Mercurial > repos > other > Puppet

comparison modules/apache/manifests/params.pp @ 36:37675581a273 puppet-3.6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update Puppet module for Apache (pulls in concat module)
author IBBoard <dev@ibboard.co.uk>
date Sat, 14 Mar 2015 20:07:04 +0000
parents 956e484adc12
children 675c1cc61eaf
comparison
equal deleted inserted replaced
35:1bb941522ebf 36:37675581a273
25 $servername = $::hostname 25 $servername = $::hostname
26 } 26 }
27 27
28 # The default error log level 28 # The default error log level
29 $log_level = 'warn' 29 $log_level = 'warn'
30 30 $use_optional_includes = false
31
32 if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' {
33 $verify_command = '/usr/sbin/apache2ctl -t'
34 } else {
35 $verify_command = '/usr/sbin/apachectl -t'
36 }
31 if $::osfamily == 'RedHat' or $::operatingsystem == 'amazon' { 37 if $::osfamily == 'RedHat' or $::operatingsystem == 'amazon' {
32 $user = 'apache' 38 $user = 'apache'
33 $group = 'apache' 39 $group = 'apache'
34 $root_group = 'root' 40 $root_group = 'root'
35 $apache_name = 'httpd' 41 $apache_name = 'httpd'
37 $httpd_dir = '/etc/httpd' 43 $httpd_dir = '/etc/httpd'
38 $server_root = '/etc/httpd' 44 $server_root = '/etc/httpd'
39 $conf_dir = "${httpd_dir}/conf" 45 $conf_dir = "${httpd_dir}/conf"
40 $confd_dir = "${httpd_dir}/conf.d" 46 $confd_dir = "${httpd_dir}/conf.d"
41 $mod_dir = "${httpd_dir}/conf.d" 47 $mod_dir = "${httpd_dir}/conf.d"
48 $mod_enable_dir = undef
42 $vhost_dir = "${httpd_dir}/conf.d" 49 $vhost_dir = "${httpd_dir}/conf.d"
50 $vhost_enable_dir = undef
43 $conf_file = 'httpd.conf' 51 $conf_file = 'httpd.conf'
44 $ports_file = "${conf_dir}/ports.conf" 52 $ports_file = "${conf_dir}/ports.conf"
45 $logroot = '/var/log/httpd' 53 $logroot = '/var/log/httpd'
54 $logroot_mode = undef
46 $lib_path = 'modules' 55 $lib_path = 'modules'
47 $mpm_module = 'prefork' 56 $mpm_module = 'prefork'
48 $dev_packages = 'httpd-devel' 57 $dev_packages = 'httpd-devel'
49 $default_ssl_cert = '/etc/pki/tls/certs/localhost.crt' 58 $default_ssl_cert = '/etc/pki/tls/certs/localhost.crt'
50 $default_ssl_key = '/etc/pki/tls/private/localhost.key' 59 $default_ssl_key = '/etc/pki/tls/private/localhost.key'
51 $ssl_certs_dir = '/etc/pki/tls/certs' 60 $ssl_certs_dir = '/etc/pki/tls/certs'
52 $passenger_conf_file = 'passenger_extra.conf' 61 $passenger_conf_file = 'passenger_extra.conf'
53 $passenger_conf_package_file = 'passenger.conf' 62 $passenger_conf_package_file = 'passenger.conf'
54 $passenger_root = undef 63 $passenger_root = undef
55 $passenger_ruby = undef 64 $passenger_ruby = undef
65 $passenger_default_ruby = undef
56 $suphp_addhandler = 'php5-script' 66 $suphp_addhandler = 'php5-script'
57 $suphp_engine = 'off' 67 $suphp_engine = 'off'
58 $suphp_configpath = undef 68 $suphp_configpath = undef
69 # NOTE: The module for Shibboleth is not available to RH/CentOS without an additional repository. http://wiki.aaf.edu.au/tech-info/sp-install-guide
70 # NOTE: The auth_cas module isn't available to RH/CentOS without enabling EPEL.
