From a04f31435ab3b51441db68c4b1020fe2e0b02946 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 12 Jun 2010 08:48:05 +0200 Subject: introduce upload dir for gallery server side uploads --- manifests/vhost/php/gallery2.pp | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp index 19240e9..7f38895 100644 --- a/manifests/vhost/php/gallery2.pp +++ b/manifests/vhost/php/gallery2.pp @@ -43,7 +43,8 @@ define apache::vhost::php::gallery2( $htpasswd_path = 'absent', $manage_config = true, $config_webwriteable = false, - $manage_directories = true + $manage_directories = true, + $upload_dir = 'present' ){ $documentroot = $path ? { 'absent' => $operatingsystem ? { @@ -64,9 +65,32 @@ define apache::vhost::php::gallery2( 'present' => directory, default => absent }, - owner => $documentroot_owner, - group => $documentroot_group, - mode => 0660; + owner => $documentroot_owner, group => $documentroot_group, mode => 0660; + } + + if $upload_dir != 'present' { + $real_upload_dir = $operatingsystem ? { + openbsd => "/var/www/htdocs/${name}/upload", + default => "/var/www/vhosts/${name}/upload" + } + } else { + $real_upload_dir = $upload_dir + } + + file{$real_upload_dir: + owner => $documentroot_owner, group => $documentroot_group, mode => 0660; + } + if ($ensure == 'absent') or ($upload_dir == 'absent') { + File[$real_upload_dir]{ + ensure => absent, + purge => true, + force => true, + recurse => true + } + } else { + File[$real_upload_dir]{ + ensure => directory + } } # create vhost configuration file -- cgit v1.2.3 From c01166a05d3a2aa3c62b913902cd6a247ab2616c Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 12 Jun 2010 08:54:15 +0200 Subject: get the decision branch right --- manifests/vhost/php/gallery2.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp index 7f38895..fde5d0d 100644 --- a/manifests/vhost/php/gallery2.pp +++ b/manifests/vhost/php/gallery2.pp @@ -68,11 +68,11 @@ define apache::vhost::php::gallery2( owner => $documentroot_owner, group => $documentroot_group, mode => 0660; } - if $upload_dir != 'present' { + if ($upload_dir == 'present') or ($upload_dir == 'absent') { $real_upload_dir = $operatingsystem ? { - openbsd => "/var/www/htdocs/${name}/upload", - default => "/var/www/vhosts/${name}/upload" - } + openbsd => "/var/www/htdocs/${name}/upload", + default => "/var/www/vhosts/${name}/upload" + } } else { $real_upload_dir = $upload_dir } -- cgit v1.2.3 From 5c7054c2383d00232eaba8128af8ec6454865f41 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 12 Jun 2010 10:03:30 +0200 Subject: disable mod_security for galleries --- manifests/vhost/php/gallery2.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp index fde5d0d..048a5f3 100644 --- a/manifests/vhost/php/gallery2.pp +++ b/manifests/vhost/php/gallery2.pp @@ -33,7 +33,7 @@ define apache::vhost::php::gallery2( $options = 'absent', $additional_options = 'absent', $default_charset = 'absent', - $mod_security = true, + $mod_security = false, $mod_security_relevantonly = true, $ssl_mode = false, $vhost_mode = 'template', -- cgit v1.2.3 From 4bf1b0414f224698736c77335a75adb8a759bc4a Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 5 Jul 2010 23:54:41 +0200 Subject: remove duplicate source entry --- manifests/vhost/file.pp | 1 - 1 file changed, 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp index 29325bb..cd92947 100644 --- a/manifests/vhost/file.pp +++ b/manifests/vhost/file.pp @@ -51,7 +51,6 @@ define apache::vhost::file( "puppet://$server/modules/site-apache/vhosts.d/$operatingsystem.$lsbdistcodename/$name.conf", "puppet://$server/modules/site-apache/vhosts.d/$operatingsystem/$name.conf", "puppet://$server/modules/site-apache/vhosts.d/$name.conf", - "puppet://$server/modules/apache/vhosts.d/$name.conf", "puppet://$server/modules/apache/vhosts.d/$operatingsystem.$lsbdistcodename/$name.conf", "puppet://$server/modules/apache/vhosts.d/$operatingsystem/$name.conf", "puppet://$server/modules/apache/vhosts.d/$name.conf" -- cgit v1.2.3 From 40fa782cbac8c668a870199c2a3a927766aa363b Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 20 Jul 2010 00:10:00 +0200 Subject: fix wrong statement --- manifests/vhost/file.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp index cd92947..6ce8b7f 100644 --- a/manifests/vhost/file.pp +++ b/manifests/vhost/file.pp @@ -68,7 +68,7 @@ define apache::vhost::file( } } case $htpasswd_file { - 'absent','nodeploy': { info("don't deploy a htpasswd file for ${name") } + 'absent','nodeploy': { info("don't deploy a htpasswd file for ${name}") } default: { if $htpasswd_path == 'absent' { $real_htpasswd_path = "/var/www/htpasswds/$name" -- cgit v1.2.3 From f534d097fb2ac5c49ce71f8a47d4de97efd22e28 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 20 Jul 2010 07:43:54 +0200 Subject: clean up some possible loops --- manifests/mod_dav_svn.pp | 3 +-- manifests/mod_macro.pp | 3 +-- manifests/status.pp | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) (limited to 'manifests') diff --git a/manifests/mod_dav_svn.pp b/manifests/mod_dav_svn.pp index a213043..bdcc4ab 100644 --- a/manifests/mod_dav_svn.pp +++ b/manifests/mod_dav_svn.pp @@ -1,6 +1,5 @@ class apache::mod_dav_svn { - include apache - package{mod_dav_svn: + package{'mod_dav_svn': ensure => installed, require => Package['apache'], notify => Service['apache'], diff --git a/manifests/mod_macro.pp b/manifests/mod_macro.pp index acee280..eed59e5 100644 --- a/manifests/mod_macro.pp +++ b/manifests/mod_macro.pp @@ -1,6 +1,5 @@ class apache::mod_macro { - include apache - package{mod_macro: + package{'mod_macro': ensure => installed, require => Package['apache'], notify => Service['apache'], diff --git a/manifests/status.pp b/manifests/status.pp index d32069e..f67507c 100644 --- a/manifests/status.pp +++ b/manifests/status.pp @@ -1,6 +1,6 @@ # manifests/status.pp -class apache::status inherits apache { +class apache::status { case $operatingsystem { centos: { include apache::status::centos } defaults: { include apache::status::base } -- cgit v1.2.3 From d50296539fc641b6387fcea712d950785c83cea3 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 7 Aug 2010 02:12:12 +0200 Subject: remove unnecessary fileserver variable (#2460) --- manifests/centos.pp | 6 +++--- manifests/centos/itk.pp | 6 +++--- manifests/centos/module.pp | 12 ++++++------ manifests/debian.pp | 10 +++++----- manifests/gentoo/module.pp | 12 ++++++------ manifests/openbsd.pp | 12 ++++++------ manifests/ssl/openbsd.pp | 2 +- manifests/vhost/file.pp | 24 ++++++++++++------------ manifests/vhost/file/documentrootfile.pp | 18 +++++++++--------- manifests/vhost/php/standard.pp | 2 +- 10 files changed, 52 insertions(+), 52 deletions(-) (limited to 'manifests') diff --git a/manifests/centos.pp b/manifests/centos.pp index cb47adc..ec29ccb 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -30,9 +30,9 @@ class apache::centos inherits apache::package { file{'apache_service_config': path => '/etc/sysconfig/httpd', - source => [ "puppet://$server/modules/site-apache/service/CentOS/${fqdn}/httpd", - "puppet://$server/modules/site-apache/service/CentOS/httpd", - "puppet://$server/modules/apache/service/CentOS/httpd" ], + source => [ "puppet:///modules/site-apache/service/CentOS/${fqdn}/httpd", + "puppet:///modules/site-apache/service/CentOS/httpd", + "puppet:///modules/apache/service/CentOS/httpd" ], require => Package['apache'], notify => Service['apache'], owner => root, group => 0, mode => 0644; diff --git a/manifests/centos/itk.pp b/manifests/centos/itk.pp index 94f0f1c..46a5225 100644 --- a/manifests/centos/itk.pp +++ b/manifests/centos/itk.pp @@ -5,8 +5,8 @@ class apache::centos::itk inherits apache::centos { name => 'httpd-itk', } File['apache_service_config']{ - source => [ "puppet://$server/modules/site-apache/service/CentOS/${fqdn}/httpd.itk", - "puppet://$server/modules/site-apache/service/CentOS/httpd.itk", - "puppet://$server/modules/apache/service/CentOS/httpd.itk" ], + source => [ "puppet:///modules/site-apache/service/CentOS/${fqdn}/httpd.itk", + "puppet:///modules/site-apache/service/CentOS/httpd.itk", + "puppet:///modules/apache/service/CentOS/httpd.itk" ], } } diff --git a/manifests/centos/module.pp b/manifests/centos/module.pp index 4bbf251..b4cddb7 100644 --- a/manifests/centos/module.pp +++ b/manifests/centos/module.pp @@ -10,13 +10,13 @@ define apache::centos::module( } $real_source = $source ? { '' => [ - "puppet://$server/modules/site-apache/modules.d/${fqdn}/${name}.so", - "puppet://$server/modules/site-apache/modules.d/${apache_cluster_node}/${name}.so", - "puppet://$server/modules/site-apache/modules.d/${name}.so", - "puppet://$server/modules/apache/modules.d/${operatingsystem}/${name}.so", - "puppet://$server/modules/apache/modules.d/${name}.so" + "puppet:///modules/site-apache/modules.d/${fqdn}/${name}.so", + "puppet:///modules/site-apache/modules.d/${apache_cluster_node}/${name}.so", + "puppet:///modules/site-apache/modules.d/${name}.so", + "puppet:///modules/apache/modules.d/${operatingsystem}/${name}.so", + "puppet:///modules/apache/modules.d/${name}.so" ], - default => "puppet://$server/$source", + default => "puppet:///$source", } file{"modules_${name}.conf": ensure => $ensure, diff --git a/manifests/debian.pp b/manifests/debian.pp index e07920f..aa54dfa 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -20,11 +20,11 @@ class apache::debian inherits apache::package { } file { 'apache_main_config': path => "${config_dir}/apache2.conf", - source => [ "puppet://$server/modules/site-apache/config/Debian.${lsbdistcodename}/${fqdn}/apache2.conf", - "puppet://$server/modules/site-apache/config/Debian/{$fqdn}/apache2.conf", - "puppet://$server/modules/site-apache/config/Debian.${lsbdistcodename}/apache2.conf", - "puppet://$server/modules/site-apache/config/Debian/apache2.conf", - "puppet://$server/modules/apache/config/Debian/apache2.conf" ], + source => [ "puppet:///modules/site-apache/config/Debian.${lsbdistcodename}/${fqdn}/apache2.conf", + "puppet:///modules/site-apache/config/Debian/{$fqdn}/apache2.conf", + "puppet:///modules/site-apache/config/Debian.${lsbdistcodename}/apache2.conf", + "puppet:///modules/site-apache/config/Debian/apache2.conf", + "puppet:///modules/apache/config/Debian/apache2.conf" ], require => Package['apache'], notify => Service['apache'], owner => root, group => 0, mode => 0644; diff --git a/manifests/gentoo/module.pp b/manifests/gentoo/module.pp index 7764c6f..33b6703 100644 --- a/manifests/gentoo/module.pp +++ b/manifests/gentoo/module.pp @@ -10,13 +10,13 @@ define apache::gentoo::module( } $real_source = $source ? { '' => [ - "puppet://$server/modules/site-apache/modules.d/${fqdn}/${name}.conf", - "puppet://$server/modules/site-apache/modules.d/${apache_cluster_node}/${name}.conf", - "puppet://$server/modules/site-apache/modules.d/${name}.conf", - "puppet://$server/modules/apache/modules.d/${operatingsystem}/${name}.conf", - "puppet://$server/modules/apache/modules.d/${name}.conf" + "puppet:///modules/site-apache/modules.d/${fqdn}/${name}.conf", + "puppet:///modules/site-apache/modules.d/${apache_cluster_node}/${name}.conf", + "puppet:///modules/site-apache/modules.d/${name}.conf", + "puppet:///modules/apache/modules.d/${operatingsystem}/${name}.conf", + "puppet:///modules/apache/modules.d/${name}.conf" ], - default => "puppet://$server/$source", + default => "puppet:///$source", } file{"modules_${name}.conf": ensure => $ensure, diff --git a/manifests/openbsd.pp b/manifests/openbsd.pp index 2cf5fd4..68a13b1 100644 --- a/manifests/openbsd.pp +++ b/manifests/openbsd.pp @@ -26,10 +26,10 @@ class apache::openbsd inherits apache::base { } file{'apache_main_config': path => "${config_dir}/conf/httpd.conf", - source => [ "puppet://$server/modules/site-apache/config/OpenBSD/${fqdn}/httpd.conf", - "puppet://$server/modules/site-apache/config/OpenBSD/${apache_cluster_node}/httpd.conf", - "puppet://$server/modules/site-apache/config/OpenBSD//httpd.conf", - "puppet://$server/modules/apache/config/OpenBSD/httpd.conf" ], + source => [ "puppet:///modules/site-apache/config/OpenBSD/${fqdn}/httpd.conf", + "puppet:///modules/site-apache/config/OpenBSD/${apache_cluster_node}/httpd.conf", + "puppet:///modules/site-apache/config/OpenBSD//httpd.conf", + "puppet:///modules/apache/config/OpenBSD/httpd.conf" ], notify => Service['apache'], owner => root, group => 0, mode => 0644; } @@ -37,7 +37,7 @@ class apache::openbsd inherits apache::base { path => '/var/www/htdocs/default/www/index.html', } file{'/opt/bin/restart_apache.sh': - source => "puppet://$server/modules/apache/scripts/OpenBSD/bin/restart_apache.sh", + source => "puppet:///modules/apache/scripts/OpenBSD/bin/restart_apache.sh", require => File['/opt/bin'], owner => root, group => 0, mode => 0700; } @@ -51,7 +51,7 @@ class apache::openbsd inherits apache::base { stop => 'apachectl stop', } file{'/opt/bin/apache_logrotate.sh': - source => "puppet://$server/modules/apache/scripts/OpenBSD/bin/apache_logrotate.sh", + source => "puppet:///modules/apache/scripts/OpenBSD/bin/apache_logrotate.sh", require => File['/opt/bin'], owner => root, group => 0, mode => 0700; } diff --git a/manifests/ssl/openbsd.pp b/manifests/ssl/openbsd.pp index 6d357ee..0e221aa 100644 --- a/manifests/ssl/openbsd.pp +++ b/manifests/ssl/openbsd.pp @@ -10,7 +10,7 @@ class apache::ssl::openbsd inherits apache::openbsd { } File['/opt/bin/restart_apache.sh']{ - source => "puppet://$server/modules/apache/scripts/OpenBSD/bin/restart_apache_ssl.sh", + source => "puppet:///modules/apache/scripts/OpenBSD/bin/restart_apache_ssl.sh", } Service['apache']{ start => 'apachectl startssl', diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp index 6ce8b7f..fca0a1e 100644 --- a/manifests/vhost/file.pp +++ b/manifests/vhost/file.pp @@ -46,16 +46,16 @@ define apache::vhost::file( 'absent': { $real_vhost_source = $vhost_source ? { 'absent' => [ - "puppet://$server/modules/site-apache/vhosts.d/$fqdn/$name.conf", - "puppet://$server/modules/site-apache/vhosts.d/$apache_cluster_node/$name.conf", - "puppet://$server/modules/site-apache/vhosts.d/$operatingsystem.$lsbdistcodename/$name.conf", - "puppet://$server/modules/site-apache/vhosts.d/$operatingsystem/$name.conf", - "puppet://$server/modules/site-apache/vhosts.d/$name.conf", - "puppet://$server/modules/apache/vhosts.d/$operatingsystem.$lsbdistcodename/$name.conf", - "puppet://$server/modules/apache/vhosts.d/$operatingsystem/$name.conf", - "puppet://$server/modules/apache/vhosts.d/$name.conf" + "puppet:///modules/site-apache/vhosts.d/$fqdn/$name.conf", + "puppet:///modules/site-apache/vhosts.d/$apache_cluster_node/$name.conf", + "puppet:///modules/site-apache/vhosts.d/$operatingsystem.$lsbdistcodename/$name.conf", + "puppet:///modules/site-apache/vhosts.d/$operatingsystem/$name.conf", + "puppet:///modules/site-apache/vhosts.d/$name.conf", + "puppet:///modules/apache/vhosts.d/$operatingsystem.$lsbdistcodename/$name.conf", + "puppet:///modules/apache/vhosts.d/$operatingsystem/$name.conf", + "puppet:///modules/apache/vhosts.d/$name.conf" ], - default => "puppet://$server/$vhost_source", + default => "puppet:///$vhost_source", } File["${name}.conf"]{ source => $real_vhost_source, @@ -77,9 +77,9 @@ define apache::vhost::file( } file{$real_htpasswd_path: ensure => $ensure, - source => [ "puppet://$server/modules/site-apache/htpasswds/$fqdn/$name", - "puppet://$server/modules/site-apache/htpasswds/$apache_cluster_node/$name", - "puppet://$server/modules/site-apache/htpasswds/$name" ], + source => [ "puppet:///modules/site-apache/htpasswds/$fqdn/$name", + "puppet:///modules/site-apache/htpasswds/$apache_cluster_node/$name", + "puppet:///modules/site-apache/htpasswds/$name" ], owner => root, group => 0, mode => 0644; } } diff --git a/manifests/vhost/file/documentrootfile.pp b/manifests/vhost/file/documentrootfile.pp index 441d605..dd8e565 100644 --- a/manifests/vhost/file/documentrootfile.pp +++ b/manifests/vhost/file/documentrootfile.pp @@ -7,15 +7,15 @@ define apache::vhost::file::documentrootfile( $mode=440 ){ file{"$documentroot/$filename": - source => [ "puppet://$server/modules/site-apache/vhost_varieties/$fqdn/$thedomain/$filename", - "puppet://$server/modules/site-apache/vhost_varieties/$apache_cluster_node/$thedomain/$filename", - "puppet://$server/modules/site-apache/vhost_varieties/$operatingsystem.$lsbdistcodename/$thedomain/$filename", - "puppet://$server/modules/site-apache/vhost_varieties/$operatingsystem/$thedomain/$filename", - "puppet://$server/modules/site-apache/vhost_varieties/$thedomain/$filename", - "puppet://$server/modules/apache/vhost_varieties/$thedomain/$filename", - "puppet://$server/modules/apache/vhost_varieties/$operatingsystem.$lsbdistcodename/$thedomain/$filename", - "puppet://$server/modules/apache/vhost_varieties/$operatingsystem/$thedomain/$filename", - "puppet://$server/modules/apache/vhost_varieties/$thedomain/$filename" + source => [ "puppet:///modules/site-apache/vhost_varieties/$fqdn/$thedomain/$filename", + "puppet:///modules/site-apache/vhost_varieties/$apache_cluster_node/$thedomain/$filename", + "puppet:///modules/site-apache/vhost_varieties/$operatingsystem.$lsbdistcodename/$thedomain/$filename", + "puppet:///modules/site-apache/vhost_varieties/$operatingsystem/$thedomain/$filename", + "puppet:///modules/site-apache/vhost_varieties/$thedomain/$filename", + "puppet:///modules/apache/vhost_varieties/$thedomain/$filename", + "puppet:///modules/apache/vhost_varieties/$operatingsystem.$lsbdistcodename/$thedomain/$filename", + "puppet:///modules/apache/vhost_varieties/$operatingsystem/$thedomain/$filename", + "puppet:///modules/apache/vhost_varieties/$thedomain/$filename" ], ensure => file, require => Apache::Vhost::Webdir["$thedomain"], diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index a6e2ff0..090e803 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -87,7 +87,7 @@ define apache::vhost::php::standard( 'present' => directory, default => absent, }, - source => "puppet://$server/modules/common/empty", + source => "puppet:///modules/common/empty", owner => $documentroot_owner, group => $documentroot_group, mode => 0750, } $php_safe_mode_exec_bins_subst = regsubst($php_safe_mode_exec_bins,"(.+)","${name}_\\1") -- cgit v1.2.3 From 7bbb0feacac0565457f5f56f65468429803454fb Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 11 Aug 2010 14:06:53 +0200 Subject: introduce logmode feature We are now able to select how apache should log accesses. These modes are: * default: as you would use it * semianonym: no ips are logged for CustomLog, ErrorLog still logs ips * anonym: no ips are logged for CustomLog, ErrorLog is sent to /dev/null * nologs: all logs are sent to /dev/null --- manifests/noiplog.pp | 5 +++++ manifests/vhost.pp | 7 +++++++ manifests/vhost/gitweb.pp | 7 +++++++ manifests/vhost/modperl.pp | 7 +++++++ manifests/vhost/passenger.pp | 7 +++++++ manifests/vhost/php/drupal.pp | 7 +++++++ manifests/vhost/php/gallery2.pp | 7 +++++++ manifests/vhost/php/joomla.pp | 7 +++++++ manifests/vhost/php/mediawiki.pp | 7 +++++++ manifests/vhost/php/silverstripe.pp | 7 +++++++ manifests/vhost/php/simplemachine.pp | 7 +++++++ manifests/vhost/php/spip.pp | 7 +++++++ manifests/vhost/php/standard.pp | 7 +++++++ manifests/vhost/php/typo3.pp | 7 +++++++ manifests/vhost/php/webapp.pp | 7 +++++++ manifests/vhost/php/wordpress.pp | 7 +++++++ manifests/vhost/redirect.pp | 7 +++++++ manifests/vhost/static.pp | 7 +++++++ manifests/vhost/template.pp | 9 +++++++++ manifests/vhost/webdav.pp | 7 +++++++ 20 files changed, 140 insertions(+) create mode 100644 manifests/noiplog.pp (limited to 'manifests') diff --git a/manifests/noiplog.pp b/manifests/noiplog.pp new file mode 100644 index 0000000..355d7e6 --- /dev/null +++ b/manifests/noiplog.pp @@ -0,0 +1,5 @@ +class apache::noiplog { + apache::config::global{ 'noip_log.conf': + content => 'LogFormat "127.0.0.1 - - %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %T %V" noip'; + } +} diff --git a/manifests/vhost.pp b/manifests/vhost.pp index f1a20f0..cc163eb 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -9,11 +9,17 @@ # php_default_charset: default charset header for php. # *default*: absent, which will set the same as default_charset # of apache +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost( $ensure = present, $path = 'absent', $path_is_webdir = false, $logpath = 'absent', + $logmode = 'default', $template_mode = 'static', $vhost_mode = 'template', $vhost_source = 'absent', @@ -67,6 +73,7 @@ define apache::vhost( path => $path, path_is_webdir => $path_is_webdir, logpath => $logpath, + logmode => $logmode, domain => $domain, domainalias => $domainalias, server_admin => $server_admin, diff --git a/manifests/vhost/gitweb.pp b/manifests/vhost/gitweb.pp index 084b04c..96e06b4 100644 --- a/manifests/vhost/gitweb.pp +++ b/manifests/vhost/gitweb.pp @@ -1,6 +1,12 @@ +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::gitweb( $ensure = present, $domain = 'absent', + $logmode = 'default', $domainalias = 'absent', $server_admin = 'absent', $owner = root, @@ -29,6 +35,7 @@ define apache::vhost::gitweb( openbsd => '/var/www/logs', default => '/var/log/apache2' }, + logmode => $logmode, template_mode => 'gitweb', domain => $domain, domainalias => $domainalias, diff --git a/manifests/vhost/modperl.pp b/manifests/vhost/modperl.pp index 98876e4..ef6b5d7 100644 --- a/manifests/vhost/modperl.pp +++ b/manifests/vhost/modperl.pp @@ -4,11 +4,17 @@ # and run_uid and run_gid are used as vhost users # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::modperl( $ensure = present, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', + $logmode = 'default', $path = 'absent', $owner = root, $group = apache, @@ -71,6 +77,7 @@ define apache::vhost::modperl( ensure => $ensure, path => $path, template_mode => 'perl', + logmode => $logmode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, vhost_destination => $vhost_destination, diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index 732758e..4a9b95e 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -1,10 +1,16 @@ # run_uid: the uid the vhost should run as with the mod_passenger module # run_gid: the gid the vhost should run as with the mod_passenger module +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::passenger( $ensure = present, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', + $logmode = 'default', $path = 'absent', $manage_webdir = true, $manage_docroot = true, @@ -54,6 +60,7 @@ define apache::vhost::passenger( ensure => $ensure, path => $path, template_mode => $template_mode, + logmode => $logmode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, vhost_destination => $vhost_destination, diff --git a/manifests/vhost/php/drupal.pp b/manifests/vhost/php/drupal.pp index f23a434..7f48841 100644 --- a/manifests/vhost/php/drupal.pp +++ b/manifests/vhost/php/drupal.pp @@ -10,11 +10,17 @@ # php_default_charset: default charset header for php. # *default*: absent, which will set the same as default_charset # of apache +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::drupal( $ensure = present, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', + $logmode = 'default', $path = 'absent', $owner = root, $group = apache, @@ -67,6 +73,7 @@ define apache::vhost::php::drupal( domain => $domain, domainalias => $domainalias, server_admin => $server_admin, + logmode => $logmode, path => $path, template_mode => 'php_drupal', owner => $owner, diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp index 048a5f3..a846e7b 100644 --- a/manifests/vhost/php/gallery2.pp +++ b/manifests/vhost/php/gallery2.pp @@ -10,11 +10,17 @@ # php_default_charset: default charset header for php. # *default*: absent, which will set the same as default_charset # of apache +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::gallery2( $ensure = present, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', + $logmode = 'default', $path = 'absent', $owner = root, $group = apache, @@ -99,6 +105,7 @@ define apache::vhost::php::gallery2( domain => $domain, domainalias => $domainalias, server_admin => $server_admin, + logmode => $logmode, path => $path, template_mode => 'php_gallery2', owner => $owner, diff --git a/manifests/vhost/php/joomla.pp b/manifests/vhost/php/joomla.pp index 280792e..1af9bf9 100644 --- a/manifests/vhost/php/joomla.pp +++ b/manifests/vhost/php/joomla.pp @@ -10,11 +10,17 @@ # php_default_charset: default charset header for php. # *default*: absent, which will set the same as default_charset # of apache +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::joomla( $ensure = present, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', + $logmode = 'default', $path = 'absent', $owner = root, $group = apache, @@ -61,6 +67,7 @@ define apache::vhost::php::joomla( domain => $domain, domainalias => $domainalias, server_admin => $server_admin, + logmode => $logmode, path => $path, template_mode => 'php_joomla', owner => $owner, diff --git a/manifests/vhost/php/mediawiki.pp b/manifests/vhost/php/mediawiki.pp index d24ada9..cda1654 100644 --- a/manifests/vhost/php/mediawiki.pp +++ b/manifests/vhost/php/mediawiki.pp @@ -10,11 +10,17 @@ # php_default_charset: default charset header for php. # *default*: absent, which will set the same as default_charset # of apache +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::mediawiki( $ensure = present, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', + $logmode = 'default', $path = 'absent', $manage_docroot = true, $owner = root, @@ -48,6 +54,7 @@ define apache::vhost::php::mediawiki( domain => $domain, domainalias => $domainalias, server_admin => $server_admin, + logmode => $logmode, path => $path, manage_docroot => $manage_docroot, template_mode => 'php_mediawiki', diff --git a/manifests/vhost/php/silverstripe.pp b/manifests/vhost/php/silverstripe.pp index 3838d55..419a340 100644 --- a/manifests/vhost/php/silverstripe.pp +++ b/manifests/vhost/php/silverstripe.pp @@ -10,11 +10,17 @@ # php_default_charset: default charset header for php. # *default*: absent, which will set the same as default_charset # of apache +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::silverstripe( $ensure = present, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', + $logmode = 'default', $path = 'absent', $owner = root, $group = apache, @@ -59,6 +65,7 @@ define apache::vhost::php::silverstripe( domain => $domain, domainalias => $domainalias, server_admin => $server_admin, + logmode => $logmode, path => $path, template_mode => 'php_silverstripe', owner => $owner, diff --git a/manifests/vhost/php/simplemachine.pp b/manifests/vhost/php/simplemachine.pp index f1ea170..f015a2f 100644 --- a/manifests/vhost/php/simplemachine.pp +++ b/manifests/vhost/php/simplemachine.pp @@ -10,11 +10,17 @@ # php_default_charset: default charset header for php. # *default*: absent, which will set the same as default_charset # of apache +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::simplemachine( $ensure = present, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', + $logmode = 'default', $path = 'absent', $owner = root, $group = apache, @@ -59,6 +65,7 @@ define apache::vhost::php::simplemachine( domain => $domain, domainalias => $domainalias, server_admin => $server_admin, + logmode => $logmode, path => $path, template_mode => 'php_simplemachine', owner => $owner, diff --git a/manifests/vhost/php/spip.pp b/manifests/vhost/php/spip.pp index 5064e77..56c3e94 100644 --- a/manifests/vhost/php/spip.pp +++ b/manifests/vhost/php/spip.pp @@ -10,11 +10,17 @@ # php_default_charset: default charset header for php. # *default*: absent, which will set the same as default_charset # of apache +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::spip( $ensure = present, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', + $logmode = 'default', $path = 'absent', $owner = root, $group = apache, @@ -56,6 +62,7 @@ define apache::vhost::php::spip( domain => $domain, domainalias => $domainalias, server_admin => $server_admin, + logmode => $logmode, path => $path, template_mode => 'php_spip', owner => $owner, diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 090e803..aa92a0e 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -10,11 +10,17 @@ # php_default_charset: default charset header for php. # *default*: absent, which will set the same as default_charset # of apache +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::standard( $ensure = present, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', + $logmode = 'default', $path = 'absent', $manage_webdir = true, $manage_docroot = true, @@ -131,6 +137,7 @@ define apache::vhost::php::standard( domain => $domain, domainalias => $domainalias, server_admin => $server_admin, + logmode => $logmode, run_mode => $run_mode, run_uid => $run_uid, run_gid => $run_gid, diff --git a/manifests/vhost/php/typo3.pp b/manifests/vhost/php/typo3.pp index dec227c..ab348ac 100644 --- a/manifests/vhost/php/typo3.pp +++ b/manifests/vhost/php/typo3.pp @@ -10,11 +10,17 @@ # php_default_charset: default charset header for php. # *default*: absent, which will set the same as default_charset # of apache +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::typo3( $ensure = present, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', + $logmode = 'default', $path = 'absent', $owner = root, $group = apache, @@ -59,6 +65,7 @@ define apache::vhost::php::typo3( domain => $domain, domainalias => $domainalias, server_admin => $server_admin, + logmode => $logmode, path => $path, template_mode => 'php_typo3', owner => $owner, diff --git a/manifests/vhost/php/webapp.pp b/manifests/vhost/php/webapp.pp index 22e932a..5e54782 100644 --- a/manifests/vhost/php/webapp.pp +++ b/manifests/vhost/php/webapp.pp @@ -10,11 +10,17 @@ # php_default_charset: default charset header for php. # *default*: absent, which will set the same as default_charset # of apache +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::webapp( $ensure = present, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', + $logmode = 'default', $path = 'absent', $manage_webdir = true, $manage_docroot = true, @@ -85,6 +91,7 @@ define apache::vhost::php::webapp( domain => $domain, domainalias => $domainalias, server_admin => $server_admin, + logmode => $logmode, path => $path, manage_webdir => $manage_webdir, manage_docroot => $manage_docroot, diff --git a/manifests/vhost/php/wordpress.pp b/manifests/vhost/php/wordpress.pp index c4e77f2..63e7267 100644 --- a/manifests/vhost/php/wordpress.pp +++ b/manifests/vhost/php/wordpress.pp @@ -10,11 +10,17 @@ # php_default_charset: default charset header for php. # *default*: absent, which will set the same as default_charset # of apache +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::wordpress( $ensure = present, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', + $logmode = 'default', $path = 'absent', $owner = root, $group = apache, @@ -60,6 +66,7 @@ define apache::vhost::php::wordpress( domain => $domain, domainalias => $domainalias, server_admin => $server_admin, + logmode => $logmode, path => $path, template_mode => 'php_wordpress', owner => $owner, diff --git a/manifests/vhost/redirect.pp b/manifests/vhost/redirect.pp index 10b78bf..e828097 100644 --- a/manifests/vhost/redirect.pp +++ b/manifests/vhost/redirect.pp @@ -10,12 +10,18 @@ # - true: enable ssl for this vhost # - force: enable ssl and redirect non-ssl to ssl # - only: enable ssl only +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::redirect( $ensure = present, $domain = 'absent', $domainalias = 'absent', $target_url, $server_admin = 'absent', + $logmode = 'default', $ssl_mode = false ){ # create vhost configuration file @@ -26,6 +32,7 @@ define apache::vhost::redirect( domain => $domain, domainalias => $domainalias, server_admin => $server_admin, + logmode => $logmode, allow_override => $allow_override, mod_security => false, options => $target_url, diff --git a/manifests/vhost/static.pp b/manifests/vhost/static.pp index 307dfbe..640e172 100644 --- a/manifests/vhost/static.pp +++ b/manifests/vhost/static.pp @@ -1,11 +1,17 @@ # vhost_mode: which option is chosen to deploy the vhost # - template: generate it from a template (default) # - file: deploy a vhost file (apache::vhost::file will be called directly) +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::static( $ensure = present, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', + $logmode = 'default', $path = 'absent', $owner = root, $group = apache, @@ -49,6 +55,7 @@ define apache::vhost::static( domain => $domain, domainalias => $domainalias, server_admin => $server_admin, + logmode => $logmode, allow_override => $allow_override, do_includes => $do_includes, options => $options, diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index bba3437..7c1f9be 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -20,11 +20,17 @@ # php_default_charset: default charset header for php. # *default*: absent, which will set the same as default_charset # of apache +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::template( $ensure = present, $path = 'absent', $path_is_webdir = false, $logpath = 'absent', + $logmode = 'default', $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', @@ -79,6 +85,9 @@ define apache::vhost::template( 'absent' => "$real_path/logs", default => $logpath } + case $logmode { + 'semianonym','anonym': { include apache::noiplog } + } $servername = $domain ? { 'absent' => $name, diff --git a/manifests/vhost/webdav.pp b/manifests/vhost/webdav.pp index 73c4a7a..770424c 100644 --- a/manifests/vhost/webdav.pp +++ b/manifests/vhost/webdav.pp @@ -5,11 +5,17 @@ # and run_uid and run_gid are used as vhost users # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::webdav( $ensure = present, $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', + $logmode = 'default', $path = 'absent', $owner = root, $group = apache, @@ -66,6 +72,7 @@ define apache::vhost::webdav( path => $path, path_is_webdir => $path_is_webdir, logpath => $logpath, + logmode => $logmode, template_mode => 'webdav', vhost_mode => $vhost_mode, vhost_source => $vhost_source, -- cgit v1.2.3 From 747054969e709681072426ff2c9ef3446ba7ceb8 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 11 Aug 2010 14:38:40 +0200 Subject: only include noip logging if we actually need it --- manifests/vhost/template.pp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index 7c1f9be..c1c9935 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -85,8 +85,10 @@ define apache::vhost::template( 'absent' => "$real_path/logs", default => $logpath } - case $logmode { - 'semianonym','anonym': { include apache::noiplog } + if $ensure != 'absent' { + case $logmode { + 'semianonym','anonym': { include apache::noiplog } + } } $servername = $domain ? { -- cgit v1.2.3 From d275f9db71ffd55aeef9e96b9f923d1169dcaba9 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 11 Aug 2010 14:42:44 +0200 Subject: only manage source or content if file should be present --- manifests/vhost/file.pp | 4 +++- manifests/vhost/template.pp | 14 ++++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp index fca0a1e..32a80db 100644 --- a/manifests/vhost/file.pp +++ b/manifests/vhost/file.pp @@ -42,7 +42,8 @@ define apache::vhost::file( if $use_mod_macro { include ::apache::mod_macro } - case $content { + if $ensure != 'absent' { + case $content { 'absent': { $real_vhost_source = $vhost_source ? { 'absent' => [ @@ -66,6 +67,7 @@ define apache::vhost::file( content => $content, } } + } } case $htpasswd_file { 'absent','nodeploy': { info("don't deploy a htpasswd file for ${name}") } diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index c1c9935..d7e9e07 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -85,11 +85,6 @@ define apache::vhost::template( 'absent' => "$real_path/logs", default => $logpath } - if $ensure != 'absent' { - case $logmode { - 'semianonym','anonym': { include apache::noiplog } - } - } $servername = $domain ? { 'absent' => $name, @@ -148,11 +143,18 @@ define apache::vhost::template( apache::vhost::file{$name: ensure => $ensure, - content => template("apache/vhosts/$template_mode/$operatingsystem.erb"), do_includes => $do_includes, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, use_mod_macro => $use_mod_macro, } + if $ensure != 'absent' { + case $logmode { + 'semianonym','anonym': { include apache::noiplog } + } + Apache::Vhost::File[$name]{ + content => template("apache/vhosts/$template_mode/$operatingsystem.erb") + } + } } -- cgit v1.2.3 From f2fad4fa29ff23b2220ba777f54f6be737e051be Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 11 Aug 2010 15:28:58 +0200 Subject: remove unnecessary fileserver variable (#2460) round II --- manifests/config/file.pp | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'manifests') diff --git a/manifests/config/file.pp b/manifests/config/file.pp index d72ba2e..05108ee 100644 --- a/manifests/config/file.pp +++ b/manifests/config/file.pp @@ -33,16 +33,16 @@ define apache::config::file( 'absent': { $real_source = $source ? { 'absent' => [ - "puppet://${server}/modules/site-apache/${confdir}/${fqdn}/${name}", - "puppet://${server}/modules/site-apache/${confdir}/${apache_cluster_node}/${name}", - "puppet://${server}/modules/site-apache/${confdir}/${operatingsystem}.${lsbdistcodename}/${name}", - "puppet://${server}/modules/site-apache/${confdir}/${operatingsystem}/${name}", - "puppet://${server}/modules/site-apache/${confdir}/${name}", - "puppet://${server}/modules/apache/${confdir}/${operatingsystem}.${lsbdistcodename}/${name}", - "puppet://${server}/modules/apache/${confdir}/${operatingsystem}/${name}", - "puppet://${server}/modules/apache/${confdir}/${name}" + "puppet:///modules/site-apache/${confdir}/${fqdn}/${name}", + "puppet:///modules/site-apache/${confdir}/${apache_cluster_node}/${name}", + "puppet:///modules/site-apache/${confdir}/${operatingsystem}.${lsbdistcodename}/${name}", + "puppet:///modules/site-apache/${confdir}/${operatingsystem}/${name}", + "puppet:///modules/site-apache/${confdir}/${name}", + "puppet:///modules/apache/${confdir}/${operatingsystem}.