Merge remote-tracking branch 'shared/master'

Conflicts:
	manifests/debian.pp

8 files changed, 328 insertions, 42 deletions

diff --git a/README b/README
index c67c255..ff0c2c6 100644
--- a/README
+++ b/README
@@ -19,6 +19,8 @@ have to be deployed to fit this schema.
  * if using the munin module, you need a version of the munin module that is
    at or newer than commit 77e0a70999a8c4c20ee8d9eb521b927c525ac653 (Feb 28, 2013)
 
+ * if using munin, you will need to have the perl module installed
+
  * you must change your modules/site-apache to modules/site_apache
 
  * the $apache_no_default_site variable is no longer supported, you should
@@ -48,6 +50,7 @@ Requirements:
 
  * puppet 2.7 or newer
  * stdlib
+ * templatewlv
 
 
 Usage
@@ -75,18 +78,18 @@ class to have the module do some things for you:
     0-default_ssl.conf virtualhosts automatically created in your node
     configuration. (Default: false)
 
+  * ssl: If you want to install Apache SSL support enabled, just pass this
+    parameter (Default: false)
+
 For example:
 
    class { 'apache': 
      manage_shorewall => true, 
      manage_munin     => true, 
-     no_default_site  => true 
+     no_default_site  => true,
+     ssl              => true
    }
 
-If you want to install Apache and also enable SSL support:
-
-    include apache::ssl
-
 You can install the ITK worker model to enforce stronger, per-user security:
 
