x64':
nodes:
"main.foo.vm":
prefab: 'centos-59-x64'
'centos-64-x64':
nodes:
"main.foo.vm":
prefab: 'centos-64-x64'
'fedora-18-x64':
nodes:
"main.foo.vm":
prefab: 'fedora-18-x64'
'debian-607-x64':
nodes:
"main.foo.vm":
prefab: 'debian-607-x64'
'debian-70rc1-x64':
nodes:
"main.foo.vm":
prefab: 'debian-70rc1-x64'
'ubuntu-server-10044-x64':
nodes:
"main.foo.vm":
prefab: 'ubuntu-server-10044-x64'
'ubuntu-server-12042-x64':
nodes:
"main.foo.vm":
prefab: 'ubuntu-server-12042-x64'

5
deployment/puppet/apache/.puppet-lint.rc Normal file
View File

@ -0,0 +1,5 @@
--relative
--no-single_quote_string_with_variables-check
--no-80chars-check
--no-class_inherits_from_params_class-check
--no-documentation-check

12
deployment/puppet/apache/.sync.yml Normal file
View File

@ -0,0 +1,12 @@
---
.travis.yml:
extras:
- rvm: 1.9.3
env: PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes"
- rvm: 2.0.0
env: PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes"
Rakefile:
extra_disabled_lint_checks:
- 'disable_only_variable_string'
spec/spec_helper.rb:
unmanaged: true

21
deployment/puppet/apache/.travis.yml Normal file
View File

@ -0,0 +1,21 @@
---
language: ruby
bundler_args: --without development
script: "bundle exec rake validate && bundle exec rake lint && bundle exec rake spec SPEC_OPTS='--format documentation'"
matrix:
fast_finish: true
include:
- rvm: 1.8.7
env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.6.0"
- rvm: 1.8.7
env: PUPPET_GEM_VERSION="~> 2.7.0" FACTER_GEM_VERSION="~> 1.7.0"
- rvm: 1.9.3
env: PUPPET_GEM_VERSION="~> 3.0"
- rvm: 2.0.0
env: PUPPET_GEM_VERSION="~> 3.0"
- rvm: 1.9.3
env: PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes"
- rvm: 2.0.0
env: PUPPET_GEM_VERSION="~> 3.5.0" STRICT_VARIABLES="yes"
notifications:
email: false

390
deployment/puppet/apache/CHANGELOG.md Normal file
View File

@ -0,0 +1,390 @@
##2014-09-30 - Supported Release 1.2.0
###Summary
This release features many improvements and bugfixes, including several new defines, a reworking of apache::vhost for more extensibility, and many new parameters for more customization. This release also includes improved support for strict variables and the future parser.
####Features
- Convert apache::vhost to use concat for easier extensions
- Test improvements
- Synchronize files with modulesync
- Strict variable and future parser support
- Added apache::custom_config defined type to allow validation of configs before they are created
- Added bool2httpd function to convert true/false to apache 'On' and 'Off'. Intended for internal use in the module.
- Improved SCL support
- allow overriding of the mod_ssl package name
- Add support for reverse_urls/ProxyPassReverse in apache::vhost
- Add satisfy directive in apache::vhost::directories
- Add apache::fastcgi::server defined type
- New parameters - apache
- allow_encoded_slashes
- apache_name
- conf_dir
- default_ssl_crl_check
- docroot
- logroot_mode
- purge_vhost_dir
- New parameters - apache::vhost
- add_default_charset
- allow_encoded_slashes
- logroot_ensure
- logroot_mode
- manage_docroot
- passenger_app_root
- passenger_min_instances
- passenger_pre_start
- passenger_ruby
- passenger_start_timeout
- proxy_preserve_host
- redirectmatch_dest
- ssl_crl_check
- wsgi_chunked_request
- wsgi_pass_authorization
- Add support for ScriptAlias and ScriptAliasMatch in the apache::vhost::aliases parameter
- Add support for rewrites in the apache::vhost::directories parameter
- If the service_ensure parameter in apache::service is set to anything other than true, false, running, or stopped, ensure will not be passed to the service resource, allowing for the service to not be managed by puppet
- Turn of SSLv3 by default
- Improvements to apache::mod*
- Add restrict_access parameter to apache::mod::info
- Add force_language_priority and language_priority parameters to apache::mod::negotiation
- Add threadlimit parameter to apache::mod::worker
- Add content, template, and source parameters to apache::mod::php
- Add mod_authz_svn support via the authz_svn_enabled parameter in apache::mod::dav_svn
- Add loadfile_name parameter to apache::mod
- Add apache::mod::deflate class
- Add options parameter to apache::mod::fcgid
- Add timeouts parameter to apache::mod::reqtimeout
- Add apache::mod::shib
- Add apache_version parameter to apache::mod::ldap
- Add magic_file parameter to apache::mod::mime_magic
- Add apache_version parameter to apache::mod::pagespeed
- Add passenger_default_ruby parameter to apache::mod::passenger
- Add content, template, and source parameters to apache::mod::php
- Add apache_version parameter to apache::mod::proxy
- Add loadfiles parameter to apache::mod::proxy_html
- Add ssl_protocol and package_name parameters to apache::mod::ssl
- Add apache_version parameter to apache::mod::status
- Add apache_version parameter to apache::mod::userdir
- Add apache::mod::version class
####Bugfixes
- Set osfamily defaults for wsgi_socket_prefix
- Support multiple balancermembers with the same url
- Validate apache::vhost::custom_fragment
- Add support for itk with mod_php
- Allow apache::vhost::ssl_certs_dir to not be set
- Improved passenger support for Debian
- Improved 2.4 support without mod_access_compat
- Support for more than one 'Allow from'-directive in _directories.erb
- Don't load systemd on Amazon linux based on CentOS6 with apache 2.4
- Fix missing newline in ModPagespeed filter and memcached servers directive
- Use interpolated strings instead of numbers where required by future parser
- Make auth_require take precedence over default with apache 2.4
- Lint fixes
- Set default for php_admin_flags and php_admin_values to be empty hash instead of empty array
- Correct typo in mod::pagespeed
- spec_helper fixes
- Install mod packages before dealing with the configuration
- Use absolute scope to check class definition in apache::mod::php
- Fix dependency loop in apache::vhost
- Properly scope variables in the inline template in apache::balancer
- Documentation clarification, typos, and formatting
- Set apache::mod::ssl::ssl_mutex to default for debian on apache >= 2.4
- Strict variables fixes
- Add authn_core mode to Ubuntu trusty defaults
- Keep default loadfile for authz_svn on Debian
- Remove '.conf' from the site-include regexp for better Ubuntu/Debian support
- Load unixd before fcgid for EL7
- Fix RedirectMatch rules
- Fix misleading error message in apache::version
####Known Bugs
* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`.
* SLES is unsupported.
##2014-07-15 - Supported Release 1.1.1
###Summary
This release merely updates metadata.json so the module can be uninstalled and
upgraded via the puppet module command.
## 2014-04-14 Supported Release 1.1.0
###Summary
This release primarily focuses on extending the httpd 2.4 support, tested
through adding RHEL7 and Ubuntu 14.04 support. It also includes Passenger
4 support, as well as several new modules and important bugfixes.
####Features
- Add support for RHEL7 and Ubuntu 14.04
- More complete apache24 support
- Passenger 4 support
- Add support for max_keepalive_requests and log_formats parameters
- Add mod_pagespeed support
- Add mod_speling support
- Added several parameters for mod_passenger
- Added ssl_cipher parameter to apache::mod::ssl
- Improved examples in documentation
- Added docroot_mode, action, and suexec_user_group parameters to apache::vhost
- Add support for custom extensions for mod_php
- Improve proxy_html support for Debian
####Bugfixes
- Remove NameVirtualHost directive for apache >= 2.4
- Order proxy_set option so it doesn't change between runs
- Fix inverted SSL compression
- Fix missing ensure on concat::fragment resources
- Fix bad dependencies in apache::mod and apache::mod::mime
####Known Bugs
* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`.
* SLES is unsupported.
## 2014-03-04 Supported Release 1.0.1
###Summary
This is a supported release. This release removes a testing symlink that can
cause trouble on systems where /var is on a seperate filesystem from the
modulepath.
####Features
####Bugfixes
####Known Bugs
* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`.
* SLES is unsupported.
## 2014-03-04 Supported Release 1.0.0
###Summary
This is a supported release. This release introduces Apache 2.4 support for
Debian and RHEL based osfamilies.
####Features
- Add apache24 support
- Add rewrite_base functionality to rewrites
- Updated README documentation
- Add WSGIApplicationGroup and WSGIImportScript directives
####Bugfixes
- Replace mutating hashes with merge() for Puppet 3.5
- Fix WSGI import_script and mod_ssl issues on Lucid
####Known Bugs
* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`.
* SLES is unsupported.
---
## 2014-01-31 Release 0.11.0
### Summary:
This release adds preliminary support for Windows compatibility and multiple rewrite support.
#### Backwards-incompatible Changes:
- The rewrite_rule parameter is deprecated in favor of the new rewrite parameter
and will be removed in a future release.
#### Features:
- add Match directive
- quote paths for windows compatibility
- add auth_group_file option to README.md
- allow AuthGroupFile directive for vhosts
- Support Header directives in vhost context
- Don't purge mods-available dir when separate enable dir is used
- Fix the servername used in log file name
- Added support for mod_include
- Remove index parameters.
- Support environment variable control for CustomLog
- added redirectmatch support
- Setting up the ability to do multiple rewrites and conditions.
- Convert spec tests to beaker.
- Support php_admin_(flag|value)s
#### Bugfixes:
- directories are either a Hash or an Array of Hashes
- Configure Passenger in separate .conf file on RH so PassengerRoot isn't lost
- (docs) Update list of `apache::mod::[name]` classes
- (docs) Fix apache::namevirtualhost example call style
- Fix $ports_file reference in apache::listen.
- Fix $ports_file reference in Namevirtualhost.
## 2013-12-05 Release 0.10.0
### Summary:
This release adds FreeBSD osfamily support and various other improvements to some mods.
#### Features:
- Add suPHP_UserGroup directive to directory context
- Add support for ScriptAliasMatch directives
- Set SSLOptions StdEnvVars in server context
- No implicit <Directory> entry for ScriptAlias path
- Add support for overriding ErrorDocument
- Add support for AliasMatch directives
- Disable default "allow from all" in vhost-directories
- Add WSGIPythonPath as an optional parameter to mod_wsgi.
- Add mod_rpaf support
- Add directives: IndexOptions, IndexOrderDefault
- Add ability to include additional external configurations in vhost
- need to use the provider variable not the provider key value from the directory hash for matches
- Support for FreeBSD and few other features
- Add new params to apache::mod::mime class
- Allow apache::mod to specify module id and path
- added $server_root parameter
- Add Allow and ExtendedStatus support to mod_status
- Expand vhost/_directories.pp directive support
- Add initial support for nss module (no directives in vhost template yet)
- added peruser and event mpms
- added $service_name parameter
- add parameter for TraceEnable
- Make LogLevel configurable for server and vhost
- Add documentation about $ip
- Add ability to pass ip (instead of wildcard) in default vhost files
#### Bugfixes:
- Don't listen on port or set NameVirtualHost for non-existent vhost
- only apply Directory defaults when provider is a directory
- Working mod_authnz_ldap support on Debian/Ubuntu
## 2013-09-06 Release 0.9.0
### Summary:
This release adds more parameters to the base apache class and apache defined
resource to make the module more flexible. It also adds or enhances SuPHP,
WSGI, and Passenger mod support, and support for the ITK mpm module.
#### Backwards-incompatible Changes:
- Remove many default mods that are not normally needed.
- Remove `rewrite_base` `apache::vhost` parameter; did not work anyway.
- Specify dependencies on stdlib >=2.4.0 (this was already the case, but
making explicit)
- Deprecate `a2mod` in favor of the `apache::mod::*` classes and `apache::mod`
defined resource.
#### Features:
- `apache` class
- Add `httpd_dir` parameter to change the location of the configuration
files.
- Add `logroot` parameter to change the logroot
- Add `ports_file` parameter to changes the `ports.conf` file location
- Add `keepalive` parameter to enable persistent connections
- Add `keepalive_timeout` parameter to change the timeout
- Update `default_mods` to be able to take an array of mods to enable.
- `apache::vhost`
- Add `wsgi_daemon_process`, `wsgi_daemon_process_options`,
`wsgi_process_group`, and `wsgi_script_aliases` parameters for per-vhost
WSGI configuration.
- Add `access_log_syslog` parameter to enable syslogging.
- Add `error_log_syslog` parameter to enable syslogging of errors.
- Add `directories` hash parameter. Please see README for documentation.
- Add `sslproxyengine` parameter to enable SSLProxyEngine
- Add `suphp_addhandler`, `suphp_engine`, and `suphp_configpath` for
configuring SuPHP.
- Add `custom_fragment` parameter to allow for arbitrary apache
configuration injection. (Feature pull requests are prefered over using
this, but it is available in a pinch.)
- Add `apache::mod::suphp` class for configuring SuPHP.
- Add `apache::mod::itk` class for configuring ITK mpm module.
- Update `apache::mod::wsgi` class for global WSGI configuration with
`wsgi_socket_prefix` and `wsgi_python_home` parameters.
- Add README.passenger.md to document the `apache::mod::passenger` usage.
Added `passenger_high_performance`, `passenger_pool_idle_time`,
`passenger_max_requests`, `passenger_stat_throttle_rate`, `rack_autodetect`,
and `rails_autodetect` parameters.
- Separate the httpd service resource into a new `apache::service` class for
dependency chaining of `Class['apache'] -> <resource> ~>
Class['apache::service']`
- Added `apache::mod::proxy_balancer` class for `apache::balancer`
#### Bugfixes:
- Change dependency to puppetlabs-concat
- Fix ruby 1.9 bug for `a2mod`
- Change servername to be `$::hostname` if there is no `$::fqdn`
- Make `/etc/ssl/certs` the default ssl certs directory for RedHat non-5.
- Make `php` the default php package for RedHat non-5.
- Made `aliases` able to take a single alias hash instead of requiring an
array.
## 2013-07-26 Release 0.8.1
#### Bugfixes:
- Update `apache::mpm_module` detection for worker/prefork
- Update `apache::mod::cgi` and `apache::mod::cgid` detection for
worker/prefork
## 2013-07-16 Release 0.8.0
#### Features:
- Add `servername` parameter to `apache` class
- Add `proxy_set` parameter to `apache::balancer` define
#### Bugfixes:
- Fix ordering for multiple `apache::balancer` clusters
- Fix symlinking for sites-available on Debian-based OSs
- Fix dependency ordering for recursive confdir management
- Fix `apache::mod::*` to notify the service on config change
- Documentation updates
## 2013-07-09 Release 0.7.0
#### Changes:
- Essentially rewrite the module -- too many to list
- `apache::vhost` has many abilities -- see README.md for details
- `apache::mod::*` classes provide httpd mod-loading capabilities
- `apache` base class is much more configurable
#### Bugfixes:
- Many. And many more to come
## 2013-03-2 Release 0.6.0
- update travis tests (add more supported versions)
- add access log_parameter
- make purging of vhost dir configurable
## 2012-08-24 Release 0.4.0
#### Changes:
- `include apache` is now required when using `apache::mod::*`
#### Bugfixes:
- Fix syntax for validate_re
- Fix formatting in vhost template
- Fix spec tests such that they pass
##2012-05-08 Puppet Labs <info@puppetlabs.com> - 0.0.4
* e62e362 Fix broken tests for ssl, vhost, vhost::*
* 42c6363 Changes to match style guide and pass puppet-lint without error
* 42bc8ba changed name => path for file resources in order to name namevar by it's name
* 72e13de One end too much
* 0739641 style guide fixes: 'true' <> true, $operatingsystem needs to be $::operatingsystem, etc.
* 273f94d fix tests
* a35ede5 (#13860) Make a2enmod/a2dismo commands optional
* 98d774e (#13860) Autorequire Package['httpd']
* 05fcec5 (#13073) Add missing puppet spec tests
* 541afda (#6899) Remove virtual a2mod definition
* 976cb69 (#13072) Move mod python and wsgi package names to params
* 323915a (#13060) Add .gitignore to repo
* fdf40af (#13060) Remove pkg directory from source tree
* fd90015 Add LICENSE file and update the ModuleFile
* d3d0d23 Re-enable local php class
* d7516c7 Make management of firewalls configurable for vhosts
* 60f83ba Explicitly lookup scope of apache_name in templates.
* f4d287f (#12581) Add explicit ordering for vdir directory
* 88a2ac6 (#11706) puppetlabs-apache depends on puppetlabs-firewall
* a776a8b (#11071) Fix to work with latest firewall module
* 2b79e8b (#11070) Add support for Scientific Linux
* 405b3e9 Fix for a2mod
* 57b9048 Commit apache::vhost::redirect Manifest
* 8862d01 Commit apache::vhost::proxy Manifest
* d5c1fd0 Commit apache::mod::wsgi Manifest
* a825ac7 Commit apache::mod::python Manifest
* b77062f Commit Templates
* 9a51b4a Vhost File Declarations
* 6cf7312 Defaults for Parameters
* 6a5b11a Ensure installed
* f672e46 a2mod fix
* 8a56ee9 add pthon support to apache

