digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-21 19:28:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Relates to SG-11 : Pushes code to repo for Tom to branch from

Browse Source
This commit is contained in:
Connor Wilson
2016-03-26 02:49:56 +00:00
parent da9eda4602
commit 866de4d855
47 changed files with 6895 additions and 1722 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
Gemfile.lock Normal file
View File

@@ -0,0 +1,21 @@
GEM
remote: https://rubygems.org/
specs:
mini_portile2 (2.0.0)
minitest (5.8.4)
nokogiri (1.6.7.2)
mini_portile2 (~> 2.0.0.rc2)
rake (10.5.0)
xml-simple (1.1.5)
PLATFORMS
ruby
DEPENDENCIES
minitest
nokogiri
rake
xml-simple
BUNDLED WITH
1.10.4

2
config/scenario.xml
View File

@@ -6,7 +6,7 @@
</vulnerabilities>
<!-- secure services will be provided, if matching insecure ones have not been selected -->
<services>
<service type="http" name="example42-apache-2.1.12"></service>
<service type="http" name="apache"></service>
</services>-->
<networks>
<network name="homeonly"></network>

87
lib/helpers/bootstrap.rb
View File

@@ -35,83 +35,64 @@ class Bootstrap
def move_vulnerability_puppet_files
puts 'Moving vulnerability manifests'
Dir.glob("#{ROOT_DIR}/modules/vulnerabilities/**/**/**/*.pp").each do |puppet_file|
Dir.glob("#{ROOT_DIR}/modules/vulnerabilities/*/*/*/*.pp").each do |puppet_file|
puts "Moving #{puppet_file} to mount/puppet/manifest/"
FileUtils.copy(puppet_file, "#{ROOT_DIR}/mount/puppet/manifest/")
end
puts 'Moving vulnerability modules'
Dir.glob("#{ROOT_DIR}/modules/vulnerabilities/**/**/**/module/**").each do |puppet_module_directory|
root_directory_length = ROOT_DIR.split('/').count
module_name = puppet_module_directory.split('/')[root_directory_length + 4]
module_path = "#{ROOT_DIR}/mount/puppet/module/#{module_name}"
if(Dir.exists?(module_path))
puts "Moving #{puppet_module_directory} to #{module_path}"
FileUtils.cp_r(puppet_module_directory, module_path)
else
Dir.mkdir("#{ROOT_DIR}/mount/puppet/module/#{module_name}")
puts "Moving #{puppet_module_directory} to #{module_path}"
FileUtils.cp_r(puppet_module_directory, module_path)
end
puts 'Moving vulnerability templates'
Dir.glob("#{ROOT_DIR}/modules/vulnerabilities/*/*/*/*/").each do |puppet_module_directory|
module_path = "#{ROOT_DIR}/mount/puppet/module/"
puts "Moving #{puppet_module_directory} to #{module_path}"
FileUtils.cp_r(puppet_module_directory, module_path)
end
end
def move_secure_service_puppet_files
puts 'Moving Service manifests'
Dir.glob("#{ROOT_DIR}/modules/services/**/**/**/*.pp").each do |puppet_file|
Dir.glob("#{ROOT_DIR}/modules/services/*/*/*/*.pp").each do |puppet_file|
puts "Moving #{puppet_file} to mount/puppet/manifest/"
FileUtils.copy(puppet_file, "#{ROOT_DIR}/mount/puppet/manifest/")
end
puts 'Moving Service modules'
Dir.glob("#{ROOT_DIR}/modules/services/**/**/**/module/**/**").each do |puppet_module_directory|
root_directory_length = ROOT_DIR.split('/').count
module_name = puppet_module_directory.split('/')[root_directory_length + 6]
module_path = "#{ROOT_DIR}/mount/puppet/module/#{module_name}"
Dir.glob("#{ROOT_DIR}/modules/services/*/*/*/module/**").each do |puppet_module_directory|
module_path = "#{ROOT_DIR}/mount/puppet/module/"
puts "Moving #{puppet_module_directory} to #{module_path}"
FileUtils.cp_r(puppet_module_directory, module_path)
if(Dir.exists?(module_path))
puts "Moving #{puppet_module_directory} to #{module_path}"
FileUtils.cp_r(puppet_module_directory, module_path)
else
Dir.mkdir("#{ROOT_DIR}/mount/puppet/module/#{module_name}")
puts "Moving #{puppet_module_directory} to #{module_path}"
FileUtils.cp_r(puppet_module_directory, module_path)
end
puts 'Moving vulnerability templates'
end
end
def move_build_puppet_files
puts 'Moving build puppet module files'
Dir.glob("#{ROOT_DIR}/modules/build/puppet/**/module/*.pp").each do |puppet_file|
root_directory_length = ROOT_DIR.split('/').count
module_name = puppet_file.split('/')[root_directory_length + 3]
module_path = "#{ROOT_DIR}/mount/puppet/module/#{module_name}"
if(Dir.exists?(module_path))
Dir.mkdir("#{module_path}/manifests")
puts "Moving #{puppet_file} to #{module_path}"
FileUtils.copy(puppet_file, "#{module_path}/manifests")
else
Dir.mkdir("#{ROOT_DIR}/mount/puppet/module/#{module_name}")
Dir.mkdir("#{ROOT_DIR}/mount/puppet/module/#{module_name}/manifests")
puts "Moving #{puppet_file} to #{module_path}"
FileUtils.copy(puppet_file, "#{module_path}/manifests")
end
end
Dir.glob("#{ROOT_DIR}/modules/build/puppet/**/manifest/*.pp").each do |puppet_file|
puts "Moving #{puppet_file} to mount/puppet/manifest."
FileUtils.copy(puppet_file, "#{ROOT_DIR}/mount/puppet/manifest")
end
end
puts 'Moving Dependency modules'
Dir.glob("#{ROOT_DIR}/modules/dependencies/**").each do |puppet_module_directory|
module_path = "#{ROOT_DIR}/mount/puppet/module/"
puts "Moving #{puppet_module_directory} to #{module_path}"
FileUtils.cp_r(puppet_module_directory, module_path)
end
puts 'Moving build manifests'
Dir.glob("#{ROOT_DIR}/modules/build/*/*/*.pp").each do |puppet_file|
puts "Moving #{puppet_file} to mount/puppet/manifest/"
FileUtils.copy(puppet_file, "#{ROOT_DIR}/mount/puppet/manifest/")
end
puts 'Moving build modules'
Dir.glob("#{ROOT_DIR}/modules/build/*/*/module/**").each do |puppet_module_directory|
module_path = "#{ROOT_DIR}/mount/puppet/module/"
puts "Moving #{puppet_module_directory} to #{module_path}"
FileUtils.cp_r(puppet_module_directory, module_path)
end
def move_files
end

12
lib/templates/vagrantbase.erb
View File

@@ -24,13 +24,13 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
# Add secure services
<% systems.services.each do |service| %>
<% service_name = service.name.gsub!('-', '_').gsub!('.', '_') %>
<% service_name = service.name%>
config.vm.provision "puppet" do | <%=service_name%> |
<%=service_name%>.module_path = "<%="#{ROOT_DIR}/mount/puppet/module/#{service_name}"%>"
<%=service_name%>.module_path = "<%="#{ROOT_DIR}/mount/puppet/module"%>"
<%=service_name%>.manifests_path = "<%="#{ROOT_DIR}/mount/puppet/manifest"%>"
<%=service_name%>.manifest_file = "init.pp"
<%=service_name%>.manifest_file = "<%=service_name%>.pp"
end
<% end %>
@@ -43,7 +43,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
<% vulnerability_name = vulnerability.name %>
config.vm.provision "puppet" do | <%=vulnerability_name%> |
<%=vulnerability_name%>.module_path = "<%="#{ROOT_DIR}/mount/puppet/module/#{vulnerability_name}"%>"
<%=vulnerability_name%>.module_path = "<%="#{ROOT_DIR}/mount/puppet/module"%>"
<%=vulnerability_name%>.manifests_path = "<%="#{ROOT_DIR}/mount/puppet/manifest"%>"
<%=vulnerability_name%>.manifest_file = "<%=vulnerability_name%>.pp"
end
@@ -52,8 +52,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
# clean up script which clears history from the VMs and clobs files together
config.vm.provision "puppet" do |cleanup|
cleanup.module_path = "<%="#{ROOT_DIR}/modules/build/puppet/cleanup/module"%>"
cleanup.manifests_path = "<%="#{ROOT_DIR}/modules/build/puppet/cleanup"%>"
cleanup.module_path = "<%="#{ROOT_DIR}/mount/puppet/module"%>"
cleanup.manifests_path = "<%="#{ROOT_DIR}/mount/puppet/manifest"%>"
cleanup.manifest_file = "cleanup.pp"
end

27
modules/build/ssh-keys/kali-1.0
View File

@@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEArvBoa+yz0D6dHtssTftgC6vy1TdwoBqXcGEPGHdv7BnsXAo7
cCCTDkDk+/2yAAEd/1EDFo11fqxrbA4KhHLchAQRCHr8xNQpmNladd7ElhSsQ1bx
AQbTAzu1Hb7IcxevE0VTDFmVlThsw6GWXe5lTYI8+pZXUpyrb/K8eUi/7hykI2vU
shrkfSaCmtnjRs6xdCkWS18MJR1zeRsJiSwPMCG40DPetiGBoQw4xtcUhXxjtecY
2mwoe2x7TZN0G+VkTQQUZkxL5SRunjKJCLFuruh//drCms3psfDGHPqkvPBHmGbM
vn1vDMgE9KHdJvbLq2o3/rZmIpvUab5/4Lt0+wIDAQABAoIBAHZt/FMr8GNHMDkm
aWz1g4UDSCa+HHnW5rTGkGCg4t00g4Wfy7NR6hwZJKvPiMRl/TfOUUfgRi2Wbja9
nrMhy1V4J0vVbu+VLf/zDUGEqRNtNV11KzzlsM6cijVz5eG8o+Jo6RsQPqrBgyhB
aTl33Y7GX5/JTZ54v7rO2ndFH+IC1Gzb8UFj5bIcAD8MAvXdazIpSuEzpMKaHVY/
cLGli/vIGKAcc9I5gCA4iTxNEc0n736gAJYD06SSAcxaK7VHBYwld5fMpeT7pBfT
o5FmWGdiNDOFr50acOfNHmMevJAO6KhmIU7XEohweeFaNiq9K6Nf/8k+1Vn1SQL3
0CcYodECgYEA4/LorHCJVbAaQOzf+BwXjkhrXv6R5iFO7hvlxBkYfuOVr1u2lY0s
TD/otK2S335n59ptfcmNf2n+mfLGjtDRkJGDEl/aSL6xZ3dKctXStpV6dih3AH52
4JtZdWQSWVaPN1CVoUDcezxYlv//3wtm4bAAfQ9yFQuCWaEMg3Qt3HMCgYEAxHeH
LaYyjC/lfEqhuSoOLx+BeHv92o72vo4GJz+VX+0/k1o002mQM6H6ka6uI5Pk2Sfm
/MgbZGhtJTbXcWeoeHALB3QI3FBn9GtwZud8F71TIRge+nlLlPbp0IEphWPgxKCo
6fXc6ClYko5YtENGhzxqLenAvR/JGlp1mgoTq1kCgYAp2W7eOcr88Ffhk5uK8Z1h
geo0hohCt9rF3FlSp0jYAvB4QV5EFqcLWLBge317irmI15FChr5zpgIYQXoyviO7
ZvupY++va1Mmq7//VUJaQxc4mjU+4fjxQ5Qo+TZlMH8aqLDP6hiQh4O8NUPEr1M0
HBv62dsYAgTsb6TcfXfuAQKBgQC1BnWVyEdXCGLpTVMKbAe5v8vqGkVjdss/9VkS
HPIj+1TTDxERo3jtOljIly15NrJsrOmXDULAF8BJw+hrY9nFb2eaLH5lkejXO4/M
IYsjzJymJ7WTkOPllEUIi5qYf9kBFA/P020CteYY0/RD1KFNxosHVxTyrjD8iVFG
5/YLsQKBgG7G9lMbzbXsdTvlJJm5sId0Nxdc97PezpC3IAdDCiqRwushbGV00n9W
tzg8udeocVh3KeL9btxIovSFKgGC1ONKbsYULuVQVGe0LMpqGr6IVjhoOEQzGaJA
a9CvKv9Qk2UPgtNBVpP4fhEhyTaHY8sWCSYXvKRhFlL4gH47P0tl
-----END RSA PRIVATE KEY-----

1
modules/build/ssh-keys/kali-1.0.pub
View File

@@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCu8Ghr7LPQPp0e2yxN+2ALq/LVN3CgGpdwYQ8Yd2/sGexcCjtwIJMOQOT7/bIAAR3/UQMWjXV+rGtsDgqEctyEBBEIevzE1CmY2Vp13sSWFKxDVvEBBtMDO7UdvshzF68TRVMMWZWVOGzDoZZd7mVNgjz6lldSnKtv8rx5SL/uHKQja9SyGuR9JoKa2eNGzrF0KRZLXwwlHXN5GwmJLA8wIbjQM962IYGhDDjG1xSFfGO15xjabCh7bHtNk3Qb5WRNBBRmTEvlJG6eMokIsW6u6H/92sKazemx8MYc+qS88EeYZsy+fW8MyAT0od0m9surajf+tmYim9Rpvn/gu3T7 sliim@S70wN

0
modules/build/scripts/bootstrap.sh → modules/build/unix/bootstrap/module/bootstrap/files/bootstrap.sh
View File

0
modules/build/puppet/cleanup/cleanup.pp → modules/build/unix/cleanup/cleanup.pp
View File

0
modules/build/puppet/cleanup/module/cleanup/manifests/config.pp → modules/build/unix/cleanup/module/cleanup/manifests/config.pp
View File

5
modules/services/unix/ftp/secure_ftp/secgen_metadata.xml
View File

@@ -0,0 +1,5 @@
<service
type="http"
name="apache"
description="A secure Apache service"
</service>

3
modules/services/unix/http/apache/apache.pp Normal file
View File

@@ -0,0 +1,3 @@
class { 'apache':
mpm_module => 'prefork'
}

1
modules/services/unix/http/apache/example42_apache_2_1_12.pp
View File

@@ -1 +0,0 @@
include apache

48
modules/services/unix/http/apache/module/apache/Gemfile Normal file
View File

@@ -0,0 +1,48 @@
source ENV['GEM_SOURCE'] || "https://rubygems.org"
def location_for(place, fake_version = nil)
if place =~ /^(git:[^#]*)#(.*)/
[fake_version, { :git => $1, :branch => $2, :require => false }].compact
elsif place =~ /^file:\/\/(.*)/
['>= 0', { :path => File.expand_path($1), :require => false }]
else
[place, { :require => false }]
end
end
group :development, :unit_tests do
gem 'rspec-core', '3.1.7', :require => false
gem 'puppetlabs_spec_helper', :require => false
gem 'simplecov', :require => false
gem 'puppet_facts', :require => false
gem 'json', :require => false
end
group :system_tests do
if beaker_version = ENV['BEAKER_VERSION']
gem 'beaker', *location_for(beaker_version)
end
if beaker_rspec_version = ENV['BEAKER_RSPEC_VERSION']
gem 'beaker-rspec', *location_for(beaker_rspec_version)
else
gem 'beaker-rspec', :require => false
end
gem 'serverspec', :require => false
gem 'beaker-puppet_install_helper', :require => false
end
if facterversion = ENV['FACTER_GEM_VERSION']
gem 'facter', facterversion, :require => false
else
gem 'facter', :require => false
end
if puppetversion = ENV['PUPPET_GEM_VERSION']
gem 'puppet', puppetversion, :require => false
else
gem 'puppet', :require => false
end
# vim:ft=ruby

6
modules/services/unix/http/apache/module/example42_apache_2_1_12/LICENSE → modules/services/unix/http/apache/module/apache/LICENSE
View File

@@ -1,8 +1,6 @@
Copyright (C) 2013 Alessandro Franceschi / Lab42
Copyright (C) 2012 Puppet Labs Inc
for the relevant commits Copyright (C) by the respective authors.
Contact Lab42 at: info@lab42.it
Puppet Labs can be contacted at: info@puppetlabs.com
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.

3478
modules/services/unix/http/apache/module/apache/README.md Normal file
View File

File diff suppressed because it is too large Load Diff

11
modules/services/unix/http/apache/module/apache/Rakefile Normal file
View File

@@ -0,0 +1,11 @@
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-lint/tasks/puppet-lint'
PuppetLint.configuration.fail_on_warnings = true
PuppetLint.configuration.send('relative')
PuppetLint.configuration.send('disable_80chars')
PuppetLint.configuration.send('disable_class_inherits_from_params_class')
PuppetLint.configuration.send('disable_documentation')
PuppetLint.configuration.send('disable_single_quote_string_with_variables')
PuppetLint.configuration.send('disable_only_variable_string')
PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]

310
modules/services/unix/http/apache/module/apache/checksums.json Normal file
View File

