Mercurial > repos > other > Puppet
comparison modules/apache/manifests/init.pp @ 257:675c1cc61eaf
Update Apache module to get CentOS 8 support
Unfortunately it only fixes some bits. mod_wsgi still needs
other approaches
This also overrides the vhost modification to make them come last
in the import order (after module loading)
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sun, 22 Dec 2019 14:43:29 -0500 |
| parents | 37675581a273 |
| children | d9352a684e62 |
comparison
equal
deleted
inserted
replaced
| 252:47750947f4dc | 257:675c1cc61eaf |
|---|---|
| 15 class apache ( | 15 class apache ( |
| 16 $apache_name = $::apache::params::apache_name, | 16 $apache_name = $::apache::params::apache_name, |
| 17 $service_name = $::apache::params::service_name, | 17 $service_name = $::apache::params::service_name, |
| 18 $default_mods = true, | 18 $default_mods = true, |
| 19 $default_vhost = true, | 19 $default_vhost = true, |
| 20 $default_charset = undef, | |
| 20 $default_confd_files = true, | 21 $default_confd_files = true, |
| 21 $default_ssl_vhost = false, | 22 $default_ssl_vhost = false, |
| 22 $default_ssl_cert = $::apache::params::default_ssl_cert, | 23 $default_ssl_cert = $::apache::params::default_ssl_cert, |
| 23 $default_ssl_key = $::apache::params::default_ssl_key, | 24 $default_ssl_key = $::apache::params::default_ssl_key, |
| 24 $default_ssl_chain = undef, | 25 $default_ssl_chain = undef, |
| 25 $default_ssl_ca = undef, | 26 $default_ssl_ca = undef, |
| 26 $default_ssl_crl_path = undef, | 27 $default_ssl_crl_path = undef, |
| 27 $default_ssl_crl = undef, | 28 $default_ssl_crl = undef, |
| 28 $default_ssl_crl_check = undef, | 29 $default_ssl_crl_check = undef, |
| 30 $default_type = 'none', | |
| 31 $dev_packages = $::apache::params::dev_packages, | |
| 29 $ip = undef, | 32 $ip = undef, |
| 30 $service_enable = true, | 33 $service_enable = true, |
| 31 $service_manage = true, | 34 $service_manage = true, |
| 32 $service_ensure = 'running', | 35 $service_ensure = 'running', |
| 36 $service_restart = undef, | |
| 33 $purge_configs = true, | 37 $purge_configs = true, |
| 34 $purge_vhost_dir = undef, | 38 $purge_vhost_dir = undef, |
| 35 $purge_vdir = false, | 39 $purge_vdir = false, |
| 36 $serveradmin = 'root@localhost', | 40 $serveradmin = 'root@localhost', |
| 37 $sendfile = 'On', | 41 $sendfile = 'On', |
| 41 $server_root = $::apache::params::server_root, | 45 $server_root = $::apache::params::server_root, |
| 42 $conf_dir = $::apache::params::conf_dir, | 46 $conf_dir = $::apache::params::conf_dir, |
| 43 $confd_dir = $::apache::params::confd_dir, | 47 $confd_dir = $::apache::params::confd_dir, |
| 44 $vhost_dir = $::apache::params::vhost_dir, | 48 $vhost_dir = $::apache::params::vhost_dir, |
| 45 $vhost_enable_dir = $::apache::params::vhost_enable_dir, | 49 $vhost_enable_dir = $::apache::params::vhost_enable_dir, |
| 50 $vhost_include_pattern = $::apache::params::vhost_include_pattern, | |
| 46 $mod_dir = $::apache::params::mod_dir, | 51 $mod_dir = $::apache::params::mod_dir, |
| 47 $mod_enable_dir = $::apache::params::mod_enable_dir, | 52 $mod_enable_dir = $::apache::params::mod_enable_dir, |
| 48 $mpm_module = $::apache::params::mpm_module, | 53 $mpm_module = $::apache::params::mpm_module, |
| 54 $lib_path = $::apache::params::lib_path, | |
| 49 $conf_template = $::apache::params::conf_template, | 55 $conf_template = $::apache::params::conf_template, |