234
deployment/puppet/apache/CONTRIBUTING.md Normal file
View File

@ -0,0 +1,234 @@
Checklist (and a short version for the impatient)
=================================================
* Commits:
- Make commits of logical units.
- Check for unnecessary whitespace with "git diff --check" before
committing.
- Commit using Unix line endings (check the settings around "crlf" in
git-config(1)).
- Do not check in commented out code or unneeded files.
- The first line of the commit message should be a short
description (50 characters is the soft limit, excluding ticket
number(s)), and should skip the full stop.
- Associate the issue in the message. The first line should include
the issue number in the form "(#XXXX) Rest of message".
- The body should provide a meaningful commit message, which:
- uses the imperative, present tense: "change", not "changed" or
"changes".
- includes motivation for the change, and contrasts its
implementation with the previous behavior.
- Make sure that you have tests for the bug you are fixing, or
feature you are adding.
- Make sure the test suites passes after your commit:
`bundle exec rspec spec/acceptance` More information on [testing](#Testing) below
- When introducing a new feature, make sure it is properly
documented in the README.md
* Submission:
* Pre-requisites:
- Sign the [Contributor License Agreement](https://cla.puppetlabs.com/)
- Make sure you have a [GitHub account](https://github.com/join)
- [Create a ticket](http://projects.puppetlabs.com/projects/modules/issues/new), or [watch the ticket](http://projects.puppetlabs.com/projects/modules/issues) you are patching for.
* Preferred method:
- Fork the repository on GitHub.
- Push your changes to a topic branch in your fork of the
repository. (the format ticket/1234-short_description_of_change is
usually preferred for this project).
- Submit a pull request to the repository in the puppetlabs
organization.
The long version
================
1. Make separate commits for logically separate changes.
Please break your commits down into logically consistent units
which include new or changed tests relevant to the rest of the
change. The goal of doing this is to make the diff easier to
read for whoever is reviewing your code. In general, the easier
your diff is to read, the more likely someone will be happy to
review it and get it into the code base.
If you are going to refactor a piece of code, please do so as a
separate commit from your feature or bug fix changes.
We also really appreciate changes that include tests to make
sure the bug is not re-introduced, and that the feature is not
accidentally broken.
Describe the technical detail of the change(s). If your
description starts to get too long, that is a good sign that you
probably need to split up your commit into more finely grained
pieces.
Commits which plainly describe the things which help
reviewers check the patch and future developers understand the
code are much more likely to be merged in with a minimum of
bike-shedding or requested changes. Ideally, the commit message
would include information, and be in a form suitable for
inclusion in the release notes for the version of Puppet that
includes them.
Please also check that you are not introducing any trailing
whitespace or other "whitespace errors". You can do this by
running "git diff --check" on your changes before you commit.
2. Sign the Contributor License Agreement
Before we can accept your changes, we do need a signed Puppet
Labs Contributor License Agreement (CLA).
You can access the CLA via the [Contributor License Agreement link](https://cla.puppetlabs.com/)
If you have any questions about the CLA, please feel free to
contact Puppet Labs via email at cla-submissions@puppetlabs.com.
3. Sending your patches
To submit your changes via a GitHub pull request, we _highly_
recommend that you have them on a topic branch, instead of
directly on "master".
It makes things much easier to keep track of, especially if
you decide to work on another thing before your first change
is merged in.
GitHub has some pretty good
[general documentation](http://help.github.com/) on using
their site. They also have documentation on
[creating pull requests](http://help.github.com/send-pull-requests/).
In general, after pushing your topic branch up to your
repository on GitHub, you can switch to the branch in the
GitHub UI and click "Pull Request" towards the top of the page
in order to open a pull request.
4. Update the related GitHub issue.
If there is a GitHub issue associated with the change you
submitted, then you should update the ticket to include the
location of your branch, along with any other commentary you
may wish to make.
Testing
=======
Getting Started
---------------
Our puppet modules provide [`Gemfile`](./Gemfile)s which can tell a ruby
package manager such as [bundler](http://bundler.io/) what Ruby packages,
or Gems, are required to build, develop, and test this software.
Please make sure you have [bundler installed](http://bundler.io/#getting-started)
on your system, then use it to install all dependencies needed for this project,
by running
```shell
% bundle install
Fetching gem metadata from https://rubygems.org/........
Fetching gem metadata from https://rubygems.org/..
Using rake (10.1.0)
Using builder (3.2.2)
-- 8><-- many more --><8 --
Using rspec-system-puppet (2.2.0)
Using serverspec (0.6.3)
Using rspec-system-serverspec (1.0.0)
Using bundler (1.3.5)
Your bundle is complete!
Use `bundle show [gemname]` to see where a bundled gem is installed.
```
NOTE some systems may require you to run this command with sudo.
If you already have those gems installed, make sure they are up-to-date:
```shell
% bundle update
```
With all dependencies in place and up-to-date we can now run the tests:
```shell
% rake spec
```
This will execute all the [rspec tests](http://rspec-puppet.com/) tests
under [spec/defines](./spec/defines), [spec/classes](./spec/classes),
and so on. rspec tests may have the same kind of dependencies as the
module they are testing. While the module defines in its [Modulefile](./Modulefile),
rspec tests define them in [.fixtures.yml](./fixtures.yml).
Some puppet modules also come with [beaker](https://github.com/puppetlabs/beaker)
tests. These tests spin up a virtual machine under
[VirtualBox](https://www.virtualbox.org/)) with, controlling it with
[Vagrant](http://www.vagrantup.com/) to actually simulate scripted test
scenarios. In order to run these, you will need both of those tools
installed on your system.
You can run them by issuing the following command
```shell
% rake spec_clean
% rspec spec/acceptance
```
This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml),
install puppet, copy this module and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb)
and then run all the tests under [spec/acceptance](./spec/acceptance).
Writing Tests
-------------
XXX getting started writing tests.
If you have commit access to the repository
===========================================
Even if you have commit access to the repository, you will still need to
go through the process above, and have someone else review and merge
in your changes. The rule is that all changes must be reviewed by a
developer on the project (that did not write the code) to ensure that
all changes go through a code review process.
Having someone other than the author of the topic branch recorded as
performing the merge is the record that they performed the code
review.
Additional Resources
====================
* [Getting additional help](http://projects.puppetlabs.com/projects/puppet/wiki/Getting_Help)
* [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests)
* [Patchwork](https://patchwork.puppetlabs.com)
* [Contributor License Agreement](https://projects.puppetlabs.com/contributor_licenses/sign)
* [General GitHub documentation](http://help.github.com/)
* [GitHub pull request documentation](http://help.github.com/send-pull-requests/)

27
deployment/puppet/apache/Gemfile Normal file
View File

@ -0,0 +1,27 @@
source ENV['GEM_SOURCE'] || "https://rubygems.org"
group :development, :test do
gem 'rake', :require => false
gem 'rspec-puppet', :require => false
gem 'puppetlabs_spec_helper', :require => false
gem 'serverspec', :require => false
gem 'puppet-lint', :require => false
gem 'beaker', :require => false
gem 'beaker-rspec', :require => false
gem 'pry', :require => false
gem 'simplecov', :require => false
end
if facterversion = ENV['FACTER_GEM_VERSION']
gem 'facter', facterversion, :require => false
else
gem 'facter', :require => false
end
if puppetversion = ENV['PUPPET_GEM_VERSION']
gem 'puppet', puppetversion, :require => false
else
gem 'puppet', :require => false
end
# vim:ft=ruby

15
deployment/puppet/apache/LICENSE Normal file
View File

@ -0,0 +1,15 @@
Copyright (C) 2012 Puppet Labs Inc
Puppet Labs can be contacted at: info@puppetlabs.com
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

2352
deployment/puppet/apache/README.md Normal file
View File

File diff suppressed because it is too large Load Diff

278
deployment/puppet/apache/README.passenger.md Normal file
View File

@ -0,0 +1,278 @@
# Passenger
Just enabling the Passenger module is insufficient for the use of Passenger in
production. Passenger should be tunable to better fit the environment in which
it is run while being aware of the resources it required.
To this end the Apache passenger module has been modified to apply system wide
Passenger tuning declarations to `passenger.conf`. Declarations specific to a
virtual host should be passed through when defining a `vhost` (e.g.
`rack_base_uris` parameter on the `apache::vhost` type, check `README.md`).
Also, general apache module loading parameters can be supplied to enable using
a customized passenger module in place of a default-package-based version of
the module.
# Operating system support and Passenger versions
The most important configuration directive for the Apache Passenger module is
`PassengerRoot`. Its value depends on the Passenger version used (2.x, 3.x or
4.x) and on the operating system package from which the Apache Passenger module
is installed.
The following table summarises the current *default versions* and
`PassengerRoot` settings for the operating systems supported by
puppetlabs-apache:
OS | Passenger version | `PassengerRoot`
---------------- | ------------------ | ----------------
Debian 7 | 3.0.13 | /usr
Ubuntu 12.04 | 2.2.11 | /usr
Ubuntu 14.04 | 4.0.37 | /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
RHEL with EPEL6 | 3.0.21 | /usr/lib/ruby/gems/1.8/gems/passenger-3.0.21
As mentioned in `README.md` there are no compatible packages available for
RHEL/CentOS 5 or RHEL/CentOS 7.
## Configuration files and locations on RHEL/CentOS
Notice two important points:
1. The Passenger version packaged in the EPEL repositories may change over time.
2. The value of `PassengerRoot` depends on the Passenger version installed.
To prevent the puppetlabs-apache module from having to keep up with these
package versions the Passenger configuration files installed by the
packages are left untouched by this module. All configuration is placed in an
extra configuration file managed by puppetlabs-apache.
This means '/etc/httpd/conf.d/passenger.conf' is installed by the
`mod_passenger` package and contains correct values for `PassengerRoot` and
`PassengerRuby`. Puppet will ignore this file. Additional configuration
directives as described in the remainder of this document are placed in
'/etc/httpd/conf.d/passenger_extra.conf', managed by Puppet.
This pertains *only* to RHEL/CentOS, *not* Debian and Ubuntu.
## Third-party and custom Passenger packages and versions
The Passenger version distributed by the default OS packages may be too old to
be useful. Newer versions may be installed via Gems, from source or from
third-party OS packages.
Most notably the Passenger developers officially provide Debian packages for a
variety of Debian and Ubuntu releases in the [Passenger APT
repository](https://oss-binaries.phusionpassenger.com/apt/passenger). Read more
about [installing these packages in the offical user
guide](http://www.modrails.com/documentation/Users%20guide%20Apache.html#install_on_debian_ubuntu).
If you install custom Passenger packages and newer version make sure to set the
directives `PassengerRoot`, `PassengerRuby` and/or `PassengerDefaultRuby`
correctly, or Passenger and Apache will fail to function properly.
For Passenger 4.x packages on Debian and Ubuntu the `PassengerRoot` directive
should almost universally be set to
`/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini`.
# Parameters for `apache::mod::passenger`
The following class parameters configure Passenger in a global, server-wide
context.
Example:
```puppet
class { 'apache::mod::passenger':
passenger_root => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini',
passenger_default_ruby => '/usr/bin/ruby1.9.3',
passenger_high_performance => 'on',
rails_autodetect => 'off',
mod_lib_path => '/usr/lib/apache2/custom_modules',
}
```
The general form is using the all lower-case version of the configuration
directive, with underscores instead of CamelCase.
## Parameters used with passenger.conf
If you pass a default value to `apache::mod::passenger` it will be ignored and
not passed through to the configuration file.
### passenger_root
The location to the Phusion Passenger root directory. This configuration option
is essential to Phusion Passenger, and allows Phusion Passenger to locate its
own data files.
The default depends on the Passenger version and the means of installation. See
the above section on operating system support, versions and packages for more
information.
http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerroot_lt_directory_gt
### passenger_default_ruby
This option specifies the default Ruby interpreter to use for web apps as well
as for all sorts of internal Phusion Passenger helper scripts, e.g. the one
used by PassengerPreStart.
This directive was introduced in Passenger 4.0.0 and will not work in versions
< 4.x. Do not set this parameter if your Passenger version is older than 4.0.0.
Defaults to `undef` for all operating systems except Ubuntu 14.04, where it is
set to '/usr/bin/ruby'.
http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerDefaultRuby
### passenger_ruby
This directive is the same as `passenger_default_ruby` for Passenger versions
< 4.x and must be used instead of `passenger_default_ruby` for such versions.
It makes no sense to set `PassengerRuby` for Passenger >= 4.x. That
directive should only be used to override the value of `PassengerDefaultRuby`
on a non-global context, i.e. in `<VirtualHost>`, `<Directory>`, `<Location>`
and so on.
Defaults to `/usr/bin/ruby` for all supported operating systems except Ubuntu
14.04, where it is set to `undef`.
http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerRuby
### passenger_high_performance
Default is `off`. When turned `on` Passenger runs in a higher performance mode
that can be less compatible with other Apache modules.
http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerHighPerformance
### passenger_max_pool_size
Sets the maximum number of Passenger application processes that may
simultaneously run. The default value is 6.
http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengermaxpoolsize_lt_integer_gt
### passenger_pool_idle_time
The maximum number of seconds a Passenger Application process will be allowed
to remain idle before being shut down. The default value is 300.
http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerPoolIdleTime
### passenger_max_requests
The maximum number of request a Passenger application will process before being
restarted. The default value is 0, which indicates that a process will only
shut down if the Pool Idle Time (see above) expires.
http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerMaxRequests
### passenger_stat_throttle_rate
Sets how often Passenger performs file system checks, at most once every _x_
seconds. Default is 0, which means the checks are performed with every request.
http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerstatthrottlerate_lt_integer_gt
### rack_autodetect
Should Passenger automatically detect if the document root of a virtual host is
a Rack application. Not set by default (`undef`). Note that this directive has
been removed in Passenger 4.0.0 and `PassengerEnabled` should be used instead.
Use this directive only on Passenger < 4.x.
http://www.modrails.com/documentation/Users%20guide%20Apache.html#_rackautodetect_lt_on_off_gt
### rails_autodetect
Should Passenger automatically detect if the document root of a virtual host is
a Rails application. Not set by default (`undef`). Note that this directive
has been removed in Passenger 4.0.0 and `PassengerEnabled` should be used
instead. Use this directive only on Passenger < 4.x.
http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsautodetect_lt_on_off_gt
### passenger_use_global_queue
Allows toggling of PassengerUseGlobalQueue. NOTE: PassengerUseGlobalQueue is
the default in Passenger 4.x and the versions >= 4.x have disabled this
configuration option altogether. Use with caution.
## Parameters used to load the module
Unlike the tuning parameters specified above, the following parameters are only
used when loading customized passenger modules.
### mod_package
Allows overriding the default package name used for the passenger module
package.
### mod_package_ensure
Allows overriding the package installation setting used by puppet when
installing the passenger module. The default is 'present'.
### mod_id
Allows overriding the value used by apache to identify the passenger module.
The default is 'passenger_module'.
### mod_lib_path
Allows overriding the directory path used by apache when loading the passenger
module. The default is the value of `$apache::params::lib_path`.
### mod_lib
Allows overriding the library file name used by apache when loading the
passenger module. The default is 'mod_passenger.so'.
### mod_path
Allows overriding the full path to the library file used by apache when loading
the passenger module. The default is the concatenation of the `mod_lib_path`
and `mod_lib` parameters.
# Dependencies
RedHat-based systems will need to configure additional package repositories in
order to install Passenger, specifically:
* [Extra Packages for Enterprise Linux](https://fedoraproject.org/wiki/EPEL)
* [Phusion Passenger](http://passenger.stealthymonkeys.com)
Configuration of these repositories is beyond the scope of this module and is
left to the user.
# Attribution
The Passenger tuning parameters for the `apache::mod::passenger` Puppet class
was modified by Aaron Hicks (hicksa@landcareresearch.co.nz) for work on the
NeSI Project and the Tuakiri New Zealand Access Federation as a fork from the
PuppetLabs Apache module on GitHub.
* https://github.com/puppetlabs/puppetlabs-apache
* https://github.com/nesi/puppetlabs-apache
* http://www.nesi.org.nz//
* https://tuakiri.ac.nz/confluence/display/Tuakiri/Home
# Copyright and License
Copyright (C) 2012 [Puppet Labs](https://www.puppetlabs.com/) Inc
Puppet Labs can be contacted at: info@puppetlabs.com
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