${lsbdistcodename}/${name}", + "puppet:///modules/apache/${confdir}/${operatingsystem}/${name}", + "puppet:///modules/apache/${confdir}/${name}" ], - default => "puppet://${server}/${source}", + default => "puppet:///${source}", } File["apache_${name}"]{ source => $real_source, -- cgit v1.2.3 From 888e0d3dde723fff0ba11d8a24a4c2e64d299ea5 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 11 Aug 2010 19:13:34 +0200 Subject: use default logpath as redirects usually don't have a root path --- manifests/vhost/redirect.pp | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'manifests') diff --git a/manifests/vhost/redirect.pp b/manifests/vhost/redirect.pp index e828097..53b1a07 100644 --- a/manifests/vhost/redirect.pp +++ b/manifests/vhost/redirect.pp @@ -32,6 +32,11 @@ define apache::vhost::redirect( domain => $domain, domainalias => $domainalias, server_admin => $server_admin, + logpath => $operatingsystem ? { + openbsd => '/var/www/logs', + centos => '/var/log/httpd', + default => '/var/log/apache2' + }, logmode => $logmode, allow_override => $allow_override, mod_security => false, -- cgit v1.2.3 From 1bdb39c6dd8ccaf76d8a4aa2e9486069afd2d476 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 16 Aug 2010 19:01:24 +0200 Subject: impelement itk plus mode itk plus mode is an additional mode to deploy itk based hostings which should be a bit more performant. The idea is that we have two apache-instances running: A) prefork based, listening on the external interface B) itk based, listening on the loopback interface A) will serve all static webpages, as well as possibly serve all static content of dynamic websites. All requests to dynamic content will be redirected to B). The idea is that A) doesn't load any modules to server dynamic content at all. B) will serve all the dynamic scripts of a vhost. This will mean that for vhosts (static ones) as well as static content (all none dynamic scripts) we can benefit from the fast prefork model, while we can use itk's security model for all the dynamic scripts. There are two new additional run_modes: - proxy-itk: this just passes all requests to apache instance B). This one is similar to plain itk based mode and should be used for vhosts that shouldn't (yet) changed to the mixed mode. - static-itk: this passes only requests to dynamic scripts to B) while all static content is served by A). Beware that the user with which A) is running should be member of the run group of B) and all static files need to readable by the group. This reduces the security model you have with plain itk, as the prefork apache user will be able to read php (config-) files of any vhost that runs in static-itk mode. If you want to keep the level of security for a certain vhost, you need to run the specific vhost in proxy-itk mode. Note 1: you cannot run vhosts in itk mode and others in proxy or static itk mode. There is a duplicate file resource definition that blocks that possibility. Note 2: This mode works currently only on CentOS based systems, as no work have been done so far to implement an init.d script that's able to run 2 apache instances. --- manifests/centos.pp | 12 ++++++++++++ manifests/centos/itk.pp | 4 +--- manifests/centos/itk_plus.pp | 15 +++++++++++++++ manifests/itk/lock.pp | 4 ++++ manifests/itk_plus.pp | 10 ++++++++++ manifests/itk_plus/lock.pp | 4 ++++ manifests/vhost.pp | 21 ++++++++++++++++++++ manifests/vhost/file.pp | 32 +++++++++++++++++++++++++++++++ manifests/vhost/gitweb.pp | 2 ++ manifests/vhost/modperl.pp | 30 +++++++++++++++++++++++++---- manifests/vhost/passenger.pp | 16 +++++++++++----- manifests/vhost/php/drupal.pp | 24 +++++++++++++++++++---- manifests/vhost/php/gallery2.pp | 23 ++++++++++++++++++---- manifests/vhost/php/joomla.pp | 23 ++++++++++++++++++---- manifests/vhost/php/mediawiki.pp | 23 ++++++++++++++++++---- manifests/vhost/php/silverstripe.pp | 23 ++++++++++++++++++---- manifests/vhost/php/simplemachine.pp | 23 ++++++++++++++++++---- manifests/vhost/php/spip.pp | 23 ++++++++++++++++++---- manifests/vhost/php/standard.pp | 29 ++++++++++++++++++++++++---- manifests/vhost/php/typo3.pp | 23 ++++++++++++++++++---- manifests/vhost/php/webapp.pp | 23 ++++++++++++++++++---- manifests/vhost/php/wordpress.pp | 23 ++++++++++++++++++---- manifests/vhost/redirect.pp | 5 +++++ manifests/vhost/static.pp | 6 ++++++ manifests/vhost/template.pp | 37 ++++++++++++++++++++++++++++-------- manifests/vhost/webdav.pp | 31 +++++++++++++++++++++++++----- 26 files changed, 420 insertions(+), 69 deletions(-) create mode 100644 manifests/centos/itk_plus.pp create mode 100644 manifests/itk/lock.pp create mode 100644 manifests/itk_plus.pp create mode 100644 manifests/itk_plus/lock.pp (limited to 'manifests') diff --git a/manifests/centos.pp b/manifests/centos.pp index ec29ccb..e8a413d 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -38,6 +38,18 @@ class apache::centos inherits apache::package { owner => root, group => 0, mode => 0644; } + line{ + 'pidfile_httpd.conf': + file => '/etc/httpd/conf/httpd.conf', + line => 'PidFile run/httpd.pid'; + 'listen_httpd.conf': + file => '/etc/httpd/conf/httpd.conf', + line => 'Listen 80'; + } + apache::config::global{'00-listen.conf': + ensure => absent, + } + include apache::logrotate::centos apache::config::global{ 'welcome.conf': } diff --git a/manifests/centos/itk.pp b/manifests/centos/itk.pp index 46a5225..9e97fa0 100644 --- a/manifests/centos/itk.pp +++ b/manifests/centos/itk.pp @@ -5,8 +5,6 @@ class apache::centos::itk inherits apache::centos { name => 'httpd-itk', } File['apache_service_config']{ - source => [ "puppet:///modules/site-apache/service/CentOS/${fqdn}/httpd.itk", - "puppet:///modules/site-apache/service/CentOS/httpd.itk", - "puppet:///modules/apache/service/CentOS/httpd.itk" ], + source => "puppet:///modules/apache/service/CentOS/httpd.itk" } } diff --git a/manifests/centos/itk_plus.pp b/manifests/centos/itk_plus.pp new file mode 100644 index 0000000..f73be04 --- /dev/null +++ b/manifests/centos/itk_plus.pp @@ -0,0 +1,15 @@ +# http://hostby.net/home/2008/07/12/centos-5-and-mpm-itk/ +class apache::centos::itk_plus inherits apache::centos::itk { + Line['pidfile_httpd.conf','listen_httpd.conf']{ + ensure => absent, + } + + Apache::Config::Global['00-listen.conf']{ + ensure => present, + content => template("apache/itk_plus/${operatingsystem}/00-listen.conf.erb"), + } + + File['apache_service_config']{ + source => "puppet:///modules/apache/service/CentOS/httpd.itk_plus" + } +} diff --git a/manifests/itk/lock.pp b/manifests/itk/lock.pp new file mode 100644 index 0000000..4ad95fa --- /dev/null +++ b/manifests/itk/lock.pp @@ -0,0 +1,4 @@ +class apache::itk::lock { + # This file resource is used to ensure that only one itk mode is used per host + file{'/var/www/.itk_mode_lock': ensure => absent } +} diff --git a/manifests/itk_plus.pp b/manifests/itk_plus.pp new file mode 100644 index 0000000..64d7c87 --- /dev/null +++ b/manifests/itk_plus.pp @@ -0,0 +1,10 @@ +# manifests/itk.pp +# +# see: http://mpm-itk.sesse.net/ + +class apache::itk_plus inherits apache::itk { + case $operatingsystem { + centos: { include ::apache::centos::itk_plus } + default: { fail("itk plus mode is currently only implemented for CentOS") } + } +} diff --git a/manifests/itk_plus/lock.pp b/manifests/itk_plus/lock.pp new file mode 100644 index 0000000..d540939 --- /dev/null +++ b/manifests/itk_plus/lock.pp @@ -0,0 +1,4 @@ +class apache::itk_plus::lock { + # This file resource is used to ensure that only one itk mode is used per host + file{'/var/www/.itk_mode_lock': ensure => absent } +} diff --git a/manifests/vhost.pp b/manifests/vhost.pp index cc163eb..cb89359 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -14,6 +14,25 @@ # - nologs: Send every logging to /dev/null # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: (*default*) don't activate mod_security +# - true: activate mod_security +# define apache::vhost( $ensure = present, $path = 'absent', @@ -62,6 +81,8 @@ define apache::vhost( vhost_source => $vhost_source, vhost_destination => $vhost_destination, do_includes => $do_includes, + run_mode => $run_mode, + mode_security => $mod_security, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, use_mod_macro => $use_mod_macro, diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp index 32a80db..a471359 100644 --- a/manifests/vhost/file.pp +++ b/manifests/vhost/file.pp @@ -7,16 +7,48 @@ # - absent: standardpath (default) # - else: path to deploy # +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: (*default*) don't activate mod_security +# - true: activate mod_security +# define apache::vhost::file( $ensure = present, $vhost_source = 'absent', $vhost_destination = 'absent', $content = 'absent', $do_includes = false, + $run_mode = 'normal', + $mod_security = false, $htpasswd_file = 'absent', $htpasswd_path = 'absent', $use_mod_macro = false ){ + if $mod_security { + case $run_mode { + 'itk': { include mod_security::itk } + 'proxy-itk','static-itk': { include mod_security::itk_plus } + default: { include mod_security } + } + } + + case $run_mode { + 'itk': { include ::apache::itk::lock } + 'proxy-itk','static-itk': { include ::apache::itk_plus::lock } + } $vhosts_dir = $operatingsystem ? { centos => "$apache::centos::config_dir/vhosts.d", gentoo => "$apache::gentoo::config_dir/vhosts.d", diff --git a/manifests/vhost/gitweb.pp b/manifests/vhost/gitweb.pp index 96e06b4..2bc15d0 100644 --- a/manifests/vhost/gitweb.pp +++ b/manifests/vhost/gitweb.pp @@ -3,6 +3,7 @@ # - nologs: Send every logging to /dev/null # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# define apache::vhost::gitweb( $ensure = present, $domain = 'absent', @@ -45,6 +46,7 @@ define apache::vhost::gitweb( options => $options, additional_options => $additional_options, default_charset => $default_charset, + run_mode => 'normal', ssl_mode => $ssl_mode, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, diff --git a/manifests/vhost/modperl.pp b/manifests/vhost/modperl.pp index ef6b5d7..30083a3 100644 --- a/manifests/vhost/modperl.pp +++ b/manifests/vhost/modperl.pp @@ -1,14 +1,30 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# define apache::vhost::modperl( $ensure = present, $domain = 'absent', @@ -53,6 +69,7 @@ define apache::vhost::modperl( } default: { $real_cgi_binpath = $cgi_binpath } } + file{$real_cgi_binpath: ensure => directory, owner => $documentroot_owner, @@ -60,6 +77,11 @@ define apache::vhost::modperl( mode => $documentroot_mode; } + case $run_mode { + 'proxy-itk','static-itk': { include ::mod_perl::itk_plus } + default: { include ::mod_perl } + } + # create webdir ::apache::vhost::webdir{$name: ensure => $ensure, diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index 4a9b95e..c174079 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -1,10 +1,17 @@ # run_uid: the uid the vhost should run as with the mod_passenger module # run_gid: the gid the vhost should run as with the mod_passenger module +# # logmode: +# # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*defaul*) activate mod_security +# define apache::vhost::passenger( $ensure = present, $domain = 'absent', @@ -20,10 +27,6 @@ define apache::vhost::passenger( $documentroot_owner = apache, $documentroot_group = 0, $documentroot_mode = 0640, - # TODO: think of a more generic way to handle user separation - # i.e. rename itk mode into something else - # e.g. default, moderate (use same user for access and run), strict (use different users for access and run) - $run_mode = 'normal', $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', @@ -40,6 +43,9 @@ define apache::vhost::passenger( $htpasswd_file = 'absent', $htpasswd_path = 'absent' ){ + + include ::pasenger + if $manage_webdir { # create webdir ::apache::vhost::webdir{$name: @@ -67,7 +73,7 @@ define apache::vhost::passenger( domain => $domain, domainalias => $domainalias, server_admin => $server_admin, - run_mode => 'itk', + run_mode => 'normal', run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, diff --git a/manifests/vhost/php/drupal.pp b/manifests/vhost/php/drupal.pp index 7f48841..e56223a 100644 --- a/manifests/vhost/php/drupal.pp +++ b/manifests/vhost/php/drupal.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None @@ -15,6 +30,7 @@ # - nologs: Send every logging to /dev/null # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# define apache::vhost::php::drupal( $ensure = present, $domain = 'absent', diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp index a846e7b..a43e627 100644 --- a/manifests/vhost/php/gallery2.pp +++ b/manifests/vhost/php/gallery2.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: (*defaul*) don't activate mod_security +# - true: activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None diff --git a/manifests/vhost/php/joomla.pp b/manifests/vhost/php/joomla.pp index 1af9bf9..96e3ab1 100644 --- a/manifests/vhost/php/joomla.pp +++ b/manifests/vhost/php/joomla.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None diff --git a/manifests/vhost/php/mediawiki.pp b/manifests/vhost/php/mediawiki.pp index cda1654..108b91f 100644 --- a/manifests/vhost/php/mediawiki.pp +++ b/manifests/vhost/php/mediawiki.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None diff --git a/manifests/vhost/php/silverstripe.pp b/manifests/vhost/php/silverstripe.pp index 419a340..cf67d16 100644 --- a/manifests/vhost/php/silverstripe.pp +++ b/manifests/vhost/php/silverstripe.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None diff --git a/manifests/vhost/php/simplemachine.pp b/manifests/vhost/php/simplemachine.pp index f015a2f..0983f17 100644 --- a/manifests/vhost/php/simplemachine.pp +++ b/manifests/vhost/php/simplemachine.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None diff --git a/manifests/vhost/php/spip.pp b/manifests/vhost/php/spip.pp index 56c3e94..290082f 100644 --- a/manifests/vhost/php/spip.pp +++ b/manifests/vhost/php/spip.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index aa92a0e..9437046 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None @@ -111,6 +126,12 @@ define apache::vhost::php::standard( include php::extensions::smarty } + case $run_mode { + 'proxy-itk','static-itk': { include ::php::itk_plus } + 'itk': { include ::php::itk } + default: { include ::php } + } + if $manage_webdir { # create webdir ::apache::vhost::webdir{$name: diff --git a/manifests/vhost/php/typo3.pp b/manifests/vhost/php/typo3.pp index ab348ac..40c171f 100644 --- a/manifests/vhost/php/typo3.pp +++ b/manifests/vhost/php/typo3.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None diff --git a/manifests/vhost/php/webapp.pp b/manifests/vhost/php/webapp.pp index 5e54782..9716dfb 100644 --- a/manifests/vhost/php/webapp.pp +++ b/manifests/vhost/php/webapp.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None diff --git a/manifests/vhost/php/wordpress.pp b/manifests/vhost/php/wordpress.pp index 63e7267..461a2d7 100644 --- a/manifests/vhost/php/wordpress.pp +++ b/manifests/vhost/php/wordpress.pp @@ -1,9 +1,24 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None diff --git a/manifests/vhost/redirect.pp b/manifests/vhost/redirect.pp index 53b1a07..4bb7b67 100644 --- a/manifests/vhost/redirect.pp +++ b/manifests/vhost/redirect.pp @@ -1,5 +1,6 @@ # Redirect VHost to redirect hosts # Parameters: +# # - ensure: wether this vhost is `present` or `absent` # - domain: the domain to redirect (*name*) # - domainalias: A list of whitespace seperated domains to redirect @@ -10,11 +11,14 @@ # - true: enable ssl for this vhost # - force: enable ssl and redirect non-ssl to ssl # - only: enable ssl only +# # logmode: +# # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# define apache::vhost::redirect( $ensure = present, $domain = 'absent', @@ -39,6 +43,7 @@ define apache::vhost::redirect( }, logmode => $logmode, allow_override => $allow_override, + run_mode => 'normal', mod_security => false, options => $target_url, ssl_mode => $ssl_mode, diff --git a/manifests/vhost/static.pp b/manifests/vhost/static.pp index 640e172..9d78ebd 100644 --- a/manifests/vhost/static.pp +++ b/manifests/vhost/static.pp @@ -1,11 +1,17 @@ # vhost_mode: which option is chosen to deploy the vhost # - template: generate it from a template (default) # - file: deploy a vhost file (apache::vhost::file will be called directly) +# # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: (*default*) don't activate mod_security +# - true: activate mod_security +# define apache::vhost::static( $ensure = present, $domain = 'absent', diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index d7e9e07..36aa0cd 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -25,6 +25,28 @@ # - nologs: Send every logging to /dev/null # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: run vhost with a dual prefork/itk setup, where prefork serves all the static +# content and proxies the dynamic calls to the itk setup, that listens only on +# the loobpack device (Incompatibility: cannot be used in combination with +# 'itk' mode) +# +# run_uid: the uid the vhost should run as with the itk module +# run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: don't activate mod_security +# - true: (*default*) activate mod_security +# define apache::vhost::template( $ensure = present, $path = 'absent', @@ -61,13 +83,6 @@ define apache::vhost::template( $ldap_auth = false, $ldap_user = 'any' ){ - if $mod_security { - case $run_mode { - 'itk': { include mod_security::itk } - default: { include mod_security } - } - } - $real_path = $path ? { 'absent' => $operatingsystem ? { openbsd => "/var/www/htdocs/$name", @@ -101,7 +116,11 @@ define apache::vhost::template( $real_htpasswd_path = $htpasswd_path } case $run_mode { - 'itk': { + 'proxy-itk': { $logfileprefix = 'proxy' } + 'static-itk': { $logfileprefix = 'static' } + } + case $run_mode { + 'itk','proxy-itk','static-itk': { case $run_uid { 'absent': { fail("you have to define run_uid for $name on $fqdn") } } @@ -144,6 +163,8 @@ define apache::vhost::template( apache::vhost::file{$name: ensure => $ensure, do_includes => $do_includes, + run_mode => $run_mode, + mod_security => $mod_security, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, use_mod_macro => $use_mod_macro, diff --git a/manifests/vhost/webdav.pp b/manifests/vhost/webdav.pp index 770424c..b4775d5 100644 --- a/manifests/vhost/webdav.pp +++ b/manifests/vhost/webdav.pp @@ -1,15 +1,28 @@ # Webdav vhost: to manage webdav accessible targets -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users +# run_mode: controls in which mode the vhost should be run, there are different setups +# possible: +# - normal: (*default*) run vhost with the current active worker (default: prefork) don't +# setup anything special +# - itk: run vhost with the mpm_itk module (Incompatibility: cannot be used in combination +# with 'proxy-itk' & 'static-itk' mode) +# - proxy-itk: run vhost with a dual prefork/itk setup, where prefork just proxies all the +# requests for the itk setup, that listens only on the loobpack device. +# (Incompatibility: cannot be used in combination with the itk setup.) +# - static-itk: this mode is not possible and will be rewritten to proxy-itk +# # run_uid: the uid the vhost should run as with the itk module # run_gid: the gid the vhost should run as with the itk module +# +# mod_security: Whether we use mod_security or not (will include mod_security module) +# - false: (*default*) don't activate mod_security +# - true: activate mod_security +# # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# define apache::vhost::webdav( $ensure = present, $domain = 'absent', @@ -66,6 +79,14 @@ define apache::vhost::webdav( documentroot_mode => $documentroot_mode, } } + + if $run_mode == 'static-itk' { + notice("static-itk mode is not possible for webdav vhosts, rewriting it to proxy-itk") + $real_run_mode = 'proxy-itk' + } else { + $real_run_mode = $run_mode + } + # create vhost configuration file ::apache::vhost{$name: ensure => $ensure, @@ -80,7 +101,7 @@ define apache::vhost::webdav( domain => $domain, domainalias => $domainalias, server_admin => $server_admin, - run_mode => $run_mode, + run_mode => $real_run_mode, run_uid => $run_uid, run_gid => $run_gid, options => $options, -- cgit v1.2.3 From 1ef6370acd4fb380c9f63b6557fd8f56c36b4a7f Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 16 Aug 2010 20:32:52 +0200 Subject: fix wrong param naming --- manifests/vhost.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost.pp b/manifests/vhost.pp index cb89359..6d9ae33 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -82,7 +82,7 @@ define apache::vhost( vhost_destination => $vhost_destination, do_includes => $do_includes, run_mode => $run_mode, - mode_security => $mod_security, + mod_security => $mod_security, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, use_mod_macro => $use_mod_macro, -- cgit v1.2.3 From e8e48e7fc60d5551a315f9b0b6a01adfdc0e3558 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 16 Aug 2010 20:35:26 +0200 Subject: only set source or content when we actually manage the file --- manifests/config/file.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/config/file.pp b/manifests/config/file.pp index 05108ee..3b889ca 100644 --- a/manifests/config/file.pp +++ b/manifests/config/file.pp @@ -29,7 +29,8 @@ define apache::config::file( notify => Service[apache], owner => root, group => 0, mode => 0644; } - case $content { + if $ensure == 'present' { + case $content { 'absent': { $real_source = $source ? { 'absent' => [ @@ -53,6 +54,7 @@ define apache::config::file( content => $content, } } + } } case $operatingsystem { openbsd: { info("no package dependency on ${operatingsystem} for ${name}") } -- cgit v1.2.3 From b3a17cff5315fbbda901a6f1d406c3500cf65a3a Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 16 Aug 2010 21:51:22 +0200 Subject: fix various missing things for itk_plus mode --- manifests/centos/itk_plus.pp | 2 +- manifests/ssl/centos.pp | 4 ++++ manifests/ssl/itk_plus/centos.pp | 11 +++++++++++ manifests/vhost/file.pp | 29 +++++++++++++++++++++++++++-- manifests/vhost/template.pp | 2 ++ 5 files changed, 45 insertions(+), 3 deletions(-) create mode 100644 manifests/ssl/itk_plus/centos.pp (limited to 'manifests') diff --git a/manifests/centos/itk_plus.pp b/manifests/centos/itk_plus.pp index f73be04..0bdb744 100644 --- a/manifests/centos/itk_plus.pp +++ b/manifests/centos/itk_plus.pp @@ -5,7 +5,7 @@ class apache::centos::itk_plus inherits apache::centos::itk { } Apache::Config::Global['00-listen.conf']{ - ensure => present, + ensure => 'present', content => template("apache/itk_plus/${operatingsystem}/00-listen.conf.erb"), } diff --git a/manifests/ssl/centos.pp b/manifests/ssl/centos.pp index b2c8ad8..7bc8c89 100644 --- a/manifests/ssl/centos.pp +++ b/manifests/ssl/centos.pp @@ -5,4 +5,8 @@ class apache::ssl::centos inherits apache::ssl::base { require => Package[apache], } ::apache::config::global{ 'ssl.conf': } + + apache::config::global{'00-listen-ssl.conf': + ensure => absent, + } } diff --git a/manifests/ssl/itk_plus/centos.pp b/manifests/ssl/itk_plus/centos.pp new file mode 100644 index 0000000..d8989c9 --- /dev/null +++ b/manifests/ssl/itk_plus/centos.pp @@ -0,0 +1,11 @@ +class apache::ssl::itk_plus::centos inherits apache::ssl::centos { + include apache::ssl::itk::centos + Apache::Config::Global['ssl.conf']{ + source => "apache/itk_plus/conf.d/${operatingsystem}/ssl.conf", + } + + apache::config::global{'00-listen-ssl.conf': + ensure => 'present', + content => template("apache/itk_plus/${operatingsystem}/00-listen-ssl.conf.erb"), + } +} diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp index a471359..0c01b34 100644 --- a/manifests/vhost/file.pp +++ b/manifests/vhost/file.pp @@ -7,6 +7,12 @@ # - absent: standardpath (default) # - else: path to deploy # +# ssl_mode: wether this vhost supports ssl or not +# - false: don't enable ssl for this vhost (default) +# - true: enable ssl for this vhost +# - force: enable ssl and redirect non-ssl to ssl +# - only: enable ssl only +# # run_mode: controls in which mode the vhost should be run, there are different setups # possible: # - normal: (*default*) run vhost with the current active worker (default: prefork) don't @@ -32,6 +38,7 @@ define apache::vhost::file( $content = 'absent', $do_includes = false, $run_mode = 'normal', + $ssl_mode = false, $mod_security = false, $htpasswd_file = 'absent', $htpasswd_path = 'absent', @@ -46,8 +53,26 @@ define apache::vhost::file( } case $run_mode { - 'itk': { include ::apache::itk::lock } - 'proxy-itk','static-itk': { include ::apache::itk_plus::lock } + 'itk': { + include ::apache::itk + include ::apache::itk::lock + if $ssl_mode { + include ::apache::ssl::itk + } + ] + 'proxy-itk','static-itk': { + include ::apache::itk_plus + include ::apache::itk_plus::lock + if $ssl_mode { + include ::apache::ssl::itk_plus + } + } + default: { + include ::apache + if $ssl_mode { + include ::apache::ssl + } + } } $vhosts_dir = $operatingsystem ? { centos => "$apache::centos::config_dir/vhosts.d", diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index 36aa0cd..b4c2562 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -14,6 +14,7 @@ # - true: enable ssl for this vhost # - force: enable ssl and redirect non-ssl to ssl # - only: enable ssl only +# # php_safe_mode_exec_bins: An array of local binaries which should be linked in the # safe_mode_exec_bin for this hosting # *default*: None @@ -164,6 +165,7 @@ define apache::vhost::template( ensure => $ensure, do_includes => $do_includes, run_mode => $run_mode, + ssl_mode => $ssl_mode, mod_security => $mod_security, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, -- cgit v1.2.3 From 65c29075a0d0584987264d350a25cd6a467b349f Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 16 Aug 2010 21:54:27 +0200 Subject: automatically include php for php vhosts --- manifests/vhost/php/standard.pp | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'manifests') diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 9437046..93ff289 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -90,6 +90,12 @@ define apache::vhost::php::standard( run_uid => $run_uid, } + case $run_mode { + 'itk': { include ::php::itk } + 'proxy-itk','static-itk': { include ::php::itk_plus } + default: { include ::php } + } + $php_safe_mode_exec_bin_dir = $path ? { 'absent' => $operatingsystem ? { openbsd => "/var/www/htdocs/${name}/bin", -- cgit v1.2.3 From e1f6d460e00761f93b3e22f4bed6f58d723adac0 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 16 Aug 2010 22:01:35 +0200 Subject: improve vhosts stuff - move various inclusion to the file define, as this is the last define for all in the chain - only include if our vhost is not set to absent --- manifests/vhost/file.pp | 72 ++++++++++++++++++++++++++------------------- manifests/vhost/template.pp | 4 +-- 2 files changed, 43 insertions(+), 33 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp index 0c01b34..ae14aeb 100644 --- a/manifests/vhost/file.pp +++ b/manifests/vhost/file.pp @@ -26,6 +26,12 @@ # content and proxies the dynamic calls to the itk setup, that listens only on # the loobpack device (Incompatibility: cannot be used in combination with # 'itk' mode) +# logmode: +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# # # mod_security: Whether we use mod_security or not (will include mod_security module) # - false: (*default*) don't activate mod_security @@ -38,42 +44,13 @@ define apache::vhost::file( $content = 'absent', $do_includes = false, $run_mode = 'normal', + $logmode = 'default', $ssl_mode = false, $mod_security = false, $htpasswd_file = 'absent', $htpasswd_path = 'absent', $use_mod_macro = false ){ - if $mod_security { - case $run_mode { - 'itk': { include mod_security::itk } - 'proxy-itk','static-itk': { include mod_security::itk_plus } - default: { include mod_security } - } - } - - case $run_mode { - 'itk': { - include ::apache::itk - include ::apache::itk::lock - if $ssl_mode { - include ::apache::ssl::itk - } - ] - 'proxy-itk','static-itk': { - include ::apache::itk_plus - include ::apache::itk_plus::lock - if $ssl_mode { - include ::apache::ssl::itk_plus - } - } - default: { - include ::apache - if $ssl_mode { - include ::apache::ssl - } - } - } $vhosts_dir = $operatingsystem ? { centos => "$apache::centos::config_dir/vhosts.d", gentoo => "$apache::gentoo::config_dir/vhosts.d", @@ -100,6 +77,41 @@ define apache::vhost::file( include ::apache::mod_macro } if $ensure != 'absent' { + case $logmode { + 'semianonym','anonym': { include apache::noiplog } + } + case $run_mode { + 'itk': { + include ::apache::itk + include ::apache::itk::lock + if $ssl_mode { + include ::apache::ssl::itk + } + if $mod_security { + include mod_security::itk + } + } + 'proxy-itk','static-itk': { + include ::apache::itk_plus + include ::apache::itk_plus::lock + if $ssl_mode { + include ::apache::ssl::itk_plus + } + if $mod_security { + include mod_security::itk_plus + } + } + default: { + include ::apache + if $ssl_mode { + include ::apache::ssl + } + if $mod_security { + include mod_security + } + } + } + case $content { 'absent': { $real_vhost_source = $vhost_source ? { diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index b4c2562..b0c08f9 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -166,15 +166,13 @@ define apache::vhost::template( do_includes => $do_includes, run_mode => $run_mode, ssl_mode => $ssl_mode, + logmode => $logmode, mod_security => $mod_security, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, use_mod_macro => $use_mod_macro, } if $ensure != 'absent' { - case $logmode { - 'semianonym','anonym': { include apache::noiplog } - } Apache::Vhost::File[$name]{ content => template("apache/vhosts/$template_mode/$operatingsystem.erb") } -- cgit v1.2.3 From a2b49033128d11505157ff09e4a3eeea5db2c366 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 16 Aug 2010 22:05:18 +0200 Subject: fix include bug --- manifests/vhost/file.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp index ae14aeb..d3ad773 100644 --- a/manifests/vhost/file.pp +++ b/manifests/vhost/file.pp @@ -95,7 +95,7 @@ define apache::vhost::file( include ::apache::itk_plus include ::apache::itk_plus::lock if $ssl_mode { - include ::apache::ssl::itk_plus + include apache::ssl::itk_plus } if $mod_security { include mod_security::itk_plus @@ -104,7 +104,7 @@ define apache::vhost::file( default: { include ::apache if $ssl_mode { - include ::apache::ssl + include apache::ssl } if $mod_security { include mod_security -- cgit v1.2.3 From f33e0ae2325584d79794078cfe9a962768e7e06b Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 16 Aug 2010 22:07:47 +0200 Subject: correctly fix problem --- manifests/ssl/itk_plus.pp | 6 ++++++ manifests/vhost/file.pp | 8 ++++---- 2 files changed, 10 insertions(+), 4 deletions(-) create mode 100644 manifests/ssl/itk_plus.pp (limited to 'manifests') diff --git a/manifests/ssl/itk_plus.pp b/manifests/ssl/itk_plus.pp new file mode 100644 index 0000000..5c2d202 --- /dev/null +++ b/manifests/ssl/itk_plus.pp @@ -0,0 +1,6 @@ +class apache::ssl::itk_plus inherits apache::ssl::itk { + case $operatingsystem { + centos: { include ::apache::ssl::itk_plus::centos } + default: { fail("itk plus mode is currently only implemented for CentOS") } + } +} diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp index d3ad773..d9e006d 100644 --- a/manifests/vhost/file.pp +++ b/manifests/vhost/file.pp @@ -95,19 +95,19 @@ define apache::vhost::file( include ::apache::itk_plus include ::apache::itk_plus::lock if $ssl_mode { - include apache::ssl::itk_plus + include ::apache::ssl::itk_plus } if $mod_security { - include mod_security::itk_plus + include ::mod_security::itk_plus } } default: { include ::apache if $ssl_mode { - include apache::ssl + include ::apache::ssl } if $mod_security { - include mod_security + include ::mod_security } } } -- cgit v1.2.3 From dea5d21e4cd812d4937938250c1d20b8b0089f5d Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 16 Aug 2010 22:09:22 +0200 Subject: override instead of redefine --- manifests/ssl/itk_plus/centos.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/ssl/itk_plus/centos.pp b/manifests/ssl/itk_plus/centos.pp index d8989c9..3638c69 100644 --- a/manifests/ssl/itk_plus/centos.pp +++ b/manifests/ssl/itk_plus/centos.pp @@ -4,7 +4,7 @@ class apache::ssl::itk_plus::centos inherits apache::ssl::centos { source => "apache/itk_plus/conf.d/${operatingsystem}/ssl.conf", } - apache::config::global{'00-listen-ssl.conf': + Apache::Config::Global{'00-listen-ssl.conf': ensure => 'present', content => template("apache/itk_plus/${operatingsystem}/00-listen-ssl.conf.erb"), } -- cgit v1.2.3 From 43c6896311592f113975b89db7d2b493a3e66c43 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 16 Aug 2010 22:10:24 +0200 Subject: correctly fix problem --- manifests/ssl/itk_plus/centos.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/ssl/itk_plus/centos.pp b/manifests/ssl/itk_plus/centos.pp index 3638c69..a67f3dc 100644 --- a/manifests/ssl/itk_plus/centos.pp +++ b/manifests/ssl/itk_plus/centos.pp @@ -4,7 +4,7 @@ class apache::ssl::itk_plus::centos inherits apache::ssl::centos { source => "apache/itk_plus/conf.d/${operatingsystem}/ssl.conf", } - Apache::Config::Global{'00-listen-ssl.conf': + Apache::Config::Global['00-listen-ssl.conf']{ ensure => 'present', content => template("apache/itk_plus/${operatingsystem}/00-listen-ssl.conf.erb"), } -- cgit v1.2.3 From 6729542e677e210dce5f74c287c825b499a5d055 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 16 Aug 2010 23:02:02 +0200 Subject: use modules url --- manifests/ssl/itk_plus/centos.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/ssl/itk_plus/centos.pp b/manifests/ssl/itk_plus/centos.pp index a67f3dc..d76c927 100644 --- a/manifests/ssl/itk_plus/centos.pp +++ b/manifests/ssl/itk_plus/centos.pp @@ -1,7 +1,7 @@ class apache::ssl::itk_plus::centos inherits apache::ssl::centos { include apache::ssl::itk::centos Apache::Config::Global['ssl.conf']{ - source => "apache/itk_plus/conf.d/${operatingsystem}/ssl.conf", + source => "modules/apache/itk_plus/conf.d/${operatingsystem}/ssl.conf", } Apache::Config::Global['00-listen-ssl.conf']{ -- cgit v1.2.3 From 7860f846aaa3c00ddc384f23a926d2a9630146c6 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 17 Aug 2010 10:52:07 +0200 Subject: remove includes in defines that are called a lot, it looks like compile time goes up with such includes --- manifests/vhost/file.pp | 23 ----------------------- manifests/vhost/php/standard.pp | 6 ------ 2 files changed, 29 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp index d9e006d..c4d5be6 100644 --- a/manifests/vhost/file.pp +++ b/manifests/vhost/file.pp @@ -82,33 +82,10 @@ define apache::vhost::file( } case $run_mode { 'itk': { - include ::apache::itk include ::apache::itk::lock - if $ssl_mode { - include ::apache::ssl::itk - } - if $mod_security { - include mod_security::itk - } } 'proxy-itk','static-itk': { - include ::apache::itk_plus include ::apache::itk_plus::lock - if $ssl_mode { - include ::apache::ssl::itk_plus - } - if $mod_security { - include ::mod_security::itk_plus - } - } - default: { - include ::apache - if $ssl_mode { - include ::apache::ssl - } - if $mod_security { - include ::mod_security - } } } diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 93ff289..9437046 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -90,12 +90,6 @@ define apache::vhost::php::standard( run_uid => $run_uid, } - case $run_mode { - 'itk': { include ::php::itk } - 'proxy-itk','static-itk': { include ::php::itk_plus } - default: { include ::php } - } - $php_safe_mode_exec_bin_dir = $path ? { 'absent' => $operatingsystem ? { openbsd => "/var/www/htdocs/${name}/bin", -- cgit v1.2.3 From 50ef8cfe98b8ebc49a6a093d0063bc10b854ae47 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 17 Aug 2010 11:38:54 +0200 Subject: fix cronjob domain --- manifests/vhost/php/drupal.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/php/drupal.pp b/manifests/vhost/php/drupal.pp index e56223a..537f912 100644 --- a/manifests/vhost/php/drupal.pp +++ b/manifests/vhost/php/drupal.pp @@ -78,7 +78,7 @@ define apache::vhost::php::drupal( if $manage_cron { file{"/etc/cron.d/drupal_cron_${name}": - content => "0 * * * * apache wget -O - -q -t 1 http://${doamin}/cron.php\n", + content => "0 * * * * apache wget -O - -q -t 1 http://${domain}/cron.php\n", owner => root, group => 0, mode => 0644; } } -- cgit v1.2.3 From 8782a2d33dca0de4b720793313029977935627ac Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 17 Aug 2010 13:08:12 +0200 Subject: set correct domain, if domain is absent, what it is most of the time --- manifests/vhost/php/drupal.pp | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/php/drupal.pp b/manifests/vhost/php/drupal.pp index 537f912..06601f8 100644 --- a/manifests/vhost/php/drupal.pp +++ b/manifests/vhost/php/drupal.pp @@ -77,10 +77,16 @@ define apache::vhost::php::drupal( } if $manage_cron { - file{"/etc/cron.d/drupal_cron_${name}": - content => "0 * * * * apache wget -O - -q -t 1 http://${domain}/cron.php\n", - owner => root, group => 0, mode => 0644; - } + if $domain == 'absent' { + $real_domain = $name + } else { + $real_domain = $domain + } + + file{"/etc/cron.d/drupal_cron_${name}": + content => "0 * * * * apache wget -O - -q -t 1 http://${real_domain}/cron.php\n", + owner => root, group => 0, mode => 0644; + } } # create vhost configuration file -- cgit v1.2.3 From 12f2139146fddbc7ca81ecb1cc0c84e5a31e3b62 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 17 Aug 2010 23:40:03 +0200 Subject: all itk modes need the userdir set to 755 --- manifests/vhost/webdir.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/webdir.pp b/manifests/vhost/webdir.pp index 4fa9003..857c8e6 100644 --- a/manifests/vhost/webdir.pp +++ b/manifests/vhost/webdir.pp @@ -20,7 +20,7 @@ define apache::vhost::webdir( default => "${path}" } - if ($run_mode == 'itk') and ($mode == '0640'){ + if ($run_mode =~ /^(static\-|proxy\-)?itk$/) and ($mode == '0640'){ $real_mode = 0644 } else { $real_mode = $mode -- cgit v1.2.3 From d2ddd4ae9ad70552e77acaeacfca82d4f1d45edd Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 3 Sep 2010 10:40:09 +0200 Subject: fix php dir modes for new itk modes --- manifests/vhost/phpdirs.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/phpdirs.pp b/manifests/vhost/phpdirs.pp index 24413d0..cdd6cc4 100644 --- a/manifests/vhost/phpdirs.pp +++ b/manifests/vhost/phpdirs.pp @@ -38,7 +38,7 @@ define apache::vhost::phpdirs( file{[$real_php_upload_tmp_dir, $real_php_session_save_path ]: ensure => directory, owner => $run_mode ? { - 'itk' => $run_uid, + 'itk','static-itk','proxy-itk' => $run_uid, default => $documentroot_owner }, group => $documentroot_group, mode => $documentroot_mode; -- cgit v1.2.3 From 9a8de35340c8b20e2c7c40fadd91813aa56bade3 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 3 Sep 2010 10:42:03 +0200 Subject: this selector doesn't work that way --- manifests/vhost/phpdirs.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/phpdirs.pp b/manifests/vhost/phpdirs.pp index cdd6cc4..acd423a 100644 --- a/manifests/vhost/phpdirs.pp +++ b/manifests/vhost/phpdirs.pp @@ -38,7 +38,9 @@ define apache::vhost::phpdirs( file{[$real_php_upload_tmp_dir, $real_php_session_save_path ]: ensure => directory, owner => $run_mode ? { - 'itk','static-itk','proxy-itk' => $run_uid, + 'itk' => $run_uid, + 'static-itk' => $run_uid, + 'proxy-itk' => $run_uid, default => $documentroot_owner }, group => $documentroot_group, mode => $documentroot_mode; -- cgit v1.2.3 From 95bfc2b0ff6c75386506d02d5d0a766e59b08472 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 6 Oct 2010 00:33:50 +0200 Subject: remove cgi-bin dir if we are removing the vhost --- manifests/vhost/modperl.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/modperl.pp b/manifests/vhost/modperl.pp index 30083a3..459f424 100644 --- a/manifests/vhost/modperl.pp +++ b/manifests/vhost/modperl.pp @@ -71,7 +71,10 @@ define apache::vhost::modperl( } file{$real_cgi_binpath: - ensure => directory, + ensure => $ensure ? { + 'absent' => 'absent', + default => directory + }, owner => $documentroot_owner, group => $documentroot_group, mode => $documentroot_mode; -- cgit v1.2.3 From 5725fb0ecf08906c1dc4b146969f0e4d63baad73 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 9 Oct 2010 14:47:45 +0200 Subject: pass run mode --- manifests/vhost/static.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/static.pp b/manifests/vhost/static.pp index 9d78ebd..ab96141 100644 --- a/manifests/vhost/static.pp +++ b/manifests/vhost/static.pp @@ -30,6 +30,7 @@ define apache::vhost::static( $additional_options = 'absent', $default_charset = 'absent', $ssl_mode = false, + $run_mode = 'normal', $vhost_mode = 'template', $vhost_source = 'absent', $vhost_destination = 'absent', @@ -44,7 +45,7 @@ define apache::vhost::static( path => $path, owner => $owner, group => $group, - run_mode => 'normal', + run_mode => $run_mode, documentroot_owner => $documentroot_owner, documentroot_group => $documentroot_group, documentroot_mode => $documentroot_mode, -- cgit v1.2.3 From 13056a8f97a026da7168fa8a34ca4ca0d84ed6ce Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 9 Oct 2010 22:28:15 +0200 Subject: only manage file parts if the file should actually be present --- manifests/vhost/file.pp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'manifests') diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp index c4d5be6..aaca0c4 100644 --- a/manifests/vhost/file.pp +++ b/manifests/vhost/file.pp @@ -125,10 +125,14 @@ define apache::vhost::file( } file{$real_htpasswd_path: ensure => $ensure, + } + if ($ensure!='absent') { + File[$real_htpasswd_path]{ source => [ "puppet:///modules/site-apache/htpasswds/$fqdn/$name", "puppet:///modules/site-apache/htpasswds/$apache_cluster_node/$name", "puppet:///modules/site-apache/htpasswds/$name" ], owner => root, group => 0, mode => 0644; + } } } } -- cgit v1.2.3 From 8d9291378001e8b0471895b084387261b730cdac Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 9 Oct 2010 22:44:37 +0200 Subject: fix typo --- manifests/vhost/file.