| 50 $servername = $::apache::params::servername, | 56 $servername = $::apache::params::servername, |
| 57 $pidfile = $::apache::params::pidfile, | |
| 58 $rewrite_lock = undef, | |
| 51 $manage_user = true, | 59 $manage_user = true, |
| 52 $manage_group = true, | 60 $manage_group = true, |
| 53 $user = $::apache::params::user, | 61 $user = $::apache::params::user, |
| 54 $group = $::apache::params::group, | 62 $group = $::apache::params::group, |
| 55 $keepalive = $::apache::params::keepalive, | 63 $keepalive = $::apache::params::keepalive, |
| 56 $keepalive_timeout = $::apache::params::keepalive_timeout, | 64 $keepalive_timeout = $::apache::params::keepalive_timeout, |
| 57 $max_keepalive_requests = $apache::params::max_keepalive_requests, | 65 $max_keepalive_requests = $::apache::params::max_keepalive_requests, |
| 66 $limitreqfieldsize = '8190', | |
| 58 $logroot = $::apache::params::logroot, | 67 $logroot = $::apache::params::logroot, |
| 59 $logroot_mode = $::apache::params::logroot_mode, | 68 $logroot_mode = $::apache::params::logroot_mode, |
| 60 $log_level = $::apache::params::log_level, | 69 $log_level = $::apache::params::log_level, |
| 61 $log_formats = {}, | 70 $log_formats = {}, |
| 71 $ssl_file = $::apache::params::ssl_file, | |
| 62 $ports_file = $::apache::params::ports_file, | 72 $ports_file = $::apache::params::ports_file, |
| 63 $docroot = $::apache::params::docroot, | 73 $docroot = $::apache::params::docroot, |
| 64 $apache_version = $::apache::version::default, | 74 $apache_version = $::apache::version::default, |
| 65 $server_tokens = 'OS', | 75 $server_tokens = 'OS', |
| 66 $server_signature = 'On', | 76 $server_signature = 'On', |
| 67 $trace_enable = 'On', | 77 $trace_enable = 'On', |
| 68 $allow_encoded_slashes = undef, | 78 $allow_encoded_slashes = undef, |
| 69 $package_ensure = 'installed', | 79 $package_ensure = 'installed', |
| 70 $use_optional_includes = $::apache::params::use_optional_includes, | 80 $use_optional_includes = $::apache::params::use_optional_includes, |
| 81 $use_systemd = $::apache::params::use_systemd, | |
| 82 $mime_types_additional = $::apache::params::mime_types_additional, | |
| 83 $file_mode = $::apache::params::file_mode, | |
| 84 $root_directory_options = $::apache::params::root_directory_options, | |
| 85 $root_directory_secured = false, | |
| 86 $error_log = $::apache::params::error_log, | |
| 87 $scriptalias = $::apache::params::scriptalias, | |
| 88 $access_log_file = $::apache::params::access_log_file, | |
| 71 ) inherits ::apache::params { | 89 ) inherits ::apache::params { |
| 72 validate_bool($default_vhost) | 90 validate_bool($default_vhost) |
| 73 validate_bool($default_ssl_vhost) | 91 validate_bool($default_ssl_vhost) |
| 74 validate_bool($default_confd_files) | 92 validate_bool($default_confd_files) |
| 75 # true/false is sufficient for both ensure and enable | 93 # true/false is sufficient for both ensure and enable |
| 76 validate_bool($service_enable) | 94 validate_bool($service_enable) |
| 77 validate_bool($service_manage) | 95 validate_bool($service_manage) |
| 78 validate_bool($use_optional_includes) | 96 validate_bool($use_optional_includes) |
| 97 validate_bool($root_directory_secured) | |
| 79 | 98 |
| 80 $valid_mpms_re = $apache_version ? { | 99 $valid_mpms_re = $apache_version ? { |
| 81 '2.4' => '(event|itk|peruser|prefork|worker)', | 100 '2.4' => '(event|itk|peruser|prefork|worker)', |