11
deployment/puppet/apache/Rakefile Normal file
View File

@ -0,0 +1,11 @@
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-lint/tasks/puppet-lint'
PuppetLint.configuration.fail_on_warnings
PuppetLint.configuration.send('relative')
PuppetLint.configuration.send('disable_80chars')
PuppetLint.configuration.send('disable_class_inherits_from_params_class')
PuppetLint.configuration.send('disable_documentation')
PuppetLint.configuration.send('disable_single_quote_string_with_variables')
PuppetLint.configuration.send('disable_only_variable_string')
PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]

24
deployment/puppet/apache/files/httpd Normal file
View File

@ -0,0 +1,24 @@
# Configuration file for the httpd service.
#
# The default processing model (MPM) is the process-based
# 'prefork' model. A thread-based model, 'worker', is also
# available, but does not work with some modules (such as PHP).
# The service must be stopped before changing this variable.
#
#HTTPD=/usr/sbin/httpd.worker
#
# To pass additional options (for instance, -D definitions) to the
# httpd binary at startup, set OPTIONS here.
#
#OPTIONS=
#OPTIONS=-DDOWN
#
# By default, the httpd process is started in the C locale; to
# change the locale in which the server runs, the HTTPD_LANG
# variable can be set.
#
#HTTPD_LANG=C
export SHORTHOST=`hostname -s`

30
deployment/puppet/apache/lib/puppet/parser/functions/bool2httpd.rb Normal file
View File

@ -0,0 +1,30 @@
Puppet::Parser::Functions::newfunction(:bool2httpd, :type => :rvalue, :doc => <<-EOS
Transform a supposed boolean to On or Off. Pass all other values through.
Given a nil value (undef), bool2httpd will return 'Off'
Example:
$trace_enable = false
$server_signature = 'mail'
bool2httpd($trace_enable)
# => 'Off'
bool2httpd($server_signature)
# => 'mail'
bool2httpd(undef)
# => 'Off'
EOS
) do |args|
raise(Puppet::ParseError, "bool2httpd() wrong number of arguments. Given: #{args.size} for 1)") if args.size != 1
arg = args[0]
if arg.nil? or arg == false or arg =~ /false/i or arg == :undef
return 'Off'
elsif arg == true or arg =~ /true/i
return 'On'
end
return arg.to_s
end

34
deployment/puppet/apache/lib/puppet/provider/a2mod.rb Normal file
View File

@ -0,0 +1,34 @@
class Puppet::Provider::A2mod < Puppet::Provider
def self.prefetch(mods)
instances.each do |prov|
if mod = mods[prov.name]
mod.provider = prov
end
end
end
def flush
@property_hash.clear
end
def properties
if @property_hash.empty?
@property_hash = query || {:ensure => :absent}
@property_hash[:ensure] = :absent if @property_hash.empty?
end
@property_hash.dup
end
def query
self.class.instances.each do |mod|
if mod.name == self.name or mod.name.downcase == self.name
return mod.properties
end
end
nil
end
def exists?
properties[:ensure] != :absent
end
end

35
deployment/puppet/apache/lib/puppet/provider/a2mod/a2mod.rb Normal file
View File

@ -0,0 +1,35 @@
require 'puppet/provider/a2mod'
Puppet::Type.type(:a2mod).provide(:a2mod, :parent => Puppet::Provider::A2mod) do
desc "Manage Apache 2 modules on Debian and Ubuntu"
optional_commands :encmd => "a2enmod"
optional_commands :discmd => "a2dismod"
commands :apache2ctl => "apache2ctl"
confine :osfamily => :debian
defaultfor :operatingsystem => [:debian, :ubuntu]
def self.instances
modules = apache2ctl("-M").lines.collect { |line|
m = line.match(/(\w+)_module \(shared\)$/)
m[1] if m
}.compact
modules.map do |mod|
new(
:name => mod,
:ensure => :present,
:provider => :a2mod
)
end
end
def create
encmd resource[:name]
end
def destroy
discmd resource[:name]
end
end

116
deployment/puppet/apache/lib/puppet/provider/a2mod/gentoo.rb Normal file
View File

@ -0,0 +1,116 @@
require 'puppet/util/filetype'
Puppet::Type.type(:a2mod).provide(:gentoo, :parent => Puppet::Provider) do
desc "Manage Apache 2 modules on Gentoo"
confine :operatingsystem => :gentoo
defaultfor :operatingsystem => :gentoo
attr_accessor :property_hash
def create
@property_hash[:ensure] = :present
end
def exists?
(!(@property_hash[:ensure].nil?) and @property_hash[:ensure] == :present)
end
def destroy
@property_hash[:ensure] = :absent
end
def flush
self.class.flush
end
class << self
attr_reader :conf_file
end
def self.clear
@mod_resources = []
@modules = []
@other_args = ""
end
def self.initvars
@conf_file = "/etc/conf.d/apache2"
@filetype = Puppet::Util::FileType.filetype(:flat).new(conf_file)
@mod_resources = []
@modules = []
@other_args = ""
end
self.initvars
# Retrieve an array of all existing modules
def self.modules
if @modules.length <= 0
# Locate the APACHE_OPTS variable
records = filetype.read.split(/\n/)
apache2_opts = records.grep(/^\s*APACHE2_OPTS=/).first
# Extract all defines
while apache2_opts.sub!(/-D\s+(\w+)/, '')
@modules << $1.downcase
end
# Hang on to any remaining options.
if apache2_opts.match(/APACHE2_OPTS="(.+)"/)
@other_args = $1.strip
end
@modules.sort!.uniq!
end
@modules
end
def self.prefetch(resources={})
# Match resources with existing providers
instances.each do |provider|
if resource = resources[provider.name]
resource.provider = provider
end
end
# Store all resources using this provider for flushing
resources.each do |name, resource|
@mod_resources << resource
end
end
def self.instances
modules.map {|mod| new(:name => mod, :provider => :gentoo, :ensure => :present)}
end
def self.flush
mod_list = modules
mods_to_remove = @mod_resources.select {|mod| mod.should(:ensure) == :absent}.map {|mod| mod[:name]}
mods_to_add = @mod_resources.select {|mod| mod.should(:ensure) == :present}.map {|mod| mod[:name]}
mod_list -= mods_to_remove
mod_list += mods_to_add
mod_list.sort!.uniq!
if modules != mod_list
opts = @other_args + " "
opts << mod_list.map {|mod| "-D #{mod.upcase}"}.join(" ")
opts.strip!
opts.gsub!(/\s+/, ' ')
apache2_opts = %Q{APACHE2_OPTS="#{opts}"}
Puppet.debug("Writing back \"#{apache2_opts}\" to #{conf_file}")
records = filetype.read.split(/\n/)
opts_index = records.find_index {|i| i.match(/^\s*APACHE2_OPTS/)}
records[opts_index] = apache2_opts
filetype.backup
filetype.write(records.join("\n"))
@modules = mod_list
end
end
end

12
deployment/puppet/apache/lib/puppet/provider/a2mod/modfix.rb Normal file
View File

@ -0,0 +1,12 @@
Puppet::Type.type(:a2mod).provide :modfix do
desc "Dummy provider for A2mod.
Fake nil resources when there is no crontab binary available. Allows
puppetd to run on a bootstrapped machine before a Cron package has been
installed. Workaround for: http://projects.puppetlabs.com/issues/2384
"
def self.instances
[]
end
end

60
deployment/puppet/apache/lib/puppet/provider/a2mod/redhat.rb Normal file
View File

@ -0,0 +1,60 @@
require 'puppet/provider/a2mod'
Puppet::Type.type(:a2mod).provide(:redhat, :parent => Puppet::Provider::A2mod) do
desc "Manage Apache 2 modules on RedHat family OSs"
commands :apachectl => "apachectl"
confine :osfamily => :redhat
defaultfor :osfamily => :redhat
require 'pathname'
# modpath: Path to default apache modules directory /etc/httpd/mod.d
# modfile: Path to module load configuration file; Default: resides under modpath directory
# libfile: Path to actual apache module library. Added in modfile LoadModule
attr_accessor :modfile, :libfile
class << self
attr_accessor :modpath
def preinit
@modpath = "/etc/httpd/mod.d"
end
end
self.preinit
def create
File.open(modfile,'w') do |f|
f.puts "LoadModule #{resource[:identifier]} #{libfile}"
end
end
def destroy
File.delete(modfile)
end
def self.instances
modules = apachectl("-M").lines.collect { |line|
m = line.match(/(\w+)_module \(shared\)$/)
m[1] if m
}.compact
modules.map do |mod|
new(
:name => mod,
:ensure => :present,
:provider => :redhat
)
end
end
def modfile
modfile ||= "#{self.class.modpath}/#{resource[:name]}.load"
end
# Set libfile path: If absolute path is passed, then maintain it. Else, make it default from 'modules' dir.
def libfile
libfile = Pathname.new(resource[:lib]).absolute? ? resource[:lib] : "modules/#{resource[:lib]}"
end
end

30
deployment/puppet/apache/lib/puppet/type/a2mod.rb Normal file
View File

@ -0,0 +1,30 @@
Puppet::Type.newtype(:a2mod) do
@doc = "Manage Apache 2 modules"
ensurable
newparam(:name) do
Puppet.warning "The a2mod provider is deprecated, please use apache::mod instead"
desc "The name of the module to be managed"
isnamevar
end
newparam(:lib) do
desc "The name of the .so library to be loaded"
defaultto { "mod_#{@resource[:name]}.so" }
end
newparam(:identifier) do
desc "Module identifier string used by LoadModule. Default: module-name_module"
# http://httpd.apache.org/docs/2.2/mod/module-dict.html#ModuleIdentifier
defaultto { "#{resource[:name]}_module" }
end
autorequire(:package) { catalog.resource(:package, 'httpd')}
end

82
deployment/puppet/apache/manifests/balancer.pp Normal file
View File

@ -0,0 +1,82 @@
# == Define Resource Type: apache::balancer
#
# This type will create an apache balancer cluster file inside the conf.d
# directory. Each balancer cluster needs one or more balancer members (that can
# be declared with the apache::balancermember defined resource type). Using
# storeconfigs, you can export the apache::balancermember resources on all
# balancer members, and then collect them on a single apache load balancer
# server.
#
# === Requirement/Dependencies:
#
# Currently requires the puppetlabs/concat module on the Puppet Forge and uses
# storeconfigs on the Puppet Master to export/collect resources from all
# balancer members.
#
# === Parameters
#
# [*name*]
# The namevar of the defined resource type is the balancer clusters name.
# This name is also used in the name of the conf.d file
#
# [*proxy_set*]
# Hash, default empty. If given, each key-value pair will be used as a ProxySet
# line in the configuration.
#
# [*collect_exported*]
# Boolean, default 'true'. True means 'collect exported @@balancermember
# resources' (for the case when every balancermember node exports itself),
# false means 'rely on the existing declared balancermember resources' (for the
# case when you know the full set of balancermembers in advance and use
# apache::balancermember with array arguments, which allows you to deploy
# everything in 1 run)
#
#
# === Examples
#
# Exporting the resource for a balancer member:
#
# apache::balancer { 'puppet00': }
#
define apache::balancer (
$proxy_set = {},
$collect_exported = true,
) {
include ::apache::mod::proxy_balancer
$target = "${::apache::params::confd_dir}/balancer_${name}.conf"
concat { $target:
owner => '0',
group => '0',
mode => '0644',
notify => Service['httpd'],
}
concat::fragment { "00-${name}-header":
ensure => present,
target => $target,
order => '01',
content => "<Proxy balancer://${name}>\n",
}
if $collect_exported {
Apache::Balancermember <<| balancer_cluster == $name |>>
}
# else: the resources have been created and they introduced their
# concat fragments. We don't have to do anything about them.
concat::fragment { "01-${name}-proxyset":
ensure => present,
target => $target,
order => '19',
content => inline_template("<% @proxy_set.keys.sort.each do |key| %> Proxyset <%= key %>=<%= @proxy_set[key] %>\n<% end %>"),
}
concat::fragment { "01-${name}-footer":
ensure => present,
target => $target,
order => '20',
content => "</Proxy>\n",
}
}

53
deployment/puppet/apache/manifests/balancermember.pp Normal file
View File

@ -0,0 +1,53 @@
# == Define Resource Type: apache::balancermember
#
# This type will setup a balancer member inside a listening service
# configuration block in /etc/apache/apache.cfg on the load balancer.
# currently it only has the ability to specify the instance name, url and an
# array of options. More features can be added as needed. The best way to
# implement this is to export this resource for all apache balancer member
# servers, and then collect them on the main apache load balancer.
#
# === Requirement/Dependencies:
#
# Currently requires the puppetlabs/concat module on the Puppet Forge and
# uses storeconfigs on the Puppet Master to export/collect resources
# from all balancer members.
#
# === Parameters
#
# [*name*]
# The title of the resource is arbitrary and only utilized in the concat
# fragment name.
#
# [*balancer_cluster*]
# The apache service's instance name (or, the title of the apache::balancer
# resource). This must match up with a declared apache::balancer resource.
#
# [*url*]
# The url used to contact the balancer member server.
#
# [*options*]
# An array of options to be specified after the url.
#
# === Examples
#
# Exporting the resource for a balancer member:
#
# @@apache::balancermember { 'apache':
# balancer_cluster => 'puppet00',
# url => "ajp://${::fqdn}:8009"
# options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
# }
#
define apache::balancermember(
$balancer_cluster,
$url = "http://${::fqdn}/",
$options = [],
) {
concat::fragment { "BalancerMember ${name}":
ensure => present,
target => "${::apache::params::confd_dir}/balancer_${balancer_cluster}.conf",
content => inline_template(" BalancerMember ${url} <%= @options.join ' ' %>\n"),
}
}

