apache_stretch_compatible: now works with 2 vhosts like wheezy, enables stretch base for on basic_narrative.xml

modules/services/unix/http/apache_stretch_compatible/apache/manifests/init.pp

@@ -34,7 +34,7 @@ class apache (
   Boolean $service_manage                                        = true,
   $service_ensure                                                = 'running',
   $service_restart                                               = undef,
-  $purge_configs                                                 = true,
+  $purge_configs                                                 = false,
   $purge_vhost_dir                                               = undef,
   $purge_vdir                                                    = false,
   $serveradmin                                                   = 'root@localhost',
@@ -90,7 +90,7 @@ class apache (
   $error_log                                                     = $::apache::params::error_log,
   $scriptalias                                                   = $::apache::params::scriptalias,
   $access_log_file                                               = $::apache::params::access_log_file,
-  $overwrite_ports                                               = false, # TODO: Implement this as in wheezy apache
+  $overwrite_ports                                               = true, # TODO: Implement this as in wheezy apache
 ) inherits ::apache::params {
 
   $valid_mpms_re = $apache_version ? {
@@ -256,17 +256,19 @@ class apache (
     $vhost_load_dir = $vhost_dir
   }
 
-  concat { $ports_file:
-    ensure  => present,
-    owner   => 'root',
-    group   => $::apache::params::root_group,
-    mode    => $::apache::file_mode,
-    notify  => Class['Apache::Service'],
-    require => Package['httpd'],
-  }
-  concat::fragment { 'Apache ports header':
-    target  => $ports_file,
-    content => template('apache/ports_header.erb'),
+  if $overwrite_ports {
+    concat { $ports_file:
+      ensure  => present,
+      owner   => 'root',
+      group   => $::apache::params::root_group,
+      mode    => $::apache::file_mode,
+      notify  => Class['Apache::Service'],
+      require => Package['httpd'],
+    }
+    concat::fragment { 'Apache ports header':
+      target  => $ports_file,
+      content => template('apache/ports_header.erb'),
+    }
   }
 
   if $::apache::conf_dir and $::apache::params::conf_file {
@@ -332,7 +334,7 @@ class apache (
       ensure  => file,
       content => template($conf_template),
       notify  => Class['Apache::Service'],
-      require => [Package['httpd'], Concat[$ports_file]],
+      require => [Package['httpd']],
     }
 
     # preserve back-wards compatibility to the times when default_mods was

modules/services/unix/http/apache_stretch_compatible/apache/manifests/listen.pp

@@ -1,9 +1,25 @@
-define apache::listen {
+define apache::listen ($port='') {
   $listen_addr_port = $name
 
-  # Template uses: $listen_addr_port
-  concat::fragment { "Listen ${listen_addr_port}":
-    target  => $::apache::ports_file,
-    content => template('apache/listen.erb'),
+  if defined(Concat[$::apache::ports_file]){
+    # Template uses: $listen_addr_port
+    concat::fragment { "Listen ${listen_addr_port}":
+      target  => $::apache::ports_file,
+      content => template('apache/listen.erb'),
+    }
+  } elsif $port != '80' {
+    # Create a temporary file
+    # join with cat $tmp_file >> $file
+    # remove tmp files
+    $ports_file = $::apache::ports_file
+    $tmp_file = "$ports_file-tmp_listen"
+    file { $tmp_file:
+      ensure => file,
+      content => template('apache/listen.erb'),
+    }
+
+    exec { "apache::listen: cat $tmp_file with ports.conf":
+      command => "/bin/cat $tmp_file >> $ports_file;/bin/rm $tmp_file"
+    }
   }
 }

modules/services/unix/http/apache_stretch_compatible/apache/manifests/mpm.pp

@@ -29,20 +29,20 @@ define apache::mpm (
       }
     }
   } else {
-      if versioncmp($apache_version, '2.4') >= 0 {
-        file { "${mod_dir}/${mpm}.load":
-          ensure  => file,
-          path    => "${mod_dir}/${mpm}.load",
-          content => "LoadModule ${_id} ${_path}\n",
-          require => [
-            Package['httpd'],
-            Exec["mkdir ${mod_dir}"],
-          ],
-          before  => File[$mod_dir],
-          notify  => Class['apache::service'],
-        }
+    if versioncmp($apache_version, '2.4') >= 0 {
+      file { "${mod_dir}/${mpm}.load":
+        ensure  => file,
+        path    => "${mod_dir}/${mpm}.load",
+        content => "LoadModule ${_id} ${_path}\n",
+        require => [
+          Package['httpd'],
+          Exec["mkdir ${mod_dir}"],
+        ],
+        before  => File[$mod_dir],
+        notify  => Class['apache::service'],
       }
     }
+  }
 
   case $::osfamily {
     'debian': {
@@ -73,22 +73,27 @@ define apache::mpm (
         }
       }
 