| 82 default => '(event|itk|prefork|worker)' | 101 default => '(event|itk|prefork|worker)' |
| 83 } | 102 } |
| 84 | 103 |
| 85 if $mpm_module { | 104 if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans |
| 86 validate_re($mpm_module, $valid_mpms_re) | 105 validate_re($mpm_module, $valid_mpms_re) |
| 87 } | 106 } |
| 88 | 107 |
| 89 if $allow_encoded_slashes { | 108 if $allow_encoded_slashes { |
| 90 validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.") | 109 validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.") |
| 116 } | 135 } |
| 117 validate_bool($manage_group) | 136 validate_bool($manage_group) |
| 118 if $manage_group { | 137 if $manage_group { |
| 119 group { $group: | 138 group { $group: |
| 120 ensure => present, | 139 ensure => present, |
| 121 require => Package['httpd'] | 140 require => Package['httpd'], |
| 122 } | 141 } |
| 123 } | 142 } |
| 124 | 143 |
| 125 $valid_log_level_re = '(emerg|alert|crit|error|warn|notice|info|debug)' | 144 validate_apache_log_level($log_level) |
| 126 | |
| 127 validate_re($log_level, $valid_log_level_re, | |
| 128 "Log level '${log_level}' is not one of the supported Apache HTTP Server log levels.") | |
| 129 | 145 |
| 130 class { '::apache::service': | 146 class { '::apache::service': |
| 131 service_name => $service_name, | 147 service_name => $service_name, |
| 132 service_enable => $service_enable, | 148 service_enable => $service_enable, |
| 133 service_manage => $service_manage, | 149 service_manage => $service_manage, |
| 134 service_ensure => $service_ensure, | 150 service_ensure => $service_ensure, |
| 151 service_restart => $service_restart, | |
| 135 } | 152 } |
| 136 | 153 |
| 137 # Deprecated backwards-compatibility | 154 # Deprecated backwards-compatibility |
| 138 if $purge_vdir { | 155 if $purge_vdir { |
| 139 warning('Class[\'apache\'] parameter purge_vdir is deprecated in favor of purge_configs') | 156 warning('Class[\'apache\'] parameter purge_vdir is deprecated in favor of purge_configs') |
| 159 } | 176 } |
| 160 file { $confd_dir: | 177 file { $confd_dir: |
| 161 ensure => directory, | 178 ensure => directory, |
| 162 recurse => true, | 179 recurse => true, |
| 163 purge => $purge_confd, | 180 purge => $purge_confd, |
| 181 force => $purge_confd, | |
| 164 notify => Class['Apache::Service'], | 182 notify => Class['Apache::Service'], |
| 165 require => Package['httpd'], | 183 require => Package['httpd'], |
| 166 } | 184 } |
| 167 | 185 |
| 168 if ! defined(File[$mod_dir]) { | 186 if ! defined(File[$mod_dir]) { |
| 176 ensure => directory, | 194 ensure => directory, |
| 177 recurse => true, | 195 recurse => true, |
| 178 purge => $purge_mod_dir, | 196 purge => $purge_mod_dir, |
| 179 notify => Class['Apache::Service'], | 197 notify => Class['Apache::Service'], |
| 180 require => Package['httpd'], | 198 require => Package['httpd'], |
| 199 before => Anchor['::apache::modules_set_up'], | |
| 181 } | 200 } |
| 182 } | 201 } |
| 183 | 202 |
| 184 if $mod_enable_dir and ! defined(File[$mod_enable_dir]) { | 203 if $mod_enable_dir and ! defined(File[$mod_enable_dir]) { |
| 185 $mod_load_dir = $mod_enable_dir | 204 $mod_load_dir = $mod_enable_dir |
| 228 } else { | 247 } else { |
| 229 $vhost_load_dir = $vhost_dir | 248 $vhost_load_dir = $vhost_dir |
| 230 } | 249 } |
| 231 | 250 |
| 232 concat { $ports_file: | 251 concat { $ports_file: |
| 252 ensure => present, | |
| 233 owner => 'root', | 253 owner => 'root', |