10
deployment/puppet/apache/manifests/confd/no_accf.pp Normal file
View File

@ -0,0 +1,10 @@
class apache::confd::no_accf {
# Template uses no variables
file { 'no-accf.conf':
ensure => 'file',
path => "${::apache::confd_dir}/no-accf.conf",
content => template('apache/confd/no-accf.conf.erb'),
require => Exec["mkdir ${::apache::confd_dir}"],
before => File[$::apache::confd_dir],
}
}

60
deployment/puppet/apache/manifests/custom_config.pp Normal file
View File

@ -0,0 +1,60 @@
# See README.md for usage information
define apache::custom_config (
$ensure = 'present',
$confdir = $::apache::confd_dir,
$content = undef,
$priority = '25',
$source = undef,
$verify_command = $::apache::params::verify_command,
$verify_config = true,
) {
if $content and $source {
fail('Only one of $content and $source can be specified.')
}
if $ensure == 'present' and ! $content and ! $source {
fail('One of $content and $source must be specified.')
}
validate_re($ensure, '^(present|absent)$',
"${ensure} is not supported for ensure.
Allowed values are 'present' and 'absent'.")
validate_bool($verify_config)
## Apache include does not always work with spaces in the filename
$filename = regsubst($name, ' ', '_', 'G')
if ! $verify_config or $ensure == 'absent' {
$notifies = Service['httpd']
} else {
$notifies = undef
}
file { "apache_${name}":
ensure => $ensure,
path => "${confdir}/${priority}-${filename}.conf",
content => $content,
source => $source,
require => Package['httpd'],
notify => $notifies,
}
if $ensure == 'present' and $verify_config {
exec { "service notify for ${name}":
command => $verify_command,
subscribe => File["apache_${name}"],
refreshonly => true,
notify => Service['httpd'],
before => Exec["remove ${name} if invalid"],
}
exec { "remove ${name} if invalid":
command => "/bin/rm ${confdir}/${priority}-${filename}.conf",
unless => $verify_command,
subscribe => File["apache_${name}"],
refreshonly => true,
}
}
}

15
deployment/puppet/apache/manifests/default_confd_files.pp Normal file
View File

@ -0,0 +1,15 @@
class apache::default_confd_files (
$all = true,
) {
# The rest of the conf.d/* files only get loaded if we want them
if $all {
case $::osfamily {
'freebsd': {
include ::apache::confd::no_accf
}
default: {
# do nothing
}
}
}
}

164
deployment/puppet/apache/manifests/default_mods.pp Normal file
View File

@ -0,0 +1,164 @@
class apache::default_mods (
$all = true,
$mods = undef,
$apache_version = $::apache::apache_version
) {
# These are modules required to run the default configuration.
# They are not configurable at this time, so we just include
# them to make sure it works.
case $::osfamily {
'redhat', 'freebsd': {
::apache::mod { 'log_config': }
if versioncmp($apache_version, '2.4') >= 0 {
# Lets fork it
# Do not try to load mod_systemd on RHEL/CentOS 6 SCL.
if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !($::operatingsystem == 'Amazon' and versioncmp($::operatingsystemrelease, '2014.09') <= 0 ) ) {
::apache::mod { 'systemd': }
}
::apache::mod { 'unixd': }
}
}
default: {}
}
::apache::mod { 'authz_host': }
# The rest of the modules only get loaded if we want all modules enabled
if $all {
case $::osfamily {
'debian': {
include ::apache::mod::reqtimeout
if versioncmp($apache_version, '2.4') >= 0 {
::apache::mod { 'authn_core': }
}
}
'redhat': {
include ::apache::mod::actions
include ::apache::mod::cache
include ::apache::mod::mime
include ::apache::mod::mime_magic
include ::apache::mod::rewrite
include ::apache::mod::speling
include ::apache::mod::suexec
include ::apache::mod::version
include ::apache::mod::vhost_alias
::apache::mod { 'auth_digest': }
::apache::mod { 'authn_anon': }
::apache::mod { 'authn_dbm': }
::apache::mod { 'authz_dbm': }
::apache::mod { 'authz_owner': }
::apache::mod { 'expires': }
::apache::mod { 'ext_filter': }
::apache::mod { 'include': }
::apache::mod { 'logio': }
::apache::mod { 'substitute': }
::apache::mod { 'usertrack': }
if versioncmp($apache_version, '2.4') >= 0 {
::apache::mod { 'authn_core': }
}
else {
::apache::mod { 'authn_alias': }
::apache::mod { 'authn_default': }
}
}
'freebsd': {
include ::apache::mod::actions
include ::apache::mod::cache
include ::apache::mod::disk_cache
include ::apache::mod::headers
include ::apache::mod::info
include ::apache::mod::mime_magic
include ::apache::mod::reqtimeout
include ::apache::mod::rewrite
include ::apache::mod::userdir
include ::apache::mod::version
include ::apache::mod::vhost_alias
include ::apache::mod::speling
::apache::mod { 'asis': }
::apache::mod { 'auth_digest': }
::apache::mod { 'authn_alias': }
::apache::mod { 'authn_anon': }
::apache::mod { 'authn_dbm': }
::apache::mod { 'authn_default': }
::apache::mod { 'authz_dbm': }
::apache::mod { 'authz_owner': }
::apache::mod { 'cern_meta': }
::apache::mod { 'charset_lite': }
::apache::mod { 'dumpio': }
::apache::mod { 'expires': }
::apache::mod { 'file_cache': }
::apache::mod { 'filter':}
::apache::mod { 'imagemap':}
::apache::mod { 'include': }
::apache::mod { 'logio': }
::apache::mod { 'unique_id': }
::apache::mod { 'usertrack': }
}
default: {}
}
case $::apache::mpm_module {
'prefork': {
include ::apache::mod::cgi
}
'worker': {
include ::apache::mod::cgid
}
default: {
# do nothing
}
}
include ::apache::mod::alias
include ::apache::mod::autoindex
include ::apache::mod::dav
include ::apache::mod::dav_fs
include ::apache::mod::deflate
include ::apache::mod::dir
include ::apache::mod::mime
include ::apache::mod::negotiation
include ::apache::mod::setenvif
::apache::mod { 'auth_basic': }
::apache::mod { 'authn_file': }
if versioncmp($apache_version, '2.4') >= 0 {
# authz_core is needed for 'Require' directive
::apache::mod { 'authz_core':
id => 'authz_core_module',
}
# filter is needed by mod_deflate
::apache::mod { 'filter': }
# lots of stuff seems to break without access_compat
::apache::mod { 'access_compat': }
} else {
::apache::mod { 'authz_default': }
}
::apache::mod { 'authz_groupfile': }
::apache::mod { 'authz_user': }
::apache::mod { 'env': }
} elsif $mods {
::apache::default_mods::load { $mods: }
if versioncmp($apache_version, '2.4') >= 0 {
# authz_core is needed for 'Require' directive
::apache::mod { 'authz_core':
id => 'authz_core_module',
}
# filter is needed by mod_deflate
::apache::mod { 'filter': }
}
} else {
if versioncmp($apache_version, '2.4') >= 0 {
# authz_core is needed for 'Require' directive
::apache::mod { 'authz_core':
id => 'authz_core_module',
}
# filter is needed by mod_deflate
::apache::mod { 'filter': }
}
}
}

8
deployment/puppet/apache/manifests/default_mods/load.pp Normal file
View File

@ -0,0 +1,8 @@
# private define
define apache::default_mods::load ($module = $title) {
if defined("apache::mod::${module}") {
include "::apache::mod::${module}"
} else {
::apache::mod { $module: }
}
}

11
deployment/puppet/apache/manifests/dev.pp Normal file
View File

@ -0,0 +1,11 @@
class apache::dev {
if $::osfamily == 'FreeBSD' and !defined(Class['apache::package']) {
fail('apache::dev requires apache::package; please include apache or apache::package class first')
}
include ::apache::params
$packages = $::apache::params::dev_packages
package { $packages:
ensure => present,
require => Package['httpd'],
}
}

24
deployment/puppet/apache/manifests/fastcgi/server.pp Normal file
View File

@ -0,0 +1,24 @@
define apache::fastcgi::server (
$host = '127.0.0.1:9000',
$timeout = 15,
$flush = false,
$faux_path = "/var/www/${name}.fcgi",
$fcgi_alias = "/${name}.fcgi",
$file_type = 'application/x-httpd-php'
) {
include apache::mod::fastcgi
Apache::Mod['fastcgi'] -> Apache::Fastcgi::Server[$title]
file { "fastcgi-pool-${name}.conf":
ensure => present,
path => "${::apache::confd_dir}/fastcgi-pool-${name}.conf",
owner => 'root',
group => $::apache::params::root_group,
mode => '0644',
content => template('apache/fastcgi/server.erb'),
require => Exec["mkdir ${::apache::confd_dir}"],
before => File[$::apache::confd_dir],
notify => Class['apache::service'],
}
}

357
deployment/puppet/apache/manifests/init.pp Normal file
View File

@ -0,0 +1,357 @@
# Class: apache
#
# This class installs Apache
#
# Parameters:
#
# Actions:
# - Install Apache
# - Manage Apache service
#
# Requires:
#
# Sample Usage:
#
class apache (
$apache_name = $::apache::params::apache_name,
$service_name = $::apache::params::service_name,
$default_mods = true,
$default_vhost = true,
$default_confd_files = true,
$default_ssl_vhost = false,
$default_ssl_cert = $::apache::params::default_ssl_cert,
$default_ssl_key = $::apache::params::default_ssl_key,
$default_ssl_chain = undef,
$default_ssl_ca = undef,
$default_ssl_crl_path = undef,
$default_ssl_crl = undef,
$default_ssl_crl_check = undef,
$ip = undef,
$service_enable = true,
$service_ensure = 'running',
$purge_configs = true,
$purge_vhost_dir = undef,
$purge_vdir = false,
$serveradmin = 'root@localhost',
$sendfile = 'On',
$error_documents = false,
$timeout = '120',
$httpd_dir = $::apache::params::httpd_dir,
$server_root = $::apache::params::server_root,
$conf_dir = $::apache::params::conf_dir,
$confd_dir = $::apache::params::confd_dir,
$vhost_dir = $::apache::params::vhost_dir,
$vhost_enable_dir = $::apache::params::vhost_enable_dir,
$mod_dir = $::apache::params::mod_dir,
$mod_enable_dir = $::apache::params::mod_enable_dir,
$mpm_module = $::apache::params::mpm_module,
$conf_template = $::apache::params::conf_template,
$servername = $::apache::params::servername,
$manage_user = true,
$manage_group = true,
$user = $::apache::params::user,
$group = $::apache::params::group,
$keepalive = $::apache::params::keepalive,
$keepalive_timeout = $::apache::params::keepalive_timeout,
$max_keepalive_requests = $apache::params::max_keepalive_requests,
$logroot = $::apache::params::logroot,
$logroot_mode = $::apache::params::logroot_mode,
$log_level = $::apache::params::log_level,
$log_formats = {},
$ports_file = $::apache::params::ports_file,
$docroot = $::apache::params::docroot,
$apache_version = $::apache::version::default,
$server_tokens = 'OS',
$server_signature = 'On',
$trace_enable = 'On',
$allow_encoded_slashes = undef,
$package_ensure = 'installed',
) inherits ::apache::params {
validate_bool($default_vhost)
validate_bool($default_ssl_vhost)
validate_bool($default_confd_files)
# true/false is sufficient for both ensure and enable
validate_bool($service_enable)
$valid_mpms_re = $apache_version ? {
'2.4' => '(event|itk|peruser|prefork|worker)',
default => '(event|itk|prefork|worker)'
}
if $mpm_module {
validate_re($mpm_module, $valid_mpms_re)
}
if $allow_encoded_slashes {
validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.")
}
# NOTE: on FreeBSD it's mpm module's responsibility to install httpd package.
# NOTE: the same strategy may be introduced for other OSes. For this, you
# should delete the 'if' block below and modify all MPM modules' manifests
# such that they include apache::package class (currently event.pp, itk.pp,
# peruser.pp, prefork.pp, worker.pp).
if $::osfamily != 'FreeBSD' {
package { 'httpd':
ensure => $package_ensure,
name => $apache_name,
notify => Class['Apache::Service'],
}
}
validate_re($sendfile, [ '^[oO]n$' , '^[oO]ff$' ])
# declare the web server user and group
# Note: requiring the package means the package ought to create them and not puppet
validate_bool($manage_user)
if $manage_user {
user { $user:
ensure => present,
gid => $group,
require => Package['httpd'],
}
}
validate_bool($manage_group)
if $manage_group {
group { $group:
ensure => present,
require => Package['httpd']
}
}
$valid_log_level_re = '(emerg|alert|crit|error|warn|notice|info|debug)'
validate_re($log_level, $valid_log_level_re,
"Log level '${log_level}' is not one of the supported Apache HTTP Server log levels.")
class { '::apache::service':
service_name => $service_name,
service_enable => $service_enable,
service_ensure => $service_ensure,
}
# Deprecated backwards-compatibility
if $purge_vdir {
warning('Class[\'apache\'] parameter purge_vdir is deprecated in favor of purge_configs')
$purge_confd = $purge_vdir
} else {
$purge_confd = $purge_configs
}
# Set purge vhostd appropriately
if $purge_vhost_dir == undef {
$purge_vhostd = $purge_confd
} else {
$purge_vhostd = $purge_vhost_dir
}
Exec {
path => '/bin:/sbin:/usr/bin:/usr/sbin',
}
exec { "mkdir ${confd_dir}":
creates => $confd_dir,
require => Package['httpd'],
}
file { $confd_dir:
ensure => directory,
recurse => true,
purge => $purge_confd,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
if ! defined(File[$mod_dir]) {
exec { "mkdir ${mod_dir}":
creates => $mod_dir,
require => Package['httpd'],
}
# Don't purge available modules if an enable dir is used
$purge_mod_dir = $purge_configs and !$mod_enable_dir
file { $mod_dir:
ensure => directory,
recurse => true,
purge => $purge_mod_dir,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
}
if $mod_enable_dir and ! defined(File[$mod_enable_dir]) {
$mod_load_dir = $mod_enable_dir
exec { "mkdir ${mod_enable_dir}":
creates => $mod_enable_dir,
require => Package['httpd'],
}
file { $mod_enable_dir:
ensure => directory,
recurse => true,
purge => $purge_configs,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
} else {
$mod_load_dir = $mod_dir
}
if ! defined(File[$vhost_dir]) {
exec { "mkdir ${vhost_dir}":
creates => $vhost_dir,
require => Package['httpd'],
}
file { $vhost_dir:
ensure => directory,
recurse => true,
purge => $purge_vhostd,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
}
if $vhost_enable_dir and ! defined(File[$vhost_enable_dir]) {
$vhost_load_dir = $vhost_enable_dir
exec { "mkdir ${vhost_load_dir}":
creates => $vhost_load_dir,
require => Package['httpd'],
}
file { $vhost_enable_dir:
ensure => directory,
recurse => true,
purge => $purge_vhostd,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
} else {
$vhost_load_dir = $vhost_dir
}
concat { $ports_file:
owner => 'root',
group => $::apache::params::root_group,
mode => '0644',
notify => Class['Apache::Service'],
require => Package['httpd'],
}
concat::fragment { 'Apache ports header':
ensure => present,
target => $ports_file,
content => template('apache/ports_header.erb')
}
if $::apache::conf_dir and $::apache::params::conf_file {
case $::osfamily {
'debian': {
$pidfile = "\${APACHE_PID_FILE}"
$error_log = 'error.log'
$error_documents_path = '/usr/share/apache2/error'
$scriptalias = '/usr/lib/cgi-bin'
$access_log_file = 'access.log'
}
'redhat': {
$pidfile = 'run/httpd.pid'
$error_log = 'error_log'
$error_documents_path = '/var/www/error'
$scriptalias = '/var/www/cgi-bin'
$access_log_file = 'access_log'
}
'freebsd': {
$pidfile = '/var/run/httpd.pid'
$error_log = 'httpd-error.log'
$error_documents_path = '/usr/local/www/apache22/error'
$scriptalias = '/usr/local/www/apache22/cgi-bin'
$access_log_file = 'httpd-access.log'
}
default: {
fail("Unsupported osfamily ${::osfamily}")
}
}
$apxs_workaround = $::osfamily ? {
'freebsd' => true,
default => false
}
# Template uses:
# - $pidfile
# - $user
# - $group
# - $logroot
# - $error_log
# - $sendfile
# - $mod_dir
# - $ports_file
# - $confd_dir
# - $vhost_dir
# - $error_documents
# - $error_documents_path
# - $apxs_workaround
# - $keepalive
# - $keepalive_timeout
# - $max_keepalive_requests
# - $server_root
# - $server_tokens
# - $server_signature
# - $trace_enable
file { "${::apache::conf_dir}/${::apache::params::conf_file}":
ensure => file,
content => template($conf_template),
notify => Class['Apache::Service'],
require => Package['httpd'],
}
# preserve back-wards compatibility to the times when default_mods was
# only a boolean value. Now it can be an array (too)
if is_array($default_mods) {
class { '::apache::default_mods':
all => false,
mods => $default_mods,
}
} else {
class { '::apache::default_mods':
all => $default_mods,
}
}
class { '::apache::default_confd_files':
all => $default_confd_files
}
if $mpm_module {
class { "::apache::mod::${mpm_module}": }
}
$default_vhost_ensure = $default_vhost ? {
true => 'present',
false => 'absent'
}
$default_ssl_vhost_ensure = $default_ssl_vhost ? {
true => 'present',
false => 'absent'
}
::apache::vhost { 'default':
ensure => $default_vhost_ensure,
port => 80,
docroot => $docroot,
scriptalias => $scriptalias,
serveradmin => $serveradmin,
access_log_file => $access_log_file,
priority => '15',
ip => $ip,
logroot_mode => $logroot_mode,
}
$ssl_access_log_file = $::osfamily ? {
'freebsd' => $access_log_file,
default => "ssl_${access_log_file}",
}
::apache::vhost { 'default-ssl':
ensure => $default_ssl_vhost_ensure,
port => 443,
ssl => true,
docroot => $docroot,
scriptalias => $scriptalias,
serveradmin => $serveradmin,
access_log_file => $ssl_access_log_file,
priority => '15',
ip => $ip,
logroot_mode => $logroot_mode,
}
}
}

