diff options
Diffstat (limited to 'manifests')
38 files changed, 1927 insertions, 1722 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 35fc42e..3f92159 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -4,6 +4,10 @@ class apache::base { 'vhosts_dir': ensure => directory, path => '/etc/apache2/vhosts.d', + purge => true, + recurse => true, + force => true, + notify => Service['apache'], owner => root, group => 0, mode => '0644'; @@ -16,18 +20,30 @@ class apache::base { 'include_dir': ensure => directory, path => '/etc/apache2/include.d', + purge => true, + recurse => true, + force => true, + notify => Service['apache'], owner => root, group => 0, mode => '0644'; 'modules_dir': ensure => directory, path => '/etc/apache2/modules.d', + purge => true, + recurse => true, + force => true, + notify => Service['apache'], owner => root, group => 0, mode => '0644'; 'htpasswd_dir': ensure => directory, path => '/var/www/htpasswds', + purge => true, + recurse => true, + force => true, + notify => Service['apache'], owner => root, group => 'apache', mode => '0640'; @@ -43,20 +59,17 @@ class apache::base { owner => root, group => 0, mode => '0644'; - } - anchor{'apache::basic_dirs::ready': - require => File['vhosts_dir','config_dir','include_dir','modules_dir','htpasswd_dir','web_dir','default_apache_index'] - } + } -> anchor{'apache::basic_dirs::ready': } - apache::config::include{ 'defaults.inc': } - apache::config::global{ 'git.conf': } - if !$apache::no_default_site { - apache::vhost::file { '0-default': } - } + apache::config::include{ 'defaults.inc': } + apache::config::global{ 'git.conf': } + if !$apache::no_default_site { + apache::vhost::file { '0-default': } + } service{'apache': - ensure => running, - name => 'apache2', - enable => true, + ensure => running, + name => 'apache2', + enable => true, } } diff --git a/manifests/centos.pp b/manifests/centos.pp index caf46ce..f469715 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -1,86 +1,86 @@ ### centos class apache::centos inherits apache::package { - $config_dir = '/etc/httpd' + $config_dir = '/etc/httpd' - Package[apache]{ - name => 'httpd', - } - Service[apache]{ - name => 'httpd', - restart => '/etc/init.d/httpd graceful', - } - File[vhosts_dir]{ - path => "${config_dir}/vhosts.d", - } - File[config_dir]{ - path => "${config_dir}/conf.d", - } - File[include_dir]{ - path => "${config_dir}/include.d", - } - File[modules_dir]{ - path => "${config_dir}/modules.d", - } - File[web_dir]{ - path => '/var/www/vhosts', - } - File[default_apache_index]{ - path => '/var/www/html/index.html', - } + Package[apache]{ + name => 'httpd', + } + Service[apache]{ + name => 'httpd', + restart => '/etc/init.d/httpd graceful', + } + File[vhosts_dir]{ + path => "${config_dir}/vhosts.d", + } + File[config_dir]{ + path => "${config_dir}/conf.d", + } + File[include_dir]{ + path => "${config_dir}/include.d", + } + File[modules_dir]{ + path => "${config_dir}/modules.d", + } + File[web_dir]{ + path => '/var/www/vhosts', + } + File[default_apache_index]{ + path => '/var/www/html/index.html', + } - if $::selinux != 'false' { - Selinux::Fcontext{ - before => File[web_dir], - } - $seltype_rw = $::lsbmajdistrelease ? { - 5 => 'httpd_sys_script_rw_t', - default => 'httpd_sys_rw_content_t' - } - selinux::fcontext{ - [ '/var/www/vhosts/[^/]*/www(/.*)?', - '/var/www/vhosts/[^/]*/non_public(/.*)?', - '/var/www/vhosts/[^/]*/g2data(/.*)?', - '/var/www/vhosts/[^/]*/upload(/.*)?' ]: - require => Package['apache'], - setype => $seltype_rw; - '/var/www/vhosts/[^/]*/logs(/.*)?': - require => Package['apache'], - setype => 'httpd_log_t'; - } + if str2bool($::selinux) { + Selinux::Fcontext{ + before => File[web_dir], } - file{'apache_service_config': - path => '/etc/sysconfig/httpd', - source => [ "puppet:///modules/site_apache/service/CentOS/${::fqdn}/httpd", - 'puppet:///modules/site_apache/service/CentOS/httpd', - 'puppet:///modules/apache/service/CentOS/httpd' ], - require => Package['apache'], - notify => Service['apache'], - owner => root, - group => 0, - mode => '0644'; + $seltype_rw = $::operatingsystemmajrelease ? { + 5 => 'httpd_sys_script_rw_t', + default => 'httpd_sys_rw_content_t' } - - # this is for later fixes - exec{ - 'adjust_pidfile': - command => 'sed -i "s/^#PidFile \(.*\)/PidFile \1/g" /etc/httpd/conf/httpd.conf', - unless => 'grep -qE \'^PidFile \' /etc/httpd/conf/httpd.conf', + selinux::fcontext{ + [ '/var/www/vhosts/[^/]*/www(/.*)?', + '/var/www/vhosts/[^/]*/non_public(/.*)?', + '/var/www/vhosts/[^/]*/data(/.*)?', + '/var/www/vhosts/[^/]*/upload(/.*)?' ]: require => Package['apache'], - notify => Service['apache']; - 'adjust_listen': - command => 'sed -i "s/^#Listen 80/Listen 80/g" /etc/httpd/conf/httpd.conf', - unless => 'grep -qE \'^Listen 80\' /etc/httpd/conf/httpd.conf', + setype => $seltype_rw; + '/var/www/vhosts/[^/]*/logs(/.*)?': require => Package['apache'], - notify => Service['apache']; + setype => 'httpd_log_t'; } + } + file{'apache_service_config': + path => '/etc/sysconfig/httpd', + source => [ "puppet:///modules/site_apache/service/CentOS/${::fqdn}/httpd", + 'puppet:///modules/site_apache/service/CentOS/httpd', + 'puppet:///modules/apache/service/CentOS/httpd' ], + require => Package['apache'], + notify => Service['apache'], + owner => root, + group => 0, + mode => '0644'; + } - apache::config::global{'00-listen.conf': - ensure => absent, - } + # this is for later fixes + exec{ + 'adjust_pidfile': + command => 'sed -i "s/^#PidFile \(.*\)/PidFile \1/g" /etc/httpd/conf/httpd.conf', + unless => 'grep -qE \'^PidFile \' /etc/httpd/conf/httpd.conf', + require => Package['apache'], + notify => Service['apache']; + 'adjust_listen': + command => 'sed -i "s/^#Listen 80/Listen 80/g" /etc/httpd/conf/httpd.conf', + unless => 'grep -qE \'^Listen 80\' /etc/httpd/conf/httpd.conf', + require => Package['apache'], + notify => Service['apache']; + } + + apache::config::global{'00-listen.conf': + ensure => absent, + } - include apache::logrotate::centos + include apache::logrotate::centos - apache::config::global{ 'welcome.conf': } - apache::config::global{ 'vhosts.conf': } + apache::config::global{ 'welcome.conf': } + apache::config::global{ 'vhosts.conf': } } diff --git a/manifests/config/file.pp b/manifests/config/file.pp index 947ce96..7b05869 100644 --- a/manifests/config/file.pp +++ b/manifests/config/file.pp @@ -1,82 +1,106 @@ # deploy apache configuration file # by default we assume it's a global configuration file define apache::config::file( - $ensure = present, - $target = false, - $type = 'global', - $source = 'absent', - $content = 'absent', - $destination = 'absent' + $ensure = present, + $target = false, + $type = 'global', + $source = 'absent', + $content = 'absent', + $destination = 'absent' ){ - case $type { - 'include': { $confdir = 'include.d' } - 'global': { $confdir = 'conf.d' } - default: { fail("Wrong config file type specified for ${name}") } - } - $real_destination = $destination ? { - 'absent' => $::operatingsystem ? { - centos => "${apache::centos::config_dir}/${confdir}/${name}", - gentoo => "${apache::gentoo::config_dir}/${name}", - debian => "${apache::debian::config_dir}/${confdir}/${name}", - ubuntu => "${apache::ubuntu::config_dir}/${confdir}/${name}", - openbsd => "${apache::openbsd::config_dir}/${confdir}/${name}", - default => "/etc/apache2/${confdir}/${name}", - }, - default => $destination - } - file{"apache_${name}": - ensure => $ensure, - path => $real_destination, - notify => Service[apache], - owner => root, group => 0, mode => 0644; - } + case $type { + 'include': { $confdir = 'include.d' } + 'global': { $confdir = 'conf.d' } + default: { fail("Wrong config file type specified for ${name}") } + } + $real_destination = $destination ? { + 'absent' => $::operatingsystem ? { + centos => "${apache::centos::config_dir}/${confdir}/${name}", + gentoo => "${apache::gentoo::config_dir}/${name}", + debian => "${apache::debian::config_dir}/${confdir}/${name}", + ubuntu => "${apache::ubuntu::config_dir}/${confdir}/${name}", + openbsd => "${apache::openbsd::config_dir}/${confdir}/${name}", + default => "/etc/apache2/${confdir}/${name}", + }, + default => $destination + } + file{"apache_${name}": + ensure => $ensure, + path => $real_destination, + notify => Service[apache], + owner => root, + group => 0, + mode => '0644'; + } - case $ensure { - 'absent', 'purged': { - # We want to avoid all stuff related to source and content + case $ensure { + 'absent', 'purged': { + # We want to avoid all stuff related to source and content + } + 'link': { + if $target { + File["apache_${name}"] { + target => $target, + } } - 'link': { - if $target != false { - File["apache_${name}"] { - target => $target, + } + default: { + case $content { + 'absent': { + $real_source = $source ? { + 'absent' => [ + "puppet:///modules/site_apache/${confdir}/${::fqdn}/${name}", + "puppet:///modules/site_apache/${confdir}/${apache::cluster_node}/${name}", + "puppet:///modules/site_apache/${confdir}/${::operatingsystem}.${::operatingsystemmajrelease}/${name}", + "puppet:///modules/site_apache/${confdir}/${::operatingsystem}/${name}", + "puppet:///modules/site_apache/${confdir}/${name}", + "puppet:///modules/apache/${confdir}/${::operatingsystem}.${::operatingsystemmajrelease}/${name}", + "puppet:///modules/apache/${confdir}/${::operatingsystem}/${name}", + "puppet:///modules/apache/${confdir}/${name}" + ], + default => $source + } + File["apache_${name}"]{ + source => $real_source, } } - } - default: { - case $content { - 'absent': { - $real_source = $source ? { - 'absent' => [ - "puppet:///modules/site_apache/${confdir}/${::fqdn}/${name}", - "puppet:///modules/site_apache/${confdir}/${apache::cluster_node}/${name}", - "puppet:///modules/site_apache/${confdir}/${::operatingsystem}.${::lsbdistcodename}/${name}", - "puppet:///modules/site_apache/${confdir}/${::operatingsystem}/${name}", - "puppet:///modules/site_apache/${confdir}/${name}", - "puppet:///modules/apache/${confdir}/${::operatingsystem}.${::lsbdistcodename}/${name}", - "puppet:///modules/apache/${confdir}/${::operatingsystem}/${name}", - "puppet:///modules/apache/${confdir}/${name}" - ], - default => $source, - } - File["apache_${name}"]{ - source => $real_source, + default: { + case $content { + 'absent': { + $real_source = $source ? { + 'absent' => [ + "puppet:///modules/site-apache/${confdir}/${::fqdn}/${name}", + "puppet:///modules/site-apache/${confdir}/${apache::cluster_node}/${name}", + "puppet:///modules/site-apache/${confdir}/${::operatingsystem}.${::operatingsystemmajrelease}/${name}", + "puppet:///modules/site-apache/${confdir}/${::operatingsystem}/${name}", + "puppet:///modules/site-apache/${confdir}/${name}", + "puppet:///modules/apache/${confdir}/${::operatingsystem}.${::operatingsystemmajrelease}/${name}", + "puppet:///modules/apache/${confdir}/${::operatingsystem}/${name}", + "puppet:///modules/apache/${confdir}/${name}" + ], + default => $source, + } + File["apache_${name}"]{ + source => $real_source, + } } - } - default: { - File["apache_${name}"]{ - content => $content, + default: { + File["apache_${name}"]{ + content => $content, + } } } } } } + } - case $::operatingsystem { - openbsd: { info("no package dependency on ${::operatingsystem} for ${name}") } - default: { - File["apache_${name}"]{ - require => Package[apache], - } - } + case $::operatingsystem { + openbsd: { info("no package dependency on ${::operatingsystem} for ${name}") } + default: { + File["apache_${name}"]{ + require => Package[apache], + } } + } } diff --git a/manifests/debian.pp b/manifests/debian.pp index d009e25..6ae4cee 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -1,44 +1,44 @@ ### debian class apache::debian inherits apache::package { - $config_dir = '/etc/apache2' + $config_dir = '/etc/apache2' - Package[apache] { - name => 'apache2', - } - File[vhosts_dir] { - path => "${config_dir}/sites-enabled", - } - File[modules_dir] { - path => "${config_dir}/mods-enabled", - } - File[htpasswd_dir] { - path => '/var/www/htpasswds', - group => 'www-data', - } - File[default_apache_index] { - path => '/var/www/index.html', - } - file { 'apache_main_config': - path => "${config_dir}/apache2.conf", - source => [ "puppet:///modules/site_apache/config/Debian.${::lsbdistcodename}/${::fqdn}/apache2.conf", - "puppet:///modules/site_apache/config/Debian/${::fqdn}/apache2.conf", - "puppet:///modules/site_apache/config/Debian.${::lsbdistcodename}/apache2.conf", - 'puppet:///modules/site_apache/config/Debian/apache2.conf', - "puppet:///modules/apache/config/Debian.${::lsbdistcodename}/${::fqdn}/apache2.conf", - "puppet:///modules/apache/config/Debian/${::fqdn}/apache2.conf", - "puppet:///modules/apache/config/Debian.${::lsbdistcodename}/apache2.conf", - 'puppet:///modules/apache/config/Debian/apache2.conf' ], - require => Package['apache'], - notify => Service['apache'], - owner => root, - group => 0, - mode => '0644'; - } - apache::config::global{ 'charset': } - apache::config::global{ 'security': } - file { 'default_debian_apache_vhost': - ensure => absent, - path => '/etc/apache2/sites-enabled/000-default', - } + Package[apache] { + name => 'apache2', + } + File[vhosts_dir] { + path => "${config_dir}/sites-enabled", + } + File[modules_dir] { + path => "${config_dir}/mods-enabled", + } + File[htpasswd_dir] { + path => '/var/www/htpasswds', + group => 'www-data', + } + File[default_apache_index] { + path => '/var/www/index.html', + } + file { 'apache_main_config': + path => "${config_dir}/apache2.conf", + source => [ "puppet:///modules/site_apache/config/Debian.${::lsbdistcodename}/${::fqdn}/apache2.conf", + "puppet:///modules/site_apache/config/Debian/${::fqdn}/apache2.conf", + "puppet:///modules/site_apache/config/Debian.${::lsbdistcodename}/apache2.conf", + 'puppet:///modules/site_apache/config/Debian/apache2.conf', + "puppet:///modules/apache/config/Debian.${::lsbdistcodename}/${::fqdn}/apache2.conf", + "puppet:///modules/apache/config/Debian/${::fqdn}/apache2.conf", + "puppet:///modules/apache/config/Debian.