Mercurial > repos > other > Puppet
changeset 36:37675581a273 puppet-3.6
Update Puppet module for Apache (pulls in concat module)
line wrap: on
line diff
--- a/modules/apache/CHANGELOG.md Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/CHANGELOG.md Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,165 @@ +##2015-02-17 - Supported Release 1.3.0 +###Summary + +This release has many new features and bugfixes, including the ability to optionally not trigger service restarts on config changes. + +####Features +- New parameters - `apache` + - `service_manage` + - `use_optional_includes` +- New parameters - `apache::service` + - `service_manage` +- New parameters - `apache::vhost` + - `access_logs` + - `php_flags` + - `php_values` + - `modsec_disable_vhost` + - `modsec_disable_ids` + - `modsec_disable_ips` + - `modsec_body_limit` +- Improved FreeBSD support +- Add ability to omit priority prefix if `$priority` is set to false +- Add `apache::security::rule_link` define +- Improvements to `apache::mod::*` + - Add `apache::mod::auth_cass` class + - Add `threadlimit`, `listenbacklog`, `maxrequestworkers`, `maxconnectionsperchild` parameters to `apache::mod::event` + - Add `apache::mod::filter` class + - Add `root_group` to `apache::mod::php` + - Add `apache::mod::proxy_connect` class + - Add `apache::mod::security` class + - Add `ssl_pass_phrase_dialog` and `ssl_random_seed_bytes parameters to `apache::mod::ssl` (MODULES-1719) + - Add `status_path` parameter to `apache::mod::status` + - Add `apache_version` parameter to `apache::mod::version` + - Add `package_name` and `mod_path` parameters to `apache::mod::wsgi` (MODULES-1458) +- Improved SCL support + - Add support for specifying the docroot +- Updated `_directories.erb` to add support for SetEnv +- Support multiple access log directives (MODULES-1382) +- Add passenger support for Debian Jessie +- Add support for not having puppet restart the apache service (MODULES-1559) + +####Bugfixes +- For apache 2.4 `mod_itk` requires `mod_prefork` (MODULES-825) +- Allow SSLCACertificatePath to be unset in `apache::vhost` (MODULES-1457) +- Load fcgid after unixd on RHEL7 +- Allow disabling default vhost for Apache 2.4 +- Test fixes +- `mod_version` is now built-in (MODULES-1446) +- Sort LogFormats for idempotency +- `allow_encoded_slashes` was omitted from `apache::vhost` +- Fix documentation bug (MODULES-1403, MODULES-1510) +- Sort `wsgi_script_aliases` for idempotency (MODULES-1384) +- lint fixes +- Fix automatic version detection for Debian Jessie +- Fix error docs and icons path for RHEL7-based systems (MODULES-1554) +- Sort php_* hashes for idempotency (MODULES-1680) +- Ensure `mod::setenvif` is included if needed (MODULES-1696) +- Fix indentation in `vhost/_directories.erb` template (MODULES-1688) +- Create symlinks on all distros if `vhost_enable_dir` is specified + +##2014-09-30 - Supported Release 1.2.0 +###Summary + +This release features many improvements and bugfixes, including several new defines, a reworking of apache::vhost for more extensibility, and many new parameters for more customization. This release also includes improved support for strict variables and the future parser. + +####Features +- Convert apache::vhost to use concat for easier extensions +- Test improvements +- Synchronize files with modulesync +- Strict variable and future parser support +- Added apache::custom_config defined type to allow validation of configs before they are created +- Added bool2httpd function to convert true/false to apache 'On' and 'Off'. Intended for internal use in the module. +- Improved SCL support + - allow overriding of the mod_ssl package name +- Add support for reverse_urls/ProxyPassReverse in apache::vhost +- Add satisfy directive in apache::vhost::directories +- Add apache::fastcgi::server defined type +- New parameters - apache + - allow_encoded_slashes + - apache_name + - conf_dir + - default_ssl_crl_check + - docroot + - logroot_mode + - purge_vhost_dir +- New parameters - apache::vhost + - add_default_charset + - allow_encoded_slashes + - logroot_ensure + - logroot_mode + - manage_docroot + - passenger_app_root + - passenger_min_instances + - passenger_pre_start + - passenger_ruby + - passenger_start_timeout + - proxy_preserve_host + - redirectmatch_dest + - ssl_crl_check + - wsgi_chunked_request + - wsgi_pass_authorization +- Add support for ScriptAlias and ScriptAliasMatch in the apache::vhost::aliases parameter +- Add support for rewrites in the apache::vhost::directories parameter +- If the service_ensure parameter in apache::service is set to anything other than true, false, running, or stopped, ensure will not be passed to the service resource, allowing for the service to not be managed by puppet +- Turn of SSLv3 by default +- Improvements to apache::mod* + - Add restrict_access parameter to apache::mod::info + - Add force_language_priority and language_priority parameters to apache::mod::negotiation + - Add threadlimit parameter to apache::mod::worker + - Add content, template, and source parameters to apache::mod::php + - Add mod_authz_svn support via the authz_svn_enabled parameter in apache::mod::dav_svn + - Add loadfile_name parameter to apache::mod + - Add apache::mod::deflate class + - Add options parameter to apache::mod::fcgid + - Add timeouts parameter to apache::mod::reqtimeout + - Add apache::mod::shib + - Add apache_version parameter to apache::mod::ldap + - Add magic_file parameter to apache::mod::mime_magic + - Add apache_version parameter to apache::mod::pagespeed + - Add passenger_default_ruby parameter to apache::mod::passenger + - Add content, template, and source parameters to apache::mod::php + - Add apache_version parameter to apache::mod::proxy + - Add loadfiles parameter to apache::mod::proxy_html + - Add ssl_protocol and package_name parameters to apache::mod::ssl + - Add apache_version parameter to apache::mod::status + - Add apache_version parameter to apache::mod::userdir + - Add apache::mod::version class + +####Bugfixes +- Set osfamily defaults for wsgi_socket_prefix +- Support multiple balancermembers with the same url +- Validate apache::vhost::custom_fragment +- Add support for itk with mod_php +- Allow apache::vhost::ssl_certs_dir to not be set +- Improved passenger support for Debian +- Improved 2.4 support without mod_access_compat +- Support for more than one 'Allow from'-directive in _directories.erb +- Don't load systemd on Amazon linux based on CentOS6 with apache 2.4 +- Fix missing newline in ModPagespeed filter and memcached servers directive +- Use interpolated strings instead of numbers where required by future parser +- Make auth_require take precedence over default with apache 2.4 +- Lint fixes +- Set default for php_admin_flags and php_admin_values to be empty hash instead of empty array +- Correct typo in mod::pagespeed +- spec_helper fixes +- Install mod packages before dealing with the configuration +- Use absolute scope to check class definition in apache::mod::php +- Fix dependency loop in apache::vhost +- Properly scope variables in the inline template in apache::balancer +- Documentation clarification, typos, and formatting +- Set apache::mod::ssl::ssl_mutex to default for debian on apache >= 2.4 +- Strict variables fixes +- Add authn_core mode to Ubuntu trusty defaults +- Keep default loadfile for authz_svn on Debian +- Remove '.conf' from the site-include regexp for better Ubuntu/Debian support +- Load unixd before fcgid for EL7 +- Fix RedirectMatch rules +- Fix misleading error message in apache::version + +####Known Bugs +* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. +* SLES is unsupported. + ##2014-07-15 - Supported Release 1.1.1 ###Summary
--- a/modules/apache/CONTRIBUTING.md Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/CONTRIBUTING.md Sat Mar 14 20:07:04 2015 +0000 @@ -41,11 +41,9 @@ * Pre-requisites: - - Sign the [Contributor License Agreement](https://cla.puppetlabs.com/) - - Make sure you have a [GitHub account](https://github.com/join) - - [Create a ticket](http://projects.puppetlabs.com/projects/modules/issues/new), or [watch the ticket](http://projects.puppetlabs.com/projects/modules/issues) you are patching for. + - [Create a ticket](https://tickets.puppetlabs.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppetlabs.com/browse/) you are patching for. * Preferred method: @@ -94,17 +92,7 @@ whitespace or other "whitespace errors". You can do this by running "git diff --check" on your changes before you commit. - 2. Sign the Contributor License Agreement - - Before we can accept your changes, we do need a signed Puppet - Labs Contributor License Agreement (CLA). - - You can access the CLA via the [Contributor License Agreement link](https://cla.puppetlabs.com/) - - If you have any questions about the CLA, please feel free to - contact Puppet Labs via email at cla-submissions@puppetlabs.com. - - 3. Sending your patches + 2. Sending your patches To submit your changes via a GitHub pull request, we _highly_ recommend that you have them on a topic branch, instead of @@ -124,7 +112,7 @@ in order to open a pull request. - 4. Update the related GitHub issue. + 3. Update the related GitHub issue. If there is a GitHub issue associated with the change you submitted, then you should update the ticket to include the @@ -220,14 +208,12 @@ Additional Resources ==================== -* [Getting additional help](http://projects.puppetlabs.com/projects/puppet/wiki/Getting_Help) +* [Getting additional help](http://puppetlabs.com/community/get-help) * [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests) * [Patchwork](https://patchwork.puppetlabs.com) -* [Contributor License Agreement](https://projects.puppetlabs.com/contributor_licenses/sign) - * [General GitHub documentation](http://help.github.com/) * [GitHub pull request documentation](http://help.github.com/send-pull-requests/)
--- a/modules/apache/Gemfile Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/Gemfile Sat Mar 14 20:07:04 2015 +0000 @@ -1,14 +1,19 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" -group :development, :test do - gem 'rake', '10.1.1', :require => false - gem 'rspec', '~> 2.11', :require => false - gem 'rspec-puppet', '>=1.0.0', :require => false +group :development, :unit_tests do + gem 'rake', :require => false + gem 'rspec-core', '3.1.7', :require => false + gem 'rspec-puppet', '~> 1.0', :require => false gem 'puppetlabs_spec_helper', :require => false - gem 'serverspec', :require => false gem 'puppet-lint', :require => false - gem 'beaker', :require => false - gem 'beaker-rspec', :require => false + gem 'simplecov', :require => false + gem 'puppet_facts', :require => false + gem 'json', :require => false +end + +group :system_tests do + gem 'beaker-rspec', :require => false + gem 'serverspec', :require => false end if facterversion = ENV['FACTER_GEM_VERSION']
--- a/modules/apache/README.md Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/README.md Sat Mar 14 20:07:04 2015 +0000 @@ -12,16 +12,27 @@ 4. [Usage - The classes and defined types available for configuration](#usage) * [Classes and Defined Types](#classes-and-defined-types) * [Class: apache](#class-apache) + * [Defined Type: apache::custom_config](#defined-type-apachecustom_config) * [Class: apache::default_mods](#class-apachedefault_mods) * [Defined Type: apache::mod](#defined-type-apachemod) * [Classes: apache::mod::*](#classes-apachemodname) + * [Class: apache::mod::event](#class-apachemodevent) + * [Class: apache::mod::info](#class-apachemodinfo) * [Class: apache::mod::pagespeed](#class-apachemodpagespeed) * [Class: apache::mod::php](#class-apachemodphp) * [Class: apache::mod::ssl](#class-apachemodssl) + * [Class: apache::mod::status](#class-apachemodstatus) * [Class: apache::mod::wsgi](#class-apachemodwsgi) + * [Class: apache::mod::fcgid](#class-apachemodfcgid) + * [Class: apache::mod::negotiation](#class-apachemodnegotiation) + * [Class: apache::mod::deflate](#class-apachemoddeflate) + * [Class: apache::mod::reqtimeout](#class-apachemodreqtimeout) + * [Class: apache::mod::security](#class-modsecurity) + * [Class: apache::mod::version](#class-apachemodversion) * [Defined Type: apache::vhost](#defined-type-apachevhost) * [Parameter: `directories` for apache::vhost](#parameter-directories-for-apachevhost) * [SSL parameters for apache::vhost](#ssl-parameters-for-apachevhost) + * [Defined Type: apache::fastcgi::server](#defined-type-fastcgi-server) * [Virtual Host Examples - Demonstrations of some configuration options](#virtual-host-examples) * [Load Balancing](#load-balancing) * [Defined Type: apache::balancer](#defined-type-apachebalancer) @@ -58,7 +69,7 @@ * Apache modules * virtual hosts * listened-to ports -* `/etc/make.conf` on FreeBSD +* `/etc/make.conf` on FreeBSD ###Beginning with Apache @@ -68,7 +79,7 @@ class { 'apache': } ``` -The defaults are determined by your operating system (e.g. Debian systems have one set of defaults, and RedHat systems have another, as do FreeBSD systems). These defaults will work well in a testing environment, but are not suggested for production. To establish customized parameters +The defaults are determined by your operating system (e.g. Debian systems have one set of defaults, and RedHat systems have another, as do FreeBSD systems). These defaults work well in a testing environment, but are not suggested for production. To establish customized parameters ```puppet class { 'apache': @@ -79,7 +90,7 @@ ###Configure a virtual host -Declaring the `apache` class will create a default virtual host by setting up a vhost on port 80, listening on all interfaces and serving `$apache::docroot`. +Declaring the `apache` class creates a default virtual host by setting up a vhost on port 80, listening on all interfaces and serving `$apache::docroot`. ```puppet class { 'apache': } @@ -94,7 +105,7 @@ } ``` -*Note:* The default priority is 15. If nothing matches this priority, the alphabetically first name-based vhost will be used. This is also true if you pass a higher priority and no names match anything else. +*Note:* The default priority is 15. If nothing matches this priority, the alphabetically first name-based vhost is used. This is also true if you pass a higher priority and no names match anything else. A slightly more complicated example, changes the docroot owner/group from the default 'root' @@ -145,7 +156,7 @@ apache::vhost { 'subdomain.loc': vhost_name => '*', port => '80', - virtual_docroot' => '/var/www/%-2+', + virtual_docroot => '/var/www/%-2+', docroot => '/var/www', serveraliases => ['*.loc',], } @@ -174,9 +185,9 @@ docroot => '/var/www/pythonapp', wsgi_application_group => '%{GLOBAL}', wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => { - processes => '2', - threads => '15', + wsgi_daemon_process_options => { + processes => '2', + threads => '15', display-name => '%{GROUP}', }, wsgi_import_script => '/var/www/demo.wsgi', @@ -205,7 +216,7 @@ ###Classes and Defined Types -This module modifies Apache configuration files and directories, and will purge any configuration not managed by Puppet. Configuration of Apache should be managed by Puppet, as non-Puppet configuration files can cause unexpected failures. +This module modifies Apache configuration files and directories and purges any configuration not managed by Puppet. Configuration of Apache should be managed by Puppet, as non-Puppet configuration files can cause unexpected failures. It is possible to temporarily disable full Puppet management by setting the [`purge_configs`](#purge_configs) parameter within the base `apache` class to 'false'. This option should only be used as a temporary means of saving and relocating customized configurations. See the [`purge_configs` parameter](#purge_configs) for more information. @@ -213,17 +224,25 @@ The apache module's primary class, `apache`, guides the basic setup of Apache on your system. -You may establish a default vhost in this class, the `vhost` class, or both. You may add additional vhost configurations for specific virtual hosts using a declaration of the `vhost` type. +You can establish a default vhost in this class, the `vhost` class, or both. You can add additional vhost configurations for specific virtual hosts using a declaration of the `vhost` type. **Parameters within `apache`:** +#####`allow_encoded_slashes` + +This sets the server default for the [`AllowEncodedSlashes` declaration](http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes) which modifies the responses to URLs with `\` and `/` characters. The default is undefined, which omits the declaration from the server configuration and select the Apache default setting of `Off`. Allowed values are: `on`, `off` or `nodecode`. + #####`apache_version` Configures the behavior of the module templates, package names, and default mods by setting the Apache version. Default is determined by the class `apache::version` using the OS family and release. It should not be configured manually without special reason. +#####`conf_dir` + +Changes the location of the configuration directory the main configuration file is placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2' on Debian, and '/usr/local/etc/apache22' on FreeBSD. + #####`confd_dir` -Changes the location of the configuration directory your custom configuration files are placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2' on Debian, and '/usr/local/etc/apache22' on FreeBSD. +Changes the location of the configuration directory your custom configuration files are placed in. Defaults to '/etc/httpd/conf' on RedHat, '/etc/apache2/conf.d' on Debian, and '/usr/local/etc/apache22' on FreeBSD. #####`conf_template` @@ -237,41 +256,45 @@ #####`default_mods` -Sets up Apache with default settings based on your OS. Valid values are 'true', 'false', or an array of mod names. - -Defaults to 'true', which will include the default [HTTPD mods](https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp). - -If false, it will only include the mods required to make HTTPD work, and any other mods can be declared on their own. - -If an array, the apache module will include the array of mods listed. +Sets up Apache with default settings based on your OS. Valid values are 'true', 'false', or an array of mod names. + +Defaults to 'true', which includes the default [HTTPD mods](https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp). + +If false, it only includes the mods required to make HTTPD work, and any other mods can be declared on their own. + +If an array, the apache module includes the array of mods listed. #####`default_ssl_ca` -The default certificate authority, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. +The default certificate authority, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production. #####`default_ssl_cert` -The default SSL certification, which is automatically set based on your operating system ('/etc/pki/tls/certs/localhost.crt' for RedHat, '/etc/ssl/certs/ssl-cert-snakeoil.pem' for Debian, and '/usr/local/etc/apache22/server.crt' for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production. +The default SSL certification, which is automatically set based on your operating system ('/etc/pki/tls/certs/localhost.crt' for RedHat, '/etc/ssl/certs/ssl-cert-snakeoil.pem' for Debian, and '/usr/local/etc/apache22/server.crt' for FreeBSD). This default works out of the box but must be updated with your specific certificate information before being used in production. #####`default_ssl_chain` -The default SSL chain, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. +The default SSL chain, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production. #####`default_ssl_crl` -The default certificate revocation list to use, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. +The default certificate revocation list to use, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production. #####`default_ssl_crl_path` -The default certificate revocation list path, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production. +The default certificate revocation list path, which is automatically set to 'undef'. This default works out of the box but must be updated with your specific certificate information before being used in production. + +#####`default_ssl_crl_check` + +Sets the default certificate revocation check level via the [SSLCARevocationCheck directive](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck), which is automatically set to 'undef'. This default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher, the value is ignored on older versions. #####`default_ssl_key` -The default SSL key, which is automatically set based on your operating system ('/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, and '/usr/local/etc/apache22/server.key' for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production. +The default SSL key, which is automatically set based on your operating system ('/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, and '/usr/local/etc/apache22/server.key' for FreeBSD). This default works out of the box but must be updated with your specific certificate information before being used in production. #####`default_ssl_vhost` -Sets up a default SSL virtual host. Defaults to 'false'. If set to 'true', will set up the following vhost: +Sets up a default SSL virtual host. Defaults to 'false'. If set to 'true', sets up the following vhost: ```puppet apache::vhost { 'default-ssl': @@ -290,13 +313,17 @@ Sets up a default virtual host. Defaults to 'true', set to 'false' to set up [customized virtual hosts](#configure-a-virtual-host). +#####`docroot` + +Changes the location of the default [Documentroot](https://httpd.apache.org/docs/current/mod/core.html#documentroot). Defaults to '/var/www/html' on RedHat, '/var/www' on Debian, and '/usr/local/www/apache22/data' on FreeBSD. + #####`error_documents` Enables custom error documents. Defaults to 'false'. #####`httpd_dir` -Changes the base location of the configuration directories used for the apache service. This is useful for specially repackaged HTTPD builds, but may have unintended consequences when used in combination with the default distribution packages. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, and '/usr/local/etc/apache22' on FreeBSD. +Changes the base location of the configuration directories used for the apache service. This is useful for specially repackaged HTTPD builds, but might have unintended consequences when used in combination with the default distribution packages. Defaults to '/etc/httpd' on RedHat, '/etc/apache2' on Debian, and '/usr/local/etc/apache22' on FreeBSD. #####`keepalive` @@ -304,12 +331,16 @@ #####`keepalive_timeout` -Sets the amount of time the server will wait for subsequent requests on a persistent connection. Defaults to '15'. +Sets the amount of time the server waits for subsequent requests on a persistent connection. Defaults to '15'. #####`max_keepalive_requests` Sets the limit of the number of requests allowed per connection when KeepAlive is on. Defaults to '100'. +#####`loadfile_name` + +Sets the file name for the module loadfile. Should be in the format *.load. This can be used to set the module load order. + #####`log_level` Changes the verbosity level of the error log. Defaults to 'warn'. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info', or 'debug'. @@ -326,13 +357,18 @@ Changes the directory where Apache log files for the virtual host are placed. Defaults to '/var/log/httpd' on RedHat, '/var/log/apache2' on Debian, and '/var/log/apache22' on FreeBSD. +#####`logroot_mode` + +Overrides the mode the default logroot directory is set to ($::apache::logroot). Defaults to undef. Do NOT give people write access to the directory the logs are stored +in without being aware of the consequences; see http://httpd.apache.org/docs/2.4/logs.html#security for details. + #####`manage_group` -Setting this to 'false' will stop the group resource from being created. This is for when you have a group, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established group would result in a duplicate resource error. +Setting this to 'false' stops the group resource from being created. This is for when you have a group, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established group would result in a duplicate resource error. #####`manage_user` -Setting this to 'false' will stop the user resource from being created. This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error. +Setting this to 'false' stops the user resource from being created. This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error. #####`mod_dir` @@ -346,9 +382,9 @@ * `apache::mod::itk` * `apache::mod::peruser` * `apache::mod::prefork` -* `apache::mod::worker` - -*Note:* Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `$mpm_module` you must uninstall all packages that depend on your currently-installed Apache. +* `apache::mod::worker` + +*Note:* Switching between different MPMs on FreeBSD is possible but quite difficult. Before changing `$mpm_module` you must uninstall all packages that depend on your currently-installed Apache. #####`package_ensure` @@ -362,6 +398,10 @@ Removes all other Apache configs and vhosts, defaults to 'true'. Setting this to 'false' is a stopgap measure to allow the apache module to coexist with existing or otherwise-managed configuration. It is recommended that you move your configuration entirely to resources within this module. +#####`purge_vhost_configs` + +If `vhost_dir` != `confd_dir`, this controls the removal of any configurations that are not managed by Puppet within `vhost_dir`. It defaults to the value of `purge_configs`. Setting this to false is a stopgap measure to allow the apache module to coexist with existing or otherwise unmanaged configurations within `vhost_dir` + #####`sendfile` Makes Apache use the Linux kernel sendfile to serve static files. Defaults to 'On'. @@ -392,12 +432,16 @@ #####`service_ensure` -Determines whether the service should be running. Can be set to 'undef', which is useful when you want to let the service be managed by some other application like Pacemaker. Defaults to 'running'. +Determines whether the service should be running. Valid values are 'true', 'false', 'running', or 'stopped' when Puppet should manage the service. Any other value sets ensure to 'false' for the Apache service, which is useful when you want to let the service be managed by some other application like Pacemaker. Defaults to 'running'. #####`service_name` Name of the Apache service to run. Defaults to: 'httpd' on RedHat, 'apache2' on Debian, and 'apache22' on FreeBSD. +#####`service_manage` + +Determines whether the HTTPD service state is managed by Puppet . Defaults to 'true'. + #####`trace_enable` Controls how TRACE requests per RFC 2616 are handled. More information about [TraceEnable](http://httpd.apache.org/docs/current/mod/core.html#traceenable). Defaults to 'On'. @@ -406,6 +450,52 @@ Changes the location of the configuration directory your virtual host configuration files are placed in. Defaults to 'etc/httpd/conf.d' on RedHat, '/etc/apache2/sites-available' on Debian, and '/usr/local/etc/apache22/Vhosts' on FreeBSD. +#####`apache_name` + +The name of the Apache package to install. This is automatically detected in `::apache::params`. You might need to override this if you are using a non-standard Apache package, such as those from Red Hat's software collections. + +####Defined Type: `apache::custom_config` + +Allows you to create custom configs for Apache. The configuration files are only added to the Apache confd dir if the file is valid. An error is raised during the Puppet run if the file is invalid and `$verify_config` is `true`. + +```puppet + apache::custom_config { 'test': + content => '# Test', + } +``` + +**Parameters within `apache::custom_config`:** + +#####`ensure` + +Specify whether the configuration file is present or absent. Defaults to 'present'. Valid values are 'present' and 'absent'. + +#####`confdir` + +The directory to place the configuration file in. Defaults to `$::apache::confd_dir`. + +#####`content` + +The content of the configuration file. Only one of `$content` and `$source` can be specified. + +#####`priority` + +The priority of the configuration file, used for ordering. Defaults to '25'. + +Pass priority `false` to omit the priority prefix in file names. + +#####`source` + +The source of the configuration file. Only one of `$content` and `$source` can be specified. + +#####`verify_command` + +The command to use to verify the configuration file. It should use a fully qualified command. Defaults to '/usr/sbin/apachectl -t'. The `$verify_command` is only used if `$verify_config` is `true`. If the `$verify_command` fails, the configuration file is deleted, the Apache service is not notified, and an error is raised during the Puppet run. + +#####`verify_config` + +Boolean to specify whether the configuration file should be validated before the Apache service is notified. Defaults to `true`. + ####Class: `apache::default_mods` Installs default Apache modules based on what OS you are running. @@ -416,7 +506,7 @@ ####Defined Type: `apache::mod` -Used to enable arbitrary Apache HTTPD modules for which there is no specific `apache::mod::[name]` class. The `apache::mod` defined type will also install the required packages to enable the module, if any. +Used to enable arbitrary Apache HTTPD modules for which there is no specific `apache::mod::[name]` class. The `apache::mod` defined type also installs the required packages to enable the module, if any. ```puppet apache::mod { 'rewrite': } @@ -430,6 +520,7 @@ * `actions` * `alias` * `auth_basic` +* `auth_cas`* (see [`apache::mod::auth_cas`](#class-apachemodauthcas) below) * `auth_kerb` * `authnz_ldap`* * `autoindex` @@ -438,18 +529,19 @@ * `cgid` * `dav` * `dav_fs` -* `dav_svn` +* `dav_svn`* * `deflate` * `dev` * `dir`* * `disk_cache` -* `event` +* `event`(see [`apache::mod::event`](#class-apachemodevent) below) * `expires` * `fastcgi` * `fcgid` +* `filter` * `headers` * `include` -* `info` +* `info`* * `itk` * `ldap` * `mime` @@ -472,9 +564,11 @@ * `rewrite` * `rpaf`* * `setenvif` +* `security` +* `shib`* (see [`apache::mod::shib`](#class-apachemodshib) below) * `speling` * `ssl`* (see [`apache::mod::ssl`](#class-apachemodssl) below) -* `status`* +* `status`* (see [`apache::mod::status`](#class-apachemodstatus) below) * `suphp` * `userdir`* * `vhost_alias` @@ -482,9 +576,76 @@ * `wsgi` (see [`apache::mod::wsgi`](#class-apachemodwsgi) below) * `xsendfile` -Modules noted with a * indicate that the module has settings and, thus, a template that includes parameters. These parameters control the module's configuration. Most of the time, these parameters will not require any configuration or attention. - -The modules mentioned above, and other Apache modules that have templates, will cause template files to be dropped along with the mod install and the module will not work without the template. Any module without a template will install the package but drop no files. +Modules noted with a * indicate that the module has settings and, thus, a template that includes parameters. These parameters control the module's configuration. Most of the time, these parameters do not require any configuration or attention. + +The modules mentioned above, and other Apache modules that have templates, cause template files to be dropped along with the mod install. The module will not work without the template. Any module without a template installs the package but drops no files. + +####Class: `apache::mod::event` + +Installs and manages mpm_event module. + +Full Documentation for mpm_event is available from [Apache](https://httpd.apache.org/docs/current/mod/event.html). + +To configure the event thread limit: + +```puppet + class {'apache::mod::event': + $threadlimit => '128', + } +``` + +####Class: `apache::mod::auth_cas` + +Installs and manages mod_auth_cas. The parameters `cas_login_url` and `cas_validate_url` are required. + +Full documentation on mod_auth_cas is available from [JASIG](https://github.com/Jasig/mod_auth_cas). + +####Class: `apache::mod::info` + +Installs and manages mod_info which provides a comprehensive overview of the server configuration. + +Full documentation for mod_info is available from [Apache](https://httpd.apache.org/docs/current/mod/mod_info.html). + +These are the default settings: + +```puppet + $allow_from = ['127.0.0.1','::1'], + $apache_version = $::apache::apache_version, + $restrict_access = true, +``` + +To set the addresses that are allowed to access /server-info add the following: + +```puppet + class {'apache::mod::info': + allow_from => [ + '10.10.36', + '10.10.38', + '127.0.0.1', + ], + } +``` + +To disable the access restrictions add the following: + +```puppet + class {'apache::mod::info': + restrict_access => false, + } +``` + +It is not recommended to leave this set to false though it can be very useful for testing. For this reason, you can insert this setting in your normal code to temporarily disable the restrictions like so: + +```puppet + class {'apache::mod::info': + restrict_access => false, # false disables the block below + allow_from => [ + '10.10.36', + '10.10.38', + '127.0.0.1', + ], + } +``` ####Class: `apache::mod::pagespeed` @@ -493,7 +654,7 @@ This module does *not* manage the software repositories needed to automatically install the mod-pagespeed-stable package. The module does however require that the package be installed, or be installable using the system's default package provider. You should ensure that this -pre-requisite is met or declaring `apache::mod::pagespeed` will cause the puppet run to fail. +pre-requisite is met or declaring `apache::mod::pagespeed` causes the Puppet run to fail. These are the defaults: @@ -503,7 +664,7 @@ filter_xhtml => false, cache_path => '/var/cache/mod_pagespeed/', log_dir => '/var/log/pagespeed', - memache_servers => [], + memcache_servers => [], rewrite_level => 'CoreFilters', disable_filters => [], enable_filters => [], @@ -542,29 +703,77 @@ Installs and configures mod_php. The defaults are OS-dependant. Overriding the package name: -``` +```puppet class {'::apache::mod::php': package_name => "php54-php", path => "${::apache::params::lib_path}/libphp54-php5.so", } ``` +Overriding the default configuartion: +```puppet + class {'::apache::mod::php': + source => 'puppet:///modules/apache/my_php.conf', + } +``` + +or +```puppet + class {'::apache::mod::php': + template => 'apache/php.conf.erb', + } +``` + +or + +```puppet + class {'::apache::mod::php': + content => ' +AddHandler php5-script .php +AddType text/html .php', + } +``` +####Class: `apache::mod::shib` + +Installs the [Shibboleth](http://shibboleth.net/) module for Apache which allows the use of SAML2 Single-Sign-On (SSO) authentication by Shibboleth Identity Providers and Shibboleth Federations. This class only installs and configures the Apache components of a Shibboleth Service Provider (a web application that consumes Shibboleth SSO identities). The Shibboleth configuration can be managed manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth). + +Defining this class enables the Shibboleth specific parameters in `apache::vhost` instances. + ####Class: `apache::mod::ssl` Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are the defaults: ```puppet class { 'apache::mod::ssl': - ssl_compression => false, - ssl_options => [ 'StdEnvVars' ], - } + ssl_compression => false, + ssl_options => [ 'StdEnvVars' ], + ssl_cipher => 'HIGH:MEDIUM:!aNULL:!MD5', + ssl_protocol => 'all -SSLv2 -SSLv3', + ssl_pass_phrase_dialog => 'builtin', + ssl_random_seed_bytes => '512', + } ``` To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` parameter in `::apache` to 'true' or set the `ssl` parameter in `apache::vhost` to 'true'. +####Class: `apache::mod::status` + +Installs Apache mod_status and uses the status.conf.erb template. These are the defaults: + +```puppet + class { 'apache::mod::status': + allow_from = ['127.0.0.1','::1'], + extended_status = 'On', + status_path = '/server-status', +){ + + + } +``` + ####Class: `apache::mod::wsgi` -Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`. +Enables Python support in the WSGI module. To use, simply `include 'apache::mod::wsgi'`. For customized parameters, which tell Apache how Python is currently configured on the operating system, @@ -576,14 +785,189 @@ } ``` +To specify an alternate mod\_wsgi package name to install and the name of the module .so it provides, +(e.g. a "python27-mod\_wsgi" package that provides "python27-mod_wsgi.so" in the default module directory): + +```puppet + class { 'apache::mod::wsgi': + wsgi_socket_prefix => "\${APACHE_RUN_DIR}WSGI", + wsgi_python_home => '/path/to/venv', + wsgi_python_path => '/path/to/venv/site-packages', + package_name => 'python27-mod_wsgi', + mod_path => 'python27-mod_wsgi.so', + } +``` + +If ``mod_path`` does not contain "/", it will be prefixed by the default module path +for your OS; otherwise, it will be used literally. + More information about [WSGI](http://modwsgi.readthedocs.org/en/latest/). +####Class: `apache::mod::fcgid` + +Installs and configures mod_fcgid. + +The class makes no effort to list all available options, but rather uses an options hash to allow for ultimate flexibility: + +```puppet + class { 'apache::mod::fcgid': + options => { + 'FcgidIPCDir' => '/var/run/fcgidsock', + 'SharememPath' => '/var/run/fcgid_shm', + 'AddHandler' => 'fcgid-script .fcgi', + }, + } +``` + +For a full list op options, see the [official mod_fcgid documentation](https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html). + +It is also possible to set the FcgidWrapper per directory per vhost. You must ensure the fcgid module is loaded because there is no auto loading. + +```puppet + include apache::mod::fcgid + apache::vhost { 'example.org': + docroot => '/var/www/html', + directories => { + path => '/var/www/html', + fcgiwrapper => { + command => '/usr/local/bin/fcgiwrapper', + } + }, + } +``` + +See [FcgidWrapper documentation](https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html#fcgidwrapper) for more information. + +####Class: `apache::mod::negotiation` + +Installs and configures mod_negotiation. If there are not provided any +parameter, default apache mod_negotiation configuration is done. + +```puppet + class { '::apache::mod::negotiation': + force_language_priority => 'Prefer', + language_priority => [ 'es', 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo' ], + } +``` + +**Parameters within `apache::mod::negotiation`:** + +#####`force_language_priority` + +A string that sets the `ForceLanguagePriority` option. Defaults to `Prefer Fallback`. + +#####`language_priority` + +An array of languages to set the `LanguagePriority` option of the module. + +####Class: `apache::mod::deflate` + +Installs and configures mod_deflate. If no parameters are provided, a default configuration is applied. + +```puppet + class { '::apache::mod::deflate': + types => [ 'text/html', 'text/css' ], + notes => { + 'Input' => 'instream', + 'Ratio' => 'ratio', + }, + } +``` + +#####`types` + +An array of mime types to be deflated. + +#####`notes` + +A hash where the key represents the type and the value represents the note name. + + +####Class: `apache::mod::reqtimeout` + +Installs and configures mod_reqtimeout. Defaults to recommended apache +mod_reqtimeout configuration. + +```puppet + class { '::apache::mod::reqtimeout': + timeouts => ['header=20-40,MinRate=500', 'body=20,MinRate=500'], + } +``` + +####Class: `apache::mod::version` + +This wrapper around mod_version warns on Debian and Ubuntu systems with Apache httpd 2.4 +about loading mod_version, as on these platforms it's already built-in. + +```puppet + include '::apache::mod::version' +``` + +#####`timeouts` + +A string or an array that sets the `RequestReadTimeout` option. Defaults to +`['header=20-40,MinRate=500', 'body=20,MinRate=500']`. + + +####Class: `apache::mod::security` + +Installs and configures mod_security. Defaults to enabled and running on all +vhosts. + +```puppet + include '::apache::mod::security' +``` + +#####`crs_package` + +Name of package to install containing crs rules + +#####`modsec_dir` + +Directory to install the modsec configuration and activated rules links into + +#####`activated_rules` + +Array of rules from the modsec_crs_path to activate by symlinking to +${modsec_dir}/activated_rules. + +#####`allowed_methods` + +HTTP methods allowed by mod_security + +#####`content_types` + +Content-types allowed by mod_security + +#####`restricted_extensions` + +Extensions prohibited by mod_security + +#####`restricted_headers` + +Headers restricted by mod_security + + ####Defined Type: `apache::vhost` -The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost`'s being a defined resource type, which allows it to be evaluated multiple times with different parameters. +The Apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows it to be evaluated multiple times with different parameters. The `vhost` defined type allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default vhost within the base `::apache` class, as well as set a customized vhost as default. Your customized vhost (priority 10) will be privileged over the base class vhost (15). +The `vhost` defined type uses `concat::fragment` to build the configuration file, so if you want to inject custom fragments for pieces of the configuration not supported by default by the defined type, you can add a custom fragment. For the `order` parameter for the custom fragment, the `vhost` defined type uses multiples of 10, so any order that isn't a multiple of 10 should work. + +```puppet + apache::vhost { "example.com": + docroot => '/var/www/html', + priority => '25', + } + concat::fragment { "example.com-my_custom_fragment": + target => '25-example.com.conf', + order => 11, + content => '# my custom comment', + } +``` + If you have a series of specific configurations and do not want a base `::apache` class default vhost, make sure to set the base class `default_vhost` to 'false'. ```puppet @@ -596,7 +980,7 @@ #####`access_log` -Specifies whether `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`) should be configured. Setting the value to 'false' will choose none. Defaults to 'true'. +Specifies whether `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`) should be configured. Setting the value to 'false' chooses none. Defaults to 'true'. #####`access_log_file` @@ -618,38 +1002,61 @@ Specifies that only requests with particular environment variables be logged. Defaults to 'undef'. +#####`add_default_charset` + +Sets [AddDefaultCharset](http://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset), a default value for the media charset, which is added to text/plain and text/html responses. + #####`add_listen` Determines whether the vhost creates a Listen statement. The default value is 'true'. Setting `add_listen` to 'false' stops the vhost from creating a Listen statement, and this is important when you combine vhosts that are not passed an `ip` parameter with vhosts that *are* passed the `ip` parameter. +#####`use_optional_includes` + +Specifies if for apache > 2.4 it should use IncludeOptional instead of Include for `additional_includes`. Defaults to 'false'. + #####`additional_includes` Specifies paths to additional static, vhost-specific Apache configuration files. Useful for implementing a unique, custom configuration not supported by this module. Can be an array. Defaults to '[]'. #####`aliases` -Passes a list of hashes to the vhost to create Alias or AliasMatch directives as per the [mod_alias documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). These hashes are formatted as follows: +Passes a list of hashes to the vhost to create Alias, AliasMatch, ScriptAlias or ScriptAliasMatch directives as per the [mod_alias documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). These hashes are formatted as follows: ```puppet aliases => [ - { aliasmatch => '^/image/(.*)\.jpg$', - path => '/files/jpg.images/$1.jpg', + { aliasmatch => '^/image/(.*)\.jpg$', + path => '/files/jpg.images/$1.jpg', } - { alias => '/image', - path => '/ftp/pub/image', + { alias => '/image', + path => '/ftp/pub/image', + }, + { scriptaliasmatch => '^/cgi-bin(.*)', + path => '/usr/local/share/cgi-bin$1', + }, + { scriptalias => '/nagios/cgi-bin/', + path => '/usr/lib/nagios/cgi-bin/', + }, + { alias => '/nagios', + path => '/usr/share/nagios/html', }, ], ``` -For `alias` and `aliasmatch` to work, each will need a corresponding context, such as '< Directory /path/to/directory>' or '<Location /path/to/directory>'. The Alias and AliasMatch directives are created in the order specified in the `aliases` parameter. As described in the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html), more specific `alias` or `aliasmatch` parameters should come before the more general ones to avoid shadowing. - -*Note:* If `apache::mod::passenger` is loaded and `PassengerHighPerformance => true` is set, then Alias may have issues honoring the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. +For `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` to work, each needs a corresponding context, such as `<Directory /path/to/directory>` or `<Location /some/location/here>`. The directives are created in the order specified in the `aliases` parameter. As described in the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html), more specific `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters should come before the more general ones to avoid shadowing. + +*Note*: Using the `aliases` parameter is preferred over the `scriptaliases` parameter since here the order of the various alias directives among each other can be controlled precisely. Defining ScriptAliases using the `scriptaliases` parameter means *all* ScriptAlias directives will come after *all* Alias directives, which can lead to Alias directives shadowing ScriptAlias directives. This is often problematic, for example in case of Nagios. + +*Note:* If `apache::mod::passenger` is loaded and `PassengerHighPerformance => true` is set, then Alias might have issues honoring the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. + +#####`allow_encoded_slashes` + +This sets the [`AllowEncodedSlashes` declaration](http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes) for the vhost, overriding the server default. This modifies the vhost responses to URLs with `\` and `/` characters. The default is undefined, which omits the declaration from the server configuration and select the Apache default setting of `Off`. Allowed values are: `on`, `off` or `nodecode`. #####`block` -Specifies the list of things Apache will block access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories. +Specifies the list of things Apache blocks access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories. #####`custom_fragment` @@ -669,7 +1076,9 @@ #####`docroot` -Provides the [DocumentRoot](http://httpd.apache.org/docs/current/mod/core.html#documentroot) directive, which identifies the directory Apache serves files from. Required. +Provides the +[DocumentRoot](http://httpd.apache.org/docs/current/mod/core.html#documentroot) +directive, which identifies the directory Apache serves files from. Required. #####`docroot_group` @@ -683,6 +1092,10 @@ Sets access permissions of the docroot directory. Defaults to 'undef'. +#####`manage_docroot` + +Whether to manage to docroot directory at all. Defaults to 'true'. + #####`error_log` Specifies whether `*_error.log` directives should be configured. Defaults to 'true'. @@ -730,11 +1143,11 @@ #####`ip_based` -Enables an [IP-based](httpd.apache.org/docs/current/vhosts/ip-based.html) vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'. +Enables an [IP-based](http://httpd.apache.org/docs/current/vhosts/ip-based.html) vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'. #####`itk` -Configures [ITK](http://mpm-itk.sesse.net/) in a hash. Keys may be: +Configures [ITK](http://mpm-itk.sesse.net/) in a hash. Keys can be: * user + group * `assignuseridexpr` @@ -744,7 +1157,7 @@ * `limituidrange` (Linux 3.5.0 or newer) * `limitgidrange` (Linux 3.5.0 or newer) -Usage will typically look like: +Usage typically looks like: ```puppet apache::vhost { 'sample.example.net': @@ -760,14 +1173,55 @@ Specifies the location of the virtual host's logfiles. Defaults to '/var/log/<apache log location>/'. +#####`$logroot_ensure` + +Determines whether or not to remove the logroot directory for a virtual host. Valid values are 'directory', or 'absent'. + +#####`logroot_mode` + +Overrides the mode the logroot directory is set to. Defaults to undef. Do NOT give people write access to the directory the logs are stored +in without being aware of the consequences; see http://httpd.apache.org/docs/2.4/logs.html#security for details. + #####`log_level` Specifies the verbosity of the error log. Defaults to 'warn' for the global server configuration and can be overridden on a per-vhost basis. Valid values are 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'. +######`modsec_body_limit` + +Configures the maximum request body size (in bytes) ModSecurity will accept for buffering + +######`modsec_disable_vhost` + +Boolean. Only valid if apache::mod::security is included. Used to disable mod_security on an individual vhost. Only relevant if apache::mod::security is included. + +######`modsec_disable_ids` + +Array of mod_security IDs to remove from the vhost. Also takes a hash allowing removal of an ID from a specific location. + +```puppet + apache::vhost { 'sample.example.net': + modsec_disable_ids => [ 90015, 90016 ], + } +``` + +```puppet + apache::vhost { 'sample.example.net': + modsec_disable_ids => { '/location1' => [ 90015, 90016 ] }, + } +``` + +######`modsec_disable_ips` + +Array of IPs to exclude from mod_security rule matching + #####`no_proxy_uris` Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest). +#####`proxy_preserve_host` + +Sets the [ProxyPreserveHost Directive](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypreservehost). true Enables the Host: line from an incoming request to be proxied to the host instead of hostname . false sets this option to off (default). + #####`options` Sets the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the specified virtual host. Defaults to '['Indexes','FollowSymLinks','MultiViews']', as demonstrated below: @@ -785,44 +1239,79 @@ Sets the overrides for the specified virtual host. Accepts an array of [AllowOverride](http://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments. Defaults to '[none]'. +#####`passenger_app_root` + +Sets [PassengerRoot](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerAppRoot), the location of the Passenger application root if different from the DocumentRoot. + +#####`passenger_ruby` + +Sets [PassengerRuby](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerRuby) on this virtual host, the Ruby interpreter to use for the application. + +#####`passenger_min_instances` + +Sets [PassengerMinInstances](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerMinInstances), the minimum number of application processes to run. + +#####`passenger_start_timeout` + +Sets [PassengerStartTimeout](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#_passengerstarttimeout_lt_seconds_gt), the timeout for the application startup. + +#####`passenger_pre_start` + +Sets [PassengerPreStart](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerPreStart), the URL of the application if pre-starting is required. + +#####`php_flags & values` + +Allows per-vhost setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. Defaults to '[]'. + #####`php_admin_flags & values` Allows per-vhost setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. Defaults to '[]'. #####`port` -Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL vhosts and port 443 for SSL vhosts. The host will only listen on the port set in this parameter. +Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL vhosts and port 443 for SSL vhosts. The host only listens on the port set in this parameter. #####`priority` Sets the relative load-order for Apache HTTPD VirtualHost configuration files. Defaults to '25'. -If nothing matches the priority, the first name-based vhost will be used. Likewise, passing a higher priority will cause the alphabetically first name-based vhost to be used if no other names match. +If nothing matches the priority, the first name-based vhost is used. Likewise, passing a higher priority causes the alphabetically first name-based vhost to be used if no other names match. *Note:* You should not need to use this parameter. However, if you do use it, be aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'. +Pass priority `false` to omit the priority prefix in file names. + #####`proxy_dest` Specifies the destination address of a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. #####`proxy_pass` -Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. +Specifies an array of `path => URI` for a [ProxyPass](http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Defaults to 'undef'. Optionally parameters can be added as an array. ```puppet apache::vhost { 'site.name.fdqn': - … + … proxy_pass => [ { 'path' => '/a', 'url' => 'http://backend-a/' }, { 'path' => '/b', 'url' => 'http://backend-b/' }, - { 'path' => '/c', 'url' => 'http://backend-a/c' }, + { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => 'max=20 ttl=120 retry=300' }, + { 'path' => '/l', 'url' => 'http://backend-xy', + 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, + { 'path' => '/d', 'url' => 'http://backend-a/d', + 'params' => { 'retry' => '0', 'timeout' => '5' }, }, + { 'path' => '/e', 'url' => 'http://backend-a/e', + 'keywords' => ['nocanon', 'interpolate'] }, ], } ``` +`reverse_urls` is optional and can be an array or a string. It is useful when used with `mod_proxy_balancer`. +`params` is an optional parameter. It allows to provide the ProxyPass key=value parameters (Connection settings). + #####`rack_base_uris` -Specifies the resource identifiers for a rack configuration. The file paths specified will be listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Defaults to 'undef'. +Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. Defaults to 'undef'. #####`redirect_dest` @@ -830,7 +1319,7 @@ #####`redirect_source` -Specifies the source URIs that will redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length and the items will be order-dependent. +Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. ```puppet apache::vhost { 'site.name.fdqn': @@ -851,15 +1340,16 @@ } ``` -#####`redirectmatch_regexp` & `redirectmatch_status` - -Determines which server status should be raised for a given regular expression. Entered as an array. Defaults to 'undef'. +#####`redirectmatch_regexp` & `redirectmatch_status` & `redirectmatch_dest` + +Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays. Defaults to 'undef'. ```puppet apache::vhost { 'site.name.fdqn': … redirectmatch_status => ['404','404'], redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], + redirectmatch_dest => ['http://www.example.com/1','http://www.example.com/2'], } ``` @@ -879,9 +1369,9 @@ #####`rewrites` -Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. Defaults to 'undef'. - -For example, you can specify that anyone trying to access index.html will be served welcome.html +Creates URL rewrite rules. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. Defaults to 'undef'. + +For example, you can specify that anyone trying to access index.html is served welcome.html ```puppet apache::vhost { 'site.name.fdqn': @@ -890,7 +1380,7 @@ } ``` -The parameter allows rewrite conditions that, when true, will execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE +The parameter allows rewrite conditions that, when true, execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE ```puppet apache::vhost { 'site.name.fdqn': @@ -940,7 +1430,7 @@ rewrite_base => /apps/, rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], }, - ], + ], } ``` @@ -952,6 +1442,8 @@ #####`scriptaliases` +*Note*: This parameter is deprecated in favour of the `aliases` parameter. + Passes an array of hashes to the vhost to create either ScriptAlias or ScriptAliasMatch statements as per the [`mod_alias` documentation](http://httpd.apache.org/docs/current/mod/mod_alias.html). These hashes are formatted as follows: ```puppet @@ -979,7 +1471,7 @@ #####`serveradmin` -Specifies the email address Apache will display when it renders one of its error pages. Defaults to 'undef'. +Specifies the email address Apache displays when it renders one of its error pages. Defaults to 'undef'. #####`serveraliases` @@ -993,13 +1485,21 @@ Used by HTTPD to set environment variables for vhosts. Defaults to '[]'. +Example: + +```puppet + apache::vhost { 'setenv.example.com': + setenv => ['SPECIAL_PATH /foo/bin'], + } +``` + #####`setenvif` Used by HTTPD to conditionally set environment variables for vhosts. Defaults to '[]'. #####`suphp_addhandler`, `suphp_configpath`, & `suphp_engine` -Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). +Set up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). `suphp_addhandler` defaults to 'php5-script' on RedHat and FreeBSD, and 'x-httpd-php' on Debian. @@ -1024,11 +1524,11 @@ #####`vhost_name` -Enables name-based virtual hosting. If no IP is passed to the virtual host but the vhost is assigned a port, then the vhost name will be 'vhost_name:port'. If the virtual host has no assigned IP or port, the vhost name will be set to the title of the resource. Defaults to '*'. - -#####`virtual_docroot` - -Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. +Enables name-based virtual hosting. If no IP is passed to the virtual host, but the vhost is assigned a port, then the vhost name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the vhost name is set to the title of the resource. Defaults to '*'. + +#####`virtual_docroot` + +Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. Defaults to 'false'. ```puppet apache::vhost { 'subdomain.loc': @@ -1040,7 +1540,7 @@ } ``` -#####`wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, & `wsgi_script_aliases` +#####`wsgi_daemon_process`, `wsgi_daemon_process_options`, `wsgi_process_group`, `wsgi_script_aliases`, & `wsgi_pass_authorization` Set up a virtual host with [WSGI](https://code.google.com/p/modwsgi/). @@ -1048,10 +1548,14 @@ `wsgi_daemon_process_options` is optional and defaults to 'undef'. -`wsgi_process_group` sets the group ID the virtual host will run under. Defaults to 'undef'. +`wsgi_process_group` sets the group ID the virtual host runs under. Defaults to 'undef'. `wsgi_script_aliases` requires a hash of web paths to filesystem .wsgi paths. Defaults to 'undef'. +`wsgi_pass_authorization` the WSGI application handles authorisation instead of Apache when set to 'On'. For more information see [here] (http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Defaults to 'undef' where apache sets the defaults setting to 'Off'. + +`wsgi_chunked_request` enables support for chunked requests. Defaults to 'undef'. + To set up a virtual host with WSGI ```puppet @@ -1060,12 +1564,13 @@ docroot => '/var/www/pythonapp', wsgi_daemon_process => 'wsgi', wsgi_daemon_process_options => - { processes => '2', - threads => '15', + { processes => '2', + threads => '15', display-name => '%{GROUP}', }, wsgi_process_group => 'wsgi', wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, + wsgi_chunked_request => 'On', } ``` @@ -1073,71 +1578,63 @@ The `directories` parameter within the `apache::vhost` class passes an array of hashes to the vhost to create [Directory](http://httpd.apache.org/docs/current/mod/core.html#directory), [File](http://httpd.apache.org/docs/current/mod/core.html#files), and [Location](http://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '< Directory /path/to/directory>...< /Directory>'. -Each hash passed to `directories` must contain `path` as one of the keys. You may also pass in `provider` which, if missing, defaults to 'directory'. (A full list of acceptable keys is below.) General usage will look something like - -```puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', <key> => <value> }, - { path => '/path/to/another/directory', <key> => <value> }, - ], - } -``` - -*Note:* At least one directory should match the `docroot` parameter. Once you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block will be created that matches the `docroot` parameter. - -The `provider` key can be set to 'directory', 'files', or 'location'. If the path starts with a [~](https://httpd.apache.org/docs/current/mod/core.html#files), HTTPD will interpret this as the equivalent of DirectoryMatch, FilesMatch, or LocationMatch. +The `path` key sets the path for the directory, files, and location blocks. Its value must be a path for the 'directory', 'files', and 'location' providers, or a regex for the 'directorymatch', 'filesmatch', or 'locationmatch' providers. Each hash passed to `directories` **must** contain `path` as one of the keys. + +The `provider` key is optional. If missing, this key defaults to 'directory'. Valid values for `provider` are 'directory', 'files', 'location', 'directorymatch', 'filesmatch', or 'locationmatch'. If you set `provider` to 'directorymatch', it uses the keyword 'DirectoryMatch' in the Apache config file. + +General `directories` usage looks something like ```puppet apache::vhost { 'files.example.net': docroot => '/var/www/files', directories => [ - { 'path' => '/var/www/files', - 'provider' => 'files', - 'deny' => 'from all' + { 'path' => '/var/www/files', + 'provider' => 'files', + 'deny' => 'from all' }, ], } ``` -Available handlers, represented as keys, should be placed within the `directory`,`'files`, or `location` hashes. This looks like +*Note:* At least one directory should match the `docroot` parameter. After you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block is created that matches the `docroot` parameter. + +Available handlers, represented as keys, should be placed within the `directory`,`'files`, or `location` hashes. This looks like ```puppet - apache::vhost { 'sample.example.net': + apache::vhost { 'sample.example.net': docroot => '/path/to/directory', directories => [ { path => '/path/to/directory', handler => value } ], } ``` -Any handlers you do not set in these hashes will be considered 'undefined' within Puppet and will not be added to the virtual host, resulting in the module using their default values. Currently this is the list of supported handlers: +Any handlers you do not set in these hashes are considered 'undefined' within Puppet and are not added to the virtual host, resulting in the module using their default values. Supported handlers are: ######`addhandlers` -Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. +Sets [AddHandler](http://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension']}`. ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ + directories => [ { path => '/path/to/directory', addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}], - }, + }, ], } ``` ######`allow` -Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. +Sets an [Allow](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow => 'from example.org', - }, + directories => [ + { path => '/path/to/directory', + allow => 'from example.org', + }, ], } ``` @@ -1149,10 +1646,10 @@ ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow_override => ['AuthConfig', 'Indexes'], - }, + directories => [ + { path => '/path/to/directory', + allow_override => ['AuthConfig', 'Indexes'], + }, ], } ``` @@ -1163,35 +1660,35 @@ ######`auth_basic_fake` -Sets the value for [AuthBasicFake](httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicfake), which statically configures authorization credentials for a given directive block. +Sets the value for [AuthBasicFake](http://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicfake), which statically configures authorization credentials for a given directive block. ######`auth_basic_provider` -Sets the value for [AuthBasicProvider] (httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider), which sets the authentication provider for a given location. +Sets the value for [AuthBasicProvider] (http://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider), which sets the authentication provider for a given location. ######`auth_digest_algorithm` -Sets the value for [AuthDigestAlgorithm](httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestalgorithm), which selects the algorithm used to calculate the challenge and response hashes. +Sets the value for [AuthDigestAlgorithm](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestalgorithm), which selects the algorithm used to calculate the challenge and response hashes. ######`auth_digest_domain` -Sets the value for [AuthDigestDomain](httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestdomain), which allows you to specify one or more URIs in the same protection space for digest authentication. +Sets the value for [AuthDigestDomain](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestdomain), which allows you to specify one or more URIs in the same protection space for digest authentication. ######`auth_digest_nonce_lifetime` -Sets the value for [AuthDigestNonceLifetime](httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestnoncelifetime), which controls how long the server nonce is valid. +Sets the value for [AuthDigestNonceLifetime](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestnoncelifetime), which controls how long the server nonce is valid. ######`auth_digest_provider` -Sets the value for [AuthDigestProvider](httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestprovider), which sets the authentication provider for a given location. +Sets the value for [AuthDigestProvider](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestprovider), which sets the authentication provider for a given location. ######`auth_digest_qop` -Sets the value for [AuthDigestQop](httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestqop), which determines the quality-of-protection to use in digest authentication. +Sets the value for [AuthDigestQop](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestqop), which determines the quality-of-protection to use in digest authentication. ######`auth_digest_shmem_size` -Sets the value for [AuthAuthDigestShmemSize](httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestshmemsize), which defines the amount of shared memory allocated to the server for keeping track of clients. +Sets the value for [AuthAuthDigestShmemSize](http://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestshmemsize), which defines the amount of shared memory allocated to the server for keeping track of clients. ######`auth_group_file` @@ -1207,11 +1704,11 @@ ######`auth_type` -Sets the value for [AuthType](httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype), which guides the type of user authentication. +Sets the value for [AuthType](http://httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype), which guides the type of user authentication. ######`auth_user_file` -Sets the value for [AuthUserFile](httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile), which sets the name of the text file containing the users/passwords for authentication. +Sets the value for [AuthUserFile](http://httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile), which sets the name of the text file containing the users/passwords for authentication. ######`custom_fragment` @@ -1219,8 +1716,11 @@ ```puppet apache::vhost { 'monitor': - … - custom_fragment => ' + … + directories => [ + { + path => '/path/to/directory', + custom_fragment => ' <Location /balancer-manager> SetHandler balancer-manager Order allow,deny @@ -1232,34 +1732,36 @@ Allow from all </Location> ProxyStatus On', -} + }, + ] + } ``` ######`deny` -Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. +Sets a [Deny](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - deny => 'from example.org', - }, + directories => [ + { path => '/path/to/directory', + deny => 'from example.org', + }, ], } ``` ######`error_documents` -An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. +An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. ```puppet apache::vhost { 'sample.example.net': - directories => [ + directories => [ { path => '/srv/www', error_documents => [ - { 'error_code' => '503', + { 'error_code' => '503', 'document' => '/service-unavail', }, ], @@ -1284,14 +1786,14 @@ ######`index_options` -Allows configuration settings for [directory indexing](httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions). +Allows configuration settings for [directory indexing](http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions). ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], }, ], @@ -1305,25 +1807,25 @@ ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', index_order_default => ['Descending', 'Date'], - }, + }, ], } ``` ######`options` -Lists the [Options](httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. +Lists the [Options](http://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], + directories => [ + { path => '/path/to/directory', + options => ['Indexes','FollowSymLinks','MultiViews'], }, ], } @@ -1331,34 +1833,19 @@ ######`order` -Sets the order of processing Allow and Deny statements as per [Apache core documentation](httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It will only work with Apache 2.2 and lower. +Sets the order of processing Allow and Deny statements as per [Apache core documentation](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', + directories => [ + { path => '/path/to/directory', + order => 'Allow,Deny', }, ], } ``` -######`sethandler` - -Sets a `SetHandler` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#sethandler). An example: - -```puppet - apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - sethandler => 'None', - } - ], - } -``` - ######`passenger_enabled` Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directory to 'on' or 'off'. Requires `apache::mod::passenger` to be included. @@ -1366,20 +1853,102 @@ ```puppet apache::vhost { 'sample.example.net': docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', + directories => [ + { path => '/path/to/directory', passenger_enabled => 'on', - }, + }, ], } ``` *Note:* Be aware that there is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. +######`php_value` and `php_flag` + +`php_value` sets the value of the directory, and `php_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). + ######`php_admin_value` and `php_admin_flag` `php_admin_value` sets the value of the directory, and `php_admin_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). + +######`satisfy` + +Sets a `Satisfy` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. + +```puppet + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + satisfy => 'Any', + } + ], + } +``` + +######`sethandler` + +Sets a `SetHandler` directive as per the [Apache Core documentation](http://httpd.apache.org/docs/2.2/mod/core.html#sethandler). An example: + +```puppet + apache::vhost { 'sample.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + sethandler => 'None', + } + ], + } +``` + +######`rewrites` + +Creates URL [`rewrites`](#rewrites) rules in vhost directories. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. + +```puppet + apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + rewrites => [ { comment => 'Permalink Rewrites', + rewrite_base => '/' + }, + { rewrite_rule => [ '^index\.php$ - [L]' ] + }, + { rewrite_cond => [ '%{REQUEST_FILENAME} !-f', + '%{REQUEST_FILENAME} !-d', + ], + rewrite_rule => [ '. /index.php [L]' ], + } + ], + }, + ], + } +``` + +***Note*** If you include rewrites in your directories make sure you are also including `apache::mod::rewrite`. You may also want to consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the vhost directories. + +######`shib_request_setting` + +Allows an valid content setting to be set or altered for the application request. This command takes two parameters, the name of the content setting, and the value to set it to.Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. + +```puppet + apache::vhost { 'secure.example.net': + docroot => '/path/to/directory', + directories => [ + { path => '/path/to/directory', + shib_require_setting => 'requiresession 1', + shib_use_headers => 'On', + }, + ], + } +``` + +######`shib_use_headers` + +When set to 'On' this turns on the use of request headers to publish attributes to applications. Valid values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. + ######`ssl_options` String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the vhost. @@ -1388,10 +1957,10 @@ apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ - { path => '/path/to/directory', - ssl_options => '+ExportCertData', + { path => '/path/to/directory', + ssl_options => '+ExportCertData', }, - { path => '/path/to/different/dir', + { path => '/path/to/different/dir', ssl_options => [ '-StdEnvVars', '+ExportCertData'], }, ], @@ -1400,16 +1969,16 @@ ######`suphp` -A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the vhost declaration, and may only be passed within `directories`. +A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the vhost declaration, and can only be passed within `directories`. ```puppet apache::vhost { 'secure.example.net': docroot => '/path/to/directory', directories => [ - { path => '/path/to/directory', - suphp => - { user => 'myappuser', - group => 'myappgroup', + { path => '/path/to/directory', + suphp => + { user => 'myappuser', + group => 'myappgroup', }, }, ], @@ -1418,11 +1987,11 @@ ####SSL parameters for `apache::vhost` -All of the SSL parameters for `::vhost` will default to whatever is set in the base `apache` class. Use the below parameters to tweak individual SSL settings for specific vhosts. +All of the SSL parameters for `::vhost` default to whatever is set in the base `apache` class. Use the below parameters to tweak individual SSL settings for specific vhosts. #####`ssl` -Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. Defaults to 'false'. +Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'. Defaults to 'false'. #####`ssl_ca` @@ -1434,15 +2003,15 @@ #####`ssl_protocol` -Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'. - -If you do not use this parameter, it will use the HTTPD default from ssl.conf.erb, 'all -SSLv2'. +Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Defaults to 'undef'. + +If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'all -SSLv2 -SSLv3'. #####`ssl_cipher` Specifies [SSLCipherSuite](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). Defaults to 'undef'. -If you do not use this parameter, it will use the HTTPD default from ssl.conf.erb, 'HIGH:MEDIUM:!aNULL:!MD5'. +If you do not use this parameter, it uses the HTTPD default from ssl.conf.erb, 'HIGH:MEDIUM:!aNULL:!MD5'. #####`ssl_honorcipherorder` @@ -1454,19 +2023,23 @@ #####`ssl_chain` -Specifies the SSL chain. Defaults to 'undef'. (This default will work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) +Specifies the SSL chain. Defaults to 'undef'. (This default works out of the box, but it must be updated in the base `apache` class with your specific certificate information before being used in production.) #####`ssl_crl` -Specifies the certificate revocation list to use. Defaults to 'undef'. (This default will work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) +Specifies the certificate revocation list to use. Defaults to 'undef'. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) #####`ssl_crl_path` -Specifies the location of the certificate revocation list. Defaults to 'undef'. (This default will work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) +Specifies the location of the certificate revocation list. Defaults to 'undef'. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) + +#####`ssl_crl_check` + +Sets the certificate revocation check level via the [SSLCARevocationCheck directive](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck), defaults to 'undef'. This default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions. #####`ssl_key` -Specifies the SSL key. Defaults are based on your operating system: '/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, and '/usr/local/etc/apache22/server.key' for FreeBSD. (This default will work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) +Specifies the SSL key. Defaults are based on your operating system: '/etc/pki/tls/private/localhost.key' for RedHat, '/etc/ssl/private/ssl-cert-snakeoil.key' for Debian, and '/usr/local/etc/apache22/server.key' for FreeBSD. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) #####`ssl_verify_client` @@ -1492,7 +2065,7 @@ #####`ssl_options` -Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'. +Sets the [SSLOptions](http://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given vhost and can be a string or an array. Defaults to 'undef'. A string: @@ -1516,10 +2089,60 @@ Specifies whether or not to use [SSLProxyEngine](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Valid values are 'true' and 'false'. Defaults to 'false'. +####Defined Type: FastCGI Server + +This type is intended for use with mod_fastcgi. It allows you to define one or more external FastCGI servers to handle specific file types. + +Ex: + +```puppet +apache::fastcgi::server { 'php': + host => '127.0.0.1:9000', + timeout => 15, + flush => false, + faux_path => '/var/www/php.fcgi', + fcgi_alias => '/php.fcgi', + file_type => 'application/x-httpd-php' +} +``` + +Within your virtual host, you can then configure the specified file type to be handled by the fastcgi server specified above. + +```puppet +apache::vhost { 'www': + ... + custom_fragment => 'AddType application/x-httpd-php .php' + ... +} +``` + +#####`host` + +The hostname or IP address and TCP port number (1-65535) of the FastCGI server. + +#####`timeout` + +The number of seconds of FastCGI application inactivity allowed before the request is aborted and the event is logged (at the error LogLevel). The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond (by writing and flushing) within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply. + +#####`flush` + +Force a write to the client as data is received from the application. By default, mod_fastcgi buffers data in order to free the application as quickly as possible. + +#####`faux_path` + +`faux_path` does not have to exist in the local filesystem. URIs that Apache resolves to this filename are handled by this external FastCGI application. + +#####`alias` + +A unique alias. This is used internally to link the action with the FastCGI server. + +#####`file_type` + +The MIME-type of the file to be processed by the FastCGI server. ###Virtual Host Examples -The apache module allows you to set up pretty much any configuration of virtual host you might need. This section will address some common configurations, but look at the [Tests section](https://github.com/puppetlabs/puppetlabs-apache/tree/master/tests) for even more examples. +The apache module allows you to set up pretty much any configuration of virtual host you might need. This section addresses some common configurations, but look at the [Tests section](https://github.com/puppetlabs/puppetlabs-apache/tree/master/tests) for even more examples. Configure a vhost with a server administrator @@ -1613,14 +2236,14 @@ - - - -Set up IP-based vhosts on any listen port and have them respond to requests on specific IP addresses. In this example, we will set listening on ports 80 and 81. This is required because the example vhosts are not declared with a port parameter. +Set up IP-based vhosts on any listen port and have them respond to requests on specific IP addresses. In this example, we set listening on ports 80 and 81. This is required because the example vhosts are not declared with a port parameter. ```puppet apache::listen { '80': } apache::listen { '81': } ``` -Then we will set up the IP-based vhosts +Then we set up the IP-based vhosts ```puppet apache::vhost { 'first.example.com': @@ -1637,7 +2260,7 @@ - - - -Configure a mix of name-based and IP-based vhosts. First, we will add two IP-based vhosts on 10.0.0.10, one SSL and one non-SSL +Configure a mix of name-based and IP-based vhosts. First, we add two IP-based vhosts on 10.0.0.10, one SSL and one non-SSL ```puppet apache::vhost { 'The first IP-based vhost, non-ssl': @@ -1657,7 +2280,7 @@ } ``` -Then, we will add two name-based vhosts listening on 10.0.0.20 +Then, we add two name-based vhosts listening on 10.0.0.20 ```puppet apache::vhost { 'second.example.com': @@ -1672,7 +2295,7 @@ } ``` -If you want to add two name-based vhosts so that they will answer on either 10.0.0.10 or 10.0.0.20, you **MUST** declare `add_listen => 'false'` to disable the otherwise automatic 'Listen 80', as it will conflict with the preceding IP-based vhosts. +If you want to add two name-based vhosts so that they answer on either 10.0.0.10 or 10.0.0.20, you **MUST** declare `add_listen => 'false'` to disable the otherwise automatic 'Listen 80', as it conflicts with the preceding IP-based vhosts. ```puppet apache::vhost { 'fourth.example.com': @@ -1691,7 +2314,7 @@ ####Defined Type: `apache::balancer` -`apache::balancer` creates an Apache balancer cluster. Each balancer cluster needs one or more balancer members, which are declared with [`apache::balancermember`](#defined-type-apachebalancermember). +`apache::balancer` creates an Apache balancer cluster. Each balancer cluster needs one or more balancer members, which are declared with [`apache::balancermember`](#defined-type-apachebalancermember). One `apache::balancer` defined resource should be defined for each Apache load balanced set of servers. The `apache::balancermember` resources for all balancer members can be exported and collected on a single Apache load balancer server using exported resources. @@ -1699,7 +2322,7 @@ #####`name` -Sets the balancer cluster's title. This parameter will also set the title of the conf.d file. +Sets the balancer cluster's title. This parameter also sets the title of the conf.d file. #####`proxy_set` @@ -1707,23 +2330,23 @@ #####`collect_exported` -Determines whether or not to use exported resources. Valid values 'true' and 'false', defaults to 'true'. +Determines whether or not to use exported resources. Valid values 'true' and 'false', defaults to 'true'. If you statically declare all of your backend servers, you should set this to 'false' to rely on existing declared balancer member resources. Also make sure to use `apache::balancermember` with array arguments. If you wish to dynamically declare your backend servers via [exported resources](http://docs.puppetlabs.com/guides/exported_resources.html) collected on a central node, you must set this parameter to 'true' in order to collect the exported balancer member resources that were exported by the balancer member nodes. -If you choose not to use exported resources, all balancer members will be configured in a single puppet run. If you are using exported resources, Puppet has to run on the balanced nodes, then run on the balancer. +If you choose not to use exported resources, all balancer members will be configured in a single Puppet run. If you are using exported resources, Puppet has to run on the balanced nodes, then run on the balancer. ####Defined Type: `apache::balancermember` -Defines members of [mod_proxy_balancer](http://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html), which will set up a balancer member inside a listening service configuration block in etc/apache/apache.cfg on the load balancer. +Defines members of [mod_proxy_balancer](http://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html), which sets up a balancer member inside a listening service configuration block in etc/apache/apache.cfg on the load balancer. **Parameters within `apache::balancermember`:** #####`name` -Sets the title of the resource. This name will also set the name of the concat fragment. +Sets the title of the resource. This name also sets the name of the concat fragment. #####`balancer_cluster` @@ -1785,7 +2408,7 @@ * [`apache`](#class-apache): Guides the basic setup of Apache. * `apache::dev`: Installs Apache development libraries. (*Note:* On FreeBSD, you must declare `apache::package` or `apache` before `apache::dev`.) * [`apache::mod::[name]`](#classes-apachemodname): Enables specific Apache HTTPD modules. - + ####Private Classes * `apache::confd::no_accf`: Creates the no-accf.conf configuration file in conf.d, required by FreeBSD's Apache 2.4. @@ -1804,12 +2427,13 @@ * `apache::listen`: Based on the title, controls which ports Apache binds to for listening. Adds [Listen](http://httpd.apache.org/docs/current/bind.html) directives to ports.conf in the Apache HTTPD configuration directory. Titles take the form '<port>', '<ipv4>:<port>', or '<ipv6>:<port>'. * `apache::mod`: Used to enable arbitrary Apache HTTPD modules for which there is no specific `apache::mod::[name]` class. * `apache::namevirtualhost`: Enables name-based hosting of a virtual host. Adds all [NameVirtualHost](http://httpd.apache.org/docs/current/vhosts/name-based.html) directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles take the form '\*', '*:<port>', '\_default_:<port>, '<ip>', or '<ip>:<port>'. -* `apache::vhost`: Allows specialized configurations for virtual hosts that have requirements outside the defaults. +* `apache::vhost`: Allows specialized configurations for virtual hosts that have requirements outside the defaults. ####Private Defined Types * `apache::peruser::multiplexer`: Enables the [Peruser](http://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr) module for FreeBSD only. * `apache::peruser::processor`: Enables the [Peruser](http://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr) module for FreeBSD only. +* `apache::security::file_link`: Links the activated_rules from apache::mod::security to the respective CRS rules on disk. ###Templates @@ -1823,7 +2447,7 @@ ###RHEL/CentOS 5 -The `apache::mod::passenger` and `apache::mod::proxy_html` classes are untested since repositories are missing compatible packages. +The `apache::mod::passenger` and `apache::mod::proxy_html` classes are untested since repositories are missing compatible packages. ###RHEL/CentOS 7 @@ -1831,13 +2455,13 @@ ###General -This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet. - -The module contains support for other distributions and operating systems, such as FreeBSD and Amazon Linux, but is not formally tested on those and regressions may occur. +This module is CI tested on Centos 5 & 6, Ubuntu 12.04 & 14.04, Debian 7, and RHEL 5, 6 & 7 platforms against both the OSS and Enterprise version of Puppet. + +The module contains support for other distributions and operating systems, such as FreeBSD and Amazon Linux, but is not formally tested on those and regressions can occur. ###SELinux and Custom Paths -If you are running with SELinux in enforcing mode and want to use custom paths for your `logroot`, `mod_dir`, `vhost_dir`, and `docroot`, you will need to manage the context for the files yourself. +If you are running with SELinux in enforcing mode and want to use custom paths for your `logroot`, `mod_dir`, `vhost_dir`, and `docroot`, you need to manage the context for the files yourself. Something along the lines of: @@ -1864,7 +2488,7 @@ } ``` -You need to set the contexts using `semanage fcontext` not `chcon` because `file {...}` resources will reset the context to the values in the database if the resource isn't specifying the context. +You need to set the contexts using `semanage fcontext` not `chcon` because `file {...}` resources reset the context to the values in the database if the resource isn't specifying the context. ##Development @@ -1874,7 +2498,7 @@ We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. -You can read the complete module contribution guide [on the Puppet Labs wiki.](http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing) +Read the complete module [contribution guide](https://docs.puppetlabs.com/forge/contributing.html) ###Running tests