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp index aaca0c4..bbd2f8c 100644 --- a/manifests/vhost/file.pp +++ b/manifests/vhost/file.pp @@ -131,7 +131,7 @@ define apache::vhost::file( source => [ "puppet:///modules/site-apache/htpasswds/$fqdn/$name", "puppet:///modules/site-apache/htpasswds/$apache_cluster_node/$name", "puppet:///modules/site-apache/htpasswds/$name" ], - owner => root, group => 0, mode => 0644; + owner => root, group => 0, mode => 0644, } } } -- cgit v1.2.3 From 4b3a940b7396fcc7f0412eecf524c96580fa953b Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 1 Nov 2010 19:07:39 +0100 Subject: add possibility to proxy vhosts --- manifests/vhost/proxy.pp | 52 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 manifests/vhost/proxy.pp (limited to 'manifests') diff --git a/manifests/vhost/proxy.pp b/manifests/vhost/proxy.pp new file mode 100644 index 0000000..c0a00ff --- /dev/null +++ b/manifests/vhost/proxy.pp @@ -0,0 +1,52 @@ +# Proxy VHost +# Parameters: +# +# - ensure: wether this vhost is `present` or `absent` +# - domain: the domain to redirect (*name*) +# - domainalias: A list of whitespace seperated domains to redirect +# - target_url: the url to be proxied. Note: We don't want http://example.com/foobar only example.com/foobar +# - server_admin: the email that is shown as responsible +# - ssl_mode: wether this vhost supports ssl or not +# - false: don't enable ssl for this vhost (default) +# - true: enable ssl for this vhost +# - force: enable ssl and redirect non-ssl to ssl +# - only: enable ssl only +# +# logmode: +# +# - default: Do normal logging to CustomLog and ErrorLog +# - nologs: Send every logging to /dev/null +# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null +# - semianonym: Don't log ips for CustomLog, log normal ErrorLog +# +define apache::vhost::redirect( + $ensure = present, + $domain = 'absent', + $domainalias = 'absent', + $target_url, + $server_admin = 'absent', + $logmode = 'default', + $ssl_mode = false +){ + # create vhost configuration file + # we use the options field as the target_url + ::apache::vhost::template{$name: + ensure => $ensure, + template_mode => 'proxy', + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + logpath => $operatingsystem ? { + openbsd => '/var/www/logs', + centos => '/var/log/httpd', + default => '/var/log/apache2' + }, + logmode => $logmode, + allow_override => $allow_override, + run_mode => 'normal', + mod_security => false, + options => $target_url, + ssl_mode => $ssl_mode, + } +} + -- cgit v1.2.3 From e69dac911dc743bb94c0b3ce34159e9a0dec9321 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 1 Nov 2010 19:17:05 +0100 Subject: correct name --- manifests/vhost/proxy.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/proxy.pp b/manifests/vhost/proxy.pp index c0a00ff..940cf55 100644 --- a/manifests/vhost/proxy.pp +++ b/manifests/vhost/proxy.pp @@ -19,7 +19,7 @@ # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog # -define apache::vhost::redirect( +define apache::vhost::proxy( $ensure = present, $domain = 'absent', $domainalias = 'absent', -- cgit v1.2.3 From 5b6c9af9cd9e9f6d9ae321ae8035a51cea5fdb7e Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 1 Nov 2010 19:20:41 +0100 Subject: introduce mod security for proxy --- manifests/vhost/proxy.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/proxy.pp b/manifests/vhost/proxy.pp index 940cf55..106f5d6 100644 --- a/manifests/vhost/proxy.pp +++ b/manifests/vhost/proxy.pp @@ -26,6 +26,7 @@ define apache::vhost::proxy( $target_url, $server_admin = 'absent', $logmode = 'default', + $mod_security = false, $ssl_mode = false ){ # create vhost configuration file @@ -44,7 +45,7 @@ define apache::vhost::proxy( logmode => $logmode, allow_override => $allow_override, run_mode => 'normal', - mod_security => false, + mod_security => $mod_security, options => $target_url, ssl_mode => $ssl_mode, } -- cgit v1.2.3 From ead90d3f85bfd3b6d2737643b2ca1fcd7441f4b7 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 1 Nov 2010 19:25:34 +0100 Subject: add htpasswd option --- manifests/vhost/proxy.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'manifests') diff --git a/manifests/vhost/proxy.pp b/manifests/vhost/proxy.pp index 106f5d6..56b2e1d 100644 --- a/manifests/vhost/proxy.pp +++ b/manifests/vhost/proxy.pp @@ -23,6 +23,7 @@ define apache::vhost::proxy( $ensure = present, $domain = 'absent', $domainalias = 'absent', + $htpasswd_file = 'absent', $target_url, $server_admin = 'absent', $logmode = 'default', @@ -35,6 +36,7 @@ define apache::vhost::proxy( ensure => $ensure, template_mode => 'proxy', domain => $domain, + htpasswd_file => $htpasswd_file, domainalias => $domainalias, server_admin => $server_admin, logpath => $operatingsystem ? { -- cgit v1.2.3 From c8c3719c722c23dc5c4187eaf487947340a95478 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 4 Nov 2010 12:01:18 +0100 Subject: allow setting of additional options for proxy vhosts --- manifests/vhost/proxy.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/proxy.pp b/manifests/vhost/proxy.pp index 56b2e1d..6cfdd16 100644 --- a/manifests/vhost/proxy.pp +++ b/manifests/vhost/proxy.pp @@ -28,7 +28,8 @@ define apache::vhost::proxy( $server_admin = 'absent', $logmode = 'default', $mod_security = false, - $ssl_mode = false + $ssl_mode = false, + $additional_options = 'absent' ){ # create vhost configuration file # we use the options field as the target_url @@ -50,6 +51,7 @@ define apache::vhost::proxy( mod_security => $mod_security, options => $target_url, ssl_mode => $ssl_mode, + additional_options => $additional_options, } } -- cgit v1.2.3 From f14fd057987b5489228a40444c3a101768c5b6bb Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 22 Feb 2011 22:59:40 +0100 Subject: first way to a unified partial based vhost template --- manifests/vhost.pp | 2 ++ manifests/vhost/php/standard.pp | 2 ++ manifests/vhost/template.pp | 6 +++++- 3 files changed, 9 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 6d9ae33..089eb62 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -40,6 +40,7 @@ define apache::vhost( $logpath = 'absent', $logmode = 'default', $template_mode = 'static', + $template_partial = 'absent', $vhost_mode = 'template', $vhost_source = 'absent', $vhost_destination = 'absent', @@ -95,6 +96,7 @@ define apache::vhost( path_is_webdir => $path_is_webdir, logpath => $logpath, logmode => $logmode, + template_partial => $template_partial, domain => $domain, domainalias => $domainalias, server_admin => $server_admin, diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 9437046..61992a1 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -40,6 +40,7 @@ define apache::vhost::php::standard( $manage_webdir = true, $manage_docroot = true, $template_mode = 'php', + $template_partial = 'absent', $owner = root, $group = apache, $documentroot_owner = apache, @@ -152,6 +153,7 @@ define apache::vhost::php::standard( ensure => $ensure, path => $path, template_mode => $template_mode, + template_partial => $template_partial, vhost_mode => $vhost_mode, vhost_source => $vhost_source, vhost_destination => $vhost_destination, diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index b0c08f9..303de0e 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -75,6 +75,7 @@ define apache::vhost::template( $run_uid = 'absent', $run_gid = 'absent', $template_mode = 'static', + $template_partial = 'absent', $ssl_mode = false, $mod_security = true, $mod_security_relevantonly = true, @@ -174,7 +175,10 @@ define apache::vhost::template( } if $ensure != 'absent' { Apache::Vhost::File[$name]{ - content => template("apache/vhosts/$template_mode/$operatingsystem.erb") + content => $template_partial ? { + 'absent' => template("apache/vhosts/$template_mode/$operatingsystem.erb"), + default => template("apache/vhosts/default.erb"), + } } } } -- cgit v1.2.3 From acc7402ba7ecf597991252960a5e5dfba2e4dde2 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 22 Feb 2011 23:19:56 +0100 Subject: add missing param --- manifests/vhost/php/standard.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'manifests') diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 61992a1..89b5ba4 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -38,6 +38,7 @@ define apache::vhost::php::standard( $logmode = 'default', $path = 'absent', $manage_webdir = true, + $path_is_webdir = false, $manage_docroot = true, $template_mode = 'php', $template_partial = 'absent', @@ -152,6 +153,7 @@ define apache::vhost::php::standard( ::apache::vhost{$name: ensure => $ensure, path => $path, + path_is_webdir => $path_is_webdir, template_mode => $template_mode, template_partial => $template_partial, vhost_mode => $vhost_mode, -- cgit v1.2.3 From 440c4a0cd83f125e64a401db6afe3b6dc732fd64 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 22 Feb 2011 23:23:57 +0100 Subject: add missing param --- manifests/vhost/php/standard.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'manifests') diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 89b5ba4..c2eacff 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -36,6 +36,7 @@ define apache::vhost::php::standard( $domainalias = 'absent', $server_admin = 'absent', $logmode = 'default', + $logpath = 'absent', $path = 'absent', $manage_webdir = true, $path_is_webdir = false, @@ -163,6 +164,7 @@ define apache::vhost::php::standard( domainalias => $domainalias, server_admin => $server_admin, logmode => $logmode, + logpath => $logpath, run_mode => $run_mode, run_uid => $run_uid, run_gid => $run_gid, -- cgit v1.2.3 From 695e984b50301af2ab919701e31fde2c1baa2125 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 23 Feb 2011 00:08:52 +0100 Subject: add a directory for global exec bins --- manifests/vhost/php/global_exec_bin_dir.pp | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 manifests/vhost/php/global_exec_bin_dir.pp (limited to 'manifests') diff --git a/manifests/vhost/php/global_exec_bin_dir.pp b/manifests/vhost/php/global_exec_bin_dir.pp new file mode 100644 index 0000000..cbb9803 --- /dev/null +++ b/manifests/vhost/php/global_exec_bin_dir.pp @@ -0,0 +1,6 @@ +class apache::vhost::php::global_exec_bin_dir { + file{'/var/www/php_safe_exec_bins': + ensure => directory, + owner => root, group => apache, mode => 0640; + } +} -- cgit v1.2.3 From e1a65dcbe2f0727a2a231d0928f1e72882ee965f Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 24 Feb 2011 22:20:56 +0100 Subject: allow setting of a specific bin_dir --- manifests/vhost/php/standard.pp | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index c2eacff..bad7c3d 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -58,6 +58,7 @@ define apache::vhost::php::standard( $php_use_pear = false, $php_safe_mode = true, $php_safe_mode_exec_bins = 'absent', + $php_safe_mode_exec_bin_dir = 'absent', $php_default_charset = 'absent', $do_includes = false, $options = 'absent', @@ -93,20 +94,23 @@ define apache::vhost::php::standard( run_uid => $run_uid, } - $php_safe_mode_exec_bin_dir = $path ? { - 'absent' => $operatingsystem ? { - openbsd => "/var/www/htdocs/${name}/bin", - default => "/var/www/vhosts/${name}/bin" + $real_php_safe_mode_exec_bin_dir = $php_safe_mode_exec_bin_dir ? { + 'absent' => $path ? { + 'absent' => $operatingsystem ? { + openbsd => "/var/www/htdocs/${name}/bin", + default => "/var/www/vhosts/${name}/bin" + }, + default => "${path}/bin" }, - default => "${path}/bin" + default => $php_safe_mode_exec_bin_dir } - file{$php_safe_mode_exec_bin_dir: + file{$real_php_safe_mode_exec_bin_dir: recurse => true, force => true, purge => true, } if $php_safe_mode_exec_bins != 'absent' { - File[$php_safe_mode_exec_bin_dir]{ + File[$real_php_safe_mode_exec_bin_dir]{ ensure => $ensure ? { 'present' => directory, default => absent, @@ -117,10 +121,10 @@ define apache::vhost::php::standard( $php_safe_mode_exec_bins_subst = regsubst($php_safe_mode_exec_bins,"(.+)","${name}_\\1") apache::vhost::php::safe_mode_bin{ $php_safe_mode_exec_bins_subst: ensure => $ensure, - path => $php_safe_mode_exec_bin_dir + path => $real_php_safe_mode_exec_bin_dir } }else{ - File[$php_safe_mode_exec_bin_dir]{ + File[$real_php_safe_mode_exec_bin_dir]{ ensure => absent, } } @@ -173,7 +177,7 @@ define apache::vhost::php::standard( options => $options, additional_options => $additional_options, default_charset => $default_charset, - php_safe_mode_exec_bin_dir => $php_safe_mode_exec_bin_dir, + php_safe_mode_exec_bin_dir => $real_php_safe_mode_exec_bin_dir, php_upload_tmp_dir => $php_upload_tmp_dir, php_session_save_path => $php_session_save_path, php_use_smarty => $php_use_smarty, -- cgit v1.2.3 From 4ffdd03efa75998191f6867a738ee6e5cccb6256 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 24 Feb 2011 22:50:51 +0100 Subject: try a more unique placeholder, because the old one failed with binaries which contained _ in the name --- manifests/vhost/php/safe_mode_bin.pp | 2 +- manifests/vhost/php/standard.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/php/safe_mode_bin.pp b/manifests/vhost/php/safe_mode_bin.pp index e04557c..5101337 100644 --- a/manifests/vhost/php/safe_mode_bin.pp +++ b/manifests/vhost/php/safe_mode_bin.pp @@ -12,7 +12,7 @@ define apache::vhost::php::safe_mode_bin( $real_path = "$path/$substr" file{$real_path: ensure => $ensure ? { - 'present' => regsubst($name,'^.*_',''), + 'present' => regsubst($name,'^.*_|_',''), default => absent, } } diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index bad7c3d..df9ca6b 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -118,7 +118,7 @@ define apache::vhost::php::standard( source => "puppet:///modules/common/empty", owner => $documentroot_owner, group => $documentroot_group, mode => 0750, } - $php_safe_mode_exec_bins_subst = regsubst($php_safe_mode_exec_bins,"(.+)","${name}_\\1") + $php_safe_mode_exec_bins_subst = regsubst($php_safe_mode_exec_bins,"(.+)","${name}_|_\\1") apache::vhost::php::safe_mode_bin{ $php_safe_mode_exec_bins_subst: ensure => $ensure, path => $real_php_safe_mode_exec_bin_dir -- cgit v1.2.3 From 616fcb124ebe423929b70ca153a858a238a16846 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 24 Feb 2011 22:51:56 +0100 Subject: use a better subsitution --- manifests/vhost/php/safe_mode_bin.pp | 2 +- manifests/vhost/php/standard.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/php/safe_mode_bin.pp b/manifests/vhost/php/safe_mode_bin.pp index 5101337..ee7a566 100644 --- a/manifests/vhost/php/safe_mode_bin.pp +++ b/manifests/vhost/php/safe_mode_bin.pp @@ -12,7 +12,7 @@ define apache::vhost::php::safe_mode_bin( $real_path = "$path/$substr" file{$real_path: ensure => $ensure ? { - 'present' => regsubst($name,'^.*_|_',''), + 'present' => regsubst($name,'^.*@',''), default => absent, } } diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index df9ca6b..9f988d1 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -118,7 +118,7 @@ define apache::vhost::php::standard( source => "puppet:///modules/common/empty", owner => $documentroot_owner, group => $documentroot_group, mode => 0750, } - $php_safe_mode_exec_bins_subst = regsubst($php_safe_mode_exec_bins,"(.+)","${name}_|_\\1") + $php_safe_mode_exec_bins_subst = regsubst($php_safe_mode_exec_bins,"(.+)","${name}@\\1") apache::vhost::php::safe_mode_bin{ $php_safe_mode_exec_bins_subst: ensure => $ensure, path => $real_php_safe_mode_exec_bin_dir -- cgit v1.2.3 From 71f5c60d92493cc019b741a994009c51368c3fbd Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 27 Mar 2011 15:57:19 +0200 Subject: fix typo --- manifests/vhost/passenger.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index c174079..304e89a 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -44,7 +44,7 @@ define apache::vhost::passenger( $htpasswd_path = 'absent' ){ - include ::pasenger + include ::passenger if $manage_webdir { # create webdir -- cgit v1.2.3 From db4dec6a9ab9205d5a76e76ac1d6244b33733c99 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 31 Mar 2011 23:17:07 +0200 Subject: improving passenger support --- manifests/vhost/passenger.pp | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index 304e89a..7fd82d2 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -41,10 +41,15 @@ define apache::vhost::passenger( $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', - $htpasswd_path = 'absent' + $htpasswd_path = 'absent', + $passenger_ree = false ){ - include ::passenger + if $passenger_ree { + include ::passenger::ree::apache + } else { + include ::passenger::apache + } if $manage_webdir { # create webdir @@ -53,10 +58,10 @@ define apache::vhost::passenger( path => $path, owner => $owner, group => $group, - run_mode => $run_mode, + run_mode => 'normal', manage_docroot => $manage_docroot, documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, + documentroot_group => $run_gid, documentroot_mode => $documentroot_mode, } } @@ -64,9 +69,12 @@ define apache::vhost::passenger( # create vhost configuration file ::apache::vhost{$name: ensure => $ensure, - path => $path, + path => "${path}/www/public", + path_is_webdir => true, template_mode => $template_mode, + template_partial => 'apache/vhosts/passenger/partial.erb', logmode => $logmode, + logpath => "${path}/logs", vhost_mode => $vhost_mode, vhost_source => $vhost_source, vhost_destination => $vhost_destination, -- cgit v1.2.3 From 819afbcc311efd818abc72ffcf80e879d987b661 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 31 Mar 2011 23:30:12 +0200 Subject: add missing files and manage necessary files to run as specific user --- manifests/vhost/passenger.pp | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index 7fd82d2..6df0bee 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -42,7 +42,8 @@ define apache::vhost::passenger( $vhost_destination = 'absent', $htpasswd_file = 'absent', $htpasswd_path = 'absent', - $passenger_ree = false + $passenger_ree = false, + $passenger_app = 'rails' ){ if $passenger_ree { @@ -65,6 +66,32 @@ define apache::vhost::passenger( documentroot_mode => $documentroot_mode, } } + + file{ + ["${path}/www/tmp", "${path}/www/logs"]: + ensure => directory, + owner => $documentroot_owner, group => $run_gid, mode => 0660; + "${path}/www/public": + ensure => directory, + owner => $documentroot_owner, group => $run_gid, mode => 0640; + } + if $passenger_app == 'rails' { + file{ + "${path}/www/config": + ensure => directory, + owner => $documentroot_owner, group => $run_gid, mode => 0640; + "${path}/www/config/environment.rb": + ensure => present, + owner => $run_uid, group => $run_gid, mode => 0660; + } + } else { + #rack based + file{ + "${path}/www/config.ru": + ensure => present, + owner => $run_uid, group => $run_gid, mode => 0660; + } + } # create vhost configuration file ::apache::vhost{$name: -- cgit v1.2.3 From 6d15c46f1ff399526ef4768a9bc21ed60940fe8b Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 31 Mar 2011 23:36:50 +0200 Subject: add an additional gempath --- manifests/vhost/passenger.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index 6df0bee..5649fb0 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -71,7 +71,7 @@ define apache::vhost::passenger( ["${path}/www/tmp", "${path}/www/logs"]: ensure => directory, owner => $documentroot_owner, group => $run_gid, mode => 0660; - "${path}/www/public": + ["${path}/www/public", "${path}/gems"]: ensure => directory, owner => $documentroot_owner, group => $run_gid, mode => 0640; } -- cgit v1.2.3 From e137ede80153dbd0dd2f9213e77c40512f59a86e Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 1 Apr 2011 00:19:19 +0200 Subject: fixing path --- manifests/vhost/passenger.pp | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index 5649fb0..980c6a4 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -66,28 +66,34 @@ define apache::vhost::passenger( documentroot_mode => $documentroot_mode, } } - + $real_path = $path ? { + 'absent' => $operatingsystem ? { + openbsd => "/var/www/htdocs/${name}", + default => "/var/www/vhosts/${name}" + }, + default => "${path}" + } file{ - ["${path}/www/tmp", "${path}/www/logs"]: + ["${real_path}/www/tmp", "${real_path}/www/logs"]: ensure => directory, owner => $documentroot_owner, group => $run_gid, mode => 0660; - ["${path}/www/public", "${path}/gems"]: + ["${real_path}/www/public", "${real_path}/gems"]: ensure => directory, owner => $documentroot_owner, group => $run_gid, mode => 0640; } if $passenger_app == 'rails' { file{ - "${path}/www/config": + "${real_path}/www/config": ensure => directory, owner => $documentroot_owner, group => $run_gid, mode => 0640; - "${path}/www/config/environment.rb": + "${real_path}/www/config/environment.rb": ensure => present, owner => $run_uid, group => $run_gid, mode => 0660; } } else { #rack based file{ - "${path}/www/config.ru": + "${real_path}/www/config.ru": ensure => present, owner => $run_uid, group => $run_gid, mode => 0660; } @@ -96,12 +102,12 @@ define apache::vhost::passenger( # create vhost configuration file ::apache::vhost{$name: ensure => $ensure, - path => "${path}/www/public", + path => "${real_path}/www/public", path_is_webdir => true, template_mode => $template_mode, template_partial => 'apache/vhosts/passenger/partial.erb', logmode => $logmode, - logpath => "${path}/logs", + logpath => "${real_path}/logs", vhost_mode => $vhost_mode, vhost_source => $vhost_source, vhost_destination => $vhost_destination, -- cgit v1.2.3 From 4f44fc3ba5beeea66f5356dbf4ba2ad491062383 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 1 Apr 2011 00:45:12 +0200 Subject: directory is called log --- manifests/vhost/passenger.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index 980c6a4..4a6d8ad 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -74,7 +74,7 @@ define apache::vhost::passenger( default => "${path}" } file{ - ["${real_path}/www/tmp", "${real_path}/www/logs"]: + ["${real_path}/www/tmp", "${real_path}/www/log"]: ensure => directory, owner => $documentroot_owner, group => $run_gid, mode => 0660; ["${real_path}/www/public", "${real_path}/gems"]: -- cgit v1.2.3 From 394558d9ef0a602481a3394691835d15ff02b532 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 1 Apr 2011 01:30:50 +0200 Subject: the run_user needs to be able to access this directory --- manifests/vhost/passenger.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'manifests') diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index 4a6d8ad..919f6c9 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -59,6 +59,7 @@ define apache::vhost::passenger( path => $path, owner => $owner, group => $group, + mode => 0644, run_mode => 'normal', manage_docroot => $manage_docroot, documentroot_owner => $documentroot_owner, -- cgit v1.2.3 From 9081a3c7c3b9f956d0491712bae3ed5e94529e82 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 12 May 2011 02:13:12 +0200 Subject: we need also to allow limit on mediawiki dir htaccess --- manifests/vhost/php/mediawiki.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/php/mediawiki.pp b/manifests/vhost/php/mediawiki.pp index 108b91f..fe2cbc0 100644 --- a/manifests/vhost/php/mediawiki.pp +++ b/manifests/vhost/php/mediawiki.pp @@ -46,7 +46,7 @@ define apache::vhost::php::mediawiki( $run_mode = 'normal', $run_uid = 'absent', $run_gid = 'absent', - $allow_override = 'FileInfo', + $allow_override = 'FileInfo Limit', $php_upload_tmp_dir = 'absent', $php_session_save_path = 'absent', $php_default_charset = 'absent', -- cgit v1.2.3 From cbbffa1d3de5a19a72dd7bb88fb1bcb14e5384e1 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 17 May 2011 22:52:47 +0200 Subject: improve mod_security rules * handled now by a partial * possibility to add rules that should be removed * possibility to add custom mod_sec options" * use new infrastructure for existing mod_sec tweaks --- manifests/vhost.pp | 5 +++++ manifests/vhost/file.pp | 15 ++++++++++----- manifests/vhost/modperl.pp | 4 ++++ manifests/vhost/passenger.pp | 4 ++++ manifests/vhost/php/drupal.pp | 4 ++++ manifests/vhost/php/gallery2.pp | 4 ++++ manifests/vhost/php/joomla.pp | 22 ++++++++++++++++++++++ manifests/vhost/php/mediawiki.pp | 4 ++++ manifests/vhost/php/silverstripe.pp | 9 +++++++-- manifests/vhost/php/simplemachine.pp | 4 ++++ manifests/vhost/php/spip.pp | 4 ++++ manifests/vhost/php/standard.pp | 4 ++++ manifests/vhost/php/typo3.pp | 16 ++++++++++++++++ manifests/vhost/php/webapp.pp | 4 ++++ manifests/vhost/php/wordpress.pp | 8 +++++++- manifests/vhost/proxy.pp | 6 ++++++ manifests/vhost/static.pp | 6 +++++- manifests/vhost/template.pp | 2 ++ manifests/vhost/webdav.pp | 5 +++++ 19 files changed, 121 insertions(+), 9 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 089eb62..af067d1 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -70,6 +70,8 @@ define apache::vhost( $htpasswd_path = 'absent', $mod_security = true, $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', $use_mod_macro = false, $ldap_auth = false, $ldap_user = 'any' @@ -123,6 +125,9 @@ define apache::vhost( ldap_auth => $ldap_auth, ldap_user => $ldap_user, mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, use_mod_macro => $use_mod_macro, } } diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp index bbd2f8c..6c750c1 100644 --- a/manifests/vhost/file.pp +++ b/manifests/vhost/file.pp @@ -70,22 +70,27 @@ define apache::vhost::file( notify => Service[apache], owner => root, group => 0, mode => 0644; } - if $do_includes { + if $ensure != 'absent' { + if $do_includes { include ::apache::includes - } - if $use_mod_macro { + } + if $use_mod_macro { include ::apache::mod_macro - } - if $ensure != 'absent' { + } case $logmode { 'semianonym','anonym': { include apache::noiplog } } case $run_mode { 'itk': { include ::apache::itk::lock + if $mod_security { include mod_security::itk } } 'proxy-itk','static-itk': { include ::apache::itk_plus::lock + if $mod_security { include mod_security::itk_plus } + } + default: { + if $mod_security { include mod_security } } } diff --git a/manifests/vhost/modperl.pp b/manifests/vhost/modperl.pp index 459f424..70a10ea 100644 --- a/manifests/vhost/modperl.pp +++ b/manifests/vhost/modperl.pp @@ -48,6 +48,8 @@ define apache::vhost::modperl( $default_charset = 'absent', $mod_security = true, $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', @@ -123,6 +125,8 @@ define apache::vhost::modperl( htpasswd_path => $htpasswd_path, mod_security => $mod_security, mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, } } diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index 919f6c9..d09c882 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -36,6 +36,8 @@ define apache::vhost::passenger( $default_charset = 'absent', $mod_security = true, $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', @@ -128,6 +130,8 @@ define apache::vhost::passenger( htpasswd_path => $htpasswd_path, mod_security => $mod_security, mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, } } diff --git a/manifests/vhost/php/drupal.pp b/manifests/vhost/php/drupal.pp index 06601f8..adf1b9e 100644 --- a/manifests/vhost/php/drupal.pp +++ b/manifests/vhost/php/drupal.pp @@ -57,6 +57,8 @@ define apache::vhost::php::drupal( $default_charset = 'absent', $mod_security = true, $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', @@ -117,6 +119,8 @@ define apache::vhost::php::drupal( default_charset => $default_charset, mod_security => $mod_security, mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp index a43e627..cb4d77d 100644 --- a/manifests/vhost/php/gallery2.pp +++ b/manifests/vhost/php/gallery2.pp @@ -56,6 +56,8 @@ define apache::vhost::php::gallery2( $default_charset = 'absent', $mod_security = false, $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', @@ -142,6 +144,8 @@ define apache::vhost::php::gallery2( default_charset => $default_charset, mod_security => $mod_security, mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/php/joomla.pp b/manifests/vhost/php/joomla.pp index 96e3ab1..3767c50 100644 --- a/manifests/vhost/php/joomla.pp +++ b/manifests/vhost/php/joomla.pp @@ -56,6 +56,8 @@ define apache::vhost::php::joomla( $default_charset = 'absent', $mod_security = true, $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', @@ -75,6 +77,24 @@ define apache::vhost::php::joomla( }, default => "${path}/www" } + + if $mod_security_additional_options == 'absent' { + $real_mod_security_additional_options = '# http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + # Exceptions for Joomla Root Directory + + SecRuleRemoveById 950013 + + + # Exceptions for Joomla Administration Panel + SecRule REQUEST_FILENAME "/administrator/index2.php" \ + "allow,phase:1,nolog,ctl:ruleEngine=Off" + + # Exceptions for Joomla Component Expose + + SecRuleRemoveById 960010 + +' + } else { $real_mod_security_additional_options = $mod_security_additional_options } # create vhost configuration file ::apache::vhost::php::webapp{$name: @@ -104,6 +124,8 @@ define apache::vhost::php::joomla( default_charset => $default_charset, mod_security => $mod_security, mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $real_mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/php/mediawiki.pp b/manifests/vhost/php/mediawiki.pp index fe2cbc0..76faceb 100644 --- a/manifests/vhost/php/mediawiki.pp +++ b/manifests/vhost/php/mediawiki.pp @@ -56,6 +56,8 @@ define apache::vhost::php::mediawiki( $default_charset = 'absent', $mod_security = true, $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', @@ -90,6 +92,8 @@ define apache::vhost::php::mediawiki( default_charset => $default_charset, mod_security => $mod_security, mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/php/silverstripe.pp b/manifests/vhost/php/silverstripe.pp index cf67d16..06ee1c4 100644 --- a/manifests/vhost/php/silverstripe.pp +++ b/manifests/vhost/php/silverstripe.pp @@ -56,6 +56,8 @@ define apache::vhost::php::silverstripe( $default_charset = 'absent', $mod_security = true, $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', @@ -73,6 +75,8 @@ define apache::vhost::php::silverstripe( }, default => "${path}/www" } + $modsec_rules = ["960010"] + $real_mod_security_rules_to_disable = array_union($mod_security_rules_to_disable,$modsec_rules) # create vhost configuration file ::apache::vhost::php::webapp{$name: @@ -102,6 +106,8 @@ define apache::vhost::php::silverstripe( default_charset => $default_charset, mod_security => $mod_security, mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, @@ -109,8 +115,7 @@ define apache::vhost::php::silverstripe( htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, manage_directories => $manage_directories, - managed_directories => [ "$documentroot/assets" - ], + managed_directories => [ "$documentroot/assets" ], manage_config => $manage_config, } diff --git a/manifests/vhost/php/simplemachine.pp b/manifests/vhost/php/simplemachine.pp index 0983f17..8632763 100644 --- a/manifests/vhost/php/simplemachine.pp +++ b/manifests/vhost/php/simplemachine.pp @@ -56,6 +56,8 @@ define apache::vhost::php::simplemachine( $default_charset = 'absent', $mod_security = true, $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', @@ -102,6 +104,8 @@ define apache::vhost::php::simplemachine( default_charset => $default_charset, mod_security => $mod_security, mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/php/spip.pp b/manifests/vhost/php/spip.pp index 290082f..4fe9f9a 100644 --- a/manifests/vhost/php/spip.pp +++ b/manifests/vhost/php/spip.pp @@ -56,6 +56,8 @@ define apache::vhost::php::spip( $default_charset = 'absent', $mod_security = true, $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', @@ -99,6 +101,8 @@ define apache::vhost::php::spip( default_charset => $default_charset, mod_security => $mod_security, mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options=> $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 9f988d1..143e006 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -67,6 +67,8 @@ define apache::vhost::php::standard( $use_mod_macro = false, $mod_security = true, $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', @@ -189,6 +191,8 @@ define apache::vhost::php::standard( htpasswd_path => $htpasswd_path, mod_security => $mod_security, mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, use_mod_macro => $use_mod_macro, } } diff --git a/manifests/vhost/php/typo3.pp b/manifests/vhost/php/typo3.pp index 40c171f..9d404a4 100644 --- a/manifests/vhost/php/typo3.pp +++ b/manifests/vhost/php/typo3.pp @@ -56,6 +56,8 @@ define apache::vhost::php::typo3( $default_charset = 'absent', $mod_security = true, $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', @@ -73,6 +75,18 @@ define apache::vhost::php::typo3( }, default => "${path}/www" } + + $modsec_rules = ["960010"] + $real_mod_security_rules_to_disable = array_union($mod_security_rules_to_disable,$modsec_rules) + if $mod_security_additional_options == 'absent' { + $real_mod_security_additional_options = ' + SecRuleEngine Off + SecAuditEngine Off + +' + } else { + $real_mod_security_additional_options = $mod_security_additional_options + } # create vhost configuration file ::apache::vhost::php::webapp{$name: @@ -102,6 +116,8 @@ define apache::vhost::php::typo3( default_charset => $default_charset, mod_security => $mod_security, mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $real_mod_security_rules_to_disable, + mod_security_additional_options => $real_mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/php/webapp.pp b/manifests/vhost/php/webapp.pp index 9716dfb..bd72eb1 100644 --- a/manifests/vhost/php/webapp.pp +++ b/manifests/vhost/php/webapp.pp @@ -59,6 +59,8 @@ define apache::vhost::php::webapp( $default_charset = 'absent', $mod_security = true, $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', @@ -130,6 +132,8 @@ define apache::vhost::php::webapp( default_charset => $default_charset, mod_security => $mod_security, mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/php/wordpress.pp b/manifests/vhost/php/wordpress.pp index 461a2d7..b8ea359 100644 --- a/manifests/vhost/php/wordpress.pp +++ b/manifests/vhost/php/wordpress.pp @@ -56,6 +56,8 @@ define apache::vhost::php::wordpress( $default_charset = 'absent', $mod_security = true, $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', @@ -74,9 +76,11 @@ define apache::vhost::php::wordpress( }, default => "${path}/www" } + $modsec_rules = ["960010", "950018"] + $real_mod_security_rules_to_disable = array_union($mod_security_rules_to_disable,$modsec_rules) # create vhost configuration file - ::apache::vhost::php::webapp{$name: + apache::vhost::php::webapp{$name: ensure => $ensure, domain => $domain, domainalias => $domainalias, @@ -103,6 +107,8 @@ define apache::vhost::php::wordpress( default_charset => $default_charset, mod_security => $mod_security, mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $real_mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, vhost_source => $vhost_source, diff --git a/manifests/vhost/proxy.pp b/manifests/vhost/proxy.pp index 6cfdd16..dfc6a0b 100644 --- a/manifests/vhost/proxy.pp +++ b/manifests/vhost/proxy.pp @@ -29,6 +29,9 @@ define apache::vhost::proxy( $logmode = 'default', $mod_security = false, $ssl_mode = false, + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', $additional_options = 'absent' ){ # create vhost configuration file @@ -49,6 +52,9 @@ define apache::vhost::proxy( allow_override => $allow_override, run_mode => 'normal', mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, options => $target_url, ssl_mode => $ssl_mode, additional_options => $additional_options, diff --git a/manifests/vhost/static.pp b/manifests/vhost/static.pp index ab96141..76e2bee 100644 --- a/manifests/vhost/static.pp +++ b/manifests/vhost/static.pp @@ -37,7 +37,9 @@ define apache::vhost::static( $htpasswd_file = 'absent', $htpasswd_path = 'absent', $mod_security = false, - $mod_security_relevantonly = true + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent' ){ # create webdir ::apache::vhost::webdir{$name: @@ -73,6 +75,8 @@ define apache::vhost::static( htpasswd_path => $htpasswd_path, mod_security => $mod_security, mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, } } diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index 303de0e..3fe78c9 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -79,6 +79,8 @@ define apache::vhost::template( $ssl_mode = false, $mod_security = true, $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', $use_mod_macro = false, $htpasswd_file = 'absent', $htpasswd_path = 'absent', diff --git a/manifests/vhost/webdav.pp b/manifests/vhost/webdav.pp index b4775d5..94b177c 100644 --- a/manifests/vhost/webdav.pp +++ b/manifests/vhost/webdav.pp @@ -46,6 +46,8 @@ define apache::vhost::webdav( $default_charset = 'absent', $mod_security = false, $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', $vhost_source = 'absent', @@ -113,6 +115,9 @@ define apache::vhost::webdav( ldap_auth => $ldap_auth, ldap_user => $ldap_user, mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $mod_security_additional_options, } } -- cgit v1.2.3 From 9c79c0f782204bceb305ebde1d088344c61fe827 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 18 May 2011 01:04:01 +0200 Subject: woraround that redirects do not have a documentroot --- manifests/vhost/proxy.pp | 2 ++ manifests/vhost/redirect.pp | 2 ++ 2 files changed, 4 insertions(+) (limited to 'manifests') diff --git a/manifests/vhost/proxy.pp b/manifests/vhost/proxy.pp index dfc6a0b..5783b1f 100644 --- a/manifests/vhost/proxy.pp +++ b/manifests/vhost/proxy.pp @@ -40,6 +40,8 @@ define apache::vhost::proxy( ensure => $ensure, template_mode => 'proxy', domain => $domain, + path => 'really_absent', + path_is_webdir => true, htpasswd_file => $htpasswd_file, domainalias => $domainalias, server_admin => $server_admin, diff --git a/manifests/vhost/redirect.pp b/manifests/vhost/redirect.pp index 4bb7b67..9384fc0 100644 --- a/manifests/vhost/redirect.pp +++ b/manifests/vhost/redirect.pp @@ -34,6 +34,8 @@ define apache::vhost::redirect( ensure => $ensure, template_mode => 'redirect', domain => $domain, + path => 'really_absent', + path_is_webdir => true, domainalias => $domainalias, server_admin => $server_admin, logpath => $operatingsystem ? { -- cgit v1.2.3 From d7e68d7835491c852fbb4a1832040c98eea14122 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 15 Jul 2011 17:47:16 +0200 Subject: it is not anymore necessary to add an empty source to purge directories --- manifests/vhost/php/standard.pp | 1 - 1 file changed, 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 143e006..ecbb79a 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -117,7 +117,6 @@ define apache::vhost::php::standard( 'present' => directory, default => absent, }, - source => "puppet:///modules/common/empty", owner => $documentroot_owner, group => $documentroot_group, mode => 0750, } $php_safe_mode_exec_bins_subst = regsubst($php_safe_mode_exec_bins,"(.+)","${name}@\\1") -- cgit v1.2.3 From 78b1864e8dc93bd04f9901e67016e95d16e904a2 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 7 Aug 2011 18:21:46 +0200 Subject: fix dependency --- manifests/package.pp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'manifests') diff --git a/manifests/package.pp b/manifests/package.pp index 9ca5357..3308b37 100644 --- a/manifests/package.pp +++ b/manifests/package.pp @@ -19,6 +19,9 @@ class apache::package inherits apache::base { File['modules_dir']{ require => Package[apache], } + File['include_dir']{ + require => Package[apache], + } File['web_dir']{ require => Package[apache], } -- cgit v1.2.3 From 00c67d3de29527a957ae6efb43b98c4fa10ffd90 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 9 Aug 2011 09:48:19 +0200 Subject: these files do not have to be writeable by the run group --- manifests/vhost/passenger.