10
deployment/puppet/apache/manifests/listen.pp Normal file
View File

@ -0,0 +1,10 @@
define apache::listen {
$listen_addr_port = $name
# Template uses: $listen_addr_port
concat::fragment { "Listen ${listen_addr_port}":
ensure => present,
target => $::apache::ports_file,
content => template('apache/listen.erb'),
}
}

130
deployment/puppet/apache/manifests/mod.pp Normal file
View File

@ -0,0 +1,130 @@
define apache::mod (
$package = undef,
$package_ensure = 'present',
$lib = undef,
$lib_path = $::apache::params::lib_path,
$id = undef,
$path = undef,
$loadfile_name = undef,
$loadfiles = undef,
) {
if ! defined(Class['apache']) {
fail('You must include the apache base class before using any apache defined resources')
}
$mod = $name
#include apache #This creates duplicate resources in rspec-puppet
$mod_dir = $::apache::mod_dir
# Determine if we have special lib
$mod_libs = $::apache::params::mod_libs
if $lib {
$_lib = $lib
} elsif has_key($mod_libs, $mod) { # 2.6 compatibility hack
$_lib = $mod_libs[$mod]
} else {
$_lib = "mod_${mod}.so"
}
# Determine if declaration specified a path to the module
if $path {
$_path = $path
} else {
$_path = "${lib_path}/${_lib}"
}
if $id {
$_id = $id
} else {
$_id = "${mod}_module"
}
if $loadfile_name {
$_loadfile_name = $loadfile_name
} else {
$_loadfile_name = "${mod}.load"
}
# Determine if we have a package
$mod_packages = $::apache::params::mod_packages
if $package {
$_package = $package
} elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack
$_package = $mod_packages[$mod]
} else {
$_package = undef
}
if $_package and ! defined(Package[$_package]) {
# note: FreeBSD/ports uses apxs tool to activate modules; apxs clutters
# httpd.conf with 'LoadModule' directives; here, by proper resource
# ordering, we ensure that our version of httpd.conf is reverted after
# the module gets installed.
$package_before = $::osfamily ? {
'freebsd' => [
File[$_loadfile_name],
File["${::apache::conf_dir}/${::apache::params::conf_file}"]
],
default => File[$_loadfile_name],
}
# if there are any packages, they should be installed before the associated conf file
Package[$_package] -> File<| title == "${mod}.conf" |>
# $_package may be an array
package { $_package:
ensure => $package_ensure,
require => Package['httpd'],
before => $package_before,
}
}
file { $_loadfile_name:
ensure => file,
path => "${mod_dir}/${_loadfile_name}",
owner => 'root',
group => $::apache::params::root_group,
mode => '0644',
content => template('apache/mod/load.erb'),
require => [
Package['httpd'],
Exec["mkdir ${mod_dir}"],
],
before => File[$mod_dir],
notify => Service['httpd'],
}
if $::osfamily == 'Debian' {
$enable_dir = $::apache::mod_enable_dir
file{ "${_loadfile_name} symlink":
ensure => link,
path => "${enable_dir}/${_loadfile_name}",
target => "${mod_dir}/${_loadfile_name}",
owner => 'root',
group => $::apache::params::root_group,
mode => '0644',
require => [
File[$_loadfile_name],
Exec["mkdir ${enable_dir}"],
],
before => File[$enable_dir],
notify => Service['httpd'],
}
# Each module may have a .conf file as well, which should be
# defined in the class apache::mod::module
# Some modules do not require this file.
if defined(File["${mod}.conf"]) {
file{ "${mod}.conf symlink":
ensure => link,
path => "${enable_dir}/${mod}.conf",
target => "${mod_dir}/${mod}.conf",
owner => 'root',
group => $::apache::params::root_group,
mode => '0644',
require => [
File["${mod}.conf"],
Exec["mkdir ${enable_dir}"],
],
before => File[$enable_dir],
notify => Service['httpd'],
}
}
}
}

3
deployment/puppet/apache/manifests/mod/actions.pp Normal file
View File

@ -0,0 +1,3 @@
class apache::mod::actions {
apache::mod { 'actions': }
}

19
deployment/puppet/apache/manifests/mod/alias.pp Normal file
View File

@ -0,0 +1,19 @@
class apache::mod::alias(
$apache_version = $apache::apache_version
) {
$icons_path = $::osfamily ? {
'debian' => '/usr/share/apache2/icons',
'redhat' => '/var/www/icons',
'freebsd' => '/usr/local/www/apache22/icons',
}
apache::mod { 'alias': }
# Template uses $icons_path
file { 'alias.conf':
ensure => file,
path => "${::apache::mod_dir}/alias.conf",
content => template('apache/mod/alias.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

3
deployment/puppet/apache/manifests/mod/auth_basic.pp Normal file
View File

@ -0,0 +1,3 @@
class apache::mod::auth_basic {
::apache::mod { 'auth_basic': }
}

5
deployment/puppet/apache/manifests/mod/auth_kerb.pp Normal file
View File

@ -0,0 +1,5 @@
class apache::mod::auth_kerb {
::apache::mod { 'auth_kerb': }
}

19
deployment/puppet/apache/manifests/mod/authnz_ldap.pp Normal file
View File

@ -0,0 +1,19 @@
class apache::mod::authnz_ldap (
$verifyServerCert = true,
) {
include '::apache::mod::ldap'
::apache::mod { 'authnz_ldap': }
validate_bool($verifyServerCert)
# Template uses:
# - $verifyServerCert
file { 'authnz_ldap.conf':
ensure => file,
path => "${::apache::mod_dir}/authnz_ldap.conf",
content => template('apache/mod/authnz_ldap.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

12
deployment/puppet/apache/manifests/mod/autoindex.pp Normal file
View File

@ -0,0 +1,12 @@
class apache::mod::autoindex {
::apache::mod { 'autoindex': }
# Template uses no variables
file { 'autoindex.conf':
ensure => file,
path => "${::apache::mod_dir}/autoindex.conf",
content => template('apache/mod/autoindex.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

3
deployment/puppet/apache/manifests/mod/cache.pp Normal file
View File

@ -0,0 +1,3 @@
class apache::mod::cache {
::apache::mod { 'cache': }
}

4
deployment/puppet/apache/manifests/mod/cgi.pp Normal file
View File

@ -0,0 +1,4 @@
class apache::mod::cgi {
Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi']
::apache::mod { 'cgi': }
}

23
deployment/puppet/apache/manifests/mod/cgid.pp Normal file
View File

@ -0,0 +1,23 @@
class apache::mod::cgid {
Class['::apache::mod::worker'] -> Class['::apache::mod::cgid']
# Debian specifies it's cgid sock path, but RedHat uses the default value
# with no config file
$cgisock_path = $::osfamily ? {
'debian' => "\${APACHE_RUN_DIR}/cgisock",
'freebsd' => 'cgisock',
default => undef,
}
::apache::mod { 'cgid': }
if $cgisock_path {
# Template uses $cgisock_path
file { 'cgid.conf':
ensure => file,
path => "${::apache::mod_dir}/cgid.conf",
content => template('apache/mod/cgid.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}
}

3
deployment/puppet/apache/manifests/mod/dav.pp Normal file
View File

@ -0,0 +1,3 @@
class apache::mod::dav {
::apache::mod { 'dav': }
}

20
deployment/puppet/apache/manifests/mod/dav_fs.pp Normal file
View File

@ -0,0 +1,20 @@
class apache::mod::dav_fs {
$dav_lock = $::osfamily ? {
'debian' => "\${APACHE_LOCK_DIR}/DAVLock",
'freebsd' => '/usr/local/var/DavLock',
default => '/var/lib/dav/lockdb',
}
Class['::apache::mod::dav'] -> Class['::apache::mod::dav_fs']
::apache::mod { 'dav_fs': }
# Template uses: $dav_lock
file { 'dav_fs.conf':
ensure => file,
path => "${::apache::mod_dir}/dav_fs.conf",
content => template('apache/mod/dav_fs.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

20
deployment/puppet/apache/manifests/mod/dav_svn.pp Normal file
View File

@ -0,0 +1,20 @@
class apache::mod::dav_svn (
$authz_svn_enabled = false,
) {
Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn']
include ::apache::mod::dav
::apache::mod { 'dav_svn': }
if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04' and $::operatingsystemrelease != '10.04') {
$loadfile_name = undef
} else {
$loadfile_name = 'dav_svn_authz_svn.load'
}
if $authz_svn_enabled {
::apache::mod { 'authz_svn':
loadfile_name => $loadfile_name,
require => Apache::Mod['dav_svn'],
}
}
}

24
deployment/puppet/apache/manifests/mod/deflate.pp Normal file
View File

@ -0,0 +1,24 @@
class apache::mod::deflate (
$types = [
'text/html text/plain text/xml',
'text/css',
'application/x-javascript application/javascript application/ecmascript',
'application/rss+xml'
],
$notes = {
'Input' => 'instream',
'Output' => 'outstream',
'Ratio' => 'ratio'
}
) {
::apache::mod { 'deflate': }
file { 'deflate.conf':
ensure => file,
path => "${::apache::mod_dir}/deflate.conf",
content => template('apache/mod/deflate.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

5
deployment/puppet/apache/manifests/mod/dev.pp Normal file
View File

@ -0,0 +1,5 @@
class apache::mod::dev {
# Development packages are not apache modules
warning('apache::mod::dev is deprecated; please use apache::dev')
include ::apache::dev
}

21
deployment/puppet/apache/manifests/mod/dir.pp Normal file
View File

@ -0,0 +1,21 @@
# Note: this sets the global DirectoryIndex directive, it may be necessary to consider being able to modify the apache::vhost to declare DirectoryIndex statements in a vhost configuration
# Parameters:
# - $indexes provides a string for the DirectoryIndex directive http://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex
class apache::mod::dir (
$dir = 'public_html',
$indexes = ['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml'],
) {
validate_array($indexes)
::apache::mod { 'dir': }
# Template uses
# - $indexes
file { 'dir.conf':
ensure => file,
path => "${::apache::mod_dir}/dir.conf",
content => template('apache/mod/dir.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

24
deployment/puppet/apache/manifests/mod/disk_cache.pp Normal file
View File

@ -0,0 +1,24 @@
class apache::mod::disk_cache {
$cache_root = $::osfamily ? {
'debian' => '/var/cache/apache2/mod_disk_cache',
'redhat' => '/var/cache/mod_proxy',
'freebsd' => '/var/cache/mod_disk_cache',
}
if $::osfamily != 'FreeBSD' {
# FIXME: investigate why disk_cache was dependent on proxy
# NOTE: on FreeBSD disk_cache is compiled by default but proxy is not
Class['::apache::mod::proxy'] -> Class['::apache::mod::disk_cache']
}
Class['::apache::mod::cache'] -> Class['::apache::mod::disk_cache']
apache::mod { 'disk_cache': }
# Template uses $cache_proxy
file { 'disk_cache.conf':
ensure => file,
path => "${::apache::mod_dir}/disk_cache.conf",
content => template('apache/mod/disk_cache.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

62
deployment/puppet/apache/manifests/mod/event.pp Normal file
View File

@ -0,0 +1,62 @@
class apache::mod::event (
$startservers = '2',
$maxclients = '150',
$minsparethreads = '25',
$maxsparethreads = '75',
$threadsperchild = '25',
$maxrequestsperchild = '0',
$serverlimit = '25',
$apache_version = $::apache::apache_version,
) {
if defined(Class['apache::mod::itk']) {
fail('May not include both apache::mod::event and apache::mod::itk on the same node')
}
if defined(Class['apache::mod::peruser']) {
fail('May not include both apache::mod::event and apache::mod::peruser on the same node')
}
if defined(Class['apache::mod::prefork']) {
fail('May not include both apache::mod::event and apache::mod::prefork on the same node')
}
if defined(Class['apache::mod::worker']) {
fail('May not include both apache::mod::event and apache::mod::worker on the same node')
}
File {
owner => 'root',
group => $::apache::params::root_group,
mode => '0644',
}
# Template uses:
# - $startservers
# - $maxclients
# - $minsparethreads
# - $maxsparethreads
# - $threadsperchild
# - $maxrequestsperchild
# - $serverlimit
file { "${::apache::mod_dir}/event.conf":
ensure => file,
content => template('apache/mod/event.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
case $::osfamily {
'redhat': {
if versioncmp($apache_version, '2.4') >= 0 {
apache::mpm{ 'event':
apache_version => $apache_version,
}
}
}
'debian','freebsd' : {
apache::mpm{ 'event':
apache_version => $apache_version,
}
}
default: {
fail("Unsupported osfamily ${::osfamily}")
}
}
}