--- a/modules/apache/README.passenger.md Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/README.passenger.md Sat Mar 14 20:07:04 2015 +0000 @@ -1,115 +1,259 @@ # Passenger -Just enabling the Passenger module is insufficient for the use of Passenger in production. Passenger should be tunable to better fit the environment in which it is run while being aware of the resources it required. +Just enabling the Passenger module is insufficient for the use of Passenger in +production. Passenger should be tunable to better fit the environment in which +it is run while being aware of the resources it required. + +To this end the Apache passenger module has been modified to apply system wide +Passenger tuning declarations to `passenger.conf`. Declarations specific to a +virtual host should be passed through when defining a `vhost` (e.g. +`rack_base_uris` parameter on the `apache::vhost` type, check `README.md`). + +Also, general apache module loading parameters can be supplied to enable using +a customized passenger module in place of a default-package-based version of +the module. + +# Operating system support and Passenger versions + +The most important configuration directive for the Apache Passenger module is +`PassengerRoot`. Its value depends on the Passenger version used (2.x, 3.x or +4.x) and on the operating system package from which the Apache Passenger module +is installed. + +The following table summarises the current *default versions* and +`PassengerRoot` settings for the operating systems supported by +puppetlabs-apache: + +OS | Passenger version | `PassengerRoot` +---------------- | ------------------ | ---------------- +Debian 7 | 3.0.13 | /usr +Debian 8 | 4.0.53 | /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini +Ubuntu 12.04 | 2.2.11 | /usr +Ubuntu 14.04 | 4.0.37 | /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini +RHEL with EPEL6 | 3.0.21 | /usr/lib/ruby/gems/1.8/gems/passenger-3.0.21 + +As mentioned in `README.md` there are no compatible packages available for +RHEL/CentOS 5 or RHEL/CentOS 7. + +## Configuration files and locations on RHEL/CentOS -To this end the Apache passenger module has been modified to apply system wide Passenger tuning declarations to `passenger.conf`. Declarations specific to a virtual host should be passed through when defining a `vhost` (e.g. `rack_base_uris` parameter on the `apache::vhost` class, check `README.md`). +Notice two important points: + +1. The Passenger version packaged in the EPEL repositories may change over time. +2. The value of `PassengerRoot` depends on the Passenger version installed. + +To prevent the puppetlabs-apache module from having to keep up with these +package versions the Passenger configuration files installed by the +packages are left untouched by this module. All configuration is placed in an +extra configuration file managed by puppetlabs-apache. + +This means '/etc/httpd/conf.d/passenger.conf' is installed by the +`mod_passenger` package and contains correct values for `PassengerRoot` and +`PassengerRuby`. Puppet will ignore this file. Additional configuration +directives as described in the remainder of this document are placed in +'/etc/httpd/conf.d/passenger_extra.conf', managed by Puppet. + +This pertains *only* to RHEL/CentOS, *not* Debian and Ubuntu. -Also, general apache module loading parameters can be supplied to enable using a customized passenger module in place of a default-package-based version of the module. +## Third-party and custom Passenger packages and versions + +The Passenger version distributed by the default OS packages may be too old to +be useful. Newer versions may be installed via Gems, from source or from +third-party OS packages. + +Most notably the Passenger developers officially provide Debian packages for a +variety of Debian and Ubuntu releases in the [Passenger APT +repository](https://oss-binaries.phusionpassenger.com/apt/passenger). Read more +about [installing these packages in the offical user +guide](http://www.modrails.com/documentation/Users%20guide%20Apache.html#install_on_debian_ubuntu). + +If you install custom Passenger packages and newer version make sure to set the +directives `PassengerRoot`, `PassengerRuby` and/or `PassengerDefaultRuby` +correctly, or Passenger and Apache will fail to function properly. + +For Passenger 4.x packages on Debian and Ubuntu the `PassengerRoot` directive +should almost universally be set to +`/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini`. # Parameters for `apache::mod::passenger` -The following declarations are supported and can be passed to `apache::mod::passenger` as parameters, for example: +The following class parameters configure Passenger in a global, server-wide +context. + +Example: -``` -class {'apache::mod::passenger': - passenger_high_performance => 'on', - rails_autodetect => 'off', - mod_lib_path => '/usr/lib/apache2/custom_modules', +```puppet +class { 'apache::mod::passenger': + passenger_root => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', + passenger_default_ruby => '/usr/bin/ruby1.9.3', + passenger_high_performance => 'on', + rails_autodetect => 'off', + mod_lib_path => '/usr/lib/apache2/custom_modules', } ``` -The general form is using the all lower case version of the declaration. +The general form is using the all lower-case version of the configuration +directive, with underscores instead of CamelCase. ## Parameters used with passenger.conf -If you pass a default value to `apache::mod::passenger` it will be ignored and not passed through to the configuration file. +If you pass a default value to `apache::mod::passenger` it will be ignored and +not passed through to the configuration file. + +### passenger_root + +The location to the Phusion Passenger root directory. This configuration option +is essential to Phusion Passenger, and allows Phusion Passenger to locate its +own data files. + +The default depends on the Passenger version and the means of installation. See +the above section on operating system support, versions and packages for more +information. + +http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerroot_lt_directory_gt + +### passenger_default_ruby + +This option specifies the default Ruby interpreter to use for web apps as well +as for all sorts of internal Phusion Passenger helper scripts, e.g. the one +used by PassengerPreStart. + +This directive was introduced in Passenger 4.0.0 and will not work in versions +< 4.x. Do not set this parameter if your Passenger version is older than 4.0.0. + +Defaults to `undef` for all operating systems except Ubuntu 14.04, where it is +set to '/usr/bin/ruby'. + +http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerDefaultRuby + +### passenger_ruby + +This directive is the same as `passenger_default_ruby` for Passenger versions +< 4.x and must be used instead of `passenger_default_ruby` for such versions. + +It makes no sense to set `PassengerRuby` for Passenger >= 4.x. That +directive should only be used to override the value of `PassengerDefaultRuby` +on a non-global context, i.e. in `<VirtualHost>`, `<Directory>`, `<Location>` +and so on. + +Defaults to `/usr/bin/ruby` for all supported operating systems except Ubuntu +14.04, where it is set to `undef`. + +http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerRuby ### passenger_high_performance -Default is `off`, when turned `on` Passenger runs in a higher performance mode that can be less compatible with other Apache modules. +Default is `off`. When turned `on` Passenger runs in a higher performance mode +that can be less compatible with other Apache modules. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerHighPerformance ### passenger_max_pool_size -Set's the maximum number of Passenger application processes that may simultaneously run. The default value is 6. +Sets the maximum number of Passenger application processes that may +simultaneously run. The default value is 6. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengermaxpoolsize_lt_integer_gt ### passenger_pool_idle_time -The maximum number of seconds a Passenger Application process will be allowed to remain idle before being shut down. The default value is 300. +The maximum number of seconds a Passenger Application process will be allowed +to remain idle before being shut down. The default value is 300. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerPoolIdleTime ### passenger_max_requests -The maximum number of request a Passenger application will process before being restarted. The default value is 0, which indicates that a process will only shut down if the Pool Idle Time (see above) expires. +The maximum number of request a Passenger application will process before being +restarted. The default value is 0, which indicates that a process will only +shut down if the Pool Idle Time (see above) expires. http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerMaxRequests ### passenger_stat_throttle_rate -Sets how often Passenger performs file system checks, at most once every _x_ seconds. Default is 0, which means the checks are performed with every request. +Sets how often Passenger performs file system checks, at most once every _x_ +seconds. Default is 0, which means the checks are performed with every request. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerstatthrottlerate_lt_integer_gt ### rack_autodetect -Should Passenger automatically detect if the document root of a virtual host is a Rack application. The default is `on` +Should Passenger automatically detect if the document root of a virtual host is +a Rack application. Not set by default (`undef`). Note that this directive has +been removed in Passenger 4.0.0 and `PassengerEnabled` should be used instead. +Use this directive only on Passenger < 4.x. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_rackautodetect_lt_on_off_gt ### rails_autodetect -Should Passenger automatically detect if the document root of a virtual host is a Rails application. The default is on. +Should Passenger automatically detect if the document root of a virtual host is +a Rails application. Not set by default (`undef`). Note that this directive +has been removed in Passenger 4.0.0 and `PassengerEnabled` should be used +instead. Use this directive only on Passenger < 4.x. http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsautodetect_lt_on_off_gt ### passenger_use_global_queue -Allows toggling of PassengerUseGlobalQueue. NOTE: PassengerUseGlobalQueue is the default in Passenger 4.x and the versions >= 4.x have disabled this configuration option altogether. Use with caution. +Allows toggling of PassengerUseGlobalQueue. NOTE: PassengerUseGlobalQueue is +the default in Passenger 4.x and the versions >= 4.x have disabled this +configuration option altogether. Use with caution. ## Parameters used to load the module -Unlike the tuning parameters specified above, the following parameters are only used when loading customized passenger modules. +Unlike the tuning parameters specified above, the following parameters are only +used when loading customized passenger modules. ### mod_package -Allows overriding the default package name used for the passenger module package. +Allows overriding the default package name used for the passenger module +package. ### mod_package_ensure -Allows overriding the package installation setting used by puppet when installing the passenger module. The default is 'present'. +Allows overriding the package installation setting used by puppet when +installing the passenger module. The default is 'present'. ### mod_id -Allows overriding the value used by apache to identify the passenger module. The default is 'passenger_module'. +Allows overriding the value used by apache to identify the passenger module. +The default is 'passenger_module'. ### mod_lib_path -Allows overriding the directory path used by apache when loading the passenger module. The default is the value of `$apache::params::lib_path`. +Allows overriding the directory path used by apache when loading the passenger +module. The default is the value of `$apache::params::lib_path`. ### mod_lib -Allows overriding the library file name used by apache when loading the passenger module. The default is 'mod_passenger.so'. +Allows overriding the library file name used by apache when loading the +passenger module. The default is 'mod_passenger.so'. ### mod_path -Allows overriding the full path to the library file used by apache when loading the passenger module. The default is the concatenation of the `mod_lib_path` and `mod_lib` parameters. +Allows overriding the full path to the library file used by apache when loading +the passenger module. The default is the concatenation of the `mod_lib_path` +and `mod_lib` parameters. # Dependencies -RedHat-based systems will need to configure additional package repositories in order to install Passenger, specifically: +RedHat-based systems will need to configure additional package repositories in +order to install Passenger, specifically: * [Extra Packages for Enterprise Linux](https://fedoraproject.org/wiki/EPEL) * [Phusion Passenger](http://passenger.stealthymonkeys.com) -Configuration of these repositories is beyond the scope of this module and is left to the user. +Configuration of these repositories is beyond the scope of this module and is +left to the user. # Attribution -The Passenger tuning parameters for the `apache::mod::puppet` Puppet class was modified by Aaron Hicks (hicksa@landcareresearch.co.nz) for work on the NeSI Project and the Tuakiri New Zealand Access Federation as a fork from the PuppetLabs Apache module on GitHub. +The Passenger tuning parameters for the `apache::mod::passenger` Puppet class +was modified by Aaron Hicks (hicksa@landcareresearch.co.nz) for work on the +NeSI Project and the Tuakiri New Zealand Access Federation as a fork from the +PuppetLabs Apache module on GitHub. * https://github.com/puppetlabs/puppetlabs-apache * https://github.com/nesi/puppetlabs-apache
--- a/modules/apache/Rakefile Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/Rakefile Sat Mar 14 20:07:04 2015 +0000 @@ -1,10 +1,11 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' -PuppetLint.configuration.fail_on_warnings +PuppetLint.configuration.fail_on_warnings = true +PuppetLint.configuration.send('relative') PuppetLint.configuration.send('disable_80chars') PuppetLint.configuration.send('disable_class_inherits_from_params_class') -PuppetLint.configuration.send('disable_class_parameter_defaults') PuppetLint.configuration.send('disable_documentation') PuppetLint.configuration.send('disable_single_quote_string_with_variables') +PuppetLint.configuration.send('disable_only_variable_string') PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]
--- a/modules/apache/checksums.json Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/checksums.json Sat Mar 14 20:07:04 2015 +0000 @@ -1,239 +1,286 @@ { - "CHANGELOG.md": "f0773f8cb166778fb480313901245c60", - "CONTRIBUTING.md": "d911815dd7d0d90b90bb35382a6e3298", - "Gemfile": "bb8bf0bcc8891e9032aa4e9700f091c2", + "CHANGELOG.md": "3c34aa1eaa9b4685d0ef393bd6fa5a7d", + "CONTRIBUTING.md": "e2b8e8e433fc76b3798b7fe435f49375", + "Gemfile": "bbb8d1178f386bc23c151e2779a73314", "LICENSE": "b3f8a01d8699078d82e8c3c992307517", - "README.md": "665eaf45fb32a242b8ee923456c487d4", - "README.passenger.md": "1f0d7065b68bccdb7a6e840ebe60dbdb", - "Rakefile": "de8eeacfe1fbbc6a6f4d89adfc98bcaf", + "README.md": "ba64fd805d97ebaf6ae5b9908b127ac7", + "README.passenger.md": "8ad3822671735c941a1d5eed15286346", + "Rakefile": "ed3db0e49f5fcb381a19542c08ec473f", "files/httpd": "295f5e924afe6f752d29327e73fe6d0a", + "lib/puppet/parser/functions/bool2httpd.rb": "05d5deeb6e0c31acee7c55b249ec8e06", "lib/puppet/provider/a2mod/a2mod.rb": "d986d8e8373f3f31c97359381c180628", "lib/puppet/provider/a2mod/gentoo.rb": "2492d446adbb68f678e86a75eb7ff3bd", "lib/puppet/provider/a2mod/modfix.rb": "b689a1c83c9ccd8590399c67f3e588e5", "lib/puppet/provider/a2mod/redhat.rb": "c39b80e75e7d0666def31c2a6cdedb0b", "lib/puppet/provider/a2mod.rb": "03ed73d680787dd126ea37a03be0b236", "lib/puppet/type/a2mod.rb": "9042ccc045bfeecca28bebb834114f05", - "manifests/balancer.pp": "03555d1b48e5db8f9078e9da34b8ff26", - "manifests/balancermember.pp": "c559a6c5fcd6bed2425ea2a092a0536c", + "manifests/balancer.pp": "c2d55400bccc57be122545fefc73f41b", + "manifests/balancermember.pp": "8f44f65124330b7e9b49a7100f86fe6d", "manifests/confd/no_accf.pp": "406d0ca41c3b90f83740ca218dc3f484", + "manifests/custom_config.pp": "ea53275ebfa6e8953e7805cac36a8a62", "manifests/default_confd_files.pp": "86fdbe5773abb7c2da26db096973865c", "manifests/default_mods/load.pp": "bc0b3b65edd1ba6178c09672352f9bce", - "manifests/default_mods.pp": "46c3a93949d8a81be0c901c27051ccce", + "manifests/default_mods.pp": "aec2420ad9e709cf5908bb62173ac794", "manifests/dev.pp": "43773feed67d5779892d5e39085b8a00", - "manifests/init.pp": "c4f463d80340d569e248c0e990fdb937", + "manifests/fastcgi/server.pp": "a47073f4447baef318c823f93b5f59ee", + "manifests/init.pp": "e51bed76070d8d44d32a144c4e6e09cd", "manifests/listen.pp": "f7e224cba3b8021f90511af4f43d8b1f", "manifests/mod/actions.pp": "ec2a5d1cf54790204750f9b67938d230", - "manifests/mod/alias.pp": "2a6b9b0a40ac6ecf04fbe1c9259b4a8c", + "manifests/mod/alias.pp": "d3df09abfb57c33bf6ca4d421ac6d220", "manifests/mod/auth_basic.pp": "dffef6ff10145393cb78fcaa27220c53", + "manifests/mod/auth_cas.pp": "80f548698f7309cd8254847ddd0bb3cf", "manifests/mod/auth_kerb.pp": "08d536cb13281db3b9ed9a966ad431fd", - "manifests/mod/authnz_ldap.pp": "1b015c0c0295329c7985c5113cfd8b5a", - "manifests/mod/autoindex.pp": "03233813138ae713dcf2377910db2f9a", + "manifests/mod/authnz_ldap.pp": "e3f91908be35306a488b44c55608b2a0", + "manifests/mod/autoindex.pp": "05112ccb06dc218f9a7b937767a6ea2d", "manifests/mod/cache.pp": "b56d68b9401ba3e02a1f2fe55cdfbcca", - "manifests/mod/cgi.pp": "bf356627b499e0295b571f0e0118523c", - "manifests/mod/cgid.pp": "486b7ca26c5bc0f5a5e22f20270cb7d8", + "manifests/mod/cgi.pp": "558a0350d1e8634a706543e0c6e28687", + "manifests/mod/cgid.pp": "bafc08448218bbb76c85b9ec2de05a98", "manifests/mod/dav.pp": "9df80d36dd609be9032a8260aa9d10c1", - "manifests/mod/dav_fs.pp": "eae2db9d51d150a7cb0659e3cfcada3a", - "manifests/mod/dav_svn.pp": "e3dcd58a6bdaecdc7d4809e5a6fe2ad2", - "manifests/mod/deflate.pp": "b2a53bc0cfd58b0bd1f5ed44fe5812d6", + "manifests/mod/dav_fs.pp": "4528673b6e8d0af6935d9d630028b9f0", + "manifests/mod/dav_svn.pp": "f021fe8048deaa06759cd0b96b450363", + "manifests/mod/deflate.pp": "3dc2dbb0dfde703f47d1dc4993ef5b94", "manifests/mod/dev.pp": "42673bab60b6fc0f3aa6e2357ec0a27c", - "manifests/mod/dir.pp": "6fea8a29553fd4ffd82f64515ff2bd1a", - "manifests/mod/disk_cache.pp": "e167f356c2fd801414cdf2f8ea606183", - "manifests/mod/event.pp": "c3bb2243a5fec89b4907cb18ea73d580", + "manifests/mod/dir.pp": "8e577c570ba5e835c4f82232a1c01a4e", + "manifests/mod/disk_cache.pp": "f4e8aee7c670ddc3c15b71b07a1aba9b", + "manifests/mod/event.pp": "2866f06cd572b3612580f1cb01c09445", "manifests/mod/expires.pp": "6252f817125e784dfd08b5dc37e2ccec", - "manifests/mod/fastcgi.pp": "51c62721d7972c7155424f76fd116c49", - "manifests/mod/fcgid.pp": "bf7b8bab465e2e7d2406b1225c08df78", + "manifests/mod/fastcgi.pp": "237ff6ebc17c35ee2e3c82d2e19cd442", + "manifests/mod/fcgid.pp": "61bec2b414dd7e13315c06ff637699fc", + "manifests/mod/filter.pp": "b0039f3ae932b1204994ef2180dd76d2", "manifests/mod/headers.pp": "ef3de538a0a4c9406236faf43eb89710", "manifests/mod/include.pp": "a3b66eda88e38d90825c16b834bacd8d", - "manifests/mod/info.pp": "3c740934450db2026c43e231fae9aba0", - "manifests/mod/itk.pp": "c13c3c152e1f953e0591b538277f3894", - "manifests/mod/ldap.pp": "e37e7403f2dd3688236012e50e52ed1c", - "manifests/mod/mime.pp": "90b5c8bf3da890092d69feaa30dfa1d9", - "manifests/mod/mime_magic.pp": "f46c31056ec8361442973bb6b8f63d0e", - "manifests/mod/negotiation.pp": "ae713b5a2e41d51a058953afe0ae7204", - "manifests/mod/nss.pp": "263131705f4307c133628b9ea5f7fce1", - "manifests/mod/pagespeed.pp": "0367968db2634314db50e50a0db49ae4", - "manifests/mod/passenger.pp": "afba796602d6d48b3f4a1e7ef9c37817", + "manifests/mod/info.pp": "bad325232ff8038449dcafc11ff37ca1", + "manifests/mod/itk.pp": "ae340c38395df1471fa0402909c168fa", + "manifests/mod/ldap.pp": "367f13080f78b3e8527172cbb8a2fd4a", + "manifests/mod/mime.pp": "9d13abceb29f36c2f6c3a5a71a77561f", + "manifests/mod/mime_magic.pp": "481e016b74b0649bfdcbb32104a62054", + "manifests/mod/negotiation.pp": "6860ed514001b9f3f6945c78d250fd32", + "manifests/mod/nss.pp": "9d1573a9af62cc17cb9b8e322cf2a2b7", + "manifests/mod/pagespeed.pp": "2638c14081f8065bc8940b8d47782cc3", + "manifests/mod/passenger.pp": "937ca95e90c7cb121a5cf12e67056a17", "manifests/mod/perl.pp": "0bc488e1ac33e4e8987e0b07aa909682", - "manifests/mod/peruser.pp": "8b9ce86fbd40d43e006632019b01a6ca", - "manifests/mod/php.pp": "0b9da981a44f6796782e89e47e9c1c4c", - "manifests/mod/prefork.pp": "1e6d09fdb28663bf7edae2d5e4b84379", - "manifests/mod/proxy.pp": "54dc76902888ffe10f52013e0fc00337", + "manifests/mod/peruser.pp": "cf54a3ee68df1335d55afe5cfd61fb5f", + "manifests/mod/php.pp": "628b672c8a28d1ebd43bedde63a5dfd3", + "manifests/mod/prefork.pp": "e7dd7fef1871eff6effd8a853c74eca6", + "manifests/mod/proxy.pp": "39e224390d43ffe082ff60fba2b97fc4", "manifests/mod/proxy_ajp.pp": "073e2406aea7822750d4c21f02d8ac80", "manifests/mod/proxy_balancer.pp": "6d16440ba6bed5427b331b6c6abf4063", - "manifests/mod/proxy_html.pp": "e65f7425961961cf7b00fe614ff0f7c2", + "manifests/mod/proxy_connect.pp": "859998974f8f1a301a2412b971f1cad8", + "manifests/mod/proxy_html.pp": "9bc2520986f76ae093103cffe3825438", "manifests/mod/proxy_http.pp": "0db1b26f8b4036b0d46ba86b7eaac561", "manifests/mod/python.pp": "15f03d79e45737fdf0afca9665706b88", - "manifests/mod/reqtimeout.pp": "ae8a82f78a6945ede81f2ce5acff909e", + "manifests/mod/reqtimeout.pp": "aee3d869e6ca6eed18071c8d2aa97aff", "manifests/mod/rewrite.pp": "292f2d6ce2078fa9df7f686105ea7b95", - "manifests/mod/rpaf.pp": "3d76c5a653ae24a0a7e5faab65909eae", - "manifests/mod/setenvif.pp": "ea751612c1b9fe2200352361e2477851", + "manifests/mod/rpaf.pp": "4844d717d6577aee8a788a7fbdc5e8dd", + "manifests/mod/security.pp": "9289d90560550a265d290a6fa17a1d76", + "manifests/mod/setenvif.pp": "b2ae43541bf1df5374187339e50a081f", + "manifests/mod/shib.pp": "3e2d3b5bf864fd292fa30f7c98d449f6", "manifests/mod/speling.pp": "fa89a82933d30d2ebfe11e3ad9966bd1", - "manifests/mod/ssl.pp": "7e58bc19b943f07638c27731400e655d", - "manifests/mod/status.pp": "74031a956d09c4e91d7bed86d49a027e", + "manifests/mod/ssl.pp": "770b92e241c874ffc5ad19a4d96ecf14", + "manifests/mod/status.pp": "0b24de931fd8d54b2db0e3d16f0d0d8c", "manifests/mod/suexec.pp": "2a8671856a0ece597e9b57867dc35e76", - "manifests/mod/suphp.pp": "95aa629c9ddf910a8035644ea06f565c", - "manifests/mod/userdir.pp": "432479c33d622ca5a997506458514694", + "manifests/mod/suphp.pp": "6905059571fa21b7de957fd90540acff", + "manifests/mod/userdir.pp": "a2cd9d2ee4c778054af445c98d5bb8d4", + "manifests/mod/version.pp": "6cb31057ebffa796f95642cc95f9499d", "manifests/mod/vhost_alias.pp": "ee1225a748daaf50aca39a6d93fb8470", - "manifests/mod/worker.pp": "913170b25944e28914e6b4e3b98f40e7", - "manifests/mod/wsgi.pp": "7832449e23a7c801784dc7491044f8a2", + "manifests/mod/worker.pp": "eb95ede796d15697481e049277e67a49", + "manifests/mod/wsgi.pp": "510facba62320aa6b697cdb50e4599ac", "manifests/mod/xsendfile.pp": "fba06f05a19c466654aca5ecaa705bf0", - "manifests/mod.pp": "2863c8b30e0decf1b79a1fa84d99356d", - "manifests/mpm.pp": "8e5542e9c65295dd4384eaaec2e97b08", + "manifests/mod.pp": "000ae8575c37f89540c6ae5f6584bc6b", + "manifests/mpm.pp": "f39fe763d839347a0795788ac62dd370", "manifests/namevirtualhost.pp": "67618d40112e4ddc1b46f64af2a5e875", - "manifests/package.pp": "7e380098a56a82103d29068fbc0b838f", - "manifests/params.pp": "89f8529053dca1516e74b09002d30592", - "manifests/peruser/multiplexer.pp": "e55c4f016955859d51c3c82199619d6d", - "manifests/peruser/processor.pp": "7651333fbb844b0efeb010db4a18a623", + "manifests/package.pp": "579269b2d02fdbd3bdb215f99531305d", + "manifests/params.pp": "6e907df88f37870fb6eecec7b7053304", + "manifests/peruser/multiplexer.pp": "0ea75341b7a93e55bcfb431a93b1a6c9", + "manifests/peruser/processor.pp": "62f0ad5ed2ec36dadc7f40ad2a9e1bb9", "manifests/php.pp": "9c9d07e12bf5d112b0b54f5bd69046fc", "manifests/proxy.pp": "7c8515b88406922e148322ee15044b29", "manifests/python.pp": "ddef4cd73850fdc2dc126d4579c30adf", - "manifests/service.pp": "fa3b2a63f850b46db097cf5df5ce3379", + "manifests/security/rule_link.pp": "4635131018b0c5cd5f57ecea9f708b65", + "manifests/service.pp": "3aab22a66b618fe53ee4266723f9377c", "manifests/ssl.pp": "173f3d6a7fd2b5f4100c4ff03d84e13b", - "manifests/version.pp": "b86501eed3c264fbdf40ed36110da468", - "manifests/vhost.pp": "0d616277572e448c3b1b41c2f9114fe5", - "metadata.json": "c682f426bae7ed7a85354a5d3bf9daca", - "spec/acceptance/apache_parameters_spec.rb": "ee1a4572fcc7be64c3a700dc9847223e", - "spec/acceptance/apache_ssl_spec.rb": "cd6c99af246ff93150c0e300aa02bb9a", + "manifests/version.pp": "20d981c681384653f8c4f5a93c3013e8", + "manifests/vhost.pp": "67573125636aa5d9dfa443aa2baa8346", + "metadata.json": "e62a98601e555a4986322dd98da11981", + "spec/acceptance/apache_parameters_spec.rb": "2bf2a24853b723af816d1543b57ec390", + "spec/acceptance/apache_ssl_spec.rb": "9813a93162e56c80b9eb6c286084437a", "spec/acceptance/basic_spec.rb": "e9ee3089384d2db23cc5226891b180ac", - "spec/acceptance/class_spec.rb": "8d35062aa76c95d68473e73e5e8df344", - "spec/acceptance/default_mods_spec.rb": "62a0bb7c37c72aed869faab23f887a0a", - "spec/acceptance/itk_spec.rb": "190734f4d4ddcdfad375ec7c1ef3cbb2", - "spec/acceptance/mod_mime_spec.rb": "a6d4c0dbf28cc17151d17ecd3d41f272", - "spec/acceptance/mod_pagespeed_spec.rb": "1e926d79928d7df623de17d2aac5f038", - "spec/acceptance/mod_passenger_spec.rb": "11d2bc6552718c8ee811153ff150bfc2", - "spec/acceptance/mod_php_spec.rb": "f52848a8932f1d783dfe93eca0be5ad7", - "spec/acceptance/mod_proxy_html_spec.rb": "3bf50a7ea0939ae592e3f3aec19acc12", - "spec/acceptance/mod_suphp_spec.rb": "2d47ee93cd8715d1e06556117b61091f", - "spec/acceptance/nodesets/centos-59-x64.yml": "c0672eff6140ee28d78bfb121d1c3032", - "spec/acceptance/nodesets/centos-64-x64-pe.yml": "2f7e77131d533aa4f1b9637f5953d582", + "spec/acceptance/class_spec.rb": "55a14f0a728efe8bff4bc1d2d5c85267", + "spec/acceptance/custom_config_spec.rb": "7982e71cd9a786536cb55fef618ac857", + "spec/acceptance/default_mods_spec.rb": "e1e92a645ae200adffed64d16e478cf0", + "spec/acceptance/itk_spec.rb": "45401fe10b565ee9bf86900346a51a85", + "spec/acceptance/mod_dav_svn_spec.rb": "921cddd8b1f7f506859aaaae6cfd2c8a", + "spec/acceptance/mod_deflate_spec.rb": "2b68e9d30e933bbfa2946ef3c136f135", + "spec/acceptance/mod_fcgid_spec.rb": "514cfb3b6bc81ddd0417271be8925956", + "spec/acceptance/mod_mime_spec.rb": "1b2d4eedd42220ba8d40578dfc5cfb85", + "spec/acceptance/mod_negotiation_spec.rb": "b1f46074c5803ba8b73ab69d2c3477e5", + "spec/acceptance/mod_pagespeed_spec.rb": "ddb0219655955277dc343856fe72dff0", + "spec/acceptance/mod_passenger_spec.rb": "521ed9b0e3112efe7fd248678ed5433a", + "spec/acceptance/mod_php_spec.rb": "9bb6491963075c94e4adaafc84804a6d", + "spec/acceptance/mod_proxy_html_spec.rb": "6ca7794b7ea73b5fa3a74f2a45215b7d", + "spec/acceptance/mod_security_spec.rb": "a0b520040b23cd7591535469dc46b4a9", + "spec/acceptance/mod_suphp_spec.rb": "90e5172eec59c0598bd2442edd92cbb0", + "spec/acceptance/nodesets/centos-59-x64.yml": "57eb3e471b9042a8ea40978c467f8151", + "spec/acceptance/nodesets/centos-64-x64-pe.yml": "ec075d95760df3d4702abea1ce0a829b", "spec/acceptance/nodesets/centos-64-x64.yml": "d65958bdf25fb31eb4838fd984b555df", - "spec/acceptance/nodesets/centos-65-x64.yml": "d5644c01c7955069665ac1d08b36aa6a", + "spec/acceptance/nodesets/centos-65-x64.yml": "3e5c36e6aa5a690229e720f4048bb8af", + "spec/acceptance/nodesets/centos-70-x64.yml": "0ae796256280ca157abc98f7cb492ea4", "spec/acceptance/nodesets/debian-607-x64.yml": "52f42f3b8fc507a5fc825977d62665a3", "spec/acceptance/nodesets/debian-70rc1-x64.yml": "717aa92150ebe3fca718807c7c93126f", "spec/acceptance/nodesets/debian-73-i386.yml": "40aeb7ceab29148bb98a1e2bd51aba86", "spec/acceptance/nodesets/debian-73-x64.yml": "df78f357e1bd0f7f9818d552eeb35026", "spec/acceptance/nodesets/default.yml": "d65958bdf25fb31eb4838fd984b555df", "spec/acceptance/nodesets/fedora-18-x64.yml": "9c907e4416a5fd487ff30a672a6b1c9e", - "spec/acceptance/nodesets/sles-11sp1-x64.yml": "d8b7403f470bbf600ad4a1f40641740d", - "spec/acceptance/nodesets/ubuntu-server-10044-x64.yml": "edd30a624fabfcae11b876ec3167383d", - "spec/acceptance/nodesets/ubuntu-server-12042-x64.yml": "c4f1b8b8c0272ea63c78732c55f7d154", + "spec/acceptance/nodesets/ubuntu-server-10044-x64.yml": "75e86400b7889888dc0781c0ae1a1297", + "spec/acceptance/nodesets/ubuntu-server-12042-x64.yml": "d30d73e34cd50b043c7d14e305955269", "spec/acceptance/nodesets/ubuntu-server-1310-x64.yml": "9deb39279e104d765179b471c6ebb3a2", "spec/acceptance/nodesets/ubuntu-server-1404-x64.yml": "5f0aed10098ac5b78e4217bb27c7aaf0", - "spec/acceptance/prefork_worker_spec.rb": "b87799d1afd4d538b778a6e8e71b3101", + "spec/acceptance/prefork_worker_spec.rb": "671a76b1d0112286ec48b0f570640942", "spec/acceptance/service_spec.rb": "24ce3caa9990b2f06ac98c7c438e1d5c", "spec/acceptance/unsupported_spec.rb": "ecb65438d469b70dd7c611414f535771", - "spec/acceptance/version.rb": "a7d6f86a6c457c29ca36810f3e722a99", - "spec/acceptance/vhost_spec.rb": "9200bb27bfa397ebeef1591b7fd07ef7", - "spec/classes/apache_spec.rb": "5e8663360a7ed448424adf9d72cca2d3", - "spec/classes/dev_spec.rb": "d181707059a5eefe4adcb01eab87aa5f", - "spec/classes/mod/auth_kerb_spec.rb": "1f1f5d3e8d12570f091f369fe27940f9", - "spec/classes/mod/authnz_ldap_spec.rb": "062aec1b5f664d55c81403681fe4efdc", - "spec/classes/mod/dav_svn_spec.rb": "52d2a5c47a7aa81b74886bc1416bb9fe", - "spec/classes/mod/dev_spec.rb": "a6954d6cbb22cc5d502c76dc1084e096", - "spec/classes/mod/dir_spec.rb": "41dae25ce539ba75ea427cd4f1c47d1b", - "spec/classes/mod/event_spec.rb": "17ff11332a38ef2a32bb8aa4ac329810", - "spec/classes/mod/fastcgi_spec.rb": "5c21498d6e04ea970ed531845b3de776", - "spec/classes/mod/fcgid_spec.rb": "88b21465e7f5c5fd6e6be7a8daf1c109", - "spec/classes/mod/info_spec.rb": "90f35932812cc86058b6ccfd48eba6e8", - "spec/classes/mod/itk_spec.rb": "645929d9ff20792769ea6759a4ddd70c", - "spec/classes/mod/mime_magic_spec.rb": "3546b65e7c03a827d6cdcc6d79db0980", - "spec/classes/mod/mime_spec.rb": "398b6b54a394cd899e328c7b40920b46", - "spec/classes/mod/pagespeed_spec.rb": "621b728227d628d9b6f589fbdeaf25b3", - "spec/classes/mod/passenger_spec.rb": "c9133e48bf5b88addb90296b84b445a9", - "spec/classes/mod/perl_spec.rb": "caa0a9bf3ebf2ae6f3ea8369f5e00f2a", - "spec/classes/mod/peruser_spec.rb": "ab6486333ce45d195134769e41d70a00", - "spec/classes/mod/php_spec.rb": "21f04e7ffd20912998f3214e64fcf9b7", - "spec/classes/mod/prefork_spec.rb": "80e9616111c1bb2ade3ece14c464918b", - "spec/classes/mod/proxy_html_spec.rb": "90d14592135d925cd0191e37bd5349cb", - "spec/classes/mod/python_spec.rb": "3615fb07d28033007d8de75235c90231", - "spec/classes/mod/rpaf_spec.rb": "35465fb3d5768b8b098830d0345a8b64", - "spec/classes/mod/speling_spec.rb": "4c7c5c91678d68909ee5f7e4733d4a66", - "spec/classes/mod/ssl_spec.rb": "d7d678be0da6e30464d10e634f967a10", - "spec/classes/mod/status_spec.rb": "a1f70673810840e591ac25a1803c39d7", - "spec/classes/mod/suphp_spec.rb": "20279dabaac04f010150bbe00023a840", - "spec/classes/mod/worker_spec.rb": "4cf88e4d616bf93d61263c9841a2994f", - "spec/classes/mod/wsgi_spec.rb": "0b56a58311ca6f6415183b9778b3c705", - "spec/classes/params_spec.rb": "da9810b19f24f84119fa138437327bbe", - "spec/classes/service_spec.rb": "d522ae1652cc87a4b9c6e33034ee5774", - "spec/defines/mod_spec.rb": "3c4640c94063a61d4a185b156ca89c96", - "spec/defines/vhost_spec.rb": "c0e8cd598447a68cd05e4e611f9a81c1", - "spec/fixtures/modules/site_apache/templates/fake.conf.erb": "6b0431dd0b9a0bf803eb0684300c2cff", - "spec/spec.opts": "c407193b3d9028941ef59edd114f5968", - "spec/spec_helper.rb": "07c8e2722a5992d073a629fc82de93ea", - "spec/spec_helper_acceptance.rb": "bd582ab51bc06357d7374e5344fa888c", + "spec/acceptance/version.rb": "fd5b1d11ef1bb78203c3a3d293f6a9d2", + "spec/acceptance/vhost_spec.rb": "b37ae2fc06a68bbf4954ee26efb85550", + "spec/classes/apache_spec.rb": "df8569225b35290bceaf00ebad5853e2", + "spec/classes/dev_spec.rb": "8a59736729227d62b88887ba86ced334", + "spec/classes/mod/alias_spec.rb": "bd4c64dbd15a97c22acde624c699cc1f", + "spec/classes/mod/auth_cas_spec.rb": "34af1e2489fe7f805c760c40b2bc3f5b", + "spec/classes/mod/auth_kerb_spec.rb": "81c36d1383f9948c53e0b23b0b49659e", + "spec/classes/mod/authnz_ldap_spec.rb": "ce2f5fb517d4cc760c913fe131b1550f", + "spec/classes/mod/dav_svn_spec.rb": "683bdd809215d06cd99e3be91c6dd181", + "spec/classes/mod/deflate_spec.rb": "a1ec387446c169659c757727bc7eea9b", + "spec/classes/mod/dev_spec.rb": "7af29e847f7afc3493ebfddb0f55e220", + "spec/classes/mod/dir_spec.rb": "ab631f1b2e0032df355dfc409bde8e78", + "spec/classes/mod/event_spec.rb": "9b0e975494cb761303ceba0e02c67f5a", + "spec/classes/mod/fastcgi_spec.rb": "76ac8328da6c2fe1e126d8dcdcdb5519", + "spec/classes/mod/fcgid_spec.rb": "1bd48e8387ca095082ceaa8f61ea6acb", + "spec/classes/mod/info_spec.rb": "ec117599e1808bd6199872c34ea0288a", + "spec/classes/mod/itk_spec.rb": "437d4e4e776e082db051c99cb05a1058", + "spec/classes/mod/mime_magic_spec.rb": "8291c37b89f9d50f58fa94ab9cbb1bfe", + "spec/classes/mod/mime_spec.rb": "5e527739b595f9b0638ce384648c3187", + "spec/classes/mod/negotiation_spec.rb": "f1b10fe931b96f72f5d0eaf86354fce9", + "spec/classes/mod/pagespeed_spec.rb": "482d0dc3ebf002155d3c728d2043bcac", + "spec/classes/mod/passenger_spec.rb": "8354b9783e8b4abd263ce29ab0afcfca", + "spec/classes/mod/perl_spec.rb": "0e563ccf36864616f1f577533b0b6110", + "spec/classes/mod/peruser_spec.rb": "2992e95775cb5e1302e70eb6df1e593c", + "spec/classes/mod/php_spec.rb": "f18c77c5a136ee1b73cd72930887f0c0", + "spec/classes/mod/prefork_spec.rb": "bf9a3564b32d6b8b1772339e7e1add20", + "spec/classes/mod/proxy_connect_spec.rb": "2d58c91c1a6867b11b8ae6588b6e18c9", + "spec/classes/mod/proxy_html_spec.rb": "0c148ecf366bb5ebd13e865cd9f16f79", + "spec/classes/mod/python_spec.rb": "30e69012295e6d25685838959add60cc", + "spec/classes/mod/reqtimeout_spec.rb": "cf68b961d1ce38b2f14023d78ce28c4e", + "spec/classes/mod/rpaf_spec.rb": "eb3840c8b2fa74547dfce0a9bdae6303", + "spec/classes/mod/security_spec.rb": "a6c7526a69306c1993376e9e0646354f", + "spec/classes/mod/shib_spec.rb": "18107e156dd4682f59ddcc33c0dfc0d7", + "spec/classes/mod/speling_spec.rb": "4727fbb92f074e0cf3911e6cffe3322f", + "spec/classes/mod/ssl_spec.rb": "7cedfc9cce8e456041ce154a27e628e1", + "spec/classes/mod/status_spec.rb": "1c7520050c8bed47492acd51588be52d", + "spec/classes/mod/suphp_spec.rb": "0c4d625a64124e7c9c14ea2b68dc7ebe", + "spec/classes/mod/worker_spec.rb": "b6bf734f060e1f499425a43b0aea7a4d", + "spec/classes/mod/wsgi_spec.rb": "5f42c20c907952cf7adcf90a1c41226b", + "spec/classes/params_spec.rb": "da381f36fd0367d5f7982e1caa5b639a", + "spec/classes/service_spec.rb": "1117ba6a253ea66913ce883b8df371fb", + "spec/defines/balancermember_spec.rb": "6071ddc9a56be6ecccfade6e233fb34b", + "spec/defines/custom_config_spec.rb": "d99514f77523a4ae3f4ccef12cb612b8", + "spec/defines/fastcgi_server_spec.rb": "9b9490ddb6451a19e0f6e96b72e71e0b", + "spec/defines/mod_spec.rb": "92e8255861a40e5dd18545cefcb0d09a", + "spec/defines/modsec_link_spec.rb": "3421b21f8234637dd1c32ebcf89e44c3", + "spec/defines/vhost_spec.rb": "1886dc77e76861625ad5bf4d612fb72b", + "spec/spec.opts": "a600ded995d948e393fbe2320ba8e51c", + "spec/spec_helper.rb": "eb7ec6afb39e2282e62f2ebf69712707", + "spec/spec_helper_acceptance.rb": "5fd137b203cd262fbf03a4c2091d6d47", + "spec/unit/provider/a2mod/gentoo_spec.rb": "8cf6574e75a4a7e8ff5a92d75a8d7ea8", + "spec/unit/puppet/parser/functions/bool2httpd_spec.rb": "3c47a968139400e5b81af8650f2d0e21", "templates/confd/no-accf.conf.erb": "a614f28c4b54370e4fa88403dfe93eb0", - "templates/httpd.conf.erb": "03b009aa3df038893b2edec72a4a3ed8", + "templates/fastcgi/server.erb": "482ce7a72a08f21e3592e584178d5917", + "templates/httpd.conf.erb": "fd1fb6c9300a37deece420e8a2cfd8bd", "templates/listen.erb": "6286aa08f9e28caee54b1e1ee031b9d6", - "templates/mod/alias.conf.erb": "c057a5c7d9389b379056cceb9d97a79b", + "templates/mod/alias.conf.erb": "611b6952119607244ae4fb723e2c0612", + "templates/mod/auth_cas.conf.erb": "74595985c3b0f9df1aaa0ad5dd7a7906", "templates/mod/authnz_ldap.conf.erb": "12c9a1482694ddad3143e5eef03fb531", "templates/mod/autoindex.conf.erb": "2421a3c6df32c7e38c2a7a22afdf5728", "templates/mod/cgid.conf.erb": "f8ce27d60bc495bab16de2696ebb2fd0", "templates/mod/dav_fs.conf.erb": "10c1131168e35319e22b3fbfe51aebfd", - "templates/mod/deflate.conf.erb": "44d54f557a5612be8da04c49dd6da862", + "templates/mod/deflate.conf.erb": "e866ecf2bfe8e42ea984267f569723db", "templates/mod/dir.conf.erb": "2485da78a2506c14bf51dde38dd03360", "templates/mod/disk_cache.conf.erb": "7d3e7a5ee3bd7b6a839924b06a60667f", - "templates/mod/event.conf.erb": "dc4223dfb2729e54d4a33cdec03bd518", + "templates/mod/event.conf.erb": "469ef574b0ae1728203002a52f3d5a3b", "templates/mod/fastcgi.conf.erb": "ab125b9bfdc494b621eec41587bf6101", - "templates/mod/info.conf.erb": "42d81075d2195b365c3ef4c702f4dbe3", + "templates/mod/fcgid.conf.erb": "1780c7808bb3811deaf0007c890df4dc", + "templates/mod/info.conf.erb": "dd434aca2b3693c425a2c252a2c39f46", "templates/mod/itk.conf.erb": "eff84b78e4f2f8c5c3a2e9fc4b8aad16", - "templates/mod/ldap.conf.erb": "a8a33f645497e0dbcec363c98be43795", + "templates/mod/ldap.conf.erb": "57a006daca5fdacc094a872f9f0a4535", "templates/mod/load.erb": "01132434e6101080c41548b0ba7e57d8", "templates/mod/mime.conf.erb": "8f953519790a5900369fb656054cae35", "templates/mod/mime_magic.conf.erb": "db7ac6bbf365d016852744d339c12d16", "templates/mod/mpm_event.conf.erb": "80097a19d063a4f973465d9ef5c0c0bf", - "templates/mod/negotiation.conf.erb": "47284b5580b986a6ba32580b6ffb9fd7", + "templates/mod/negotiation.conf.erb": "a2f0fb40cd038cb17bedc2b84d9f48ea", "templates/mod/nss.conf.erb": "688c134cb37159a92cf85010ea3c67e6", - "templates/mod/pagespeed.conf.erb": "74c30ec2b5c1aeaf6e191b05b293430d", - "templates/mod/passenger.conf.erb": "bc59646e5c5f0dd13671f96f05476c4e", + "templates/mod/pagespeed.conf.erb": "0d1ba456a798d1404205b7fbdee3294e", + "templates/mod/passenger.conf.erb": "206040d2d8009bfcb650e6833a29433e", "templates/mod/peruser.conf.erb": "c4f4054aee899249ea6fef5a9e5c14ff", "templates/mod/php5.conf.erb": "e92f4b41e71318d35f44859b71999887", "templates/mod/prefork.conf.erb": "f9ec5a7eaea78a19b04fa69f8acd8a84", - "templates/mod/proxy.conf.erb": "38668e1cb5a19d7708e9d26f99e21264", + "templates/mod/proxy.conf.erb": "7eef34af57278ea572b267cff9fb6631", "templates/mod/proxy_html.conf.erb": "69c9ce9b7f24e1337065f1ce26b057a0", - "templates/mod/reqtimeout.conf.erb": "81c51851ab7ee7942bef389dc7c0e985", + "templates/mod/reqtimeout.conf.erb": "314ef068b786ae5afded290a8b6eab15", "templates/mod/rpaf.conf.erb": "5447539c083ae54f3a9e93c1ac8c988b", + "templates/mod/security.conf.erb": "1bd891bb3ed76e493a48c06b53a468f5", + "templates/mod/security_crs.conf.erb": "0533f947d1d418774213bc9eb0444358", "templates/mod/setenvif.conf.erb": "c7ede4173da1915b7ec088201f030c28", - "templates/mod/ssl.conf.erb": "afd2d80957bd58da66abc2b5b6a7c549", - "templates/mod/status.conf.erb": "afb05015a8337b232127199aa085a023", + "templates/mod/ssl.conf.erb": "201c794f0ba123a83dc684a3b24a80d5", + "templates/mod/status.conf.erb": "9e959900ac58c8de34783886efeebce7", "templates/mod/suphp.conf.erb": "05bb7b3ea23976b032ce405bfd4edd18", - "templates/mod/userdir.conf.erb": "e5d6e6dc17a7d1848df9b84e78b2e30b", - "templates/mod/worker.conf.erb": "9661e7a59eaefb9f17d4c2680c0d243d", + "templates/mod/userdir.conf.erb": "aca41a30ff76f6645eddc5093e697c15", + "templates/mod/worker.conf.erb": "a590811ec67bb7c8a3d3dcf7b442e226", "templates/mod/wsgi.conf.erb": "9a416fa3b71be0795679069809686300", "templates/namevirtualhost.erb": "fbfca19a639e18e6c477e191344ac8ae", "templates/ports_header.erb": "afe35cb5747574b700ebaa0f0b3a626e", + "templates/vhost/_access_log.erb": "a0c804cb6fc03e5c573f9bfbcf73d9c6", "templates/vhost/_action.erb": "a004dfcac2e63cef65cf8aa0e270b636", - "templates/vhost/_aliases.erb": "b0761434f6253dac3d6fbcb3fe0d1640", - "templates/vhost/_block.erb": "e4a7319e9b95ff75c76952d5d916ef79", + "templates/vhost/_additional_includes.erb": "630083ded68174663e79eadf0491c0a8", + "templates/vhost/_aliases.erb": "6412f695e911feac18986da38f290dae", + "templates/vhost/_allow_encoded_slashes.erb": "37dee0b6fe9287342a10b533955dff81", + "templates/vhost/_block.erb": "cab4365316621b4e06cd1258abeb1d23", + "templates/vhost/_charsets.erb": "d152b6a7815e9edc0fe9bf9acbe2f1ec", "templates/vhost/_custom_fragment.erb": "67a4475275ec9208e6421b047b9ed7f4", - "templates/vhost/_directories.erb": "68dba7c59af3bd484df5726cb39161ff", + "templates/vhost/_directories.erb": "cb84af33f7b145cc7d71d003d3e7d56e", + "templates/vhost/_docroot.erb": "1cd82546a85458b1e117ca24f06d4691", "templates/vhost/_error_document.erb": "81d3007c1301a5c5f244c082cfee9de2", - "templates/vhost/_fastcgi.erb": "9d25829d45c6b2fd4498981bfcddc623", + "templates/vhost/_fallbackresource.erb": "e6c103bee7f6f76b10f244fc9fd1cd3b", + "templates/vhost/_fastcgi.erb": "d07c41eae32671b38b5dba14724c14cc", + "templates/vhost/_file_footer.erb": "e27b2525783e590ca1820f1e2118285d", + "templates/vhost/_file_header.erb": "9502d6f3c9cc29c66c08ef94eb27f9fb", "templates/vhost/_header.erb": "9eb9d4075f288183d8224ddec5b2f126", - "templates/vhost/_itk.erb": "8ba190ef5b14d9d6810c94158493e39c", - "templates/vhost/_php_admin.erb": "ddc8fbe622616175dc96806890c085fa", - "templates/vhost/_proxy.erb": "1b8d1cbcd8f04a30b20703473885cb80", + "templates/vhost/_itk.erb": "8bf90b9855a9277f7a665b10f6c57fe9", + "templates/vhost/_logging.erb": "5bc4cbb1bc8a292acc0ba0420f96ca4e", + "templates/vhost/_passenger.erb": "02bd1d5c7d221f6b0afb19f45f169425", + "templates/vhost/_php.erb": "0be13b20951791db0f09c328e13b7eaf", + "templates/vhost/_php_admin.erb": "107a57e9e7b3f86d1abcf743f672a292", + "templates/vhost/_proxy.erb": "9035baf04289a809176f0e9097093459", "templates/vhost/_rack.erb": "ebe187c1bdc81eec9c8e0d9026120b18", - "templates/vhost/_redirect.erb": "4835210565f1880ba77ee8a993fc0ed8", + "templates/vhost/_redirect.erb": "639e170cafa9e703ab38797c8fc3030b", "templates/vhost/_requestheader.erb": "db1b0cdda069ae809b5b83b0871ef991", - "templates/vhost/_rewrite.erb": "5bfcb3d2408af11f09a5eab6cf295910", + "templates/vhost/_rewrite.erb": "dd1aa56817f88b876d673cc9af5c3f21", "templates/vhost/_scriptalias.erb": "98713f33cca15b22c749bd35ea9a7b41", - "templates/vhost/_serveralias.erb": "2ef30c2152b9284463588f408f7f371f", - "templates/vhost/_setenv.erb": "da6778b324857234c8441ef346d08969", - "templates/vhost/_ssl.erb": "6dd526e7aa5362b7883a429c6b07eb41", + "templates/vhost/_security.erb": "58cd0f606e104be456dea0b5d52212e8", + "templates/vhost/_serveralias.erb": "95fed45853629924467aefc271d5b396", + "templates/vhost/_serversignature.erb": "9bf5a458783ab459e5043e1cdf671fa7", + "templates/vhost/_setenv.erb": "818f65d2936be12a24e59079e28f8f47", + "templates/vhost/_ssl.erb": "af6a1e1b3811a59e19ca11856511d032", "templates/vhost/_suexec.erb": "f2b3f9b9ff8fbac4e468e02cd824675a", - "templates/vhost/_suphp.erb": "934c4e2c78a875a98dd3ad73a8618a7a", - "templates/vhost/_wsgi.erb": "d20e458ade25e6d250c2de8e102cc746", - "templates/vhost.conf.erb": "4f74c4aef2e3428aa0ee878fcbe5f696", + "templates/vhost/_suphp.erb": "a1c4a5e4461adbfce870df0abd158b59", + "templates/vhost/_wsgi.erb": "c4ea9a97580489edc6b589ac46816462", "tests/apache.pp": "819cf9116ffd349e6757e1926d11ca2f", - "tests/dev.pp": "4cf15c1fecea3ca86009f182b402c7ab", + "tests/dev.pp": "9f5727f69f536538f8d840fad0852308", "tests/init.pp": "4eac4a7ef68499854c54a78879e25535", "tests/mod_load_params.pp": "5981af4d625a906fce1cedeb3f70cb90", "tests/mods.pp": "0085911ba562b7e56ad8d793099c9240", "tests/mods_custom.pp": "9afd068edce0538b5c55a3bc19f9c24a", "tests/php.pp": "60e7939034d531dd6b95af35338bcbe7", - "tests/vhost.pp": "4da975806ff02266fc43d8335746fc48", + "tests/vhost.pp": "e505171a071ff2454a27696e4fac7375", "tests/vhost_directories.pp": "b4e6b5a596e5bae122233652b9a33e32", "tests/vhost_ip_based.pp": "7d9f7b6976de7488ab6ff0a6e647fc73", + "tests/vhost_proxypass.pp": "59b87f88943aa809578288e26b41aade", "tests/vhost_ssl.pp": "9f3716bc15a9a6760f1d6cc3bf8ce8ac", "tests/vhosts_without_listen.pp": "a6692104056a56517b4365bcc816e7f4" } \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/lib/puppet/parser/functions/bool2httpd.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,30 @@ +Puppet::Parser::Functions::newfunction(:bool2httpd, :type => :rvalue, :doc => <<-EOS +Transform a supposed boolean to On or Off. Pass all other values through. +Given a nil value (undef), bool2httpd will return 'Off' + +Example: + + $trace_enable = false + $server_signature = 'mail' + + bool2httpd($trace_enable) + # => 'Off' + bool2httpd($server_signature) + # => 'mail' + bool2httpd(undef) + # => 'Off' + +EOS +) do |args| + raise(Puppet::ParseError, "bool2httpd() wrong number of arguments. Given: #{args.size} for 1)") if args.size != 1 + + arg = args[0] + + if arg.nil? or arg == false or arg =~ /false/i or arg == :undef + return 'Off' + elsif arg == true or arg =~ /true/i + return 'On' + end + + return arg.to_s +end
--- a/modules/apache/manifests/balancer.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/balancer.pp Sat Mar 14 20:07:04 2015 +0000 @@ -42,7 +42,6 @@ $proxy_set = {}, $collect_exported = true, ) { - include concat::setup include ::apache::mod::proxy_balancer $target = "${::apache::params::confd_dir}/balancer_${name}.conf" @@ -71,7 +70,7 @@ ensure => present, target => $target, order => '19', - content => inline_template("<% proxy_set.keys.sort.each do |key| %> Proxyset <%= key %>=<%= proxy_set[key] %>\n<% end %>"), + content => inline_template("<% @proxy_set.keys.sort.each do |key| %> Proxyset <%= key %>=<%= @proxy_set[key] %>\n<% end %>"), } concat::fragment { "01-${name}-footer":
--- a/modules/apache/manifests/balancermember.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/balancermember.pp Sat Mar 14 20:07:04 2015 +0000 @@ -45,7 +45,7 @@ $options = [], ) { - concat::fragment { "BalancerMember ${url}": + concat::fragment { "BalancerMember ${name}": ensure => present, target => "${::apache::params::confd_dir}/balancer_${balancer_cluster}.conf", content => inline_template(" BalancerMember ${url} <%= @options.join ' ' %>\n"),
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/manifests/custom_config.pp Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,67 @@ +# See README.md for usage information +define apache::custom_config ( + $ensure = 'present', + $confdir = $::apache::confd_dir, + $content = undef, + $priority = '25', + $source = undef, + $verify_command = $::apache::params::verify_command, + $verify_config = true, +) { + + if $content and $source { + fail('Only one of $content and $source can be specified.') + } + + if $ensure == 'present' and ! $content and ! $source { + fail('One of $content and $source must be specified.') + } + + validate_re($ensure, '^(present|absent)$', + "${ensure} is not supported for ensure. + Allowed values are 'present' and 'absent'.") + + validate_bool($verify_config) + + if $priority { + $priority_prefix = "${priority}-" + } else { + $priority_prefix = '' + } + + ## Apache include does not always work with spaces in the filename + $filename_middle = regsubst($name, ' ', '_', 'G') + $filename = "${priority_prefix}${filename_middle}.conf" + + if ! $verify_config or $ensure == 'absent' { + $notifies = Service['httpd'] + } else { + $notifies = undef + } + + file { "apache_${name}": + ensure => $ensure, + path => "${confdir}/${filename}", + content => $content, + source => $source, + require => Package['httpd'], + notify => $notifies, + } + + if $ensure == 'present' and $verify_config { + exec { "service notify for ${name}": + command => $verify_command, + subscribe => File["apache_${name}"], + refreshonly => true, + notify => Service['httpd'], + before => Exec["remove ${name} if invalid"], + } + + exec { "remove ${name} if invalid": + command => "/bin/rm ${confdir}/${filename}", + unless => $verify_command, + subscribe => File["apache_${name}"], + refreshonly => true, + } + } +}
--- a/modules/apache/manifests/default_mods.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/default_mods.pp Sat Mar 14 20:07:04 2015 +0000 @@ -7,14 +7,21 @@ # They are not configurable at this time, so we just include # them to make sure it works. case $::osfamily { - 'redhat', 'freebsd': { + 'redhat': { ::apache::mod { 'log_config': } - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { # Lets fork it - ::apache::mod { 'systemd': } + # Do not try to load mod_systemd on RHEL/CentOS 6 SCL. + if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !($::operatingsystem == 'Amazon' and versioncmp($::operatingsystemrelease, '2014.09') <= 0 ) ) { + ::apache::mod { 'systemd': } + } ::apache::mod { 'unixd': } } } + 'freebsd': { + ::apache::mod { 'log_config': } + ::apache::mod { 'unixd': } + } default: {} } ::apache::mod { 'authz_host': } @@ -24,16 +31,20 @@ case $::osfamily { 'debian': { include ::apache::mod::reqtimeout + if versioncmp($apache_version, '2.4') >= 0 { + ::apache::mod { 'authn_core': } + } } 'redhat': { include ::apache::mod::actions include ::apache::mod::cache include ::apache::mod::mime include ::apache::mod::mime_magic - include ::apache::mod::vhost_alias - include ::apache::mod::suexec include ::apache::mod::rewrite include ::apache::mod::speling + include ::apache::mod::suexec + include ::apache::mod::version + include ::apache::mod::vhost_alias ::apache::mod { 'auth_digest': } ::apache::mod { 'authn_anon': } ::apache::mod { 'authn_dbm': } @@ -45,9 +56,8 @@ ::apache::mod { 'logio': } ::apache::mod { 'substitute': } ::apache::mod { 'usertrack': } - ::apache::mod { 'version': } - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { ::apache::mod { 'authn_core': } } else { @@ -65,29 +75,30 @@ include ::apache::mod::reqtimeout include ::apache::mod::rewrite include ::apache::mod::userdir + include ::apache::mod::version include ::apache::mod::vhost_alias include ::apache::mod::speling + include ::apache::mod::filter ::apache::mod { 'asis': } ::apache::mod { 'auth_digest': } - ::apache::mod { 'authn_alias': } + ::apache::mod { 'auth_form': } ::apache::mod { 'authn_anon': } + ::apache::mod { 'authn_core': } ::apache::mod { 'authn_dbm': } - ::apache::mod { 'authn_default': } + ::apache::mod { 'authn_socache': } + ::apache::mod { 'authz_dbd': } ::apache::mod { 'authz_dbm': } ::apache::mod { 'authz_owner': } - ::apache::mod { 'cern_meta': } - ::apache::mod { 'charset_lite': } ::apache::mod { 'dumpio': } ::apache::mod { 'expires': } ::apache::mod { 'file_cache': } - ::apache::mod { 'filter':} ::apache::mod { 'imagemap':} ::apache::mod { 'include': } ::apache::mod { 'logio': } + ::apache::mod { 'request': } + ::apache::mod { 'session': } ::apache::mod { 'unique_id': } - ::apache::mod { 'usertrack': } - ::apache::mod { 'version': } } default: {} } @@ -114,15 +125,15 @@ ::apache::mod { 'auth_basic': } ::apache::mod { 'authn_file': } - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { + # filter is needed by mod_deflate + include ::apache::mod::filter + # authz_core is needed for 'Require' directive ::apache::mod { 'authz_core': id => 'authz_core_module', } - # filter is needed by mod_deflate - ::apache::mod { 'filter': } - # lots of stuff seems to break without access_compat ::apache::mod { 'access_compat': } } else { @@ -135,7 +146,7 @@ } elsif $mods { ::apache::default_mods::load { $mods: } - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { # authz_core is needed for 'Require' directive ::apache::mod { 'authz_core': id => 'authz_core_module', @@ -145,7 +156,7 @@ ::apache::mod { 'filter': } } } else { - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { # authz_core is needed for 'Require' directive ::apache::mod { 'authz_core': id => 'authz_core_module',
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/manifests/fastcgi/server.pp Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,24 @@ +define apache::fastcgi::server ( + $host = '127.0.0.1:9000', + $timeout = 15, + $flush = false, + $faux_path = "/var/www/${name}.fcgi", + $fcgi_alias = "/${name}.fcgi", + $file_type = 'application/x-httpd-php' +) { + include apache::mod::fastcgi + + Apache::Mod['fastcgi'] -> Apache::Fastcgi::Server[$title] + + file { "fastcgi-pool-${name}.conf": + ensure => present, + path => "${::apache::confd_dir}/fastcgi-pool-${name}.conf", + owner => 'root', + group => $::apache::params::root_group, + mode => '0644', + content => template('apache/fastcgi/server.erb'), + require => Exec["mkdir ${::apache::confd_dir}"], + before => File[$::apache::confd_dir], + notify => Class['apache::service'], + } +}
--- a/modules/apache/manifests/init.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/init.pp Sat Mar 14 20:07:04 2015 +0000 @@ -13,61 +13,72 @@ # Sample Usage: # class apache ( - $service_name = $::apache::params::service_name, - $default_mods = true, - $default_vhost = true, - $default_confd_files = true, - $default_ssl_vhost = false, - $default_ssl_cert = $::apache::params::default_ssl_cert, - $default_ssl_key = $::apache::params::default_ssl_key, - $default_ssl_chain = undef, - $default_ssl_ca = undef, - $default_ssl_crl_path = undef, - $default_ssl_crl = undef, - $ip = undef, - $service_enable = true, - $service_ensure = 'running', - $purge_configs = true, - $purge_vdir = false, - $serveradmin = 'root@localhost', - $sendfile = 'On', - $error_documents = false, - $timeout = '120', - $httpd_dir = $::apache::params::httpd_dir, - $server_root = $::apache::params::server_root, - $confd_dir = $::apache::params::confd_dir, - $vhost_dir = $::apache::params::vhost_dir, - $vhost_enable_dir = $::apache::params::vhost_enable_dir, - $mod_dir = $::apache::params::mod_dir, - $mod_enable_dir = $::apache::params::mod_enable_dir, - $mpm_module = $::apache::params::mpm_module, - $conf_template = $::apache::params::conf_template, - $servername = $::apache::params::servername, - $manage_user = true, - $manage_group = true, - $user = $::apache::params::user, - $group = $::apache::params::group, - $keepalive = $::apache::params::keepalive, - $keepalive_timeout = $::apache::params::keepalive_timeout, + $apache_name = $::apache::params::apache_name, + $service_name = $::apache::params::service_name, + $default_mods = true, + $default_vhost = true, + $default_confd_files = true, + $default_ssl_vhost = false, + $default_ssl_cert = $::apache::params::default_ssl_cert, + $default_ssl_key = $::apache::params::default_ssl_key, + $default_ssl_chain = undef, + $default_ssl_ca = undef, + $default_ssl_crl_path = undef, + $default_ssl_crl = undef, + $default_ssl_crl_check = undef, + $ip = undef, + $service_enable = true, + $service_manage = true, + $service_ensure = 'running', + $purge_configs = true, + $purge_vhost_dir = undef, + $purge_vdir = false, + $serveradmin = 'root@localhost', + $sendfile = 'On', + $error_documents = false, + $timeout = '120', + $httpd_dir = $::apache::params::httpd_dir, + $server_root = $::apache::params::server_root, + $conf_dir = $::apache::params::conf_dir, + $confd_dir = $::apache::params::confd_dir, + $vhost_dir = $::apache::params::vhost_dir, + $vhost_enable_dir = $::apache::params::vhost_enable_dir, + $mod_dir = $::apache::params::mod_dir, + $mod_enable_dir = $::apache::params::mod_enable_dir, + $mpm_module = $::apache::params::mpm_module, + $conf_template = $::apache::params::conf_template, + $servername = $::apache::params::servername, + $manage_user = true, + $manage_group = true, + $user = $::apache::params::user, + $group = $::apache::params::group, + $keepalive = $::apache::params::keepalive, + $keepalive_timeout = $::apache::params::keepalive_timeout, $max_keepalive_requests = $apache::params::max_keepalive_requests, - $logroot = $::apache::params::logroot, - $log_level = $::apache::params::log_level, - $log_formats = {}, - $ports_file = $::apache::params::ports_file, - $apache_version = $::apache::version::default, - $server_tokens = 'OS', - $server_signature = 'On', - $trace_enable = 'On', - $package_ensure = 'installed', + $logroot = $::apache::params::logroot, + $logroot_mode = $::apache::params::logroot_mode, + $log_level = $::apache::params::log_level, + $log_formats = {}, + $ports_file = $::apache::params::ports_file, + $docroot = $::apache::params::docroot, + $apache_version = $::apache::version::default, + $server_tokens = 'OS', + $server_signature = 'On', + $trace_enable = 'On', + $allow_encoded_slashes = undef, + $package_ensure = 'installed', + $use_optional_includes = $::apache::params::use_optional_includes, ) inherits ::apache::params { validate_bool($default_vhost) validate_bool($default_ssl_vhost) validate_bool($default_confd_files) # true/false is sufficient for both ensure and enable validate_bool($service_enable) + validate_bool($service_manage) + validate_bool($use_optional_includes) $valid_mpms_re = $apache_version ? { - 2.4 => '(event|itk|peruser|prefork|worker)', + '2.4' => '(event|itk|peruser|prefork|worker)', default => '(event|itk|prefork|worker)' } @@ -75,6 +86,10 @@ validate_re($mpm_module, $valid_mpms_re) } + if $allow_encoded_slashes { + validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.") + } + # NOTE: on FreeBSD it's mpm module's responsibility to install httpd package. # NOTE: the same strategy may be introduced for other OSes. For this, you # should delete the 'if' block below and modify all MPM modules' manifests @@ -83,7 +98,7 @@ if $::osfamily != 'FreeBSD' { package { 'httpd': ensure => $package_ensure, - name => $::apache::params::apache_name, + name => $apache_name, notify => Class['Apache::Service'], } } @@ -115,6 +130,7 @@ class { '::apache::service': service_name => $service_name, service_enable => $service_enable, + service_manage => $service_manage, service_ensure => $service_ensure, } @@ -126,6 +142,13 @@ $purge_confd = $purge_configs } + # Set purge vhostd appropriately + if $purge_vhost_dir == undef { + $purge_vhostd = $purge_confd + } else { + $purge_vhostd = $purge_vhost_dir + } + Exec { path => '/bin:/sbin:/usr/bin:/usr/sbin', } @@ -183,7 +206,7 @@ file { $vhost_dir: ensure => directory, recurse => true, - purge => $purge_configs, + purge => $purge_vhostd, notify => Class['Apache::Service'], require => Package['httpd'], } @@ -198,7 +221,7 @@ file { $vhost_enable_dir: ensure => directory, recurse => true, - purge => $purge_configs, + purge => $purge_vhostd, notify => Class['Apache::Service'], require => Package['httpd'], } @@ -219,30 +242,24 @@ content => template('apache/ports_header.erb') } - if $::apache::params::conf_dir and $::apache::params::conf_file { + if $::apache::conf_dir and $::apache::params::conf_file { case $::osfamily { 'debian': { - $docroot = '/var/www' - $pidfile = '${APACHE_PID_FILE}' + $pidfile = "\${APACHE_PID_FILE}" $error_log = 'error.log' - $error_documents_path = '/usr/share/apache2/error' $scriptalias = '/usr/lib/cgi-bin' $access_log_file = 'access.log' } 'redhat': { - $docroot = '/var/www/html' $pidfile = 'run/httpd.pid' $error_log = 'error_log' - $error_documents_path = '/var/www/error' $scriptalias = '/var/www/cgi-bin' $access_log_file = 'access_log' } 'freebsd': { - $docroot = '/usr/local/www/apache22/data' $pidfile = '/var/run/httpd.pid' $error_log = 'httpd-error.log' - $error_documents_path = '/usr/local/www/apache22/error' - $scriptalias = '/usr/local/www/apache22/cgi-bin' + $scriptalias = '/usr/local/www/apache24/cgi-bin' $access_log_file = 'httpd-access.log' } default: { @@ -276,7 +293,7 @@ # - $server_tokens # - $server_signature # - $trace_enable - file { "${::apache::params::conf_dir}/${::apache::params::conf_file}": + file { "${::apache::conf_dir}/${::apache::params::conf_file}": ensure => file, content => template($conf_template), notify => Class['Apache::Service'], @@ -320,6 +337,7 @@ access_log_file => $access_log_file, priority => '15', ip => $ip, + logroot_mode => $logroot_mode, } $ssl_access_log_file = $::osfamily ? { 'freebsd' => $access_log_file, @@ -335,6 +353,7 @@ access_log_file => $ssl_access_log_file, priority => '15', ip => $ip, + logroot_mode => $logroot_mode, } } }
--- a/modules/apache/manifests/mod.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,11 +1,12 @@ define apache::mod ( - $package = undef, + $package = undef, $package_ensure = 'present', - $lib = undef, - $lib_path = $::apache::params::lib_path, - $id = undef, - $path = undef, - $loadfiles = undef, + $lib = undef, + $lib_path = $::apache::params::lib_path, + $id = undef, + $path = undef, + $loadfile_name = undef, + $loadfiles = undef, ) { if ! defined(Class['apache']) { fail('You must include the apache base class before using any apache defined resources') @@ -17,11 +18,10 @@ # Determine if we have special lib $mod_libs = $::apache::params::mod_libs - $mod_lib = $mod_libs[$mod] # 2.6 compatibility hack if $lib { $_lib = $lib - } elsif $mod_lib { - $_lib = $mod_lib + } elsif has_key($mod_libs, $mod) { # 2.6 compatibility hack + $_lib = $mod_libs[$mod] } else { $_lib = "mod_${mod}.so" } @@ -39,13 +39,20 @@ $_id = "${mod}_module" } + if $loadfile_name { + $_loadfile_name = $loadfile_name + } else { + $_loadfile_name = "${mod}.load" + } + # Determine if we have a package $mod_packages = $::apache::params::mod_packages - $mod_package = $mod_packages[$mod] # 2.6 compatibility hack if $package { $_package = $package - } elsif $mod_package { - $_package = $mod_package + } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack + $_package = $mod_packages[$mod] + } else { + $_package = undef } if $_package and ! defined(Package[$_package]) { # note: FreeBSD/ports uses apxs tool to activate modules; apxs clutters @@ -54,11 +61,13 @@ # the module gets installed. $package_before = $::osfamily ? { 'freebsd' => [ - File["${mod}.load"], - File["${::apache::params::conf_dir}/${::apache::params::conf_file}"] + File[$_loadfile_name], + File["${::apache::conf_dir}/${::apache::params::conf_file}"] ], - default => File["${mod}.load"], + default => File[$_loadfile_name], } + # if there are any packages, they should be installed before the associated conf file + Package[$_package] -> File<| title == "${mod}.conf" |> # $_package may be an array package { $_package: ensure => $package_ensure, @@ -67,9 +76,9 @@ } } - file { "${mod}.load": + file { $_loadfile_name: ensure => file, - path => "${mod_dir}/${mod}.load", + path => "${mod_dir}/${_loadfile_name}", owner => 'root', group => $::apache::params::root_group, mode => '0644', @@ -79,24 +88,24 @@ Exec["mkdir ${mod_dir}"], ], before => File[$mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } if $::osfamily == 'Debian' { $enable_dir = $::apache::mod_enable_dir - file{ "${mod}.load symlink": + file{ "${_loadfile_name} symlink": ensure => link, - path => "${enable_dir}/${mod}.load", - target => "${mod_dir}/${mod}.load", + path => "${enable_dir}/${_loadfile_name}", + target => "${mod_dir}/${_loadfile_name}", owner => 'root', group => $::apache::params::root_group, mode => '0644', require => [ - File["${mod}.load"], + File[$_loadfile_name], Exec["mkdir ${enable_dir}"], ], before => File[$enable_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } # Each module may have a .conf file as well, which should be # defined in the class apache::mod::module @@ -114,7 +123,7 @@ Exec["mkdir ${enable_dir}"], ], before => File[$enable_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } }
--- a/modules/apache/manifests/mod/alias.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/alias.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,10 +1,15 @@ class apache::mod::alias( $apache_version = $apache::apache_version ) { + $ver24 = versioncmp($apache_version, '2.4') >= 0 + $icons_path = $::osfamily ? { 'debian' => '/usr/share/apache2/icons', - 'redhat' => '/var/www/icons', - 'freebsd' => '/usr/local/www/apache22/icons', + 'redhat' => $ver24 ? { + true => '/usr/share/httpd/icons', + default => '/var/www/icons', + }, + 'freebsd' => '/usr/local/www/apache24/icons', } apache::mod { 'alias': } # Template uses $icons_path @@ -14,6 +19,6 @@ content => template('apache/mod/alias.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/manifests/mod/auth_cas.pp Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,48 @@ +class apache::mod::auth_cas ( + $cas_login_url, + $cas_validate_url, + $cas_cookie_path = $::apache::params::cas_cookie_path, + $cas_version = 2, + $cas_debug = 'Off', + $cas_validate_depth = undef, + $cas_certificate_path = undef, + $cas_proxy_validate_url = undef, + $cas_root_proxied_as = undef, + $cas_cookie_entropy = undef, + $cas_timeout = undef, + $cas_idle_timeout = undef, + $cas_cache_clean_interval = undef, + $cas_cookie_domain = undef, + $cas_cookie_http_only = undef, + $cas_authoritative = undef, + $suppress_warning = false, +) { + + validate_string($cas_login_url, $cas_validate_url, $cas_cookie_path) + + if $::osfamily == 'RedHat' and ! $suppress_warning { + warning('RedHat distributions do not have Apache mod_auth_cas in their default package repositories.') + } + + ::apache::mod { 'auth_cas': } + + file { $cas_cookie_path: + ensure => directory, + before => File['auth_cas.conf'], + mode => '0750', + owner => $apache::user, + group => $apache::group, + } + + # Template uses + # - All variables beginning with cas_ + file { 'auth_cas.conf': + ensure => file, + path => "${::apache::mod_dir}/auth_cas.conf", + content => template('apache/mod/auth_cas.conf.erb'), + require => [ Exec["mkdir ${::apache::mod_dir}"], ], + before => File[$::apache::mod_dir], + notify => Service['httpd'], + } + +}
--- a/modules/apache/manifests/mod/authnz_ldap.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/authnz_ldap.pp Sat Mar 14 20:07:04 2015 +0000 @@ -14,6 +14,6 @@ content => template('apache/mod/authnz_ldap.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/autoindex.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/autoindex.pp Sat Mar 14 20:07:04 2015 +0000 @@ -7,6 +7,6 @@ content => template('apache/mod/autoindex.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/cgi.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/cgi.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,4 +1,10 @@ class apache::mod::cgi { - Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi'] + case $::osfamily { + 'FreeBSD': {} + default: { + Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi'] + } + } + ::apache::mod { 'cgi': } }
--- a/modules/apache/manifests/mod/cgid.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/cgid.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,10 +1,15 @@ class apache::mod::cgid { - Class['::apache::mod::worker'] -> Class['::apache::mod::cgid'] + case $::osfamily { + 'FreeBSD': {} + default: { + Class['::apache::mod::worker'] -> Class['::apache::mod::cgid'] + } + } # Debian specifies it's cgid sock path, but RedHat uses the default value # with no config file $cgisock_path = $::osfamily ? { - 'debian' => '${APACHE_RUN_DIR}/cgisock', + 'debian' => "\${APACHE_RUN_DIR}/cgisock", 'freebsd' => 'cgisock', default => undef, } @@ -17,7 +22,7 @@ content => template('apache/mod/cgid.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } }
--- a/modules/apache/manifests/mod/dav_fs.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/dav_fs.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,6 +1,6 @@ class apache::mod::dav_fs { $dav_lock = $::osfamily ? { - 'debian' => '${APACHE_LOCK_DIR}/DAVLock', + 'debian' => "\${APACHE_LOCK_DIR}/DAVLock", 'freebsd' => '/usr/local/var/DavLock', default => '/var/lib/dav/lockdb', } @@ -15,6 +15,6 @@ content => template('apache/mod/dav_fs.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/dav_svn.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/dav_svn.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,5 +1,20 @@ -class apache::mod::dav_svn { +class apache::mod::dav_svn ( + $authz_svn_enabled = false, +) { Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn'] include ::apache::mod::dav ::apache::mod { 'dav_svn': } + + if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04' and $::operatingsystemrelease != '10.04') { + $loadfile_name = undef + } else { + $loadfile_name = 'dav_svn_authz_svn.load' + } + + if $authz_svn_enabled { + ::apache::mod { 'authz_svn': + loadfile_name => $loadfile_name, + require => Apache::Mod['dav_svn'], + } + } }
--- a/modules/apache/manifests/mod/deflate.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/deflate.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,12 +1,24 @@ -class apache::mod::deflate { +class apache::mod::deflate ( + $types = [ + 'text/html text/plain text/xml', + 'text/css', + 'application/x-javascript application/javascript application/ecmascript', + 'application/rss+xml' + ], + $notes = { + 'Input' => 'instream', + 'Output' => 'outstream', + 'Ratio' => 'ratio' + } +) { ::apache::mod { 'deflate': } - # Template uses no variables + file { 'deflate.conf': ensure => file, path => "${::apache::mod_dir}/deflate.conf", content => template('apache/mod/deflate.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/dir.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/dir.pp Sat Mar 14 20:07:04 2015 +0000 @@ -16,6 +16,6 @@ content => template('apache/mod/dir.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/disk_cache.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/disk_cache.pp Sat Mar 14 20:07:04 2015 +0000 @@ -4,6 +4,12 @@ 'redhat' => '/var/cache/mod_proxy', 'freebsd' => '/var/cache/mod_disk_cache', } + + $mod_name = $::osfamily ? { + 'FreeBSD' => 'cache_disk', + default => 'disk_cache', + } + if $::osfamily != 'FreeBSD' { # FIXME: investigate why disk_cache was dependent on proxy # NOTE: on FreeBSD disk_cache is compiled by default but proxy is not @@ -11,7 +17,7 @@ } Class['::apache::mod::cache'] -> Class['::apache::mod::disk_cache'] - apache::mod { 'disk_cache': } + apache::mod { $mod_name: } # Template uses $cache_proxy file { 'disk_cache.conf': ensure => file, @@ -19,6 +25,6 @@ content => template('apache/mod/disk_cache.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/event.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/event.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,12 +1,16 @@ class apache::mod::event ( - $startservers = '2', - $maxclients = '150', - $minsparethreads = '25', - $maxsparethreads = '75', - $threadsperchild = '25', - $maxrequestsperchild = '0', - $serverlimit = '25', - $apache_version = $::apache::apache_version, + $startservers = '2', + $maxclients = '150', + $minsparethreads = '25', + $maxsparethreads = '75', + $threadsperchild = '25', + $maxrequestsperchild = '0', + $serverlimit = '25', + $apache_version = $::apache::apache_version, + $threadlimit = '64', + $listenbacklog = '511', + $maxrequestworkers = '256', + $maxconnectionsperchild = '0', ) { if defined(Class['apache::mod::itk']) { fail('May not include both apache::mod::event and apache::mod::itk on the same node') @@ -39,12 +43,12 @@ content => template('apache/mod/event.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } case $::osfamily { 'redhat': { - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { apache::mpm{ 'event': apache_version => $apache_version, }
--- a/modules/apache/manifests/mod/fastcgi.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/fastcgi.pp Sat Mar 14 20:07:04 2015 +0000 @@ -17,7 +17,7 @@ content => template('apache/mod/fastcgi.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/fcgid.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/fcgid.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,24 @@ -class apache::mod::fcgid { - ::apache::mod { 'fcgid': } +class apache::mod::fcgid( + $options = {}, +) { + if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7' { + $loadfile_name = 'unixd_fcgid.load' + } else { + $loadfile_name = undef + } + + ::apache::mod { 'fcgid': + loadfile_name => $loadfile_name + } + + # Template uses: + # - $options + file { 'fcgid.conf': + ensure => file, + path => "${::apache::mod_dir}/fcgid.conf", + content => template('apache/mod/fcgid.conf.erb'), + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], + notify => Class['apache::service'], + } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/manifests/mod/filter.pp Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,3 @@ +class apache::mod::filter { + ::apache::mod { 'filter': } +}