| 234 group => $::apache::params::root_group, | 254 group => $::apache::params::root_group, |
| 235 mode => '0644', | 255 mode => $::apache::file_mode, |
| 236 notify => Class['Apache::Service'], | 256 notify => Class['Apache::Service'], |
| 237 require => Package['httpd'], | 257 require => Package['httpd'], |
| 238 } | 258 } |
| 239 concat::fragment { 'Apache ports header': | 259 concat::fragment { 'Apache ports header': |
| 240 ensure => present, | |
| 241 target => $ports_file, | 260 target => $ports_file, |
| 242 content => template('apache/ports_header.erb') | 261 content => template('apache/ports_header.erb'), |
| 243 } | 262 } |
| 244 | 263 |
| 245 if $::apache::conf_dir and $::apache::params::conf_file { | 264 if $::apache::conf_dir and $::apache::params::conf_file { |
| 246 case $::osfamily { | 265 if $::osfamily == 'gentoo' { |
| 247 'debian': { | 266 $error_documents_path = '/usr/share/apache2/error' |
| 248 $pidfile = "\${APACHE_PID_FILE}" | 267 if is_array($default_mods) { |
| 249 $error_log = 'error.log' | 268 if versioncmp($apache_version, '2.4') >= 0 { |
| 250 $scriptalias = '/usr/lib/cgi-bin' | 269 if defined('apache::mod::ssl') { |
| 251 $access_log_file = 'access.log' | 270 ::portage::makeconf { 'apache2_modules': |
| 271 content => concat($default_mods, [ 'authz_core', 'socache_shmcb' ]), | |
| 272 } | |
| 273 } else { | |
| 274 ::portage::makeconf { 'apache2_modules': | |
| 275 content => concat($default_mods, 'authz_core'), | |
| 276 } | |
| 277 } | |
| 278 } else { | |
| 279 ::portage::makeconf { 'apache2_modules': | |
| 280 content => $default_mods, | |
| 281 } | |
| 282 } | |
| 252 } | 283 } |
| 253 'redhat': { | 284 |
| 254 $pidfile = 'run/httpd.pid' | 285 file { [ |
| 255 $error_log = 'error_log' | 286 '/etc/apache2/modules.d/.keep_www-servers_apache-2', |
| 256 $scriptalias = '/var/www/cgi-bin' | 287 '/etc/apache2/vhosts.d/.keep_www-servers_apache-2', |
| 257 $access_log_file = 'access_log' | 288 ]: |
| 258 } | 289 ensure => absent, |
| 259 'freebsd': { | 290 require => Package['httpd'], |
| 260 $pidfile = '/var/run/httpd.pid' | |
| 261 $error_log = 'httpd-error.log' | |
| 262 $scriptalias = '/usr/local/www/apache24/cgi-bin' | |
| 263 $access_log_file = 'httpd-access.log' | |
| 264 } | |
| 265 default: { | |
| 266 fail("Unsupported osfamily ${::osfamily}") | |
| 267 } | 291 } |
| 268 } | 292 } |
| 269 | 293 |
| 270 $apxs_workaround = $::osfamily ? { | 294 $apxs_workaround = $::osfamily ? { |
| 271 'freebsd' => true, | 295 'freebsd' => true, |
| 272 default => false | 296 default => false |
| 297 } | |
| 298 | |
| 299 if $rewrite_lock { | |
| 300 validate_absolute_path($rewrite_lock) | |
| 273 } | 301 } |
| 274 | 302 |
| 275 # Template uses: | 303 # Template uses: |
| 276 # - $pidfile | 304 # - $pidfile |
| 277 # - $user | 305 # - $user |
| 291 # - $max_keepalive_requests | 319 # - $max_keepalive_requests |
| 292 # - $server_root | 320 # - $server_root |
| 293 # - $server_tokens | 321 # - $server_tokens |
| 294 # - $server_signature | 322 # - $server_signature |
| 295 # - $trace_enable | 323 # - $trace_enable |
| 324 # - $rewrite_lock | |
| 325 # - $root_directory_secured | |
| 296 file { "${::apache::conf_dir}/${::apache::params::conf_file}": | 326 file { "${::apache::conf_dir}/${::apache::params::conf_file}": |
| 297 ensure => file, | 327 ensure => file, |
| 298 content => template($conf_template), | 328 content => template($conf_template), |