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index d09c882..de3b162 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -91,14 +91,14 @@ define apache::vhost::passenger( owner => $documentroot_owner, group => $run_gid, mode => 0640; "${real_path}/www/config/environment.rb": ensure => present, - owner => $run_uid, group => $run_gid, mode => 0660; + owner => $run_uid, group => $run_gid, mode => 0640; } } else { #rack based file{ "${real_path}/www/config.ru": ensure => present, - owner => $run_uid, group => $run_gid, mode => 0660; + owner => $run_uid, group => $run_gid, mode => 0640; } } -- cgit v1.2.3 From 34df80bc271f7ed17de879e82b54f31a98926e08 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 28 May 2011 11:32:39 +0200 Subject: first work on php_settings via hash --- manifests/vhost.pp | 2 ++ manifests/vhost/php/gallery2.pp | 31 +++++++++++++++++++++++++ manifests/vhost/php/standard.pp | 50 ++++++++++++++++++++++++++++++++++------- manifests/vhost/php/webapp.pp | 2 ++ manifests/vhost/template.pp | 1 + 5 files changed, 78 insertions(+), 8 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost.pp b/manifests/vhost.pp index af067d1..4ade9c8 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -56,6 +56,7 @@ define apache::vhost( $php_use_pear = false, $php_safe_mode = true, $php_default_charset = 'absent', + $php_settings = {}, $cgi_binpath = 'absent', $default_charset = 'absent', $do_includes = false, @@ -115,6 +116,7 @@ define apache::vhost( php_use_pear => $php_use_pear, php_safe_mode => $php_safe_mode, php_default_charset => $php_default_charset, + php_settings => $php_settings, run_mode => $run_mode, run_uid => $run_uid, run_gid => $run_gid, diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp index cb4d77d..69a81e1 100644 --- a/manifests/vhost/php/gallery2.pp +++ b/manifests/vhost/php/gallery2.pp @@ -50,6 +50,7 @@ define apache::vhost::php::gallery2( $php_session_save_path = 'absent', $php_safe_mode_exec_bins = 'absent', $php_default_charset = 'absent', + $php_settings = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -115,6 +116,35 @@ define apache::vhost::php::gallery2( ensure => directory } } + + # php upload_tmp_dir + case $php_upload_tmp_dir { + 'absent': { + $real_php_upload_tmp_dir = "/var/www/upload_tmp_dir/$name" + } + default: { $real_php_upload_tmp_dir = $php_upload_tmp_dir } + } + # php session_save_path + case $php_session_save_path { + 'absent': { + $real_php_session_save_path = "/var/www/session.save_path/$name" + } + default: { $real_php_session_save_path = $php_session_save_path } + } + + $gallery_php_settings = { + safe_mode => 'Off', + output_buffering => 'Off', + } + $open_basedir = "${documentroot}:${real_php_upload_tmp_dir}:${real_php_session_save_path}:${gdatadir}" + if $upload_dir != 'absent' { + $real_open_basedir = "${open_basedir}:${real_upload_dir}" + } else { + $real_open_basedir = "${open_basedir}" + } + $gallery_php_settings[open_basedir] = $real_open_basedir + + $real_php_settings = hash_merge($gallery_php_settings,$php_settings) # create vhost configuration file ::apache::vhost::php::webapp{$name: @@ -138,6 +168,7 @@ define apache::vhost::php::gallery2( php_session_save_path => $php_session_save_path, php_safe_mode_exec_bins => $real_php_safe_mode_exec_bins, php_default_charset => $php_default_charset, + php_settings => $real_php_settings, do_includes => $do_includes, options => $options, additional_options => $additional_options, diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index ecbb79a..c80610b 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -60,6 +60,7 @@ define apache::vhost::php::standard( $php_safe_mode_exec_bins = 'absent', $php_safe_mode_exec_bin_dir = 'absent', $php_default_charset = 'absent', + $php_settings = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -77,14 +78,6 @@ define apache::vhost::php::standard( $htpasswd_path = 'absent' ){ - $real_php_default_charset = $php_default_charset ? { - 'absent' => $default_charset ? { - 'On' => 'iso-8859-1', - default => $default_charset - }, - default => $php_default_charset - } - ::apache::vhost::phpdirs{"${name}": ensure => $ensure, php_upload_tmp_dir => $php_upload_tmp_dir, @@ -154,6 +147,46 @@ define apache::vhost::php::standard( documentroot_mode => $documentroot_mode, } } + + # php upload_tmp_dir + case $php_upload_tmp_dir { + 'absent': { + $real_php_upload_tmp_dir = "/var/www/upload_tmp_dir/$name" + } + default: { $real_php_upload_tmp_dir = $php_upload_tmp_dir } + } + # php session_save_path + case $php_session_save_path { + 'absent': { + $real_php_session_save_path = "/var/www/session.save_path/$name" + } + default: { $real_php_session_save_path = $php_session_save_path } + } + + $std_php_settings = { + engine => 'On', + upload_tmp_dir => $real_php_upload_tmp_dir, + session.save_path => $real_php_session_save_path, + } + if $php_safe_mode_exec_bins != 'absent' { + $std_php_settings[safe_mode_exec_dir] = $real_php_safe_mode_exec_bin_dir + } + + $real_php_default_charset = $php_settings[default_charset] ? { + '' => $default_charset ? { + 'On' => 'iso-8859-1', + default => $default_charset ? { + 'absent' => 'absent', + default => $default_charset + } + }, + default => $php_settings[default_charset] + } + if $real_php_default_charset != 'absent' { + $std_php_settings[default_charset] = $real_php_default_charset + } + + $real_php_settings = hash_merge($std_php_settings,$php_settings) # create vhost configuration file ::apache::vhost{$name: @@ -185,6 +218,7 @@ define apache::vhost::php::standard( php_use_pear => $php_use_pear, php_safe_mode => $php_safe_mode, php_default_charset => $real_php_default_charset, + php_settings => $real_php_settings, ssl_mode => $ssl_mode, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, diff --git a/manifests/vhost/php/webapp.pp b/manifests/vhost/php/webapp.pp index bd72eb1..b4b4195 100644 --- a/manifests/vhost/php/webapp.pp +++ b/manifests/vhost/php/webapp.pp @@ -53,6 +53,7 @@ define apache::vhost::php::webapp( $php_session_save_path = 'absent', $php_safe_mode_exec_bins = 'absent', $php_default_charset = 'absent', + $php_settings = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -126,6 +127,7 @@ define apache::vhost::php::webapp( php_session_save_path => $php_session_save_path, php_safe_mode_exec_bins => $php_safe_mode_exec_bins, php_default_charset => $php_default_charset, + php_settings => $php_settings, do_includes => $do_includes, options => $options, additional_options => $additional_options, diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index 3fe78c9..ce74bfd 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -71,6 +71,7 @@ define apache::vhost::template( $php_use_pear = false, $php_safe_mode = true, $php_default_charset = 'absent', + $php_settings = {}, $run_mode = 'normal', $run_uid = 'absent', $run_gid = 'absent', -- cgit v1.2.3 From 9f52ab2655acccd47cf7e3a824b603c5d6846f35 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 12:31:14 +0200 Subject: migrating a first part over to the new partial style --- manifests/vhost/gitweb.pp | 2 +- manifests/vhost/passenger.pp | 2 -- manifests/vhost/proxy.pp | 2 +- manifests/vhost/redirect.pp | 2 +- manifests/vhost/static.pp | 2 +- 5 files changed, 4 insertions(+), 6 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/gitweb.pp b/manifests/vhost/gitweb.pp index 2bc15d0..3ac8243 100644 --- a/manifests/vhost/gitweb.pp +++ b/manifests/vhost/gitweb.pp @@ -37,7 +37,7 @@ define apache::vhost::gitweb( default => '/var/log/apache2' }, logmode => $logmode, - template_mode => 'gitweb', + template_partial => 'apache/vhosts/gitweb/partial.erb', domain => $domain, domainalias => $domainalias, server_admin => $server_admin, diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index de3b162..5526125 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -21,7 +21,6 @@ define apache::vhost::passenger( $path = 'absent', $manage_webdir = true, $manage_docroot = true, - $template_mode = 'passenger', $owner = root, $group = apache, $documentroot_owner = apache, @@ -107,7 +106,6 @@ define apache::vhost::passenger( ensure => $ensure, path => "${real_path}/www/public", path_is_webdir => true, - template_mode => $template_mode, template_partial => 'apache/vhosts/passenger/partial.erb', logmode => $logmode, logpath => "${real_path}/logs", diff --git a/manifests/vhost/proxy.pp b/manifests/vhost/proxy.pp index 5783b1f..113f4ef 100644 --- a/manifests/vhost/proxy.pp +++ b/manifests/vhost/proxy.pp @@ -38,7 +38,7 @@ define apache::vhost::proxy( # we use the options field as the target_url ::apache::vhost::template{$name: ensure => $ensure, - template_mode => 'proxy', + template_partial => 'apache/vhosts/proxy/partial.erb', domain => $domain, path => 'really_absent', path_is_webdir => true, diff --git a/manifests/vhost/redirect.pp b/manifests/vhost/redirect.pp index 9384fc0..3297279 100644 --- a/manifests/vhost/redirect.pp +++ b/manifests/vhost/redirect.pp @@ -32,7 +32,7 @@ define apache::vhost::redirect( # we use the options field as the target_url ::apache::vhost::template{$name: ensure => $ensure, - template_mode => 'redirect', + template_partial => 'apache/vhost/redirect/partial.erb', domain => $domain, path => 'really_absent', path_is_webdir => true, diff --git a/manifests/vhost/static.pp b/manifests/vhost/static.pp index 76e2bee..cd5ac77 100644 --- a/manifests/vhost/static.pp +++ b/manifests/vhost/static.pp @@ -57,7 +57,7 @@ define apache::vhost::static( ::apache::vhost{$name: ensure => $ensure, path => $path, - template_mode => 'static', + template_partial => 'apache/vhosts/static/partial.erb', vhost_mode => $vhost_mode, vhost_source => $vhost_source, vhost_destination => $vhost_destination, -- cgit v1.2.3 From 24c047d1cfc54c003eef7445e177e28f373c1da4 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 12:40:46 +0200 Subject: remove an unnecessary template --- manifests/gentoo.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/gentoo.pp b/manifests/gentoo.pp index 46ad8cb..b7bcf94 100644 --- a/manifests/gentoo.pp +++ b/manifests/gentoo.pp @@ -26,7 +26,7 @@ class apache::gentoo inherits apache::package { # set the default for the ServerName file{"${config_dir}/modules.d/00_default_settings_ServerName.conf": - content => template('apache/modules_dir_00_default_settings_ServerName.conf.erb'), + content => "ServerName ${fqdn}\n", require => Package[apache], owner => root, group => 0, mode => 0644; } -- cgit v1.2.3 From 2fa748dcc92e34b13bd4b6f7e452ef89b29490c4 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 19:22:40 +0200 Subject: introduce a new template style, less duplicated things, more handy options --- manifests/include/joomla.pp | 3 + manifests/include/silverstripe.pp | 3 + manifests/joomla.pp | 5 - manifests/vhost.pp | 30 +----- manifests/vhost/gitweb.pp | 3 +- manifests/vhost/modperl.pp | 7 +- manifests/vhost/passenger.pp | 3 +- manifests/vhost/php/drupal.pp | 25 +++-- manifests/vhost/php/gallery2.pp | 53 ++++----- manifests/vhost/php/joomla.pp | 20 ++-- manifests/vhost/php/mediawiki.pp | 20 ++-- manifests/vhost/php/silverstripe.pp | 23 ++-- manifests/vhost/php/simplemachine.pp | 19 ++-- manifests/vhost/php/spip.pp | 20 ++-- manifests/vhost/php/standard.pp | 202 +++++++++++++++++------------------ manifests/vhost/php/typo3.pp | 27 +++-- manifests/vhost/php/webapp.pp | 18 +--- manifests/vhost/php/wordpress.pp | 20 ++-- manifests/vhost/phpdirs.pp | 25 +---- manifests/vhost/static.pp | 3 +- manifests/vhost/template.pp | 58 ++-------- manifests/vhost/webdav.pp | 4 +- 22 files changed, 233 insertions(+), 358 deletions(-) create mode 100644 manifests/include/joomla.pp create mode 100644 manifests/include/silverstripe.pp delete mode 100644 manifests/joomla.pp (limited to 'manifests') diff --git a/manifests/include/joomla.pp b/manifests/include/joomla.pp new file mode 100644 index 0000000..5adae30 --- /dev/null +++ b/manifests/include/joomla.pp @@ -0,0 +1,3 @@ +class apache::include::joomla { + apache::config::include{'joomla.inc': } +} diff --git a/manifests/include/silverstripe.pp b/manifests/include/silverstripe.pp new file mode 100644 index 0000000..fd2484b --- /dev/null +++ b/manifests/include/silverstripe.pp @@ -0,0 +1,3 @@ +class apache::include::silverstripe { + apache::config::include{'silverstripe.inc': } +} diff --git a/manifests/joomla.pp b/manifests/joomla.pp deleted file mode 100644 index 45d0b48..0000000 --- a/manifests/joomla.pp +++ /dev/null @@ -1,5 +0,0 @@ -# manifests/joomla.pp - -class apache::joomla { - apache::config::include{'joomla.inc': } -} diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 4ade9c8..64c20c7 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -3,12 +3,7 @@ # vhost_mode: which option is choosed to deploy the vhost # - template: generate it from a template (default) # - file: deploy a vhost file (apache::vhost::file will be called directly) -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache +# # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -39,9 +34,8 @@ define apache::vhost( $path_is_webdir = false, $logpath = 'absent', $logmode = 'default', - $template_mode = 'static', - $template_partial = 'absent', $vhost_mode = 'template', + $template_partial = 'apache/vhosts/static/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $content = 'absent', @@ -49,14 +43,8 @@ define apache::vhost( $domainalias = 'absent', $server_admin = 'absent', $allow_override = 'None', - $php_safe_mode_exec_bin_dir = 'absent', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_use_smarty = false, - $php_use_pear = false, - $php_safe_mode = true, - $php_default_charset = 'absent', $php_settings = {}, + $php_options = {}, $cgi_binpath = 'absent', $default_charset = 'absent', $do_includes = false, @@ -65,7 +53,6 @@ define apache::vhost( $run_mode = 'normal', $run_uid = 'absent', $run_gid = 'absent', - $template_mode = 'static', $ssl_mode = false, $htpasswd_file = 'absent', $htpasswd_path = 'absent', @@ -99,28 +86,21 @@ define apache::vhost( path_is_webdir => $path_is_webdir, logpath => $logpath, logmode => $logmode, - template_partial => $template_partial, domain => $domain, domainalias => $domainalias, server_admin => $server_admin, - php_safe_mode_exec_bin_dir => $php_safe_mode_exec_bin_dir, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, cgi_binpath => $cgi_binpath, allow_override => $allow_override, do_includes => $do_includes, options => $options, additional_options => $additional_options, default_charset => $default_charset, - php_use_smarty => $php_use_smarty, - php_use_pear => $php_use_pear, - php_safe_mode => $php_safe_mode, - php_default_charset => $php_default_charset, php_settings => $php_settings, + php_options => $php_options, run_mode => $run_mode, run_uid => $run_uid, run_gid => $run_gid, - template_mode => $template_mode, + template_partial => $template_partial, ssl_mode => $ssl_mode, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, diff --git a/manifests/vhost/gitweb.pp b/manifests/vhost/gitweb.pp index 3ac8243..5523af1 100644 --- a/manifests/vhost/gitweb.pp +++ b/manifests/vhost/gitweb.pp @@ -16,6 +16,7 @@ define apache::vhost::gitweb( $documentroot_group = 0, $documentroot_mode = 0640, $allow_override = 'None', + $template_partial = 'apache/vhosts/gitweb/partial.erb', $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -37,7 +38,7 @@ define apache::vhost::gitweb( default => '/var/log/apache2' }, logmode => $logmode, - template_partial => 'apache/vhosts/gitweb/partial.erb', + template_partial => $template_partial, domain => $domain, domainalias => $domainalias, server_admin => $server_admin, diff --git a/manifests/vhost/modperl.pp b/manifests/vhost/modperl.pp index 70a10ea..a527f4a 100644 --- a/manifests/vhost/modperl.pp +++ b/manifests/vhost/modperl.pp @@ -52,6 +52,7 @@ define apache::vhost::modperl( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/perl/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -83,7 +84,10 @@ define apache::vhost::modperl( } case $run_mode { - 'proxy-itk','static-itk': { include ::mod_perl::itk_plus } + 'proxy-itk','static-itk': { + $passing_extension = 'pl' + include ::mod_perl::itk_plus + } default: { include ::mod_perl } } @@ -106,6 +110,7 @@ define apache::vhost::modperl( template_mode => 'perl', logmode => $logmode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, domain => $domain, diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index 5526125..2b480c5 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -39,6 +39,7 @@ define apache::vhost::passenger( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/passenger/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -106,7 +107,7 @@ define apache::vhost::passenger( ensure => $ensure, path => "${real_path}/www/public", path_is_webdir => true, - template_partial => 'apache/vhosts/passenger/partial.erb', + template_partial => $template_partial, logmode => $logmode, logpath => "${real_path}/logs", vhost_mode => $vhost_mode, diff --git a/manifests/vhost/php/drupal.pp b/manifests/vhost/php/drupal.pp index adf1b9e..f81bef3 100644 --- a/manifests/vhost/php/drupal.pp +++ b/manifests/vhost/php/drupal.pp @@ -47,10 +47,8 @@ define apache::vhost::php::drupal( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', + $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -61,6 +59,7 @@ define apache::vhost::php::drupal( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_drupal/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -90,6 +89,17 @@ define apache::vhost::php::drupal( owner => root, group => 0, mode => 0644; } } + + $std_drupal_php_settings = { + magic_quotes_gpc => 0, + register_globals => 0, + 'session.auto_start' => 0, + 'mbstring.http_input' => 'pass', + 'mbstring.http_output' => 'pass', + 'mbstring.encoding_translation' => 0, + } + + $drupal_php_settings = hash_merg($std_drupal_php_settings, $php_settings) # create vhost configuration file ::apache::vhost::php::webapp{$name: @@ -109,10 +119,8 @@ define apache::vhost::php::drupal( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, + php_settings => $drupal_php_settings, + php_options => $php_options, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -123,6 +131,7 @@ define apache::vhost::php::drupal( mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp index 69a81e1..097e311 100644 --- a/manifests/vhost/php/gallery2.pp +++ b/manifests/vhost/php/gallery2.pp @@ -46,11 +46,8 @@ define apache::vhost::php::gallery2( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -61,6 +58,7 @@ define apache::vhost::php::gallery2( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_gallery2/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -85,11 +83,11 @@ define apache::vhost::php::gallery2( default => "${path}/g2data" } file{$gdatadir: - ensure => $ensure ? { - 'present' => directory, - default => absent - }, - owner => $documentroot_owner, group => $documentroot_group, mode => 0660; + ensure => $ensure ? { + 'present' => directory, + default => absent + }, + owner => $documentroot_owner, group => $documentroot_group, mode => 0660; } if ($upload_dir == 'present') or ($upload_dir == 'absent') { @@ -116,33 +114,30 @@ define apache::vhost::php::gallery2( ensure => directory } } + + $gallery_php_settings = { + safe_mode => 'Off', + output_buffering => 'Off', + } # php upload_tmp_dir - case $php_upload_tmp_dir { - 'absent': { - $real_php_upload_tmp_dir = "/var/www/upload_tmp_dir/$name" + case $php_settings[upload_tmp_dir] { + '',undef: { + $php_settings[upload_tmp_dir] = "/var/www/upload_tmp_dir/$name" } - default: { $real_php_upload_tmp_dir = $php_upload_tmp_dir } } # php session_save_path - case $php_session_save_path { - 'absent': { - $real_php_session_save_path = "/var/www/session.save_path/$name" + case $php_settings['session.save_path'] { + '',undef: { + $php_settings['session.save_path'] = "/var/www/session.save_path/$name" } - default: { $real_php_session_save_path = $php_session_save_path } } - - $gallery_php_settings = { - safe_mode => 'Off', - output_buffering => 'Off', - } - $open_basedir = "${documentroot}:${real_php_upload_tmp_dir}:${real_php_session_save_path}:${gdatadir}" + if $upload_dir != 'absent' { - $real_open_basedir = "${open_basedir}:${real_upload_dir}" + $gallery_php_settings[open_basedir] = "${documentroot}:${php_settings[upload_tmp_dir]}:${php_settings['session.save_path']}:${gdatadir}:${real_upload_dir}" } else { - $real_open_basedir = "${open_basedir}" + $gallery_php_settings[open_basedir] = "${documentroot}:${php_settings[upload_tmp_dir]}:${php_settings['session.save_path']}:${gdatadir}" } - $gallery_php_settings[open_basedir] = $real_open_basedir $real_php_settings = hash_merge($gallery_php_settings,$php_settings) @@ -164,11 +159,8 @@ define apache::vhost::php::gallery2( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $real_php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, php_settings => $real_php_settings, + php_options => $php_options, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -187,6 +179,5 @@ define apache::vhost::php::gallery2( manage_config => $manage_config, config_file => 'config.php', } - } diff --git a/manifests/vhost/php/joomla.pp b/manifests/vhost/php/joomla.pp index 3767c50..1cd9479 100644 --- a/manifests/vhost/php/joomla.pp +++ b/manifests/vhost/php/joomla.pp @@ -19,12 +19,6 @@ # - false: don't activate mod_security # - true: (*default*) activate mod_security # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -46,10 +40,8 @@ define apache::vhost::php::joomla( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', + $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -60,6 +52,7 @@ define apache::vhost::php::joomla( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_joomla/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -114,10 +107,8 @@ define apache::vhost::php::joomla( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, + php_settings => $php_settings, + php_options => $php_options, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -128,6 +119,7 @@ define apache::vhost::php::joomla( mod_security_additional_options => $real_mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, diff --git a/manifests/vhost/php/mediawiki.pp b/manifests/vhost/php/mediawiki.pp index 76faceb..58d36af 100644 --- a/manifests/vhost/php/mediawiki.pp +++ b/manifests/vhost/php/mediawiki.pp @@ -19,12 +19,6 @@ # - false: don't activate mod_security # - true: (*default*) activate mod_security # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -47,10 +41,8 @@ define apache::vhost::php::mediawiki( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'FileInfo Limit', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_default_charset = 'absent', - $php_safe_mode_exec_bins = 'absent', + $php_settings = {}, + $php_options = {}, $options = 'absent', $additional_options = 'absent', $default_charset = 'absent', @@ -60,6 +52,7 @@ define apache::vhost::php::mediawiki( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -74,7 +67,6 @@ define apache::vhost::php::mediawiki( logmode => $logmode, path => $path, manage_docroot => $manage_docroot, - template_mode => 'php_mediawiki', owner => $owner, group => $group, documentroot_owner => $documentroot_owner, @@ -84,9 +76,8 @@ define apache::vhost::php::mediawiki( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_default_charset => $php_default_charset, + php_settings => $php_settings, + php_options => $php_options, options => $options, additional_options => $additional_options, default_charset => $default_charset, @@ -96,6 +87,7 @@ define apache::vhost::php::mediawiki( mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, diff --git a/manifests/vhost/php/silverstripe.pp b/manifests/vhost/php/silverstripe.pp index 06ee1c4..7deaad1 100644 --- a/manifests/vhost/php/silverstripe.pp +++ b/manifests/vhost/php/silverstripe.pp @@ -19,12 +19,6 @@ # - false: don't activate mod_security # - true: (*default*) activate mod_security # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -46,10 +40,8 @@ define apache::vhost::php::silverstripe( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', + $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -60,6 +52,7 @@ define apache::vhost::php::silverstripe( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_silverstripe/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -68,6 +61,9 @@ define apache::vhost::php::silverstripe( $config_webwriteable = false, $manage_directories = true ){ + + include ::apache::include::silverstripe + $documentroot = $path ? { 'absent' => $operatingsystem ? { openbsd => "/var/www/htdocs/${name}/www", @@ -96,10 +92,8 @@ define apache::vhost::php::silverstripe( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, + php_settings => $php_settings, + php_options => $php_options, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -110,6 +104,7 @@ define apache::vhost::php::silverstripe( mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, diff --git a/manifests/vhost/php/simplemachine.pp b/manifests/vhost/php/simplemachine.pp index 8632763..29755f5 100644 --- a/manifests/vhost/php/simplemachine.pp +++ b/manifests/vhost/php/simplemachine.pp @@ -19,12 +19,6 @@ # - false: don't activate mod_security # - true: (*default*) activate mod_security # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -46,10 +40,8 @@ define apache::vhost::php::simplemachine( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', + $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -60,6 +52,7 @@ define apache::vhost::php::simplemachine( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -95,9 +88,8 @@ define apache::vhost::php::simplemachine( run_gid => $run_gid, allow_override => $allow_override, php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, + php_settings => $php_settings, + php_options => $php_options, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -108,6 +100,7 @@ define apache::vhost::php::simplemachine( mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, diff --git a/manifests/vhost/php/spip.pp b/manifests/vhost/php/spip.pp index 4fe9f9a..0d34687 100644 --- a/manifests/vhost/php/spip.pp +++ b/manifests/vhost/php/spip.pp @@ -19,12 +19,6 @@ # - false: don't activate mod_security # - true: (*default*) activate mod_security # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -46,10 +40,9 @@ define apache::vhost::php::spip( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'FileInfo', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', + $php_settings = {}, + $php_options = {}, + $template_partial = 'apache/vhosts/php/partial.erb', $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -91,10 +84,8 @@ define apache::vhost::php::spip( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, + php_settings => $php_settings, + php_options => $php_options, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -105,6 +96,7 @@ define apache::vhost::php::spip( mod_security_additional_options=> $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index c80610b..063c8e6 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -19,12 +19,6 @@ # - false: don't activate mod_security # - true: (*default*) activate mod_security # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -41,8 +35,6 @@ define apache::vhost::php::standard( $manage_webdir = true, $path_is_webdir = false, $manage_docroot = true, - $template_mode = 'php', - $template_partial = 'absent', $owner = root, $group = apache, $documentroot_owner = apache, @@ -52,15 +44,8 @@ define apache::vhost::php::standard( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_use_smarty = false, - $php_use_pear = false, - $php_safe_mode = true, - $php_safe_mode_exec_bins = 'absent', - $php_safe_mode_exec_bin_dir = 'absent', - $php_default_charset = 'absent', $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -72,63 +57,18 @@ define apache::vhost::php::standard( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php/partials.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', $htpasswd_path = 'absent' ){ - ::apache::vhost::phpdirs{"${name}": - ensure => $ensure, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, - documentroot_mode => $documentroot_mode, - run_mode => $run_mode, - run_uid => $run_uid, - } - - $real_php_safe_mode_exec_bin_dir = $php_safe_mode_exec_bin_dir ? { - 'absent' => $path ? { - 'absent' => $operatingsystem ? { - openbsd => "/var/www/htdocs/${name}/bin", - default => "/var/www/vhosts/${name}/bin" - }, - default => "${path}/bin" - }, - default => $php_safe_mode_exec_bin_dir - } - file{$real_php_safe_mode_exec_bin_dir: - recurse => true, - force => true, - purge => true, - } - if $php_safe_mode_exec_bins != 'absent' { - File[$real_php_safe_mode_exec_bin_dir]{ - ensure => $ensure ? { - 'present' => directory, - default => absent, - }, - owner => $documentroot_owner, group => $documentroot_group, mode => 0750, - } - $php_safe_mode_exec_bins_subst = regsubst($php_safe_mode_exec_bins,"(.+)","${name}@\\1") - apache::vhost::php::safe_mode_bin{ $php_safe_mode_exec_bins_subst: - ensure => $ensure, - path => $real_php_safe_mode_exec_bin_dir - } - }else{ - File[$real_php_safe_mode_exec_bin_dir]{ - ensure => absent, - } - } - - if $php_use_smarty { - include php::extensions::smarty - } - case $run_mode { - 'proxy-itk','static-itk': { include ::php::itk_plus } + 'proxy-itk','static-itk': { + $passing_extension = 'php' + include ::php::itk_plus + } 'itk': { include ::php::itk } default: { include ::php } } @@ -148,54 +88,116 @@ define apache::vhost::php::standard( } } - # php upload_tmp_dir - case $php_upload_tmp_dir { - 'absent': { - $real_php_upload_tmp_dir = "/var/www/upload_tmp_dir/$name" - } - default: { $real_php_upload_tmp_dir = $php_upload_tmp_dir } + $real_path = $path ? { + 'absent' => $operatingsystem ? { + openbsd => "/var/www/htdocs/${name}", + default => "/var/www/vhosts/${name}" + }, + default => $path } - # php session_save_path - case $php_session_save_path { - 'absent': { - $real_php_session_save_path = "/var/www/session.save_path/$name" - } - default: { $real_php_session_save_path = $php_session_save_path } + + if $path_is_webdir { + $documentroot = $real_path + } else { + $documentroot = "${real_path}/www" } - $std_php_settings = { - engine => 'On', - upload_tmp_dir => $real_php_upload_tmp_dir, - session.save_path => $real_php_session_save_path, + $std_php_options = { + smarty => false, + pear => false, } - if $php_safe_mode_exec_bins != 'absent' { - $std_php_settings[safe_mode_exec_dir] = $real_php_safe_mode_exec_bin_dir + $real_php_options = hash_merge($std_php_options,$php_options) + + if $real_php_options[smarty] { + include php::extensions::smarty + $smarty_path = '/usr/share/php/Smarty/:' + } else { + $smarty_path = '' } - $real_php_default_charset = $php_settings[default_charset] ? { - '' => $default_charset ? { - 'On' => 'iso-8859-1', - default => $default_charset ? { - 'absent' => 'absent', - default => $default_charset + if $real_php_options[pear] { + $pear_path = '/usr/share/pear/:' + } else { + $pear_path = '' + } + + + $std_php_settings = { + engine => 'On', + upload_tmp_dir => "/var/www/upload_tmp_dir/${name}", + 'session.save_path' => "/var/www/session.save_path/${name}", + open_basedir => "${smarty_path}${pear_path}${documentroot}:/var/www/upload_tmp_dir/${name}:/var/www/session.save_path/${name}", + safe_mode => 'On', + } + + case $php_settings[safe_mode_exec_bin_dir] { + '',undef: { + $php_safe_mode_exec_bin_dir = $path ? { + 'absent' => $operatingsystem ? { + openbsd => "/var/www/htdocs/${name}/bin", + default => "/var/www/vhosts/${name}/bin" + }, + default => "${path}/bin" } - }, - default => $php_settings[default_charset] + } + default: { $php_safe_mode_exec_bin_dir = $php_settings[safe_mode_exec_bin_dir] } + } + file{$php_safe_mode_exec_bin_dir: + recurse => true, + force => true, + purge => true, + } + if $php_options[safe_mode_exec_bins] { + $std_php_settings[safe_mode_exec_dir] = $php_safe_mode_exec_bin_dir + File[$php_safe_mode_exec_bin_dir]{ + ensure => $ensure ? { + 'present' => directory, + default => absent, + }, + owner => $documentroot_owner, group => $documentroot_group, mode => 0750, + } + $php_safe_mode_exec_bins_subst = regsubst($php_options[safe_mode_exec_bins],"(.+)","${name}@\\1") + apache::vhost::php::safe_mode_bin{ $php_safe_mode_exec_bins_subst: + ensure => $ensure, + path => $php_safe_mode_exec_bin_dir + } + }else{ + File[$php_safe_mode_exec_bin_dir]{ + ensure => absent, + } } - if $real_php_default_charset != 'absent' { - $std_php_settings[default_charset] = $real_php_default_charset + + case $php_settings[default_charset] { + '',undef: { + if $default_charset != 'absent' { + $std_php_settings[default_charset] = $default_charset ? { + 'On' => 'iso-8859-1', + default => $default_charset + } + } + } } $real_php_settings = hash_merge($std_php_settings,$php_settings) + + ::apache::vhost::phpdirs{"${name}": + ensure => $ensure, + php_upload_tmp_dir => $real_php_settings[upload_tmp_dir], + php_session_save_path => $real_php_settings['session.save_path'], + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + } # create vhost configuration file ::apache::vhost{$name: ensure => $ensure, path => $path, path_is_webdir => $path_is_webdir, - template_mode => $template_mode, - template_partial => $template_partial, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, domain => $domain, @@ -211,14 +213,8 @@ define apache::vhost::php::standard( options => $options, additional_options => $additional_options, default_charset => $default_charset, - php_safe_mode_exec_bin_dir => $real_php_safe_mode_exec_bin_dir, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_use_smarty => $php_use_smarty, - php_use_pear => $php_use_pear, - php_safe_mode => $php_safe_mode, - php_default_charset => $real_php_default_charset, php_settings => $real_php_settings, + php_options => $real_php_options, ssl_mode => $ssl_mode, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, diff --git a/manifests/vhost/php/typo3.pp b/manifests/vhost/php/typo3.pp index 9d404a4..b12b6c1 100644 --- a/manifests/vhost/php/typo3.pp +++ b/manifests/vhost/php/typo3.pp @@ -19,12 +19,6 @@ # - false: don't activate mod_security # - true: (*default*) activate mod_security # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -46,10 +40,8 @@ define apache::vhost::php::typo3( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', + $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -60,6 +52,7 @@ define apache::vhost::php::typo3( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_typo3/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -87,6 +80,12 @@ define apache::vhost::php::typo3( } else { $real_mod_security_additional_options = $mod_security_additional_options } + + $typo3_php_options = { + # turn allow_url_fopen on for the extension manager fetch + allow_url_fopen => 'On' + } + $real_php_settings = hash_merge($typo3_php_settings,$php_settings) # create vhost configuration file ::apache::vhost::php::webapp{$name: @@ -96,7 +95,6 @@ define apache::vhost::php::typo3( server_admin => $server_admin, logmode => $logmode, path => $path, - template_mode => 'php_typo3', owner => $owner, group => $group, documentroot_owner => $documentroot_owner, @@ -106,10 +104,8 @@ define apache::vhost::php::typo3( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, + php_settings => $real_php_settings, + php_options => $php_options, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -120,6 +116,7 @@ define apache::vhost::php::typo3( mod_security_additional_options => $real_mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, diff --git a/manifests/vhost/php/webapp.pp b/manifests/vhost/php/webapp.pp index b4b4195..2dc0133 100644 --- a/manifests/vhost/php/webapp.pp +++ b/manifests/vhost/php/webapp.pp @@ -19,12 +19,6 @@ # - false: don't activate mod_security # - true: (*default*) activate mod_security # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -49,11 +43,8 @@ define apache::vhost::php::webapp( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -64,6 +55,7 @@ define apache::vhost::php::webapp( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'absent', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -123,11 +115,8 @@ define apache::vhost::php::webapp( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, php_settings => $php_settings, + php_options => $php_options, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -138,6 +127,7 @@ define apache::vhost::php::webapp( mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, diff --git a/manifests/vhost/php/wordpress.pp b/manifests/vhost/php/wordpress.pp index b8ea359..2fcff4a 100644 --- a/manifests/vhost/php/wordpress.pp +++ b/manifests/vhost/php/wordpress.pp @@ -19,12 +19,6 @@ # - false: don't activate mod_security # - true: (*default*) activate mod_security # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -46,10 +40,8 @@ define apache::vhost::php::wordpress( $run_uid = 'absent', $run_gid = 'absent', $allow_override = 'FileInfo', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $php_safe_mode_exec_bins = 'absent', - $php_default_charset = 'absent', + $php_settings = {}, + $php_options = {}, $do_includes = false, $options = 'absent', $additional_options = 'absent', @@ -60,6 +52,7 @@ define apache::vhost::php::wordpress( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -97,10 +90,8 @@ define apache::vhost::php::wordpress( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - php_safe_mode_exec_bins => $php_safe_mode_exec_bins, - php_default_charset => $php_default_charset, + php_settings => $php_settings, + php_options => $php_options, do_includes => $do_includes, options => $options, additional_options => $additional_options, @@ -111,6 +102,7 @@ define apache::vhost::php::wordpress( mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, diff --git a/manifests/vhost/phpdirs.pp b/manifests/vhost/phpdirs.pp index acd423a..ac68f94 100644 --- a/manifests/vhost/phpdirs.pp +++ b/manifests/vhost/phpdirs.pp @@ -1,33 +1,16 @@ define apache::vhost::phpdirs( $ensure = present, - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', + $php_upload_tmp_dir, + $php_session_save_path, $documentroot_owner = apache, $documentroot_group = 0, $documentroot_mode = 0750, $run_mode = 'normal', $run_uid = 'absent' ){ - # php upload_tmp_dir - case $php_upload_tmp_dir { - 'absent': { - include apache::defaultphpdirs - $real_php_upload_tmp_dir = "/var/www/upload_tmp_dir/$name" - } - default: { $real_php_upload_tmp_dir = $php_upload_tmp_dir } - } - # php session_save_path - case $php_session_save_path { - 'absent': { - include apache::defaultphpdirs - $real_php_session_save_path = "/var/www/session.save_path/$name" - } - default: { $real_php_session_save_path = $php_session_save_path } - } - case $ensure { absent: { - file{[$real_php_upload_tmp_dir, $real_php_session_save_path ]: + file{[$php_upload_tmp_dir, $php_session_save_path ]: ensure => absent, purge => true, force => true, @@ -35,7 +18,7 @@ define apache::vhost::phpdirs( } } default: { - file{[$real_php_upload_tmp_dir, $real_php_session_save_path ]: + file{[$php_upload_tmp_dir, $php_session_save_path ]: ensure => directory, owner => $run_mode ? { 'itk' => $run_uid, diff --git a/manifests/vhost/static.pp b/manifests/vhost/static.pp index cd5ac77..f1dbcc2 100644 --- a/manifests/vhost/static.pp +++ b/manifests/vhost/static.pp @@ -32,6 +32,7 @@ define apache::vhost::static( $ssl_mode = false, $run_mode = 'normal', $vhost_mode = 'template', + $template_partial = 'apache/vhosts/static/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -57,7 +58,7 @@ define apache::vhost::static( ::apache::vhost{$name: ensure => $ensure, path => $path, - template_partial => 'apache/vhosts/static/partial.erb', + template_partial => $template_partial, vhost_mode => $vhost_mode, vhost_source => $vhost_source, vhost_destination => $vhost_destination, diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index ce74bfd..21fdb65 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -1,8 +1,6 @@ -# template_mode: -# - php: for a default php application -# - static: for a static application (default) -# - perl: for a mod_perl application -# - php_joomla: for a joomla application +# template_partial: +# which template should be used to generate the type specific part +# of the vhost entry. # # domainalias: # - absent: no domainalias is set (*default*) @@ -15,12 +13,6 @@ # - force: enable ssl and redirect non-ssl to ssl # - only: enable ssl only # -# php_safe_mode_exec_bins: An array of local binaries which should be linked in the -# safe_mode_exec_bin for this hosting -# *default*: None -# php_default_charset: default charset header for php. -# *default*: absent, which will set the same as default_charset -# of apache # logmode: # - default: Do normal logging to CustomLog and ErrorLog # - nologs: Send every logging to /dev/null @@ -58,25 +50,18 @@ define apache::vhost::template( $domainalias = 'absent', $server_admin = 'absent', $allow_override = 'None', - $php_safe_mode_exec_bin_dir = 'absent', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', $dav_db_dir = 'absent', $cgi_binpath = 'absent', $do_includes = false, $options = 'absent', $additional_options = 'absent', $default_charset = 'absent', - $php_use_smarty = false, - $php_use_pear = false, - $php_safe_mode = true, - $php_default_charset = 'absent', + $php_options = {}, $php_settings = {}, $run_mode = 'normal', $run_uid = 'absent', $run_gid = 'absent', - $template_mode = 'static', - $template_partial = 'absent', + $template_partial = 'apache/vhosts/static/partial.erb', $ssl_mode = false, $mod_security = true, $mod_security_relevantonly = true, @@ -121,8 +106,8 @@ define apache::vhost::template( $real_htpasswd_path = $htpasswd_path } case $run_mode { - 'proxy-itk': { $logfileprefix = 'proxy' } - 'static-itk': { $logfileprefix = 'static' } + 'proxy-itk': { $logfileprefix = 'proxy' } + 'static-itk': { $logfileprefix = 'static' } } case $run_mode { 'itk','proxy-itk','static-itk': { @@ -135,28 +120,6 @@ define apache::vhost::template( } } - # set default dirs for templates - # php php_safe_mode_exec_bin directory - case $php_safe_mode_exec_bin_dir { - 'absent': { - $real_php_safe_mode_exec_bin_dir = "/var/www/vhosts/$name/bin" - } - default: { $real_php_safe_mode_exec_bin_dir = $php_safe_mode_exec_bin_dir } - } - # php upload_tmp_dir - case $php_upload_tmp_dir { - 'absent': { - $real_php_upload_tmp_dir = "/var/www/upload_tmp_dir/$name" - } - default: { $real_php_upload_tmp_dir = $php_upload_tmp_dir } - } - # php session_save_path - case $php_session_save_path { - 'absent': { - $real_php_session_save_path = "/var/www/session.save_path/$name" - } - default: { $real_php_session_save_path = $php_session_save_path } - } # dav db dir case $dav_db_dir { 'absent': { @@ -178,9 +141,10 @@ define apache::vhost::template( } if $ensure != 'absent' { Apache::Vhost::File[$name]{ - content => $template_partial ? { - 'absent' => template("apache/vhosts/$template_mode/$operatingsystem.erb"), - default => template("apache/vhosts/default.erb"), + content => $run_mode ? { + 'proxy-itk' => template("apache/vhosts/itk_plus.erb"), + 'static-itk' => template("apache/vhosts/itk_plus.erb"), + default => template("apache/vhosts/default.erb"), } } } diff --git a/manifests/vhost/webdav.pp b/manifests/vhost/webdav.pp index 94b177c..e175324 100644 --- a/manifests/vhost/webdav.pp +++ b/manifests/vhost/webdav.pp @@ -28,12 +28,12 @@ define apache::vhost::webdav( $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', - $logmode = 'default', $path = 'absent', $owner = root, $group = apache, $manage_webdir = true, $path_is_webdir = false, + $logmode = 'default', $logpath = 'absent', $documentroot_owner = apache, $documentroot_group = 0, @@ -96,7 +96,7 @@ define apache::vhost::webdav( path_is_webdir => $path_is_webdir, logpath => $logpath, logmode => $logmode, - template_mode => 'webdav', + template_partial => 'apache/vhosts/webdav/partial.erb', vhost_mode => $vhost_mode, vhost_source => $vhost_source, vhost_destination => $vhost_destination, -- cgit v1.2.3 From c4e151111d69757c3def14aad40bf2773bfa4ace Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 19:30:49 +0200 Subject: fix include --- manifests/vhost/php/joomla.