59 $mod_packages = { 71 $mod_packages = {
72 'auth_cas' => 'mod_auth_cas',
60 'auth_kerb' => 'mod_auth_kerb', 73 'auth_kerb' => 'mod_auth_kerb',
61 'authnz_ldap' => 'mod_authz_ldap', 74 'authnz_ldap' => $::apache::version::distrelease ? {
75 '7' => 'mod_ldap',
76 default => 'mod_authz_ldap',
77 },
62 'fastcgi' => 'mod_fastcgi', 78 'fastcgi' => 'mod_fastcgi',
63 'fcgid' => 'mod_fcgid', 79 'fcgid' => 'mod_fcgid',
64 'pagespeed' => 'mod-pagespeed-stable', 80 'pagespeed' => 'mod-pagespeed-stable',
65 'passenger' => 'mod_passenger', 81 'passenger' => 'mod_passenger',
66 'perl' => 'mod_perl', 82 'perl' => 'mod_perl',
68 '5' => 'php53', 84 '5' => 'php53',
69 default => 'php', 85 default => 'php',
70 }, 86 },
71 'proxy_html' => 'mod_proxy_html', 87 'proxy_html' => 'mod_proxy_html',
72 'python' => 'mod_python', 88 'python' => 'mod_python',
89 'security' => 'mod_security',
73 'shibboleth' => 'shibboleth', 90 'shibboleth' => 'shibboleth',
74 'ssl' => 'mod_ssl', 91 'ssl' => 'mod_ssl',
75 'wsgi' => 'mod_wsgi', 92 'wsgi' => 'mod_wsgi',
76 'dav_svn' => 'mod_dav_svn', 93 'dav_svn' => 'mod_dav_svn',
77 'suphp' => 'mod_suphp', 94 'suphp' => 'mod_suphp',
78 'xsendfile' => 'mod_xsendfile', 95 'xsendfile' => 'mod_xsendfile',
79 'nss' => 'mod_nss', 96 'nss' => 'mod_nss',
97 'shib2' => 'shibboleth',
80 } 98 }
81 $mod_libs = { 99 $mod_libs = {
82 'php5' => 'libphp5.so', 100 'php5' => 'libphp5.so',
83 'nss' => 'libmodnss.so', 101 'nss' => 'libmodnss.so',
84 } 102 }
87 $keepalive_timeout = 15 105 $keepalive_timeout = 15
88 $max_keepalive_requests = 100 106 $max_keepalive_requests = 100
89 $fastcgi_lib_path = undef 107 $fastcgi_lib_path = undef
90 $mime_support_package = 'mailcap' 108 $mime_support_package = 'mailcap'
91 $mime_types_config = '/etc/mime.types' 109 $mime_types_config = '/etc/mime.types'
110 $docroot = '/var/www/html'
111 $error_documents_path = $::apache::version::distrelease ? {
112 '7' => '/usr/share/httpd/error',
113 default => '/var/www/error'
114 }
115 if $::osfamily == 'RedHat' {
116 $wsgi_socket_prefix = '/var/run/wsgi'
117 } else {
118 $wsgi_socket_prefix = undef
119 }
120 $cas_cookie_path = '/var/cache/mod_auth_cas/'
121 $modsec_crs_package = 'mod_security_crs'
122 $modsec_crs_path = '/usr/lib/modsecurity.d'
123 $modsec_dir = '/etc/httpd/modsecurity.d'
124 $modsec_default_rules = [
125 'base_rules/modsecurity_35_bad_robots.data',
126 'base_rules/modsecurity_35_scanners.data',
127 'base_rules/modsecurity_40_generic_attacks.data',
128 'base_rules/modsecurity_41_sql_injection_attacks.data',
129 'base_rules/modsecurity_50_outbound.data',
130 'base_rules/modsecurity_50_outbound_malware.data',
131 'base_rules/modsecurity_crs_20_protocol_violations.conf',
132 'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
133 'base_rules/modsecurity_crs_23_request_limits.conf',
134 'base_rules/modsecurity_crs_30_http_policy.conf',
135 'base_rules/modsecurity_crs_35_bad_robots.conf',
136 'base_rules/modsecurity_crs_40_generic_attacks.conf',
137 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
138 'base_rules/modsecurity_crs_41_xss_attacks.conf',
139 'base_rules/modsecurity_crs_42_tight_security.conf',
140 'base_rules/modsecurity_crs_45_trojans.conf',
141 'base_rules/modsecurity_crs_47_common_exceptions.conf',
142 'base_rules/modsecurity_crs_49_inbound_blocking.conf',
143 'base_rules/modsecurity_crs_50_outbound.conf',
144 'base_rules/modsecurity_crs_59_outbound_blocking.conf',
145 'base_rules/modsecurity_crs_60_correlation.conf'
146 ]
92 } elsif $::osfamily == 'Debian' { 147 } elsif $::osfamily == 'Debian' {
93 $user = 'www-data' 148 $user = 'www-data'
94 $group = 'www-data' 149 $group = 'www-data'