@@ -0,0 +1,310 @@
{
"CHANGELOG.md": "b430057266b6271f5fb6d43d655b8039",
"CONTRIBUTING.md": "e2b8e8e433fc76b3798b7fe435f49375",
"Gemfile": "e6e6eb07f0bfc9bb1e328895ca49b3f5",
"LICENSE": "b3f8a01d8699078d82e8c3c992307517",
"README.md": "0c47aec304ff374bceed885f7a7cb164",
"Rakefile": "ed3db0e49f5fcb381a19542c08ec473f",
"examples/apache.pp": "819cf9116ffd349e6757e1926d11ca2f",
"examples/dev.pp": "9f5727f69f536538f8d840fad0852308",
"examples/init.pp": "4eac4a7ef68499854c54a78879e25535",
"examples/mod_load_params.pp": "5981af4d625a906fce1cedeb3f70cb90",
"examples/mods.pp": "0085911ba562b7e56ad8d793099c9240",
"examples/mods_custom.pp": "9afd068edce0538b5c55a3bc19f9c24a",
"examples/php.pp": "60e7939034d531dd6b95af35338bcbe7",
"examples/vhost.pp": "bd91438534d12511b01f31fe8d10cd35",
"examples/vhost_directories.pp": "b4e6b5a596e5bae122233652b9a33e32",
"examples/vhost_filter.pp": "cd8ec7303f3bb508c88a473c43d31f0a",
"examples/vhost_ip_based.pp": "7d9f7b6976de7488ab6ff0a6e647fc73",
"examples/vhost_proxypass.pp": "59b87f88943aa809578288e26b41aade",
"examples/vhost_ssl.pp": "9f3716bc15a9a6760f1d6cc3bf8ce8ac",
"examples/vhosts_without_listen.pp": "a6692104056a56517b4365bcc816e7f4",
"files/httpd": "295f5e924afe6f752d29327e73fe6d0a",
"lib/puppet/parser/functions/bool2httpd.rb": "05d5deeb6e0c31acee7c55b249ec8e06",
"lib/puppet/parser/functions/enclose_ipv6.rb": "581bc163291824909d1700909db96512",
"lib/puppet/parser/functions/validate_apache_log_level.rb": "d75bc4ef17ff5c9a1f94dd3948e733d1",
"lib/puppet/provider/a2mod/a2mod.rb": "d986d8e8373f3f31c97359381c180628",
"lib/puppet/provider/a2mod/gentoo.rb": "2492d446adbb68f678e86a75eb7ff3bd",
"lib/puppet/provider/a2mod/modfix.rb": "b689a1c83c9ccd8590399c67f3e588e5",
"lib/puppet/provider/a2mod/redhat.rb": "c39b80e75e7d0666def31c2a6cdedb0b",
"lib/puppet/provider/a2mod.rb": "03ed73d680787dd126ea37a03be0b236",
"lib/puppet/type/a2mod.rb": "9042ccc045bfeecca28bebb834114f05",
"manifests/balancer.pp": "5c20fa17545bd49375ee6687deb6b6fd",
"manifests/balancermember.pp": "8f44f65124330b7e9b49a7100f86fe6d",
"manifests/confd/no_accf.pp": "406d0ca41c3b90f83740ca218dc3f484",
"manifests/custom_config.pp": "9c27b865b50e815352acbc286cd255fd",
"manifests/default_confd_files.pp": "86fdbe5773abb7c2da26db096973865c",
"manifests/default_mods/load.pp": "bc0b3b65edd1ba6178c09672352f9bce",
"manifests/default_mods.pp": "f6f6ecfaaca79a7eec50335daa9eaf40",
"manifests/dev.pp": "9285af7f4e3b343a8695af3897dfdb07",
"manifests/fastcgi/server.pp": "47549cf3028f78281bcbee5d8492c8ea",
"manifests/init.pp": "9bc0834ae827f8bdb62192926adda0d9",
"manifests/listen.pp": "f7e224cba3b8021f90511af4f43d8b1f",
"manifests/mod/actions.pp": "ec2a5d1cf54790204750f9b67938d230",
"manifests/mod/alias.pp": "b920887e67857a09252c10e30949c85c",
"manifests/mod/auth_basic.pp": "dffef6ff10145393cb78fcaa27220c53",
"manifests/mod/auth_cas.pp": "a20c718cc3ffab32f7c72f42160a5602",
"manifests/mod/auth_kerb.pp": "08d536cb13281db3b9ed9a966ad431fd",
"manifests/mod/auth_mellon.pp": "85e7085a44b3039e4a2c7b463ca8bdb2",
"manifests/mod/authn_core.pp": "4db773ddbc0d875230085782d4521951",
"manifests/mod/authn_file.pp": "eeb11513490beee901574746faaeabdf",
"manifests/mod/authnz_ldap.pp": "e3f91908be35306a488b44c55608b2a0",
"manifests/mod/authz_default.pp": "b7c94cfa4e008155fffd241d35834064",
"manifests/mod/authz_user.pp": "d446c90c44304594206bd2a0112be625",
"manifests/mod/autoindex.pp": "05112ccb06dc218f9a7b937767a6ea2d",
"manifests/mod/cache.pp": "b56d68b9401ba3e02a1f2fe55cdfbcca",
"manifests/mod/cgi.pp": "558a0350d1e8634a706543e0c6e28687",
"manifests/mod/cgid.pp": "f9cea0ad9269bf134637c7c667469842",
"manifests/mod/dav.pp": "9df80d36dd609be9032a8260aa9d10c1",
"manifests/mod/dav_fs.pp": "4528673b6e8d0af6935d9d630028b9f0",
"manifests/mod/dav_svn.pp": "f021fe8048deaa06759cd0b96b450363",
"manifests/mod/deflate.pp": "324c867212f6d9e4593cc4aba392f590",
"manifests/mod/dev.pp": "42673bab60b6fc0f3aa6e2357ec0a27c",
"manifests/mod/dir.pp": "8e577c570ba5e835c4f82232a1c01a4e",
"manifests/mod/disk_cache.pp": "e5b39902f6198d9e0851e551b7a5bf40",
"manifests/mod/event.pp": "d0d35e0fb01aa64c211cbc4afbda7c49",
"manifests/mod/expires.pp": "069783635a7a4f97af535cc149da6589",
"manifests/mod/ext_filter.pp": "ba8f2bb429a0ed12880b80294430ae7e",
"manifests/mod/fastcgi.pp": "237ff6ebc17c35ee2e3c82d2e19cd442",
"manifests/mod/fcgid.pp": "1e57a267408ca82fc258a244299ee15f",
"manifests/mod/filter.pp": "b0039f3ae932b1204994ef2180dd76d2",
"manifests/mod/geoip.pp": "2a963d07231897e8d6928df6dc913676",
"manifests/mod/headers.pp": "ef3de538a0a4c9406236faf43eb89710",
"manifests/mod/include.pp": "a3b66eda88e38d90825c16b834bacd8d",
"manifests/mod/info.pp": "bad325232ff8038449dcafc11ff37ca1",
"manifests/mod/itk.pp": "d1039a503a112a1636659e474070e1f3",
"manifests/mod/ldap.pp": "5b1c9afe7b7048a479f780f57e2f8cd2",
"manifests/mod/mime.pp": "7177378907202b89c88b81f7783e791e",
"manifests/mod/mime_magic.pp": "481e016b74b0649bfdcbb32104a62054",
"manifests/mod/negotiation.pp": "6860ed514001b9f3f6945c78d250fd32",
"manifests/mod/nss.pp": "2ac2830eef417bcd5248dd7553d2fef6",
"manifests/mod/pagespeed.pp": "2638c14081f8065bc8940b8d47782cc3",
"manifests/mod/passenger.pp": "d094fc200d72c46ba11b583eda530a44",
"manifests/mod/perl.pp": "0bc488e1ac33e4e8987e0b07aa909682",
"manifests/mod/peruser.pp": "4bb5f57d14382016f8b7f086046ad8f1",
"manifests/mod/php.pp": "71812033b362bc749be00beaca5f3d5f",
"manifests/mod/prefork.pp": "2a32998b2ecea3a272c9a31631885d0b",
"manifests/mod/proxy.pp": "39e224390d43ffe082ff60fba2b97fc4",
"manifests/mod/proxy_ajp.pp": "073e2406aea7822750d4c21f02d8ac80",
"manifests/mod/proxy_balancer.pp": "6d16440ba6bed5427b331b6c6abf4063",
"manifests/mod/proxy_connect.pp": "574df18a67e478a3be903238ade3d334",
"manifests/mod/proxy_html.pp": "1a8ef7d17e65954aab303e3547e02f22",
"manifests/mod/proxy_http.pp": "0db1b26f8b4036b0d46ba86b7eaac561",
"manifests/mod/python.pp": "15f03d79e45737fdf0afca9665706b88",
"manifests/mod/remoteip.pp": "7fa5b92322df550f58421b24a53dbb01",
"manifests/mod/reqtimeout.pp": "aee3d869e6ca6eed18071c8d2aa97aff",
"manifests/mod/rewrite.pp": "292f2d6ce2078fa9df7f686105ea7b95",
"manifests/mod/rpaf.pp": "4844d717d6577aee8a788a7fbdc5e8dd",
"manifests/mod/security.pp": "10125c8c07389f75a4e5e22bf8c2e7aa",
"manifests/mod/setenvif.pp": "b2ae43541bf1df5374187339e50a081f",
"manifests/mod/shib.pp": "3e2d3b5bf864fd292fa30f7c98d449f6",
"manifests/mod/speling.pp": "fa89a82933d30d2ebfe11e3ad9966bd1",
"manifests/mod/ssl.pp": "3d733329e9f568f68229617cf806b0c1",
"manifests/mod/status.pp": "0b24de931fd8d54b2db0e3d16f0d0d8c",
"manifests/mod/suexec.pp": "2a8671856a0ece597e9b57867dc35e76",
"manifests/mod/suphp.pp": "6905059571fa21b7de957fd90540acff",
"manifests/mod/userdir.pp": "bbe716e8ff38815a51cc4eaaa0c1e4df",
"manifests/mod/version.pp": "6cb31057ebffa796f95642cc95f9499d",
"manifests/mod/vhost_alias.pp": "ee1225a748daaf50aca39a6d93fb8470",
"manifests/mod/worker.pp": "f6ec99efec5fcdf49bf22f98351884a5",
"manifests/mod/wsgi.pp": "0377fe287e51f4a396bd15b47f2628cc",
"manifests/mod/xsendfile.pp": "fba06f05a19c466654aca5ecaa705bf0",
"manifests/mod.pp": "aa769aad02f4af7cdfbbf9e356111a4d",
"manifests/mpm.pp": "a68ddf7dd7ba745c0497bd755d971a4f",
"manifests/namevirtualhost.pp": "67618d40112e4ddc1b46f64af2a5e875",
"manifests/package.pp": "90f8e969c4f920a1e898ae2f6420e438",
"manifests/params.pp": "920b932a31d65f05d71825fd0877461f",
"manifests/peruser/multiplexer.pp": "0ea75341b7a93e55bcfb431a93b1a6c9",
"manifests/peruser/processor.pp": "62f0ad5ed2ec36dadc7f40ad2a9e1bb9",
"manifests/php.pp": "9c9d07e12bf5d112b0b54f5bd69046fc",
"manifests/proxy.pp": "7c8515b88406922e148322ee15044b29",
"manifests/python.pp": "ddef4cd73850fdc2dc126d4579c30adf",
"manifests/security/rule_link.pp": "4635131018b0c5cd5f57ecea9f708b65",
"manifests/service.pp": "e0821dac17ef2bc00068ceae06bc17d9",
"manifests/ssl.pp": "173f3d6a7fd2b5f4100c4ff03d84e13b",
"manifests/version.pp": "bcc947740e4357cbdc9a1d54f44305c7",
"manifests/vhost/custom.pp": "cd51ccfa746809b18324a129d141ae39",
"manifests/vhost.pp": "f8af2035fdd86328cf9026962a12589c",
"metadata.json": "f3990d6a47bb183d80cb1bd86e063ba7",
"spec/acceptance/apache_parameters_spec.rb": "5b95e67d474cc8a132c45f6e91714037",
"spec/acceptance/apache_ssl_spec.rb": "d336538c230a6791746895e6624289c3",
"spec/acceptance/class_spec.rb": "4c66cb0d877d636db1c362fb71982ca6",
"spec/acceptance/custom_config_spec.rb": "61e03d814d0671d194dd40e6b1ad5c9b",
"spec/acceptance/default_mods_spec.rb": "371aae3d37d8cce04e60a4c2534532b1",
"spec/acceptance/itk_spec.rb": "812c855013c08ebb13e642dc5199b41a",
"spec/acceptance/mod_dav_svn_spec.rb": "c70f239472813adcd5710c9b60ebc24c",
"spec/acceptance/mod_deflate_spec.rb": "dd39bfb069e0233bf134caaeb1dc6fe6",
"spec/acceptance/mod_fcgid_spec.rb": "ef0e3368ea14247c05ff43217b5856ee",
"spec/acceptance/mod_mime_spec.rb": "0869792d98c1b2577f02d97c92f1765e",
"spec/acceptance/mod_negotiation_spec.rb": "017f6b0cc1496c25aa9b8a33ef8dbbb3",
"spec/acceptance/mod_pagespeed_spec.rb": "03a32f1018d01e8816f73f237c02cc08",
"spec/acceptance/mod_passenger_spec.rb": "82092218b8346033b3e0c74d88213c43",
"spec/acceptance/mod_php_spec.rb": "65d047d50bba4c17ab9dbdfa0dc4932b",
"spec/acceptance/mod_proxy_html_spec.rb": "3b34027b521dcd06ddffdba7da1cd25d",
"spec/acceptance/mod_security_spec.rb": "ea746c9837c1454a0c50005a989452c0",
"spec/acceptance/mod_suphp_spec.rb": "390a6bcb3cfd120a69c0c1f4fbb78b4f",
"spec/acceptance/nodesets/centos-70-x64.yml": "0ae796256280ca157abc98f7cb492ea4",
"spec/acceptance/nodesets/debian-607-x64.yml": "52f42f3b8fc507a5fc825977d62665a3",
"spec/acceptance/nodesets/debian-70rc1-x64.yml": "717aa92150ebe3fca718807c7c93126f",
"spec/acceptance/nodesets/debian-73-i386.yml": "40aeb7ceab29148bb98a1e2bd51aba86",
"spec/acceptance/nodesets/debian-73-x64.yml": "df78f357e1bd0f7f9818d552eeb35026",
"spec/acceptance/nodesets/debian-82-x64.yml": "05b593024541be6972914aa2e84678f6",
"spec/acceptance/nodesets/default.yml": "40a4f108ab83030fdfdcc230ecaaed9a",
"spec/acceptance/nodesets/fedora-18-x64.yml": "9c907e4416a5fd487ff30a672a6b1c9e",
"spec/acceptance/nodesets/ubuntu-server-10044-x64.yml": "75e86400b7889888dc0781c0ae1a1297",
"spec/acceptance/nodesets/ubuntu-server-12042-x64.yml": "d30d73e34cd50b043c7d14e305955269",
"spec/acceptance/nodesets/ubuntu-server-1310-x64.yml": "9deb39279e104d765179b471c6ebb3a2",
"spec/acceptance/nodesets/ubuntu-server-1404-x64.yml": "5f0aed10098ac5b78e4217bb27c7aaf0",
"spec/acceptance/prefork_worker_spec.rb": "1570eefe61d667a1b43824adc0b2bb78",
"spec/acceptance/service_spec.rb": "341f157cb33fa48d5166d2274ad3bc65",
"spec/acceptance/version.rb": "5a739645e123c5d10351ec5de4e68921",
"spec/acceptance/vhost_spec.rb": "3a31e855eb237f6ad55415d711ef1bb2",
"spec/classes/apache_spec.rb": "53c6ab619681fe83e39b985e27d8b8c9",
"spec/classes/dev_spec.rb": "6bc9ff7cffb77aac52c5bd3acc157d2d",
"spec/classes/mod/alias_spec.rb": "cb7fa1744b0624ec6d04d6dba80bccda",
"spec/classes/mod/auth_cas_spec.rb": "34af1e2489fe7f805c760c40b2bc3f5b",
"spec/classes/mod/auth_kerb_spec.rb": "56066a4060352f76efdad26fe51b2e20",
"spec/classes/mod/auth_mellon_spec.rb": "7f2cfeb9221fc8eac02a2c18a9986bb0",
"spec/classes/mod/authnz_ldap_spec.rb": "ce2f5fb517d4cc760c913fe131b1550f",
"spec/classes/mod/dav_svn_spec.rb": "6cf5fbd5e73c455f0f5afa01561cc704",
"spec/classes/mod/deflate_spec.rb": "a5b6afd416cbad17f21d5c86c83c3485",
"spec/classes/mod/dev_spec.rb": "78d215d7ef3a8e2df3e8789eb75fc4ca",
"spec/classes/mod/dir_spec.rb": "555e4b21a18422034b8b16560a1034a1",
"spec/classes/mod/disk_cache.rb": "50f464d34fda0d1e07248b3f7ff0cfef",
"spec/classes/mod/event_spec.rb": "d8d0bd5dee8a4bf2dcd709326dfdd4e2",
"spec/classes/mod/expires_spec.rb": "a9ff97bcca20bb17102efd88ea0462e6",
"spec/classes/mod/ext_filter_spec.rb": "00ca122b3f697a73f57f81ad9c67de7d",
"spec/classes/mod/fastcgi_spec.rb": "76ac8328da6c2fe1e126d8dcdcdb5519",
"spec/classes/mod/fcgid_spec.rb": "5baa913ba69842771fab4b58c8677544",
"spec/classes/mod/info_spec.rb": "39a67732875c7e43bf1e45b3603d782c",
"spec/classes/mod/itk_spec.rb": "622f23a1346383846cbc98e38388034d",
"spec/classes/mod/ldap_spec.rb": "4c3546f9976ac25b63888fd62b136d5f",
"spec/classes/mod/mime_magic_spec.rb": "8291c37b89f9d50f58fa94ab9cbb1bfe",
"spec/classes/mod/mime_spec.rb": "5e527739b595f9b0638ce384648c3187",
"spec/classes/mod/negotiation_spec.rb": "f1b10fe931b96f72f5d0eaf86354fce9",
"spec/classes/mod/pagespeed_spec.rb": "afd7639e9acfaf1c22ba1149cf7dc763",
"spec/classes/mod/passenger_spec.rb": "d24e6c252592a50ef4eb15a2092481cb",
"spec/classes/mod/perl_spec.rb": "11fb2ae842e64d467ccf70813ef3de7d",
"spec/classes/mod/peruser_spec.rb": "c379ce85a997789856b12c27957bf994",
"spec/classes/mod/php_spec.rb": "4c02498c30a0f7fc77ef126288930acf",
"spec/classes/mod/prefork_spec.rb": "d82f0f25691ba019b912cd000dbb845f",
"spec/classes/mod/proxy_connect_spec.rb": "bc0d0d6328288cd91d84ac9de66e9019",
"spec/classes/mod/proxy_html_spec.rb": "893bfa8dba37e63a24229e28cc74d073",
"spec/classes/mod/python_spec.rb": "45736e6305ca541ba29f997b8e7dd0ef",
"spec/classes/mod/remoteip_spec.rb": "e8840c791f3561c6d466040b888551ed",
"spec/classes/mod/reqtimeout_spec.rb": "cee7de04531d3fb49d75f8f8a7c2b493",
"spec/classes/mod/rpaf_spec.rb": "1845e640c44f8daeeffb13b29a26da84",
"spec/classes/mod/security_spec.rb": "f5a8dcdd5057bc58fc4c2b5120428761",
"spec/classes/mod/shib_spec.rb": "f80ed9a256a9b8f9cb3beaba4b93e32b",
"spec/classes/mod/speling_spec.rb": "4727fbb92f074e0cf3911e6cffe3322f",
"spec/classes/mod/ssl_spec.rb": "ce2114982774840242ab652f5fa985c3",
"spec/classes/mod/status_spec.rb": "1c7520050c8bed47492acd51588be52d",
"spec/classes/mod/suphp_spec.rb": "0c4d625a64124e7c9c14ea2b68dc7ebe",
"spec/classes/mod/worker_spec.rb": "c326e36fbcfe9f0c59dc1db389a33926",
"spec/classes/mod/wsgi_spec.rb": "532da8779e878372ff29b51dfaefceea",
"spec/classes/params_spec.rb": "7bb6270f0338de41e1c34bd77cd844b7",
"spec/classes/service_spec.rb": "d23f6cd3eac018e368e0ba32cbf95f11",
"spec/defines/balancermember_spec.rb": "6071ddc9a56be6ecccfade6e233fb34b",
"spec/defines/custom_config_spec.rb": "a7e3392933cabc8ed6bb57deaebb36d9",
"spec/defines/fastcgi_server_spec.rb": "5798af8e6380d05f3ab38f4788b5c47c",
"spec/defines/mod_spec.rb": "a10e5b2570419737c03cd0f6347cc985",
"spec/defines/modsec_link_spec.rb": "3421b21f8234637dd1c32ebcf89e44c3",
"spec/defines/vhost_custom_spec.rb": "d5596a7a0c239d4c0ed8bebbb6a124ab",
"spec/defines/vhost_spec.rb": "b9b90663d227f504a6eefe4fed1399d9",
"spec/spec.opts": "a600ded995d948e393fbe2320ba8e51c",
"spec/spec_helper.rb": "86e537c02437cf6b6875ee65a10f5f98",
"spec/spec_helper_acceptance.rb": "9f1a9850e558b22d4d2f8fa555cf582a",
"spec/unit/provider/a2mod/gentoo_spec.rb": "4d46c6755d98216aacf8b5d0b8021140",
"spec/unit/puppet/parser/functions/bool2httpd_spec.rb": "0c9bca53eb43b5fc888126514b2a174c",
"spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb": "0145a78254ea716e5e7600d9464318a8",
"spec/unit/puppet/parser/functions/validate_apache_log_level.rb": "8f558fd81d1655e9ab20896152eca512",
"templates/confd/no-accf.conf.erb": "a614f28c4b54370e4fa88403dfe93eb0",
"templates/fastcgi/server.erb": "482ce7a72a08f21e3592e584178d5917",
"templates/httpd.conf.erb": "93bd1cbfae5a922dc8dcb1ffc7c266ee",
"templates/listen.erb": "6286aa08f9e28caee54b1e1ee031b9d6",
"templates/mod/alias.conf.erb": "71028c659b7d1784c0e9f373846c8457",
"templates/mod/auth_cas.conf.erb": "74595985c3b0f9df1aaa0ad5dd7a7906",
"templates/mod/auth_mellon.conf.erb": "4e17d22a8f1bc312e976e8513199c945",
"templates/mod/authnz_ldap.conf.erb": "12c9a1482694ddad3143e5eef03fb531",
"templates/mod/autoindex.conf.erb": "2421a3c6df32c7e38c2a7a22afdf5728",
"templates/mod/cgid.conf.erb": "f8ce27d60bc495bab16de2696ebb2fd0",
"templates/mod/dav_fs.conf.erb": "10c1131168e35319e22b3fbfe51aebfd",
"templates/mod/deflate.conf.erb": "e866ecf2bfe8e42ea984267f569723db",
"templates/mod/dir.conf.erb": "2485da78a2506c14bf51dde38dd03360",
"templates/mod/disk_cache.conf.erb": "48d1b54ec1dedea7f68451bc0774790e",
"templates/mod/event.conf.erb": "469ef574b0ae1728203002a52f3d5a3b",
"templates/mod/expires.conf.erb": "7a77f8b1d50c53ee77a6cb798c51a2b9",
"templates/mod/ext_filter.conf.erb": "4e4e4143ab402a9f9d51301b1a192202",
"templates/mod/fastcgi.conf.erb": "2404caa7d91dea083fc4f8b6f18acd24",
"templates/mod/geoip.conf.erb": "93b95f44ec733ee8231be82381e02782",
"templates/mod/info.conf.erb": "dd434aca2b3693c425a2c252a2c39f46",
"templates/mod/itk.conf.erb": "eff84b78e4f2f8c5c3a2e9fc4b8aad16",
"templates/mod/ldap.conf.erb": "72701fa36054b1d3c5333feb804fd2ba",
"templates/mod/load.erb": "01132434e6101080c41548b0ba7e57d8",
"templates/mod/mime.conf.erb": "785632ed912d7206098c10765c980858",
"templates/mod/mime_magic.conf.erb": "db7ac6bbf365d016852744d339c12d16",
"templates/mod/mpm_event.conf.erb": "80097a19d063a4f973465d9ef5c0c0bf",
"templates/mod/negotiation.conf.erb": "a2f0fb40cd038cb17bedc2b84d9f48ea",
"templates/mod/nss.conf.erb": "1470720436c1f1d3dddb79cb90355b2c",
"templates/mod/pagespeed.conf.erb": "da52f6012cd513d2f9c1e410005187fb",
"templates/mod/passenger.conf.erb": "e6d25300be83bd7658c4a100ecc493b5",
"templates/mod/peruser.conf.erb": "c4f4054aee899249ea6fef5a9e5c14ff",
"templates/mod/php5.conf.erb": "38abd949e9df2c4961cf400fd5ad928b",
"templates/mod/prefork.conf.erb": "f9ec5a7eaea78a19b04fa69f8acd8a84",
"templates/mod/proxy.conf.erb": "7eef34af57278ea572b267cff9fb6631",
"templates/mod/proxy_html.conf.erb": "69c9ce9b7f24e1337065f1ce26b057a0",
"templates/mod/remoteip.conf.erb": "5e3fae3bb4532d351d3860652215af92",
"templates/mod/reqtimeout.conf.erb": "314ef068b786ae5afded290a8b6eab15",
"templates/mod/rpaf.conf.erb": "5447539c083ae54f3a9e93c1ac8c988b",
"templates/mod/security.conf.erb": "e708c110f4bfe2fe6fdb9fc61e8498e4",
"templates/mod/security_crs.conf.erb": "0533f947d1d418774213bc9eb0444358",
"templates/mod/setenvif.conf.erb": "c7ede4173da1915b7ec088201f030c28",
"templates/mod/ssl.conf.erb": "5009e83ef1b9c626e04fe6e469f35a05",
"templates/mod/status.conf.erb": "9e959900ac58c8de34783886efeebce7",
"templates/mod/suphp.conf.erb": "05bb7b3ea23976b032ce405bfd4edd18",
"templates/mod/unixd_fcgid.conf.erb": "1780c7808bb3811deaf0007c890df4dc",
"templates/mod/userdir.conf.erb": "efd4cb18056690f2bddc4332c88bdd94",
"templates/mod/worker.conf.erb": "923ce06f97c04e548a438025b81abf50",
"templates/mod/wsgi.conf.erb": "9a416fa3b71be0795679069809686300",
"templates/namevirtualhost.erb": "fbfca19a639e18e6c477e191344ac8ae",
"templates/ports_header.erb": "afe35cb5747574b700ebaa0f0b3a626e",
"templates/vhost/_access_log.erb": "a0c804cb6fc03e5c573f9bfbcf73d9c6",
"templates/vhost/_action.erb": "a004dfcac2e63cef65cf8aa0e270b636",
"templates/vhost/_additional_includes.erb": "10e9c0056e962c49459839a1576b082e",
"templates/vhost/_aliases.erb": "6412f695e911feac18986da38f290dae",
"templates/vhost/_allow_encoded_slashes.erb": "37dee0b6fe9287342a10b533955dff81",
"templates/vhost/_auth_kerb.erb": "3d0de0c3066440dffcbc75215174705b",
"templates/vhost/_block.erb": "cab4365316621b4e06cd1258abeb1d23",
"templates/vhost/_charsets.erb": "d152b6a7815e9edc0fe9bf9acbe2f1ec",
"templates/vhost/_custom_fragment.erb": "325ff48cefc06db035daa3491c391a88",
"templates/vhost/_directories.erb": "36d90f161866bbdfde942c69279dafbc",
"templates/vhost/_docroot.erb": "65d882a3c9d6b6bdd2f9b771f378035a",
"templates/vhost/_error_document.erb": "81d3007c1301a5c5f244c082cfee9de2",
"templates/vhost/_fallbackresource.erb": "e6c103bee7f6f76b10f244fc9fd1cd3b",
"templates/vhost/_fastcgi.erb": "d07c41eae32671b38b5dba14724c14cc",
"templates/vhost/_file_footer.erb": "e27b2525783e590ca1820f1e2118285d",
"templates/vhost/_file_header.erb": "6bf5dd9f0cdf4e436ba4379d0ff246c9",
"templates/vhost/_filters.erb": "597b9de5ae210af9182a1c95172115e7",
"templates/vhost/_header.erb": "9eb9d4075f288183d8224ddec5b2f126",
"templates/vhost/_itk.erb": "8bf90b9855a9277f7a665b10f6c57fe9",
"templates/vhost/_logging.erb": "5bc4cbb1bc8a292acc0ba0420f96ca4e",
"templates/vhost/_passenger.erb": "6b8f937fffe27e65f9aa72e950c4dbfc",
"templates/vhost/_passenger_base_uris.erb": "c8d7f4da1434078e856c72671942dcd8",
"templates/vhost/_php.erb": "0be13b20951791db0f09c328e13b7eaf",
"templates/vhost/_php_admin.erb": "107a57e9e7b3f86d1abcf743f672a292",
"templates/vhost/_proxy.erb": "5832dab1efcad5421a0cd4fe9a7f4f49",
"templates/vhost/_rack.erb": "ebe187c1bdc81eec9c8e0d9026120b18",
"templates/vhost/_redirect.erb": "639e170cafa9e703ab38797c8fc3030b",
"templates/vhost/_requestheader.erb": "db1b0cdda069ae809b5b83b0871ef991",
"templates/vhost/_rewrite.erb": "63a86545cd1c1a8e9e8518dd270deb3e",
"templates/vhost/_scriptalias.erb": "98713f33cca15b22c749bd35ea9a7b41",
"templates/vhost/_security.erb": "58cd0f606e104be456dea0b5d52212e8",
"templates/vhost/_serveralias.erb": "95fed45853629924467aefc271d5b396",
"templates/vhost/_serversignature.erb": "9bf5a458783ab459e5043e1cdf671fa7",
"templates/vhost/_setenv.erb": "818f65d2936be12a24e59079e28f8f47",
"templates/vhost/_ssl.erb": "cd872142f50ffd80a242346ee75111a3",
"templates/vhost/_sslproxy.erb": "00843c237dcbc359b7c78512905baed5",
"templates/vhost/_suexec.erb": "f2b3f9b9ff8fbac4e468e02cd824675a",
"templates/vhost/_suphp.erb": "a1c4a5e4461adbfce870df0abd158b59",
"templates/vhost/_wsgi.erb": "c4ea9a97580489edc6b589ac46816462"
}

