diff options
Diffstat (limited to 'manifests')
26 files changed, 420 insertions, 69 deletions
diff --git a/manifests/centos.pp b/manifests/centos.pp index ec29ccb..e8a413d 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -38,6 +38,18 @@ class apache::centos inherits apache::package { owner => root, group => 0, mode => 0644; } + line{ + 'pidfile_httpd.conf': + file => '/etc/httpd/conf/httpd.conf', + line => 'PidFile run/httpd.pid'; + 'listen_httpd.conf': + file => '/etc/httpd/conf/httpd.conf', + line => 'Listen 80'; + } + apache::config::global{'00-listen.conf': + ensure => absent, + } + include apache::logrotate::centos apache::config::global{ 'welcome.conf': } diff --git a/manifests/centos/itk.pp b/manifests/centos/itk.pp index 46a5225..9e97fa0 100644 --- a/manifests/centos/itk.pp +++ b/manifests/centos/itk.pp @@ -5,8 +5,6 @@ class apache::centos::itk inherits apache::centos { name => 'httpd-itk', } File['apache_service_config']{ - source => [ "puppet:///modules/site-apache/service/CentOS/${fqdn}/httpd.itk", - "puppet:///modules/site-apache/service/CentOS/httpd.itk", - "puppet:///modules/apache/service/CentOS/httpd.itk" ], + source => "puppet:///modules/apache/service/CentOS/httpd.itk" } } diff --git a/manifests/centos/itk_plus.pp b/manifests/centos/itk_plus.pp new file mode 100644 index 0000000..f73be04 --- /dev/null +++ b/manifests/centos/itk_plus.pp @@ -0,0 +1,15 @@ +# http://hostby.net/home/2008/07/12/centos-5-and-mpm-itk/ +class apache::centos::itk_plus inherits apache::centos::itk { + Line['pidfile_httpd.conf','listen_httpd.conf']{ + ensure => absent, + } + + Apache::Config::Global['00-listen.conf']{ + ensure => present, + content => template("apache/itk_plus/${operatingsystem}/00-listen.conf.erb"), + } + + File['apache_service_config']{ + source => "puppet:///modules/apache/service/CentOS/httpd.itk_plus" + } +} diff --git a/manifests/itk/lock.pp b/manifests/itk/lock.pp new file mode 100644 index 0000000..4ad95fa --- /dev/null +++ b/manifests/itk/lock.pp @@ -0,0 +1,4 @@ +class apache::itk::lock { + # This file resource is used to ensure that only one itk mode is used per host + file{'/var/www/.itk_mode_lock': ensure => absent } +} diff --git a/manifests/itk_plus.pp b/manifests/itk_plus.pp new file mode 100644 index 0000000..64d7c87 --- /dev/null +++ b/manifests/itk_plus.pp @@ -0,0 +1,10 @@ +# manifests/itk.pp +# +# see: http://mpm-itk.sesse.net/ + +class apache::itk_plus inherits apache::itk { + case $operatingsystem { + centos: { include ::apache::centos::itk_plus } + default: { fail("itk plus mode is currently only implemented for CentOS") } + } +} diff --git a/manifests/itk_plus/lock.pp b/manifests/itk_plus/lock.pp new file mode 100644 index 0000000..d540939 --- /dev/null +++ b/manifests/itk_plus/lock.pp @@ -0,0 +1,4 @@ +class apache::itk_plus::lock { + # This file resource is used to ensure that only one itk mode is used per host + file{'/var/www/.itk_mode_lock': ensure => absent } +} diff --git a/manifests/vhost.pp b/manifests/vhost.pp index cc163eb..cb89359 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -14,6 +14,25 @@ # - nologs: Send every logging to /dev/null # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: (*default*) don't activate mod_security +# - true: activate mod_security +# define apache::vhost( $ensure = present, $path = 'absent', @@ -62,6 +81,8 @@ define apache::vhost( vhost_source => $vhost_source, vhost_destination => $vhost_destination, do_includes => $do_includes, + run_mode => $run_mode, + mode_security => $mod_security, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, use_mod_macro => $use_mod_macro, diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp index 32a80db..a471359 100644 --- a/manifests/vhost/file.pp +++ b/manifests/vhost/file.pp @@ -7,16 +7,48 @@ # - absent: standardpath (default) # - else: path to deploy # +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: (*default*) don't activate mod_security +# - true: activate mod_security +# define apache::vhost::file( $ensure = present, $vhost_source = 'absent', $vhost_destination = 'absent', $content = 'absent', $do_includes = false, + $run_mode = 'normal', + $mod_security = false, $htpasswd_file = 'absent', $htpasswd_path = 'absent', $use_mod_macro = false ){ + if $mod_security { + case $run_mode { + 'itk': { include mod_security::itk } + 'proxy-itk','static-itk': { include mod_security::itk_plus } + default: { include mod_security } + } + } + + case $run_mode { + 'itk': { include ::apache::itk::lock } + 'proxy-itk','static-itk': { include ::apache::itk_plus::lock } + } $vhosts_dir = $operatingsystem ? { centos => "$apache::centos::config_dir/vhosts.d", gentoo => "$apache::gentoo::config_dir/vhosts.d", diff --git a/manifests/vhost/gitweb.pp b/manifests/vhost/gitweb.pp index 96e06b4..2bc15d0 100644 --- a/manifests/vhost/gitweb.pp +++ b/manifests/vhost/gitweb.pp @@ -3,6 +3,7 @@ # - nologs: Send every logging to /dev/null # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# define apache::vhost::gitweb( $ensure = present, $domain = 'absent', @@ -45,6 +46,7 @@ define apache::vhost::gitweb( options => $options, additional_options => $additional_options, default_charset => $default_charset, + run_mode => 'normal', ssl_mode => $ssl_mode, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, diff --git a/manifests/vhost/modperl.pp b/manifests/vhost/modperl.pp index ef6b5d7..30083a3 100644 --- a/manifests/vhost/modperl.pp +++ b/manifests/vhost/modperl.pp @@ -1,14 +1,30 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# define apache::vhost::modperl( $ensure = present, $domain = 'absent', @@ -53,6 +69,7 @@ define apache::vhost::modperl( } default: { $real_cgi_binpath = $cgi_binpath } } + file{$real_cgi_binpath: ensure => directory, owner => $documentroot_owner, @@ -60,6 +77,11 @@ define apache::vhost::modperl( mode => $documentroot_mode; } + case $run_mode { + 'proxy-itk','static-itk': { include ::mod_perl::itk_plus } + default: { include ::mod_perl } + } + # create webdir ::apache::vhost::webdir{$name: ensure => $ensure, diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index 4a9b95e..c174079 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -1,10 +1,17 @@ # run_uid: the uid the vhost should run as with the mod_passenger module # run_gid: the gid the vhost should run as with the mod_passenger module +# # logmode: +# # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*defaul*) activate mod_security +# define apache::vhost::passenger( $ensure = present, $domain = 'absent', @@ -20,10 +27,6 @@ define apache::vhost::passenger( $documentroot_owner = apache, $documentroot_group = 0, $documentroot_mode = 0640, - # TODO: think of a more generic way to handle user separation - # i.e. rename itk mode into something else - # e.g. default, moderate (use same user for access and run), strict (use different users for access and run) - $run_mode = 'normal', $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', @@ -40,6 +43,9 @@ define apache::vhost::passenger( $htpasswd_file = 'absent', $htpasswd_path = 'absent' ){ + + include ::pasenger + if $manage_webdir { # create webdir ::apache::vhost::webdir{$name: @@ -67,7 +73,7 @@ define apache::vhost::passenger( domain => $domain, domainalias => $domainalias, server_admin => $server_admin, - run_mode => 'itk', + run_mode => 'normal', run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, diff --git a/manifests/vhost/php/drupal.pp b/manifests/vhost/php/drupal.pp index 7f48841..e56223a 100644 --- a/manifests/vhost/php/drupal.pp +++ b/manifests/vhost/php/drupal.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None @@ -15,6 +30,7 @@ # - nologs: Send every logging to /dev/null # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# define apache::vhost::php::drupal( $ensure = present, $domain = 'absent', diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp index a846e7b..a43e627 100644 --- a/manifests/vhost/php/gallery2.pp +++ b/manifests/vhost/php/gallery2.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: (*defaul*) don't activate mod_security +# - true: activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None diff --git a/manifests/vhost/php/joomla.pp b/manifests/vhost/php/joomla.pp index 1af9bf9..96e3ab1 100644 --- a/manifests/vhost/php/joomla.pp +++ b/manifests/vhost/php/joomla.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None diff --git a/manifests/vhost/php/mediawiki.pp b/manifests/vhost/php/mediawiki.pp index cda1654..108b91f 100644 --- a/manifests/vhost/php/mediawiki.pp +++ b/manifests/vhost/php/mediawiki.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None diff --git a/manifests/vhost/php/silverstripe.pp b/manifests/vhost/php/silverstripe.pp index 419a340..cf67d16 100644 --- a/manifests/vhost/php/silverstripe.pp +++ b/manifests/vhost/php/silverstripe.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None diff --git a/manifests/vhost/php/simplemachine.pp b/manifests/vhost/php/simplemachine.pp index f015a2f..0983f17 100644 --- a/manifests/vhost/php/simplemachine.pp +++ b/manifests/vhost/php/simplemachine.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None diff --git a/manifests/vhost/php/spip.pp b/manifests/vhost/php/spip.pp index 56c3e94..290082f 100644 --- a/manifests/vhost/php/spip.pp +++ b/manifests/vhost/php/spip.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index aa92a0e..9437046 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None @@ -111,6 +126,12 @@ define apache::vhost::php::standard( include php::extensions::smarty } + case $run_mode { + 'proxy-itk','static-itk': { include ::php::itk_plus } + 'itk': { include ::php::itk } + default: { include ::php } + } + if $manage_webdir { # create webdir ::apache::vhost::webdir{$name: diff --git a/manifests/vhost/php/typo3.pp b/manifests/vhost/php/typo3.pp index ab348ac..40c171f 100644 --- a/manifests/vhost/php/typo3.pp +++ b/manifests/vhost/php/typo3.