95 $root_group = 'root' 150 $root_group = 'root'
96 $apache_name = 'apache2' 151 $apache_name = 'apache2'
104 $vhost_dir = "${httpd_dir}/sites-available" 159 $vhost_dir = "${httpd_dir}/sites-available"
105 $vhost_enable_dir = "${httpd_dir}/sites-enabled" 160 $vhost_enable_dir = "${httpd_dir}/sites-enabled"
106 $conf_file = 'apache2.conf' 161 $conf_file = 'apache2.conf'
107 $ports_file = "${conf_dir}/ports.conf" 162 $ports_file = "${conf_dir}/ports.conf"
108 $logroot = '/var/log/apache2' 163 $logroot = '/var/log/apache2'
164 $logroot_mode = undef
109 $lib_path = '/usr/lib/apache2/modules' 165 $lib_path = '/usr/lib/apache2/modules'
110 $mpm_module = 'worker' 166 $mpm_module = 'worker'
111 $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] 167 $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev']
112 $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' 168 $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
113 $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' 169 $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key'
114 $ssl_certs_dir = '/etc/ssl/certs' 170 $ssl_certs_dir = '/etc/ssl/certs'
115 $passenger_conf_file = 'passenger_extra.conf'
116 $passenger_conf_package_file = 'passenger.conf'
117 $passenger_root = undef
118 $passenger_ruby = undef
119 $suphp_addhandler = 'x-httpd-php' 171 $suphp_addhandler = 'x-httpd-php'
120 $suphp_engine = 'off' 172 $suphp_engine = 'off'
121 $suphp_configpath = '/etc/php5/apache2' 173 $suphp_configpath = '/etc/php5/apache2'
122 $mod_packages = { 174 $mod_packages = {
175 'auth_cas' => 'libapache2-mod-auth-cas',
123 'auth_kerb' => 'libapache2-mod-auth-kerb', 176 'auth_kerb' => 'libapache2-mod-auth-kerb',
124 'dav_svn' => 'libapache2-svn', 177 'dav_svn' => 'libapache2-svn',
125 'fastcgi' => 'libapache2-mod-fastcgi', 178 'fastcgi' => 'libapache2-mod-fastcgi',
126 'fcgid' => 'libapache2-mod-fcgid', 179 'fcgid' => 'libapache2-mod-fcgid',
127 'nss' => 'libapache2-mod-nss', 180 'nss' => 'libapache2-mod-nss',
130 'perl' => 'libapache2-mod-perl2', 183 'perl' => 'libapache2-mod-perl2',
131 'php5' => 'libapache2-mod-php5', 184 'php5' => 'libapache2-mod-php5',
132 'proxy_html' => 'libapache2-mod-proxy-html', 185 'proxy_html' => 'libapache2-mod-proxy-html',
133 'python' => 'libapache2-mod-python', 186 'python' => 'libapache2-mod-python',
134 'rpaf' => 'libapache2-mod-rpaf', 187 'rpaf' => 'libapache2-mod-rpaf',
188 'security' => 'libapache2-modsecurity',
135 'suphp' => 'libapache2-mod-suphp', 189 'suphp' => 'libapache2-mod-suphp',
136 'wsgi' => 'libapache2-mod-wsgi', 190 'wsgi' => 'libapache2-mod-wsgi',
137 'xsendfile' => 'libapache2-mod-xsendfile', 191 'xsendfile' => 'libapache2-mod-xsendfile',
192 'shib2' => 'libapache2-mod-shib2',
138 } 193 }
139 $mod_libs = { 194 $mod_libs = {
140 'php5' => 'libphp5.so', 195 'php5' => 'libphp5.so',
141 } 196 }
142 $conf_template = 'apache/httpd.conf.erb' 197 $conf_template = 'apache/httpd.conf.erb'
144 $keepalive_timeout = 15 199 $keepalive_timeout = 15
145 $max_keepalive_requests = 100 200 $max_keepalive_requests = 100
146 $fastcgi_lib_path = '/var/lib/apache2/fastcgi' 201 $fastcgi_lib_path = '/var/lib/apache2/fastcgi'
147 $mime_support_package = 'mime-support' 202 $mime_support_package = 'mime-support'
148 $mime_types_config = '/etc/mime.types' 203 $mime_types_config = '/etc/mime.types'
204 $docroot = '/var/www'
205 $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/'
206 $modsec_crs_package = 'modsecurity-crs'
207 $modsec_crs_path = '/usr/share/modsecurity-crs'
208 $modsec_dir = '/etc/modsecurity'
209 $modsec_default_rules = [
210 'base_rules/modsecurity_35_bad_robots.data',