413
modules/services/unix/http/apache/module/apache/manifests/init.pp Normal file
View File

@@ -0,0 +1,413 @@
# Class: apache
#
# This class installs Apache
#
# Parameters:
#
# Actions:
# - Install Apache
# - Manage Apache service
#
# Requires:
#
# Sample Usage:
#
class apache (
$apache_name = $::apache::params::apache_name,
$service_name = $::apache::params::service_name,
$default_mods = true,
$default_vhost = true,
$default_charset = undef,
$default_confd_files = true,
$default_ssl_vhost = false,
$default_ssl_cert = $::apache::params::default_ssl_cert,
$default_ssl_key = $::apache::params::default_ssl_key,
$default_ssl_chain = undef,
$default_ssl_ca = undef,
$default_ssl_crl_path = undef,
$default_ssl_crl = undef,
$default_ssl_crl_check = undef,
$default_type = 'none',
$dev_packages = $::apache::params::dev_packages,
$ip = undef,
$service_enable = true,
$service_manage = true,
$service_ensure = 'running',
$service_restart = undef,
$purge_configs = true,
$purge_vhost_dir = undef,
$purge_vdir = false,
$serveradmin = 'root@localhost',
$sendfile = 'On',
$error_documents = false,
$timeout = '120',
$httpd_dir = $::apache::params::httpd_dir,
$server_root = $::apache::params::server_root,
$conf_dir = $::apache::params::conf_dir,
$confd_dir = $::apache::params::confd_dir,
$vhost_dir = $::apache::params::vhost_dir,
$vhost_enable_dir = $::apache::params::vhost_enable_dir,
$vhost_include_pattern = $::apache::params::vhost_include_pattern,
$mod_dir = $::apache::params::mod_dir,
$mod_enable_dir = $::apache::params::mod_enable_dir,
$mpm_module = $::apache::params::mpm_module,
$lib_path = $::apache::params::lib_path,
$conf_template = $::apache::params::conf_template,
$servername = $::apache::params::servername,
$pidfile = $::apache::params::pidfile,
$rewrite_lock = undef,
$manage_user = true,
$manage_group = true,
$user = $::apache::params::user,
$group = $::apache::params::group,
$keepalive = $::apache::params::keepalive,
$keepalive_timeout = $::apache::params::keepalive_timeout,
$max_keepalive_requests = $::apache::params::max_keepalive_requests,
$limitreqfieldsize = '8190',
$logroot = $::apache::params::logroot,
$logroot_mode = $::apache::params::logroot_mode,
$log_level = $::apache::params::log_level,
$log_formats = {},
$ports_file = $::apache::params::ports_file,
$docroot = $::apache::params::docroot,
$apache_version = $::apache::version::default,
$server_tokens = 'OS',
$server_signature = 'On',
$trace_enable = 'On',
$allow_encoded_slashes = undef,
$package_ensure = 'installed',
$use_optional_includes = $::apache::params::use_optional_includes,
$use_systemd = $::apache::params::use_systemd,
$mime_types_additional = $::apache::params::mime_types_additional,
$file_mode = $::apache::params::file_mode,
) inherits ::apache::params {
validate_bool($default_vhost)
validate_bool($default_ssl_vhost)
validate_bool($default_confd_files)
# true/false is sufficient for both ensure and enable
validate_bool($service_enable)
validate_bool($service_manage)
validate_bool($use_optional_includes)
$valid_mpms_re = $apache_version ? {
'2.4' => '(event|itk|peruser|prefork|worker)',
default => '(event|itk|prefork|worker)'
}
if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans
validate_re($mpm_module, $valid_mpms_re)
}
if $allow_encoded_slashes {
validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.")
}
# NOTE: on FreeBSD it's mpm module's responsibility to install httpd package.
# NOTE: the same strategy may be introduced for other OSes. For this, you
# should delete the 'if' block below and modify all MPM modules' manifests
# such that they include apache::package class (currently event.pp, itk.pp,
# peruser.pp, prefork.pp, worker.pp).
if $::osfamily != 'FreeBSD' {
package { 'httpd':
ensure => $package_ensure,
name => $apache_name,
notify => Class['Apache::Service'],
}
}
validate_re($sendfile, [ '^[oO]n$' , '^[oO]ff$' ])
# declare the web server user and group
# Note: requiring the package means the package ought to create them and not puppet
validate_bool($manage_user)
if $manage_user {
user { $user:
ensure => present,
gid => $group,
require => Package['httpd'],
}
}
validate_bool($manage_group)
if $manage_group {
group { $group:
ensure => present,
require => Package['httpd']
}
}
validate_apache_log_level($log_level)
class { '::apache::service':
service_name => $service_name,
service_enable => $service_enable,
service_manage => $service_manage,
service_ensure => $service_ensure,
service_restart => $service_restart,
}
# Deprecated backwards-compatibility
if $purge_vdir {
warning('Class[\'apache\'] parameter purge_vdir is deprecated in favor of purge_configs')
$purge_confd = $purge_vdir
} else {
$purge_confd = $purge_configs
}
# Set purge vhostd appropriately
if $purge_vhost_dir == undef {
$purge_vhostd = $purge_confd
} else {
$purge_vhostd = $purge_vhost_dir
}
Exec {
path => '/bin:/sbin:/usr/bin:/usr/sbin',
}
exec { "mkdir ${confd_dir}":
creates => $confd_dir,
require => Package['httpd'],
}
file { $confd_dir:
ensure => directory,
recurse => true,
purge => $purge_confd,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
if ! defined(File[$mod_dir]) {
exec { "mkdir ${mod_dir}":
creates => $mod_dir,
require => Package['httpd'],
}
# Don't purge available modules if an enable dir is used
$purge_mod_dir = $purge_configs and !$mod_enable_dir
file { $mod_dir:
ensure => directory,
recurse => true,
purge => $purge_mod_dir,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
}
if $mod_enable_dir and ! defined(File[$mod_enable_dir]) {
$mod_load_dir = $mod_enable_dir
exec { "mkdir ${mod_enable_dir}":
creates => $mod_enable_dir,
require => Package['httpd'],
}
file { $mod_enable_dir:
ensure => directory,
recurse => true,
purge => $purge_configs,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
} else {
$mod_load_dir = $mod_dir
}
if ! defined(File[$vhost_dir]) {
exec { "mkdir ${vhost_dir}":
creates => $vhost_dir,
require => Package['httpd'],
}
file { $vhost_dir:
ensure => directory,
recurse => true,
purge => $purge_vhostd,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
}
if $vhost_enable_dir and ! defined(File[$vhost_enable_dir]) {
$vhost_load_dir = $vhost_enable_dir
exec { "mkdir ${vhost_load_dir}":
creates => $vhost_load_dir,
require => Package['httpd'],
}
file { $vhost_enable_dir:
ensure => directory,
recurse => true,
purge => $purge_vhostd,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
} else {
$vhost_load_dir = $vhost_dir
}
concat { $ports_file:
owner => 'root',
group => $::apache::params::root_group,
mode => $::apache::file_mode,
notify => Class['Apache::Service'],
require => Package['httpd'],
}
concat::fragment { 'Apache ports header':
ensure => present,
target => $ports_file,
content => template('apache/ports_header.erb')
}
if $::apache::conf_dir and $::apache::params::conf_file {
case $::osfamily {
'debian': {
$error_log = 'error.log'
$scriptalias = '/usr/lib/cgi-bin'
$access_log_file = 'access.log'
}
'redhat': {
$error_log = 'error_log'
$scriptalias = '/var/www/cgi-bin'
$access_log_file = 'access_log'
}
'freebsd': {
$error_log = 'httpd-error.log'
$scriptalias = '/usr/local/www/apache24/cgi-bin'
$access_log_file = 'httpd-access.log'
} 'gentoo': {
$error_log = 'error.log'
$error_documents_path = '/usr/share/apache2/error'
$scriptalias = '/var/www/localhost/cgi-bin'
$access_log_file = 'access.log'
if is_array($default_mods) {
if versioncmp($apache_version, '2.4') >= 0 {
if defined('apache::mod::ssl') {
::portage::makeconf { 'apache2_modules':
content => concat($default_mods, [ 'authz_core', 'socache_shmcb' ]),
}
} else {
::portage::makeconf { 'apache2_modules':
content => concat($default_mods, 'authz_core'),
}
}
} else {
::portage::makeconf { 'apache2_modules':
content => $default_mods,
}
}
}
file { [
'/etc/apache2/modules.d/.keep_www-servers_apache-2',
'/etc/apache2/vhosts.d/.keep_www-servers_apache-2'
]:
ensure => absent,
require => Package['httpd'],
}
}
'Suse': {
$error_log = 'error.log'
$scriptalias = '/usr/lib/cgi-bin'
$access_log_file = 'access.log'
}
default: {
fail("Unsupported osfamily ${::osfamily}")
}
}
$apxs_workaround = $::osfamily ? {
'freebsd' => true,
default => false
}
if $rewrite_lock {
validate_absolute_path($rewrite_lock)
}
# Template uses:
# - $pidfile
# - $user
# - $group
# - $logroot
# - $error_log
# - $sendfile
# - $mod_dir
# - $ports_file
# - $confd_dir
# - $vhost_dir
# - $error_documents
# - $error_documents_path
# - $apxs_workaround
# - $keepalive
# - $keepalive_timeout
# - $max_keepalive_requests
# - $server_root
# - $server_tokens
# - $server_signature
# - $trace_enable
# - $rewrite_lock
file { "${::apache::conf_dir}/${::apache::params::conf_file}":
ensure => file,
content => template($conf_template),
notify => Class['Apache::Service'],
require => [Package['httpd'], Concat[$ports_file]],
}
# preserve back-wards compatibility to the times when default_mods was
# only a boolean value. Now it can be an array (too)
if is_array($default_mods) {
class { '::apache::default_mods':
all => false,
mods => $default_mods,
}
} else {
class { '::apache::default_mods':
all => $default_mods,
}
}
class { '::apache::default_confd_files':
all => $default_confd_files
}
if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans
class { "::apache::mod::${mpm_module}": }
}
$default_vhost_ensure = $default_vhost ? {
true => 'present',
false => 'absent'
}
$default_ssl_vhost_ensure = $default_ssl_vhost ? {
true => 'present',
false => 'absent'
}
::apache::vhost { 'default':
ensure => $default_vhost_ensure,
port => 80,
docroot => $docroot,
scriptalias => $scriptalias,
serveradmin => $serveradmin,
access_log_file => $access_log_file,
priority => '15',
ip => $ip,
logroot_mode => $logroot_mode,
manage_docroot => $default_vhost,
}
$ssl_access_log_file = $::osfamily ? {
'freebsd' => $access_log_file,
default => "ssl_${access_log_file}",
}
::apache::vhost { 'default-ssl':
ensure => $default_ssl_vhost_ensure,
port => 443,
ssl => true,
docroot => $docroot,
scriptalias => $scriptalias,
serveradmin => $serveradmin,
access_log_file => $ssl_access_log_file,
priority => '15',
ip => $ip,
logroot_mode => $logroot_mode,
manage_docroot => $default_ssl_vhost,
}
}
# This anchor can be used as a reference point for things that need to happen *after*
# all modules have been put in place.
anchor { '::apache::modules_set_up': }
}

10
modules/services/unix/http/apache/module/apache/manifests/listen.pp Normal file
View File

@@ -0,0 +1,10 @@
define apache::listen {
$listen_addr_port = $name
# Template uses: $listen_addr_port
concat::fragment { "Listen ${listen_addr_port}":
ensure => present,
target => $::apache::ports_file,
content => template('apache/listen.erb'),
}
}

545
modules/services/unix/http/apache/module/apache/manifests/params.pp Normal file
View File