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None diff --git a/manifests/vhost/php/webapp.pp b/manifests/vhost/php/webapp.pp index 5e54782..9716dfb 100644 --- a/manifests/vhost/php/webapp.pp +++ b/manifests/vhost/php/webapp.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None diff --git a/manifests/vhost/php/wordpress.pp b/manifests/vhost/php/wordpress.pp index 63e7267..461a2d7 100644 --- a/manifests/vhost/php/wordpress.pp +++ b/manifests/vhost/php/wordpress.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None diff --git a/manifests/vhost/redirect.pp b/manifests/vhost/redirect.pp index 53b1a07..4bb7b67 100644 --- a/manifests/vhost/redirect.pp +++ b/manifests/vhost/redirect.pp @@ -1,5 +1,6 @@ # Redirect VHost to redirect hosts # Parameters: +# # - ensure: wether this vhost is `present` or `absent` # - domain: the domain to redirect (*name*) # - domainalias: A list of whitespace seperated domains to redirect @@ -10,11 +11,14 @@ # - true: enable ssl for this vhost # - force: enable ssl and redirect non-ssl to ssl # - only: enable ssl only +# # logmode: +# # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# define apache::vhost::redirect( $ensure = present, $domain = 'absent', @@ -39,6 +43,7 @@ define apache::vhost::redirect( }, logmode => $logmode, allow_override => $allow_override, + run_mode => 'normal', mod_security => false, options => $target_url, ssl_mode => $ssl_mode, diff --git a/manifests/vhost/static.pp b/manifests/vhost/static.pp index 640e172..9d78ebd 100644 --- a/manifests/vhost/static.pp +++ b/manifests/vhost/static.pp @@ -1,11 +1,17 @@ # vhost_mode: which option is chosen to deploy the vhost # - template: generate it from a template (default) # - file: deploy a vhost file (apache::vhost::file will be called directly) +# # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: (*default*) don't activate mod_security +# - true: activate mod_security +# define apache::vhost::static( $ensure = present, $domain = 'absent', diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index d7e9e07..36aa0cd 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -25,6 +25,28 @@ # - nologs: Send every logging to /dev/null # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# +# run_uid: the uid the vhost should run as with the itk module +# run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# define apache::vhost::template( $ensure = present, $path = 'absent', @@ -61,13 +83,6 @@ define apache::vhost::template( $ldap_auth = false, $ldap_user = 'any' ){ - if $mod_security { - case $run_mode { - 'itk': { include mod_security::itk } - default: { include mod_security } - } - } - $real_path = $path ? { 'absent' => $operatingsystem ? { openbsd => "/var/www/htdocs/$name", @@ -101,7 +116,11 @@ define apache::vhost::template( $real_htpasswd_path = $htpasswd_path } case $run_mode { - 'itk': { + 'proxy-itk': { $logfileprefix = 'proxy' } + 'static-itk': { $logfileprefix = 'static' } + } + case $run_mode { + 'itk','proxy-itk','static-itk': { case $run_uid { 'absent': { fail("you have to define run_uid for $name on $fqdn") } } @@ -144,6 +163,8 @@ define apache::vhost::template( apache::vhost::file{$name: ensure => $ensure, do_includes => $do_includes, + run_mode => $run_mode, + mod_security => $mod_security, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, use_mod_macro => $use_mod_macro, diff --git a/manifests/vhost/webdav.pp b/manifests/vhost/webdav.pp index 770424c..b4775d5 100644 --- a/manifests/vhost/webdav.pp +++ b/manifests/vhost/webdav.pp @@ -1,15 +1,28 @@ # Webdav vhost: to manage webdav accessible targets -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: this mode is not possible and will be rewritten to proxy-itk +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: (*default*) don't activate mod_security +# - true: activate mod_security +# # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# define apache::vhost::webdav( $ensure = present, $domain = 'absent', @@ -66,6 +79,14 @@ define apache::vhost::webdav( documentroot_mode => $documentroot_mode, } } + + if $run_mode == 'static-itk' { + notice("static-itk mode is not possible for webdav vhosts, rewriting it to proxy-itk") + $real_run_mode = 'proxy-itk' + } else { + $real_run_mode = $run_mode + } + # create vhost configuration file ::apache::vhost{$name: ensure => $ensure, @@ -80,7 +101,7 @@ define apache::vhost::webdav( domain => $domain, domainalias => $domainalias, server_admin => $server_admin, - run_mode => $run_mode, + run_mode => $real_run_mode, run_uid => $run_uid, run_gid => $run_gid, options => $options, |