211 'base_rules/modsecurity_35_scanners.data',
212 'base_rules/modsecurity_40_generic_attacks.data',
213 'base_rules/modsecurity_41_sql_injection_attacks.data',
214 'base_rules/modsecurity_50_outbound.data',
215 'base_rules/modsecurity_50_outbound_malware.data',
216 'base_rules/modsecurity_crs_20_protocol_violations.conf',
217 'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
218 'base_rules/modsecurity_crs_23_request_limits.conf',
219 'base_rules/modsecurity_crs_30_http_policy.conf',
220 'base_rules/modsecurity_crs_35_bad_robots.conf',
221 'base_rules/modsecurity_crs_40_generic_attacks.conf',
222 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
223 'base_rules/modsecurity_crs_41_xss_attacks.conf',
224 'base_rules/modsecurity_crs_42_tight_security.conf',
225 'base_rules/modsecurity_crs_45_trojans.conf',
226 'base_rules/modsecurity_crs_47_common_exceptions.conf',
227 'base_rules/modsecurity_crs_49_inbound_blocking.conf',
228 'base_rules/modsecurity_crs_50_outbound.conf',
229 'base_rules/modsecurity_crs_59_outbound_blocking.conf',
230 'base_rules/modsecurity_crs_60_correlation.conf'
231 ]
232 $error_documents_path = '/usr/share/apache2/error'
233
234 #
235 # Passenger-specific settings
236 #
237
238 $passenger_conf_file = 'passenger.conf'
239 $passenger_conf_package_file = undef
240
241 case $::operatingsystem {
242 'Ubuntu': {
243 case $::lsbdistrelease {
244 '12.04': {
245 $passenger_root = '/usr'
246 $passenger_ruby = '/usr/bin/ruby'
247 $passenger_default_ruby = undef
248 }
249 '14.04': {
250 $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
251 $passenger_ruby = undef
252 $passenger_default_ruby = '/usr/bin/ruby'
253 }
254 default: {
255 # The following settings may or may not work on Ubuntu releases not
256 # supported by this module.
257 $passenger_root = '/usr'
258 $passenger_ruby = '/usr/bin/ruby'
259 $passenger_default_ruby = undef
260 }
261 }
262 }
263 'Debian': {
264 case $::lsbdistcodename {
265 'wheezy': {
266 $passenger_root = '/usr'
267 $passenger_ruby = '/usr/bin/ruby'
268 $passenger_default_ruby = undef
269 }
270 'jessie': {
271 $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
272 $passenger_ruby = undef
273 $passenger_default_ruby = '/usr/bin/ruby'
274 }
275 default: {
276 # The following settings may or may not work on Debian releases not
277 # supported by this module.
278 $passenger_root = '/usr'
279 $passenger_ruby = '/usr/bin/ruby'
280 $passenger_default_ruby = undef
281 }
282 }
283 }
284 }
285 $wsgi_socket_prefix = undef
149 } elsif $::osfamily == 'FreeBSD' { 286 } elsif $::osfamily == 'FreeBSD' {
150 $user = 'www' 287 $user = 'www'
151 $group = 'www' 288 $group = 'www'
152 $root_group = 'wheel' 289 $root_group = 'wheel'
153 $apache_name = 'apache22' 290 $apache_name = 'apache24'
154 $service_name = 'apache22' 291 $service_name = 'apache24'
155 $httpd_dir = '/usr/local/etc/apache22' 292 $httpd_dir = '/usr/local/etc/apache24'
156 $server_root = '/usr/local' 293 $server_root = '/usr/local'
157 $conf_dir = $httpd_dir 294 $conf_dir = $httpd_dir
158 $confd_dir = "${httpd_dir}/Includes" 295 $confd_dir = "${httpd_dir}/Includes"
159 $mod_dir = "${httpd_dir}/Modules" 296 $mod_dir = "${httpd_dir}/Modules"
160 $mod_enable_dir = undef 297 $mod_enable_dir = undef
161 $vhost_dir = "${httpd_dir}/Vhosts" 298 $vhost_dir = "${httpd_dir}/Vhosts"
162 $vhost_enable_dir = undef 299 $vhost_enable_dir = undef
163 $conf_file = 'httpd.conf' 300 $conf_file = 'httpd.conf'
164 $ports_file = "${conf_dir}/ports.conf" 301 $ports_file = "${conf_dir}/ports.conf"
165 $logroot = '/var/log/apache22' 302 $logroot = '/var/log/apache24'
166 $lib_path = '/usr/local/libexec/apache22' 303 $logroot_mode = undef