@@ -0,0 +1,545 @@
# Class: apache::params
#
# This class manages Apache parameters
#
# Parameters:
# - The $user that Apache runs as
# - The $group that Apache runs as
# - The $apache_name is the name of the package and service on the relevant
# distribution
# - The $php_package is the name of the package that provided PHP
# - The $ssl_package is the name of the Apache SSL package
# - The $apache_dev is the name of the Apache development libraries package
# - The $conf_contents is the contents of the Apache configuration file
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
class apache::params inherits ::apache::version {
if($::fqdn) {
$servername = $::fqdn
} else {
$servername = $::hostname
}
# The default error log level
$log_level = 'warn'
$use_optional_includes = false
# Default mime types settings
$mime_types_additional = {
'AddHandler' => {
'type-map' => 'var'
},
'AddType' => {
'text/html' => '.shtml'
},
'AddOutputFilter' => {
'INCLUDES' => '.shtml'
},
}
# should we use systemd module?
$use_systemd = true
# Default mode for files
$file_mode = '0644'
$vhost_include_pattern = '*'
if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' {
$verify_command = '/usr/sbin/apache2ctl -t'
} else {
$verify_command = '/usr/sbin/apachectl -t'
}
if $::osfamily == 'RedHat' or $::operatingsystem =~ /^[Aa]mazon$/ {
$user = 'apache'
$group = 'apache'
$root_group = 'root'
$apache_name = 'httpd'
$service_name = 'httpd'
$httpd_dir = '/etc/httpd'
$server_root = '/etc/httpd'
$conf_dir = "${httpd_dir}/conf"
$confd_dir = "${httpd_dir}/conf.d"
$mod_dir = $::apache::version::distrelease ? {
'7' => "${httpd_dir}/conf.modules.d",
default => "${httpd_dir}/conf.d",
}
$mod_enable_dir = undef
$vhost_dir = "${httpd_dir}/conf.d"
$vhost_enable_dir = undef
$conf_file = 'httpd.conf'
$ports_file = "${conf_dir}/ports.conf"
$pidfile = 'run/httpd.pid'
$logroot = '/var/log/httpd'
$logroot_mode = undef
$lib_path = 'modules'
$mpm_module = 'prefork'
$dev_packages = 'httpd-devel'
$default_ssl_cert = '/etc/pki/tls/certs/localhost.crt'
$default_ssl_key = '/etc/pki/tls/private/localhost.key'
$ssl_certs_dir = '/etc/pki/tls/certs'
$passenger_conf_file = 'passenger_extra.conf'
$passenger_conf_package_file = 'passenger.conf'
$passenger_root = undef
$passenger_ruby = undef
$passenger_default_ruby = undef
$suphp_addhandler = 'php5-script'
$suphp_engine = 'off'
$suphp_configpath = undef
# NOTE: The module for Shibboleth is not available to RH/CentOS without an additional repository. http://wiki.aaf.edu.au/tech-info/sp-install-guide
# NOTE: The auth_cas module isn't available to RH/CentOS without enabling EPEL.
$mod_packages = {
'auth_cas' => 'mod_auth_cas',
'auth_kerb' => 'mod_auth_kerb',
'auth_mellon' => 'mod_auth_mellon',
'authnz_ldap' => $::apache::version::distrelease ? {
'7' => 'mod_ldap',
default => 'mod_authz_ldap',
},
'fastcgi' => 'mod_fastcgi',
'fcgid' => 'mod_fcgid',
'geoip' => 'mod_geoip',
'ldap' => $::apache::version::distrelease ? {
'7' => 'mod_ldap',
default => undef,
},
'pagespeed' => 'mod-pagespeed-stable',
'passenger' => 'mod_passenger',
'perl' => 'mod_perl',
'php5' => $::apache::version::distrelease ? {
'5' => 'php53',
default => 'php',
},
'proxy_html' => 'mod_proxy_html',
'python' => 'mod_python',
'security' => 'mod_security',
'shibboleth' => 'shibboleth',
'ssl' => 'mod_ssl',
'wsgi' => 'mod_wsgi',
'dav_svn' => 'mod_dav_svn',
'suphp' => 'mod_suphp',
'xsendfile' => 'mod_xsendfile',
'nss' => 'mod_nss',
'shib2' => 'shibboleth',
}
$mod_libs = {
'php5' => 'libphp5.so',
'nss' => 'libmodnss.so',
}
$conf_template = 'apache/httpd.conf.erb'
$keepalive = 'Off'
$keepalive_timeout = 15
$max_keepalive_requests = 100
$fastcgi_lib_path = undef
$mime_support_package = 'mailcap'
$mime_types_config = '/etc/mime.types'
$docroot = '/var/www/html'
$alias_icons_path = $::apache::version::distrelease ? {
'7' => '/usr/share/httpd/icons',
default => '/var/www/icons',
}
$error_documents_path = $::apache::version::distrelease ? {
'7' => '/usr/share/httpd/error',
default => '/var/www/error'
}
if $::osfamily == 'RedHat' {
$wsgi_socket_prefix = '/var/run/wsgi'
} else {
$wsgi_socket_prefix = undef
}
$cas_cookie_path = '/var/cache/mod_auth_cas/'
$mellon_lock_file = '/run/mod_auth_mellon/lock'
$mellon_cache_size = 100
$mellon_post_directory = undef
$modsec_crs_package = 'mod_security_crs'
$modsec_crs_path = '/usr/lib/modsecurity.d'
$modsec_dir = '/etc/httpd/modsecurity.d'
$modsec_secruleengine = 'On'
$modsec_default_rules = [
'base_rules/modsecurity_35_bad_robots.data',
'base_rules/modsecurity_35_scanners.data',
'base_rules/modsecurity_40_generic_attacks.data',
'base_rules/modsecurity_41_sql_injection_attacks.data',
'base_rules/modsecurity_50_outbound.data',
'base_rules/modsecurity_50_outbound_malware.data',
'base_rules/modsecurity_crs_20_protocol_violations.conf',
'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
'base_rules/modsecurity_crs_23_request_limits.conf',
'base_rules/modsecurity_crs_30_http_policy.conf',
'base_rules/modsecurity_crs_35_bad_robots.conf',
'base_rules/modsecurity_crs_40_generic_attacks.conf',
'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
'base_rules/modsecurity_crs_41_xss_attacks.conf',
'base_rules/modsecurity_crs_42_tight_security.conf',
'base_rules/modsecurity_crs_45_trojans.conf',
'base_rules/modsecurity_crs_47_common_exceptions.conf',
'base_rules/modsecurity_crs_49_inbound_blocking.conf',
'base_rules/modsecurity_crs_50_outbound.conf',
'base_rules/modsecurity_crs_59_outbound_blocking.conf',
'base_rules/modsecurity_crs_60_correlation.conf'
]
} elsif $::osfamily == 'Debian' {
$user = 'www-data'
$group = 'www-data'
$root_group = 'root'
$apache_name = 'apache2'
$service_name = 'apache2'
$httpd_dir = '/etc/apache2'
$server_root = '/etc/apache2'
$conf_dir = $httpd_dir
$confd_dir = "${httpd_dir}/conf.d"
$mod_dir = "${httpd_dir}/mods-available"
$mod_enable_dir = "${httpd_dir}/mods-enabled"
$vhost_dir = "${httpd_dir}/sites-available"
$vhost_enable_dir = "${httpd_dir}/sites-enabled"
$conf_file = 'apache2.conf'
$ports_file = "${conf_dir}/ports.conf"
$pidfile = "\${APACHE_PID_FILE}"
$logroot = '/var/log/apache2'
$logroot_mode = undef
$lib_path = '/usr/lib/apache2/modules'
$mpm_module = 'worker'
$default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
$default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key'
$ssl_certs_dir = '/etc/ssl/certs'
$suphp_addhandler = 'x-httpd-php'
$suphp_engine = 'off'
$suphp_configpath = '/etc/php5/apache2'
$mod_packages = {
'auth_cas' => 'libapache2-mod-auth-cas',
'auth_kerb' => 'libapache2-mod-auth-kerb',
'auth_mellon' => 'libapache2-mod-auth-mellon',
'dav_svn' => 'libapache2-svn',
'fastcgi' => 'libapache2-mod-fastcgi',
'fcgid' => 'libapache2-mod-fcgid',
'geoip' => 'libapache2-mod-geoip',
'nss' => 'libapache2-mod-nss',
'pagespeed' => 'mod-pagespeed-stable',
'passenger' => 'libapache2-mod-passenger',
'perl' => 'libapache2-mod-perl2',
'php5' => 'libapache2-mod-php5',
'proxy_html' => 'libapache2-mod-proxy-html',
'python' => 'libapache2-mod-python',
'rpaf' => 'libapache2-mod-rpaf',
'security' => 'libapache2-modsecurity',
'shib2' => 'libapache2-mod-shib2',
'suphp' => 'libapache2-mod-suphp',
'wsgi' => 'libapache2-mod-wsgi',
'xsendfile' => 'libapache2-mod-xsendfile',
'shib2' => 'libapache2-mod-shib2',
}
if $::osfamily == 'Debian' and versioncmp($::operatingsystemrelease, '8') < 0 {
$shib2_lib = 'mod_shib_22.so'
} else {
$shib2_lib = 'mod_shib2.so'
}
$mod_libs = {
'php5' => 'libphp5.so',
'shib2' => $shib2_lib
}
$conf_template = 'apache/httpd.conf.erb'
$keepalive = 'Off'
$keepalive_timeout = 15
$max_keepalive_requests = 100
$fastcgi_lib_path = '/var/lib/apache2/fastcgi'
$mime_support_package = 'mime-support'
$mime_types_config = '/etc/mime.types'
if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) {
$docroot = '/var/www/html'
} else {
$docroot = '/var/www'
}
$cas_cookie_path = '/var/cache/apache2/mod_auth_cas/'
$mellon_lock_file = undef
$mellon_cache_size = undef
$mellon_post_directory = '/var/cache/apache2/mod_auth_mellon/'
$modsec_crs_package = 'modsecurity-crs'
$modsec_crs_path = '/usr/share/modsecurity-crs'
$modsec_dir = '/etc/modsecurity'
$modsec_secruleengine = 'On'
$modsec_default_rules = [
'base_rules/modsecurity_35_bad_robots.data',
'base_rules/modsecurity_35_scanners.data',
'base_rules/modsecurity_40_generic_attacks.data',
'base_rules/modsecurity_41_sql_injection_attacks.data',
'base_rules/modsecurity_50_outbound.data',
'base_rules/modsecurity_50_outbound_malware.data',
'base_rules/modsecurity_crs_20_protocol_violations.conf',
'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
'base_rules/modsecurity_crs_23_request_limits.conf',
'base_rules/modsecurity_crs_30_http_policy.conf',
'base_rules/modsecurity_crs_35_bad_robots.conf',
'base_rules/modsecurity_crs_40_generic_attacks.conf',
'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
'base_rules/modsecurity_crs_41_xss_attacks.conf',
'base_rules/modsecurity_crs_42_tight_security.conf',
'base_rules/modsecurity_crs_45_trojans.conf',
'base_rules/modsecurity_crs_47_common_exceptions.conf',
'base_rules/modsecurity_crs_49_inbound_blocking.conf',
'base_rules/modsecurity_crs_50_outbound.conf',
'base_rules/modsecurity_crs_59_outbound_blocking.conf',
'base_rules/modsecurity_crs_60_correlation.conf'
]
$alias_icons_path = '/usr/share/apache2/icons'
$error_documents_path = '/usr/share/apache2/error'
if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) {
$dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev']
} else {
$dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev']
}
#
# Passenger-specific settings
#
$passenger_conf_file = 'passenger.conf'
$passenger_conf_package_file = undef
case $::operatingsystem {
'Ubuntu': {
case $::lsbdistrelease {
'12.04': {
$passenger_root = '/usr'
$passenger_ruby = '/usr/bin/ruby'
$passenger_default_ruby = undef
}
'14.04': {
$passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
$passenger_ruby = undef
$passenger_default_ruby = '/usr/bin/ruby'
}
default: {
# The following settings may or may not work on Ubuntu releases not
# supported by this module.
$passenger_root = '/usr'
$passenger_ruby = '/usr/bin/ruby'
$passenger_default_ruby = undef
}
}
}
'Debian': {
case $::lsbdistcodename {
'wheezy': {
$passenger_root = '/usr'
$passenger_ruby = '/usr/bin/ruby'
$passenger_default_ruby = undef
}
'jessie': {
$passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
$passenger_ruby = undef
$passenger_default_ruby = '/usr/bin/ruby'
}
default: {
# The following settings may or may not work on Debian releases not
# supported by this module.
$passenger_root = '/usr'
$passenger_ruby = '/usr/bin/ruby'
$passenger_default_ruby = undef
}
}
}
}
$wsgi_socket_prefix = undef
} elsif $::osfamily == 'FreeBSD' {
$user = 'www'
$group = 'www'
$root_group = 'wheel'
$apache_name = 'apache24'
$service_name = 'apache24'
$httpd_dir = '/usr/local/etc/apache24'
$server_root = '/usr/local'
$conf_dir = $httpd_dir
$confd_dir = "${httpd_dir}/Includes"
$mod_dir = "${httpd_dir}/Modules"
$mod_enable_dir = undef
$vhost_dir = "${httpd_dir}/Vhosts"
$vhost_enable_dir = undef
$conf_file = 'httpd.conf'
$ports_file = "${conf_dir}/ports.conf"
$pidfile = '/var/run/httpd.pid'
$logroot = '/var/log/apache24'
$logroot_mode = undef
$lib_path = '/usr/local/libexec/apache24'
$mpm_module = 'prefork'
$dev_packages = undef
$default_ssl_cert = '/usr/local/etc/apache24/server.crt'
$default_ssl_key = '/usr/local/etc/apache24/server.key'
$ssl_certs_dir = '/usr/local/etc/apache24'
$passenger_conf_file = 'passenger.conf'
$passenger_conf_package_file = undef
$passenger_root = '/usr/local/lib/ruby/gems/2.0/gems/passenger-4.0.58'
$passenger_ruby = '/usr/local/bin/ruby'
$passenger_default_ruby = undef
$suphp_addhandler = 'php5-script'
$suphp_engine = 'off'
$suphp_configpath = undef
$mod_packages = {
# NOTE: I list here only modules that are not included in www/apache24
# NOTE: 'passenger' needs to enable APACHE_SUPPORT in make config
# NOTE: 'php' needs to enable APACHE option in make config
# NOTE: 'dav_svn' needs to enable MOD_DAV_SVN make config
# NOTE: not sure where the shibboleth should come from
'auth_kerb' => 'www/mod_auth_kerb2',
'fcgid' => 'www/mod_fcgid',
'passenger' => 'www/rubygem-passenger',
'perl' => 'www/mod_perl2',
'php5' => 'www/mod_php5',
'proxy_html' => 'www/mod_proxy_html',
'python' => 'www/mod_python3',
'wsgi' => 'www/mod_wsgi',
'dav_svn' => 'devel/subversion',
'xsendfile' => 'www/mod_xsendfile',
'rpaf' => 'www/mod_rpaf2',
'shib2' => 'security/shibboleth2-sp',
}
$mod_libs = {
'php5' => 'libphp5.so',
}
$conf_template = 'apache/httpd.conf.erb'
$keepalive = 'Off'
$keepalive_timeout = 15
$max_keepalive_requests = 100
$fastcgi_lib_path = undef # TODO: revisit
$mime_support_package = 'misc/mime-support'
$mime_types_config = '/usr/local/etc/mime.types'
$wsgi_socket_prefix = undef
$docroot = '/usr/local/www/apache24/data'
$alias_icons_path = '/usr/local/www/apache24/icons'
$error_documents_path = '/usr/local/www/apache24/error'
} elsif $::osfamily == 'Gentoo' {
$user = 'apache'
$group = 'apache'
$root_group = 'wheel'
$apache_name = 'www-servers/apache'
$service_name = 'apache2'
$httpd_dir = '/etc/apache2'
$server_root = '/var/www'
$conf_dir = $httpd_dir
$confd_dir = "${httpd_dir}/conf.d"
$mod_dir = "${httpd_dir}/modules.d"
$mod_enable_dir = undef
$vhost_dir = "${httpd_dir}/vhosts.d"
$vhost_enable_dir = undef
$conf_file = 'httpd.conf'
$ports_file = "${conf_dir}/ports.conf"
$logroot = '/var/log/apache2'
$logroot_mode = undef
$lib_path = '/usr/lib/apache2/modules'
$mpm_module = 'prefork'
$dev_packages = undef
$default_ssl_cert = '/etc/ssl/apache2/server.crt'
$default_ssl_key = '/etc/ssl/apache2/server.key'
$ssl_certs_dir = '/etc/ssl/apache2'
$passenger_root = '/usr'
$passenger_ruby = '/usr/bin/ruby'
$passenger_conf_file = 'passenger.conf'
$passenger_conf_package_file = undef
$passenger_default_ruby = undef
$suphp_addhandler = 'x-httpd-php'
$suphp_engine = 'off'
$suphp_configpath = '/etc/php5/apache2'
$mod_packages = {
# NOTE: I list here only modules that are not included in www-servers/apache
'auth_kerb' => 'www-apache/mod_auth_kerb',
'authnz_external' => 'www-apache/mod_authnz_external',
'fcgid' => 'www-apache/mod_fcgid',
'passenger' => 'www-apache/passenger',
'perl' => 'www-apache/mod_perl',
'php5' => 'dev-lang/php',
'proxy_html' => 'www-apache/mod_proxy_html',
'proxy_fcgi' => 'www-apache/mod_proxy_fcgi',
'python' => 'www-apache/mod_python',
'wsgi' => 'www-apache/mod_wsgi',
'dav_svn' => 'dev-vcs/subversion',
'xsendfile' => 'www-apache/mod_xsendfile',
'rpaf' => 'www-apache/mod_rpaf',
'xml2enc' => 'www-apache/mod_xml2enc',
}
$mod_libs = {
'php5' => 'libphp5.so',
}
$conf_template = 'apache/httpd.conf.erb'
$keepalive = 'Off'
$keepalive_timeout = 15
$max_keepalive_requests = 100
$fastcgi_lib_path = undef # TODO: revisit
$mime_support_package = 'app-misc/mime-types'
$mime_types_config = '/etc/mime.types'
$wsgi_socket_prefix = undef
$docroot = '/var/www/localhost/htdocs'
$alias_icons_path = '/usr/share/apache2/icons'
$error_documents_path = '/usr/share/apache2/error'
} elsif $::osfamily == 'Suse' {
$user = 'wwwrun'
$group = 'wwwrun'
$root_group = 'root'
$apache_name = 'apache2'
$service_name = 'apache2'
$httpd_dir = '/etc/apache2'
$server_root = '/etc/apache2'
$conf_dir = $httpd_dir
$confd_dir = "${httpd_dir}/conf.d"
$mod_dir = "${httpd_dir}/mods-available"
$mod_enable_dir = "${httpd_dir}/mods-enabled"
$vhost_dir = "${httpd_dir}/sites-available"
$vhost_enable_dir = "${httpd_dir}/sites-enabled"
$conf_file = 'httpd.conf'
$ports_file = "${conf_dir}/ports.conf"
$pidfile = '/var/run/httpd2.pid'
$logroot = '/var/log/apache2'
$logroot_mode = undef
$lib_path = '/usr/lib64/apache2-prefork/'
$mpm_module = 'prefork'
$default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
$default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key'
$ssl_certs_dir = '/etc/ssl/certs'
$suphp_addhandler = 'x-httpd-php'
$suphp_engine = 'off'
$suphp_configpath = '/etc/php5/apache2'
$mod_packages = {
'auth_kerb' => 'apache2-mod_auth_kerb',
'fcgid' => 'apache2-mod_fcgid',
'perl' => 'apache2-mod_perl',
'php5' => 'apache2-mod_php53',
'python' => 'apache2-mod_python',
}
$mod_libs = {
'php5' => 'libphp5.so',
}
$conf_template = 'apache/httpd.conf.erb'
$keepalive = 'Off'
$keepalive_timeout = 15
$max_keepalive_requests = 100
$fastcgi_lib_path = '/var/lib/apache2/fastcgi'
$mime_support_package = 'aaa_base'
$mime_types_config = '/etc/mime.types'
$docroot = '/srv/www'
$cas_cookie_path = '/var/cache/apache2/mod_auth_cas/'
$mellon_lock_file = undef
$mellon_cache_size = undef
$mellon_post_directory = undef
$alias_icons_path = '/usr/share/apache2/icons'
$error_documents_path = '/usr/share/apache2/error'
$dev_packages = ['libapr-util1-devel', 'libapr1-devel']
#
# Passenger-specific settings
#
$passenger_conf_file = 'passenger.conf'
$passenger_conf_package_file = undef
$passenger_root = '/usr'
$passenger_ruby = '/usr/bin/ruby'
$passenger_default_ruby = undef
$wsgi_socket_prefix = undef
} else {
fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}")
}
}

18
modules/services/unix/http/apache/module/apache/manifests/ssl.pp Normal file
View File

@@ -0,0 +1,18 @@
# Class: apache::ssl
#
# This class installs Apache SSL capabilities
#
# Parameters:
# - The $ssl_package name from the apache::params class
#
# Actions:
# - Install Apache SSL capabilities
#
# Requires:
#
# Sample Usage:
#
class apache::ssl {
warning('apache::ssl is deprecated; please use apache::mod::ssl')
include ::apache::mod::ssl
}

999
modules/services/unix/http/apache/module/apache/manifests/vhost.pp Normal file
View File