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/php/joomla.pp b/manifests/vhost/php/joomla.pp index 1cd9479..cdeb24b 100644 --- a/manifests/vhost/php/joomla.pp +++ b/manifests/vhost/php/joomla.pp @@ -61,7 +61,7 @@ define apache::vhost::php::joomla( $config_webwriteable = false, $manage_directories = true ){ - include ::apache::joomla + include ::apache::include::joomla $documentroot = $path ? { 'absent' => $operatingsystem ? { -- cgit v1.2.3 From 93384c3f85111bb5b52548b1edd787cf36184e27 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 20:15:42 +0200 Subject: merge functions to new stdlibs, fix has_key hash problem --- manifests/vhost/php/gallery2.pp | 2 +- manifests/vhost/php/standard.pp | 51 +++++++++++++++++++---------------------- manifests/vhost/php/typo3.pp | 2 +- 3 files changed, 26 insertions(+), 29 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp index 097e311..2a5266c 100644 --- a/manifests/vhost/php/gallery2.pp +++ b/manifests/vhost/php/gallery2.pp @@ -139,7 +139,7 @@ define apache::vhost::php::gallery2( $gallery_php_settings[open_basedir] = "${documentroot}:${php_settings[upload_tmp_dir]}:${php_settings['session.save_path']}:${gdatadir}" } - $real_php_settings = hash_merge($gallery_php_settings,$php_settings) + $real_php_settings = merge($gallery_php_settings,$php_settings) # create vhost configuration file ::apache::vhost::php::webapp{$name: diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 063c8e6..63aed57 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -106,16 +106,16 @@ define apache::vhost::php::standard( smarty => false, pear => false, } - $real_php_options = hash_merge($std_php_options,$php_options) + $real_php_options = merge($std_php_options,$php_options) - if $real_php_options[smarty] { + if has_key($real_php_options,'smarty') { include php::extensions::smarty $smarty_path = '/usr/share/php/Smarty/:' } else { $smarty_path = '' } - if $real_php_options[pear] { + if has_key($real_php_options,'pear') { $pear_path = '/usr/share/pear/:' } else { $pear_path = '' @@ -130,26 +130,25 @@ define apache::vhost::php::standard( safe_mode => 'On', } - case $php_settings[safe_mode_exec_bin_dir] { - '',undef: { - $php_safe_mode_exec_bin_dir = $path ? { - 'absent' => $operatingsystem ? { - openbsd => "/var/www/htdocs/${name}/bin", - default => "/var/www/vhosts/${name}/bin" - }, - default => "${path}/bin" - } + if has_key($php_settings,'safe_mode_exec_dir') { + $php_safe_mode_exec_dir = $php_settings[safe_mode_exec_dir] + } else { + $php_safe_mode_exec_dir = $path ? { + 'absent' => $operatingsystem ? { + openbsd => "/var/www/htdocs/${name}/bin", + default => "/var/www/vhosts/${name}/bin" + }, + default => "${path}/bin" } - default: { $php_safe_mode_exec_bin_dir = $php_settings[safe_mode_exec_bin_dir] } } - file{$php_safe_mode_exec_bin_dir: + file{$php_safe_mode_exec_dir: recurse => true, force => true, purge => true, } - if $php_options[safe_mode_exec_bins] { - $std_php_settings[safe_mode_exec_dir] = $php_safe_mode_exec_bin_dir - File[$php_safe_mode_exec_bin_dir]{ + if has_key($php_options,'safe_mode_exec_bins') { + $std_php_settings[safe_mode_exec_dir] = $php_safe_mode_exec_dir + File[$php_safe_mode_exec_dir]{ ensure => $ensure ? { 'present' => directory, default => absent, @@ -159,26 +158,24 @@ define apache::vhost::php::standard( $php_safe_mode_exec_bins_subst = regsubst($php_options[safe_mode_exec_bins],"(.+)","${name}@\\1") apache::vhost::php::safe_mode_bin{ $php_safe_mode_exec_bins_subst: ensure => $ensure, - path => $php_safe_mode_exec_bin_dir + path => $php_safe_mode_exec_dir } }else{ - File[$php_safe_mode_exec_bin_dir]{ + File[$php_safe_mode_exec_dir]{ ensure => absent, } } - case $php_settings[default_charset] { - '',undef: { - if $default_charset != 'absent' { - $std_php_settings[default_charset] = $default_charset ? { - 'On' => 'iso-8859-1', - default => $default_charset - } + if !has_key($php_settings,'default_charset') { + if $default_charset != 'absent' { + $std_php_settings[default_charset] = $default_charset ? { + 'On' => 'iso-8859-1', + default => $default_charset } } } - $real_php_settings = hash_merge($std_php_settings,$php_settings) + $real_php_settings = merge($std_php_settings,$php_settings) ::apache::vhost::phpdirs{"${name}": ensure => $ensure, diff --git a/manifests/vhost/php/typo3.pp b/manifests/vhost/php/typo3.pp index b12b6c1..a5f931c 100644 --- a/manifests/vhost/php/typo3.pp +++ b/manifests/vhost/php/typo3.pp @@ -85,7 +85,7 @@ define apache::vhost::php::typo3( # turn allow_url_fopen on for the extension manager fetch allow_url_fopen => 'On' } - $real_php_settings = hash_merge($typo3_php_settings,$php_settings) + $real_php_settings = merge($typo3_php_settings,$php_settings) # create vhost configuration file ::apache::vhost::php::webapp{$name: -- cgit v1.2.3 From baf631043b368ec802c700d939eee42358e831e8 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 20:25:32 +0200 Subject: remove old template mode option --- manifests/vhost/modperl.pp | 1 - manifests/vhost/php/drupal.pp | 1 - manifests/vhost/php/gallery2.pp | 1 - manifests/vhost/php/joomla.pp | 1 - manifests/vhost/php/silverstripe.pp | 1 - manifests/vhost/php/simplemachine.pp | 1 - manifests/vhost/php/spip.pp | 1 - manifests/vhost/php/webapp.pp | 4 +--- manifests/vhost/php/wordpress.pp | 1 - 9 files changed, 1 insertion(+), 11 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/modperl.pp b/manifests/vhost/modperl.pp index a527f4a..9940286 100644 --- a/manifests/vhost/modperl.pp +++ b/manifests/vhost/modperl.pp @@ -107,7 +107,6 @@ define apache::vhost::modperl( ::apache::vhost{$name: ensure => $ensure, path => $path, - template_mode => 'perl', logmode => $logmode, vhost_mode => $vhost_mode, template_partial => $template_partial, diff --git a/manifests/vhost/php/drupal.pp b/manifests/vhost/php/drupal.pp index f81bef3..9372b0d 100644 --- a/manifests/vhost/php/drupal.pp +++ b/manifests/vhost/php/drupal.pp @@ -109,7 +109,6 @@ define apache::vhost::php::drupal( server_admin => $server_admin, logmode => $logmode, path => $path, - template_mode => 'php_drupal', owner => $owner, group => $group, documentroot_owner => $documentroot_owner, diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp index 2a5266c..6c979bb 100644 --- a/manifests/vhost/php/gallery2.pp +++ b/manifests/vhost/php/gallery2.pp @@ -149,7 +149,6 @@ define apache::vhost::php::gallery2( server_admin => $server_admin, logmode => $logmode, path => $path, - template_mode => 'php_gallery2', owner => $owner, group => $group, documentroot_owner => $documentroot_owner, diff --git a/manifests/vhost/php/joomla.pp b/manifests/vhost/php/joomla.pp index cdeb24b..69b08f6 100644 --- a/manifests/vhost/php/joomla.pp +++ b/manifests/vhost/php/joomla.pp @@ -97,7 +97,6 @@ define apache::vhost::php::joomla( server_admin => $server_admin, logmode => $logmode, path => $path, - template_mode => 'php_joomla', owner => $owner, group => $group, documentroot_owner => $documentroot_owner, diff --git a/manifests/vhost/php/silverstripe.pp b/manifests/vhost/php/silverstripe.pp index 7deaad1..d120f04 100644 --- a/manifests/vhost/php/silverstripe.pp +++ b/manifests/vhost/php/silverstripe.pp @@ -82,7 +82,6 @@ define apache::vhost::php::silverstripe( server_admin => $server_admin, logmode => $logmode, path => $path, - template_mode => 'php_silverstripe', owner => $owner, group => $group, documentroot_owner => $documentroot_owner, diff --git a/manifests/vhost/php/simplemachine.pp b/manifests/vhost/php/simplemachine.pp index 29755f5..8df4547 100644 --- a/manifests/vhost/php/simplemachine.pp +++ b/manifests/vhost/php/simplemachine.pp @@ -77,7 +77,6 @@ define apache::vhost::php::simplemachine( server_admin => $server_admin, logmode => $logmode, path => $path, - template_mode => 'php_simplemachine', owner => $owner, group => $group, documentroot_owner => $documentroot_owner, diff --git a/manifests/vhost/php/spip.pp b/manifests/vhost/php/spip.pp index 0d34687..696ac8b 100644 --- a/manifests/vhost/php/spip.pp +++ b/manifests/vhost/php/spip.pp @@ -74,7 +74,6 @@ define apache::vhost::php::spip( server_admin => $server_admin, logmode => $logmode, path => $path, - template_mode => 'php_spip', owner => $owner, group => $group, documentroot_owner => $documentroot_owner, diff --git a/manifests/vhost/php/webapp.pp b/manifests/vhost/php/webapp.pp index 2dc0133..69951de 100644 --- a/manifests/vhost/php/webapp.pp +++ b/manifests/vhost/php/webapp.pp @@ -33,7 +33,6 @@ define apache::vhost::php::webapp( $path = 'absent', $manage_webdir = true, $manage_docroot = true, - $template_mode, $owner = root, $group = apache, $documentroot_owner = apache, @@ -55,7 +54,7 @@ define apache::vhost::php::webapp( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', - $template_partial = 'absent', + $template_partial, $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', @@ -105,7 +104,6 @@ define apache::vhost::php::webapp( path => $path, manage_webdir => $manage_webdir, manage_docroot => $manage_docroot, - template_mode => $template_mode, owner => $owner, group => $group, documentroot_owner => $documentroot_owner, diff --git a/manifests/vhost/php/wordpress.pp b/manifests/vhost/php/wordpress.pp index 2fcff4a..fef0807 100644 --- a/manifests/vhost/php/wordpress.pp +++ b/manifests/vhost/php/wordpress.pp @@ -80,7 +80,6 @@ define apache::vhost::php::wordpress( server_admin => $server_admin, logmode => $logmode, path => $path, - template_mode => 'php_wordpress', owner => $owner, group => $group, documentroot_owner => $documentroot_owner, -- cgit v1.2.3 From 174504153f3df1d111d922bdfe77d021c9ff79dc Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 20:30:22 +0200 Subject: fix name --- manifests/vhost/php/standard.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 63aed57..98e3454 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -57,7 +57,7 @@ define apache::vhost::php::standard( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', - $template_partial = 'apache/vhosts/php/partials.erb', + $template_partial = 'apache/vhosts/php/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', -- cgit v1.2.3 From 539ac8f4e8dc64ae6a071c102859f5006aa609be Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 20:36:48 +0200 Subject: the key will always be here --- manifests/vhost/php/standard.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 98e3454..723ae3f 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -108,14 +108,14 @@ define apache::vhost::php::standard( } $real_php_options = merge($std_php_options,$php_options) - if has_key($real_php_options,'smarty') { + if $real_php_options[smarty] { include php::extensions::smarty $smarty_path = '/usr/share/php/Smarty/:' } else { $smarty_path = '' } - if has_key($real_php_options,'pear') { + if $real_php_options[pear] { $pear_path = '/usr/share/pear/:' } else { $pear_path = '' -- cgit v1.2.3 From 7991a88483f214d593a933ce97fc8a2adf44800e Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 20:43:19 +0200 Subject: by default safe_mode is off for mediawikis --- manifests/vhost/php/mediawiki.pp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/php/mediawiki.pp b/manifests/vhost/php/mediawiki.pp index 58d36af..376f1be 100644 --- a/manifests/vhost/php/mediawiki.pp +++ b/manifests/vhost/php/mediawiki.pp @@ -58,6 +58,11 @@ define apache::vhost::php::mediawiki( $htpasswd_file = 'absent', $htpasswd_path = 'absent' ){ + + $mediawiki_php_settings = { + safe_mode => false, + } + # create vhost configuration file ::apache::vhost::php::webapp{$name: ensure => $ensure, @@ -76,7 +81,7 @@ define apache::vhost::php::mediawiki( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_settings => $php_settings, + php_settings => merge($mediawiki_php_settings,$php_settings), php_options => $php_options, options => $options, additional_options => $additional_options, -- cgit v1.2.3 From 391dbaae8af22cf6f157aa4f741762a14cf0b483 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 22:27:37 +0200 Subject: add mod_fcgid stuff --- manifests/vhost/modperl.pp | 23 ++++++++++++++++++----- manifests/vhost/php/standard.pp | 24 +++++++++++++++++------- 2 files changed, 35 insertions(+), 12 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/modperl.pp b/manifests/vhost/modperl.pp index 9940286..795df6b 100644 --- a/manifests/vhost/modperl.pp +++ b/manifests/vhost/modperl.pp @@ -83,12 +83,25 @@ define apache::vhost::modperl( mode => $documentroot_mode; } - case $run_mode { - 'proxy-itk','static-itk': { - $passing_extension = 'pl' - include ::mod_perl::itk_plus + $passing_extension = 'pl' + if $ensure != 'absent' { + case $run_mode { + 'proxy-itk','static-itk': { + include ::mod_perl::itk_plus + } + 'fcgid': { + include ::mod_fcgid + # we don't need mod_perl if we run it as fcgid + include ::mod_perl::disable + mod_fcgid::starter {$name: + type => 'perl', + owner => $run_uid, + group => $run_gid, + notify => Service['apache'], + } + } + default: { include ::mod_perl } } - default: { include ::mod_perl } } # create webdir diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 723ae3f..878e55c 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -64,15 +64,25 @@ define apache::vhost::php::standard( $htpasswd_path = 'absent' ){ - case $run_mode { - 'proxy-itk','static-itk': { - $passing_extension = 'php' - include ::php::itk_plus + $passing_extension = 'php' + if $ensure != 'absent' { + case $run_mode { + 'proxy-itk','static-itk': { + include ::php::itk_plus + } + 'itk': { include ::php::itk } + 'fcgid': { + include ::php::mod_fcgid + mod_fcgid::starter {$name: + type => 'php', + owner => $run_uid, + group => $run_gid, + notify => Service['apache'], + } + } + default: { include ::php } } - 'itk': { include ::php::itk } - default: { include ::php } } - if $manage_webdir { # create webdir ::apache::vhost::webdir{$name: -- cgit v1.2.3 From cb9ef422a5e2dd35f24d857adc66a4d9293407d5 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 22:29:01 +0200 Subject: also include mod_fcgid for php stuff --- manifests/vhost/php/standard.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'manifests') diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 878e55c..5c9f64c 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -72,6 +72,7 @@ define apache::vhost::php::standard( } 'itk': { include ::php::itk } 'fcgid': { + include ::mod_fcgid include ::php::mod_fcgid mod_fcgid::starter {$name: type => 'php', -- cgit v1.2.3 From c610223e886a41f56b4fbd1f570968e55260e642 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 22:41:12 +0200 Subject: migrate over to new stdlib function --- manifests/vhost/php/drupal.pp | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/php/drupal.pp b/manifests/vhost/php/drupal.pp index 9372b0d..d07beb7 100644 --- a/manifests/vhost/php/drupal.pp +++ b/manifests/vhost/php/drupal.pp @@ -99,8 +99,6 @@ define apache::vhost::php::drupal( 'mbstring.encoding_translation' => 0, } - $drupal_php_settings = hash_merg($std_drupal_php_settings, $php_settings) - # create vhost configuration file ::apache::vhost::php::webapp{$name: ensure => $ensure, @@ -118,7 +116,7 @@ define apache::vhost::php::drupal( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_settings => $drupal_php_settings, + php_settings =>merge($std_drupal_php_settings, $php_settings), php_options => $php_options, do_includes => $do_includes, options => $options, -- cgit v1.2.3 From 4546a44ce8269bfeaea50920fcfabe6089ded144 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 22:59:53 +0200 Subject: type is a metaparam --- manifests/vhost/modperl.pp | 2 +- manifests/vhost/php/standard.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/modperl.pp b/manifests/vhost/modperl.pp index 795df6b..4f5dff7 100644 --- a/manifests/vhost/modperl.pp +++ b/manifests/vhost/modperl.pp @@ -94,7 +94,7 @@ define apache::vhost::modperl( # we don't need mod_perl if we run it as fcgid include ::mod_perl::disable mod_fcgid::starter {$name: - type => 'perl', + cgi_type => 'perl', owner => $run_uid, group => $run_gid, notify => Service['apache'], diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 5c9f64c..4b01d32 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -75,7 +75,7 @@ define apache::vhost::php::standard( include ::mod_fcgid include ::php::mod_fcgid mod_fcgid::starter {$name: - type => 'php', + cgi_type => 'php', owner => $run_uid, group => $run_gid, notify => Service['apache'], -- cgit v1.2.3 From 968676d43da076d4ecc9d33c4a5f8a2fb532285c Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 23:44:15 +0200 Subject: pass php_settings to fcgid-starter and only set them in vhost, if we don't run as fgcid --- manifests/vhost/php/standard.pp | 42 +++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 4b01d32..7de2798 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -64,26 +64,6 @@ define apache::vhost::php::standard( $htpasswd_path = 'absent' ){ - $passing_extension = 'php' - if $ensure != 'absent' { - case $run_mode { - 'proxy-itk','static-itk': { - include ::php::itk_plus - } - 'itk': { include ::php::itk } - 'fcgid': { - include ::mod_fcgid - include ::php::mod_fcgid - mod_fcgid::starter {$name: - cgi_type => 'php', - owner => $run_uid, - group => $run_gid, - notify => Service['apache'], - } - } - default: { include ::php } - } - } if $manage_webdir { # create webdir ::apache::vhost::webdir{$name: @@ -188,6 +168,28 @@ define apache::vhost::php::standard( $real_php_settings = merge($std_php_settings,$php_settings) + $passing_extension = 'php' + if $ensure != 'absent' { + case $run_mode { + 'proxy-itk','static-itk': { + include ::php::itk_plus + } + 'itk': { include ::php::itk } + 'fcgid': { + include ::mod_fcgid + include ::php::mod_fcgid + mod_fcgid::starter {$name: + cgi_type => 'php', + cgi_type_options => $real_php_settings, + owner => $run_uid, + group => $run_gid, + notify => Service['apache'], + } + } + default: { include ::php } + } + } + ::apache::vhost::phpdirs{"${name}": ensure => $ensure, php_upload_tmp_dir => $real_php_settings[upload_tmp_dir], -- cgit v1.2.3 From c7176c592622f3bc6955f36d359252e55c4e3d8d Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 8 Oct 2011 23:53:15 +0200 Subject: log php errors to a per vhost logfile --- manifests/vhost/php/standard.pp | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'manifests') diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 7de2798..077bde4 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -92,6 +92,10 @@ define apache::vhost::php::standard( } else { $documentroot = "${real_path}/www" } + $logdir = $logpath ? { + 'absent' => "$real_path/logs", + default => $logpath + } $std_php_options = { smarty => false, @@ -120,6 +124,9 @@ define apache::vhost::php::standard( open_basedir => "${smarty_path}${pear_path}${documentroot}:/var/www/upload_tmp_dir/${name}:/var/www/session.save_path/${name}", safe_mode => 'On', } + if $logmode != 'nologs' { + $std_php_settings[error_log] = "${logdir}/php_error_log" + } if has_key($php_settings,'safe_mode_exec_dir') { $php_safe_mode_exec_dir = $php_settings[safe_mode_exec_dir] @@ -178,6 +185,7 @@ define apache::vhost::php::standard( 'fcgid': { include ::mod_fcgid include ::php::mod_fcgid + mod_fcgid::starter {$name: cgi_type => 'php', cgi_type_options => $real_php_settings, -- cgit v1.2.3 From dfd70b673871cadc0ef1e9ebc659d0f799edb271 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 00:16:14 +0200 Subject: include php::itk on itk setups --- manifests/vhost/php/standard.pp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'manifests') diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 077bde4..bb6c5e1 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -178,6 +178,9 @@ define apache::vhost::php::standard( $passing_extension = 'php' if $ensure != 'absent' { case $run_mode { + 'itk': { + include ::php::itk + } 'proxy-itk','static-itk': { include ::php::itk_plus } -- cgit v1.2.3 From bff168f1aad2a82e4b2fec5ca9b8260164cf7e27 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 00:27:06 +0200 Subject: this options should be set globally --- manifests/include/mod_fcgid.pp | 5 +++++ manifests/vhost/modperl.pp | 2 ++ manifests/vhost/php/standard.pp | 1 + 3 files changed, 8 insertions(+) create mode 100644 manifests/include/mod_fcgid.pp (limited to 'manifests') diff --git a/manifests/include/mod_fcgid.pp b/manifests/include/mod_fcgid.pp new file mode 100644 index 0000000..2dd415a --- /dev/null +++ b/manifests/include/mod_fcgid.pp @@ -0,0 +1,5 @@ +class apache::include::mod_fcgid { + apache::config::global{'mod_fcgid': + content => "FcgidFixPathinfo 1\n" + } +} \ No newline at end of file diff --git a/manifests/vhost/modperl.pp b/manifests/vhost/modperl.pp index 4f5dff7..7cbe578 100644 --- a/manifests/vhost/modperl.pp +++ b/manifests/vhost/modperl.pp @@ -91,6 +91,8 @@ define apache::vhost::modperl( } 'fcgid': { include ::mod_fcgid + apache::include::mod_fcgid + # we don't need mod_perl if we run it as fcgid include ::mod_perl::disable mod_fcgid::starter {$name: diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index bb6c5e1..c3c9e7a 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -188,6 +188,7 @@ define apache::vhost::php::standard( 'fcgid': { include ::mod_fcgid include ::php::mod_fcgid + apache::include::mod_fcgid mod_fcgid::starter {$name: cgi_type => 'php', -- cgit v1.2.3 From 9ce971defd96d028b162c323914b9641ed99366a Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 00:30:16 +0200 Subject: fix typo --- manifests/vhost/modperl.pp | 2 +- manifests/vhost/php/standard.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/modperl.pp b/manifests/vhost/modperl.pp index 7cbe578..c7b9e59 100644 --- a/manifests/vhost/modperl.pp +++ b/manifests/vhost/modperl.pp @@ -91,7 +91,7 @@ define apache::vhost::modperl( } 'fcgid': { include ::mod_fcgid - apache::include::mod_fcgid + include apache::include::mod_fcgid # we don't need mod_perl if we run it as fcgid include ::mod_perl::disable diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index c3c9e7a..0a92057 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -188,7 +188,7 @@ define apache::vhost::php::standard( 'fcgid': { include ::mod_fcgid include ::php::mod_fcgid - apache::include::mod_fcgid + include apache::include::mod_fcgid mod_fcgid::starter {$name: cgi_type => 'php', -- cgit v1.2.3 From 40d57d53c94f58c68c946fe35b7a567629953d17 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 00:51:57 +0200 Subject: fix access mode for fcgid webdirs --- manifests/vhost/webdir.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/webdir.pp b/manifests/vhost/webdir.pp index 857c8e6..ca3b2b6 100644 --- a/manifests/vhost/webdir.pp +++ b/manifests/vhost/webdir.pp @@ -20,7 +20,7 @@ define apache::vhost::webdir( default => "${path}" } - if ($run_mode =~ /^(static\-|proxy\-)?itk$/) and ($mode == '0640'){ + if (($run_mode =~ /^(static\-|proxy\-)?itk$/) or $run_mode == 'fcgid') and ($mode == '0640'){ $real_mode = 0644 } else { $real_mode = $mode -- cgit v1.2.3 From d2b1d040b9225b8ae077e3babd9a2f4d5b9dd4e8 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 01:00:53 +0200 Subject: do the same for fcgid --- manifests/vhost/php/safe_mode_bin.pp | 6 ------ manifests/vhost/phpdirs.pp | 1 + manifests/vhost/template.pp | 2 +- 3 files changed, 2 insertions(+), 7 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/php/safe_mode_bin.pp b/manifests/vhost/php/safe_mode_bin.pp index ee7a566..4a3574d 100644 --- a/manifests/vhost/php/safe_mode_bin.pp +++ b/manifests/vhost/php/safe_mode_bin.pp @@ -1,9 +1,3 @@ -# run_mode: -# - normal: nothing special (*default*) -# - itk: apache is running with the itk module -# and run_uid and run_gid are used as vhost users -# run_uid: the uid the vhost should run as with the itk module -# run_gid: the gid the vhost should run as with the itk module define apache::vhost::php::safe_mode_bin( $ensure = 'present', $path diff --git a/manifests/vhost/phpdirs.pp b/manifests/vhost/phpdirs.pp index ac68f94..135c43c 100644 --- a/manifests/vhost/phpdirs.pp +++ b/manifests/vhost/phpdirs.pp @@ -24,6 +24,7 @@ define apache::vhost::phpdirs( 'itk' => $run_uid, 'static-itk' => $run_uid, 'proxy-itk' => $run_uid, + 'fcgid' => $run_uid, default => $documentroot_owner }, group => $documentroot_group, mode => $documentroot_mode; diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index 21fdb65..11926a6 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -110,7 +110,7 @@ define apache::vhost::template( 'static-itk': { $logfileprefix = 'static' } } case $run_mode { - 'itk','proxy-itk','static-itk': { + 'fcgid','itk','proxy-itk','static-itk': { case $run_uid { 'absent': { fail("you have to define run_uid for $name on $fqdn") } } -- cgit v1.2.3 From 811928eed982bd18776e6abfe0b5e1b9864d7c55 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 02:22:39 +0200 Subject: we need these rewrite rules, otherwise it won't work with cgi --- manifests/vhost/php/mediawiki.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/php/mediawiki.pp b/manifests/vhost/php/mediawiki.pp index 376f1be..502af53 100644 --- a/manifests/vhost/php/mediawiki.pp +++ b/manifests/vhost/php/mediawiki.pp @@ -52,7 +52,7 @@ define apache::vhost::php::mediawiki( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', - $template_partial = 'apache/vhosts/php/partial.erb', + $template_partial = 'apache/vhosts/php_mediawiki/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', -- cgit v1.2.3 From 1165548443657760ff71cb753c84f6c8b94d9b28 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 03:24:45 +0200 Subject: remove old param --- manifests/vhost/php/simplemachine.pp | 1 - 1 file changed, 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/php/simplemachine.pp b/manifests/vhost/php/simplemachine.pp index 8df4547..966e763 100644 --- a/manifests/vhost/php/simplemachine.pp +++ b/manifests/vhost/php/simplemachine.pp @@ -86,7 +86,6 @@ define apache::vhost::php::simplemachine( run_uid => $run_uid, run_gid => $run_gid, allow_override => $allow_override, - php_upload_tmp_dir => $php_upload_tmp_dir, php_settings => $php_settings, php_options => $php_options, do_includes => $do_includes, -- cgit v1.2.3 From b11bb5a891e96fafa01a431db8e168a41948b88a Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 03:34:29 +0200 Subject: migrate to new file_line type --- manifests/centos.pp | 14 +++++++++----- manifests/htpasswd_user.pp | 4 ++-- manifests/openbsd.pp | 4 ++-- manifests/ssl/openbsd.pp | 6 +++--- 4 files changed, 16 insertions(+), 12 deletions(-) (limited to 'manifests') diff --git a/manifests/centos.pp b/manifests/centos.pp index e8a413d..b3af7f6 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -38,13 +38,17 @@ class apache::centos inherits apache::package { owner => root, group => 0, mode => 0644; } - line{ + file_line{ 'pidfile_httpd.conf': - file => '/etc/httpd/conf/httpd.conf', - line => 'PidFile run/httpd.pid'; + path => '/etc/httpd/conf/httpd.conf', + line => 'PidFile run/httpd.pid', + require => Package['apache'], + notify=> Package['apache']; 'listen_httpd.conf': - file => '/etc/httpd/conf/httpd.conf', - line => 'Listen 80'; + path => '/etc/httpd/conf/httpd.conf', + line => 'Listen 80', + require => Package['apache'], + notify=> Package['apache']; } apache::config::global{'00-listen.conf': ensure => absent, diff --git a/manifests/htpasswd_user.pp b/manifests/htpasswd_user.pp index 5a7c413..9fcea0a 100644 --- a/manifests/htpasswd_user.pp +++ b/manifests/htpasswd_user.pp @@ -26,9 +26,9 @@ define apache::htpasswd_user( $real_password = htpasswd_sha1($password) } - line{"htpasswd_for_${real_site}": + file_line{"htpasswd_for_${real_site}": ensure => $ensure, - file => $real_path, + path => $real_path, line => "${username}:${real_password}", } } diff --git a/manifests/openbsd.pp b/manifests/openbsd.pp index 68a13b1..f1c8ac0 100644 --- a/manifests/openbsd.pp +++ b/manifests/openbsd.pp @@ -20,8 +20,8 @@ class apache::openbsd inherits apache::base { File[web_dir]{ group => daemon, } - line{'enable_apache_on_boot': - file => '/etc/rc.conf.local', + file_line{'enable_apache_on_boot': + path => '/etc/rc.conf.local', line => 'httpd flags=""', } file{'apache_main_config': diff --git a/manifests/ssl/openbsd.pp b/manifests/ssl/openbsd.pp index 0e221aa..43bc680 100644 --- a/manifests/ssl/openbsd.pp +++ b/manifests/ssl/openbsd.pp @@ -1,11 +1,11 @@ class apache::ssl::openbsd inherits apache::openbsd { include apache::ssl::base - Line['enable_apache_on_boot']{ + File_line['enable_apache_on_boot']{ ensure => 'absent', } - line{'enable_apachessl_on_boot': - file => '/etc/rc.conf.local', + file_line{'enable_apachessl_on_boot': + path => '/etc/rc.conf.local', line => 'httpd flags="-DSSL"', } -- cgit v1.2.3 From 4ef0a3591b5c8ddf651a5f5d5ff0d292b186ceb7 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 9 Oct 2011 03:48:44 +0200 Subject: remove stupid cycle --- manifests/centos.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/centos.pp b/manifests/centos.pp index b3af7f6..ccbc079 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -43,12 +43,12 @@ class apache::centos inherits apache::package { path => '/etc/httpd/conf/httpd.conf', line => 'PidFile run/httpd.pid', require => Package['apache'], - notify=> Package['apache']; + notify=> Service['apache']; 'listen_httpd.conf': path => '/etc/httpd/conf/httpd.conf', line => 'Listen 80', require => Package['apache'], - notify=> Package['apache']; + notify=> Service['apache']; } apache::config::global{'00-listen.conf': ensure => absent, -- cgit v1.2.3 From 42f3d56f39a7c82ae7774f750178e078e801c137 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 12 Oct 2011 23:30:36 +0200 Subject: fix template path --- manifests/vhost/redirect.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/redirect.pp b/manifests/vhost/redirect.pp index 3297279..ec23fb7 100644 --- a/manifests/vhost/redirect.pp +++ b/manifests/vhost/redirect.pp @@ -32,7 +32,7 @@ define apache::vhost::redirect( # we use the options field as the target_url ::apache::vhost::template{$name: ensure => $ensure, - template_partial => 'apache/vhost/redirect/partial.erb', + template_partial => 'apache/vhosts/redirect/partial.erb', domain => $domain, path => 'really_absent', path_is_webdir => true, -- cgit v1.2.3 From 3e0081dd3cd8754454ccf1ee616a88d357952052 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 13 Oct 2011 00:34:59 +0200 Subject: if we run as fcgid, we need to tell safe_mode that gid is fine --- manifests/vhost/php/standard.pp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'manifests') diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 0a92057..aea4551 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -127,6 +127,9 @@ define apache::vhost::php::standard( if $logmode != 'nologs' { $std_php_settings[error_log] = "${logdir}/php_error_log" } + if $run_mode == 'fcgid' { + $std_php_settings[safe_mode_gid] = 'On' + } if has_key($php_settings,'safe_mode_exec_dir') { $php_safe_mode_exec_dir = $php_settings[safe_mode_exec_dir] -- cgit v1.2.3 From d9b5ec61e22353faf9b975d14cdec45efc128f2c Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 13 Oct 2011 00:56:24 +0200 Subject: add worker related config files --- manifests/centos/worker.pp | 5 +++++ manifests/worker.pp | 5 +++++ 2 files changed, 10 insertions(+) create mode 100644 manifests/centos/worker.pp create mode 100644 manifests/worker.pp (limited to 'manifests') diff --git a/manifests/centos/worker.pp b/manifests/centos/worker.pp new file mode 100644 index 0000000..4816fbf --- /dev/null +++ b/manifests/centos/worker.pp @@ -0,0 +1,5 @@ +class apache::centos::worker inherits apache::centos { + File['apache_service_config']{ + source => "puppet:///modules/apache/service/CentOS/httpd.worker" + } +} diff --git a/manifests/worker.pp b/manifests/worker.pp new file mode 100644 index 0000000..70c3c70 --- /dev/null +++ b/manifests/worker.pp @@ -0,0 +1,5 @@ +class apache::itk inherits apache { + case $operatingsystem { + centos: { include ::apache::centos::worker } + } +} -- cgit v1.2.3 From c646c76481d7c7646c1b2e3c1e5a287298f66cf8 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 13 Oct 2011 01:03:31 +0200 Subject: correct naming --- manifests/worker.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/worker.pp b/manifests/worker.pp index 70c3c70..e7a96fa 100644 --- a/manifests/worker.pp +++ b/manifests/worker.pp @@ -1,4 +1,4 @@ -class apache::itk inherits apache { +class apache::worker inherits apache { case $operatingsystem { centos: { include ::apache::centos::worker } } -- cgit v1.2.3 From 306849c51d534993c0625845ed6fcfb65d2814bb Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 17 Oct 2011 23:55:23 +0200 Subject: fix gallery template partial passing --- manifests/vhost/php/gallery2.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'manifests') diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp index 6c979bb..1eae2b3 100644 --- a/manifests/vhost/php/gallery2.pp +++ b/manifests/vhost/php/gallery2.pp @@ -170,6 +170,7 @@ define apache::vhost::php::gallery2( mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, + template_partial => $template_partial, vhost_source => $vhost_source, vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, -- cgit v1.2.3 From 21e430accc233872fba074965db2974749eb0b70 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 18 Oct 2011 00:58:29 +0200 Subject: fix variable naming --- manifests/vhost/php/typo3.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/php/typo3.pp b/manifests/vhost/php/typo3.pp index a5f931c..6ed0fa5 100644 --- a/manifests/vhost/php/typo3.pp +++ b/manifests/vhost/php/typo3.pp @@ -81,7 +81,7 @@ define apache::vhost::php::typo3( $real_mod_security_additional_options = $mod_security_additional_options } - $typo3_php_options = { + $typo3_php_settings = { # turn allow_url_fopen on for the extension manager fetch allow_url_fopen => 'On' } -- cgit v1.2.3 From 8c967e8ff94380e18a59b5701ece7b5a98513b2d Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 20 Nov 2011 14:55:28 +0100 Subject: include php default dirs if we want to add subdirs --- manifests/defaultdavdbdir.pp | 2 -- manifests/defaultphpdirs.pp | 2 -- manifests/vhost/phpdirs.pp | 64 +++++++++++++++++++++++--------------------- 3 files changed, 34 insertions(+), 34 deletions(-) (limited to 'manifests') diff --git a/manifests/defaultdavdbdir.pp b/manifests/defaultdavdbdir.pp index 8b5e00f..186871c 100644 --- a/manifests/defaultdavdbdir.pp +++ b/manifests/defaultdavdbdir.pp @@ -1,5 +1,3 @@ -# manifests/defaultphpdirs.pp - class apache::defaultdavdbdir { file{'/var/www/dav_db_dir': ensure => directory, diff --git a/manifests/defaultphpdirs.pp b/manifests/defaultphpdirs.pp index fdbe8a5..eba060a 100644 --- a/manifests/defaultphpdirs.pp +++ b/manifests/defaultphpdirs.pp @@ -1,5 +1,3 @@ -# manifests/defaultphpdirs.pp - class apache::defaultphpdirs { file{'/var/www/upload_tmp_dir': ensure => directory, diff --git a/manifests/vhost/phpdirs.pp b/manifests/vhost/phpdirs.pp index 135c43c..5936da6 100644 --- a/manifests/vhost/phpdirs.pp +++ b/manifests/vhost/phpdirs.pp @@ -1,35 +1,39 @@ define apache::vhost::phpdirs( - $ensure = present, - $php_upload_tmp_dir, - $php_session_save_path, - $documentroot_owner = apache, - $documentroot_group = 0, - $documentroot_mode = 0750, - $run_mode = 'normal', - $run_uid = 'absent' + $ensure = present, + $php_upload_tmp_dir, + $php_session_save_path, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = 0750, + $run_mode = 'normal', + $run_uid = 'absent' ){ - case $ensure { - absent: { - file{[$php_upload_tmp_dir, $php_session_save_path ]: - ensure => absent, - purge => true, - force => true, - recurse => true, - } - } - default: { - file{[$php_upload_tmp_dir, $php_session_save_path ]: - ensure => directory, - owner => $run_mode ? { - 'itk' => $run_uid, - 'static-itk' => $run_uid, - 'proxy-itk' => $run_uid, - 'fcgid' => $run_uid, - default => $documentroot_owner - }, - group => $documentroot_group, mode => $documentroot_mode; - } - } + case $ensure { + absent : { + file { + [$php_upload_tmp_dir, $php_session_save_path] : + ensure => absent, + purge => true, + force => true, + recurse => true, + } } + default : { + include apache::defaultphpdirs + file { + [$php_upload_tmp_dir, $php_session_save_path] : + ensure => directory, + owner => $run_mode ? { + 'itk' => $run_uid, + 'static-itk' => $run_uid, + 'proxy-itk' => $run_uid, + 'fcgid' => $run_uid, + default => $documentroot_owner + }, + group => $documentroot_group, + mode => $documentroot_mode ; + } + } + } } -- cgit v1.2.3 From 3b1eaddf445f00162b9f58bf83bd0bff772564df Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 22 Nov 2011 22:42:40 +0100 Subject: we use now file_line --- manifests/centos/itk_plus.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/centos/itk_plus.pp b/manifests/centos/itk_plus.pp index 0bdb744..c034e8b 100644 --- a/manifests/centos/itk_plus.pp +++ b/manifests/centos/itk_plus.pp @@ -1,6 +1,6 @@ # http://hostby.net/home/2008/07/12/centos-5-and-mpm-itk/ class apache::centos::itk_plus inherits apache::centos::itk { - Line['pidfile_httpd.conf','listen_httpd.conf']{ + File_line['pidfile_httpd.conf','listen_httpd.conf']{ ensure => absent, } -- cgit v1.2.3 From d186ff759ee7e122a7767ce7e8c50f86cd6a2c9e Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 22 Nov 2011 23:57:55 +0100 Subject: as file_line lacks ensure => absent, we have to do it with a sed --- manifests/centos.pp | 20 +++++++++++--------- manifests/centos/itk_plus.pp | 9 +++++++-- 2 files changed, 18 insertions(+), 11 deletions(-) (limited to 'manifests') diff --git a/manifests/centos.pp b/manifests/centos.pp index ccbc079..95d06ce 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -38,18 +38,20 @@ class apache::centos inherits apache::package { owner => root, group => 0, mode => 0644; } - file_line{ - 'pidfile_httpd.conf': - path => '/etc/httpd/conf/httpd.conf', - line => 'PidFile run/httpd.pid', + # this is for later fixes + exec{ + 'adjust_pidfile': + command => 'sed -i "s/^#PidFile \(.*\)/PidFile \1/g" /etc/httpd/conf/httpd.conf', + unless => "grep -qE '^PidFile ' /etc/httpd/conf/httpd.conf", require => Package['apache'], - notify=> Service['apache']; - 'listen_httpd.conf': - path => '/etc/httpd/conf/httpd.conf', - line => 'Listen 80', + notify => Service['apache']; + 'adjust_listen': + command => 'sed -i "s/^#Listen \(.*\)/Listen \1/g" /etc/httpd/conf/httpd.conf', + unless => "grep -qE '^Listen ' /etc/httpd/conf/httpd.conf", require => Package['apache'], - notify=> Service['apache']; + notify => Service['apache']; } + apache::config::global{'00-listen.conf': ensure => absent, } diff --git a/manifests/centos/itk_plus.pp b/manifests/centos/itk_plus.pp index c034e8b..9bcd8ca 100644 --- a/manifests/centos/itk_plus.pp +++ b/manifests/centos/itk_plus.pp @@ -1,7 +1,12 @@ # http://hostby.net/home/2008/07/12/centos-5-and-mpm-itk/ class apache::centos::itk_plus inherits apache::centos::itk { - File_line['pidfile_httpd.conf','listen_httpd.conf']{ - ensure => absent, + Exec['adjust_pidfile']{ + command => "sed -i 's/^PidFile \(.