--- a/modules/apache/manifests/mod/info.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/info.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,6 +1,7 @@ class apache::mod::info ( - $allow_from = ['127.0.0.1','::1'], - $apache_version = $::apache::apache_version, + $allow_from = ['127.0.0.1','::1'], + $apache_version = $::apache::apache_version, + $restrict_access = true, ){ apache::mod { 'info': } # Template uses @@ -12,6 +13,6 @@ content => template('apache/mod/info.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/itk.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/itk.pp Sat Mar 14 20:07:04 2015 +0000 @@ -13,8 +13,10 @@ if defined(Class['apache::mod::peruser']) { fail('May not include both apache::mod::itk and apache::mod::peruser on the same node') } - if defined(Class['apache::mod::prefork']) { - fail('May not include both apache::mod::itk and apache::mod::prefork on the same node') + if versioncmp($apache_version, '2.4') < 0 { + if defined(Class['apache::mod::prefork']) { + fail('May not include both apache::mod::itk and apache::mod::prefork on the same node') + } } if defined(Class['apache::mod::worker']) { fail('May not include both apache::mod::itk and apache::mod::worker on the same node') @@ -37,7 +39,7 @@ content => template('apache/mod/itk.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } case $::osfamily {
--- a/modules/apache/manifests/mod/ldap.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/ldap.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,12 +1,14 @@ -class apache::mod::ldap { +class apache::mod::ldap ( + $apache_version = $::apache::apache_version, +){ ::apache::mod { 'ldap': } - # Template uses no variables + # Template uses $apache_version file { 'ldap.conf': ensure => file, path => "${::apache::mod_dir}/ldap.conf", content => template('apache/mod/ldap.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/mime.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/mime.pp Sat Mar 14 20:07:04 2015 +0000 @@ -10,7 +10,7 @@ content => template('apache/mod/mime.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } if $mime_support_package { package { $mime_support_package:
--- a/modules/apache/manifests/mod/mime_magic.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/mime_magic.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,5 +1,5 @@ class apache::mod::mime_magic ( - $magic_file = "${::apache::params::conf_dir}/magic" + $magic_file = "${::apache::conf_dir}/magic" ) { apache::mod { 'mime_magic': } # Template uses $magic_file @@ -9,6 +9,6 @@ content => template('apache/mod/mime_magic.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/negotiation.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/negotiation.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,4 +1,17 @@ -class apache::mod::negotiation { +class apache::mod::negotiation ( + $force_language_priority = 'Prefer Fallback', + $language_priority = [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', + 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', + 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN', + 'zh-TW' ], +) { + if !is_array($force_language_priority) and !is_string($force_language_priority) { + fail('force_languague_priority must be a string or array of strings') + } + if !is_array($language_priority) and !is_string($language_priority) { + fail('force_languague_priority must be a string or array of strings') + } + ::apache::mod { 'negotiation': } # Template uses no variables file { 'negotiation.conf': @@ -7,6 +20,6 @@ content => template('apache/mod/negotiation.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/nss.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/nss.pp Sat Mar 14 20:07:04 2015 +0000 @@ -20,6 +20,6 @@ content => template('apache/mod/nss.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/pagespeed.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/pagespeed.pp Sat Mar 14 20:07:04 2015 +0000 @@ -3,7 +3,7 @@ $filter_xhtml = false, $cache_path = '/var/cache/mod_pagespeed/', $log_dir = '/var/log/pagespeed', - $memache_servers = [], + $memcache_servers = [], $rewrite_level = 'CoreFilters', $disable_filters = [], $enable_filters = [], @@ -32,10 +32,11 @@ $allow_pagespeed_message = [], $message_buffer_size = 100000, $additional_configuration = {}, + $apache_version = $::apache::apache_version, ){ $_lib = $::apache::apache_version ? { - 2.4 => 'mod_pagespeed_ap24.so', + '2.4' => 'mod_pagespeed_ap24.so', default => undef } @@ -49,6 +50,6 @@ content => template('apache/mod/pagespeed.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/passenger.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/passenger.pp Sat Mar 14 20:07:04 2015 +0000 @@ -9,6 +9,7 @@ $rails_autodetect = undef, $passenger_root = $::apache::params::passenger_root, $passenger_ruby = $::apache::params::passenger_ruby, + $passenger_default_ruby = $::apache::params::passenger_default_ruby, $passenger_max_pool_size = undef, $passenger_use_global_queue = undef, $mod_package = undef, @@ -23,6 +24,20 @@ file { 'passenger_package.conf': path => "${::apache::mod_dir}/${passenger_conf_package_file}", } + } else { + # Remove passenger_extra.conf left over from before Passenger support was + # reworked for Debian. This is a temporary fix for users running this + # module from master after release 1.0.1 It will be removed in two + # releases from now. + $passenger_package_conf_ensure = $::osfamily ? { + 'Debian' => 'absent', + default => undef, + } + + file { 'passenger_package.conf': + ensure => $passenger_package_conf_ensure, + path => "${::apache::mod_dir}/passenger_extra.conf", + } } $_package = $mod_package @@ -52,6 +67,7 @@ # Template uses: # - $passenger_root # - $passenger_ruby + # - $passenger_default_ruby # - $passenger_max_pool_size # - $passenger_high_performance # - $passenger_max_requests @@ -65,6 +81,6 @@ content => template('apache/mod/passenger.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/peruser.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/peruser.pp Sat Mar 14 20:07:04 2015 +0000 @@ -8,66 +8,63 @@ $expiretimeout = '120', $keepalive = 'Off', ) { - if defined(Class['apache::mod::event']) { - fail('May not include both apache::mod::peruser and apache::mod::event on the same node') - } - if defined(Class['apache::mod::itk']) { - fail('May not include both apache::mod::peruser and apache::mod::itk on the same node') - } - if defined(Class['apache::mod::prefork']) { - fail('May not include both apache::mod::peruser and apache::mod::prefork on the same node') - } - if defined(Class['apache::mod::worker']) { - fail('May not include both apache::mod::peruser and apache::mod::worker on the same node') - } - File { - owner => 'root', - group => $::apache::params::root_group, - mode => '0644', - } - - $mod_dir = $::apache::mod_dir - - # Template uses: - # - $minspareprocessors - # - $minprocessors - # - $maxprocessors - # - $maxclients - # - $maxrequestsperchild - # - $idletimeout - # - $expiretimeout - # - $keepalive - # - $mod_dir - file { "${::apache::mod_dir}/peruser.conf": - ensure => file, - content => template('apache/mod/peruser.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Service['httpd'], - } - file { "${::apache::mod_dir}/peruser": - ensure => directory, - require => File[$::apache::mod_dir], - } - file { "${::apache::mod_dir}/peruser/multiplexers": - ensure => directory, - require => File["${::apache::mod_dir}/peruser"], - } - file { "${::apache::mod_dir}/peruser/processors": - ensure => directory, - require => File["${::apache::mod_dir}/peruser"], - } - - ::apache::peruser::multiplexer { '01-default': } case $::osfamily { 'freebsd' : { - class { '::apache::package': - mpm_module => 'peruser' - } + fail("Unsupported osfamily ${::osfamily}") } default: { - fail("Unsupported osfamily ${::osfamily}") + if defined(Class['apache::mod::event']) { + fail('May not include both apache::mod::peruser and apache::mod::event on the same node') + } + if defined(Class['apache::mod::itk']) { + fail('May not include both apache::mod::peruser and apache::mod::itk on the same node') + } + if defined(Class['apache::mod::prefork']) { + fail('May not include both apache::mod::peruser and apache::mod::prefork on the same node') + } + if defined(Class['apache::mod::worker']) { + fail('May not include both apache::mod::peruser and apache::mod::worker on the same node') + } + File { + owner => 'root', + group => $::apache::params::root_group, + mode => '0644', + } + + $mod_dir = $::apache::mod_dir + + # Template uses: + # - $minspareprocessors + # - $minprocessors + # - $maxprocessors + # - $maxclients + # - $maxrequestsperchild + # - $idletimeout + # - $expiretimeout + # - $keepalive + # - $mod_dir + file { "${::apache::mod_dir}/peruser.conf": + ensure => file, + content => template('apache/mod/peruser.conf.erb'), + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], + notify => Class['apache::service'], + } + file { "${::apache::mod_dir}/peruser": + ensure => directory, + require => File[$::apache::mod_dir], + } + file { "${::apache::mod_dir}/peruser/multiplexers": + ensure => directory, + require => File["${::apache::mod_dir}/peruser"], + } + file { "${::apache::mod_dir}/peruser/processors": + ensure => directory, + require => File["${::apache::mod_dir}/peruser"], + } + + ::apache::peruser::multiplexer { '01-default': } } } }
--- a/modules/apache/manifests/mod/php.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/php.pp Sat Mar 14 20:07:04 2015 +0000 @@ -3,11 +3,37 @@ $package_ensure = 'present', $path = undef, $extensions = ['.php'], -) { - if ! defined(Class['apache::mod::prefork']) { - fail('apache::mod::php requires apache::mod::prefork; please enable mpm_module => \'prefork\' on Class[\'apache\']') + $content = undef, + $template = 'apache/mod/php5.conf.erb', + $source = undef, + $root_group = $::apache::params::root_group, +) inherits apache::params { + + if defined(Class['::apache::mod::prefork']) { + Class['::apache::mod::prefork']->File['php5.conf'] + } + elsif defined(Class['::apache::mod::itk']) { + Class['::apache::mod::itk']->File['php5.conf'] + } + else { + fail('apache::mod::php requires apache::mod::prefork or apache::mod::itk; please enable mpm_module => \'prefork\' or mpm_module => \'itk\' on Class[\'apache\']') } validate_array($extensions) + + if $source and ($content or $template != 'apache/mod/php5.conf.erb') { + warning('source and content or template parameters are provided. source parameter will be used') + } elsif $content and $template != 'apache/mod/php5.conf.erb' { + warning('content and template parameters are provided. content parameter will be used') + } + + $manage_content = $source ? { + undef => $content ? { + undef => template($template), + default => $content, + }, + default => undef, + } + ::apache::mod { 'php5': package => $package_name, package_ensure => $package_ensure, @@ -22,12 +48,15 @@ file { 'php5.conf': ensure => file, path => "${::apache::mod_dir}/php5.conf", - content => template('apache/mod/php5.conf.erb'), + owner => 'root', + group => $root_group, + mode => '0644', + content => $manage_content, + source => $source, require => [ - Class['::apache::mod::prefork'], Exec["mkdir ${::apache::mod_dir}"], ], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/prefork.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/prefork.pp Sat Mar 14 20:07:04 2015 +0000 @@ -10,8 +10,10 @@ if defined(Class['apache::mod::event']) { fail('May not include both apache::mod::prefork and apache::mod::event on the same node') } - if defined(Class['apache::mod::itk']) { - fail('May not include both apache::mod::prefork and apache::mod::itk on the same node') + if versioncmp($apache_version, '2.4') < 0 { + if defined(Class['apache::mod::itk']) { + fail('May not include both apache::mod::prefork and apache::mod::itk on the same node') + } } if defined(Class['apache::mod::peruser']) { fail('May not include both apache::mod::prefork and apache::mod::peruser on the same node') @@ -37,12 +39,12 @@ content => template('apache/mod/prefork.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } case $::osfamily { 'redhat': { - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { ::apache::mpm{ 'prefork': apache_version => $apache_version, } @@ -54,7 +56,7 @@ line => '#HTTPD=/usr/sbin/httpd.worker', match => '#?HTTPD=/usr/sbin/httpd.worker', require => Package['httpd'], - notify => Service['httpd'], + notify => Class['apache::service'], } } }
--- a/modules/apache/manifests/mod/proxy.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/proxy.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,15 +1,16 @@ class apache::mod::proxy ( $proxy_requests = 'Off', $allow_from = undef, + $apache_version = $::apache::apache_version, ) { ::apache::mod { 'proxy': } - # Template uses $proxy_requests + # Template uses $proxy_requests, $apache_version file { 'proxy.conf': ensure => file, path => "${::apache::mod_dir}/proxy.conf", content => template('apache/mod/proxy.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/manifests/mod/proxy_connect.pp Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,8 @@ +class apache::mod::proxy_connect ( + $apache_version = $::apache::apache_version, +) { + if versioncmp($apache_version, '2.4') >= 0 { + Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_connect'] + ::apache::mod { 'proxy_connect': } + } +}
--- a/modules/apache/manifests/mod/proxy_html.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/proxy_html.pp Sat Mar 14 20:07:04 2015 +0000 @@ -6,6 +6,7 @@ case $::osfamily { /RedHat|FreeBSD/: { ::apache::mod { 'xml2enc': } + $loadfiles = undef } 'Debian': { $gnu_path = $::hardwaremodel ? { @@ -31,6 +32,6 @@ content => template('apache/mod/proxy_html.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/reqtimeout.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/reqtimeout.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,4 +1,6 @@ -class apache::mod::reqtimeout { +class apache::mod::reqtimeout ( + $timeouts = ['header=20-40,minrate=500', 'body=10,minrate=500'] +){ ::apache::mod { 'reqtimeout': } # Template uses no variables file { 'reqtimeout.conf': @@ -7,6 +9,6 @@ content => template('apache/mod/reqtimeout.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/rpaf.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/rpaf.pp Sat Mar 14 20:07:04 2015 +0000 @@ -15,6 +15,6 @@ content => template('apache/mod/rpaf.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/manifests/mod/security.pp Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,75 @@ +class apache::mod::security ( + $crs_package = $::apache::params::modsec_crs_package, + $activated_rules = $::apache::params::modsec_default_rules, + $modsec_dir = $::apache::params::modsec_dir, + $allowed_methods = 'GET HEAD POST OPTIONS', + $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', + $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', + $restricted_headers = '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', +){ + + if $::osfamily == 'FreeBSD' { + fail('FreeBSD is not currently supported') + } + + ::apache::mod { 'security': + id => 'security2_module', + lib => 'mod_security2.so', + } + + ::apache::mod { 'unique_id_module': + id => 'unique_id_module', + lib => 'mod_unique_id.so', + } + + if $crs_package { + package { $crs_package: + ensure => 'latest', + before => File['security.conf'], + } + } + + # Template uses: + # - $modsec_dir + file { 'security.conf': + ensure => file, + content => template('apache/mod/security.conf.erb'), + path => "${::apache::mod_dir}/security.conf", + owner => $::apache::params::user, + group => $::apache::params::group, + require => Exec["mkdir ${::apache::mod_dir}"], + before => File[$::apache::mod_dir], + notify => Class['apache::service'], + } + + file { $modsec_dir: + ensure => directory, + owner => $::apache::params::user, + group => $::apache::params::group, + mode => '0555', + purge => true, + force => true, + recurse => true, + } + + file { "${modsec_dir}/activated_rules": + ensure => directory, + owner => $::apache::params::user, + group => $::apache::params::group, + mode => '0555', + purge => true, + force => true, + recurse => true, + notify => Class['apache::service'], + } + + file { "${modsec_dir}/security_crs.conf": + ensure => file, + content => template('apache/mod/security_crs.conf.erb'), + require => File[$modsec_dir], + notify => Class['apache::service'], + } + + apache::security::rule_link { $activated_rules: } + +}
--- a/modules/apache/manifests/mod/setenvif.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/setenvif.pp Sat Mar 14 20:07:04 2015 +0000 @@ -7,6 +7,6 @@ content => template('apache/mod/setenvif.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/manifests/mod/shib.pp Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,15 @@ +class apache::mod::shib ( + $suppress_warning = false, +) { + + if $::osfamily == 'RedHat' and ! $suppress_warning { + warning('RedHat distributions do not have Apache mod_shib in their default package repositories.') + } + + $mod_shib = 'shib2' + + apache::mod {$mod_shib: + id => 'mod_shib', + } + +} \ No newline at end of file
--- a/modules/apache/manifests/mod/ssl.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/ssl.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,23 +1,27 @@ class apache::mod::ssl ( - $ssl_compression = false, - $ssl_options = [ 'StdEnvVars' ], - $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', - $apache_version = $::apache::apache_version, + $ssl_compression = false, + $ssl_options = [ 'StdEnvVars' ], + $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5', + $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], + $ssl_pass_phrase_dialog = 'builtin', + $ssl_random_seed_bytes = '512', + $apache_version = $::apache::apache_version, + $package_name = undef, ) { $session_cache = $::osfamily ? { - 'debian' => '${APACHE_RUN_DIR}/ssl_scache(512000)', + 'debian' => "\${APACHE_RUN_DIR}/ssl_scache(512000)", 'redhat' => '/var/cache/mod_ssl/scache(512000)', 'freebsd' => '/var/run/ssl_scache(512000)', } case $::osfamily { 'debian': { - if $apache_version >= 2.4 and $::operatingsystem == 'Ubuntu' { + if versioncmp($apache_version, '2.4') >= 0 { $ssl_mutex = 'default' } elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' { $ssl_mutex = 'file:/var/run/apache2/ssl_mutex' } else { - $ssl_mutex = 'file:${APACHE_RUN_DIR}/ssl_mutex' + $ssl_mutex = "file:\${APACHE_RUN_DIR}/ssl_mutex" } } 'redhat': { @@ -31,9 +35,11 @@ } } - ::apache::mod { 'ssl': } + ::apache::mod { 'ssl': + package => $package_name, + } - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { ::apache::mod { 'socache_shmcb': } } @@ -51,6 +57,6 @@ content => template('apache/mod/ssl.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/status.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/status.pp Sat Mar 14 20:07:04 2015 +0000 @@ -9,7 +9,9 @@ # /server-status URL. Defaults to ['127.0.0.1', '::1']. # - $extended_status track and display extended status information. Valid # values are 'On' or 'Off'. Defaults to 'On'. -# +# - $status_path is the path assigned to the Location directive which +# defines the URL to access the server status. Defaults to '/server-status'. +# # Actions: # - Enable and configure Apache mod_status # @@ -26,17 +28,19 @@ class apache::mod::status ( $allow_from = ['127.0.0.1','::1'], $extended_status = 'On', + $apache_version = $::apache::apache_version, + $status_path = '/server-status', ){ validate_array($allow_from) validate_re(downcase($extended_status), '^(on|off)$', "${extended_status} is not supported for extended_status. Allowed values are 'On' and 'Off'.") ::apache::mod { 'status': } - # Template uses $allow_from, $extended_status + # Template uses $allow_from, $extended_status, $apache_version, $status_path file { 'status.conf': ensure => file, path => "${::apache::mod_dir}/status.conf", content => template('apache/mod/status.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/suphp.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/suphp.pp Sat Mar 14 20:07:04 2015 +0000 @@ -8,7 +8,7 @@ content => template('apache/mod/suphp.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'] + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mod/userdir.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/userdir.pp Sat Mar 14 20:07:04 2015 +0000 @@ -2,16 +2,17 @@ $home = '/home', $dir = 'public_html', $disable_root = true, + $apache_version = $::apache::apache_version, ) { ::apache::mod { 'userdir': } - # Template uses $home, $dir, $disable_root + # Template uses $home, $dir, $disable_root, $apache_version file { 'userdir.conf': ensure => file, path => "${::apache::mod_dir}/userdir.conf", content => template('apache/mod/userdir.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/manifests/mod/version.pp Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,10 @@ +class apache::mod::version( + $apache_version = $::apache::apache_version +) { + + if ($::osfamily == 'debian' and versioncmp($apache_version, '2.4') >= 0) { + warning("${module_name}: module version_module is built-in and can't be loaded") + } else { + ::apache::mod { 'version': } + } +}
--- a/modules/apache/manifests/mod/worker.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/worker.pp Sat Mar 14 20:07:04 2015 +0000 @@ -6,6 +6,7 @@ $threadsperchild = '25', $maxrequestsperchild = '0', $serverlimit = '25', + $threadlimit = '64', $apache_version = $::apache::apache_version, ) { if defined(Class['apache::mod::event']) { @@ -34,17 +35,18 @@ # - $threadsperchild # - $maxrequestsperchild # - $serverlimit + # - $threadLimit file { "${::apache::mod_dir}/worker.conf": ensure => file, content => template('apache/mod/worker.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } case $::osfamily { 'redhat': { - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { ::apache::mpm{ 'worker': apache_version => $apache_version, } @@ -56,7 +58,7 @@ line => 'HTTPD=/usr/sbin/httpd.worker', match => '#?HTTPD=/usr/sbin/httpd.worker', require => Package['httpd'], - notify => Service['httpd'], + notify => Class['apache::service'], } } }
--- a/modules/apache/manifests/mod/wsgi.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mod/wsgi.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,9 +1,29 @@ class apache::mod::wsgi ( - $wsgi_socket_prefix = undef, + $wsgi_socket_prefix = $::apache::params::wsgi_socket_prefix, $wsgi_python_path = undef, $wsgi_python_home = undef, + $package_name = undef, + $mod_path = undef, ){ - ::apache::mod { 'wsgi': } + + if ($package_name != undef and $mod_path == undef) or ($package_name == undef and $mod_path != undef) { + fail('apache::mod::wsgi - both package_name and mod_path must be specified!') + } + + if $package_name != undef { + if $mod_path =~ /\// { + $_mod_path = $mod_path + } else { + $_mod_path = "${::apache::params::lib_path}/${mod_path}" + } + ::apache::mod { 'wsgi': + package => $package_name, + path => $_mod_path, + } + } + else { + ::apache::mod { 'wsgi': } + } # Template uses: # - $wsgi_socket_prefix @@ -15,7 +35,7 @@ content => template('apache/mod/wsgi.conf.erb'), require => Exec["mkdir ${::apache::mod_dir}"], before => File[$::apache::mod_dir], - notify => Service['httpd'] + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/mpm.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/mpm.pp Sat Mar 14 20:07:04 2015 +0000 @@ -13,7 +13,10 @@ $_path = "${lib_path}/${_lib}" $_id = "mpm_${mpm}_module" - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 and + (($::osfamily != 'FreeBSD') or + ($::osfamily == 'FreeBSD' and $mpm == 'itk')) { + file { "${mod_dir}/${mpm}.load": ensure => file, path => "${mod_dir}/${mpm}.load", @@ -23,7 +26,7 @@ Exec["mkdir ${mod_dir}"], ], before => File[$mod_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } } @@ -34,20 +37,27 @@ target => "${::apache::mod_dir}/${mpm}.conf", require => Exec["mkdir ${::apache::mod_enable_dir}"], before => File[$::apache::mod_enable_dir], - notify => Service['httpd'], + notify => Class['apache::service'], } - if $apache_version >= 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { file { "${::apache::mod_enable_dir}/${mpm}.load": ensure => link, target => "${::apache::mod_dir}/${mpm}.load", require => Exec["mkdir ${::apache::mod_enable_dir}"], before => File[$::apache::mod_enable_dir], - notify => Service['httpd'], + notify => Class['apache::service'], + } + + if $mpm == 'itk' { + file { "${lib_path}/mod_mpm_itk.so": + ensure => link, + target => "${lib_path}/mpm_itk.so" + } } } - if $apache_version < 2.4 { + if versioncmp($apache_version, '2.4') < 0 { package { "apache2-mpm-${mpm}": ensure => present, }
--- a/modules/apache/manifests/package.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/package.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,45 +1,56 @@ class apache::package ( $ensure = 'present', $mpm_module = $::apache::params::mpm_module, -) { +) inherits ::apache::params { case $::osfamily { - 'freebsd' : { - $all_mpms = [ - 'www/apache22', - 'www/apache22-worker-mpm', - 'www/apache22-event-mpm', - 'www/apache22-itk-mpm', - 'www/apache22-peruser-mpm', - ] - if $mpm_module { - $apache_package = $mpm_module ? { - 'prefork' => 'www/apache22', - default => "www/apache22-${mpm_module}-mpm" + 'FreeBSD': { + case $mpm_module { + 'prefork': { + $set = 'MPM_PREFORK' + $unset = 'MPM_WORKER MPM_EVENT' + } + 'worker': { + $set = 'MPM_WORKER' + $unset = 'MPM_PERFORK MPM_EVENT' + } + 'event': { + $set = 'MPM_EVENT' + $unset = 'MPM_PERFORK MPM_WORKER' } - } else { - $apache_package = 'www/apache22' + 'itk': { + $set = undef + $unset = undef + package { 'www/mod_mpm_itk': + ensure => installed, + } + } + default: { fail("MPM module ${mpm_module} not supported on FreeBSD") } } - $other_mpms = delete($all_mpms, $apache_package) - # Configure ports to have apache module packages dependent on correct - # version of apache package (apache22, apache22-worker-mpm, ...) - file_line { 'APACHE_PORT in /etc/make.conf': - ensure => $ensure, - path => '/etc/make.conf', - line => "APACHE_PORT=${apache_package}", - match => '^\s*#?\s*APACHE_PORT\s*=\s*', - before => Package['httpd'], + + # Configure ports to have apache build options set correctly + if $set { + file_line { 'apache SET options in /etc/make.conf': + ensure => $ensure, + path => '/etc/make.conf', + line => "apache24_SET_FORCE=${set}", + match => '^apache24_SET_FORCE=.*', + before => Package['httpd'], + } + file_line { 'apache UNSET options in /etc/make.conf': + ensure => $ensure, + path => '/etc/make.conf', + line => "apache24_UNSET_FORCE=${unset}", + match => '^apache24_UNSET_FORCE=.*', + before => Package['httpd'], + } } - # remove other packages - ensure_resource('package', $other_mpms, { - ensure => absent, - before => Package['httpd'], - require => File_line['APACHE_PORT in /etc/make.conf'], - }) + $apache_package = $::apache::params::apache_name } default: { $apache_package = $::apache::params::apache_name } } + package { 'httpd': ensure => $ensure, name => $apache_package,
--- a/modules/apache/manifests/params.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/params.pp Sat Mar 14 20:07:04 2015 +0000 @@ -27,7 +27,13 @@ # The default error log level $log_level = 'warn' + $use_optional_includes = false + if $::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04' { + $verify_command = '/usr/sbin/apache2ctl -t' + } else { + $verify_command = '/usr/sbin/apachectl -t' + } if $::osfamily == 'RedHat' or $::operatingsystem == 'amazon' { $user = 'apache' $group = 'apache' @@ -39,10 +45,13 @@ $conf_dir = "${httpd_dir}/conf" $confd_dir = "${httpd_dir}/conf.d" $mod_dir = "${httpd_dir}/conf.d" + $mod_enable_dir = undef $vhost_dir = "${httpd_dir}/conf.d" + $vhost_enable_dir = undef $conf_file = 'httpd.conf' $ports_file = "${conf_dir}/ports.conf" $logroot = '/var/log/httpd' + $logroot_mode = undef $lib_path = 'modules' $mpm_module = 'prefork' $dev_packages = 'httpd-devel' @@ -53,12 +62,19 @@ $passenger_conf_package_file = 'passenger.conf' $passenger_root = undef $passenger_ruby = undef + $passenger_default_ruby = undef $suphp_addhandler = 'php5-script' $suphp_engine = 'off' $suphp_configpath = undef + # NOTE: The module for Shibboleth is not available to RH/CentOS without an additional repository. http://wiki.aaf.edu.au/tech-info/sp-install-guide + # NOTE: The auth_cas module isn't available to RH/CentOS without enabling EPEL. $mod_packages = { + 'auth_cas' => 'mod_auth_cas', 'auth_kerb' => 'mod_auth_kerb', - 'authnz_ldap' => 'mod_authz_ldap', + 'authnz_ldap' => $::apache::version::distrelease ? { + '7' => 'mod_ldap', + default => 'mod_authz_ldap', + }, 'fastcgi' => 'mod_fastcgi', 'fcgid' => 'mod_fcgid', 'pagespeed' => 'mod-pagespeed-stable', @@ -70,6 +86,7 @@ }, 'proxy_html' => 'mod_proxy_html', 'python' => 'mod_python', + 'security' => 'mod_security', 'shibboleth' => 'shibboleth', 'ssl' => 'mod_ssl', 'wsgi' => 'mod_wsgi', @@ -77,6 +94,7 @@ 'suphp' => 'mod_suphp', 'xsendfile' => 'mod_xsendfile', 'nss' => 'mod_nss', + 'shib2' => 'shibboleth', } $mod_libs = { 'php5' => 'libphp5.so', @@ -89,6 +107,43 @@ $fastcgi_lib_path = undef $mime_support_package = 'mailcap' $mime_types_config = '/etc/mime.types' + $docroot = '/var/www/html' + $error_documents_path = $::apache::version::distrelease ? { + '7' => '/usr/share/httpd/error', + default => '/var/www/error' + } + if $::osfamily == 'RedHat' { + $wsgi_socket_prefix = '/var/run/wsgi' + } else { + $wsgi_socket_prefix = undef + } + $cas_cookie_path = '/var/cache/mod_auth_cas/' + $modsec_crs_package = 'mod_security_crs' + $modsec_crs_path = '/usr/lib/modsecurity.d' + $modsec_dir = '/etc/httpd/modsecurity.d' + $modsec_default_rules = [ + 'base_rules/modsecurity_35_bad_robots.data', + 'base_rules/modsecurity_35_scanners.data', + 'base_rules/modsecurity_40_generic_attacks.data', + 'base_rules/modsecurity_41_sql_injection_attacks.data', + 'base_rules/modsecurity_50_outbound.data', + 'base_rules/modsecurity_50_outbound_malware.data', + 'base_rules/modsecurity_crs_20_protocol_violations.conf', + 'base_rules/modsecurity_crs_21_protocol_anomalies.conf', + 'base_rules/modsecurity_crs_23_request_limits.conf', + 'base_rules/modsecurity_crs_30_http_policy.conf', + 'base_rules/modsecurity_crs_35_bad_robots.conf', + 'base_rules/modsecurity_crs_40_generic_attacks.conf', + 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf', + 'base_rules/modsecurity_crs_41_xss_attacks.conf', + 'base_rules/modsecurity_crs_42_tight_security.conf', + 'base_rules/modsecurity_crs_45_trojans.conf', + 'base_rules/modsecurity_crs_47_common_exceptions.conf', + 'base_rules/modsecurity_crs_49_inbound_blocking.conf', + 'base_rules/modsecurity_crs_50_outbound.conf', + 'base_rules/modsecurity_crs_59_outbound_blocking.conf', + 'base_rules/modsecurity_crs_60_correlation.conf' + ] } elsif $::osfamily == 'Debian' { $user = 'www-data' $group = 'www-data' @@ -106,20 +161,18 @@ $conf_file = 'apache2.conf' $ports_file = "${conf_dir}/ports.conf" $logroot = '/var/log/apache2' + $logroot_mode = undef $lib_path = '/usr/lib/apache2/modules' $mpm_module = 'worker' $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' $ssl_certs_dir = '/etc/ssl/certs' - $passenger_conf_file = 'passenger_extra.conf' - $passenger_conf_package_file = 'passenger.conf' - $passenger_root = undef - $passenger_ruby = undef $suphp_addhandler = 'x-httpd-php' $suphp_engine = 'off' $suphp_configpath = '/etc/php5/apache2' $mod_packages = { + 'auth_cas' => 'libapache2-mod-auth-cas', 'auth_kerb' => 'libapache2-mod-auth-kerb', 'dav_svn' => 'libapache2-svn', 'fastcgi' => 'libapache2-mod-fastcgi', @@ -132,9 +185,11 @@ 'proxy_html' => 'libapache2-mod-proxy-html', 'python' => 'libapache2-mod-python', 'rpaf' => 'libapache2-mod-rpaf', + 'security' => 'libapache2-modsecurity', 'suphp' => 'libapache2-mod-suphp', 'wsgi' => 'libapache2-mod-wsgi', 'xsendfile' => 'libapache2-mod-xsendfile', + 'shib2' => 'libapache2-mod-shib2', } $mod_libs = { 'php5' => 'libphp5.so', @@ -146,13 +201,95 @@ $fastcgi_lib_path = '/var/lib/apache2/fastcgi' $mime_support_package = 'mime-support' $mime_types_config = '/etc/mime.types' + $docroot = '/var/www' + $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/' + $modsec_crs_package = 'modsecurity-crs' + $modsec_crs_path = '/usr/share/modsecurity-crs' + $modsec_dir = '/etc/modsecurity' + $modsec_default_rules = [ + 'base_rules/modsecurity_35_bad_robots.data', + 'base_rules/modsecurity_35_scanners.data', + 'base_rules/modsecurity_40_generic_attacks.data', + 'base_rules/modsecurity_41_sql_injection_attacks.data', + 'base_rules/modsecurity_50_outbound.data', + 'base_rules/modsecurity_50_outbound_malware.data', + 'base_rules/modsecurity_crs_20_protocol_violations.conf', + 'base_rules/modsecurity_crs_21_protocol_anomalies.conf', + 'base_rules/modsecurity_crs_23_request_limits.conf', + 'base_rules/modsecurity_crs_30_http_policy.conf', + 'base_rules/modsecurity_crs_35_bad_robots.conf', + 'base_rules/modsecurity_crs_40_generic_attacks.conf', + 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf', + 'base_rules/modsecurity_crs_41_xss_attacks.conf', + 'base_rules/modsecurity_crs_42_tight_security.conf', + 'base_rules/modsecurity_crs_45_trojans.conf', + 'base_rules/modsecurity_crs_47_common_exceptions.conf', + 'base_rules/modsecurity_crs_49_inbound_blocking.conf', + 'base_rules/modsecurity_crs_50_outbound.conf', + 'base_rules/modsecurity_crs_59_outbound_blocking.conf', + 'base_rules/modsecurity_crs_60_correlation.conf' + ] + $error_documents_path = '/usr/share/apache2/error' + + # + # Passenger-specific settings + # + + $passenger_conf_file = 'passenger.conf' + $passenger_conf_package_file = undef + + case $::operatingsystem { + 'Ubuntu': { + case $::lsbdistrelease { + '12.04': { + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $passenger_default_ruby = undef + } + '14.04': { + $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' + $passenger_ruby = undef + $passenger_default_ruby = '/usr/bin/ruby' + } + default: { + # The following settings may or may not work on Ubuntu releases not + # supported by this module. + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $passenger_default_ruby = undef + } + } + } + 'Debian': { + case $::lsbdistcodename { + 'wheezy': { + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $passenger_default_ruby = undef + } + 'jessie': { + $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' + $passenger_ruby = undef + $passenger_default_ruby = '/usr/bin/ruby' + } + default: { + # The following settings may or may not work on Debian releases not + # supported by this module. + $passenger_root = '/usr' + $passenger_ruby = '/usr/bin/ruby' + $passenger_default_ruby = undef + } + } + } + } + $wsgi_socket_prefix = undef } elsif $::osfamily == 'FreeBSD' { $user = 'www' $group = 'www' $root_group = 'wheel' - $apache_name = 'apache22' - $service_name = 'apache22' - $httpd_dir = '/usr/local/etc/apache22' + $apache_name = 'apache24' + $service_name = 'apache24' + $httpd_dir = '/usr/local/etc/apache24' $server_root = '/usr/local' $conf_dir = $httpd_dir $confd_dir = "${httpd_dir}/Includes" @@ -162,38 +299,40 @@ $vhost_enable_dir = undef $conf_file = 'httpd.conf' $ports_file = "${conf_dir}/ports.conf" - $logroot = '/var/log/apache22' - $lib_path = '/usr/local/libexec/apache22' + $logroot = '/var/log/apache24' + $logroot_mode = undef + $lib_path = '/usr/local/libexec/apache24' $mpm_module = 'prefork' $dev_packages = undef - $default_ssl_cert = '/usr/local/etc/apache22/server.crt' - $default_ssl_key = '/usr/local/etc/apache22/server.key' - $ssl_certs_dir = '/usr/local/etc/apache22' + $default_ssl_cert = '/usr/local/etc/apache24/server.crt' + $default_ssl_key = '/usr/local/etc/apache24/server.key' + $ssl_certs_dir = '/usr/local/etc/apache24' $passenger_conf_file = 'passenger.conf' $passenger_conf_package_file = undef $passenger_root = '/usr/local/lib/ruby/gems/1.9/gems/passenger-4.0.10' $passenger_ruby = '/usr/bin/ruby' + $passenger_default_ruby = undef $suphp_addhandler = 'php5-script' $suphp_engine = 'off' $suphp_configpath = undef $mod_packages = { - # NOTE: I list here only modules that are not included in www/apache22 + # NOTE: I list here only modules that are not included in www/apache24 # NOTE: 'passenger' needs to enable APACHE_SUPPORT in make config # NOTE: 'php' needs to enable APACHE option in make config # NOTE: 'dav_svn' needs to enable MOD_DAV_SVN make config # NOTE: not sure where the shibboleth should come from - # NOTE: don't know where the shibboleth module should come from 'auth_kerb' => 'www/mod_auth_kerb2', 'fcgid' => 'www/mod_fcgid', 'passenger' => 'www/rubygem-passenger', 'perl' => 'www/mod_perl2', - 'php5' => 'lang/php5', + 'php5' => 'www/mod_php5', 'proxy_html' => 'www/mod_proxy_html', 'python' => 'www/mod_python3', 'wsgi' => 'www/mod_wsgi', 'dav_svn' => 'devel/subversion', 'xsendfile' => 'www/mod_xsendfile', - 'rpaf' => 'www/mod_rpaf2' + 'rpaf' => 'www/mod_rpaf2', + 'shib2' => 'security/shibboleth2-sp', } $mod_libs = { 'php5' => 'libphp5.so', @@ -205,6 +344,9 @@ $fastcgi_lib_path = undef # TODO: revisit $mime_support_package = 'misc/mime-support' $mime_types_config = '/usr/local/etc/mime.types' + $wsgi_socket_prefix = undef + $docroot = '/usr/local/www/apache24/data' + $error_documents_path = '/usr/local/www/apache24/error' } else { fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") }
--- a/modules/apache/manifests/peruser/multiplexer.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/peruser/multiplexer.pp Sat Mar 14 20:07:04 2015 +0000 @@ -12,6 +12,6 @@ ensure => file, content => "Multiplexer ${user} ${group}\n", require => File["${::apache::mod_dir}/peruser/multiplexers"], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- a/modules/apache/manifests/peruser/processor.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/peruser/processor.pp Sat Mar 14 20:07:04 2015 +0000 @@ -12,6 +12,6 @@ ensure => file, content => "Processor ${user} ${group}\n", require => File["${::apache::mod_dir}/peruser/processors"], - notify => Service['httpd'], + notify => Class['apache::service'], } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/manifests/security/rule_link.pp Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,13 @@ +define apache::security::rule_link () { + + $parts = split($title, '/') + $filename = $parts[-1] + + file { $filename: + ensure => 'link', + path => "${::apache::mod::security::modsec_dir}/activated_rules/${filename}", + target => "${::apache::params::modsec_crs_path}/${title}", + require => File["${::apache::mod::security::modsec_dir}/activated_rules"], + notify => Class['apache::service'], + } +}
--- a/modules/apache/manifests/service.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/service.pp Sat Mar 14 20:07:04 2015 +0000 @@ -20,16 +20,28 @@ $service_name = $::apache::params::service_name, $service_enable = true, $service_ensure = 'running', + $service_manage = true, ) { # The base class must be included first because parameter defaults depend on it if ! defined(Class['apache::params']) { fail('You must include the apache::params class before using any apache defined resources') } validate_bool($service_enable) + validate_bool($service_manage) - service { 'httpd': - ensure => $service_ensure, - name => $service_name, - enable => $service_enable, + case $service_ensure { + true, false, 'running', 'stopped': { + $_service_ensure = $service_ensure + } + default: { + $_service_ensure = undef + } + } + if $service_manage { + service { 'httpd': + ensure => $_service_ensure, + name => $service_name, + enable => $service_enable, + } } }
--- a/modules/apache/manifests/version.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/version.pp Sat Mar 14 20:07:04 2015 +0000 @@ -7,26 +7,28 @@ $osr_array = split($::operatingsystemrelease,'[\/\.]') $distrelease = $osr_array[0] if ! $distrelease { - fail("Class['apache::params']: Unparsable \$::operatingsystemrelease: ${::operatingsystemrelease}") + fail("Class['apache::version']: Unparsable \$::operatingsystemrelease: ${::operatingsystemrelease}") } case $::osfamily { 'RedHat': { - if ($::operatingsystem == 'Fedora' and $distrelease >= 18) or ($::operatingsystem != 'Fedora' and $distrelease >= 7) { - $default = 2.4 + if ($::operatingsystem == 'Fedora' and versioncmp($distrelease, '18') >= 0) or ($::operatingsystem != 'Fedora' and versioncmp($distrelease, '7') >= 0) { + $default = '2.4' } else { - $default = 2.2 + $default = '2.2' } } 'Debian': { - if $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease >= 13.10 { - $default = 2.4 + if $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0 { + $default = '2.4' + } elsif $::operatingsystem == 'Debian' and versioncmp($distrelease, '8') >= 0 { + $default = '2.4' } else { - $default = 2.2 + $default = '2.2' } } 'FreeBSD': { - $default = 2.2 + $default = '2.4' } default: { fail("Class['apache::version']: Unsupported osfamily: ${::osfamily}")
--- a/modules/apache/manifests/vhost.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/manifests/vhost.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,173 +1,119 @@ -# Definition: apache::vhost -# -# This class installs Apache Virtual Hosts -# -# Parameters: -# - The $port to configure the host on -# - The $docroot provides the DocumentRoot variable -# - The $virtual_docroot provides VirtualDocumentationRoot variable -# - The $serveradmin will specify an email address for Apache that it will -# display when it renders one of it's error pages -# - The $ssl option is set true or false to enable SSL for this Virtual Host -# - The $priority of the site -# - The $servername is the primary name of the virtual host -# - The $serveraliases of the site -# - The $ip to configure the host on, defaulting to * -# - The $options for the given vhost -# - The $override for the given vhost (list of AllowOverride arguments) -# - The $vhost_name for name based virtualhosting, defaulting to * -# - The $logroot specifies the location of the virtual hosts logfiles, default -# to /var/log/<apache log location>/ -# - The $log_level specifies the verbosity of the error log for this vhost. Not -# set by default for the vhost, instead the global server configuration default -# of 'warn' is used. -# - The $access_log specifies if *_access.log directives should be configured. -# - The $ensure specifies if vhost file is present or absent. -# - The $headers is a list of Header statement strings as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header -# - The $request_headers is a list of RequestHeader statement strings as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader -# - $aliases is a list of Alias hashes for mod_alias as per http://httpd.apache.org/docs/current/mod/mod_alias.html -# each statement is a hash in the form of { alias => '/alias', path => '/real/path/to/directory' } -# - $directories is a lost of hashes for creating <Directory> statements as per http://httpd.apache.org/docs/2.2/mod/core.html#directory -# each statement is a hash in the form of { path => '/path/to/directory', <directive> => <value>} -# see README.md for list of supported directives. -# -# Actions: -# - Install Apache Virtual Hosts -# -# Requires: -# - The apache class -# -# Sample Usage: -# -# # Simple vhost definition: -# apache::vhost { 'site.name.fqdn': -# port => '80', -# docroot => '/path/to/docroot', -# } -# -# # Multiple Mod Rewrites: -# apache::vhost { 'site.name.fqdn': -# port => '80', -# docroot => '/path/to/docroot', -# rewrites => [ -# { -# comment => 'force www domain', -# rewrite_cond => ['%{HTTP_HOST} ^([a-z.]+)?example.com$ [NC]', '%{HTTP_HOST} !^www. [NC]'], -# rewrite_rule => ['.? http://www.%1example.com%{REQUEST_URI} [R=301,L]'] -# }, -# { -# comment => 'prevent image hotlinking', -# rewrite_cond => ['%{HTTP_REFERER} !^$', '%{HTTP_REFERER} !^http://(www.)?example.com/ [NC]'], -# rewrite_rule => ['.(gif|jpg|png)$ - [F]'] -# }, -# ] -# } -# -# # SSL vhost with non-SSL rewrite: -# apache::vhost { 'site.name.fqdn': -# port => '443', -# ssl => true, -# docroot => '/path/to/docroot', -# } -# apache::vhost { 'site.name.fqdn': -# port => '80', -# docroot => '/path/to/other_docroot', -# custom_fragment => template("${module_name}/my_fragment.erb"), -# } -# +# See README.md for usage information define apache::vhost( - $docroot, - $virtual_docroot = false, - $port = undef, - $ip = undef, - $ip_based = false, - $add_listen = true, - $docroot_owner = 'root', - $docroot_group = $::apache::params::root_group, - $docroot_mode = undef, - $serveradmin = undef, - $ssl = false, - $ssl_cert = $::apache::default_ssl_cert, - $ssl_key = $::apache::default_ssl_key, - $ssl_chain = $::apache::default_ssl_chain, - $ssl_ca = $::apache::default_ssl_ca, - $ssl_crl_path = $::apache::default_ssl_crl_path, - $ssl_crl = $::apache::default_ssl_crl, - $ssl_certs_dir = $::apache::params::ssl_certs_dir, - $ssl_protocol = undef, - $ssl_cipher = undef, - $ssl_honorcipherorder = undef, - $ssl_verify_client = undef, - $ssl_verify_depth = undef, - $ssl_options = undef, - $ssl_proxyengine = false, - $priority = undef, - $default_vhost = false, - $servername = $name, - $serveraliases = [], - $options = ['Indexes','FollowSymLinks','MultiViews'], - $override = ['None'], - $directoryindex = '', - $vhost_name = '*', - $logroot = $::apache::logroot, - $log_level = undef, - $access_log = true, - $access_log_file = undef, - $access_log_pipe = undef, - $access_log_syslog = undef, - $access_log_format = undef, - $access_log_env_var = undef, - $aliases = undef, - $directories = undef, - $error_log = true, - $error_log_file = undef, - $error_log_pipe = undef, - $error_log_syslog = undef, - $error_documents = [], - $fallbackresource = undef, - $scriptalias = undef, - $scriptaliases = [], - $proxy_dest = undef, - $proxy_pass = undef, - $suphp_addhandler = $::apache::params::suphp_addhandler, - $suphp_engine = $::apache::params::suphp_engine, - $suphp_configpath = $::apache::params::suphp_configpath, - $php_admin_flags = [], - $php_admin_values = [], - $no_proxy_uris = [], - $redirect_source = '/', - $redirect_dest = undef, - $redirect_status = undef, - $redirectmatch_status = undef, - $redirectmatch_regexp = undef, - $rack_base_uris = undef, - $headers = undef, - $request_headers = undef, - $rewrites = undef, - $rewrite_base = undef, - $rewrite_rule = undef, - $rewrite_cond = undef, - $setenv = [], - $setenvif = [], - $block = [], - $ensure = 'present', - $wsgi_application_group = undef, - $wsgi_daemon_process = undef, - $wsgi_daemon_process_options = undef, - $wsgi_import_script = undef, - $wsgi_import_script_options = undef, - $wsgi_process_group = undef, - $wsgi_script_aliases = undef, - $custom_fragment = undef, - $itk = undef, - $action = undef, - $fastcgi_server = undef, - $fastcgi_socket = undef, - $fastcgi_dir = undef, - $additional_includes = [], - $apache_version = $::apache::apache_version, - $suexec_user_group = undef, - ) { + $docroot, + $manage_docroot = true, + $virtual_docroot = false, + $port = undef, + $ip = undef, + $ip_based = false, + $add_listen = true, + $docroot_owner = 'root', + $docroot_group = $::apache::params::root_group, + $docroot_mode = undef, + $serveradmin = undef, + $ssl = false, + $ssl_cert = $::apache::default_ssl_cert, + $ssl_key = $::apache::default_ssl_key, + $ssl_chain = $::apache::default_ssl_chain, + $ssl_ca = $::apache::default_ssl_ca, + $ssl_crl_path = $::apache::default_ssl_crl_path, + $ssl_crl = $::apache::default_ssl_crl, + $ssl_crl_check = $::apache::default_ssl_crl_check, + $ssl_certs_dir = $::apache::params::ssl_certs_dir, + $ssl_protocol = undef, + $ssl_cipher = undef, + $ssl_honorcipherorder = undef, + $ssl_verify_client = undef, + $ssl_verify_depth = undef, + $ssl_options = undef, + $ssl_proxyengine = false, + $priority = undef, + $default_vhost = false, + $servername = $name, + $serveraliases = [], + $options = ['Indexes','FollowSymLinks','MultiViews'], + $override = ['None'], + $directoryindex = '', + $vhost_name = '*', + $logroot = $::apache::logroot, + $logroot_ensure = 'directory', + $logroot_mode = undef, + $log_level = undef, + $access_log = true, + $access_log_file = false, + $access_log_pipe = false, + $access_log_syslog = false, + $access_log_format = false, + $access_log_env_var = false, + $access_logs = undef, + $aliases = undef, + $directories = undef, + $error_log = true, + $error_log_file = undef, + $error_log_pipe = undef, + $error_log_syslog = undef, + $error_documents = [], + $fallbackresource = undef, + $scriptalias = undef, + $scriptaliases = [], + $proxy_dest = undef, + $proxy_pass = undef, + $suphp_addhandler = $::apache::params::suphp_addhandler, + $suphp_engine = $::apache::params::suphp_engine, + $suphp_configpath = $::apache::params::suphp_configpath, + $php_flags = {}, + $php_values = {}, + $php_admin_flags = {}, + $php_admin_values = {}, + $no_proxy_uris = [], + $proxy_preserve_host = false, + $redirect_source = '/', + $redirect_dest = undef, + $redirect_status = undef, + $redirectmatch_status = undef, + $redirectmatch_regexp = undef, + $redirectmatch_dest = undef, + $rack_base_uris = undef, + $headers = undef, + $request_headers = undef, + $rewrites = undef, + $rewrite_base = undef, + $rewrite_rule = undef, + $rewrite_cond = undef, + $setenv = [], + $setenvif = [], + $block = [], + $ensure = 'present', + $wsgi_application_group = undef, + $wsgi_daemon_process = undef, + $wsgi_daemon_process_options = undef, + $wsgi_import_script = undef, + $wsgi_import_script_options = undef, + $wsgi_process_group = undef, + $wsgi_script_aliases = undef, + $wsgi_pass_authorization = undef, + $wsgi_chunked_request = undef, + $custom_fragment = undef, + $itk = undef, + $action = undef, + $fastcgi_server = undef, + $fastcgi_socket = undef, + $fastcgi_dir = undef, + $additional_includes = [], + $apache_version = $::apache::apache_version, + $allow_encoded_slashes = undef, + $suexec_user_group = undef, + $passenger_app_root = undef, + $passenger_ruby = undef, + $passenger_min_instances = undef, + $passenger_start_timeout = undef, + $passenger_pre_start = undef, + $add_default_charset = undef, + $modsec_disable_vhost = undef, + $modsec_disable_ids = undef, + $modsec_disable_ips = undef, + $modsec_body_limit = undef, +) { # The base class must be included first because it is used by parameter defaults if ! defined(Class['apache']) { fail('You must include the apache base class before using any apache defined resources') @@ -192,11 +138,19 @@ validate_hash($rewrites[0]) } + # Input validation begins + if $suexec_user_group { validate_re($suexec_user_group, '^\w+ \w+$', "${suexec_user_group} is not supported for suexec_user_group. Must be 'user group'.") } + if $wsgi_pass_authorization { + validate_re(downcase($wsgi_pass_authorization), '^(on|off)$', + "${wsgi_pass_authorization} is not supported for wsgi_pass_authorization. + Allowed values are 'on' and 'off'.") + } + # Deprecated backwards-compatibility if $rewrite_base { warning('Apache::Vhost: parameter rewrite_base is deprecated in favor of rewrites') @@ -221,6 +175,10 @@ validate_hash($itk) } + validate_re($logroot_ensure, '^(directory|absent)$', + "${logroot_ensure} is not supported for logroot_ensure. + Allowed values are 'directory' and 'absent'.") + if $log_level { validate_re($log_level, '^(emerg|alert|crit|error|warn|notice|info|debug)$', "Log level '${log_level}' is not one of the supported Apache HTTP Server log levels.") @@ -238,6 +196,16 @@ validate_re($fallbackresource, '^/|disabled', 'Please make sure fallbackresource starts with a / (or is "disabled")') } + if $custom_fragment { + validate_string($custom_fragment) + } + + if $allow_encoded_slashes { + validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.") + } + + # Input validation ends + if $ssl and $ensure == 'present' { include ::apache::mod::ssl # Required for the AddType lines. @@ -256,23 +224,44 @@ include ::apache::mod::suexec } + if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { + include ::apache::mod::passenger + } + + # Configure the defaultness of a vhost + if $priority { + $priority_real = "${priority}-" + } elsif $priority == false { + $priority_real = '' + } elsif $default_vhost { + $priority_real = '10-' + } else { + $priority_real = '25-' + } + + ## Apache include does not always work with spaces in the filename + $filename = regsubst($name, ' ', '_', 'G') + # This ensures that the docroot exists # But enables it to be specified across multiple vhost resources - if ! defined(File[$docroot]) { + if ! defined(File[$docroot]) and $manage_docroot { file { $docroot: ensure => directory, owner => $docroot_owner, group => $docroot_group, mode => $docroot_mode, require => Package['httpd'], + before => Concat["${priority_real}${filename}.conf"], } } # Same as above, but for logroot if ! defined(File[$logroot]) { file { $logroot: - ensure => directory, + ensure => $logroot_ensure, + mode => $logroot_mode, require => Package['httpd'], + before => Concat["${priority_real}${filename}.conf"], } } @@ -280,19 +269,31 @@ # Is apache::mod::passenger enabled (or apache::mod['passenger']) $passenger_enabled = defined(Apache::Mod['passenger']) - # Define log file names - if $access_log_file { - $access_log_destination = "${logroot}/${access_log_file}" - } elsif $access_log_pipe { - $access_log_destination = $access_log_pipe - } elsif $access_log_syslog { - $access_log_destination = $access_log_syslog - } else { - if $ssl { - $access_log_destination = "${logroot}/${name}_access_ssl.log" + # Is apache::mod::shib enabled (or apache::mod['shib2']) + $shibboleth_enabled = defined(Apache::Mod['shib2']) + + if $access_log and !$access_logs { + if $access_log_file { + $_logs_dest = "${logroot}/${access_log_file}" + } elsif $access_log_pipe { + $_logs_dest = $access_log_pipe + } elsif $access_log_syslog { + $_logs_dest = $access_log_syslog } else { - $access_log_destination = "${logroot}/${name}_access.log" + $_logs_dest = undef } + $_access_logs = [{ + 'file' => $access_log_file, + 'pipe' => $access_log_pipe, + 'syslog' => $access_log_syslog, + 'format' => $access_log_format, + 'env' => $access_log_env_var + }] + } elsif $access_logs { + if !is_array($access_logs) { + fail("Apache::Vhost[${name}]: access_logs must be an array of hashes") + } + $_access_logs = $access_logs } if $error_log_file { @@ -309,22 +310,12 @@ } } - # Set access log format - if $access_log_format { - $_access_log_format = "\"${access_log_format}\"" - } else { - $_access_log_format = 'combined' - } - - if $access_log_env_var { - $_access_log_env_var = "env=${access_log_env_var}" - } - if $ip { if $port { $listen_addr_port = "${ip}:${port}" $nvh_addr_port = "${ip}:${port}" } else { + $listen_addr_port = undef $nvh_addr_port = $ip if ! $servername and ! $ip_based { fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters for name-based vhosts") @@ -335,6 +326,7 @@ $listen_addr_port = $port $nvh_addr_port = "${vhost_name}:${port}" } else { + $listen_addr_port = undef $nvh_addr_port = $name if ! $servername { fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters, and/or 'servername' parameter") @@ -342,23 +334,23 @@ } } if $add_listen { - if $ip and defined(Apache::Listen[$port]) { + if $ip and defined(Apache::Listen["${port}"]) { fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this") } - if ! defined(Apache::Listen[$listen_addr_port]) and $listen_addr_port and $ensure == 'present' { - ::apache::listen { $listen_addr_port: } + if ! defined(Apache::Listen["${listen_addr_port}"]) and $listen_addr_port and $ensure == 'present' { + ::apache::listen { "${listen_addr_port}": } } } if ! $ip_based { - if ! defined(Apache::Namevirtualhost[$nvh_addr_port]) and $ensure == 'present' and $apache_version < 2.4 { + if ! defined(Apache::Namevirtualhost[$nvh_addr_port]) and $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) { ::apache::namevirtualhost { $nvh_addr_port: } } } # Load mod_rewrite if needed and not yet loaded if $rewrites or $rewrite_cond { - if ! defined(Apache::Mod['rewrite']) { - ::apache::mod { 'rewrite': } + if ! defined(Class['apache::mod::rewrite']) { + include ::apache::mod::rewrite } } @@ -393,15 +385,6 @@ } } - # Configure the defaultness of a vhost - if $priority { - $priority_real = $priority - } elsif $default_vhost { - $priority_real = '10' - } else { - $priority_real = '25' - } - # Check if mod_headers is required to process $headers/$request_headers if $headers or $request_headers { if ! defined(Class['apache::mod::headers']) { @@ -409,8 +392,11 @@ } } - ## Apache include does not always work with spaces in the filename - $filename = regsubst($name, ' ', '_', 'G') + if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { + if ! defined(Class['apache::mod::setenvif']) { + include ::apache::mod::setenvif + } + } ## Create a default directory list if none defined if $directories { @@ -427,7 +413,7 @@ directoryindex => $directoryindex, } - if $apache_version == 2.4 { + if versioncmp($apache_version, '2.4') >= 0 { $_directory_version = { require => 'all granted', } @@ -441,115 +427,455 @@ $_directories = [ merge($_directory, $_directory_version) ] } - # Template uses: - # - $nvh_addr_port - # - $servername - # - $serveradmin - # - $docroot - # - $virtual_docroot - # - $options - # - $override - # - $logroot - # - $name - # - $aliases - # - $_directories - # - $log_level - # - $access_log - # - $access_log_destination - # - $_access_log_format - # - $_access_log_env_var - # - $error_log - # - $error_log_destination - # - $error_documents - # - $fallbackresource - # - $custom_fragment - # - $additional_includes - # block fragment: - # - $block - # directories fragment: - # - $passenger_enabled - # - $php_admin_flags - # - $php_admin_values - # - $directories (a list of key-value hashes is expected) - # fastcgi fragment: - # - $fastcgi_server - # - $fastcgi_socket - # - $fastcgi_dir - # proxy fragment: - # - $proxy_dest - # - $no_proxy_uris - # rack fragment: - # - $rack_base_uris - # redirect fragment: - # - $redirect_source - # - $redirect_dest - # - $redirect_status - # header fragment - # - $headers - # requestheader fragment: - # - $request_headers - # rewrite fragment: - # - $rewrites - # scriptalias fragment: - # - $scriptalias - # - $scriptaliases - # - $ssl - # serveralias fragment: - # - $serveraliases - # setenv fragment: - # - $setenv - # - $setenvif - # ssl fragment: - # - $ssl - # - $ssl_cert - # - $ssl_key - # - $ssl_chain - # - $ssl_certs_dir - # - $ssl_ca - # - $ssl_crl - # - $ssl_crl_path - # - $ssl_verify_client - # - $ssl_verify_depth - # - $ssl_options - # suphp fragment: - # - $suphp_addhandler - # - $suphp_engine - # - $suphp_configpath - # wsgi fragment: - # - $wsgi_application_group - # - $wsgi_daemon_process - # - $wsgi_import_script - # - $wsgi_process_group - # - $wsgi_script_aliases - file { "${priority_real}-${filename}.conf": + ## Create a global LocationMatch if locations aren't defined + if $modsec_disable_ids { + if is_hash($modsec_disable_ids) { + $_modsec_disable_ids = $modsec_disable_ids + } elsif is_array($modsec_disable_ids) { + $_modsec_disable_ids = { '.*' => $modsec_disable_ids } + } else { + fail("Apache::Vhost[${name}]: 'modsec_disable_ids' must be either a Hash of location/IDs or an Array of IDs") + } + } + + concat { "${priority_real}${filename}.conf": ensure => $ensure, - path => "${::apache::vhost_dir}/${priority_real}-${filename}.conf", - content => template('apache/vhost.conf.erb'), + path => "${::apache::vhost_dir}/${priority_real}${filename}.conf", owner => 'root', group => $::apache::params::root_group, mode => '0644', - require => [ - Package['httpd'], - File[$docroot], - File[$logroot], - ], - notify => Service['httpd'], + order => 'numeric', + require => Package['httpd'], + notify => Class['apache::service'], } - if $::osfamily == 'Debian' { + if $::apache::vhost_enable_dir { $vhost_enable_dir = $::apache::vhost_enable_dir $vhost_symlink_ensure = $ensure ? { present => link, default => $ensure, } - file{ "${priority_real}-${filename}.conf symlink": + file{ "${priority_real}${filename}.conf symlink": ensure => $vhost_symlink_ensure, - path => "${vhost_enable_dir}/${priority_real}-${filename}.conf", - target => "${::apache::vhost_dir}/${priority_real}-${filename}.conf", + path => "${vhost_enable_dir}/${priority_real}${filename}.conf", + target => "${::apache::vhost_dir}/${priority_real}${filename}.conf", owner => 'root', group => $::apache::params::root_group, mode => '0644', - require => File["${priority_real}-${filename}.conf"], - notify => Service['httpd'], + require => Concat["${priority_real}${filename}.conf"], + notify => Class['apache::service'], + } + } + + # Template uses: + # - $nvh_addr_port + # - $servername + # - $serveradmin + concat::fragment { "${name}-apache-header": + target => "${priority_real}${filename}.conf", + order => 0, + content => template('apache/vhost/_file_header.erb'), + } + + # Template uses: + # - $virtual_docroot + # - $docroot + concat::fragment { "${name}-docroot": + target => "${priority_real}${filename}.conf", + order => 10, + content => template('apache/vhost/_docroot.erb'), + } + + # Template uses: + # - $aliases + if $aliases and ! empty($aliases) { + concat::fragment { "${name}-aliases": + target => "${priority_real}${filename}.conf", + order => 20, + content => template('apache/vhost/_aliases.erb'), + } + } + + # Template uses: + # - $itk + # - $::kernelversion + if $itk and ! empty($itk) { + concat::fragment { "${name}-itk": + target => "${priority_real}${filename}.conf", + order => 30, + content => template('apache/vhost/_itk.erb'), + } + } + + # Template uses: + # - $fallbackresource + if $fallbackresource { + concat::fragment { "${name}-fallbackresource": + target => "${priority_real}${filename}.conf", + order => 40, + content => template('apache/vhost/_fallbackresource.erb'), + } + } + + # Template uses: + # - $allow_encoded_slashes + if $allow_encoded_slashes { + concat::fragment { "${name}-allow_encoded_slashes": + target => "${priority_real}${filename}.conf", + order => 50, + content => template('apache/vhost/_allow_encoded_slashes.erb'), + } + } + + # Template uses: + # - $_directories + # - $docroot + # - $apache_version + # - $suphp_engine + # - $shibboleth_enabled + if $_directories and ! empty($_directories) { + concat::fragment { "${name}-directories": + target => "${priority_real}${filename}.conf", + order => 60, + content => template('apache/vhost/_directories.erb'), + } + } + + # Template uses: + # - $additional_includes + if $additional_includes and ! empty($additional_includes) { + concat::fragment { "${name}-additional_includes": + target => "${priority_real}${filename}.conf", + order => 70, + content => template('apache/vhost/_additional_includes.erb'), + } + } + + # Template uses: + # - $error_log + # - $log_level + # - $error_log_destination + # - $log_level + if $error_log or $log_level { + concat::fragment { "${name}-logging": + target => "${priority_real}${filename}.conf", + order => 80, + content => template('apache/vhost/_logging.erb'), + } + } + + # Template uses no variables + concat::fragment { "${name}-serversignature": + target => "${priority_real}${filename}.conf", + order => 90, + content => template('apache/vhost/_serversignature.erb'), + } + + # Template uses: + # - $access_log + # - $_access_log_env_var + # - $access_log_destination + # - $_access_log_format + # - $_access_log_env_var + # - $access_logs + if $access_log or $access_logs { + concat::fragment { "${name}-access_log": + target => "${priority_real}${filename}.conf", + order => 100, + content => template('apache/vhost/_access_log.erb'), + } + } + + # Template uses: + # - $action + if $action { + concat::fragment { "${name}-action": + target => "${priority_real}${filename}.conf", + order => 110, + content => template('apache/vhost/_action.erb'), + } + } + + # Template uses: + # - $block + # - $apache_version + if $block and ! empty($block) { + concat::fragment { "${name}-block": + target => "${priority_real}${filename}.conf", + order => 120, + content => template('apache/vhost/_block.erb'), + } + } + + # Template uses: + # - $error_documents + if $error_documents and ! empty($error_documents) { + concat::fragment { "${name}-error_document": + target => "${priority_real}${filename}.conf", + order => 130, + content => template('apache/vhost/_error_document.erb'), + } + } + + # Template uses: + # - $proxy_dest + # - $proxy_pass + # - $proxy_preserve_host + # - $no_proxy_uris + if $proxy_dest or $proxy_pass { + concat::fragment { "${name}-proxy": + target => "${priority_real}${filename}.conf", + order => 140, + content => template('apache/vhost/_proxy.erb'), + } + } + + # Template uses: + # - $rack_base_uris + if $rack_base_uris { + concat::fragment { "${name}-rack": + target => "${priority_real}${filename}.conf", + order => 150, + content => template('apache/vhost/_rack.erb'), + } + } + + # Template uses: + # - $redirect_source + # - $redirect_dest + # - $redirect_status + # - $redirect_dest_a + # - $redirect_source_a + # - $redirect_status_a + # - $redirectmatch_status + # - $redirectmatch_regexp + # - $redirectmatch_dest + # - $redirectmatch_status_a + # - $redirectmatch_regexp_a + # - $redirectmatch_dest + if ($redirect_source and $redirect_dest) or ($redirectmatch_status and $redirectmatch_regexp and $redirectmatch_dest) { + concat::fragment { "${name}-redirect": + target => "${priority_real}${filename}.conf", + order => 160, + content => template('apache/vhost/_redirect.erb'), } } + + # Template uses: + # - $rewrites + # - $rewrite_base + # - $rewrite_rule + # - $rewrite_cond + if $rewrites or $rewrite_rule { + concat::fragment { "${name}-rewrite": + target => "${priority_real}${filename}.conf", + order => 170, + content => template('apache/vhost/_rewrite.erb'), + } + } + + # Template uses: + # - $scriptaliases + # - $scriptalias + if $scriptaliases and ! empty($scriptaliases) { + concat::fragment { "${name}-scriptalias": + target => "${priority_real}${filename}.conf", + order => 180, + content => template('apache/vhost/_scriptalias.erb'), + } + } + + # Template uses: + # - $serveraliases + if $serveraliases and ! empty($serveraliases) { + concat::fragment { "${name}-serveralias": + target => "${priority_real}${filename}.conf", + order => 190, + content => template('apache/vhost/_serveralias.erb'), + } + } + + # Template uses: + # - $setenv + # - $setenvif + if ($setenv and ! empty($setenv)) or ($setenvif and ! empty($setenvif)) { + concat::fragment { "${name}-setenv": + target => "${priority_real}${filename}.conf", + order => 200, + content => template('apache/vhost/_setenv.erb'), + } + } + + # Template uses: + # - $ssl + # - $ssl_cert + # - $ssl_key + # - $ssl_chain + # - $ssl_certs_dir + # - $ssl_ca + # - $ssl_crl_path + # - $ssl_crl + # - $ssl_crl_check + # - $ssl_proxyengine + # - $ssl_protocol + # - $ssl_cipher + # - $ssl_honorcipherorder + # - $ssl_verify_client + # - $ssl_verify_depth + # - $ssl_options + # - $apache_version + if $ssl { + concat::fragment { "${name}-ssl": + target => "${priority_real}${filename}.conf", + order => 210, + content => template('apache/vhost/_ssl.erb'), + } + } + + # Template uses: + # - $suphp_engine + # - $suphp_addhandler + # - $suphp_configpath + if $suphp_engine == 'on' { + concat::fragment { "${name}-suphp": + target => "${priority_real}${filename}.conf", + order => 220, + content => template('apache/vhost/_suphp.erb'), + } + } + + # Template uses: + # - $php_values + # - $php_flags + if ($php_values and ! empty($php_values)) or ($php_flags and ! empty($php_flags)) { + concat::fragment { "${name}-php": + target => "${priority_real}${filename}.conf", + order => 220, + content => template('apache/vhost/_php.erb'), + } + } + + # Template uses: + # - $php_admin_values + # - $php_admin_flags + if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) { + concat::fragment { "${name}-php_admin": + target => "${priority_real}${filename}.conf", + order => 230, + content => template('apache/vhost/_php_admin.erb'), + } + } + + # Template uses: + # - $headers + if $headers and ! empty($headers) { + concat::fragment { "${name}-header": + target => "${priority_real}${filename}.conf", + order => 240, + content => template('apache/vhost/_header.erb'), + } + } + + # Template uses: + # - $request_headers + if $request_headers and ! empty($request_headers) { + concat::fragment { "${name}-requestheader": + target => "${priority_real}${filename}.conf", + order => 250, + content => template('apache/vhost/_requestheader.erb'), + } + } + + # Template uses: + # - $wsgi_application_group + # - $wsgi_daemon_process + # - $wsgi_daemon_process_options + # - $wsgi_import_script + # - $wsgi_import_script_options + # - $wsgi_process_group + # - $wsgi_script_aliases + # - $wsgi_pass_authorization + if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { + concat::fragment { "${name}-wsgi": + target => "${priority_real}${filename}.conf", + order => 260, + content => template('apache/vhost/_wsgi.erb'), + } + } + + # Template uses: + # - $custom_fragment + if $custom_fragment { + concat::fragment { "${name}-custom_fragment": + target => "${priority_real}${filename}.conf", + order => 270, + content => template('apache/vhost/_custom_fragment.erb'), + } + } + + # Template uses: + # - $fastcgi_server + # - $fastcgi_socket + # - $fastcgi_dir + # - $apache_version + if $fastcgi_server or $fastcgi_dir { + concat::fragment { "${name}-fastcgi": + target => "${priority_real}${filename}.conf", + order => 280, + content => template('apache/vhost/_fastcgi.erb'), + } + } + + # Template uses: + # - $suexec_user_group + if $suexec_user_group { + concat::fragment { "${name}-suexec": + target => "${priority_real}${filename}.conf", + order => 290, + content => template('apache/vhost/_suexec.erb'), + } + } + + # Template uses: + # - $passenger_app_root + # - $passenger_ruby + # - $passenger_min_instances + # - $passenger_start_timeout + # - $passenger_pre_start + if $passenger_app_root or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_pre_start { + concat::fragment { "${name}-passenger": + target => "${priority_real}${filename}.conf", + order => 300, + content => template('apache/vhost/_passenger.erb'), + } + } + + # Template uses: + # - $add_default_charset + if $add_default_charset { + concat::fragment { "${name}-charsets": + target => "${priority_real}${filename}.conf", + order => 310, + content => template('apache/vhost/_charsets.erb'), + } + } + + # Template uses: + # - $modsec_disable_vhost + # - $modsec_disable_ids + # - $modsec_disable_ips + # - $modsec_body_limit + if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips { + concat::fragment { "${name}-security": + target => "${priority_real}${filename}.conf", + order => 320, + content => template('apache/vhost/_security.erb') + } + } + + # Template uses no variables + concat::fragment { "${name}-file_footer": + target => "${priority_real}${filename}.conf", + order => 999, + content => template('apache/vhost/_file_footer.erb'), + } }
--- a/modules/apache/metadata.json Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/metadata.json Sat Mar 14 20:07:04 2015 +0000 @@ -1,12 +1,12 @@ { "name": "puppetlabs-apache", - "version": "1.1.1", + "version": "1.3.0", "author": "puppetlabs", - "summary": "Puppet module for Apache", - "license": "Apache 2.0", + "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", + "license": "Apache-2.0", "source": "git://github.com/puppetlabs/puppetlabs-apache.git", "project_page": "https://github.com/puppetlabs/puppetlabs-apache", - "issues_url": "https://github.com/puppetlabs/puppetlabs-apache/issues", + "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", "operatingsystem_support": [ { "operatingsystem": "RedHat", @@ -27,7 +27,6 @@ { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ - "5", "6", "7" ] @@ -59,7 +58,7 @@ "requirements": [ { "name": "pe", - "version_requirement": ">= 3.2.0 < 3.4.0" + "version_requirement": "3.x" }, { "name": "puppet", @@ -68,13 +67,7 @@ ], "description": "Module for Apache configuration", "dependencies": [ - { - "name": "puppetlabs/stdlib", - "version_requirement": ">= 2.4.0" - }, - { - "name": "puppetlabs/concat", - "version_requirement": ">= 1.0.0" - } + {"name":"puppetlabs/stdlib","version_requirement":">= 2.4.0"}, + {"name":"puppetlabs/concat","version_requirement":">= 1.1.1"} ] }
--- a/modules/apache/spec/acceptance/apache_parameters_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/apache_parameters_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -11,8 +11,8 @@ end if fact('osfamily') == 'FreeBSD' - describe file("#{confd_dir}/no-accf.conf.erb") do - it { should_not be_file } + describe file("#{$confd_dir}/no-accf.conf.erb") do + it { is_expected.not_to be_file } end end end @@ -24,7 +24,7 @@ if fact('osfamily') == 'FreeBSD' describe file("#{$confd_dir}/no-accf.conf.erb") do - it { should be_file } + it { is_expected.to be_file } end end end @@ -36,8 +36,8 @@ end describe file($ports_file) do - it { should be_file } - it { should contain 'Listen 10.1.1.1' } + it { is_expected.to be_file } + it { is_expected.to contain 'Listen 10.1.1.1' } end end @@ -46,6 +46,7 @@ pp = <<-EOS class { 'apache': service_enable => true, + service_manage => true, service_ensure => running, } EOS @@ -53,8 +54,8 @@ end describe service($service_name) do - it { should be_running } - it { should be_enabled } + it { is_expected.to be_running } + it { is_expected.to be_enabled } end end @@ -70,8 +71,26 @@ end describe service($service_name) do - it { should_not be_running } - it { should_not be_enabled } + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } + end + end + + describe 'service manage => false' do + it 'we dont manage the service, so it shouldnt start the service' do + pp = <<-EOS + class { 'apache': + service_enable => true, + service_manage => false, + service_ensure => true, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service($service_name) do + it { is_expected.not_to be_running } + it { is_expected.not_to be_enabled } end end @@ -79,17 +98,22 @@ it 'applies cleanly' do pp = <<-EOS class { 'apache': - purge_configs => false, - purge_vdir => false, + purge_configs => false, + purge_vhost_dir => false, + vhost_dir => "#{$confd_dir}.vhosts" } EOS shell("touch #{$confd_dir}/test.conf") + shell("mkdir -p #{$confd_dir}.vhosts && touch #{$confd_dir}.vhosts/test.conf") apply_manifest(pp, :catch_failures => true) end - # Ensure the file didn't disappear. + # Ensure the files didn't disappear. describe file("#{$confd_dir}/test.conf") do - it { should be_file } + it { is_expected.to be_file } + end + describe file("#{$confd_dir}.vhosts/test.conf") do + it { is_expected.to be_file } end end @@ -98,17 +122,22 @@ it 'applies cleanly' do pp = <<-EOS class { 'apache': - purge_configs => true, - purge_vdir => true, + purge_configs => true, + purge_vhost_dir => true, + vhost_dir => "#{$confd_dir}.vhosts" } EOS shell("touch #{$confd_dir}/test.conf") + shell("mkdir -p #{$confd_dir}.vhosts && touch #{$confd_dir}.vhosts/test.conf") apply_manifest(pp, :catch_failures => true) end # File should be gone describe file("#{$confd_dir}/test.conf") do - it { should_not be_file } + it { is_expected.not_to be_file } + end + describe file("#{$confd_dir}.vhosts/test.conf") do + it { is_expected.not_to be_file } end end end @@ -120,8 +149,8 @@ end describe file($vhost) do - it { should be_file } - it { should contain 'ServerAdmin test@example.com' } + it { is_expected.to be_file } + it { is_expected.to contain 'ServerAdmin test@example.com' } end end @@ -134,8 +163,8 @@ end describe file($conf_file) do - it { should be_file } - it { should contain 'EnableSendfile On' } + it { is_expected.to be_file } + it { is_expected.to contain 'EnableSendfile On' } end describe 'setup' do @@ -146,8 +175,8 @@ end describe file($conf_file) do - it { should be_file } - it { should contain 'Sendfile Off' } + it { is_expected.to be_file } + it { is_expected.to contain 'Sendfile Off' } end end @@ -160,8 +189,8 @@ end describe file($conf_file) do - it { should be_file } - it { should contain 'Alias /error/' } + it { is_expected.to be_file } + it { is_expected.to contain 'Alias /error/' } end end @@ -174,8 +203,8 @@ end describe file($conf_file) do - it { should be_file } - it { should contain 'Timeout 1234' } + it { is_expected.to be_file } + it { is_expected.to contain 'Timeout 1234' } end end @@ -190,9 +219,9 @@ end end - describe file("#{$confd_dir}/mime.conf") do - it { should be_file } - it { should contain 'AddLanguage eo .eo' } + describe file("#{$mod_dir}/mime.conf") do + it { is_expected.to be_file } + it { is_expected.to contain 'AddLanguage eo .eo' } end end @@ -205,28 +234,28 @@ end describe file($conf_file) do - it { should be_file } - it { should contain 'ServerRoot "/tmp/root"' } + it { is_expected.to be_file } + it { is_expected.to contain 'ServerRoot "/tmp/root"' } end end describe 'confd_dir' do describe 'setup' do it 'applies cleanly' do - pp = "class { 'apache': confd_dir => '/tmp/root', service_ensure => stopped }" + pp = "class { 'apache': confd_dir => '/tmp/root', service_ensure => stopped, use_optional_includes => true }" apply_manifest(pp, :catch_failures => true) end end - if $apache_version >= 2.4 + if $apache_version == '2.4' describe file($conf_file) do - it { should be_file } - it { should contain 'IncludeOptional "/tmp/root/*.conf"' } + it { is_expected.to be_file } + it { is_expected.to contain 'IncludeOptional "/tmp/root/*.conf"' } end else describe file($conf_file) do - it { should be_file } - it { should contain 'Include "/tmp/root/*.conf"' } + it { is_expected.to be_file } + it { is_expected.to contain 'Include "/tmp/root/*.conf"' } end end end @@ -242,8 +271,8 @@ end describe file($conf_file) do - it { should be_file } - it { should contain 'testcontent' } + it { is_expected.to be_file } + it { is_expected.to contain 'testcontent' } end end @@ -256,8 +285,8 @@ end describe file($conf_file) do - it { should be_file } - it { should contain 'ServerName "test.server"' } + it { is_expected.to be_file } + it { is_expected.to contain 'ServerName "test.server"' } end end @@ -277,12 +306,12 @@ end describe user('testweb') do - it { should exist } - it { should belong_to_group 'testweb' } + it { is_expected.to exist } + it { is_expected.to belong_to_group 'testweb' } end describe group('testweb') do - it { should exist } + it { is_expected.to exist } end end @@ -302,9 +331,9 @@ end describe file($conf_file) do - it { should be_file } - it { should contain 'LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common' } - it { should contain 'LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined' } + it { is_expected.to be_file } + it { is_expected.to contain 'LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common' } + it { is_expected.to contain 'LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined' } end end @@ -318,10 +347,10 @@ end describe file($conf_file) do - it { should be_file } - it { should contain 'KeepAlive On' } - it { should contain 'KeepAliveTimeout 30' } - it { should contain 'MaxKeepAliveRequests 200' } + it { is_expected.to be_file } + it { is_expected.to contain 'KeepAlive On' } + it { is_expected.to contain 'KeepAliveTimeout 30' } + it { is_expected.to contain 'MaxKeepAliveRequests 200' } end end @@ -329,7 +358,7 @@ describe 'setup' do it 'applies cleanly' do pp = <<-EOS - if $::osfamily == 'RedHat' and $::selinux == 'true' { + if $::osfamily == 'RedHat' and $::selinux { $semanage_package = $::operatingsystemmajrelease ? { '5' => 'policycoreutils', default => 'policycoreutils-python', @@ -356,7 +385,7 @@ end describe file("/apache_spec/#{$error_log}") do - it { should be_file } + it { is_expected.to be_file } end end @@ -374,8 +403,8 @@ end describe file('/apache_spec/ports_file') do - it { should be_file } - it { should contain 'Listen 10.1.1.1' } + it { is_expected.to be_file } + it { is_expected.to contain 'Listen 10.1.1.1' } end end @@ -390,8 +419,8 @@ end describe file($conf_file) do - it { should be_file } - it { should contain 'ServerTokens Minor' } + it { is_expected.to be_file } + it { is_expected.to contain 'ServerTokens Minor' } end end @@ -407,8 +436,8 @@ end describe file($conf_file) do - it { should be_file } - it { should contain 'ServerSignature testsig' } + it { is_expected.to be_file } + it { is_expected.to contain 'ServerSignature testsig' } end end @@ -423,8 +452,8 @@ end describe file($conf_file) do - it { should be_file } - it { should contain 'TraceEnable Off' } + it { is_expected.to be_file } + it { is_expected.to contain 'TraceEnable Off' } end end @@ -439,7 +468,7 @@ end describe package($package_name) do - it { should be_installed } + it { is_expected.to be_installed } end end