3
deployment/puppet/apache/manifests/mod/expires.pp Normal file
View File

@ -0,0 +1,3 @@
class apache::mod::expires {
::apache::mod { 'expires': }
}

24
deployment/puppet/apache/manifests/mod/fastcgi.pp Normal file
View File

@ -0,0 +1,24 @@
class apache::mod::fastcgi {
# Debian specifies it's fastcgi lib path, but RedHat uses the default value
# with no config file
$fastcgi_lib_path = $::apache::params::fastcgi_lib_path
::apache::mod { 'fastcgi': }
if $fastcgi_lib_path {
# Template uses:
# - $fastcgi_server
# - $fastcgi_socket
# - $fastcgi_dir
file { 'fastcgi.conf':
ensure => file,
path => "${::apache::mod_dir}/fastcgi.conf",
content => template('apache/mod/fastcgi.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}
}

24
deployment/puppet/apache/manifests/mod/fcgid.pp Normal file
View File

@ -0,0 +1,24 @@
class apache::mod::fcgid(
$options = {},
) {
if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7' {
$loadfile_name = 'unixd_fcgid.load'
} else {
$loadfile_name = undef
}
::apache::mod { 'fcgid':
loadfile_name => $loadfile_name
}
# Template uses:
# - $options
file { 'fcgid.conf':
ensure => file,
path => "${::apache::mod_dir}/fcgid.conf",
content => template('apache/mod/fcgid.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

3
deployment/puppet/apache/manifests/mod/headers.pp Normal file
View File

@ -0,0 +1,3 @@
class apache::mod::headers {
::apache::mod { 'headers': }
}

3
deployment/puppet/apache/manifests/mod/include.pp Normal file
View File

@ -0,0 +1,3 @@
class apache::mod::include {
::apache::mod { 'include': }
}

18
deployment/puppet/apache/manifests/mod/info.pp Normal file
View File

@ -0,0 +1,18 @@
class apache::mod::info (
$allow_from = ['127.0.0.1','::1'],
$apache_version = $::apache::apache_version,
$restrict_access = true,
){
apache::mod { 'info': }
# Template uses
# $allow_from
# $apache_version
file { 'info.conf':
ensure => file,
path => "${::apache::mod_dir}/info.conf",
content => template('apache/mod/info.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

53
deployment/puppet/apache/manifests/mod/itk.pp Normal file
View File

@ -0,0 +1,53 @@
class apache::mod::itk (
$startservers = '8',
$minspareservers = '5',
$maxspareservers = '20',
$serverlimit = '256',
$maxclients = '256',
$maxrequestsperchild = '4000',
$apache_version = $::apache::apache_version,
) {
if defined(Class['apache::mod::event']) {
fail('May not include both apache::mod::itk and apache::mod::event on the same node')
}
if defined(Class['apache::mod::peruser']) {
fail('May not include both apache::mod::itk and apache::mod::peruser on the same node')
}
if defined(Class['apache::mod::prefork']) {
fail('May not include both apache::mod::itk and apache::mod::prefork on the same node')
}
if defined(Class['apache::mod::worker']) {
fail('May not include both apache::mod::itk and apache::mod::worker on the same node')
}
File {
owner => 'root',
group => $::apache::params::root_group,
mode => '0644',
}
# Template uses:
# - $startservers
# - $minspareservers
# - $maxspareservers
# - $serverlimit
# - $maxclients
# - $maxrequestsperchild
file { "${::apache::mod_dir}/itk.conf":
ensure => file,
content => template('apache/mod/itk.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
case $::osfamily {
'debian', 'freebsd': {
apache::mpm{ 'itk':
apache_version => $apache_version,
}
}
default: {
fail("Unsupported osfamily ${::osfamily}")
}
}
}

14
deployment/puppet/apache/manifests/mod/ldap.pp Normal file
View File

@ -0,0 +1,14 @@
class apache::mod::ldap (
$apache_version = $::apache::apache_version,
){
::apache::mod { 'ldap': }
# Template uses $apache_version
file { 'ldap.conf':
ensure => file,
path => "${::apache::mod_dir}/ldap.conf",
content => template('apache/mod/ldap.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

21
deployment/puppet/apache/manifests/mod/mime.pp Normal file
View File

@ -0,0 +1,21 @@
class apache::mod::mime (
$mime_support_package = $::apache::params::mime_support_package,
$mime_types_config = $::apache::params::mime_types_config,
) {
apache::mod { 'mime': }
# Template uses $mime_types_config
file { 'mime.conf':
ensure => file,
path => "${::apache::mod_dir}/mime.conf",
content => template('apache/mod/mime.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
if $mime_support_package {
package { $mime_support_package:
ensure => 'installed',
before => File['mime.conf'],
}
}
}

14
deployment/puppet/apache/manifests/mod/mime_magic.pp Normal file
View File

@ -0,0 +1,14 @@
class apache::mod::mime_magic (
$magic_file = "${::apache::conf_dir}/magic"
) {
apache::mod { 'mime_magic': }
# Template uses $magic_file
file { 'mime_magic.conf':
ensure => file,
path => "${::apache::mod_dir}/mime_magic.conf",
content => template('apache/mod/mime_magic.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

25
deployment/puppet/apache/manifests/mod/negotiation.pp Normal file
View File

@ -0,0 +1,25 @@
class apache::mod::negotiation (
$force_language_priority = 'Prefer Fallback',
$language_priority = [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et',
'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn',
'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN',
'zh-TW' ],
) {
if !is_array($force_language_priority) and !is_string($force_language_priority) {
fail('force_languague_priority must be a string or array of strings')
}
if !is_array($language_priority) and !is_string($language_priority) {
fail('force_languague_priority must be a string or array of strings')
}
::apache::mod { 'negotiation': }
# Template uses no variables
file { 'negotiation.conf':
ensure => file,
path => "${::apache::mod_dir}/negotiation.conf",
content => template('apache/mod/negotiation.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

25
deployment/puppet/apache/manifests/mod/nss.pp Normal file
View File

@ -0,0 +1,25 @@
class apache::mod::nss (
$transfer_log = "${::apache::params::logroot}/access.log",
$error_log = "${::apache::params::logroot}/error.log",
$passwd_file = undef
) {
include ::apache::mod::mime
apache::mod { 'nss': }
$httpd_dir = $::apache::httpd_dir
# Template uses:
# $transfer_log
# $error_log
# $http_dir
# passwd_file
file { 'nss.conf':
ensure => file,
path => "${::apache::mod_dir}/nss.conf",
content => template('apache/mod/nss.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

55
deployment/puppet/apache/manifests/mod/pagespeed.pp Normal file
View File

@ -0,0 +1,55 @@
class apache::mod::pagespeed (
$inherit_vhost_config = 'on',
$filter_xhtml = false,
$cache_path = '/var/cache/mod_pagespeed/',
$log_dir = '/var/log/pagespeed',
$memcache_servers = [],
$rewrite_level = 'CoreFilters',
$disable_filters = [],
$enable_filters = [],
$forbid_filters = [],
$rewrite_deadline_per_flush_ms = 10,
$additional_domains = undef,
$file_cache_size_kb = 102400,
$file_cache_clean_interval_ms = 3600000,
$lru_cache_per_process = 1024,
$lru_cache_byte_limit = 16384,
$css_flatten_max_bytes = 2048,
$css_inline_max_bytes = 2048,
$css_image_inline_max_bytes = 2048,
$image_inline_max_bytes = 2048,
$js_inline_max_bytes = 2048,
$css_outline_min_bytes = 3000,
$js_outline_min_bytes = 3000,
$inode_limit = 500000,
$image_max_rewrites_at_once = 8,
$num_rewrite_threads = 4,
$num_expensive_rewrite_threads = 4,
$collect_statistics = 'on',
$statistics_logging = 'on',
$allow_view_stats = [],
$allow_pagespeed_console = [],
$allow_pagespeed_message = [],
$message_buffer_size = 100000,
$additional_configuration = {},
$apache_version = $::apache::apache_version,
){
$_lib = $::apache::apache_version ? {
'2.4' => 'mod_pagespeed_ap24.so',
default => undef
}
apache::mod { 'pagespeed':
lib => $_lib,
}
file { 'pagespeed.conf':
ensure => file,
path => "${::apache::mod_dir}/pagespeed.conf",
content => template('apache/mod/pagespeed.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

86
deployment/puppet/apache/manifests/mod/passenger.pp Normal file
View File

@ -0,0 +1,86 @@
class apache::mod::passenger (
$passenger_conf_file = $::apache::params::passenger_conf_file,
$passenger_conf_package_file = $::apache::params::passenger_conf_package_file,
$passenger_high_performance = undef,
$passenger_pool_idle_time = undef,
$passenger_max_requests = undef,
$passenger_stat_throttle_rate = undef,
$rack_autodetect = undef,
$rails_autodetect = undef,
$passenger_root = $::apache::params::passenger_root,
$passenger_ruby = $::apache::params::passenger_ruby,
$passenger_default_ruby = $::apache::params::passenger_default_ruby,
$passenger_max_pool_size = undef,
$passenger_use_global_queue = undef,
$mod_package = undef,
$mod_package_ensure = undef,
$mod_lib = undef,
$mod_lib_path = undef,
$mod_id = undef,
$mod_path = undef,
) {
# Managed by the package, but declare it to avoid purging
if $passenger_conf_package_file {
file { 'passenger_package.conf':
path => "${::apache::mod_dir}/${passenger_conf_package_file}",
}
} else {
# Remove passenger_extra.conf left over from before Passenger support was
# reworked for Debian. This is a temporary fix for users running this
# module from master after release 1.0.1 It will be removed in two
# releases from now.
$passenger_package_conf_ensure = $::osfamily ? {
'Debian' => 'absent',
default => undef,
}
file { 'passenger_package.conf':
ensure => $passenger_package_conf_ensure,
path => "${::apache::mod_dir}/passenger_extra.conf",
}
}
$_package = $mod_package
$_package_ensure = $mod_package_ensure
$_lib = $mod_lib
if $::osfamily == 'FreeBSD' {
if $mod_lib_path {
$_lib_path = $mod_lib_path
} else {
$_lib_path = "${passenger_root}/buildout/apache2"
}
} else {
$_lib_path = $mod_lib_path
}
$_id = $mod_id
$_path = $mod_path
::apache::mod { 'passenger':
package => $_package,
package_ensure => $_package_ensure,
lib => $_lib,
lib_path => $_lib_path,
id => $_id,
path => $_path,
}
# Template uses:
# - $passenger_root
# - $passenger_ruby
# - $passenger_default_ruby
# - $passenger_max_pool_size
# - $passenger_high_performance
# - $passenger_max_requests
# - $passenger_stat_throttle_rate
# - $passenger_use_global_queue
# - $rack_autodetect
# - $rails_autodetect
file { 'passenger.conf':
ensure => file,
path => "${::apache::mod_dir}/${passenger_conf_file}",
content => template('apache/mod/passenger.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

3
deployment/puppet/apache/manifests/mod/perl.pp Normal file
View File

@ -0,0 +1,3 @@
class apache::mod::perl {
::apache::mod { 'perl': }
}

73
deployment/puppet/apache/manifests/mod/peruser.pp Normal file
View File

@ -0,0 +1,73 @@
class apache::mod::peruser (
$minspareprocessors = '2',
$minprocessors = '2',
$maxprocessors = '10',
$maxclients = '150',
$maxrequestsperchild = '1000',
$idletimeout = '120',
$expiretimeout = '120',
$keepalive = 'Off',
) {
if defined(Class['apache::mod::event']) {
fail('May not include both apache::mod::peruser and apache::mod::event on the same node')
}
if defined(Class['apache::mod::itk']) {
fail('May not include both apache::mod::peruser and apache::mod::itk on the same node')
}
if defined(Class['apache::mod::prefork']) {
fail('May not include both apache::mod::peruser and apache::mod::prefork on the same node')
}
if defined(Class['apache::mod::worker']) {
fail('May not include both apache::mod::peruser and apache::mod::worker on the same node')
}
File {
owner => 'root',
group => $::apache::params::root_group,
mode => '0644',
}
$mod_dir = $::apache::mod_dir
# Template uses:
# - $minspareprocessors
# - $minprocessors
# - $maxprocessors
# - $maxclients
# - $maxrequestsperchild
# - $idletimeout
# - $expiretimeout
# - $keepalive
# - $mod_dir
file { "${::apache::mod_dir}/peruser.conf":
ensure => file,
content => template('apache/mod/peruser.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
file { "${::apache::mod_dir}/peruser":
ensure => directory,
require => File[$::apache::mod_dir],
}
file { "${::apache::mod_dir}/peruser/multiplexers":
ensure => directory,
require => File["${::apache::mod_dir}/peruser"],
}
file { "${::apache::mod_dir}/peruser/processors":
ensure => directory,
require => File["${::apache::mod_dir}/peruser"],
}
::apache::peruser::multiplexer { '01-default': }
case $::osfamily {
'freebsd' : {
class { '::apache::package':
mpm_module => 'peruser'
}
}
default: {
fail("Unsupported osfamily ${::osfamily}")
}
}
}

60
deployment/puppet/apache/manifests/mod/php.pp Normal file
View File

@ -0,0 +1,60 @@
class apache::mod::php (
$package_name = undef,
$package_ensure = 'present',
$path = undef,
$extensions = ['.php'],
$content = undef,
$template = 'apache/mod/php5.conf.erb',
$source = undef,
) {
if defined(Class['::apache::mod::prefork']) {
Class['::apache::mod::prefork']->File['php5.conf']
}
elsif defined(Class['::apache::mod::itk']) {
Class['::apache::mod::itk']->File['php5.conf']
}
else {
fail('apache::mod::php requires apache::mod::prefork or apache::mod::itk; please enable mpm_module => \'prefork\' or mpm_module => \'itk\' on Class[\'apache\']')
}
validate_array($extensions)
if $source and ($content or $template != 'apache/mod/php5.conf.erb') {
warning('source and content or template parameters are provided. source parameter will be used')
} elsif $content and $template != 'apache/mod/php5.conf.erb' {
warning('content and template parameters are provided. content parameter will be used')
}
$manage_content = $source ? {
undef => $content ? {
undef => template($template),
default => $content,
},
default => undef,
}
::apache::mod { 'php5':
package => $package_name,
package_ensure => $package_ensure,
path => $path,
}
include ::apache::mod::mime
include ::apache::mod::dir
Class['::apache::mod::mime'] -> Class['::apache::mod::dir'] -> Class['::apache::mod::php']
# Template uses $extensions
file { 'php5.conf':
ensure => file,
path => "${::apache::mod_dir}/php5.conf",
owner => 'root',
group => 'root',
mode => '0644',
content => $manage_content,
source => $source,
require => [
Exec["mkdir ${::apache::mod_dir}"],
],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