@@ -0,0 +1,999 @@
# See README.md for usage information
define apache::vhost(
$docroot,
$manage_docroot = true,
$virtual_docroot = false,
$port = undef,
$ip = undef,
$ip_based = false,
$add_listen = true,
$docroot_owner = 'root',
$docroot_group = $::apache::params::root_group,
$docroot_mode = undef,
$serveradmin = undef,
$ssl = false,
$ssl_cert = $::apache::default_ssl_cert,
$ssl_key = $::apache::default_ssl_key,
$ssl_chain = $::apache::default_ssl_chain,
$ssl_ca = $::apache::default_ssl_ca,
$ssl_crl_path = $::apache::default_ssl_crl_path,
$ssl_crl = $::apache::default_ssl_crl,
$ssl_crl_check = $::apache::default_ssl_crl_check,
$ssl_certs_dir = $::apache::params::ssl_certs_dir,
$ssl_protocol = undef,
$ssl_cipher = undef,
$ssl_honorcipherorder = undef,
$ssl_verify_client = undef,
$ssl_verify_depth = undef,
$ssl_proxy_verify = undef,
$ssl_proxy_check_peer_cn = undef,
$ssl_proxy_check_peer_name = undef,
$ssl_proxy_machine_cert = undef,
$ssl_options = undef,
$ssl_openssl_conf_cmd = undef,
$ssl_proxyengine = false,
$priority = undef,
$default_vhost = false,
$servername = $name,
$serveraliases = [],
$options = ['Indexes','FollowSymLinks','MultiViews'],
$override = ['None'],
$directoryindex = '',
$vhost_name = '*',
$logroot = $::apache::logroot,
$logroot_ensure = 'directory',
$logroot_mode = undef,
$log_level = undef,
$access_log = true,
$access_log_file = false,
$access_log_pipe = false,
$access_log_syslog = false,
$access_log_format = false,
$access_log_env_var = false,
$access_logs = undef,
$aliases = undef,
$directories = undef,
$error_log = true,
$error_log_file = undef,
$error_log_pipe = undef,
$error_log_syslog = undef,
$error_documents = [],
$fallbackresource = undef,
$scriptalias = undef,
$scriptaliases = [],
$proxy_dest = undef,
$proxy_dest_match = undef,
$proxy_dest_reverse_match = undef,
$proxy_pass = undef,
$proxy_pass_match = undef,
$suphp_addhandler = $::apache::params::suphp_addhandler,
$suphp_engine = $::apache::params::suphp_engine,
$suphp_configpath = $::apache::params::suphp_configpath,
$php_flags = {},
$php_values = {},
$php_admin_flags = {},
$php_admin_values = {},
$no_proxy_uris = [],
$no_proxy_uris_match = [],
$proxy_preserve_host = false,
$proxy_error_override = false,
$redirect_source = '/',
$redirect_dest = undef,
$redirect_status = undef,
$redirectmatch_status = undef,
$redirectmatch_regexp = undef,
$redirectmatch_dest = undef,
$rack_base_uris = undef,
$passenger_base_uris = undef,
$headers = undef,
$request_headers = undef,
$filters = undef,
$rewrites = undef,
$rewrite_base = undef,
$rewrite_rule = undef,
$rewrite_cond = undef,
$setenv = [],
$setenvif = [],
$block = [],
$ensure = 'present',
$wsgi_application_group = undef,
$wsgi_daemon_process = undef,
$wsgi_daemon_process_options = undef,
$wsgi_import_script = undef,
$wsgi_import_script_options = undef,
$wsgi_process_group = undef,
$wsgi_script_aliases = undef,
$wsgi_pass_authorization = undef,
$wsgi_chunked_request = undef,
$custom_fragment = undef,
$itk = undef,
$action = undef,
$fastcgi_server = undef,
$fastcgi_socket = undef,
$fastcgi_dir = undef,
$additional_includes = [],
$use_optional_includes = $::apache::use_optional_includes,
$apache_version = $::apache::apache_version,
$allow_encoded_slashes = undef,
$suexec_user_group = undef,
$passenger_app_root = undef,
$passenger_app_env = undef,
$passenger_ruby = undef,
$passenger_min_instances = undef,
$passenger_start_timeout = undef,
$passenger_pre_start = undef,
$add_default_charset = undef,
$modsec_disable_vhost = undef,
$modsec_disable_ids = undef,
$modsec_disable_ips = undef,
$modsec_body_limit = undef,
$auth_kerb = false,
$krb_method_negotiate = 'on',
$krb_method_k5passwd = 'on',
$krb_authoritative = 'on',
$krb_auth_realms = [],
$krb_5keytab = undef,
$krb_local_user_mapping = undef,
$krb_verify_kdc = 'on',
$krb_servicename = 'HTTP',
$krb_save_credentials = 'off',
) {
# The base class must be included first because it is used by parameter defaults
if ! defined(Class['apache']) {
fail('You must include the apache base class before using any apache defined resources')
}
$apache_name = $::apache::apache_name
validate_re($ensure, '^(present|absent)$',
"${ensure} is not supported for ensure.
Allowed values are 'present' and 'absent'.")
validate_re($suphp_engine, '^(on|off)$',
"${suphp_engine} is not supported for suphp_engine.
Allowed values are 'on' and 'off'.")
validate_bool($ip_based)
validate_bool($access_log)
validate_bool($error_log)
validate_bool($ssl)
validate_bool($default_vhost)
validate_bool($ssl_proxyengine)
if $rewrites {
validate_array($rewrites)
unless empty($rewrites) {
validate_hash($rewrites[0])
}
}
# Input validation begins
if $suexec_user_group {
validate_re($suexec_user_group, '^[\w-]+ [\w-]+$',
"${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.")
}
if $wsgi_pass_authorization {
validate_re(downcase($wsgi_pass_authorization), '^(on|off)$',
"${wsgi_pass_authorization} is not supported for wsgi_pass_authorization.
Allowed values are 'on' and 'off'.")
}
# Deprecated backwards-compatibility
if $rewrite_base {
warning('Apache::Vhost: parameter rewrite_base is deprecated in favor of rewrites')
}
if $rewrite_rule {
warning('Apache::Vhost: parameter rewrite_rule is deprecated in favor of rewrites')
}
if $rewrite_cond {
warning('Apache::Vhost parameter rewrite_cond is deprecated in favor of rewrites')
}
if $wsgi_script_aliases {
validate_hash($wsgi_script_aliases)
}
if $wsgi_daemon_process_options {
validate_hash($wsgi_daemon_process_options)
}
if $wsgi_import_script_options {
validate_hash($wsgi_import_script_options)
}
if $itk {
validate_hash($itk)
}
validate_re($logroot_ensure, '^(directory|absent)$',
"${logroot_ensure} is not supported for logroot_ensure.
Allowed values are 'directory' and 'absent'.")
if $log_level {
validate_apache_log_level($log_level)
}
if $access_log_file and $access_log_pipe {
fail("Apache::Vhost[${name}]: 'access_log_file' and 'access_log_pipe' cannot be defined at the same time")
}
if $error_log_file and $error_log_pipe {
fail("Apache::Vhost[${name}]: 'error_log_file' and 'error_log_pipe' cannot be defined at the same time")
}
if $fallbackresource {
validate_re($fallbackresource, '^/|disabled', 'Please make sure fallbackresource starts with a / (or is "disabled")')
}
if $custom_fragment {
validate_string($custom_fragment)
}
if $allow_encoded_slashes {
validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.")
}
validate_bool($auth_kerb)
# Validate the docroot as a string if:
# - $manage_docroot is true
if $manage_docroot {
validate_string($docroot)
}
if $ssl_proxy_verify {
validate_re($ssl_proxy_verify,'^(none|optional|require|optional_no_ca)$',"${ssl_proxy_verify} is not permitted for ssl_proxy_verify. Allowed values are 'none', 'optional', 'require' or 'optional_no_ca'.")
}
if $ssl_proxy_check_peer_cn {
validate_re($ssl_proxy_check_peer_cn,'(^on$|^off$)',"${ssl_proxy_check_peer_cn} is not permitted for ssl_proxy_check_peer_cn. Allowed values are 'on' or 'off'.")
}
if $ssl_proxy_check_peer_name {
validate_re($ssl_proxy_check_peer_name,'(^on$|^off$)',"${ssl_proxy_check_peer_name} is not permitted for ssl_proxy_check_peer_name. Allowed values are 'on' or 'off'.")
}
# Input validation ends
if $ssl and $ensure == 'present' {
include ::apache::mod::ssl
# Required for the AddType lines.
include ::apache::mod::mime
}
if $auth_kerb and $ensure == 'present' {
include ::apache::mod::auth_kerb
}
if $virtual_docroot {
include ::apache::mod::vhost_alias
}
if $wsgi_daemon_process {
include ::apache::mod::wsgi
}
if $suexec_user_group {
include ::apache::mod::suexec
}
if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start {
include ::apache::mod::passenger
}
# Configure the defaultness of a vhost
if $priority {
$priority_real = "${priority}-"
} elsif $priority == false {
$priority_real = ''
} elsif $default_vhost {
$priority_real = '10-'
} else {
$priority_real = '25-'
}
## Apache include does not always work with spaces in the filename
$filename = regsubst($name, ' ', '_', 'G')
# This ensures that the docroot exists
# But enables it to be specified across multiple vhost resources
if $manage_docroot and $docroot and ! defined(File[$docroot]) {
file { $docroot:
ensure => directory,
owner => $docroot_owner,
group => $docroot_group,
mode => $docroot_mode,
require => Package['httpd'],
before => Concat["${priority_real}${filename}.conf"],
}
}
# Same as above, but for logroot
if ! defined(File[$logroot]) {
file { $logroot:
ensure => $logroot_ensure,
mode => $logroot_mode,
require => Package['httpd'],
before => Concat["${priority_real}${filename}.conf"],
}
}
# Is apache::mod::passenger enabled (or apache::mod['passenger'])
$passenger_enabled = defined(Apache::Mod['passenger'])
# Is apache::mod::shib enabled (or apache::mod['shib2'])
$shibboleth_enabled = defined(Apache::Mod['shib2'])
if $access_log and !$access_logs {
if $access_log_file {
$_logs_dest = "${logroot}/${access_log_file}"
} elsif $access_log_pipe {
$_logs_dest = $access_log_pipe
} elsif $access_log_syslog {
$_logs_dest = $access_log_syslog
} else {
$_logs_dest = undef
}
$_access_logs = [{
'file' => $access_log_file,
'pipe' => $access_log_pipe,
'syslog' => $access_log_syslog,
'format' => $access_log_format,
'env' => $access_log_env_var
}]
} elsif $access_logs {
if !is_array($access_logs) {
fail("Apache::Vhost[${name}]: access_logs must be an array of hashes")
}
$_access_logs = $access_logs
}
if $error_log_file {
$error_log_destination = "${logroot}/${error_log_file}"
} elsif $error_log_pipe {
$error_log_destination = $error_log_pipe
} elsif $error_log_syslog {
$error_log_destination = $error_log_syslog
} else {
if $ssl {
$error_log_destination = "${logroot}/${name}_error_ssl.log"
} else {
$error_log_destination = "${logroot}/${name}_error.log"
}
}
if $ip {
$_ip = enclose_ipv6($ip)
if $port {
$listen_addr_port = suffix(any2array($_ip),":${port}")
$nvh_addr_port = suffix(any2array($_ip),":${port}")
} else {
$listen_addr_port = undef
$nvh_addr_port = $_ip
if ! $servername and ! $ip_based {
fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters for name-based vhosts")
}
}
} else {
if $port {
$listen_addr_port = $port
$nvh_addr_port = "${vhost_name}:${port}"
} else {
$listen_addr_port = undef
$nvh_addr_port = $name
if ! $servername {
fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters, and/or 'servername' parameter")
}
}
}
if $add_listen {
if $ip and defined(Apache::Listen["${port}"]) {
fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this")
}
if $listen_addr_port and $ensure == 'present' {
ensure_resource('apache::listen', $listen_addr_port)
}
}
if ! $ip_based {
if $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) {
ensure_resource('apache::namevirtualhost', $nvh_addr_port)
}
}
# Load mod_rewrite if needed and not yet loaded
if $rewrites or $rewrite_cond {
if ! defined(Class['apache::mod::rewrite']) {
include ::apache::mod::rewrite
}
}
# Load mod_alias if needed and not yet loaded
if ($scriptalias or $scriptaliases != []) or ($aliases and $aliases != []) or ($redirect_source and $redirect_dest) {
if ! defined(Class['apache::mod::alias']) and ($ensure == 'present') {
include ::apache::mod::alias
}
}
# Load mod_proxy if needed and not yet loaded
if ($proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match) {
if ! defined(Class['apache::mod::proxy']) {
include ::apache::mod::proxy
}
if ! defined(Class['apache::mod::proxy_http']) {
include ::apache::mod::proxy_http
}
}
# Load mod_passenger if needed and not yet loaded
if $rack_base_uris {
if ! defined(Class['apache::mod::passenger']) {
include ::apache::mod::passenger
}
}
# Load mod_passenger if needed and not yet loaded
if $passenger_base_uris {
include ::apache::mod::passenger
}
# Load mod_fastci if needed and not yet loaded
if $fastcgi_server and $fastcgi_socket {
if ! defined(Class['apache::mod::fastcgi']) {
include ::apache::mod::fastcgi
}
}
# Check if mod_headers is required to process $headers/$request_headers
if $headers or $request_headers {
if ! defined(Class['apache::mod::headers']) {
include ::apache::mod::headers
}
}
# Check if mod_filter is required to process $filters
if $filters {
if ! defined(Class['apache::mod::filter']) {
include ::apache::mod::filter
}
}
if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) {
if ! defined(Class['apache::mod::setenvif']) {
include ::apache::mod::setenvif
}
}
## Create a default directory list if none defined
if $directories {
if !is_hash($directories) and !(is_array($directories) and is_hash($directories[0])) {
fail("Apache::Vhost[${name}]: 'directories' must be either a Hash or an Array of Hashes")
}
$_directories = $directories
} elsif $docroot {
$_directory = {
provider => 'directory',
path => $docroot,
options => $options,
allow_override => $override,
directoryindex => $directoryindex,
}
if versioncmp($apache_version, '2.4') >= 0 {
$_directory_version = {
require => 'all granted',
}
} else {
$_directory_version = {
order => 'allow,deny',
allow => 'from all',
}
}
$_directories = [ merge($_directory, $_directory_version) ]
}
## Create a global LocationMatch if locations aren't defined
if $modsec_disable_ids {
if is_hash($modsec_disable_ids) {
$_modsec_disable_ids = $modsec_disable_ids
} elsif is_array($modsec_disable_ids) {
$_modsec_disable_ids = { '.*' => $modsec_disable_ids }
} else {
fail("Apache::Vhost[${name}]: 'modsec_disable_ids' must be either a Hash of location/IDs or an Array of IDs")
}
}
concat { "${priority_real}${filename}.conf":
ensure => $ensure,
path => "${::apache::vhost_dir}/${priority_real}${filename}.conf",
owner => 'root',
group => $::apache::params::root_group,
mode => $::apache::file_mode,
order => 'numeric',
require => Package['httpd'],
notify => Class['apache::service'],
}
# NOTE(pabelanger): This code is duplicated in ::apache::vhost::custom and
# needs to be converted into something generic.
if $::apache::vhost_enable_dir {
$vhost_enable_dir = $::apache::vhost_enable_dir
$vhost_symlink_ensure = $ensure ? {
present => link,
default => $ensure,
}
file{ "${priority_real}${filename}.conf symlink":
ensure => $vhost_symlink_ensure,
path => "${vhost_enable_dir}/${priority_real}${filename}.conf",
target => "${::apache::vhost_dir}/${priority_real}${filename}.conf",
owner => 'root',
group => $::apache::params::root_group,
mode => $::apache::file_mode,
require => Concat["${priority_real}${filename}.conf"],
notify => Class['apache::service'],
}
}
# Template uses:
# - $nvh_addr_port
# - $servername
# - $serveradmin
concat::fragment { "${name}-apache-header":
target => "${priority_real}${filename}.conf",
order => 0,
content => template('apache/vhost/_file_header.erb'),
}
# Template uses:
# - $virtual_docroot
# - $docroot
if $docroot {
concat::fragment { "${name}-docroot":
target => "${priority_real}${filename}.conf",
order => 10,
content => template('apache/vhost/_docroot.erb'),
}
}
# Template uses:
# - $aliases
if $aliases and ! empty($aliases) {
concat::fragment { "${name}-aliases":
target => "${priority_real}${filename}.conf",
order => 20,
content => template('apache/vhost/_aliases.erb'),
}
}
# Template uses:
# - $itk
# - $::kernelversion
if $itk and ! empty($itk) {
concat::fragment { "${name}-itk":
target => "${priority_real}${filename}.conf",
order => 30,
content => template('apache/vhost/_itk.erb'),
}
}
# Template uses:
# - $fallbackresource
if $fallbackresource {
concat::fragment { "${name}-fallbackresource":
target => "${priority_real}${filename}.conf",
order => 40,
content => template('apache/vhost/_fallbackresource.erb'),
}
}
# Template uses:
# - $allow_encoded_slashes
if $allow_encoded_slashes {
concat::fragment { "${name}-allow_encoded_slashes":
target => "${priority_real}${filename}.conf",
order => 50,
content => template('apache/vhost/_allow_encoded_slashes.erb'),
}
}
# Template uses:
# - $_directories
# - $docroot
# - $apache_version
# - $suphp_engine
# - $shibboleth_enabled
if $_directories and ! empty($_directories) {
concat::fragment { "${name}-directories":
target => "${priority_real}${filename}.conf",
order => 60,
content => template('apache/vhost/_directories.erb'),
}
}
# Template uses:
# - $additional_includes
if $additional_includes and ! empty($additional_includes) {
concat::fragment { "${name}-additional_includes":
target => "${priority_real}${filename}.conf",
order => 70,
content => template('apache/vhost/_additional_includes.erb'),
}
}
# Template uses:
# - $error_log
# - $log_level
# - $error_log_destination
# - $log_level
if $error_log or $log_level {
concat::fragment { "${name}-logging":
target => "${priority_real}${filename}.conf",
order => 80,
content => template('apache/vhost/_logging.erb'),
}
}
# Template uses no variables
concat::fragment { "${name}-serversignature":
target => "${priority_real}${filename}.conf",
order => 90,
content => template('apache/vhost/_serversignature.erb'),
}
# Template uses:
# - $access_log
# - $_access_log_env_var
# - $access_log_destination
# - $_access_log_format
# - $_access_log_env_var
# - $access_logs
if $access_log or $access_logs {
concat::fragment { "${name}-access_log":
target => "${priority_real}${filename}.conf",
order => 100,
content => template('apache/vhost/_access_log.erb'),
}
}
# Template uses:
# - $action
if $action {
concat::fragment { "${name}-action":
target => "${priority_real}${filename}.conf",
order => 110,
content => template('apache/vhost/_action.erb'),
}
}
# Template uses:
# - $block
# - $apache_version
if $block and ! empty($block) {
concat::fragment { "${name}-block":
target => "${priority_real}${filename}.conf",
order => 120,
content => template('apache/vhost/_block.erb'),
}
}
# Template uses:
# - $error_documents
if $error_documents and ! empty($error_documents) {
concat::fragment { "${name}-error_document":
target => "${priority_real}${filename}.conf",
order => 130,
content => template('apache/vhost/_error_document.erb'),
}
}
# Template uses:
# - $headers
if $headers and ! empty($headers) {
concat::fragment { "${name}-header":
target => "${priority_real}${filename}.conf",
order => 140,
content => template('apache/vhost/_header.erb'),
}
}
# Template uses:
# - $request_headers
if $request_headers and ! empty($request_headers) {
concat::fragment { "${name}-requestheader":
target => "${priority_real}${filename}.conf",
order => 150,
content => template('apache/vhost/_requestheader.erb'),
}
}
# Template uses:
# - $proxy_dest
# - $proxy_pass
# - $proxy_pass_match
# - $proxy_preserve_host
# - $no_proxy_uris
if $proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match {
concat::fragment { "${name}-proxy":
target => "${priority_real}${filename}.conf",
order => 160,
content => template('apache/vhost/_proxy.erb'),
}
}
# Template uses:
# - $rack_base_uris
if $rack_base_uris {
concat::fragment { "${name}-rack":
target => "${priority_real}${filename}.conf",
order => 170,
content => template('apache/vhost/_rack.erb'),
}
}
# Template uses:
# - $passenger_base_uris
if $passenger_base_uris {
concat::fragment { "${name}-passenger_uris":
target => "${priority_real}${filename}.conf",
order => 175,
content => template('apache/vhost/_passenger_base_uris.erb'),
}
}
# Template uses:
# - $redirect_source
# - $redirect_dest
# - $redirect_status
# - $redirect_dest_a
# - $redirect_source_a
# - $redirect_status_a
# - $redirectmatch_status
# - $redirectmatch_regexp
# - $redirectmatch_dest
# - $redirectmatch_status_a
# - $redirectmatch_regexp_a
# - $redirectmatch_dest
if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp and $redirectmatch_dest) {
concat::fragment { "${name}-redirect":
target => "${priority_real}${filename}.conf",
order => 180,
content => template('apache/vhost/_redirect.erb'),
}
}
# Template uses:
# - $rewrites
# - $rewrite_base
# - $rewrite_rule
# - $rewrite_cond
# - $rewrite_map
if $rewrites or $rewrite_rule {
concat::fragment { "${name}-rewrite":
target => "${priority_real}${filename}.conf",
order => 190,
content => template('apache/vhost/_rewrite.erb'),
}
}
# Template uses:
# - $scriptaliases
# - $scriptalias
if ( $scriptalias or $scriptaliases != [] ) {
concat::fragment { "${name}-scriptalias":
target => "${priority_real}${filename}.conf",
order => 200,
content => template('apache/vhost/_scriptalias.erb'),
}
}
# Template uses:
# - $serveraliases
if $serveraliases and ! empty($serveraliases) {
concat::fragment { "${name}-serveralias":
target => "${priority_real}${filename}.conf",
order => 210,
content => template('apache/vhost/_serveralias.erb'),
}
}
# Template uses:
# - $setenv
# - $setenvif
if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) {
concat::fragment { "${name}-setenv":
target => "${priority_real}${filename}.conf",
order => 220,
content => template('apache/vhost/_setenv.erb'),
}
}
# Template uses:
# - $ssl
# - $ssl_cert
# - $ssl_key
# - $ssl_chain
# - $ssl_certs_dir
# - $ssl_ca
# - $ssl_crl_path
# - $ssl_crl
# - $ssl_crl_check
# - $ssl_protocol
# - $ssl_cipher
# - $ssl_honorcipherorder
# - $ssl_verify_client
# - $ssl_verify_depth
# - $ssl_options
# - $ssl_openssl_conf_cmd
# - $apache_version
if $ssl {
concat::fragment { "${name}-ssl":
target => "${priority_real}${filename}.conf",
order => 230,
content => template('apache/vhost/_ssl.erb'),
}
}
# Template uses:
# - $ssl_proxyengine
# - $ssl_proxy_verify
# - $ssl_proxy_check_peer_cn
# - $ssl_proxy_check_peer_name
# - $ssl_proxy_machine_cert
if $ssl_proxyengine {
concat::fragment { "${name}-sslproxy":
target => "${priority_real}${filename}.conf",
order => 230,
content => template('apache/vhost/_sslproxy.erb'),
}
}
# Template uses:
# - $auth_kerb
# - $krb_method_negotiate
# - $krb_method_k5passwd
# - $krb_authoritative
# - $krb_auth_realms
# - $krb_5keytab
# - $krb_local_user_mapping
if $auth_kerb {
concat::fragment { "${name}-auth_kerb":
target => "${priority_real}${filename}.conf",
order => 230,
content => template('apache/vhost/_auth_kerb.erb'),
}
}
# Template uses:
# - $suphp_engine
# - $suphp_addhandler
# - $suphp_configpath
if $suphp_engine == 'on' {
concat::fragment { "${name}-suphp":
target => "${priority_real}${filename}.conf",
order => 240,
content => template('apache/vhost/_suphp.erb'),
}
}
# Template uses:
# - $php_values
# - $php_flags
if ($php_values and ! empty($php_values)) or ($php_flags and ! empty($php_flags)) {
concat::fragment { "${name}-php":
target => "${priority_real}${filename}.conf",
order => 240,
content => template('apache/vhost/_php.erb'),
}
}
# Template uses:
# - $php_admin_values
# - $php_admin_flags
if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) {
concat::fragment { "${name}-php_admin":
target => "${priority_real}${filename}.conf",
order => 250,
content => template('apache/vhost/_php_admin.erb'),
}
}
# Template uses:
# - $wsgi_application_group
# - $wsgi_daemon_process
# - $wsgi_daemon_process_options
# - $wsgi_import_script
# - $wsgi_import_script_options
# - $wsgi_process_group
# - $wsgi_script_aliases
# - $wsgi_pass_authorization
if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization {
concat::fragment { "${name}-wsgi":
target => "${priority_real}${filename}.conf",
order => 260,
content => template('apache/vhost/_wsgi.erb'),
}
}
# Template uses:
# - $custom_fragment
if $custom_fragment {
concat::fragment { "${name}-custom_fragment":
target => "${priority_real}${filename}.conf",
order => 270,
content => template('apache/vhost/_custom_fragment.erb'),
}
}
# Template uses:
# - $fastcgi_server
# - $fastcgi_socket
# - $fastcgi_dir
# - $apache_version
if $fastcgi_server or $fastcgi_dir {
concat::fragment { "${name}-fastcgi":
target => "${priority_real}${filename}.conf",
order => 280,
content => template('apache/vhost/_fastcgi.erb'),
}
}
# Template uses:
# - $suexec_user_group
if $suexec_user_group {
concat::fragment { "${name}-suexec":
target => "${priority_real}${filename}.conf",
order => 290,
content => template('apache/vhost/_suexec.erb'),
}
}
# Template uses:
# - $passenger_app_root
# - $passenger_app_env
# - $passenger_ruby
# - $passenger_min_instances
# - $passenger_start_timeout
# - $passenger_pre_start
if $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start {
concat::fragment { "${name}-passenger":
target => "${priority_real}${filename}.conf",
order => 300,
content => template('apache/vhost/_passenger.erb'),
}
}
# Template uses:
# - $add_default_charset
if $add_default_charset {
concat::fragment { "${name}-charsets":
target => "${priority_real}${filename}.conf",
order => 310,
content => template('apache/vhost/_charsets.erb'),
}
}
# Template uses:
# - $modsec_disable_vhost
# - $modsec_disable_ids
# - $modsec_disable_ips
# - $modsec_body_limit
if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips {
concat::fragment { "${name}-security":
target => "${priority_real}${filename}.conf",
order => 320,
content => template('apache/vhost/_security.erb')
}
}
# Template uses:
# - $filters
if $filters and ! empty($filters) {
concat::fragment { "${name}-filters":
target => "${priority_real}${filename}.conf",
order => 330,
content => template('apache/vhost/_filters.erb'),
}
}
# Template uses no variables
concat::fragment { "${name}-file_footer":
target => "${priority_real}${filename}.conf",
order => 999,
content => template('apache/vhost/_file_footer.erb'),
}
}

81
modules/services/unix/http/apache/module/apache/metadata.json Normal file
View File

@@ -0,0 +1,81 @@
{
"name": "puppetlabs-apache",
"version": "1.8.1",
"author": "puppetlabs",
"summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.",
"license": "Apache-2.0",
"source": "git://github.com/puppetlabs/puppetlabs-apache.git",
"project_page": "https://github.com/puppetlabs/puppetlabs-apache",
"issues_url": "https://tickets.puppetlabs.com/browse/MODULES",
"dependencies": [
{"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0 < 5.0.0"},
{"name":"puppetlabs/concat","version_requirement":">= 1.1.1 < 3.0.0"}
],
"data_provider": null,
"operatingsystem_support": [
{
"operatingsystem": "RedHat",
"operatingsystemrelease": [
"5",
"6",
"7"
]
},
{
"operatingsystem": "CentOS",
"operatingsystemrelease": [
"5",
"6",
"7"
]
},
{
"operatingsystem": "OracleLinux",
"operatingsystemrelease": [
"6",
"7"
]
},
{
"operatingsystem": "Scientific",
"operatingsystemrelease": [
"5",
"6",
"7"
]
},
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
"6",
"7",
"8"
]
},
{
"operatingsystem": "SLES",
"operatingsystemrelease": [
"11 SP1"
]
},
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": [
"10.04",
"12.04",
"14.04"
]
}
],
"requirements": [
{
"name": "pe",
"version_requirement": ">= 3.7.0 < 2015.4.0"
},
{
"name": "puppet",
"version_requirement": ">= 3.0.0 < 5.0.0"
}
],
"description": "Module for Apache configuration"
}

884
modules/services/unix/http/apache/module/apache/spec/classes/apache_spec.rb Normal file
View File