--- a/modules/apache/spec/acceptance/apache_ssl_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/apache_ssl_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,4 +1,5 @@ require 'spec_helper_acceptance' +require_relative './version.rb' case fact('osfamily') when 'RedHat' @@ -13,27 +14,33 @@ it 'runs without error' do pp = <<-EOS class { 'apache': - service_ensure => stopped, - default_ssl_vhost => true, - default_ssl_cert => '/tmp/ssl_cert', - default_ssl_key => '/tmp/ssl_key', - default_ssl_chain => '/tmp/ssl_chain', - default_ssl_ca => '/tmp/ssl_ca', - default_ssl_crl_path => '/tmp/ssl_crl_path', - default_ssl_crl => '/tmp/ssl_crl', + service_ensure => stopped, + default_ssl_vhost => true, + default_ssl_cert => '/tmp/ssl_cert', + default_ssl_key => '/tmp/ssl_key', + default_ssl_chain => '/tmp/ssl_chain', + default_ssl_ca => '/tmp/ssl_ca', + default_ssl_crl_path => '/tmp/ssl_crl_path', + default_ssl_crl => '/tmp/ssl_crl', + default_ssl_crl_check => 'chain', } EOS apply_manifest(pp, :catch_failures => true) end describe file("#{vhostd}/15-default-ssl.conf") do - it { should be_file } - it { should contain 'SSLCertificateFile "/tmp/ssl_cert"' } - it { should contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } - it { should contain 'SSLCertificateChainFile "/tmp/ssl_chain"' } - it { should contain 'SSLCACertificateFile "/tmp/ssl_ca"' } - it { should contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } - it { should contain 'SSLCARevocationFile "/tmp/ssl_crl"' } + it { is_expected.to be_file } + it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } + it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } + it { is_expected.to contain 'SSLCertificateChainFile "/tmp/ssl_chain"' } + it { is_expected.to contain 'SSLCACertificateFile "/tmp/ssl_ca"' } + it { is_expected.to contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } + it { is_expected.to contain 'SSLCARevocationFile "/tmp/ssl_crl"' } + if $apache_version == '2.4' + it { is_expected.to contain 'SSLCARevocationCheck "chain"' } + else + it { is_expected.not_to contain 'SSLCARevocationCheck' } + end end end @@ -53,6 +60,7 @@ ssl_ca => '/tmp/ssl_ca', ssl_crl_path => '/tmp/ssl_crl_path', ssl_crl => '/tmp/ssl_crl', + ssl_crl_check => 'chain', ssl_certs_dir => '/tmp', ssl_protocol => 'test', ssl_cipher => 'test', @@ -67,20 +75,25 @@ end describe file("#{vhostd}/25-test_ssl.conf") do - it { should be_file } - it { should contain 'SSLCertificateFile "/tmp/ssl_cert"' } - it { should contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } - it { should contain 'SSLCertificateChainFile "/tmp/ssl_chain"' } - it { should contain 'SSLCACertificateFile "/tmp/ssl_ca"' } - it { should contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } - it { should contain 'SSLCARevocationFile "/tmp/ssl_crl"' } - it { should contain 'SSLProxyEngine On' } - it { should contain 'SSLProtocol test' } - it { should contain 'SSLCipherSuite test' } - it { should contain 'SSLHonorCipherOrder test' } - it { should contain 'SSLVerifyClient test' } - it { should contain 'SSLVerifyDepth test' } - it { should contain 'SSLOptions test test1' } + it { is_expected.to be_file } + it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } + it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } + it { is_expected.to contain 'SSLCertificateChainFile "/tmp/ssl_chain"' } + it { is_expected.to contain 'SSLCACertificateFile "/tmp/ssl_ca"' } + it { is_expected.to contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } + it { is_expected.to contain 'SSLCARevocationFile "/tmp/ssl_crl"' } + it { is_expected.to contain 'SSLProxyEngine On' } + it { is_expected.to contain 'SSLProtocol test' } + it { is_expected.to contain 'SSLCipherSuite test' } + it { is_expected.to contain 'SSLHonorCipherOrder test' } + it { is_expected.to contain 'SSLVerifyClient test' } + it { is_expected.to contain 'SSLVerifyDepth test' } + it { is_expected.to contain 'SSLOptions test test1' } + if $apache_version == '2.4' + it { is_expected.to contain 'SSLCARevocationCheck "chain"' } + else + it { is_expected.not_to contain 'SSLCARevocationCheck' } + end end end
--- a/modules/apache/spec/acceptance/class_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/class_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -9,8 +9,8 @@ package_name = 'apache2' service_name = 'apache2' when 'FreeBSD' - package_name = 'apache22' - service_name = 'apache22' + package_name = 'apache24' + service_name = 'apache24' end context 'default parameters' do @@ -25,12 +25,16 @@ end describe package(package_name) do - it { should be_installed } + it { is_expected.to be_installed } end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe port(80) do + it { should be_listening } end end @@ -38,7 +42,7 @@ # Using puppet_apply as a helper it 'should work with no errors' do pp = <<-EOS - if $::osfamily == 'RedHat' and $::selinux == 'true' { + if $::osfamily == 'RedHat' and $::selinux { $semanage_package = $::operatingsystemmajrelease ? { '5' => 'policycoreutils', default => 'policycoreutils-python', @@ -74,8 +78,8 @@ end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end end end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/acceptance/custom_config_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,55 @@ +require 'spec_helper_acceptance' +require_relative './version.rb' + +describe 'apache::custom_config define', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do + context 'invalid config' do + it 'should not add the config' do + pp = <<-EOS + class { 'apache': } + apache::custom_config { 'acceptance_test': + content => 'INVALID', + } + EOS + + apply_manifest(pp, :expect_failures => true) + end + + describe file("#{$confd_dir}/25-acceptance_test.conf") do + it { is_expected.not_to be_file } + end + end + + context 'valid config' do + it 'should add the config' do + pp = <<-EOS + class { 'apache': } + apache::custom_config { 'acceptance_test': + content => '# just a comment', + } + EOS + + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$confd_dir}/25-acceptance_test.conf") do + it { is_expected.to contain '# just a comment' } + end + end + + describe 'custom_config without priority prefix' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + apache::custom_config { 'prefix_test': + priority => false, + content => '# just a comment', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$confd_dir}/prefix_test.conf") do + it { is_expected.to be_file } + end + end +end
--- a/modules/apache/spec/acceptance/default_mods_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/default_mods_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -2,11 +2,14 @@ case fact('osfamily') when 'RedHat' + mod_dir = '/etc/httpd/conf.d' servicename = 'httpd' when 'Debian' + mod_dir = '/etc/apache2/mods-available' servicename = 'apache2' when 'FreeBSD' - servicename = 'apache22' + mod_dir = '/usr/local/etc/apache24/Modules' + servicename = 'apache24' end describe 'apache::default_mods class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do @@ -25,7 +28,7 @@ end describe service(servicename) do - it { should be_running } + it { is_expected.to be_running } end end @@ -51,7 +54,7 @@ # Are these the same? describe service(servicename) do - it { should_not be_running } + it { is_expected.not_to be_running } end describe "service #{servicename}" do it 'should not be running' do @@ -89,7 +92,29 @@ end describe service(servicename) do - it { should be_running } + it { is_expected.to be_running } + end + end + + describe 'change loadfile name' do + it 'should apply with no errors' do + pp = <<-EOS + class { 'apache': default_mods => false } + ::apache::mod { 'auth_basic': + loadfile_name => 'zz_auth_basic.load', + } + EOS + # Run it twice and test for idempotency + apply_manifest(pp, :catch_failures => true) + expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero + end + + describe service(servicename) do + it { is_expected.to be_running } + end + + describe file("#{mod_dir}/zz_auth_basic.load") do + it { is_expected.to be_file } end end end
--- a/modules/apache/spec/acceptance/itk_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/itk_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -4,7 +4,7 @@ when 'Debian' service_name = 'apache2' when 'FreeBSD' - service_name = 'apache22' + service_name = 'apache24' else # Not implemented yet service_name = :skip @@ -27,7 +27,7 @@ end describe service(service_name) do - it { should be_running } - it { should be_enabled } + it { is_expected.to be_running } + it { is_expected.to be_enabled } end end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/acceptance/mod_dav_svn_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,62 @@ +require 'spec_helper_acceptance' + +describe 'apache::mod::dav_svn class', :unless => (fact('operatingsystem') == 'OracleLinux' and fact('operatingsystemmajrelease') == '7') do + case fact('osfamily') + when 'Debian' + mod_dir = '/etc/apache2/mods-available' + service_name = 'apache2' + if fact('operatingsystemmajrelease') == '6' or fact('operatingsystemmajrelease') == '10.04' or fact('operatingsystemrelease') == '10.04' + authz_svn_load_file = 'dav_svn_authz_svn.load' + else + authz_svn_load_file = 'authz_svn.load' + end + when 'RedHat' + mod_dir = '/etc/httpd/conf.d' + service_name = 'httpd' + authz_svn_load_file = 'dav_svn_authz_svn.load' + when 'FreeBSD' + mod_dir = '/usr/local/etc/apache24/Modules' + service_name = 'apache24' + authz_svn_load_file = 'dav_svn_authz_svn.load' + end + + context "default dav_svn config" do + it 'succeeds in puppeting dav_svn' do + pp= <<-EOS + class { 'apache': } + include apache::mod::dav_svn + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe file("#{mod_dir}/dav_svn.load") do + it { is_expected.to contain "LoadModule dav_svn_module" } + end + end + + context "dav_svn with enabled authz_svn config" do + it 'succeeds in puppeting dav_svn' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::dav_svn': + authz_svn_enabled => true, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe file("#{mod_dir}/#{authz_svn_load_file}") do + it { is_expected.to contain "LoadModule authz_svn_module" } + end + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/acceptance/mod_deflate_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,40 @@ +require 'spec_helper_acceptance' + +describe 'apache::mod::deflate class' do + case fact('osfamily') + when 'Debian' + mod_dir = '/etc/apache2/mods-available' + service_name = 'apache2' + when 'RedHat' + mod_dir = '/etc/httpd/conf.d' + service_name = 'httpd' + when 'FreeBSD' + mod_dir = '/usr/local/etc/apache24/Modules' + service_name = 'apache24' + end + + context "default deflate config" do + it 'succeeds in puppeting deflate' do + pp= <<-EOS + class { 'apache': } + include apache::mod::deflate + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe file("#{mod_dir}/deflate.conf") do + it { is_expected.to contain "AddOutputFilterByType DEFLATE text/html text/plain text/xml" } + it { is_expected.to contain "AddOutputFilterByType DEFLATE text/css" } + it { is_expected.to contain "AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript" } + it { is_expected.to contain "AddOutputFilterByType DEFLATE application/rss+xml" } + it { is_expected.to contain "DeflateFilterNote Input instream" } + it { is_expected.to contain "DeflateFilterNote Output outstream" } + it { is_expected.to contain "DeflateFilterNote Ratio ratio" } + end + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/acceptance/mod_fcgid_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,57 @@ +require 'spec_helper_acceptance' + +describe 'apache::mod::fcgid class', :unless => (UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) or (fact('operatingsystem') == 'OracleLinux' and fact('operatingsystemmajrelease') == '7')) do + context "default fcgid config", :if => (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') != '5') do + it 'succeeds in puppeting fcgid' do + pp = <<-EOS + class { 'epel': } # mod_fcgid lives in epel + class { 'apache': } + class { 'apache::mod::php': } # For /usr/bin/php-cgi + class { 'apache::mod::fcgid': + options => { + 'FcgidIPCDir' => '/var/run/fcgidsock', + }, + } + apache::vhost { 'fcgid.example.com': + port => '80', + docroot => '/var/www/fcgid', + directories => { + path => '/var/www/fcgid', + options => '+ExecCGI', + addhandlers => { + handler => 'fcgid-script', + extensions => '.php', + }, + fcgiwrapper => { + command => '/usr/bin/php-cgi', + suffix => '.php', + } + }, + } + file { '/var/www/fcgid/index.php': + ensure => file, + owner => 'root', + group => 'root', + content => "<?php echo 'Hello world'; ?>\\n", + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service('httpd') do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + it 'should answer to fcgid.example.com' do + shell("/usr/bin/curl -H 'Host: fcgid.example.com' 127.0.0.1:80") do |r| + expect(r.stdout).to match(/^Hello world$/) + expect(r.exit_code).to eq(0) + end + end + + it 'should run a php-cgi process' do + shell("pgrep -u apache php-cgi", :acceptable_exit_codes => [0]) + end + end +end
--- a/modules/apache/spec/acceptance/mod_mime_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/mod_mime_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -9,8 +9,8 @@ mod_dir = '/etc/httpd/conf.d' service_name = 'httpd' when 'FreeBSD' - mod_dir = '/usr/local/etc/apache22/Modules' - service_name = 'apache22' + mod_dir = '/usr/local/etc/apache24/Modules' + service_name = 'apache24' end context "default mime config" do @@ -23,12 +23,12 @@ end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end describe file("#{mod_dir}/mime.conf") do - it { should contain "AddType application/x-compress .Z" } + it { is_expected.to contain "AddType application/x-compress .Z" } end end end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/acceptance/mod_negotiation_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,80 @@ +require 'spec_helper_acceptance' + +describe 'apache::mod::negotiation class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do + case fact('osfamily') + when 'Debian' + vhost_dir = '/etc/apache2/sites-enabled' + mod_dir = '/etc/apache2/mods-available' + service_name = 'apache2' + when 'RedHat' + vhost_dir = '/etc/httpd/conf.d' + mod_dir = '/etc/httpd/conf.d' + service_name = 'httpd' + when 'FreeBSD' + vhost_dir = '/usr/local/etc/apache24/Vhosts' + mod_dir = '/usr/local/etc/apache24/Modules' + service_name = 'apache24' + end + + context "default negotiation config" do + it 'succeeds in puppeting negotiation' do + pp= <<-EOS + class { '::apache': default_mods => false } + class { '::apache::mod::negotiation': } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{mod_dir}/negotiation.conf") do + it { should contain "LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW +ForceLanguagePriority Prefer Fallback" } + end + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end + end + + context "with alternative force_language_priority" do + it 'succeeds in puppeting negotiation' do + pp= <<-EOS + class { '::apache': default_mods => false } + class { '::apache::mod::negotiation': + force_language_priority => 'Prefer', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{mod_dir}/negotiation.conf") do + it { should contain "ForceLanguagePriority Prefer" } + end + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end + end + + context "with alternative language_priority" do + it 'succeeds in puppeting negotiation' do + pp= <<-EOS + class { '::apache': default_mods => false } + class { '::apache::mod::negotiation': + language_priority => [ 'en', 'es' ], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{mod_dir}/negotiation.conf") do + it { should contain "LanguagePriority en es" } + end + + describe service(service_name) do + it { should be_enabled } + it { should be_running } + end + end +end
--- a/modules/apache/spec/acceptance/mod_pagespeed_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/mod_pagespeed_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -11,9 +11,9 @@ mod_dir = '/etc/httpd/conf.d' service_name = 'httpd' when 'FreeBSD' - vhost_dir = '/usr/local/etc/apache22/Vhosts' - mod_dir = '/usr/local/etc/apache22/Modules' - service_name = 'apache22' + vhost_dir = '/usr/local/etc/apache24/Vhosts' + mod_dir = '/usr/local/etc/apache24/Modules' + service_name = 'apache24' end context "default pagespeed config" do @@ -63,22 +63,22 @@ end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end describe file("#{mod_dir}/pagespeed.conf") do - it { should contain "AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html" } - it { should contain "ModPagespeedEnableFilters remove_comments" } - it { should contain "ModPagespeedDisableFilters extend_cache" } - it { should contain "ModPagespeedForbidFilters rewrite_javascript" } + it { is_expected.to contain "AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html" } + it { is_expected.to contain "ModPagespeedEnableFilters remove_comments" } + it { is_expected.to contain "ModPagespeedDisableFilters extend_cache" } + it { is_expected.to contain "ModPagespeedForbidFilters rewrite_javascript" } end it 'should answer to pagespeed.example.com and include <head/> and be stripped of comments by mod_pagespeed' do shell("/usr/bin/curl pagespeed.example.com:80") do |r| - r.stdout.should =~ /<head\/>/ - r.stdout.should_not =~ /<!-- comment -->/ - r.exit_code.should == 0 + expect(r.stdout).to match(/<head\/>/) + expect(r.stdout).not_to match(/<!-- comment -->/) + expect(r.exit_code).to eq(0) end end end
--- a/modules/apache/spec/acceptance/mod_passenger_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/mod_passenger_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -5,10 +5,43 @@ when 'Debian' service_name = 'apache2' mod_dir = '/etc/apache2/mods-available/' - conf_file = "#{mod_dir}passenger_extra.conf" + conf_file = "#{mod_dir}passenger.conf" load_file = "#{mod_dir}passenger.load" - passenger_root = '/usr' - passenger_ruby = '/usr/bin/ruby' + + case fact('operatingsystem') + when 'Ubuntu' + case fact('lsbdistrelease') + when '10.04' + passenger_root = '/usr' + passenger_ruby = '/usr/bin/ruby' + when '12.04' + passenger_root = '/usr' + passenger_ruby = '/usr/bin/ruby' + when '14.04' + passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' + passenger_ruby = '/usr/bin/ruby' + passenger_default_ruby = '/usr/bin/ruby' + else + # This may or may not work on Ubuntu releases other than the above + passenger_root = '/usr' + passenger_ruby = '/usr/bin/ruby' + end + when 'Debian' + case fact('lsbdistcodename') + when 'wheezy' + passenger_root = '/usr' + passenger_ruby = '/usr/bin/ruby' + when 'jessie' + passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' + passenger_ruby = '/usr/bin/ruby' + passenger_default_ruby = '/usr/bin/ruby' + else + # This may or may not work on Debian releases other than the above + passenger_root = '/usr' + passenger_ruby = '/usr/bin/ruby' + end + end + passenger_module_path = '/usr/lib/apache2/modules/mod_passenger.so' rackapp_user = 'www-data' rackapp_group = 'www-data' @@ -66,29 +99,65 @@ end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end describe file(conf_file) do - # passenger_extra.conf only contains directives if overridden from the class params - it { should_not contain "PassengerRoot \"#{passenger_root}\"" } - it { should_not contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.to contain "PassengerRoot \"#{passenger_root}\"" } + + case fact('operatingsystem') + when 'Ubuntu' + case fact('lsbdistrelease') + when '10.04' + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } + when '12.04' + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } + when '14.04' + it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerRuby/" } + else + # This may or may not work on Ubuntu releases other than the above + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } + end + when 'Debian' + case fact('lsbdistcodename') + when 'wheezy' + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } + when 'jessie' + it { is_expected.to contain "PassengerDefaultRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerRuby/" } + else + # This may or may not work on Debian releases other than the above + it { is_expected.to contain "PassengerRuby \"#{passenger_ruby}\"" } + it { is_expected.not_to contain "/PassengerDefaultRuby/" } + end + end end describe file(load_file) do - it { should contain "LoadModule passenger_module #{passenger_module_path}" } + it { is_expected.to contain "LoadModule passenger_module #{passenger_module_path}" } end it 'should output status via passenger-memory-stats' do - shell("/usr/sbin/passenger-memory-stats") do |r| - r.stdout.should =~ /Apache processes/ - r.stdout.should =~ /Nginx processes/ - r.stdout.should =~ /Passenger processes/ - r.stdout.should =~ /### Processes: [0-9]+/ - r.stdout.should =~ /### Total private dirty RSS: [0-9\.]+ MB/ + shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-memory-stats") do |r| + expect(r.stdout).to match(/Apache processes/) + expect(r.stdout).to match(/Nginx processes/) + expect(r.stdout).to match(/Passenger processes/) - r.exit_code.should == 0 + # passenger-memory-stats output on newer Debian/Ubuntu verions do not contain + # these two lines + unless ((fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04') or + (fact('operatingsystem') == 'Debian' && fact('operatingsystemrelease') == '8.0')) + expect(r.stdout).to match(/### Processes: [0-9]+/) + expect(r.stdout).to match(/### Total private dirty RSS: [0-9\.]+ MB/) + end + + expect(r.exit_code).to eq(0) end end @@ -97,30 +166,30 @@ unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '12.04' it 'should output status via passenger-status' do # xml output not available on ubunutu <= 10.04, so sticking with default pool output - shell("/usr/sbin/passenger-status") do |r| + shell("PATH=/usr/bin:$PATH /usr/sbin/passenger-status") do |r| # spacing may vary - r.stdout.should =~ /[\-]+ General information [\-]+/ + expect(r.stdout).to match(/[\-]+ General information [\-]+/) if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' - r.stdout.should =~ /Max pool size[ ]+: [0-9]+/ - r.stdout.should =~ /Processes[ ]+: [0-9]+/ - r.stdout.should =~ /Requests in top-level queue[ ]+: [0-9]+/ + expect(r.stdout).to match(/Max pool size[ ]+: [0-9]+/) + expect(r.stdout).to match(/Processes[ ]+: [0-9]+/) + expect(r.stdout).to match(/Requests in top-level queue[ ]+: [0-9]+/) else - r.stdout.should =~ /max[ ]+= [0-9]+/ - r.stdout.should =~ /count[ ]+= [0-9]+/ - r.stdout.should =~ /active[ ]+= [0-9]+/ - r.stdout.should =~ /inactive[ ]+= [0-9]+/ - r.stdout.should =~ /Waiting on global queue: [0-9]+/ + expect(r.stdout).to match(/max[ ]+= [0-9]+/) + expect(r.stdout).to match(/count[ ]+= [0-9]+/) + expect(r.stdout).to match(/active[ ]+= [0-9]+/) + expect(r.stdout).to match(/inactive[ ]+= [0-9]+/) + expect(r.stdout).to match(/Waiting on global queue: [0-9]+/) end - r.exit_code.should == 0 + expect(r.exit_code).to eq(0) end end end it 'should answer to passenger.example.com' do shell("/usr/bin/curl passenger.example.com:80") do |r| - r.stdout.should =~ /^hello <b>world<\/b>$/ - r.exit_code.should == 0 + expect(r.stdout).to match(/^hello <b>world<\/b>$/) + expect(r.exit_code).to eq(0) end end @@ -130,7 +199,7 @@ # no fedora 18 passenger package yet, and rhel5 packages only exist for ruby 1.8.5 unless (fact('operatingsystem') == 'Fedora' and fact('operatingsystemrelease').to_f >= 18) or (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '5' and fact('rubyversion') != '1.8.5') - if fact('operatingsystem') == 'RedHat' and fact('operatingsystemmajrelease') == '7' + if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7' pending('test passenger - RHEL7 packages don\'t exist') else context "default passenger config" do @@ -186,29 +255,29 @@ end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end describe file(conf_file) do - it { should contain "PassengerRoot #{passenger_root}" } - it { should contain "PassengerRuby #{passenger_ruby}" } - it { should contain "PassengerTempDir #{passenger_tempdir}" } + it { is_expected.to contain "PassengerRoot #{passenger_root}" } + it { is_expected.to contain "PassengerRuby #{passenger_ruby}" } + it { is_expected.to contain "PassengerTempDir #{passenger_tempdir}" } end describe file(load_file) do - it { should contain "LoadModule passenger_module #{passenger_module_path}" } + it { is_expected.to contain "LoadModule passenger_module #{passenger_module_path}" } end it 'should output status via passenger-memory-stats' do - shell("/usr/bin/passenger-memory-stats") do |r| - r.stdout.should =~ /Apache processes/ - r.stdout.should =~ /Nginx processes/ - r.stdout.should =~ /Passenger processes/ - r.stdout.should =~ /### Processes: [0-9]+/ - r.stdout.should =~ /### Total private dirty RSS: [0-9\.]+ MB/ + shell("/usr/bin/passenger-memory-stats", :pty => true) do |r| + expect(r.stdout).to match(/Apache processes/) + expect(r.stdout).to match(/Nginx processes/) + expect(r.stdout).to match(/Passenger processes/) + expect(r.stdout).to match(/### Processes: [0-9]+/) + expect(r.stdout).to match(/### Total private dirty RSS: [0-9\.]+ MB/) - r.exit_code.should == 0 + expect(r.exit_code).to eq(0) end end
--- a/modules/apache/spec/acceptance/mod_php_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/mod_php_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -11,9 +11,9 @@ mod_dir = '/etc/httpd/conf.d' service_name = 'httpd' when 'FreeBSD' - vhost_dir = '/usr/local/etc/apache22/Vhosts' - mod_dir = '/usr/local/etc/apache22/Modules' - service_name = 'apache22' + vhost_dir = '/usr/local/etc/apache24/Vhosts' + mod_dir = '/usr/local/etc/apache24/Modules' + service_name = 'apache24' end context "default php config" do @@ -37,23 +37,23 @@ end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end describe file("#{mod_dir}/php5.conf") do - it { should contain "DirectoryIndex index.php" } + it { is_expected.to contain "DirectoryIndex index.php" } end it 'should answer to php.example.com' do shell("/usr/bin/curl php.example.com:80") do |r| - r.stdout.should =~ /PHP Version/ - r.exit_code.should == 0 + expect(r.stdout).to match(/PHP Version/) + expect(r.exit_code).to eq(0) end end end - context "custom extensions, php_admin_flag, and php_admin_value" do + context "custom extensions, php_flag, php_value, php_admin_flag, and php_admin_value" do it 'succeeds in puppeting php' do pp= <<-EOS class { 'apache': @@ -65,6 +65,8 @@ apache::vhost { 'php.example.com': port => '80', docroot => '/var/www/php', + php_values => { 'include_path' => '.:/usr/share/pear:/usr/bin/php', }, + php_flags => { 'display_errors' => 'on', }, php_admin_values => { 'open_basedir' => '/var/www/php/:/usr/share/pear/', }, php_admin_flags => { 'engine' => 'on', }, } @@ -78,20 +80,60 @@ end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end describe file("#{vhost_dir}/25-php.example.com.conf") do - it { should contain " php_admin_flag engine on" } - it { should contain " php_admin_value open_basedir /var/www/php/:/usr/share/pear/" } + it { is_expected.to contain " php_flag display_errors on" } + it { is_expected.to contain " php_value include_path .:/usr/share/pear:/usr/bin/php" } + it { is_expected.to contain " php_admin_flag engine on" } + it { is_expected.to contain " php_admin_value open_basedir /var/www/php/:/usr/share/pear/" } end it 'should answer to php.example.com' do shell("/usr/bin/curl php.example.com:80") do |r| - r.stdout.should =~ /\/usr\/share\/pear\// - r.exit_code.should == 0 + expect(r.stdout).to match(/\/usr\/share\/pear\//) + expect(r.exit_code).to eq(0) end end end + + context "provide custom config file" do + it 'succeeds in puppeting php' do + pp= <<-EOS + class {'apache': + mpm_module => 'prefork', + } + class {'apache::mod::php': + content => '# somecontent', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{mod_dir}/php5.conf") do + it { should contain "# somecontent" } + end + end + + context "provide content and template config file" do + it 'succeeds in puppeting php' do + pp= <<-EOS + class {'apache': + mpm_module => 'prefork', + } + class {'apache::mod::php': + content => '# somecontent', + template => 'apache/mod/php5.conf.erb', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{mod_dir}/php5.conf") do + it { should contain "# somecontent" } + end + end + end
--- a/modules/apache/spec/acceptance/mod_proxy_html_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/mod_proxy_html_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -7,7 +7,7 @@ when 'RedHat' service_name = 'httpd' when 'FreeBSD' - service_name = 'apache22' + service_name = 'apache24' end context "default proxy_html config" do @@ -32,8 +32,8 @@ end describe service(service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end end end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/acceptance/mod_security_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,228 @@ +require 'spec_helper_acceptance' + +describe 'apache::mod::security class', :unless => (UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) or (fact('osfamily') == 'Debian' and (fact('lsbdistcodename') == 'squeeze' or fact('lsbdistcodename') == 'lucid' or fact('lsbdistcodename') == 'precise'))) do + case fact('osfamily') + when 'Debian' + mod_dir = '/etc/apache2/mods-available' + service_name = 'apache2' + package_name = 'apache2' + when 'RedHat' + mod_dir = '/etc/httpd/conf.d' + service_name = 'httpd' + package_name = 'httpd' + end + + context "default mod_security config" do + if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') =~ /(5|6)/ + it 'adds epel' do + pp = "class { 'epel': }" + apply_manifest(pp, :catch_failures => true) + end + end + + it 'succeeds in puppeting mod_security' do + pp= <<-EOS + host { 'modsec.example.com': ip => '127.0.0.1', } + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + } + file { '/var/www/html/index.html': + ensure => file, + content => 'Index page', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe package(package_name) do + it { is_expected.to be_installed } + end + + describe file("#{mod_dir}/security.conf") do + it { is_expected.to contain "mod_security2.c" } + end + + it 'should return index page' do + shell('/usr/bin/curl -A beaker modsec.example.com:80') do |r| + expect(r.stdout).to match(/Index page/) + expect(r.exit_code).to eq(0) + end + end + + it 'should block query with SQL' do + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end + + end #default mod_security config + + context "mod_security should allow disabling by vhost" do + it 'succeeds in puppeting mod_security' do + pp= <<-EOS + host { 'modsec.example.com': ip => '127.0.0.1', } + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + } + file { '/var/www/html/index.html': + ensure => file, + content => 'Index page', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe file("#{mod_dir}/security.conf") do + it { is_expected.to contain "mod_security2.c" } + end + + it 'should block query with SQL' do + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end + + it 'should disable mod_security per vhost' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + modsec_disable_vhost => true, + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + it 'should return index page' do + shell('/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r| + expect(r.stdout).to match(/Index page/) + expect(r.exit_code).to eq(0) + end + end + end #mod_security should allow disabling by vhost + + context "mod_security should allow disabling by ip" do + it 'succeeds in puppeting mod_security' do + pp= <<-EOS + host { 'modsec.example.com': ip => '127.0.0.1', } + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + } + file { '/var/www/html/index.html': + ensure => file, + content => 'Index page', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe file("#{mod_dir}/security.conf") do + it { is_expected.to contain "mod_security2.c" } + end + + it 'should block query with SQL' do + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end + + it 'should disable mod_security per vhost' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + modsec_disable_ips => [ '127.0.0.1' ], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + it 'should return index page' do + shell('/usr/bin/curl -A beaker modsec.example.com:80') do |r| + expect(r.stdout).to match(/Index page/) + expect(r.exit_code).to eq(0) + end + end + end #mod_security should allow disabling by ip + + context "mod_security should allow disabling by id" do + it 'succeeds in puppeting mod_security' do + pp= <<-EOS + host { 'modsec.example.com': ip => '127.0.0.1', } + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + } + file { '/var/www/html/index.html': + ensure => file, + content => 'Index page', + } + file { '/var/www/html/index2.html': + ensure => file, + content => 'Page 2', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service(service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe file("#{mod_dir}/security.conf") do + it { is_expected.to contain "mod_security2.c" } + end + + it 'should block query with SQL' do + shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', :acceptable_exit_codes => [22] + end + + it 'should disable mod_security per vhost' do + pp= <<-EOS + class { 'apache': } + class { 'apache::mod::security': } + apache::vhost { 'modsec.example.com': + port => '80', + docroot => '/var/www/html', + modsec_disable_ids => [ '950007' ], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + it 'should return index page' do + shell('/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users') do |r| + expect(r.stdout).to match(/Index page/) + expect(r.exit_code).to eq(0) + end + end + + end #mod_security should allow disabling by id + + +end #apache::mod::security class
--- a/modules/apache/spec/acceptance/mod_suphp_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/mod_suphp_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -27,14 +27,15 @@ end describe service('apache2') do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end it 'should answer to suphp.example.com' do + shell("/bin/sleep 10") shell("/usr/bin/curl suphp.example.com:80") do |r| - r.stdout.should =~ /^daemon$/ - r.exit_code.should == 0 + expect(r.stdout).to match(/^daemon$/) + expect(r.exit_code).to eq(0) end end end
--- a/modules/apache/spec/acceptance/nodesets/centos-59-x64.yml Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/nodesets/centos-59-x64.yml Sat Mar 14 20:07:04 2015 +0000 @@ -7,5 +7,4 @@ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box hypervisor : vagrant CONFIG: - log_level: debug type: git
--- a/modules/apache/spec/acceptance/nodesets/centos-64-x64-pe.yml Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/nodesets/centos-64-x64-pe.yml Sat Mar 14 20:07:04 2015 +0000 @@ -9,5 +9,4 @@ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box hypervisor : vagrant CONFIG: - log_level: debug type: pe
--- a/modules/apache/spec/acceptance/nodesets/centos-65-x64.yml Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/nodesets/centos-65-x64.yml Sat Mar 14 20:07:04 2015 +0000 @@ -3,9 +3,8 @@ roles: - master platform: el-6-x86_64 - box : centos-65-x64-virtualbox-nocm + box : centos-65-x64-vbox436-nocm box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-65-x64-virtualbox-nocm.box hypervisor : vagrant CONFIG: - log_level: debug - type: git + type: foss
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/acceptance/nodesets/centos-70-x64.yml Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,11 @@ +HOSTS: + centos-70-x64: + roles: + - master + platform: el-7-x86_64 + box : puppetlabs/centos-7.0-64-nocm + box_url : https://vagrantcloud.com/puppetlabs/boxes/centos-7.0-64-nocm + hypervisor : vagrant +CONFIG: + log_level: verbose + type: foss
--- a/modules/apache/spec/acceptance/nodesets/sles-11sp1-x64.yml Sat Mar 14 20:01:17 2015 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,11 +0,0 @@ -HOSTS: - sles-11sp1-x64: - roles: - - master - platform: sles-11-x86_64 - box : sles-11sp1-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/sles-11sp1-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - log_level: debug - type: git
--- a/modules/apache/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml Sat Mar 14 20:07:04 2015 +0000 @@ -7,5 +7,4 @@ box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-10044-x64-vbox4210-nocm.box hypervisor : vagrant CONFIG: - log_level: debug - type: git + type: foss
--- a/modules/apache/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml Sat Mar 14 20:07:04 2015 +0000 @@ -7,5 +7,4 @@ box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-12042-x64-vbox4210-nocm.box hypervisor : vagrant CONFIG: - log_level: debug - type: git + type: foss
--- a/modules/apache/spec/acceptance/prefork_worker_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/prefork_worker_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -6,7 +6,7 @@ when 'Debian' servicename = 'apache2' when 'FreeBSD' - servicename = 'apache22' + servicename = 'apache24' end case fact('osfamily') @@ -28,8 +28,8 @@ end describe service(servicename) do - it { should be_running } - it { should be_enabled } + it { is_expected.to be_running } + it { is_expected.to be_enabled } end end end @@ -51,8 +51,8 @@ end describe service(servicename) do - it { should be_running } - it { should be_enabled } + it { is_expected.to be_running } + it { is_expected.to be_enabled } end end @@ -73,7 +73,7 @@ end describe service(servicename) do - it { should be_running } - it { should be_enabled } + it { is_expected.to be_running } + it { is_expected.to be_enabled } end end
--- a/modules/apache/spec/acceptance/version.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/version.rb Sat Mar 14 20:07:04 2015 +0000 @@ -5,6 +5,7 @@ case _osfamily when 'RedHat' $confd_dir = '/etc/httpd/conf.d' + $mod_dir = '/etc/httpd/conf.d' $conf_file = '/etc/httpd/conf/httpd.conf' $ports_file = '/etc/httpd/conf/ports.conf' $vhost_dir = '/etc/httpd/conf.d' @@ -17,12 +18,13 @@ $suphp_configpath = 'undef' if (_operatingsystem == 'Fedora' and _operatingsystemrelease >= 18) or (_operatingsystem != 'Fedora' and _operatingsystemrelease >= 7) - $apache_version = 2.4 + $apache_version = '2.4' else - $apache_version = 2.2 + $apache_version = '2.2' end when 'Debian' - $confd_dir = '/etc/apache2/mods-available' + $confd_dir = '/etc/apache2/conf.d' + $mod_dir = '/etc/apache2/mods-available' $conf_file = '/etc/apache2/apache2.conf' $ports_file = '/etc/apache2/ports.conf' $vhost = '/etc/apache2/sites-available/15-default.conf' @@ -35,23 +37,26 @@ $suphp_configpath = '/etc/php5/apache2' if _operatingsystem == 'Ubuntu' and _operatingsystemrelease >= 13.10 - $apache_version = 2.4 + $apache_version = '2.4' + elsif _operatingsystem == 'Debian' and _operatingsystemrelease >= 8.0 + $apache_version = '2.4' else - $apache_version = 2.2 + $apache_version = '2.2' end when 'FreeBSD' - $confd_dir = '/usr/local/etc/apache22/Includes' - $conf_file = '/usr/local/etc/apache22/httpd.conf' - $ports_file = '/usr/local/etc/apache22/Includes/ports.conf' - $vhost = '/usr/local/etc/apache22/Vhosts/15-default.conf' - $vhost_dir = '/usr/local/etc/apache22/Vhosts' - $run_dir = '/var/run/apache22' - $service_name = 'apache22' - $package_name = 'apache22' + $confd_dir = '/usr/local/etc/apache24/Includes' + $mod_dir = '/usr/local/etc/apache24/Modules' + $conf_file = '/usr/local/etc/apache24/httpd.conf' + $ports_file = '/usr/local/etc/apache24/Includes/ports.conf' + $vhost = '/usr/local/etc/apache24/Vhosts/15-default.conf' + $vhost_dir = '/usr/local/etc/apache24/Vhosts' + $run_dir = '/var/run/apache24' + $service_name = 'apache24' + $package_name = 'apache24' $error_log = 'http-error.log' - $apache_version = 2.2 + $apache_version = '2.2' else - $apache_version = 0 + $apache_version = '0' end
--- a/modules/apache/spec/acceptance/vhost_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/acceptance/vhost_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -16,11 +16,11 @@ end describe file("#{$vhost_dir}/15-default.conf") do - it { should_not be_file } + it { is_expected.not_to be_file } end describe file("#{$vhost_dir}/15-default-ssl.conf") do - it { should_not be_file } + it { is_expected.not_to be_file } end end @@ -34,11 +34,11 @@ end describe file("#{$vhost_dir}/15-default.conf") do - it { should contain '<VirtualHost \*:80>' } + it { is_expected.to contain '<VirtualHost \*:80>' } end describe file("#{$vhost_dir}/15-default-ssl.conf") do - it { should_not be_file } + it { is_expected.not_to be_file } end end @@ -59,12 +59,12 @@ end describe file("#{$vhost_dir}/15-default.conf") do - it { should contain '<VirtualHost \*:80>' } + it { is_expected.to contain '<VirtualHost \*:80>' } end describe file("#{$vhost_dir}/15-default-ssl.conf") do - it { should contain '<VirtualHost \*:443>' } - it { should contain "SSLEngine on" } + it { is_expected.to contain '<VirtualHost \*:443>' } + it { is_expected.to contain "SSLEngine on" } end end @@ -87,8 +87,8 @@ end describe file("#{$vhost_dir}/25-first.example.com.conf") do - it { should contain '<VirtualHost \*:80>' } - it { should contain "ServerName first.example.com" } + it { is_expected.to contain '<VirtualHost \*:80>' } + it { is_expected.to contain "ServerName first.example.com" } end end @@ -102,16 +102,18 @@ proxy_pass => [ { 'path' => '/foo', 'url' => 'http://backend-foo/'}, ], + proxy_preserve_host => true, } EOS apply_manifest(pp, :catch_failures => true) end describe file("#{$vhost_dir}/25-proxy.example.com.conf") do - it { should contain '<VirtualHost \*:80>' } - it { should contain "ServerName proxy.example.com" } - it { should contain "ProxyPass" } - it { should_not contain "<Proxy \*>" } + it { is_expected.to contain '<VirtualHost \*:80>' } + it { is_expected.to contain "ServerName proxy.example.com" } + it { is_expected.to contain "ProxyPass" } + it { is_expected.to contain "ProxyPreserveHost On" } + it { is_expected.not_to contain "<Proxy \*>" } end end @@ -142,19 +144,19 @@ end describe service($service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end it 'should answer to first.example.com' do shell("/usr/bin/curl first.example.com:80", {:acceptable_exit_codes => 0}) do |r| - r.stdout.should == "Hello from first\n" + expect(r.stdout).to eq("Hello from first\n") end end it 'should answer to second.example.com' do shell("/usr/bin/curl second.example.com:80", {:acceptable_exit_codes => 0}) do |r| - r.stdout.should == "Hello from second\n" + expect(r.stdout).to eq("Hello from second\n") end end end @@ -165,7 +167,7 @@ pp = <<-EOS class { 'apache': } - if $apache::apache_version >= 2.4 { + if versioncmp($apache::apache_version, '2.4') >= 0 { $_files_match_directory = { 'path' => '(\.swp|\.bak|~)$', 'provider' => 'filesmatch', 'require' => 'all denied', } } else { $_files_match_directory = { 'path' => '(\.swp|\.bak|~)$', 'provider' => 'filesmatch', 'deny' => 'from all', } @@ -194,13 +196,13 @@ end describe service($service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end it 'should answer to files.example.net' do - shell("/usr/bin/curl -sSf files.example.net:80/index.html").stdout.should eq("Hello World\n") - shell("/usr/bin/curl -sSf files.example.net:80/index.html.bak", {:acceptable_exit_codes => 22}).stderr.should match(/curl: \(22\) The requested URL returned error: 403/) + expect(shell("/usr/bin/curl -sSf files.example.net:80/index.html").stdout).to eq("Hello World\n") + expect(shell("/usr/bin/curl -sSf files.example.net:80/index.html.bak", {:acceptable_exit_codes => 22}).stderr).to match(/curl: \(22\) The requested URL returned error: 403/) end end @@ -209,10 +211,13 @@ pp = <<-EOS class { 'apache': } - if $apache::apache_version >= 2.4 { + if versioncmp($apache::apache_version, '2.4') >= 0 { $_files_match_directory = { 'path' => 'private.html$', 'provider' => 'filesmatch', 'require' => 'all denied' } } else { - $_files_match_directory = { 'path' => 'private.html$', 'provider' => 'filesmatch', 'deny' => 'from all' } + $_files_match_directory = [ + { 'path' => 'private.html$', 'provider' => 'filesmatch', 'deny' => 'from all' }, + { 'path' => '/bar/bar.html', 'provider' => 'location', allow => [ 'from 127.0.0.1', ] }, + ] } $_directories = [ @@ -236,20 +241,28 @@ ensure => file, content => "Hello World\\n", } + file { '/var/www/files/bar': + ensure => directory, + } + file { '/var/www/files/bar/bar.html': + ensure => file, + content => "Hello Bar\\n", + } host { 'files.example.net': ip => '127.0.0.1', } EOS apply_manifest(pp, :catch_failures => true) end describe service($service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end it 'should answer to files.example.net' do - shell("/usr/bin/curl -sSf files.example.net:80/").stdout.should eq("Hello World\n") - shell("/usr/bin/curl -sSf files.example.net:80/foo/").stdout.should eq("Hello Foo\n") - shell("/usr/bin/curl -sSf files.example.net:80/private.html", {:acceptable_exit_codes => 22}).stderr.should match(/curl: \(22\) The requested URL returned error: 403/) + expect(shell("/usr/bin/curl -sSf files.example.net:80/").stdout).to eq("Hello World\n") + expect(shell("/usr/bin/curl -sSf files.example.net:80/foo/").stdout).to eq("Hello Foo\n") + expect(shell("/usr/bin/curl -sSf files.example.net:80/private.html", {:acceptable_exit_codes => 22}).stderr).to match(/curl: \(22\) The requested URL returned error: 403/) + expect(shell("/usr/bin/curl -sSf files.example.net:80/bar/bar.html").stdout).to eq("Hello Bar\n") end end @@ -275,13 +288,91 @@ end describe service($service_name) do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + it 'should answer to files.example.net' do + expect(shell("/usr/bin/curl -sSf files.example.net:80/index.html").stdout).to eq("Hello World\n") + expect(shell("/usr/bin/curl -sSf files.example.net:80/server-status?auto").stdout).to match(/Scoreboard: /) + end + end + + describe 'Satisfy and Auth directive', :unless => $apache_version == '2.4' do + it 'should configure a vhost with Satisfy and Auth directive' do + pp = <<-EOS + class { 'apache': } + host { 'files.example.net': ip => '127.0.0.1', } + apache::vhost { 'files.example.net': + docroot => '/var/www/files', + directories => [ + { + path => '/var/www/files/foo', + auth_type => 'Basic', + auth_name => 'Basic Auth', + auth_user_file => '/var/www/htpasswd', + auth_require => "valid-user", + }, + { + path => '/var/www/files/bar', + auth_type => 'Basic', + auth_name => 'Basic Auth', + auth_user_file => '/var/www/htpasswd', + auth_require => 'valid-user', + satisfy => 'Any', + }, + { + path => '/var/www/files/baz', + allow => 'from 10.10.10.10', + auth_type => 'Basic', + auth_name => 'Basic Auth', + auth_user_file => '/var/www/htpasswd', + auth_require => 'valid-user', + satisfy => 'Any', + }, + ], + } + file { '/var/www/files/foo': + ensure => directory, + } + file { '/var/www/files/bar': + ensure => directory, + } + file { '/var/www/files/baz': + ensure => directory, + } + file { '/var/www/files/foo/index.html': + ensure => file, + content => "Hello World\\n", + } + file { '/var/www/files/bar/index.html': + ensure => file, + content => "Hello World\\n", + } + file { '/var/www/files/baz/index.html': + ensure => file, + content => "Hello World\\n", + } + file { '/var/www/htpasswd': + ensure => file, + content => "login:IZ7jMcLSx0oQk", # "password" as password + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe service($service_name) do it { should be_enabled } it { should be_running } end it 'should answer to files.example.net' do - shell("/usr/bin/curl -sSf files.example.net:80/index.html").stdout.should eq("Hello World\n") - shell("/usr/bin/curl -sSf files.example.net:80/server-status?auto").stdout.should match(/Scoreboard: /) + shell("/usr/bin/curl -sSf files.example.net:80/foo/index.html", {:acceptable_exit_codes => 22}).stderr.should match(/curl: \(22\) The requested URL returned error: 401/) + shell("/usr/bin/curl -sSf -u login:password files.example.net:80/foo/index.html").stdout.should eq("Hello World\n") + shell("/usr/bin/curl -sSf files.example.net:80/bar/index.html").stdout.should eq("Hello World\n") + shell("/usr/bin/curl -sSf -u login:password files.example.net:80/bar/index.html").stdout.should eq("Hello World\n") + shell("/usr/bin/curl -sSf files.example.net:80/baz/index.html", {:acceptable_exit_codes => 22}).stderr.should match(/curl: \(22\) The requested URL returned error: 401/) + shell("/usr/bin/curl -sSf -u login:password files.example.net:80/baz/index.html").stdout.should eq("Hello World\n") end end end @@ -306,13 +397,13 @@ end describe service($service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end it 'should answer to fallback.example.net' do shell("/usr/bin/curl fallback.example.net:80/Does/Not/Exist") do |r| - r.stdout.should == "Hello World\n" + expect(r.stdout).to eq("Hello World\n") end end @@ -347,19 +438,19 @@ end describe service($service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end it 'should answer to a.virt.example.com' do shell("/usr/bin/curl a.virt.example.com:80", {:acceptable_exit_codes => 0}) do |r| - r.stdout.should == "Hello from a.virt\n" + expect(r.stdout).to eq("Hello from a.virt\n") end end it 'should answer to b.virt.example.com' do shell("/usr/bin/curl b.virt.example.com:80", {:acceptable_exit_codes => 0}) do |r| - r.stdout.should == "Hello from b.virt\n" + expect(r.stdout).to eq("Hello from b.virt\n") end end end @@ -389,18 +480,18 @@ ensure => file, content => "Hello from localhost\\n", } - }, :catch_failures => true) + }, :catch_failures => true) end describe service($service_name) do - it { should be_enabled } - it { should be_running } + it { is_expected.to be_enabled } + it { is_expected.to be_running } end it 'should get a response from the back end' do shell("/usr/bin/curl --max-redirs 0 proxy.example.com:80") do |r| - r.stdout.should == "Hello from localhost\n" - r.exit_code.should == 0 + expect(r.stdout).to eq("Hello from localhost\n") + expect(r.exit_code).to eq(0) end end end @@ -420,8 +511,8 @@ end describe file($ports_file) do - it { should be_file } - it { should_not contain 'NameVirtualHost test.server' } + it { is_expected.to be_file } + it { is_expected.not_to contain 'NameVirtualHost test.server' } end end @@ -442,9 +533,9 @@ end describe file($ports_file) do - it { should be_file } - it { should_not contain 'Listen 80' } - it { should contain 'Listen 81' } + it { is_expected.to be_file } + it { is_expected.not_to contain 'Listen 80' } + it { is_expected.to contain 'Listen 81' } end end @@ -466,10 +557,10 @@ end describe file('/tmp/test') do - it { should be_directory } - it { should be_owned_by 'test_owner' } - it { should be_grouped_into 'test_group' } - it { should be_mode 750 } + it { is_expected.to be_directory } + it { is_expected.to be_owned_by 'test_owner' } + it { is_expected.to be_grouped_into 'test_group' } + it { is_expected.to be_mode 750 } end end @@ -487,18 +578,18 @@ end describe file($ports_file) do - it { should be_file } + it { is_expected.to be_file } if fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '7' - it { should_not contain 'NameVirtualHost test.server' } + it { is_expected.not_to contain 'NameVirtualHost test.server' } elsif fact('operatingsystem') == 'Ubuntu' and fact('operatingsystemrelease') =~ /(14\.04|13\.10)/ - it { should_not contain 'NameVirtualHost test.server' } + it { is_expected.not_to contain 'NameVirtualHost test.server' } else - it { should contain 'NameVirtualHost test.server' } + it { is_expected.to contain 'NameVirtualHost test.server' } end end describe file("#{$vhost_dir}/10-test.server.conf") do - it { should be_file } + it { is_expected.to be_file } end end @@ -516,8 +607,8 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'Options Indexes FollowSymLinks ExecCGI' } + it { is_expected.to be_file } + it { is_expected.to contain 'Options Indexes FollowSymLinks ExecCGI' } end end @@ -535,8 +626,8 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'AllowOverride All' } + it { is_expected.to be_file } + it { is_expected.to contain 'AllowOverride All' } end end @@ -554,8 +645,8 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain ' CustomLog "/tmp' } + it { is_expected.to be_file } + it { is_expected.to contain ' CustomLog "/tmp' } end end @@ -575,15 +666,15 @@ apache::vhost { 'test.server': docroot => '/tmp', logroot => '/tmp', - #{logtype}_log => false, + #{logtype}_log => false, } EOS apply_manifest(pp, :catch_failures => true) end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should_not contain " #{logname} \"/tmp" } + it { is_expected.to be_file } + it { is_expected.not_to contain " #{logname} \"/tmp" } end end @@ -595,15 +686,15 @@ apache::vhost { 'test.server': docroot => '/tmp', logroot => '/tmp', - #{logtype}_log_pipe => '|/bin/sh', + #{logtype}_log_pipe => '|/bin/sh', } EOS apply_manifest(pp, :catch_failures => true) end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain " #{logname} \"|/bin/sh" } + it { is_expected.to be_file } + it { is_expected.to contain " #{logname} \"|/bin/sh" } end end @@ -615,15 +706,15 @@ apache::vhost { 'test.server': docroot => '/tmp', logroot => '/tmp', - #{logtype}_log_syslog => 'syslog', + #{logtype}_log_syslog => 'syslog', } EOS apply_manifest(pp, :catch_failures => true) end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain " #{logname} \"syslog\"" } + it { is_expected.to be_file } + it { is_expected.to contain " #{logname} \"syslog\"" } end end end @@ -644,8 +735,8 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'CustomLog "syslog" "%h %l"' } + it { is_expected.to be_file } + it { is_expected.to contain 'CustomLog "syslog" "%h %l"' } end end @@ -665,8 +756,36 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'CustomLog "syslog" combined env=admin' } + it { is_expected.to be_file } + it { is_expected.to contain 'CustomLog "syslog" combined env=admin' } + end + end + + describe 'multiple access_logs' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + apache::vhost { 'test.server': + docroot => '/tmp', + logroot => '/tmp', + access_logs => [ + {'file' => 'log1'}, + {'file' => 'log2', 'env' => 'admin' }, + {'file' => '/var/tmp/log3', 'format' => '%h %l'}, + {'syslog' => 'syslog' } + ] + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/25-test.server.conf") do + it { is_expected.to be_file } + it { is_expected.to contain 'CustomLog "/tmp/log1" combined' } + it { is_expected.to contain 'CustomLog "/tmp/log2" combined env=admin' } + it { is_expected.to contain 'CustomLog "/var/tmp/log3" "%h %l"' } + it { is_expected.to contain 'CustomLog "syslog" combined' } end end @@ -677,15 +796,19 @@ host { 'test.server': ip => '127.0.0.1' } apache::vhost { 'test.server': docroot => '/tmp', - aliases => [{ alias => '/image', path => '/ftp/pub/image' }], + aliases => [ + { alias => '/image' , path => '/ftp/pub/image' } , + { scriptalias => '/myscript' , path => '/usr/share/myscript' } + ], } EOS apply_manifest(pp, :catch_failures => true) end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'Alias /image "/ftp/pub/image"' } + it { is_expected.to be_file } + it { is_expected.to contain 'Alias /image "/ftp/pub/image"' } + it { is_expected.to contain 'ScriptAlias /myscript "/usr/share/myscript"' } end end @@ -703,8 +826,8 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'ScriptAlias /myscript "/usr/share/myscript"' } + it { is_expected.to be_file } + it { is_expected.to contain 'ScriptAlias /myscript "/usr/share/myscript"' } end end @@ -722,8 +845,8 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'ProxyPass / test2/' } + it { is_expected.to be_file } + it { is_expected.to contain 'ProxyPass / test2/' } end end @@ -742,8 +865,8 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'Action php-fastcgi /cgi-bin virtual' } + it { is_expected.to be_file } + it { is_expected.to contain 'Action php-fastcgi /cgi-bin virtual' } end end @@ -763,10 +886,10 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain "suPHP_AddHandler #{$suphp_handler}" } - it { should contain 'suPHP_Engine on' } - it { should contain "suPHP_ConfigPath \"#{$suphp_configpath}\"" } + it { is_expected.to be_file } + it { is_expected.to contain "suPHP_AddHandler #{$suphp_handler}" } + it { is_expected.to contain 'suPHP_Engine on' } + it { is_expected.to contain "suPHP_ConfigPath \"#{$suphp_configpath}\"" } end end @@ -785,9 +908,9 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'ProxyPass / http://test2/' } - it { should contain 'ProxyPass http://test2/test !' } + it { is_expected.to be_file } + it { is_expected.to contain 'ProxyPass / http://test2/' } + it { is_expected.to contain 'ProxyPass http://test2/test !' } end end @@ -807,8 +930,8 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'Redirect permanent /images http://test.server/' } + it { is_expected.to be_file } + it { is_expected.to contain 'Redirect permanent /images http://test.server/' } end end @@ -838,8 +961,8 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'RackBaseURI /test' } + it { is_expected.to be_file } + it { is_expected.to contain 'RackBaseURI /test' } end end end @@ -860,8 +983,8 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'append MirrorID "mirror 12"' } + it { is_expected.to be_file } + it { is_expected.to contain 'append MirrorID "mirror 12"' } end end @@ -884,10 +1007,52 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do + it { is_expected.to be_file } + it { is_expected.to contain '#test' } + it { is_expected.to contain 'RewriteCond %{HTTP_USER_AGENT} ^Lynx/ [OR]' } + it { is_expected.to contain 'RewriteRule ^index.html$ welcome.html' } + end + end + + describe 'directory rewrite rules' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + host { 'test.server': ip => '127.0.0.1' } + if ! defined(Class['apache::mod::rewrite']) { + include ::apache::mod::rewrite + } + apache::vhost { 'test.server': + docroot => '/tmp', + directories => [ + { + path => '/tmp', + rewrites => [ + { + comment => 'Permalink Rewrites', + rewrite_base => '/', + }, + { rewrite_rule => [ '^index\\.php$ - [L]' ] }, + { rewrite_cond => [ + '%{REQUEST_FILENAME} !-f', + '%{REQUEST_FILENAME} !-d', ], rewrite_rule => [ '. /index.php [L]' ], } + ], + }, + ], + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/25-test.server.conf") do it { should be_file } - it { should contain '#test' } - it { should contain 'RewriteCond %{HTTP_USER_AGENT} ^Lynx/ [OR]' } - it { should contain 'RewriteRule ^index.html$ welcome.html' } + it { should contain '#Permalink Rewrites' } + it { should contain 'RewriteEngine On' } + it { should contain 'RewriteBase /' } + it { should contain 'RewriteRule ^index\.php$ - [L]' } + it { should contain 'RewriteCond %{REQUEST_FILENAME} !-f' } + it { should contain 'RewriteCond %{REQUEST_FILENAME} !-d' } + it { should contain 'RewriteRule . /index.php [L]' } end end @@ -906,9 +1071,9 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'SetEnv TEST /test' } - it { should contain 'SetEnvIf Request_URI "\.gif$" object_is_image=gif' } + it { is_expected.to be_file } + it { is_expected.to contain 'SetEnv TEST /test' } + it { is_expected.to contain 'SetEnvIf Request_URI "\.gif$" object_is_image=gif' } end end @@ -926,8 +1091,8 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain '<DirectoryMatch .*\.(svn|git|bzr)/.*>' } + it { is_expected.to be_file } + it { is_expected.to contain '<DirectoryMatch .*\.(svn|git|bzr)/.*>' } end end @@ -944,6 +1109,7 @@ wsgi_daemon_process_options => {processes => '2'}, wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, + wsgi_pass_authorization => 'On', } EOS apply_manifest(pp, :catch_failures => true) @@ -963,18 +1129,22 @@ wsgi_import_script_options => { application-group => '%{GLOBAL}', process-group => 'wsgi' }, wsgi_process_group => 'nobody', wsgi_script_aliases => { '/test' => '/test1' }, + wsgi_pass_authorization => 'On', + wsgi_chunked_request => 'On', } EOS apply_manifest(pp, :catch_failures => true) end describe file("#{$vhost_dir}/25-test.server.conf"), :unless => (fact('lsbdistcodename') == 'lucid' or UNSUPPORTED_PLATFORMS.include?(fact('osfamily'))) do - it { should be_file } - it { should contain 'WSGIApplicationGroup %{GLOBAL}' } - it { should contain 'WSGIDaemonProcess wsgi processes=2' } - it { should contain 'WSGIImportScript /test1 application-group=%{GLOBAL} process-group=wsgi' } - it { should contain 'WSGIProcessGroup nobody' } - it { should contain 'WSGIScriptAlias /test "/test1"' } + it { is_expected.to be_file } + it { is_expected.to contain 'WSGIApplicationGroup %{GLOBAL}' } + it { is_expected.to contain 'WSGIDaemonProcess wsgi processes=2' } + it { is_expected.to contain 'WSGIImportScript /test1 application-group=%{GLOBAL} process-group=wsgi' } + it { is_expected.to contain 'WSGIProcessGroup nobody' } + it { is_expected.to contain 'WSGIScriptAlias /test "/test1"' } + it { is_expected.to contain 'WSGIPassAuthorization On' } + it { is_expected.to contain 'WSGIChunkedRequest On' } end end @@ -992,8 +1162,8 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain '#weird test string' } + it { is_expected.to be_file } + it { is_expected.to contain '#weird test string' } end end @@ -1011,8 +1181,8 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'AssignUserId nobody nobody' } + it { is_expected.to be_file } + it { is_expected.to contain 'AssignUserId nobody nobody' } end end @@ -1035,9 +1205,9 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'FastCgiExternalServer localhost -socket /tmp/fast/1234' } - it { should contain '<Directory "/tmp/fast">' } + it { is_expected.to be_file } + it { is_expected.to contain 'FastCgiExternalServer localhost -socket /tmp/fast/1234' } + it { is_expected.to contain '<Directory "/tmp/fast">' } end end end @@ -1045,7 +1215,7 @@ describe 'additional_includes' do it 'applies cleanly' do pp = <<-EOS - if $::osfamily == 'RedHat' and $::selinux == 'true' { + if $::osfamily == 'RedHat' and $::selinux { $semanage_package = $::operatingsystemmajrelease ? { '5' => 'policycoreutils', default => 'policycoreutils-python', @@ -1076,9 +1246,25 @@ end describe file("#{$vhost_dir}/25-test.server.conf") do - it { should be_file } - it { should contain 'Include "/apache_spec/include"' } + it { is_expected.to be_file } + it { is_expected.to contain 'Include "/apache_spec/include"' } end end + describe 'virtualhost without priority prefix' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + apache::vhost { 'test.server': + priority => false, + docroot => '/tmp' + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/test.server.conf") do + it { is_expected.to be_file } + end + end end
--- a/modules/apache/spec/classes/apache_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/apache_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -4,21 +4,31 @@ context "on a Debian OS" do let :facts do { + :id => 'root', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', :osfamily => 'Debian', + :operatingsystem => 'Debian', :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_package("httpd").with( + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_package("httpd").with( 'notify' => 'Class[Apache::Service]', 'ensure' => 'installed' ) } - it { should contain_user("www-data") } - it { should contain_group("www-data") } - it { should contain_class("apache::service") } - it { should contain_file("/etc/apache2/sites-enabled").with( + it { is_expected.to contain_user("www-data") } + it { is_expected.to contain_group("www-data") } + it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/var/www").with( + 'ensure' => 'directory' + ) + } + it { is_expected.to contain_file("/etc/apache2/sites-enabled").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', @@ -26,7 +36,7 @@ 'require' => 'Package[httpd]' ) } - it { should contain_file("/etc/apache2/mods-enabled").with( + it { is_expected.to contain_file("/etc/apache2/mods-enabled").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', @@ -34,7 +44,7 @@ 'require' => 'Package[httpd]' ) } - it { should contain_file("/etc/apache2/mods-available").with( + it { is_expected.to contain_file("/etc/apache2/mods-available").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'false', @@ -42,7 +52,7 @@ 'require' => 'Package[httpd]' ) } - it { should contain_concat("/etc/apache2/ports.conf").with( + it { is_expected.to contain_concat("/etc/apache2/ports.conf").with( 'owner' => 'root', 'group' => 'root', 'mode' => '0644', @@ -60,33 +70,44 @@ 'dav', 'env' ].each do |modname| - it { should contain_file("#{modname}.load").with( + it { is_expected.to contain_file("#{modname}.load").with( 'path' => "/etc/apache2/mods-available/#{modname}.load", 'ensure' => 'file' ) } - it { should contain_file("#{modname}.load symlink").with( + it { is_expected.to contain_file("#{modname}.load symlink").with( 'path' => "/etc/apache2/mods-enabled/#{modname}.load", 'ensure' => 'link', 'target' => "/etc/apache2/mods-available/#{modname}.load" ) } - it { should_not contain_file("#{modname}.conf") } - it { should_not contain_file("#{modname}.conf symlink") } + it { is_expected.not_to contain_file("#{modname}.conf") } + it { is_expected.not_to contain_file("#{modname}.conf symlink") } end context "with Apache version < 2.4" do let :params do - { :apache_version => 2.2 } + { :apache_version => '2.2' } end - it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^Include "/etc/apache2/conf\.d/\*\.conf"$} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^Include "/etc/apache2/conf\.d/\*\.conf"$} } end context "with Apache version >= 2.4" do let :params do - { :apache_version => 2.4 } + { + :apache_version => '2.4', + :use_optional_includes => true + } end - it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^IncludeOptional "/etc/apache2/conf\.d/\*\.conf"$} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^IncludeOptional "/etc/apache2/conf\.d/\*\.conf"$} } + end + + context "when specifying slash encoding behaviour" do + let :params do + { :allow_encoded_slashes => 'nodecode' } + end + + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^AllowEncodedSlashes nodecode$} } end # Assert that both load files and conf files are placed and symlinked for these mods @@ -100,20 +121,20 @@ 'negotiation', 'setenvif', ].each do |modname| - it { should contain_file("#{modname}.load").with( + it { is_expected.to contain_file("#{modname}.load").with( 'path' => "/etc/apache2/mods-available/#{modname}.load", 'ensure' => 'file' ) } - it { should contain_file("#{modname}.load symlink").with( + it { is_expected.to contain_file("#{modname}.load symlink").with( 'path' => "/etc/apache2/mods-enabled/#{modname}.load", 'ensure' => 'link', 'target' => "/etc/apache2/mods-available/#{modname}.load" ) } - it { should contain_file("#{modname}.conf").with( + it { is_expected.to contain_file("#{modname}.conf").with( 'path' => "/etc/apache2/mods-available/#{modname}.conf", 'ensure' => 'file' ) } - it { should contain_file("#{modname}.conf symlink").with( + it { is_expected.to contain_file("#{modname}.conf symlink").with( 'path' => "/etc/apache2/mods-enabled/#{modname}.conf", 'ensure' => 'link', 'target' => "/etc/apache2/mods-available/#{modname}.conf" @@ -126,8 +147,8 @@ { :manage_user => false } end - it { should_not contain_user('www-data') } - it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^User www-data\n} } + it { is_expected.not_to contain_user('www-data') } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^User www-data\n} } end end describe "Don't create group resource" do @@ -136,8 +157,8 @@ { :manage_group => false } end - it { should_not contain_group('www-data') } - it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^Group www-data\n} } + it { is_expected.not_to contain_group('www-data') } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^Group www-data\n} } end end @@ -150,8 +171,8 @@ } } end - it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common\n} } - it { should contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common\n} } + it { is_expected.to contain_file("/etc/apache2/apache2.conf").with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" vhost_combined\n} } end end @@ -165,47 +186,59 @@ context "13.10" do let :facts do super().merge({ + :lsbdistrelease => '13.10', :operatingsystemrelease => '13.10' }) end - it { should contain_class('apache').with_apache_version('2.4') } + it { is_expected.to contain_class('apache').with_apache_version('2.4') } end context "12.04" do let :facts do super().merge({ + :lsbdistrelease => '12.04', :operatingsystemrelease => '12.04' }) end - it { should contain_class('apache').with_apache_version('2.2') } + it { is_expected.to contain_class('apache').with_apache_version('2.2') } end context "13.04" do let :facts do super().merge({ + :lsbdistrelease => '13.04', :operatingsystemrelease => '13.04' }) end - it { should contain_class('apache').with_apache_version('2.2') } + it { is_expected.to contain_class('apache').with_apache_version('2.2') } end end end context "on a RedHat 5 OS" do let :facts do { + :id => 'root', + :kernel => 'Linux', :osfamily => 'RedHat', + :operatingsystem => 'RedHat', :operatingsystemrelease => '5', :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_package("httpd").with( + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_package("httpd").with( 'notify' => 'Class[Apache::Service]', 'ensure' => 'installed' ) } - it { should contain_user("apache") } - it { should contain_group("apache") } - it { should contain_class("apache::service") } - it { should contain_file("/etc/httpd/conf.d").with( + it { is_expected.to contain_user("apache") } + it { is_expected.to contain_group("apache") } + it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/var/www/html").with( + 'ensure' => 'directory' + ) + } + it { is_expected.to contain_file("/etc/httpd/conf.d").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', @@ -213,7 +246,7 @@ 'require' => 'Package[httpd]' ) } - it { should contain_concat("/etc/httpd/conf/ports.conf").with( + it { is_expected.to contain_concat("/etc/httpd/conf/ports.conf").with( 'owner' => 'root', 'group' => 'root', 'mode' => '0644', @@ -230,7 +263,7 @@ end ['mod.d','site.d','conf.d'].each do |dir| - it { should contain_file("/etc/httpd/#{dir}").with( + it { is_expected.to contain_file("/etc/httpd/#{dir}").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', @@ -250,10 +283,10 @@ 'dav', 'env', ].each do |modname| - it { should contain_file("#{modname}.load").with_path( + it { is_expected.to contain_file("#{modname}.load").with_path( "/etc/httpd/mod.d/#{modname}.load" ) } - it { should_not contain_file("#{modname}.conf").with_path( + it { is_expected.not_to contain_file("#{modname}.conf").with_path( "/etc/httpd/mod.d/#{modname}.conf" ) } end @@ -269,33 +302,56 @@ 'negotiation', 'setenvif', ].each do |modname| - it { should contain_file("#{modname}.load").with_path( + it { is_expected.to contain_file("#{modname}.load").with_path( "/etc/httpd/mod.d/#{modname}.load" ) } - it { should contain_file("#{modname}.conf").with_path( + it { is_expected.to contain_file("#{modname}.conf").with_path( "/etc/httpd/mod.d/#{modname}.conf" ) } end context "with Apache version < 2.4" do let :params do - { :apache_version => 2.2 } + { :apache_version => '2.2' } end - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/conf\.d/\*\.conf"$} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/conf\.d/\*\.conf"$} } end context "with Apache version >= 2.4" do let :params do - { :apache_version => 2.4 } + { + :apache_version => '2.4', + :use_optional_includes => true + } + end + + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^IncludeOptional "/etc/httpd/conf\.d/\*\.conf"$} } + end + + context "when specifying slash encoding behaviour" do + let :params do + { :allow_encoded_slashes => 'nodecode' } end - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^IncludeOptional "/etc/httpd/conf\.d/\*\.conf"$} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^AllowEncodedSlashes nodecode$} } end - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/site\.d/\*\.conf"$} } - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.conf"$} } - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.load"$} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/site\.d/\*"$} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.conf"$} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Include "/etc/httpd/mod\.d/\*\.load"$} } + end + + describe "Alternate conf directory" do + let :params do + { :conf_dir => '/opt/rh/root/etc/httpd/conf' } + end + + it { is_expected.to contain_file("/opt/rh/root/etc/httpd/conf/httpd.conf").with( + 'ensure' => 'file', + 'notify' => 'Class[Apache::Service]', + 'require' => 'Package[httpd]' + ) } end describe "Alternate conf.d directory" do @@ -303,7 +359,7 @@ { :confd_dir => '/etc/httpd/special_conf.d' } end - it { should contain_file("/etc/httpd/special_conf.d").with( + it { is_expected.to contain_file("/etc/httpd/special_conf.d").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', @@ -318,32 +374,32 @@ { :mpm_module => false } end it 'should not declare mpm modules' do - should_not contain_class('apache::mod::event') - should_not contain_class('apache::mod::itk') - should_not contain_class('apache::mod::peruser') - should_not contain_class('apache::mod::prefork') - should_not contain_class('apache::mod::worker') + is_expected.not_to contain_class('apache::mod::event') + is_expected.not_to contain_class('apache::mod::itk') + is_expected.not_to contain_class('apache::mod::peruser') + is_expected.not_to contain_class('apache::mod::prefork') + is_expected.not_to contain_class('apache::mod::worker') end end context "when declaring mpm_module => prefork" do let :params do { :mpm_module => 'prefork' } end - it { should contain_class('apache::mod::prefork') } - it { should_not contain_class('apache::mod::event') } - it { should_not contain_class('apache::mod::itk') } - it { should_not contain_class('apache::mod::peruser') } - it { should_not contain_class('apache::mod::worker') } + it { is_expected.to contain_class('apache::mod::prefork') } + it { is_expected.not_to contain_class('apache::mod::event') } + it { is_expected.not_to contain_class('apache::mod::itk') } + it { is_expected.not_to contain_class('apache::mod::peruser') } + it { is_expected.not_to contain_class('apache::mod::worker') } end context "when declaring mpm_module => worker" do let :params do { :mpm_module => 'worker' } end - it { should contain_class('apache::mod::worker') } - it { should_not contain_class('apache::mod::event') } - it { should_not contain_class('apache::mod::itk') } - it { should_not contain_class('apache::mod::peruser') } - it { should_not contain_class('apache::mod::prefork') } + it { is_expected.to contain_class('apache::mod::worker') } + it { is_expected.not_to contain_class('apache::mod::event') } + it { is_expected.not_to contain_class('apache::mod::itk') } + it { is_expected.not_to contain_class('apache::mod::peruser') } + it { is_expected.not_to contain_class('apache::mod::prefork') } end context "when declaring mpm_module => breakme" do let :params do @@ -358,13 +414,13 @@ let :params do { :conf_template => 'apache/httpd.conf.erb' } end - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^# Security\n} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^# Security\n} } end context "with non-default" do let :params do { :conf_template => 'site_apache/fake.conf.erb' } end - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Fake template for rspec.$} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Fake template for rspec.$} } end end @@ -374,8 +430,8 @@ { :default_mods => false } end - it { should contain_apache__mod('authz_host') } - it { should_not contain_apache__mod('env') } + it { is_expected.to contain_apache__mod('authz_host') } + it { is_expected.not_to contain_apache__mod('env') } end context "custom" do let :params do @@ -389,10 +445,10 @@ ]} end - it { should contain_apache__mod('authz_host') } - it { should contain_apache__mod('env') } - it { should contain_class('apache::mod::info') } - it { should contain_class('apache::mod::mime') } + it { is_expected.to contain_apache__mod('authz_host') } + it { is_expected.to contain_apache__mod('env') } + it { is_expected.to contain_class('apache::mod::info') } + it { is_expected.to contain_class('apache::mod::mime') } end end describe "Don't create user resource" do @@ -401,8 +457,8 @@ { :manage_user => false } end - it { should_not contain_user('apache') } - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^User apache\n} } + it { is_expected.not_to contain_user('apache') } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^User apache\n} } end end describe "Don't create group resource" do @@ -411,8 +467,8 @@ { :manage_group => false } end - it { should_not contain_group('apache') } - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Group apache\n} } + it { is_expected.not_to contain_group('apache') } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^Group apache\n} } end end @@ -431,44 +487,89 @@ let :params do { :sendfile => 'On' } end - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^EnableSendfile On\n} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^EnableSendfile On\n} } end context "Off" do let :params do { :sendfile => 'Off' } end - it { should contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^EnableSendfile Off\n} } + it { is_expected.to contain_file("/etc/httpd/conf/httpd.conf").with_content %r{^EnableSendfile Off\n} } + end + end + context "on Fedora" do + let :facts do + super().merge({ + :operatingsystem => 'Fedora' + }) + end + + context "21" do + let :facts do + super().merge({ + :lsbdistrelease => '21', + :operatingsystemrelease => '21' + }) + end + it { is_expected.to contain_class('apache').with_apache_version('2.4') } + end + context "Rawhide" do + let :facts do + super().merge({ + :lsbdistrelease => 'Rawhide', + :operatingsystemrelease => 'Rawhide' + }) + end + it { is_expected.to contain_class('apache').with_apache_version('2.4') } + end + # kinda obsolete + context "17" do + let :facts do + super().merge({ + :lsbdistrelease => '17', + :operatingsystemrelease => '17' + }) + end + it { is_expected.to contain_class('apache').with_apache_version('2.2') } end end end context "on a FreeBSD OS" do let :facts do { + :id => 'root', + :kernel => 'FreeBSD', :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', + :operatingsystem => 'FreeBSD', + :operatingsystemrelease => '10', :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_class("apache::package").with({'ensure' => 'present'}) } - it { should contain_user("www") } - it { should contain_group("www") } - it { should contain_class("apache::service") } - it { should contain_file("/usr/local/etc/apache22/Vhosts").with( + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class("apache::package").with({'ensure' => 'present'}) } + it { is_expected.to contain_user("www") } + it { is_expected.to contain_group("www") } + it { is_expected.to contain_class("apache::service") } + it { is_expected.to contain_file("/usr/local/www/apache24/data").with( + 'ensure' => 'directory' + ) + } + it { is_expected.to contain_file("/usr/local/etc/apache24/Vhosts").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', 'notify' => 'Class[Apache::Service]', 'require' => 'Package[httpd]' ) } - it { should contain_file("/usr/local/etc/apache22/Modules").with( + it { is_expected.to contain_file("/usr/local/etc/apache24/Modules").with( 'ensure' => 'directory', 'recurse' => 'true', 'purge' => 'true', 'notify' => 'Class[Apache::Service]', 'require' => 'Package[httpd]' ) } - it { should contain_concat("/usr/local/etc/apache22/ports.conf").with( + it { is_expected.to contain_concat("/usr/local/etc/apache24/ports.conf").with( 'owner' => 'root', 'group' => 'wheel', 'mode' => '0644', @@ -478,18 +579,17 @@ [ 'auth_basic', 'authn_file', - 'authz_default', 'authz_groupfile', 'authz_host', 'authz_user', 'dav', 'env' ].each do |modname| - it { should contain_file("#{modname}.load").with( - 'path' => "/usr/local/etc/apache22/Modules/#{modname}.load", + it { is_expected.to contain_file("#{modname}.load").with( + 'path' => "/usr/local/etc/apache24/Modules/#{modname}.load", 'ensure' => 'file' ) } - it { should_not contain_file("#{modname}.conf") } + it { is_expected.not_to contain_file("#{modname}.conf") } end # Assert that both load files and conf files are placed for these mods @@ -503,12 +603,12 @@ 'negotiation', 'setenvif', ].each do |modname| - it { should contain_file("#{modname}.load").with( - 'path' => "/usr/local/etc/apache22/Modules/#{modname}.load", + it { is_expected.to contain_file("#{modname}.load").with( + 'path' => "/usr/local/etc/apache24/Modules/#{modname}.load", 'ensure' => 'file' ) } - it { should contain_file("#{modname}.conf").with( - 'path' => "/usr/local/etc/apache22/Modules/#{modname}.conf", + it { is_expected.to contain_file("#{modname}.conf").with( + 'path' => "/usr/local/etc/apache24/Modules/#{modname}.conf", 'ensure' => 'file' ) } end @@ -516,28 +616,45 @@ context 'on all OSes' do let :facts do { + :id => 'root', + :kernel => 'Linux', :osfamily => 'RedHat', + :operatingsystem => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + context 'with a custom apache_name parameter' do + let :params do { + :apache_name => 'httpd24-httpd' + } + end + it { is_expected.to contain_package("httpd").with( + 'notify' => 'Class[Apache::Service]', + 'ensure' => 'installed', + 'name' => 'httpd24-httpd' + ) } end context 'default vhost defaults' do - it { should contain_apache__vhost('default').with_ensure('present') } - it { should contain_apache__vhost('default-ssl').with_ensure('absent') } + it { is_expected.to contain_apache__vhost('default').with_ensure('present') } + it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('absent') } end context 'without default non-ssl vhost' do let :params do { :default_vhost => false } end - it { should contain_apache__vhost('default').with_ensure('absent') } + it { is_expected.to contain_apache__vhost('default').with_ensure('absent') } end context 'with default ssl vhost' do let :params do { :default_ssl_vhost => true } end - it { should contain_apache__vhost('default-ssl').with_ensure('present') } + it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('present') } end end context 'with unsupported osfamily' do @@ -545,6 +662,7 @@ { :osfamily => 'Darwin', :operatingsystemrelease => '13.1.0', :concat_basedir => '/dne', + :is_pe => false, } end