-      if $mpm == 'itk' and $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '14.04' {
-        # workaround https://bugs.launchpad.net/ubuntu/+source/mpm-itk/+bug/1286882
-        exec {
-          '/usr/sbin/a2dismod mpm_event':
-            onlyif  => '/usr/bin/test -e /etc/apache2/mods-enabled/mpm_event.load',
-            require => Package['httpd'],
-            before  => Package['apache2-mpm-itk'],
-        }
-      }
-
-      if $mpm == 'itk' and $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '16.04' {
+      if $mpm == 'itk' and ( ( $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '16.04' ) or ( $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9.0.0') >= 0 ) ) {
         $packagename = 'libapache2-mpm-itk'
       } else {
         $packagename = "apache2-mpm-${mpm}"
       }
 
+      $mod_enabled_dir = $::apache::mod_enable_dir
+
+      if $mpm == 'prefork' and ( $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9.0.0') >= 0 ) {
+        exec { '/usr/sbin/a2dismod mpm_event':
+          onlyif  => "/usr/bin/test -e ${mod_enabled_dir}/mpm_event.load",
+        }
+      }
+
+      if $mpm == 'itk' and ( ( $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '14.04' ) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9.0.0') >= 0 ) ) {
+        # workaround https://bugs.launchpad.net/ubuntu/+source/mpm-itk/+bug/1286882
+        exec { '/usr/sbin/a2dismod mpm_event':
+          onlyif  => "/usr/bin/test -e ${mod_enabled_dir}/mpm_event.load",
+        }
+      }
+
       if versioncmp($apache_version, '2.4') < 0 or $mpm == 'itk' {
         package { $packagename:
           ensure => present,

modules/services/unix/http/apache_stretch_compatible/apache/manifests/namevirtualhost.pp

@@ -1,9 +1,31 @@
-define apache::namevirtualhost {
+define apache::namevirtualhost ($port=''){
   $addr_port = $name
 
-  # Template uses: $addr_port
-  concat::fragment { "NameVirtualHost ${addr_port}":
-    target  => $::apache::ports_file,
-    content => template('apache/namevirtualhost.erb'),
+  if defined(Concat[$::apache::ports_file]){
+    # Template uses: $addr_port
+    concat::fragment { "NameVirtualHost ${addr_port}":
+      target  => $::apache::ports_file,
+      content => template('apache/namevirtualhost.erb'),
+    }
+  } elsif $port != '80' {  # if a second vhost is declared off port 80
+    # Create a temporary file
+    # join with cat $tmp_file >> $file
+    # remove tmp files
+    $ports_file = $::apache::ports_file
+    $tmp_file = "$ports_file-tmp_nvh"
+    file { $tmp_file:
+      ensure => file,
+      content => template('apache/namevirtualhost.erb'),
+    }
+
+    exec { "apache::listen: cat $tmp_file with ports.conf":
+      command => "/bin/cat $tmp_file >> $ports_file;/bin/rm $tmp_file",
+      require => File[$tmp_file]
+    }
+
+  } else {  # if a second vhost is declared on port 80
+    tidy { 'remove apache default site':
+      path =>'/etc/apache2/sites-enabled/000-default',
+    }
   }
 }

modules/services/unix/http/apache_stretch_compatible/apache/manifests/vhost.pp

@@ -396,12 +396,12 @@ define apache::vhost(
       fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this")
     }
     if $listen_addr_port and $ensure == 'present' {
-      ensure_resource('apache::listen', $listen_addr_port)
+      ensure_resource('apache::listen', $listen_addr_port, {'port'=> $port})
     }
   }
   if ! $ip_based {
     if $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) {
-      ensure_resource('apache::namevirtualhost', $nvh_addr_port)
+      ensure_resource('::apache::namevirtualhost', $nvh_addr_port, {'port' => $port})
     }
   }
 

modules/services/unix/http/parameterised_website/manifests/apache.pp

@@ -5,10 +5,14 @@ class parameterised_website::apache {
   class { '::apache':
     default_vhost => false,
     overwrite_ports => false,
+    mpm_module => 'prefork',
   }
 
-  apache::vhost { 'vhost.test.com':
+  apache::vhost { 'parameterised.website':
     port    => $port,
     docroot => '/var/www/parameterised_website',
+    notify => Tidy['pws remove default site'],
   }
+
+  ensure_resource('tidy','pws remove default site', {'path'=>'/etc/apache2/sites-enabled/000-default.conf'})
 }

modules/vulnerabilities/unix/webapp/onlinestore/manifests/apache.pp

@@ -12,8 +12,11 @@ class onlinestore::apache {
   ::apache::vhost { 'onlinestore':
     port    => $port,
     docroot => $docroot,
+    notify => Tidy['os remove default site'],
   }
 
+  ensure_resource('tidy','os remove default site', {'path'=>'/etc/apache2/sites-enabled/000-default.conf'})
+
   case $operatingsystemrelease {
     /^9.*/: { # do 9.x stretch stuff
       exec { 'a2enmod php5.6':