${::lsbdistcodename}/apache2.conf", + 'puppet:///modules/apache/config/Debian/apache2.conf' ], + require => Package['apache'], + notify => Service['apache'], + owner => root, + group => 0, + mode => '0644'; + } + apache::config::global{ 'charset': } + apache::config::global{ 'security': } + file { 'default_debian_apache_vhost': + ensure => absent, + path => '/etc/apache2/sites-enabled/000-default', + } } diff --git a/manifests/defaultphpdirs.pp b/manifests/defaultphpdirs.pp index 5485241..595744b 100644 --- a/manifests/defaultphpdirs.pp +++ b/manifests/defaultphpdirs.pp @@ -15,9 +15,9 @@ class apache::defaultphpdirs { mode => '0755'; } - if $::selinux != 'false' { - $seltype_rw = $::lsbmajdistrelease ? { - 5 => 'httpd_sys_script_rw_t', + if str2bool($::selinux) { + $seltype_rw = $::operatingsystemmajrelease ? { + 5 => 'httpd_sys_script_rw_t', default => 'httpd_sys_rw_content_t' } selinux::fcontext{ diff --git a/manifests/file/rw.pp b/manifests/file/rw.pp index 87b666f..0f258bf 100644 --- a/manifests/file/rw.pp +++ b/manifests/file/rw.pp @@ -1,12 +1,13 @@ +# a file that is writable by apache define apache::file::rw( - $owner = root, - $group = 0, - $mode = 0660 + $owner = root, + $group = 0, + $mode = '0660', ) { - apache::file{$name: - owner => $owner, - group => $group, - mode => $mode, - } + apache::file{$name: + owner => $owner, + group => $group, + mode => $mode, + } } diff --git a/manifests/gentoo.pp b/manifests/gentoo.pp index 86be087..3a13977 100644 --- a/manifests/gentoo.pp +++ b/manifests/gentoo.pp @@ -1,34 +1,39 @@ ### gentoo class apache::gentoo inherits apache::package { - $config_dir = '/etc/apache2' + $config_dir = '/etc/apache2' - # needs module gentoo - gentoo::etcconfd { - apache2: require => "Package[apache]", - notify => Service[apache], - } - Package[apache]{ - category => 'www-servers', - } - File[vhosts_dir]{ - path => "$config_dir/vhosts.d", - } - File[modules_dir]{ - path => "$config_dir/modules.d", - } + # needs module gentoo + gentoo::etcconfd { + 'apache2': + require => Package['apache'], + notify => Service['apache'], + } + Package['apache']{ + category => 'www-servers', + } + File[vhosts_dir]{ + path => "${config_dir}/vhosts.d", + } + File[modules_dir]{ + path => "${config_dir}/modules.d", + } - apache::gentoo::module { '00_default_settings': } - apache::gentoo::module { '00_error_documents': } - apache::config::file { 'default_vhost.include': - source => "apache/vhosts.d/default_vhost.include", - destination => "$config_dir/vhosts.d/default_vhost.include", - } + apache::gentoo::module{ + '00_default_settings':; + '00_error_documents':; + } + apache::config::file { 'default_vhost.include': + source => 'apache/vhosts.d/default_vhost.include', + destination => "${config_dir}/vhosts.d/default_vhost.include", + } - # set the default for the ServerName - file{"${config_dir}/modules.d/00_default_settings_ServerName.conf": - content => "ServerName ${::fqdn}\n", - require => Package[apache], - owner => root, group => 0, mode => 0644; - } + # set the default for the ServerName + file{"${config_dir}/modules.d/00_default_settings_ServerName.conf": + content => "ServerName ${::fqdn}\n", + require => Package[apache], + owner => root, + group => 0, + mode => '0644'; + } } diff --git a/manifests/init.pp b/manifests/init.pp index 542e7aa..1079d85 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -3,7 +3,7 @@ # # Copyright 2008, admin(at)immerda.ch # Copyright 2008, Puzzle ITC GmbH -# Marcel Härry haerry+puppet(at)puzzle.ch +# Marcel Haerry haerry+puppet(at)puzzle.ch # Simon Josi josi+puppet(at)puzzle.ch # # This program is free software; you can redistribute @@ -14,11 +14,15 @@ # manage a simple apache class apache( - $cluster_node = '', - $manage_shorewall = false, - $manage_munin = false, - $no_default_site = false, - $ssl = false + $cluster_node = '', + $manage_shorewall = false, + $manage_munin = false, + $no_default_site = false, + $ssl = false, + $default_ssl_certificate_file = absent, + $default_ssl_certificate_key_file = absent, + $default_ssl_certificate_chain_file = absent, + $ssl_cipher_suite = $certs::ssl_config::ciphers_http ) { case $::operatingsystem { centos: { include apache::centos } diff --git a/manifests/mozilla_autoconfig.pp b/manifests/mozilla_autoconfig.pp new file mode 100644 index 0000000..f16e5ec --- /dev/null +++ b/manifests/mozilla_autoconfig.pp @@ -0,0 +1,37 @@ +# setup autoconfig infos +# +# this will create a global autoconfig file, that maps +# any of your hosted domains on this host to a certain +# provider configuration. Which means, that you get a zero +# setup autoconfig for any domain that you host the website +# and the emails for. +# By default you only need to define the provider, which +# is usually your main domain. Everything else should be +# derived from that. +# You can however still fine tune things from it. +class apache::mozilla_autoconfig( + $provider, + $display_name = undef, + $shortname = undef, + $imap_server = undef, + $pop_server = undef, + $smtp_server = undef, + $documentation_url = undef, +) { + apache::config::global { 'mozilla_autoconfig.conf': } + + file{ + '/var/www/autoconfig': + ensure => directory, + require => Package['apache'], + owner => root, + group => apache, + mode => '0640'; + '/var/www/autoconfig/config.shtml': + content => template('apache/webfiles/autoconfig/config.shtml.erb'), + owner => root, + group => apache, + mode => '0640', + before => Service['apache'], + } +} diff --git a/manifests/munin.pp b/manifests/munin.pp index 2a04e97..46af172 100644 --- a/manifests/munin.pp +++ b/manifests/munin.pp @@ -1,7 +1,8 @@ # manage apache monitoring things class apache::munin { - - include perl::extensions::libwww + if $::osfamily == 'Debian' { + include perl::extensions::libwww + } munin::plugin{ [ 'apache_accesses', 'apache_processes', 'apache_volume' ]: } munin::plugin::deploy { 'apache_activity': diff --git a/manifests/openbsd.pp b/manifests/openbsd.pp index 1ba58f4..96a216a 100644 --- a/manifests/openbsd.pp +++ b/manifests/openbsd.pp @@ -1,67 +1,75 @@ ### openbsd class apache::openbsd inherits apache::base { - $config_dir = '/var/www' + $config_dir = '/var/www' - File[vhosts_dir]{ - path => "$config_dir/vhosts.d", - } - File[modules_dir]{ - path => "$config_dir/conf/modules", - } - File[config_dir]{ - path => "$config_dir/conf.d", - } - File[include_dir]{ - path => "$config_dir/include.d", - } - File['htpasswd_dir']{ - group => www, - } - File[web_dir]{ - group => daemon, - } - file_line{'enable_apache_on_boot': - path => '/etc/rc.conf.local', - line => 'httpd flags=""', - } - file{'apache_main_config': - path => "${config_dir}/conf/httpd.conf", - source => [ "puppet:///modules/site_apache/config/OpenBSD/${::fqdn}/httpd.conf", - "puppet:///modules/site_apache/config/OpenBSD/${apache::cluster_node}/httpd.conf", - "puppet:///modules/site_apache/config/OpenBSD//httpd.conf", - "puppet:///modules/apache/config/OpenBSD/httpd.conf" ], - notify => Service['apache'], - owner => root, group => 0, mode => 0644; - } - File[default_apache_index] { - path => '/var/www/htdocs/default/www/index.html', - } - file{'/opt/bin/restart_apache.sh': - source => "puppet:///modules/apache/scripts/OpenBSD/bin/restart_apache.sh", - require => File['/opt/bin'], - owner => root, group => 0, mode => 0700; - } + File[vhosts_dir]{ + path => "${config_dir}/vhosts.d", + } + File[modules_dir]{ + path => "${config_dir}/conf/modules", + } + File[config_dir]{ + path => "${config_dir}/conf.d", + } + File[include_dir]{ + path => "${config_dir}/include.d", + } + File['htpasswd_dir']{ + group => www, + } + File[web_dir]{ + group => daemon, + } + file_line{'enable_apache_on_boot': + path => '/etc/rc.conf.local', + line => 'httpd flags=""', + } + file{'apache_main_config': + path => "${config_dir}/conf/httpd.conf", + source => ["puppet:///modules/site_apache/config/OpenBSD/${::fqdn}/httpd.conf", + "puppet:///modules/site_apache/config/OpenBSD/${apache::cluster_node}/httpd.conf", + 'puppet:///modules/site_apache/config/OpenBSD//httpd.conf', + 'puppet:///modules/apache/config/OpenBSD/httpd.conf' ], + notify => Service['apache'], + owner => root, + group => 0, + mode => '0644'; + } + File[default_apache_index] { + path => '/var/www/htdocs/default/www/index.html', + } + file{'/opt/bin/restart_apache.sh': + source => 'puppet:///modules/apache/scripts/OpenBSD/bin/restart_apache.sh', + require => File['/opt/bin'], + owner => root, + group => 0, + mode => '0700'; + } - ::apache::vhost::webdir{'default': } + ::apache::vhost::webdir{'default': + datadir => false, + } - Service['apache']{ - restart => '/opt/bin/restart_apache.sh', - status => 'apachectl status', - start => 'apachectl start', - stop => 'apachectl stop', - } - file{'/opt/bin/apache_logrotate.sh': - source => "puppet:///modules/apache/scripts/OpenBSD/bin/apache_logrotate.sh", - require => File['/opt/bin'], - owner => root, group => 0, mode => 0700; - } - cron { 'update_apache_logrotation': - command => '/bin/sh /opt/bin/apache_logrotate.sh > /etc/newsyslog_apache.conf', - minute => '1', - hour => '1', - } - cron { 'run_apache_logrotation': - command => '/usr/bin/newsyslog -f /etc/newsyslog_apache.conf > /dev/null', - minute => '10', - } + Service['apache']{ + restart => '/opt/bin/restart_apache.sh', + status => 'apachectl status', + start => 'apachectl start', + stop => 'apachectl stop', + } + file{'/opt/bin/apache_logrotate.sh': + source => 'puppet:///modules/apache/scripts/OpenBSD/bin/apache_logrotate.sh', + require => File['/opt/bin'], + owner => root, + group => 0, + mode => '0700'; + } + cron { 'update_apache_logrotation': + command => '/bin/sh /opt/bin/apache_logrotate.sh > /etc/newsyslog_apache.conf', + minute => '1', + hour => '1', + } + cron { 'run_apache_logrotation': + command => '/usr/bin/newsyslog -f /etc/newsyslog_apache.conf > /dev/null', + minute => '10', + } } diff --git a/manifests/ssl/base.pp b/manifests/ssl/base.pp index 7c17423..3f32913 100644 --- a/manifests/ssl/base.pp +++ b/manifests/ssl/base.pp @@ -1,7 +1,15 @@ -class apache::ssl::base { - ::apache::config::include{ 'ssl_defaults.inc': } +# basic defaults for ssl support +class apache::ssl::base ( +) { + apache::config::include { + 'ssl_defaults.inc': + content => template('apache/include.d/ssl_defaults.inc.erb'); + } if !$apache::no_default_site { - ::apache::vhost::file{ '0-default_ssl': } + apache::vhost::file{ + '0-default_ssl': + content => template('apache/vhosts/0-default_ssl.conf.erb'); + } } } diff --git a/manifests/status/debian.pp b/manifests/status/debian.pp index 678bc44..222b85c 100644 --- a/manifests/status/debian.pp +++ b/manifests/status/debian.pp @@ -1,3 +1,4 @@ +# enable status module on debian class apache::status::debian { ::apache::debian::module { 'status': } } diff --git a/manifests/vhost.pp b/manifests/vhost.pp index dcb26a2..da1ce90 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -29,94 +29,99 @@ # - true: activate mod_security # define apache::vhost( - $ensure = present, - $path = 'absent', - $path_is_webdir = false, - $logpath = 'absent', - $logmode = 'default', - $vhost_mode = 'template', - $template_partial = 'apache/vhosts/static/partial.erb', - $vhost_source = 'absent', - $vhost_destination = 'absent', - $content = 'absent', - $domain = 'absent', - $domainalias = 'absent', - $server_admin = 'absent', - $allow_override = 'None', - $php_settings = {}, - $php_options = {}, - $cgi_binpath = 'absent', - $default_charset = 'absent', - $do_includes = false, - $options = 'absent', - $additional_options = 'absent', - $run_mode = 'normal', - $run_uid = 'absent', - $run_gid = 'absent', - $ssl_mode = false, - $htpasswd_file = 'absent', - $htpasswd_path = 'absent', - $mod_security = true, - $mod_security_relevantonly = true, - $mod_security_rules_to_disable = [], - $mod_security_additional_options = 'absent', - $use_mod_macro = false, - $ldap_auth = false, - $ldap_user = 'any', - $passing_extension = 'absent', - $gempath = 'absent' + $ensure = present, + $configuration = {}, + $path = 'absent', + $path_is_webdir = false, + $logpath = 'absent', + $logmode = 'default', + $logprefix = '', + $vhost_mode = 'template', + $template_partial = 'apache/vhosts/static/partial.erb', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $content = 'absent', + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $allow_override = 'None', + $php_settings = {}, + $php_options = {}, + $cgi_binpath = 'absent', + $default_charset = 'absent', + $do_includes = false, + $options = 'absent', + $additional_options = 'absent', + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $ssl_mode = false, + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $mod_security = true, + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', + $use_mod_macro = false, + $ldap_auth = false, + $ldap_user = 'any', + $passing_extension = 'absent', + $gempath = 'absent' ) { # file or template mode? case $vhost_mode { 'file': { apache::vhost::file{$name: - ensure => $ensure, - vhost_source => $vhost_source, + ensure => $ensure, + configuration => $configuration, + vhost_source => $vhost_source, vhost_destination => $vhost_destination, - do_includes => $do_includes, - run_mode => $run_mode, - mod_security => $mod_security, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - use_mod_macro => $use_mod_macro, + do_includes => $do_includes, + run_mode => $run_mode, + mod_security => $mod_security, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + use_mod_macro => $use_mod_macro, } } 'template': { apache::vhost::template{$name: - ensure => $ensure, - path => $path, - path_is_webdir => $path_is_webdir, - logpath => $logpath, - logmode => $logmode, - domain => $domain, - domainalias => $domainalias, - server_admin => $server_admin, - cgi_binpath => $cgi_binpath, - allow_override => $allow_override, - do_includes => $do_includes, - options => $options, - additional_options => $additional_options, - default_charset => $default_charset, - php_settings => $php_settings, - php_options => $php_options, - run_mode => $run_mode, - run_uid => $run_uid, - run_gid => $run_gid, - template_partial => $template_partial, - ssl_mode => $ssl_mode, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - ldap_auth => $ldap_auth, - ldap_user => $ldap_user, - mod_security => $mod_security, - mod_security_relevantonly => $mod_security_relevantonly, - mod_security_rules_to_disable => $mod_security_rules_to_disable, + ensure => $ensure, + configuration => $configuration, + path => $path, + path_is_webdir => $path_is_webdir, + logpath => $logpath, + logmode => $logmode, + logprefix => $logprefix, + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + cgi_binpath => $cgi_binpath, + allow_override => $allow_override, + do_includes => $do_includes, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + php_settings => $php_settings, + php_options => $php_options, + run_mode => $run_mode, + run_uid => $run_uid, + run_gid => $run_gid, + template_partial => $template_partial, + ssl_mode => $ssl_mode, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + ldap_auth => $ldap_auth, + ldap_user => $ldap_user, + mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, mod_security_additional_options => $mod_security_additional_options, - use_mod_macro => $use_mod_macro, - passing_extension => $passing_extension, - gempath => $gempath, + use_mod_macro => $use_mod_macro, + passing_extension => $passing_extension, + gempath => $gempath, } } - default: { fail("no such vhost_mode: $vhost_mode defined for $name.") } + default: { fail("No such vhost_mode: ${vhost_mode} defined for ${name}.") } } } diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp index b42c4ce..686cb1a 100644 --- a/manifests/vhost/file.pp +++ b/manifests/vhost/file.pp @@ -33,42 +33,46 @@ # - semianonym: Don't log ips for CustomLog, log normal ErrorLog # # -# mod_security: Whether we use mod_security or not (will include mod_security module) +# mod_security: Whether we use mod_security or not +# (will include mod_security module) # - false: (*default*) don't activate mod_security # - true: activate mod_security # define apache::vhost::file( - $ensure = present, - $vhost_source = 'absent', - $vhost_destination = 'absent', - $content = 'absent', - $do_includes = false, - $run_mode = 'normal', - $logmode = 'default', - $ssl_mode = false, - $mod_security = false, - $htpasswd_file = 'absent', - $htpasswd_path = 'absent', - $use_mod_macro = false + $ensure = present, + $configuration = {}, + $vhost_source = 'absent', + $vhost_destination = 'absent', + $content = 'absent', + $do_includes = false, + $run_mode = 'normal', + $logmode = 'default', + $ssl_mode = false, + $mod_security = false, + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $use_mod_macro = false ){ $vhosts_dir = $::operatingsystem ? { - centos => "${apache::centos::config_dir}/vhosts.d", - gentoo => "${apache::gentoo::config_dir}/vhosts.d", - debian => "${apache::debian::config_dir}/sites-enabled", - ubuntu => "${apache::ubuntu::config_dir}/sites-enabled", + centos => "${apache::centos::config_dir}/vhosts.d", + gentoo => "${apache::gentoo::config_dir}/vhosts.d", + debian => "${apache::debian::config_dir}/sites-enabled", + ubuntu => "${apache::ubuntu::config_dir}/sites-enabled", openbsd => "${apache::openbsd::config_dir}/vhosts.d", default => '/etc/apache2/vhosts.d', } $real_vhost_destination = $vhost_destination ? { - 'absent' => "${vhosts_dir}/${name}.conf", - default => $vhost_destination, + 'absent' => "${vhosts_dir}/${name}.conf", + default => $vhost_destination, } file{"${name}.conf": - ensure => $ensure, - path => $real_vhost_destination, + ensure => $ensure, + path => $real_vhost_destination, require => File[vhosts_dir], - notify => Service[apache], - owner => root, group => 0, mode => 0644; + notify => Service[apache], + owner => root, + group => 0, + mode => '0644'; } if $ensure != 'absent' { if $do_includes { @@ -99,11 +103,11 @@ define apache::vhost::file( $real_vhost_source = $vhost_source ? { 'absent' => [ "puppet:///modules/site_apache/vhosts.d/${::fqdn}/${name}.conf", - "puppet:///modules/site_apache/vhosts.d/{$apache::cluster_node}/${name}.conf", - "puppet:///modules/site_apache/vhosts.d/${::operatingsystem}.${::lsbdistcodename}/${name}.conf", + "puppet:///modules/site_apache/vhosts.d/${apache::cluster_node}/${name}.conf", + "puppet:///modules/site_apache/vhosts.d/${::operatingsystem}.${::operatingsystemmajrelease}/${name}.conf", "puppet:///modules/site_apache/vhosts.d/${::operatingsystem}/${name}.conf", "puppet:///modules/site_apache/vhosts.d/${name}.conf", - "puppet:///modules/apache/vhosts.d/${::operatingsystem}.${::lsbdistcodename}/${name}.conf", + "puppet:///modules/apache/vhosts.d/${::operatingsystem}.${::operatingsystemmajrelease}/${name}.conf", "puppet:///modules/apache/vhosts.d/${::operatingsystem}/${name}.conf", "puppet:///modules/apache/vhosts.d/${name}.conf" ], @@ -133,10 +137,12 @@ define apache::vhost::file( } if ($ensure!='absent') { File[$real_htpasswd_path]{ - source => [ "puppet:///modules/site_apache/htpasswds/${::fqdn}/${name}", + source => [ "puppet:///modules/site_apache/htpasswds/${::fqdn}/${name}", "puppet:///modules/site_apache/htpasswds/${apache::cluster_node}/${name}", "puppet:///modules/site_apache/htpasswds/${name}" ], - owner => root, group => 0, mode => 0644, + owner => root, + group => 0, + mode => '0644', } } } diff --git a/manifests/vhost/file/documentrootfile.pp b/manifests/vhost/file/documentrootfile.pp index 610d71c..c5bc72a 100644 --- a/manifests/vhost/file/documentrootfile.pp +++ b/manifests/vhost/file/documentrootfile.pp @@ -1,25 +1,27 @@ +# place a file in the documentroot define apache::vhost::file::documentrootfile( - $documentroot, - $filename, - $thedomain, - $owner='root', - $group='0', - $mode=440 + $documentroot, + $filename, + $thedomain, + $owner = 'root', + $group = '0', + $mode = '0440', ){ file{"${documentroot}/${filename}": source => [ "puppet:///modules/site_apache/vhost_varieties/${::fqdn}/${thedomain}/${filename}", "puppet:///modules/site_apache/vhost_varieties/${apache::cluster_node}/${thedomain}/${filename}", - "puppet:///modules/site_apache/vhost_varieties/${::operatingsystem}.${::lsbdistcodename}/${thedomain}/${filename}", + "puppet:///modules/site_apache/vhost_varieties/${::operatingsystem}.${::operatingsystemmajrelease}/${thedomain}/${filename}", "puppet:///modules/site_apache/vhost_varieties/${::operatingsystem}/${thedomain}/${filename}", "puppet:///modules/site_apache/vhost_varieties/${thedomain}/${filename}", "puppet:///modules/apache/vhost_varieties/${thedomain}/${filename}", - "puppet:///modules/apache/vhost_varieties/${::operatingsystem}.${::lsbdistcodename}/${thedomain}/${filename}", + "puppet:///modules/apache/vhost_varieties/${::operatingsystem}.${::operatingsystemmajrelease}/${thedomain}/${filename}", "puppet:///modules/apache/vhost_varieties/${::operatingsystem}/${thedomain}/${filename}", - "puppet:///modules/apache/vhost_varieties/${thedomain}/${filename}" - ], - ensure => file, + "puppet:///modules/apache/vhost_varieties/${thedomain}/${filename}", + ], require => Apache::Vhost::Webdir[$thedomain], - owner => $owner, group => $group, mode => $mode; + owner => $owner, + group => $group, + mode => $mode; } } diff --git a/manifests/vhost/gitweb.pp b/manifests/vhost/gitweb.pp index dab4983..6dd8643 100644 --- a/manifests/vhost/gitweb.pp +++ b/manifests/vhost/gitweb.pp @@ -6,6 +6,7 @@ # define apache::vhost::gitweb( $ensure = present, + $configuration = {}, $domain = 'absent', $logmode = 'default', $domainalias = 'absent', @@ -28,6 +29,7 @@ define apache::vhost::gitweb( # create vhost configuration file ::apache::vhost{$name: ensure => $ensure, + configuration => $configuration, path => '/var/www/git', path_is_webdir => true, logpath => $::operatingsystem ? { diff --git a/manifests/vhost/modperl.pp b/manifests/vhost/modperl.pp index c93e6cf..31e46b6 100644 --- a/manifests/vhost/modperl.pp +++ b/manifests/vhost/modperl.pp @@ -27,6 +27,7 @@ # define apache::vhost::modperl( $ensure = present, + $configuration = configuration, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', @@ -120,6 +121,7 @@ define apache::vhost::modperl( # create vhost configuration file ::apache::vhost{$name: ensure => $ensure, + configuration => $configuration, path => $path, logmode => $logmode, vhost_mode => $vhost_mode, diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index 6886f13..4621890 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -14,6 +14,7 @@ # define apache::vhost::passenger( $ensure = present, + $configuration = {}, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', @@ -105,6 +106,7 @@ define apache::vhost::passenger( # create vhost configuration file ::apache::vhost{$name: ensure => $ensure, + configuration => $configuration, path => "${real_path}/www/public", path_is_webdir => true, template_partial => $template_partial, diff --git a/manifests/vhost/php/drupal.pp b/manifests/vhost/php/drupal.pp index 4025ada..5b15e6a 100644 --- a/manifests/vhost/php/drupal.pp +++ b/manifests/vhost/php/drupal.pp @@ -32,109 +32,113 @@ # - semianonym: Don't log ips for CustomLog, log normal ErrorLog # define apache::vhost::php::drupal( - $ensure = present, - $domain = 'absent', - $domainalias = 'absent', - $server_admin = 'absent', - $logmode = 'default', - $path = 'absent', - $owner = root, - $group = apache, - $documentroot_owner = apache, - $documentroot_group = 0, - $documentroot_mode = 0640, - $run_mode = 'normal', - $run_uid = 'absent', - $run_gid = 'absent', - $allow_override = 'None', - $php_settings = {}, - $php_options = {}, - $do_includes = false, - $options = 'absent', - $additional_options = 'absent', - $default_charset = 'absent', - $mod_security = true, - $mod_security_relevantonly = true, - $mod_security_rules_to_disable = [], - $mod_security_additional_options = 'absent', - $ssl_mode = false, - $vhost_mode = 'template', - $template_partial = 'apache/vhosts/php_drupal/partial.erb', - $vhost_source = 'absent', - $vhost_destination = 'absent', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent', - $manage_directories = true, - $config_webwriteable = false, - $manage_config = true, - $manage_cron = true + $ensure = present, + $configuration = {}, + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $logmode = 'default', + $path = 'absent', + $owner = root, + $group = apache, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = '0640', + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $allow_override = 'None', + $php_settings = {}, + $php_options = {}, + $do_includes = false, + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $mod_security = true, + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', + $ssl_mode = false, + $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_drupal/partial.erb', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $manage_directories = true, + $config_webwriteable = false, + $manage_config = true, + $manage_cron = true ){ - $documentroot = $path ? { - 'absent' => $::operatingsystem ? { - openbsd => "/var/www/htdocs/${name}/www", - default => "/var/www/vhosts/${name}/www" - }, - default => "${path}/www" - } - - if $manage_cron { - if $domain == 'absent' { - $real_domain = $name - } else { - $real_domain = $domain - } + $documentroot = $path ? { + 'absent' => $::operatingsystem ? { + openbsd => "/var/www/htdocs/${name}/www", + default => "/var/www/vhosts/${name}/www" + }, + default => "${path}/www" + } - file{"/etc/cron.d/drupal_cron_${name}": - content => "0 * * * * apache wget -O - -q -t 1 http://${real_domain}/cron.php\n", - owner => root, group => 0, mode => 0644; - } + if $manage_cron { + if $domain == 'absent' { + $real_domain = $name + } else { + $real_domain = $domain } - $std_drupal_php_settings = { - magic_quotes_gpc => 0, - register_globals => 0, - 'session.auto_start' => 0, - 'mbstring.http_input' => 'pass', - 'mbstring.http_output' => 'pass', - 'mbstring.encoding_translation' => 0, + file{"/etc/cron.d/drupal_cron_${name}": + content => "0 * * * * apache wget -O - -q -t 1 http://${real_domain}/cron.php\n", + owner => root, + group => 0, + mode => '0644'; } + } - # create vhost configuration file - ::apache::vhost::php::webapp{$name: - ensure => $ensure, - domain => $domain, - domainalias => $domainalias, - server_admin => $server_admin, - logmode => $logmode, - path => $path, - owner => $owner, - group => $group, - documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, - documentroot_mode => $documentroot_mode, - run_mode => $run_mode, - run_uid => $run_uid, - run_gid => $run_gid, - allow_override => $allow_override, - php_settings =>merge($std_drupal_php_settings, $php_settings), - php_options => $php_options, - do_includes => $do_includes, - options => $options, - additional_options => $additional_options, - default_charset => $default_charset, - mod_security => $mod_security, - mod_security_relevantonly => $mod_security_relevantonly, - mod_security_rules_to_disable => $mod_security_rules_to_disable, - mod_security_additional_options => $mod_security_additional_options, - ssl_mode => $ssl_mode, - vhost_mode => $vhost_mode, - template_partial => $template_partial, - vhost_source => $vhost_source, - vhost_destination => $vhost_destination, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - manage_directories => false, - manage_config => false, - } + $std_drupal_php_settings = { + magic_quotes_gpc => 0, + register_globals => 0, + 'session.auto_start' => 0, + 'mbstring.http_input' => 'pass', + 'mbstring.http_output' => 'pass', + 'mbstring.encoding_translation' => 0, + } + + # create vhost configuration file + ::apache::vhost::php::webapp{$name: + ensure => $ensure, + configuration => $configuration, + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + logmode => $logmode, + path => $path, + owner => $owner, + group => $group, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + run_gid => $run_gid, + allow_override => $allow_override, + php_settings => merge($std_drupal_php_settings, $php_settings), + php_options => $php_options, + do_includes => $do_includes, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, + ssl_mode => $ssl_mode, + vhost_mode => $vhost_mode, + template_partial => $template_partial, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + manage_directories => false, + manage_config => false, + } } diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp index d1876ff..3acb011 100644 --- a/manifests/vhost/php/gallery2.pp +++ b/manifests/vhost/php/gallery2.pp @@ -31,151 +31,111 @@ # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::gallery2( - $ensure = present, - $domain = 'absent', - $domainalias = 'absent', - $server_admin = 'absent', - $logmode = 'default', - $path = 'absent', - $owner = root, - $group = apache, - $documentroot_owner = apache, - $documentroot_group = 0, - $documentroot_mode = 0640, - $run_mode = 'normal', - $run_uid = 'absent', - $run_gid = 'absent', - $allow_override = 'None', - $php_settings = {}, - $php_options = {}, - $do_includes = false, - $options = 'absent', - $additional_options = 'absent', - $default_charset = 'absent', - $mod_security = false, - $mod_security_relevantonly = true, - $mod_security_rules_to_disable = [], - $mod_security_additional_options = 'absent', - $ssl_mode = false, - $vhost_mode = 'template', - $template_partial = 'apache/vhosts/php_gallery2/partial.erb', - $vhost_source = 'absent', - $vhost_destination = 'absent', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent', - $manage_config = true, - $config_webwriteable = false, - $manage_directories = true, - $upload_dir = 'present' + $ensure = present, + $configuration = {}, + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $logmode = 'default', + $path = 'absent', + $owner = root, + $group = apache, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = 0640, + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $allow_override = 'None', + $php_settings = {}, + $php_options = {}, + $do_includes = false, + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $mod_security = false, + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', + $ssl_mode = false, + $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_gallery2/partial.erb', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $manage_config = true, + $config_webwriteable = false, + $manage_directories = true, ){ - $documentroot = $path ? { - 'absent' => $::operatingsystem ? { - openbsd => "/var/www/htdocs/${name}/www", - default => "/var/www/vhosts/${name}/www" - }, - default => "${path}/www" - } - $gdatadir = $path ? { - 'absent' => $::operatingsystem ? { - openbsd => "/var/www/htdocs/${name}/g2data", - default => "/var/www/vhosts/${name}/g2data" - }, - default => "${path}/g2data" - } - if ($upload_dir == 'present') or ($upload_dir == 'absent') { - $real_upload_dir = $::operatingsystem ? { - openbsd => "/var/www/htdocs/${name}/upload", - default => "/var/www/vhosts/${name}/upload" - } - } else { - $real_upload_dir = $upload_dir - } + $documentroot = $path ? { + 'absent' => $::operatingsystem ? { + openbsd => "/var/www/htdocs/${name}/www", + default => "/var/www/vhosts/${name}/www" + }, + default => "${path}/www" + } + $upload_dir = "/var/www/vhosts/${name}/data/upload" + $gdata_dir = "/var/www/vhosts/${name}/data/gdata" + if $ensure != 'absent' { file{ - $gdatadir: - ensure => $ensure ? { - 'present' => directory, - default => absent - }, - owner => $documentroot_owner, group => $documentroot_group, mode => 0660; - $real_upload_dir: - owner => $documentroot_owner, group => $documentroot_group, mode => 0660; - } - if ($ensure == 'absent') or ($upload_dir == 'absent') { - File[$real_upload_dir]{ - ensure => absent, - purge => true, - force => true, - recurse => true - } - } else { - File[$real_upload_dir]{ - ensure => directory - } - } - - $gallery_php_settings = { - safe_mode => 'Off', - output_buffering => 'Off', + $gdata_dir: + ensure => 'directory', + owner => $documentroot_owner, + group => $documentroot_group, + mode => '0660'; + $upload_dir: + ensure => 'directory', + owner => $documentroot_owner, + group => $documentroot_group, + mode => '0660'; } + } - # php upload_tmp_dir - case $php_settings[upload_tmp_dir] { - '',undef: { - $php_settings[upload_tmp_dir] = "/var/www/upload_tmp_dir/$name" - } - } - # php session_save_path - case $php_settings['session.save_path'] { - '',undef: { - $php_settings['session.save_path'] = "/var/www/session.save_path/$name" - } - } - - if $upload_dir != 'absent' { - $gallery_php_settings[open_basedir] = "${documentroot}:${php_settings[upload_tmp_dir]}:${php_settings['session.save_path']}:${gdatadir}:${real_upload_dir}" - } else { - $gallery_php_settings[open_basedir] = "${documentroot}:${php_settings[upload_tmp_dir]}:${php_settings['session.save_path']}:${gdatadir}" - } - - $real_php_settings = merge($gallery_php_settings,$php_settings) + $gallery_php_settings = { + safe_mode => 'Off', + output_buffering => 'Off', + } + $real_php_settings = merge($gallery_php_settings,$php_settings) - # create vhost configuration file - ::apache::vhost::php::webapp{$name: - ensure => $ensure, - domain => $domain, - domainalias => $domainalias, - server_admin => $server_admin, - logmode => $logmode, - path => $path, - owner => $owner, - group => $group, - documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, - documentroot_mode => $documentroot_mode, - run_mode => $run_mode, - run_uid => $run_uid, - run_gid => $run_gid, - allow_override => $allow_override, - php_settings => $real_php_settings, - php_options => $php_options, - do_includes => $do_includes, - options => $options, - additional_options => $additional_options, - default_charset => $default_charset, - mod_security => $mod_security, - mod_security_relevantonly => $mod_security_relevantonly, - mod_security_rules_to_disable => $mod_security_rules_to_disable, - mod_security_additional_options => $mod_security_additional_options, - ssl_mode => $ssl_mode, - vhost_mode => $vhost_mode, - template_partial => $template_partial, - vhost_source => $vhost_source, - vhost_destination => $vhost_destination, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - manage_directories => $manage_directories, - manage_config => $manage_config, - config_file => 'config.php', - } + # create vhost configuration file + ::apache::vhost::php::webapp{$name: + ensure => $ensure, + configuration => $configuration, + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + logmode => $logmode, + path => $path, + owner => $owner, + group => $group, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + run_gid => $run_gid, + allow_override => $allow_override, + php_settings => $real_php_settings, + php_options => $php_options, + do_includes => $do_includes, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, + ssl_mode => $ssl_mode, + vhost_mode => $vhost_mode, + template_partial => $template_partial, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + manage_directories => $manage_directories, + manage_config => $manage_config, + config_file => 'config.php', + } } diff --git a/manifests/vhost/php/global_exec_bin_dir.pp b/manifests/vhost/php/global_exec_bin_dir.pp index cbb9803..efcdaf7 100644 --- a/manifests/vhost/php/global_exec_bin_dir.pp +++ b/manifests/vhost/php/global_exec_bin_dir.pp @@ -1,6 +1,9 @@ +# manage global exec_bin_dir class apache::vhost::php::global_exec_bin_dir { file{'/var/www/php_safe_exec_bins': - ensure => directory, - owner => root, group => apache, mode => 0640; + ensure => directory, + owner => root, + group => apache, + mode => '0640'; } } diff --git a/manifests/vhost/php/joomla.pp b/manifests/vhost/php/joomla.pp index 3962efa..ed0696f 100644 --- a/manifests/vhost/php/joomla.pp +++ b/manifests/vhost/php/joomla.pp @@ -1,21 +1,26 @@ -# run_mode: controls in which mode the vhost should be run, there are different setups -# possible: -# - normal: (*default*) run vhost with the current active worker (default: prefork) don't -# setup anything special -# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination -# with 'proxy-itk' & 'static-itk' mode) -# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the -# requests for the itk setup, that listens only on the loobpack device. -# (Incompatibility: cannot be used in combination with the itk setup.) -# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static -# content and proxies the dynamic calls to the itk setup, that listens only on -# the loobpack device (Incompatibility: cannot be used in combination with -# 'itk' mode) +# run_mode: controls in which mode the vhost should be run, there are different +# setups possible: +# - normal: (*default*) run vhost with the current active worker +# (default: prefork) don't setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in +# combination with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just +# proxies all the requests for the itk setup, that listens only +# on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk +# setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves +# all the static +# content and proxies the dynamic calls to the itk setup, that +# listens only on the loobpack device +# (Incompatibility: cannot be used in combination with 'itk' +# mode) # # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module # -# mod_security: Whether we use mod_security or not (will include mod_security module) +# mod_security: Whether we use mod_security or not (will include mod_security +# module) # - false: don't activate mod_security # - true: (*default*) activate mod_security # @@ -25,41 +30,43 @@ # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::joomla( - $ensure = present, - $domain = 'absent', - $domainalias = 'absent', - $server_admin = 'absent', - $logmode = 'default', - $path = 'absent', - $owner = root, - $group = apache, - $documentroot_owner = apache, - $documentroot_group = 0, - $documentroot_mode = '0640', - $run_mode = 'normal', - $run_uid = 'absent', - $run_gid = 'absent', - $allow_override = 'None', - $php_settings = {}, - $php_options = {}, - $do_includes = false, - $options = 'absent', - $additional_options = 'absent', - $default_charset = 'absent', - $mod_security = true, - $mod_security_relevantonly = true, - $mod_security_rules_to_disable = [], - $mod_security_additional_options = 'absent', - $ssl_mode = false, - $vhost_mode = 'template', - $template_partial = 'apache/vhosts/php_joomla/partial.erb', - $vhost_source = 'absent', - $vhost_destination = 'absent', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent', - $manage_config = true, - $config_webwriteable = false, - $manage_directories = true + $ensure = present, + $configuration = {}, + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $logmode = 'default', + $path = 'absent', + $owner = root, + $group = apache, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = '0640', + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $allow_override = 'None', + $php_settings = {}, + $php_options = {}, + $php_installation = 'system', + $do_includes = false, + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $mod_security = true, + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', + $ssl_mode = false, + $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_joomla/partial.erb', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $manage_config = true, + $config_webwriteable = false, + $manage_directories = true ){ include ::apache::include::joomla @@ -73,34 +80,41 @@ define apache::vhost::php::joomla( if $mod_security_additional_options == 'absent' { $id_str = $::operatingsystem ? { - 'CentOS' => $::lsbmajdistrelease ? { + 'CentOS' => $::operatingsystemmajrelease ? { 5 => '', default => 'id:1199400,' }, default => '' } - $real_mod_security_additional_options = "# http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html - # Exceptions for Joomla Root Directory - <LocationMatch \"^/\"> - SecRuleRemoveById 950013 - </LocationMatch> + $real_mod_security_additional_options = " + # http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + # Exceptions for Joomla Root Directory + <LocationMatch \"^/\"> + SecRuleRemoveById 950013 + </LocationMatch> - # Exceptions for Joomla Administration Panel - SecRule REQUEST_FILENAME \"/administrator/index2.php\" \"${id_str}allow,phase:1,nolog,ctl:ruleEngine=Off\" + # Exceptions for Joomla Administration Panel + SecRule REQUEST_FILENAME \"/administrator/index2.php\" \"${id_str}allow,phase:1,nolog,ctl:ruleEngine=Off\" - # Exceptions for Joomla Component Expose - <LocationMatch \"^/components/com_expose/expose/manager/amfphp/gateway.php\"> - SecRuleRemoveById 960010 - </LocationMatch> + # Exceptions for Joomla Component Expose + <LocationMatch \"^/components/com_expose/expose/manager/amfphp/gateway.php\"> + SecRuleRemoveById 960010 + </LocationMatch> " } else { $real_mod_security_additional_options = $mod_security_additional_options } + $std_joomla_php_settings = { + 'allow_url_fopen' => 'on', + 'allow_url_include' => 'off', + } + # create vhost configuration file ::apache::vhost::php::webapp{ $name: ensure => $ensure, + configuration => $configuration, domain => $domain, domainalias => $domainalias, server_admin => $server_admin, @@ -115,8 +129,10 @@ define apache::vhost::php::joomla( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_settings => $php_settings, + php_settings => merge($std_joomla_php_settings, + $php_settings), php_options => $php_options, + php_installation => $php_installation, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -133,7 +149,7 @@ define apache::vhost::php::joomla( htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, manage_directories => $manage_directories, - managed_directories => [ "${documentroot}/administrator/backups", + managed_directories => [ "${documentroot}/administrator/backups", "${documentroot}/administrator/components", "${documentroot}/administrator/language", "${documentroot}/administrator/modules", diff --git a/manifests/vhost/php/mediawiki.pp b/manifests/vhost/php/mediawiki.pp index 502af53..25881ca 100644 --- a/manifests/vhost/php/mediawiki.pp +++ b/manifests/vhost/php/mediawiki.pp @@ -25,80 +25,82 @@ # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::mediawiki( - $ensure = present, - $domain = 'absent', - $domainalias = 'absent', - $server_admin = 'absent', - $logmode = 'default', - $path = 'absent', - $manage_docroot = true, - $owner = root, - $group = apache, - $documentroot_owner = apache, - $documentroot_group = 0, - $documentroot_mode = 0640, - $run_mode = 'normal', - $run_uid = 'absent', - $run_gid = 'absent', - $allow_override = 'FileInfo Limit', - $php_settings = {}, - $php_options = {}, - $options = 'absent', - $additional_options = 'absent', - $default_charset = 'absent', - $mod_security = true, - $mod_security_relevantonly = true, - $mod_security_rules_to_disable = [], - $mod_security_additional_options = 'absent', - $ssl_mode = false, - $vhost_mode = 'template', - $template_partial = 'apache/vhosts/php_mediawiki/partial.erb', - $vhost_source = 'absent', - $vhost_destination = 'absent', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent' + $ensure = present, + $configuration = {}, + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $logmode = 'default', + $path = 'absent', + $manage_docroot = true, + $owner = root, + $group = apache, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = 0640, + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $allow_override = 'FileInfo Limit', + $php_settings = {}, + $php_options = {}, + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $mod_security = true, + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', + $ssl_mode = false, + $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_mediawiki/partial.erb', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent' ){ - $mediawiki_php_settings = { - safe_mode => false, - } + $mediawiki_php_settings = { + safe_mode => false, + } - # create vhost configuration file - ::apache::vhost::php::webapp{$name: - ensure => $ensure, - domain => $domain, - domainalias => $domainalias, - server_admin => $server_admin, - logmode => $logmode, - path => $path, - manage_docroot => $manage_docroot, - owner => $owner, - group => $group, - documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, - documentroot_mode => $documentroot_mode, - run_mode => $run_mode, - run_uid => $run_uid, - run_gid => $run_gid, - allow_override => $allow_override, - php_settings => merge($mediawiki_php_settings,$php_settings), - php_options => $php_options, - options => $options, - additional_options => $additional_options, - default_charset => $default_charset, - mod_security => $mod_security, - mod_security_relevantonly => $mod_security_relevantonly, - mod_security_rules_to_disable => $mod_security_rules_to_disable, - mod_security_additional_options => $mod_security_additional_options, - ssl_mode => $ssl_mode, - vhost_mode => $vhost_mode, - template_partial => $template_partial, - vhost_source => $vhost_source, - vhost_destination => $vhost_destination, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - manage_directories => false, - manage_config => false, - } + # create vhost configuration file + ::apache::vhost::php::webapp{$name: + ensure => $ensure, + configuration => $configuration, + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + logmode => $logmode, + path => $path, + manage_docroot => $manage_docroot, + owner => $owner, + group => $group, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + run_gid => $run_gid, + allow_override => $allow_override, + php_settings => merge($mediawiki_php_settings,$php_settings), + php_options => $php_options, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, + ssl_mode => $ssl_mode, + vhost_mode => $vhost_mode, + template_partial => $template_partial, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + manage_directories => false, + manage_config => false, + } } diff --git a/manifests/vhost/php/safe_mode_bin.pp b/manifests/vhost/php/safe_mode_bin.pp index 4a3574d..1c82e19 100644 --- a/manifests/vhost/php/safe_mode_bin.pp +++ b/manifests/vhost/php/safe_mode_bin.pp @@ -1,14 +1,17 @@ +# safe_mode binaries define apache::vhost::php::safe_mode_bin( $ensure = 'present', $path ){ $substr=regsubst($name,'^.