--- a/modules/apache/spec/classes/dev_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/dev_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -4,24 +4,29 @@ context "on a Debian OS" do let :facts do { + :lsbdistcodename => 'squeeze', :osfamily => 'Debian', + :operatingsystem => 'Debian', :operatingsystemrelease => '6', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_package("libaprutil1-dev") } - it { should contain_package("libapr1-dev") } - it { should contain_package("apache2-prefork-dev") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_package("libaprutil1-dev") } + it { is_expected.to contain_package("libapr1-dev") } + it { is_expected.to contain_package("apache2-prefork-dev") } end context "on a RedHat OS" do let :facts do { :osfamily => 'RedHat', + :operatingsystem => 'RedHat', :operatingsystemrelease => '6', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_package("httpd-devel") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_package("httpd-devel") } end context "on a FreeBSD OS" do let :pre_condition do @@ -30,9 +35,11 @@ let :facts do { :osfamily => 'FreeBSD', + :operatingsystem => 'FreeBSD', :operatingsystemrelease => '9', + :is_pe => false, } end - it { should contain_class("apache::params") } + it { is_expected.to contain_class("apache::params") } end end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/classes/mod/alias_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,72 @@ +require 'spec_helper' + +describe 'apache::mod::alias', :type => :class do + let :pre_condition do + 'include apache' + end + context "on a Debian OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_apache__mod("alias") } + it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/share\/apache2\/icons\/"/) } + end + context "on a RedHat 6-based OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_apache__mod("alias") } + it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/var\/www\/icons\/"/) } + end + context "on a RedHat 7-based OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '7', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_apache__mod("alias") } + it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/share\/httpd\/icons\/"/) } + end + context "on a FreeBSD OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'FreeBSD', + :osfamily => 'FreeBSD', + :operatingsystem => 'FreeBSD', + :operatingsystemrelease => '10', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_apache__mod("alias") } + it { is_expected.to contain_file("alias.conf").with(:content => /Alias \/icons\/ "\/usr\/local\/www\/apache24\/icons\/"/) } + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/classes/mod/auth_cas_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,54 @@ +require 'spec_helper' + +describe 'apache::mod::auth_cas', :type => :class do + let :params do + { + :cas_login_url => 'https://cas.example.com/login', + :cas_validate_url => 'https://cas.example.com/validate', + } + end + + let :pre_condition do + 'include ::apache' + end + + context "on a Debian OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_cas") } + it { is_expected.to contain_package("libapache2-mod-auth-cas") } + it { is_expected.to contain_file("auth_cas.conf").with_path('/etc/apache2/mods-available/auth_cas.conf') } + it { is_expected.to contain_file("/var/cache/apache2/mod_auth_cas/").with_owner('www-data') } + end + context "on a RedHat OS", :compile do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_cas") } + it { is_expected.to contain_package("mod_auth_cas") } + it { is_expected.to contain_file("auth_cas.conf").with_path('/etc/httpd/conf.d/auth_cas.conf') } + it { is_expected.to contain_file("/var/cache/mod_auth_cas/").with_owner('apache') } + end +end
--- a/modules/apache/spec/classes/mod/auth_kerb_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/auth_kerb_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::auth_kerb', :type => :class do let :pre_condition do 'include apache' @@ -5,37 +7,53 @@ context "on a Debian OS", :compile do let :facts do { + :id => 'root', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', :osfamily => 'Debian', + :operatingsystem => 'Debian', :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod("auth_kerb") } - it { should contain_package("libapache2-mod-auth-kerb") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_kerb") } + it { is_expected.to contain_package("libapache2-mod-auth-kerb") } end context "on a RedHat OS", :compile do let :facts do { + :id => 'root', + :kernel => 'Linux', :osfamily => 'RedHat', + :operatingsystem => 'RedHat', :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod("auth_kerb") } - it { should contain_package("mod_auth_kerb") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_kerb") } + it { is_expected.to contain_package("mod_auth_kerb") } end context "on a FreeBSD OS", :compile do let :facts do { + :id => 'root', + :kernel => 'FreeBSD', :osfamily => 'FreeBSD', + :operatingsystem => 'FreeBSD', :operatingsystemrelease => '9', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', :concat_basedir => '/dne', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod("auth_kerb") } - it { should contain_package("www/mod_auth_kerb2") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("auth_kerb") } + it { is_expected.to contain_package("www/mod_auth_kerb2") } end end
--- a/modules/apache/spec/classes/mod/authnz_ldap_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/authnz_ldap_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::authnz_ldap', :type => :class do let :pre_condition do 'include apache' @@ -6,28 +8,34 @@ context "on a Debian OS" do let :facts do { + :lsbdistcodename => 'squeeze', :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :operatingsystem => 'Debian', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_class("apache::mod::ldap") } - it { should contain_apache__mod('authnz_ldap') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class("apache::mod::ldap") } + it { is_expected.to contain_apache__mod('authnz_ldap') } context 'default verifyServerCert' do - it { should contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) } + it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) } end context 'verifyServerCert = false' do let(:params) { { :verifyServerCert => false } } - it { should contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) } + it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) } end context 'verifyServerCert = wrong' do let(:params) { { :verifyServerCert => 'wrong' } } it 'should raise an error' do - expect { should raise_error Puppet::Error } + expect { is_expected.to raise_error Puppet::Error } end end end #Debian @@ -38,25 +46,30 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :id => 'root', + :kernel => 'Linux', + :operatingsystem => 'RedHat', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_class("apache::mod::ldap") } - it { should contain_apache__mod('authnz_ldap') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class("apache::mod::ldap") } + it { is_expected.to contain_apache__mod('authnz_ldap') } context 'default verifyServerCert' do - it { should contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) } + it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert On$/) } end context 'verifyServerCert = false' do let(:params) { { :verifyServerCert => false } } - it { should contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) } + it { is_expected.to contain_file('authnz_ldap.conf').with_content(/^LDAPVerifyServerCert Off$/) } end context 'verifyServerCert = wrong' do let(:params) { { :verifyServerCert => 'wrong' } } it 'should raise an error' do - expect { should raise_error Puppet::Error } + expect { is_expected.to raise_error Puppet::Error } end end end # Redhat
--- a/modules/apache/spec/classes/mod/dav_svn_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/dav_svn_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::dav_svn', :type => :class do let :pre_condition do 'include apache' @@ -5,37 +7,56 @@ context "on a Debian OS" do let :facts do { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('dav_svn') } - it { should contain_package("libapache2-svn") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dav_svn') } + it { is_expected.to contain_package("libapache2-svn") } end context "on a RedHat OS" do let :facts do { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('dav_svn') } - it { should contain_package("mod_dav_svn") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dav_svn') } + it { is_expected.to contain_package("mod_dav_svn") } end context "on a FreeBSD OS" do let :facts do { - :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', - :concat_basedir => '/dne', + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :operatingsystemmajrelease => '9', + :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('dav_svn') } - it { should contain_package("devel/subversion") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dav_svn') } + it { is_expected.to contain_package("devel/subversion") } end end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/classes/mod/deflate_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,103 @@ +require 'spec_helper' + +# This function is called inside the OS specific contexts +def general_deflate_specs + it { is_expected.to contain_apache__mod("deflate") } + + it do + is_expected.to contain_file("deflate.conf").with_content( + "AddOutputFilterByType DEFLATE text/css\n"\ + "AddOutputFilterByType DEFLATE text/html\n"\ + "\n"\ + "DeflateFilterNote Input instream\n"\ + "DeflateFilterNote Ratio ratio\n" + ) + end +end + +describe 'apache::mod::deflate', :type => :class do + let :pre_condition do + 'class { "apache": + default_mods => false, + } + class { "apache::mod::deflate": + types => [ "text/html", "text/css" ], + notes => { + "Input" => "instream", + "Ratio" => "ratio", + } + } + ' + end + + context "On a Debian OS with default params" do + let :facts do + { + :id => 'root', + :lsbdistcodename => 'squeeze', + :kernel => 'Linux', + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + + # Load the more generic tests for this context + general_deflate_specs() + + it { is_expected.to contain_file("deflate.conf").with({ + :ensure => 'file', + :path => '/etc/apache2/mods-available/deflate.conf', + } ) } + it { is_expected.to contain_file("deflate.conf symlink").with({ + :ensure => 'link', + :path => '/etc/apache2/mods-enabled/deflate.conf', + } ) } + end + + context "on a RedHat OS with default params" do + let :facts do + { + :id => 'root', + :kernel => 'Linux', + :osfamily => 'RedHat', + :operatingsystem => 'RedHat', + :operatingsystemrelease => '6', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + + # Load the more generic tests for this context + general_deflate_specs() + + it { is_expected.to contain_file("deflate.conf").with_path("/etc/httpd/conf.d/deflate.conf") } + end + + context "On a FreeBSD OS with default params" do + let :facts do + { + :id => 'root', + :kernel => 'FreeBSD', + :osfamily => 'FreeBSD', + :operatingsystem => 'FreeBSD', + :operatingsystemrelease => '9', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :concat_basedir => '/dne', + :is_pe => false, + } + end + + # Load the more generic tests for this context + general_deflate_specs() + + it { is_expected.to contain_file("deflate.conf").with({ + :ensure => 'file', + :path => '/usr/local/etc/apache24/Modules/deflate.conf', + } ) } + end +end
--- a/modules/apache/spec/classes/mod/dev_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/dev_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,10 +1,11 @@ require 'spec_helper' + describe 'apache::mod::dev', :type => :class do [ - ['RedHat', '6'], - ['Debian', '6'], - ['FreeBSD', '9'], - ].each do |osfamily, operatingsystemrelease| + ['RedHat', '6', 'Santiago'], + ['Debian', '6', 'squeeze'], + ['FreeBSD', '9', 'FreeBSD'], + ].each do |osfamily, operatingsystemrelease, lsbdistcodename| if osfamily == 'FreeBSD' let :pre_condition do 'include apache::package' @@ -13,11 +14,14 @@ context "on a #{osfamily} OS" do let :facts do { + :lsbdistcodename => lsbdistcodename, :osfamily => osfamily, + :operatingsystem => osfamily, :operatingsystemrelease => operatingsystemrelease, + :is_pe => false, } end - it { should contain_class('apache::dev') } + it { is_expected.to contain_class('apache::dev') } end end end
--- a/modules/apache/spec/classes/mod/dir_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/dir_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::dir', :type => :class do let :pre_condition do 'class { "apache": @@ -10,25 +12,31 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :lsbdistcodename => 'squeeze', + :is_pe => false, } end context "passing no parameters" do - it { should contain_class("apache::params") } - it { should contain_apache__mod('dir') } - it { should contain_file('dir.conf').with_content(/^DirectoryIndex /) } - it { should contain_file('dir.conf').with_content(/ index\.html /) } - it { should contain_file('dir.conf').with_content(/ index\.html\.var /) } - it { should contain_file('dir.conf').with_content(/ index\.cgi /) } - it { should contain_file('dir.conf').with_content(/ index\.pl /) } - it { should contain_file('dir.conf').with_content(/ index\.php /) } - it { should contain_file('dir.conf').with_content(/ index\.xhtml$/) } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dir') } + it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) } end context "passing indexes => ['example.txt','fearsome.aspx']" do let :params do {:indexes => ['example.txt','fearsome.aspx']} end - it { should contain_file('dir.conf').with_content(/ example\.txt /) } - it { should contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } + it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) } + it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } end end context "on a RedHat OS" do @@ -37,25 +45,30 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'Redhat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "passing no parameters" do - it { should contain_class("apache::params") } - it { should contain_apache__mod('dir') } - it { should contain_file('dir.conf').with_content(/^DirectoryIndex /) } - it { should contain_file('dir.conf').with_content(/ index\.html /) } - it { should contain_file('dir.conf').with_content(/ index\.html\.var /) } - it { should contain_file('dir.conf').with_content(/ index\.cgi /) } - it { should contain_file('dir.conf').with_content(/ index\.pl /) } - it { should contain_file('dir.conf').with_content(/ index\.php /) } - it { should contain_file('dir.conf').with_content(/ index\.xhtml$/) } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dir') } + it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) } end context "passing indexes => ['example.txt','fearsome.aspx']" do let :params do {:indexes => ['example.txt','fearsome.aspx']} end - it { should contain_file('dir.conf').with_content(/ example\.txt /) } - it { should contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } + it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) } + it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } end end context "on a FreeBSD OS" do @@ -64,25 +77,30 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "passing no parameters" do - it { should contain_class("apache::params") } - it { should contain_apache__mod('dir') } - it { should contain_file('dir.conf').with_content(/^DirectoryIndex /) } - it { should contain_file('dir.conf').with_content(/ index\.html /) } - it { should contain_file('dir.conf').with_content(/ index\.html\.var /) } - it { should contain_file('dir.conf').with_content(/ index\.cgi /) } - it { should contain_file('dir.conf').with_content(/ index\.pl /) } - it { should contain_file('dir.conf').with_content(/ index\.php /) } - it { should contain_file('dir.conf').with_content(/ index\.xhtml$/) } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('dir') } + it { is_expected.to contain_file('dir.conf').with_content(/^DirectoryIndex /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.html\.var /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.cgi /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.pl /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.php /) } + it { is_expected.to contain_file('dir.conf').with_content(/ index\.xhtml$/) } end context "passing indexes => ['example.txt','fearsome.aspx']" do let :params do {:indexes => ['example.txt','fearsome.aspx']} end - it { should contain_file('dir.conf').with_content(/ example\.txt /) } - it { should contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } + it { is_expected.to contain_file('dir.conf').with_content(/ example\.txt /) } + it { is_expected.to contain_file('dir.conf').with_content(/ fearsome\.aspx$/) } end end end
--- a/modules/apache/spec/classes/mod/event_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/event_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::event', :type => :class do let :pre_condition do 'class { "apache": mpm_module => false, }' @@ -8,52 +10,94 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('event') } - it { should contain_file("/usr/local/etc/apache22/Modules/event.conf").with_ensure('file') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('event') } + it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/event.conf").with_ensure('file') } end context "on a Debian OS" do let :facts do { + :lsbdistcodename => 'squeeze', :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('event') } - it { should contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file') } - it { should contain_file("/etc/apache2/mods-enabled/event.conf").with_ensure('link') } + + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('event') } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file') } + it { is_expected.to contain_file("/etc/apache2/mods-enabled/event.conf").with_ensure('link') } + + context "Test mpm_event params" do + let :params do + { + :serverlimit => '0', + :startservers => '1', + :maxclients => '2', + :minsparethreads => '3', + :maxsparethreads => '4', + :threadsperchild => '5', + :maxrequestsperchild => '6', + :threadlimit => '7', + :listenbacklog => '8', + :maxrequestworkers => '9', + :maxconnectionsperchild => '10', + } + end + + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ServerLimit\s*0/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*StartServers\s*1/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxClients\s*2/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MinSpareThreads\s*3/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxSpareThreads\s*4/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadsPerChild\s*5/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxRequestsPerChild\s*6/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ThreadLimit\s*7/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*ListenBacklog\s*8/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxRequestWorkers\s*9/) } + it { is_expected.to contain_file("/etc/apache2/mods-available/event.conf").with_ensure('file').with_content(/^\s*MaxConnectionsPerChild\s*10/) } + end context "with Apache version < 2.4" do let :params do { - :apache_version => 2.2, + :apache_version => '2.2', } end - it { should_not contain_file("/etc/apache2/mods-available/event.load") } - it { should_not contain_file("/etc/apache2/mods-enabled/event.load") } + it { is_expected.not_to contain_file("/etc/apache2/mods-available/event.load") } + it { is_expected.not_to contain_file("/etc/apache2/mods-enabled/event.load") } - it { should contain_package("apache2-mpm-event") } + it { is_expected.to contain_package("apache2-mpm-event") } end context "with Apache version >= 2.4" do let :params do { - :apache_version => 2.4, + :apache_version => '2.4', } end - it { should contain_file("/etc/apache2/mods-available/event.load").with({ + it { is_expected.to contain_file("/etc/apache2/mods-available/event.load").with({ 'ensure' => 'file', 'content' => "LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so\n" }) } - it { should contain_file("/etc/apache2/mods-enabled/event.load").with_ensure('link') } + it { is_expected.to contain_file("/etc/apache2/mods-enabled/event.load").with_ensure('link') } end end context "on a RedHat OS" do @@ -62,23 +106,28 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "with Apache version >= 2.4" do let :params do { - :apache_version => 2.4, + :apache_version => '2.4', } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('worker') } - it { should_not contain_apache__mod('prefork') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('worker') } + it { is_expected.not_to contain_apache__mod('prefork') } - it { should contain_file("/etc/httpd/conf.d/event.conf").with_ensure('file') } + it { is_expected.to contain_file("/etc/httpd/conf.d/event.conf").with_ensure('file') } - it { should contain_file("/etc/httpd/conf.d/event.load").with({ + it { is_expected.to contain_file("/etc/httpd/conf.d/event.load").with({ 'ensure' => 'file', 'content' => "LoadModule mpm_event_module modules/mod_mpm_event.so\n", })
--- a/modules/apache/spec/classes/mod/fastcgi_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/fastcgi_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::fastcgi', :type => :class do let :pre_condition do 'include apache' @@ -8,12 +10,18 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('fastcgi') } - it { should contain_package("libapache2-mod-fastcgi") } - it { should contain_file('fastcgi.conf') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('fastcgi') } + it { is_expected.to contain_package("libapache2-mod-fastcgi") } + it { is_expected.to contain_file('fastcgi.conf') } end context "on a RedHat OS" do @@ -22,11 +30,16 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('fastcgi') } - it { should contain_package("mod_fastcgi") } - it { should_not contain_file('fastcgi.conf') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('fastcgi') } + it { is_expected.to contain_package("mod_fastcgi") } + it { is_expected.not_to contain_file('fastcgi.conf') } end end
--- a/modules/apache/spec/classes/mod/fcgid_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/fcgid_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,41 +1,117 @@ +require 'spec_helper' + describe 'apache::mod::fcgid', :type => :class do let :pre_condition do 'include apache' end + context "on a Debian OS" do let :facts do { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('fcgid') } - it { should contain_package("libapache2-mod-fcgid") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('fcgid') } + it { is_expected.to contain_package("libapache2-mod-fcgid") } end + context "on a RedHat OS" do let :facts do { - :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :operatingsystemmajrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('fcgid') } - it { should contain_package("mod_fcgid") } + + describe 'without parameters' do + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('fcgid') } + it { is_expected.to contain_package("mod_fcgid") } + end + + describe 'with parameters' do + let :params do { + :options => { + 'FcgidIPCDir' => '/var/run/fcgidsock', + 'SharememPath' => '/var/run/fcgid_shm', + 'FcgidMinProcessesPerClass' => '0', + 'AddHandler' => 'fcgid-script .fcgi', + } + } end + + it 'should contain the correct config' do + content = subject.resource('file', 'fcgid.conf').send(:parameters)[:content] + expect(content.split("\n").reject { |c| c =~ /(^#|^$)/ }).to eq([ + '<IfModule mod_fcgid.c>', + ' AddHandler fcgid-script .fcgi', + ' FcgidIPCDir /var/run/fcgidsock', + ' FcgidMinProcessesPerClass 0', + ' SharememPath /var/run/fcgid_shm', + '</IfModule>', + ]) + end + end end + + context "on RHEL7" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '7', + :operatingsystemmajrelease => '7', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + + describe 'without parameters' do + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('fcgid').with({ + 'loadfile_name' => 'unixd_fcgid.load' + }) + } + it { is_expected.to contain_package("mod_fcgid") } + end + end + context "on a FreeBSD OS" do let :facts do { - :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', - :concat_basedir => '/dne', + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :operatingsystemmajrelease => '9', + :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('fcgid') } - it { should contain_package("www/mod_fcgid") } + + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('fcgid') } + it { is_expected.to contain_package("www/mod_fcgid") } end end
--- a/modules/apache/spec/classes/mod/info_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/info_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,99 +1,200 @@ # This function is called inside the OS specific contexts -def general_info_specs - it { should contain_apache__mod("info") } +def general_info_specs_22 + it { is_expected.to contain_apache__mod('info') } - it do - should contain_file("info.conf").with_content( - "<Location /server-info>\n"\ - " SetHandler server-info\n"\ - " Order deny,allow\n"\ - " Deny from all\n"\ - " Allow from 127.0.0.1 ::1\n"\ - "</Location>\n" - ) + context 'passing no parameters' do + it { + is_expected.to contain_file('info.conf').with_content( + "<Location /server-info>\n"\ + " SetHandler server-info\n"\ + " Order deny,allow\n"\ + " Deny from all\n"\ + " Allow from 127.0.0.1\n"\ + " Allow from ::1\n"\ + "</Location>\n" + ) + } + end + context 'passing restrict_access => false' do + let :params do { + :restrict_access => false + } + end + it { + is_expected.to contain_file('info.conf').with_content( + "<Location /server-info>\n"\ + " SetHandler server-info\n"\ + "</Location>\n" + ) + } + end + context "passing allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']" do + let :params do + {:allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']} + end + it { + is_expected.to contain_file('info.conf').with_content( + "<Location /server-info>\n"\ + " SetHandler server-info\n"\ + " Order deny,allow\n"\ + " Deny from all\n"\ + " Allow from 10.10.1.2\n"\ + " Allow from 192.168.1.2\n"\ + " Allow from 127.0.0.1\n"\ + "</Location>\n" + ) + } + end + context 'passing both restrict_access and allow_from' do + let :params do + { + :restrict_access => false, + :allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1'] + } + end + it { + is_expected.to contain_file('info.conf').with_content( + "<Location /server-info>\n"\ + " SetHandler server-info\n"\ + "</Location>\n" + ) + } + end +end + +def general_info_specs_24 + it { is_expected.to contain_apache__mod('info') } + + context 'passing no parameters' do + it { + is_expected.to contain_file('info.conf').with_content( + "<Location /server-info>\n"\ + " SetHandler server-info\n"\ + " Require ip 127.0.0.1 ::1\n"\ + "</Location>\n" + ) + } + end + context 'passing restrict_access => false' do + let :params do { + :restrict_access => false + } + end + it { + is_expected.to contain_file('info.conf').with_content( + "<Location /server-info>\n"\ + " SetHandler server-info\n"\ + "</Location>\n" + ) + } + end + context "passing allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']" do + let :params do + {:allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']} + end + it { + is_expected.to contain_file('info.conf').with_content( + "<Location /server-info>\n"\ + " SetHandler server-info\n"\ + " Require ip 10.10.1.2 192.168.1.2 127.0.0.1\n"\ + "</Location>\n" + ) + } + end + context 'passing both restrict_access and allow_from' do + let :params do + { + :restrict_access => false, + :allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1'] + } + end + it { + is_expected.to contain_file('info.conf').with_content( + "<Location /server-info>\n"\ + " SetHandler server-info\n"\ + "</Location>\n" + ) + } end end describe 'apache::mod::info', :type => :class do let :pre_condition do - 'include apache' + "class { 'apache': default_mods => false, }" end - context "On a Debian OS with default params" do + context 'On a Debian OS' do let :facts do { :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end # Load the more generic tests for this context - general_info_specs() + general_info_specs_22() - it { should contain_file("info.conf").with({ + it { is_expected.to contain_file('info.conf').with({ :ensure => 'file', :path => '/etc/apache2/mods-available/info.conf', } ) } - it { should contain_file("info.conf symlink").with({ + it { is_expected.to contain_file('info.conf symlink').with({ :ensure => 'link', :path => '/etc/apache2/mods-enabled/info.conf', } ) } end - context "on a RedHat OS with default params" do + context 'on a RedHat OS' do let :facts do { :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', - } - end - - # Load the more generic tests for this context - general_info_specs() - - it { should contain_file("info.conf").with_path("/etc/httpd/conf.d/info.conf") } - end - - context "On a FreeBSD OS with default params" do - let :facts do - { - :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', - :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end # Load the more generic tests for this context - general_info_specs() + general_info_specs_22() + + it { is_expected.to contain_file('info.conf').with({ + :ensure => 'file', + :path => '/etc/httpd/conf.d/info.conf', + } ) } + end - it { should contain_file("info.conf").with({ + context 'on a FreeBSD OS' do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '10', + :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + + # Load the more generic tests for this context + general_info_specs_24() + + it { is_expected.to contain_file('info.conf').with({ :ensure => 'file', - :path => '/usr/local/etc/apache22/Modules/info.conf', + :path => '/usr/local/etc/apache24/Modules/info.conf', } ) } end - context "with $allow_from => ['10.10.10.10','11.11.11.11']" do - let :facts do - { - :osfamily => 'Debian', - :operatingsystemrelease => '6', - :concat_basedir => '/dne', - } - end - let :params do - { :allow_from => ['10.10.10.10','11.11.11.11'] } - end - it do - should contain_file("info.conf").with_content( - "<Location /server-info>\n"\ - " SetHandler server-info\n"\ - " Order deny,allow\n"\ - " Deny from all\n"\ - " Allow from 10.10.10.10 11.11.11.11\n"\ - "</Location>\n" - ) - end - end end
--- a/modules/apache/spec/classes/mod/itk_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/itk_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::itk', :type => :class do let :pre_condition do 'class { "apache": mpm_module => false, }' @@ -8,51 +10,64 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('itk') } - it { should contain_file("/etc/apache2/mods-available/itk.conf").with_ensure('file') } - it { should contain_file("/etc/apache2/mods-enabled/itk.conf").with_ensure('link') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('itk') } + it { is_expected.to contain_file("/etc/apache2/mods-available/itk.conf").with_ensure('file') } + it { is_expected.to contain_file("/etc/apache2/mods-enabled/itk.conf").with_ensure('link') } context "with Apache version < 2.4" do let :params do { - :apache_version => 2.2, + :apache_version => '2.2', } end - it { should_not contain_file("/etc/apache2/mods-available/itk.load") } - it { should_not contain_file("/etc/apache2/mods-enabled/itk.load") } + it { is_expected.not_to contain_file("/etc/apache2/mods-available/itk.load") } + it { is_expected.not_to contain_file("/etc/apache2/mods-enabled/itk.load") } - it { should contain_package("apache2-mpm-itk") } + it { is_expected.to contain_package("apache2-mpm-itk") } end context "with Apache version >= 2.4" do let :params do { - :apache_version => 2.4, + :apache_version => '2.4', } end - it { should contain_file("/etc/apache2/mods-available/itk.load").with({ + it { is_expected.to contain_file("/etc/apache2/mods-available/itk.load").with({ 'ensure' => 'file', 'content' => "LoadModule mpm_itk_module /usr/lib/apache2/modules/mod_mpm_itk.so\n" }) } - it { should contain_file("/etc/apache2/mods-enabled/itk.load").with_ensure('link') } + it { is_expected.to contain_file("/etc/apache2/mods-enabled/itk.load").with_ensure('link') } end end context "on a FreeBSD OS" do let :facts do { :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', + :operatingsystemrelease => '10', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + :mpm_module => 'itk', } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('itk') } - it { should contain_file("/usr/local/etc/apache22/Modules/itk.conf").with_ensure('file') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('itk') } + it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/itk.conf").with_ensure('file') } + it { is_expected.to contain_package("www/mod_mpm_itk") } end end
--- a/modules/apache/spec/classes/mod/mime_magic_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/mime_magic_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,6 +1,8 @@ +require 'spec_helper' + # This function is called inside the OS specific contexts def general_mime_magic_specs - it { should contain_apache__mod("mime_magic") } + it { is_expected.to contain_apache__mod("mime_magic") } end describe 'apache::mod::mime_magic', :type => :class do @@ -14,22 +16,28 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end general_mime_magic_specs() it do - should contain_file("mime_magic.conf").with_content( + is_expected.to contain_file("mime_magic.conf").with_content( "MIMEMagicFile \"/etc/apache2/magic\"\n" ) end - it { should contain_file("mime_magic.conf").with({ + it { is_expected.to contain_file("mime_magic.conf").with({ :ensure => 'file', :path => '/etc/apache2/mods-available/mime_magic.conf', } ) } - it { should contain_file("mime_magic.conf symlink").with({ + it { is_expected.to contain_file("mime_magic.conf symlink").with({ :ensure => 'link', :path => '/etc/apache2/mods-enabled/mime_magic.conf', } ) } @@ -40,7 +48,7 @@ end it do - should contain_file("mime_magic.conf").with_content( + is_expected.to contain_file("mime_magic.conf").with_content( "MIMEMagicFile \"/tmp/Debian_magic\"\n" ) end @@ -54,18 +62,23 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end general_mime_magic_specs() it do - should contain_file("mime_magic.conf").with_content( + is_expected.to contain_file("mime_magic.conf").with_content( "MIMEMagicFile \"/etc/httpd/conf/magic\"\n" ) end - it { should contain_file("mime_magic.conf").with_path("/etc/httpd/conf.d/mime_magic.conf") } + it { is_expected.to contain_file("mime_magic.conf").with_path("/etc/httpd/conf.d/mime_magic.conf") } end @@ -75,6 +88,12 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -83,7 +102,7 @@ end it do - should contain_file("mime_magic.conf").with_content( + is_expected.to contain_file("mime_magic.conf").with_content( "MIMEMagicFile \"/tmp/magic\"\n" ) end
--- a/modules/apache/spec/classes/mod/mime_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/mime_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -2,7 +2,7 @@ # This function is called inside the OS specific conte, :compilexts def general_mime_specs - it { should contain_apache__mod("mime") } + it { is_expected.to contain_apache__mod("mime") } end describe 'apache::mod::mime', :type => :class do @@ -16,12 +16,18 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end general_mime_specs() - it { should contain_file("mime.conf").with_path('/etc/apache2/mods-available/mime.conf') } + it { is_expected.to contain_file("mime.conf").with_path('/etc/apache2/mods-available/mime.conf') } end @@ -31,12 +37,17 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end general_mime_specs() - it { should contain_file("mime.conf").with_path("/etc/httpd/conf.d/mime.conf") } + it { is_expected.to contain_file("mime.conf").with_path("/etc/httpd/conf.d/mime.conf") } end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/classes/mod/negotiation_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,65 @@ +require 'spec_helper' + +describe 'apache::mod::negotiation', :type => :class do + describe "OS independent tests" do + + let :facts do + { + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + + context "default params" do + let :pre_condition do + 'class {"::apache": }' + end + it { should contain_class("apache") } + it do + should contain_file('negotiation.conf').with( { + :ensure => 'file', + :content => 'LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW +ForceLanguagePriority Prefer Fallback +', + } ) + end + end + + context 'with force_language_priority parameter' do + let :pre_condition do + 'class {"::apache": default_mods => ["negotiation"]}' + end + let :params do + { :force_language_priority => 'Prefer' } + end + it do + should contain_file('negotiation.conf').with( { + :ensure => 'file', + :content => /^ForceLanguagePriority Prefer$/, + } ) + end + end + + context 'with language_priority parameter' do + let :pre_condition do + 'class {"::apache": default_mods => ["negotiation"]}' + end + let :params do + { :language_priority => [ 'en', 'es' ] } + end + it do + should contain_file('negotiation.conf').with( { + :ensure => 'file', + :content => /^LanguagePriority en es$/, + } ) + end + end + end +end
--- a/modules/apache/spec/classes/mod/pagespeed_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/pagespeed_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::pagespeed', :type => :class do let :pre_condition do 'include apache' @@ -8,12 +10,18 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('pagespeed') } - it { should contain_package("mod-pagespeed-stable") } - it { should contain_file('pagespeed.conf') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('pagespeed') } + it { is_expected.to contain_package("mod-pagespeed-stable") } + it { is_expected.to contain_file('pagespeed.conf') } end context "on a RedHat OS" do @@ -22,11 +30,16 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('pagespeed') } - it { should contain_package("mod-pagespeed-stable") } - it { should contain_file('pagespeed.conf') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('pagespeed') } + it { is_expected.to contain_package("mod-pagespeed-stable") } + it { is_expected.to contain_file('pagespeed.conf') } end end
--- a/modules/apache/spec/classes/mod/passenger_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/passenger_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::passenger', :type => :class do let :pre_condition do 'include apache' @@ -7,155 +9,235 @@ { :osfamily => 'Debian', :operatingsystemrelease => '6', + :kernel => 'Linux', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('passenger') } - it { should contain_package("libapache2-mod-passenger") } - it { should contain_file('passenger.load').with({ + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('passenger') } + it { is_expected.to contain_package("libapache2-mod-passenger") } + it { is_expected.to contain_file('passenger.load').with({ 'path' => '/etc/apache2/mods-available/passenger.load', }) } - it { should contain_file('passenger_package.conf').with({ + it { is_expected.to contain_file('passenger.conf').with({ 'path' => '/etc/apache2/mods-available/passenger.conf', }) } - it { should contain_file('passenger_package.conf').without_content } - it { should contain_file('passenger_package.conf').without_source } - it { should contain_file('passenger.conf').with({ - 'path' => '/etc/apache2/mods-available/passenger_extra.conf', - }) } - it { should contain_file('passenger.conf').without_content(/PassengerRoot/) } - it { should contain_file('passenger.conf').without_content(/PassengerRuby/) } + it { is_expected.to contain_file('passenger_package.conf').with_ensure('absent') } describe "with passenger_root => '/usr/lib/example'" do let :params do { :passenger_root => '/usr/lib/example' } end - it { should contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/example"}) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/example"}) } end describe "with passenger_ruby => /usr/lib/example/ruby" do let :params do { :passenger_ruby => '/usr/lib/example/ruby' } end - it { should contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby"}) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby"}) } end - describe "with passenger_high_performance => true" do + describe "with passenger_default_ruby => /usr/lib/example/ruby1.9.3" do let :params do - { :passenger_high_performance => 'true' } + { :passenger_ruby => '/usr/lib/example/ruby1.9.3' } end - it { should contain_file('passenger.conf').with_content(/^ PassengerHighPerformance true$/) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby1.9.3"}) } + end + describe "with passenger_high_performance => on" do + let :params do + { :passenger_high_performance => 'on' } + end + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerHighPerformance on$/) } end describe "with passenger_pool_idle_time => 1200" do let :params do { :passenger_pool_idle_time => 1200 } end - it { should contain_file('passenger.conf').with_content(/^ PassengerPoolIdleTime 1200$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerPoolIdleTime 1200$/) } end describe "with passenger_max_requests => 20" do let :params do { :passenger_max_requests => 20 } end - it { should contain_file('passenger.conf').with_content(/^ PassengerMaxRequests 20$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerMaxRequests 20$/) } end describe "with passenger_stat_throttle_rate => 10" do let :params do { :passenger_stat_throttle_rate => 10 } end - it { should contain_file('passenger.conf').with_content(/^ PassengerStatThrottleRate 10$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerStatThrottleRate 10$/) } end describe "with passenger_max_pool_size => 16" do let :params do { :passenger_max_pool_size => 16 } end - it { should contain_file('passenger.conf').with_content(/^ PassengerMaxPoolSize 16$/) } - end - describe "with rack_autodetect => true" do - let :params do - { :rack_autodetect => true } - end - it { should contain_file('passenger.conf').with_content(/^ RackAutoDetect true$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerMaxPoolSize 16$/) } end - describe "with rails_autodetect => true" do + describe "with rack_autodetect => on" do let :params do - { :rails_autodetect => true } + { :rack_autodetect => 'on' } end - it { should contain_file('passenger.conf').with_content(/^ RailsAutoDetect true$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ RackAutoDetect on$/) } end - describe "with passenger_root => '/usr/lib/example'" do + describe "with rails_autodetect => on" do let :params do - { :passenger_root => '/usr/lib/example' } - end - it { should contain_file('passenger.conf').with_content(/^ PassengerRoot "\/usr\/lib\/example"$/) } - end - describe "with passenger_ruby => /usr/lib/example/ruby" do - let :params do - { :passenger_ruby => '/usr/lib/example/ruby' } + { :rails_autodetect => 'on' } end - it { should contain_file('passenger.conf').with_content(/^ PassengerRuby "\/usr\/lib\/example\/ruby"$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ RailsAutoDetect on$/) } end - describe "with passenger_use_global_queue => true" do + describe "with passenger_use_global_queue => on" do let :params do - { :passenger_use_global_queue => 'true' } + { :passenger_use_global_queue => 'on' } end - it { should contain_file('passenger.conf').with_content(/^ PassengerUseGlobalQueue true$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerUseGlobalQueue on$/) } end describe "with mod_path => '/usr/lib/foo/mod_foo.so'" do let :params do { :mod_path => '/usr/lib/foo/mod_foo.so' } end - it { should contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_foo\.so$/) } + it { is_expected.to contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_foo\.so$/) } end describe "with mod_lib_path => '/usr/lib/foo'" do let :params do { :mod_lib_path => '/usr/lib/foo' } end - it { should contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_passenger\.so$/) } + it { is_expected.to contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/foo\/mod_passenger\.so$/) } end describe "with mod_lib => 'mod_foo.so'" do let :params do { :mod_lib => 'mod_foo.so' } end - it { should contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/apache2\/modules\/mod_foo\.so$/) } + it { is_expected.to contain_file('passenger.load').with_content(/^LoadModule passenger_module \/usr\/lib\/apache2\/modules\/mod_foo\.so$/) } end describe "with mod_id => 'mod_foo'" do let :params do { :mod_id => 'mod_foo' } end - it { should contain_file('passenger.load').with_content(/^LoadModule mod_foo \/usr\/lib\/apache2\/modules\/mod_passenger\.so$/) } + it { is_expected.to contain_file('passenger.load').with_content(/^LoadModule mod_foo \/usr\/lib\/apache2\/modules\/mod_passenger\.so$/) } + end + + context "with Ubuntu 12.04 defaults" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '12.04', + :kernel => 'Linux', + :operatingsystem => 'Ubuntu', + :lsbdistrelease => '12.04', + :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr"}) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/bin/ruby"}) } + it { is_expected.to contain_file('passenger.conf').without_content(/PassengerDefaultRuby/) } end + context "with Ubuntu 14.04 defaults" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '14.04', + :operatingsystem => 'Ubuntu', + :kernel => 'Linux', + :lsbdistrelease => '14.04', + :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini"}) } + it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRuby/) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerDefaultRuby "/usr/bin/ruby"}) } + end + + context "with Debian 7 defaults" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '7.3', + :operatingsystem => 'Debian', + :kernel => 'Linux', + :lsbdistcodename => 'wheezy', + :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr"}) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/bin/ruby"}) } + it { is_expected.to contain_file('passenger.conf').without_content(/PassengerDefaultRuby/) } + end + + context "with Debian 8 defaults" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '8.0', + :operatingsystem => 'Debian', + :kernel => 'Linux', + :lsbdistcodename => 'jessie', + :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini"}) } + it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRuby/) } + it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerDefaultRuby "/usr/bin/ruby"}) } + end end + context "on a RedHat OS" do let :facts do { :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('passenger') } - it { should contain_package("mod_passenger") } - it { should contain_file('passenger_package.conf').with({ + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('passenger') } + it { is_expected.to contain_package("mod_passenger") } + it { is_expected.to contain_file('passenger_package.conf').with({ 'path' => '/etc/httpd/conf.d/passenger.conf', }) } - it { should contain_file('passenger_package.conf').without_content } - it { should contain_file('passenger_package.conf').without_source } - it { should contain_file('passenger.load').with({ + it { is_expected.to contain_file('passenger_package.conf').without_content } + it { is_expected.to contain_file('passenger_package.conf').without_source } + it { is_expected.to contain_file('passenger.load').with({ 'path' => '/etc/httpd/conf.d/passenger.load', }) } - it { should contain_file('passenger.conf').without_content(/PassengerRoot/) } - it { should contain_file('passenger.conf').without_content(/PassengerRuby/) } + it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRoot/) } + it { is_expected.to contain_file('passenger.conf').without_content(/PassengerRuby/) } describe "with passenger_root => '/usr/lib/example'" do let :params do { :passenger_root => '/usr/lib/example' } end - it { should contain_file('passenger.conf').with_content(/^ PassengerRoot "\/usr\/lib\/example"$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerRoot "\/usr\/lib\/example"$/) } end describe "with passenger_ruby => /usr/lib/example/ruby" do let :params do { :passenger_ruby => '/usr/lib/example/ruby' } end - it { should contain_file('passenger.conf').with_content(/^ PassengerRuby "\/usr\/lib\/example\/ruby"$/) } + it { is_expected.to contain_file('passenger.conf').with_content(/^ PassengerRuby "\/usr\/lib\/example\/ruby"$/) } end end context "on a FreeBSD OS" do @@ -164,10 +246,15 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('passenger') } - it { should contain_package("www/rubygem-passenger") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('passenger') } + it { is_expected.to contain_package("www/rubygem-passenger") } end end
--- a/modules/apache/spec/classes/mod/perl_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/perl_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::perl', :type => :class do let :pre_condition do 'include apache' @@ -8,11 +10,17 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('perl') } - it { should contain_package("libapache2-mod-perl2") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('perl') } + it { is_expected.to contain_package("libapache2-mod-perl2") } end context "on a RedHat OS" do let :facts do @@ -20,11 +28,16 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('perl') } - it { should contain_package("mod_perl") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('perl') } + it { is_expected.to contain_package("mod_perl") } end context "on a FreeBSD OS" do let :facts do @@ -32,10 +45,15 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('perl') } - it { should contain_package("www/mod_perl2") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('perl') } + it { is_expected.to contain_package("www/mod_perl2") } end end
--- a/modules/apache/spec/classes/mod/peruser_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/peruser_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::peruser', :type => :class do let :pre_condition do 'class { "apache": mpm_module => false, }' @@ -6,12 +8,19 @@ let :facts do { :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', + :operatingsystemrelease => '10', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('peruser') } - it { should contain_file("/usr/local/etc/apache22/Modules/peruser.conf").with_ensure('file') } + it do + expect { + should compile + }.to raise_error(Puppet::Error, /Unsupported osfamily FreeBSD/) + end end end
--- a/modules/apache/spec/classes/mod/php_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/php_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::php', :type => :class do describe "on a Debian OS" do let :facts do @@ -5,26 +7,37 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "with mpm_module => prefork" do let :pre_condition do 'class { "apache": mpm_module => prefork, }' end - it { should contain_class("apache::params") } - it { should contain_apache__mod('php5') } - it { should contain_package("libapache2-mod-php5") } - it { should contain_file("php5.load").with( + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class("apache::mod::prefork") } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package("libapache2-mod-php5") } + it { is_expected.to contain_file("php5.load").with( :content => "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n" ) } end - context 'with mpm_module => worker' do + context "with mpm_module => itk" do let :pre_condition do - 'class { "apache": mpm_module => worker, }' + 'class { "apache": mpm_module => itk, }' end - it 'should raise an error' do - expect { subject }.to raise_error Puppet::Error, /mpm_module => 'prefork'/ - end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class("apache::mod::itk") } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package("libapache2-mod-php5") } + it { is_expected.to contain_file("php5.load").with( + :content => "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n" + ) } end end describe "on a RedHat OS" do @@ -33,16 +46,21 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "with default params" do let :pre_condition do 'class { "apache": }' end - it { should contain_class("apache::params") } - it { should contain_apache__mod('php5') } - it { should contain_package("php") } - it { should contain_file("php5.load").with( + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package("php") } + it { is_expected.to contain_file("php5.load").with( :content => "LoadModule php5_module modules/libphp5.so\n" ) } end @@ -52,7 +70,7 @@ let :params do { :package_name => 'php54'} end - it { should contain_package("php54") } + it { is_expected.to contain_package("php54") } end context "with alternative path" do let :pre_condition do 'class { "apache": }' @@ -60,7 +78,7 @@ let :params do { :path => 'alternative-path'} end - it { should contain_file("php5.load").with( + it { is_expected.to contain_file("php5.load").with( :content => "LoadModule php5_module alternative-path\n" ) } end @@ -70,7 +88,7 @@ let :params do { :extensions => ['.php','.php5']} end - it { should contain_file("php5.conf").with_content(/AddHandler php5-script .php .php5\n/) } + it { is_expected.to contain_file("php5.conf").with_content(/AddHandler php5-script .php .php5\n/) } end context "with specific version" do let :pre_condition do @@ -79,7 +97,7 @@ let :params do { :package_ensure => '5.3.13'} end - it { should contain_package("php").with( + it { is_expected.to contain_package("php").with( :ensure => '5.3.13' ) } end @@ -87,38 +105,151 @@ let :pre_condition do 'class { "apache": mpm_module => prefork, }' end - it { should contain_class("apache::params") } - it { should contain_apache__mod('php5') } - it { should contain_package("php") } - it { should contain_file("php5.load").with( + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class("apache::mod::prefork") } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package("php") } + it { is_expected.to contain_file("php5.load").with( :content => "LoadModule php5_module modules/libphp5.so\n" ) } end + context "with mpm_module => itk" do + let :pre_condition do + 'class { "apache": mpm_module => itk, }' + end + it 'should raise an error' do + expect { expect(subject).to contain_class("apache::mod::itk") }.to raise_error Puppet::Error, /Unsupported osfamily RedHat/ + end + end end describe "on a FreeBSD OS" do let :facts do { :osfamily => 'FreeBSD', - :operatingsystemrelease => '9', + :operatingsystemrelease => '10', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end context "with mpm_module => prefork" do let :pre_condition do 'class { "apache": mpm_module => prefork, }' end - it { should contain_class('apache::params') } - it { should contain_apache__mod('php5') } - it { should contain_package("lang/php5") } - it { should contain_file('php5.load') } + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package("www/mod_php5") } + it { is_expected.to contain_file('php5.load') } + end + context "with mpm_module => itk" do + let :pre_condition do + 'class { "apache": mpm_module => itk, }' + end + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_class('apache::mod::itk') } + it { is_expected.to contain_apache__mod('php5') } + it { is_expected.to contain_package("www/mod_php5") } + it { is_expected.to contain_file('php5.load') } + end + end + describe "OS independent tests" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :kernel => 'Linux', + :lsbdistcodename => 'squeeze', + :concat_basedir => '/dne', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + context 'with content param' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do + { :content => 'somecontent' } + end + it { should contain_file('php5.conf').with( + :content => 'somecontent' + ) } + end + context 'with template param' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do + { :template => 'apache/mod/php5.conf.erb' } + end + it { should contain_file('php5.conf').with( + :content => /^# PHP is an HTML-embedded scripting language which attempts to make it/ + ) } end - # FIXME: not sure about the following context + context 'with source param' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do + { :source => 'some-path' } + end + it { should contain_file('php5.conf').with( + :source => 'some-path' + ) } + end + context 'content has priority over template' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do + { + :template => 'apache/mod/php5.conf.erb', + :content => 'somecontent' + } + end + it { should contain_file('php5.conf').with( + :content => 'somecontent' + ) } + end + context 'source has priority over template' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do + { + :template => 'apache/mod/php5.conf.erb', + :source => 'some-path' + } + end + it { should contain_file('php5.conf').with( + :source => 'some-path' + ) } + end + context 'source has priority over content' do + let :pre_condition do + 'class { "apache": mpm_module => prefork, }' + end + let :params do + { + :content => 'somecontent', + :source => 'some-path' + } + end + it { should contain_file('php5.conf').with( + :source => 'some-path' + ) } + end context 'with mpm_module => worker' do let :pre_condition do 'class { "apache": mpm_module => worker, }' end it 'should raise an error' do - expect { subject.should contain_apache__mod('php5') }.to raise_error Puppet::Error, /mpm_module => 'prefork'/ + expect { expect(subject).to contain_apache__mod('php5') }.to raise_error Puppet::Error, /mpm_module => 'prefork' or mpm_module => 'itk'/ end end end
--- a/modules/apache/spec/classes/mod/prefork_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/prefork_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::prefork', :type => :class do let :pre_condition do 'class { "apache": mpm_module => false, }' @@ -8,39 +10,45 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('prefork') } - it { should contain_file("/etc/apache2/mods-available/prefork.conf").with_ensure('file') } - it { should contain_file("/etc/apache2/mods-enabled/prefork.conf").with_ensure('link') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('prefork') } + it { is_expected.to contain_file("/etc/apache2/mods-available/prefork.conf").with_ensure('file') } + it { is_expected.to contain_file("/etc/apache2/mods-enabled/prefork.conf").with_ensure('link') } context "with Apache version < 2.4" do let :params do { - :apache_version => 2.2, + :apache_version => '2.2', } end - it { should_not contain_file("/etc/apache2/mods-available/prefork.load") } - it { should_not contain_file("/etc/apache2/mods-enabled/prefork.load") } + it { is_expected.not_to contain_file("/etc/apache2/mods-available/prefork.load") } + it { is_expected.not_to contain_file("/etc/apache2/mods-enabled/prefork.load") } - it { should contain_package("apache2-mpm-prefork") } + it { is_expected.to contain_package("apache2-mpm-prefork") } end context "with Apache version >= 2.4" do let :params do { - :apache_version => 2.4, + :apache_version => '2.4', } end - it { should contain_file("/etc/apache2/mods-available/prefork.load").with({ + it { is_expected.to contain_file("/etc/apache2/mods-available/prefork.load").with({ 'ensure' => 'file', 'content' => "LoadModule mpm_prefork_module /usr/lib/apache2/modules/mod_mpm_prefork.so\n" }) } - it { should contain_file("/etc/apache2/mods-enabled/prefork.load").with_ensure('link') } + it { is_expected.to contain_file("/etc/apache2/mods-enabled/prefork.load").with_ensure('link') } end end context "on a RedHat OS" do @@ -49,20 +57,25 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('prefork') } - it { should contain_file("/etc/httpd/conf.d/prefork.conf").with_ensure('file') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('prefork') } + it { is_expected.to contain_file("/etc/httpd/conf.d/prefork.conf").with_ensure('file') } context "with Apache version < 2.4" do let :params do { - :apache_version => 2.2, + :apache_version => '2.2', } end - it { should contain_file_line("/etc/sysconfig/httpd prefork enable").with({ + it { is_expected.to contain_file_line("/etc/sysconfig/httpd prefork enable").with({ 'require' => 'Package[httpd]', }) } @@ -71,13 +84,13 @@ context "with Apache version >= 2.4" do let :params do { - :apache_version => 2.4, + :apache_version => '2.4', } end - it { should_not contain_apache__mod('event') } + it { is_expected.not_to contain_apache__mod('event') } - it { should contain_file("/etc/httpd/conf.d/prefork.load").with({ + it { is_expected.to contain_file("/etc/httpd/conf.d/prefork.load").with({ 'ensure' => 'file', 'content' => "LoadModule mpm_prefork_module modules/mod_mpm_prefork.so\n", }) @@ -90,10 +103,15 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('prefork') } - it { should contain_file("/usr/local/etc/apache22/Modules/prefork.conf").with_ensure('file') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('prefork') } + it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/prefork.conf").with_ensure('file') } end end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/classes/mod/proxy_connect_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,51 @@ +require 'spec_helper' + +describe 'apache::mod::proxy_connect', :type => :class do + let :pre_condition do + [ + 'include apache', + 'include apache::mod::proxy', + ] + end + context 'on a Debian OS' do + let :facts do + { + :osfamily => 'Debian', + :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + context 'with Apache version < 2.4' do + let :facts do + super().merge({ + :operatingsystemrelease => '7.0', + :lsbdistcodename => 'wheezy', + }) + end + let :params do + { + :apache_version => '2.2', + } + end + it { is_expected.not_to contain_apache__mod('proxy_connect') } + end + context 'with Apache version >= 2.4' do + let :facts do + super().merge({ + :operatingsystemrelease => '8.0', + :lsbdistcodename => 'jessie', + }) + end + let :params do + { + :apache_version => '2.4', + } + end + it { is_expected.to contain_apache__mod('proxy_connect') } + end + end +end
--- a/modules/apache/spec/classes/mod/proxy_html_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/proxy_html_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::proxy_html', :type => :class do let :pre_condition do [ @@ -8,15 +10,22 @@ end context "on a Debian OS" do shared_examples "debian" do |loadfiles| - it { should contain_class("apache::params") } - it { should contain_apache__mod('proxy_html').with(:loadfiles => loadfiles) } - it { should contain_package("libapache2-mod-proxy-html") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => loadfiles) } + it { is_expected.to contain_package("libapache2-mod-proxy-html") } end let :facts do { - :osfamily => 'Debian', - :concat_basedir => '/dne', - :architecture => 'i386' + :osfamily => 'Debian', + :concat_basedir => '/dne', + :architecture => 'i386', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :hardwaremodel => 'i386', + :is_pe => false, } end @@ -48,11 +57,16 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('proxy_html').with(:loadfiles => nil) } - it { should contain_package("mod_proxy_html") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => nil) } + it { is_expected.to contain_package("mod_proxy_html") } end context "on a FreeBSD OS", :compile do let :facts do @@ -60,10 +74,15 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('proxy_html').with(:loadfiles => nil) } - it { should contain_package("www/mod_proxy_html") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('proxy_html').with(:loadfiles => nil) } + it { is_expected.to contain_package("www/mod_proxy_html") } end end
--- a/modules/apache/spec/classes/mod/python_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/python_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::python', :type => :class do let :pre_condition do 'include apache' @@ -8,11 +10,17 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod("python") } - it { should contain_package("libapache2-mod-python") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("python") } + it { is_expected.to contain_package("libapache2-mod-python") } end context "on a RedHat OS" do let :facts do @@ -20,11 +28,16 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod("python") } - it { should contain_package("mod_python") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("python") } + it { is_expected.to contain_package("mod_python") } end context "on a FreeBSD OS" do let :facts do @@ -32,10 +45,15 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod("python") } - it { should contain_package("www/mod_python3") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod("python") } + it { is_expected.to contain_package("www/mod_python3") } end end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/classes/mod/reqtimeout_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,115 @@ +require 'spec_helper' + +describe 'apache::mod::reqtimeout', :type => :class do + let :pre_condition do + 'class { "apache": + default_mods => false, + }' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :lsbdistcodename => 'squeeze', + :is_pe => false, + } + end + context "passing no parameters" do + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$/) } + end + context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do + let :params do + {:timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']} + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$/) } + end + context "passing timeouts => 'header=20-60,minrate=600'" do + let :params do + {:timeouts => 'header=20-60,minrate=600'} + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600$/) } + end + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'Redhat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + context "passing no parameters" do + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$/) } + end + context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do + let :params do + {:timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']} + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$/) } + end + context "passing timeouts => 'header=20-60,minrate=600'" do + let :params do + {:timeouts => 'header=20-60,minrate=600'} + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600$/) } + end + end + context "on a FreeBSD OS" do + let :facts do + { + :osfamily => 'FreeBSD', + :operatingsystemrelease => '9', + :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + context "passing no parameters" do + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$/) } + end + context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do + let :params do + {:timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']} + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$/) } + end + context "passing timeouts => 'header=20-60,minrate=600'" do + let :params do + {:timeouts => 'header=20-60,minrate=600'} + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('reqtimeout') } + it { is_expected.to contain_file('reqtimeout.conf').with_content(/^RequestReadTimeout header=20-60,minrate=600$/) } + end + end +end
--- a/modules/apache/spec/classes/mod/rpaf_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/rpaf_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::rpaf', :type => :class do let :pre_condition do [ @@ -10,33 +12,39 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('rpaf') } - it { should contain_package("libapache2-mod-rpaf") } - it { should contain_file('rpaf.conf').with({ + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('rpaf') } + it { is_expected.to contain_package("libapache2-mod-rpaf") } + it { is_expected.to contain_file('rpaf.conf').with({ 'path' => '/etc/apache2/mods-available/rpaf.conf', }) } - it { should contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } describe "with sethostname => true" do let :params do { :sethostname => 'true' } end - it { should contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) } end describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do let :params do { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] } end - it { should contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) } end describe "with header => X-Real-IP" do let :params do { :header => 'X-Real-IP' } end - it { should contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) } end end context "on a FreeBSD OS" do @@ -45,33 +53,38 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('rpaf') } - it { should contain_package("www/mod_rpaf2") } - it { should contain_file('rpaf.conf').with({ - 'path' => '/usr/local/etc/apache22/Modules/rpaf.conf', + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__mod('rpaf') } + it { is_expected.to contain_package("www/mod_rpaf2") } + it { is_expected.to contain_file('rpaf.conf').with({ + 'path' => '/usr/local/etc/apache24/Modules/rpaf.conf', }) } - it { should contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFenable On$/) } describe "with sethostname => true" do let :params do { :sethostname => 'true' } end - it { should contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFsethostname On$/) } end describe "with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]" do let :params do { :proxy_ips => [ '10.42.17.8', '10.42.18.99' ] } end - it { should contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFproxy_ips 10.42.17.8 10.42.18.99$/) } end describe "with header => X-Real-IP" do let :params do { :header => 'X-Real-IP' } end - it { should contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) } + it { is_expected.to contain_file('rpaf.conf').with_content(/^RPAFheader X-Real-IP$/) } end end end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/classes/mod/security_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,95 @@ +require 'spec_helper' + +describe 'apache::mod::security', :type => :class do + let :pre_condition do + 'include apache' + end + + context "on RedHat based systems" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystem => 'CentOS', + :operatingsystemrelease => '7', + :kernel => 'Linux', + :id => 'root', + :concat_basedir => '/', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { should contain_apache__mod('security').with( + :id => 'security2_module', + :lib => 'mod_security2.so' + ) } + it { should contain_apache__mod('unique_id_module').with( + :id => 'unique_id_module', + :lib => 'mod_unique_id.so' + ) } + it { should contain_package('mod_security_crs') } + it { should contain_file('security.conf').with( + :path => '/etc/httpd/conf.d/security.conf' + ) } + it { should contain_file('/etc/httpd/modsecurity.d').with( + :ensure => 'directory', + :path => '/etc/httpd/modsecurity.d', + :owner => 'apache', + :group => 'apache' + ) } + it { should contain_file('/etc/httpd/modsecurity.d/activated_rules').with( + :ensure => 'directory', + :path => '/etc/httpd/modsecurity.d/activated_rules', + :owner => 'apache', + :group => 'apache' + ) } + it { should contain_file('/etc/httpd/modsecurity.d/security_crs.conf').with( + :path => '/etc/httpd/modsecurity.d/security_crs.conf' + ) } + it { should contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') } + end + + context "on Debian based systems" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/', + :lsbdistcodename => 'squeeze', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernel => 'Linux', + :is_pe => false, + } + end + it { should contain_apache__mod('security').with( + :id => 'security2_module', + :lib => 'mod_security2.so' + ) } + it { should contain_apache__mod('unique_id_module').with( + :id => 'unique_id_module', + :lib => 'mod_unique_id.so' + ) } + it { should contain_package('modsecurity-crs') } + it { should contain_file('security.conf').with( + :path => '/etc/apache2/mods-available/security.conf' + ) } + it { should contain_file('/etc/modsecurity').with( + :ensure => 'directory', + :path => '/etc/modsecurity', + :owner => 'www-data', + :group => 'www-data' + ) } + it { should contain_file('/etc/modsecurity/activated_rules').with( + :ensure => 'directory', + :path => '/etc/modsecurity/activated_rules', + :owner => 'www-data', + :group => 'www-data' + ) } + it { should contain_file('/etc/modsecurity/security_crs.conf').with( + :path => '/etc/modsecurity/security_crs.conf' + ) } + it { should contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') } + end + +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/classes/mod/shib_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,42 @@ +describe 'apache::mod::shib', :type => :class do + let :pre_condition do + 'include apache' + end + context "on a Debian OS" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :fqdn => 'test.example.com', + :is_pe => false, + } + end + describe 'with no parameters' do + it { should contain_apache__mod('shib2').with_id('mod_shib') } + end + end + context "on a RedHat OS" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :fqdn => 'test.example.com', + :is_pe => false, + } + end + describe 'with no parameters' do + it { should contain_apache__mod('shib2').with_id('mod_shib') } + end + end +end
--- a/modules/apache/spec/classes/mod/speling_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/speling_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::speling', :type => :class do let :pre_condition do 'include apache' @@ -8,9 +10,15 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_apache__mod('speling') } + it { is_expected.to contain_apache__mod('speling') } end context "on a RedHat OS" do @@ -19,8 +27,13 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_apache__mod('speling') } + it { is_expected.to contain_apache__mod('speling') } end end
--- a/modules/apache/spec/classes/mod/ssl_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/ssl_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::ssl', :type => :class do let :pre_condition do 'include apache' @@ -8,6 +10,11 @@ :osfamily => 'Magic', :operatingsystemrelease => '0', :concat_basedir => '/dne', + :operatingsystem => 'Magic', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end it { expect { subject }.to raise_error(Puppet::Error, /Unsupported osfamily:/) } @@ -19,11 +26,25 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class('apache::params') } - it { should contain_apache__mod('ssl') } - it { should contain_package('mod_ssl') } + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('ssl') } + it { is_expected.to contain_package('mod_ssl') } + context 'with a custom package_name parameter' do + let :params do + { :package_name => 'httpd24-mod_ssl' } + end + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('ssl') } + it { is_expected.to contain_package('httpd24-mod_ssl') } + it { is_expected.not_to contain_package('mod_ssl') } + end end context 'on a Debian OS' do @@ -32,11 +53,17 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class('apache::params') } - it { should contain_apache__mod('ssl') } - it { should_not contain_package('libapache2-mod-ssl') } + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('ssl') } + it { is_expected.not_to contain_package('libapache2-mod-ssl') } end context 'on a FreeBSD OS' do @@ -45,9 +72,53 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class('apache::params') } + it { is_expected.to contain_apache__mod('ssl') } + end + + # Template config doesn't vary by distro + context "on all distros" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystem => 'CentOS', + :operatingsystemrelease => '6', + :kernel => 'Linux', + :id => 'root', + :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class('apache::params') } - it { should contain_apache__mod('ssl') } + + context 'not setting ssl_pass_phrase_dialog' do + it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLPassPhraseDialog builtin$/)} + end + + context 'setting ssl_pass_phrase_dialog' do + let :params do + { + :ssl_pass_phrase_dialog => 'exec:/path/to/program', + } + end + it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLPassPhraseDialog exec:\/path\/to\/program$/)} + end + + context 'setting ssl_random_seed_bytes' do + let :params do + { + :ssl_random_seed_bytes => '1024', + } + end + it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLRandomSeed startup file:/dev/urandom 1024$})} + end + end end
--- a/modules/apache/spec/classes/mod/status_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/status_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,10 +1,10 @@ require 'spec_helper' # Helper function for testing the contents of `status.conf` -def status_conf_spec(allow_from, extended_status) +def status_conf_spec(allow_from, extended_status, status_path) it do - should contain_file("status.conf").with_content( - "<Location /server-status>\n"\ + is_expected.to contain_file("status.conf").with_content( + "<Location #{status_path}>\n"\ " SetHandler server-status\n"\ " Order deny,allow\n"\ " Deny from all\n"\ @@ -31,19 +31,25 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_apache__mod("status") } + it { is_expected.to contain_apache__mod("status") } - status_conf_spec(["127.0.0.1", "::1"], "On") + status_conf_spec(["127.0.0.1", "::1"], "On", "/server-status") - it { should contain_file("status.conf").with({ + it { is_expected.to contain_file("status.conf").with({ :ensure => 'file', :path => '/etc/apache2/mods-available/status.conf', } ) } - it { should contain_file("status.conf symlink").with({ + it { is_expected.to contain_file("status.conf symlink").with({ :ensure => 'link', :path => '/etc/apache2/mods-enabled/status.conf', } ) } @@ -56,33 +62,45 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_apache__mod("status") } + it { is_expected.to contain_apache__mod("status") } - status_conf_spec(["127.0.0.1", "::1"], "On") + status_conf_spec(["127.0.0.1", "::1"], "On", "/server-status") - it { should contain_file("status.conf").with_path("/etc/httpd/conf.d/status.conf") } + it { is_expected.to contain_file("status.conf").with_path("/etc/httpd/conf.d/status.conf") } end - context "with custom parameters $allow_from => ['10.10.10.10','11.11.11.11'], $extended_status => 'Off'" do + context "with custom parameters $allow_from => ['10.10.10.10','11.11.11.11'], $extended_status => 'Off', $status_path => '/custom-status'" do let :facts do { :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do { :allow_from => ['10.10.10.10','11.11.11.11'], :extended_status => 'Off', + :status_path => '/custom-status', } end - status_conf_spec(["10.10.10.10", "11.11.11.11"], "Off") + status_conf_spec(["10.10.10.10", "11.11.11.11"], "Off", "/custom-status") end @@ -92,6 +110,12 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do @@ -99,7 +123,7 @@ end it 'should expect to succeed array validation' do expect { - should contain_file("status.conf") + is_expected.to contain_file("status.conf") }.not_to raise_error() end end @@ -110,6 +134,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do @@ -117,7 +146,7 @@ end it 'should expect to fail array validation' do expect { - should contain_file("status.conf") + is_expected.to contain_file("status.conf") }.to raise_error(Puppet::Error) end end @@ -130,6 +159,12 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do @@ -137,7 +172,7 @@ end it 'should expect to succeed regular expression validation' do expect { - should contain_file("status.conf") + is_expected.to contain_file("status.conf") }.not_to raise_error() end end @@ -150,6 +185,11 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do @@ -157,7 +197,7 @@ end it 'should expect to fail regular expression validation' do expect { - should contain_file("status.conf") + is_expected.to contain_file("status.conf") }.to raise_error(Puppet::Error) end end
--- a/modules/apache/spec/classes/mod/suphp_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/suphp_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::suphp', :type => :class do let :pre_condition do 'include apache' @@ -8,10 +10,16 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_package("libapache2-mod-suphp") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_package("libapache2-mod-suphp") } end context "on a RedHat OS" do let :facts do @@ -19,9 +27,14 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_package("mod_suphp") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_package("mod_suphp") } end end