70
deployment/puppet/apache/manifests/mod/prefork.pp Normal file
View File

@ -0,0 +1,70 @@
class apache::mod::prefork (
$startservers = '8',
$minspareservers = '5',
$maxspareservers = '20',
$serverlimit = '256',
$maxclients = '256',
$maxrequestsperchild = '4000',
$apache_version = $::apache::apache_version,
) {
if defined(Class['apache::mod::event']) {
fail('May not include both apache::mod::prefork and apache::mod::event on the same node')
}
if defined(Class['apache::mod::itk']) {
fail('May not include both apache::mod::prefork and apache::mod::itk on the same node')
}
if defined(Class['apache::mod::peruser']) {
fail('May not include both apache::mod::prefork and apache::mod::peruser on the same node')
}
if defined(Class['apache::mod::worker']) {
fail('May not include both apache::mod::prefork and apache::mod::worker on the same node')
}
File {
owner => 'root',
group => $::apache::params::root_group,
mode => '0644',
}
# Template uses:
# - $startservers
# - $minspareservers
# - $maxspareservers
# - $serverlimit
# - $maxclients
# - $maxrequestsperchild
file { "${::apache::mod_dir}/prefork.conf":
ensure => file,
content => template('apache/mod/prefork.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
case $::osfamily {
'redhat': {
if versioncmp($apache_version, '2.4') >= 0 {
::apache::mpm{ 'prefork':
apache_version => $apache_version,
}
}
else {
file_line { '/etc/sysconfig/httpd prefork enable':
ensure => present,
path => '/etc/sysconfig/httpd',
line => '#HTTPD=/usr/sbin/httpd.worker',
match => '#?HTTPD=/usr/sbin/httpd.worker',
require => Package['httpd'],
notify => Service['httpd'],
}
}
}
'debian', 'freebsd' : {
::apache::mpm{ 'prefork':
apache_version => $apache_version,
}
}
default: {
fail("Unsupported osfamily ${::osfamily}")
}
}
}

16
deployment/puppet/apache/manifests/mod/proxy.pp Normal file
View File

@ -0,0 +1,16 @@
class apache::mod::proxy (
$proxy_requests = 'Off',
$allow_from = undef,
$apache_version = $::apache::apache_version,
) {
::apache::mod { 'proxy': }
# Template uses $proxy_requests, $apache_version
file { 'proxy.conf':
ensure => file,
path => "${::apache::mod_dir}/proxy.conf",
content => template('apache/mod/proxy.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

4
deployment/puppet/apache/manifests/mod/proxy_ajp.pp Normal file
View File

@ -0,0 +1,4 @@
class apache::mod::proxy_ajp {
Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_ajp']
::apache::mod { 'proxy_ajp': }
}

10
deployment/puppet/apache/manifests/mod/proxy_balancer.pp Normal file
View File

@ -0,0 +1,10 @@
class apache::mod::proxy_balancer {
include ::apache::mod::proxy
include ::apache::mod::proxy_http
Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_balancer']
Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_balancer']
::apache::mod { 'proxy_balancer': }
}

37
deployment/puppet/apache/manifests/mod/proxy_html.pp Normal file
View File

@ -0,0 +1,37 @@
class apache::mod::proxy_html {
Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_html']
Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_html']
# Add libxml2
case $::osfamily {
/RedHat|FreeBSD/: {
::apache::mod { 'xml2enc': }
$loadfiles = undef
}
'Debian': {
$gnu_path = $::hardwaremodel ? {
'i686' => 'i386',
default => $::hardwaremodel,
}
$loadfiles = $::apache::params::distrelease ? {
'6' => ['/usr/lib/libxml2.so.2'],
'10' => ['/usr/lib/libxml2.so.2'],
default => ["/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2"],
}
}
}
::apache::mod { 'proxy_html':
loadfiles => $loadfiles,
}
# Template uses $icons_path
file { 'proxy_html.conf':
ensure => file,
path => "${::apache::mod_dir}/proxy_html.conf",
content => template('apache/mod/proxy_html.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

4
deployment/puppet/apache/manifests/mod/proxy_http.pp Normal file
View File

@ -0,0 +1,4 @@
class apache::mod::proxy_http {
Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_http']
::apache::mod { 'proxy_http': }
}

5
deployment/puppet/apache/manifests/mod/python.pp Normal file
View File

@ -0,0 +1,5 @@
class apache::mod::python {
::apache::mod { 'python': }
}

14
deployment/puppet/apache/manifests/mod/reqtimeout.pp Normal file
View File

@ -0,0 +1,14 @@
class apache::mod::reqtimeout (
$timeouts = ['header=20-40,minrate=500', 'body=10,minrate=500']
){
::apache::mod { 'reqtimeout': }
# Template uses no variables
file { 'reqtimeout.conf':
ensure => file,
path => "${::apache::mod_dir}/reqtimeout.conf",
content => template('apache/mod/reqtimeout.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

4
deployment/puppet/apache/manifests/mod/rewrite.pp Normal file
View File

@ -0,0 +1,4 @@
class apache::mod::rewrite {
include ::apache::params
::apache::mod { 'rewrite': }
}

20
deployment/puppet/apache/manifests/mod/rpaf.pp Normal file
View File

@ -0,0 +1,20 @@
class apache::mod::rpaf (
$sethostname = true,
$proxy_ips = [ '127.0.0.1' ],
$header = 'X-Forwarded-For'
) {
::apache::mod { 'rpaf': }
# Template uses:
# - $sethostname
# - $proxy_ips
# - $header
file { 'rpaf.conf':
ensure => file,
path => "${::apache::mod_dir}/rpaf.conf",
content => template('apache/mod/rpaf.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

12
deployment/puppet/apache/manifests/mod/setenvif.pp Normal file
View File

@ -0,0 +1,12 @@
class apache::mod::setenvif {
::apache::mod { 'setenvif': }
# Template uses no variables
file { 'setenvif.conf':
ensure => file,
path => "${::apache::mod_dir}/setenvif.conf",
content => template('apache/mod/setenvif.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

15
deployment/puppet/apache/manifests/mod/shib.pp Normal file
View File

@ -0,0 +1,15 @@
class apache::mod::shib (
$suppress_warning = false,
) {
if $::osfamily == 'RedHat' and ! $suppress_warning {
warning('RedHat distributions do not have Apache mod_shib in their default package repositories.')
}
$mod_shib = 'shib2'
apache::mod {$mod_shib:
id => 'mod_shib',
}
}

3
deployment/puppet/apache/manifests/mod/speling.pp Normal file
View File

@ -0,0 +1,3 @@
class apache::mod::speling {
::apache::mod { 'speling': }
}

60
deployment/puppet/apache/manifests/mod/ssl.pp Normal file
View File

@ -0,0 +1,60 @@
class apache::mod::ssl (
$ssl_compression = false,
$ssl_options = [ 'StdEnvVars' ],
$ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5',
$ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ],
$apache_version = $::apache::apache_version,
$package_name = undef,
) {
$session_cache = $::osfamily ? {
'debian' => "\${APACHE_RUN_DIR}/ssl_scache(512000)",
'redhat' => '/var/cache/mod_ssl/scache(512000)',
'freebsd' => '/var/run/ssl_scache(512000)',
}
case $::osfamily {
'debian': {
if versioncmp($apache_version, '2.4') >= 0 {
$ssl_mutex = 'default'
} elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' {
$ssl_mutex = 'file:/var/run/apache2/ssl_mutex'
} else {
$ssl_mutex = "file:\${APACHE_RUN_DIR}/ssl_mutex"
}
}
'redhat': {
$ssl_mutex = 'default'
}
'freebsd': {
$ssl_mutex = 'default'
}
default: {
fail("Unsupported osfamily ${::osfamily}")
}
}
::apache::mod { 'ssl':
package => $package_name,
}
if versioncmp($apache_version, '2.4') >= 0 {
::apache::mod { 'socache_shmcb': }
}
# Template uses
#
# $ssl_compression
# $ssl_options
# $session_cache,
# $ssl_mutex
# $apache_version
#
file { 'ssl.conf':
ensure => file,
path => "${::apache::mod_dir}/ssl.conf",
content => template('apache/mod/ssl.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

43
deployment/puppet/apache/manifests/mod/status.pp Normal file
View File

@ -0,0 +1,43 @@
# Class: apache::mod::status
#
# This class enables and configures Apache mod_status
# See: http://httpd.apache.org/docs/current/mod/mod_status.html
#
# Parameters:
# - $allow_from is an array of hosts, ip addresses, partial network numbers
# or networks in CIDR notation specifying what hosts can view the special
# /server-status URL. Defaults to ['127.0.0.1', '::1'].
# - $extended_status track and display extended status information. Valid
# values are 'On' or 'Off'. Defaults to 'On'.
#
# Actions:
# - Enable and configure Apache mod_status
#
# Requires:
# - The apache class
#
# Sample Usage:
#
# # Simple usage allowing access from localhost and a private subnet
# class { 'apache::mod::status':
# $allow_from => ['127.0.0.1', '10.10.10.10/24'],
# }
#
class apache::mod::status (
$allow_from = ['127.0.0.1','::1'],
$extended_status = 'On',
$apache_version = $::apache::apache_version,
){
validate_array($allow_from)
validate_re(downcase($extended_status), '^(on|off)$', "${extended_status} is not supported for extended_status. Allowed values are 'On' and 'Off'.")
::apache::mod { 'status': }
# Template uses $allow_from, $extended_status, $apache_version
file { 'status.conf':
ensure => file,
path => "${::apache::mod_dir}/status.conf",
content => template('apache/mod/status.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

3
deployment/puppet/apache/manifests/mod/suexec.pp Normal file
View File

@ -0,0 +1,3 @@
class apache::mod::suexec {
::apache::mod { 'suexec': }
}

14
deployment/puppet/apache/manifests/mod/suphp.pp Normal file
View File

@ -0,0 +1,14 @@
class apache::mod::suphp (
){
::apache::mod { 'suphp': }
file {'suphp.conf':
ensure => file,
path => "${::apache::mod_dir}/suphp.conf",
content => template('apache/mod/suphp.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd']
}
}

18
deployment/puppet/apache/manifests/mod/userdir.pp Normal file
View File

@ -0,0 +1,18 @@
class apache::mod::userdir (
$home = '/home',
$dir = 'public_html',
$disable_root = true,
$apache_version = $::apache::apache_version,
) {
::apache::mod { 'userdir': }
# Template uses $home, $dir, $disable_root, $apache_version
file { 'userdir.conf':
ensure => file,
path => "${::apache::mod_dir}/userdir.conf",
content => template('apache/mod/userdir.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
}

8
deployment/puppet/apache/manifests/mod/version.pp Normal file
View File

@ -0,0 +1,8 @@
class apache::mod::version {
if ($::osfamily == 'debian' and versioncmp($apache_version, '2.4') >= 0) {
warning("${module_name}: module version_module is built-in and can't be loaded")
} else {
::apache::mod { 'version': }
}
}

3
deployment/puppet/apache/manifests/mod/vhost_alias.pp Normal file
View File

@ -0,0 +1,3 @@
class apache::mod::vhost_alias {
::apache::mod { 'vhost_alias': }
}

74
deployment/puppet/apache/manifests/mod/worker.pp Normal file
View File

@ -0,0 +1,74 @@
class apache::mod::worker (
$startservers = '2',
$maxclients = '150',
$minsparethreads = '25',
$maxsparethreads = '75',
$threadsperchild = '25',
$maxrequestsperchild = '0',
$serverlimit = '25',
$threadlimit = '64',
$apache_version = $::apache::apache_version,
) {
if defined(Class['apache::mod::event']) {
fail('May not include both apache::mod::worker and apache::mod::event on the same node')
}
if defined(Class['apache::mod::itk']) {
fail('May not include both apache::mod::worker and apache::mod::itk on the same node')
}
if defined(Class['apache::mod::peruser']) {
fail('May not include both apache::mod::worker and apache::mod::peruser on the same node')
}
if defined(Class['apache::mod::prefork']) {
fail('May not include both apache::mod::worker and apache::mod::prefork on the same node')
}
File {
owner => 'root',
group => $::apache::params::root_group,
mode => '0644',
}
# Template uses:
# - $startservers
# - $maxclients
# - $minsparethreads
# - $maxsparethreads
# - $threadsperchild
# - $maxrequestsperchild
# - $serverlimit
# - $threadLimit
file { "${::apache::mod_dir}/worker.conf":
ensure => file,
content => template('apache/mod/worker.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd'],
}
case $::osfamily {
'redhat': {
if versioncmp($apache_version, '2.4') >= 0 {
::apache::mpm{ 'worker':
apache_version => $apache_version,
}
}
else {
file_line { '/etc/sysconfig/httpd worker enable':
ensure => present,
path => '/etc/sysconfig/httpd',
line => 'HTTPD=/usr/sbin/httpd.worker',
match => '#?HTTPD=/usr/sbin/httpd.worker',
require => Package['httpd'],
notify => Service['httpd'],
}
}
}
'debian', 'freebsd': {
::apache::mpm{ 'worker':
apache_version => $apache_version,
}
}
default: {
fail("Unsupported osfamily ${::osfamily}")
}
}
}

21
deployment/puppet/apache/manifests/mod/wsgi.pp Normal file
View File

@ -0,0 +1,21 @@
class apache::mod::wsgi (
$wsgi_socket_prefix = $::apache::params::wsgi_socket_prefix,
$wsgi_python_path = undef,
$wsgi_python_home = undef,
){
::apache::mod { 'wsgi': }
# Template uses:
# - $wsgi_socket_prefix
# - $wsgi_python_path
# - $wsgi_python_home
file {'wsgi.conf':
ensure => file,
path => "${::apache::mod_dir}/wsgi.conf",
content => template('apache/mod/wsgi.conf.erb'),
require => Exec["mkdir ${::apache::mod_dir}"],
before => File[$::apache::mod_dir],
notify => Service['httpd']
}
}

4
deployment/puppet/apache/manifests/mod/xsendfile.pp Normal file
View File

@ -0,0 +1,4 @@
class apache::mod::xsendfile {
include ::apache::params
::apache::mod { 'xsendfile': }
}

68
deployment/puppet/apache/manifests/mpm.pp Normal file
View File

@ -0,0 +1,68 @@
define apache::mpm (
$lib_path = $::apache::params::lib_path,
$apache_version = $::apache::apache_version,
) {
if ! defined(Class['apache']) {
fail('You must include the apache base class before using any apache defined resources')
}
$mpm = $name
$mod_dir = $::apache::mod_dir
$_lib = "mod_mpm_${mpm}.so"
$_path = "${lib_path}/${_lib}"
$_id = "mpm_${mpm}_module"
if versioncmp($apache_version, '2.4') >= 0 {
file { "${mod_dir}/${mpm}.load":
ensure => file,
path => "${mod_dir}/${mpm}.load",
content => "LoadModule ${_id} ${_path}\n",
require => [
Package['httpd'],
Exec["mkdir ${mod_dir}"],
],
before => File[$mod_dir],
notify => Service['httpd'],
}
}
case $::osfamily {
'debian': {
file { "${::apache::mod_enable_dir}/${mpm}.conf":
ensure => link,
target => "${::apache::mod_dir}/${mpm}.conf",
require => Exec["mkdir ${::apache::mod_enable_dir}"],
before => File[$::apache::mod_enable_dir],
notify => Service['httpd'],
}
if versioncmp($apache_version, '2.4') >= 0 {
file { "${::apache::mod_enable_dir}/${mpm}.load":
ensure => link,
target => "${::apache::mod_dir}/${mpm}.load",
require => Exec["mkdir ${::apache::mod_enable_dir}"],
before => File[$::apache::mod_enable_dir],
notify => Service['httpd'],
}
}
if versioncmp($apache_version, '2.4') < 0 {
package { "apache2-mpm-${mpm}":
ensure => present,
}
}
}
'freebsd': {
class { '::apache::package':
mpm_module => $mpm
}
}
'redhat': {
# so we don't fail
}
default: {
fail("Unsupported osfamily ${::osfamily}")
}
}
}