*\/','','G') - $real_path = "$path/$substr" + $real_path = "${path}/${substr}" + $target = $ensure ? { + 'present' => regsubst($name,'^.*@',''), + default => absent, + } file{$real_path: - ensure => $ensure ? { - 'present' => regsubst($name,'^.*@',''), - default => absent, - } + ensure => link, + target => $target, } } diff --git a/manifests/vhost/php/silverstripe.pp b/manifests/vhost/php/silverstripe.pp index da58296..1f19eab 100644 --- a/manifests/vhost/php/silverstripe.pp +++ b/manifests/vhost/php/silverstripe.pp @@ -25,93 +25,95 @@ # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::silverstripe( - $ensure = present, - $domain = 'absent', - $domainalias = 'absent', - $server_admin = 'absent', - $logmode = 'default', - $path = 'absent', - $owner = root, - $group = apache, - $documentroot_owner = apache, - $documentroot_group = 0, - $documentroot_mode = 0640, - $run_mode = 'normal', - $run_uid = 'absent', - $run_gid = 'absent', - $allow_override = 'None', - $php_settings = {}, - $php_options = {}, - $do_includes = false, - $options = 'absent', - $additional_options = 'absent', - $default_charset = 'absent', - $mod_security = true, - $mod_security_relevantonly = true, - $mod_security_rules_to_disable = [], - $mod_security_additional_options = 'absent', - $ssl_mode = false, - $vhost_mode = 'template', - $template_partial = 'apache/vhosts/php_silverstripe/partial.erb', - $vhost_source = 'absent', - $vhost_destination = 'absent', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent', - $manage_config = true, - $config_webwriteable = false, - $manage_directories = true + $ensure = present, + $configuration = {}, + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $logmode = 'default', + $path = 'absent', + $owner = root, + $group = apache, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = '0640', + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $allow_override = 'None', + $php_settings = {}, + $php_options = {}, + $do_includes = false, + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $mod_security = true, + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', + $ssl_mode = false, + $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_silverstripe/partial.erb', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $manage_config = true, + $config_webwriteable = false, + $manage_directories = true, ){ - include ::apache::include::silverstripe + include ::apache::include::silverstripe - $documentroot = $path ? { - 'absent' => $::operatingsystem ? { - openbsd => "/var/www/htdocs/${name}/www", - default => "/var/www/vhosts/${name}/www" - }, - default => "${path}/www" - } - $modsec_rules = ["960010"] - $real_mod_security_rules_to_disable = array_union($mod_security_rules_to_disable,$modsec_rules) + $documentroot = $path ? { + 'absent' => $::operatingsystem ? { + openbsd => "/var/www/htdocs/${name}/www", + default => "/var/www/vhosts/${name}/www" + }, + default => "${path}/www" + } + $modsec_rules = ['960010'] + $real_mod_security_rules_to_disable = union($mod_security_rules_to_disable,$modsec_rules) - # create vhost configuration file - ::apache::vhost::php::webapp{$name: - ensure => $ensure, - domain => $domain, - domainalias => $domainalias, - server_admin => $server_admin, - logmode => $logmode, - path => $path, - owner => $owner, - group => $group, - documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, - documentroot_mode => $documentroot_mode, - run_mode => $run_mode, - run_uid => $run_uid, - run_gid => $run_gid, - allow_override => $allow_override, - php_settings => $php_settings, - php_options => $php_options, - do_includes => $do_includes, - options => $options, - additional_options => $additional_options, - default_charset => $default_charset, - mod_security => $mod_security, - mod_security_relevantonly => $mod_security_relevantonly, - mod_security_rules_to_disable => $mod_security_rules_to_disable, - mod_security_additional_options => $mod_security_additional_options, - ssl_mode => $ssl_mode, - vhost_mode => $vhost_mode, - template_partial => $template_partial, - vhost_source => $vhost_source, - vhost_destination => $vhost_destination, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - manage_directories => $manage_directories, - managed_directories => [ "${documentroot}/assets" ], - manage_config => $manage_config, - } + # create vhost configuration file + ::apache::vhost::php::webapp{$name: + ensure => $ensure, + configuration => $configuration, + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + logmode => $logmode, + path => $path, + owner => $owner, + group => $group, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + run_gid => $run_gid, + allow_override => $allow_override, + php_settings => $php_settings, + php_options => $php_options, + do_includes => $do_includes, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, + ssl_mode => $ssl_mode, + vhost_mode => $vhost_mode, + template_partial => $template_partial, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + manage_directories => $manage_directories, + managed_directories => [ "${documentroot}/assets" ], + manage_config => $manage_config, + } } diff --git a/manifests/vhost/php/simplemachine.pp b/manifests/vhost/php/simplemachine.pp index b5178da..3fa11a7 100644 --- a/manifests/vhost/php/simplemachine.pp +++ b/manifests/vhost/php/simplemachine.pp @@ -25,99 +25,101 @@ # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::simplemachine( - $ensure = present, - $domain = 'absent', - $domainalias = 'absent', - $server_admin = 'absent', - $logmode = 'default', - $path = 'absent', - $owner = root, - $group = apache, - $documentroot_owner = apache, - $documentroot_group = 0, - $documentroot_mode = 0640, - $run_mode = 'normal', - $run_uid = 'absent', - $run_gid = 'absent', - $allow_override = 'None', - $php_settings = {}, - $php_options = {}, - $do_includes = false, - $options = 'absent', - $additional_options = 'absent', - $default_charset = 'absent', - $mod_security = true, - $mod_security_relevantonly = true, - $mod_security_rules_to_disable = [], - $mod_security_additional_options = 'absent', - $ssl_mode = false, - $vhost_mode = 'template', - $template_partial = 'apache/vhosts/php/partial.erb', - $vhost_source = 'absent', - $vhost_destination = 'absent', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent', - $manage_config = true, - $config_webwriteable = false, - $manage_directories = true + $ensure = present, + $configuration = {}, + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $logmode = 'default', + $path = 'absent', + $owner = root, + $group = apache, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = '0640', + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $allow_override = 'None', + $php_settings = {}, + $php_options = {}, + $do_includes = false, + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $mod_security = true, + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', + $ssl_mode = false, + $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php/partial.erb', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $manage_config = true, + $config_webwriteable = false, + $manage_directories = true, ){ - $documentroot = $path ? { - 'absent' => $::operatingsystem ? { - openbsd => "/var/www/htdocs/${name}/www", - default => "/var/www/vhosts/${name}/www" - }, - default => "${path}/www" - } + $documentroot = $path ? { + 'absent' => $::operatingsystem ? { + openbsd => "/var/www/htdocs/${name}/www", + default => "/var/www/vhosts/${name}/www" + }, + default => "${path}/www" + } - # create vhost configuration file - ::apache::vhost::php::webapp{$name: - ensure => $ensure, - domain => $domain, - domainalias => $domainalias, - server_admin => $server_admin, - logmode => $logmode, - path => $path, - owner => $owner, - group => $group, - documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, - documentroot_mode => $documentroot_mode, - run_mode => $run_mode, - run_uid => $run_uid, - run_gid => $run_gid, - allow_override => $allow_override, - php_settings => $php_settings, - php_options => $php_options, - do_includes => $do_includes, - options => $options, - additional_options => $additional_options, - default_charset => $default_charset, - mod_security => $mod_security, - mod_security_relevantonly => $mod_security_relevantonly, - mod_security_rules_to_disable => $mod_security_rules_to_disable, - mod_security_additional_options => $mod_security_additional_options, - ssl_mode => $ssl_mode, - vhost_mode => $vhost_mode, - template_partial => $template_partial, - vhost_source => $vhost_source, - vhost_destination => $vhost_destination, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - manage_directories => $manage_directories, - managed_directories => [ - "${documentroot}/agreement.txt", - "${documentroot}/attachments", - "${documentroot}/avatars", - "${documentroot}/cache", - "${documentroot}/Packages", - "${documentroot}/Packages/installed.list", - "${documentroot}/Smileys", - "${documentroot}/Themes", - "${documentroot}/Themes/default/languages/Install.english.php" - ], - manage_config => $manage_config, - config_webwriteable => $config_webwriteable, - config_file => 'Settings.php', - } + # create vhost configuration file + ::apache::vhost::php::webapp{$name: + ensure => $ensure, + configuration => $configuration, + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + logmode => $logmode, + path => $path, + owner => $owner, + group => $group, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + run_gid => $run_gid, + allow_override => $allow_override, + php_settings => $php_settings, + php_options => $php_options, + do_includes => $do_includes, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, + ssl_mode => $ssl_mode, + vhost_mode => $vhost_mode, + template_partial => $template_partial, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + manage_directories => $manage_directories, + managed_directories => [ + "${documentroot}/agreement.txt", + "${documentroot}/attachments", + "${documentroot}/avatars", + "${documentroot}/cache", + "${documentroot}/Packages", + "${documentroot}/Packages/installed.list", + "${documentroot}/Smileys", + "${documentroot}/Themes", + "${documentroot}/Themes/default/languages/Install.english.php" + ], + manage_config => $manage_config, + config_webwriteable => $config_webwriteable, + config_file => 'Settings.php', + } } diff --git a/manifests/vhost/php/spip.pp b/manifests/vhost/php/spip.pp index 5f4ffdb..e33c1df 100644 --- a/manifests/vhost/php/spip.pp +++ b/manifests/vhost/php/spip.pp @@ -25,88 +25,90 @@ # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::spip( - $ensure = present, - $domain = 'absent', - $domainalias = 'absent', - $server_admin = 'absent', - $logmode = 'default', - $path = 'absent', - $owner = root, - $group = apache, - $documentroot_owner = apache, - $documentroot_group = 0, - $documentroot_mode = 0640, - $run_mode = 'normal', - $run_uid = 'absent', - $run_gid = 'absent', - $allow_override = 'FileInfo', - $php_settings = {}, - $php_options = {}, - $template_partial = 'apache/vhosts/php/partial.erb', - $do_includes = false, - $options = 'absent', - $additional_options = 'absent', - $default_charset = 'absent', - $mod_security = true, - $mod_security_relevantonly = true, - $mod_security_rules_to_disable = [], - $mod_security_additional_options = 'absent', - $ssl_mode = false, - $vhost_mode = 'template', - $vhost_source = 'absent', - $vhost_destination = 'absent', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent' + $ensure = present, + $configuration = {}, + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $logmode = 'default', + $path = 'absent', + $owner = root, + $group = apache, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = '0640', + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $allow_override = 'FileInfo', + $php_settings = {}, + $php_options = {}, + $template_partial = 'apache/vhosts/php/partial.erb', + $do_includes = false, + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $mod_security = true, + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', + $ssl_mode = false, + $vhost_mode = 'template', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent' ){ - $documentroot = $path ? { - 'absent' => $::operatingsystem ? { - openbsd => "/var/www/htdocs/${name}/www", - default => "/var/www/vhosts/${name}/www" - }, - default => "${path}/www" - } + $documentroot = $path ? { + 'absent' => $::operatingsystem ? { + openbsd => "/var/www/htdocs/${name}/www", + default => "/var/www/vhosts/${name}/www" + }, + default => "${path}/www" + } - # create vhost configuration file - ::apache::vhost::php::webapp{$name: - ensure => $ensure, - domain => $domain, - domainalias => $domainalias, - server_admin => $server_admin, - logmode => $logmode, - path => $path, - owner => $owner, - group => $group, - documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, - documentroot_mode => $documentroot_mode, - run_mode => $run_mode, - run_uid => $run_uid, - run_gid => $run_gid, - allow_override => $allow_override, - php_settings => $php_settings, - php_options => $php_options, - do_includes => $do_includes, - options => $options, - additional_options => $additional_options, - default_charset => $default_charset, - mod_security => $mod_security, - mod_security_relevantonly => $mod_security_relevantonly, - mod_security_rules_to_disable => $mod_security_rules_to_disable, - mod_security_additional_options=> $mod_security_additional_options, - ssl_mode => $ssl_mode, - vhost_mode => $vhost_mode, - template_partial => $template_partial, - vhost_source => $vhost_source, - vhost_destination => $vhost_destination, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - managed_directories => [ - "${documentroot}/IMG", - "${documentroot}/tmp", - "${documentroot}/local", - "${documentroot}/config" - ], - manage_config => false, - } + # create vhost configuration file + ::apache::vhost::php::webapp{$name: + ensure => $ensure, + configuration => $configuration, + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + logmode => $logmode, + path => $path, + owner => $owner, + group => $group, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + run_gid => $run_gid, + allow_override => $allow_override, + php_settings => $php_settings, + php_options => $php_options, + do_includes => $do_includes, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, + ssl_mode => $ssl_mode, + vhost_mode => $vhost_mode, + template_partial => $template_partial, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + managed_directories => [ + "${documentroot}/IMG", + "${documentroot}/tmp", + "${documentroot}/local", + "${documentroot}/config" + ], + manage_config => false, + } } diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 53fa8f9..3870707 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -25,226 +25,280 @@ # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::standard( - $ensure = present, - $domain = 'absent', - $domainalias = 'absent', - $server_admin = 'absent', - $logmode = 'default', - $logpath = 'absent', - $path = 'absent', - $manage_webdir = true, - $path_is_webdir = false, - $manage_docroot = true, - $owner = root, - $group = apache, - $documentroot_owner = apache, - $documentroot_group = 0, - $documentroot_mode = 0640, - $run_mode = 'normal', - $run_uid = 'absent', - $run_gid = 'absent', - $allow_override = 'None', - $php_settings = {}, - $php_options = {}, - $do_includes = false, - $options = 'absent', - $additional_options = 'absent', - $default_charset = 'absent', - $use_mod_macro = false, - $mod_security = true, - $mod_security_relevantonly = true, - $mod_security_rules_to_disable = [], - $mod_security_additional_options = 'absent', - $ssl_mode = false, - $vhost_mode = 'template', - $template_partial = 'apache/vhosts/php/partial.erb', - $vhost_source = 'absent', - $vhost_destination = 'absent', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent' + $ensure = present, + $configuration = {}, + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $logmode = 'default', + $logpath = 'absent', + $logprefix = '', + $path = 'absent', + $manage_webdir = true, + $path_is_webdir = false, + $manage_docroot = true, + $owner = root, + $group = apache, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = 0640, + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $allow_override = 'None', + $php_settings = {}, + $php_options = {}, + $php_installation = 'system', + $do_includes = false, + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $use_mod_macro = false, + $mod_security = true, + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', + $ssl_mode = false, + $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php/partial.erb', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', ){ - if $manage_webdir { - # create webdir - ::apache::vhost::webdir{$name: - ensure => $ensure, - path => $path, - owner => $owner, - group => $group, - run_mode => $run_mode, - manage_docroot => $manage_docroot, - documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, - documentroot_mode => $documentroot_mode, - } + if $manage_webdir { + # create webdir + ::apache::vhost::webdir{$name: + ensure => $ensure, + path => $path, + owner => $owner, + group => $group, + run_mode => $run_mode, + manage_docroot => $manage_docroot, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, } + } - $real_path = $path ? { - 'absent' => $::operatingsystem ? { - openbsd => "/var/www/htdocs/${name}", - default => "/var/www/vhosts/${name}" - }, - default => $path - } + $real_path = $path ? { + 'absent' => $::operatingsystem ? { + openbsd => "/var/www/htdocs/${name}", + default => "/var/www/vhosts/${name}" + }, + default => $path + } - if $path_is_webdir { - $documentroot = $real_path - } else { - $documentroot = "${real_path}/www" - } - $logdir = $logpath ? { - 'absent' => "$real_path/logs", - default => $logpath - } + if $path_is_webdir { + $documentroot = $real_path + } else { + $documentroot = "${real_path}/www" + } + $logdir = $logpath ? { + 'absent' => "${real_path}/logs", + default => $logpath + } - $std_php_options = { - smarty => false, - pear => false, - } - $real_php_options = merge($std_php_options,$php_options) + $std_php_options = { + smarty => false, + pear => false, + } + $real_php_options = merge($std_php_options,$php_options) - if $real_php_options[smarty] { - include php::extensions::smarty - $smarty_path = '/usr/share/php/Smarty/:' - } else { - $smarty_path = '' - } + if $real_php_options[smarty] { + include php::extensions::smarty + $smarty_path = '/usr/share/php/Smarty/:' + } else { + $smarty_path = '' + } - if $real_php_options[pear] { - $pear_path = '/usr/share/pear/:' - } else { - $pear_path = '' - } + if $real_php_options[pear] { + $pear_path = '/usr/share/pear/:' + } else { + $pear_path = '' + } + if $logmode != 'nologs' { + $php_error_log = "${logdir}/php_error_log" + } else { + $php_error_log = undef + } - $std_php_settings = { - engine => 'On', - upload_tmp_dir => "/var/www/upload_tmp_dir/${name}", - 'session.save_path' => "/var/www/session.save_path/${name}", - open_basedir => "${smarty_path}${pear_path}${documentroot}:/var/www/upload_tmp_dir/${name}:/var/www/session.save_path/${name}", - safe_mode => 'On', + if ('safe_mode_exec_dir' in $php_settings) { + $php_safe_mode_exec_dir = $php_settings[safe_mode_exec_dir] + } else { + $php_safe_mode_exec_dir = $path ? { + 'absent' => $::operatingsystem ? { + openbsd => "/var/www/htdocs/${name}/bin", + default => "/var/www/vhosts/${name}/bin" + }, + default => "${path}/bin" } - if $logmode != 'nologs' { - $std_php_settings[error_log] = "${logdir}/php_error_log" + } + file{$php_safe_mode_exec_dir: + recurse => true, + force => true, + purge => true, + } + if ('safe_mode_exec_bins' in $php_options) { + $std_php_settings_safe_mode_exec_dir = $php_safe_mode_exec_dir + $ensure_exec = $ensure ? { + 'present' => directory, + default => 'absent', } - if $run_mode == 'fcgid' { - $std_php_settings[safe_mode_gid] = 'On' + File[$php_safe_mode_exec_dir]{ + ensure => $ensure_exec, + owner => $documentroot_owner, + group => $documentroot_group, + mode => '0750', } - - if has_key($php_settings,'safe_mode_exec_dir') { - $php_safe_mode_exec_dir = $php_settings[safe_mode_exec_dir] - } else { - $php_safe_mode_exec_dir = $path ? { - 'absent' => $::operatingsystem ? { - openbsd => "/var/www/htdocs/${name}/bin", - default => "/var/www/vhosts/${name}/bin" - }, - default => "${path}/bin" - } + $php_safe_mode_exec_bins_subst = regsubst($php_options[safe_mode_exec_bins],'(.+)',"${name}@\\1") + apache::vhost::php::safe_mode_bin{ + $php_safe_mode_exec_bins_subst: + ensure => $ensure, + path => $php_safe_mode_exec_dir; } - file{$php_safe_mode_exec_dir: - recurse => true, - force => true, - purge => true, + } else { + $std_php_settings_safe_mode_exec_dir = undef + File[$php_safe_mode_exec_dir]{ + ensure => absent, } - if has_key($php_options,'safe_mode_exec_bins') { - $std_php_settings[safe_mode_exec_dir] = $php_safe_mode_exec_dir - File[$php_safe_mode_exec_dir]{ - ensure => $ensure ? { - 'present' => directory, - default => absent, - }, - owner => $documentroot_owner, group => $documentroot_group, mode => 0750, - } - $php_safe_mode_exec_bins_subst = regsubst($php_options[safe_mode_exec_bins],"(.+)","${name}@\\1") - apache::vhost::php::safe_mode_bin{ $php_safe_mode_exec_bins_subst: - ensure => $ensure, - path => $php_safe_mode_exec_dir - } - }else{ - File[$php_safe_mode_exec_dir]{ - ensure => absent, - } + } + + if !('default_charset' in $php_settings) and ($default_charset != 'absent') { + $std_php_settings_default_charset = $default_charset ? { + 'On' => 'iso-8859-1', + default => $default_charset } + } else { + $std_php_settings_default_charset = undef + } - if !has_key($php_settings,'default_charset') { - if $default_charset != 'absent' { - $std_php_settings[default_charset] = $default_charset ? { - 'On' => 'iso-8859-1', - default => $default_charset - } + if ('additional_open_basedir' in $php_options) { + $the_open_basedir = "${smarty_path}${pear_path}${documentroot}:${real_path}/data:/var/www/upload_tmp_dir/${name}:/var/www/session.save_path/${name}:${php_options[additional_open_basedir]}" + } else { + $the_open_basedir = "${smarty_path}${pear_path}${documentroot}:${real_path}/data:/var/www/upload_tmp_dir/${name}:/var/www/session.save_path/${name}" + } + + if $run_mode == 'fcgid' { + $safe_mode_gid = $::operatingsystem ? { + debian => undef, + default => $php_installation ? { + 'system' => 'On', + default => undef, } } + } else { + $safe_mode_gid = undef + } + + $safe_mode = $::operatingsystem ? { + debian => undef, + default => $php_installation ? { + 'system' => 'On', + default => undef, + } + } + $std_php_settings = { + engine => 'On', + upload_tmp_dir => "/var/www/upload_tmp_dir/${name}", + 'session.save_path' => "/var/www/session.save_path/${name}", + error_log => $php_error_log, + safe_mode => $safe_mode, + safe_mode_gid => $safe_mode_gid, + safe_mode_exec_dir => $std_php_settings_safe_mode_exec_dir, + default_charset => $std_php_settings_default_charset, + open_basedir => $the_open_basedir, + } - $real_php_settings = merge($std_php_settings,$php_settings) + $real_php_settings = merge($std_php_settings,$php_settings) - if $ensure != 'absent' { - case $run_mode { - 'proxy-itk','static-itk': { - include ::php::itk_plus + if $ensure != 'absent' { + case $run_mode { + 'proxy-itk','static-itk': { + include ::php::itk_plus + } + 'itk': { include ::php::itk } + 'fcgid': { + include ::mod_fcgid + include ::php::mod_fcgid + include apache::include::mod_fcgid + + mod_fcgid::starter {$name: + tmp_dir => $real_php_settings[php_tmp_dir], + cgi_type => 'php', + cgi_type_options => delete($real_php_settings, php_tmp_dir), + owner => $run_uid, + group => $run_gid, + notify => Service['apache'], } - 'itk': { include ::php::itk } - 'fcgid': { - include ::mod_fcgid - include ::php::mod_fcgid - include apache::include::mod_fcgid - - mod_fcgid::starter {$name: - cgi_type => 'php', - cgi_type_options => $real_php_settings, - owner => $run_uid, - group => $run_gid, - notify => Service['apache'], + if $php_installation == 'scl54' { + require php::scl::php54 + Mod_fcgid::Starter[$name]{ + binary => '/opt/rh/php54/root/usr/bin/php-cgi', + additional_cmds => 'source /opt/rh/php54/enable', + rc => '/opt/rh/php54/root/etc', + } + } elsif $php_installation == 'scl55' { + require php::scl::php55 + Mod_fcgid::Starter[$name]{ + binary => '/opt/rh/php55/root/usr/bin/php-cgi', + additional_cmds => 'source /opt/rh/php55/enable', + rc => '/opt/rh/php55/root/etc', } } - default: { include ::php } } + default: { include ::php } } + } - ::apache::vhost::phpdirs{"${name}": - ensure => $ensure, - php_upload_tmp_dir => $real_php_settings[upload_tmp_dir], - php_session_save_path => $real_php_settings['session.save_path'], - documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, - documentroot_mode => $documentroot_mode, - run_mode => $run_mode, - run_uid => $run_uid, - } + ::apache::vhost::phpdirs{$name: + ensure => $ensure, + php_upload_tmp_dir => $real_php_settings[upload_tmp_dir], + php_session_save_path => $real_php_settings['session.save_path'], + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + } - # create vhost configuration file - ::apache::vhost{$name: - ensure => $ensure, - path => $path, - path_is_webdir => $path_is_webdir, - vhost_mode => $vhost_mode, - template_partial => $template_partial, - vhost_source => $vhost_source, - vhost_destination => $vhost_destination, - domain => $domain, - domainalias => $domainalias, - server_admin => $server_admin, - logmode => $logmode, - logpath => $logpath, - run_mode => $run_mode, - run_uid => $run_uid, - run_gid => $run_gid, - allow_override => $allow_override, - do_includes => $do_includes, - options => $options, - additional_options => $additional_options, - default_charset => $default_charset, - php_settings => $real_php_settings, - php_options => $real_php_options, - ssl_mode => $ssl_mode, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - mod_security => $mod_security, - mod_security_relevantonly => $mod_security_relevantonly, - mod_security_rules_to_disable => $mod_security_rules_to_disable, - mod_security_additional_options => $mod_security_additional_options, - use_mod_macro => $use_mod_macro, - passing_extension => 'php', - } + # create vhost configuration file + ::apache::vhost{$name: + ensure => $ensure, + configuration => $configuration, + path => $path, + path_is_webdir => $path_is_webdir, + vhost_mode => $vhost_mode, + template_partial => $template_partial, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + logmode => $logmode, + logpath => $logpath, + logprefix => $logprefix, + run_mode => $run_mode, + run_uid => $run_uid, + run_gid => $run_gid, + allow_override => $allow_override, + do_includes => $do_includes, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + php_settings => $real_php_settings, + php_options => $real_php_options, + ssl_mode => $ssl_mode, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, + use_mod_macro => $use_mod_macro, + passing_extension => 'php', + } } diff --git a/manifests/vhost/php/typo3.pp b/manifests/vhost/php/typo3.pp index a9f12d8..d9e877a 100644 --- a/manifests/vhost/php/typo3.pp +++ b/manifests/vhost/php/typo3.pp @@ -25,123 +25,126 @@ # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::typo3( - $ensure = present, - $domain = 'absent', - $domainalias = 'absent', - $server_admin = 'absent', - $logmode = 'default', - $path = 'absent', - $owner = root, - $group = apache, - $documentroot_owner = apache, - $documentroot_group = 0, - $documentroot_mode = 0640, - $run_mode = 'normal', - $run_uid = 'absent', - $run_gid = 'absent', - $allow_override = 'None', - $php_settings = {}, - $php_options = {}, - $do_includes = false, - $options = 'absent', - $additional_options = 'absent', - $default_charset = 'absent', - $mod_security = true, - $mod_security_relevantonly = true, - $mod_security_rules_to_disable = [], - $mod_security_additional_options = 'absent', - $ssl_mode = false, - $vhost_mode = 'template', - $template_partial = 'apache/vhosts/php_typo3/partial.erb', - $vhost_source = 'absent', - $vhost_destination = 'absent', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent', - $manage_config = true, - $config_webwriteable = false, - $manage_directories = true + $ensure = present, + $configuration = {}, + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $logmode = 'default', + $path = 'absent', + $owner = root, + $group = apache, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = '0640', + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $allow_override = 'None', + $php_settings = {}, + $php_options = {}, + $do_includes = false, + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $mod_security = true, + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', + $ssl_mode = false, + $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_typo3/partial.erb', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $manage_config = true, + $config_webwriteable = false, + $manage_directories = true, ){ - $documentroot = $path ? { - 'absent' => $::operatingsystem ? { - openbsd => "/var/www/htdocs/${name}/www", - default => "/var/www/vhosts/${name}/www" - }, - default => "${path}/www" - } + $documentroot = $path ? { + 'absent' => $::operatingsystem ? { + openbsd => "/var/www/htdocs/${name}/www", + default => "/var/www/vhosts/${name}/www" + }, + default => "${path}/www" + } - $modsec_rules = ["960010"] - $real_mod_security_rules_to_disable = array_union($mod_security_rules_to_disable,$modsec_rules) - if $mod_security_additional_options == 'absent' { - $real_mod_security_additional_options = '<Location "/typo3"> - SecRuleEngine Off - SecAuditEngine Off + $modsec_rules = ['960010'] + $real_mod_security_rules_to_disable = union($mod_security_rules_to_disable,$modsec_rules) + if $mod_security_additional_options == 'absent' { + $real_mod_security_additional_options = ' + <Location "/typo3"> + SecRuleEngine Off + SecAuditEngine Off </Location> ' - } else { - $real_mod_security_additional_options = $mod_security_additional_options - } + } else { + $real_mod_security_additional_options = $mod_security_additional_options + } - $typo3_php_settings = { - # turn allow_url_fopen on for the extension manager fetch - allow_url_fopen => 'On' - } - $real_php_settings = merge($typo3_php_settings,$php_settings) + $typo3_php_settings = { + # turn allow_url_fopen on for the extension manager fetch + allow_url_fopen => 'On' + } + $real_php_settings = merge($typo3_php_settings,$php_settings) - # create vhost configuration file - ::apache::vhost::php::webapp{$name: - ensure => $ensure, - domain => $domain, - domainalias => $domainalias, - server_admin => $server_admin, - logmode => $logmode, - path => $path, - owner => $owner, - group => $group, - documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, - documentroot_mode => $documentroot_mode, - run_mode => $run_mode, - run_uid => $run_uid, - run_gid => $run_gid, - allow_override => $allow_override, - php_settings => $real_php_settings, - php_options => $php_options, - do_includes => $do_includes, - options => $options, - additional_options => $additional_options, - default_charset => $default_charset, - mod_security => $mod_security, - mod_security_relevantonly => $mod_security_relevantonly, - mod_security_rules_to_disable => $real_mod_security_rules_to_disable, - mod_security_additional_options => $real_mod_security_additional_options, - ssl_mode => $ssl_mode, - vhost_mode => $vhost_mode, - template_partial => $template_partial, - vhost_source => $vhost_source, - vhost_destination => $vhost_destination, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - manage_directories => $manage_directories, - managed_directories => [ "${documentroot}/typo3temp", - "${documentroot}/typo3temp/pics", - "${documentroot}/typo3temp/temp", - "${documentroot}/typo3temp/llxml", - "${documentroot}/typo3temp/cs", - "${documentroot}/typo3temp/GB", - "${documentroot}/typo3temp/locks", - "${documentroot}/typo3conf", - "${documentroot}/typo3conf/ext", - "${documentroot}/typo3conf/l10n", - # "${documentroot}/typo3/ext/", # only needed for ext manager installing global extensions - "${documentroot}/uploads", - "${documentroot}/uploads/pics", - "${documentroot}/uploads/media", - "${documentroot}/uploads/tf", - "${documentroot}/fileadmin", - "${documentroot}/fileadmin/_temp_" - ], - manage_config => $manage_config, - } + # create vhost configuration file + ::apache::vhost::php::webapp{$name: + ensure => $ensure, + configuration => $configuration, + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + logmode => $logmode, + path => $path, + owner => $owner, + group => $group, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + run_gid => $run_gid, + allow_override => $allow_override, + php_settings => $real_php_settings, + php_options => $php_options, + do_includes => $do_includes, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $real_mod_security_rules_to_disable, + mod_security_additional_options => $real_mod_security_additional_options, + ssl_mode => $ssl_mode, + vhost_mode => $vhost_mode, + template_partial => $template_partial, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + manage_directories => $manage_directories, + managed_directories => [ "${documentroot}/typo3temp", + "${documentroot}/typo3temp/pics", + "${documentroot}/typo3temp/temp", + "${documentroot}/typo3temp/llxml", + "${documentroot}/typo3temp/cs", + "${documentroot}/typo3temp/GB", + "${documentroot}/typo3temp/locks", + "${documentroot}/typo3conf", + "${documentroot}/typo3conf/ext", + "${documentroot}/typo3conf/l10n", + # "${documentroot}/typo3/ext/", # only needed for ext manager installing global extensions + "${documentroot}/uploads", + "${documentroot}/uploads/pics", + "${documentroot}/uploads/media", + "${documentroot}/uploads/tf", + "${documentroot}/fileadmin", + "${documentroot}/fileadmin/_temp_" + ], + manage_config => $manage_config, + } } diff --git a/manifests/vhost/php/webapp.pp b/manifests/vhost/php/webapp.pp index 54905ca..695120d 100644 --- a/manifests/vhost/php/webapp.pp +++ b/manifests/vhost/php/webapp.pp @@ -25,124 +25,124 @@ # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::webapp( - $ensure = present, - $domain = 'absent', - $domainalias = 'absent', - $server_admin = 'absent', - $logmode = 'default', - $path = 'absent', - $manage_webdir = true, - $manage_docroot = true, - $owner = root, - $group = apache, - $documentroot_owner = apache, - $documentroot_group = 0, - $documentroot_mode = 0640, - $run_mode = 'normal', - $run_uid = 'absent', - $run_gid = 'absent', - $allow_override = 'None', - $php_settings = {}, - $php_options = {}, - $do_includes = false, - $options = 'absent', - $additional_options = 'absent', - $default_charset = 'absent', - $mod_security = true, - $mod_security_relevantonly = true, - $mod_security_rules_to_disable = [], - $mod_security_additional_options = 'absent', - $ssl_mode = false, - $vhost_mode = 'template', - $template_partial, - $vhost_source = 'absent', - $vhost_destination = 'absent', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent', - $manage_config = true, - $config_file = 'absent', - $config_webwriteable = false, - $manage_directories = true, - $managed_directories = 'absent' + $ensure = present, + $configuration = {}, + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $logmode = 'default', + $path = 'absent', + $manage_webdir = true, + $manage_docroot = true, + $owner = root, + $group = apache, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = '0640', + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $allow_override = 'None', + $php_settings = {}, + $php_options = {}, + $php_installation = 'system', + $do_includes = false, + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $mod_security = true, + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', + $ssl_mode = false, + $vhost_mode = 'template', + $template_partial, + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $manage_config = true, + $config_file = 'absent', + $config_webwriteable = false, + $manage_directories = true, + $managed_directories = 'absent', ){ - if ($ensure != 'absent') { - if $manage_directories and ($managed_directories != 'absent') { - ::apache::file::rw{ $managed_directories : - owner => $documentroot_owner, - group => $documentroot_group, - } - } + if ($ensure != 'absent') { + if $manage_directories and ($managed_directories != 'absent') { + ::apache::file::rw{ $managed_directories : + owner => $documentroot_owner, + group => $documentroot_group, + } + } - if $manage_config { - if $config_file == 'absent' { fail("No config file defined for ${name} on ${::fqdn}, if you'd like to manage the config, you have to add one!") } + if $manage_config { + if $config_file == 'absent' { fail("No config file defined for ${name} on ${::fqdn}, if you'd like to manage the config, you have to add one!") } - $real_path = $path ? { - 'absent' => $::operatingsystem ? { - openbsd => "/var/www/htdocs/${name}", - default => "/var/www/vhosts/${name}" - }, - default => $path - } - if $path_is_webdir { - $documentroot = $real_path - } else { - $documentroot = "${real_path}/www" - } - ::apache::vhost::file::documentrootfile{"configurationfile_${name}": - documentroot => $documentroot, - filename => $config_file, - thedomain => $name, - owner => $documentroot_owner, - group => $documentroot_group, - } - if $config_webwriteable { - Apache::Vhost::File::Documentrootfile["configurationfile_${name}"]{ - mode => 0660, - } - } else { - Apache::Vhost::File::Documentrootfile["configurationfile_${name}"]{ - mode => 0440, - } - } + $real_path = $path ? { + 'absent' => $::operatingsystem ? { + openbsd => "/var/www/htdocs/${name}", + default => "/var/www/vhosts/${name}" + }, + default => $path + } + $documentroot = "${real_path}/www" + ::apache::vhost::file::documentrootfile{"configurationfile_${name}": + documentroot => $documentroot, + filename => $config_file, + thedomain => $name, + owner => $documentroot_owner, + group => $documentroot_group, + } + if $config_webwriteable { + Apache::Vhost::File::Documentrootfile["configurationfile_${name}"]{ + mode => '0660', } + } else { + Apache::Vhost::File::Documentrootfile["configurationfile_${name}"]{ + mode => '0440', + } + } } + } - # create vhost configuration file - ::apache::vhost::php::standard{$name: - ensure => $ensure, - domain => $domain, - domainalias => $domainalias, - server_admin => $server_admin, - logmode => $logmode, - path => $path, - manage_webdir => $manage_webdir, - manage_docroot => $manage_docroot, - owner => $owner, - group => $group, - documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, - documentroot_mode => $documentroot_mode, - run_mode => $run_mode, - run_uid => $run_uid, - run_gid => $run_gid, - allow_override => $allow_override, - php_settings => $php_settings, - php_options => $php_options, - do_includes => $do_includes, - options => $options, - additional_options => $additional_options, - default_charset => $default_charset, - mod_security => $mod_security, - mod_security_relevantonly => $mod_security_relevantonly, - mod_security_rules_to_disable => $mod_security_rules_to_disable, - mod_security_additional_options => $mod_security_additional_options, - ssl_mode => $ssl_mode, - vhost_mode => $vhost_mode, - template_partial => $template_partial, - vhost_source => $vhost_source, - vhost_destination => $vhost_destination, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - } + # create vhost configuration file + ::apache::vhost::php::standard{$name: + ensure => $ensure, + configuration => $configuration, + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + logmode => $logmode, + path => $path, + manage_webdir => $manage_webdir, + manage_docroot => $manage_docroot, + owner => $owner, + group => $group, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + run_gid => $run_gid, + allow_override => $allow_override, + php_settings => $php_settings, + php_options => $php_options, + php_installation => $php_installation, + do_includes => $do_includes, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, + ssl_mode => $ssl_mode, + vhost_mode => $vhost_mode, + template_partial => $template_partial, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + } } diff --git a/manifests/vhost/php/wordpress.pp b/manifests/vhost/php/wordpress.pp index 7a41ad7..a6bbe43 100644 --- a/manifests/vhost/php/wordpress.pp +++ b/manifests/vhost/php/wordpress.pp @@ -1,21 +1,25 @@ -# run_mode: controls in which mode the vhost should be run, there are different setups -# possible: -# - normal: (*default*) run vhost with the current active worker (default: prefork) don't -# setup anything special -# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination -# with 'proxy-itk' & 'static-itk' mode) -# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the -# requests for the itk setup, that listens only on the loobpack device. -# (Incompatibility: cannot be used in combination with the itk setup.) -# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static -# content and proxies the dynamic calls to the itk setup, that listens only on -# the loobpack device (Incompatibility: cannot be used in combination with +# run_mode: controls in which mode the vhost should be run, there are different +# setups # possible: +# - normal: (*default*) run vhost with the current active worker +# (default: prefork) don't setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in +# combination with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just +# proxies all the requests for the itk setup, that listens only +# on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk +# setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves +# all the static content and proxies the dynamic calls to the +# itk setup, that listens only on the loobpack device +# (Incompatibility: cannot be used in combination with # 'itk' mode) # # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module # -# mod_security: Whether we use mod_security or not (will include mod_security module) +# mod_security: Whether we use mod_security or not (will include mod_security +# module) # - false: don't activate mod_security # - true: (*default*) activate mod_security # @@ -25,92 +29,95 @@ # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::wordpress( - $ensure = present, - $domain = 'absent', - $domainalias = 'absent', - $server_admin = 'absent', - $logmode = 'default', - $path = 'absent', - $owner = root, - $group = apache, - $documentroot_owner = apache, - $documentroot_group = 0, - $documentroot_mode = 0640, - $run_mode = 'normal', - $run_uid = 'absent', - $run_gid = 'absent', - $allow_override = 'FileInfo', - $php_settings = {}, - $php_options = {}, - $do_includes = false, - $options = 'absent', - $additional_options = 'absent', - $default_charset = 'absent', - $mod_security = true, - $mod_security_relevantonly = true, - $mod_security_rules_to_disable = [], - $mod_security_additional_options = 'absent', - $ssl_mode = false, - $vhost_mode = 'template', - $template_partial = 'apache/vhosts/php_wordpress/partial.erb', - $vhost_source = 'absent', - $vhost_destination = 'absent', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent', - $manage_config = true, - $config_webwriteable = false, - $manage_directories = true + $ensure = present, + $configuration = {}, + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $logmode = 'default', + $path = 'absent', + $owner = root, + $group = apache, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = '0640', + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $allow_override = 'FileInfo Indexes', + $php_settings = {}, + $php_options = {}, + $do_includes = false, + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $mod_security = true, + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', + $ssl_mode = false, + $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_wordpress/partial.erb', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $manage_config = true, + $config_webwriteable = false, + $manage_directories = true ){ - $documentroot = $path ? { - 'absent' => $::operatingsystem ? { - openbsd => "/var/www/htdocs/${name}/www", - default => "/var/www/vhosts/${name}/www" - }, - default => "${path}/www" - } - $modsec_rules = ["960010", "950018"] - $real_mod_security_rules_to_disable = array_union($mod_security_rules_to_disable,$modsec_rules) + $documentroot = $path ? { + 'absent' => $::operatingsystem ? { + 'openbsd' => "/var/www/htdocs/${name}/www", + default => "/var/www/vhosts/${name}/www" + }, + default => "${path}/www" + } + $modsec_rules = ['960010', '950018'] + $real_mod_security_rules_to_disable = union($mod_security_rules_to_disable, + $modsec_rules) - # create vhost configuration file - apache::vhost::php::webapp{$name: - ensure => $ensure, - domain => $domain, - domainalias => $domainalias, - server_admin => $server_admin, - logmode => $logmode, - path => $path, - owner => $owner, - group => $group, - documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, - documentroot_mode => $documentroot_mode, - run_mode => $run_mode, - run_uid => $run_uid, - run_gid => $run_gid, - allow_override => $allow_override, - php_settings => $php_settings, - php_options => $php_options, - do_includes => $do_includes, - options => $options, - additional_options => $additional_options, - default_charset => $default_charset, - mod_security => $mod_security, - mod_security_relevantonly => $mod_security_relevantonly, - mod_security_rules_to_disable => $real_mod_security_rules_to_disable, - mod_security_additional_options => $mod_security_additional_options, - ssl_mode => $ssl_mode, - vhost_mode => $vhost_mode, - template_partial => $template_partial, - vhost_source => $vhost_source, - vhost_destination => $vhost_destination, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - manage_directories => $manage_directories, - managed_directories => "${documentroot}/wp-content", - manage_config => $manage_config, - config_webwriteable => $config_webwriteable, - config_file => 'wp-config.php', - } + # create vhost configuration file + apache::vhost::php::webapp{$name: + ensure => $ensure, + configuration => $configuration, + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + logmode => $logmode, + path => $path, + owner => $owner, + group => $group, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + run_gid => $run_gid, + allow_override => $allow_override, + php_settings => $php_settings, + php_options => $php_options, + do_includes => $do_includes, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $real_mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, + ssl_mode => $ssl_mode, + vhost_mode => $vhost_mode, + template_partial => $template_partial, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + manage_directories => $manage_directories, + managed_directories => [ "${documentroot}/wp-content/uploads",], + manage_config => $manage_config, + config_webwriteable => $config_webwriteable, + config_file => 'wp-config.php', + } } diff --git a/manifests/vhost/proxy.pp b/manifests/vhost/proxy.pp index 1c3b500..95ae205 100644 --- a/manifests/vhost/proxy.pp +++ b/manifests/vhost/proxy.pp @@ -21,6 +21,7 @@ # define apache::vhost::proxy( $ensure = present, + $configuration = {}, $domain = 'absent', $domainalias = 'absent', $htpasswd_file = 'absent', @@ -38,6 +39,7 @@ define apache::vhost::proxy( # we use the options field as the target_url ::apache::vhost::template{$name: ensure => $ensure, + configuration => $configuration, template_partial => 'apache/vhosts/proxy/partial.erb', domain => $domain, path => 'really_absent', diff --git a/manifests/vhost/redirect.pp b/manifests/vhost/redirect.pp index a106c59..0ac40cc 100644 --- a/manifests/vhost/redirect.pp +++ b/manifests/vhost/redirect.pp @@ -21,6 +21,7 @@ # define apache::vhost::redirect( $ensure = present, + $configuration = {}, $domain = 'absent', $domainalias = 'absent', $target_url, @@ -32,6 +33,7 @@ define apache::vhost::redirect( # we use the options field as the target_url ::apache::vhost::template{$name: ensure => $ensure, + configuration => $configuration, template_partial => 'apache/vhosts/redirect/partial.erb', domain => $domain, path => 'really_absent', diff --git a/manifests/vhost/static.pp b/manifests/vhost/static.pp index f1dbcc2..f919766 100644 --- a/manifests/vhost/static.pp +++ b/manifests/vhost/static.pp @@ -13,70 +13,73 @@ # - true: activate mod_security # define apache::vhost::static( - $ensure = present, - $domain = 'absent', - $domainalias = 'absent', - $server_admin = 'absent', - $logmode = 'default', - $path = 'absent', - $owner = root, - $group = apache, - $documentroot_owner = apache, - $documentroot_group = 0, - $documentroot_mode = 0640, - $allow_override = 'None', - $do_includes = false, - $options = 'absent', - $additional_options = 'absent', - $default_charset = 'absent', - $ssl_mode = false, - $run_mode = 'normal', - $vhost_mode = 'template', - $template_partial = 'apache/vhosts/static/partial.erb', - $vhost_source = 'absent', - $vhost_destination = 'absent', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent', - $mod_security = false, - $mod_security_relevantonly = true, - $mod_security_rules_to_disable = [], - $mod_security_additional_options = 'absent' + $ensure = present, + $configuration = {}, + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $logmode = 'default', + $path = 'absent', + $owner = root, + $group = apache, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = 0640, + $allow_override = 'None', + $do_includes = false, + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $ssl_mode = false, + $run_mode = 'normal', + $vhost_mode = 'template', + $template_partial = 'apache/vhosts/static/partial.erb', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $mod_security = false, + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent' ){ # create webdir ::apache::vhost::webdir{$name: - ensure => $ensure, - path => $path, - owner => $owner, - group => $group, - run_mode => $run_mode, - documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, - documentroot_mode => $documentroot_mode, + ensure => $ensure, + path => $path, + owner => $owner, + group => $group, + run_mode => $run_mode, + datadir => false, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, } # create vhost configuration file ::apache::vhost{$name: - ensure => $ensure, - path => $path, - template_partial => $template_partial, - vhost_mode => $vhost_mode, - vhost_source => $vhost_source, - vhost_destination => $vhost_destination, - domain => $domain, - domainalias => $domainalias, - server_admin => $server_admin, - logmode => $logmode, - allow_override => $allow_override, - do_includes => $do_includes, - options => $options, - additional_options => $additional_options, - default_charset => $default_charset, - ssl_mode => $ssl_mode, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - mod_security => $mod_security, - mod_security_relevantonly => $mod_security_relevantonly, - mod_security_rules_to_disable => $mod_security_rules_to_disable, + ensure => $ensure, + configuration => $configuration, + path => $path, + template_partial => $template_partial, + vhost_mode => $vhost_mode, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + logmode => $logmode, + allow_override => $allow_override, + do_includes => $do_includes, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + ssl_mode => $ssl_mode, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, mod_security_additional_options => $mod_security_additional_options, } } diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index 55d41d9..8e9b798 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -42,6 +42,7 @@ # define apache::vhost::template( $ensure = present, + $configuration = {}, $path = 'absent', $path_is_webdir = false, $logpath = 'absent', @@ -133,6 +134,7 @@ define apache::vhost::template( } apache::vhost::file{$name: + configuration => $configuration, ensure => $ensure, do_includes => $do_includes, run_mode => $run_mode, diff --git a/manifests/vhost/webdav.pp b/manifests/vhost/webdav.pp index 003a308..ff9e8ab 100644 --- a/manifests/vhost/webdav.pp +++ b/manifests/vhost/webdav.pp @@ -24,100 +24,103 @@ # - semianonym: Don't log ips for CustomLog, log normal ErrorLog # define apache::vhost::webdav( - $ensure = present, - $domain = 'absent', - $domainalias = 'absent', - $server_admin = 'absent', - $path = 'absent', - $owner = root, - $group = apache, - $manage_webdir = true, - $path_is_webdir = false, - $logmode = 'default', - $logpath = 'absent', - $documentroot_owner = apache, - $documentroot_group = 0, - $documentroot_mode = 0640, - $run_mode = 'normal', - $run_uid = 'absent', - $run_gid = 'absent', - $options = 'absent', - $additional_options = 'absent', - $default_charset = 'absent', - $mod_security = false, - $mod_security_relevantonly = true, - $mod_security_rules_to_disable = [], - $mod_security_additional_options = 'absent', - $ssl_mode = false, - $vhost_mode = 'template', - $vhost_source = 'absent', - $vhost_destination = 'absent', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent', - $ldap_auth = false, - $ldap_user = 'any', - $dav_db_dir = 'absent' + $ensure = present, + $configuration = {}, + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $path = 'absent', + $owner = root, + $group = apache, + $manage_webdir = true, + $path_is_webdir = false, + $logmode = 'default', + $logpath = 'absent', + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = 0640, + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $mod_security = false, + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', + $ssl_mode = false, + $vhost_mode = 'template', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $ldap_auth = false, + $ldap_user = 'any', + $dav_db_dir = 'absent' ){ - ::apache::vhost::davdbdir{$name: - ensure => $ensure, - dav_db_dir => $dav_db_dir, - documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, - documentroot_mode => $documentroot_mode, - run_mode => $run_mode, - run_uid => $run_uid, - } + ::apache::vhost::davdbdir{$name: + ensure => $ensure, + dav_db_dir => $dav_db_dir, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + } - if $manage_webdir { - # create webdir - ::apache::vhost::webdir{$name: - ensure => $ensure, - path => $path, - owner => $owner, - group => $group, - run_mode => $run_mode, - documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, - documentroot_mode => $documentroot_mode, - } + if $manage_webdir { + # create webdir + ::apache::vhost::webdir{$name: + ensure => $ensure, + path => $path, + owner => $owner, + group => $group, + run_mode => $run_mode, + datadir => false, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, } + } - if $run_mode == 'static-itk' { - notice("static-itk mode is not possible for webdav vhosts, rewriting it to proxy-itk") - $real_run_mode = 'proxy-itk' - } else { - $real_run_mode = $run_mode - } + if $run_mode == 'static-itk' { + notice('static-itk mode is not possible for webdav vhosts, rewriting it to proxy-itk') + $real_run_mode = 'proxy-itk' + } else { + $real_run_mode = $run_mode + } - # create vhost configuration file - ::apache::vhost{$name: - ensure => $ensure, - path => $path, - path_is_webdir => $path_is_webdir, - logpath => $logpath, - logmode => $logmode, - template_partial => 'apache/vhosts/webdav/partial.erb', - vhost_mode => $vhost_mode, - vhost_source => $vhost_source, - vhost_destination => $vhost_destination, - domain => $domain, - domainalias => $domainalias, - server_admin => $server_admin, - run_mode => $real_run_mode, - run_uid => $run_uid, - run_gid => $run_gid, - options => $options, - additional_options => $additional_options, - default_charset => $default_charset, - ssl_mode => $ssl_mode, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - ldap_auth => $ldap_auth, - ldap_user => $ldap_user, - mod_security => $mod_security, - mod_security_relevantonly => $mod_security_relevantonly, - mod_security_rules_to_disable => $mod_security_rules_to_disable, - mod_security_additional_options => $mod_security_additional_options, - } + # create vhost configuration file + ::apache::vhost{$name: + ensure => $ensure, + configuration => $configuration, + path => $path, + path_is_webdir => $path_is_webdir, + logpath => $logpath, + logmode => $logmode, + template_partial => 'apache/vhosts/webdav/partial.erb', + vhost_mode => $vhost_mode, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + run_mode => $real_run_mode, + run_uid => $run_uid, + run_gid => $run_gid, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + ssl_mode => $ssl_mode, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + ldap_auth => $ldap_auth, + ldap_user => $ldap_user, + mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, + } } diff --git a/manifests/vhost/webdir.pp b/manifests/vhost/webdir.pp index c9729f0..e0e2546 100644 --- a/manifests/vhost/webdir.pp +++ b/manifests/vhost/webdir.pp @@ -1,15 +1,16 @@ # create webdir define apache::vhost::webdir( - $ensure = present, - $path = 'absent', - $owner = root, - $group = apache, - $mode = 0640, - $run_mode = 'normal', - $manage_docroot = true, - $documentroot_owner = root, - $documentroot_group = apache, - $documentroot_mode = 0640, + $ensure = present, + $path = 'absent', + $owner = root, + $group = apache, + $mode = 0640, + $run_mode = 'normal', + $manage_docroot = true, + $datadir = true, + $documentroot_owner = root, + $documentroot_group = apache, + $documentroot_mode = 0640, $documentroot_recurse = false ){ $real_path = $path ? { @@ -68,6 +69,11 @@ define apache::vhost::webdir( } case $ensure { absent: { + exec{"cleanup_webdir_${real_path}": + command => "rm -rf ${real_path}", + onlyif => "test -d ${real_path}", + before => File[$real_path], + } file{$real_path: ensure => absent, purge => true, @@ -105,6 +111,14 @@ define apache::vhost::webdir( mode => $documentroot_mode; } } + if $datadir { + file{"${real_path}/data": + ensure => directory, + owner => $real_documentroot_owner, + group => $real_documentroot_group, + mode => '0640'; + } + } case $::operatingsystem { centos: { include apache::logrotate::centos::vhosts } default: { #nothing |