--- a/modules/apache/spec/classes/mod/worker_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/worker_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::worker', :type => :class do let :pre_condition do 'class { "apache": mpm_module => false, }' @@ -8,39 +10,45 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('worker') } - it { should contain_file("/etc/apache2/mods-available/worker.conf").with_ensure('file') } - it { should contain_file("/etc/apache2/mods-enabled/worker.conf").with_ensure('link') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('worker') } + it { is_expected.to contain_file("/etc/apache2/mods-available/worker.conf").with_ensure('file') } + it { is_expected.to contain_file("/etc/apache2/mods-enabled/worker.conf").with_ensure('link') } context "with Apache version < 2.4" do let :params do { - :apache_version => 2.2, + :apache_version => '2.2', } end - it { should_not contain_file("/etc/apache2/mods-available/worker.load") } - it { should_not contain_file("/etc/apache2/mods-enabled/worker.load") } + it { is_expected.not_to contain_file("/etc/apache2/mods-available/worker.load") } + it { is_expected.not_to contain_file("/etc/apache2/mods-enabled/worker.load") } - it { should contain_package("apache2-mpm-worker") } + it { is_expected.to contain_package("apache2-mpm-worker") } end context "with Apache version >= 2.4" do let :params do { - :apache_version => 2.4, + :apache_version => '2.4', } end - it { should contain_file("/etc/apache2/mods-available/worker.load").with({ + it { is_expected.to contain_file("/etc/apache2/mods-available/worker.load").with({ 'ensure' => 'file', 'content' => "LoadModule mpm_worker_module /usr/lib/apache2/modules/mod_mpm_worker.so\n" }) } - it { should contain_file("/etc/apache2/mods-enabled/worker.load").with_ensure('link') } + it { is_expected.to contain_file("/etc/apache2/mods-enabled/worker.load").with_ensure('link') } end end context "on a RedHat OS" do @@ -49,20 +57,25 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('worker') } - it { should contain_file("/etc/httpd/conf.d/worker.conf").with_ensure('file') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('worker') } + it { is_expected.to contain_file("/etc/httpd/conf.d/worker.conf").with_ensure('file') } context "with Apache version < 2.4" do let :params do { - :apache_version => 2.2, + :apache_version => '2.2', } end - it { should contain_file_line("/etc/sysconfig/httpd worker enable").with({ + it { is_expected.to contain_file_line("/etc/sysconfig/httpd worker enable").with({ 'require' => 'Package[httpd]', }) } @@ -71,13 +84,13 @@ context "with Apache version >= 2.4" do let :params do { - :apache_version => 2.4, + :apache_version => '2.4', } end - it { should_not contain_apache__mod('event') } + it { is_expected.not_to contain_apache__mod('event') } - it { should contain_file("/etc/httpd/conf.d/worker.load").with({ + it { is_expected.to contain_file("/etc/httpd/conf.d/worker.load").with({ 'ensure' => 'file', 'content' => "LoadModule mpm_worker_module modules/mod_mpm_worker.so\n", }) @@ -90,10 +103,67 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { is_expected.to contain_class("apache::params") } + it { is_expected.not_to contain_apache__mod('worker') } + it { is_expected.to contain_file("/usr/local/etc/apache24/Modules/worker.conf").with_ensure('file') } + end + + # Template config doesn't vary by distro + context "on all distros" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystem => 'CentOS', + :operatingsystemrelease => '6', + :kernel => 'Linux', + :id => 'root', + :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should_not contain_apache__mod('worker') } - it { should contain_file("/usr/local/etc/apache22/Modules/worker.conf").with_ensure('file') } + + context 'defaults' do + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^<IfModule mpm_worker_module>$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ServerLimit\s+25$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+StartServers\s+2$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxClients\s+150$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MinSpareThreads\s+25$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxSpareThreads\s+75$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadsPerChild\s+25$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxRequestsPerChild\s+0$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadLimit\s+64$/) } + end + + context 'setting params' do + let :params do + { + :serverlimit => 10, + :startservers => 11, + :maxclients => 12, + :minsparethreads => 13, + :maxsparethreads => 14, + :threadsperchild => 15, + :maxrequestsperchild => 16, + :threadlimit => 17 + } + end + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^<IfModule mpm_worker_module>$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ServerLimit\s+10$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+StartServers\s+11$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxClients\s+12$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MinSpareThreads\s+13$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxSpareThreads\s+14$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadsPerChild\s+15$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+MaxRequestsPerChild\s+16$/) } + it { should contain_file('/etc/httpd/conf.d/worker.conf').with(:content => /^\s+ThreadLimit\s+17$/) } + end end end
--- a/modules/apache/spec/classes/mod/wsgi_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/mod/wsgi_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,5 @@ +require 'spec_helper' + describe 'apache::mod::wsgi', :type => :class do let :pre_condition do 'include apache' @@ -8,11 +10,20 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('wsgi') } - it { should contain_package("libapache2-mod-wsgi") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class('apache::mod::wsgi').with( + 'wsgi_socket_prefix' => nil + ) + } + it { is_expected.to contain_package("libapache2-mod-wsgi") } end context "on a RedHat OS" do let :facts do @@ -20,23 +31,77 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('wsgi') } - it { should contain_package("mod_wsgi") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class('apache::mod::wsgi').with( + 'wsgi_socket_prefix' => '/var/run/wsgi' + ) + } + it { is_expected.to contain_package("mod_wsgi") } describe "with custom WSGISocketPrefix" do let :params do { :wsgi_socket_prefix => 'run/wsgi' } end - it {should contain_file('wsgi.conf').with_content(/^ WSGISocketPrefix run\/wsgi$/)} + it {is_expected.to contain_file('wsgi.conf').with_content(/^ WSGISocketPrefix run\/wsgi$/)} end describe "with custom WSGIPythonHome" do let :params do { :wsgi_python_home => '/path/to/virtenv' } end - it {should contain_file('wsgi.conf').with_content(/^ WSGIPythonHome "\/path\/to\/virtenv"$/)} + it {is_expected.to contain_file('wsgi.conf').with_content(/^ WSGIPythonHome "\/path\/to\/virtenv"$/)} + end + describe "with custom package_name and mod_path" do + let :params do + { + :package_name => 'mod_wsgi_package', + :mod_path => '/foo/bar/baz', + } + end + it { is_expected.to contain_apache__mod('wsgi').with({ + 'package' => 'mod_wsgi_package', + 'path' => '/foo/bar/baz', + }) + } + it { is_expected.to contain_package("mod_wsgi_package") } + it { is_expected.to contain_file('wsgi.load').with_content(%r"LoadModule wsgi_module /foo/bar/baz") } + end + describe "with custom mod_path not containing /" do + let :params do + { + :package_name => 'mod_wsgi_package', + :mod_path => 'wsgi_mod_name.so', + } + end + it { is_expected.to contain_apache__mod('wsgi').with({ + 'path' => 'modules/wsgi_mod_name.so', + 'package' => 'mod_wsgi_package', + }) + } + it { is_expected.to contain_file('wsgi.load').with_content(%r"LoadModule wsgi_module modules/wsgi_mod_name.so") } + + end + describe "with package_name but no mod_path" do + let :params do + { + :mod_path => '/foo/bar/baz', + } + end + it { expect { subject }.to raise_error Puppet::Error, /apache::mod::wsgi - both package_name and mod_path must be specified!/ } + end + describe "with mod_path but no package_name" do + let :params do + { + :package_name => '/foo/bar/baz', + } + end + it { expect { subject }.to raise_error Puppet::Error, /apache::mod::wsgi - both package_name and mod_path must be specified!/ } end end context "on a FreeBSD OS" do @@ -45,10 +110,18 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_class("apache::params") } - it { should contain_apache__mod('wsgi') } - it { should contain_package("www/mod_wsgi") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_class('apache::mod::wsgi').with( + 'wsgi_socket_prefix' => nil + ) + } + it { is_expected.to contain_package("www/mod_wsgi") } end end
--- a/modules/apache/spec/classes/params_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/params_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -7,15 +7,21 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_apache__params } + it { is_expected.to contain_apache__params } # There are 4 resources in this class currently # there should not be any more resources because it is a params class # The resources are class[apache::version], class[apache::params], class[main], class[settings], stage[main] it "Should not contain any resources" do - subject.resources.size.should == 5 + expect(subject.resources.size).to eq(5) end end end
--- a/modules/apache/spec/classes/service_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/classes/service_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -10,9 +10,15 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_service("httpd").with( + it { is_expected.to contain_service("httpd").with( 'name' => 'apache2', 'ensure' => 'running', 'enable' => 'true' @@ -21,7 +27,7 @@ context "with $service_name => 'foo'" do let (:params) {{ :service_name => 'foo' }} - it { should contain_service("httpd").with( + it { is_expected.to contain_service("httpd").with( 'name' => 'foo' ) } @@ -29,7 +35,7 @@ context "with $service_enable => true" do let (:params) {{ :service_enable => true }} - it { should contain_service("httpd").with( + it { is_expected.to contain_service("httpd").with( 'name' => 'apache2', 'ensure' => 'running', 'enable' => 'true' @@ -39,7 +45,7 @@ context "with $service_enable => false" do let (:params) {{ :service_enable => false }} - it { should contain_service("httpd").with( + it { is_expected.to contain_service("httpd").with( 'name' => 'apache2', 'ensure' => 'running', 'enable' => 'false' @@ -55,9 +61,17 @@ end end + context "$service_manage must be a bool" do + let (:params) {{ :service_manage => 'not-a-boolean' }} + + it 'should fail' do + expect { subject }.to raise_error(Puppet::Error, /is not a boolean/) + end + end + context "with $service_ensure => 'running'" do let (:params) {{ :service_ensure => 'running', }} - it { should contain_service("httpd").with( + it { is_expected.to contain_service("httpd").with( 'ensure' => 'running', 'enable' => 'true' ) @@ -66,12 +80,17 @@ context "with $service_ensure => 'stopped'" do let (:params) {{ :service_ensure => 'stopped', }} - it { should contain_service("httpd").with( + it { is_expected.to contain_service("httpd").with( 'ensure' => 'stopped', 'enable' => 'true' ) } end + + context "with $service_ensure => 'UNDEF'" do + let (:params) {{ :service_ensure => 'UNDEF' }} + it { is_expected.to contain_service("httpd").without_ensure } + end end @@ -81,9 +100,14 @@ :osfamily => 'RedHat', :operatingsystemrelease => '5', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_service("httpd").with( + it { is_expected.to contain_service("httpd").with( 'name' => 'httpd', 'ensure' => 'running', 'enable' => 'true' @@ -97,13 +121,44 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end - it { should contain_service("httpd").with( - 'name' => 'apache22', + it { is_expected.to contain_service("httpd").with( + 'name' => 'apache24', 'ensure' => 'running', 'enable' => 'true' ) } end + + context "on a RedHat 5 OS, do not manage service" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '5', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + let(:params) do + { + 'service_ensure' => 'running', + 'service_name' => 'httpd', + 'service_manage' => false + } + end + it 'should not manage the httpd service' do + subject.should_not contain_service('httpd') + end + end + end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/defines/balancermember_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,37 @@ +require 'spec_helper' + +describe 'apache::balancermember', :type => :define do + let :pre_condition do + 'include apache + apache::balancer {"balancer":} + apache::balancer {"balancer-external":} + apache::balancermember {"http://127.0.0.1:8080-external": url => "http://127.0.0.1:8080/", balancer_cluster => "balancer-external"} + ' + end + let :title do + 'http://127.0.0.1:8080/' + end + let :params do + { + :options => [], + :url => 'http://127.0.0.1:8080/', + :balancer_cluster => 'balancer-internal' + } + end + let :facts do + { + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :lsbdistcodename => 'squeeze', + :id => 'root', + :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernel => 'Linux', + :is_pe => false, + } + end + describe "allows multiple balancermembers with the same url" do + it { should contain_concat__fragment('BalancerMember http://127.0.0.1:8080/') } + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/defines/custom_config_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,138 @@ +require 'spec_helper' + +describe 'apache::custom_config', :type => :define do + let :pre_condition do + 'class { "apache": }' + end + let :title do + 'rspec' + end + let :facts do + { + :osfamily => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + context 'defaults with content' do + let :params do + { + 'content' => '# Test', + } + end + it { is_expected.to contain_exec("service notify for rspec").with({ + 'refreshonly' => 'true', + 'subscribe' => 'File[apache_rspec]', + 'command' => '/usr/sbin/apachectl -t', + 'notify' => 'Service[httpd]', + 'before' => 'Exec[remove rspec if invalid]', + }) + } + it { is_expected.to contain_exec("remove rspec if invalid").with({ + 'unless' => '/usr/sbin/apachectl -t', + 'subscribe' => 'File[apache_rspec]', + 'refreshonly' => 'true', + }) + } + it { is_expected.to contain_file("apache_rspec").with({ + 'ensure' => 'present', + 'content' => '# Test', + 'require' => 'Package[httpd]', + }) + } + end + context 'set everything with source' do + let :params do + { + 'confdir' => '/dne', + 'priority' => '30', + 'source' => 'puppet:///modules/apache/test', + 'verify_command' => '/bin/true', + } + end + it { is_expected.to contain_exec("service notify for rspec").with({ + 'command' => '/bin/true', + }) + } + it { is_expected.to contain_exec("remove rspec if invalid").with({ + 'command' => '/bin/rm /dne/30-rspec.conf', + 'unless' => '/bin/true', + }) + } + it { is_expected.to contain_file("apache_rspec").with({ + 'path' => '/dne/30-rspec.conf', + 'ensure' => 'present', + 'source' => 'puppet:///modules/apache/test', + 'require' => 'Package[httpd]', + }) + } + end + context 'verify_config => false' do + let :params do + { + 'content' => '# test', + 'verify_config' => false, + } + end + it { is_expected.to_not contain_exec('service notify for rspec') } + it { is_expected.to_not contain_exec('remove rspec if invalid') } + it { is_expected.to contain_file('apache_rspec').with({ + 'notify' => 'Service[httpd]' + }) + } + end + context 'ensure => absent' do + let :params do + { + 'ensure' => 'absent' + } + end + it { is_expected.to_not contain_exec('service notify for rspec') } + it { is_expected.to_not contain_exec('remove rspec if invalid') } + it { is_expected.to contain_file('apache_rspec').with({ + 'ensure' => 'absent', + }) + } + end + describe 'validation' do + context 'both content and source' do + let :params do + { + 'content' => 'foo', + 'source' => 'bar', + } + end + it do + expect { + should compile + }.to raise_error(Puppet::Error, /Only one of \$content and \$source can be specified\./) + end + end + context 'neither content nor source' do + it do + expect { + should compile + }.to raise_error(Puppet::Error, /One of \$content and \$source must be specified\./) + end + end + context 'bad ensure' do + let :params do + { + 'content' => 'foo', + 'ensure' => 'foo', + } + end + it do + expect { + should compile + }.to raise_error(Puppet::Error, /is not supported for ensure/) + end + end + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/defines/fastcgi_server_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,112 @@ +require 'spec_helper' + +describe 'apache::fastcgi::server', :type => :define do + let :pre_condition do + 'include apache' + end + let :title do + 'www' + end + describe 'os-dependent items' do + context "on RedHat based systems" do + let :default_facts do + { + :osfamily => 'RedHat', + :operatingsystem => 'CentOS', + :operatingsystemrelease => '6', + :kernel => 'Linux', + :id => 'root', + :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + let :facts do default_facts end + it { should contain_class("apache") } + it { should contain_class("apache::mod::fastcgi") } + it { should contain_file("fastcgi-pool-#{title}.conf").with( + :ensure => 'present', + :path => "/etc/httpd/conf.d/fastcgi-pool-#{title}.conf" + ) } + end + context "on Debian based systems" do + let :default_facts do + { + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :lsbdistcodename => 'squeeze', + :kernel => 'Linux', + :id => 'root', + :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + let :facts do default_facts end + it { should contain_class("apache") } + it { should contain_class("apache::mod::fastcgi") } + it { should contain_file("fastcgi-pool-#{title}.conf").with( + :ensure => 'present', + :path => "/etc/apache2/conf.d/fastcgi-pool-#{title}.conf" + ) } + end + context "on FreeBSD systems" do + let :default_facts do + { + :osfamily => 'FreeBSD', + :operatingsystem => 'FreeBSD', + :operatingsystemrelease => '9', + :kernel => 'FreeBSD', + :id => 'root', + :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + let :facts do default_facts end + it { should contain_class("apache") } + it { should contain_class("apache::mod::fastcgi") } + it { should contain_file("fastcgi-pool-#{title}.conf").with( + :ensure => 'present', + :path => "/usr/local/etc/apache24/Includes/fastcgi-pool-#{title}.conf" + ) } + end + end + describe 'os-independent items' do + let :facts do + { + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :lsbdistcodename => 'squeeze', + :kernel => 'Linux', + :id => 'root', + :concat_basedir => '/dne', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + describe ".conf content" do + let :params do + { + :host => '127.0.0.1:9001', + :timeout => 30, + :flush => true, + :faux_path => '/var/www/php-www.fcgi', + :fcgi_alias => '/php-www.fcgi', + :file_type => 'application/x-httpd-php' + } + end + let :expected do +'FastCGIExternalServer /var/www/php-www.fcgi -idle-timeout 30 -flush -host 127.0.0.1:9001 +Alias /php-www.fcgi /var/www/php-www.fcgi +Action application/x-httpd-php /php-www.fcgi +' + end + it do + should contain_file("fastcgi-pool-www.conf").with_content(expected) + end + end + end +end
--- a/modules/apache/spec/defines/mod_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/defines/mod_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -10,6 +10,11 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -17,9 +22,9 @@ let :title do 'spec_m' end - it { should contain_class("apache::params") } + it { is_expected.to contain_class("apache::params") } it "should manage the module load file" do - should contain_file('spec_m.load').with({ + is_expected.to contain_file('spec_m.load').with({ :path => '/etc/httpd/conf.d/spec_m.load', :content => "LoadModule spec_m_module modules/mod_spec_m.so\n", :owner => 'root', @@ -37,8 +42,8 @@ # parameters let(:params) { {:package => 'mod_xsendfile'} } - it { should contain_class("apache::params") } - it { should contain_package('mod_xsendfile') } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_package('mod_xsendfile') } end end @@ -48,6 +53,12 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -55,9 +66,9 @@ let :title do 'spec_m' end - it { should contain_class("apache::params") } + it { is_expected.to contain_class("apache::params") } it "should manage the module load file" do - should contain_file('spec_m.load').with({ + is_expected.to contain_file('spec_m.load').with({ :path => '/etc/apache2/mods-available/spec_m.load', :content => "LoadModule spec_m_module /usr/lib/apache2/modules/mod_spec_m.so\n", :owner => 'root', @@ -66,7 +77,7 @@ } ) end it "should link the module load file" do - should contain_file('spec_m.load symlink').with({ + is_expected.to contain_file('spec_m.load symlink').with({ :path => '/etc/apache2/mods-enabled/spec_m.load', :target => '/etc/apache2/mods-available/spec_m.load', :owner => 'root', @@ -83,6 +94,11 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end @@ -90,11 +106,11 @@ let :title do 'spec_m' end - it { should contain_class("apache::params") } + it { is_expected.to contain_class("apache::params") } it "should manage the module load file" do - should contain_file('spec_m.load').with({ - :path => '/usr/local/etc/apache22/Modules/spec_m.load', - :content => "LoadModule spec_m_module /usr/local/libexec/apache22/mod_spec_m.so\n", + is_expected.to contain_file('spec_m.load').with({ + :path => '/usr/local/etc/apache24/Modules/spec_m.load', + :content => "LoadModule spec_m_module /usr/local/libexec/apache24/mod_spec_m.so\n", :owner => 'root', :group => 'wheel', :mode => '0644',
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/defines/modsec_link_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,53 @@ +require 'spec_helper' + +describe 'apache::security::rule_link', :type => :define do + let :pre_condition do + 'class { "apache": } + class { "apache::mod::security": activated_rules => [] } + ' + end + + let :title do + 'base_rules/modsecurity_35_bad_robots.data' + end + + context "on RedHat based systems" do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystem => 'CentOS', + :operatingsystemrelease => '7', + :kernel => 'Linux', + :id => 'root', + :concat_basedir => '/', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + it { should contain_file('modsecurity_35_bad_robots.data').with( + :path => '/etc/httpd/modsecurity.d/activated_rules/modsecurity_35_bad_robots.data', + :target => '/usr/lib/modsecurity.d/base_rules/modsecurity_35_bad_robots.data' + ) } + end + + context "on Debian based systems" do + let :facts do + { + :osfamily => 'Debian', + :operatingsystem => 'Debian', + :operatingsystemrelease => '6', + :concat_basedir => '/', + :lsbdistcodename => 'squeeze', + :id => 'root', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernel => 'Linux', + :is_pe => false, + } + end + it { should contain_file('modsecurity_35_bad_robots.data').with( + :path => '/etc/modsecurity/activated_rules/modsecurity_35_bad_robots.data', + :target => '/usr/share/modsecurity-crs/base_rules/modsecurity_35_bad_robots.data' + ) } + end + +end
--- a/modules/apache/spec/defines/vhost_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/defines/vhost_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -2,7 +2,7 @@ describe 'apache::vhost', :type => :define do let :pre_condition do - 'class { "apache": default_vhost => false, }' + 'class { "apache": default_vhost => false, default_mods => false, vhost_enable_dir => "/etc/apache2/sites-enabled"}' end let :title do 'rspec.example.com' @@ -20,12 +20,17 @@ :osfamily => 'RedHat', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do default_params end let :facts do default_facts end - it { should contain_class("apache") } - it { should contain_class("apache::params") } + it { is_expected.to contain_class("apache") } + it { is_expected.to contain_class("apache::params") } end context "on Debian based systems" do let :default_facts do @@ -33,17 +38,23 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do default_params end let :facts do default_facts end - it { should contain_class("apache") } - it { should contain_class("apache::params") } - it { should contain_file("25-rspec.example.com.conf").with( + it { is_expected.to contain_class("apache") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_file("25-rspec.example.com.conf").with( :ensure => 'present', :path => '/etc/apache2/sites-available/25-rspec.example.com.conf' ) } - it { should contain_file("25-rspec.example.com.conf symlink").with( + it { is_expected.to contain_file("25-rspec.example.com.conf symlink").with( :ensure => 'link', :path => '/etc/apache2/sites-enabled/25-rspec.example.com.conf', :target => '/etc/apache2/sites-available/25-rspec.example.com.conf' @@ -55,15 +66,20 @@ :osfamily => 'FreeBSD', :operatingsystemrelease => '9', :concat_basedir => '/dne', + :operatingsystem => 'FreeBSD', + :id => 'root', + :kernel => 'FreeBSD', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end let :params do default_params end let :facts do default_facts end - it { should contain_class("apache") } - it { should contain_class("apache::params") } - it { should contain_file("25-rspec.example.com.conf").with( + it { is_expected.to contain_class("apache") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_file("25-rspec.example.com.conf").with( :ensure => 'present', - :path => '/usr/local/etc/apache22/Vhosts/25-rspec.example.com.conf' + :path => '/usr/local/etc/apache24/Vhosts/25-rspec.example.com.conf' ) } end end @@ -73,1331 +89,616 @@ :osfamily => 'Debian', :operatingsystemrelease => '6', :concat_basedir => '/dne', + :lsbdistcodename => 'squeeze', + :operatingsystem => 'Debian', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, } end describe 'basic assumptions' do let :params do default_params end - it { should contain_class("apache") } - it { should contain_class("apache::params") } - it { should contain_apache__listen(params[:port]) } - it { should contain_apache__namevirtualhost("*:#{params[:port]}") } + it { is_expected.to contain_class("apache") } + it { is_expected.to contain_class("apache::params") } + it { is_expected.to contain_apache__listen(params[:port]) } + it { is_expected.to contain_apache__namevirtualhost("*:#{params[:port]}") } end - - # All match and notmatch should be a list of regexs and exact match strings - context ".conf content" do - [ - { - :title => 'should contain docroot', - :attr => 'docroot', - :value => '/not/default', - :match => [/^ DocumentRoot "\/not\/default"$/,/ <Directory "\/not\/default">/], - }, - { - :title => 'should set a port', - :attr => 'port', - :value => '8080', - :match => [/^<VirtualHost \*:8080>$/], - }, - { - :title => 'should set an ip', - :attr => 'ip', - :value => '10.0.0.1', - :match => [/^<VirtualHost 10\.0\.0\.1:84>$/], - }, - { - :title => 'should set a serveradmin', - :attr => 'serveradmin', - :value => 'test@test.com', - :match => [/^ ServerAdmin test@test.com$/], - }, - { - :title => 'should enable ssl', - :attr => 'ssl', - :value => true, - :match => [/^ SSLEngine on$/], - }, - { - :title => 'should set a servername', - :attr => 'servername', - :value => 'param.test', - :match => [/^ ServerName param.test$/], - }, - { - :title => 'should accept server aliases', - :attr => 'serveraliases', - :value => ['one.com','two.com'], - :match => [ - /^ ServerAlias one\.com$/, - /^ ServerAlias two\.com$/ - ], - }, - { - :title => 'should accept setenv', - :attr => 'setenv', - :value => ['TEST1 one','TEST2 two'], - :match => [ - /^ SetEnv TEST1 one$/, - /^ SetEnv TEST2 two$/ - ], - }, - { - :title => 'should accept setenvif', - :attr => 'setenvif', - ## These are bugged in rspec-puppet; the $1 is droped - #:value => ['Host "^([^\.]*)\.website\.com$" CLIENT_NAME=$1'], - #:match => [' SetEnvIf Host "^([^\.]*)\.website\.com$" CLIENT_NAME=$1'], - :value => ['Host "^test\.com$" VHOST_ACCESS=test'], - :match => [/^ SetEnvIf Host "\^test\\.com\$" VHOST_ACCESS=test$/], - }, - { - :title => 'should accept options', - :attr => 'options', - :value => ['Fake','Options'], - :match => [/^ Options Fake Options$/], - }, - { - :title => 'should accept overrides', - :attr => 'override', - :value => ['Fake', 'Override'], - :match => [/^ AllowOverride Fake Override$/], - }, - { - :title => 'should accept logroot', - :attr => 'logroot', - :value => '/fake/log', - :match => [/CustomLog "\/fake\/log\//,/ErrorLog "\/fake\/log\//], - }, - { - :title => 'should accept log_level', - :attr => 'log_level', - :value => 'info', - :match => [/LogLevel info/], - }, - { - :title => 'should accept pipe destination for access log', - :attr => 'access_log_pipe', - :value => '| /bin/fake/logging', - :match => [/CustomLog "| \/bin\/fake\/logging" combined$/], - }, - { - :title => 'should accept pipe destination for error log', - :attr => 'error_log_pipe', - :value => '| /bin/fake/logging', - :match => [/ErrorLog "| \/bin\/fake\/logging" combined$/], - }, - { - :title => 'should accept syslog destination for access log', - :attr => 'access_log_syslog', - :value => 'syslog:local1', - :match => [/CustomLog "syslog:local1" combined$/], - }, - { - :title => 'should accept syslog destination for error log', - :attr => 'error_log_syslog', - :value => 'syslog', - :match => [/ErrorLog "syslog"$/], - }, - { - :title => 'should accept custom format for access logs', - :attr => 'access_log_format', - :value => '%h %{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\" \"Host: %{Host}i\" %T %D', - :match => [/CustomLog "\/var\/log\/.+_access\.log" "%h %\{X-Forwarded-For\}i %l %u %t \\"%r\\" %s %b \\"%\{Referer\}i\\" \\"%\{User-agent\}i\\" \\"Host: %\{Host\}i\\" %T %D"$/], - }, - { - :title => 'should contain access logs', - :attr => 'access_log', - :value => true, - :match => [/CustomLog "\/var\/log\/.+_access\.log" combined$/], - }, - { - :title => 'should not contain access logs', - :attr => 'access_log', - :value => false, - :notmatch => [/CustomLog "\/var\/log\/.+_access\.log" combined$/], - }, - { - :title => 'should contain error logs', - :attr => 'error_log', - :value => true, - :match => [/ErrorLog.+$/], - }, - { - :title => 'should not contain error logs', - :attr => 'error_log', - :value => false, - :notmatch => [/ErrorLog.+$/], - }, - { - :title => 'should set ErrorDocument 503', - :attr => 'error_documents', - :value => [ { 'error_code' => '503', 'document' => '"Go away, the backend is broken."'}], - :match => [/^ ErrorDocument 503 "Go away, the backend is broken."$/], - }, - { - :title => 'should set ErrorDocuments 503 407', - :attr => 'error_documents', - :value => [ - { 'error_code' => '503', 'document' => '/service-unavail'}, - { 'error_code' => '407', 'document' => 'https://example.com/proxy/login'}, - ], - :match => [ - /^ ErrorDocument 503 \/service-unavail$/, - /^ ErrorDocument 407 https:\/\/example\.com\/proxy\/login$/, - ], - }, - { - :title => 'should set ErrorDocument 503 in directory', - :attr => 'directories', - :value => { 'path' => '/srv/www', 'error_documents' => [{ 'error_code' => '503', 'document' => '"Go away, the backend is broken."'}] }, - :match => [/^ ErrorDocument 503 "Go away, the backend is broken."$/], - }, - { - :title => 'should set ErrorDocuments 503 407 in directory', - :attr => 'directories', - :value => { 'path' => '/srv/www', 'error_documents' => - [ - { 'error_code' => '503', 'document' => '/service-unavail'}, - { 'error_code' => '407', 'document' => 'https://example.com/proxy/login'}, - ]}, - :match => [ - /^ ErrorDocument 503 \/service-unavail$/, - /^ ErrorDocument 407 https:\/\/example\.com\/proxy\/login$/, - ], - }, - { - :title => 'should accept a scriptalias', - :attr => 'scriptalias', - :value => '/usr/scripts', - :match => [ - /^ ScriptAlias \/cgi-bin "\/usr\/scripts"$/, - ], - }, - { - :title => 'should accept a single scriptaliases', - :attr => 'scriptaliases', - :value => { 'alias' => '/blah/', 'path' => '/usr/scripts' }, - :match => [ - /^ ScriptAlias \/blah\/ "\/usr\/scripts"$/, - ], - :nomatch => [/ScriptAlias \/cgi\-bin\//], - }, - { - :title => 'should accept multiple scriptaliases', - :attr => 'scriptaliases', - :value => [ { 'alias' => '/blah', 'path' => '/usr/scripts' }, { 'alias' => '/blah2', 'path' => '/usr/scripts' } ], - :match => [ - /^ ScriptAlias \/blah "\/usr\/scripts"$/, - /^ ScriptAlias \/blah2 "\/usr\/scripts"$/, - ], - :nomatch => [/ScriptAlias \/cgi\-bin\//], - }, - { - :title => 'should accept multiple scriptaliases with and without trailing slashes', - :attr => 'scriptaliases', - :value => [ { 'alias' => '/blah', 'path' => '/usr/scripts' }, { 'alias' => '/blah2/', 'path' => '/usr/scripts2/' } ], - :match => [ - /^ ScriptAlias \/blah "\/usr\/scripts"$/, - /^ ScriptAlias \/blah2\/ "\/usr\/scripts2\/"$/, - ], - :nomatch => [/ScriptAlias \/cgi\-bin\//], - }, - { - :title => 'should accept a ScriptAliasMatch directive', - :attr => 'scriptaliases', - ## XXX As mentioned above, rspec-puppet drops constructs like $1. - ## Thus, these tests don't work as they should. As a workaround we - ## use FOO instead of $1 here. - :value => [ { 'aliasmatch' => '^/cgi-bin(.*)', 'path' => '/usr/local/apache/cgi-binFOO' } ], - :match => [ - /^ ScriptAliasMatch \^\/cgi-bin\(\.\*\) "\/usr\/local\/apache\/cgi-binFOO"$/ - ], - }, - { - :title => 'should accept multiple ScriptAliasMatch directives', - :attr => 'scriptaliases', - ## XXX As mentioned above, rspec-puppet drops constructs like $1. - ## Thus, these tests don't work as they should. As a workaround we - ## use FOO instead of $1 here. - :value => [ - { 'aliasmatch' => '^/cgi-bin(.*)', 'path' => '/usr/local/apache/cgi-binFOO' }, - { 'aliasmatch' => '"(?x)^/git/(.*/(HEAD|info/refs|objects/(info/[^/]+|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))|git-(upload|receive)-pack))"', 'path' => '/var/www/bin/gitolite-suexec-wrapper/FOO' }, - ], - :match => [ - /^ ScriptAliasMatch \^\/cgi-bin\(\.\*\) "\/usr\/local\/apache\/cgi-binFOO"$/, - /^ ScriptAliasMatch "\(\?x\)\^\/git\/\(\.\*\/\(HEAD\|info\/refs\|objects\/\(info\/\[\^\/\]\+\|\[0-9a-f\]\{2\}\/\[0-9a-f\]\{38\}\|pack\/pack-\[0-9a-f\]\{40\}\\\.\(pack\|idx\)\)\|git-\(upload\|receive\)-pack\)\)" "\/var\/www\/bin\/gitolite-suexec-wrapper\/FOO"$/, - ], - }, - { - :title => 'should accept mixed ScriptAlias and ScriptAliasMatch directives', - :attr => 'scriptaliases', - ## XXX As mentioned above, rspec-puppet drops constructs like $1. - ## Thus, these tests don't work as they should. As a workaround we - ## use FOO instead of $1 here. - :value => [ - { 'aliasmatch' => '"(?x)^/git/(.*/(HEAD|info/refs|objects/(info/[^/]+|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))|git-(upload|receive)-pack))"', 'path' => '/var/www/bin/gitolite-suexec-wrapper/FOO' }, - { 'alias' => '/git', 'path' => '/var/www/gitweb/index.cgi' }, - { 'aliasmatch' => '^/cgi-bin(.*)', 'path' => '/usr/local/apache/cgi-binFOO' }, - { 'alias' => '/trac', 'path' => '/etc/apache2/trac.fcgi' }, - ], - :match => [ - /^ ScriptAliasMatch "\(\?x\)\^\/git\/\(\.\*\/\(HEAD\|info\/refs\|objects\/\(info\/\[\^\/\]\+\|\[0-9a-f\]\{2\}\/\[0-9a-f\]\{38\}\|pack\/pack-\[0-9a-f\]\{40\}\\\.\(pack\|idx\)\)\|git-\(upload\|receive\)-pack\)\)" "\/var\/www\/bin\/gitolite-suexec-wrapper\/FOO"$/, - /^ ScriptAlias \/git "\/var\/www\/gitweb\/index\.cgi"$/, - /^ ScriptAliasMatch \^\/cgi-bin\(\.\*\) "\/usr\/local\/apache\/cgi-binFOO"$/, - /^ ScriptAlias \/trac "\/etc\/apache2\/trac.fcgi"$/, - ], - }, - { - :title => 'should accept proxy destinations', - :attr => 'proxy_dest', - :value => 'http://fake.com', - :match => [ - /^ ProxyPass \/ http:\/\/fake.com\/$/, - /^ <Location \/>$/, - /^ ProxyPassReverse http:\/\/fake.com\/$/, - /^ <\/Location>$/, - ], - :notmatch => [/ProxyPass .+!$/], - }, - { - :title => 'should accept proxy_pass hash', - :attr => 'proxy_pass', - :value => { 'path' => '/path-a', 'url' => 'http://fake.com/a' }, - :match => [ - /^ ProxyPass \/path-a http:\/\/fake.com\/a$/, - /^ <Location \/path-a>$/, - /^ ProxyPassReverse http:\/\/fake.com\/a$/, - /^ <\/Location>$/, - - ], - :notmatch => [/ProxyPass .+!$/], - }, - { - :title => 'should accept proxy_pass array of hash', - :attr => 'proxy_pass', - :value => [ - { 'path' => '/path-a/', 'url' => 'http://fake.com/a/' }, - { 'path' => '/path-b', 'url' => 'http://fake.com/b' }, - ], - :match => [ - /^ ProxyPass \/path-a\/ http:\/\/fake.com\/a\/$/, - /^ <Location \/path-a\/>$/, - /^ ProxyPassReverse http:\/\/fake.com\/a\/$/, - /^ <\/Location>$/, - /^ ProxyPass \/path-b http:\/\/fake.com\/b$/, - /^ <Location \/path-b>$/, - /^ ProxyPassReverse http:\/\/fake.com\/b$/, - /^ <\/Location>$/, - ], - :notmatch => [/ProxyPass .+!$/], - }, + context 'set everything!' do + let :params do { - :title => 'should enable rack', - :attr => 'rack_base_uris', - :value => ['/rack1','/rack2'], - :match => [ - /^ RackBaseURI \/rack1$/, - /^ RackBaseURI \/rack2$/, - ], - }, - { - :title => 'should accept headers', - :attr => 'headers', - :value => ['add something', 'merge something_else'], - :match => [ - /^ Header add something$/, - /^ Header merge something_else$/, - ], - }, - { - :title => 'should accept request headers', - :attr => 'request_headers', - :value => ['append something', 'unset something_else'], - :match => [ - /^ RequestHeader append something$/, - /^ RequestHeader unset something_else$/, - ], - }, - { - :title => 'should accept rewrite rules', - :attr => 'rewrite_rule', - :value => 'not a real rule', - :match => [/^ RewriteRule not a real rule$/], - }, - { - :title => 'should accept rewrite rules', - :attr => 'rewrites', - :value => [{'rewrite_rule' => ['not a real rule']}], - :match => [/^ RewriteRule not a real rule$/], - }, - { - :title => 'should accept rewrite comment', - :attr => 'rewrites', - :value => [{'comment' => 'rewrite comment', 'rewrite_rule' => ['not a real rule']}], - :match => [/^ #rewrite comment/], - }, - { - :title => 'should accept rewrite conditions', - :attr => 'rewrites', - :value => [{'comment' => 'redirect IE', 'rewrite_cond' => ['%{HTTP_USER_AGENT} ^MSIE'], 'rewrite_rule' => ['^index\.html$ welcome.html'],}], - :match => [ - /^ #redirect IE$/, - /^ RewriteCond %{HTTP_USER_AGENT} \^MSIE$/, - /^ RewriteRule \^index\\\.html\$ welcome.html$/, - ], - }, - { - :title => 'should accept multiple rewrites', - :attr => 'rewrites', - :value => [ - {'rewrite_rule' => ['not a real rule']}, - {'rewrite_rule' => ['not a real rule two']}, - ], - :match => [ - /^ RewriteRule not a real rule$/, - /^ RewriteRule not a real rule two$/, - ], - }, - { - :title => 'should block scm', - :attr => 'block', - :value => 'scm', - :match => [/^ <DirectoryMatch \.\*\\\.\(svn\|git\|bzr\)\/\.\*>$/], - }, - { - :title => 'should accept a custom fragment', - :attr => 'custom_fragment', - :value => " Some custom fragment line\n That spans multiple lines", - :match => [ - /^ Some custom fragment line$/, - /^ That spans multiple lines$/, - /^<\/VirtualHost>$/, - ], - }, - { - :title => 'should accept an array of alias hashes', - :attr => 'aliases', - :value => [ { 'alias' => '/', 'path' => '/var/www'} ], - :match => [/^ Alias \/ "\/var\/www"$/], - }, - { - :title => 'should accept an alias hash', - :attr => 'aliases', - :value => { 'alias' => '/', 'path' => '/var/www'}, - :match => [/^ Alias \/ "\/var\/www"$/], - }, - { - :title => 'should accept multiple aliases', - :attr => 'aliases', - :value => [ - { 'alias' => '/', 'path' => '/var/www'}, - { 'alias' => '/cgi-bin', 'path' => '/var/www/cgi-bin'}, - { 'alias' => '/css', 'path' => '/opt/someapp/css'}, - ], - :match => [ - /^ Alias \/ "\/var\/www"$/, - /^ Alias \/cgi-bin "\/var\/www\/cgi-bin"$/, - /^ Alias \/css "\/opt\/someapp\/css"$/, - ], - }, - { - :title => 'should accept an aliasmatch hash', - :attr => 'aliases', - ## XXX As mentioned above, rspec-puppet drops the $1. Thus, these - # tests don't work. - #:value => { 'aliasmatch' => '^/image/(.*).gif', 'path' => '/files/gifs/$1.gif' }, - #:match => [/^ AliasMatch \^\/image\/\(\.\*\)\.gif \/files\/gifs\/\$1\.gif$/], - }, - { - :title => 'should accept a array of alias and aliasmatch hashes mixed', - :attr => 'aliases', - ## XXX As mentioned above, rspec-puppet drops the $1. Thus, these - # tests don't work. - #:value => [ - # { 'alias' => '/css', 'path' => '/files/css' }, - # { 'aliasmatch' => '^/image/(.*).gif', 'path' => '/files/gifs/$1.gif' }, - # { 'aliasmatch' => '^/image/(.*).jpg', 'path' => '/files/jpgs/$1.jpg' }, - # { 'alias' => '/image', 'path' => '/files/images' }, - #], - #:match => [ - # /^ Alias \/css \/files\/css$/, - # /^ AliasMatch \^\/image\/\(.\*\)\.gif \/files\/gifs\/\$1\.gif$/, - # /^ AliasMatch \^\/image\/\(.\*\)\.jpg \/files\/jpgs\/\$1\.jpg$/, - # /^ Alias \/image \/files\/images$/ - #], - }, - { - :title => 'should accept multiple additional includes', - :attr => 'additional_includes', - :value => [ - '/tmp/proxy_group_a', - '/tmp/proxy_group_b', - '/tmp/proxy_group_c', - ], - :match => [ - /^ Include "\/tmp\/proxy_group_a"$/, - /^ Include "\/tmp\/proxy_group_b"$/, - /^ Include "\/tmp\/proxy_group_c"$/, - ], - }, - { - :title => 'should accept a suPHP_Engine', - :attr => 'suphp_engine', - :value => 'on', - :match => [/^ suPHP_Engine on$/], - }, - { - :title => 'should accept a php_admin_flags', - :attr => 'php_admin_flags', - :value => { 'engine' => 'on' }, - :match => [/^ php_admin_flag engine on$/], - }, - { - :title => 'should accept php_admin_values', - :attr => 'php_admin_values', - :value => { 'open_basedir' => '/srv/web/www.com/:/usr/share/pear/' }, - :match => [/^ php_admin_value open_basedir \/srv\/web\/www.com\/:\/usr\/share\/pear\/$/], - }, - { - :title => 'should accept php_admin_flags in directories', - :attr => 'directories', - :value => { - 'path' => '/srv/www', - 'php_admin_flags' => { 'php_engine' => 'on' } - }, - :match => [/^ php_admin_flag php_engine on$/], - }, - { - :title => 'should accept php_admin_values', - :attr => 'php_admin_values', - :value => { 'open_basedir' => '/srv/web/www.com/:/usr/share/pear/' }, - :match => [/^ php_admin_value open_basedir \/srv\/web\/www.com\/:\/usr\/share\/pear\/$/], - }, - { - :title => 'should accept php_admin_values in directories', - :attr => 'directories', - :value => { - 'path' => '/srv/www', - 'php_admin_values' => { 'open_basedir' => '/srv/web/www.com/:/usr/share/pear/' } + 'docroot' => '/var/www/foo', + 'manage_docroot' => false, + 'virtual_docroot' => true, + 'port' => '8080', + 'ip' => '127.0.0.1', + 'ip_based' => true, + 'add_listen' => false, + 'docroot_owner' => 'user', + 'docroot_group' => 'wheel', + 'docroot_mode' => '0664', + 'serveradmin' => 'foo@localhost', + 'ssl' => true, + 'ssl_cert' => '/ssl/cert', + 'ssl_key' => '/ssl/key', + 'ssl_chain' => '/ssl/chain', + 'ssl_crl_path' => '/ssl/crl', + 'ssl_crl' => 'foo.crl', + 'ssl_certs_dir' => '/ssl/certs', + 'ssl_protocol' => 'SSLv2', + 'ssl_cipher' => 'HIGH', + 'ssl_honorcipherorder' => 'Off', + 'ssl_verify_client' => 'optional', + 'ssl_verify_depth' => '3', + 'ssl_options' => '+ExportCertData', + 'ssl_proxyengine' => true, + 'priority' => '30', + 'default_vhost' => true, + 'servername' => 'example.com', + 'serveraliases' => ['test-example.com'], + 'options' => ['MultiView'], + 'override' => ['All'], + 'directoryindex' => 'index.html', + 'vhost_name' => 'test', + 'logroot' => '/var/www/logs', + 'logroot_ensure' => 'directory', + 'logroot_mode' => '0600', + 'log_level' => 'crit', + 'access_log' => false, + 'access_log_file' => 'httpd_access_log', + 'access_log_pipe' => '', + 'access_log_syslog' => true, + 'access_log_format' => '%h %l %u %t \"%r\" %>s %b', + 'access_log_env_var' => '', + 'aliases' => '/image', + 'directories' => { + 'path' => '/var/www/files', + 'provider' => 'files', + 'deny' => 'from all' }, - :match => [/^ php_admin_value open_basedir \/srv\/web\/www.com\/:\/usr\/share\/pear\/$/], - }, - { - :title => 'should accept a wsgi script alias', - :attr => 'wsgi_script_aliases', - :value => { '/' => '/var/www/myapp.wsgi'}, - :match => [/^ WSGIScriptAlias \/ "\/var\/www\/myapp.wsgi"$/], - }, - { - :title => 'should accept multiple wsgi aliases', - :attr => 'wsgi_script_aliases', - :value => { - '/wiki' => '/usr/local/wsgi/scripts/mywiki.wsgi', - '/blog' => '/usr/local/wsgi/scripts/myblog.wsgi', - '/' => '/usr/local/wsgi/scripts/myapp.wsgi', - }, - :match => [ - /^ WSGIScriptAlias \/wiki "\/usr\/local\/wsgi\/scripts\/mywiki.wsgi"$/, - /^ WSGIScriptAlias \/blog "\/usr\/local\/wsgi\/scripts\/myblog.wsgi"$/, - /^ WSGIScriptAlias \/ "\/usr\/local\/wsgi\/scripts\/myapp.wsgi"$/, - ], - }, - { - :title => 'should accept a wsgi application group', - :attr => 'wsgi_application_group', - :value => '%{GLOBAL}', - :match => [/^ WSGIApplicationGroup %{GLOBAL}$/], - }, - { - :title => 'should contain environment variables', - :attr => 'access_log_env_var', - :value => 'admin', - :match => [/CustomLog "\/var\/log\/.+_access\.log" combined env=admin$/] - }, - { - :title => 'should contain virtual_docroot', - :attr => 'virtual_docroot', - :value => '/not/default', - :match => [ - /^ VirtualDocumentRoot "\/not\/default"$/, - ], - }, - { - :title => 'should accept multiple directories', - :attr => 'directories', - :value => [ - { 'path' => '/opt/app' }, - { 'path' => '/var/www' }, - { 'path' => '/rspec/docroot'} - ], - :match => [ - /^ <Directory "\/opt\/app">$/, - /^ <Directory "\/var\/www">$/, - /^ <Directory "\/rspec\/docroot">$/, - ], - }, - ].each do |param| - describe "when #{param[:attr]} is #{param[:value]}" do - let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end - - it { should contain_file("25-#{title}.conf").with_mode('0644') } - if param[:match] - it "#{param[:title]}: matches" do - param[:match].each do |match| - should contain_file("25-#{title}.conf").with_content( match ) - end - end - end - if param[:notmatch] - it "#{param[:title]}: notmatches" do - param[:notmatch].each do |notmatch| - should_not contain_file("25-#{title}.conf").with_content( notmatch ) - end - end - end - end - end - end - - # Apache below 2.4 (Default Version). All match and notmatch should be a list of regexs and exact match strings - context ".conf content with $apache_version < 2.4" do - [ - { - :title => 'should accept a directory', - :attr => 'directories', - :value => { 'path' => '/opt/app' }, - :notmatch => [' <Directory /rspec/docroot>'], - :match => [ - /^ <Directory "\/opt\/app">$/, - /^ AllowOverride None$/, - /^ Order allow,deny$/, - /^ Allow from all$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept directory directives hash', - :attr => 'directories', - :value => { - 'path' => '/opt/app', - 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', - 'allow' => 'from rspec.org', - 'allow_override' => 'Lol', - 'deny' => 'from google.com', - 'options' => '-MultiViews', - 'order' => 'deny,yned', - 'passenger_enabled' => 'onf', - 'sethandler' => 'None', - }, - :match => [ - /^ <Directory "\/opt\/app">$/, - /^ Header Set X-Robots-Tag "noindex, noarchive, nosnippet"$/, - /^ Allow from rspec.org$/, - /^ AllowOverride Lol$/, - /^ Deny from google.com$/, - /^ Options -MultiViews$/, - /^ Order deny,yned$/, - /^ SetHandler None$/, - /^ PassengerEnabled onf$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept directory directives with arrays and hashes', - :attr => 'directories', - :value => [ + 'error_log' => false, + 'error_log_file' => 'httpd_error_log', + 'error_log_pipe' => '', + 'error_log_syslog' => true, + 'error_documents' => 'true', + 'fallbackresource' => '/index.php', + 'scriptalias' => '/usr/lib/cgi-bin', + 'scriptaliases' => [ { - 'path' => '/opt/app1', - 'allow' => 'from rspec.org', - 'allow_override' => ['AuthConfig','Indexes'], - 'deny' => 'from google.com', - 'options' => ['-MultiViews','+MultiViews'], - 'order' => ['deny','yned'], - 'passenger_enabled' => 'onf', + 'alias' => '/myscript', + 'path' => '/usr/share/myscript', }, { - 'path' => '/opt/app2', - 'addhandlers' => { - 'handler' => 'cgi-script', - 'extensions' => '.cgi', - }, + 'aliasmatch' => '^/foo(.*)', + 'path' => '/usr/share/fooscripts$1', }, ], - :match => [ - /^ <Directory "\/opt\/app1">$/, - /^ Allow from rspec.org$/, - /^ AllowOverride AuthConfig Indexes$/, - /^ Deny from google.com$/, - /^ Options -MultiViews \+MultiViews$/, - /^ Order deny,yned$/, - /^ PassengerEnabled onf$/, - /^ <\/Directory>$/, - /^ <Directory "\/opt\/app2">$/, - /^ AllowOverride None$/, - /^ Order allow,deny$/, - /^ Allow from all$/, - /^ AddHandler cgi-script .cgi$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept location for provider', - :attr => 'directories', - :value => { - 'path' => '/', - 'provider' => 'location', - }, - :notmatch => [' AllowOverride None'], - :match => [ - /^ <Location "\/">$/, - /^ Order allow,deny$/, - /^ Allow from all$/, - /^ <\/Location>$/, - ], - }, - { - :title => 'should accept files for provider', - :attr => 'directories', - :value => { - 'path' => 'index.html', - 'provider' => 'files', - }, - :notmatch => [' AllowOverride None'], - :match => [ - /^ <Files "index.html">$/, - /^ Order allow,deny$/, - /^ Allow from all$/, - /^ <\/Files>$/, - ], - }, - { - :title => 'should accept files match for provider', - :attr => 'directories', - :value => { - 'path' => 'index.html', - 'provider' => 'filesmatch', - }, - :notmatch => [' AllowOverride None'], - :match => [ - /^ <FilesMatch "index.html">$/, - /^ Order allow,deny$/, - /^ Allow from all$/, - /^ <\/FilesMatch>$/, + 'proxy_dest' => '/', + 'proxy_pass' => [ + { + 'path' => '/a', + 'url' => 'http://backend-a/', + 'keywords' => ['noquery', 'interpolate'], + 'params' => { + 'retry' => '0', + 'timeout' => '5' + } + } ], - }, - ].each do |param| - describe "when #{param[:attr]} is #{param[:value]}" do - let :params do default_params.merge({ - param[:attr].to_sym => param[:value], - :apache_version => 2.2, - }) end - - it { should contain_file("25-#{title}.conf").with_mode('0644') } - if param[:match] - it "#{param[:title]}: matches" do - param[:match].each do |match| - should contain_file("25-#{title}.conf").with_content( match ) - end - end - end - if param[:notmatch] - it "#{param[:title]}: notmatches" do - param[:notmatch].each do |notmatch| - should_not contain_file("25-#{title}.conf").with_content( notmatch ) - end - end - end - end - end - end - - # Apache equals or above 2.4. All match and notmatch should be a list of regexs and exact match strings - context ".conf content with $apache_version >= 2.4" do - [ - { - :title => 'should accept a directory', - :attr => 'directories', - :value => { 'path' => '/opt/app' }, - :notmatch => [' <Directory /rspec/docroot>'], - :match => [ - /^ <Directory "\/opt\/app">$/, - /^ AllowOverride None$/, - /^ Require all granted$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept directory directives hash', - :attr => 'directories', - :value => { - 'path' => '/opt/app', - 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', - 'allow_override' => 'Lol', - 'options' => '-MultiViews', - 'require' => 'something denied', - 'passenger_enabled' => 'onf', - }, - :match => [ - /^ <Directory "\/opt\/app">$/, - /^ Header Set X-Robots-Tag "noindex, noarchive, nosnippet"$/, - /^ AllowOverride Lol$/, - /^ Options -MultiViews$/, - /^ Require something denied$/, - /^ PassengerEnabled onf$/, - /^ <\/Directory>$/, + 'suphp_addhandler' => 'foo', + 'suphp_engine' => 'on', + 'suphp_configpath' => '/var/www/html', + 'php_admin_flags' => ['foo', 'bar'], + 'php_admin_values' => ['true', 'false'], + 'no_proxy_uris' => '/foo', + 'proxy_preserve_host' => true, + 'redirect_source' => '/bar', + 'redirect_dest' => '/', + 'redirect_status' => 'temp', + 'redirectmatch_status' => ['404'], + 'redirectmatch_regexp' => ['\.git$'], + 'redirectmatch_dest' => ['http://www.example.com'], + 'rack_base_uris' => ['/rackapp1'], + 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', + 'request_headers' => ['append MirrorID "mirror 12"'], + 'rewrites' => [ + { + 'rewrite_rule' => ['^index\.html$ welcome.html'] + } ], - }, - { - :title => 'should accept directory directives with arrays and hashes', - :attr => 'directories', - :value => [ - { - 'path' => '/opt/app1', - 'allow_override' => ['AuthConfig','Indexes'], - 'options' => ['-MultiViews','+MultiViews'], - 'require' => ['host','example.org'], - 'passenger_enabled' => 'onf', - }, - { - 'path' => '/opt/app2', - 'addhandlers' => { - 'handler' => 'cgi-script', - 'extensions' => '.cgi', - }, - }, - ], - :match => [ - /^ <Directory "\/opt\/app1">$/, - /^ AllowOverride AuthConfig Indexes$/, - /^ Options -MultiViews \+MultiViews$/, - /^ Require host example.org$/, - /^ PassengerEnabled onf$/, - /^ <\/Directory>$/, - /^ <Directory "\/opt\/app2">$/, - /^ AllowOverride None$/, - /^ Require all granted$/, - /^ AddHandler cgi-script .cgi$/, - /^ <\/Directory>$/, - ], - }, - { - :title => 'should accept location for provider', - :attr => 'directories', - :value => { - 'path' => '/', - 'provider' => 'location', + 'rewrite_base' => '/', + 'rewrite_rule' => '^index\.html$ welcome.html', + 'rewrite_cond' => '%{HTTP_USER_AGENT} ^MSIE', + 'setenv' => ['FOO=/bin/true'], + 'setenvif' => 'Request_URI "\.gif$" object_is_image=gif', + 'block' => 'scm', + 'wsgi_application_group' => '%{GLOBAL}', + 'wsgi_daemon_process' => 'wsgi', + 'wsgi_daemon_process_options' => { + 'processes' => '2', + 'threads' => '15', + 'display-name' => '%{GROUP}', }, - :notmatch => [' AllowOverride None'], - :match => [ - /^ <Location "\/">$/, - /^ Require all granted$/, - /^ <\/Location>$/, - ], - }, - { - :title => 'should accept files for provider', - :attr => 'directories', - :value => { - 'path' => 'index.html', - 'provider' => 'files', + 'wsgi_import_script' => '/var/www/demo.wsgi', + 'wsgi_import_script_options' => { + 'process-group' => 'wsgi', + 'application-group' => '%{GLOBAL}' }, - :notmatch => [' AllowOverride None'], - :match => [ - /^ <Files "index.html">$/, - /^ Require all granted$/, - /^ <\/Files>$/, - ], - }, - { - :title => 'should accept files match for provider', - :attr => 'directories', - :value => { - 'path' => 'index.html', - 'provider' => 'filesmatch', + 'wsgi_process_group' => 'wsgi', + 'wsgi_script_aliases' => { + '/' => '/var/www/demo.wsgi' + }, + 'wsgi_pass_authorization' => 'On', + 'custom_fragment' => '#custom string', + 'itk' => { + 'user' => 'someuser', + 'group' => 'somegroup' }, - :notmatch => [' AllowOverride None'], - :match => [ - /^ <FilesMatch "index.html">$/, - /^ Require all granted$/, - /^ <\/FilesMatch>$/, - ], - }, - ].each do |param| - describe "when #{param[:attr]} is #{param[:value]}" do - let :params do default_params.merge({ - param[:attr].to_sym => param[:value], - :apache_version => 2.4, - }) end - - it { should contain_file("25-#{title}.conf").with_mode('0644') } - if param[:match] - it "#{param[:title]}: matches" do - param[:match].each do |match| - should contain_file("25-#{title}.conf").with_content( match ) - end - end - end - if param[:notmatch] - it "#{param[:title]}: notmatches" do - param[:notmatch].each do |notmatch| - should_not contain_file("25-#{title}.conf").with_content( notmatch ) - end - end - end - end + 'wsgi_chunked_request' => 'On', + 'action' => 'foo', + 'fastcgi_server' => 'localhost', + 'fastcgi_socket' => '/tmp/fastcgi.socket', + 'fastcgi_dir' => '/tmp', + 'additional_includes' => '/custom/path/includes', + 'apache_version' => '2.4', + 'suexec_user_group' => 'root root', + 'allow_encoded_slashes' => 'nodecode', + 'passenger_app_root' => '/usr/share/myapp', + 'passenger_ruby' => '/usr/bin/ruby1.9.1', + 'passenger_min_instances' => '1', + 'passenger_start_timeout' => '600', + 'passenger_pre_start' => 'http://localhost/myapp', + 'add_default_charset' => 'UTF-8', + } end - end - - # All match and notmatch should be a list of regexs and exact match strings - context ".conf content with SSL" do - [ - { - :title => 'should accept setting SSLCertificateFile', - :attr => 'ssl_cert', - :value => '/path/to/cert.pem', - :match => [/^ SSLCertificateFile "\/path\/to\/cert\.pem"$/], - }, - { - :title => 'should accept setting SSLCertificateKeyFile', - :attr => 'ssl_key', - :value => '/path/to/cert.pem', - :match => [/^ SSLCertificateKeyFile "\/path\/to\/cert\.pem"$/], - }, - { - :title => 'should accept setting SSLCertificateChainFile', - :attr => 'ssl_chain', - :value => '/path/to/cert.pem', - :match => [/^ SSLCertificateChainFile "\/path\/to\/cert\.pem"$/], - }, - { - :title => 'should accept setting SSLCertificatePath', - :attr => 'ssl_certs_dir', - :value => '/path/to/certs', - :match => [/^ SSLCACertificatePath "\/path\/to\/certs"$/], - }, - { - :title => 'should accept setting SSLCertificateFile', - :attr => 'ssl_ca', - :value => '/path/to/ca.pem', - :match => [/^ SSLCACertificateFile "\/path\/to\/ca\.pem"$/], - }, - { - :title => 'should accept setting SSLRevocationPath', - :attr => 'ssl_crl_path', - :value => '/path/to/crl', - :match => [/^ SSLCARevocationPath "\/path\/to\/crl"$/], - }, - { - :title => 'should accept setting SSLRevocationFile', - :attr => 'ssl_crl', - :value => '/path/to/crl.pem', - :match => [/^ SSLCARevocationFile "\/path\/to\/crl\.pem"$/], - }, - { - :title => 'should accept setting SSLProxyEngine', - :attr => 'ssl_proxyengine', - :value => true, - :match => [/^ SSLProxyEngine On$/], - }, - { - :title => 'should accept setting SSLProtocol', - :attr => 'ssl_protocol', - :value => 'all -SSLv2', - :match => [/^ SSLProtocol all -SSLv2$/], - }, - { - :title => 'should accept setting SSLCipherSuite', - :attr => 'ssl_cipher', - :value => 'RC4-SHA:HIGH:!ADH:!SSLv2', - :match => [/^ SSLCipherSuite RC4-SHA:HIGH:!ADH:!SSLv2$/], - }, + let :facts do { - :title => 'should accept setting SSLHonorCipherOrder', - :attr => 'ssl_honorcipherorder', - :value => 'On', - :match => [/^ SSLHonorCipherOrder On$/], - }, - { - :title => 'should accept setting SSLVerifyClient', - :attr => 'ssl_verify_client', - :value => 'optional', - :match => [/^ SSLVerifyClient optional$/], - }, - { - :title => 'should accept setting SSLVerifyDepth', - :attr => 'ssl_verify_depth', - :value => '1', - :match => [/^ SSLVerifyDepth 1$/], - }, - { - :title => 'should accept setting SSLOptions with a string', - :attr => 'ssl_options', - :value => '+ExportCertData', - :match => [/^ SSLOptions \+ExportCertData$/], - }, - { - :title => 'should accept setting SSLOptions with an array', - :attr => 'ssl_options', - :value => ['+StrictRequire','+ExportCertData'], - :match => [/^ SSLOptions \+StrictRequire \+ExportCertData/], - }, - { - :title => 'should accept setting SSLOptions with a string in directories', - :attr => 'directories', - :value => { 'path' => '/srv/www', 'ssl_options' => '+ExportCertData'}, - :match => [/^ SSLOptions \+ExportCertData$/], - }, + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernelversion => '3.6.2', + :is_pe => false, + } + end + + it { is_expected.to compile } + it { is_expected.to_not contain_file('/var/www/foo') } + it { is_expected.to contain_class('apache::mod::ssl') } + it { is_expected.to contain_class('apache::mod::mime') } + it { is_expected.to contain_class('apache::mod::vhost_alias') } + it { is_expected.to contain_class('apache::mod::wsgi') } + it { is_expected.to contain_class('apache::mod::suexec') } + it { is_expected.to contain_class('apache::mod::passenger') } + it { is_expected.to contain_file('/var/www/logs').with({ + 'ensure' => 'directory', + 'mode' => '0600', + }) + } + it { is_expected.to contain_class('apache::mod::rewrite') } + it { is_expected.to contain_class('apache::mod::alias') } + it { is_expected.to contain_class('apache::mod::proxy') } + it { is_expected.to contain_class('apache::mod::proxy_http') } + it { is_expected.to contain_class('apache::mod::passenger') } + it { is_expected.to contain_class('apache::mod::passenger') } + it { is_expected.to contain_class('apache::mod::fastcgi') } + it { is_expected.to contain_class('apache::mod::headers') } + it { is_expected.to contain_class('apache::mod::setenvif') } + it { is_expected.to contain_concat('30-rspec.example.com.conf').with({ + 'owner' => 'root', + 'mode' => '0644', + 'require' => 'Package[httpd]', + 'notify' => 'Class[Apache::Service]', + }) + } + it { is_expected.to contain_file('30-rspec.example.com.conf symlink').with({ + 'ensure' => 'link', + 'path' => '/etc/apache2/sites-enabled/30-rspec.example.com.conf', + }) + } + it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') } + it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') } + it { is_expected.to contain_concat__fragment('rspec.example.com-aliases') } + it { is_expected.to contain_concat__fragment('rspec.example.com-itk') } + it { is_expected.to contain_concat__fragment('rspec.example.com-fallbackresource') } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } + it { is_expected.to contain_concat__fragment('rspec.example.com-additional_includes') } + it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } + it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-access_log') } + it { is_expected.to contain_concat__fragment('rspec.example.com-action') } + it { is_expected.to contain_concat__fragment('rspec.example.com-block') } + it { is_expected.to contain_concat__fragment('rspec.example.com-error_document') } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /retry=0/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /timeout=5/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( + /noquery interpolate/) } + it { is_expected.to contain_concat__fragment('rspec.example.com-rack') } + it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') } + it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') } + it { is_expected.to contain_concat__fragment('rspec.example.com-scriptalias') } + it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias') } + it { is_expected.to contain_concat__fragment('rspec.example.com-setenv') } + it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') } + it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') } + it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') } + it { is_expected.to contain_concat__fragment('rspec.example.com-header') } + it { is_expected.to contain_concat__fragment('rspec.example.com-requestheader') } + it { is_expected.to contain_concat__fragment('rspec.example.com-wsgi') } + it { is_expected.to contain_concat__fragment('rspec.example.com-custom_fragment') } + it { is_expected.to contain_concat__fragment('rspec.example.com-fastcgi') } + it { is_expected.to contain_concat__fragment('rspec.example.com-suexec') } + it { is_expected.to contain_concat__fragment('rspec.example.com-allow_encoded_slashes') } + it { is_expected.to contain_concat__fragment('rspec.example.com-passenger') } + it { is_expected.to contain_concat__fragment('rspec.example.com-charsets') } + it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } + end + context 'not everything can be set together...' do + let :params do { - :title => 'should accept setting SSLOptions with an array in directories', - :attr => 'directories', - :value => { 'path' => '/srv/www', 'ssl_options' => ['-StdEnvVars','+ExportCertData']}, - :match => [/^ SSLOptions -StdEnvVars \+ExportCertData/], - }, - ].each do |param| - describe "when #{param[:attr]} is #{param[:value]} with SSL" do - let :params do - default_params.merge( { - param[:attr].to_sym => param[:value], - :ssl => true, - } ) - end - it { should contain_file("25-#{title}.conf").with_mode('0644') } - if param[:match] - it "#{param[:title]}: matches" do - param[:match].each do |match| - should contain_file("25-#{title}.conf").with_content( match ) - end - end - end - if param[:notmatch] - it "#{param[:title]}: notmatches" do - param[:notmatch].each do |notmatch| - should_not contain_file("25-#{title}.conf").with_content( notmatch ) - end - end - end - end + 'access_log_pipe' => '/dev/null', + 'error_log_pipe' => '/dev/null', + 'docroot' => '/var/www/foo', + 'ensure' => 'absent', + 'manage_docroot' => true, + 'logroot' => '/tmp/logroot', + 'logroot_ensure' => 'absent', + } end - end - - context 'attribute resources' do - describe 'when access_log_file and access_log_pipe are specified' do - let :params do default_params.merge({ - :access_log_file => 'fake.log', - :access_log_pipe => '| /bin/fake', - }) end - it 'should cause a failure' do - expect { subject }.to raise_error(Puppet::Error, /'access_log_file' and 'access_log_pipe' cannot be defined at the same time/) - end - end - describe 'when error_log_file and error_log_pipe are specified' do - let :params do default_params.merge({ - :error_log_file => 'fake.log', - :error_log_pipe => '| /bin/fake', - }) end - it 'should cause a failure' do - expect { subject }.to raise_error(Puppet::Error, /'error_log_file' and 'error_log_pipe' cannot be defined at the same time/) - end - end - describe 'when docroot owner and mode is specified' do - let :params do default_params.merge({ - :docroot_owner => 'testuser', - :docroot_group => 'testgroup', - :docroot_mode => '0750', - }) end - it 'should set vhost ownership and permissions' do - should contain_file(params[:docroot]).with({ - :ensure => :directory, - :owner => 'testuser', - :group => 'testgroup', - :mode => '0750', - }) - end + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernelversion => '3.6.2', + :is_pe => false, + } end - describe 'when wsgi_daemon_process and wsgi_daemon_process_options are specified' do - let :params do default_params.merge({ - :wsgi_daemon_process => 'example.org', - :wsgi_daemon_process_options => { 'processes' => '2', 'threads' => '15' }, - }) end - it 'should set wsgi_daemon_process_options' do - should contain_file("25-#{title}.conf").with_content( - /^ WSGIDaemonProcess example.org processes=2 threads=15$/ - ) - end - end - - describe 'when wsgi_import_script and wsgi_import_script_options are specified' do - let :params do default_params.merge({ - :wsgi_import_script => '/var/www/demo.wsgi', - :wsgi_import_script_options => { 'application-group' => '%{GLOBAL}', 'process-group' => 'wsgi' }, - }) end - it 'should set wsgi_import_script_options' do - should contain_file("25-#{title}.conf").with_content( - /^ WSGIImportScript \/var\/www\/demo.wsgi application-group=%{GLOBAL} process-group=wsgi$/ - ) - end - end - - describe 'when rewrites are specified' do - let :params do default_params.merge({ - :rewrites => [ - { - 'comment' => 'test rewrites', - 'rewrite_base' => '/mytestpath/', - 'rewrite_cond' => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], - 'rewrite_rule' => ['^index\.html$ welcome.html', '^index\.cgi$ index.php'], - } - ] - }) end - it 'should set RewriteConds and RewriteRules' do - should contain_file("25-#{title}.conf").with_content( - /^ #test rewrites$/ - ) - should contain_file("25-#{title}.conf").with_content( - /^ RewriteCond %\{HTTP_USER_AGENT\} \^Lynx\/ \[OR\]$/ - ) - should contain_file("25-#{title}.conf").with_content( - /^ RewriteBase \/mytestpath\/$/ - ) - should contain_file("25-#{title}.conf").with_content( - /^ RewriteCond %\{HTTP_USER_AGENT\} \^Mozilla\/\[12\]$/ - ) - should contain_file("25-#{title}.conf").with_content( - /^ RewriteRule \^index\\.html\$ welcome.html$/ - ) - should contain_file("25-#{title}.conf").with_content( - /^ RewriteRule \^index\\.cgi\$ index.php$/ - ) - end + it { is_expected.to compile } + it { is_expected.to_not contain_class('apache::mod::ssl') } + it { is_expected.to_not contain_class('apache::mod::mime') } + it { is_expected.to_not contain_class('apache::mod::vhost_alias') } + it { is_expected.to_not contain_class('apache::mod::wsgi') } + it { is_expected.to_not contain_class('apache::mod::passenger') } + it { is_expected.to_not contain_class('apache::mod::suexec') } + it { is_expected.to_not contain_class('apache::mod::rewrite') } + it { is_expected.to contain_class('apache::mod::alias') } + it { is_expected.to_not contain_class('apache::mod::proxy') } + it { is_expected.to_not contain_class('apache::mod::proxy_http') } + it { is_expected.to_not contain_class('apache::mod::passenger') } + it { is_expected.to_not contain_class('apache::mod::headers') } + it { is_expected.to contain_file('/var/www/foo') } + it { is_expected.to contain_file('/tmp/logroot').with({ + 'ensure' => 'absent', + }) + } + it { is_expected.to contain_concat('25-rspec.example.com.conf').with({ + 'ensure' => 'absent', + }) + } + it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') } + it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-aliases') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-itk') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-fallbackresource') } + it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-additional_includes') } + it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } + it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-action') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-block') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-error_document') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-proxy') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-rack') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-redirect') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-rewrite') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-scriptalias') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-serveralias') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-setenv') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-ssl') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-suphp') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-php_admin') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-header') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-requestheader') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-wsgi') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-custom_fragment') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-fastcgi') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-suexec') } + it { is_expected.to_not contain_concat__fragment('rspec.example.com-charsets') } + it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } + end + end + describe 'access logs' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemrelease => '6', + :concat_basedir => '/dne', + :operatingsystem => 'RedHat', + :id => 'root', + :kernel => 'Linux', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end + context 'single log file' do + let(:params) do + { + 'docroot' => '/rspec/docroot', + 'access_log_file' => 'my_log_file', + } end - - describe 'when rewrite_rule and rewrite_cond are specified' do - let :params do default_params.merge({ - :rewrite_cond => '%{HTTPS} off', - :rewrite_rule => '(.*) https://%{HTTPS_HOST}%{REQUEST_URI}', - }) end - it 'should set RewriteCond' do - should contain_file("25-#{title}.conf").with_content( - /^ RewriteCond %\{HTTPS\} off$/ - ) - end + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + :content => /^\s+CustomLog.*my_log_file" combined\s*$/ + )} + end + context 'single log file with environment' do + let(:params) do + { + 'docroot' => '/rspec/docroot', + 'access_log_file' => 'my_log_file', + 'access_log_env_var' => 'prod' + } end - - describe 'when action is specified specified' do - let :params do default_params.merge({ - :action => 'php-fastcgi', - }) end - it 'should set Action' do - should contain_file("25-#{title}.conf").with_content( - /^ Action php-fastcgi \/cgi-bin virtual$/ - ) - end + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + :content => /^\s+CustomLog.*my_log_file" combined\s+env=prod$/ + )} + end + context 'multiple log files' do + let(:params) do + { + 'docroot' => '/rspec/docroot', + 'access_logs' => [ + { 'file' => '/tmp/log1', 'env' => 'dev' }, + { 'file' => 'log2' }, + { 'syslog' => 'syslog', 'format' => '%h %l' } + ], + } end - - describe 'when suphp_engine is on and suphp_configpath is specified' do - let :params do default_params.merge({ - :suphp_engine => 'on', - :suphp_configpath => '/etc/php5/apache2', - }) end - it 'should set suphp_configpath' do - should contain_file("25-#{title}.conf").with_content( - /^ suPHP_ConfigPath "\/etc\/php5\/apache2"$/ - ) - end + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + :content => /^\s+CustomLog "\/tmp\/log1"\s+combined\s+env=dev$/ + )} + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + :content => /^\s+CustomLog "\/var\/log\/httpd\/log2"\s+combined\s*$/ + )} + it { is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( + :content => /^\s+CustomLog "syslog" "%h %l"\s*$/ + )} + end + end # access logs + describe 'validation' do + context 'bad ensure' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'ensure' => 'bogus', + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad suphp_engine' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'suphp_engine' => 'bogus', + } end - - describe 'when suphp_engine is on and suphp_addhandler is specified' do - let :params do default_params.merge({ - :suphp_engine => 'on', - :suphp_addhandler => 'x-httpd-php', - }) end - it 'should set suphp_addhandler' do - should contain_file("25-#{title}.conf").with_content( - /^ suPHP_AddHandler x-httpd-php/ - ) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad ip_based' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'ip_based' => 'bogus', + } end - - describe 'when suphp_engine is on and suphp { user & group } is specified' do - let :params do default_params.merge({ - :suphp_engine => 'on', - :directories => { 'path' => '/srv/www', - 'suphp' => { 'user' => 'myappuser', 'group' => 'myappgroup' }, - } - }) end - it 'should set suphp_UserGroup' do - should contain_file("25-#{title}.conf").with_content( - /^ suPHP_UserGroup myappuser myappgroup/ - ) - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad access_log' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'access_log' => 'bogus', + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad error_log' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'error_log' => 'bogus', + } end - - describe 'priority/default settings' do - describe 'when neither priority/default is specified' do - let :params do default_params end - it { should contain_file("25-#{title}.conf").with_path( - /25-#{title}.conf/ - ) } - end - describe 'when both priority/default_vhost is specified' do - let :params do - default_params.merge({ - :priority => 15, - :default_vhost => true, - }) - end - it { should contain_file("15-#{title}.conf").with_path( - /15-#{title}.conf/ - ) } - end - describe 'when only priority is specified' do - let :params do - default_params.merge({ :priority => 14, }) - end - it { should contain_file("14-#{title}.conf").with_path( - /14-#{title}.conf/ - ) } - end - describe 'when only default is specified' do - let :params do - default_params.merge({ :default_vhost => true, }) - end - it { should contain_file("10-#{title}.conf").with_path( - /10-#{title}.conf/ - ) } - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad_ssl' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'ssl' => 'bogus', + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad default_vhost' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'default_vhost' => 'bogus', + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad ssl_proxyengine' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'ssl_proxyengine' => 'bogus', + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad rewrites' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'rewrites' => 'bogus', + } end - - describe 'various ip/port combos' do - describe 'when ip_based is true' do - let :params do default_params.merge({ :ip_based => true }) end - it 'should not specify a NameVirtualHost' do - should contain_apache__listen(params[:port]) - should_not contain_apache__namevirtualhost("*:#{params[:port]}") - end - end - - describe 'when ip_based is default' do - let :params do default_params end - it 'should specify a NameVirtualHost' do - should contain_apache__listen(params[:port]) - should contain_apache__namevirtualhost("*:#{params[:port]}") - end - end - - describe 'when an ip is set' do - let :params do default_params.merge({ :ip => '10.0.0.1' }) end - it 'should specify a NameVirtualHost for the ip' do - should_not contain_apache__listen(params[:port]) - should contain_apache__listen("10.0.0.1:#{params[:port]}") - should contain_apache__namevirtualhost("10.0.0.1:#{params[:port]}") - end - end - - describe 'an ip_based vhost without a port' do - let :params do - { - :docroot => '/fake', - :ip => '10.0.0.1', - :ip_based => true, - } - end - it 'should specify a NameVirtualHost for the ip' do - should_not contain_apache__listen(params[:ip]) - should_not contain_apache__namevirtualhost(params[:ip]) - should contain_file("25-#{title}.conf").with_content %r{<VirtualHost 10\.0\.0\.1>} - end - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad rewrites 2' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'rewrites' => ['bogus'], + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad suexec_user_group' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'suexec_user_group' => 'bogus', + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad wsgi_script_alias' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_script_alias' => 'bogus', + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad wsgi_daemon_process_options' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_daemon_process_options' => 'bogus', + } end - - describe 'when suexec_user_group is specified' do - let :params do - default_params.merge({ - :suexec_user_group => 'nobody nogroup', - }) - end - - it { should contain_file("25-#{title}.conf").with_content %r{^ SuexecUserGroup nobody nogroup$} } + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad wsgi_import_script_alias' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'wsgi_import_script_alias' => 'bogus', + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad itk' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'itk' => 'bogus', + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad logroot_ensure' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'log_level' => 'bogus', + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad log_level' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'log_level' => 'bogus', + } end - - describe 'redirect rules' do - describe 'without lockstep arrays' do - let :params do - default_params.merge({ - :redirect_source => [ - '/login', - '/logout', - ], - :redirect_dest => [ - 'http://10.0.0.10/login', - 'http://10.0.0.10/logout', - ], - :redirect_status => [ - 'permanent', - '', - ], - }) - end - - it { should contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /login http://10\.0\.0\.10/login} } - it { should contain_file("25-#{title}.conf").with_content %r{ Redirect /logout http://10\.0\.0\.10/logout} } - end - describe 'redirect match rules' do - let :params do - default_params.merge({ - :redirectmatch_status => [ - '404', - ], - :redirectmatch_regexp => [ - '/\.git(/.*|$)', - ], - }) - end - - it { should contain_file("25-#{title}.conf").with_content %r{ RedirectMatch 404 } } - end - describe 'without a status' do - let :params do - default_params.merge({ - :redirect_source => [ - '/login', - '/logout', - ], - :redirect_dest => [ - 'http://10.0.0.10/login', - 'http://10.0.0.10/logout', - ], - }) - end - - it { should contain_file("25-#{title}.conf").with_content %r{ Redirect /login http://10\.0\.0\.10/login} } - it { should contain_file("25-#{title}.conf").with_content %r{ Redirect /logout http://10\.0\.0\.10/logout} } - end - describe 'with a single status and dest' do - let :params do - default_params.merge({ - :redirect_source => [ - '/login', - '/logout', - ], - :redirect_dest => 'http://10.0.0.10/test', - :redirect_status => 'permanent', - }) - end - - it { should contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /login http://10\.0\.0\.10/test} } - it { should contain_file("25-#{title}.conf").with_content %r{ Redirect permanent /logout http://10\.0\.0\.10/test} } - end - - describe 'with a directoryindex specified' do - let :params do - default_params.merge({ - :directoryindex => 'index.php' - }) - end - it { should contain_file("25-#{title}.conf").with_content %r{DirectoryIndex index.php} } - end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'access_log_file and access_log_pipe' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'access_log_file' => 'bogus', + 'access_log_pipe' => 'bogus', + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'error_log_file and error_log_pipe' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'error_log_file' => 'bogus', + 'error_log_pipe' => 'bogus', + } end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad fallbackresource' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'fallbackresource' => 'bogus', + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad custom_fragment' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'custom_fragment' => true, + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } + end + context 'bad access_logs' do + let :params do + { + 'docroot' => '/rspec/docroot', + 'access_logs' => '/var/log/somewhere', + } + end + let :facts do default_facts end + it { expect { is_expected.to compile }.to raise_error } end end end
--- a/modules/apache/spec/fixtures/modules/site_apache/templates/fake.conf.erb Sat Mar 14 20:01:17 2015 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -Fake template for rspec.