| 299 notify => Class['Apache::Service'], | 329 notify => Class['Apache::Service'], |
| 300 require => Package['httpd'], | 330 require => [Package['httpd'], Concat[$ports_file]], |
| 301 } | 331 } |
| 302 | 332 |
| 303 # preserve back-wards compatibility to the times when default_mods was | 333 # preserve back-wards compatibility to the times when default_mods was |
| 304 # only a boolean value. Now it can be an array (too) | 334 # only a boolean value. Now it can be an array (too) |
| 305 if is_array($default_mods) { | 335 if is_array($default_mods) { |
| 311 class { '::apache::default_mods': | 341 class { '::apache::default_mods': |
| 312 all => $default_mods, | 342 all => $default_mods, |
| 313 } | 343 } |
| 314 } | 344 } |
| 315 class { '::apache::default_confd_files': | 345 class { '::apache::default_confd_files': |
| 316 all => $default_confd_files | 346 all => $default_confd_files, |
| 317 } | 347 } |
| 318 if $mpm_module { | 348 if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans |
| 319 class { "::apache::mod::${mpm_module}": } | 349 include "::apache::mod::${mpm_module}" |
| 320 } | 350 } |
| 321 | 351 |
| 322 $default_vhost_ensure = $default_vhost ? { | 352 $default_vhost_ensure = $default_vhost ? { |
| 323 true => 'present', | 353 true => 'present', |
| 324 false => 'absent' | 354 false => 'absent' |
| 328 false => 'absent' | 358 false => 'absent' |
| 329 } | 359 } |
| 330 | 360 |
| 331 ::apache::vhost { 'default': | 361 ::apache::vhost { 'default': |
| 332 ensure => $default_vhost_ensure, | 362 ensure => $default_vhost_ensure, |
| 333 port => 80, | 363 port => '80', |
| 334 docroot => $docroot, | 364 docroot => $docroot, |
| 335 scriptalias => $scriptalias, | 365 scriptalias => $scriptalias, |
| 336 serveradmin => $serveradmin, | 366 serveradmin => $serveradmin, |
| 337 access_log_file => $access_log_file, | 367 access_log_file => $access_log_file, |
| 338 priority => '15', | 368 priority => '15', |
| 339 ip => $ip, | 369 ip => $ip, |
| 340 logroot_mode => $logroot_mode, | 370 logroot_mode => $logroot_mode, |
| 371 manage_docroot => $default_vhost, | |
| 341 } | 372 } |
| 342 $ssl_access_log_file = $::osfamily ? { | 373 $ssl_access_log_file = $::osfamily ? { |
| 343 'freebsd' => $access_log_file, | 374 'freebsd' => $access_log_file, |
| 344 default => "ssl_${access_log_file}", | 375 default => "ssl_${access_log_file}", |
| 345 } | 376 } |
| 346 ::apache::vhost { 'default-ssl': | 377 ::apache::vhost { 'default-ssl': |
| 347 ensure => $default_ssl_vhost_ensure, | 378 ensure => $default_ssl_vhost_ensure, |
| 348 port => 443, | 379 port => '443', |
| 349 ssl => true, | 380 ssl => true, |
| 350 docroot => $docroot, | 381 docroot => $docroot, |
| 351 scriptalias => $scriptalias, | 382 scriptalias => $scriptalias, |
| 352 serveradmin => $serveradmin, | 383 serveradmin => $serveradmin, |
| 353 access_log_file => $ssl_access_log_file, | 384 access_log_file => $ssl_access_log_file, |
| 354 priority => '15', | 385 priority => '15', |
| 355 ip => $ip, | 386 ip => $ip, |
| 356 logroot_mode => $logroot_mode, | 387 logroot_mode => $logroot_mode, |
| 357 } | 388 manage_docroot => $default_ssl_vhost, |
| 358 } | 389 } |
| 390 } | |
| 391 | |
| 392 # This anchor can be used as a reference point for things that need to happen *after* | |
| 393 # all modules have been put in place. | |
| 394 anchor { '::apache::modules_set_up': } | |
| 359 } | 395 } |