@@ -0,0 +1,884 @@
require 'spec_helper'
describe 'apache', :type => :class do
context "on a Debian OS" do
let :facts do
{
:id => 'root',
:kernel => 'Linux',
:lsbdistcodename => 'squeeze',
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '6',
:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
:concat_basedir => '/dne',
:is_pe => false,
}
end
it { is_expected.to contain_class("apache::params") }
it { is_expected.to contain_package("httpd").with(
'notify' => 'Class[Apache::Service]',
'ensure' => 'installed'
)
}
it { is_expected.to contain_user("www-data") }
it { is_expected.to contain_group("www-data") }
it { is_expected.to contain_class("apache::service") }
it { is_expected.to contain_file("/var/www").with(
'ensure' => 'directory'
)
}
it { is_expected.to contain_file("/etc/apache2/sites-enabled").with(
'ensure' => 'directory',
'recurse' => 'true',
'purge' => 'true',
'notify' => 'Class[Apache::Service]',
'require' => 'Package[httpd]'
)
}
it { is_expected.to contain_file("/etc/apache2/mods-enabled").with(
'ensure' => 'directory',
'recurse' => 'true',
'purge' => 'true',
'notify' => 'Class[Apache::Service]',
'require' => 'Package[httpd]'
)
}
it { is_expected.to contain_file("/etc/apache2/mods-available").with(
'ensure' => 'directory',
'recurse' => 'true',
'purge' => 'false',
'notify' => 'Class[Apache::Service]',
'require' => 'Package[httpd]'
)
}
it { is_expected.to contain_concat("/etc/apache2/ports.conf").with(
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
'notify' => 'Class[Apache::Service]'
)
}
# Assert that load files are placed and symlinked for these mods, but no conf file.
[
'auth_basic',
'authn_file',
'authz_default',
'authz_groupfile',
'authz_host',
'authz_user',
'dav',
'env'
].each do |modname|
it { is_expected.to contain_file("#{modname}.load").with(
'path' => "/etc/apache2/mods-available/#{modname}.load",
'ensure' => 'file'
) }
it { is_expected.to contain_file("#{modname}.load symlink").with(
'path' => "/etc/apache2/mods-enabled/#{modname}.load",
'ensure' => 'link',
'target' => "/etc/apache2/mods-available/#{modname}.load"
) }
it { is_expected.not_to contain_file("#{modname}.conf") }
it { is_expected.not_to contain_file("#{modname}.conf symlink") }
end
context "with Apache version < 2.4" do
let :params do
{ :apache_version => '2.2' }
end
it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^Include "/etc/apache2/conf\.d/\*\.conf"$} }
end
context "with Apache version >= 2.4" do
let :params do
{
:apache_version => '2.4',
:use_optional_includes => true
}
end
it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^IncludeOptional "/etc/apache2/conf\.d/\*\.conf"$} }
end
context "when specifying slash encoding behaviour" do
let :params do
{ :allow_encoded_slashes => 'nodecode' }
end
it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^AllowEncodedSlashes nodecode$} }
end
context "when specifying default character set" do
let :params do
{ :default_charset => 'none' }
end
it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^AddDefaultCharset none$} }
end
# Assert that both load files and conf files are placed and symlinked for these mods
[
'alias',
'autoindex',
'dav_fs',
'deflate',
'dir',
'mime',
'negotiation',
'setenvif',
].each do |modname|
it { is_expected.to contain_file("#{modname}.load").with(
'path' => "/etc/apache2/mods-available/#{modname}.load",
'ensure' => 'file'
) }
it { is_expected.to contain_file("#{modname}.load symlink").with(
'path' => "/etc/apache2/mods-enabled/#{modname}.load",
'ensure' => 'link',
'target' => "/etc/apache2/mods-available/#{modname}.load"
) }
it { is_expected.to contain_file("#{modname}.conf").with(
'path' => "/etc/apache2/mods-available/#{modname}.conf",
'ensure' => 'file'
) }
it { is_expected.to contain_file("#{modname}.conf symlink").with(
'path' => "/etc/apache2/mods-enabled/#{modname}.conf",
'ensure' => 'link',
'target' => "/etc/apache2/mods-available/#{modname}.conf"
) }
end
describe "Check default type" do
context "with Apache version < 2.4" do
let :params do
{
:apache_version => '2.2',
}
end
context "when default_type => 'none'" do
let :params do
{ :default_type => 'none' }
end
it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^DefaultType none$} }
end
context "when default_type => 'text/plain'" do
let :params do
{ :default_type => 'text/plain' }
end
it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^DefaultType text/plain$} }
end
end
context "with Apache version >= 2.4" do
let :params do
{
:apache_version => '2.4',
}
end
it { is_expected.to contain_file("/etc/apache2/apache2.conf").without_content %r{^DefaultType [.]*$} }
end
end
describe "Don't create user resource" do
context "when parameter manage_user is false" do
let :params do
{ :manage_user => false }
end
it { is_expected.not_to contain_user('www-data') }
it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^User www-data\n} }
end
end
describe "Don't create group resource" do
context "when parameter manage_group is false" do
let :params do
{ :manage_group => false }
end
it { is_expected.not_to contain_group('www-data') }
it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^Group www-data\n} }
end
end
describe "Add extra LogFormats" do
context "When parameter log_formats is a hash" do
let :params do
{ :log_formats => {
'vhost_common' => "%v %h %l %u %t \"%r\" %>s %b",
'vhost_combined' => "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
} }
end
it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common\n} }
it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" vhost_combined\n} }
end
end
describe "Override existing LogFormats" do
context "When parameter log_formats is a hash" do
let :params do
{ :log_formats => {
'common' => "%v %h %l %u %t \"%r\" %>s %b",
'combined' => "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
} }
end
it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" common\n} }
it { is_expected.to contain_file("/etc/apache2/apache2.conf").without_content %r{^LogFormat "%h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n} }
it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" common\n} }
it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n} }
it { is_expected.to contain_file("/etc/apache2/apache2.conf").without_content %r{^LogFormat "%h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n} }
end
end
context "8" do
let :facts do
super().merge({
:lsbdistcodename => 'jessie',
:operatingsystemrelease => '8'
})
end
it { is_expected.to contain_file("/var/www/html").with(
'ensure' => 'directory'
)
}
end
context "on Ubuntu" do
let :facts do
super().merge({
:operatingsystem => 'Ubuntu'
})
end
context "14.04" do
let :facts do
super().merge({
:lsbdistrelease => '14.04',
:operatingsystemrelease => '14.04'
})
end
it { is_expected.to contain_file("/var/www/html").with(
'ensure' => 'directory'
)
}
end
context "13.10" do
let :facts do
super().merge({
:lsbdistrelease => '13.10',
:operatingsystemrelease => '13.10'
})
end
it { is_expected.to contain_class('apache').with_apache_version('2.4') }
end
context "12.04" do
let :facts do
super().merge({
:lsbdistrelease => '12.04',
:operatingsystemrelease => '12.04'
})
end
it { is_expected.to contain_class('apache').with_apache_version('2.2') }
end
context "13.04" do
let :facts do
super().merge({
:lsbdistrelease => '13.04',
:operatingsystemrelease => '13.04'
})
end
it { is_expected.to contain_class('apache').with_apache_version('2.2') }
end
end
end
context "on a RedHat 5 OS" do
let :facts do
{
:id => 'root',
:kernel => 'Linux',
:osfamily => 'RedHat',
:operatingsystem => 'RedHat',
:operatingsystemrelease => '5',
:concat_basedir => '/dne',
:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
:is_pe => false,
}
end
it { is_expected.to contain_class("apache::params") }
it { is_expected.to contain_package("httpd").with(
'notify' => 'Class[Apache::Service]',
'ensure' => 'installed'
)
}
it { is_expected.to contain_user("apache") }
it { is_expected.to contain_group("apache") }
it { is_expected.to contain_class("apache::service") }
it { is_expected.to contain_file("/var/www/html").with(
'ensure' => 'directory'
)
}
it { is_expected.to contain_file("/etc/httpd/conf.d").with(
'ensure' => 'directory',
'recurse' => 'true',
'purge' => 'true',
'notify' => 'Class[Apache::Service]',
'require' => 'Package[httpd]'
)
}
it { is_expected.to contain_concat("/etc/httpd/conf/ports.conf").with(
'owner' => 'root',
'group' => 'root',
'mode' => '0644',
'notify' => 'Class[Apache::Service]'
)
}
describe "Alternate confd/mod/vhosts directory" do
let :params do
{
:vhost_dir => '/etc/httpd/site.d',
:confd_dir => '/etc/httpd/conf.d',
:mod_dir => '/etc/httpd/mod.d',
}
end
['mod.d','site.d','conf.d'].each do |dir|
it { is_expected.to contain_file("/etc/httpd/#{dir}").with(
'ensure' => 'directory',
'recurse' => 'true',
'purge' => 'true',
'notify' => 'Class[Apache::Service]',
'require' => 'Package[httpd]'
) }
end
# Assert that load files are placed for these mods, but no conf file.
[
'auth_basic',
'authn_file',
'authz_default',
'authz_groupfile',
'authz_host',
'authz_user',
'dav',
'env',
].each do |modname|
it { is_expected.to contain_file("#{modname}.load").with_path(
"/etc/httpd/mod.d/#{modname}.load"
) }
it { is_expected.not_to contain_file("#{modname}.conf").with_path(
"/etc/httpd/mod.d/#{modname}.conf"
) }
end
# Assert that both load files and conf files are placed for these mods
[
'alias',
'autoindex',
'dav_fs',
'deflate',
'dir',
'mime',
'negotiation',
'setenvif',
].each do |modname|
it { is_expected.to contain_file("#{modname}.load").with_path(
"/etc/httpd/mod.d/#{modname}.load"
) }
it { is_expected.to contain_file("#{modname}.conf").with_path(
"/etc/httpd/mod.d/#{modname}.conf"
) }
end
context "with Apache version < 2.4" do
let :params do
{ :apache_version => '2.2' }
end
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/conf\.d/\*\.conf"$} }
end
context "with Apache version >= 2.4" do
let :params do
{
:apache_version => '2.4',
:use_optional_includes => true
}
end
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^IncludeOptional "/etc/httpd/conf\.d/\*\.conf"$} }
end
context "with Apache version < 2.4" do
let :params do
{
:apache_version => '2.2',
:rewrite_lock => '/var/lock/subsys/rewrite-lock'
}
end
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^RewriteLock /var/lock/subsys/rewrite-lock$} }
end
context "with Apache version < 2.4" do
let :params do
{
:apache_version => '2.2'
}
end
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").without_content %r{^RewriteLock [.]*$} }
end
context "with Apache version >= 2.4" do
let :params do
{
:apache_version => '2.4',
:rewrite_lock => '/var/lock/subsys/rewrite-lock'
}
end
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").without_content %r{^RewriteLock [.]*$} }
end
context "when specifying slash encoding behaviour" do
let :params do
{ :allow_encoded_slashes => 'nodecode' }
end
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^AllowEncodedSlashes nodecode$} }
end
context "when specifying default character set" do
let :params do
{ :default_charset => 'none' }
end
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^AddDefaultCharset none$} }
end
context "with Apache version < 2.4" do
let :params do
{
:apache_version => '2.2',
}
end
context "when default_type => 'none'" do
let :params do
{ :default_type => 'none' }
end
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^DefaultType none$} }
end
context "when default_type => 'text/plain'" do
let :params do
{ :default_type => 'text/plain' }
end
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^DefaultType text/plain$} }
end
end
context "with Apache version >= 2.4" do
let :params do
{
:apache_version => '2.4',
}
end
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").without_content %r{^DefaultType [.]*$} }
end
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/site\.d/\*"$} }
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.conf"$} }
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.load"$} }
end
describe "Alternate conf directory" do
let :params do
{ :conf_dir => '/opt/rh/root/etc/httpd/conf' }
end
it { is_expected.to contain_file("/opt/rh/root/etc/httpd/conf/httpd.conf").with(
'ensure' => 'file',
'notify' => 'Class[Apache::Service]',
'require' => ['Package[httpd]', 'Concat[/etc/httpd/conf/ports.conf]'],
) }
end
describe "Alternate conf.d directory" do
let :params do
{ :confd_dir => '/etc/httpd/special_conf.d' }
end
it { is_expected.to contain_file("/etc/httpd/special_conf.d").with(
'ensure' => 'directory',
'recurse' => 'true',
'purge' => 'true',
'notify' => 'Class[Apache::Service]',
'require' => 'Package[httpd]'
) }
end
describe "Alternate mpm_modules" do
context "when declaring mpm_module is false" do
let :params do
{ :mpm_module => false }
end
it 'should not declare mpm modules' do
is_expected.not_to contain_class('apache::mod::event')
is_expected.not_to contain_class('apache::mod::itk')
is_expected.not_to contain_class('apache::mod::peruser')
is_expected.not_to contain_class('apache::mod::prefork')
is_expected.not_to contain_class('apache::mod::worker')
end
end
context "when declaring mpm_module => prefork" do
let :params do
{ :mpm_module => 'prefork' }
end
it { is_expected.to contain_class('apache::mod::prefork') }
it { is_expected.not_to contain_class('apache::mod::event') }
it { is_expected.not_to contain_class('apache::mod::itk') }
it { is_expected.not_to contain_class('apache::mod::peruser') }
it { is_expected.not_to contain_class('apache::mod::worker') }
end
context "when declaring mpm_module => worker" do
let :params do
{ :mpm_module => 'worker' }
end
it { is_expected.to contain_class('apache::mod::worker') }
it { is_expected.not_to contain_class('apache::mod::event') }
it { is_expected.not_to contain_class('apache::mod::itk') }
it { is_expected.not_to contain_class('apache::mod::peruser') }
it { is_expected.not_to contain_class('apache::mod::prefork') }
end
context "when declaring mpm_module => breakme" do
let :params do
{ :mpm_module => 'breakme' }
end
it { expect { catalogue }.to raise_error Puppet::Error, /does not match/ }
end
end
describe "different templates for httpd.conf" do
context "with default" do
let :params do
{ :conf_template => 'apache/httpd.conf.erb' }
end
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^# Security\n} }
end
context "with non-default" do
let :params do
{ :conf_template => 'site_apache/fake.conf.erb' }
end
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Fake template for rspec.$} }
end
end
describe "default mods" do
context "without" do
let :params do
{ :default_mods => false }
end
it { is_expected.to contain_apache__mod('authz_host') }
it { is_expected.not_to contain_apache__mod('env') }
end
context "custom" do
let :params do
{ :default_mods => [
'info',
'alias',
'mime',
'env',
'setenv',
'expires',
]}
end
it { is_expected.to contain_apache__mod('authz_host') }
it { is_expected.to contain_apache__mod('env') }
it { is_expected.to contain_class('apache::mod::info') }
it { is_expected.to contain_class('apache::mod::mime') }
end
end
describe "Don't create user resource" do
context "when parameter manage_user is false" do
let :params do
{ :manage_user => false }
end
it { is_expected.not_to contain_user('apache') }
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^User apache\n} }
end
end
describe "Don't create group resource" do
context "when parameter manage_group is false" do
let :params do
{ :manage_group => false }
end
it { is_expected.not_to contain_group('apache') }
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Group apache\n} }
end
end
describe "sendfile" do
context "with invalid value" do
let :params do
{ :sendfile => 'foo' }
end
it "should fail" do
expect do
catalogue
end.to raise_error(Puppet::Error, /"foo" does not match/)
end
end
context "On" do
let :params do
{ :sendfile => 'On' }
end
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^EnableSendfile On\n} }
end
context "Off" do
let :params do
{ :sendfile => 'Off' }
end
it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^EnableSendfile Off\n} }
end
end
context "on Fedora" do
let :facts do
super().merge({
:operatingsystem => 'Fedora'
})
end
context "21" do
let :facts do
super().merge({
:lsbdistrelease => '21',
:operatingsystemrelease => '21'
})
end
it { is_expected.to contain_class('apache').with_apache_version('2.4') }
end
context "Rawhide" do
let :facts do
super().merge({
:lsbdistrelease => 'Rawhide',
:operatingsystemrelease => 'Rawhide'
})
end
it { is_expected.to contain_class('apache').with_apache_version('2.4') }
end
# kinda obsolete
context "17" do
let :facts do
super().merge({
:lsbdistrelease => '17',
:operatingsystemrelease => '17'
})
end
it { is_expected.to contain_class('apache').with_apache_version('2.2') }
end
end
end
context "on a FreeBSD OS" do
let :facts do
{
:id => 'root',
:kernel => 'FreeBSD',
:osfamily => 'FreeBSD',
:operatingsystem => 'FreeBSD',
:operatingsystemrelease => '10',
:concat_basedir => '/dne',
:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
:is_pe => false,
}
end
it { is_expected.to contain_class("apache::params") }
it { is_expected.to contain_class("apache::package").with({'ensure' => 'present'}) }
it { is_expected.to contain_user("www") }
it { is_expected.to contain_group("www") }
it { is_expected.to contain_class("apache::service") }
it { is_expected.to contain_file("/usr/local/www/apache24/data").with(
'ensure' => 'directory'
)
}
it { is_expected.to contain_file("/usr/local/etc/apache24/Vhosts").with(
'ensure' => 'directory',
'recurse' => 'true',
'purge' => 'true',
'notify' => 'Class[Apache::Service]',
'require' => 'Package[httpd]'
) }
it { is_expected.to contain_file("/usr/local/etc/apache24/Modules").with(
'ensure' => 'directory',
'recurse' => 'true',
'purge' => 'true',
'notify' => 'Class[Apache::Service]',
'require' => 'Package[httpd]'
) }
it { is_expected.to contain_concat("/usr/local/etc/apache24/ports.conf").with(
'owner' => 'root',
'group' => 'wheel',
'mode' => '0644',
'notify' => 'Class[Apache::Service]'
) }
# Assert that load files are placed for these mods, but no conf file.
[
'auth_basic',
'authn_core',
'authn_file',
'authz_groupfile',
'authz_host',
'authz_user',
'dav',
'env'
].each do |modname|
it { is_expected.to contain_file("#{modname}.load").with(
'path' => "/usr/local/etc/apache24/Modules/#{modname}.load",
'ensure' => 'file'
) }
it { is_expected.not_to contain_file("#{modname}.conf") }
end
# Assert that both load files and conf files are placed for these mods
[
'alias',
'autoindex',
'dav_fs',
'deflate',
'dir',
'mime',
'negotiation',
'setenvif',
].each do |modname|
it { is_expected.to contain_file("#{modname}.load").with(
'path' => "/usr/local/etc/apache24/Modules/#{modname}.load",
'ensure' => 'file'
) }
it { is_expected.to contain_file("#{modname}.conf").with(
'path' => "/usr/local/etc/apache24/Modules/#{modname}.conf",
'ensure' => 'file'
) }
end
end
context "on a Gentoo OS" do
let :facts do
{
:id => 'root',
:kernel => 'Linux',
:osfamily => 'Gentoo',
:operatingsystem => 'Gentoo',
:operatingsystemrelease => '3.16.1-gentoo',
:concat_basedir => '/dne',
:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin',
:is_pe => false,
}
end
it { is_expected.to contain_class("apache::params") }
it { is_expected.to contain_user("apache") }
it { is_expected.to contain_group("apache") }
it { is_expected.to contain_class("apache::service") }
it { is_expected.to contain_file("/var/www/localhost/htdocs").with(
'ensure' => 'directory'
)
}
it { is_expected.to contain_file("/etc/apache2/vhosts.d").with(
'ensure' => 'directory',
'recurse' => 'true',
'purge' => 'true',
'notify' => 'Class[Apache::Service]',
'require' => 'Package[httpd]'
) }
it { is_expected.to contain_file("/etc/apache2/modules.d").with(
'ensure' => 'directory',
'recurse' => 'true',
'purge' => 'true',
'notify' => 'Class[Apache::Service]',
'require' => 'Package[httpd]'
) }
it { is_expected.to contain_concat("/etc/apache2/ports.conf").with(
'owner' => 'root',
'group' => 'wheel',
'mode' => '0644',
'notify' => 'Class[Apache::Service]'
) }
end
context 'on all OSes' do
let :facts do
{
:id => 'root',
:kernel => 'Linux',
:osfamily => 'RedHat',
:operatingsystem => 'RedHat',
:operatingsystemrelease => '6',
:concat_basedir => '/dne',
:path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
:is_pe => false,
}
end
context 'with a custom apache_name parameter' do
let :params do {
:apache_name => 'httpd24-httpd'
}
end
it { is_expected.to contain_package("httpd").with(
'notify' => 'Class[Apache::Service]',
'ensure' => 'installed',
'name' => 'httpd24-httpd'
)
}
end
context 'with a custom file_mode parameter' do
let :params do {
:file_mode => '0640'
}
end
it { is_expected.to contain_concat("/etc/httpd/conf/ports.conf").with(
'mode' => '0640',
)
}
end
context 'default vhost defaults' do
it { is_expected.to contain_apache__vhost('default').with_ensure('present') }
it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('absent') }
end
context 'without default non-ssl vhost' do
let :params do {
:default_vhost => false
}
end
it { is_expected.to contain_apache__vhost('default').with_ensure('absent') }
it { is_expected.not_to contain_file('/var/www/html') }
end
context 'with default ssl vhost' do
let :params do {
:default_ssl_vhost => true
}
end
it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('present') }
it { is_expected.to contain_file('/var/www/html') }
end
end
context 'with unsupported osfamily' do
let :facts do
{ :osfamily => 'Darwin',
:operatingsystemrelease => '13.1.0',
:concat_basedir => '/dne',
:is_pe => false,
}
end
it do
expect {
catalogue
}.to raise_error(Puppet::Error, /Unsupported osfamily/)
end
end
end

23
modules/services/unix/http/apache/module/apache/spec/spec_helper.rb Normal file
View File

@@ -0,0 +1,23 @@
require 'puppetlabs_spec_helper/module_spec_helper'
RSpec.configure do |c|
c.before :each do
# Ensure that we don't accidentally cache facts and environment
# between test cases.
Facter::Util::Loader.any_instance.stubs(:load_all)
Facter.clear
Facter.clear_messages
# Store any environment variables away to be restored later
@old_env = {}
ENV.each_key {|k| @old_env[k] = ENV[k]}
if ENV['STRICT_VARIABLES'] == 'yes'
Puppet.settings[:strict_variables]=true
end
end
end
shared_examples :compile, :compile => true do
it { should compile.with_all_deps }
end

18
modules/services/unix/http/apache/module/example42_apache_2_1_12/Gemfile
View File

@@ -1,18 +0,0 @@
source 'https://rubygems.org'
puppetversion = ENV['PUPPET_VERSION']
is_ruby18 = RUBY_VERSION.start_with? '1.8'
if is_ruby18
gem 'rspec', "~> 3.1.0", :require => false
end
gem 'puppet', puppetversion, :require => false
gem 'puppet-lint'
gem 'puppetlabs_spec_helper', '>= 0.1.0'
gem 'rspec-puppet'
gem 'metadata-json-lint'
group :development do
gem 'puppet-blacksmith'
end

236
modules/services/unix/http/apache/module/example42_apache_2_1_12/README.md
View File

@@ -1,236 +0,0 @@
# Puppet module: apache
This is a Puppet apache module from the second generation of Example42 Puppet Modules.
Made by Alessandro Franceschi / Lab42
Official site: http://www.example42.com
Official git repository: http://github.com/example42/puppet-apache
Released under the terms of Apache 2 License.
This module requires functions provided by the Example42 Puppi module.
For detailed info about the logic and usage patterns of Example42 modules read README.usage on Example42 main modules set.
## USAGE - Module specific usage
* Install apache with a custom httpd.conf template and some virtual hosts
class { 'apache':
template => 'example42/apache/httpd.conf.erb',
}
apache::vhost { 'mysite':
docroot => '/path/to/docroot',
template => 'example42/apache/vhost/mysite.com.erb',
}
* Install mod ssl
include apache::ssl
* Manage basic auth users (Here user joe is created with the $crypt_password on the defined htpasswd_file
apache::htpasswd { 'joe':
crypt_password => 'B5dPQYYjf.jjA',
htpasswd_file => '/etc/httpd/users.passwd',
}
* Manage custom configuration files (created in conf.d, source or content can be defined)
apache::dotconf { 'trac':
content => template("site/trac/apache.conf.erb")
}
* Add other listening ports (a relevant NameVirtualHost directive is automatically created)
apache::listen { '8080': }
* Add other listening ports without creating a relevant NameVirtualHost directive
apache::listen { '8080':
$namevirtualhost = false,
}
* Add an apache module and manage its configuraton
apache::module { 'proxy':
templatefile => 'site/apache/module/proxy.conf.erb',
}
* Install mod passenger
include apache::passenger
## USAGE - Basic management
* Install apache with default settings
class { "apache": }
* Disable apache service.
class { "apache":
disable => true
}
* Disable apache service at boot time, but don't stop if is running.
class { "apache":
disableboot => true
}
* Remove apache package
class { "apache":
absent => true
}
* Enable auditing without making changes on existing apache configuration files
class { "apache":
audit_only => true
}
* Install apache with a specific version
class { "apache":
version => '2.2.22'
}
## USAGE - Default server management
* Simple way to manage default apache configuration
apache::vhost { 'default':
docroot => '/var/www/document_root',
server_name => false,
priority => '',
template => 'apache/virtualhost/vhost.conf.erb',
}
* Using a source file to create the vhost
apache::vhost { 'default':
source => 'puppet:///files/web/default.conf',
template => '',
}
## USAGE - Overrides and Customizations
* Use custom sources for main config file
class { "apache":
source => [ "puppet:///modules/lab42/apache/apache.conf-${hostname}" , "puppet:///modules/lab42/apache/apache.conf" ],
}
* Use custom source directory for the whole configuration dir
class { "apache":
source_dir => "puppet:///modules/lab42/apache/conf/",
source_dir_purge => false, # Set to true to purge any existing file not present in $source_dir
}
* Use custom template for main config file
class { "apache":
template => "example42/apache/apache.conf.erb",
}
* Define custom options that can be used in a custom template without the
need to add parameters to the apache class
class { "apache":
template => "example42/apache/apache.conf.erb",
options => {
'LogLevel' => 'INFO',
'UsePAM' => 'yes',
},
}
* Automaticallly include a custom subclass
class { "apache:"
my_class => 'apache::example42',
}
## USAGE - Hiera Support
* Manage apache configuration using Hiera
```yaml
apache::template: 'modules/apache/apache2.conf.erb'
apache::options:
timeout: '300'
keepalive: 'On'
maxkeepaliverequests: '100'
keepalivetimeout: '5'
```
* Defining Apache resources using Hiera
```yaml
apache::virtualhost_hash:
'mysite.com':
documentroot: '/var/www/mysite.com'
aliases: 'www.mysite.com'
apache::htpasswd_hash:
'myuser':
crypt_password: 'password1'
htpasswd_file: '/etc/apache2/users.passwd'
apache::listen_hash:
'8080':
namevirtualhost: '*'
apache::module_hash:
'status':
ensure: present
```
## USAGE - Example42 extensions management
* Activate puppi (recommended, but disabled by default)
Note that this option requires the usage of Example42 puppi module
class { "apache":
puppi => true,
}
* Activate puppi and use a custom puppi_helper template (to be provided separately with
a puppi::helper define ) to customize the output of puppi commands
class { "apache":
puppi => true,
puppi_helper => "myhelper",
}
* Activate automatic monitoring (recommended, but disabled by default)
This option requires the usage of Example42 monitor and relevant monitor tools modules
class { "apache":
monitor => true,
monitor_tool => [ "nagios" , "monit" , "munin" ],
}
* Activate automatic firewalling
This option requires the usage of Example42 firewall and relevant firewall tools modules
class { "apache":
firewall => true,
firewall_tool => "iptables",
firewall_src => "10.42.0.0/24",
firewall_dst => "$ipaddress_eth0",
}
[![Build Status](https://travis-ci.org/example42/puppet-apache.png?branch=master)](https://travis-ci.org/example42/puppet-apache)