--- a/modules/apache/spec/spec.opts Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/spec.opts Sat Mar 14 20:07:04 2015 +0000 @@ -1,4 +1,6 @@ ---format s +--format +s --colour ---loadby mtime +--loadby +mtime --backtrace
--- a/modules/apache/spec/spec_helper.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/spec_helper.rb Sat Mar 14 20:07:04 2015 +0000 @@ -2,6 +2,22 @@ RSpec.configure do |c| c.treat_symbols_as_metadata_keys_with_true_values = true + + c.before :each do + # Ensure that we don't accidentally cache facts and environment + # between test cases. + Facter::Util::Loader.any_instance.stubs(:load_all) + Facter.clear + Facter.clear_messages + + # Store any environment variables away to be restored later + @old_env = {} + ENV.each_key {|k| @old_env[k] = ENV[k]} + + if ENV['STRICT_VARIABLES'] == 'yes' + Puppet.settings[:strict_variables]=true + end + end end shared_examples :compile, :compile => true do
--- a/modules/apache/spec/spec_helper_acceptance.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/spec/spec_helper_acceptance.rb Sat Mar 14 20:07:04 2015 +0000 @@ -3,16 +3,18 @@ unless ENV['RS_PROVISION'] == 'no' + # This will install the latest available package on el and deb based + # systems fail on windows and osx, and install via gem on other *nixes + foss_opts = { :default_action => 'gem_install' } + + if default.is_pe?; then install_pe; else install_puppet( foss_opts ); end + hosts.each do |host| if host['platform'] =~ /debian/ on host, 'echo \'export PATH=/var/lib/gems/1.8/bin/:${PATH}\' >> ~/.bashrc' end - if host.is_pe? - install_pe - else - install_puppet - on host, "mkdir -p #{host['distmoduledir']}" - end + + on host, "mkdir -p #{host['distmoduledir']}" end end @@ -28,8 +30,8 @@ # Configure all nodes in nodeset c.before :suite do # Install module and dependencies - puppet_module_install(:source => proj_root, :module_name => 'apache') hosts.each do |host| + copy_module_to(host, :source => proj_root, :module_name => 'apache') # Required for mod_passenger tests. if fact('osfamily') == 'RedHat' on host, puppet('module','install','stahnma/epel'), { :acceptable_exit_codes => [0,1] } @@ -39,7 +41,7 @@ on host, puppet('module','install','puppetlabs-apt'), { :acceptable_exit_codes => [0,1] } end on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] } - on host, puppet('module','install','puppetlabs-concat'), { :acceptable_exit_codes => [0,1] } + on host, puppet('module','install','puppetlabs-concat', '--version 1.1.1', '--force'), { :acceptable_exit_codes => [0,1] } end end end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/unit/provider/a2mod/gentoo_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,184 @@ +#!/usr/bin/env rspec + +require 'spec_helper' + +provider_class = Puppet::Type.type(:a2mod).provider(:gentoo) + +describe provider_class do + before :each do + provider_class.clear + end + + [:conf_file, :instances, :modules, :initvars, :conf_file, :clear].each do |method| + it "should respond to the class method #{method}" do + expect(provider_class).to respond_to(method) + end + end + + describe "when fetching modules" do + before do + @filetype = mock() + end + + it "should return a sorted array of the defined parameters" do + @filetype.expects(:read).returns(%Q{APACHE2_OPTS="-D FOO -D BAR -D BAZ"\n}) + provider_class.expects(:filetype).returns(@filetype) + + expect(provider_class.modules).to eq(%w{bar baz foo}) + end + + it "should cache the module list" do + @filetype.expects(:read).once.returns(%Q{APACHE2_OPTS="-D FOO -D BAR -D BAZ"\n}) + provider_class.expects(:filetype).once.returns(@filetype) + + 2.times { expect(provider_class.modules).to eq(%w{bar baz foo}) } + end + + it "should normalize parameters" do + @filetype.expects(:read).returns(%Q{APACHE2_OPTS="-D FOO -D BAR -D BAR"\n}) + provider_class.expects(:filetype).returns(@filetype) + + expect(provider_class.modules).to eq(%w{bar foo}) + end + end + + describe "when prefetching" do + it "should match providers to resources" do + provider = mock("ssl_provider", :name => "ssl") + resource = mock("ssl_resource") + resource.expects(:provider=).with(provider) + + provider_class.expects(:instances).returns([provider]) + provider_class.prefetch("ssl" => resource) + end + end + + describe "when flushing" do + before :each do + @filetype = mock() + @filetype.stubs(:backup) + provider_class.expects(:filetype).at_least_once.returns(@filetype) + + @info = mock() + @info.stubs(:[]).with(:name).returns("info") + @info.stubs(:provider=) + + @mpm = mock() + @mpm.stubs(:[]).with(:name).returns("mpm") + @mpm.stubs(:provider=) + + @ssl = mock() + @ssl.stubs(:[]).with(:name).returns("ssl") + @ssl.stubs(:provider=) + end + + it "should add modules whose ensure is present" do + @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS=""}) + @filetype.expects(:write).with(%Q{APACHE2_OPTS="-D INFO"}) + + @info.stubs(:should).with(:ensure).returns(:present) + provider_class.prefetch("info" => @info) + + provider_class.flush + end + + it "should remove modules whose ensure is present" do + @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS="-D INFO"}) + @filetype.expects(:write).with(%Q{APACHE2_OPTS=""}) + + @info.stubs(:should).with(:ensure).returns(:absent) + @info.stubs(:provider=) + provider_class.prefetch("info" => @info) + + provider_class.flush + end + + it "should not modify providers without resources" do + @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS="-D INFO -D MPM"}) + @filetype.expects(:write).with(%Q{APACHE2_OPTS="-D MPM -D SSL"}) + + @info.stubs(:should).with(:ensure).returns(:absent) + provider_class.prefetch("info" => @info) + + @ssl.stubs(:should).with(:ensure).returns(:present) + provider_class.prefetch("ssl" => @ssl) + + provider_class.flush + end + + it "should write the modules in sorted order" do + @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS=""}) + @filetype.expects(:write).with(%Q{APACHE2_OPTS="-D INFO -D MPM -D SSL"}) + + @mpm.stubs(:should).with(:ensure).returns(:present) + provider_class.prefetch("mpm" => @mpm) + @info.stubs(:should).with(:ensure).returns(:present) + provider_class.prefetch("info" => @info) + @ssl.stubs(:should).with(:ensure).returns(:present) + provider_class.prefetch("ssl" => @ssl) + + provider_class.flush + end + + it "should write the records back once" do + @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS=""}) + @filetype.expects(:write).once.with(%Q{APACHE2_OPTS="-D INFO -D SSL"}) + + @info.stubs(:should).with(:ensure).returns(:present) + provider_class.prefetch("info" => @info) + + @ssl.stubs(:should).with(:ensure).returns(:present) + provider_class.prefetch("ssl" => @ssl) + + provider_class.flush + end + + it "should only modify the line containing APACHE2_OPTS" do + @filetype.expects(:read).at_least_once.returns(%Q{# Comment\nAPACHE2_OPTS=""\n# Another comment}) + @filetype.expects(:write).once.with(%Q{# Comment\nAPACHE2_OPTS="-D INFO"\n# Another comment}) + + @info.stubs(:should).with(:ensure).returns(:present) + provider_class.prefetch("info" => @info) + provider_class.flush + end + + it "should restore any arbitrary arguments" do + @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS="-Y -D MPM -X"}) + @filetype.expects(:write).once.with(%Q{APACHE2_OPTS="-Y -X -D INFO -D MPM"}) + + @info.stubs(:should).with(:ensure).returns(:present) + provider_class.prefetch("info" => @info) + provider_class.flush + end + + it "should backup the file once if changes were made" do + @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS=""}) + @filetype.expects(:write).once.with(%Q{APACHE2_OPTS="-D INFO -D SSL"}) + + @info.stubs(:should).with(:ensure).returns(:present) + provider_class.prefetch("info" => @info) + + @ssl.stubs(:should).with(:ensure).returns(:present) + provider_class.prefetch("ssl" => @ssl) + + @filetype.unstub(:backup) + @filetype.expects(:backup) + provider_class.flush + end + + it "should not write the file or run backups if no changes were made" do + @filetype.expects(:read).at_least_once.returns(%Q{APACHE2_OPTS="-X -D INFO -D SSL -Y"}) + @filetype.expects(:write).never + + @info.stubs(:should).with(:ensure).returns(:present) + provider_class.prefetch("info" => @info) + + @ssl.stubs(:should).with(:ensure).returns(:present) + provider_class.prefetch("ssl" => @ssl) + + @filetype.unstub(:backup) + @filetype.expects(:backup).never + provider_class.flush + end + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/spec/unit/puppet/parser/functions/bool2httpd_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,54 @@ +#! /usr/bin/env ruby -S rspec +require 'spec_helper' + +describe "the bool2httpd function" do + let(:scope) { PuppetlabsSpec::PuppetInternals.scope } + + it "should exist" do + expect(Puppet::Parser::Functions.function("bool2httpd")).to eq("function_bool2httpd") + end + + it "should raise a ParseError if there is less than 1 arguments" do + expect { scope.function_bool2httpd([]) }.to( raise_error(Puppet::ParseError)) + end + + it "should convert true to 'On'" do + result = scope.function_bool2httpd([true]) + expect(result).to(eq('On')) + end + + it "should convert true to a string" do + result = scope.function_bool2httpd([true]) + expect(result.class).to(eq(String)) + end + + it "should convert false to 'Off'" do + result = scope.function_bool2httpd([false]) + expect(result).to(eq('Off')) + end + + it "should convert false to a string" do + result = scope.function_bool2httpd([false]) + expect(result.class).to(eq(String)) + end + + it "should accept (and return) any string" do + result = scope.function_bool2httpd(["mail"]) + expect(result).to(eq('mail')) + end + + it "should accept a nil value (and return Off)" do + result = scope.function_bool2httpd([nil]) + expect(result).to(eq('Off')) + end + + it "should accept an undef value (and return 'Off')" do + result = scope.function_bool2httpd([:undef]) + expect(result).to(eq('Off')) + end + + it "should return a default value on non-matches" do + result = scope.function_bool2httpd(['foo']) + expect(result).to(eq('foo')) + end +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/templates/fastcgi/server.erb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,3 @@ +FastCGIExternalServer <%= @faux_path %> -idle-timeout <%= @timeout %> <%= if @flush then '-flush' end %> -host <%= @host %> +Alias <%= @fcgi_alias %> <%= @faux_path %> +Action <%= @file_type %> <%= @fcgi_alias %>
--- a/modules/apache/templates/httpd.conf.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/httpd.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -1,7 +1,7 @@ # Security ServerTokens <%= @server_tokens %> -ServerSignature <%= @server_signature %> -TraceEnable <%= @trace_enable %> +ServerSignature <%= scope.function_bool2httpd([@server_signature]) %> +TraceEnable <%= scope.function_bool2httpd([@trace_enable]) %> ServerName "<%= @servername %>" ServerRoot "<%= @server_root %>" @@ -16,7 +16,7 @@ AccessFileName .htaccess <FilesMatch "^\.ht"> -<%- if @apache_version >= '2.4' -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require all denied <%- else -%> Order allow,deny @@ -35,6 +35,9 @@ ErrorLog "<%= @logroot %>/<%= @error_log %>" LogLevel <%= @log_level %> EnableSendfile <%= @sendfile %> +<%- if @allow_encoded_slashes -%> +AllowEncodedSlashes <%= @allow_encoded_slashes %> +<%- end -%> #Listen 80 @@ -56,18 +59,22 @@ LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent <% if @log_formats and !@log_formats.empty? -%> - <%- @log_formats.each do |nickname,format| -%> + <%- @log_formats.sort.each do |nickname,format| -%> LogFormat "<%= format -%>" <%= nickname %> <%- end -%> <% end -%> -<%- if @apache_version >= '2.4' -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> IncludeOptional "<%= @confd_dir %>/*.conf" <%- else -%> Include "<%= @confd_dir %>/*.conf" <%- end -%> <% if @vhost_load_dir != @confd_dir -%> -Include "<%= @vhost_load_dir %>/*.conf" +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> +IncludeOptional "<%= @vhost_load_dir %>/*" +<%- else -%> +Include "<%= @vhost_load_dir %>/*" +<%- end -%> <% end -%> <% if @error_documents -%> @@ -79,7 +86,7 @@ Options IncludesNoExec AddOutputFilter Includes html AddHandler type-map var -<%- if @apache_version == '2.4' -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require all granted <%- else -%> Order allow,deny
--- a/modules/apache/templates/mod/alias.conf.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/mod/alias.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -3,7 +3,7 @@ <Directory "<%= @icons_path %>"> Options Indexes MultiViews AllowOverride None -<%- if @apache_version == '2.4' -%> +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require all granted <%- else -%> Order allow,deny
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/templates/mod/auth_cas.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,40 @@ +CASCookiePath <%= @cas_cookie_path %> +CASLoginURL <%= @cas_login_url %> +CASValidateURL <%= @cas_validate_url %> + +CASVersion <%= @cas_version %> +CASDebug <%= @cas_debug %> + +<% if @cas_certificate_path -%> +CASCertificatePath <%= @cas_certificate_path %> +<% end -%> +<% if @cas_proxy_validate_url -%> +CASProxyValidateURL <%= @cas_proxy_validate_url %> +<% end -%> +<% if @cas_validate_depth -%> +CASValidateDepth <%= @cas_validate_depth %> +<% end -%> +<% if @cas_root_proxied_as -%> +CASRootProxiedAs <%= @cas_root_proxied_as %> +<% end -%> +<% if @cas_cookie_entropy -%> +CASCookieEntropy <%= @cas_cookie_entropy %> +<% end -%> +<% if @cas_timeout -%> +CASTimeout <%= @cas_timeout %> +<% end -%> +<% if @cas_idle_timeout -%> +CASIdleTimeout <%= @cas_idle_timeout %> +<% end -%> +<% if @cas_cache_clean_interval -%> +CASCacheCleanInterval <%= @cas_cache_clean_interval %> +<% end -%> +<% if @cas_cookie_domain -%> +CASCookieDomain <%= @cas_cookie_domain %> +<% end -%> +<% if @cas_cookie_http_only -%> +CASCookieHttpOnly <%= @cas_cookie_http_only %> +<% end -%> +<% if @cas_authoritative -%> +CASAuthoritative <%= @cas_authoritative %> +<% end -%>
--- a/modules/apache/templates/mod/deflate.conf.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/mod/deflate.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -1,4 +1,7 @@ -AddOutputFilterByType DEFLATE text/html text/plain text/xml -AddOutputFilterByType DEFLATE text/css -AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript -AddOutputFilterByType DEFLATE application/rss+xml +<%- @types.sort.each do |type| -%> +AddOutputFilterByType DEFLATE <%= type %> +<%- end -%> + +<%- @notes.sort.each do |type,note| -%> +DeflateFilterNote <%= type %> <%=note %> +<%- end -%>
--- a/modules/apache/templates/mod/event.conf.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/mod/event.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -1,9 +1,13 @@ <IfModule mpm_event_module> - ServerLimit <%= @serverlimit %> - StartServers <%= @startservers %> - MaxClients <%= @maxclients %> - MinSpareThreads <%= @minsparethreads %> - MaxSpareThreads <%= @maxsparethreads %> - ThreadsPerChild <%= @threadsperchild %> - MaxRequestsPerChild <%= @maxrequestsperchild %> + ServerLimit <%= @serverlimit %> + StartServers <%= @startservers %> + MaxClients <%= @maxclients %> + MinSpareThreads <%= @minsparethreads %> + MaxSpareThreads <%= @maxsparethreads %> + ThreadsPerChild <%= @threadsperchild %> + MaxRequestsPerChild <%= @maxrequestsperchild %> + ThreadLimit <%= @threadlimit %> + ListenBacklog <%= @listenbacklog %> + MaxRequestWorkers <%= @maxrequestworkers %> + MaxConnectionsPerChild <%= @maxconnectionsperchild %> </IfModule>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/templates/mod/fcgid.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,5 @@ +<IfModule mod_fcgid.c> +<% @options.sort_by {|key, value| key}.each do |key, value| -%> + <%= key %> <%= value %> +<% end -%> +</IfModule>
--- a/modules/apache/templates/mod/info.conf.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/mod/info.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -1,10 +1,19 @@ <Location /server-info> SetHandler server-info - <%- if @apache_version >= '2.4' -%> +<%- if @restrict_access -%> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require ip <%= Array(@allow_from).join(" ") %> - <%- else -%> + <%- else -%> Order deny,allow Deny from all - Allow from <%= Array(@allow_from).join(" ") %> + <%- if @allow_from and ! @allow_from.empty? -%> + <%- @allow_from.each do |allowed| -%> + Allow from <%= allowed %> + <%- end -%> + <%- else -%> + Allow from 127.0.0.1 + Allow from ::1 <%- end -%> + <%- end -%> +<%- end -%> </Location>
--- a/modules/apache/templates/mod/ldap.conf.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/mod/ldap.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -1,7 +1,11 @@ <Location /ldap-status> SetHandler ldap-status + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require ip 127.0.0.1 ::1 + <%- else -%> Order deny,allow Deny from all Allow from 127.0.0.1 ::1 Satisfy all + <%- end -%> </Location>
--- a/modules/apache/templates/mod/negotiation.conf.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/mod/negotiation.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -1,2 +1,2 @@ -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW -ForceLanguagePriority Prefer Fallback +LanguagePriority <%= Array(@language_priority).join(' ') %> +ForceLanguagePriority <%= Array(@force_language_priority).join(' ') %>
--- a/modules/apache/templates/mod/pagespeed.conf.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/mod/pagespeed.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -8,22 +8,22 @@ ModPagespeedFileCachePath "<%= @cache_path %>" ModPagespeedLogDir "<%= @log_dir %>" -<% @memache_servers.each do |server| -%> -ModPagespeedMemcachedServers <%= server -%> +<% @memcache_servers.each do |server| -%> +ModPagespeedMemcachedServers <%= server %> <% end -%> ModPagespeedRewriteLevel <%= @rewrite_level -%> <% @disable_filters.each do |filter| -%> -ModPagespeedDisableFilters <%= filter -%> +ModPagespeedDisableFilters <%= filter %> <% end -%> <% @enable_filters.each do |filter| -%> -ModPagespeedEnableFilters <%= filter -%> +ModPagespeedEnableFilters <%= filter %> <% end -%> <% @forbid_filters.each do |filter| -%> -ModPagespeedForbidFilters <%= filter -%> +ModPagespeedForbidFilters <%= filter %> <% end -%> ModPagespeedRewriteDeadlinePerFlushMs <%= @rewrite_deadline_per_flush_ms %> @@ -54,7 +54,6 @@ ModPagespeedStatistics <%= @collect_statistics %> <Location /mod_pagespeed_statistics> - Order allow,deny # You may insert other "Allow from" lines to add hosts you want to # allow to look at generated statistics. Another possibility is # to comment out the "Order" and "Allow" options from the config @@ -62,37 +61,35 @@ # statistics. This might be appropriate in an experimental setup or # if the Apache server is protected by a reverse proxy that will # filter URLs in some fashion. - Allow from localhost - Allow from 127.0.0.1 - Allow from ::1 - <% @allow_view_stats.each do |host| -%> - Allow from <%= host %> - <% end -%> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require ip 127.0.0.1 ::1 <%= Array(@allow_view_stats).join(" ") %> + <%- else -%> + Order allow,deny + Allow from 127.0.0.1 ::1 <%= Array(@allow_view_stats).join(" ") %> + <%- end -%> SetHandler mod_pagespeed_statistics </Location> ModPagespeedStatisticsLogging <%= @statistics_logging %> <Location /pagespeed_console> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require ip 127.0.0.1 ::1 <%= Array(@allow_pagespeed_console).join(" ") %> + <%- else -%> Order allow,deny - Allow from localhost - Allow from 127.0.0.1 - Allow from ::1 - <% @allow_pagespeed_console.each do |host| -%> - Allow from <%= host %> - <% end -%> + Allow from 127.0.0.1 ::1 <%= Array(@allow_pagespeed_console).join(" ") %> + <%- end -%> SetHandler pagespeed_console </Location> ModPagespeedMessageBufferSize <%= @message_buffer_size %> <Location /mod_pagespeed_message> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require ip 127.0.0.1 ::1 <%= Array(@allow_pagespeed_message).join(" ") %> + <%- else -%> Order allow,deny - Allow from localhost - Allow from 127.0.0.1 - Allow from ::1 - <% @allow_pagespeed_message.each do |host| -%> - Allow from <%= host %> - <% end -%> + Allow from 127.0.0.1 ::1 <%= Array(@allow_pagespeed_message).join(" ") %> + <%- end -%> SetHandler mod_pagespeed_message </Location>
--- a/modules/apache/templates/mod/passenger.conf.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/mod/passenger.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -1,4 +1,4 @@ -# The Passanger Apache module configuration file is being +# The Passenger Apache module configuration file is being # managed by Puppet and changes will be overwritten. <IfModule mod_passenger.c> <%- if @passenger_root -%> @@ -7,6 +7,9 @@ <%- if @passenger_ruby -%> PassengerRuby "<%= @passenger_ruby %>" <%- end -%> + <%- if @passenger_default_ruby -%> + PassengerDefaultRuby "<%= @passenger_default_ruby %>" + <%- end -%> <%- if @passenger_high_performance -%> PassengerHighPerformance <%= @passenger_high_performance %> <%- end -%>
--- a/modules/apache/templates/mod/proxy.conf.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/mod/proxy.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -10,9 +10,13 @@ <% if @proxy_requests != 'Off' or ( @allow_from and ! @allow_from.empty? ) -%> <Proxy *> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require ip <%= Array(@allow_from).join(" ") %> + <%- else -%> Order deny,allow Deny from all Allow from <%= Array(@allow_from).join(" ") %> + <%- end -%> </Proxy> <% end -%>
--- a/modules/apache/templates/mod/reqtimeout.conf.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/mod/reqtimeout.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -1,2 +1,3 @@ -RequestReadTimeout header=20-40,minrate=500 -RequestReadTimeout body=10,minrate=500 +<% Array(@timeouts).each do |timeout| -%> +RequestReadTimeout <%= timeout %> +<%- end -%>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/templates/mod/security.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,68 @@ +<IfModule mod_security2.c> + # ModSecurity Core Rules Set configuration +<%- if scope.function_versioncmp([scope.lookupvar('::apache::apache_version'), '2.4']) >= 0 -%> + IncludeOptional <%= @modsec_dir %>/*.conf + IncludeOptional <%= @modsec_dir %>/activated_rules/*.conf +<%- else -%> + Include <%= @modsec_dir %>/*.conf + Include <%= @modsec_dir %>/activated_rules/*.conf +<%- end -%> + + # Default recommended configuration + SecRuleEngine On + SecRequestBodyAccess On + SecRule REQUEST_HEADERS:Content-Type "text/xml" \ + "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" + SecRequestBodyLimit 13107200 + SecRequestBodyNoFilesLimit 131072 + SecRequestBodyInMemoryLimit 131072 + SecRequestBodyLimitAction Reject + SecRule REQBODY_ERROR "!@eq 0" \ + "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" + SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ + "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body failed strict validation: \ + PE %{REQBODY_PROCESSOR_ERROR}, \ + BQ %{MULTIPART_BOUNDARY_QUOTED}, \ + BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ + DB %{MULTIPART_DATA_BEFORE}, \ + DA %{MULTIPART_DATA_AFTER}, \ + HF %{MULTIPART_HEADER_FOLDING}, \ + LF %{MULTIPART_LF_LINE}, \ + SM %{MULTIPART_MISSING_SEMICOLON}, \ + IQ %{MULTIPART_INVALID_QUOTING}, \ + IP %{MULTIPART_INVALID_PART}, \ + IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ + FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" + + SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ + "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" + + SecPcreMatchLimit 1000 + SecPcreMatchLimitRecursion 1000 + + SecRule TX:/^MSC_/ "!@streq 0" \ + "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" + + SecResponseBodyAccess Off + SecResponseBodyMimeType text/plain text/html text/xml + SecResponseBodyLimit 524288 + SecResponseBodyLimitAction ProcessPartial + SecDebugLogLevel 0 + SecAuditEngine RelevantOnly + SecAuditLogRelevantStatus "^(?:5|4(?!04))" + SecAuditLogParts ABIJDEFHZ + SecAuditLogType Serial + SecArgumentSeparator & + SecCookieFormat 0 +<%- if scope.lookupvar('::osfamily') == 'Debian' -%> + SecDebugLog /var/log/apache2/modsec_debug.log + SecAuditLog /var/log/apache2/modsec_audit.log + SecTmpDir /var/cache/modsecurity + SecDataDir /var/cache/modsecurity +<% else -%> + SecDebugLog /var/log/httpd/modsec_debug.log + SecAuditLog /var/log/httpd/modsec_audit.log + SecTmpDir /var/lib/mod_security + SecDataDir /var/lib/mod_security +<% end -%> +</IfModule>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/templates/mod/security_crs.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,428 @@ +# --------------------------------------------------------------- +# Core ModSecurity Rule Set ver.2.2.6 +# Copyright (C) 2006-2012 Trustwave All rights reserved. +# +# The OWASP ModSecurity Core Rule Set is distributed under +# Apache Software License (ASL) version 2 +# Please see the enclosed LICENCE file for full details. +# --------------------------------------------------------------- + + +# +# -- [[ Recommended Base Configuration ]] ------------------------------------------------- +# +# The configuration directives/settings in this file are used to control +# the OWASP ModSecurity CRS. These settings do **NOT** configure the main +# ModSecurity settings such as: +# +# - SecRuleEngine +# - SecRequestBodyAccess +# - SecAuditEngine +# - SecDebugLog +# +# You should use the modsecurity.conf-recommended file that comes with the +# ModSecurity source code archive. +# +# Ref: http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/modsecurity.conf-recommended +# + + +# +# -- [[ Rule Version ]] ------------------------------------------------------------------- +# +# Rule version data is added to the "Producer" line of Section H of the Audit log: +# +# - Producer: ModSecurity for Apache/2.7.0-rc1 (http://www.modsecurity.org/); OWASP_CRS/2.2.4. +# +# Ref: https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecComponentSignature +# +SecComponentSignature "OWASP_CRS/2.2.6" + + +# +# -- [[ Modes of Operation: Self-Contained vs. Collaborative Detection ]] ----------------- +# +# Each detection rule uses the "block" action which will inherit the SecDefaultAction +# specified below. Your settings here will determine which mode of operation you use. +# +# -- [[ Self-Contained Mode ]] -- +# Rules inherit the "deny" disruptive action. The first rule that matches will block. +# +# -- [[ Collaborative Detection Mode ]] -- +# This is a "delayed blocking" mode of operation where each matching rule will inherit +# the "pass" action and will only contribute to anomaly scores. Transactional blocking +# can be applied +# +# -- [[ Alert Logging Control ]] -- +# You have three options - +# +# - To log to both the Apache error_log and ModSecurity audit_log file use: "log" +# - To log *only* to the ModSecurity audit_log file use: "nolog,auditlog" +# - To log *only* to the Apache error_log file use: "log,noauditlog" +# +# Ref: http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-traditional-vs-anomaly-scoring-detection-modes.html +# Ref: https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecDefaultAction +# +SecDefaultAction "phase:1,deny,log" + + +# +# -- [[ Collaborative Detection Severity Levels ]] ---------------------------------------- +# +# These are the default scoring points for each severity level. You may +# adjust these to you liking. These settings will be used in macro expansion +# in the rules to increment the anomaly scores when rules match. +# +# These are the default Severity ratings (with anomaly scores) of the individual rules - +# +# - 2: Critical - Anomaly Score of 5. +# Is the highest severity level possible without correlation. It is +# normally generated by the web attack rules (40 level files). +# - 3: Error - Anomaly Score of 4. +# Is generated mostly from outbound leakage rules (50 level files). +# - 4: Warning - Anomaly Score of 3. +# Is generated by malicious client rules (35 level files). +# - 5: Notice - Anomaly Score of 2. +# Is generated by the Protocol policy and anomaly files. +# +SecAction \ + "id:'900001', \ + phase:1, \ + t:none, \ + setvar:tx.critical_anomaly_score=5, \ + setvar:tx.error_anomaly_score=4, \ + setvar:tx.warning_anomaly_score=3, \ + setvar:tx.notice_anomaly_score=2, \ + nolog, \ + pass" + + +# +# -- [[ Collaborative Detection Scoring Threshold Levels ]] ------------------------------ +# +# These variables are used in macro expansion in the 49 inbound blocking and 59 +# outbound blocking files. +# +# **MUST HAVE** ModSecurity v2.5.12 or higher to use macro expansion in numeric +# operators. If you have an earlier version, edit the 49/59 files directly to +# set the appropriate anomaly score levels. +# +# You should set the score to the proper threshold you would prefer. If set to "5" +# it will work similarly to previous Mod CRS rules and will create an event in the error_log +# file if there are any rules that match. If you would like to lessen the number of events +# generated in the error_log file, you should increase the anomaly score threshold to +# something like "20". This would only generate an event in the error_log file if +# there are multiple lower severity rule matches or if any 1 higher severity item matches. +# +SecAction \ + "id:'900002', \ + phase:1, \ + t:none, \ + setvar:tx.inbound_anomaly_score_level=5, \ + nolog, \ + pass" + + +SecAction \ + "id:'900003', \ + phase:1, \ + t:none, \ + setvar:tx.outbound_anomaly_score_level=4, \ + nolog, \ + pass" + + +# +# -- [[ Collaborative Detection Blocking ]] ----------------------------------------------- +# +# This is a collaborative detection mode where each rule will increment an overall +# anomaly score for the transaction. The scores are then evaluated in the following files: +# +# Inbound anomaly score - checked in the modsecurity_crs_49_inbound_blocking.conf file +# Outbound anomaly score - checked in the modsecurity_crs_59_outbound_blocking.conf file +# +# If you want to use anomaly scoring mode, then uncomment this line. +# +#SecAction \ + "id:'900004', \ + phase:1, \ + t:none, \ + setvar:tx.anomaly_score_blocking=on, \ + nolog, \ + pass" + + +# +# -- [[ GeoIP Database ]] ----------------------------------------------------------------- +# +# There are some rulesets that need to inspect the GEO data of the REMOTE_ADDR data. +# +# You must first download the MaxMind GeoIP Lite City DB - +# +# http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz +# +# You then need to define the proper path for the SecGeoLookupDb directive +# +# Ref: http://blog.spiderlabs.com/2010/10/detecting-malice-with-modsecurity-geolocation-data.html +# Ref: http://blog.spiderlabs.com/2010/11/detecting-malice-with-modsecurity-ip-forensics.html +# +#SecGeoLookupDb /opt/modsecurity/lib/GeoLiteCity.dat + +# +# -- [[ Regression Testing Mode ]] -------------------------------------------------------- +# +# If you are going to run the regression testing mode, you should uncomment the +# following rule. It will enable DetectionOnly mode for the SecRuleEngine and +# will enable Response Header tagging so that the client testing script can see +# which rule IDs have matched. +# +# You must specify the your source IP address where you will be running the tests +# from. +# +#SecRule REMOTE_ADDR "@ipMatch 192.168.1.100" \ + "id:'900005', \ + phase:1, \ + t:none, \ + ctl:ruleEngine=DetectionOnly, \ + setvar:tx.regression_testing=1, \ + nolog, \ + pass" + + +# +# -- [[ HTTP Policy Settings ]] ---------------------------------------------------------- +# +# Set the following policy settings here and they will be propagated to the 23 rules +# file (modsecurity_common_23_request_limits.conf) by using macro expansion. +# If you run into false positives, you can adjust the settings here. +# +# Only the max number of args is uncommented by default as there are a high rate +# of false positives. Uncomment the items you wish to set. +# +# +# -- Maximum number of arguments in request limited +SecAction \ + "id:'900006', \ + phase:1, \ + t:none, \ + setvar:tx.max_num_args=255, \ + nolog, \ + pass" + +# +# -- Limit argument name length +#SecAction \ + "id:'900007', \ + phase:1, \ + t:none, \ + setvar:tx.arg_name_length=100, \ + nolog, \ + pass" + +# +# -- Limit value name length +#SecAction \ + "id:'900008', \ + phase:1, \ + t:none, \ + setvar:tx.arg_length=400, \ + nolog, \ + pass" + +# +# -- Limit arguments total length +#SecAction \ + "id:'900009', \ + phase:1, \ + t:none, \ + setvar:tx.total_arg_length=64000, \ + nolog, \ + pass" + +# +# -- Individual file size is limited +#SecAction \ + "id:'900010', \ + phase:1, \ + t:none, \ + setvar:tx.max_file_size=1048576, \ + nolog, \ + pass" + +# +# -- Combined file size is limited +#SecAction \ + "id:'900011', \ + phase:1, \ + t:none, \ + setvar:tx.combined_file_sizes=1048576, \ + nolog, \ + pass" + + +# +# Set the following policy settings here and they will be propagated to the 30 rules +# file (modsecurity_crs_30_http_policy.conf) by using macro expansion. +# If you run into false positves, you can adjust the settings here. +# +SecAction \ + "id:'900012', \ + phase:1, \ + t:none, \ + setvar:'tx.allowed_methods=<%= @allowed_methods -%>', \ + setvar:'tx.allowed_request_content_type=<%= @content_types -%>', \ + setvar:'tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1', \ + setvar:'tx.restricted_extensions=<%= @restricted_extensions -%>', \ + setvar:'tx.restricted_headers=<%= @restricted_headers -%>', \ + nolog, \ + pass" + + +# +# -- [[ Content Security Policy (CSP) Settings ]] ----------------------------------------- +# +# The purpose of these settings is to send CSP response headers to +# Mozilla FireFox users so that you can enforce how dynamic content +# is used. CSP usage helps to prevent XSS attacks against your users. +# +# Reference Link: +# +# https://developer.mozilla.org/en/Security/CSP +# +# Uncomment this SecAction line if you want use CSP enforcement. +# You need to set the appropriate directives and settings for your site/domain and +# and activate the CSP file in the experimental_rules directory. +# +# Ref: http://blog.spiderlabs.com/2011/04/modsecurity-advanced-topic-of-the-week-integrating-content-security-policy-csp.html +# +#SecAction \ + "id:'900013', \ + phase:1, \ + t:none, \ + setvar:tx.csp_report_only=1, \ + setvar:tx.csp_report_uri=/csp_violation_report, \ + setenv:'csp_policy=allow \'self\'; img-src *.yoursite.com; media-src *.yoursite.com; style-src *.yoursite.com; frame-ancestors *.yoursite.com; script-src *.yoursite.com; report-uri %{tx.csp_report_uri}', \ + nolog, \ + pass" + + +# +# -- [[ Brute Force Protection ]] --------------------------------------------------------- +# +# If you are using the Brute Force Protection rule set, then uncomment the following +# lines and set the following variables: +# - Protected URLs: resources to protect (e.g. login pages) - set to your login page +# - Burst Time Slice Interval: time interval window to monitor for bursts +# - Request Threshold: request # threshold to trigger a burst +# - Block Period: temporary block timeout +# +#SecAction \ + "id:'900014', \ + phase:1, \ + t:none, \ + setvar:'tx.brute_force_protected_urls=/login.jsp /partner_login.php', \ + setvar:'tx.brute_force_burst_time_slice=60', \ + setvar:'tx.brute_force_counter_threshold=10', \ + setvar:'tx.brute_force_block_timeout=300', \ + nolog, \ + pass" + + +# +# -- [[ DoS Protection ]] ---------------------------------------------------------------- +# +# If you are using the DoS Protection rule set, then uncomment the following +# lines and set the following variables: +# - Burst Time Slice Interval: time interval window to monitor for bursts +# - Request Threshold: request # threshold to trigger a burst +# - Block Period: temporary block timeout +# +#SecAction \ + "id:'900015', \ + phase:1, \ + t:none, \ + setvar:'tx.dos_burst_time_slice=60', \ + setvar:'tx.dos_counter_threshold=100', \ + setvar:'tx.dos_block_timeout=600', \ + nolog, \ + pass" + + +# +# -- [[ Check UTF enconding ]] ----------------------------------------------------------- +# +# We only want to apply this check if UTF-8 encoding is actually used by the site, otherwise +# it will result in false positives. +# +# Uncomment this line if your site uses UTF8 encoding +#SecAction \ + "id:'900016', \ + phase:1, \ + t:none, \ + setvar:tx.crs_validate_utf8_encoding=1, \ + nolog, \ + pass" + + +# +# -- [[ Enable XML Body Parsing ]] ------------------------------------------------------- +# +# The rules in this file will trigger the XML parser upon an XML request +# +# Initiate XML Processor in case of xml content-type +# +SecRule REQUEST_HEADERS:Content-Type "text/xml" \ + "id:'900017', \ + phase:1, \ + t:none,t:lowercase, \ + nolog, \ + pass, \ + chain" + SecRule REQBODY_PROCESSOR "!@streq XML" \ + "ctl:requestBodyProcessor=XML" + + +# +# -- [[ Global and IP Collections ]] ----------------------------------------------------- +# +# Create both Global and IP collections for rules to use +# There are some CRS rules that assume that these two collections +# have already been initiated. +# +SecRule REQUEST_HEADERS:User-Agent "^(.*)$" \ + "id:'900018', \ + phase:1, \ + t:none,t:sha1,t:hexEncode, \ + setvar:tx.ua_hash=%{matched_var}, \ + nolog, \ + pass" + + +SecRule REQUEST_HEADERS:x-forwarded-for "^\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b" \ + "id:'900019', \ + phase:1, \ + t:none, \ + capture, \ + setvar:tx.real_ip=%{tx.1}, \ + nolog, \ + pass" + + +SecRule &TX:REAL_IP "!@eq 0" \ + "id:'900020', \ + phase:1, \ + t:none, \ + initcol:global=global, \ + initcol:ip=%{tx.real_ip}_%{tx.ua_hash}, \ + nolog, \ + pass" + + +SecRule &TX:REAL_IP "@eq 0" \ + "id:'900021', \ + phase:1, \ + t:none, \ + initcol:global=global, \ + initcol:ip=%{remote_addr}_%{tx.ua_hash}, \ + nolog, \ + pass"
--- a/modules/apache/templates/mod/ssl.conf.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/mod/ssl.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -1,19 +1,19 @@ <IfModule mod_ssl.c> SSLRandomSeed startup builtin - SSLRandomSeed startup file:/dev/urandom 512 + SSLRandomSeed startup file:/dev/urandom <%= @ssl_random_seed_bytes %> SSLRandomSeed connect builtin - SSLRandomSeed connect file:/dev/urandom 512 + SSLRandomSeed connect file:/dev/urandom <%= @ssl_random_seed_bytes %> AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl - SSLPassPhraseDialog builtin + SSLPassPhraseDialog <%= @ssl_pass_phrase_dialog %> SSLSessionCache "shmcb:<%= @session_cache %>" SSLSessionCacheTimeout 300 <% if @ssl_compression -%> SSLCompression On <% end -%> - <% if @apache_version >= '2.4' -%> + <% if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Mutex <%= @ssl_mutex %> <% else -%> SSLMutex <%= @ssl_mutex %> @@ -21,7 +21,7 @@ SSLCryptoDevice builtin SSLHonorCipherOrder On SSLCipherSuite <%= @ssl_cipher %> - SSLProtocol all -SSLv2 + SSLProtocol <%= @ssl_protocol.compact.join(' ') %> <% if @ssl_options -%> SSLOptions <%= @ssl_options.compact.join(' ') %> <% end -%>
--- a/modules/apache/templates/mod/status.conf.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/mod/status.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -1,8 +1,12 @@ -<Location /server-status> +<Location <%= @status_path %>> SetHandler server-status + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require ip <%= Array(@allow_from).join(" ") %> + <%- else -%> Order deny,allow Deny from all Allow from <%= Array(@allow_from).join(" ") %> + <%- end -%> </Location> ExtendedStatus <%= @extended_status %>
--- a/modules/apache/templates/mod/userdir.conf.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/mod/userdir.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -8,12 +8,20 @@ AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require all denied + <%- else -%> Order allow,deny Allow from all + <%- end -%> </Limit> <LimitExcept GET POST OPTIONS> - Order deny,allow - Deny from all + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + Require all denied + <%- else -%> + Order allow,deny + Allow from all + <%- end -%> </LimitExcept> </Directory> </IfModule>
--- a/modules/apache/templates/mod/worker.conf.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/mod/worker.conf.erb Sat Mar 14 20:07:04 2015 +0000 @@ -6,4 +6,5 @@ MaxSpareThreads <%= @maxsparethreads %> ThreadsPerChild <%= @threadsperchild %> MaxRequestsPerChild <%= @maxrequestsperchild %> + ThreadLimit <%= @threadlimit %> </IfModule>
--- a/modules/apache/templates/vhost.conf.erb Sat Mar 14 20:01:17 2015 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,66 +0,0 @@ -# ************************************ -# Vhost template in module puppetlabs-apache -# Managed by Puppet -# ************************************ - -<VirtualHost <%= @nvh_addr_port %>> - ServerName <%= @servername %> -<% if @serveradmin -%> - ServerAdmin <%= @serveradmin %> -<% end -%> - - ## Vhost docroot -<% if @virtual_docroot -%> - VirtualDocumentRoot "<%= @virtual_docroot %>" -<% else -%> - DocumentRoot "<%= @docroot %>" -<% end -%> -<%= scope.function_template(['apache/vhost/_aliases.erb']) -%> - -<%= scope.function_template(['apache/vhost/_itk.erb']) -%> - -<% if @fallbackresource -%> - FallbackResource <%= @fallbackresource %> -<% end -%> - - ## Directories, there should at least be a declaration for <%= @docroot %> -<%= scope.function_template(['apache/vhost/_directories.erb']) -%> - - ## Load additional static includes -<% Array(@additional_includes).each do |include| %> - Include "<%= include %>" -<% end %> - - ## Logging -<% if @error_log -%> - ErrorLog "<%= @error_log_destination %>" -<% end -%> -<% if @log_level -%> - LogLevel <%= @log_level %> -<% end -%> - ServerSignature Off -<% if @access_log and @_access_log_env_var -%> - CustomLog "<%= @access_log_destination %>" <%= @_access_log_format %> <%= @_access_log_env_var %> -<% elsif @access_log -%> - CustomLog "<%= @access_log_destination %>" <%= @_access_log_format %> -<% end -%> -<%= scope.function_template(['apache/vhost/_action.erb']) -%> -<%= scope.function_template(['apache/vhost/_block.erb']) -%> -<%= scope.function_template(['apache/vhost/_error_document.erb']) -%> -<%= scope.function_template(['apache/vhost/_proxy.erb']) -%> -<%= scope.function_template(['apache/vhost/_rack.erb']) -%> -<%= scope.function_template(['apache/vhost/_redirect.erb']) -%> -<%= scope.function_template(['apache/vhost/_rewrite.erb']) -%> -<%= scope.function_template(['apache/vhost/_scriptalias.erb']) -%> -<%= scope.function_template(['apache/vhost/_serveralias.erb']) -%> -<%= scope.function_template(['apache/vhost/_setenv.erb']) -%> -<%= scope.function_template(['apache/vhost/_ssl.erb']) -%> -<%= scope.function_template(['apache/vhost/_suphp.erb']) -%> -<%= scope.function_template(['apache/vhost/_php_admin.erb']) -%> -<%= scope.function_template(['apache/vhost/_header.erb']) -%> -<%= scope.function_template(['apache/vhost/_requestheader.erb']) -%> -<%= scope.function_template(['apache/vhost/_wsgi.erb']) -%> -<%= scope.function_template(['apache/vhost/_custom_fragment.erb']) -%> -<%= scope.function_template(['apache/vhost/_fastcgi.erb']) -%> -<%= scope.function_template(['apache/vhost/_suexec.erb']) -%> -</VirtualHost>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/templates/vhost/_access_log.erb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,21 @@ +<% @_access_logs.each do |log| -%> +<% env ||= "env=#{log['env']}" if log['env'] -%> +<% env ||= '' -%> +<% format ||= "\"#{log['format']}\"" if log['format'] -%> +<% format ||= 'combined' -%> +<% if log['file'] -%> +<% if log['file'].chars.first == '/' -%> +<% destination = "#{log['file']}" -%> +<% else -%> +<% destination = "#{@logroot}/#{log['file']}" -%> +<% end -%> +<% elsif log['syslog'] -%> +<% destination = "syslog" -%> +<% elsif log['pipe'] -%> +<% destination = log['pipe'] -%> +<% else -%> +<% destination ||= "#{@logroot}/#{@name}_access_ssl.log" if @ssl -%> +<% destination ||= "#{@logroot}/#{@name}_access.log" -%> +<% end -%> + CustomLog "<%= destination %>" <%= format %> <%= env %> +<% end -%>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/templates/vhost/_additional_includes.erb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,10 @@ +<% Array(@additional_includes).each do |include| -%> + + ## Load additional static includes +<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 && @use_optional_includes -%> +IncludeOptional "<%= include %>" +<%- else -%> +Include "<%= include %>" +<%- end -%> + +<% end -%>
--- a/modules/apache/templates/vhost/_aliases.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/vhost/_aliases.erb Sat Mar 14 20:07:04 2015 +0000 @@ -6,6 +6,10 @@ Alias <%= alias_statement["alias"] %> "<%= alias_statement["path"] %>" <%- elsif alias_statement["aliasmatch"] and alias_statement["aliasmatch"] != '' -%> AliasMatch <%= alias_statement["aliasmatch"] %> "<%= alias_statement["path"] %>" + <%- elsif alias_statement["scriptalias"] and alias_statement["scriptalias"] != '' -%> + ScriptAlias <%= alias_statement["scriptalias"] %> "<%= alias_statement["path"] %>" + <%- elsif alias_statement["scriptaliasmatch"] and alias_statement["scriptaliasmatch"] != '' -%> + ScriptAliasMatch <%= alias_statement["scriptaliasmatch"] %> "<%= alias_statement["path"] %>" <%- end -%> <%- end -%> <%- end -%>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/templates/vhost/_allow_encoded_slashes.erb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,4 @@ +<%- if @allow_encoded_slashes -%> + + AllowEncodedSlashes <%= @allow_encoded_slashes %> +<%- end -%>
--- a/modules/apache/templates/vhost/_block.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/vhost/_block.erb Sat Mar 14 20:07:04 2015 +0000 @@ -4,7 +4,7 @@ <% if @block.include? 'scm' -%> # Block access to SCM directories. <DirectoryMatch .*\.(svn|git|bzr)/.*> - <%- if @apache_version >= '2.4' -%> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require all denied <%- else -%> Deny From All
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/templates/vhost/_charsets.erb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,4 @@ +<% if @add_default_charset -%> + + AddDefaultCharset <%= @add_default_charset %> +<% end -%>
--- a/modules/apache/templates/vhost/_directories.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/vhost/_directories.erb Sat Mar 14 20:07:04 2015 +0000 @@ -1,20 +1,22 @@ <% if @_directories and ! @_directories.empty? -%> + + ## Directories, there should at least be a declaration for <%= @docroot %> <%- [@_directories].flatten.compact.each do |directory| -%> <%- if directory['path'] and directory['path'] != '' -%> - <%- if directory['provider'] and directory['provider'].match('(directory|location|files)') -%> - <%- if /^(.*)match$/ =~ directory['provider'] -%> - <%- provider = $1.capitalize + 'Match' -%> - <%- else -%> - <%- provider = directory['provider'].capitalize -%> - <%- end -%> - <%- else -%> - <%- provider = 'Directory' -%> - <%- end -%> - <%- path = directory['path'] %> + <%- if directory['provider'] and directory['provider'].match('(directory|location|files)') -%> + <%- if /^(.*)match$/ =~ directory['provider'] -%> + <%- provider = $1.capitalize + 'Match' -%> + <%- else -%> + <%- provider = directory['provider'].capitalize -%> + <%- end -%> + <%- else -%> + <%- provider = 'Directory' -%> + <%- end -%> + <%- path = directory['path'] -%> <<%= provider %> "<%= path %>"> - <%- if directory['headers'] -%> - <%- Array(directory['headers']).each do |header| -%> + <%- if directory['headers'] -%> + <%- Array(directory['headers']).each do |header| -%> Header <%= header %> <%- end -%> <%- end -%> @@ -34,13 +36,20 @@ AllowOverride None <%- end -%> <%- end -%> - <%- if @apache_version == '2.4' -%> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> <%- if directory['require'] and directory['require'] != '' -%> Require <%= Array(directory['require']).join(' ') %> - <%- else -%> + <%- end -%> + <%- if directory['auth_require'] -%> + Require <%= directory['auth_require'] %> + <%- end -%> + <%- if !(directory['require'] and directory['require'] != '') && !(directory['auth_require']) -%> Require all granted <%- end -%> <%- else -%> + <%- if directory['auth_require'] -%> + Require <%= directory['auth_require'] %> + <%- end -%> <%- if directory['order'] and directory['order'] != '' -%> Order <%= Array(directory['order']).join(',') %> <%- else -%> @@ -50,13 +59,22 @@ Deny <%= directory['deny'] %> <%- end -%> <%- if directory['allow'] and ! [ false, 'false', '' ].include?(directory['allow']) -%> + <%- if directory['allow'].kind_of?(Array) -%> + <%- Array(directory['allow']).each do |access| -%> + Allow <%= access %> + <%- end -%> + <%- else -%> Allow <%= directory['allow'] %> + <%- end -%> <%- elsif [ 'from all', 'from All' ].include?(directory['deny']) -%> <%- elsif ! directory['deny'] and [ false, 'false', '' ].include?(directory['allow']) -%> Deny from all <%- else -%> Allow from all <%- end -%> + <%- if directory['satisfy'] and directory['satisfy'] != '' -%> + Satisfy <%= directory['satisfy'] %> + <%- end -%> <%- end -%> <%- if directory['addhandlers'] and ! directory['addhandlers'].empty? -%> <%- [directory['addhandlers']].flatten.compact.each do |addhandler| -%> @@ -69,14 +87,25 @@ <%- if directory['passenger_enabled'] and directory['passenger_enabled'] != '' -%> PassengerEnabled <%= directory['passenger_enabled'] %> <%- end -%> + <%- if directory['php_flags'] and ! directory['php_flags'].empty? -%> + <%- directory['php_flags'].sort.each do |flag,value| -%> + <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> + php_flag <%= "#{flag} #{value}" %> + <%- end -%> + <%- end -%> + <%- if directory['php_values'] and ! directory['php_values'].empty? -%> + <%- directory['php_values'].sort.each do |key,value| -%> + php_value <%= "#{key} #{value}" %> + <%- end -%> + <%- end -%> <%- if directory['php_admin_flags'] and ! directory['php_admin_flags'].empty? -%> - <%- directory['php_admin_flags'].each do |flag,value| -%> - <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> + <%- directory['php_admin_flags'].sort.each do |flag,value| -%> + <%- value = if value =~ /true|yes|on|1/i then 'on' else 'off' end -%> php_admin_flag <%= "#{flag} #{value}" %> <%- end -%> <%- end -%> <%- if directory['php_admin_values'] and ! directory['php_admin_values'].empty? -%> - <%- directory['php_admin_values'].each do |key,value| -%> + <%- directory['php_admin_values'].sort.each do |key,value| -%> php_admin_value <%= "#{key} #{value}" %> <%- end -%> <%- end -%> @@ -127,9 +156,6 @@ <%- if directory['auth_group_file'] -%> AuthGroupFile <%= directory['auth_group_file'] %> <%- end -%> - <%- if directory['auth_require'] -%> - Require <%= directory['auth_require'] %> - <%- end -%> <%- if directory['fallbackresource'] -%> FallbackResource <%= directory['fallbackresource'] %> <%- end -%> @@ -153,6 +179,51 @@ <%- if directory['suphp'] and @suphp_engine == 'on' -%> suPHP_UserGroup <%= directory['suphp']['user'] %> <%= directory['suphp']['group'] %> <%- end -%> + <%- if directory['fcgiwrapper'] -%> + FcgidWrapper <%= directory['fcgiwrapper']['command'] %> <%= directory['fcgiwrapper']['suffix'] %> <%= directory['fcgiwrapper']['virtual'] %> + <%- end -%> + <%- if directory['rewrites'] -%> + # Rewrite rules + RewriteEngine On + <%- directory['rewrites'].flatten.compact.each do |rewrite_details| -%> + <%- if rewrite_details['comment'] -%> + #<%= rewrite_details['comment'] %> + <%- end -%> + <%- if rewrite_details['rewrite_base'] -%> + RewriteBase <%= rewrite_details['rewrite_base'] %> + <%- end -%> + <%- if rewrite_details['rewrite_cond'] -%> + <%- Array(rewrite_details['rewrite_cond']).each do |commands| -%> + <%- Array(commands).each do |command| -%> + RewriteCond <%= command %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- Array(rewrite_details['rewrite_rule']).each do |commands| -%> + <%- Array(commands).each do |command| -%> + RewriteRule <%= command %> + <%- end -%> + <%- end -%> + <%- end -%> + <%- end -%> + <%- if directory['setenv'] -%> + <%- Array(directory['setenv']).each do |setenv| -%> + SetEnv <%= setenv %> + <%- end -%> + <%- end -%> + <%- if @shibboleth_enabled -%> + <%- if directory['shib_require_session'] and ! directory['shib_require_session'].empty? -%> + ShibRequireSession <%= directory['shib_require_session'] %> + <%- end -%> + <%- if directory['shib_request_settings'] and ! directory['shib_request_settings'].empty? -%> + <%- directory['shib_request_settings'].each do |key,value| -%> + ShibRequestSetting <%= key %> <%= value %> + <%- end -%> + <%- end -%> + <%- if directory['shib_use_headers'] and ! directory['shib_use_headers'].empty? -%> + ShibUseHeaders <%= directory['shib_use_headers'] %> + <%- end -%> + <%- end -%> <%- if directory['custom_fragment'] -%> <%= directory['custom_fragment'] %> <%- end -%>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/templates/vhost/_docroot.erb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,7 @@ + + ## Vhost docroot +<% if @virtual_docroot -%> + VirtualDocumentRoot "<%= @virtual_docroot %>" +<% else -%> + DocumentRoot "<%= @docroot %>" +<% end -%>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/templates/vhost/_fallbackresource.erb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,4 @@ +<% if @fallbackresource -%> + + FallbackResource <%= @fallbackresource %> +<% end -%>
--- a/modules/apache/templates/vhost/_fastcgi.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/vhost/_fastcgi.erb Sat Mar 14 20:07:04 2015 +0000 @@ -8,7 +8,7 @@ Options +ExecCGI AllowOverride All SetHandler fastcgi-script - <%- if @apache_version >= '2.4' -%> + <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> Require all granted <%- else -%> Order allow,deny
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/templates/vhost/_file_footer.erb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,1 @@ +</VirtualHost>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/templates/vhost/_file_header.erb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,10 @@ +# ************************************ +# Vhost template in module puppetlabs-apache +# Managed by Puppet +# ************************************ + +<VirtualHost <%= @nvh_addr_port %>> + ServerName <%= @servername %> +<% if @serveradmin -%> + ServerAdmin <%= @serveradmin %> +<% end -%>
--- a/modules/apache/templates/vhost/_itk.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/vhost/_itk.erb Sat Mar 14 20:07:04 2015 +0000 @@ -1,4 +1,5 @@ <% if @itk and ! @itk.empty? -%> + ## ITK statement <IfModule mpm_itk_module> <%- if @itk["user"] and @itk["group"] -%>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/templates/vhost/_logging.erb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,10 @@ +<% if @error_log or @log_level -%> + + ## Logging +<% end -%> +<% if @error_log -%> + ErrorLog "<%= @error_log_destination %>" +<% end -%> +<% if @log_level -%> + LogLevel <%= @log_level %> +<% end -%>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/templates/vhost/_passenger.erb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,15 @@ +<% if @passenger_app_root -%> + PassengerAppRoot <%= @passenger_app_root %> +<% end -%> +<% if @passenger_ruby -%> + PassengerRuby <%= @passenger_ruby %> +<% end -%> +<% if @passenger_min_instances -%> + PassengerMinInstances <%= @passenger_min_instances %> +<% end -%> +<% if @passenger_start_timeout -%> + PassengerStartTimeout <%= @passenger_start_timeout %> +<% end -%> +<% if @passenger_pre_start -%> + PassengerPreStart <%= @passenger_pre_start %> +<% end -%>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/templates/vhost/_php.erb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,12 @@ +<% if @php_values and not @php_values.empty? -%> + <%- @php_values.sort.each do |key,value| -%> + php_value <%= key %> <%= value %> + <%- end -%> +<% end -%> +<% if @php_flags and not @php_flags.empty? -%> + <%- @php_flags.sort.each do |key,flag| -%> + <%-# normalize flag -%> + <%- if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%> + php_flag <%= key %> <%= flag %> + <%- end -%> +<% end -%> \ No newline at end of file
--- a/modules/apache/templates/vhost/_php_admin.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/vhost/_php_admin.erb Sat Mar 14 20:07:04 2015 +0000 @@ -1,12 +1,12 @@ <% if @php_admin_values and not @php_admin_values.empty? -%> -<% @php_admin_values.each do |key,value| -%> + <%- @php_admin_values.sort.each do |key,value| -%> php_admin_value <%= key %> <%= value %> -<% end -%> + <%- end -%> <% end -%> <% if @php_admin_flags and not @php_admin_flags.empty? -%> -<% @php_admin_flags.each do |key,flag| -%> -<%# normalize flag -%> -<% if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%> + <%- @php_admin_flags.sort.each do |key,flag| -%> + <%-# normalize flag -%> + <%- if flag =~ /true|yes|on|1/i then flag = 'on' else flag = 'off' end -%> php_admin_flag <%= key %> <%= flag %> + <%- end -%> <% end -%> -<% end -%>
--- a/modules/apache/templates/vhost/_proxy.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/vhost/_proxy.erb Sat Mar 14 20:07:04 2015 +0000 @@ -3,16 +3,31 @@ ## Proxy rules ProxyRequests Off <%- end -%> -<% [@proxy_pass].flatten.compact.each do |proxy| %> - ProxyPass <%= proxy['path'] %> <%= proxy['url'] %> +<% if @proxy_preserve_host -%> + ProxyPreserveHost On +<%- end -%> +<%- [@proxy_pass].flatten.compact.each do |proxy| -%> + ProxyPass <%= proxy['path'] %> <%= proxy['url'] -%> + <%- if proxy['params'] -%> + <%- proxy['params'].each_pair do |key, value| -%> <%= key %>=<%= value -%> + <%- end -%> + <%- end -%> + <%- if proxy['keywords'] %> <%= proxy['keywords'].join(' ') -%> + <%- end %> <Location <%= proxy['path']%>> + <%- if proxy['reverse_urls'].nil? -%> ProxyPassReverse <%= proxy['url'] %> + <%- else -%> + <%- Array(proxy['reverse_urls']).each do |reverse_url| -%> + ProxyPassReverse <%= reverse_url %> + <%- end -%> + <%- end -%> </Location> -<% end %> +<% end -%> <% if @proxy_dest -%> -<% Array(@no_proxy_uris).each do |uri| %> +<%- Array(@no_proxy_uris).each do |uri| -%> ProxyPass <%= uri %> ! -<% end %> +<% end -%> ProxyPass / <%= @proxy_dest %>/ <Location /> ProxyPassReverse <%= @proxy_dest %>/
--- a/modules/apache/templates/vhost/_redirect.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/vhost/_redirect.erb Sat Mar 14 20:07:04 2015 +0000 @@ -4,21 +4,22 @@ <% @redirect_status_a = Array(@redirect_status) -%> ## Redirect rules -<% @redirect_source_a.each_with_index do |source, i| -%> + <%- @redirect_source_a.each_with_index do |source, i| -%> <% @redirect_dest_a[i] ||= @redirect_dest_a[0] -%> <% @redirect_status_a[i] ||= @redirect_status_a[0] -%> Redirect <%= "#{@redirect_status_a[i]} " %><%= source %> <%= @redirect_dest_a[i] %> -<% end -%> + <%- end -%> <% end -%> - -<%- if @redirectmatch_status and @redirectmatch_regexp -%> +<%- if @redirectmatch_status and @redirectmatch_regexp and @redirectmatch_dest -%> <% @redirectmatch_status_a = Array(@redirectmatch_status) -%> <% @redirectmatch_regexp_a = Array(@redirectmatch_regexp) -%> +<% @redirectmatch_dest_a = Array(@redirectmatch_dest) -%> ## RedirectMatch rules -<% @redirectmatch_status_a.each_with_index do |status, i| -%> + <%- @redirectmatch_status_a.each_with_index do |status, i| -%> <% @redirectmatch_status_a[i] ||= @redirectmatch_status_a[0] -%> <% @redirectmatch_regexp_a[i] ||= @redirectmatch_regexp_a[0] -%> - RedirectMatch <%= "#{@redirectmatch_status_a[i]} " %> <%= @redirectmatch_regexp_a[i] %> +<% @redirectmatch_dest_a[i] ||= @redirectmatch_dest_a[0] -%> + RedirectMatch <%= "#{@redirectmatch_status_a[i]} " %> <%= @redirectmatch_regexp_a[i] %> <%= @redirectmatch_dest_a[i] %> + <%- end -%> <% end -%> -<% end -%>
--- a/modules/apache/templates/vhost/_rewrite.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/vhost/_rewrite.erb Sat Mar 14 20:07:04 2015 +0000 @@ -27,17 +27,17 @@ <%- end -%> <%- end -%> <%- end -%> -<%# reverse compatibility %> +<%# reverse compatibility -%> <% if @rewrite_rule and !@rewrites -%> ## Rewrite rules RewriteEngine On -<% if @rewrite_base -%> + <%- if @rewrite_base -%> RewriteBase <%= @rewrite_base %> -<% end -%> -<% if @rewrite_cond -%> -<% Array(@rewrite_cond).each do |cond| -%> + <%- end -%> + <%- if @rewrite_cond -%> + <%- Array(@rewrite_cond).each do |cond| -%> RewriteCond <%= cond %> -<% end -%> -<% end -%> + <%- end -%> + <%- end -%> RewriteRule <%= @rewrite_rule %> <%- end -%>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/templates/vhost/_security.erb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,20 @@ +<% if @modsec_disable_vhost -%> + SecRuleEngine Off +<% end -%> +<% if @_modsec_disable_ids.is_a?(Hash) -%> +<% @_modsec_disable_ids.each do |location,rules| -%> + <LocationMatch <%= location %>> +<% Array(rules).each do |rule| -%> + SecRuleRemoveById <%= rule %> +<% end -%> + </LocationMatch> +<% end -%> +<% end -%> +<% ips = Array(@modsec_disable_ips).join(',') %> +<% if ips != '' %> + SecRule REMOTE_ADDR "<%= ips %>" "nolog,allow,id:1234123455" + SecAction "phase:2,pass,nolog,id:1234123456" +<% end -%> +<% if @modsec_body_limit -%> + SecRequestBodyLimit <%= @modsec_body_limit %> +<% end -%>
--- a/modules/apache/templates/vhost/_serveralias.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/vhost/_serveralias.erb Sat Mar 14 20:07:04 2015 +0000 @@ -1,7 +1,7 @@ <% if @serveraliases and ! @serveraliases.empty? -%> ## Server aliases -<% Array(@serveraliases).each do |serveralias| -%> + <%- Array(@serveraliases).each do |serveralias| -%> ServerAlias <%= serveralias %> + <%- end -%> <% end -%> -<% end -%>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/templates/vhost/_serversignature.erb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,1 @@ + ServerSignature Off
--- a/modules/apache/templates/vhost/_setenv.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/vhost/_setenv.erb Sat Mar 14 20:07:04 2015 +0000 @@ -1,12 +1,12 @@ <% if @setenv and ! @setenv.empty? -%> ## SetEnv/SetEnvIf for environment variables -<% Array(@setenv).each do |envvar| -%> + <%- Array(@setenv).each do |envvar| -%> SetEnv <%= envvar %> -<% end -%> + <%- end -%> <% end -%> <% if @setenvif and ! @setenvif.empty? -%> -<% Array(@setenvif).each do |envifvar| -%> + <%- Array(@setenvif).each do |envifvar| -%> SetEnvIf <%= envifvar %> + <%- end -%> <% end -%> -<% end -%>
--- a/modules/apache/templates/vhost/_ssl.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/vhost/_ssl.erb Sat Mar 14 20:07:04 2015 +0000 @@ -4,38 +4,43 @@ SSLEngine on SSLCertificateFile "<%= @ssl_cert %>" SSLCertificateKeyFile "<%= @ssl_key %>" -<% if @ssl_chain -%> + <%- if @ssl_chain -%> SSLCertificateChainFile "<%= @ssl_chain %>" -<% end -%> + <%- end -%> + <%- if @ssl_certs_dir && @ssl_certs_dir != '' -%> SSLCACertificatePath "<%= @ssl_certs_dir %>" -<% if @ssl_ca -%> + <%- end -%> + <%- if @ssl_ca -%> SSLCACertificateFile "<%= @ssl_ca %>" -<% end -%> -<% if @ssl_crl_path -%> + <%- end -%> + <%- if @ssl_crl_path -%> SSLCARevocationPath "<%= @ssl_crl_path %>" -<% end -%> -<% if @ssl_crl -%> + <%- end -%> + <%- if @ssl_crl -%> SSLCARevocationFile "<%= @ssl_crl %>" -<% end -%> -<% if @ssl_proxyengine -%> + <%- end -%> + <%- if @ssl_crl_check && scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> + SSLCARevocationCheck "<%= @ssl_crl_check %>" + <%- end -%> + <%- if @ssl_proxyengine -%> SSLProxyEngine On -<% end -%> -<% if @ssl_protocol -%> + <%- end -%> + <%- if @ssl_protocol -%> SSLProtocol <%= @ssl_protocol %> -<% end -%> -<% if @ssl_cipher -%> + <%- end -%> + <%- if @ssl_cipher -%> SSLCipherSuite <%= @ssl_cipher %> -<% end -%> -<% if @ssl_honorcipherorder -%> + <%- end -%> + <%- if @ssl_honorcipherorder -%> SSLHonorCipherOrder <%= @ssl_honorcipherorder %> -<% end -%> -<% if @ssl_verify_client -%> + <%- end -%> + <%- if @ssl_verify_client -%> SSLVerifyClient <%= @ssl_verify_client %> -<% end -%> -<% if @ssl_verify_depth -%> + <%- end -%> + <%- if @ssl_verify_depth -%> SSLVerifyDepth <%= @ssl_verify_depth %> + <%- end -%> + <%- if @ssl_options -%> + SSLOptions <%= Array(@ssl_options).join(' ') %> + <%- end -%> <% end -%> -<% if @ssl_options -%> - SSLOptions <%= Array(@ssl_options).join(' ') %> -<% end -%> -<% end -%>
--- a/modules/apache/templates/vhost/_suphp.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/vhost/_suphp.erb Sat Mar 14 20:07:04 2015 +0000 @@ -1,11 +1,11 @@ <% if @suphp_engine == 'on' -%> -<% if @suphp_addhandler -%> + <%- if @suphp_addhandler -%> suPHP_AddHandler <%= @suphp_addhandler %> -<% end -%> -<% if @suphp_engine -%> + <%- end -%> + <%- if @suphp_engine -%> suPHP_Engine <%= @suphp_engine %> -<% end -%> -<% if @suphp_configpath -%> + <%- end -%> + <%- if @suphp_configpath -%> suPHP_ConfigPath "<%= @suphp_configpath %>" + <%- end -%> <% end -%> -<% end -%>
--- a/modules/apache/templates/vhost/_wsgi.erb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/templates/vhost/_wsgi.erb Sat Mar 14 20:07:04 2015 +0000 @@ -13,9 +13,15 @@ WSGIProcessGroup <%= @wsgi_process_group %> <% end -%> <% if @wsgi_script_aliases and ! @wsgi_script_aliases.empty? -%> - <%- @wsgi_script_aliases.each do |a, p| -%> - <%- if a != '' and p != ''-%> - WSGIScriptAlias <%= a %> "<%= p %>" + <%- @wsgi_script_aliases.keys.sort.each do |key| -%> + <%- if key != '' and @wsgi_script_aliases[key] != ''-%> + WSGIScriptAlias <%= key %> "<%= @wsgi_script_aliases[key] %>" <%- end -%> <%- end -%> <% end -%> +<% if @wsgi_pass_authorization -%> + WSGIPassAuthorization <%= @wsgi_pass_authorization %> +<% end -%> +<% if @wsgi_chunked_request -%> + WSGIChunkedRequest <%= @wsgi_chunked_request %> +<% end -%>
--- a/modules/apache/tests/dev.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/tests/dev.pp Sat Mar 14 20:07:04 2015 +0000 @@ -1,1 +1,1 @@ -include apache::dev +include apache::mod::dev
--- a/modules/apache/tests/vhost.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/apache/tests/vhost.pp Sat Mar 14 20:07:04 2015 +0000 @@ -143,14 +143,14 @@ # Vhost to redirect non-ssl to ssl apache::vhost { 'sixteenth.example.com non-ssl': - servername => 'sixteenth.example.com', - port => '80', - docroot => '/var/www/sixteenth', - rewrites => [ + servername => 'sixteenth.example.com', + port => '80', + docroot => '/var/www/sixteenth', + rewrites => [ { - comment => 'redirect non-SSL traffic to SSL site', - rewrite_cond => ['%{HTTPS} off'], - rewrite_rule => ['(.*) https://%{HTTPS_HOST}%{REQUEST_URI}'], + comment => 'redirect non-SSL traffic to SSL site', + rewrite_cond => ['%{HTTPS} off'], + rewrite_rule => ['(.*) https://%{HTTPS_HOST}%{REQUEST_URI}'], } ] } @@ -215,18 +215,18 @@ # Vhost with SSLProtocol,SSLCipherSuite, SSLHonorCipherOrder apache::vhost { 'securedomain.com': - priority => '10', - vhost_name => 'www.securedomain.com', - port => '443', - docroot => '/var/www/secure', - ssl => true, - ssl_cert => '/etc/ssl/securedomain.cert', - ssl_key => '/etc/ssl/securedomain.key', - ssl_chain => '/etc/ssl/securedomain.crt', - ssl_protocol => '-ALL +SSLv3 +TLSv1', - ssl_cipher => 'ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM', - ssl_honorcipherorder => 'On', - add_listen => false, + priority => '10', + vhost_name => 'www.securedomain.com', + port => '443', + docroot => '/var/www/secure', + ssl => true, + ssl_cert => '/etc/ssl/securedomain.cert', + ssl_key => '/etc/ssl/securedomain.key', + ssl_chain => '/etc/ssl/securedomain.crt', + ssl_protocol => '-ALL +SSLv3 +TLSv1', + ssl_cipher => 'ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM', + ssl_honorcipherorder => 'On', + add_listen => false, } # Vhost with access log environment variables writing control
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/apache/tests/vhost_proxypass.pp Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,66 @@ +## vhost with proxyPass directive +# NB: Please see the other vhost_*.pp example files for further +# examples. + +# Base class. Declares default vhost on port 80 and default ssl +# vhost on port 443 listening on all interfaces and serving +# $apache::docroot +class { 'apache': } + +# Most basic vhost with proxy_pass +apache::vhost { 'first.example.com': + port => 80, + docroot => '/var/www/first', + proxy_pass => [ + { + 'path' => '/first', + 'url' => 'http://localhost:8080/first' + }, + ], +} + +# vhost with proxy_pass and parameters +apache::vhost { 'second.example.com': + port => 80, + docroot => '/var/www/second', + proxy_pass => [ + { + 'path' => '/second', + 'url' => 'http://localhost:8080/second', + 'params' => { + 'retry' => '0', + 'timeout' => '5' + } + }, + ], +} + +# vhost with proxy_pass and keywords +apache::vhost { 'third.example.com': + port => 80, + docroot => '/var/www/third', + proxy_pass => [ + { + 'path' => '/third', + 'url' => 'http://localhost:8080/third', + 'keywords' => ['noquery', 'interpolate'] + }, + ], +} + +# vhost with proxy_pass, parameters and keywords +apache::vhost { 'fourth.example.com': + port => 80, + docroot => '/var/www/fourth', + proxy_pass => [ + { + 'path' => '/fourth', + 'url' => 'http://localhost:8080/fourth', + 'params' => { + 'retry' => '0', + 'timeout' => '5' + }, + 'keywords' => ['noquery', 'interpolate'] + }, + ], +}
--- a/modules/concat/CHANGELOG Sat Mar 14 20:01:17 2015 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,127 +0,0 @@ -2014-05-14 1.1.0 - -Summary - -This release is primarily a bugfix release since 1.1.0-rc1. - -Features: -- Improved testing, with tests moved to beaker - -Bugfixes: -- No longer attempts to set fragment owner and mode on Windows -- Fix numeric sorting -- Fix incorrect quoting -- Fix newlines - -2014-01-03 1.1.0-rc1 - -Summary: - -This release of concat was 90% written by Joshua Hoblitt, and the module team -would like to thank him for the huge amount of work he put into this release. - -This module deprecates a bunch of old parameters and usage patterns, modernizes -much of the manifest code, simplifies a whole bunch of logic and makes -improvements to almost all parts of the module. - -The other major feature is windows support, courtesy of luisfdez, with an -alternative version of the concat bash script in ruby. We've attempted to -ensure that there are no backwards incompatible changes, all users of 1.0.0 -should be able to use 1.1.0 without any failures, but you may find deprecation -warnings and we'll be aggressively moving for a 2.0 to remove those too. - -For further information on deprecations, please read: -https://github.com/puppetlabs/puppetlabs-concat/blob/master/README.md#api-deprecations - -Removed: -- Puppet 0.24 support. -- Filebucket backup of all file resources except the target concatenated file. -- Default owner/user/group values. -- Purging of long unused /usr/local/bin/concatfragments.sh - -Features: -- Windows support via a ruby version of the concat bash script. -- Huge amount of acceptance testing work added. -- Documentation (README) completely rewritten. -- New parameters in concat: - - `ensure`: Controls if the file should be present/absent at all. -- Remove requirement to include concat::setup in manifests. -- Made `gnu` parameter deprecated. -- Added parameter validation. - -Bugfixes: -- Ensure concat::setup runs before concat::fragment in all cases. -- Pluginsync references updated for modern Puppet. -- Fix incorrect group parameter. -- Use $owner instead of $id to avoid confusion with $::id -- Compatibility fixes for Puppet 2.7/ruby 1.8.7 -- Use LC_ALL=C instead of LANG=C -- Always exec the concatfragments script as root when running as root. -- Syntax and other cleanup changes. - -2013-08-09 1.0.0 - -Summary: - -Many new features and bugfixes in this release, and if you're a heavy concat -user you should test carefully before upgrading. The features should all be -backwards compatible but only light testing has been done from our side before -this release. - -Features: -- New parameters in concat: - - `replace`: specify if concat should replace existing files. - - `ensure_newline`: controls if fragments should contain a newline at the end. -- Improved README documentation. -- Add rspec:system tests (rake spec:system to test concat) - -Bugfixes -- Gracefully handle \n in a fragment resource name. -- Adding more helpful message for 'pluginsync = true' -- Allow passing `source` and `content` directly to file resource, rather than -defining resource defaults. -- Added -r flag to read so that filenames with \ will be read correctly. -- sort always uses LANG=C. -- Allow WARNMSG to contain/start with '#'. -- Replace while-read pattern with for-do in order to support Solaris. - -CHANGELOG: -- 2010/02/19 - initial release -- 2010/03/12 - add support for 0.24.8 and newer - - make the location of sort configurable - - add the ability to add shell comment based warnings to - top of files - - add the ablity to create empty files -- 2010/04/05 - fix parsing of WARN and change code style to match rest - of the code - - Better and safer boolean handling for warn and force - - Don't use hard coded paths in the shell script, set PATH - top of the script - - Use file{} to copy the result and make all fragments owned - by root. This means we can chnage the ownership/group of the - resulting file at any time. - - You can specify ensure => "/some/other/file" in concat::fragment - to include the contents of a symlink into the final file. -- 2010/04/16 - Add more cleaning of the fragment name - removing / from the $name -- 2010/05/22 - Improve documentation and show the use of ensure => -- 2010/07/14 - Add support for setting the filebucket behavior of files -- 2010/10/04 - Make the warning message configurable -- 2010/12/03 - Add flags to make concat work better on Solaris - thanks Jonathan Boyett -- 2011/02/03 - Make the shell script more portable and add a config option for root group -- 2011/06/21 - Make base dir root readable only for security -- 2011/06/23 - Set base directory using a fact instead of hardcoding it -- 2011/06/23 - Support operating as non privileged user -- 2011/06/23 - Support dash instead of bash or sh -- 2011/07/11 - Better solaris support -- 2011/12/05 - Use fully qualified variables -- 2011/12/13 - Improve Nexenta support -- 2012/04/11 - Do not use any GNU specific extensions in the shell script -- 2012/03/24 - Comply to community style guides -- 2012/05/23 - Better errors when basedir isnt set -- 2012/05/31 - Add spec tests -- 2012/07/11 - Include concat::setup in concat improving UX -- 2012/08/14 - Puppet Lint improvements -- 2012/08/30 - The target path can be different from the $name -- 2012/08/30 - More Puppet Lint cleanup -- 2012/09/04 - RELEASE 0.2.0 -- 2012/12/12 - Added (file) $replace parameter to concat
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/concat/CHANGELOG.md Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,226 @@ +##2015-02-17 - Supported Release 1.2.0 +###Summary + +This release includes a number of bugfixes and adds support for running a validation command when using puppet >= 3.5.0. + +####Features +- Support running a validation command for Puppet >= 3.5.0 + +####Bugfixes +- Reset poisoned defaults from Exec +- Use concatfragments.rb on AIX since it doesn't support print0 +- Make sure ruby is in the path for PE (MODULES-1456) +- Fix missing method for check_is_owned_by for windows (MODULES-1764) +- Fix sort by numeric + +##2014-10-28 - Supported Release 1.1.2 +###Summary + +This release includes bugfixes and test improvements. The module was tested against SLES10 and SLES12 and found to work against those platforms with no module improvements. Metadata was updated to include those as supported platforms. + +####Bugfixes +- newline didn't work for Windows and Solaris. This has been fixed. +- Install certs on Windows for acceptance tests +- Update tests to work with strict variables (no module updates were required) +- Update tests to work on Windows +- Fix typo in CHANGELOG.md + +##2014-09-10 - Supported Release 1.1.1 +###Summary + +This is a bugfix release, and the first supported release of the 1.1.x series. + +####Bugfixes +- Make the `$order` parameter default to a string and be validated as an integer + or a string +- Use the ruby script on Solaris to not break Sol10 support +- Add quotes to the ruby script location for Windows +- Fix typos in README.md +- Make regex in concat::setup case-insensitive to make it work on Windows +- Make sure concat fragments are always replaced +- Fix validation to allow `$backup` to be a boolean +- Remove dependency on stdlib 4.x +- Fix for lack of idempotency with `ensure => 'absent'` +- Fix tests and spec_helper +- Synchronized files for more consistency across modules via modulesync + +##2014-05-14 - Release 1.1.0 +###Summary + +This release is primarily a bugfix release since 1.1.0-rc1. + +####Features +- Improved testing, with tests moved to beaker + +####Bugfixes +- No longer attempts to set fragment owner and mode on Windows +- Fix numeric sorting +- Fix incorrect quoting +- Fix newlines + +##2014-01-03 - Release 1.1.0-rc1 +###Summary + +This release of concat was 90% written by Joshua Hoblitt, and the module team +would like to thank him for the huge amount of work he put into this release. + +This module deprecates a bunch of old parameters and usage patterns, modernizes +much of the manifest code, simplifies a whole bunch of logic and makes +improvements to almost all parts of the module. + +The other major feature is windows support, courtesy of luisfdez, with an +alternative version of the concat bash script in ruby. We've attempted to +ensure that there are no backwards incompatible changes, all users of 1.0.0 +should be able to use 1.1.0 without any failures, but you may find deprecation +warnings and we'll be aggressively moving for a 2.0 to remove those too. + +For further information on deprecations, please read: +https://github.com/puppetlabs/puppetlabs-concat/blob/master/README.md#api-deprecations + +####Removed +- Puppet 0.24 support. +- Filebucket backup of all file resources except the target concatenated file. +- Default owner/user/group values. +- Purging of long unused /usr/local/bin/concatfragments.sh + +###Features +- Windows support via a ruby version of the concat bash script. +- Huge amount of acceptance testing work added. +- Documentation (README) completely rewritten. +- New parameters in concat: + - `ensure`: Controls if the file should be present/absent at all. + - Remove requirement to include concat::setup in manifests. + - Made `gnu` parameter deprecated. + - Added parameter validation. + +###Bugfixes + - Ensure concat::setup runs before concat::fragment in all cases. + - Pluginsync references updated for modern Puppet. + - Fix incorrect group parameter. + - Use $owner instead of $id to avoid confusion with $::id + - Compatibility fixes for Puppet 2.7/ruby 1.8.7 + - Use LC_ALL=C instead of LANG=C + - Always exec the concatfragments script as root when running as root. + - Syntax and other cleanup changes. + +##2014-06-25 - Supported Release 1.0.4 +###Summary + +This release has test fixes. + +####Features +- Added test support for OSX. + +####Bugfixes + +####Known bugs + +* Not supported on Windows. + +##2014-06-04 - Release 1.0.3 +###Summary + +This release adds compatibility for PE3.3 and fixes tests. + +####Features +- Added test support for Ubuntu Trusty. + +####Bugfixes + +####Known bugs + +*Not supported on Windows. + +##2014-03-04 - Supported Release 1.0.2 +###Summary + +This is a supported release. No functional changes were made from 1.0.1. + +####Features +- Huge amount of tests backported from 1.1. +- Documentation rewrite. + +####Bugfixes + +####Known Bugs + +* Not supported on Windows. + + +##2014-02-12 - 1.0.1 +###Summary + +Minor bugfixes for sorting of fragments and ordering of resources. + +####Bugfixes +- LANG => C replaced with LC_ALL => C to reduce spurious recreation of +fragments. +- Corrected pluginsync documentation. +- Ensure concat::setup always runs before fragments. + + +##2013-08-09 - 1.0.0 +###Summary + +Many new features and bugfixes in this release, and if you're a heavy concat +user you should test carefully before upgrading. The features should all be +backwards compatible but only light testing has been done from our side before +this release. + +####Features +- New parameters in concat: + - `replace`: specify if concat should replace existing files. + - `ensure_newline`: controls if fragments should contain a newline at the end. +- Improved README documentation. +- Add rspec:system tests (rake spec:system to test concat) + +####Bugfixes +- Gracefully handle \n in a fragment resource name. +- Adding more helpful message for 'pluginsync = true' +- Allow passing `source` and `content` directly to file resource, rather than +defining resource defaults. +- Added -r flag to read so that filenames with \ will be read correctly. +- sort always uses LANG=C. +- Allow WARNMSG to contain/start with '#'. +- Replace while-read pattern with for-do in order to support Solaris. + +####CHANGELOG: +- 2010/02/19 - initial release +- 2010/03/12 - add support for 0.24.8 and newer + - make the location of sort configurable + - add the ability to add shell comment based warnings to + top of files + - add the ablity to create empty files +- 2010/04/05 - fix parsing of WARN and change code style to match rest + of the code + - Better and safer boolean handling for warn and force + - Don't use hard coded paths in the shell script, set PATH + top of the script + - Use file{} to copy the result and make all fragments owned + by root. This means we can chnage the ownership/group of the + resulting file at any time. + - You can specify ensure => "/some/other/file" in concat::fragment + to include the contents of a symlink into the final file. +- 2010/04/16 - Add more cleaning of the fragment name - removing / from the $name +- 2010/05/22 - Improve documentation and show the use of ensure => +- 2010/07/14 - Add support for setting the filebucket behavior of files +- 2010/10/04 - Make the warning message configurable +- 2010/12/03 - Add flags to make concat work better on Solaris - thanks Jonathan Boyett +- 2011/02/03 - Make the shell script more portable and add a config option for root group +- 2011/06/21 - Make base dir root readable only for security +- 2011/06/23 - Set base directory using a fact instead of hardcoding it +- 2011/06/23 - Support operating as non privileged user +- 2011/06/23 - Support dash instead of bash or sh +- 2011/07/11 - Better solaris support +- 2011/12/05 - Use fully qualified variables +- 2011/12/13 - Improve Nexenta support +- 2012/04/11 - Do not use any GNU specific extensions in the shell script +- 2012/03/24 - Comply to community style guides +- 2012/05/23 - Better errors when basedir isnt set +- 2012/05/31 - Add spec tests +- 2012/07/11 - Include concat::setup in concat improving UX +- 2012/08/14 - Puppet Lint improvements +- 2012/08/30 - The target path can be different from the $name +- 2012/08/30 - More Puppet Lint cleanup +- 2012/09/04 - RELEASE 0.2.0 +- 2012/12/12 - Added (file) $replace parameter to concat
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/concat/CONTRIBUTING.md Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,220 @@ +Checklist (and a short version for the impatient) +================================================= + + * Commits: + + - Make commits of logical units. + + - Check for unnecessary whitespace with "git diff --check" before + committing. + + - Commit using Unix line endings (check the settings around "crlf" in + git-config(1)). + + - Do not check in commented out code or unneeded files. + + - The first line of the commit message should be a short + description (50 characters is the soft limit, excluding ticket + number(s)), and should skip the full stop. + + - Associate the issue in the message. The first line should include + the issue number in the form "(#XXXX) Rest of message". + + - The body should provide a meaningful commit message, which: + + - uses the imperative, present tense: "change", not "changed" or + "changes". + + - includes motivation for the change, and contrasts its + implementation with the previous behavior. + + - Make sure that you have tests for the bug you are fixing, or + feature you are adding. + + - Make sure the test suites passes after your commit: + `bundle exec rspec spec/acceptance` More information on [testing](#Testing) below + + - When introducing a new feature, make sure it is properly + documented in the README.md + + * Submission: + + * Pre-requisites: + + - Make sure you have a [GitHub account](https://github.com/join) + + - [Create a ticket](https://tickets.puppetlabs.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppetlabs.com/browse/) you are patching for. + + * Preferred method: + + - Fork the repository on GitHub. + + - Push your changes to a topic branch in your fork of the + repository. (the format ticket/1234-short_description_of_change is + usually preferred for this project). + + - Submit a pull request to the repository in the puppetlabs + organization. + +The long version +================ + + 1. Make separate commits for logically separate changes. + + Please break your commits down into logically consistent units + which include new or changed tests relevant to the rest of the + change. The goal of doing this is to make the diff easier to + read for whoever is reviewing your code. In general, the easier + your diff is to read, the more likely someone will be happy to + review it and get it into the code base. + + If you are going to refactor a piece of code, please do so as a + separate commit from your feature or bug fix changes. + + We also really appreciate changes that include tests to make + sure the bug is not re-introduced, and that the feature is not + accidentally broken. + + Describe the technical detail of the change(s). If your + description starts to get too long, that is a good sign that you + probably need to split up your commit into more finely grained + pieces. + + Commits which plainly describe the things which help + reviewers check the patch and future developers understand the + code are much more likely to be merged in with a minimum of + bike-shedding or requested changes. Ideally, the commit message + would include information, and be in a form suitable for + inclusion in the release notes for the version of Puppet that + includes them. + + Please also check that you are not introducing any trailing + whitespace or other "whitespace errors". You can do this by + running "git diff --check" on your changes before you commit. + + 2. Sending your patches + + To submit your changes via a GitHub pull request, we _highly_ + recommend that you have them on a topic branch, instead of + directly on "master". + It makes things much easier to keep track of, especially if + you decide to work on another thing before your first change + is merged in. + + GitHub has some pretty good + [general documentation](http://help.github.com/) on using + their site. They also have documentation on + [creating pull requests](http://help.github.com/send-pull-requests/). + + In general, after pushing your topic branch up to your + repository on GitHub, you can switch to the branch in the + GitHub UI and click "Pull Request" towards the top of the page + in order to open a pull request. + + + 3. Update the related GitHub issue. + + If there is a GitHub issue associated with the change you + submitted, then you should update the ticket to include the + location of your branch, along with any other commentary you + may wish to make. + +Testing +======= + +Getting Started +--------------- + +Our puppet modules provide [`Gemfile`](./Gemfile)s which can tell a ruby +package manager such as [bundler](http://bundler.io/) what Ruby packages, +or Gems, are required to build, develop, and test this software. + +Please make sure you have [bundler installed](http://bundler.io/#getting-started) +on your system, then use it to install all dependencies needed for this project, +by running + +```shell +% bundle install +Fetching gem metadata from https://rubygems.org/........ +Fetching gem metadata from https://rubygems.org/.. +Using rake (10.1.0) +Using builder (3.2.2) +-- 8><-- many more --><8 -- +Using rspec-system-puppet (2.2.0) +Using serverspec (0.6.3) +Using rspec-system-serverspec (1.0.0) +Using bundler (1.3.5) +Your bundle is complete! +Use `bundle show [gemname]` to see where a bundled gem is installed. +``` + +NOTE some systems may require you to run this command with sudo. + +If you already have those gems installed, make sure they are up-to-date: + +```shell +% bundle update +``` + +With all dependencies in place and up-to-date we can now run the tests: + +```shell +% rake spec +``` + +This will execute all the [rspec tests](http://rspec-puppet.com/) tests +under [spec/defines](./spec/defines), [spec/classes](./spec/classes), +and so on. rspec tests may have the same kind of dependencies as the +module they are testing. While the module defines in its [Modulefile](./Modulefile), +rspec tests define them in [.fixtures.yml](./fixtures.yml). + +Some puppet modules also come with [beaker](https://github.com/puppetlabs/beaker) +tests. These tests spin up a virtual machine under +[VirtualBox](https://www.virtualbox.org/)) with, controlling it with +[Vagrant](http://www.vagrantup.com/) to actually simulate scripted test +scenarios. In order to run these, you will need both of those tools +installed on your system. + +You can run them by issuing the following command + +```shell +% rake spec_clean +% rspec spec/acceptance +``` + +This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml), +install puppet, copy this module and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb) +and then run all the tests under [spec/acceptance](./spec/acceptance). + +Writing Tests +------------- + +XXX getting started writing tests. + +If you have commit access to the repository +=========================================== + +Even if you have commit access to the repository, you will still need to +go through the process above, and have someone else review and merge +in your changes. The rule is that all changes must be reviewed by a +developer on the project (that did not write the code) to ensure that +all changes go through a code review process. + +Having someone other than the author of the topic branch recorded as +performing the merge is the record that they performed the code +review. + + +Additional Resources +==================== + +* [Getting additional help](http://puppetlabs.com/community/get-help) + +* [Writing tests](http://projects.puppetlabs.com/projects/puppet/wiki/Development_Writing_Tests) + +* [Patchwork](https://patchwork.puppetlabs.com) + +* [General GitHub documentation](http://help.github.com/) + +* [GitHub pull request documentation](http://help.github.com/send-pull-requests/) +