304 $lib_path = '/usr/local/libexec/apache24'
167 $mpm_module = 'prefork' 305 $mpm_module = 'prefork'
168 $dev_packages = undef 306 $dev_packages = undef
169 $default_ssl_cert = '/usr/local/etc/apache22/server.crt' 307 $default_ssl_cert = '/usr/local/etc/apache24/server.crt'
170 $default_ssl_key = '/usr/local/etc/apache22/server.key' 308 $default_ssl_key = '/usr/local/etc/apache24/server.key'
171 $ssl_certs_dir = '/usr/local/etc/apache22' 309 $ssl_certs_dir = '/usr/local/etc/apache24'
172 $passenger_conf_file = 'passenger.conf' 310 $passenger_conf_file = 'passenger.conf'
173 $passenger_conf_package_file = undef 311 $passenger_conf_package_file = undef
174 $passenger_root = '/usr/local/lib/ruby/gems/1.9/gems/passenger-4.0.10' 312 $passenger_root = '/usr/local/lib/ruby/gems/1.9/gems/passenger-4.0.10'
175 $passenger_ruby = '/usr/bin/ruby' 313 $passenger_ruby = '/usr/bin/ruby'
314 $passenger_default_ruby = undef
176 $suphp_addhandler = 'php5-script' 315 $suphp_addhandler = 'php5-script'
177 $suphp_engine = 'off' 316 $suphp_engine = 'off'
178 $suphp_configpath = undef 317 $suphp_configpath = undef
179 $mod_packages = { 318 $mod_packages = {
180 # NOTE: I list here only modules that are not included in www/apache22 319 # NOTE: I list here only modules that are not included in www/apache24
181 # NOTE: 'passenger' needs to enable APACHE_SUPPORT in make config 320 # NOTE: 'passenger' needs to enable APACHE_SUPPORT in make config
182 # NOTE: 'php' needs to enable APACHE option in make config 321 # NOTE: 'php' needs to enable APACHE option in make config
183 # NOTE: 'dav_svn' needs to enable MOD_DAV_SVN make config 322 # NOTE: 'dav_svn' needs to enable MOD_DAV_SVN make config
184 # NOTE: not sure where the shibboleth should come from 323 # NOTE: not sure where the shibboleth should come from
185 # NOTE: don't know where the shibboleth module should come from
186 'auth_kerb' => 'www/mod_auth_kerb2', 324 'auth_kerb' => 'www/mod_auth_kerb2',
187 'fcgid' => 'www/mod_fcgid', 325 'fcgid' => 'www/mod_fcgid',
188 'passenger' => 'www/rubygem-passenger', 326 'passenger' => 'www/rubygem-passenger',
189 'perl' => 'www/mod_perl2', 327 'perl' => 'www/mod_perl2',
190 'php5' => 'lang/php5', 328 'php5' => 'www/mod_php5',
191 'proxy_html' => 'www/mod_proxy_html', 329 'proxy_html' => 'www/mod_proxy_html',
192 'python' => 'www/mod_python3', 330 'python' => 'www/mod_python3',
193 'wsgi' => 'www/mod_wsgi', 331 'wsgi' => 'www/mod_wsgi',
194 'dav_svn' => 'devel/subversion', 332 'dav_svn' => 'devel/subversion',
195 'xsendfile' => 'www/mod_xsendfile', 333 'xsendfile' => 'www/mod_xsendfile',
196 'rpaf' => 'www/mod_rpaf2' 334 'rpaf' => 'www/mod_rpaf2',
335 'shib2' => 'security/shibboleth2-sp',
197 } 336 }
198 $mod_libs = { 337 $mod_libs = {
199 'php5' => 'libphp5.so', 338 'php5' => 'libphp5.so',
200 } 339 }
201 $conf_template = 'apache/httpd.conf.erb' 340 $conf_template = 'apache/httpd.conf.erb'
203 $keepalive_timeout = 15 342 $keepalive_timeout = 15
204 $max_keepalive_requests = 100 343 $max_keepalive_requests = 100
205 $fastcgi_lib_path = undef # TODO: revisit 344 $fastcgi_lib_path = undef # TODO: revisit
206 $mime_support_package = 'misc/mime-support' 345 $mime_support_package = 'misc/mime-support'
207 $mime_types_config = '/usr/local/etc/mime.types' 346 $mime_types_config = '/usr/local/etc/mime.types'
347 $wsgi_socket_prefix = undef
348 $docroot = '/usr/local/www/apache24/data'
349 $error_documents_path = '/usr/local/www/apache24/error'
208 } else { 350 } else {
209 fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") 351 fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}")
210 } 352 }
211 } 353 }