12
modules/services/unix/http/apache/module/example42_apache_2_1_12/Rakefile
View File

@@ -1,12 +0,0 @@
require 'rubygems'
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-lint'
PuppetLint.configuration.send("disable_80chars")
PuppetLint.configuration.send('disable_class_parameter_defaults')
# Blacksmith
begin
require 'puppet_blacksmith/rake_tasks'
rescue LoadError
puts "Blacksmith needed only to push to the Forge"
end

29
modules/services/unix/http/apache/module/example42_apache_2_1_12/checksums.json
View File

@@ -1,29 +0,0 @@
{
"Gemfile": "08b4b449407602e452a4d939c92d8fd2",
"LICENSE": "a300b604c66de62cf6e923cca89c9d83",
"README.md": "eda04faa84f9fdd551768ae1653ffb94",
"Rakefile": "beb946c8ed36b603d578cc9ca17ca85d",
"manifests/dotconf.pp": "575cab47757dcf509f1e1e8ac11b644b",
"manifests/htpasswd.pp": "b61c60bf0ff48b8fae5ae74370eec18e",
"manifests/init.pp": "3f856f760da332ae66429de7b2e3ac1c",
"manifests/listen.pp": "b2e74f8aa59829c0644b836a8d0e4c2d",
"manifests/module.pp": "8cd0fcdb5495ac1df21d8d4bf14f2782",
"manifests/params.pp": "b708a3a8faa792f25fa36232982c091d",
"manifests/passenger.pp": "471b18ed8769eb16b1fbeb955e3d28c9",
"manifests/redhat.pp": "7bf95178474b51eb75a37931e4ec4d2f",
"manifests/spec.pp": "27b6dcd653caef771ac053e2df3260e9",
"manifests/ssl.pp": "7a2feb658749e0cb8414893da77565f1",
"manifests/vhost.pp": "cead2da83f4059f8236c9acbfc6b97ec",
"manifests/virtualhost.pp": "caba8b56341d8a765f5ad136ddaa45fe",
"metadata.json": "b3fa4d5d439ae3641593797312250da0",
"spec/classes/apache_spec.rb": "8b9164190257524c21ffe86c08678dfd",
"spec/defines/apache_virtualhost_spec.rb": "ae7bd850a64d89233675385c1f605ab8",
"spec/spec_helper.rb": "0db89c9a486df193c0e40095422e19dc",
"templates/00-NameVirtualHost.conf.erb": "a410a82e9c65d36c7537bfb36a7a3041",
"templates/listen.conf.erb": "47fe4e9a45f066ac5bd9cbbfe1fd0bd2",
"templates/module/proxy.conf.erb": "2eccd5a67ff4070bdd6ed8cd98b4bbda",
"templates/spec.erb": "055d4f22a02a677753cf922108b6e50c",
"templates/virtualhost/vhost.conf.erb": "4e6d66668b21c1cf28c11f6fcf536f18",
"templates/virtualhost/virtualhost.conf.erb": "a6f72c70e83bec34a85071b9bbef3b3d",
"tests/vhost.pp": "a2ee77862630ba4f7e0fdfb10a8dca79"
}

528
modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/init.pp
View File

@@ -1,528 +0,0 @@
# = Class: apache
#
# This is the main apache class
#
#
# == Parameters
#
# Standard class parameters
# Define the general class behaviour and customizations
#
# [*my_class*]
# Name of a custom class to autoload to manage module's customizations
# If defined, apache class will automatically "include $my_class"
# Can be defined also by the (top scope) variable $apache_myclass
#
# [*source*]
# Sets the content of source parameter for main configuration file
# If defined, apache main config file will have the param: source => $source
# Can be defined also by the (top scope) variable $apache_source
#
# [*source_dir*]
# If defined, the whole apache configuration directory content is retrieved
# recursively from the specified source
# (source => $source_dir , recurse => true)
# Can be defined also by the (top scope) variable $apache_source_dir
#
# [*source_dir_purge*]
# If set to true (default false) the existing configuration directory is
# mirrored with the content retrieved from source_dir
# (source => $source_dir , recurse => true , purge => true)
# Can be defined also by the (top scope) variable $apache_source_dir_purge
#
# [*template*]
# Sets the path to the template to use as content for main configuration file
# If defined, apache main config file has: content => content("$template")
# Note source and template parameters are mutually exclusive: don't use both
# Can be defined also by the (top scope) variable $apache_template
#
# [*options*]
# An hash of custom options to be used in templates for arbitrary settings.
# Can be defined also by the (top scope) variable $apache_options
#
# [*service_autorestart*]
# Automatically restarts the apache service when there is a change in
# configuration files. Default: true, Set to false if you don't want to
# automatically restart the service.
#
# [*service_requires*]
# Overwrites the service dependencies, which are by default: Package['apache'].
# Set this parameter to a custom set of requirements, if you want to let the
# Apache service depend on more than just the package dependency.
#
# [*absent*]
# Set to 'true' to remove package(s) installed by module
# Can be defined also by the (top scope) variable $apache_absent
#
# [*disable*]
# Set to 'true' to disable service(s) managed by module
# Can be defined also by the (top scope) variable $apache_disable
#
# [*disableboot*]
# Set to 'true' to disable service(s) at boot, without checks if it's running
# Use this when the service is managed by a tool like a cluster software
# Can be defined also by the (top scope) variable $apache_disableboot
#
# [*monitor*]
# Set to 'true' to enable monitoring of the services provided by the module
# Can be defined also by the (top scope) variables $apache_monitor
# and $monitor
#
# [*monitor_tool*]
# Define which monitor tools (ad defined in Example42 monitor module)
# you want to use for apache checks
# Can be defined also by the (top scope) variables $apache_monitor_tool
# and $monitor_tool
#
# [*monitor_target*]
# The Ip address or hostname to use as a target for monitoring tools.
# Default is the fact $ipaddress
# Can be defined also by the (top scope) variables $apache_monitor_target
# and $monitor_target
#
# [*puppi*]
# Set to 'true' to enable creation of module data files that are used by puppi
# Can be defined also by the (top scope) variables $apache_puppi and $puppi
#
# [*puppi_helper*]
# Specify the helper to use for puppi commands. The default for this module
# is specified in params.pp and is generally a good choice.
# You can customize the output of puppi commands for this module using another
# puppi helper. Use the define puppi::helper to create a new custom helper
# Can be defined also by the (top scope) variables $apache_puppi_helper
# and $puppi_helper
#
# [*firewall*]
# Set to 'true' to enable firewalling of the services provided by the module
# Can be defined also by the (top scope) variables $apache_firewall
# and $firewall
#
# [*firewall_tool*]
# Define which firewall tool(s) (ad defined in Example42 firewall module)
# you want to use to open firewall for apache port(s)
# Can be defined also by the (top scope) variables $apache_firewall_tool
# and $firewall_tool
#
# [*firewall_src*]
# Define which source ip/net allow for firewalling apache. Default: 0.0.0.0/0
# Can be defined also by the (top scope) variables $apache_firewall_src
# and $firewall_src
#
# [*firewall_dst*]
# Define which destination ip to use for firewalling. Default: $ipaddress
# Can be defined also by the (top scope) variables $apache_firewall_dst
# and $firewall_dst
#
# [*debug*]
# Set to 'true' to enable modules debugging
# Can be defined also by the (top scope) variables $apache_debug and $debug
#
# [*audit_only*]
# Set to 'true' if you don't intend to override existing configuration files
# and want to audit the difference between existing files and the ones
# managed by Puppet.
# Can be defined also by the (top scope) variables $apache_audit_only
# and $audit_only
#
# Default class params - As defined in apache::params.
# Note that these variables are mostly defined and used in the module itself,
# overriding the default values might not affected all the involved components.
# Set and override them only if you know what you're doing.
# Note also that you can't override/set them via top scope variables.
#
# [*package*]
# The name of apache package
#
# [*service*]
# The name of apache service
#
# [*service_status*]
# If the apache service init script supports status argument
#
# [*process*]
# The name of apache process
#
# [*process_args*]
# The name of apache arguments. Used by puppi and monitor.
# Used only in case the apache process name is generic (java, ruby...)
#
# [*process_user*]
# The name of the user apache runs with. Used by puppi and monitor.
#
# [*config_dir*]
# Main configuration directory. Used by puppi
#
# [*config_file*]
# Main configuration file path
#
# [*config_file_mode*]
# Main configuration file path mode
#
# [*config_file_owner*]
# Main configuration file path owner
#
# [*config_file_group*]
# Main configuration file path group
#
# [*config_file_init*]
# Path of configuration file sourced by init script
#
# [*config_file_default_purge*]
# Set to 'true' to purge the default configuration file
#
# [*pid_file*]
# Path of pid file. Used by monitor
#
# [*data_dir*]
# Path of application data directory. Used by puppi
#
# [*log_dir*]
# Base logs directory. Used by puppi
#
# [*log_file*]
# Log file(s). Used by puppi
#
# [*port*]
# The listening port, if any, of the service.
# This is used by monitor, firewall and puppi (optional) components
# Note: This doesn't necessarily affect the service configuration file
# Can be defined also by the (top scope) variable $apache_port
#
# [*ssl_port*]
# The ssl port, used if apache::ssl is included and monitor/firewall
# are enabled
#
# [*protocol*]
# The protocol used by the the service.
# This is used by monitor, firewall and puppi (optional) components
# Can be defined also by the (top scope) variable $apache_protocol
#
# [*version*]
# The version of apache package to be installed
#
#
# == Examples
#
# You can use this class in 2 ways:
# - Set variables (at top scope level on in a ENC) and "include apache"
# - Call apache as a parametrized class
#
# See README for details.
#
#
# == Author
# Alessandro Franceschi <al@lab42.it/>
#
class apache (
$my_class = params_lookup( 'my_class' ),
$source = params_lookup( 'source' ),
$source_dir = params_lookup( 'source_dir' ),
$source_dir_purge = params_lookup( 'source_dir_purge' ),
$template = params_lookup( 'template' ),
$service_autorestart = params_lookup( 'service_autorestart' , 'global' ),
$options = params_lookup( 'options' ),
$absent = params_lookup( 'absent' ),
$disable = params_lookup( 'disable' ),
$disableboot = params_lookup( 'disableboot' ),
$monitor = params_lookup( 'monitor' , 'global' ),
$monitor_tool = params_lookup( 'monitor_tool' , 'global' ),
$monitor_target = params_lookup( 'monitor_target' , 'global' ),
$puppi = params_lookup( 'puppi' , 'global' ),
$puppi_helper = params_lookup( 'puppi_helper' , 'global' ),
$firewall = params_lookup( 'firewall' , 'global' ),
$firewall_tool = params_lookup( 'firewall_tool' , 'global' ),
$firewall_src = params_lookup( 'firewall_src' , 'global' ),
$firewall_dst = params_lookup( 'firewall_dst' , 'global' ),
$debug = params_lookup( 'debug' , 'global' ),
$audit_only = params_lookup( 'audit_only' , 'global' ),
$package = params_lookup( 'package' ),
$service = params_lookup( 'service' ),
$service_status = params_lookup( 'service_status' ),
$service_requires = params_lookup( 'service_requires' ),
$process = params_lookup( 'process' ),
$process_args = params_lookup( 'process_args' ),
$process_user = params_lookup( 'process_user' ),
$config_dir = params_lookup( 'config_dir' ),
$config_file = params_lookup( 'config_file' ),
$config_file_mode = params_lookup( 'config_file_mode' ),
$config_file_owner = params_lookup( 'config_file_owner' ),
$config_file_group = params_lookup( 'config_file_group' ),
$config_file_init = params_lookup( 'config_file_init' ),
$config_file_default_purge = params_lookup( 'config_file_default_purge'),
$pid_file = params_lookup( 'pid_file' ),
$data_dir = params_lookup( 'data_dir' ),
$log_dir = params_lookup( 'log_dir' ),
$log_file = params_lookup( 'log_file' ),
$port = params_lookup( 'port' ),
$ssl_port = params_lookup( 'ssl_port' ),
$protocol = params_lookup( 'protocol' ),
$version = params_lookup( 'version' ),
$dotconf_hash = params_lookup( 'dotconf_hash'),
$htpasswd_hash = params_lookup( 'htpasswd_hash'),
$listen_hash = params_lookup( 'listen_hash'),
$module_hash = params_lookup( 'module_hash'),
$vhost_hash = params_lookup( 'vhost_hash'),
$virtualhost_hash = params_lookup( 'virtualhost_hash'),
) inherits apache::params {
$bool_source_dir_purge=any2bool($source_dir_purge)
$bool_service_autorestart=any2bool($service_autorestart)
$bool_absent=any2bool($absent)
$bool_disable=any2bool($disable)
$bool_disableboot=any2bool($disableboot)
$bool_monitor=any2bool($monitor)
$bool_puppi=any2bool($puppi)
$bool_firewall=any2bool($firewall)
$bool_debug=any2bool($debug)
$bool_audit_only=any2bool($audit_only)
## Integration with Hiera
if $dotconf_hash != {} {
validate_hash($dotconf_hash)
create_resources('apache::dotconf', $dotconf_hash)
}
if $htpasswd_hash != {} {
validate_hash($htpasswd_hash)
create_resources('apache::htpasswd', $htpasswd_hash)
}
if $listen_hash != {} {
validate_hash($listen_hash)
create_resources('apache::listen', $listen_hash)
}
if $module_hash != {} {
validate_hash($module_hash)
create_resources('apache::module', $module_hash)
}
if $vhost_hash != {} {
validate_hash($vhost_hash)
create_resources('apache::vhost', $vhost_hash)
}
if $virtualhost_hash != {} {
validate_hash($virtualhost_hash)
create_resources('apache::virtualhost', $virtualhost_hash)
}
### Calculation of variables that dependes on arguments
$vdir = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => "${apache::config_dir}/sites-available",
SLES => "${apache::config_dir}/vhosts.d",
default => "${apache::config_dir}/conf.d",
}
case $::operatingsystem {
/(?i:Ubuntu)/ : {
case $::lsbmajdistrelease {
/14/ : {
$dotconf_dir = "${apache::config_dir}/conf-available"
}
default: {
$dotconf_dir = "${apache::config_dir}/conf.d"
}
}
}
/(?i:Debian)/ : {
case $::lsbmajdistrelease {
/8/ : {
$dotconf_dir = "${apache::config_dir}/conf-available"
}
default: {
$dotconf_dir = "${apache::config_dir}/conf.d"
}
}
}
default: {
$dotconf_dir = "${apache::config_dir}/conf.d"
}
}
### Definition of some variables used in the module
$manage_package = $apache::bool_absent ? {
true => 'absent',
false => $apache::version ? {
'' => 'present',
default => $apache::version,
},
}
$manage_service_enable = $apache::bool_disableboot ? {
true => false,
default => $apache::bool_disable ? {
true => false,
default => $apache::bool_absent ? {
true => false,
false => true,
},
},
}
$manage_service_ensure = $apache::bool_disable ? {
true => 'stopped',
default => $apache::bool_absent ? {
true => 'stopped',
default => 'running',
},
}
$manage_service_autorestart = $apache::bool_service_autorestart ? {
true => 'Service[apache]',
false => undef,
}
$manage_file = $apache::bool_absent ? {
true => 'absent',
default => 'present',
}
if $apache::bool_absent == true
or $apache::bool_disable == true
or $apache::bool_monitor == false
or $apache::bool_disableboot == true {
$manage_monitor = false
} else {
$manage_monitor = true
}
if $apache::bool_absent == true or $apache::bool_disable == true {
$manage_firewall = false
} else {
$manage_firewall = true
}
$manage_audit = $apache::bool_audit_only ? {
true => 'all',
false => undef,
}
$manage_file_replace = $apache::bool_audit_only ? {
true => false,
false => true,
}
$manage_file_source = $apache::source ? {
'' => undef,
default => $apache::source,
}
$manage_file_content = $apache::template ? {
'' => undef,
default => template($apache::template),
}
### Managed resources
package { 'apache':
ensure => $apache::manage_package,
name => $apache::package,
}
service { 'apache':
ensure => $apache::manage_service_ensure,
name => $apache::service,
enable => $apache::manage_service_enable,
hasstatus => $apache::service_status,
pattern => $apache::process,
require => $service_requires,
}
file { 'apache.conf':
ensure => $apache::manage_file,
path => $apache::config_file,
mode => $apache::config_file_mode,
owner => $apache::config_file_owner,
group => $apache::config_file_group,
require => Package['apache'],
notify => $apache::manage_service_autorestart,
source => $apache::manage_file_source,
content => $apache::manage_file_content,
replace => $apache::manage_file_replace,
audit => $apache::manage_audit,
}
# The whole apache configuration directory can be recursively overriden
if $apache::source_dir and $apache::source_dir != '' {
file { 'apache.dir':
ensure => directory,
path => $apache::config_dir,
require => Package['apache'],
notify => $apache::manage_service_autorestart,
source => $apache::source_dir,
recurse => true,
purge => $apache::bool_source_dir_purge,
force => $apache::bool_source_dir_purge,
replace => $apache::manage_file_replace,
audit => $apache::manage_audit,
}
}
if $apache::config_file_default_purge {
apache::vhost { 'default':
enable => false,
priority => '',
}
}
### Include custom class if $my_class is set
if $apache::my_class and $apache::my_class != '' {
include $apache::my_class
}
### Provide puppi data, if enabled ( puppi => true )
if $apache::bool_puppi == true {
$classvars=get_class_args()
puppi::ze { 'apache':
ensure => $apache::manage_file,
variables => $classvars,
helper => $apache::puppi_helper,
}
}
### Service monitoring, if enabled ( monitor => true )
if $apache::monitor_tool {
monitor::port { "apache_${apache::protocol}_${apache::port}":
protocol => $apache::protocol,
port => $apache::port,
target => $apache::monitor_target,
tool => $apache::monitor_tool,
enable => $apache::manage_monitor,
}
monitor::process { 'apache_process':
process => $apache::process,
service => $apache::service,
pidfile => $apache::pid_file,
user => $apache::process_user,
argument => $apache::process_args,
tool => $apache::monitor_tool,
enable => $apache::manage_monitor,
}
}
### Firewall management, if enabled ( firewall => true )
if $apache::bool_firewall == true {
firewall { "apache_${apache::protocol}_${apache::port}":
source => $apache::firewall_src,
destination => $apache::firewall_dst,
protocol => $apache::protocol,
port => $apache::port,
action => 'allow',
direction => 'input',
tool => $apache::firewall_tool,
enable => $apache::manage_firewall,
}
}
### Debugging, if enabled ( debug => true )
if $apache::bool_debug == true {
file { 'debug_apache':
ensure => $apache::manage_file,
path => "${settings::vardir}/debug-apache",
mode => '0640',
owner => 'root',
group => 'root',
content => inline_template('<%= scope.to_hash.reject { |k,v| k.to_s =~ /(uptime.*|path|timestamp|free|.*password.*|.*psk.*|.*key)/ }.to_yaml %>'),
}
}
}

42
modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/listen.pp
View File

@@ -1,42 +0,0 @@
# = Define: apache::listen
#
# This define creates a Listen statement in Apache configuration
# It adds a single configuration file to Apache conf.d with the Listen
# statement
#
# == Parameters
#
# [*namevirtualhost*]
# If to add a NameVirtualHost for this port. Default: *
# (it creates a NameVirtualHost <%= @namevirtualhost %>:<%= @port %> entry)
# Set to false to listen to the port without a NameVirtualHost
#
# == Examples
# apache::listen { '8080':}
#
define apache::listen (
$namevirtualhost = '*',
$ensure = 'present',
$template = 'apache/listen.conf.erb',
$notify_service = true ) {
include apache
$manage_service_autorestart = $notify_service ? {
true => 'Service[apache]',
false => undef,
}
file { "Apache_Listen_${name}.conf":
ensure => $ensure,
path => "${apache::config_dir}/conf.d/0000_listen_${name}.conf",
mode => $apache::config_file_mode,
owner => $apache::config_file_owner,
group => $apache::config_file_group,
require => Package['apache'],
notify => $manage_service_autorestart,
content => template($template),
audit => $apache::manage_audit,
}
}

158
modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/params.pp
View File

@@ -1,158 +0,0 @@
# Class: apache::params
#
# This class defines default parameters used by the main module class apache
# Operating Systems differences in names and paths are addressed here
#
# == Variables
#
# Refer to apache class for the variables defined here.
#
# == Usage
#
# This class is not intended to be used directly.
# It may be imported or inherited by other classes
#
class apache::params {
### Application specific parameters
$package_modssl = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => 'libapache-mod-ssl',
/(?i:SLES|OpenSuSE)/ => undef,
default => 'mod_ssl',
}
### Application related parameters
$package = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => 'apache2',
/(?i:SLES|OpenSuSE)/ => 'apache2',
default => 'httpd',
}
$service = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => 'apache2',
/(?i:SLES|OpenSuSE)/ => 'apache2',
default => 'httpd',
}
$service_status = $::operatingsystem ? {
default => true,
}
$process = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => 'apache2',
/(?i:SLES|OpenSuSE)/ => 'httpd2-prefork',
default => 'httpd',
}
$process_args = $::operatingsystem ? {
default => '',
}
$process_user = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => 'www-data',
/(?i:SLES|OpenSuSE)/ => 'wwwrun',
default => 'apache',
}
$config_dir = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => '/etc/apache2',
/(?i:SLES|OpenSuSE)/ => '/etc/apache2',
freebsd => '/usr/local/etc/apache20',
default => '/etc/httpd',
}
$config_file = $::operatingsystem ? {
/(?i:Ubuntu|Debian|Mint)/ => '/etc/apache2/apache2.conf',
/(?i:SLES|OpenSuSE)/ => '/etc/apache2/httpd.conf',
freebsd => '/usr/local/etc/apache20/httpd.conf',
default => '/etc/httpd/conf/httpd.conf',
}
$config_file_mode = $::operatingsystem ? {
default => '0644',
}
$config_file_owner = $::operatingsystem ? {
default => 'root',
}
$config_file_group = $::operatingsystem ? {
freebsd => 'wheel',
default => 'root',
}
$config_file_init = $::operatingsystem ? {
/(?i:Debian|Ubuntu|Mint)/ => '/etc/default/apache2',
/(?i:SLES|OpenSuSE)/ => '/etc/sysconfig/apache2',
default => '/etc/sysconfig/httpd',
}
$pid_file = $::operatingsystem ? {
/(?i:Debian|Ubuntu|Mint)/ => '/var/run/apache2.pid',
/(?i:SLES|OpenSuSE)/ => '/var/run/httpd2.pid',
default => '/var/run/httpd.pid',
}
$log_dir = $::operatingsystem ? {
/(?i:Debian|Ubuntu|Mint)/ => '/var/log/apache2',
/(?i:SLES|OpenSuSE)/ => '/var/log/apache2',
default => '/var/log/httpd',
}
$log_file = $::operatingsystem ? {
/(?i:Debian|Ubuntu|Mint)/ => ['/var/log/apache2/access.log','/var/log/apache2/error.log'],
/(?i:SLES|OpenSuSE)/ => ['/var/log/apache2/access.log','/var/log/apache2/error.log'],
default => ['/var/log/httpd/access.log','/var/log/httpd/error.log'],
}
$data_dir = $::operatingsystem ? {
/(?i:Debian|Ubuntu|Mint)/ => '/var/www',
/(?i:Suse|OpenSuse)/ => '/srv/www/htdocs',
default => '/var/www/html',
}
$ports_conf_path = $::operatingsystem ? {
/(?i:Debian|Ubuntu|Mint)/ => '/etc/apache2/ports.conf',
default => '',
}
$port = '80'
$ssl_port = '443'
$protocol = 'tcp'
# General Settings
$my_class = ''
$source = ''
$source_dir = ''
$source_dir_purge = false
$config_file_default_purge = false
$template = ''
$options = ''
$service_autorestart = true
$service_requires = Package['apache']
$absent = false
$version = ''
$disable = false
$disableboot = false
### General module variables that can have a site or per module default
$monitor = false
$monitor_tool = ''
$monitor_target = $::ipaddress
$firewall = false
$firewall_tool = ''
$firewall_src = '0.0.0.0/0'
$firewall_dst = $::ipaddress
$puppi = false
$puppi_helper = 'standard'
$debug = false
$audit_only = false
$dotconf_hash = {}
$htpasswd_hash = {}
$listen_hash = {}
$module_hash = {}
$vhost_hash = {}
$virtualhost_hash = {}
}