*\)/#PidFile \1/g' /etc/httpd/conf/httpd.conf", + unless => "grep -qE '^#PidFile ' /etc/httpd/conf/httpd.conf", + } + Exec['adjust_listen']{ + command => "sed -i 's/^Listen \(.*\)/#Listen \1/g' /etc/httpd/conf/httpd.conf", + unless => "grep -qE '^#Listen ' /etc/httpd/conf/httpd.conf", } Apache::Config::Global['00-listen.conf']{ -- cgit v1.2.3 From 433a3eb900a092fe514bbb60a8cb0d2f49d4a473 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 23 Nov 2011 00:14:30 +0100 Subject: there is another Listen example already commented out --- manifests/centos.pp | 4 ++-- manifests/centos/itk_plus.pp | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'manifests') diff --git a/manifests/centos.pp b/manifests/centos.pp index 95d06ce..6bb9ed8 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -46,8 +46,8 @@ class apache::centos inherits apache::package { require => Package['apache'], notify => Service['apache']; 'adjust_listen': - command => 'sed -i "s/^#Listen \(.*\)/Listen \1/g" /etc/httpd/conf/httpd.conf', - unless => "grep -qE '^Listen ' /etc/httpd/conf/httpd.conf", + command => 'sed -i "s/^#Listen 80/Listen 80/g" /etc/httpd/conf/httpd.conf', + unless => "grep -qE '^Listen 80' /etc/httpd/conf/httpd.conf", require => Package['apache'], notify => Service['apache']; } diff --git a/manifests/centos/itk_plus.pp b/manifests/centos/itk_plus.pp index 9bcd8ca..bab2409 100644 --- a/manifests/centos/itk_plus.pp +++ b/manifests/centos/itk_plus.pp @@ -5,8 +5,8 @@ class apache::centos::itk_plus inherits apache::centos::itk { unless => "grep -qE '^#PidFile ' /etc/httpd/conf/httpd.conf", } Exec['adjust_listen']{ - command => "sed -i 's/^Listen \(.*\)/#Listen \1/g' /etc/httpd/conf/httpd.conf", - unless => "grep -qE '^#Listen ' /etc/httpd/conf/httpd.conf", + command => "sed -i 's/^Listen 80/#Listen 80/g' /etc/httpd/conf/httpd.conf", + unless => "grep -qE '^#Listen 80' /etc/httpd/conf/httpd.conf", } Apache::Config::Global['00-listen.conf']{ -- cgit v1.2.3 From 54ac57ef97b020f2b579919c08b1eb3e8cc2f182 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 29 Nov 2011 22:25:15 +0100 Subject: fix a few things that should be writable --- manifests/vhost/php/simplemachine.pp | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/php/simplemachine.pp b/manifests/vhost/php/simplemachine.pp index 966e763..17dd89f 100644 --- a/manifests/vhost/php/simplemachine.pp +++ b/manifests/vhost/php/simplemachine.pp @@ -105,12 +105,15 @@ define apache::vhost::php::simplemachine( htpasswd_path => $htpasswd_path, manage_directories => $manage_directories, managed_directories => [ + "$documentroot/agreement.txt", "$documentroot/attachments", + "$documentroot/avatars", + "$documentroot/cache", "$documentroot/Packages", - "$documentroot/Themes", - "$documentroot/agreement.txt", "$documentroot/Packages/installed.list", - "$documentroot/avatars" ], + "$documentroot/Themes", + "$documentroot/Themes/default/languages/Install.english.php" + ], manage_config => $manage_config, config_webwriteable => $config_webwriteable, config_file => 'Settings.php', -- cgit v1.2.3 From 4408107942e255bcc74f36f649caa4369a0f10a2 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 29 Nov 2011 22:48:55 +0100 Subject: additional folder --- manifests/vhost/php/simplemachine.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'manifests') diff --git a/manifests/vhost/php/simplemachine.pp b/manifests/vhost/php/simplemachine.pp index 17dd89f..78a165e 100644 --- a/manifests/vhost/php/simplemachine.pp +++ b/manifests/vhost/php/simplemachine.pp @@ -111,6 +111,7 @@ define apache::vhost::php::simplemachine( "$documentroot/cache", "$documentroot/Packages", "$documentroot/Packages/installed.list", + "$documentroot/Smileys", "$documentroot/Themes", "$documentroot/Themes/default/languages/Install.english.php" ], -- cgit v1.2.3 From f498fa4f3453387ba669abdea3bea64b03b78e76 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 28 Dec 2011 02:14:56 +0100 Subject: set gem_home for the ruby apps --- manifests/vhost/passenger.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'manifests') diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index 2b480c5..5dc58a8 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -76,6 +76,7 @@ define apache::vhost::passenger( }, default => "${path}" } + $gempath = "${real_path}/gems" file{ ["${real_path}/www/tmp", "${real_path}/www/log"]: ensure => directory, -- cgit v1.2.3 From dfd32a09f2ae886d21b9391a4df5489cca81f435 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 8 Jan 2012 14:37:37 +0100 Subject: correct naming --- manifests/include/mod_fcgid.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/include/mod_fcgid.pp b/manifests/include/mod_fcgid.pp index 2dd415a..4ecf40b 100644 --- a/manifests/include/mod_fcgid.pp +++ b/manifests/include/mod_fcgid.pp @@ -1,5 +1,5 @@ class apache::include::mod_fcgid { - apache::config::global{'mod_fcgid': + apache::config::global{'mod_fcgid.conf': content => "FcgidFixPathinfo 1\n" } -} \ No newline at end of file +} -- cgit v1.2.3 From 89495dae91ac87b7dad314d6e1c3737913865e2b Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 8 Jan 2012 14:49:32 +0100 Subject: wrap it in a module statement --- manifests/include/mod_fcgid.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/include/mod_fcgid.pp b/manifests/include/mod_fcgid.pp index 4ecf40b..b3c1cdc 100644 --- a/manifests/include/mod_fcgid.pp +++ b/manifests/include/mod_fcgid.pp @@ -1,5 +1,7 @@ class apache::include::mod_fcgid { apache::config::global{'mod_fcgid.conf': - content => "FcgidFixPathinfo 1\n" + content => " + FcgidFixPathinfo 1 +\n" } } -- cgit v1.2.3 From 8d61ad7c8a76adf378a319245d655cf0fce18d25 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 12 Feb 2012 15:43:28 +0100 Subject: manage selinux stuff --- manifests/centos.pp | 10 ++++++++++ manifests/defaultdavdbdir.pp | 18 ++++++++++++++---- manifests/defaultphpdirs.pp | 15 ++++++++++++--- manifests/init.pp | 6 +++--- 4 files changed, 39 insertions(+), 10 deletions(-) (limited to 'manifests') diff --git a/manifests/centos.pp b/manifests/centos.pp index 6bb9ed8..0c3ee45 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -28,6 +28,16 @@ class apache::centos inherits apache::package { path => '/var/www/html/index.html', } + if $::selinux != 'false' { + selinux::fcontext{ + ['/var/www/vhosts/.+/www(/.*)?', + '/var/www/vhosts/.+/non_public(/.*)?', + '/var/www/vhosts/.+/g2data(/.*)?', + '/var/www/vhosts/.+/upload(/.*)?' ]: + setype => 'httpd_sys_rw_content_t', + before => File[web_dir]; + } + } file{'apache_service_config': path => '/etc/sysconfig/httpd', source => [ "puppet:///modules/site-apache/service/CentOS/${fqdn}/httpd", diff --git a/manifests/defaultdavdbdir.pp b/manifests/defaultdavdbdir.pp index 186871c..c0e2a81 100644 --- a/manifests/defaultdavdbdir.pp +++ b/manifests/defaultdavdbdir.pp @@ -1,7 +1,17 @@ class apache::defaultdavdbdir { - file{'/var/www/dav_db_dir': - ensure => directory, - require => Package['apache'], - owner => root, group => 0, mode => 0755; + file { + '/var/www/dav_db_dir' : + ensure => directory, + require => Package['apache'], + owner => root, + group => 0, + mode => 0755 ; + } + if $::selinux != 'false' { + selinux::fcontext { + ['/var/www/dav_db_dir/.+(/.*)?'] : + setype => 'httpd_var_lib_t', + before => File['/var/www/dav_db_dir'] ; + } } } diff --git a/manifests/defaultphpdirs.pp b/manifests/defaultphpdirs.pp index eba060a..e8b3e4e 100644 --- a/manifests/defaultphpdirs.pp +++ b/manifests/defaultphpdirs.pp @@ -1,12 +1,21 @@ class apache::defaultphpdirs { - file{'/var/www/upload_tmp_dir': + file{ + '/var/www/upload_tmp_dir': ensure => directory, require => Package['apache'], owner => root, group => 0, mode => 0755; - } - file{'/var/www/session.save_path': + '/var/www/session.save_path': ensure => directory, require => Package['apache'], owner => root, group => 0, mode => 0755; } + + if $::selinux != 'false' { + selinux::fcontext{ + ['/var/www/upload_tmp_dir/.+(/.*)?', + '/var/www/session.save_path/.+(/.*)?']: + setype => 'httpd_sys_rw_content_t', + before => File['/var/www/upload_tmp_dir','/var/www/session.save_path']; + } + } } diff --git a/manifests/init.pp b/manifests/init.pp index c6b24a8..db1a077 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -19,7 +19,7 @@ # $apache_default_group: Set this to the group with which the # apache is running. class apache { - case $operatingsystem { + case $::operatingsystem { centos: { include apache::centos } gentoo: { include apache::gentoo } debian: { include apache::debian } @@ -27,10 +27,10 @@ class apache { openbsd: { include apache::openbsd } default: { include apache::base } } - if $use_munin { + if hiera('use_munin',false) { include apache::status } - if $use_shorewall { + if hiera('use_shorewall',false) { include shorewall::rules::http } } -- cgit v1.2.3 From 873216d9a86b6dacf34b8f4508f3978859bc84b8 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 12 Feb 2012 17:21:47 +0100 Subject: require sftponly class --- manifests/sftponly/centos.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'manifests') diff --git a/manifests/sftponly/centos.pp b/manifests/sftponly/centos.pp index 12dd2d0..77bb0ca 100644 --- a/manifests/sftponly/centos.pp +++ b/manifests/sftponly/centos.pp @@ -1,4 +1,5 @@ class apache::sftponly::centos { + require user::groups::sftponly augeas{"add_apache_to_group_sftponly": context => "/files/etc/group", changes => [ "ins user after sftponly/user[last()]", -- cgit v1.2.3 From 6094ea451f4adf18c36bbef5cdb580aaf9b21542 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 21 Feb 2012 15:57:30 +0100 Subject: use correct selinux type --- manifests/centos.pp | 2 +- manifests/defaultphpdirs.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/centos.pp b/manifests/centos.pp index 0c3ee45..721bb55 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -34,7 +34,7 @@ class apache::centos inherits apache::package { '/var/www/vhosts/.+/non_public(/.*)?', '/var/www/vhosts/.+/g2data(/.*)?', '/var/www/vhosts/.+/upload(/.*)?' ]: - setype => 'httpd_sys_rw_content_t', + setype => 'httpd_sys_script_rw_t', before => File[web_dir]; } } diff --git a/manifests/defaultphpdirs.pp b/manifests/defaultphpdirs.pp index e8b3e4e..93f7f1f 100644 --- a/manifests/defaultphpdirs.pp +++ b/manifests/defaultphpdirs.pp @@ -14,7 +14,7 @@ class apache::defaultphpdirs { selinux::fcontext{ ['/var/www/upload_tmp_dir/.+(/.*)?', '/var/www/session.save_path/.+(/.*)?']: - setype => 'httpd_sys_rw_content_t', + setype => 'httpd_sys_script_rw_t', before => File['/var/www/upload_tmp_dir','/var/www/session.save_path']; } } -- cgit v1.2.3 From e8291a62cfddc87023a63d00f51f9309d1699595 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 25 Feb 2012 15:31:30 +0100 Subject: add only if to workaround puppet bug #12830 --- manifests/logrotate/centos.pp | 1 + manifests/logrotate/centos/vhosts.pp | 1 + 2 files changed, 2 insertions(+) (limited to 'manifests') diff --git a/manifests/logrotate/centos.pp b/manifests/logrotate/centos.pp index 6571ada..593f692 100644 --- a/manifests/logrotate/centos.pp +++ b/manifests/logrotate/centos.pp @@ -4,5 +4,6 @@ class apache::logrotate::centos { changes => [ 'rm /files/etc/logrotate.d/httpd/rule/file', 'ins file before /files/etc/logrotate.d/httpd/rule/*[1]', 'set /files/etc/logrotate.d/httpd/rule/file[1] /var/log/httpd/*log' ], + onlyif => 'get /files/etc/logrotate.d/httpd/rule/file[1] != "/var/log/httpd/*log"', } } diff --git a/manifests/logrotate/centos/vhosts.pp b/manifests/logrotate/centos/vhosts.pp index 941f50d..1cde2f3 100644 --- a/manifests/logrotate/centos/vhosts.pp +++ b/manifests/logrotate/centos/vhosts.pp @@ -6,5 +6,6 @@ class apache::logrotate::centos::vhosts inherits apache::logrotate::centos { 'ins file before /files/etc/logrotate.d/httpd/rule/*[1]', 'set /files/etc/logrotate.d/httpd/rule/file[1] /var/log/httpd/*log', 'set /files/etc/logrotate.d/httpd/rule/file[2] /var/www/vhosts/*/logs/*log' ], + onlyif => 'get /files/etc/logrotate.d/httpd/rule/file[2] != "/var/www/vhosts/*/logs/*log"', } } -- cgit v1.2.3 From 4ff385d82bc0d300d501bf1fb41df8602c7c95a6 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 29 May 2012 22:50:03 +0200 Subject: rename site modules --- manifests/centos.pp | 4 ++-- manifests/centos/module.pp | 6 +++--- manifests/config/file.pp | 10 +++++----- manifests/debian.pp | 8 ++++---- manifests/gentoo/module.pp | 6 +++--- manifests/openbsd.pp | 6 +++--- manifests/vhost/file.pp | 16 ++++++++-------- manifests/vhost/file/documentrootfile.pp | 10 +++++----- 8 files changed, 33 insertions(+), 33 deletions(-) (limited to 'manifests') diff --git a/manifests/centos.pp b/manifests/centos.pp index 721bb55..4181152 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -40,8 +40,8 @@ class apache::centos inherits apache::package { } file{'apache_service_config': path => '/etc/sysconfig/httpd', - source => [ "puppet:///modules/site-apache/service/CentOS/${fqdn}/httpd", - "puppet:///modules/site-apache/service/CentOS/httpd", + source => [ "puppet:///modules/site_apache/service/CentOS/${fqdn}/httpd", + "puppet:///modules/site_apache/service/CentOS/httpd", "puppet:///modules/apache/service/CentOS/httpd" ], require => Package['apache'], notify => Service['apache'], diff --git a/manifests/centos/module.pp b/manifests/centos/module.pp index b4cddb7..4e48b13 100644 --- a/manifests/centos/module.pp +++ b/manifests/centos/module.pp @@ -10,9 +10,9 @@ define apache::centos::module( } $real_source = $source ? { '' => [ - "puppet:///modules/site-apache/modules.d/${fqdn}/${name}.so", - "puppet:///modules/site-apache/modules.d/${apache_cluster_node}/${name}.so", - "puppet:///modules/site-apache/modules.d/${name}.so", + "puppet:///modules/site_apache/modules.d/${fqdn}/${name}.so", + "puppet:///modules/site_apache/modules.d/${apache_cluster_node}/${name}.so", + "puppet:///modules/site_apache/modules.d/${name}.so", "puppet:///modules/apache/modules.d/${operatingsystem}/${name}.so", "puppet:///modules/apache/modules.d/${name}.so" ], diff --git a/manifests/config/file.pp b/manifests/config/file.pp index 3b889ca..f25041c 100644 --- a/manifests/config/file.pp +++ b/manifests/config/file.pp @@ -34,11 +34,11 @@ define apache::config::file( 'absent': { $real_source = $source ? { 'absent' => [ - "puppet:///modules/site-apache/${confdir}/${fqdn}/${name}", - "puppet:///modules/site-apache/${confdir}/${apache_cluster_node}/${name}", - "puppet:///modules/site-apache/${confdir}/${operatingsystem}.${lsbdistcodename}/${name}", - "puppet:///modules/site-apache/${confdir}/${operatingsystem}/${name}", - "puppet:///modules/site-apache/${confdir}/${name}", + "puppet:///modules/site_apache/${confdir}/${fqdn}/${name}", + "puppet:///modules/site_apache/${confdir}/${apache_cluster_node}/${name}", + "puppet:///modules/site_apache/${confdir}/${operatingsystem}.${lsbdistcodename}/${name}", + "puppet:///modules/site_apache/${confdir}/${operatingsystem}/${name}", + "puppet:///modules/site_apache/${confdir}/${name}", "puppet:///modules/apache/${confdir}/${operatingsystem}.${lsbdistcodename}/${name}", "puppet:///modules/apache/${confdir}/${operatingsystem}/${name}", "puppet:///modules/apache/${confdir}/${name}" diff --git a/manifests/debian.pp b/manifests/debian.pp index aa54dfa..2054d2f 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -20,10 +20,10 @@ class apache::debian inherits apache::package { } file { 'apache_main_config': path => "${config_dir}/apache2.conf", - source => [ "puppet:///modules/site-apache/config/Debian.${lsbdistcodename}/${fqdn}/apache2.conf", - "puppet:///modules/site-apache/config/Debian/{$fqdn}/apache2.conf", - "puppet:///modules/site-apache/config/Debian.${lsbdistcodename}/apache2.conf", - "puppet:///modules/site-apache/config/Debian/apache2.conf", + source => [ "puppet:///modules/site_apache/config/Debian.${lsbdistcodename}/${fqdn}/apache2.conf", + "puppet:///modules/site_apache/config/Debian/{$fqdn}/apache2.conf", + "puppet:///modules/site_apache/config/Debian.${lsbdistcodename}/apache2.conf", + "puppet:///modules/site_apache/config/Debian/apache2.conf", "puppet:///modules/apache/config/Debian/apache2.conf" ], require => Package['apache'], notify => Service['apache'], diff --git a/manifests/gentoo/module.pp b/manifests/gentoo/module.pp index 33b6703..99de0ff 100644 --- a/manifests/gentoo/module.pp +++ b/manifests/gentoo/module.pp @@ -10,9 +10,9 @@ define apache::gentoo::module( } $real_source = $source ? { '' => [ - "puppet:///modules/site-apache/modules.d/${fqdn}/${name}.conf", - "puppet:///modules/site-apache/modules.d/${apache_cluster_node}/${name}.conf", - "puppet:///modules/site-apache/modules.d/${name}.conf", + "puppet:///modules/site_apache/modules.d/${fqdn}/${name}.conf", + "puppet:///modules/site_apache/modules.d/${apache_cluster_node}/${name}.conf", + "puppet:///modules/site_apache/modules.d/${name}.conf", "puppet:///modules/apache/modules.d/${operatingsystem}/${name}.conf", "puppet:///modules/apache/modules.d/${name}.conf" ], diff --git a/manifests/openbsd.pp b/manifests/openbsd.pp index f1c8ac0..e570dbf 100644 --- a/manifests/openbsd.pp +++ b/manifests/openbsd.pp @@ -26,9 +26,9 @@ class apache::openbsd inherits apache::base { } file{'apache_main_config': path => "${config_dir}/conf/httpd.conf", - source => [ "puppet:///modules/site-apache/config/OpenBSD/${fqdn}/httpd.conf", - "puppet:///modules/site-apache/config/OpenBSD/${apache_cluster_node}/httpd.conf", - "puppet:///modules/site-apache/config/OpenBSD//httpd.conf", + source => [ "puppet:///modules/site_apache/config/OpenBSD/${fqdn}/httpd.conf", + "puppet:///modules/site_apache/config/OpenBSD/${apache_cluster_node}/httpd.conf", + "puppet:///modules/site_apache/config/OpenBSD//httpd.conf", "puppet:///modules/apache/config/OpenBSD/httpd.conf" ], notify => Service['apache'], owner => root, group => 0, mode => 0644; diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp index 6c750c1..fdea1f9 100644 --- a/manifests/vhost/file.pp +++ b/manifests/vhost/file.pp @@ -98,11 +98,11 @@ define apache::vhost::file( 'absent': { $real_vhost_source = $vhost_source ? { 'absent' => [ - "puppet:///modules/site-apache/vhosts.d/$fqdn/$name.conf", - "puppet:///modules/site-apache/vhosts.d/$apache_cluster_node/$name.conf", - "puppet:///modules/site-apache/vhosts.d/$operatingsystem.$lsbdistcodename/$name.conf", - "puppet:///modules/site-apache/vhosts.d/$operatingsystem/$name.conf", - "puppet:///modules/site-apache/vhosts.d/$name.conf", + "puppet:///modules/site_apache/vhosts.d/$fqdn/$name.conf", + "puppet:///modules/site_apache/vhosts.d/$apache_cluster_node/$name.conf", + "puppet:///modules/site_apache/vhosts.d/$operatingsystem.$lsbdistcodename/$name.conf", + "puppet:///modules/site_apache/vhosts.d/$operatingsystem/$name.conf", + "puppet:///modules/site_apache/vhosts.d/$name.conf", "puppet:///modules/apache/vhosts.d/$operatingsystem.$lsbdistcodename/$name.conf", "puppet:///modules/apache/vhosts.d/$operatingsystem/$name.conf", "puppet:///modules/apache/vhosts.d/$name.conf" @@ -133,9 +133,9 @@ define apache::vhost::file( } if ($ensure!='absent') { File[$real_htpasswd_path]{ - source => [ "puppet:///modules/site-apache/htpasswds/$fqdn/$name", - "puppet:///modules/site-apache/htpasswds/$apache_cluster_node/$name", - "puppet:///modules/site-apache/htpasswds/$name" ], + source => [ "puppet:///modules/site_apache/htpasswds/$fqdn/$name", + "puppet:///modules/site_apache/htpasswds/$apache_cluster_node/$name", + "puppet:///modules/site_apache/htpasswds/$name" ], owner => root, group => 0, mode => 0644, } } diff --git a/manifests/vhost/file/documentrootfile.pp b/manifests/vhost/file/documentrootfile.pp index dd8e565..8645323 100644 --- a/manifests/vhost/file/documentrootfile.pp +++ b/manifests/vhost/file/documentrootfile.pp @@ -7,11 +7,11 @@ define apache::vhost::file::documentrootfile( $mode=440 ){ file{"$documentroot/$filename": - source => [ "puppet:///modules/site-apache/vhost_varieties/$fqdn/$thedomain/$filename", - "puppet:///modules/site-apache/vhost_varieties/$apache_cluster_node/$thedomain/$filename", - "puppet:///modules/site-apache/vhost_varieties/$operatingsystem.$lsbdistcodename/$thedomain/$filename", - "puppet:///modules/site-apache/vhost_varieties/$operatingsystem/$thedomain/$filename", - "puppet:///modules/site-apache/vhost_varieties/$thedomain/$filename", + source => [ "puppet:///modules/site_apache/vhost_varieties/$fqdn/$thedomain/$filename", + "puppet:///modules/site_apache/vhost_varieties/$apache_cluster_node/$thedomain/$filename", + "puppet:///modules/site_apache/vhost_varieties/$operatingsystem.$lsbdistcodename/$thedomain/$filename", + "puppet:///modules/site_apache/vhost_varieties/$operatingsystem/$thedomain/$filename", + "puppet:///modules/site_apache/vhost_varieties/$thedomain/$filename", "puppet:///modules/apache/vhost_varieties/$thedomain/$filename", "puppet:///modules/apache/vhost_varieties/$operatingsystem.$lsbdistcodename/$thedomain/$filename", "puppet:///modules/apache/vhost_varieties/$operatingsystem/$thedomain/$filename", -- cgit v1.2.3 From 076909377eaa3aa41936e3acb7e02a9b5b14d493 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 31 May 2012 11:38:45 +0200 Subject: fix various puppet language things --- manifests/centos/itk.pp | 2 +- manifests/centos/itk_plus.pp | 4 ++-- manifests/centos/module.pp | 8 +++---- manifests/centos/worker.pp | 2 +- manifests/config/file.pp | 16 ++++++------- manifests/debian.pp | 9 ++++--- manifests/debian/itk.pp | 14 +++++------ manifests/debian/module.pp | 4 ++-- manifests/gentoo.pp | 2 +- manifests/gentoo/module.pp | 8 +++---- manifests/htpasswd_user.pp | 9 ++++--- manifests/init.pp | 13 ++++++----- manifests/itk.pp | 2 +- manifests/itk_plus.pp | 2 +- manifests/openbsd.pp | 4 ++-- manifests/sftponly.pp | 2 +- manifests/ssl.pp | 4 ++-- manifests/ssl/itk.pp | 2 +- manifests/ssl/itk_plus.pp | 2 +- manifests/ssl/itk_plus/centos.pp | 4 ++-- manifests/status.pp | 4 ++-- manifests/ubuntu.pp | 3 --- manifests/vhost/davdbdir.pp | 2 +- manifests/vhost/file.pp | 40 ++++++++++++++++---------------- manifests/vhost/file/documentrootfile.pp | 22 +++++++++--------- manifests/vhost/gitweb.pp | 2 +- manifests/vhost/modperl.pp | 4 ++-- manifests/vhost/passenger.pp | 8 +++---- manifests/vhost/php/drupal.pp | 6 ++--- manifests/vhost/php/gallery2.pp | 32 ++++++++++++------------- manifests/vhost/php/joomla.pp | 39 +++++++++++++++---------------- manifests/vhost/php/silverstripe.pp | 8 +++---- manifests/vhost/php/simplemachine.pp | 20 ++++++++-------- manifests/vhost/php/spip.pp | 9 +++++-- manifests/vhost/php/standard.pp | 21 +++++++---------- manifests/vhost/php/typo3.pp | 40 ++++++++++++++++---------------- manifests/vhost/php/wordpress.pp | 6 ++--- manifests/vhost/redirect.pp | 2 +- manifests/vhost/template.pp | 20 ++++++++-------- manifests/vhost/webdav.pp | 2 +- manifests/vhost/webdir.pp | 20 ++++++++-------- manifests/worker.pp | 2 +- 42 files changed, 210 insertions(+), 215 deletions(-) delete mode 100644 manifests/ubuntu.pp (limited to 'manifests') diff --git a/manifests/centos/itk.pp b/manifests/centos/itk.pp index 9e97fa0..20f4270 100644 --- a/manifests/centos/itk.pp +++ b/manifests/centos/itk.pp @@ -5,6 +5,6 @@ class apache::centos::itk inherits apache::centos { name => 'httpd-itk', } File['apache_service_config']{ - source => "puppet:///modules/apache/service/CentOS/httpd.itk" + source => "puppet:///modules/apache/service/${::operatingsystem}/httpd.itk" } } diff --git a/manifests/centos/itk_plus.pp b/manifests/centos/itk_plus.pp index bab2409..0df92c8 100644 --- a/manifests/centos/itk_plus.pp +++ b/manifests/centos/itk_plus.pp @@ -1,7 +1,7 @@ # http://hostby.net/home/2008/07/12/centos-5-and-mpm-itk/ class apache::centos::itk_plus inherits apache::centos::itk { Exec['adjust_pidfile']{ - command => "sed -i 's/^PidFile \(.*\)/#PidFile \1/g' /etc/httpd/conf/httpd.conf", + command => "sed -i 's/^PidFile \\(.*\\)/#PidFile \\1/g' /etc/httpd/conf/httpd.conf", unless => "grep -qE '^#PidFile ' /etc/httpd/conf/httpd.conf", } Exec['adjust_listen']{ @@ -11,7 +11,7 @@ class apache::centos::itk_plus inherits apache::centos::itk { Apache::Config::Global['00-listen.conf']{ ensure => 'present', - content => template("apache/itk_plus/${operatingsystem}/00-listen.conf.erb"), + content => template("apache/itk_plus/${::operatingsystem}/00-listen.conf.erb"), } File['apache_service_config']{ diff --git a/manifests/centos/module.pp b/manifests/centos/module.pp index 4e48b13..3220d1f 100644 --- a/manifests/centos/module.pp +++ b/manifests/centos/module.pp @@ -3,17 +3,17 @@ define apache::centos::module( $source = '', $destination = '' ){ - $modules_dir = "$apache::centos::config_dir/modules.d" + $modules_dir = "${apache::centos::config_dir}/modules.d" $real_destination = $destination ? { '' => "${modules_dir}/${name}.so", default => $destination, } $real_source = $source ? { '' => [ - "puppet:///modules/site_apache/modules.d/${fqdn}/${name}.so", - "puppet:///modules/site_apache/modules.d/${apache_cluster_node}/${name}.so", + "puppet:///modules/site_apache/modules.d/${::fqdn}/${name}.so", + "puppet:///modules/site_apache/modules.d/${apache::cluster_node}/${name}.so", "puppet:///modules/site_apache/modules.d/${name}.so", - "puppet:///modules/apache/modules.d/${operatingsystem}/${name}.so", + "puppet:///modules/apache/modules.d/${::operatingsystem}/${name}.so", "puppet:///modules/apache/modules.d/${name}.so" ], default => "puppet:///$source", diff --git a/manifests/centos/worker.pp b/manifests/centos/worker.pp index 4816fbf..f374bb7 100644 --- a/manifests/centos/worker.pp +++ b/manifests/centos/worker.pp @@ -1,5 +1,5 @@ class apache::centos::worker inherits apache::centos { File['apache_service_config']{ - source => "puppet:///modules/apache/service/CentOS/httpd.worker" + source => "puppet:///modules/apache/service/${::operatingsystem}/httpd.worker" } } diff --git a/manifests/config/file.pp b/manifests/config/file.pp index f25041c..a5b0f2e 100644 --- a/manifests/config/file.pp +++ b/manifests/config/file.pp @@ -34,13 +34,13 @@ define apache::config::file( 'absent': { $real_source = $source ? { 'absent' => [ - "puppet:///modules/site_apache/${confdir}/${fqdn}/${name}", - "puppet:///modules/site_apache/${confdir}/${apache_cluster_node}/${name}", - "puppet:///modules/site_apache/${confdir}/${operatingsystem}.${lsbdistcodename}/${name}", - "puppet:///modules/site_apache/${confdir}/${operatingsystem}/${name}", + "puppet:///modules/site_apache/${confdir}/${::fqdn}/${name}", + "puppet:///modules/site_apache/${confdir}/${apache::cluster_node}/${name}", + "puppet:///modules/site_apache/${confdir}/${::operatingsystem}.${::lsbdistcodename}/${name}", + "puppet:///modules/site_apache/${confdir}/${::operatingsystem}/${name}", "puppet:///modules/site_apache/${confdir}/${name}", - "puppet:///modules/apache/${confdir}/${operatingsystem}.${lsbdistcodename}/${name}", - "puppet:///modules/apache/${confdir}/${operatingsystem}/${name}", + "puppet:///modules/apache/${confdir}/${::operatingsystem}.${::lsbdistcodename}/${name}", + "puppet:///modules/apache/${confdir}/${::operatingsystem}/${name}", "puppet:///modules/apache/${confdir}/${name}" ], default => "puppet:///${source}", @@ -56,8 +56,8 @@ define apache::config::file( } } } - case $operatingsystem { - openbsd: { info("no package dependency on ${operatingsystem} for ${name}") } + case $::operatingsystem { + openbsd: { info("no package dependency on ${::operatingsystem} for ${name}") } default: { File["apache_${name}"]{ require => Package[apache], diff --git a/manifests/debian.pp b/manifests/debian.pp index 2054d2f..345feae 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -12,17 +12,16 @@ class apache::debian inherits apache::package { path => "${config_dir}/mods-enabled", } File[htpasswd_dir] { - path => "/var/www/htpasswds", - group => 'www-data', + path => "/var/www/htpasswds", + group => 'www-data', } File[default_apache_index] { path => '/var/www/index.html', } file { 'apache_main_config': path => "${config_dir}/apache2.conf", - source => [ "puppet:///modules/site_apache/config/Debian.${lsbdistcodename}/${fqdn}/apache2.conf", - "puppet:///modules/site_apache/config/Debian/{$fqdn}/apache2.conf", - "puppet:///modules/site_apache/config/Debian.${lsbdistcodename}/apache2.conf", + source => [ "puppet:///modules/site_apache/config/Debian/{$::fqdn}/apache2.conf", + "puppet:///modules/site_apache/config/Debian.${::lsbdistcodename}/apache2.conf", "puppet:///modules/site_apache/config/Debian/apache2.conf", "puppet:///modules/apache/config/Debian/apache2.conf" ], require => Package['apache'], diff --git a/manifests/debian/itk.pp b/manifests/debian/itk.pp index 2dde883..718a81b 100644 --- a/manifests/debian/itk.pp +++ b/manifests/debian/itk.pp @@ -1,9 +1,9 @@ class apache::debian::itk inherits apache::debian { - File['htpasswd_dir']{ - group => 0, - mode => 0644, - } - Package['apache']{ - name => 'apache2-mpm-itk', - } + File['htpasswd_dir']{ + group => 0, + mode => 0644, + } + Package['apache']{ + name => 'apache2-mpm-itk', + } } diff --git a/manifests/debian/module.pp b/manifests/debian/module.pp index 19ac7b6..2c0f510 100644 --- a/manifests/debian/module.pp +++ b/manifests/debian/module.pp @@ -2,10 +2,10 @@ define apache::debian::module( $ensure = present, $package_name = 'absent' ){ - $modules_dir = "$apache::debian::config_dir/mods" + $modules_dir = "${apache::debian::config_dir}/mods" if ($package_name != 'absent') { - package { "${package_name}": + package { $package_name: ensure => $ensure, notify => Service['apache'], require => Package['apache'], diff --git a/manifests/gentoo.pp b/manifests/gentoo.pp index b7bcf94..86be087 100644 --- a/manifests/gentoo.pp +++ b/manifests/gentoo.pp @@ -26,7 +26,7 @@ class apache::gentoo inherits apache::package { # set the default for the ServerName file{"${config_dir}/modules.d/00_default_settings_ServerName.conf": - content => "ServerName ${fqdn}\n", + content => "ServerName ${::fqdn}\n", require => Package[apache], owner => root, group => 0, mode => 0644; } diff --git a/manifests/gentoo/module.pp b/manifests/gentoo/module.pp index 99de0ff..1e9d03a 100644 --- a/manifests/gentoo/module.pp +++ b/manifests/gentoo/module.pp @@ -3,17 +3,17 @@ define apache::gentoo::module( $source = '', $destination = '' ){ - $modules_dir = "$apache::gentoo::config_dir/modules.d" + $modules_dir = "${apache::gentoo::config_dir}/modules.d" $real_destination = $destination ? { '' => "${modules_dir}/${name}.conf", default => $destination, } $real_source = $source ? { '' => [ - "puppet:///modules/site_apache/modules.d/${fqdn}/${name}.conf", - "puppet:///modules/site_apache/modules.d/${apache_cluster_node}/${name}.conf", + "puppet:///modules/site_apache/modules.d/${::fqdn}/${name}.conf", + "puppet:///modules/site_apache/modules.d/${apache::cluster_node}/${name}.conf", "puppet:///modules/site_apache/modules.d/${name}.conf", - "puppet:///modules/apache/modules.d/${operatingsystem}/${name}.conf", + "puppet:///modules/apache/modules.d/${::operatingsystem}/${name}.conf", "puppet:///modules/apache/modules.d/${name}.conf" ], default => "puppet:///$source", diff --git a/manifests/htpasswd_user.pp b/manifests/htpasswd_user.pp index 9fcea0a..c4c5453 100644 --- a/manifests/htpasswd_user.pp +++ b/manifests/htpasswd_user.pp @@ -16,10 +16,6 @@ define apache::htpasswd_user( 'absent': { $real_site = $name } default: { $real_site = $site } } - case $path { - 'absent': { $real_path = "/var/www/htpasswds/${real_site}" } - default: { $real_path = $path } - } if $password_iscrypted { $real_password = $password } else { @@ -28,7 +24,10 @@ define apache::htpasswd_user( file_line{"htpasswd_for_${real_site}": ensure => $ensure, - path => $real_path, + path => $path ? { + 'absent' => "/var/www/htpasswds/${real_site}", + default => $path + }, line => "${username}:${real_password}", } } diff --git a/manifests/init.pp b/manifests/init.pp index db1a077..a471591 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -6,9 +6,9 @@ # Marcel Härry haerry+puppet(at)puzzle.ch # Simon Josi josi+puppet(at)puzzle.ch # -# This program is free software; you can redistribute -# it and/or modify it under the terms of the GNU -# General Public License version 3 as published by +# This program is free software; you can redistribute +# it and/or modify it under the terms of the GNU +# General Public License version 3 as published by # the Free Software Foundation. # @@ -18,12 +18,13 @@ # apache is running. # $apache_default_group: Set this to the group with which the # apache is running. -class apache { +class apache( + $cluster_node = hiera('apache_cluster_node','') +) { case $::operatingsystem { centos: { include apache::centos } gentoo: { include apache::gentoo } - debian: { include apache::debian } - ubuntu: { include apache::ubuntu } + debian,ubuntu: { include apache::debian } openbsd: { include apache::openbsd } default: { include apache::base } } diff --git a/manifests/itk.pp b/manifests/itk.pp index 640b69c..5292343 100644 --- a/manifests/itk.pp +++ b/manifests/itk.pp @@ -3,7 +3,7 @@ # see: http://mpm-itk.sesse.net/ class apache::itk inherits apache { - case $operatingsystem { + case $::operatingsystem { centos: { include ::apache::centos::itk } debian: { include ::apache::debian::itk } default: { include ::apache::base::itk } diff --git a/manifests/itk_plus.pp b/manifests/itk_plus.pp index 64d7c87..7d9f721 100644 --- a/manifests/itk_plus.pp +++ b/manifests/itk_plus.pp @@ -3,7 +3,7 @@ # see: http://mpm-itk.sesse.net/ class apache::itk_plus inherits apache::itk { - case $operatingsystem { + case $::operatingsystem { centos: { include ::apache::centos::itk_plus } default: { fail("itk plus mode is currently only implemented for CentOS") } } diff --git a/manifests/openbsd.pp b/manifests/openbsd.pp index e570dbf..1ba58f4 100644 --- a/manifests/openbsd.pp +++ b/manifests/openbsd.pp @@ -26,8 +26,8 @@ class apache::openbsd inherits apache::base { } file{'apache_main_config': path => "${config_dir}/conf/httpd.conf", - source => [ "puppet:///modules/site_apache/config/OpenBSD/${fqdn}/httpd.conf", - "puppet:///modules/site_apache/config/OpenBSD/${apache_cluster_node}/httpd.conf", + source => [ "puppet:///modules/site_apache/config/OpenBSD/${::fqdn}/httpd.conf", + "puppet:///modules/site_apache/config/OpenBSD/${apache::cluster_node}/httpd.conf", "puppet:///modules/site_apache/config/OpenBSD//httpd.conf", "puppet:///modules/apache/config/OpenBSD/httpd.conf" ], notify => Service['apache'], diff --git a/manifests/sftponly.pp b/manifests/sftponly.pp index 1f9793d..ece726b 100644 --- a/manifests/sftponly.pp +++ b/manifests/sftponly.pp @@ -1,5 +1,5 @@ class apache::sftponly { - case $operatingsystem { + case $::operatingsystem { centos: { include apache::sftponly::centos } } } diff --git a/manifests/ssl.pp b/manifests/ssl.pp index c779da4..a604b05 100644 --- a/manifests/ssl.pp +++ b/manifests/ssl.pp @@ -1,13 +1,13 @@ # manifests/ssl.pp class apache::ssl inherits apache { - case $operatingsystem { + case $::operatingsystem { centos: { include apache::ssl::centos } openbsd: { include apache::ssl::openbsd } debian: { include apache::ssl::debian } defaults: { include apache::ssl::base } } - if $use_shorewall { + if hiera('use_shorewall',false) { include shorewall::rules::https } } diff --git a/manifests/ssl/itk.pp b/manifests/ssl/itk.pp index 62c96cf..5fd3aaf 100644 --- a/manifests/ssl/itk.pp +++ b/manifests/ssl/itk.pp @@ -1,7 +1,7 @@ # manifests/ssl/itk.pp class apache::ssl::itk inherits apache::ssl { - case $operatingsystem { + case $::operatingsystem { centos: { include apache::ssl::itk::centos } } } diff --git a/manifests/ssl/itk_plus.pp b/manifests/ssl/itk_plus.pp index 5c2d202..0c8e667 100644 --- a/manifests/ssl/itk_plus.pp +++ b/manifests/ssl/itk_plus.pp @@ -1,5 +1,5 @@ class apache::ssl::itk_plus inherits apache::ssl::itk { - case $operatingsystem { + case $::operatingsystem { centos: { include ::apache::ssl::itk_plus::centos } default: { fail("itk plus mode is currently only implemented for CentOS") } } diff --git a/manifests/ssl/itk_plus/centos.pp b/manifests/ssl/itk_plus/centos.pp index d76c927..00fb472 100644 --- a/manifests/ssl/itk_plus/centos.pp +++ b/manifests/ssl/itk_plus/centos.pp @@ -1,11 +1,11 @@ class apache::ssl::itk_plus::centos inherits apache::ssl::centos { include apache::ssl::itk::centos Apache::Config::Global['ssl.conf']{ - source => "modules/apache/itk_plus/conf.d/${operatingsystem}/ssl.conf", + source => "modules/apache/itk_plus/conf.d/${::operatingsystem}/ssl.conf", } Apache::Config::Global['00-listen-ssl.conf']{ ensure => 'present', - content => template("apache/itk_plus/${operatingsystem}/00-listen-ssl.conf.erb"), + content => template("apache/itk_plus/${::operatingsystem}/00-listen-ssl.conf.erb"), } } diff --git a/manifests/status.pp b/manifests/status.pp index f67507c..3639b6c 100644 --- a/manifests/status.pp +++ b/manifests/status.pp @@ -1,11 +1,11 @@ # manifests/status.pp class apache::status { - case $operatingsystem { + case $::operatingsystem { centos: { include apache::status::centos } defaults: { include apache::status::base } } - if $use_munin { + if hiera('use_munin',false) { include munin::plugins::apache } } diff --git a/manifests/ubuntu.pp b/manifests/ubuntu.pp deleted file mode 100644 index 0837296..0000000 --- a/manifests/ubuntu.pp +++ /dev/null @@ -1,3 +0,0 @@ -### ubuntu: similar to debian therefor inheritng from there -class apache::ubuntu inherits apache::debian {} - diff --git a/manifests/vhost/davdbdir.pp b/manifests/vhost/davdbdir.pp index a9528f7..459167c 100644 --- a/manifests/vhost/davdbdir.pp +++ b/manifests/vhost/davdbdir.pp @@ -11,7 +11,7 @@ define apache::vhost::davdbdir( case $dav_db_dir { 'absent': { include apache::defaultdavdbdir - $real_dav_db_dir = "/var/www/dav_db_dir/$name" + $real_dav_db_dir = "/var/www/dav_db_dir/${name}" } default: { $real_dav_db_dir = $dav_db_dir } } diff --git a/manifests/vhost/file.pp b/manifests/vhost/file.pp index fdea1f9..b42c4ce 100644 --- a/manifests/vhost/file.pp +++ b/manifests/vhost/file.pp @@ -51,16 +51,16 @@ define apache::vhost::file( $htpasswd_path = 'absent', $use_mod_macro = false ){ - $vhosts_dir = $operatingsystem ? { - centos => "$apache::centos::config_dir/vhosts.d", - gentoo => "$apache::gentoo::config_dir/vhosts.d", - debian => "$apache::debian::config_dir/sites-enabled", - ubuntu => "$apache::ubuntu::config_dir/sites-enabled", - openbsd => "$apache::openbsd::config_dir/vhosts.d", + $vhosts_dir = $::operatingsystem ? { + centos => "${apache::centos::config_dir}/vhosts.d", + gentoo => "${apache::gentoo::config_dir}/vhosts.d", + debian => "${apache::debian::config_dir}/sites-enabled", + ubuntu => "${apache::ubuntu::config_dir}/sites-enabled", + openbsd => "${apache::openbsd::config_dir}/vhosts.d", default => '/etc/apache2/vhosts.d', } $real_vhost_destination = $vhost_destination ? { - 'absent' => "$vhosts_dir/$name.conf", + 'absent' => "${vhosts_dir}/${name}.conf", default => $vhost_destination, } file{"${name}.conf": @@ -98,16 +98,16 @@ define apache::vhost::file( 'absent': { $real_vhost_source = $vhost_source ? { 'absent' => [ - "puppet:///modules/site_apache/vhosts.d/$fqdn/$name.conf", - "puppet:///modules/site_apache/vhosts.d/$apache_cluster_node/$name.conf", - "puppet:///modules/site_apache/vhosts.d/$operatingsystem.$lsbdistcodename/$name.conf", - "puppet:///modules/site_apache/vhosts.d/$operatingsystem/$name.conf", - "puppet:///modules/site_apache/vhosts.d/$name.conf", - "puppet:///modules/apache/vhosts.d/$operatingsystem.$lsbdistcodename/$name.conf", - "puppet:///modules/apache/vhosts.d/$operatingsystem/$name.conf", - "puppet:///modules/apache/vhosts.d/$name.conf" + "puppet:///modules/site_apache/vhosts.d/${::fqdn}/${name}.conf", + "puppet:///modules/site_apache/vhosts.d/{$apache::cluster_node}/${name}.conf", + "puppet:///modules/site_apache/vhosts.d/${::operatingsystem}.${::lsbdistcodename}/${name}.conf", + "puppet:///modules/site_apache/vhosts.d/${::operatingsystem}/${name}.conf", + "puppet:///modules/site_apache/vhosts.d/${name}.conf", + "puppet:///modules/apache/vhosts.d/${::operatingsystem}.${::lsbdistcodename}/${name}.conf", + "puppet:///modules/apache/vhosts.d/${::operatingsystem}/${name}.conf", + "puppet:///modules/apache/vhosts.d/${name}.conf" ], - default => "puppet:///$vhost_source", + default => "puppet:///${vhost_source}", } File["${name}.conf"]{ source => $real_vhost_source, @@ -124,7 +124,7 @@ define apache::vhost::file( 'absent','nodeploy': { info("don't deploy a htpasswd file for ${name}") } default: { if $htpasswd_path == 'absent' { - $real_htpasswd_path = "/var/www/htpasswds/$name" + $real_htpasswd_path = "/var/www/htpasswds/${name}" } else { $real_htpasswd_path = $htpasswd_path } @@ -133,9 +133,9 @@ define apache::vhost::file( } if ($ensure!