     include apache::itk
diff --git a/files/config/Debian.wheezy/apache2.conf b/files/config/Debian.wheezy/apache2.conf
new file mode 100644
index 0000000..5054567
--- /dev/null
+++ b/files/config/Debian.wheezy/apache2.conf
@@ -0,0 +1,268 @@
+# This is the main Apache server configuration file.  It contains the
+# configuration directives that give the server its instructions.
+# See http://httpd.apache.org/docs/2.2/ for detailed information about
+# the directives and /usr/share/doc/apache2-common/README.Debian.gz about
+# Debian specific hints.
+#
+#
+# Summary of how the Apache 2 configuration works in Debian:
+# The Apache 2 web server configuration in Debian is quite different to
+# upstream's suggested way to configure the web server. This is because Debian's
+# default Apache2 installation attempts to make adding and removing modules,
+# virtual hosts, and extra configuration directives as flexible as possible, in
+# order to make automating the changes and administering the server as easy as
+# possible.
+
+# It is split into several files forming the configuration hierarchy outlined
+# below, all located in the /etc/apache2/ directory:
+#
+#	/etc/apache2/
+#	|-- apache2.conf
+#	|	`--  ports.conf
+#	|-- mods-enabled
+#	|	|-- *.load
+#	|	`-- *.conf
+#	|-- conf.d
+#	|	`-- *
+# 	`-- sites-enabled
+#	 	`-- *
+#
+#
+# * apache2.conf is the main configuration file (this file). It puts the pieces
+#   together by including all remaining configuration files when starting up the
+#   web server.
+#
+#   In order to avoid conflicts with backup files, the Include directive is
+#   adapted to ignore files that:
+#   - do not begin with a letter or number
+#   - contain a character that is neither letter nor number nor _-:.
+#   - contain .dpkg
+#
+#   Yet we strongly suggest that all configuration files either end with a
+#   .conf or .load suffix in the file name. The next Debian release will
+#   ignore files not ending with .conf (or .load for mods-enabled).
+#
+# * ports.conf is always included from the main configuration file. It is
+#   supposed to determine listening ports for incoming connections, and which
+#   of these ports are used for name based virtual hosts.
+#
+# * Configuration files in the mods-enabled/ and sites-enabled/ directories
+#   contain particular configuration snippets which manage modules or virtual
+#   host configurations, respectively.
+#
+#   They are activated by symlinking available configuration files from their
+#   respective *-available/ counterparts. These should be managed by using our
+#   helpers a2enmod/a2dismod, a2ensite/a2dissite. See
+#   their respective man pages for detailed information.
+#
+# * Configuration files in the conf.d directory are either provided by other
+#   packages or may be added by the local administrator. Local additions
+#   should start with local- or end with .local.conf to avoid name clashes. All
+#   files in conf.d are considered (excluding the exceptions noted above) by
+#   the Apache 2 web server.
+#
+# * The binary is called apache2. Due to the use of environment variables, in
+#   the default configuration, apache2 needs to be started/stopped with
+#   /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
+#   work with the default configuration.
+
+
+# Global configuration
+#
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# NOTE!  If you intend to place this on an NFS (or otherwise network)
+# mounted filesystem then please read the LockFile documentation (available
+# at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>);
+# you will save yourself a lot of trouble.
+#
+# Do NOT add a slash at the end of the directory path.
+#
+#ServerRoot "/etc/apache2"
+
+#
+# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
+#
+LockFile ${APACHE_LOCK_DIR}/accept.lock
+
+#
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
+# This needs to be set in /etc/apache2/envvars
+#
+PidFile ${APACHE_PID_FILE}
+
+#
+# Timeout: The number of seconds before receives and sends time out.
+#
+Timeout 300
+
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive On
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 5
+
+##
+## Server-Pool Size Regulation (MPM specific)
+## 
+
+# prefork MPM
+# StartServers: number of server processes to start
+# MinSpareServers: minimum number of server processes which are kept spare
+# MaxSpareServers: maximum number of server processes which are kept spare
+# MaxClients: maximum number of server processes allowed to start
+# MaxRequestsPerChild: maximum number of requests a server process serves
+<IfModule mpm_prefork_module>
+    StartServers          5
+    MinSpareServers       5
+    MaxSpareServers      10
+    MaxClients          150
+    MaxRequestsPerChild   0
+</IfModule>
+
+# worker MPM
+# StartServers: initial number of server processes to start
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
+#              graceful restart. ThreadLimit can only be changed by stopping
+#              and starting Apache.
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxClients: maximum number of simultaneous client connections
+# MaxRequestsPerChild: maximum number of requests a server process serves
+<IfModule mpm_worker_module>
+    StartServers          2
+    MinSpareThreads      25
+    MaxSpareThreads      75 
+    ThreadLimit          64
+    ThreadsPerChild      25
+    MaxClients          150
+    MaxRequestsPerChild   0
+</IfModule>
+
+# event MPM
+# StartServers: initial number of server processes to start
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxClients: maximum number of simultaneous client connections
+# MaxRequestsPerChild: maximum number of requests a server process serves
+<IfModule mpm_event_module>
+    StartServers          2
+    MinSpareThreads      25
+    MaxSpareThreads      75 
+    ThreadLimit          64
+    ThreadsPerChild      25
+    MaxClients          150
+    MaxRequestsPerChild   0
+</IfModule>
+
+# These need to be set in /etc/apache2/envvars
+User ${APACHE_RUN_USER}
+Group ${APACHE_RUN_GROUP}
+
+#
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives.  See also the AllowOverride
+# directive.
+#
+
+AccessFileName .htaccess
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being 
+# viewed by Web clients. 
+#
+<Files ~ "^\.ht">
+    Order allow,deny
+    Deny from all
+    Satisfy all
+</Files>
+
+#
+# DefaultType is the default MIME type the server will use for a document
+# if it cannot otherwise determine one, such as from filename extensions.
+# If your server contains mostly text or HTML documents, "text/plain" is
+# a good value.  If most of your content is binary, such as applications
+# or images, you may want to use "application/octet-stream" instead to
+# keep browsers from trying to display binary files as though they are
+# text.
+#
+# It is also possible to omit any default MIME type and let the
+# client's browser guess an appropriate action instead. Typically the
+# browser will decide based on the file's extension then. In cases
+# where no good assumption can be made, letting the default MIME type
+# unset is suggested  instead of forcing the browser to accept
+# incorrect  metadata.
+#
+DefaultType None
+
+
+#
+# HostnameLookups: Log the names of clients or just their IP addresses
+# e.g., www.apache.org (on) or 204.62.129.132 (off).
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on, since enabling it means that
+# each client request will result in AT LEAST one lookup request to the
+# nameserver.
+#
+HostnameLookups Off
+
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog ${APACHE_LOG_DIR}/error.log
+
+#
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+#
+LogLevel warn
+
+# Include module configuration:
+Include mods-enabled/*.load
+Include mods-enabled/*.conf
+
+# Include list of ports to listen on and which to use for name based vhosts
+Include ports.conf
+
+#
+# The following directives define some format nicknames for use with
+# a CustomLog directive (see below).
+# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i
+#
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %O" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+
+# Include of directories ignores editors' and dpkg's backup files,
+# see the comments above for details.
+
+# Include generic snippets of statements
+Include conf.d/
+
+# Include the virtual host configurations:
+Include sites-enabled/
diff --git a/manifests/debian.pp b/manifests/debian.pp
index 7d1191d..6ae4cee 100644
--- a/manifests/debian.pp
+++ b/manifests/debian.pp
@@ -1,40 +1,44 @@
 ### debian
 class apache::debian inherits apache::package {
-    $config_dir = '/etc/apache2'
+  $config_dir = '/etc/apache2'
 