67
modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/ssl.pp
View File

@@ -1,67 +0,0 @@
# Class apache::ssl
#
# Apache resources specific for SSL
#
class apache::ssl {
include apache
case $::operatingsystem {
ubuntu,debian,mint: {
exec { 'enable-ssl':
command => '/usr/sbin/a2enmod ssl',
creates => '/etc/apache2/mods-enabled/ssl.load',
notify => Service['apache'],
require => Package['apache'],
}
}
default: {
package { 'mod_ssl':
ensure => present,
require => Package['apache'],
notify => Service['apache'],
}
file { "${apache::config_dir}/ssl.conf":
mode => '0644',
owner => 'root',
group => 'root',
notify => Service['apache'],
}
file {['/var/cache/mod_ssl', '/var/cache/mod_ssl/scache']:
ensure => directory,
owner => 'apache',
group => 'root',
mode => '0700',
require => Package['mod_ssl'],
notify => Service['apache'],
}
}
}
### Port monitoring, if enabled ( monitor => true )
if $apache::bool_monitor == true {
monitor::port { "apache_${apache::protocol}_${apache::ssl_port}":
protocol => $apache::protocol,
port => $apache::ssl_port,
target => $apache::monitor_target,
tool => $apache::monitor_tool,
enable => $apache::manage_monitor,
}
}
### Firewall management, if enabled ( firewall => true )
if $apache::bool_firewall == true {
firewall { "apache_${apache::protocol}_${apache::ssl_port}":
source => $apache::firewall_src,
destination => $apache::firewall_dst,
protocol => $apache::protocol,
port => $apache::ssl_port,
action => 'allow',
direction => 'input',
tool => $apache::firewall_tool,
enable => $apache::manage_firewall,
}
}
}

275
modules/services/unix/http/apache/module/example42_apache_2_1_12/manifests/vhost.pp
View File

@@ -1,275 +0,0 @@
# = Define: apache::vhost
#
# This class manages Apache Virtual Hosts configuration files
#
# == Parameters:
# [*port*]
# The port to configure the host on
# [*ip_addr*]
# The ip to configure the host on. Default: * (all IPs)
#
# [*docroot*]
# The VirtualHost DocumentRoot
#
# [*docroot_create*]
# If the specified directory has to be created. Default: false
#
# [*ssl*]
# Set to true to enable SSL for this Virtual Host
#
# [*template*]
# Specify a custom template to use instead of the default one
# The value will be used in content => template($template)
#
# [*source*]
# Source file for vhost. Alternative to template.
# Note that if you decide to source a static file most of the other
# parameters of this define won't be used.
# Note also that if you set a source file, you've to explicitly set
# the template parameter to undef.
#
# [*priority*]
# The priority of the VirtualHost, lower values are evaluated first
# Set to '' to edit default apache value
#
# [*serveraliases*]
# An optional list of space separated ServerAliases
#
# [*env_variables*]
# An optional list of space separated environment variables (e.g ['APP_ENV dev'])
#
# [*server_admin*]
# Server admin email address
#
# [*server_name*]
# An optional way to directly set server name
# False mean, that servername is not present in generated config file
#
# [*passenger*]
# If Passenger should be enabled
#
# [*passenger_high_performance*]
# Set the PassengerHighPerformance directive
#
# [*passenger_pool_max_pool_size*]
# Set the PassengerMaxPoolSize directive
#
# [*passenger_pool_idle_time*]
# Set the PassengerPoolIdleTime directive
#
# [*passenger_max_requests*]
# Set the PassengerMaxRequests directive
#
# [*passenger_stat_throttle_rate*]
# Set the PassengerStatThrottleRate directive
#
# [*passenger_rack_auto_detect*]
# Set the RackAutoDetect directive
#
# [*passenger_rails_auto_detect*]
# Set the RailsAutoDetect directive
#
# [*passenger_rails_env*]
# Set the RailsEnv directive
#
# [*passenger_rails_base_uri*]
# Set the RackBaseURI directive
#
# [*passenger_rack_env*]
# Set the RackEnv directive
#
# [*passenger_rack_base_uri*]
# Set the RackBaseURI directive
#
# [*directory*]
# Set the VHost directory used for the <Directory> directive
#
# [*directory_options*]
# Set the directory's Options
#
# [*directory_allow_override*]
# Set the directory's override configuration
#
# [*directory_require*]
# Set the Require attribute for Apache 2.4
#
# [*aliases*]
# Set one or more Alias directives (e.g '/phpmyadmin /usr/share/phpMyAdmin'
# or ['/alias1 /path/to/alias', '/alias2 /path/to/secondalias'])
#
# [*proxy_aliases*]
# Set one or more proxy and reverse proxy directives. (e.g. '/manager http://localhost:8080/manager'
# or ['/manager http://localhost:8080/manager', '/alias3 http://remote.server.com/alias'])
#
# == Examples:
# apache::vhost { 'site.name.fqdn':
# docroot => '/path/to/docroot',
# }
#
# apache::vhost { 'mysite':
# docroot => '/path/to/docroot',
# template => 'myproject/apache/mysite.conf',
# }
#
# apache::vhost { 'my.other.site':
# docroot => '/path/to/docroot',
# directory => '/path/to',
# directory_allow_override => 'All',
# }
#
# apache::vhost { 'sitewithalias':
# docroot => '/path/to/docroot',
# aliases => '/phpmyadmin /usr/share/phpMyAdmin',
# }
#
define apache::vhost (
$server_admin = '',
$server_name = '',
$docroot = '',
$docroot_create = false,
$docroot_owner = 'root',
$docroot_group = 'root',
$port = '80',
$ip_addr = '*',
$ssl = false,
$template = 'apache/virtualhost/vhost.conf.erb',
$source = '',
$priority = '50',
$serveraliases = '',
$env_variables = '',
$passenger = false,
$passenger_high_performance = true,
$passenger_max_pool_size = 12,
$passenger_pool_idle_time = 1200,
$passenger_max_requests = 0,
$passenger_stat_throttle_rate = 30,
$passenger_rack_auto_detect = true,
$passenger_rails_auto_detect = false,
$passenger_rails_env = '',
$passenger_rails_base_uri = '',
$passenger_rack_env = '',
$passenger_rack_base_uri = '',
$enable = true,
$directory = '',
$directory_options = '',
$directory_allow_override = 'None',
$directory_require = '',
$aliases = '',
$proxy_aliases = ''
) {
$ensure = $enable ? {
true => present,
false => present,
absent => absent,
}
$bool_docroot_create = any2bool($docroot_create)
$bool_passenger = any2bool($passenger)
$bool_passenger_high_performance = any2bool($passenger_high_performance)
$bool_passenger_rack_auto_detect = any2bool($passenger_rack_auto_detect)
$bool_passenger_rails_auto_detect = any2bool($passenger_rails_auto_detect)
$real_docroot = $docroot ? {
'' => "${apache::data_dir}/${name}",
default => $docroot,
}
$real_directory = $directory ? {
'' => $apache::data_dir,
default => $directory,
}
$server_name_value = $server_name ? {
'' => $name,
default => $server_name,
}
$manage_file_source = $source ? {
'' => undef,
default => $source,
}
# Server admin email
if $server_admin != '' {
$server_admin_email = $server_admin
} elsif ($name != 'default') and ($name != 'default-ssl') {
$server_admin_email = "webmaster@${name}"
} else {
$server_admin_email = 'webmaster@localhost'
}
# Config file path
if $priority != '' {
$config_file_path = "${apache::vdir}/${priority}-${name}.conf"
} elsif ($name != 'default') and ($name != 'default-ssl') {
$config_file_path = "${apache::vdir}/${name}.conf"
} else {
$config_file_path = "${apache::vdir}/${name}"
}
# Config file enable path
if $priority != '' {
$config_file_enable_path = "${apache::config_dir}/sites-enabled/${priority}-${name}.conf"
} elsif ($name != 'default') and ($name != 'default-ssl') {
$config_file_enable_path = "${apache::config_dir}/sites-enabled/${name}.conf"
} else {
$config_file_enable_path = "${apache::config_dir}/sites-enabled/000-${name}"
}
$manage_file_content = $template ? {
'' => undef,
undef => undef,
default => template($template),
}
include apache
file { $config_file_path:
ensure => $ensure,
source => $manage_file_source,
content => $manage_file_content,
mode => $apache::config_file_mode,
owner => $apache::config_file_owner,
group => $apache::config_file_group,
require => Package['apache'],
notify => $apache::manage_service_autorestart,
}
# Some OS specific settings:
# On Debian/Ubuntu manages sites-enabled
case $::operatingsystem {
ubuntu,debian,mint: {
$file_vhost_link_ensure = $enable ? {
true => $config_file_path,
false => absent,
absent => absent,
}
file { "ApacheVHostEnabled_${name}":
ensure => $file_vhost_link_ensure,
path => $config_file_enable_path,
require => Package['apache'],
notify => $apache::manage_service_autorestart,
}
}
redhat,centos,scientific,fedora: {
include apache::redhat
}
default: { }
}
if $bool_docroot_create == true {
file { $real_docroot:
ensure => directory,
owner => $docroot_owner,
group => $docroot_group,
mode => '0775',
require => Package['apache'],
}
}
if $bool_passenger == true {
include apache::passenger
}
}

56
modules/services/unix/http/apache/module/example42_apache_2_1_12/metadata.json
View File

@@ -1,56 +0,0 @@
{
"name": "example42-apache",
"version": "2.1.12",
"author": "Alessandro Franceschi, Martin Alfke",
"summary": "Puppet module for apache",
"license": "Apache-2.0",
"source": "https://github.com/example42/puppet-apache",
"project_page": "https://github.com/example42/puppet-apache",
"issues_url": "https://github.com/example42/puppet-apache/issues",
"dependencies": [
{"name":"puppetlabs/stdlib","version_requirement":">= 3.2.0 < 5.0.0"},
{"name":"example42/puppi","version_requirement":">= 2.0.0"},
{"name":"example42/monitor","version_requirement":">= 2.0.0"},
{"name":"example42/iptables","version_requirement":">= 2.0.0"},
{"name":"example42/firewall","version_requirement":">= 2.0.0"},
{"name":"puppetlabs/concat","version_requirement":">= 1.0.0"}
],
"checksums": {
},
"operatingsystem_support": [
{
"operatingsystem": "RedHat",
"operatingsystemrelease": [
"7"
]
},
{
"operatingsystem": "Centos",
"operatingsystemrelease": [
"7"
]
},
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
"7"
]
},
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": [
"14.04"
]
}
],
"requirements": [
{
"name": "pe",
"version_requirement": ">= 3.0.0 < 5.0.0"
},
{
"name": "puppet",
"version_requirement": ">= 3.0.0 < 5.0.0"
}
]
}

199
modules/services/unix/http/apache/module/example42_apache_2_1_12/spec/classes/apache_spec.rb
View File

@@ -1,199 +0,0 @@
require "#{File.join(File.dirname(__FILE__),'..','spec_helper.rb')}"
describe 'apache' do
let(:title) { 'apache' }
let(:node) { 'rspec.example42.com' }
let(:facts) { { :ipaddress => '10.42.42.42' , :monitor_tool => 'puppi', :operatingsystemrelease => '6.6' } }
describe 'Test standard installation' do
it { should contain_package('apache').with_ensure('present') }
it { should contain_service('apache').with_ensure('running') }
it { should contain_service('apache').with_enable('true') }
it { should contain_file('apache.conf').with_ensure('present') }
end
describe 'Test standard installation with monitoring and firewalling' do
let(:params) { {:monitor => true , :firewall => true, :port => '42' } }
it { should contain_package('apache').with_ensure('present') }
it { should contain_service('apache').with_ensure('running') }
it { should contain_service('apache').with_enable('true') }
it { should contain_file('apache.conf').with_ensure('present') }
it 'should monitor the process' do
should contain_monitor__process('apache_process').with_enable(true)
end
it 'should place a firewall rule' do
should contain_firewall('apache_tcp_42').with_enable(true)
end
end
describe 'Test decommissioning - absent' do
let(:params) { {:absent => true, :monitor => true , :firewall => true, :port => '42'} }
it 'should remove Package[apache]' do should contain_package('apache').with_ensure('absent') end
it 'should stop Service[apache]' do should contain_service('apache').with_ensure('stopped') end
it 'should not enable at boot Service[apache]' do should contain_service('apache').with_enable('false') end
it 'should remove apache configuration file' do should contain_file('apache.conf').with_ensure('absent') end
it 'should not monitor the process' do
should contain_monitor__process('apache_process').with_enable(false)
end
it 'should remove a firewall rule' do
should contain_firewall('apache_tcp_42').with_enable(false)
end
end
describe 'Test decommissioning - disable' do
let(:params) { {:disable => true, :monitor => true , :firewall => true, :port => '42'} }
it { should contain_package('apache').with_ensure('present') }
it 'should stop Service[apache]' do should contain_service('apache').with_ensure('stopped') end
it 'should not enable at boot Service[apache]' do should contain_service('apache').with_enable('false') end
it { should contain_file('apache.conf').with_ensure('present') }
it 'should not monitor the process' do
should contain_monitor__process('apache_process').with_enable(false)
end
it 'should remove a firewall rule' do
should contain_firewall('apache_tcp_42').with_enable(false)
end
end
describe 'Test decommissioning - disableboot' do
let(:params) { {:disableboot => true, :monitor => true , :firewall => true, :port => '42'} }
it { should contain_package('apache').with_ensure('present') }
it { should_not contain_service('apache').with_ensure('present') }
it { should_not contain_service('apache').with_ensure('absent') }
it 'should not enable at boot Service[apache]' do should contain_service('apache').with_enable('false') end
it { should contain_file('apache.conf').with_ensure('present') }
it 'should not monitor the process locally' do
should contain_monitor__process('apache_process').with_enable(false)
end
it 'should keep a firewall rule' do
should contain_firewall('apache_tcp_42').with_enable(true)
end
end
describe 'Test customizations - template' do
let(:params) { {:template => "apache/spec.erb" , :options => { 'opt_a' => 'value_a' } } }
it 'should generate a valid template' do
should contain_file('apache.conf').with_content(/fqdn: rspec.example42.com/)
end
it 'should generate a template that uses custom options' do
should contain_file('apache.conf').with_content(/value_a/)
end
end
describe 'Test customizations - source' do
let(:params) { {:source => "puppet://modules/apache/spec" , :source_dir => "puppet://modules/apache/dir/spec" , :source_dir_purge => true } }
it 'should request a valid source ' do
should contain_file('apache.conf').with_source("puppet://modules/apache/spec")
end
it 'should request a valid source dir' do
should contain_file('apache.dir').with_source("puppet://modules/apache/dir/spec")
end
it 'should purge source dir if source_dir_purge is true' do
should contain_file('apache.dir').with_purge(true)
end
end
describe 'Test customizations - custom class' do
let(:params) { {:my_class => "apache::spec" } }
it 'should automatically include a custom class' do
should contain_file('apache.conf').with_content(/fqdn: rspec.example42.com/)
end
end
describe 'Test service autorestart' do
it 'should automatically restart the service, by default' do
should contain_file('apache.conf').with_notify("Service[apache]")
end
end
describe 'Test service autorestart' do
let(:params) { {:service_autorestart => "no" } }
it 'should not automatically restart the service, when service_autorestart => false' do
should contain_file('apache.conf').with_notify(nil)
end
end
describe 'Test Puppi Integration' do
let(:params) { {:puppi => true, :puppi_helper => "myhelper"} }
it 'should generate a puppi::ze define' do
should contain_puppi__ze('apache').with_helper("myhelper")
end
end
describe 'Test Monitoring Tools Integration' do
let(:params) { {:monitor => true, :monitor_tool => "puppi" } }
it 'should generate monitor defines' do
should contain_monitor__process('apache_process').with_tool("puppi")
end
end
describe 'Test Firewall Tools Integration' do
let(:params) { {:firewall => true, :firewall_tool => "iptables" , :protocol => "tcp" , :port => "42" } }
it 'should generate correct firewall define' do
should contain_firewall('apache_tcp_42').with_tool("iptables")
end
end
describe 'Test OldGen Module Set Integration' do
let(:params) { {:monitor => "yes" , :monitor_tool => "puppi" , :firewall => "yes" , :firewall_tool => "iptables" , :puppi => "yes" , :port => "42" } }
it 'should generate monitor resources' do
should contain_monitor__process('apache_process').with_tool("puppi")
end
it 'should generate firewall resources' do
should contain_firewall('apache_tcp_42').with_tool("iptables")
end
it 'should generate puppi resources ' do
should contain_puppi__ze('apache').with_ensure("present")
end
end
describe 'Test params lookup' do
let(:facts) { { :monitor => true , :ipaddress => '10.42.42.42', :operatingsystemrelease => '6.6' } }
let(:params) { { :port => '42' , :monitor_tool => 'puppi' } }
it 'should honour top scope global vars' do
should contain_monitor__process('apache_process').with_enable(true)
end
end
describe 'Test params lookup' do
let(:facts) { { :apache_monitor => true , :ipaddress => '10.42.42.42', :operatingsystemrelease => '6.6' } }
let(:params) { { :port => '42' , :monitor_tool => 'puppi' } }
it 'should honour module specific vars' do
should contain_monitor__process('apache_process').with_enable(true)
end
end
describe 'Test params lookup' do
let(:facts) { { :monitor => false , :apache_monitor => true , :ipaddress => '10.42.42.42', :operatingsystemrelease => '6.6' } }
let(:params) { { :port => '42' , :monitor_tool => 'puppi' } }
it 'should honour top scope module specific over global vars' do
should contain_monitor__process('apache_process').with_enable(true)
end
end
describe 'Test params lookup' do
let(:facts) { { :monitor => false , :ipaddress => '10.42.42.42', :operatingsystemrelease => '6.6' } }
let(:params) { { :monitor => true , :monitor_tool => 'puppi' , :firewall => true, :port => '42' } }
it 'should honour passed params over global vars' do
should contain_monitor__process('apache_process').with_enable(true)
end
end
end

1
modules/services/unix/http/apache/module/example42_apache_2_1_12/spec/spec_helper.rb
View File

@@ -1 +0,0 @@
require 'puppetlabs_spec_helper/module_spec_helper'

5
modules/services/unix/http/apache/secgen_metadata.xml
View File

@@ -1,5 +0,0 @@
<service
name="example42_apache_2_1_12"
type="http"
description="A secure Apache install">
</service>

0
modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/module/vsftpd_234_backdoor/files/copyvsftpd.sh → modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/vsftpd_234_backdoor/files/copyvsftpd.sh
View File

0
modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/module/vsftpd_234_backdoor/files/startvsftpd.sh → modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/vsftpd_234_backdoor/files/startvsftpd.sh
View File

0
modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/module/vsftpd_234_backdoor/files/vsftpd-2.3.4.tar.gz → modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/vsftpd_234_backdoor/files/vsftpd-2.3.4.tar.gz
View File

6
modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/module/vsftpd_234_backdoor/manifests/install.pp → modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/vsftpd_234_backdoor/manifests/install.pp
View File

@@ -4,7 +4,7 @@
exec { 'unzip-vsftpd':
command => 'tar xzf vsftpd-2.3.4.tar.gz && mv vsftpd-2.3.4 /home/vagrant/vsftpd-2.3.4',
path => '/bin',
cwd => '/mount/puppet/module/vsftpd_234_backdoor/vsftpd_234_backdoor/files',
cwd => '/mount/puppet/module/vsftpd_234_backdoor/files',
creates => "/home/vagrant/vsftpd-2.3.4/vsftpd",
notify => Exec['make-vsftpd']
}
@@ -18,7 +18,7 @@
}
exec { 'copy-vsftpd':
command => '/mount/puppet/module/vsftpd_234_backdoor/vsftpd_234_backdoor/files/copyvsftpd.sh',
command => '/mount/puppet/module/vsftpd_234_backdoor/files/copyvsftpd.sh',
cwd => "/home/vagrant/vsftpd-2.3.4",
creates => "/usr/local/sbin/vsftpd",
notify => User['ftp'],
@@ -37,7 +37,7 @@
}
exec { 'start-vsftpd':
command => '/mount/puppet/module/vsftpd_234_backdoor/vsftpd_234_backdoor/files/startvsftpd.sh',
command => '/mount/puppet/module/vsftpd_234_backdoor/files/startvsftpd.sh',
require => User["ftp"],
}
}

0
modules/vulnerabilities/unix/misc/distcc_exec/module/distcc_exec/manifests/distcc_config.pp → modules/vulnerabilities/unix/misc/distcc_exec/distcc_exec/manifests/distcc_config.pp
View File

0
modules/vulnerabilities/unix/misc/distcc_exec/module/distcc_exec/templates/distcc.erb → modules/vulnerabilities/unix/misc/distcc_exec/distcc_exec/templates/distcc.erb
View File

0
modules/vulnerabilities/unix/other/mountable_nfs/module/mountable_nfs/manifests/config.pp → modules/vulnerabilities/unix/other/mountable_nfs/mountable_nfs/manifests/config.pp
View File

0
modules/vulnerabilities/unix/other/mountable_nfs/module/mountable_nfs/templates/exports.erb → modules/vulnerabilities/unix/other/mountable_nfs/mountable_nfs/templates/exports.erb
View File

0
modules/vulnerabilities/unix/other/writeable_shadow/module/writeable_shadow/manifests/config.pp → modules/vulnerabilities/unix/other/writeable_shadow/writeable_shadow/manifests/config.pp
View File