='absent') { File[$real_htpasswd_path]{ - source => [ "puppet:///modules/site_apache/htpasswds/$fqdn/$name", - "puppet:///modules/site_apache/htpasswds/$apache_cluster_node/$name", - "puppet:///modules/site_apache/htpasswds/$name" ], + source => [ "puppet:///modules/site_apache/htpasswds/${::fqdn}/${name}", + "puppet:///modules/site_apache/htpasswds/${apache::cluster_node}/${name}", + "puppet:///modules/site_apache/htpasswds/${name}" ], owner => root, group => 0, mode => 0644, } } diff --git a/manifests/vhost/file/documentrootfile.pp b/manifests/vhost/file/documentrootfile.pp index 8645323..610d71c 100644 --- a/manifests/vhost/file/documentrootfile.pp +++ b/manifests/vhost/file/documentrootfile.pp @@ -6,19 +6,19 @@ define apache::vhost::file::documentrootfile( $group='0', $mode=440 ){ - file{"$documentroot/$filename": - source => [ "puppet:///modules/site_apache/vhost_varieties/$fqdn/$thedomain/$filename", - "puppet:///modules/site_apache/vhost_varieties/$apache_cluster_node/$thedomain/$filename", - "puppet:///modules/site_apache/vhost_varieties/$operatingsystem.$lsbdistcodename/$thedomain/$filename", - "puppet:///modules/site_apache/vhost_varieties/$operatingsystem/$thedomain/$filename", - "puppet:///modules/site_apache/vhost_varieties/$thedomain/$filename", - "puppet:///modules/apache/vhost_varieties/$thedomain/$filename", - "puppet:///modules/apache/vhost_varieties/$operatingsystem.$lsbdistcodename/$thedomain/$filename", - "puppet:///modules/apache/vhost_varieties/$operatingsystem/$thedomain/$filename", - "puppet:///modules/apache/vhost_varieties/$thedomain/$filename" + file{"${documentroot}/${filename}": + source => [ "puppet:///modules/site_apache/vhost_varieties/${::fqdn}/${thedomain}/${filename}", + "puppet:///modules/site_apache/vhost_varieties/${apache::cluster_node}/${thedomain}/${filename}", + "puppet:///modules/site_apache/vhost_varieties/${::operatingsystem}.${::lsbdistcodename}/${thedomain}/${filename}", + "puppet:///modules/site_apache/vhost_varieties/${::operatingsystem}/${thedomain}/${filename}", + "puppet:///modules/site_apache/vhost_varieties/${thedomain}/${filename}", + "puppet:///modules/apache/vhost_varieties/${thedomain}/${filename}", + "puppet:///modules/apache/vhost_varieties/${::operatingsystem}.${::lsbdistcodename}/${thedomain}/${filename}", + "puppet:///modules/apache/vhost_varieties/${::operatingsystem}/${thedomain}/${filename}", + "puppet:///modules/apache/vhost_varieties/${thedomain}/${filename}" ], ensure => file, - require => Apache::Vhost::Webdir["$thedomain"], + require => Apache::Vhost::Webdir[$thedomain], owner => $owner, group => $group, mode => $mode; } } diff --git a/manifests/vhost/gitweb.pp b/manifests/vhost/gitweb.pp index 5523af1..dab4983 100644 --- a/manifests/vhost/gitweb.pp +++ b/manifests/vhost/gitweb.pp @@ -30,7 +30,7 @@ define apache::vhost::gitweb( ensure => $ensure, path => '/var/www/git', path_is_webdir => true, - logpath => $operatingsystem ? { + logpath => $::operatingsystem ? { centos => '/var/log/httpd', fedora => '/var/log/httpd', redhat => '/var/log/httpd', diff --git a/manifests/vhost/modperl.pp b/manifests/vhost/modperl.pp index c7b9e59..35842dc 100644 --- a/manifests/vhost/modperl.pp +++ b/manifests/vhost/modperl.pp @@ -62,11 +62,11 @@ define apache::vhost::modperl( case $cgi_binpath { 'absent': { $real_path = $path ? { - 'absent' => $operatingsystem ? { + 'absent' => $::operatingsystem ? { openbsd => "/var/www/htdocs/${name}", default => "/var/www/vhosts/${name}" }, - default => "${path}" + default => $path } $real_cgi_binpath = "${real_path}/cgi-bin" } diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index 5dc58a8..0507add 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -70,11 +70,11 @@ define apache::vhost::passenger( } } $real_path = $path ? { - 'absent' => $operatingsystem ? { + 'absent' => $::operatingsystem ? { openbsd => "/var/www/htdocs/${name}", default => "/var/www/vhosts/${name}" }, - default => "${path}" + default => $path } $gempath = "${real_path}/gems" file{ @@ -83,13 +83,13 @@ define apache::vhost::passenger( owner => $documentroot_owner, group => $run_gid, mode => 0660; ["${real_path}/www/public", "${real_path}/gems"]: ensure => directory, - owner => $documentroot_owner, group => $run_gid, mode => 0640; + owner => $documentroot_owner, group => $run_gid, mode => 0640; } if $passenger_app == 'rails' { file{ "${real_path}/www/config": ensure => directory, - owner => $documentroot_owner, group => $run_gid, mode => 0640; + owner => $documentroot_owner, group => $run_gid, mode => 0640; "${real_path}/www/config/environment.rb": ensure => present, owner => $run_uid, group => $run_gid, mode => 0640; diff --git a/manifests/vhost/php/drupal.pp b/manifests/vhost/php/drupal.pp index d07beb7..4025ada 100644 --- a/manifests/vhost/php/drupal.pp +++ b/manifests/vhost/php/drupal.pp @@ -70,7 +70,7 @@ define apache::vhost::php::drupal( $manage_cron = true ){ $documentroot = $path ? { - 'absent' => $operatingsystem ? { + 'absent' => $::operatingsystem ? { openbsd => "/var/www/htdocs/${name}/www", default => "/var/www/vhosts/${name}/www" }, @@ -89,7 +89,7 @@ define apache::vhost::php::drupal( owner => root, group => 0, mode => 0644; } } - + $std_drupal_php_settings = { magic_quotes_gpc => 0, register_globals => 0, @@ -98,7 +98,7 @@ define apache::vhost::php::drupal( 'mbstring.http_output' => 'pass', 'mbstring.encoding_translation' => 0, } - + # create vhost configuration file ::apache::vhost::php::webapp{$name: ensure => $ensure, diff --git a/manifests/vhost/php/gallery2.pp b/manifests/vhost/php/gallery2.pp index 1eae2b3..d1876ff 100644 --- a/manifests/vhost/php/gallery2.pp +++ b/manifests/vhost/php/gallery2.pp @@ -69,38 +69,36 @@ define apache::vhost::php::gallery2( $upload_dir = 'present' ){ $documentroot = $path ? { - 'absent' => $operatingsystem ? { + 'absent' => $::operatingsystem ? { openbsd => "/var/www/htdocs/${name}/www", default => "/var/www/vhosts/${name}/www" }, default => "${path}/www" } $gdatadir = $path ? { - 'absent' => $operatingsystem ? { + 'absent' => $::operatingsystem ? { openbsd => "/var/www/htdocs/${name}/g2data", default => "/var/www/vhosts/${name}/g2data" }, default => "${path}/g2data" } - file{$gdatadir: - ensure => $ensure ? { - 'present' => directory, - default => absent - }, - owner => $documentroot_owner, group => $documentroot_group, mode => 0660; - } - if ($upload_dir == 'present') or ($upload_dir == 'absent') { - $real_upload_dir = $operatingsystem ? { + $real_upload_dir = $::operatingsystem ? { openbsd => "/var/www/htdocs/${name}/upload", default => "/var/www/vhosts/${name}/upload" } } else { $real_upload_dir = $upload_dir } - - file{$real_upload_dir: - owner => $documentroot_owner, group => $documentroot_group, mode => 0660; + file{ + $gdatadir: + ensure => $ensure ? { + 'present' => directory, + default => absent + }, + owner => $documentroot_owner, group => $documentroot_group, mode => 0660; + $real_upload_dir: + owner => $documentroot_owner, group => $documentroot_group, mode => 0660; } if ($ensure == 'absent') or ($upload_dir == 'absent') { File[$real_upload_dir]{ @@ -119,7 +117,7 @@ define apache::vhost::php::gallery2( safe_mode => 'Off', output_buffering => 'Off', } - + # php upload_tmp_dir case $php_settings[upload_tmp_dir] { '',undef: { @@ -137,8 +135,8 @@ define apache::vhost::php::gallery2( $gallery_php_settings[open_basedir] = "${documentroot}:${php_settings[upload_tmp_dir]}:${php_settings['session.save_path']}:${gdatadir}:${real_upload_dir}" } else { $gallery_php_settings[open_basedir] = "${documentroot}:${php_settings[upload_tmp_dir]}:${php_settings['session.save_path']}:${gdatadir}" - } - + } + $real_php_settings = merge($gallery_php_settings,$php_settings) # create vhost configuration file diff --git a/manifests/vhost/php/joomla.pp b/manifests/vhost/php/joomla.pp index 69b08f6..eed142c 100644 --- a/manifests/vhost/php/joomla.pp +++ b/manifests/vhost/php/joomla.pp @@ -64,13 +64,13 @@ define apache::vhost::php::joomla( include ::apache::include::joomla $documentroot = $path ? { - 'absent' => $operatingsystem ? { + 'absent' => $::operatingsystem ? { openbsd => "/var/www/htdocs/${name}/www", default => "/var/www/vhosts/${name}/www" }, default => "${path}/www" } - + if $mod_security_additional_options == 'absent' { $real_mod_security_additional_options = '# http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html # Exceptions for Joomla Root Directory @@ -79,8 +79,7 @@ define apache::vhost::php::joomla( # Exceptions for Joomla Administration Panel - SecRule REQUEST_FILENAME "/administrator/index2.php" \ - "allow,phase:1,nolog,ctl:ruleEngine=Off" + SecRule REQUEST_FILENAME "/administrator/index2.php" "allow,phase:1,nolog,ctl:ruleEngine=Off" # Exceptions for Joomla Component Expose @@ -124,22 +123,22 @@ define apache::vhost::php::joomla( htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, manage_directories => $manage_directories, - managed_directories => [ "$documentroot/administrator/backups", - "$documentroot/administrator/components", - "$documentroot/administrator/language", - "$documentroot/administrator/modules", - "$documentroot/administrator/templates", - "$documentroot/components", - "$documentroot/dmdocuments", - "$documentroot/images", - "$documentroot/language", - "$documentroot/media", - "$documentroot/modules", - "$documentroot/plugins", - "$documentroot/templates", - "$documentroot/cache", - "$documentroot/tmp", - "$documentroot/administrator/cache" ], + managed_directories => [ "${documentroot}/administrator/backups", + "${documentroot}/administrator/components", + "${documentroot}/administrator/language", + "${documentroot}/administrator/modules", + "${documentroot}/administrator/templates", + "${documentroot}/components", + "${documentroot}/dmdocuments", + "${documentroot}/images", + "${documentroot}/language", + "${documentroot}/media", + "${documentroot}/modules", + "${documentroot}/plugins", + "${documentroot}/templates", + "${documentroot}/cache", + "${documentroot}/tmp", + "${documentroot}/administrator/cache" ], manage_config => $manage_config, config_webwriteable => $config_webwriteable, config_file => 'configuration.php', diff --git a/manifests/vhost/php/silverstripe.pp b/manifests/vhost/php/silverstripe.pp index d120f04..da58296 100644 --- a/manifests/vhost/php/silverstripe.pp +++ b/manifests/vhost/php/silverstripe.pp @@ -61,11 +61,11 @@ define apache::vhost::php::silverstripe( $config_webwriteable = false, $manage_directories = true ){ - + include ::apache::include::silverstripe - + $documentroot = $path ? { - 'absent' => $operatingsystem ? { + 'absent' => $::operatingsystem ? { openbsd => "/var/www/htdocs/${name}/www", default => "/var/www/vhosts/${name}/www" }, @@ -109,7 +109,7 @@ define apache::vhost::php::silverstripe( htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, manage_directories => $manage_directories, - managed_directories => [ "$documentroot/assets" ], + managed_directories => [ "${documentroot}/assets" ], manage_config => $manage_config, } diff --git a/manifests/vhost/php/simplemachine.pp b/manifests/vhost/php/simplemachine.pp index 78a165e..b5178da 100644 --- a/manifests/vhost/php/simplemachine.pp +++ b/manifests/vhost/php/simplemachine.pp @@ -62,7 +62,7 @@ define apache::vhost::php::simplemachine( $manage_directories = true ){ $documentroot = $path ? { - 'absent' => $operatingsystem ? { + 'absent' => $::operatingsystem ? { openbsd => "/var/www/htdocs/${name}/www", default => "/var/www/vhosts/${name}/www" }, @@ -105,15 +105,15 @@ define apache::vhost::php::simplemachine( htpasswd_path => $htpasswd_path, manage_directories => $manage_directories, managed_directories => [ - "$documentroot/agreement.txt", - "$documentroot/attachments", - "$documentroot/avatars", - "$documentroot/cache", - "$documentroot/Packages", - "$documentroot/Packages/installed.list", - "$documentroot/Smileys", - "$documentroot/Themes", - "$documentroot/Themes/default/languages/Install.english.php" + "${documentroot}/agreement.txt", + "${documentroot}/attachments", + "${documentroot}/avatars", + "${documentroot}/cache", + "${documentroot}/Packages", + "${documentroot}/Packages/installed.list", + "${documentroot}/Smileys", + "${documentroot}/Themes", + "${documentroot}/Themes/default/languages/Install.english.php" ], manage_config => $manage_config, config_webwriteable => $config_webwriteable, diff --git a/manifests/vhost/php/spip.pp b/manifests/vhost/php/spip.pp index 696ac8b..5f4ffdb 100644 --- a/manifests/vhost/php/spip.pp +++ b/manifests/vhost/php/spip.pp @@ -59,7 +59,7 @@ define apache::vhost::php::spip( $htpasswd_path = 'absent' ){ $documentroot = $path ? { - 'absent' => $operatingsystem ? { + 'absent' => $::operatingsystem ? { openbsd => "/var/www/htdocs/${name}/www", default => "/var/www/vhosts/${name}/www" }, @@ -100,7 +100,12 @@ define apache::vhost::php::spip( vhost_destination => $vhost_destination, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, - managed_directories => [ "$documentroot/IMG", "$documentroot/tmp", "$documentroot/local", "$documentroot/config" ], + managed_directories => [ + "${documentroot}/IMG", + "${documentroot}/tmp", + "${documentroot}/local", + "${documentroot}/config" + ], manage_config => false, } } diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index aea4551..3814680 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -78,9 +78,9 @@ define apache::vhost::php::standard( documentroot_mode => $documentroot_mode, } } - + $real_path = $path ? { - 'absent' => $operatingsystem ? { + 'absent' => $::operatingsystem ? { openbsd => "/var/www/htdocs/${name}", default => "/var/www/vhosts/${name}" }, @@ -96,13 +96,13 @@ define apache::vhost::php::standard( 'absent' => "$real_path/logs", default => $logpath } - + $std_php_options = { smarty => false, pear => false, } $real_php_options = merge($std_php_options,$php_options) - + if $real_php_options[smarty] { include php::extensions::smarty $smarty_path = '/usr/share/php/Smarty/:' @@ -115,7 +115,7 @@ define apache::vhost::php::standard( } else { $pear_path = '' } - + $std_php_settings = { engine => 'On', @@ -130,7 +130,7 @@ define apache::vhost::php::standard( if $run_mode == 'fcgid' { $std_php_settings[safe_mode_gid] = 'On' } - + if has_key($php_settings,'safe_mode_exec_dir') { $php_safe_mode_exec_dir = $php_settings[safe_mode_exec_dir] } else { @@ -166,7 +166,7 @@ define apache::vhost::php::standard( ensure => absent, } } - + if !has_key($php_settings,'default_charset') { if $default_charset != 'absent' { $std_php_settings[default_charset] = $default_charset ? { @@ -175,15 +175,12 @@ define apache::vhost::php::standard( } } } - + $real_php_settings = merge($std_php_settings,$php_settings) - + $passing_extension = 'php' if $ensure != 'absent' { case $run_mode { - 'itk': { - include ::php::itk - } 'proxy-itk','static-itk': { include ::php::itk_plus } diff --git a/manifests/vhost/php/typo3.pp b/manifests/vhost/php/typo3.pp index 6ed0fa5..a9f12d8 100644 --- a/manifests/vhost/php/typo3.pp +++ b/manifests/vhost/php/typo3.pp @@ -62,13 +62,13 @@ define apache::vhost::php::typo3( $manage_directories = true ){ $documentroot = $path ? { - 'absent' => $operatingsystem ? { + 'absent' => $::operatingsystem ? { openbsd => "/var/www/htdocs/${name}/www", default => "/var/www/vhosts/${name}/www" }, default => "${path}/www" } - + $modsec_rules = ["960010"] $real_mod_security_rules_to_disable = array_union($mod_security_rules_to_disable,$modsec_rules) if $mod_security_additional_options == 'absent' { @@ -80,7 +80,7 @@ define apache::vhost::php::typo3( } else { $real_mod_security_additional_options = $mod_security_additional_options } - + $typo3_php_settings = { # turn allow_url_fopen on for the extension manager fetch allow_url_fopen => 'On' @@ -122,23 +122,23 @@ define apache::vhost::php::typo3( htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, manage_directories => $manage_directories, - managed_directories => [ "$documentroot/typo3temp", - "$documentroot/typo3temp/pics", - "$documentroot/typo3temp/temp", - "$documentroot/typo3temp/llxml", - "$documentroot/typo3temp/cs", - "$documentroot/typo3temp/GB", - "$documentroot/typo3temp/locks", - "$documentroot/typo3conf", - "$documentroot/typo3conf/ext", - "$documentroot/typo3conf/l10n", - # "$documentroot/typo3/ext/", # only needed for ext manager installing global extensions - "$documentroot/uploads", - "$documentroot/uploads/pics", - "$documentroot/uploads/media", - "$documentroot/uploads/tf", - "$documentroot/fileadmin", - "$documentroot/fileadmin/_temp_" + managed_directories => [ "${documentroot}/typo3temp", + "${documentroot}/typo3temp/pics", + "${documentroot}/typo3temp/temp", + "${documentroot}/typo3temp/llxml", + "${documentroot}/typo3temp/cs", + "${documentroot}/typo3temp/GB", + "${documentroot}/typo3temp/locks", + "${documentroot}/typo3conf", + "${documentroot}/typo3conf/ext", + "${documentroot}/typo3conf/l10n", + # "${documentroot}/typo3/ext/", # only needed for ext manager installing global extensions + "${documentroot}/uploads", + "${documentroot}/uploads/pics", + "${documentroot}/uploads/media", + "${documentroot}/uploads/tf", + "${documentroot}/fileadmin", + "${documentroot}/fileadmin/_temp_" ], manage_config => $manage_config, } diff --git a/manifests/vhost/php/wordpress.pp b/manifests/vhost/php/wordpress.pp index fef0807..b3f98c1 100644 --- a/manifests/vhost/php/wordpress.pp +++ b/manifests/vhost/php/wordpress.pp @@ -63,7 +63,7 @@ define apache::vhost::php::wordpress( ){ $documentroot = $path ? { - 'absent' => $operatingsystem ? { + 'absent' => $::operatingsystem ? { openbsd => "/var/www/htdocs/${name}/www", default => "/var/www/vhosts/${name}/www" }, @@ -98,7 +98,7 @@ define apache::vhost::php::wordpress( mod_security => $mod_security, mod_security_relevantonly => $mod_security_relevantonly, mod_security_rules_to_disable => $real_mod_security_rules_to_disable, - mod_security_additional_options => $mod_security_additional_options, + mod_security_additional_options => $mod_security_additional_options, ssl_mode => $ssl_mode, vhost_mode => $vhost_mode, template_partial => $template_partial, @@ -107,7 +107,7 @@ define apache::vhost::php::wordpress( htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, manage_directories => $manage_directories, - managed_directories => "$documentroot/wp-content", + managed_directories => "${documentroot}/wp-content", manage_config => $manage_config, config_webwriteable => $config_webwriteable, config_file => 'wp-config.php', diff --git a/manifests/vhost/redirect.pp b/manifests/vhost/redirect.pp index ec23fb7..a106c59 100644 --- a/manifests/vhost/redirect.pp +++ b/manifests/vhost/redirect.pp @@ -38,7 +38,7 @@ define apache::vhost::redirect( path_is_webdir => true, domainalias => $domainalias, server_admin => $server_admin, - logpath => $operatingsystem ? { + logpath => $::operatingsystem ? { openbsd => '/var/www/logs', centos => '/var/log/httpd', default => '/var/log/apache2' diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index 11926a6..c19faba 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -74,20 +74,20 @@ define apache::vhost::template( $ldap_user = 'any' ){ $real_path = $path ? { - 'absent' => $operatingsystem ? { - openbsd => "/var/www/htdocs/$name", - default => "/var/www/vhosts/$name" + 'absent' => $::operatingsystem ? { + openbsd => "/var/www/htdocs/${name}", + default => "/var/www/vhosts/${name}" }, default => $path } if $path_is_webdir { - $documentroot = "$real_path" + $documentroot = $real_path } else { - $documentroot = "$real_path/www" + $documentroot = "${real_path}/www" } $logdir = $logpath ? { - 'absent' => "$real_path/logs", + 'absent' => "${real_path}/logs", default => $logpath } @@ -101,7 +101,7 @@ define apache::vhost::template( default => $domainalias } if $htpasswd_path == 'absent' { - $real_htpasswd_path = "/var/www/htpasswds/$name" + $real_htpasswd_path = "/var/www/htpasswds/${name}" } else { $real_htpasswd_path = $htpasswd_path } @@ -112,10 +112,10 @@ define apache::vhost::template( case $run_mode { 'fcgid','itk','proxy-itk','static-itk': { case $run_uid { - 'absent': { fail("you have to define run_uid for $name on $fqdn") } + 'absent': { fail("you have to define run_uid for ${name} on ${::fqdn}") } } case $run_gid { - 'absent': { fail("you have to define run_gid for $name on $fqdn") } + 'absent': { fail("you have to define run_gid for ${name} on ${::fqdn}") } } } } @@ -123,7 +123,7 @@ define apache::vhost::template( # dav db dir case $dav_db_dir { 'absent': { - $real_dav_db_dir = "/var/www/dav_db_dir/$name" + $real_dav_db_dir = "/var/www/dav_db_dir/${name}" } default: { $real_dav_db_dir = $dav_db_dir } } diff --git a/manifests/vhost/webdav.pp b/manifests/vhost/webdav.pp index e175324..003a308 100644 --- a/manifests/vhost/webdav.pp +++ b/manifests/vhost/webdav.pp @@ -58,7 +58,7 @@ define apache::vhost::webdav( $ldap_user = 'any', $dav_db_dir = 'absent' ){ - ::apache::vhost::davdbdir{"${name}": + ::apache::vhost::davdbdir{$name: ensure => $ensure, dav_db_dir => $dav_db_dir, documentroot_owner => $documentroot_owner, diff --git a/manifests/vhost/webdir.pp b/manifests/vhost/webdir.pp index ca3b2b6..e9eda1b 100644 --- a/manifests/vhost/webdir.pp +++ b/manifests/vhost/webdir.pp @@ -13,7 +13,7 @@ define apache::vhost::webdir( $documentroot_recurse = false ){ $real_path = $path ? { - 'absent' => $operatingsystem ? { + 'absent' => $::operatingsystem ? { openbsd => "/var/www/htdocs/${name}", default => "/var/www/vhosts/${name}" }, @@ -31,7 +31,7 @@ define apache::vhost::webdir( if $owner == 'apache' { if $apache_default_user == '' { - $real_owner = $operatingsystem ? { + $real_owner = $::operatingsystem ? { openbsd => 'www', debian => 'www-data', default => $owner @@ -44,7 +44,7 @@ define apache::vhost::webdir( } if $group == 'apache' { if $apache_default_group == '' { - $real_group = $operatingsystem ? { + $real_group = $::operatingsystem ? { openbsd => 'www', debian => 'www-data', default => $group @@ -58,7 +58,7 @@ define apache::vhost::webdir( if $documentroot_owner == 'apache' { if $apache_default_user == '' { - $real_documentroot_owner = $operatingsystem ? { + $real_documentroot_owner = $::operatingsystem ? { openbsd => 'www', debian => 'www-data', default => $documentroot_owner @@ -71,7 +71,7 @@ define apache::vhost::webdir( } if $documentroot_group == 'apache' { if $apache_default_group == '' { - $real_documentroot_group = $operatingsystem ? { + $real_documentroot_group = $::operatingsystem ? { openbsd => 'www', debian => 'www-data', default => $documentroot_group @@ -85,9 +85,9 @@ define apache::vhost::webdir( case $ensure { absent: { if $manage_docroot { - $managed_directories = [ "$real_path", "${real_path}/private", "$logdir", "$documentroot" ] + $managed_directories = [ $real_path, "${real_path}/private", $logdir, $documentroot ] } else { - $managed_directories = [ "$real_path", "${real_path}/private", "$logdir" ] + $managed_directories = [ $real_path, "${real_path}/private", $logdir ] } file{$managed_directories: ensure => absent, @@ -97,12 +97,12 @@ define apache::vhost::webdir( } } default: { - file{"$real_path": + file{$real_path: ensure => directory, owner => $real_owner, group => $real_group, mode => $real_mode; } if $manage_docroot { - file{"$documentroot": + file{$documentroot: ensure => directory, recurse => $documentroot_recurse, owner => $real_documentroot_owner, group => $real_documentroot_group, mode => $documentroot_mode; @@ -112,7 +112,7 @@ define apache::vhost::webdir( ensure => directory, owner => $real_documentroot_owner, group => $real_documentroot_group, mode => 0660; } - case $operatingsystem { + case $::operatingsystem { centos: { include apache::logrotate::centos::vhosts } } file{"${real_path}/private": diff --git a/manifests/worker.pp b/manifests/worker.pp index e7a96fa..9a7b3be 100644 --- a/manifests/worker.pp +++ b/manifests/worker.pp @@ -1,5 +1,5 @@ class apache::worker inherits apache { - case $operatingsystem { + case $::operatingsystem { centos: { include ::apache::centos::worker } } } -- cgit v1.2.3 From 65f6bb2025218692949530db6703792cc6865c02 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 5 Jun 2012 21:35:37 -0300 Subject: new style for 2.7 --- manifests/centos.pp | 10 +++++----- manifests/config/file.pp | 2 +- manifests/vhost/php/standard.pp | 2 +- manifests/vhost/php/webapp.pp | 2 +- manifests/vhost/proxy.pp | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) (limited to 'manifests') diff --git a/manifests/centos.pp b/manifests/centos.pp index 4181152..7f8ba94 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -10,16 +10,16 @@ class apache::centos inherits apache::package { restart => '/etc/init.d/httpd graceful', } File[vhosts_dir]{ - path => "$config_dir/vhosts.d", + path => "${config_dir}/vhosts.d", } File[config_dir]{ - path => "$config_dir/conf.d", + path => "${config_dir}/conf.d", } File[include_dir]{ - path => "$config_dir/include.d", + path => "${config_dir}/include.d", } File[modules_dir]{ - path => "$config_dir/modules.d", + path => "${config_dir}/modules.d", } File[web_dir]{ path => "/var/www/vhosts", @@ -40,7 +40,7 @@ class apache::centos inherits apache::package { } file{'apache_service_config': path => '/etc/sysconfig/httpd', - source => [ "puppet:///modules/site_apache/service/CentOS/${fqdn}/httpd", + source => [ "puppet:///modules/site_apache/service/CentOS/${::fqdn}/httpd", "puppet:///modules/site_apache/service/CentOS/httpd", "puppet:///modules/apache/service/CentOS/httpd" ], require => Package['apache'], diff --git a/manifests/config/file.pp b/manifests/config/file.pp index a5b0f2e..f5053e9 100644 --- a/manifests/config/file.pp +++ b/manifests/config/file.pp @@ -13,7 +13,7 @@ define apache::config::file( default: { fail("Wrong config file type specified for ${name}") } } $real_destination = $destination ? { - 'absent' => $operatingsystem ? { + 'absent' => $::operatingsystem ? { centos => "${apache::centos::config_dir}/${confdir}/${name}", gentoo => "${apache::gentoo::config_dir}/${name}", debian => "${apache::debian::config_dir}/${confdir}/${name}", diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index 3814680..b02e05c 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -135,7 +135,7 @@ define apache::vhost::php::standard( $php_safe_mode_exec_dir = $php_settings[safe_mode_exec_dir] } else { $php_safe_mode_exec_dir = $path ? { - 'absent' => $operatingsystem ? { + 'absent' => $::operatingsystem ? { openbsd => "/var/www/htdocs/${name}/bin", default => "/var/www/vhosts/${name}/bin" }, diff --git a/manifests/vhost/php/webapp.pp b/manifests/vhost/php/webapp.pp index 69951de..3711c1a 100644 --- a/manifests/vhost/php/webapp.pp +++ b/manifests/vhost/php/webapp.pp @@ -74,7 +74,7 @@ define apache::vhost::php::webapp( } if $manage_config { - if $config_file == 'absent' { fail("No config file defined for ${name} on ${fqdn}, if you'd like to manage the config, you have to add one!") } + if $config_file == 'absent' { fail("No config file defined for ${name} on ${::fqdn}, if you'd like to manage the config, you have to add one!") } ::apache::vhost::file::documentrootfile{"configurationfile_${name}": documentroot => $documentroot, filename => $config_file, diff --git a/manifests/vhost/proxy.pp b/manifests/vhost/proxy.pp index 113f4ef..1c3b500 100644 --- a/manifests/vhost/proxy.pp +++ b/manifests/vhost/proxy.pp @@ -45,7 +45,7 @@ define apache::vhost::proxy( htpasswd_file => $htpasswd_file, domainalias => $domainalias, server_admin => $server_admin, - logpath => $operatingsystem ? { + logpath => $::operatingsystem ? { openbsd => '/var/www/logs', centos => '/var/log/httpd', default => '/var/log/apache2' -- cgit v1.2.3 From 9cbf2fafee3f4623b75d1a6b70458ab097e64924 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 8 Jun 2012 12:09:39 -0300 Subject: fix dynamic scope variables, function access --- manifests/vhost.pp | 6 +++++- manifests/vhost/modperl.pp | 2 +- manifests/vhost/passenger.pp | 2 +- manifests/vhost/php/standard.pp | 2 +- manifests/vhost/php/webapp.pp | 13 +++++++++++++ manifests/vhost/template.pp | 4 +++- 6 files changed, 24 insertions(+), 5 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost.pp b/manifests/vhost.pp index 64c20c7..90af00d 100644 --- a/manifests/vhost.pp +++ b/manifests/vhost.pp @@ -62,7 +62,9 @@ define apache::vhost( $mod_security_additional_options = 'absent', $use_mod_macro = false, $ldap_auth = false, - $ldap_user = 'any' + $ldap_user = 'any', + $passing_extension = 'absent', + $gempath = 'absent' ) { # file or template mode? case $vhost_mode { @@ -111,6 +113,8 @@ define apache::vhost( mod_security_rules_to_disable => $mod_security_rules_to_disable, mod_security_additional_options => $mod_security_additional_options, use_mod_macro => $use_mod_macro, + passing_extension => $passing_extension, + gempath => $gempath, } } default: { fail("no such vhost_mode: $vhost_mode defined for $name.") } diff --git a/manifests/vhost/modperl.pp b/manifests/vhost/modperl.pp index 35842dc..c93e6cf 100644 --- a/manifests/vhost/modperl.pp +++ b/manifests/vhost/modperl.pp @@ -83,7 +83,6 @@ define apache::vhost::modperl( mode => $documentroot_mode; } - $passing_extension = 'pl' if $ensure != 'absent' { case $run_mode { 'proxy-itk','static-itk': { @@ -146,6 +145,7 @@ define apache::vhost::modperl( mod_security_relevantonly => $mod_security_relevantonly, mod_security_rules_to_disable => $mod_security_rules_to_disable, mod_security_additional_options => $mod_security_additional_options, + passing_extension => 'pl' } } diff --git a/manifests/vhost/passenger.pp b/manifests/vhost/passenger.pp index 0507add..6886f13 100644 --- a/manifests/vhost/passenger.pp +++ b/manifests/vhost/passenger.pp @@ -76,7 +76,6 @@ define apache::vhost::passenger( }, default => $path } - $gempath = "${real_path}/gems" file{ ["${real_path}/www/tmp", "${real_path}/www/log"]: ensure => directory, @@ -132,6 +131,7 @@ define apache::vhost::passenger( mod_security_relevantonly => $mod_security_relevantonly, mod_security_rules_to_disable => $mod_security_rules_to_disable, mod_security_additional_options => $mod_security_additional_options, + gempath => "${real_path}/gems" } } diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index b02e05c..bbfebc4 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -178,7 +178,6 @@ define apache::vhost::php::standard( $real_php_settings = merge($std_php_settings,$php_settings) - $passing_extension = 'php' if $ensure != 'absent' { case $run_mode { 'proxy-itk','static-itk': { @@ -245,6 +244,7 @@ define apache::vhost::php::standard( mod_security_rules_to_disable => $mod_security_rules_to_disable, mod_security_additional_options => $mod_security_additional_options, use_mod_macro => $use_mod_macro, + passing_extension => $passing_extension, } } diff --git a/manifests/vhost/php/webapp.pp b/manifests/vhost/php/webapp.pp index 3711c1a..54905ca 100644 --- a/manifests/vhost/php/webapp.pp +++ b/manifests/vhost/php/webapp.pp @@ -75,6 +75,19 @@ define apache::vhost::php::webapp( if $manage_config { if $config_file == 'absent' { fail("No config file defined for ${name} on ${::fqdn}, if you'd like to manage the config, you have to add one!") } + + $real_path = $path ? { + 'absent' => $::operatingsystem ? { + openbsd => "/var/www/htdocs/${name}", + default => "/var/www/vhosts/${name}" + }, + default => $path + } + if $path_is_webdir { + $documentroot = $real_path + } else { + $documentroot = "${real_path}/www" + } ::apache::vhost::file::documentrootfile{"configurationfile_${name}": documentroot => $documentroot, filename => $config_file, diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index c19faba..4c9ab3f 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -71,7 +71,9 @@ define apache::vhost::template( $htpasswd_file = 'absent', $htpasswd_path = 'absent', $ldap_auth = false, - $ldap_user = 'any' + $ldap_user = 'any', + $passing_extension = 'absent', + $gempath = 'absent' ){ $real_path = $path ? { 'absent' => $::operatingsystem ? { -- cgit v1.2.3 From a5be3114f8af104415205b0763e51d3ad24c33cd Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 13 Jun 2012 17:45:35 -0300 Subject: remove hiera --- manifests/init.pp | 8 +++++--- manifests/ssl.pp | 4 ++-- manifests/status.pp | 14 +++++++------- 3 files changed, 14 insertions(+), 12 deletions(-) (limited to 'manifests') diff --git a/manifests/init.pp b/manifests/init.pp index a471591..572213f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -19,7 +19,9 @@ # $apache_default_group: Set this to the group with which the # apache is running. class apache( - $cluster_node = hiera('apache_cluster_node','') + $cluster_node = '', + $manage_shorewall = false, + $manage_munin = false ) { case $::operatingsystem { centos: { include apache::centos } @@ -28,10 +30,10 @@ class apache( openbsd: { include apache::openbsd } default: { include apache::base } } - if hiera('use_munin',false) { + if $apache::manage_munin { include apache::status } - if hiera('use_shorewall',false) { + if $apache::manage_shorewall { include shorewall::rules::http } } diff --git a/manifests/ssl.pp b/manifests/ssl.pp index a604b05..bfef7ad 100644 --- a/manifests/ssl.pp +++ b/manifests/ssl.pp @@ -1,13 +1,13 @@ # manifests/ssl.pp -class apache::ssl inherits apache { +class apache::ssl { case $::operatingsystem { centos: { include apache::ssl::centos } openbsd: { include apache::ssl::openbsd } debian: { include apache::ssl::debian } defaults: { include apache::ssl::base } } - if hiera('use_shorewall',false) { + if $apache::manage_shorewall { include shorewall::rules::https } } diff --git a/manifests/status.pp b/manifests/status.pp index 3639b6c..735414c 100644 --- a/manifests/status.pp +++ b/manifests/status.pp @@ -1,12 +1,12 @@ # manifests/status.pp class apache::status { - case $::operatingsystem { - centos: { include apache::status::centos } - defaults: { include apache::status::base } - } - if hiera('use_munin',false) { - include munin::plugins::apache - } + case $::operatingsystem { + centos: { include apache::status::centos } + defaults: { include apache::status::base } + } + if $apache::manage_munin { + include munin::plugins::apache + } } -- cgit v1.2.3 From 563bd21f6fde7745c4a5bee3c614a71a5a8e3e58 Mon Sep 17 00:00:00 2001 From: mh Date: Mon, 18 Jun 2012 16:38:23 -0300 Subject: this should enforced as apache --- manifests/vhost/php/standard.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/php/standard.pp b/manifests/vhost/php/standard.pp index bbfebc4..53fa8f9 100644 --- a/manifests/vhost/php/standard.pp +++ b/manifests/vhost/php/standard.pp @@ -244,7 +244,7 @@ define apache::vhost::php::standard( mod_security_rules_to_disable => $mod_security_rules_to_disable, mod_security_additional_options => $mod_security_additional_options, use_mod_macro => $use_mod_macro, - passing_extension => $passing_extension, + passing_extension => 'php', } } -- cgit v1.2.3 From 726cd714994141080a9169eba97ede5828bb63c2 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 18 Sep 2012 21:15:58 +0200 Subject: make source better configurable --- manifests/config/file.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/config/file.pp b/manifests/config/file.pp index f5053e9..76328b5 100644 --- a/manifests/config/file.pp +++ b/manifests/config/file.pp @@ -43,7 +43,7 @@ define apache::config::file( "puppet:///modules/apache/${confdir}/${::operatingsystem}/${name}", "puppet:///modules/apache/${confdir}/${name}" ], - default => "puppet:///${source}", + default => $source } File["apache_${name}"]{ source => $real_source, -- cgit v1.2.3 From 104b2e09399e02a8aa9687df0de795644e4b83e0 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 4 Nov 2012 21:30:21 +0100 Subject: added paths so wheez config is picked up, also linted a bit --- manifests/debian.pp | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'manifests') diff --git a/manifests/debian.pp b/manifests/debian.pp index e07920f..b7a5d9e 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -3,7 +3,7 @@ class apache::debian inherits apache::package { $config_dir = '/etc/apache2' Package[apache] { - name => 'apache2', + name => 'apache2', } File[vhosts_dir] { path => "${config_dir}/sites-enabled", @@ -12,28 +12,31 @@ class apache::debian inherits apache::package { path => "${config_dir}/mods-enabled", } File[htpasswd_dir] { - path => "/var/www/htpasswds", - group => 'www-data', + path => '/var/www/htpasswds', + group => 'www-data', } File[default_apache_index] { path => '/var/www/index.html', } file { 'apache_main_config': - path => "${config_dir}/apache2.conf", - source => [ "puppet://$server/modules/site-apache/config/Debian.${lsbdistcodename}/${fqdn}/apache2.conf", + path => "${config_dir}/apache2.conf", + source => [ "puppet://$server/modules/site-apache/config/Debian.${lsbdistcodename}/${fqdn}/apache2.conf", "puppet://$server/modules/site-apache/config/Debian/{$fqdn}/apache2.conf", "puppet://$server/modules/site-apache/config/Debian.${lsbdistcodename}/apache2.conf", "puppet://$server/modules/site-apache/config/Debian/apache2.conf", + "puppet://$server/modules/apache/config/Debian.${lsbdistcodename}/${fqdn}/apache2.conf", + "puppet://$server/modules/apache/config/Debian/{$fqdn}/apache2.conf", + "puppet://$server/modules/apache/config/Debian.${lsbdistcodename}/apache2.conf", "puppet://$server/modules/apache/config/Debian/apache2.conf" ], require => Package['apache'], - notify => Service['apache'], - owner => root, group => 0, mode => 0644; + notify => Service['apache'], + owner => root, group => 0, mode => '0644'; } apache::config::global{ 'charset': } apache::config::global{ 'security': } file { 'default_debian_apache_vhost': - path => '/etc/apache2/sites-enabled/000-default', ensure => absent, + path => '/etc/apache2/sites-enabled/000-default', } } -- cgit v1.2.3 From 147a5ed602ef8084596ec715a08c6b05557e39ab Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 27 Nov 2012 15:24:33 +0100 Subject: make logdirs httpd_log_t --- manifests/centos.pp | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'manifests') diff --git a/manifests/centos.pp b/manifests/centos.pp index 7f8ba94..7afb69d 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -29,13 +29,17 @@ class apache::centos inherits apache::package { } if $::selinux != 'false' { + Selinux::Fcontext{ + before => File[web_dir], + } selinux::fcontext{ - ['/var/www/vhosts/.+/www(/.*)?', - '/var/www/vhosts/.+/non_public(/.*)?', - '/var/www/vhosts/.+/g2data(/.*)?', - '/var/www/vhosts/.+/upload(/.*)?' ]: - setype => 'httpd_sys_script_rw_t', - before => File[web_dir]; + [ '/var/www/vhosts/.+/www(/.*)?', + '/var/www/vhosts/.+/non_public(/.*)?', + '/var/www/vhosts/.+/g2data(/.*)?', + '/var/www/vhosts/.+/upload(/.*)?' ]: + setype => 'httpd_sys_script_rw_t'; + '/var/www/vhosts/.*/logs(/.*)?': + setpye => 'httpd_log_t'; } } file{'apache_service_config': -- cgit v1.2.3 From d55e4605f5b3a91e468bc9d1168531b9e590d8e1 Mon Sep 17 00:00:00 2001 From: mh Date: Tue, 27 Nov 2012 15:26:30 +0100 Subject: linting --- manifests/centos.pp | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) (limited to 'manifests') diff --git a/manifests/centos.pp b/manifests/centos.pp index 7afb69d..2ad521e 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -22,7 +22,7 @@ class apache::centos inherits apache::package { path => "${config_dir}/modules.d", } File[web_dir]{ - path => "/var/www/vhosts", + path => '/var/www/vhosts', } File[default_apache_index]{ path => '/var/www/html/index.html', @@ -43,27 +43,29 @@ class apache::centos inherits apache::package { } } file{'apache_service_config': - path => '/etc/sysconfig/httpd', - source => [ "puppet:///modules/site_apache/service/CentOS/${::fqdn}/httpd", - "puppet:///modules/site_apache/service/CentOS/httpd", - "puppet:///modules/apache/service/CentOS/httpd" ], + path => '/etc/sysconfig/httpd', + source => [ "puppet:///modules/site_apache/service/CentOS/${::fqdn}/httpd", + 'puppet:///modules/site_apache/service/CentOS/httpd', + 'puppet:///modules/apache/service/CentOS/httpd' ], require => Package['apache'], - notify => Service['apache'], - owner => root, group => 0, mode => 0644; + notify => Service['apache'], + owner => root, + group => 0, + mode => '0644'; } # this is for later fixes exec{ 'adjust_pidfile': command => 'sed -i "s/^#PidFile \(.*\)/PidFile \1/g" /etc/httpd/conf/httpd.conf', - unless => "grep -qE '^PidFile ' /etc/httpd/conf/httpd.conf", + unless => 'grep -qE \'^PidFile \' /etc/httpd/conf/httpd.conf', require => Package['apache'], - notify => Service['apache']; + notify => Service['apache']; 'adjust_listen': command => 'sed -i "s/^#Listen 80/Listen 80/g" /etc/httpd/conf/httpd.conf', - unless => "grep -qE '^Listen 80' /etc/httpd/conf/httpd.conf", + unless => 'grep -qE \'^Listen 80\' /etc/httpd/conf/httpd.conf', require => Package['apache'], - notify => Service['apache']; + notify => Service['apache']; } apache::config::global{'00-listen.conf': -- cgit v1.2.3 From 56edcd00f3221fa713284c42110c7d3564f23ca1 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 1 Dec 2012 13:14:39 +0100 Subject: fix typo --- manifests/centos.