--- a/modules/concat/Gemfile Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/Gemfile Sat Mar 14 20:07:04 2015 +0000 @@ -1,18 +1,44 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" -group :development, :test do +def location_for(place, fake_version = nil) + if place =~ /^(git:[^#]*)#(.*)/ + [fake_version, { :git => $1, :branch => $2, :require => false }].compact + elsif place =~ /^file:\/\/(.*)/ + ['>= 0', { :path => File.expand_path($1), :require => false }] + else + [place, { :require => false }] + end +end + +group :development, :unit_tests do gem 'rake', :require => false - gem 'rspec-puppet', :require => false + gem 'rspec-core', '3.1.7', :require => false + gem 'rspec-puppet', '~> 1.0', :require => false gem 'puppetlabs_spec_helper', :require => false - gem 'beaker', :require => false - gem 'beaker-rspec', :require => false gem 'puppet-lint', :require => false - gem 'serverspec', :require => false - gem 'pry', :require => false + gem 'simplecov', :require => false + gem 'puppet_facts', :require => false + gem 'json', :require => false +end + +beaker_rspec_version = ENV['BEAKER_RSPEC_VERSION'] +group :system_tests do + if beaker_rspec_version + gem 'beaker-rspec', *location_for(beaker_rspec_version) + else + gem 'beaker-rspec', :require => false + end + gem 'serverspec', :require => false +end + +if facterversion = ENV['FACTER_GEM_VERSION'] + gem 'facter', *location_for(facterversion) +else + gem 'facter', :require => false end if puppetversion = ENV['PUPPET_GEM_VERSION'] - gem 'puppet', puppetversion, :require => false + gem 'puppet', *location_for(puppetversion) else gem 'puppet', :require => false end
--- a/modules/concat/Modulefile Sat Mar 14 20:01:17 2015 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,9 +0,0 @@ -name 'puppetlabs-concat' -version '1.1.0' -source 'git://github.com/puppetlabs/puppetlabs-concat.git' -author 'Puppetlabs' -license 'Apache 2.0' -summary 'Concat module' -description 'Concat module' -project_page 'http://github.com/puppetlabs/puppetlabs-concat' -dependency 'puppetlabs/stdlib', '>= 4.0.0'
--- a/modules/concat/README.md Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/README.md Sat Mar 14 20:07:04 2015 +0000 @@ -48,7 +48,7 @@ } concat::fragment { 'tmpfile': - target => '/tmp/file' + target => '/tmp/file', content => 'test contents', order => '01' } @@ -100,7 +100,7 @@ } # used by other modules to register themselves in the motd -define motd::register($content="", $order=10) { +define motd::register($content="", $order='10') { if $content == "" { $body = $name } else { @@ -173,17 +173,13 @@ #####`warn` Determine if a warning message should be added at the top of the file to let -users know it was autogenerated by Puppet. +users know it was autogenerated by Puppet. It should be a boolean or a string +containing the contents of the warning message. ######Example - warn => true - warn => false - -#####`warn_message` -Set the contents of the warning message. - -######Example -- warn_message => 'This file is autogenerated!' +- warn => '# This file is autogenerated!' #####`force` Determine if empty files are allowed when no fragments were added. @@ -220,6 +216,14 @@ - ensure_newline => true - ensure_newline => false +#####`validate_cmd` +Ensure the destination file passes the following validation command. +Only supported on Puppet >= 3.5.0. + +######Example +- validate_cmd => '/usr/sbin/apache2 -t -f %' +- validate_cmd => '/usr/sbin/visudo -c -f %' + ####concat::fragment #####`target` @@ -247,14 +251,14 @@ ######Example - order => '01' +Best practice is to pass a string to this parameter but integer values are accepted. + #####`ensure` Control the file of fragment created. ######Example - ensure => 'present' - ensure => 'absent' -- ensure => 'file' -- ensure => 'directory' #####`mode` Set the mode of the fragment. @@ -398,7 +402,7 @@ ```puppet include concat::setup # generates deprecation warning -class { 'concat::setup: } # generates deprecation warning +class { 'concat::setup': } # generates deprecation warning ``` The `concat::setup` class is deprecated as a public API of this module and
--- a/modules/concat/Rakefile Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/Rakefile Sat Mar 14 20:07:04 2015 +0000 @@ -1,5 +1,10 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-lint/tasks/puppet-lint' +PuppetLint.configuration.fail_on_warnings +PuppetLint.configuration.send('relative') PuppetLint.configuration.send('disable_80chars') -PuppetLint.configuration.send('disable_quoted_booleans') +PuppetLint.configuration.send('disable_class_inherits_from_params_class') +PuppetLint.configuration.send('disable_documentation') +PuppetLint.configuration.send('disable_single_quote_string_with_variables') +PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/concat/checksums.json Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,55 @@ +{ + "CHANGELOG.md": "c39450c2a3ece201518069ca730de5f2", + "CONTRIBUTING.md": "e2b8e8e433fc76b3798b7fe435f49375", + "Gemfile": "8dc6d19e25876f331840cd73e847c0a8", + "LICENSE": "f5a76685d453424cd63dde1535811cf0", + "README.md": "2b4ea2e717e7e1834df02a67cc82e185", + "Rakefile": "9ae42c3a3ad6949efb2df1cd12ced1b6", + "files/concatfragments.rb": "b684db0eac243553a6a79365119a363d", + "files/concatfragments.sh": "7bbe7c5fce25a5ddd20415d909ba44fc", + "lib/facter/concat_basedir.rb": "ff080677e7f192b9b96911698b0b9b3d", + "lib/puppet/parser/functions/concat_getparam.rb": "7654b44a87a05b2f2e9de2eaadf1ff8f", + "lib/puppet/parser/functions/concat_is_bool.rb": "a5dc6980d7f27d1b858e791964682756", + "manifests/fragment.pp": "85921c0e68ba60fc2e711c9324f03ff6", + "manifests/init.pp": "29dd84625571723bba5582fa8ecc83dc", + "manifests/setup.pp": "fae5d399610951c3c7a53a70f9c04ad7", + "metadata.json": "080e755dc2dab128e2cc87f76e10d8dd", + "spec/acceptance/backup_spec.rb": "1d60ad406485b47b42547f24a0b68dce", + "spec/acceptance/concat_spec.rb": "9faa3b9d57017adc24de2cd2c16960c3", + "spec/acceptance/deprecation_warnings_spec.rb": "c52721536ea53cd3e2a0aff897951e72", + "spec/acceptance/empty_spec.rb": "c787d7f36b3ba142f2592db3d1b59439", + "spec/acceptance/fragment_source_spec.rb": "594cef5172b52aa65dc16ebd34fad9c6", + "spec/acceptance/fragments_are_always_replaced_spec.rb": "be39ed9ed30e7bb48aaccda2d7f730ac", + "spec/acceptance/newline_spec.rb": "5aaf65972c4f8ed4fd1592cd863583f5", + "spec/acceptance/nodesets/aix-71-vcloud.yml": "de6cc5bf18be2be8d50e62503652cb32", + "spec/acceptance/nodesets/centos-59-x64.yml": "57eb3e471b9042a8ea40978c467f8151", + "spec/acceptance/nodesets/centos-64-x64-pe.yml": "ec075d95760df3d4702abea1ce0a829b", + "spec/acceptance/nodesets/centos-64-x64.yml": "9cde7b5d2ab6a42366d2344c264d6bdc", + "spec/acceptance/nodesets/centos-65-x64.yml": "3e5c36e6aa5a690229e720f4048bb8af", + "spec/acceptance/nodesets/debian-607-x64.yml": "d566bf76f534e2af7c9a4605316d232c", + "spec/acceptance/nodesets/debian-70rc1-x64.yml": "31ccca73af7b74e1cc2fb0035c230b2c", + "spec/acceptance/nodesets/debian-73-x64.yml": "bd3ea8245ce691c2b234529d62d043eb", + "spec/acceptance/nodesets/default.yml": "9cde7b5d2ab6a42366d2344c264d6bdc", + "spec/acceptance/nodesets/fedora-18-x64.yml": "acc126fa764c39a3b1df36e9224a21d9", + "spec/acceptance/nodesets/sles-11-x64.yml": "44e4c6c15c018333bfa9840a5e702f66", + "spec/acceptance/nodesets/sles-11sp1-x64.yml": "fa0046bd89c1ab4ba9521ad79db234cd", + "spec/acceptance/nodesets/ubuntu-server-10044-x64.yml": "75e86400b7889888dc0781c0ae1a1297", + "spec/acceptance/nodesets/ubuntu-server-12042-x64.yml": "d30d73e34cd50b043c7d14e305955269", + "spec/acceptance/nodesets/ubuntu-server-1404-x64.yml": "5f0aed10098ac5b78e4217bb27c7aaf0", + "spec/acceptance/order_spec.rb": "76679ada1cd77b8b0663d0a65a4c7a25", + "spec/acceptance/quoted_paths_spec.rb": "a7810ac24a913bbc0d733f9b1d263748", + "spec/acceptance/replace_spec.rb": "48f4bb04e8f471cbaba0d9b53a8ab0f0", + "spec/acceptance/specinfra_stubs.rb": "27839261403d8bbccf506552f9d8ef38", + "spec/acceptance/symbolic_name_spec.rb": "b40452adbfebb0ea9d56547d9daee700", + "spec/acceptance/validation_spec.rb": "e54226b10f46cfa9e89e57398eddbbd2", + "spec/acceptance/warn_spec.rb": "cbf24bb8d9d5e9930e33632afb1d7647", + "spec/spec.opts": "a600ded995d948e393fbe2320ba8e51c", + "spec/spec_helper.rb": "0db89c9a486df193c0e40095422e19dc", + "spec/spec_helper_acceptance.rb": "41172ccedb75a916bd2f60658c42e1fb", + "spec/unit/classes/concat_setup_spec.rb": "fc1c95f8214e03b9de68b407a4e1fa1d", + "spec/unit/defines/concat_fragment_spec.rb": "6bcedce9f3388196f30ed3bee97b577b", + "spec/unit/defines/concat_spec.rb": "0a1965a07ba4373dd575e0141d8ed29c", + "spec/unit/facts/concat_basedir_spec.rb": "cf00f5a07948436fa0a84d00fc098539", + "tests/fragment.pp": "9adc3d9ba61676066072e1b949a37dbb", + "tests/init.pp": "bd3ce7d2ee146744b5dbbaae8a927043" +} \ No newline at end of file
--- a/modules/concat/files/concatfragments.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/files/concatfragments.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,3 +1,4 @@ +#!/usr/bin/env ruby # Script to concat files to a config file. # # Given a directory like this: @@ -39,12 +40,13 @@ require 'fileutils' settings = { - :outfile => "", - :workdir => "", - :test => false, - :force => false, - :warn => "", - :sortarg => "" + :outfile => "", + :workdir => "", + :test => false, + :force => false, + :warn => "", + :sortarg => "", + :newline => false } OptionParser.new do |opts| @@ -76,6 +78,10 @@ opts.on("-n", "--sort", "Sort the output numerically rather than the default alpha sort") do settings[:sortarg] = "-n" end + + opts.on("-l", "--line", "Append a newline") do + settings[:newline] = true + end end.parse! # do we have -o? @@ -110,16 +116,26 @@ Dir.chdir(settings[:workdir]) if settings[:warn].empty? - File.open("fragments.concat", 'w') {|f| f.write("") } + File.open("fragments.concat", 'w') { |f| f.write("") } else - File.open("fragments.concat", 'w') {|f| f.write("#{settings[:warn]}\n") } + File.open("fragments.concat", 'w') { |f| f.write("#{settings[:warn]}\n") } end # find all the files in the fragments directory, sort them numerically and concat to fragments.concat in the working dir open('fragments.concat', 'a') do |f| - Dir.entries("fragments").sort.each{ |entry| + fragments = Dir.entries("fragments").sort + if settings[:sortarg] == '-n' + fragments = fragments.sort_by { |v| v.split('_').map(&:to_i) } + end + fragments.each { |entry| if File.file?(File.join("fragments", entry)) - f << File.read(File.join("fragments", entry)) + f << File.read(File.join("fragments", entry)) + + # append a newline if we were asked to (invoked with -l) + if settings[:newline] + f << "\n" + end + end } end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/concat/lib/puppet/parser/functions/concat_getparam.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,35 @@ +# Test whether a given class or definition is defined +require 'puppet/parser/functions' + +Puppet::Parser::Functions.newfunction(:concat_getparam, + :type => :rvalue, + :doc => <<-'ENDOFDOC' +Takes a resource reference and name of the parameter and +returns value of resource's parameter. + +*Examples:* + + define example_resource($param) { + } + + example_resource { "example_resource_instance": + param => "param_value" + } + + concat_getparam(Example_resource["example_resource_instance"], "param") + +Would return: param_value +ENDOFDOC +) do |vals| + reference, param = vals + raise(ArgumentError, 'Must specify a reference') unless reference + raise(ArgumentError, 'Must specify name of a parameter') unless param and param.instance_of? String + + return '' if param.empty? + + if resource = findresource(reference.to_s) + return resource[param] if resource[param] + end + + return '' +end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/concat/lib/puppet/parser/functions/concat_is_bool.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,22 @@ +# +# concat_is_bool.rb +# + +module Puppet::Parser::Functions + newfunction(:concat_is_bool, :type => :rvalue, :doc => <<-EOS +Returns true if the variable passed to this function is a boolean. + EOS + ) do |arguments| + + raise(Puppet::ParseError, "concat_is_bool(): Wrong number of arguments " + + "given (#{arguments.size} for 1)") if arguments.size != 1 + + type = arguments[0] + + result = type.is_a?(TrueClass) || type.is_a?(FalseClass) + + return result + end +end + +# vim: set ts=2 sw=2 et :
--- a/modules/concat/manifests/fragment.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/manifests/fragment.pp Sat Mar 14 20:07:04 2015 +0000 @@ -28,7 +28,7 @@ $target, $content = undef, $source = undef, - $order = 10, + $order = '10', $ensure = undef, $mode = undef, $owner = undef, @@ -40,7 +40,9 @@ if !(is_string($source) or is_array($source)) { fail('$source is not a string or an Array.') } - validate_string($order) + if !(is_string($order) or is_integer($order)) { + fail('$order is not a string or integer.') + } if $mode { warning('The $mode parameter to concat::fragment is deprecated and has no effect') } @@ -54,12 +56,12 @@ warning('The $backup parameter to concat::fragment is deprecated and has no effect') } if $ensure == undef { - $_ensure = getparam(Concat[$target], 'ensure') + $my_ensure = concat_getparam(Concat[$target], 'ensure') } else { if ! ($ensure in [ 'present', 'absent' ]) { warning('Passing a value other than \'present\' or \'absent\' as the $ensure parameter to concat::fragment is deprecated. If you want to use the content of a file as a fragment please use the $source parameter.') } - $_ensure = $ensure + $my_ensure = $ensure } include concat::setup @@ -78,18 +80,18 @@ # be paranoid and only allow the fragment's file resource's ensure param to # be file, absent, or a file target - $safe_ensure = $_ensure ? { + $safe_ensure = $my_ensure ? { '' => 'file', undef => 'file', 'file' => 'file', 'present' => 'file', 'absent' => 'absent', - default => $_ensure, + default => $my_ensure, } # if it looks line ensure => /target syntax was used, fish that out - if ! ($_ensure in ['', 'present', 'absent', 'file' ]) { - $ensure_target = $_ensure + if ! ($my_ensure in ['', 'present', 'absent', 'file' ]) { + $ensure_target = $my_ensure } else { $ensure_target = undef } @@ -115,6 +117,7 @@ source => $source, content => $content, backup => false, + replace => true, alias => "concat_fragment_${name}", notify => Exec["concat_${target}"] }
--- a/modules/concat/manifests/init.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/manifests/init.pp Sat Mar 14 20:07:04 2015 +0000 @@ -64,6 +64,7 @@ $replace = true, $order = 'alpha', $ensure_newline = false, + $validate_cmd = undef, $gnu = undef ) { validate_re($ensure, '^present$|^absent$') @@ -75,10 +76,15 @@ fail('$warn is not a string or boolean') } validate_bool($force) - validate_string($backup) + if ! concat_is_bool($backup) and ! is_string($backup) { + fail('$backup must be string or bool!') + } validate_bool($replace) validate_re($order, '^alpha$|^numeric$') validate_bool($ensure_newline) + if $validate_cmd and ! is_string($validate_cmd) { + fail('$validate_cmd must be a string') + } if $gnu { warning('The $gnu parameter to concat is deprecated and has no effect') } @@ -138,6 +144,12 @@ backup => false, } + # reset poisoned Exec defaults + Exec { + user => undef, + group => undef, + } + if $ensure == 'present' { file { $fragdir: ensure => directory, @@ -165,20 +177,38 @@ } file { $name: - ensure => present, - owner => $owner, - group => $group, - mode => $mode, - replace => $replace, - path => $path, - alias => "concat_${name}", - source => "${fragdir}/${concat_name}", - backup => $backup, + ensure => present, + owner => $owner, + group => $group, + mode => $mode, + replace => $replace, + path => $path, + alias => "concat_${name}", + source => "${fragdir}/${concat_name}", + backup => $backup, + } + + # Only newer versions of puppet 3.x support the validate_cmd parameter + if $validate_cmd { + File[$name] { + validate_cmd => $validate_cmd, + } } # remove extra whitespace from string interpolation to make testing easier $command = strip(regsubst("${script_command} -o \"${fragdir}/${concat_name}\" -d \"${fragdir}\" ${warnflag} ${forceflag} ${orderflag} ${newlineflag}", '\s+', ' ', 'G')) + # make sure ruby is in the path for PE + if $::is_pe { + if $::kernel == 'windows' { + $command_path = "${::env_windows_installdir}/bin:${::path}" + } else { + $command_path = "/opt/puppet/bin:${::path}" + } + } else { + $command_path = $::path + } + # if puppet is running as root, this exec should also run as root to allow # the concatfragments.sh script to potentially be installed in path that # may not be accessible by a target non-root owner. @@ -188,7 +218,7 @@ notify => File[$name], subscribe => File[$fragdir], unless => "${command} -t", - path => $::path, + path => $command_path, require => [ File[$fragdir], File["${fragdir}/fragments"], @@ -221,10 +251,12 @@ default => '/bin:/usr/bin', } + # Need to have an unless here for idempotency. exec { "concat_${name}": alias => "concat_${fragdir}", command => $absent_exec_command, - path => $absent_exec_path + unless => $absent_exec_command, + path => $absent_exec_path, } } }
--- a/modules/concat/manifests/setup.pp Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/manifests/setup.pp Sat Mar 14 20:07:04 2015 +0000 @@ -7,7 +7,7 @@ # Since puppet should always manage files in $concatdir and they should # not be deleted ever, /tmp is not an option. # -# It also copies out the concatfragments.sh file to ${concatdir}/bin +# It also copies out the concatfragments.{sh,rb} file to ${concatdir}/bin # class concat::setup { if $caller_module_name != $module_name { @@ -19,24 +19,30 @@ } else { fail ('$concat_basedir not defined. Try running again with pluginsync=true on the [master] and/or [main] section of your node\'s \'/etc/puppet/puppet.conf\'.') } - - # owner and mode of fragment files (on windows owner and access rights should be inherited from concatdir and not explicitly set to avoid problems) - $fragment_owner = $osfamily ? { 'windows' => undef, default => $::id } - $fragment_mode = $osfamily ? { 'windows' => undef, default => '0640' } + + # owner and mode of fragment files (on windows owner and access rights should + # be inherited from concatdir and not explicitly set to avoid problems) + $fragment_owner = $::osfamily ? { 'windows' => undef, default => $::id } + $fragment_mode = $::osfamily ? { 'windows' => undef, default => '0640' } - $script_name = $::kernel ? { - 'windows' => 'concatfragments.rb', - default => 'concatfragments.sh' + # PR #174 introduced changes to the concatfragments.sh script that are + # incompatible with Solaris 10 but reportedly OK on Solaris 11. As a work + # around we are enable the .rb concat script on all Solaris versions. If + # this goes smoothly, we should move towards completely eliminating the .sh + # version. + $script_name = $::osfamily? { + /(?i:(Windows|Solaris|AIX))/ => 'concatfragments.rb', + default => 'concatfragments.sh' } $script_path = "${concatdir}/bin/${script_name}" - $script_owner = $osfamily ? { 'windows' => undef, default => $::id } + $script_owner = $::osfamily ? { 'windows' => undef, default => $::id } - $script_mode = $osfamily ? { 'windows' => undef, default => '0755' } + $script_mode = $::osfamily ? { 'windows' => undef, default => '0755' } - $script_command = $::kernel ? { - 'windows' => "ruby.exe ${script_path}", + $script_command = $::osfamily? { + 'windows' => "ruby.exe '${script_path}'", default => $script_path }
--- a/modules/concat/metadata.json Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/metadata.json Sat Mar 14 20:07:04 2015 +0000 @@ -1,67 +1,110 @@ { "name": "puppetlabs-concat", - "version": "1.1.0", - "source": "git://github.com/puppetlabs/puppetlabs-concat.git", - "author": "Puppetlabs", - "license": "Apache 2.0", - "summary": "Concat module", - "description": "Concat module", - "project_page": "http://github.com/puppetlabs/puppetlabs-concat", - "dependencies": [ + "version": "1.2.0", + "author": "Puppet Labs", + "summary": "Construct files from multiple fragments.", + "license": "Apache-2.0", + "source": "https://github.com/puppetlabs/puppetlabs-concat", + "project_page": "https://github.com/puppetlabs/puppetlabs-concat", + "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", + "operatingsystem_support": [ + { + "operatingsystem": "RedHat", + "operatingsystemrelease": [ + "5", + "6", + "7" + ] + }, + { + "operatingsystem": "CentOS", + "operatingsystemrelease": [ + "5", + "6", + "7" + ] + }, + { + "operatingsystem": "OracleLinux", + "operatingsystemrelease": [ + "5", + "6", + "7" + ] + }, + { + "operatingsystem": "Scientific", + "operatingsystemrelease": [ + "5", + "6", + "7" + ] + }, { - "name": "puppetlabs/stdlib", - "version_requirement": ">= 4.0.0" + "operatingsystem": "SLES", + "operatingsystemrelease": [ + "10 SP4", + "11 SP1", + "12" + ] + }, + { + "operatingsystem": "Debian", + "operatingsystemrelease": [ + "6", + "7" + ] + }, + { + "operatingsystem": "Ubuntu", + "operatingsystemrelease": [ + "10.04", + "12.04", + "14.04" + ] + }, + { + "operatingsystem": "Solaris", + "operatingsystemrelease": [ + "10", + "11" + ] + }, + { + "operatingsystem": "Windows", + "operatingsystemrelease": [ + "Server 2003 R2", + "Server 2008 R2", + "Server 2012", + "Server 2012 R2" + ] + }, + { + "operatingsystem": "AIX", + "operatingsystemrelease": [ + "5.3", + "6.1", + "7.1" + ] + }, + { + "operatingsystem": "OSX", + "operatingsystemrelease": [ + "10.9" + ] } ], - "types": [ - + "requirements": [ + { + "name": "pe", + "version_requirement": "3.x" + }, + { + "name": "puppet", + "version_requirement": "3.x" + } ], - "checksums": { - "CHANGELOG": "fca146b0dcd7cc60a9082b8e301a2e18", - "Gemfile": "3cadf91e1baf9c8b7d2b1c3036676ba9", - "LICENSE": "f5a76685d453424cd63dde1535811cf0", - "Modulefile": "f8abb1236ed5211c4a3aa732431c2e19", - "README.md": "adecb8db1313997083179540b20ede86", - "Rakefile": "e415d40cd8db238f02bf4575d5e1e693", - "files/concatfragments.rb": "6784c28044a4204efb75fe4eb759816a", - "files/concatfragments.sh": "7bbe7c5fce25a5ddd20415d909ba44fc", - "lib/facter/concat_basedir.rb": "ff080677e7f192b9b96911698b0b9b3d", - "manifests/fragment.pp": "8bfd199e757f6a57f6174b558f87d2ce", - "manifests/init.pp": "79c6dc5bf0b2b0da3ce84cc2f0ae5f02", - "manifests/setup.pp": "0ff9f4d9b4c01360606ae29d8df31ff0", - "spec/acceptance/backup_spec.rb": "d4ffdf3d4f5a1b7c0aa64dd118375124", - "spec/acceptance/concat_spec.rb": "600243521241dac0b238ad01b10c7132", - "spec/acceptance/deprecation_warnings_spec.rb": "40286704d0f544437293ed8a1cc66fe9", - "spec/acceptance/empty_spec.rb": "c2edc5cef72870b0894e1b2184207325", - "spec/acceptance/fragment_source_spec.rb": "c5cda233f208b71d7d5cc89dfa4be81d", - "spec/acceptance/newline_spec.rb": "55b9f470bdff4c0245da6895c9b6e64d", - "spec/acceptance/nodesets/aix-71-vcloud.yml": "de6cc5bf18be2be8d50e62503652cb32", - "spec/acceptance/nodesets/centos-59-x64.yml": "57eb3e471b9042a8ea40978c467f8151", - "spec/acceptance/nodesets/centos-64-x64-pe.yml": "ec075d95760df3d4702abea1ce0a829b", - "spec/acceptance/nodesets/centos-64-x64.yml": "092dd2c588a9f87fa1fb12997c0723ef", - "spec/acceptance/nodesets/debian-607-x64.yml": "d566bf76f534e2af7c9a4605316d232c", - "spec/acceptance/nodesets/debian-70rc1-x64.yml": "31ccca73af7b74e1cc2fb0035c230b2c", - "spec/acceptance/nodesets/debian-73-x64.yml": "bd3ea8245ce691c2b234529d62d043eb", - "spec/acceptance/nodesets/default.yml": "3d68f9581097bb3a807ba1931c961959", - "spec/acceptance/nodesets/fedora-18-x64.yml": "80e41b1ee16ea489f53164bfdae58855", - "spec/acceptance/nodesets/rhel-7-x64.yml": "91b55d29f059e23383c7bc352b5d671d", - "spec/acceptance/nodesets/sles-11-x64.yml": "44e4c6c15c018333bfa9840a5e702f66", - "spec/acceptance/nodesets/sles-11sp1-x64.yml": "fa0046bd89c1ab4ba9521ad79db234cd", - "spec/acceptance/nodesets/ubuntu-server-10044-x64.yml": "75e86400b7889888dc0781c0ae1a1297", - "spec/acceptance/nodesets/ubuntu-server-12042-x64.yml": "d30d73e34cd50b043c7d14e305955269", - "spec/acceptance/nodesets/ubuntu-server-1404-x64.yml": "5f0aed10098ac5b78e4217bb27c7aaf0", - "spec/acceptance/order_spec.rb": "0de9b4993a3e3f6f36c52bb18f48280c", - "spec/acceptance/quoted_paths_spec.rb": "953a5a665bd4bb468e70856260c47c6e", - "spec/acceptance/replace_spec.rb": "7072d819d5997ad227fc17f4b813fe4f", - "spec/acceptance/symbolic_name_spec.rb": "10e856a87253cf8bbef95f8f9635b63e", - "spec/acceptance/warn_spec.rb": "ec03f0fa8086fc4be03da1c5aff25097", - "spec/spec_helper.rb": "0db89c9a486df193c0e40095422e19dc", - "spec/spec_helper_acceptance.rb": "5be78c42f01346abf097bbcab34ff424", - "spec/unit/classes/concat_setup_spec.rb": "6d3729833715d65f3c50c2153caed6bc", - "spec/unit/defines/concat_fragment_spec.rb": "ced7c3b1b6d7f2e65c6dc066aa8c0527", - "spec/unit/defines/concat_spec.rb": "d8da592546c9811bf40e111bf52755dc", - "spec/unit/facts/concat_basedir_spec.rb": "cf00f5a07948436fa0a84d00fc098539", - "tests/fragment.pp": "9adc3d9ba61676066072e1b949a37dbb", - "tests/init.pp": "bd3ce7d2ee146744b5dbbaae8a927043" - } -} \ No newline at end of file + "dependencies": [ + {"name":"puppetlabs/stdlib","version_requirement":">= 3.2.0 < 5.0.0"} + ] +}
--- a/modules/concat/spec/acceptance/backup_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/spec/acceptance/backup_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,50 +1,60 @@ require 'spec_helper_acceptance' describe 'concat backup parameter' do + basedir = default.tmpdir('concat') context '=> puppet' do - before :all do - shell('rm -rf /tmp/concat') - shell('mkdir -p /tmp/concat') - shell("/bin/echo 'old contents' > /tmp/concat/file") + before(:all) do + pp = <<-EOS + file { '#{basedir}': + ensure => directory, + } + file { '#{basedir}/file': + content => "old contents\n", + } + EOS + apply_manifest(pp) end - pp = <<-EOS - concat { '/tmp/concat/file': + concat { '#{basedir}/file': backup => 'puppet', } concat::fragment { 'new file': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => 'new contents', } EOS it 'applies the manifest twice with "Filebucketed" stdout and no stderr' do apply_manifest(pp, :catch_failures => true) do |r| - expect(r.stderr).to eq("") - expect(r.stdout).to match(/Filebucketed \/tmp\/concat\/file to puppet with sum 0140c31db86293a1a1e080ce9b91305f/) # sum is for file contents of 'old contents' + expect(r.stdout).to match(/Filebucketed #{basedir}\/file to puppet with sum 0140c31db86293a1a1e080ce9b91305f/) # sum is for file contents of 'old contents' end - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should contain 'new contents' } + its(:content) { should match /new contents/ } end end context '=> .backup' do - before :all do - shell('rm -rf /tmp/concat') - shell('mkdir -p /tmp/concat') - shell("/bin/echo 'old contents' > /tmp/concat/file") + before(:all) do + pp = <<-EOS + file { '#{basedir}': + ensure => directory, + } + file { '#{basedir}/file': + content => "old contents\n", + } + EOS + apply_manifest(pp) end - pp = <<-EOS - concat { '/tmp/concat/file': + concat { '#{basedir}/file': backup => '.backup', } concat::fragment { 'new file': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => 'new contents', } EOS @@ -52,50 +62,54 @@ # XXX Puppet doesn't mention anything about filebucketing with a given # extension like .backup it 'applies the manifest twice no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should contain 'new contents' } + its(:content) { should match /new contents/ } end - describe file('/tmp/concat/file.backup') do + describe file("#{basedir}/file.backup") do it { should be_file } - it { should contain 'old contents' } + its(:content) { should match /old contents/ } end end # XXX The backup parameter uses validate_string() and thus can't be the # boolean false value, but the string 'false' has the same effect in Puppet 3 context "=> 'false'" do - before :all do - shell('rm -rf /tmp/concat') - shell('mkdir -p /tmp/concat') - shell("/bin/echo 'old contents' > /tmp/concat/file") + before(:all) do + pp = <<-EOS + file { '#{basedir}': + ensure => directory, + } + file { '#{basedir}/file': + content => "old contents\n", + } + EOS + apply_manifest(pp) end - pp = <<-EOS - concat { '/tmp/concat/file': + concat { '#{basedir}/file': backup => '.backup', } concat::fragment { 'new file': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => 'new contents', } EOS it 'applies the manifest twice with no "Filebucketed" stdout and no stderr' do apply_manifest(pp, :catch_failures => true) do |r| - expect(r.stderr).to eq("") expect(r.stdout).to_not match(/Filebucketed/) end - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should contain 'new contents' } + its(:content) { should match /new contents/ } end end end
--- a/modules/concat/spec/acceptance/concat_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/spec/acceptance/concat_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,73 +1,119 @@ require 'spec_helper_acceptance' +case fact('osfamily') + when 'AIX' + username = 'root' + groupname = 'system' + scriptname = 'concatfragments.sh' + vardir = default['puppetvardir'] + when 'Darwin' + username = 'root' + groupname = 'wheel' + scriptname = 'concatfragments.sh' + vardir = default['puppetvardir'] + when 'windows' + username = 'Administrator' + groupname = 'Administrators' + scriptname = 'concatfragments.rb' + result = on default, "echo #{default['puppetvardir']}" + vardir = result.raw_output.chomp + when 'Solaris' + username = 'root' + groupname = 'root' + scriptname = 'concatfragments.rb' + vardir = default['puppetvardir'] + else + username = 'root' + groupname = 'root' + scriptname = 'concatfragments.sh' + vardir = default['puppetvardir'] +end + describe 'basic concat test' do + basedir = default.tmpdir('concat') + safe_basedir = basedir.gsub(/[\/:]/, '_') shared_examples 'successfully_applied' do |pp| it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file("#{default['puppetvardir']}/concat") do + describe file("#{vardir}/concat") do it { should be_directory } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - it { should be_mode 755 } + it { should be_owned_by username } + it("should be mode", :unless => (fact('osfamily') == 'AIX' or fact('osfamily') == 'windows')) { + should be_mode 755 + } end - describe file("#{default['puppetvardir']}/concat/bin") do + describe file("#{vardir}/concat/bin") do it { should be_directory } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - it { should be_mode 755 } + it { should be_owned_by username } + it("should be mode", :unless => (fact('osfamily') == 'AIX' or fact('osfamily') == 'windows')) { + should be_mode 755 + } end - describe file("#{default['puppetvardir']}/concat/bin/concatfragments.sh") do + describe file("#{vardir}/concat/bin/#{scriptname}") do it { should be_file } - it { should be_owned_by 'root' } - #it { should be_grouped_into 'root' } - it { should be_mode 755 } + it { should be_owned_by username } + it("should be mode", :unless => (fact('osfamily') == 'AIX' or fact('osfamily') == 'windows')) { + should be_mode 755 + } end - describe file("#{default['puppetvardir']}/concat/_tmp_concat_file") do + describe file("#{vardir}/concat/#{safe_basedir}_file") do it { should be_directory } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - it { should be_mode 750 } + it { should be_owned_by username } + it("should be mode", :unless => (fact('osfamily') == 'AIX' or fact('osfamily') == 'windows')) { + should be_mode 750 + } end - describe file("#{default['puppetvardir']}/concat/_tmp_concat_file/fragments") do + describe file("#{vardir}/concat/#{safe_basedir}_file/fragments") do it { should be_directory } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - it { should be_mode 750 } + it { should be_owned_by username } + it("should be mode", :unless => (fact('osfamily') == 'AIX' or fact('osfamily') == 'windows')) { + should be_mode 750 + } end - describe file("#{default['puppetvardir']}/concat/_tmp_concat_file/fragments.concat") do + describe file("#{vardir}/concat/#{safe_basedir}_file/fragments.concat") do it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - it { should be_mode 640 } + it { should be_owned_by username } + it("should be mode", :unless => (fact('osfamily') == 'AIX' or fact('osfamily') == 'windows')) { + should be_mode 640 + } end - describe file("#{default['puppetvardir']}/concat/_tmp_concat_file/fragments.concat.out") do + describe file("#{vardir}/concat/#{safe_basedir}_file/fragments.concat.out") do it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - it { should be_mode 640 } + it { should be_owned_by username } + it("should be mode", :unless => (fact('osfamily') == 'AIX' or fact('osfamily') == 'windows')) { + should be_mode 640 + } end end context 'owner/group root' do + before(:all) do + pp = <<-EOS + file { '#{basedir}': + ensure => directory, + } + EOS + apply_manifest(pp) + end pp = <<-EOS - concat { '/tmp/concat/file': - owner => 'root', - group => 'root', + concat { '#{basedir}/file': + owner => '#{username}', + group => '#{groupname}', mode => '0644', } concat::fragment { '1': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '1', order => '01', } concat::fragment { '2': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '2', order => '02', } @@ -75,89 +121,48 @@ it_behaves_like 'successfully_applied', pp - describe file('/tmp/concat/file') do - it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - it { should be_mode 644 } - it { should contain '1' } - it { should contain '2' } - end - describe file("#{default['puppetvardir']}/concat/_tmp_concat_file/fragments/01_1") do - it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - it { should be_mode 640 } - end - describe file("#{default['puppetvardir']}/concat/_tmp_concat_file/fragments/02_2") do + describe file("#{basedir}/file") do it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - it { should be_mode 640 } - end - end - - context 'owner/group non-root' do - before(:all) do - shell "groupadd -g 64444 bob" - shell "useradd -u 42 -g 64444 bob" - end - after(:all) do - shell "userdel bob" - end - - pp=" - concat { '/tmp/concat/file': - owner => 'bob', - group => 'bob', - mode => '0644', + it { should be_owned_by username } + it("should be group", :unless => (fact('osfamily') == 'windows')) { should be_grouped_into groupname } + it("should be mode", :unless => (fact('osfamily') == 'AIX' or fact('osfamily') == 'windows')) { + should be_mode 644 + } + its(:content) { + should match '1' + should match '2' } - - concat::fragment { '1': - target => '/tmp/concat/file', - content => '1', - order => '01', - } - - concat::fragment { '2': - target => '/tmp/concat/file', - content => '2', - order => '02', - } - " - - it_behaves_like 'successfully_applied', pp - - describe file('/tmp/concat/file') do + end + describe file("#{vardir}/concat/#{safe_basedir}_file/fragments/01_1") do it { should be_file } - it { should be_owned_by 'bob' } - it { should be_grouped_into 'bob' } - it { should be_mode 644 } - it { should contain '1' } - it { should contain '2' } + it { should be_owned_by username } + it("should be mode", :unless => (fact('osfamily') == 'AIX' or fact('osfamily') == 'windows')) { + should be_mode 640 + } end - describe file("#{default['puppetvardir']}/concat/_tmp_concat_file/fragments/01_1") do + describe file("#{vardir}/concat/#{safe_basedir}_file/fragments/02_2") do it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - it { should be_mode 640 } - it { should contain '1' } - end - describe file("#{default['puppetvardir']}/concat/_tmp_concat_file/fragments/02_2") do - it { should be_file } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - it { should be_mode 640 } - it { should contain '2' } + it { should be_owned_by username } + it("should be mode", :unless => (fact('osfamily') == 'AIX' or fact('osfamily') == 'windows')) { + should be_mode 640 + } end end context 'ensure' do context 'works when set to present with path set' do + before(:all) do + pp = <<-EOS + file { '#{basedir}': + ensure => directory, + } + EOS + apply_manifest(pp) + end pp=" concat { 'file': ensure => present, - path => '/tmp/concat/file', + path => '#{basedir}/file', mode => '0644', } concat::fragment { '1': @@ -169,17 +174,27 @@ it_behaves_like 'successfully_applied', pp - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should be_mode 644 } - it { should contain '1' } + it("should be mode", :unless => (fact('osfamily') == 'AIX' or fact('osfamily') == 'windows')) { + should be_mode 644 + } + its(:content) { should match '1' } end end context 'works when set to absent with path set' do + before(:all) do + pp = <<-EOS + file { '#{basedir}': + ensure => directory, + } + EOS + apply_manifest(pp) + end pp=" concat { 'file': ensure => absent, - path => '/tmp/concat/file', + path => '#{basedir}/file', mode => '0644', } concat::fragment { '1': @@ -189,14 +204,12 @@ } " - # Can't used shared examples as this will always trigger the exec when - # absent is set. it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should_not be_file } end end
--- a/modules/concat/spec/acceptance/deprecation_warnings_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/spec/acceptance/deprecation_warnings_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,8 +1,9 @@ require 'spec_helper_acceptance' describe 'deprecation warnings' do + basedir = default.tmpdir('concat') - shared_examples 'has_warning'do |pp, w| + shared_examples 'has_warning' do |pp, w| it 'applies the manifest twice with a stderr regex' do expect(apply_manifest(pp, :catch_failures => true).stderr).to match(/#{Regexp.escape(w)}/m) expect(apply_manifest(pp, :catch_changes => true).stderr).to match(/#{Regexp.escape(w)}/m) @@ -11,11 +12,11 @@ context 'concat gnu parameter' do pp = <<-EOS - concat { '/tmp/concat/file': + concat { '#{basedir}/file': gnu => 'foo', } concat::fragment { 'foo': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => 'bar', } EOS @@ -28,11 +29,11 @@ ['true', 'yes', 'on'].each do |warn| context warn do pp = <<-EOS - concat { '/tmp/concat/file': + concat { '#{basedir}/file': warn => '#{warn}', } concat::fragment { 'foo': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => 'bar', } EOS @@ -40,10 +41,12 @@ it_behaves_like 'has_warning', pp, w - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should contain '# This file is managed by Puppet. DO NOT EDIT.' } - it { should contain 'bar' } + its(:content) { + should match '# This file is managed by Puppet. DO NOT EDIT.' + should match 'bar' + } end end end @@ -51,11 +54,11 @@ ['false', 'no', 'off'].each do |warn| context warn do pp = <<-EOS - concat { '/tmp/concat/file': + concat { '#{basedir}/file': warn => '#{warn}', } concat::fragment { 'foo': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => 'bar', } EOS @@ -63,99 +66,104 @@ it_behaves_like 'has_warning', pp, w - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should_not contain '# This file is managed by Puppet. DO NOT EDIT.' } - it { should contain 'bar' } + its(:content) { + should_not match '# This file is managed by Puppet. DO NOT EDIT.' + should match 'bar' + } end end end end - context 'concat::fragment ensure parameter' do + context 'concat::fragment ensure parameter', :unless => fact('osfamily') == 'windows' do context 'target file exists' do before(:all) do - shell("/bin/echo 'file1 contents' > /tmp/concat/file1") - end - after(:all) do - # XXX this test may leave behind a symlink in the fragment directory - # which could cause warnings and/or breakage from the subsequent tests - # unless we clean it up. - shell('rm -rf /tmp/concat /var/lib/puppet/concat') - shell('mkdir -p /tmp/concat') + pp = <<-EOS + file { '#{basedir}': + ensure => directory, + } + file { '#{basedir}/file1': + content => "file1 contents\n", + } + EOS + apply_manifest(pp) end pp = <<-EOS - concat { '/tmp/concat/file': } + concat { '#{basedir}/file': } concat::fragment { 'foo': - target => '/tmp/concat/file', - ensure => '/tmp/concat/file1', + target => '#{basedir}/file', + ensure => '#{basedir}/file1', } EOS w = 'Passing a value other than \'present\' or \'absent\' as the $ensure parameter to concat::fragment is deprecated. If you want to use the content of a file as a fragment please use the $source parameter.' it_behaves_like 'has_warning', pp, w - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should contain 'file1 contents' } + its(:content) { should match 'file1 contents' } end - describe 'the fragment can be changed from a symlink to a plain file' do + describe 'the fragment can be changed from a symlink to a plain file', :unless => (fact("osfamily") == "windows") do pp = <<-EOS - concat { '/tmp/concat/file': } + concat { '#{basedir}/file': } concat::fragment { 'foo': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => 'new content', } EOS it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should contain 'new content' } - it { should_not contain 'file1 contents' } + its(:content) { + should match 'new content' + should_not match 'file1 contents' + } end end end # target file exists - context 'target does not exist' do + context 'target does not exist', :unless => fact('osfamily') == 'windows' do pp = <<-EOS - concat { '/tmp/concat/file': } + concat { '#{basedir}/file': } concat::fragment { 'foo': - target => '/tmp/concat/file', - ensure => '/tmp/concat/file1', + target => '#{basedir}/file', + ensure => '#{basedir}/file1', } EOS w = 'Passing a value other than \'present\' or \'absent\' as the $ensure parameter to concat::fragment is deprecated. If you want to use the content of a file as a fragment please use the $source parameter.' it_behaves_like 'has_warning', pp, w - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } end - describe 'the fragment can be changed from a symlink to a plain file' do + describe 'the fragment can be changed from a symlink to a plain file', :unless => (fact('osfamily') == 'windows') do pp = <<-EOS - concat { '/tmp/concat/file': } + concat { '#{basedir}/file': } concat::fragment { 'foo': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => 'new content', } EOS it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should contain 'new content' } + its(:content) { should match 'new content' } end end end # target file exists @@ -164,9 +172,9 @@ context 'concat::fragment mode parameter' do pp = <<-EOS - concat { '/tmp/concat/file': } + concat { '#{basedir}/file': } concat::fragment { 'foo': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => 'bar', mode => 'bar', } @@ -178,9 +186,9 @@ context 'concat::fragment owner parameter' do pp = <<-EOS - concat { '/tmp/concat/file': } + concat { '#{basedir}/file': } concat::fragment { 'foo': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => 'bar', owner => 'bar', } @@ -192,9 +200,9 @@ context 'concat::fragment group parameter' do pp = <<-EOS - concat { '/tmp/concat/file': } + concat { '#{basedir}/file': } concat::fragment { 'foo': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => 'bar', group => 'bar', } @@ -206,9 +214,9 @@ context 'concat::fragment backup parameter' do pp = <<-EOS - concat { '/tmp/concat/file': } + concat { '#{basedir}/file': } concat::fragment { 'foo': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => 'bar', backup => 'bar', }
--- a/modules/concat/spec/acceptance/empty_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/spec/acceptance/empty_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,24 +1,23 @@ require 'spec_helper_acceptance' describe 'concat force empty parameter' do + basedir = default.tmpdir('concat') context 'should run successfully' do pp = <<-EOS - concat { '/tmp/concat/file': - owner => root, - group => root, + concat { '#{basedir}/file': mode => '0644', force => true, } EOS it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should_not contain '1\n2' } + its(:content) { should_not match /1\n2/ } end end end
--- a/modules/concat/spec/acceptance/fragment_source_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/spec/acceptance/fragment_source_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,122 +1,145 @@ require 'spec_helper_acceptance' +case fact('osfamily') + when 'AIX' + username = 'root' + groupname = 'system' + when 'Darwin' + username = 'root' + groupname = 'wheel' + when 'windows' + username = 'Administrator' + groupname = 'Administrators' + else + username = 'root' + groupname = 'root' +end + describe 'concat::fragment source' do + basedir = default.tmpdir('concat') context 'should read file fragments from local system' do - before(:all) do - shell("/bin/echo 'file1 contents' > /tmp/concat/file1") - shell("/bin/echo 'file2 contents' > /tmp/concat/file2") - end - pp = <<-EOS - concat { '/tmp/concat/foo': } + file { '#{basedir}/file1': + content => "file1 contents\n" + } + file { '#{basedir}/file2': + content => "file2 contents\n" + } + concat { '#{basedir}/foo': } concat::fragment { '1': - target => '/tmp/concat/foo', - source => '/tmp/concat/file1', + target => '#{basedir}/foo', + source => '#{basedir}/file1', + require => File['#{basedir}/file1'], } concat::fragment { '2': - target => '/tmp/concat/foo', + target => '#{basedir}/foo', content => 'string1 contents', } concat::fragment { '3': - target => '/tmp/concat/foo', - source => '/tmp/concat/file2', + target => '#{basedir}/foo', + source => '#{basedir}/file2', + require => File['#{basedir}/file2'], } EOS it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/foo') do + describe file("#{basedir}/foo") do it { should be_file } - it { should contain 'file1 contents' } - it { should contain 'string1 contents' } - it { should contain 'file2 contents' } + its(:content) { + should match 'file1 contents' + should match 'string1 contents' + should match 'file2 contents' + } end end # should read file fragments from local system context 'should create files containing first match only.' do - before(:all) do - shell('rm -rf /tmp/concat /var/lib/puppet/concat') - shell('mkdir -p /tmp/concat') - shell("/bin/echo 'file1 contents' > /tmp/concat/file1") - shell("/bin/echo 'file2 contents' > /tmp/concat/file2") - end - pp = <<-EOS - concat { '/tmp/concat/result_file1': - owner => root, - group => root, + file { '#{basedir}/file1': + content => "file1 contents\n" + } + file { '#{basedir}/file2': + content => "file2 contents\n" + } + concat { '#{basedir}/result_file1': + owner => '#{username}', + group => '#{groupname}', mode => '0644', } - concat { '/tmp/concat/result_file2': - owner => root, - group => root, + concat { '#{basedir}/result_file2': + owner => '#{username}', + group => '#{groupname}', mode => '0644', } - concat { '/tmp/concat/result_file3': - owner => root, - group => root, + concat { '#{basedir}/result_file3': + owner => '#{username}', + group => '#{groupname}', mode => '0644', } concat::fragment { '1': - target => '/tmp/concat/result_file1', - source => [ '/tmp/concat/file1', '/tmp/concat/file2' ], + target => '#{basedir}/result_file1', + source => [ '#{basedir}/file1', '#{basedir}/file2' ], + require => [ File['#{basedir}/file1'], File['#{basedir}/file2'] ], order => '01', } concat::fragment { '2': - target => '/tmp/concat/result_file2', - source => [ '/tmp/concat/file2', '/tmp/concat/file1' ], + target => '#{basedir}/result_file2', + source => [ '#{basedir}/file2', '#{basedir}/file1' ], + require => [ File['#{basedir}/file1'], File['#{basedir}/file2'] ], order => '01', } concat::fragment { '3': - target => '/tmp/concat/result_file3', - source => [ '/tmp/concat/file1', '/tmp/concat/file2' ], + target => '#{basedir}/result_file3', + source => [ '#{basedir}/file1', '#{basedir}/file2' ], + require => [ File['#{basedir}/file1'], File['#{basedir}/file2'] ], order => '01', } EOS it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/result_file1') do + describe file("#{basedir}/result_file1") do it { should be_file } - it { should contain 'file1 contents' } - it { should_not contain 'file2 contents' } + its(:content) { + should match 'file1 contents' + should_not match 'file2 contents' + } end - describe file('/tmp/concat/result_file2') do + describe file("#{basedir}/result_file2") do it { should be_file } - it { should contain 'file2 contents' } - it { should_not contain 'file1 contents' } + its(:content) { + should match 'file2 contents' + should_not match 'file1 contents' + } end - describe file('/tmp/concat/result_file3') do + describe file("#{basedir}/result_file3") do it { should be_file } - it { should contain 'file1 contents' } - it { should_not contain 'file2 contents' } + its(:content) { + should match 'file1 contents' + should_not match 'file2 contents' + } end end context 'should fail if no match on source.' do - before(:all) do - shell('rm -rf /tmp/concat /var/lib/puppet/concat') - shell('mkdir -p /tmp/concat') - shell('/bin/rm -rf /tmp/concat/fail_no_source /tmp/concat/nofilehere /tmp/concat/nothereeither') - end - pp = <<-EOS - concat { '/tmp/concat/fail_no_source': - owner => root, - group => root, + concat { '#{basedir}/fail_no_source': + owner => '#{username}', + group => '#{groupname}', mode => '0644', } concat::fragment { '1': - target => '/tmp/concat/fail_no_source', - source => [ '/tmp/concat/nofilehere', '/tmp/concat/nothereeither' ], + target => '#{basedir}/fail_no_source', + source => [ '#{basedir}/nofilehere', '#{basedir}/nothereeither' ], order => '01', } EOS @@ -124,7 +147,7 @@ it 'applies the manifest with resource failures' do apply_manifest(pp, :expect_failures => true) end - describe file('/tmp/concat/fail_no_source') do + describe file("#{basedir}/fail_no_source") do #FIXME: Serverspec::Type::File doesn't support exists? for some reason. so... hack. it { should_not be_file } it { should_not be_directory }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/concat/spec/acceptance/fragments_are_always_replaced_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,139 @@ +require 'spec_helper_acceptance' + +describe 'concat::fragment replace' do + basedir = default.tmpdir('concat') + + context 'should create fragment files' do + before(:all) do + pp = <<-EOS + file { '#{basedir}': + ensure => directory, + } + EOS + apply_manifest(pp) + end + + pp1 = <<-EOS + concat { '#{basedir}/foo': } + + concat::fragment { '1': + target => '#{basedir}/foo', + content => 'caller has replace unset run 1', + } + EOS + pp2 = <<-EOS + concat { '#{basedir}/foo': } + + concat::fragment { '1': + target => '#{basedir}/foo', + content => 'caller has replace unset run 2', + } + EOS + + it 'applies the manifest twice with no stderr' do + apply_manifest(pp1, :catch_failures => true) + apply_manifest(pp1, :catch_changes => true) + apply_manifest(pp2, :catch_failures => true) + apply_manifest(pp2, :catch_changes => true) + end + + describe file("#{basedir}/foo") do + it { should be_file } + its(:content) { + should_not match 'caller has replace unset run 1' + should match 'caller has replace unset run 2' + } + end + end # should create fragment files + + context 'should replace its own fragment files when caller has File { replace=>true } set' do + before(:all) do + pp = <<-EOS + file { '#{basedir}': + ensure => directory, + } + EOS + apply_manifest(pp) + end + + pp1 = <<-EOS + File { replace=>true } + concat { '#{basedir}/foo': } + + concat::fragment { '1': + target => '#{basedir}/foo', + content => 'caller has replace true set run 1', + } + EOS + pp2 = <<-EOS + File { replace=>true } + concat { '#{basedir}/foo': } + + concat::fragment { '1': + target => '#{basedir}/foo', + content => 'caller has replace true set run 2', + } + EOS + + it 'applies the manifest twice with no stderr' do + apply_manifest(pp1, :catch_failures => true) + apply_manifest(pp1, :catch_changes => true) + apply_manifest(pp2, :catch_failures => true) + apply_manifest(pp2, :catch_changes => true) + end + + describe file("#{basedir}/foo") do + it { should be_file } + its(:content) { + should_not match 'caller has replace true set run 1' + should match 'caller has replace true set run 2' + } + end + end # should replace its own fragment files when caller has File(replace=>true) set + + context 'should replace its own fragment files even when caller has File { replace=>false } set' do + before(:all) do + pp = <<-EOS + file { '#{basedir}': + ensure => directory, + } + EOS + apply_manifest(pp) + end + + pp1 = <<-EOS + File { replace=>false } + concat { '#{basedir}/foo': } + + concat::fragment { '1': + target => '#{basedir}/foo', + content => 'caller has replace false set run 1', + } + EOS + pp2 = <<-EOS + File { replace=>false } + concat { '#{basedir}/foo': } + + concat::fragment { '1': + target => '#{basedir}/foo', + content => 'caller has replace false set run 2', + } + EOS + + it 'applies the manifest twice with no stderr' do + apply_manifest(pp1, :catch_failures => true) + apply_manifest(pp1, :catch_changes => true) + apply_manifest(pp2, :catch_failures => true) + apply_manifest(pp2, :catch_changes => true) + end + + describe file("#{basedir}/foo") do + it { should be_file } + its(:content) { + should_not match 'caller has replace false set run 1' + should match 'caller has replace false set run 2' + } + end + end # should replace its own fragment files even when caller has File(replace=>false) set + +end
--- a/modules/concat/spec/acceptance/newline_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/spec/acceptance/newline_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,57 +1,67 @@ require 'spec_helper_acceptance' describe 'concat ensure_newline parameter' do + basedir = default.tmpdir('concat') context '=> false' do + before(:all) do + pp = <<-EOS + file { '#{basedir}': + ensure => directory + } + EOS + + apply_manifest(pp) + end pp = <<-EOS - concat { '/tmp/concat/file': + concat { '#{basedir}/file': ensure_newline => false, } concat::fragment { '1': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '1', } concat::fragment { '2': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '2', } EOS it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should contain '12' } + its(:content) { should match '12' } end end context '=> true' do pp = <<-EOS - concat { '/tmp/concat/file': + concat { '#{basedir}/file': ensure_newline => true, } concat::fragment { '1': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '1', } concat::fragment { '2': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '2', } EOS it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") - #XXX ensure_newline => true causes changes on every run because the files - #are modified in place. + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should contain "1\n2\n" } + its(:content) { + should match /1\n2\n/ + } end end end
--- a/modules/concat/spec/acceptance/nodesets/centos-64-x64.yml Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/spec/acceptance/nodesets/centos-64-x64.yml Sat Mar 14 20:07:04 2015 +0000 @@ -7,4 +7,4 @@ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box hypervisor : vagrant CONFIG: - type: foss + type: git
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/concat/spec/acceptance/nodesets/centos-65-x64.yml Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,10 @@ +HOSTS: + centos-65-x64: + roles: + - master + platform: el-6-x86_64 + box : centos-65-x64-vbox436-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-65-x64-virtualbox-nocm.box + hypervisor : vagrant +CONFIG: + type: foss
--- a/modules/concat/spec/acceptance/nodesets/default.yml Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/spec/acceptance/nodesets/default.yml Sat Mar 14 20:07:04 2015 +0000 @@ -1,10 +1,10 @@ HOSTS: - centos-64-x64.localdomain: + centos-64-x64: roles: - master platform: el-6-x86_64 - box : centos-65-x64-virtualbox-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-65-x64-virtualbox-nocm.box + box : centos-64-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box hypervisor : vagrant CONFIG: - type: foss + type: git
--- a/modules/concat/spec/acceptance/nodesets/fedora-18-x64.yml Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/spec/acceptance/nodesets/fedora-18-x64.yml Sat Mar 14 20:07:04 2015 +0000 @@ -7,4 +7,4 @@ box_url : http://puppet-vagrant-boxes.puppetlabs.com/fedora-18-x64-vbox4210-nocm.box hypervisor : vagrant CONFIG: - type: foss + type: git
--- a/modules/concat/spec/acceptance/nodesets/rhel-7-x64.yml Sat Mar 14 20:01:17 2015 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,15 +0,0 @@ -HOSTS: - 'redhat-7-vcloud': - roles: - - master - platform: el-7-x86_64 - hypervisor: vcloud - template: redhat-7-x86_64 -CONFIG: - type: foss - ssh: - keys: "~/.ssh/id_rsa-acceptance" - datastore: instance0 - folder: Delivery/Quality Assurance/Enterprise/Dynamic - resourcepool: delivery/Quality Assurance/Enterprise/Dynamic - pooling_api: http://vcloud.delivery.puppetlabs.net/
--- a/modules/concat/spec/acceptance/order_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/spec/acceptance/order_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,137 +1,123 @@ require 'spec_helper_acceptance' describe 'concat order' do - before(:all) do - shell('rm -rf /tmp/concat /var/lib/puppet/concat') - shell('mkdir -p /tmp/concat') - end + basedir = default.tmpdir('concat') - context '=> alpha' do - pp = <<-EOS - concat { '/tmp/concat/foo': - order => 'alpha' + context '=> ' do + shared_examples 'sortby' do |order_by, match_output| + pp = <<-EOS + concat { '#{basedir}/foo': + order => '#{order_by}' } concat::fragment { '1': - target => '/tmp/concat/foo', + target => '#{basedir}/foo', content => 'string1', + order => '1', } concat::fragment { '2': - target => '/tmp/concat/foo', + target => '#{basedir}/foo', content => 'string2', + order => '2', } concat::fragment { '10': - target => '/tmp/concat/foo', + target => '#{basedir}/foo', content => 'string10', } - EOS + EOS - it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + it 'applies the manifest twice with no stderr' do + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) + end + + describe file("#{basedir}/foo") do + it { should be_file } + its(:content) { should match match_output } + end end - describe file('/tmp/concat/foo') do - it { should be_file } - it { should contain "string10\nstring1\nsring2" } - end - end - - context '=> numeric' do - pp = <<-EOS - concat { '/tmp/concat/foo': - order => 'numeric' - } - concat::fragment { '1': - target => '/tmp/concat/foo', - content => 'string1', - } - concat::fragment { '2': - target => '/tmp/concat/foo', - content => 'string2', - } - concat::fragment { '10': - target => '/tmp/concat/foo', - content => 'string10', - } - EOS - - it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + describe 'alpha' do + it_behaves_like 'sortby', 'alpha', /string10string1string2/ end - describe file('/tmp/concat/foo') do - it { should be_file } - it { should contain "string1\nstring2\nsring10" } + describe 'numeric' do + it_behaves_like 'sortby', 'numeric', /string1string2string10/ end end end # concat order describe 'concat::fragment order' do - before(:all) do - shell('rm -rf /tmp/concat /var/lib/puppet/concat') - shell('mkdir -p /tmp/concat') - end + basedir = default.tmpdir('concat') context '=> reverse order' do - pp = <<-EOS - concat { '/tmp/concat/foo': } + shared_examples 'order_by' do |order_by, match_output| + pp = <<-EOS + concat { '#{basedir}/foo': + order => '#{order_by}' + } concat::fragment { '1': - target => '/tmp/concat/foo', + target => '#{basedir}/foo', content => 'string1', order => '15', } concat::fragment { '2': - target => '/tmp/concat/foo', + target => '#{basedir}/foo', content => 'string2', # default order 10 } concat::fragment { '3': - target => '/tmp/concat/foo', + target => '#{basedir}/foo', content => 'string3', order => '1', } - EOS + EOS + + it 'applies the manifest twice with no stderr' do + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) + end - it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + describe file("#{basedir}/foo") do + it { should be_file } + its(:content) { should match match_output } + end end - - describe file('/tmp/concat/foo') do - it { should be_file } - it { should contain "string3\nstring2\nsring1" } + describe 'alpha' do + it_should_behave_like 'order_by', 'alpha', /string2string1string3/ + end + describe 'numeric' do + it_should_behave_like 'order_by', 'numeric', /string3string2string1/ end end context '=> normal order' do pp = <<-EOS - concat { '/tmp/concat/foo': } + concat { '#{basedir}/foo': } concat::fragment { '1': - target => '/tmp/concat/foo', + target => '#{basedir}/foo', content => 'string1', order => '01', } concat::fragment { '2': - target => '/tmp/concat/foo', + target => '#{basedir}/foo', content => 'string2', order => '02' } concat::fragment { '3': - target => '/tmp/concat/foo', + target => '#{basedir}/foo', content => 'string3', order => '03', } EOS it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/foo') do + describe file("#{basedir}/foo") do it { should be_file } - it { should contain "string1\nstring2\nsring3" } + its(:content) { should match /string1string2string3/ } end end end # concat::fragment order
--- a/modules/concat/spec/acceptance/quoted_paths_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/spec/acceptance/quoted_paths_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,33 +1,42 @@ require 'spec_helper_acceptance' describe 'quoted paths' do + basedir = default.tmpdir('concat') + before(:all) do - shell('rm -rf "/tmp/concat test" /var/lib/puppet/concat') - shell('mkdir -p "/tmp/concat test"') + pp = <<-EOS + file { '#{basedir}': + ensure => directory, + } + file { '#{basedir}/concat test': + ensure => directory, + } + EOS + apply_manifest(pp) end context 'path with blanks' do pp = <<-EOS - concat { '/tmp/concat test/foo': + concat { '#{basedir}/concat test/foo': } concat::fragment { '1': - target => '/tmp/concat test/foo', + target => '#{basedir}/concat test/foo', content => 'string1', } concat::fragment { '2': - target => '/tmp/concat test/foo', + target => '#{basedir}/concat test/foo', content => 'string2', } EOS it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat test/foo') do + describe file("#{basedir}/concat test/foo") do it { should be_file } - it { should contain "string1\nsring2" } + its(:content) { should match /string1string2/ } end end end
--- a/modules/concat/spec/acceptance/replace_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/spec/acceptance/replace_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,123 +1,140 @@ require 'spec_helper_acceptance' describe 'replacement of' do + basedir = default.tmpdir('concat') context 'file' do context 'should not succeed' do before(:all) do - shell('mkdir -p /tmp/concat') - shell('echo "file exists" > /tmp/concat/file') + pp = <<-EOS + file { '#{basedir}': + ensure => directory, + } + file { '#{basedir}/file': + content => "file exists\n" + } + EOS + apply_manifest(pp) end - after(:all) do - shell('rm -rf /tmp/concat /var/lib/puppet/concat') - end - pp = <<-EOS - concat { '/tmp/concat/file': + concat { '#{basedir}/file': replace => false, } concat::fragment { '1': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '1', } concat::fragment { '2': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '2', } EOS it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should contain 'file exists' } - it { should_not contain '1' } - it { should_not contain '2' } + its(:content) { + should match 'file exists' + should_not match '1' + should_not match '2' + } end end context 'should succeed' do before(:all) do - shell('mkdir -p /tmp/concat') - shell('echo "file exists" > /tmp/concat/file') + pp = <<-EOS + file { '#{basedir}': + ensure => directory, + } + file { '#{basedir}/file': + content => "file exists\n" + } + EOS + apply_manifest(pp) end - after(:all) do - shell('rm -rf /tmp/concat /var/lib/puppet/concat') - end - pp = <<-EOS - concat { '/tmp/concat/file': + concat { '#{basedir}/file': replace => true, } concat::fragment { '1': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '1', } concat::fragment { '2': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '2', } EOS it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should_not contain 'file exists' } - it { should contain '1' } - it { should contain '2' } + its(:content) { + should_not match 'file exists' + should match '1' + should match '2' + } end end end # file - context 'symlink' do + context 'symlink', :unless => (fact("osfamily") == "windows") do context 'should not succeed' do # XXX the core puppet file type will replace a symlink with a plain file # when using ensure => present and source => ... but it will not when using # ensure => present and content => ...; this is somewhat confusing behavior before(:all) do - shell('mkdir -p /tmp/concat') - shell('ln -s /tmp/concat/dangling /tmp/concat/file') - end - after(:all) do - shell('rm -rf /tmp/concat /var/lib/puppet/concat') + pp = <<-EOS + file { '#{basedir}': + ensure => directory, + } + file { '#{basedir}/file': + ensure => link, + target => '#{basedir}/dangling', + } + EOS + apply_manifest(pp) end pp = <<-EOS - concat { '/tmp/concat/file': + concat { '#{basedir}/file': replace => false, } concat::fragment { '1': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '1', } concat::fragment { '2': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '2', } EOS it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/file') do - it { should be_linked_to '/tmp/concat/dangling' } + # XXX specinfra doesn't support be_linked_to on AIX + describe file("#{basedir}/file"), :unless => (fact("osfamily") == "AIX" or fact("osfamily") == "windows") do + it { should be_linked_to "#{basedir}/dangling" } end - describe file('/tmp/concat/dangling') do + describe file("#{basedir}/dangling") do # XXX serverspec does not have a matcher for 'exists' it { should_not be_file } it { should_not be_directory } @@ -129,38 +146,45 @@ # when using ensure => present and source => ... but it will not when using # ensure => present and content => ...; this is somewhat confusing behavior before(:all) do - shell('mkdir -p /tmp/concat') - shell('ln -s /tmp/concat/dangling /tmp/concat/file') - end - after(:all) do - shell('rm -rf /tmp/concat /var/lib/puppet/concat') + pp = <<-EOS + file { '#{basedir}': + ensure => directory, + } + file { '#{basedir}/file': + ensure => link, + target => '#{basedir}/dangling', + } + EOS + apply_manifest(pp) end pp = <<-EOS - concat { '/tmp/concat/file': + concat { '#{basedir}/file': replace => true, } concat::fragment { '1': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '1', } concat::fragment { '2': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '2', } EOS it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should contain '1' } - it { should contain '2' } + its(:content) { + should match '1' + should match '2' + } end end end # symlink @@ -168,22 +192,26 @@ context 'directory' do context 'should not succeed' do before(:all) do - shell('mkdir -p /tmp/concat/file') + pp = <<-EOS + file { '#{basedir}': + ensure => directory, + } + file { '#{basedir}/file': + ensure => directory, + } + EOS + apply_manifest(pp) end - after(:all) do - shell('rm -rf /tmp/concat /var/lib/puppet/concat') - end - pp = <<-EOS - concat { '/tmp/concat/file': } + concat { '#{basedir}/file': } concat::fragment { '1': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '1', } concat::fragment { '2': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '2', } EOS @@ -193,7 +221,7 @@ expect(apply_manifest(pp, :expect_failures => true).stderr).to match(/change from directory to file failed/) end - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_directory } end end @@ -204,37 +232,30 @@ # changed, extended, or a new param introduced to control directory # replacement. context 'should succeed', :pending => 'not yet implemented' do - before(:all) do - shell('mkdir -p /tmp/concat/file') - end - after(:all) do - shell('rm -rf /tmp/concat /var/lib/puppet/concat') - end - pp = <<-EOS - concat { '/tmp/concat/file': + concat { '#{basedir}/file': force => true, } concat::fragment { '1': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '1', } concat::fragment { '2': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '2', } EOS it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should contain '1' } + its(:content) { should match '1' } end end end # directory
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/concat/spec/acceptance/specinfra_stubs.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,19 @@ +class Specinfra::Command::Windows::Base::File < Specinfra::Command::Windows::Base + class << self + def check_is_owned_by(file, owner) + Backend::PowerShell::Command.new do + exec "if((Get-Item '#{file}').GetAccessControl().Owner -match '#{owner}' + -or ((Get-Item '#{file}').GetAccessControl().Owner -match '#{owner}').Length -gt 0){ exit 0 } else { exit 1 }" + end + end + end +end + + +class Specinfra::Command::Base::File < Specinfra::Command::Base + class << self + def get_content(file) + "cat '#{file}' 2> /dev/null || echo -n" + end + end +end
--- a/modules/concat/spec/acceptance/symbolic_name_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/spec/acceptance/symbolic_name_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,9 +1,10 @@ require 'spec_helper_acceptance' describe 'symbolic name' do + basedir = default.tmpdir('concat') pp = <<-EOS concat { 'not_abs_path': - path => '/tmp/concat/file', + path => '#{basedir}/file', } concat::fragment { '1': @@ -20,13 +21,15 @@ EOS it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should contain '1' } - it { should contain '2' } + its(:content) { + should match '1' + should match '2' + } end end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/concat/spec/acceptance/validation_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,35 @@ +require 'spec_helper_acceptance' + +describe 'concat validate_cmd parameter', :unless => (fact('kernel') != 'Linux') do + basedir = default.tmpdir('concat') + context '=> "/usr/bin/test -e %"' do + before(:all) do + pp = <<-EOS + file { '#{basedir}': + ensure => directory + } + EOS + + apply_manifest(pp) + end + pp = <<-EOS + concat { '#{basedir}/file': + validate_cmd => '/usr/bin/test -e %', + } + concat::fragment { 'content': + target => '#{basedir}/file', + content => 'content', + } + EOS + + it 'applies the manifest twice with no stderr' do + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) + end + + describe file("#{basedir}/file") do + it { should be_file } + it { should contain 'content' } + end + end +end
--- a/modules/concat/spec/acceptance/warn_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/spec/acceptance/warn_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,97 +1,104 @@ require 'spec_helper_acceptance' describe 'concat warn =>' do + basedir = default.tmpdir('concat') context 'true should enable default warning message' do pp = <<-EOS - concat { '/tmp/concat/file': + concat { '#{basedir}/file': warn => true, } concat::fragment { '1': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '1', order => '01', } concat::fragment { '2': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '2', order => '02', } EOS it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should contain '# This file is managed by Puppet. DO NOT EDIT.' } - it { should contain '1' } - it { should contain '2' } + its(:content) { + should match /# This file is managed by Puppet\. DO NOT EDIT\./ + should match /1/ + should match /2/ + } end end context 'false should not enable default warning message' do pp = <<-EOS - concat { '/tmp/concat/file': + concat { '#{basedir}/file': warn => false, } concat::fragment { '1': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '1', order => '01', } concat::fragment { '2': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '2', order => '02', } EOS it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should_not contain '# This file is managed by Puppet. DO NOT EDIT.' } - it { should contain '1' } - it { should contain '2' } + its(:content) { + should_not match /# This file is managed by Puppet\. DO NOT EDIT\./ + should match /1/ + should match /2/ + } end end context '# foo should overide default warning message' do pp = <<-EOS - concat { '/tmp/concat/file': + concat { '#{basedir}/file': warn => '# foo', } concat::fragment { '1': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '1', order => '01', } concat::fragment { '2': - target => '/tmp/concat/file', + target => '#{basedir}/file', content => '2', order => '02', } EOS it 'applies the manifest twice with no stderr' do - expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("") - expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("") + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) end - describe file('/tmp/concat/file') do + describe file("#{basedir}/file") do it { should be_file } - it { should contain '# foo' } - it { should contain '1' } - it { should contain '2' } + its(:content) { + should match /# foo/ + should match /1/ + should match /2/ + } end end end
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/concat/spec/spec.opts Sat Mar 14 20:07:04 2015 +0000 @@ -0,0 +1,6 @@ +--format +s +--colour +--loadby +mtime +--backtrace
--- a/modules/concat/spec/spec_helper_acceptance.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/spec/spec_helper_acceptance.rb Sat Mar 14 20:07:04 2015 +0000 @@ -1,14 +1,37 @@ require 'beaker-rspec/spec_helper' require 'beaker-rspec/helpers/serverspec' +require 'acceptance/specinfra_stubs' unless ENV['RS_PROVISION'] == 'no' or ENV['BEAKER_provision'] == 'no' - if hosts.first.is_pe? - install_pe + # This will install the latest available package on el and deb based + # systems fail on windows and osx, and install via gem on other *nixes + foss_opts = {:default_action => 'gem_install'} + + if default.is_pe?; then + install_pe; else - install_puppet + install_puppet(foss_opts); end + hosts.each do |host| on hosts, "mkdir -p #{host['distmoduledir']}" + if host['platform'] =~ /sles-1/i || host['platform'] =~ /solaris-1/i + get_stdlib = <<-EOS + package{'wget':} + exec{'download': + command => "wget -P /root/ https://forgeapi.puppetlabs.com/v3/files/puppetlabs-stdlib-4.5.1.tar.gz --no-check-certificate", + path => ['/opt/csw/bin/','/usr/bin/'] + } + EOS + apply_manifest_on(host, get_stdlib) + # have to use force otherwise it checks ssl cert even though it is a local file + on host, puppet('module install /root/puppetlabs-stdlib-4.5.1.tar.gz --force --ignore-dependencies'), {:acceptable_exit_codes => [0, 1]} + elsif host['platform'] =~ /windows/i + on host, shell('curl -k -o c:/puppetlabs-stdlib-4.5.1.tar.gz https://forgeapi.puppetlabs.com/v3/files/puppetlabs-stdlib-4.5.1.tar.gz') + on host, puppet('module install c:/puppetlabs-stdlib-4.5.1.tar.gz --force --ignore-dependencies'), {:acceptable_exit_codes => [0, 1]} + else + on host, puppet('module install puppetlabs-stdlib'), {:acceptable_exit_codes => [0, 1]} + end end end @@ -21,10 +44,8 @@ # Configure all nodes in nodeset c.before :suite do - # Install module and dependencies - puppet_module_install(:source => proj_root, :module_name => 'concat') hosts.each do |host| - on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] } + copy_module_to(host, :source => proj_root, :module_name => 'concat') end end @@ -37,3 +58,4 @@ c.treat_symbols_as_metadata_keys_with_true_values = true end +
--- a/modules/concat/spec/unit/classes/concat_setup_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/spec/unit/classes/concat_setup_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -5,7 +5,15 @@ shared_examples 'setup' do |concatdir| concatdir = '/foo' if concatdir.nil? - let(:facts) {{ :concat_basedir => concatdir }} + let(:facts) do + { + :concat_basedir => concatdir, + :caller_module_name => 'Test', + :osfamily => 'Debian', + :id => 'root', + :is_pe => false, + } + end it do should contain_file("#{concatdir}/bin/concatfragments.sh").with({ @@ -36,7 +44,53 @@ context 'deprecated as a public class' do it 'should create a warning' do - pending('rspec-puppet support for testing warning()') + skip('rspec-puppet support for testing warning()') end end + + context "on osfamily Solaris" do + concatdir = '/foo' + let(:facts) do + { + :concat_basedir => concatdir, + :caller_module_name => 'Test', + :osfamily => 'Solaris', + :id => 'root', + :is_pe => false, + } + end + + it do + should contain_file("#{concatdir}/bin/concatfragments.rb").with({ + :ensure => 'file', + :owner => 'root', + :mode => '0755', + :source => 'puppet:///modules/concat/concatfragments.rb', + :backup => false, + }) + end + end # on osfamily Solaris + + context "on osfamily windows" do + concatdir = '/foo' + let(:facts) do + { + :concat_basedir => concatdir, + :caller_module_name => 'Test', + :osfamily => 'windows', + :id => 'batman', + :is_pe => false, + } + end + + it do + should contain_file("#{concatdir}/bin/concatfragments.rb").with({ + :ensure => 'file', + :owner => nil, + :mode => nil, + :source => 'puppet:///modules/concat/concatfragments.rb', + :backup => false, + }) + end + end # on osfamily windows end
--- a/modules/concat/spec/unit/defines/concat_fragment_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/spec/unit/defines/concat_fragment_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -24,7 +24,15 @@ end let(:title) { title } - let(:facts) {{ :concat_basedir => concatdir, :id => id }} + let(:facts) do + { + :concat_basedir => concatdir, + :id => id, + :osfamily => 'Debian', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :is_pe => false, + } + end let(:params) { params } let(:pre_condition) do "concat{ '#{p[:target]}': }" @@ -64,7 +72,7 @@ context 'false' do let(:title) { 'motd_header' } - let(:facts) {{ :concat_basedir => '/tmp' }} + let(:facts) {{ :concat_basedir => '/tmp', :is_pe => false }} let(:params) {{ :target => false }} it 'should fail' do @@ -85,11 +93,11 @@ context 'any value other than \'present\' or \'absent\'' do let(:title) { 'motd_header' } - let(:facts) {{ :concat_basedir => '/tmp' }} + let(:facts) {{ :concat_basedir => '/tmp', :is_pe => false }} let(:params) {{ :ensure => 'invalid', :target => '/etc/motd' }} it 'should create a warning' do - pending('rspec-puppet support for testing warning()') + skip('rspec-puppet support for testing warning()') end end end # ensure => @@ -106,7 +114,7 @@ context 'false' do let(:title) { 'motd_header' } - let(:facts) {{ :concat_basedir => '/tmp' }} + let(:facts) {{ :concat_basedir => '/tmp', :is_pe => false }} let(:params) {{ :content => false, :target => '/etc/motd' }} it 'should fail' do @@ -127,7 +135,7 @@ context 'false' do let(:title) { 'motd_header' } - let(:facts) {{ :concat_basedir => '/tmp' }} + let(:facts) {{ :concat_basedir => '/tmp', :is_pe => false }} let(:params) {{ :source => false, :target => '/etc/motd' }} it 'should fail' do @@ -148,11 +156,11 @@ context 'false' do let(:title) { 'motd_header' } - let(:facts) {{ :concat_basedir => '/tmp' }} + let(:facts) {{ :concat_basedir => '/tmp', :is_pe => false }} let(:params) {{ :order => false, :target => '/etc/motd' }} it 'should fail' do - expect { should }.to raise_error(Puppet::Error, /is not a string/) + expect { should }.to raise_error(Puppet::Error, /is not a string or integer/) end end end # order => @@ -162,7 +170,14 @@ context 'ensure => target and source' do let(:title) { 'motd_header' } - let(:facts) {{ :concat_basedir => '/tmp' }} + let(:facts) do + { + :concat_basedir => '/tmp', + :osfamily => 'Debian', + :id => 'root', + :is_pe => false, + } + end let(:params) do { :target => '/etc/motd', @@ -178,7 +193,14 @@ context 'ensure => target and content' do let(:title) { 'motd_header' } - let(:facts) {{ :concat_basedir => '/tmp' }} + let(:facts) do + { + :concat_basedir => '/tmp', + :osfamily => 'Debian', + :id => 'root', + :is_pe => false, + } + end let(:params) do { :target => '/etc/motd', @@ -194,7 +216,14 @@ context 'source and content' do let(:title) { 'motd_header' } - let(:facts) {{ :concat_basedir => '/tmp' }} + let(:facts) do + { + :concat_basedir => '/tmp', + :osfamily => 'Debian', + :id => 'root', + :is_pe => false, + } + end let(:params) do { :target => '/etc/motd', @@ -219,7 +248,7 @@ } it 'should create a warning' do - pending('rspec-puppet support for testing warning()') + skip('rspec-puppet support for testing warning()') end end end # mode => @@ -232,7 +261,7 @@ } it 'should create a warning' do - pending('rspec-puppet support for testing warning()') + skip('rspec-puppet support for testing warning()') end end end # owner => @@ -245,7 +274,7 @@ } it 'should create a warning' do - pending('rspec-puppet support for testing warning()') + skip('rspec-puppet support for testing warning()') end end end # group => @@ -258,7 +287,7 @@ } it 'should create a warning' do - pending('rspec-puppet support for testing warning()') + skip('rspec-puppet support for testing warning()') end end end # backup =>
--- a/modules/concat/spec/unit/defines/concat_spec.rb Sat Mar 14 20:01:17 2015 +0000 +++ b/modules/concat/spec/unit/defines/concat_spec.rb Sat Mar 14 20:07:04 2015 +0000 @@ -19,6 +19,7 @@ :replace => true, :order => 'alpha', :ensure_newline => false, + :validate_cmd => nil, }.merge(params) safe_name = title.gsub('/', '_') @@ -33,7 +34,16 @@ let(:title) { title } let(:params) { params } - let(:facts) {{ :concat_basedir => concatdir, :id => id }} + let(:facts) do + { + :concat_basedir => concatdir, + :id => id, + :osfamily => 'Debian', + :path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + :kernel => 'Linux', + :is_pe => false, + } + end if p[:ensure] == 'present' it do @@ -68,15 +78,16 @@ it do should contain_file(title).with(file_defaults.merge({ - :ensure => 'present', - :owner => p[:owner], - :group => p[:group], - :mode => p[:mode], - :replace => p[:replace], - :path => p[:path], - :alias => "concat_#{title}", - :source => "#{fragdir}/#{concat_name}", - :backup => p[:backup], + :ensure => 'present', + :owner => p[:owner], + :group => p[:group], + :mode => p[:mode], + :replace => p[:replace], + :path => p[:path], + :alias => "concat_#{title}", + :source => "#{fragdir}/#{concat_name}", + :validate_cmd => p[:validate_cmd], + :backup => p[:backup], })) end @@ -144,6 +155,7 @@ should contain_exec("concat_#{title}").with({ :alias => "concat_#{fragdir}", :command => 'true', + :unless => 'true', :path => '/bin:/usr/bin', }) end @@ -270,7 +282,7 @@ it_behaves_like 'concat', '/etc/foo.bar', { :warn => warn } it 'should create a warning' do - pending('rspec-puppet support for testing warning()') + skip('rspec-puppet support for testing warning()') end end end @@ -307,10 +319,18 @@ end context 'false' do + it_behaves_like 'concat', '/etc/foo.bar', { :backup => false } + end + + context 'true' do + it_behaves_like 'concat', '/etc/foo.bar', { :backup => true } + end + + context 'true' do let(:title) { '/etc/foo.bar' } - let(:params) {{ :backup => false }} + let(:params) {{ :backup => [] }} it 'should fail' do - expect { should }.to raise_error(Puppet::Error, /is not a string/) + expect { should }.to raise_error(Puppet::Error, /backup must be string or bool/) end end end # backup => @@ -363,13 +383,29 @@ end end # ensure_newline => + context 'validate_cmd =>' do + context '/usr/bin/test -e %' do + it_behaves_like 'concat', '/etc/foo.bar', { :validate_cmd => '/usr/bin/test -e %' } + end + + [ 1234, true ].each do |cmd| + context cmd do + let(:title) { '/etc/foo.bar' } + let(:params) {{ :validate_cmd => cmd }} + it 'should fail' do + expect { should }.to raise_error(Puppet::Error, /\$validate_cmd must be a string/) + end + end + end + end # validate_cmd => + describe 'deprecated parameter' do context 'gnu =>' do context 'foo' do it_behaves_like 'concat', '/etc/foo.bar', { :gnu => 'foo'} it 'should create a warning' do - pending('rspec-puppet support for testing warning()') + skip('rspec-puppet support for testing warning()') end end end