-    Package[apache] {
-      name => 'apache2',
-    }
-    File[vhosts_dir] {
-      path => "${config_dir}/sites-enabled",
-    }
-    File[modules_dir] {
-      path => "${config_dir}/mods-enabled",
-    }
-    File[htpasswd_dir] {
-      path   => '/var/www/htpasswds',
-      group  => 'www-data',
-    }
-    File[default_apache_index] {
-      path => '/var/www/index.html',
-    }
-    file { 'apache_main_config':
-      path    => "${config_dir}/apache2.conf",
-      source  => ["puppet:///modules/site_apache/config/Debian/${::fqdn}/apache2.conf",
-                  "puppet:///modules/site_apache/config/Debian.${::operatingsystemmajrelease}/apache2.conf",
-                  'puppet:///modules/site_apache/config/Debian/apache2.conf',
-                  'puppet:///modules/apache/config/Debian/apache2.conf' ],
-      require => Package['apache'],
-      notify  => Service['apache'],
-      owner   => root,
-      group   => 0,
-      mode    => '0644';
-    }
-    apache::config::global{ 'charset': }
-    apache::config::global{ 'security': }
-    file { 'default_debian_apache_vhost':
-      ensure  => absent,
-      path    => '/etc/apache2/sites-enabled/000-default',
-    }
+  Package[apache] {
+    name => 'apache2',
+  }
+  File[vhosts_dir] {
+    path => "${config_dir}/sites-enabled",
+  }
+  File[modules_dir] {
+    path => "${config_dir}/mods-enabled",
+  }
+  File[htpasswd_dir] {
+    path   => '/var/www/htpasswds',
+    group  => 'www-data',
+  }
+  File[default_apache_index] {
+    path => '/var/www/index.html',
+  }
+  file { 'apache_main_config':
+    path    => "${config_dir}/apache2.conf",
+    source  => [ "puppet:///modules/site_apache/config/Debian.${::lsbdistcodename}/${::fqdn}/apache2.conf",
+                "puppet:///modules/site_apache/config/Debian/${::fqdn}/apache2.conf",
+                "puppet:///modules/site_apache/config/Debian.${::lsbdistcodename}/apache2.conf",
+                'puppet:///modules/site_apache/config/Debian/apache2.conf',
+                "puppet:///modules/apache/config/Debian.${::lsbdistcodename}/${::fqdn}/apache2.conf",
+                "puppet:///modules/apache/config/Debian/${::fqdn}/apache2.conf",
+                "puppet:///modules/apache/config/Debian.${::lsbdistcodename}/apache2.conf",
+                'puppet:///modules/apache/config/Debian/apache2.conf' ],
+    require => Package['apache'],
+    notify  => Service['apache'],
+    owner   => root,
+    group   => 0,
+    mode    => '0644';
+  }
+  apache::config::global{ 'charset': }
+  apache::config::global{ 'security': }
+  file { 'default_debian_apache_vhost':
+    ensure  => absent,
+    path    => '/etc/apache2/sites-enabled/000-default',
+  }
 }
 
diff --git a/manifests/init.pp b/manifests/init.pp
index 574c212..542e7aa 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -17,7 +17,8 @@ class apache(
   $cluster_node = '',
   $manage_shorewall = false,
   $manage_munin = false,
-  $no_default_site = false
+  $no_default_site = false,
+  $ssl = false
 ) {
   case $::operatingsystem {
     centos: { include apache::centos }
@@ -32,5 +33,8 @@ class apache(
   if $apache::manage_shorewall {
     include shorewall::rules::http
   }
+  if $ssl {
+    include apache::ssl
+  }
 }
 
diff --git a/manifests/munin.pp b/manifests/munin.pp
index 8b5bda1..2a04e97 100644
--- a/manifests/munin.pp
+++ b/manifests/munin.pp
@@ -1,5 +1,8 @@
 # manage apache monitoring things
 class apache::munin {
+
+  include perl::extensions::libwww
+
   munin::plugin{ [ 'apache_accesses', 'apache_processes', 'apache_volume' ]: }
   munin::plugin::deploy { 'apache_activity':
     source  => 'apache/munin/apache_activity',
diff --git a/manifests/ssl/base.pp b/manifests/ssl/base.pp
index ff9baa5..7c17423 100644
--- a/manifests/ssl/base.pp
+++ b/manifests/ssl/base.pp
@@ -1,7 +1,7 @@
 class apache::ssl::base {
   ::apache::config::include{ 'ssl_defaults.inc': }
 
-  if !$apache_no_default_site {
+  if !$apache::no_default_site {
     ::apache::vhost::file{ '0-default_ssl': }
   }
 }
diff --git a/manifests/status.pp b/manifests/status.pp
index 1f7ca89..c507013 100644
--- a/manifests/status.pp
+++ b/manifests/status.pp
@@ -3,6 +3,7 @@
 class apache::status {
   case $::operatingsystem {
     centos: { include apache::status::centos }
+    debian: { include apache::status::debian }
     defaults: { include apache::status::base }
   }
   if $apache::manage_munin {
diff --git a/manifests/status/debian.pp b/manifests/status/debian.pp
new file mode 100644
index 0000000..678bc44
--- /dev/null
+++ b/manifests/status/debian.pp
@@ -0,0 +1,3 @@
+class apache::status::debian {
+  ::apache::debian::module { 'status': }
+}