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/centos.pp b/manifests/centos.pp index 2ad521e..e1a116f 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -39,7 +39,7 @@ class apache::centos inherits apache::package { '/var/www/vhosts/.+/upload(/.*)?' ]: setype => 'httpd_sys_script_rw_t'; '/var/www/vhosts/.*/logs(/.*)?': - setpye => 'httpd_log_t'; + setype => 'httpd_log_t'; } } file{'apache_service_config': -- cgit v1.2.3 From 03fcb575adaee4678490c6ea577fdab94519d54e Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 13 Dec 2012 15:30:14 +0100 Subject: introduce anchor to hook into basic setup --- manifests/base.pp | 98 ++++++++++++---------- manifests/init.pp | 7 +- manifests/vhost/webdir.pp | 205 ++++++++++++++++++++++------------------------ 3 files changed, 152 insertions(+), 158 deletions(-) (limited to 'manifests') diff --git a/manifests/base.pp b/manifests/base.pp index 5f2bac3..1cf2839 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -1,47 +1,57 @@ +# setup base apache class class apache::base { - file{'vhosts_dir': - path => '/etc/apache2/vhosts.d', - ensure => directory, - owner => root, group => 0, mode => 0755; - } - file{'config_dir': - path => '/etc/apache2/conf.d', - ensure => directory, - owner => root, group => 0, mode => 0755; - } - file{'include_dir': - path => '/etc/apache2/include.d', - ensure => directory, - owner => root, group => 0, mode => 0755; - } - file{'modules_dir': - path => '/etc/apache2/modules.d', - ensure => directory, - owner => root, group => 0, mode => 0755; - } - file{'htpasswd_dir': - path => '/var/www/htpasswds', - ensure => directory, - owner => root, group => apache, mode => 0640; - } - file{'web_dir': - path => '/var/www', - ensure => directory, - owner => root, group => 0, mode => 0755; - } - service { apache: - name => 'apache2', - enable => true, - ensure => running, - } - file { 'default_apache_index': - path => '/var/www/localhost/htdocs/index.html', - ensure => file, - content => template('apache/default/default_index.erb'), - owner => root, group => 0, mode => 0644; - } + file{ + 'vhosts_dir': + ensure => directory, + path => '/etc/apache2/vhosts.d', + owner => root, + group => 0, + mode => '0644'; + 'config_dir': + ensure => directory, + path => '/etc/apache2/conf.d', + owner => root, + group => 0, + mode => '0644'; + 'include_dir': + ensure => directory, + path => '/etc/apache2/include.d', + owner => root, + group => 0, + mode => '0644'; + 'modules_dir': + ensure => directory, + path => '/etc/apache2/modules.d', + owner => root, + group => 0, + mode => '0644'; + 'htpasswd_dir': + ensure => directory, + path => '/var/www/htpasswds', + owner => root, + group => 0, + mode => '0640'; + 'web_dir': + ensure => directory, + path => '/var/www', + owner => root, + group => 0, + mode => '0644'; + 'default_apache_index': + path => '/var/www/localhost/htdocs/index.html', + content => template('apache/default/default_index.erb'), + owner => root, + group => 0, + mode => '0644'; + } -> anchor{'apache::basic_dirs::ready': } - apache::config::include{ 'defaults.inc': } - apache::config::global{ 'git.conf': } - apache::vhost::file { '0-default': } + service{'apache': + ensure => running, + name => 'apache2', + enable => true, + } + + apache::config::include{ 'defaults.inc': } + apache::config::global{ 'git.conf': } + apache::vhost::file { '0-default': } } diff --git a/manifests/init.pp b/manifests/init.pp index 572213f..612149d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -12,12 +12,7 @@ # the Free Software Foundation. # -# Global variables: -# -# $apache_default_user: Set this to the user with which the -# apache is running. -# $apache_default_group: Set this to the group with which the -# apache is running. +# manage a simple apache class apache( $cluster_node = '', $manage_shorewall = false, diff --git a/manifests/vhost/webdir.pp b/manifests/vhost/webdir.pp index e9eda1b..a6ec229 100644 --- a/manifests/vhost/webdir.pp +++ b/manifests/vhost/webdir.pp @@ -1,125 +1,114 @@ # create webdir define apache::vhost::webdir( - $ensure = present, - $path = 'absent', - $owner = root, - $group = apache, - $mode = 0640, - $run_mode = 'normal', - $manage_docroot = true, - $documentroot_owner = root, - $documentroot_group = apache, - $documentroot_mode = 0640, - $documentroot_recurse = false + $ensure = present, + $path = 'absent', + $owner = root, + $group = apache, + $mode = 0640, + $run_mode = 'normal', + $manage_docroot = true, + $documentroot_owner = root, + $documentroot_group = apache, + $documentroot_mode = 0640, + $documentroot_recurse = false ){ - $real_path = $path ? { - 'absent' => $::operatingsystem ? { - openbsd => "/var/www/htdocs/${name}", - default => "/var/www/vhosts/${name}" - }, - default => "${path}" - } + $real_path = $path ? { + 'absent' => $::operatingsystem ? { + openbsd => "/var/www/htdocs/${name}", + default => "/var/www/vhosts/${name}" + }, + default => $path + } - if (($run_mode =~ /^(static\-|proxy\-)?itk$/) or $run_mode == 'fcgid') and ($mode == '0640'){ - $real_mode = 0644 - } else { - $real_mode = $mode - } + if (($run_mode =~ /^(static\-|proxy\-)?itk$/) or $run_mode == 'fcgid') and ($mode == '0640'){ + $real_mode = 0644 + } else { + $real_mode = $mode + } - $documentroot = "${real_path}/www" - $logdir = "${real_path}/logs" + $documentroot = "${real_path}/www" + $logdir = "${real_path}/logs" - if $owner == 'apache' { - if $apache_default_user == '' { - $real_owner = $::operatingsystem ? { - openbsd => 'www', - debian => 'www-data', - default => $owner - } - } else { - $real_owner = $apache_default_user - } - } else { - $real_owner = $owner + if $owner == 'apache' { + $real_owner = $::operatingsystem ? { + openbsd => 'www', + debian => 'www-data', + default => $owner } - if $group == 'apache' { - if $apache_default_group == '' { - $real_group = $::operatingsystem ? { - openbsd => 'www', - debian => 'www-data', - default => $group - } - } else { - $real_group = $apache_default_group - } - } else { - $real_group = $group + } else { + $real_owner = $owner + } + if $group == 'apache' { + $real_group = $::operatingsystem ? { + openbsd => 'www', + debian => 'www-data', + default => $group } + } else { + $real_group = $group + } - if $documentroot_owner == 'apache' { - if $apache_default_user == '' { - $real_documentroot_owner = $::operatingsystem ? { - openbsd => 'www', - debian => 'www-data', - default => $documentroot_owner - } - } else { - $real_documentroot_owner = $apache_default_user - } - } else { - $real_documentroot_owner = $documentroot_owner + if $documentroot_owner == 'apache' { + $real_documentroot_owner = $::operatingsystem ? { + openbsd => 'www', + debian => 'www-data', + default => $documentroot_owner } - if $documentroot_group == 'apache' { - if $apache_default_group == '' { - $real_documentroot_group = $::operatingsystem ? { - openbsd => 'www', - debian => 'www-data', - default => $documentroot_group - } - } else { - $real_documentroot_group = $apache_default_group + } else { + $real_documentroot_owner = $documentroot_owner + } + if $documentroot_group == 'apache' { + $real_documentroot_group = $::operatingsystem ? { + openbsd => 'www', + debian => 'www-data', + default => $documentroot_group + } + } else { + $real_documentroot_group = $documentroot_group + } + case $ensure { + absent: { + file{$real_path: + ensure => absent, + purge => true, + recurse => true, + force => true; } - } else { - $real_documentroot_group = $documentroot_group } - case $ensure { - absent: { - if $manage_docroot { - $managed_directories = [ $real_path, "${real_path}/private", $logdir, $documentroot ] - } else { - $managed_directories = [ $real_path, "${real_path}/private", $logdir ] - } - file{$managed_directories: - ensure => absent, - purge => true, - recurse => true, - force => true, - } + default: { + file{ + $real_path: + ensure => directory, + require => Anchor['apache::basic_dirs::ready'], + owner => $real_owner, + group => $real_group, + mode => $real_mode; + $logdir: + ensure => directory, + owner => $real_documentroot_owner, + group => $real_documentroot_group, + mode => '0660'; + "${real_path}/private": + ensure => directory, + owner => $real_documentroot_owner, + group => $real_documentroot_group, + mode => '0600'; + } + if $manage_docroot { + file{$documentroot: + ensure => directory, + recurse => $documentroot_recurse, + owner => $real_documentroot_owner, + group => $real_documentroot_group, + mode => $documentroot_mode; } - default: { - file{$real_path: - ensure => directory, - owner => $real_owner, group => $real_group, mode => $real_mode; - } - if $manage_docroot { - file{$documentroot: - ensure => directory, - recurse => $documentroot_recurse, - owner => $real_documentroot_owner, group => $real_documentroot_group, mode => $documentroot_mode; - } - } - file{"$logdir": - ensure => directory, - owner => $real_documentroot_owner, group => $real_documentroot_group, mode => 0660; - } - case $::operatingsystem { - centos: { include apache::logrotate::centos::vhosts } - } - file{"${real_path}/private": - ensure => directory, - owner => $real_documentroot_owner, group => $real_documentroot_group, mode => 0600; - } + } + case $::operatingsystem { + centos: { include apache::logrotate::centos::vhosts } + default: { #nothing } + } } + } } -- cgit v1.2.3 From 74417652d7372cbb35d0893a997a44462a960a3b Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 13 Dec 2012 15:32:36 +0100 Subject: fix relation issue --- manifests/base.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/base.pp b/manifests/base.pp index 1cf2839..a34e474 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -43,7 +43,10 @@ class apache::base { owner => root, group => 0, mode => '0644'; - } -> anchor{'apache::basic_dirs::ready': } + } + anchor{'apache::basic_dirs::ready': + require => File['vhosts_dir','config_dir','include_dir','modules_dir','htpasswd_dir','web_dir','default_apache_index'] + } service{'apache': ensure => running, -- cgit v1.2.3 From 6b99eac466cb4eb3849629b0aeac8e0880862812 Mon Sep 17 00:00:00 2001 From: mh Date: Fri, 14 Dec 2012 15:36:02 +0100 Subject: fix permission for htpasswds --- manifests/base.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/base.pp b/manifests/base.pp index a34e474..64a9d17 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -29,7 +29,7 @@ class apache::base { ensure => directory, path => '/var/www/htpasswds', owner => root, - group => 0, + group => 'apache', mode => '0640'; 'web_dir': ensure => directory, -- cgit v1.2.3 From aea2be9add8f751d968de1786e3a4b37568526a7 Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 15 Dec 2012 12:16:13 +0100 Subject: newer mod_security versions need a rule id & linting --- manifests/vhost/php/joomla.pp | 220 ++++++++++++++++++++++-------------------- 1 file changed, 115 insertions(+), 105 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/php/joomla.pp b/manifests/vhost/php/joomla.pp index eed142c..3962efa 100644 --- a/manifests/vhost/php/joomla.pp +++ b/manifests/vhost/php/joomla.pp @@ -25,124 +25,134 @@ # - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null # - semianonym: Don't log ips for CustomLog, log normal ErrorLog define apache::vhost::php::joomla( - $ensure = present, - $domain = 'absent', - $domainalias = 'absent', - $server_admin = 'absent', - $logmode = 'default', - $path = 'absent', - $owner = root, - $group = apache, - $documentroot_owner = apache, - $documentroot_group = 0, - $documentroot_mode = 0640, - $run_mode = 'normal', - $run_uid = 'absent', - $run_gid = 'absent', - $allow_override = 'None', - $php_settings = {}, - $php_options = {}, - $do_includes = false, - $options = 'absent', - $additional_options = 'absent', - $default_charset = 'absent', - $mod_security = true, - $mod_security_relevantonly = true, - $mod_security_rules_to_disable = [], - $mod_security_additional_options = 'absent', - $ssl_mode = false, - $vhost_mode = 'template', - $template_partial = 'apache/vhosts/php_joomla/partial.erb', - $vhost_source = 'absent', - $vhost_destination = 'absent', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent', - $manage_config = true, - $config_webwriteable = false, - $manage_directories = true + $ensure = present, + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $logmode = 'default', + $path = 'absent', + $owner = root, + $group = apache, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = '0640', + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $allow_override = 'None', + $php_settings = {}, + $php_options = {}, + $do_includes = false, + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $mod_security = true, + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', + $ssl_mode = false, + $vhost_mode = 'template', + $template_partial = 'apache/vhosts/php_joomla/partial.erb', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $manage_config = true, + $config_webwriteable = false, + $manage_directories = true ){ - include ::apache::include::joomla + include ::apache::include::joomla - $documentroot = $path ? { - 'absent' => $::operatingsystem ? { - openbsd => "/var/www/htdocs/${name}/www", - default => "/var/www/vhosts/${name}/www" - }, - default => "${path}/www" - } + $documentroot = $path ? { + 'absent' => $::operatingsystem ? { + openbsd => "/var/www/htdocs/${name}/www", + default => "/var/www/vhosts/${name}/www" + }, + default => "${path}/www" + } - if $mod_security_additional_options == 'absent' { - $real_mod_security_additional_options = '# http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html + if $mod_security_additional_options == 'absent' { + $id_str = $::operatingsystem ? { + 'CentOS' => $::lsbmajdistrelease ? { + 5 => '', + default => 'id:1199400,' + }, + default => '' + } + $real_mod_security_additional_options = "# http://optics.csufresno.edu/~kriehn/fedora/fedora_files/f9/howto/modsecurity.html # Exceptions for Joomla Root Directory - + SecRuleRemoveById 950013 # Exceptions for Joomla Administration Panel - SecRule REQUEST_FILENAME "/administrator/index2.php" "allow,phase:1,nolog,ctl:ruleEngine=Off" + SecRule REQUEST_FILENAME \"/administrator/index2.php\" \"${id_str}allow,phase:1,nolog,ctl:ruleEngine=Off\" # Exceptions for Joomla Component Expose - + SecRuleRemoveById 960010 -' - } else { $real_mod_security_additional_options = $mod_security_additional_options } +" + } else { + $real_mod_security_additional_options = $mod_security_additional_options + } - # create vhost configuration file - ::apache::vhost::php::webapp{$name: - ensure => $ensure, - domain => $domain, - domainalias => $domainalias, - server_admin => $server_admin, - logmode => $logmode, - path => $path, - owner => $owner, - group => $group, - documentroot_owner => $documentroot_owner, - documentroot_group => $documentroot_group, - documentroot_mode => $documentroot_mode, - run_mode => $run_mode, - run_uid => $run_uid, - run_gid => $run_gid, - allow_override => $allow_override, - php_settings => $php_settings, - php_options => $php_options, - do_includes => $do_includes, - options => $options, - additional_options => $additional_options, - default_charset => $default_charset, - mod_security => $mod_security, - mod_security_relevantonly => $mod_security_relevantonly, - mod_security_rules_to_disable => $mod_security_rules_to_disable, - mod_security_additional_options => $real_mod_security_additional_options, - ssl_mode => $ssl_mode, - vhost_mode => $vhost_mode, - template_partial => $template_partial, - vhost_source => $vhost_source, - vhost_destination => $vhost_destination, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - manage_directories => $manage_directories, - managed_directories => [ "${documentroot}/administrator/backups", - "${documentroot}/administrator/components", - "${documentroot}/administrator/language", - "${documentroot}/administrator/modules", - "${documentroot}/administrator/templates", - "${documentroot}/components", - "${documentroot}/dmdocuments", - "${documentroot}/images", - "${documentroot}/language", - "${documentroot}/media", - "${documentroot}/modules", - "${documentroot}/plugins", - "${documentroot}/templates", - "${documentroot}/cache", - "${documentroot}/tmp", - "${documentroot}/administrator/cache" ], - manage_config => $manage_config, - config_webwriteable => $config_webwriteable, - config_file => 'configuration.php', - } + # create vhost configuration file + ::apache::vhost::php::webapp{ + $name: + ensure => $ensure, + domain => $domain, + domainalias => $domainalias, + server_admin => $server_admin, + logmode => $logmode, + path => $path, + owner => $owner, + group => $group, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + run_mode => $run_mode, + run_uid => $run_uid, + run_gid => $run_gid, + allow_override => $allow_override, + php_settings => $php_settings, + php_options => $php_options, + do_includes => $do_includes, + options => $options, + additional_options => $additional_options, + default_charset => $default_charset, + mod_security => $mod_security, + mod_security_relevantonly => $mod_security_relevantonly, + mod_security_rules_to_disable => $mod_security_rules_to_disable, + mod_security_additional_options => $real_mod_security_additional_options, + ssl_mode => $ssl_mode, + vhost_mode => $vhost_mode, + template_partial => $template_partial, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + manage_directories => $manage_directories, + managed_directories => [ "${documentroot}/administrator/backups", + "${documentroot}/administrator/components", + "${documentroot}/administrator/language", + "${documentroot}/administrator/modules", + "${documentroot}/administrator/templates", + "${documentroot}/components", + "${documentroot}/dmdocuments", + "${documentroot}/images", + "${documentroot}/language", + "${documentroot}/media", + "${documentroot}/modules", + "${documentroot}/plugins", + "${documentroot}/templates", + "${documentroot}/cache", + "${documentroot}/tmp", + "${documentroot}/administrator/cache" ], + manage_config => $manage_config, + config_webwriteable => $config_webwriteable, + config_file => 'configuration.php', + } } -- cgit v1.2.3 From 943744b559007d994f134f675287a241cafe3f9c Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 15 Dec 2012 17:23:29 +0100 Subject: fix a few relationships --- manifests/logrotate/centos.pp | 5 +++-- manifests/logrotate/centos/vhosts.pp | 2 +- manifests/sftponly/centos.pp | 10 ++++++---- 3 files changed, 10 insertions(+), 7 deletions(-) (limited to 'manifests') diff --git a/manifests/logrotate/centos.pp b/manifests/logrotate/centos.pp index 593f692..4381205 100644 --- a/manifests/logrotate/centos.pp +++ b/manifests/logrotate/centos.pp @@ -1,9 +1,10 @@ +# add vhost folders to logrotation class apache::logrotate::centos { - # add vhost folders to logrotation augeas{'logrotate_httpd': changes => [ 'rm /files/etc/logrotate.d/httpd/rule/file', 'ins file before /files/etc/logrotate.d/httpd/rule/*[1]', 'set /files/etc/logrotate.d/httpd/rule/file[1] /var/log/httpd/*log' ], - onlyif => 'get /files/etc/logrotate.d/httpd/rule/file[1] != "/var/log/httpd/*log"', + onlyif => 'get /files/etc/logrotate.d/httpd/rule/file[1] != "/var/log/httpd/*log"', + require => Package['apache'], } } diff --git a/manifests/logrotate/centos/vhosts.pp b/manifests/logrotate/centos/vhosts.pp index 1cde2f3..b1159a1 100644 --- a/manifests/logrotate/centos/vhosts.pp +++ b/manifests/logrotate/centos/vhosts.pp @@ -1,5 +1,5 @@ +# add vhost folders to logrotation class apache::logrotate::centos::vhosts inherits apache::logrotate::centos { - # add vhost folders to logrotation Augeas['logrotate_httpd']{ changes => [ 'rm /files/etc/logrotate.d/httpd/rule/file', 'ins file before /files/etc/logrotate.d/httpd/rule/*[1]', diff --git a/manifests/sftponly/centos.pp b/manifests/sftponly/centos.pp index 77bb0ca..6817033 100644 --- a/manifests/sftponly/centos.pp +++ b/manifests/sftponly/centos.pp @@ -1,11 +1,13 @@ +# manage sftponly group and apache +# user for access class apache::sftponly::centos { require user::groups::sftponly augeas{"add_apache_to_group_sftponly": context => "/files/etc/group", changes => [ "ins user after sftponly/user[last()]", - "set sftponly/user[last()] apache" ], - onlyif => "match sftponly/*[../user='apache'] size == 0", - require => Package['apache'], - notify => Service['apache'], + "set sftponly/user[last()] apache" ], + onlyif => "match sftponly/*[../user='apache'] size == 0", + require => [ Package['apache'], Group['sftponly'] ], + notify => Service['apache'], } } -- cgit v1.2.3 From 3f0da2ac4651340a459194e450dbe8be6b1b8cab Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 15 Dec 2012 17:29:45 +0100 Subject: use common define --- manifests/sftponly/centos.pp | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) (limited to 'manifests') diff --git a/manifests/sftponly/centos.pp b/manifests/sftponly/centos.pp index 6817033..0f2a43d 100644 --- a/manifests/sftponly/centos.pp +++ b/manifests/sftponly/centos.pp @@ -2,12 +2,9 @@ # user for access class apache::sftponly::centos { require user::groups::sftponly - augeas{"add_apache_to_group_sftponly": - context => "/files/etc/group", - changes => [ "ins user after sftponly/user[last()]", - "set sftponly/user[last()] apache" ], - onlyif => "match sftponly/*[../user='apache'] size == 0", - require => [ Package['apache'], Group['sftponly'] ], - notify => Service['apache'], + user::groups::manage_user{'apache': + group => 'sftponly', + require => Package['apache'], + notify => Service['apache'], } } -- cgit v1.2.3 From fe4113a36c48128474a2d7c3784c50d5af3e3931 Mon Sep 17 00:00:00 2001 From: o Date: Fri, 28 Dec 2012 13:42:31 +0100 Subject: add a workaround for http://git.zx2c4.com/w3-total-fail/tree/w3-total-fail.sh to all wordpress vhosts mend --- manifests/vhost/php/wordpress.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/vhost/php/wordpress.pp b/manifests/vhost/php/wordpress.pp index b3f98c1..7a41ad7 100644 --- a/manifests/vhost/php/wordpress.pp +++ b/manifests/vhost/php/wordpress.pp @@ -52,7 +52,7 @@ define apache::vhost::php::wordpress( $mod_security_additional_options = 'absent', $ssl_mode = false, $vhost_mode = 'template', - $template_partial = 'apache/vhosts/php/partial.erb', + $template_partial = 'apache/vhosts/php_wordpress/partial.erb', $vhost_source = 'absent', $vhost_destination = 'absent', $htpasswd_file = 'absent', -- cgit v1.2.3 From 6c5c5942e3626f2686112b7d760a296dc54fbe48 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 7 Feb 2013 09:54:39 +0100 Subject: ensure that necessary directories for the service are done before the service is managed --- manifests/vhost/webdir.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'manifests') diff --git a/manifests/vhost/webdir.pp b/manifests/vhost/webdir.pp index a6ec229..c9729f0 100644 --- a/manifests/vhost/webdir.pp +++ b/manifests/vhost/webdir.pp @@ -85,6 +85,7 @@ define apache::vhost::webdir( mode => $real_mode; $logdir: ensure => directory, + before => Service['apache'], owner => $real_documentroot_owner, group => $real_documentroot_group, mode => '0660'; @@ -97,6 +98,7 @@ define apache::vhost::webdir( if $manage_docroot { file{$documentroot: ensure => directory, + before => Service['apache'], recurse => $documentroot_recurse, owner => $real_documentroot_owner, group => $real_documentroot_group, -- cgit v1.2.3 From 80c3e890becd31f704f3409094d6da1c137b844e Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 28 Feb 2013 20:32:41 +0100 Subject: add munin plugin to this module --- manifests/munin.pp | 8 ++++++++ manifests/status.pp | 6 +++--- 2 files changed, 11 insertions(+), 3 deletions(-) create mode 100644 manifests/munin.pp (limited to 'manifests') diff --git a/manifests/munin.pp b/manifests/munin.pp new file mode 100644 index 0000000..8b5bda1 --- /dev/null +++ b/manifests/munin.pp @@ -0,0 +1,8 @@ +# manage apache monitoring things +class apache::munin { + munin::plugin{ [ 'apache_accesses', 'apache_processes', 'apache_volume' ]: } + munin::plugin::deploy { 'apache_activity': + source => 'apache/munin/apache_activity', + seltype => 'munin_services_plugin_exec_t', + } +} diff --git a/manifests/status.pp b/manifests/status.pp index 735414c..1f7ca89 100644 --- a/manifests/status.pp +++ b/manifests/status.pp @@ -1,12 +1,12 @@ -# manifests/status.pp - +# enable apache status page +# manage munin plugins if requested class apache::status { case $::operatingsystem { centos: { include apache::status::centos } defaults: { include apache::status::base } } if $apache::manage_munin { - include munin::plugins::apache + include apache::munin } } -- cgit v1.2.3 From e1b1157e3515657763b3e89f0c52235107e1899d Mon Sep 17 00:00:00 2001 From: mh Date: Sat, 9 Mar 2013 19:03:05 +0100 Subject: fix fcontexts to be better --- manifests/centos.pp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'manifests') diff --git a/manifests/centos.pp b/manifests/centos.pp index e1a116f..930bbdd 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -33,12 +33,12 @@ class apache::centos inherits apache::package { before => File[web_dir], } selinux::fcontext{ - [ '/var/www/vhosts/.+/www(/.*)?', - '/var/www/vhosts/.+/non_public(/.*)?', - '/var/www/vhosts/.+/g2data(/.*)?', - '/var/www/vhosts/.+/upload(/.*)?' ]: + [ '/var/www/vhosts/[^/]*/www(/.*)?', + '/var/www/vhosts/[^/]*/non_public(/.*)?', + '/var/www/vhosts/[^/]*/g2data(/.*)?', + '/var/www/vhosts/[^/]*/upload(/.*)?' ]: setype => 'httpd_sys_script_rw_t'; - '/var/www/vhosts/.*/logs(/.*)?': + '/var/www/vhosts/[^/]*/logs(/.*)?': setype => 'httpd_log_t'; } } -- cgit v1.2.3 From dafb060fc57957dbe9e5e90698537e781cebeaf6 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 10 Mar 2013 15:41:35 +0100 Subject: updated facts in file source for apache2.conf, linted --- manifests/debian.pp | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'manifests') diff --git a/manifests/debian.pp b/manifests/debian.pp index b7a5d9e..828245f 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -20,17 +20,19 @@ class apache::debian inherits apache::package { } file { 'apache_main_config': path => "${config_dir}/apache2.conf", - source => [ "puppet://$server/modules/site-apache/config/Debian.${lsbdistcodename}/${fqdn}/apache2.conf", - "puppet://$server/modules/site-apache/config/Debian/{$fqdn}/apache2.conf", - "puppet://$server/modules/site-apache/config/Debian.${lsbdistcodename}/apache2.conf", - "puppet://$server/modules/site-apache/config/Debian/apache2.conf", - "puppet://$server/modules/apache/config/Debian.${lsbdistcodename}/${fqdn}/apache2.conf", - "puppet://$server/modules/apache/config/Debian/{$fqdn}/apache2.conf", - "puppet://$server/modules/apache/config/Debian.${lsbdistcodename}/apache2.conf", - "puppet://$server/modules/apache/config/Debian/apache2.conf" ], + source => [ "puppet:///modules/site-apache/config/Debian.${::lsbdistcodename}/${::fqdn}/apache2.conf", + "puppet:///modules/site-apache/config/Debian/${::fqdn}/apache2.conf", + "puppet:///modules/site-apache/config/Debian.${::lsbdistcodename}/apache2.conf", + 'puppet:///modules/site-apache/config/Debian/apache2.conf', + "puppet:///modules/apache/config/Debian.${::lsbdistcodename}/${::fqdn}/apache2.conf", + "puppet:///modules/apache/config/Debian/${::fqdn}/apache2.conf", + "puppet:///modules/apache/config/Debian.${::lsbdistcodename}/apache2.conf", + 'puppet:///modules/apache/config/Debian/apache2.conf' ], require => Package['apache'], notify => Service['apache'], - owner => root, group => 0, mode => '0644'; + owner => root, + group => 0, + mode => '0644'; } apache::config::global{ 'charset': } apache::config::global{ 'security': } -- cgit v1.2.3 From 966956844377b8aa28dba04a7460678b3d73730b Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 10 Mar 2013 16:46:51 +0100 Subject: introduce logprefix --- manifests/vhost/template.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'manifests') diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index 4c9ab3f..6187368 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -46,6 +46,7 @@ define apache::vhost::template( $path_is_webdir = false, $logpath = 'absent', $logmode = 'default', + $logprefix = '', $domain = 'absent', $domainalias = 'absent', $server_admin = 'absent', -- cgit v1.2.3 From 9d4f2b45468f48b4be097d74078d16f0bfcbdc1d Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 10 Mar 2013 22:38:02 +0100 Subject: linting --- manifests/vhost/template.pp | 104 ++++++++++++++++++++++---------------------- 1 file changed, 52 insertions(+), 52 deletions(-) (limited to 'manifests') diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index 6187368..9ee650d 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -41,47 +41,47 @@ # - true: (*default*) activate mod_security # define apache::vhost::template( - $ensure = present, - $path = 'absent', - $path_is_webdir = false, - $logpath = 'absent', - $logmode = 'default', - $logprefix = '', - $domain = 'absent', - $domainalias = 'absent', - $server_admin = 'absent', - $allow_override = 'None', - $dav_db_dir = 'absent', - $cgi_binpath = 'absent', - $do_includes = false, - $options = 'absent', - $additional_options = 'absent', - $default_charset = 'absent', - $php_options = {}, - $php_settings = {}, - $run_mode = 'normal', - $run_uid = 'absent', - $run_gid = 'absent', - $template_partial = 'apache/vhosts/static/partial.erb', - $ssl_mode = false, - $mod_security = true, - $mod_security_relevantonly = true, - $mod_security_rules_to_disable = [], - $mod_security_additional_options = 'absent', - $use_mod_macro = false, - $htpasswd_file = 'absent', - $htpasswd_path = 'absent', - $ldap_auth = false, - $ldap_user = 'any', - $passing_extension = 'absent', - $gempath = 'absent' + $ensure = present, + $path = 'absent', + $path_is_webdir = false, + $logpath = 'absent', + $logmode = 'default', + $logprefix = '', + $domain = 'absent', + $domainalias = 'absent', + $server_admin = 'absent', + $allow_override = 'None', + $dav_db_dir = 'absent', + $cgi_binpath = 'absent', + $do_includes = false, + $options = 'absent', + $additional_options = 'absent', + $default_charset = 'absent', + $php_options = {}, + $php_settings = {}, + $run_mode = 'normal', + $run_uid = 'absent', + $run_gid = 'absent', + $template_partial = 'apache/vhosts/static/partial.erb', + $ssl_mode = false, + $mod_security = true, + $mod_security_relevantonly = true, + $mod_security_rules_to_disable = [], + $mod_security_additional_options = 'absent', + $use_mod_macro = false, + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $ldap_auth = false, + $ldap_user = 'any', + $passing_extension = 'absent', + $gempath = 'absent' ){ $real_path = $path ? { - 'absent' => $::operatingsystem ? { + 'absent' => $::operatingsystem ? { openbsd => "/var/www/htdocs/${name}", default => "/var/www/vhosts/${name}" }, - default => $path + default => $path } if $path_is_webdir { @@ -90,18 +90,18 @@ define apache::vhost::template( $documentroot = "${real_path}/www" } $logdir = $logpath ? { - 'absent' => "${real_path}/logs", - default => $logpath + 'absent' => "${real_path}/logs", + default => $logpath } $servername = $domain ? { - 'absent' => $name, - default => $domain + 'absent' => $name, + default => $domain } $serveralias = $domainalias ? { - 'absent' => '', - 'www' => "www.${servername}", - default => $domainalias + 'absent' => '', + 'www' => "www.${servername}", + default => $domainalias } if $htpasswd_path == 'absent' { $real_htpasswd_path = "/var/www/htpasswds/${name}" @@ -132,12 +132,12 @@ define apache::vhost::template( } apache::vhost::file{$name: - ensure => $ensure, - do_includes => $do_includes, - run_mode => $run_mode, - ssl_mode => $ssl_mode, - logmode => $logmode, - mod_security => $mod_security, + ensure => $ensure, + do_includes => $do_includes, + run_mode => $run_mode, + ssl_mode => $ssl_mode, + logmode => $logmode, + mod_security => $mod_security, htpasswd_file => $htpasswd_file, htpasswd_path => $htpasswd_path, use_mod_macro => $use_mod_macro, @@ -145,9 +145,9 @@ define apache::vhost::template( if $ensure != 'absent' { Apache::Vhost::File[$name]{ content => $run_mode ? { - 'proxy-itk' => template("apache/vhosts/itk_plus.erb"), - 'static-itk' => template("apache/vhosts/itk_plus.erb"), - default => template("apache/vhosts/default.erb"), + 'proxy-itk' => template('apache/vhosts/itk_plus.erb'), + 'static-itk' => template('apache/vhosts/itk_plus.erb'), + default => template('apache/vhosts/default.erb'), } } } -- cgit v1.2.3 From f4c092d2f027ce2a3492f1f4bad1c691b8d3d6e9 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 17 Mar 2013 00:37:04 +0100 Subject: linting --- manifests/centos.pp | 8 +++++--- manifests/defaultphpdirs.pp | 22 ++++++++++++++-------- 2 files changed, 19 insertions(+), 11 deletions(-) (limited to 'manifests') diff --git a/manifests/centos.pp b/manifests/centos.pp index 930bbdd..69f11ab 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -6,7 +6,7 @@ class apache::centos inherits apache::package { name => 'httpd', } Service[apache]{ - name => 'httpd', + name => 'httpd', restart => '/etc/init.d/httpd graceful', } File[vhosts_dir]{ @@ -37,9 +37,11 @@ class apache::centos inherits apache::package { '/var/www/vhosts/[^/]*/non_public(/.*)?', '/var/www/vhosts/[^/]*/g2data(/.*)?', '/var/www/vhosts/[^/]*/upload(/.*)?' ]: - setype => 'httpd_sys_script_rw_t'; + require => Package['apache'], + setype => 'httpd_sys_script_rw_t'; '/var/www/vhosts/[^/]*/logs(/.*)?': - setype => 'httpd_log_t'; + require => Package['apache'], + setype => 'httpd_log_t'; } } file{'apache_service_config': diff --git a/manifests/defaultphpdirs.pp b/manifests/defaultphpdirs.pp index 93f7f1f..16561ac 100644 --- a/manifests/defaultphpdirs.pp +++ b/manifests/defaultphpdirs.pp @@ -1,21 +1,27 @@ +# setup some directories for php class apache::defaultphpdirs { file{ '/var/www/upload_tmp_dir': - ensure => directory, + ensure => directory, require => Package['apache'], - owner => root, group => 0, mode => 0755; + owner => root, + group => 0, + mode => '0755'; '/var/www/session.save_path': - ensure => directory, + ensure => directory, require => Package['apache'], - owner => root, group => 0, mode => 0755; + owner => root, + group => 0, + mode => '0755'; } if $::selinux != 'false' { selinux::fcontext{ - ['/var/www/upload_tmp_dir/.+(/.*)?', - '/var/www/session.save_path/.+(/.*)?']: - setype => 'httpd_sys_script_rw_t', - before => File['/var/www/upload_tmp_dir','/var/www/session.save_path']; + [ '/var/www/upload_tmp_dir/.+(/.*)?', + '/var/www/session.save_path/.+(/.*)?' ]: + require => Package['apache'], + setype => 'httpd_sys_script_rw_t', + before => File['/var/www/upload_tmp_dir','/var/www/session.save_path']; } } } -- cgit v1.2.3 From 00952a0b9a210c8df93e1b03f0f508c6087a16f9 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 17 Mar 2013 01:23:21 +0100 Subject: fix selttype on EL6 --- manifests/centos.pp | 6 +++++- manifests/defaultphpdirs.pp | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'manifests') diff --git a/manifests/centos.pp b/manifests/centos.pp index 69f11ab..caf46ce 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -32,13 +32,17 @@ class apache::centos inherits apache::package { Selinux::Fcontext{ before => File[web_dir], } + $seltype_rw = $::lsbmajdistrelease ? { + 5 => 'httpd_sys_script_rw_t', + default => 'httpd_sys_rw_content_t' + } selinux::fcontext{ [ '/var/www/vhosts/[^/]*/www(/.*)?', '/var/www/vhosts/[^/]*/non_public(/.*)?', '/var/www/vhosts/[^/]*/g2data(/.*)?', '/var/www/vhosts/[^/]*/upload(/.*)?' ]: require => Package['apache'], - setype => 'httpd_sys_script_rw_t'; + setype => $seltype_rw; '/var/www/vhosts/[^/]*/logs(/.*)?': require => Package['apache'], setype => 'httpd_log_t'; diff --git a/manifests/defaultphpdirs.pp b/manifests/defaultphpdirs.pp index 16561ac..5485241 100644 --- a/manifests/defaultphpdirs.pp +++ b/manifests/defaultphpdirs.pp @@ -16,11 +16,15 @@ class apache::defaultphpdirs { } if $::selinux != 'false' { + $seltype_rw = $::lsbmajdistrelease ? { + 5 => 'httpd_sys_script_rw_t', + default => 'httpd_sys_rw_content_t' + } selinux::fcontext{ [ '/var/www/upload_tmp_dir/.+(/.*)?', '/var/www/session.save_path/.+(/.*)?' ]: require => Package['apache'], - setype => 'httpd_sys_script_rw_t', + setype => $seltype_rw, before => File['/var/www/upload_tmp_dir','/var/www/session.save_path']; } } -- cgit v1.2.3 From 5ec141dfbf218dd9b2f2611d788db98f74e65073 Mon Sep 17 00:00:00 2001 From: mh Date: Wed, 27 Mar 2013 20:25:29 +0100 Subject: provide an easy way to workaround scope issues in templates in puppet 3 --- manifests/vhost/template.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'manifests') diff --git a/manifests/vhost/template.pp b/manifests/vhost/template.pp index 9ee650d..55d41d9 100644 --- a/manifests/vhost/template.pp +++ b/manifests/vhost/template.pp @@ -63,6 +63,7 @@ define apache::vhost::template( $run_uid = 'absent', $run_gid = 'absent', $template_partial = 'apache/vhosts/static/partial.erb', + $template_vars = {}, $ssl_mode = false, $mod_security = true, $mod_security_relevantonly = true, -- cgit v1.2.3 From 2f6d7891e115f921c157567e2aa5afd6199c310e Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Mon, 15 Apr 2013 15:48:43 -0400 Subject: add the requirement for perl::extensions::libwww --- manifests/munin.pp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'manifests') diff --git a/manifests/munin.pp b/manifests/munin.pp index 8b5bda1..2a04e97 100644 --- a/manifests/munin.pp +++ b/manifests/munin.pp @@ -1,5 +1,8 @@ # manage apache monitoring things class apache::munin { + + include perl::extensions::libwww + munin::plugin{ [ 'apache_accesses', 'apache_processes', 'apache_volume' ]: } munin::plugin::deploy { 'apache_activity': source => 'apache/munin/apache_activity', -- cgit v1.2.3 From 688f07793a72ba4453f6663b6d19fe6388ba382f Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 18 Apr 2013 16:36:48 -0400 Subject: add a 'ssl' parameter, so you do not need to include two classes to get ssl support, you can simply just pass the 'ssl => true'. this may also help the occasional warning: warning: Scope(Class[Apache::Ssl]): Could not look up qualified variable 'apache::manage_shorewall'; class apache has not been evaluated at /srv/leap/puppet/modules/apache/manifests/ssl.pp:10 --- manifests/init.pp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'manifests') diff --git a/manifests/init.pp b/manifests/init.pp index 574c212..542e7aa 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -17,7 +17,8 @@ class apache( $cluster_node = '', $manage_shorewall = false, $manage_munin = false, - $no_default_site = false + $no_default_site = false, + $ssl = false ) { case $::operatingsystem { centos: { include apache::centos } @@ -32,5 +33,8 @@ class apache( if $apache::manage_shorewall { include shorewall::rules::http } + if $ssl { + include apache::ssl + } } -- cgit v1.2.3 From 090e59ad1fcba01e868237a83cadf9254cf09d3e Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 25 Apr 2013 14:34:20 -0400 Subject: fix merge conflict resolution mistake --- manifests/debian.pp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'manifests') diff --git a/manifests/debian.pp b/manifests/debian.pp index 9180825..d009e25 100644 --- a/manifests/debian.pp +++ b/manifests/debian.pp @@ -19,11 +19,15 @@ class apache::debian inherits apache::package { path => '/var/www/index.html', } file { 'apache_main_config': - path => "${config_dir}/apache2.conf", - source => [ "puppet:///modules/site_apache/config/Debian/{$::fqdn}/apache2.conf", + path => "${config_dir}/apache2.conf", + source => [ "puppet:///modules/site_apache/config/Debian.${::lsbdistcodename}/${::fqdn}/apache2.conf", + "puppet:///modules/site_apache/config/Debian/${::fqdn}/apache2.conf", "puppet:///modules/site_apache/config/Debian.${::lsbdistcodename}/apache2.conf", - "puppet:///modules/site_apache/config/Debian/apache2.conf", - "puppet:///modules/apache/config/Debian/apache2.conf" ], + 'puppet:///modules/site_apache/config/Debian/apache2.conf', + "puppet:///modules/apache/config/Debian.${::lsbdistcodename}/${::fqdn}/apache2.conf", + "puppet:///modules/apache/config/Debian/${::fqdn}/apache2.conf", + "puppet:///modules/apache/config/Debian.${::lsbdistcodename}/apache2.conf", + 'puppet:///modules/apache/config/Debian/apache2.conf' ], require => Package['apache'], notify => Service['apache'], owner => root, -- cgit v1.2.3