10
deployment/puppet/apache/manifests/namevirtualhost.pp Normal file
View File

@ -0,0 +1,10 @@
define apache::namevirtualhost {
$addr_port = $name
# Template uses: $addr_port
concat::fragment { "NameVirtualHost ${addr_port}":
ensure => present,
target => $::apache::ports_file,
content => template('apache/namevirtualhost.erb'),
}
}

48
deployment/puppet/apache/manifests/package.pp Normal file
View File

@ -0,0 +1,48 @@
class apache::package (
$ensure = 'present',
$mpm_module = $::apache::params::mpm_module,
) inherits ::apache::params {
case $::osfamily {
'freebsd' : {
$all_mpms = [
'www/apache22',
'www/apache22-worker-mpm',
'www/apache22-event-mpm',
'www/apache22-itk-mpm',
'www/apache22-peruser-mpm',
]
if $mpm_module {
$apache_package = $mpm_module ? {
'prefork' => 'www/apache22',
default => "www/apache22-${mpm_module}-mpm"
}
} else {
$apache_package = 'www/apache22'
}
$other_mpms = delete($all_mpms, $apache_package)
# Configure ports to have apache module packages dependent on correct
# version of apache package (apache22, apache22-worker-mpm, ...)
file_line { 'APACHE_PORT in /etc/make.conf':
ensure => $ensure,
path => '/etc/make.conf',
line => "APACHE_PORT=${apache_package}",
match => '^\s*#?\s*APACHE_PORT\s*=\s*',
before => Package['httpd'],
}
# remove other packages
ensure_resource('package', $other_mpms, {
ensure => absent,
before => Package['httpd'],
require => File_line['APACHE_PORT in /etc/make.conf'],
})
}
default: {
$apache_package = $::apache::params::apache_name
}
}
package { 'httpd':
ensure => $ensure,
name => $apache_package,
notify => Class['Apache::Service'],
}
}

282
deployment/puppet/apache/manifests/params.pp Normal file
View File

@ -0,0 +1,282 @@
# Class: apache::params
#
# This class manages Apache parameters
#
# Parameters:
# - The $user that Apache runs as
# - The $group that Apache runs as
# - The $apache_name is the name of the package and service on the relevant
# distribution
# - The $php_package is the name of the package that provided PHP
# - The $ssl_package is the name of the Apache SSL package
# - The $apache_dev is the name of the Apache development libraries package
# - The $conf_contents is the contents of the Apache configuration file
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
class apache::params inherits ::apache::version {
if($::fqdn) {
$servername = $::fqdn
} else {
$servername = $::hostname
}
# The default error log level
$log_level = 'warn'
if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' {
$verify_command = '/usr/sbin/apache2ctl -t'
} else {
$verify_command = '/usr/sbin/apachectl -t'
}
if $::osfamily == 'RedHat' or $::operatingsystem == 'amazon' {
$user = 'apache'
$group = 'apache'
$root_group = 'root'
$apache_name = 'httpd'
$service_name = 'httpd'
$httpd_dir = '/etc/httpd'
$server_root = '/etc/httpd'
$conf_dir = "${httpd_dir}/conf"
$confd_dir = "${httpd_dir}/conf.d"
$mod_dir = "${httpd_dir}/conf.d"
$mod_enable_dir = undef
$vhost_dir = "${httpd_dir}/conf.d"
$vhost_enable_dir = undef
$conf_file = 'httpd.conf'
$ports_file = "${conf_dir}/ports.conf"
$logroot = '/var/log/httpd'
$logroot_mode = undef
$lib_path = 'modules'
$mpm_module = 'prefork'
$dev_packages = 'httpd-devel'
$default_ssl_cert = '/etc/pki/tls/certs/localhost.crt'
$default_ssl_key = '/etc/pki/tls/private/localhost.key'
$ssl_certs_dir = '/etc/pki/tls/certs'
$passenger_conf_file = 'passenger_extra.conf'
$passenger_conf_package_file = 'passenger.conf'
$passenger_root = undef
$passenger_ruby = undef
$passenger_default_ruby = undef
$suphp_addhandler = 'php5-script'
$suphp_engine = 'off'
$suphp_configpath = undef
# NOTE: The module for Shibboleth is not available to RH/CentOS without an additional repository. http://wiki.aaf.edu.au/tech-info/sp-install-guide
$mod_packages = {
'auth_kerb' => 'mod_auth_kerb',
'authnz_ldap' => $::apache::version::distrelease ? {
'7' => 'mod_ldap',
default => 'mod_authz_ldap',
},
'fastcgi' => 'mod_fastcgi',
'fcgid' => 'mod_fcgid',
'pagespeed' => 'mod-pagespeed-stable',
'passenger' => 'mod_passenger',
'perl' => 'mod_perl',
'php5' => $::apache::version::distrelease ? {
'5' => 'php53',
default => 'php',
},
'proxy_html' => 'mod_proxy_html',
'python' => 'mod_python',
'shibboleth' => 'shibboleth',
'ssl' => 'mod_ssl',
'wsgi' => 'mod_wsgi',
'dav_svn' => 'mod_dav_svn',
'suphp' => 'mod_suphp',
'xsendfile' => 'mod_xsendfile',
'nss' => 'mod_nss',
'shib2' => 'shibboleth',
}
$mod_libs = {
'php5' => 'libphp5.so',
'nss' => 'libmodnss.so',
}
$conf_template = 'apache/httpd.conf.erb'
$keepalive = 'Off'
$keepalive_timeout = 15
$max_keepalive_requests = 100
$fastcgi_lib_path = undef
$mime_support_package = 'mailcap'
$mime_types_config = '/etc/mime.types'
$docroot = '/var/www/html'
if $::osfamily == "RedHat" {
$wsgi_socket_prefix = '/var/run/wsgi'
} else {
$wsgi_socket_prefix = undef
}
} elsif $::osfamily == 'Debian' {
$user = 'www-data'
$group = 'www-data'
$root_group = 'root'
$apache_name = 'apache2'
$service_name = 'apache2'
$httpd_dir = '/etc/apache2'
$server_root = '/etc/apache2'
$conf_dir = $httpd_dir
$confd_dir = "${httpd_dir}/conf.d"
$mod_dir = "${httpd_dir}/mods-available"
$mod_enable_dir = "${httpd_dir}/mods-enabled"
$vhost_dir = "${httpd_dir}/sites-available"
$vhost_enable_dir = "${httpd_dir}/sites-enabled"
$conf_file = 'apache2.conf'
$ports_file = "${conf_dir}/ports.conf"
$logroot = '/var/log/apache2'
$logroot_mode = undef
$lib_path = '/usr/lib/apache2/modules'
$mpm_module = 'worker'
$dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev']
$default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
$default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key'
$ssl_certs_dir = '/etc/ssl/certs'
$suphp_addhandler = 'x-httpd-php'
$suphp_engine = 'off'
$suphp_configpath = '/etc/php5/apache2'
$mod_packages = {
'auth_kerb' => 'libapache2-mod-auth-kerb',
'dav_svn' => 'libapache2-svn',
'fastcgi' => 'libapache2-mod-fastcgi',
'fcgid' => 'libapache2-mod-fcgid',
'nss' => 'libapache2-mod-nss',
'pagespeed' => 'mod-pagespeed-stable',
'passenger' => 'libapache2-mod-passenger',
'perl' => 'libapache2-mod-perl2',
'php5' => 'libapache2-mod-php5',
'proxy_html' => 'libapache2-mod-proxy-html',
'python' => 'libapache2-mod-python',
'rpaf' => 'libapache2-mod-rpaf',
'suphp' => 'libapache2-mod-suphp',
'wsgi' => 'libapache2-mod-wsgi',
'xsendfile' => 'libapache2-mod-xsendfile',
'shib2' => 'libapache2-mod-shib2',
}
$mod_libs = {
'php5' => 'libphp5.so',
}
$conf_template = 'apache/httpd.conf.erb'
$keepalive = 'Off'
$keepalive_timeout = 15
$max_keepalive_requests = 100
$fastcgi_lib_path = '/var/lib/apache2/fastcgi'
$mime_support_package = 'mime-support'
$mime_types_config = '/etc/mime.types'
$docroot = '/var/www'
#
# Passenger-specific settings
#
$passenger_conf_file = 'passenger.conf'
$passenger_conf_package_file = undef
case $::operatingsystem {
'Ubuntu': {
case $::lsbdistrelease {
'12.04': {
$passenger_root = '/usr'
$passenger_ruby = '/usr/bin/ruby'
$passenger_default_ruby = undef
}
'14.04': {
$passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
$passenger_ruby = undef
$passenger_default_ruby = '/usr/bin/ruby'
}
default: {
# The following settings may or may not work on Ubuntu releases not
# supported by this module.
$passenger_root = '/usr'
$passenger_ruby = '/usr/bin/ruby'
$passenger_default_ruby = undef
}
}
}
'Debian': {
case $::lsbdistcodename {
'wheezy': {
$passenger_root = '/usr'
$passenger_ruby = '/usr/bin/ruby'
$passenger_default_ruby = undef
}
default: {
# The following settings may or may not work on Debian releases not
# supported by this module.
$passenger_root = '/usr'
$passenger_ruby = '/usr/bin/ruby'
$passenger_default_ruby = undef
}
}
}
}
$wsgi_socket_prefix = undef
} elsif $::osfamily == 'FreeBSD' {
$user = 'www'
$group = 'www'
$root_group = 'wheel'
$apache_name = 'apache22'
$service_name = 'apache22'
$httpd_dir = '/usr/local/etc/apache22'
$server_root = '/usr/local'
$conf_dir = $httpd_dir
$confd_dir = "${httpd_dir}/Includes"
$mod_dir = "${httpd_dir}/Modules"
$mod_enable_dir = undef
$vhost_dir = "${httpd_dir}/Vhosts"
$vhost_enable_dir = undef
$conf_file = 'httpd.conf'
$ports_file = "${conf_dir}/ports.conf"
$logroot = '/var/log/apache22'
$logroot_mode = undef
$lib_path = '/usr/local/libexec/apache22'
$mpm_module = 'prefork'
$dev_packages = undef
$default_ssl_cert = '/usr/local/etc/apache22/server.crt'
$default_ssl_key = '/usr/local/etc/apache22/server.key'
$ssl_certs_dir = '/usr/local/etc/apache22'
$passenger_conf_file = 'passenger.conf'
$passenger_conf_package_file = undef
$passenger_root = '/usr/local/lib/ruby/gems/1.9/gems/passenger-4.0.10'
$passenger_ruby = '/usr/bin/ruby'
$passenger_default_ruby = undef
$suphp_addhandler = 'php5-script'
$suphp_engine = 'off'
$suphp_configpath = undef
$mod_packages = {
# NOTE: I list here only modules that are not included in www/apache22
# NOTE: 'passenger' needs to enable APACHE_SUPPORT in make config
# NOTE: 'php' needs to enable APACHE option in make config
# NOTE: 'dav_svn' needs to enable MOD_DAV_SVN make config
# NOTE: not sure where the shibboleth should come from
'auth_kerb' => 'www/mod_auth_kerb2',
'fcgid' => 'www/mod_fcgid',
'passenger' => 'www/rubygem-passenger',
'perl' => 'www/mod_perl2',
'php5' => 'lang/php5',
'proxy_html' => 'www/mod_proxy_html',
'python' => 'www/mod_python3',
'wsgi' => 'www/mod_wsgi',
'dav_svn' => 'devel/subversion',
'xsendfile' => 'www/mod_xsendfile',
'rpaf' => 'www/mod_rpaf2',
'shib2' => 'security/shibboleth2-sp',
}
$mod_libs = {
'php5' => 'libphp5.so',
}
$conf_template = 'apache/httpd.conf.erb'
$keepalive = 'Off'
$keepalive_timeout = 15
$max_keepalive_requests = 100
$fastcgi_lib_path = undef # TODO: revisit
$mime_support_package = 'misc/mime-support'
$mime_types_config = '/usr/local/etc/mime.types'
$wsgi_socket_prefix = undef
$docroot = '/usr/local/www/apache22/data'
} else {
fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}")
}
}

17
deployment/puppet/apache/manifests/peruser/multiplexer.pp Normal file
View File

@ -0,0 +1,17 @@
define apache::peruser::multiplexer (
$user = $::apache::user,
$group = $::apache::group,
$file = undef,
) {
if ! $file {
$filename = "${name}.conf"
} else {
$filename = $file
}
file { "${::apache::mod_dir}/peruser/multiplexers/${filename}":
ensure => file,
content => "Multiplexer ${user} ${group}\n",
require => File["${::apache::mod_dir}/peruser/multiplexers"],
notify => Service['httpd'],
}
}

17
deployment/puppet/apache/manifests/peruser/processor.pp Normal file
View File

@ -0,0 +1,17 @@
define apache::peruser::processor (
$user,
$group,
$file = undef,
) {
if ! $file {
$filename = "${name}.conf"
} else {
$filename = $file
}
file { "${::apache::mod_dir}/peruser/processors/${filename}":
ensure => file,
content => "Processor ${user} ${group}\n",
require => File["${::apache::mod_dir}/peruser/processors"],
notify => Service['httpd'],
}
}

18
deployment/puppet/apache/manifests/php.pp Normal file
View File

@ -0,0 +1,18 @@
# Class: apache::php
#
# This class installs PHP for Apache
#
# Parameters:
# - $php_package
#
# Actions:
# - Install Apache PHP package
#
# Requires:
#
# Sample Usage:
#
class apache::php {
warning('apache::php is deprecated; please use apache::mod::php')
include ::apache::mod::php
}

15
deployment/puppet/apache/manifests/proxy.pp Normal file
View File

@ -0,0 +1,15 @@
# Class: apache::proxy
#
# This class enabled the proxy module for Apache
#
# Actions:
# - Enables Apache Proxy module
#
# Requires:
#
# Sample Usage:
#
class apache::proxy {
warning('apache::proxy is deprecated; please use apache::mod::proxy')
include ::apache::mod::proxy
}

18
deployment/puppet/apache/manifests/python.pp Normal file
View File

@ -0,0 +1,18 @@
# Class: apache::python
#
# This class installs Python for Apache
#
# Parameters:
# - $php_package
#
# Actions:
# - Install Apache Python package
#
# Requires:
#
# Sample Usage:
#
class apache::python {
warning('apache::python is deprecated; please use apache::mod::python')
include ::apache::mod::python
}

44
deployment/puppet/apache/manifests/service.pp Normal file
View File

@ -0,0 +1,44 @@
# Class: apache::service
#
# Manages the Apache daemon
#
# Parameters:
#
# Actions:
# - Manage Apache service
#
# Requires:
#
# Sample Usage:
#
# sometype { 'foo':
# notify => Class['apache::service'],
# }
#
#
class apache::service (
$service_name = $::apache::params::service_name,
$service_enable = true,
$service_ensure = 'running',
) {
# The base class must be included first because parameter defaults depend on it
if ! defined(Class['apache::params']) {
fail('You must include the apache::params class before using any apache defined resources')
}
validate_bool($service_enable)
case $service_ensure {
true, false, 'running', 'stopped': {
$_service_ensure = $service_ensure
}
default: {
$_service_ensure = undef
}
}
service { 'httpd':
ensure => $_service_ensure,
name => $service_name,
enable => $service_enable,
}
}

Some files were not shown because too many files have changed in this diff Show More