From 61d2ffb6f42bf10c6bd4846f322b0b13cf16b9f6 Mon Sep 17 00:00:00 2001 From: Martin DeMello Date: Sun, 11 Jul 2021 17:28:53 -0700 Subject: [PATCH 1/8] Use r10k to manage puppet modules. --- puppet/Puppetfile | 12 + puppet/README.md | 24 + puppet/{modules/apache => dw_dev}/LICENSE | 0 puppet/{modules => }/dw_dev/manifests/app.pp | 0 puppet/{modules => }/dw_dev/manifests/init.pp | 0 .../dw_dev/manifests/prerequisites.pp | 0 puppet/{modules => }/dw_dev/manifests/user.pp | 0 .../dw_dev/templates/config-local.epp | 0 .../dw_dev/templates/config-private.epp | 0 .../dw_dev/templates/gitconfig.epp | 0 .../{modules => }/dw_dev/templates/vhost.epp | 0 puppet/modules/alternatives/CHANGELOG.md | 98 - puppet/modules/alternatives/CONTRIBUTING.md | 96 - puppet/modules/alternatives/Gemfile | 82 - puppet/modules/alternatives/HISTORY.md | 48 - puppet/modules/alternatives/LICENSE | 178 - puppet/modules/alternatives/README.md | 92 - puppet/modules/alternatives/Rakefile | 92 - puppet/modules/alternatives/checksums.json | 49 - .../puppet/provider/alternative_entry/dpkg.rb | 103 - .../puppet/provider/alternative_entry/rpm.rb | 97 - .../lib/puppet/provider/alternatives/dpkg.rb | 73 - .../lib/puppet/provider/alternatives/rpm.rb | 75 - .../lib/puppet/type/alternative_entry.rb | 68 - .../lib/puppet/type/alternatives.rb | 36 - puppet/modules/alternatives/metadata.json | 56 - .../acceptance/nodesets/archlinux-2-x64.yml | 13 - .../acceptance/nodesets/centos-511-x64.yml | 15 - .../spec/acceptance/nodesets/centos-6-x64.yml | 15 - .../acceptance/nodesets/centos-66-x64-pe.yml | 17 - .../acceptance/nodesets/centos-66-x64.yml | 15 - .../spec/acceptance/nodesets/centos-7-x64.yml | 15 - .../acceptance/nodesets/centos-72-x64.yml | 15 - .../acceptance/nodesets/debian-78-x64.yml | 15 - .../acceptance/nodesets/debian-82-x64.yml | 15 - .../nodesets/ec2/amazonlinux-2016091.yml | 31 - .../nodesets/ec2/image_templates.yaml | 34 - .../acceptance/nodesets/ec2/rhel-73-x64.yml | 29 - .../nodesets/ec2/sles-12sp2-x64.yml | 29 - .../nodesets/ec2/ubuntu-1604-x64.yml | 29 - .../nodesets/ec2/windows-2016-base-x64.yml | 29 - .../acceptance/nodesets/fedora-24-x64.yml | 15 - .../acceptance/nodesets/fedora-25-x64.yml | 16 - .../acceptance/nodesets/fedora-26-x64.yml | 16 - .../acceptance/nodesets/fedora-27-x64.yml | 18 - .../nodesets/ubuntu-server-1204-x64.yml | 15 - .../nodesets/ubuntu-server-1404-x64.yml | 15 - .../nodesets/ubuntu-server-1604-x64.yml | 15 - .../spec/classes/coverage_spec.rb | 4 - .../alternatives/spec/default_facts.yml | 14 - .../provider/alternatives/dpkg/get-selections | 44 - .../alternatives/rpm/alternatives/sample | 9 - .../alternatives/rpm/alternatives/testcmd | 7 - .../provider/alternatives/rpm/display/sample | 5 - .../provider/alternatives/rpm/display/testcmd | 5 - .../modules/alternatives/spec/spec_helper.rb | 28 - .../unit/provider/alternatives/dpkg_spec.rb | 77 - .../unit/provider/alternatives/rpm_spec.rb | 87 - .../spec/unit/type/alternatives_spec.rb | 55 - puppet/modules/apache/CHANGELOG.md | 1184 ---- puppet/modules/apache/CONTRIBUTING.md | 271 - puppet/modules/apache/Gemfile | 76 - puppet/modules/apache/HISTORY.md | 1090 --- puppet/modules/apache/MAINTAINERS.md | 6 - puppet/modules/apache/NOTICE | 15 - puppet/modules/apache/README.md | 6056 ----------------- puppet/modules/apache/Rakefile | 77 - puppet/modules/apache/checksums.json | 367 - puppet/modules/apache/examples/apache.pp | 6 - puppet/modules/apache/examples/dev.pp | 1 - puppet/modules/apache/examples/init.pp | 1 - .../apache/examples/mod_load_params.pp | 11 - puppet/modules/apache/examples/mods.pp | 9 - puppet/modules/apache/examples/mods_custom.pp | 16 - puppet/modules/apache/examples/php.pp | 4 - puppet/modules/apache/examples/vhost.pp | 258 - .../apache/examples/vhost_directories.pp | 44 - .../modules/apache/examples/vhost_filter.pp | 17 - .../modules/apache/examples/vhost_ip_based.pp | 25 - .../apache/examples/vhost_proxypass.pp | 66 - puppet/modules/apache/examples/vhost_ssl.pp | 23 - .../apache/examples/vhosts_without_listen.pp | 53 - puppet/modules/apache/files/httpd | 24 - .../apache/lib/facter/apache_version.rb | 14 - .../puppet/functions/apache/apache_pw_hash.rb | 15 - .../lib/puppet/functions/apache/bool2httpd.rb | 21 - .../apache/validate_apache_log_level.rb | 21 - .../puppet/parser/functions/apache_pw_hash.rb | 15 - .../lib/puppet/parser/functions/bool2httpd.rb | 21 - .../functions/validate_apache_log_level.rb | 23 - .../apache/lib/puppet/provider/a2mod.rb | 36 - .../apache/lib/puppet/provider/a2mod/a2mod.rb | 35 - .../lib/puppet/provider/a2mod/gentoo.rb | 114 - .../lib/puppet/provider/a2mod/modfix.rb | 11 - .../lib/puppet/provider/a2mod/redhat.rb | 60 - .../modules/apache/lib/puppet/type/a2mod.rb | 28 - puppet/modules/apache/locales/config.yaml | 26 - .../apache/locales/ja/puppetlabs-apache.po | 28 - .../apache/locales/puppetlabs-apache.pot | 25 - puppet/modules/apache/manifests/balancer.pp | 107 - .../apache/manifests/balancermember.pp | 52 - .../modules/apache/manifests/confd/no_accf.pp | 10 - .../modules/apache/manifests/custom_config.pp | 67 - .../apache/manifests/default_confd_files.pp | 15 - .../modules/apache/manifests/default_mods.pp | 182 - .../apache/manifests/default_mods/load.pp | 8 - puppet/modules/apache/manifests/dev.pp | 14 - .../apache/manifests/fastcgi/server.pp | 29 - puppet/modules/apache/manifests/init.pp | 417 -- puppet/modules/apache/manifests/listen.pp | 9 - puppet/modules/apache/manifests/mod.pp | 176 - .../modules/apache/manifests/mod/actions.pp | 3 - puppet/modules/apache/manifests/mod/alias.pp | 23 - .../apache/manifests/mod/auth_basic.pp | 3 - .../modules/apache/manifests/mod/auth_cas.pp | 55 - .../apache/manifests/mod/auth_gssapi.pp | 5 - .../modules/apache/manifests/mod/auth_kerb.pp | 7 - .../apache/manifests/mod/auth_mellon.pp | 26 - .../apache/manifests/mod/authn_core.pp | 7 - .../modules/apache/manifests/mod/authn_dbd.pp | 30 - .../apache/manifests/mod/authn_file.pp | 3 - .../apache/manifests/mod/authnz_ldap.pp | 23 - .../apache/manifests/mod/authnz_pam.pp | 4 - .../apache/manifests/mod/authz_default.pp | 9 - .../apache/manifests/mod/authz_user.pp | 3 - .../modules/apache/manifests/mod/autoindex.pp | 14 - puppet/modules/apache/manifests/mod/cache.pp | 3 - puppet/modules/apache/manifests/mod/cgi.pp | 24 - puppet/modules/apache/manifests/mod/cgid.pp | 42 - .../modules/apache/manifests/mod/cluster.pp | 39 - puppet/modules/apache/manifests/mod/data.pp | 10 - puppet/modules/apache/manifests/mod/dav.pp | 3 - puppet/modules/apache/manifests/mod/dav_fs.pp | 22 - .../modules/apache/manifests/mod/dav_svn.pp | 28 - puppet/modules/apache/manifests/mod/dbd.pp | 3 - .../modules/apache/manifests/mod/deflate.pp | 27 - puppet/modules/apache/manifests/mod/dev.pp | 5 - puppet/modules/apache/manifests/mod/dir.pp | 23 - .../apache/manifests/mod/disk_cache.pp | 43 - puppet/modules/apache/manifests/mod/dumpio.pp | 18 - puppet/modules/apache/manifests/mod/env.pp | 3 - puppet/modules/apache/manifests/mod/event.pp | 76 - .../modules/apache/manifests/mod/expires.pp | 22 - .../apache/manifests/mod/ext_filter.pp | 22 - .../modules/apache/manifests/mod/fastcgi.pp | 31 - puppet/modules/apache/manifests/mod/fcgid.pp | 28 - puppet/modules/apache/manifests/mod/filter.pp | 3 - puppet/modules/apache/manifests/mod/geoip.pp | 33 - .../modules/apache/manifests/mod/headers.pp | 3 - puppet/modules/apache/manifests/mod/http2.pp | 38 - .../modules/apache/manifests/mod/include.pp | 3 - puppet/modules/apache/manifests/mod/info.pp | 33 - .../manifests/mod/intercept_form_submit.pp | 4 - puppet/modules/apache/manifests/mod/itk.pp | 97 - puppet/modules/apache/manifests/mod/jk.pp | 148 - puppet/modules/apache/manifests/mod/ldap.pp | 29 - .../apache/manifests/mod/lookup_identity.pp | 4 - puppet/modules/apache/manifests/mod/macro.pp | 4 - puppet/modules/apache/manifests/mod/mime.pp | 25 - .../apache/manifests/mod/mime_magic.pp | 17 - .../apache/manifests/mod/negotiation.pp | 21 - puppet/modules/apache/manifests/mod/nss.pp | 28 - .../modules/apache/manifests/mod/pagespeed.pp | 60 - .../modules/apache/manifests/mod/passenger.pp | 640 -- puppet/modules/apache/manifests/mod/perl.pp | 4 - .../modules/apache/manifests/mod/peruser.pp | 77 - puppet/modules/apache/manifests/mod/php.pp | 102 - .../modules/apache/manifests/mod/prefork.pp | 99 - puppet/modules/apache/manifests/mod/proxy.pp | 24 - .../modules/apache/manifests/mod/proxy_ajp.pp | 4 - .../apache/manifests/mod/proxy_balancer.pp | 29 - .../apache/manifests/mod/proxy_connect.pp | 10 - .../apache/manifests/mod/proxy_fcgi.pp | 4 - .../apache/manifests/mod/proxy_html.pp | 42 - .../apache/manifests/mod/proxy_http.pp | 4 - .../apache/manifests/mod/proxy_wstunnel.pp | 5 - puppet/modules/apache/manifests/mod/python.pp | 10 - .../modules/apache/manifests/mod/remoteip.pp | 111 - .../apache/manifests/mod/reqtimeout.pp | 15 - .../modules/apache/manifests/mod/rewrite.pp | 4 - puppet/modules/apache/manifests/mod/rpaf.pp | 23 - .../modules/apache/manifests/mod/security.pp | 135 - .../modules/apache/manifests/mod/setenvif.pp | 14 - puppet/modules/apache/manifests/mod/shib.pp | 20 - .../apache/manifests/mod/socache_shmcb.pp | 3 - .../modules/apache/manifests/mod/speling.pp | 4 - puppet/modules/apache/manifests/mod/ssl.pp | 120 - puppet/modules/apache/manifests/mod/status.pp | 68 - puppet/modules/apache/manifests/mod/suexec.pp | 3 - puppet/modules/apache/manifests/mod/suphp.pp | 20 - .../modules/apache/manifests/mod/userdir.pp | 40 - .../modules/apache/manifests/mod/version.pp | 10 - .../apache/manifests/mod/vhost_alias.pp | 3 - puppet/modules/apache/manifests/mod/worker.pp | 147 - puppet/modules/apache/manifests/mod/wsgi.pp | 46 - .../modules/apache/manifests/mod/xsendfile.pp | 4 - puppet/modules/apache/manifests/mpm.pp | 159 - .../apache/manifests/namevirtualhost.pp | 9 - puppet/modules/apache/manifests/package.pp | 37 - puppet/modules/apache/manifests/params.pp | 824 --- .../apache/manifests/peruser/multiplexer.pp | 17 - .../apache/manifests/peruser/processor.pp | 17 - puppet/modules/apache/manifests/php.pp | 18 - puppet/modules/apache/manifests/proxy.pp | 15 - puppet/modules/apache/manifests/python.pp | 18 - .../apache/manifests/security/rule_link.pp | 18 - puppet/modules/apache/manifests/service.pp | 51 - puppet/modules/apache/manifests/ssl.pp | 18 - puppet/modules/apache/manifests/version.pp | 55 - puppet/modules/apache/manifests/vhost.pp | 1111 --- .../modules/apache/manifests/vhost/custom.pp | 40 - puppet/modules/apache/manifests/vhosts.pp | 6 - puppet/modules/apache/metadata.json | 86 - puppet/modules/apache/readmes/README_ja_JP.md | 5753 ---------------- .../spec/acceptance/apache_parameters_spec.rb | 616 -- .../apache/spec/acceptance/apache_ssl_spec.rb | 154 - .../apache/spec/acceptance/class_spec.rb | 93 - .../spec/acceptance/custom_config_spec.rb | 91 - .../spec/acceptance/default_mods_spec.rb | 112 - .../apache/spec/acceptance/init_task_spec.rb | 19 - .../apache/spec/acceptance/itk_spec.rb | 52 - .../apache/spec/acceptance/mod_php_spec.rb | 77 - .../spec/acceptance/nodesets/centos-7-x64.yml | 10 - .../spec/acceptance/nodesets/debian-8-x64.yml | 10 - .../spec/acceptance/nodesets/default.yml | 10 - .../acceptance/nodesets/docker/centos-7.yml | 12 - .../acceptance/nodesets/docker/debian-8.yml | 11 - .../nodesets/docker/ubuntu-14.04.yml | 12 - .../apache/spec/acceptance/nodesets/suse.yml | 25 - .../spec/acceptance/prefork_worker_spec.rb | 88 - .../apache/spec/acceptance/service_spec.rb | 18 - .../modules/apache/spec/acceptance/version.rb | 93 - .../apache/spec/acceptance/vhost_spec.rb | 1771 ----- .../apache/spec/acceptance/vhosts_spec.rb | 32 - .../apache/spec/classes/apache_spec.rb | 917 --- .../modules/apache/spec/classes/dev_spec.rb | 34 - .../apache/spec/classes/mod/alias_spec.rb | 97 - .../apache/spec/classes/mod/auth_cas_spec.rb | 91 - .../spec/classes/mod/auth_gssapi_spec.rb | 77 - .../apache/spec/classes/mod/auth_kerb_spec.rb | 106 - .../spec/classes/mod/auth_mellon_spec.rb | 87 - .../apache/spec/classes/mod/authn_dbd_spec.rb | 62 - .../spec/classes/mod/authnz_ldap_spec.rb | 78 - .../spec/classes/mod/authnz_pam_spec.rb | 44 - .../apache/spec/classes/mod/cluster_spec.rb | 102 - .../apache/spec/classes/mod/data_spec.rb | 32 - .../apache/spec/classes/mod/dav_svn_spec.rb | 138 - .../apache/spec/classes/mod/deflate_spec.rb | 127 - .../apache/spec/classes/mod/dev_spec.rb | 34 - .../apache/spec/classes/mod/dir_spec.rb | 139 - .../spec/classes/mod/disk_cache_spec.rb | 167 - .../apache/spec/classes/mod/dumpio_spec.rb | 53 - .../apache/spec/classes/mod/event_spec.rb | 210 - .../apache/spec/classes/mod/expires_spec.rb | 85 - .../spec/classes/mod/ext_filter_spec.rb | 63 - .../apache/spec/classes/mod/fastcgi_spec.rb | 40 - .../apache/spec/classes/mod/fcgid_spec.rb | 140 - .../apache/spec/classes/mod/http2_spec.rb | 98 - .../apache/spec/classes/mod/info_spec.rb | 216 - .../classes/mod/intercept_form_submit_spec.rb | 44 - .../apache/spec/classes/mod/itk_spec.rb | 196 - .../apache/spec/classes/mod/jk_spec.rb | 243 - .../apache/spec/classes/mod/ldap_spec.rb | 96 - .../spec/classes/mod/lookup_identity.rb | 44 - .../spec/classes/mod/mime_magic_spec.rb | 103 - .../apache/spec/classes/mod/mime_spec.rb | 54 - .../spec/classes/mod/negotiation_spec.rb | 51 - .../apache/spec/classes/mod/pagespeed_spec.rb | 57 - .../apache/spec/classes/mod/passenger_spec.rb | 444 -- .../apache/spec/classes/mod/perl_spec.rb | 74 - .../apache/spec/classes/mod/peruser_spec.rb | 44 - .../apache/spec/classes/mod/php_spec.rb | 310 - .../apache/spec/classes/mod/prefork_spec.rb | 138 - .../spec/classes/mod/proxy_balancer_spec.rb | 86 - .../spec/classes/mod/proxy_connect_spec.rb | 63 - .../spec/classes/mod/proxy_html_spec.rb | 108 - .../apache/spec/classes/mod/proxy_wstunnel.rb | 5 - .../apache/spec/classes/mod/python_spec.rb | 84 - .../apache/spec/classes/mod/remoteip_spec.rb | 101 - .../spec/classes/mod/reqtimeout_spec.rb | 154 - .../apache/spec/classes/mod/rpaf_spec.rb | 135 - .../apache/spec/classes/mod/security_spec.rb | 182 - .../apache/spec/classes/mod/shib_spec.rb | 42 - .../apache/spec/classes/mod/speling_spec.rb | 37 - .../apache/spec/classes/mod/ssl_spec.rb | 337 - .../apache/spec/classes/mod/status_spec.rb | 328 - .../apache/spec/classes/mod/suphp_spec.rb | 16 - .../apache/spec/classes/mod/userdir_spec.rb | 59 - .../apache/spec/classes/mod/worker_spec.rb | 187 - .../apache/spec/classes/mod/wsgi_spec.rb | 205 - .../apache/spec/classes/params_spec.rb | 21 - .../apache/spec/classes/service_spec.rb | 173 - .../apache/spec/classes/vhosts_spec.rb | 37 - puppet/modules/apache/spec/default_facts.yml | 7 - .../apache/spec/defines/balancer_spec.rb | 83 - .../spec/defines/balancermember_spec.rb | 63 - .../apache/spec/defines/custom_config_spec.rb | 122 - .../spec/defines/fastcgi_server_spec.rb | 105 - .../modules/apache/spec/defines/mod_spec.rb | 156 - .../apache/spec/defines/modsec_link_spec.rb | 39 - .../apache/spec/defines/vhost_custom_spec.rb | 107 - .../modules/apache/spec/defines/vhost_spec.rb | 2192 ------ .../spec/fixtures/files/negotiation.conf | 4 - .../modules/apache/spec/fixtures/files/spec | 1 - .../site_apache/templates/fake.conf.erb | 1 - .../fixtures/templates/negotiation.conf.erb | 4 - .../spec/functions/apache_pw_hash_spec.rb | 12 - .../apache/spec/functions/bool2httpd_spec.rb | 19 - .../validate_apache_log_level_spec.rb | 12 - puppet/modules/apache/spec/spec_helper.rb | 52 - .../apache/spec/spec_helper_acceptance.rb | 92 - .../modules/apache/spec/spec_helper_local.rb | 36 - .../apache/spec/unit/apache_version_spec.rb | 38 - .../spec/unit/provider/a2mod/gentoo_spec.rb | 176 - .../parser/functions/apache_pw_hash_spec.rb | 32 - .../parser/functions/bool2httpd_spec.rb | 53 - .../functions/validate_apache_log_level.rb | 38 - puppet/modules/apache/tasks/init.json | 14 - puppet/modules/apache/tasks/init.rb | 34 - .../apache/templates/confd/no-accf.conf.erb | 4 - .../apache/templates/fastcgi/server.erb | 22 - .../modules/apache/templates/httpd.conf.erb | 174 - puppet/modules/apache/templates/listen.erb | 6 - .../modules/apache/templates/mod/_allow.erb | 7 - .../modules/apache/templates/mod/_require.erb | 44 - .../apache/templates/mod/alias.conf.erb | 13 - .../apache/templates/mod/auth_cas.conf.erb | 58 - .../apache/templates/mod/auth_mellon.conf.erb | 21 - .../apache/templates/mod/authn_dbd.conf.erb | 17 - .../apache/templates/mod/authnz_ldap.conf.erb | 5 - .../apache/templates/mod/autoindex.conf.erb | 56 - .../apache/templates/mod/cgid.conf.erb | 1 - .../apache/templates/mod/cluster.conf.erb | 26 - .../apache/templates/mod/dav_fs.conf.erb | 1 - .../apache/templates/mod/deflate.conf.erb | 7 - .../modules/apache/templates/mod/dir.conf.erb | 1 - .../apache/templates/mod/disk_cache.conf.erb | 7 - .../apache/templates/mod/dumpio.conf.erb | 3 - .../apache/templates/mod/event.conf.erb | 33 - .../apache/templates/mod/expires.conf.erb | 11 - .../apache/templates/mod/ext_filter.conf.erb | 6 - .../apache/templates/mod/fastcgi.conf.erb | 8 - .../apache/templates/mod/fcgid.conf.erb | 5 - .../apache/templates/mod/geoip.conf.erb | 25 - .../apache/templates/mod/http2.conf.erb | 65 - .../apache/templates/mod/info.conf.erb | 19 - .../modules/apache/templates/mod/itk.conf.erb | 11 - .../modules/apache/templates/mod/jk.conf.erb | 167 - .../mod/jk/uriworkermap.properties.erb | 40 - .../templates/mod/jk/workers.properties.erb | 62 - .../apache/templates/mod/ldap.conf.erb | 32 - puppet/modules/apache/templates/mod/load.erb | 7 - .../apache/templates/mod/mime.conf.erb | 38 - .../apache/templates/mod/mime_magic.conf.erb | 1 - .../apache/templates/mod/mpm_event.conf.erb | 9 - .../apache/templates/mod/negotiation.conf.erb | 2 - .../modules/apache/templates/mod/nss.conf.erb | 228 - .../apache/templates/mod/pagespeed.conf.erb | 102 - .../apache/templates/mod/passenger.conf.erb | 244 - .../apache/templates/mod/peruser.conf.erb | 12 - .../modules/apache/templates/mod/php.conf.erb | 23 - .../apache/templates/mod/prefork.conf.erb | 17 - .../apache/templates/mod/proxy.conf.erb | 29 - .../templates/mod/proxy_balancer.conf.erb | 10 - .../apache/templates/mod/proxy_html.conf.erb | 20 - .../apache/templates/mod/remoteip.conf.epp | 51 - .../apache/templates/mod/reqtimeout.conf.erb | 3 - .../apache/templates/mod/rpaf.conf.erb | 15 - .../apache/templates/mod/security.conf.erb | 80 - .../templates/mod/security_crs.conf.erb | 436 -- .../apache/templates/mod/setenvif.conf.erb | 34 - .../modules/apache/templates/mod/ssl.conf.erb | 50 - .../apache/templates/mod/status.conf.erb | 18 - .../apache/templates/mod/suphp.conf.erb | 19 - .../apache/templates/mod/userdir.conf.erb | 27 - .../apache/templates/mod/worker.conf.erb | 11 - .../apache/templates/mod/wsgi.conf.erb | 22 - .../apache/templates/namevirtualhost.erb | 8 - .../modules/apache/templates/ports_header.erb | 5 - .../apache/templates/vhost/_access_log.erb | 21 - .../apache/templates/vhost/_action.erb | 4 - .../templates/vhost/_additional_includes.erb | 9 - .../apache/templates/vhost/_aliases.erb | 16 - .../vhost/_allow_encoded_slashes.erb | 4 - .../apache/templates/vhost/_auth_cas.erb | 65 - .../apache/templates/vhost/_auth_kerb.erb | 32 - .../modules/apache/templates/vhost/_block.erb | 14 - .../apache/templates/vhost/_charsets.erb | 4 - .../templates/vhost/_custom_fragment.erb | 5 - .../apache/templates/vhost/_directories.erb | 497 -- .../apache/templates/vhost/_docroot.erb | 7 - .../templates/vhost/_error_document.erb | 7 - .../templates/vhost/_fallbackresource.erb | 4 - .../apache/templates/vhost/_fastcgi.erb | 23 - .../apache/templates/vhost/_file_footer.erb | 6 - .../apache/templates/vhost/_file_header.erb | 22 - .../apache/templates/vhost/_filters.erb | 10 - .../apache/templates/vhost/_header.erb | 10 - .../modules/apache/templates/vhost/_http2.erb | 53 - .../vhost/_http_protocol_options.erb | 1 - .../modules/apache/templates/vhost/_itk.erb | 29 - .../apache/templates/vhost/_jk_mounts.erb | 12 - .../templates/vhost/_keepalive_options.erb | 9 - .../apache/templates/vhost/_logging.erb | 10 - .../apache/templates/vhost/_passenger.erb | 132 - .../modules/apache/templates/vhost/_php.erb | 16 - .../apache/templates/vhost/_php_admin.erb | 12 - .../modules/apache/templates/vhost/_proxy.erb | 98 - .../apache/templates/vhost/_redirect.erb | 35 - .../apache/templates/vhost/_requestheader.erb | 10 - .../apache/templates/vhost/_require.erb | 62 - .../apache/templates/vhost/_rewrite.erb | 53 - .../apache/templates/vhost/_scriptalias.erb | 24 - .../apache/templates/vhost/_security.erb | 43 - .../apache/templates/vhost/_serveralias.erb | 7 - .../templates/vhost/_serversignature.erb | 1 - .../apache/templates/vhost/_setenv.erb | 17 - .../modules/apache/templates/vhost/_shib.erb | 4 - .../modules/apache/templates/vhost/_ssl.erb | 55 - .../apache/templates/vhost/_sslproxy.erb | 32 - .../apache/templates/vhost/_suexec.erb | 4 - .../modules/apache/templates/vhost/_suphp.erb | 11 - .../templates/vhost/_use_canonical_name.erb | 4 - .../modules/apache/templates/vhost/_wsgi.erb | 42 - puppet/modules/augeas/CHANGELOG.md | 154 - puppet/modules/augeas/Gemfile | 46 - puppet/modules/augeas/LICENSE | 201 - puppet/modules/augeas/README.md | 83 - puppet/modules/augeas/Rakefile | 17 - puppet/modules/augeas/checksums.json | 57 - .../lib/puppet/parser/functions/augeas.rb | 68 - puppet/modules/augeas/manifests/files.pp | 36 - puppet/modules/augeas/manifests/init.pp | 34 - puppet/modules/augeas/manifests/lens.pp | 105 - puppet/modules/augeas/manifests/packages.pp | 14 - puppet/modules/augeas/manifests/params.pp | 53 - puppet/modules/augeas/metadata.json | 55 - puppet/modules/augeas/spec/.rspec | 6 - .../nodesets/centos-5-x86_64-docker.yml | 15 - .../spec/acceptance/nodesets/centos-5.yml | 16 - .../nodesets/centos-6-x86_64-docker.yml | 15 - .../nodesets/centos-6-x86_64-openstack.yml | 14 - .../nodesets/centos-6-x86_64-vagrant.yml | 11 - .../spec/acceptance/nodesets/centos-6.yml | 17 - .../nodesets/centos-7-x86_64-docker.yml | 15 - .../nodesets/centos-7-x86_64-openstack.yml | 14 - .../nodesets/centos-7-x86_64-vagrant.yml | 11 - .../spec/acceptance/nodesets/centos-7.yml | 15 - .../nodesets/debian-6-x86_64-docker.yml | 15 - .../nodesets/debian-6-x86_64-openstack.yml | 14 - .../nodesets/debian-6-x86_64-vagrant.yml | 11 - .../spec/acceptance/nodesets/debian-6.yml | 15 - .../nodesets/debian-7-x86_64-docker.yml | 15 - .../nodesets/debian-7-x86_64-openstack.yml | 14 - .../nodesets/debian-7-x86_64-vagrant.yml | 11 - .../spec/acceptance/nodesets/debian-7.yml | 15 - .../nodesets/debian-8-x86_64-docker.yml | 15 - .../nodesets/debian-8-x86_64-openstack.yml | 14 - .../nodesets/debian-8-x86_64-vagrant.yml | 11 - .../spec/acceptance/nodesets/debian-8.yml | 16 - .../nodesets/ubuntu-10.04-x86_64-docker.yml | 13 - .../nodesets/ubuntu-12.04-x86_64-docker.yml | 15 - .../ubuntu-12.04-x86_64-openstack.yml | 14 - .../spec/acceptance/nodesets/ubuntu-12.04.yml | 16 - .../nodesets/ubuntu-14.04-x86_64-docker.yml | 15 - .../ubuntu-14.04-x86_64-openstack.yml | 14 - .../nodesets/ubuntu-14.04-x86_64-vagrant.yml | 11 - .../spec/acceptance/nodesets/ubuntu-14.04.yml | 18 - .../nodesets/ubuntu-14.10-x86_64-docker.yml | 15 - .../ubuntu-14.10-x86_64-openstack.yml | 14 - .../spec/acceptance/nodesets/ubuntu-14.10.yml | 18 - .../nodesets/ubuntu-15.04-x86_64-docker.yml | 15 - .../ubuntu-15.04-x86_64-openstack.yml | 14 - .../spec/acceptance/nodesets/ubuntu-15.04.yml | 16 - .../spec/acceptance/nodesets/ubuntu-15.10.yml | 16 - .../spec/acceptance/nodesets/ubuntu-16.04.yml | 16 - .../augeas/spec/classes/augeas_spec.rb | 206 - .../augeas/spec/defines/augeas_lens_spec.rb | 93 - puppet/modules/augeas/spec/spec.opts | 6 - puppet/modules/augeas/spec/spec_helper.rb | 42 - .../puppet/parser/functions/augeas_spec.rb | 83 - puppet/modules/concat/CHANGELOG.md | 469 -- puppet/modules/concat/CONTRIBUTING.md | 271 - puppet/modules/concat/Gemfile | 77 - puppet/modules/concat/HISTORY.md | 405 -- puppet/modules/concat/LICENSE | 202 - puppet/modules/concat/MAINTAINERS.md | 6 - puppet/modules/concat/NOTICE | 15 - puppet/modules/concat/README.md | 160 - puppet/modules/concat/REFERENCE.md | 443 -- puppet/modules/concat/Rakefile | 77 - puppet/modules/concat/appveyor.yml | 55 - puppet/modules/concat/checksums.json | 60 - puppet/modules/concat/examples/format.pp | 13 - puppet/modules/concat/examples/fragment.pp | 20 - puppet/modules/concat/examples/init.pp | 6 - .../concat/lib/puppet/type/concat_file.rb | 361 - .../concat/lib/puppet/type/concat_fragment.rb | 95 - puppet/modules/concat/locales/config.yaml | 26 - .../concat/locales/ja/puppetlabs-concat.po | 110 - .../concat/locales/puppetlabs-concat.pot | 127 - puppet/modules/concat/manifests/fragment.pp | 45 - puppet/modules/concat/manifests/init.pp | 160 - puppet/modules/concat/metadata.json | 114 - puppet/modules/concat/readmes/README_ja_JP.md | 160 - .../concat/spec/acceptance/backup_spec.rb | 79 - .../concat/spec/acceptance/concat_spec.rb | 151 - .../spec/acceptance/concurrency_spec.rb | 35 - .../concat/spec/acceptance/force_spec.rb | 120 - .../concat/spec/acceptance/format_spec.rb | 214 - .../spec/acceptance/fragment_order_spec.rb | 98 - .../spec/acceptance/fragment_source_spec.rb | 143 - .../fragments_are_always_replaced_spec.rb | 101 - .../concat/spec/acceptance/locales_spec.rb | 63 - .../concat/spec/acceptance/newline_spec.rb | 54 - .../spec/acceptance/nodesets/centos-7-x64.yml | 10 - .../spec/acceptance/nodesets/debian-8-x64.yml | 10 - .../spec/acceptance/nodesets/debian-9-x64.yml | 20 - .../spec/acceptance/nodesets/default.yml | 18 - .../acceptance/nodesets/docker/centos-7.yml | 12 - .../acceptance/nodesets/docker/debian-8.yml | 11 - .../nodesets/docker/ubuntu-14.04.yml | 12 - .../concat/spec/acceptance/noop_spec.rb | 26 - .../concat/spec/acceptance/order_spec.rb | 66 - .../concat/spec/acceptance/pup_1963_spec.rb | 70 - .../spec/acceptance/quoted_paths_spec.rb | 36 - .../concat/spec/acceptance/replace_spec.rb | 214 - .../concat/spec/acceptance/specinfra_stubs.rb | 19 - .../spec/acceptance/symbolic_name_spec.rb | 34 - .../concat/spec/acceptance/validation_spec.rb | 27 - .../spec/acceptance/warn_header_spec.rb | 97 - .../concat/spec/acceptance/warnings_spec.rb | 26 - puppet/modules/concat/spec/default_facts.yml | 7 - .../spec/defines/concat_fragment_spec.rb | 156 - .../concat/spec/defines/concat_spec.rb | 402 -- puppet/modules/concat/spec/spec_helper.rb | 52 - .../concat/spec/spec_helper_acceptance.rb | 76 - .../modules/concat/spec/spec_helper_local.rb | 75 - .../concat/spec/unit/type/concat_file_spec.rb | 150 - .../spec/unit/type/concat_fragment_spec.rb | 111 - puppet/modules/cpanm/Gemfile | 18 - puppet/modules/cpanm/Gemfile.lock | 89 - puppet/modules/cpanm/README.md | 109 - puppet/modules/cpanm/Rakefile | 32 - puppet/modules/cpanm/checksums.json | 17 - puppet/modules/cpanm/examples/init.pp | 12 - puppet/modules/cpanm/examples/installcheck.pp | 59 - puppet/modules/cpanm/examples/latestcheck.pp | 59 - puppet/modules/cpanm/examples/removecheck.pp | 49 - puppet/modules/cpanm/files/cpanm | 1075 --- .../lib/puppet/provider/cpanm/default.rb | 88 - puppet/modules/cpanm/lib/puppet/type/cpanm.rb | 66 - puppet/modules/cpanm/manifests/init.pp | 60 - puppet/modules/cpanm/metadata.json | 30 - .../modules/cpanm/spec/classes/init_spec.rb | 51 - puppet/modules/cpanm/spec/spec_helper.rb | 1 - puppet/modules/dw_dev/LICENSE | 202 - puppet/modules/mailalias_core/CHANGELOG.md | 46 - puppet/modules/mailalias_core/Gemfile | 81 - puppet/modules/mailalias_core/LICENSE | 201 - puppet/modules/mailalias_core/README.md | 93 - puppet/modules/mailalias_core/Rakefile | 77 - puppet/modules/mailalias_core/appveyor.yml | 63 - puppet/modules/mailalias_core/checksums.json | 27 - .../lib/puppet/provider/mailalias/aliases.rb | 52 - .../lib/puppet/type/mailalias.rb | 60 - .../mailalias_core/locales/config.yaml | 24 - .../locales/puppetlabs-mailalias_core.pot | 28 - puppet/modules/mailalias_core/metadata.json | 85 - .../spec/acceptance/nodesets/default.yml | 19 - .../spec/acceptance/tests/create_spec.rb | 31 - .../spec/acceptance/tests/destroy_spec.rb | 41 - .../spec/acceptance/tests/modify_spec.rb | 41 - .../spec/acceptance/tests/query_spec.rb | 35 - .../mailalias_core/spec/default_facts.yml | 7 - .../provider/mailalias/aliases/test1 | 31 - .../provider/mailalias/aliases_spec.rb | 9 - .../spec/lib/puppet_spec/files.rb | 123 - .../all_parsedfile_providers.rb | 21 - .../mailalias_core/spec/spec_helper.rb | 48 - .../spec/spec_helper_acceptance.rb | 24 - .../mailalias_core/spec/spec_helper_local.rb | 13 - .../spec/unit/type/mailalias_spec.rb | 54 - puppet/modules/mysql/CHANGELOG.md | 1010 --- puppet/modules/mysql/CONTRIBUTING.md | 271 - puppet/modules/mysql/Gemfile | 78 - puppet/modules/mysql/HISTORY.md | 894 --- puppet/modules/mysql/LICENSE | 202 - puppet/modules/mysql/MAINTAINERS.md | 6 - puppet/modules/mysql/NOTICE | 15 - puppet/modules/mysql/README.md | 542 -- puppet/modules/mysql/REFERENCE.md | 1325 ---- puppet/modules/mysql/Rakefile | 77 - puppet/modules/mysql/TODO | 8 - puppet/modules/mysql/checksums.json | 129 - puppet/modules/mysql/examples/backup.pp | 9 - puppet/modules/mysql/examples/bindings.pp | 3 - puppet/modules/mysql/examples/java.pp | 1 - .../modules/mysql/examples/mysql_database.pp | 17 - puppet/modules/mysql/examples/mysql_db.pp | 17 - puppet/modules/mysql/examples/mysql_grant.pp | 5 - puppet/modules/mysql/examples/mysql_plugin.pp | 23 - puppet/modules/mysql/examples/mysql_user.pp | 32 - puppet/modules/mysql/examples/perl.pp | 1 - puppet/modules/mysql/examples/python.pp | 1 - puppet/modules/mysql/examples/ruby.pp | 1 - puppet/modules/mysql/examples/server.pp | 3 - .../mysql/examples/server/account_security.pp | 4 - .../modules/mysql/examples/server/config.pp | 3 - .../mysql/lib/facter/mysql_server_id.rb | 13 - .../modules/mysql/lib/facter/mysql_version.rb | 6 - .../mysql/lib/facter/mysqld_version.rb | 5 - .../lib/puppet/functions/mysql/password.rb | 22 - .../lib/puppet/functions/mysql/strip_hash.rb | 22 - .../puppet/parser/functions/mysql_password.rb | 21 - .../mysql/lib/puppet/provider/mysql.rb | 161 - .../puppet/provider/mysql_database/mysql.rb | 65 - .../puppet/provider/mysql_datadir/mysql.rb | 92 - .../lib/puppet/provider/mysql_grant/mysql.rb | 176 - .../lib/puppet/provider/mysql_plugin/mysql.rb | 51 - .../lib/puppet/provider/mysql_user/mysql.rb | 220 - .../mysql/lib/puppet/type/mysql_database.rb | 29 - .../mysql/lib/puppet/type/mysql_datadir.rb | 39 - .../mysql/lib/puppet/type/mysql_grant.rb | 119 - .../mysql/lib/puppet/type/mysql_plugin.rb | 25 - .../mysql/lib/puppet/type/mysql_user.rb | 118 - puppet/modules/mysql/locales/config.yaml | 26 - .../mysql/locales/ja/puppetlabs-mysql.po | 190 - .../mysql/locales/puppetlabs-mysql.pot | 176 - .../mysql/manifests/backup/mysqlbackup.pp | 112 - .../mysql/manifests/backup/mysqldump.pp | 81 - .../mysql/manifests/backup/xtrabackup.pp | 86 - puppet/modules/mysql/manifests/bindings.pp | 131 - .../mysql/manifests/bindings/client_dev.pp | 19 - .../mysql/manifests/bindings/daemon_dev.pp | 19 - .../modules/mysql/manifests/bindings/java.pp | 15 - .../modules/mysql/manifests/bindings/perl.pp | 15 - .../modules/mysql/manifests/bindings/php.pp | 15 - .../mysql/manifests/bindings/python.pp | 15 - .../modules/mysql/manifests/bindings/ruby.pp | 15 - puppet/modules/mysql/manifests/client.pp | 47 - .../modules/mysql/manifests/client/install.pp | 18 - puppet/modules/mysql/manifests/db.pp | 109 - puppet/modules/mysql/manifests/params.pp | 519 -- puppet/modules/mysql/manifests/server.pp | 156 - .../manifests/server/account_security.pp | 43 - .../modules/mysql/manifests/server/backup.pp | 123 - .../mysql/manifests/server/binarylog.pp | 26 - .../modules/mysql/manifests/server/config.pp | 67 - .../modules/mysql/manifests/server/install.pp | 17 - .../mysql/manifests/server/installdb.pp | 50 - .../modules/mysql/manifests/server/monitor.pp | 33 - .../mysql/manifests/server/mysqltuner.pp | 28 - .../mysql/manifests/server/providers.pp | 10 - .../mysql/manifests/server/root_password.pp | 58 - .../modules/mysql/manifests/server/service.pp | 66 - puppet/modules/mysql/metadata.json | 87 - puppet/modules/mysql/readmes/README_ja_JP.md | 543 -- .../modules/mysql/readmes/REFERENCE_ja_JP.md | 1269 ---- .../mysql/spec/acceptance/locales_spec.rb | 111 - .../spec/acceptance/mysql_backup_spec.rb | 154 - .../mysql/spec/acceptance/mysql_db_spec.rb | 28 - .../mysql/spec/acceptance/mysql_helper.rb | 8 - .../spec/acceptance/mysql_server_spec.rb | 60 - .../spec/acceptance/nodesets/centos-7-x64.yml | 10 - .../spec/acceptance/nodesets/debian-8-x64.yml | 10 - .../spec/acceptance/nodesets/default.yml | 10 - .../acceptance/nodesets/docker/centos-7.yml | 12 - .../acceptance/nodesets/docker/debian-8.yml | 11 - .../nodesets/docker/ubuntu-14.04.yml | 12 - .../mysql/spec/acceptance/sql_task_spec.rb | 23 - .../acceptance/types/mysql_database_spec.rb | 72 - .../spec/acceptance/types/mysql_grant_spec.rb | 748 -- .../acceptance/types/mysql_plugin_spec.rb | 67 - .../spec/acceptance/types/mysql_user_spec.rb | 238 - .../spec/classes/graceful_failures_spec.rb | 16 - .../mysql/spec/classes/mycnf_template_spec.rb | 85 - .../mysql/spec/classes/mysql_bindings_spec.rb | 33 - .../mysql/spec/classes/mysql_client_spec.rb | 35 - .../mysql_server_account_security_spec.rb | 83 - .../spec/classes/mysql_server_backup_spec.rb | 417 -- .../spec/classes/mysql_server_monitor_spec.rb | 36 - .../classes/mysql_server_mysqltuner_spec.rb | 35 - .../mysql/spec/classes/mysql_server_spec.rb | 256 - puppet/modules/mysql/spec/default_facts.yml | 7 - .../mysql/spec/defines/mysql_db_spec.rb | 82 - .../spec/functions/mysql_password_spec.rb | 31 - .../spec/functions/mysql_strip_hash_spec.rb | 27 - puppet/modules/mysql/spec/spec_helper.rb | 48 - .../mysql/spec/spec_helper_acceptance.rb | 73 - .../modules/mysql/spec/spec_helper_local.rb | 31 - .../spec/unit/facter/mysql_server_id_spec.rb | 36 - .../spec/unit/facter/mysql_version_spec.rb | 18 - .../spec/unit/facter/mysqld_version_spec.rb | 18 - .../puppet/functions/mysql_password_spec.rb | 36 - .../provider/mysql_database/mysql_spec.rb | 112 - .../provider/mysql_plugin/mysql_spec.rb | 68 - .../puppet/provider/mysql_user/mysql_spec.rb | 394 -- .../unit/puppet/type/mysql_database_spec.rb | 25 - .../spec/unit/puppet/type/mysql_grant_spec.rb | 102 - .../unit/puppet/type/mysql_plugin_spec.rb | 20 - .../spec/unit/puppet/type/mysql_user_spec.rb | 136 - puppet/modules/mysql/tasks/export.json | 22 - puppet/modules/mysql/tasks/export.rb | 30 - puppet/modules/mysql/tasks/sql.json | 22 - puppet/modules/mysql/tasks/sql.rb | 29 - puppet/modules/mysql/templates/meb.cnf.erb | 18 - puppet/modules/mysql/templates/my.cnf.erb | 24 - .../modules/mysql/templates/my.cnf.pass.erb | 11 - .../mysql/templates/mysqlbackup.sh.erb | 125 - .../modules/mysql/templates/xtrabackup.sh.erb | 71 - puppet/modules/postfix/CHANGELOG.md | 160 - puppet/modules/postfix/CONTRIBUTING.md | 8 - puppet/modules/postfix/Gemfile | 46 - puppet/modules/postfix/LICENSE | 201 - puppet/modules/postfix/README.md | 418 -- puppet/modules/postfix/Rakefile | 17 - puppet/modules/postfix/checksums.json | 74 - .../files/lenses/postfix_canonical.aug | 54 - .../files/lenses/postfix_transport.aug | 51 - .../postfix/files/lenses/postfix_virtual.aug | 56 - .../files/lenses/test_postfix_canonical.aug | 26 - .../files/lenses/test_postfix_transport.aug | 53 - .../files/lenses/test_postfix_virtual.aug | 53 - puppet/modules/postfix/files/main.cf | 1 - puppet/modules/postfix/manifests/augeas.pp | 24 - puppet/modules/postfix/manifests/canonical.pp | 67 - puppet/modules/postfix/manifests/conffile.pp | 94 - puppet/modules/postfix/manifests/config.pp | 68 - puppet/modules/postfix/manifests/files.pp | 111 - puppet/modules/postfix/manifests/hash.pp | 55 - puppet/modules/postfix/manifests/init.pp | 167 - puppet/modules/postfix/manifests/ldap.pp | 48 - puppet/modules/postfix/manifests/mailalias.pp | 37 - puppet/modules/postfix/manifests/mailman.pp | 33 - puppet/modules/postfix/manifests/map.pp | 89 - puppet/modules/postfix/manifests/mta.pp | 62 - puppet/modules/postfix/manifests/packages.pp | 14 - puppet/modules/postfix/manifests/params.pp | 73 - puppet/modules/postfix/manifests/satellite.pp | 43 - puppet/modules/postfix/manifests/service.pp | 27 - puppet/modules/postfix/manifests/transport.pp | 89 - puppet/modules/postfix/manifests/virtual.pp | 80 - puppet/modules/postfix/metadata.json | 63 - puppet/modules/postfix/spec/.rspec | 6 - .../spec/acceptance/nodesets/centos-5.yml | 16 - .../spec/acceptance/nodesets/centos-6.yml | 17 - .../spec/acceptance/nodesets/centos-7.yml | 15 - .../spec/acceptance/nodesets/debian-6.yml | 15 - .../spec/acceptance/nodesets/debian-7.yml | 15 - .../spec/acceptance/nodesets/debian-8.yml | 16 - .../spec/acceptance/nodesets/debian-9.yml | 15 - .../spec/acceptance/nodesets/ubuntu-12.04.yml | 16 - .../spec/acceptance/nodesets/ubuntu-14.04.yml | 18 - .../spec/acceptance/nodesets/ubuntu-14.10.yml | 18 - .../spec/acceptance/nodesets/ubuntu-15.04.yml | 16 - .../spec/acceptance/nodesets/ubuntu-15.10.yml | 16 - .../spec/acceptance/nodesets/ubuntu-16.04.yml | 16 - .../postfix/spec/acceptance/postfix_spec.rb | 43 - .../spec/classes/postfix_augeas_spec.rb | 34 - .../spec/classes/postfix_mailman_spec.rb | 18 - .../postfix/spec/classes/postfix_mta_spec.rb | 36 - .../spec/classes/postfix_satellite_spec.rb | 30 - .../postfix/spec/classes/postfix_spec.rb | 319 - .../spec/defines/postfix_conffile_spec.rb | 141 - .../spec/defines/postfix_config_spec.rb | 99 - .../postfix/spec/defines/postfix_hash_spec.rb | 109 - .../postfix/spec/defines/postfix_map_spec.rb | 118 - .../spec/defines/postfix_transport_spec.rb | 146 - .../spec/defines/postfix_virtual_spec.rb | 164 - puppet/modules/postfix/spec/spec.opts | 6 - puppet/modules/postfix/spec/spec_helper.rb | 42 - .../postfix/spec/spec_helper_acceptance.rb | 19 - puppet/modules/postfix/templates/conffile.erb | 9 - .../postfix/templates/master.cf.SLES11.2.erb | 80 - .../postfix/templates/master.cf.SLES11.3.erb | 84 - .../postfix/templates/master.cf.SLES11.4.erb | 82 - .../postfix/templates/master.cf.SLES12.2.erb | 176 - .../postfix/templates/master.cf.SLES12.3.erb | 176 - .../postfix/templates/master.cf.common.erb | 41 - .../postfix/templates/master.cf.debian.erb | 88 - .../postfix/templates/master.cf.redhat.erb | 94 - .../postfix/templates/master.cf.sles.erb | 178 - .../templates/postfix-ldap-aliases.cf.erb | 6 - puppet/modules/postfix/tests/init.pp | 1 - puppet/modules/stdlib/CHANGELOG.md | 1100 --- puppet/modules/stdlib/CONTRIBUTING.md | 271 - puppet/modules/stdlib/Gemfile | 76 - puppet/modules/stdlib/HISTORY.md | 1067 --- puppet/modules/stdlib/LICENSE | 202 - puppet/modules/stdlib/MAINTAINERS.md | 6 - puppet/modules/stdlib/NOTICE | 23 - puppet/modules/stdlib/README.md | 3144 --------- .../modules/stdlib/README_DEVELOPER.markdown | 35 - puppet/modules/stdlib/README_SPECS.markdown | 7 - .../modules/stdlib/RELEASE_PROCESS.markdown | 24 - puppet/modules/stdlib/Rakefile | 77 - puppet/modules/stdlib/appveyor.yml | 55 - puppet/modules/stdlib/checksums.json | 570 -- puppet/modules/stdlib/examples/file_line.pp | 9 - .../stdlib/examples/has_interface_with.pp | 9 - .../modules/stdlib/examples/has_ip_address.pp | 3 - .../modules/stdlib/examples/has_ip_network.pp | 3 - puppet/modules/stdlib/examples/init.pp | 1 - .../modules/stdlib/lib/facter/facter_dot_d.rb | 194 - .../stdlib/lib/facter/package_provider.rb | 21 - .../modules/stdlib/lib/facter/pe_version.rb | 61 - .../stdlib/lib/facter/puppet_settings.rb | 42 - puppet/modules/stdlib/lib/facter/root_home.rb | 44 - .../stdlib/lib/facter/service_provider.rb | 17 - .../stdlib/lib/facter/util/puppet_settings.rb | 16 - .../lib/puppet/functions/deprecation.rb | 32 - .../stdlib/lib/puppet/functions/fact.rb | 57 - .../stdlib/lib/puppet/functions/is_a.rb | 32 - .../lib/puppet/functions/is_absolute_path.rb | 17 - .../stdlib/lib/puppet/functions/is_array.rb | 17 - .../stdlib/lib/puppet/functions/is_bool.rb | 17 - .../stdlib/lib/puppet/functions/is_float.rb | 17 - .../lib/puppet/functions/is_ip_address.rb | 17 - .../lib/puppet/functions/is_ipv4_address.rb | 17 - .../lib/puppet/functions/is_ipv6_address.rb | 17 - .../stdlib/lib/puppet/functions/is_numeric.rb | 17 - .../stdlib/lib/puppet/functions/is_string.rb | 17 - .../stdlib/lib/puppet/functions/length.rb | 19 - .../lib/puppet/functions/os_version_gte.rb | 20 - .../puppet/functions/seeded_rand_string.rb | 29 - .../lib/puppet/functions/sprintf_hash.rb | 34 - .../lib/puppet/functions/stdlib/extname.rb | 26 - .../stdlib/lib/puppet/functions/to_json.rb | 21 - .../lib/puppet/functions/to_json_pretty.rb | 38 - .../stdlib/lib/puppet/functions/to_yaml.rb | 21 - .../stdlib/lib/puppet/functions/type_of.rb | 19 - .../functions/validate_absolute_path.rb | 18 - .../lib/puppet/functions/validate_array.rb | 18 - .../lib/puppet/functions/validate_bool.rb | 18 - .../lib/puppet/functions/validate_hash.rb | 18 - .../lib/puppet/functions/validate_integer.rb | 18 - .../puppet/functions/validate_ip_address.rb | 18 - .../puppet/functions/validate_ipv4_address.rb | 18 - .../puppet/functions/validate_ipv6_address.rb | 18 - .../lib/puppet/functions/validate_legacy.rb | 62 - .../lib/puppet/functions/validate_numeric.rb | 18 - .../lib/puppet/functions/validate_re.rb | 18 - .../lib/puppet/functions/validate_slength.rb | 18 - .../lib/puppet/functions/validate_string.rb | 18 - .../stdlib/lib/puppet/parser/functions/abs.rb | 36 - .../lib/puppet/parser/functions/any2array.rb | 47 - .../lib/puppet/parser/functions/any2bool.rb | 56 - .../puppet/parser/functions/assert_private.rb | 27 - .../lib/puppet/parser/functions/base64.rb | 76 - .../lib/puppet/parser/functions/basename.rb | 24 - .../lib/puppet/parser/functions/bool2num.rb | 34 - .../lib/puppet/parser/functions/bool2str.rb | 54 - .../lib/puppet/parser/functions/camelcase.rb | 34 - .../lib/puppet/parser/functions/capitalize.rb | 32 - .../lib/puppet/parser/functions/ceiling.rb | 28 - .../lib/puppet/parser/functions/chomp.rb | 34 - .../lib/puppet/parser/functions/chop.rb | 36 - .../lib/puppet/parser/functions/clamp.rb | 31 - .../lib/puppet/parser/functions/concat.rb | 43 - .../puppet/parser/functions/convert_base.rb | 41 - .../lib/puppet/parser/functions/count.rb | 36 - .../lib/puppet/parser/functions/deep_merge.rb | 47 - .../parser/functions/defined_with_params.rb | 57 - .../lib/puppet/parser/functions/delete.rb | 58 - .../lib/puppet/parser/functions/delete_at.rb | 56 - .../puppet/parser/functions/delete_regex.rb | 49 - .../parser/functions/delete_undef_values.rb | 40 - .../puppet/parser/functions/delete_values.rb | 31 - .../puppet/parser/functions/deprecation.rb | 19 - .../lib/puppet/parser/functions/difference.rb | 40 - .../stdlib/lib/puppet/parser/functions/dig.rb | 15 - .../lib/puppet/parser/functions/dig44.rb | 65 - .../lib/puppet/parser/functions/dirname.rb | 28 - .../lib/puppet/parser/functions/dos2unix.rb | 15 - .../lib/puppet/parser/functions/downcase.rb | 33 - .../lib/puppet/parser/functions/empty.rb | 26 - .../puppet/parser/functions/enclose_ipv6.rb | 41 - .../parser/functions/ensure_packages.rb | 48 - .../parser/functions/ensure_resource.rb | 46 - .../parser/functions/ensure_resources.rb | 50 - .../lib/puppet/parser/functions/flatten.rb | 34 - .../lib/puppet/parser/functions/floor.rb | 28 - .../parser/functions/fqdn_rand_string.rb | 35 - .../puppet/parser/functions/fqdn_rotate.rb | 59 - .../lib/puppet/parser/functions/fqdn_uuid.rb | 86 - .../parser/functions/get_module_path.rb | 21 - .../lib/puppet/parser/functions/getparam.rb | 54 - .../lib/puppet/parser/functions/getvar.rb | 41 - .../lib/puppet/parser/functions/glob.rb | 25 - .../lib/puppet/parser/functions/grep.rb | 34 - .../parser/functions/has_interface_with.rb | 69 - .../puppet/parser/functions/has_ip_address.rb | 22 - .../puppet/parser/functions/has_ip_network.rb | 22 - .../lib/puppet/parser/functions/has_key.rb | 34 - .../lib/puppet/parser/functions/hash.rb | 45 - .../puppet/parser/functions/intersection.rb | 31 - .../parser/functions/is_absolute_path.rb | 54 - .../lib/puppet/parser/functions/is_array.rb | 21 - .../lib/puppet/parser/functions/is_bool.rb | 21 - .../puppet/parser/functions/is_domain_name.rb | 51 - .../parser/functions/is_email_address.rb | 19 - .../lib/puppet/parser/functions/is_float.rb | 27 - .../parser/functions/is_function_available.rb | 24 - .../lib/puppet/parser/functions/is_hash.rb | 20 - .../lib/puppet/parser/functions/is_integer.rb | 43 - .../puppet/parser/functions/is_ip_address.rb | 30 - .../parser/functions/is_ipv4_address.rb | 29 - .../parser/functions/is_ipv6_address.rb | 29 - .../puppet/parser/functions/is_mac_address.rb | 22 - .../lib/puppet/parser/functions/is_numeric.rb | 74 - .../lib/puppet/parser/functions/is_string.rb | 28 - .../lib/puppet/parser/functions/join.rb | 42 - .../parser/functions/join_keys_to_values.rb | 58 - .../lib/puppet/parser/functions/keys.rb | 27 - .../parser/functions/load_module_metadata.rb | 25 - .../lib/puppet/parser/functions/loadjson.rb | 58 - .../lib/puppet/parser/functions/loadyaml.rb | 57 - .../lib/puppet/parser/functions/lstrip.rb | 32 - .../stdlib/lib/puppet/parser/functions/max.rb | 26 - .../lib/puppet/parser/functions/member.rb | 70 - .../lib/puppet/parser/functions/merge.rb | 40 - .../stdlib/lib/puppet/parser/functions/min.rb | 26 - .../lib/puppet/parser/functions/num2bool.rb | 47 - .../lib/puppet/parser/functions/parsejson.rb | 24 - .../lib/puppet/parser/functions/parseyaml.rb | 28 - .../lib/puppet/parser/functions/pick.rb | 26 - .../puppet/parser/functions/pick_default.rb | 35 - .../lib/puppet/parser/functions/prefix.rb | 55 - .../lib/puppet/parser/functions/private.rb | 16 - .../stdlib/lib/puppet/parser/functions/pry.rb | 29 - .../lib/puppet/parser/functions/pw_hash.rb | 62 - .../lib/puppet/parser/functions/range.rb | 89 - .../puppet/parser/functions/regexpescape.rb | 29 - .../lib/puppet/parser/functions/reject.rb | 35 - .../lib/puppet/parser/functions/reverse.rb | 26 - .../lib/puppet/parser/functions/round.rb | 34 - .../lib/puppet/parser/functions/rstrip.rb | 31 - .../puppet/parser/functions/seeded_rand.rb | 24 - .../puppet/parser/functions/shell_escape.rb | 27 - .../lib/puppet/parser/functions/shell_join.rb | 29 - .../puppet/parser/functions/shell_split.rb | 23 - .../lib/puppet/parser/functions/shuffle.rb | 42 - .../lib/puppet/parser/functions/size.rb | 47 - .../lib/puppet/parser/functions/sort.rb | 27 - .../lib/puppet/parser/functions/squeeze.rb | 31 - .../lib/puppet/parser/functions/str2bool.rb | 46 - .../parser/functions/str2saltedsha512.rb | 30 - .../lib/puppet/parser/functions/strftime.rb | 108 - .../lib/puppet/parser/functions/strip.rb | 38 - .../lib/puppet/parser/functions/suffix.rb | 57 - .../lib/puppet/parser/functions/swapcase.rb | 36 - .../lib/puppet/parser/functions/time.rb | 55 - .../lib/puppet/parser/functions/to_bytes.rb | 33 - .../puppet/parser/functions/try_get_value.rb | 56 - .../lib/puppet/parser/functions/type.rb | 18 - .../lib/puppet/parser/functions/type3x.rb | 49 - .../lib/puppet/parser/functions/union.rb | 27 - .../lib/puppet/parser/functions/unique.rb | 51 - .../lib/puppet/parser/functions/unix2dos.rb | 15 - .../lib/puppet/parser/functions/upcase.rb | 46 - .../lib/puppet/parser/functions/uriescape.rb | 32 - .../functions/validate_absolute_path.rb | 54 - .../puppet/parser/functions/validate_array.rb | 36 - .../parser/functions/validate_augeas.rb | 86 - .../puppet/parser/functions/validate_bool.rb | 34 - .../puppet/parser/functions/validate_cmd.rb | 66 - .../parser/functions/validate_domain_name.rb | 42 - .../functions/validate_email_address.rb | 34 - .../puppet/parser/functions/validate_hash.rb | 36 - .../parser/functions/validate_integer.rb | 137 - .../parser/functions/validate_ip_address.rb | 53 - .../parser/functions/validate_ipv4_address.rb | 51 - .../parser/functions/validate_ipv6_address.rb | 52 - .../parser/functions/validate_numeric.rb | 99 - .../puppet/parser/functions/validate_re.rb | 53 - .../parser/functions/validate_slength.rb | 71 - .../parser/functions/validate_string.rb | 42 - .../functions/validate_x509_rsa_key_pair.rb | 48 - .../lib/puppet/parser/functions/values.rb | 40 - .../lib/puppet/parser/functions/values_at.rb | 96 - .../stdlib/lib/puppet/parser/functions/zip.rb | 37 - .../lib/puppet/provider/file_line/ruby.rb | 171 - .../modules/stdlib/lib/puppet/type/anchor.rb | 46 - .../stdlib/lib/puppet/type/file_line.rb | 192 - puppet/modules/stdlib/locales/config.yaml | 26 - .../stdlib/locales/ja/puppetlabs-stdlib.po | 26 - .../stdlib/locales/puppetlabs-stdlib.pot | 23 - puppet/modules/stdlib/manifests/init.pp | 18 - puppet/modules/stdlib/manifests/stages.pp | 43 - puppet/modules/stdlib/metadata.json | 108 - puppet/modules/stdlib/readmes/README_ja_JP.md | 3135 --------- .../stdlib/spec/acceptance/abs_spec.rb | 27 - .../stdlib/spec/acceptance/anchor_spec.rb | 25 - .../stdlib/spec/acceptance/any2array_spec.rb | 45 - .../stdlib/spec/acceptance/base64_spec.rb | 16 - .../stdlib/spec/acceptance/bool2num_spec.rb | 31 - .../stdlib/spec/acceptance/build_csv.rb | 89 - .../stdlib/spec/acceptance/capitalize_spec.rb | 30 - .../stdlib/spec/acceptance/ceiling_spec.rb | 37 - .../stdlib/spec/acceptance/chomp_spec.rb | 19 - .../stdlib/spec/acceptance/chop_spec.rb | 41 - .../stdlib/spec/acceptance/clamp_spec.rb | 38 - .../stdlib/spec/acceptance/concat_spec.rb | 52 - .../stdlib/spec/acceptance/count_spec.rb | 27 - .../stdlib/spec/acceptance/deep_merge_spec.rb | 18 - .../acceptance/defined_with_params_spec.rb | 39 - .../stdlib/spec/acceptance/delete_at_spec.rb | 17 - .../stdlib/spec/acceptance/delete_spec.rb | 17 - .../acceptance/delete_undef_values_spec.rb | 17 - .../spec/acceptance/delete_values_spec.rb | 23 - .../spec/acceptance/deprecation_spec.rb | 92 - .../stdlib/spec/acceptance/difference_spec.rb | 24 - .../stdlib/spec/acceptance/dirname_spec.rb | 39 - .../stdlib/spec/acceptance/downcase_spec.rb | 37 - .../stdlib/spec/acceptance/empty_spec.rb | 51 - .../spec/acceptance/ensure_resource_spec.rb | 29 - .../stdlib/spec/acceptance/flatten_spec.rb | 37 - .../stdlib/spec/acceptance/floor_spec.rb | 37 - .../spec/acceptance/fqdn_rand_string_spec.rb | 64 - .../spec/acceptance/fqdn_rotate_spec.rb | 62 - .../spec/acceptance/get_module_path_spec.rb | 25 - .../stdlib/spec/acceptance/getparam_spec.rb | 22 - .../stdlib/spec/acceptance/getvar_spec.rb | 24 - .../stdlib/spec/acceptance/grep_spec.rb | 24 - .../acceptance/has_interface_with_spec.rb | 52 - .../spec/acceptance/has_ip_address_spec.rb | 31 - .../spec/acceptance/has_ip_network_spec.rb | 31 - .../stdlib/spec/acceptance/has_key_spec.rb | 39 - .../stdlib/spec/acceptance/hash_spec.rb | 24 - .../spec/acceptance/intersection_spec.rb | 25 - .../stdlib/spec/acceptance/is_a_spec.rb | 27 - .../stdlib/spec/acceptance/is_array_spec.rb | 65 - .../stdlib/spec/acceptance/is_bool_spec.rb | 79 - .../spec/acceptance/is_domain_name_spec.rb | 81 - .../stdlib/spec/acceptance/is_float_spec.rb | 84 - .../acceptance/is_function_available_spec.rb | 56 - .../stdlib/spec/acceptance/is_hash_spec.rb | 61 - .../stdlib/spec/acceptance/is_integer_spec.rb | 93 - .../spec/acceptance/is_ip_address_spec.rb | 78 - .../spec/acceptance/is_ipv4_address_spec.rb | 50 - .../spec/acceptance/is_ipv6_address_spec.rb | 64 - .../spec/acceptance/is_mac_address_spec.rb | 50 - .../stdlib/spec/acceptance/is_numeric_spec.rb | 93 - .../stdlib/spec/acceptance/is_string_spec.rb | 111 - .../acceptance/join_keys_to_values_spec.rb | 22 - .../stdlib/spec/acceptance/join_spec.rb | 24 - .../stdlib/spec/acceptance/keys_spec.rb | 21 - .../stdlib/spec/acceptance/loadjson_spec.rb | 48 - .../stdlib/spec/acceptance/loadyaml_spec.rb | 52 - .../stdlib/spec/acceptance/lstrip_spec.rb | 32 - .../stdlib/spec/acceptance/max_spec.rb | 18 - .../stdlib/spec/acceptance/member_spec.rb | 57 - .../stdlib/spec/acceptance/merge_spec.rb | 22 - .../stdlib/spec/acceptance/min_spec.rb | 18 - .../spec/acceptance/nodesets/centos-7-x64.yml | 10 - .../spec/acceptance/nodesets/debian-8-x64.yml | 10 - .../spec/acceptance/nodesets/default.yml | 10 - .../acceptance/nodesets/docker/centos-7.yml | 12 - .../acceptance/nodesets/docker/debian-8.yml | 11 - .../nodesets/docker/ubuntu-14.04.yml | 12 - .../stdlib/spec/acceptance/num2bool_spec.rb | 76 - .../stdlib/spec/acceptance/parsejson_spec.rb | 50 - .../stdlib/spec/acceptance/parseyaml_spec.rb | 52 - .../spec/acceptance/pick_default_spec.rb | 51 - .../stdlib/spec/acceptance/pick_spec.rb | 42 - .../stdlib/spec/acceptance/prefix_spec.rb | 40 - .../stdlib/spec/acceptance/pw_hash_spec.rb | 31 - .../stdlib/spec/acceptance/range_spec.rb | 34 - .../stdlib/spec/acceptance/reject_spec.rb | 40 - .../stdlib/spec/acceptance/reverse_spec.rb | 21 - .../stdlib/spec/acceptance/rstrip_spec.rb | 32 - .../stdlib/spec/acceptance/shuffle_spec.rb | 32 - .../stdlib/spec/acceptance/size_spec.rb | 53 - .../stdlib/spec/acceptance/sort_spec.rb | 32 - .../stdlib/spec/acceptance/squeeze_spec.rb | 44 - .../stdlib/spec/acceptance/str2bool_spec.rb | 29 - .../spec/acceptance/str2saltedsha512_spec.rb | 20 - .../stdlib/spec/acceptance/strftime_spec.rb | 20 - .../stdlib/spec/acceptance/strip_spec.rb | 32 - .../stdlib/spec/acceptance/suffix_spec.rb | 40 - .../stdlib/spec/acceptance/swapcase_spec.rb | 20 - .../stdlib/spec/acceptance/time_spec.rb | 32 - .../stdlib/spec/acceptance/to_bytes_spec.rb | 25 - .../spec/acceptance/try_get_value_spec.rb | 44 - .../stdlib/spec/acceptance/type3x_spec.rb | 27 - .../stdlib/spec/acceptance/type_spec.rb | 35 - .../stdlib/spec/acceptance/union_spec.rb | 23 - .../stdlib/spec/acceptance/unique_spec.rb | 31 - .../stdlib/spec/acceptance/upcase_spec.rb | 31 - .../stdlib/spec/acceptance/uriescape_spec.rb | 21 - .../acceptance/validate_absolute_path_spec.rb | 19 - .../spec/acceptance/validate_array_spec.rb | 35 - .../spec/acceptance/validate_augeas_spec.rb | 61 - .../spec/acceptance/validate_bool_spec.rb | 35 - .../spec/acceptance/validate_cmd_spec.rb | 50 - .../spec/acceptance/validate_hash_spec.rb | 36 - .../acceptance/validate_ipv4_address_spec.rb | 29 - .../acceptance/validate_ipv6_address_spec.rb | 29 - .../spec/acceptance/validate_re_spec.rb | 46 - .../spec/acceptance/validate_slength_spec.rb | 70 - .../spec/acceptance/validate_string_spec.rb | 42 - .../stdlib/spec/acceptance/values_at_spec.rb | 71 - .../stdlib/spec/acceptance/values_spec.rb | 29 - .../stdlib/spec/acceptance/zip_spec.rb | 71 - puppet/modules/stdlib/spec/default_facts.yml | 7 - .../stdlib/spec/fixtures/dscacheutil/root | 8 - .../modules/stdlib/spec/fixtures/lsuser/root | 2 - .../spec/fixtures/test/manifests/base32.pp | 6 - .../spec/fixtures/test/manifests/base64.pp | 6 - .../spec/fixtures/test/manifests/deftype.pp | 4 - .../test/manifests/ensure_resources.pp | 4 - .../modules/stdlib/spec/functions/abs_spec.rb | 46 - .../stdlib/spec/functions/any2array_spec.rb | 21 - .../stdlib/spec/functions/any2bool_spec.rb | 41 - .../spec/functions/assert_private_spec.rb | 38 - .../stdlib/spec/functions/base64_spec.rb | 60 - .../stdlib/spec/functions/basename_spec.rb | 19 - .../stdlib/spec/functions/bool2num_spec.rb | 14 - .../stdlib/spec/functions/bool2str_spec.rb | 16 - .../stdlib/spec/functions/camelcase_spec.rb | 17 - .../stdlib/spec/functions/capitalize_spec.rb | 15 - .../stdlib/spec/functions/ceiling_spec.rb | 12 - .../stdlib/spec/functions/chomp_spec.rb | 25 - .../stdlib/spec/functions/chop_spec.rb | 25 - .../stdlib/spec/functions/clamp_spec.rb | 16 - .../stdlib/spec/functions/concat_spec.rb | 28 - .../spec/functions/convert_base_spec.rb | 24 - .../stdlib/spec/functions/count_spec.rb | 23 - .../stdlib/spec/functions/deep_merge_spec.rb | 58 - .../functions/defined_with_params_spec.rb | 87 - .../stdlib/spec/functions/delete_at_spec.rb | 29 - .../spec/functions/delete_regex_spec.rb | 56 - .../stdlib/spec/functions/delete_spec.rb | 79 - .../functions/delete_undef_values_spec.rb | 61 - .../spec/functions/delete_values_spec.rb | 45 - .../stdlib/spec/functions/deprecation_spec.rb | 73 - .../stdlib/spec/functions/difference_spec.rb | 23 - .../stdlib/spec/functions/dig44_spec.rb | 132 - .../modules/stdlib/spec/functions/dig_spec.rb | 12 - .../stdlib/spec/functions/dirname_spec.rb | 21 - .../stdlib/spec/functions/dos2unix_spec.rb | 47 - .../stdlib/spec/functions/downcase_spec.rb | 15 - .../stdlib/spec/functions/empty_spec.rb | 22 - .../spec/functions/ensure_packages_spec.rb | 72 - .../spec/functions/ensure_resource_spec.rb | 149 - .../spec/functions/ensure_resources_spec.rb | 27 - .../stdlib/spec/functions/extname_spec.rb | 16 - .../stdlib/spec/functions/flatten_spec.rb | 15 - .../stdlib/spec/functions/floor_spec.rb | 12 - .../spec/functions/fqdn_rand_string_spec.rb | 67 - .../stdlib/spec/functions/fqdn_rotate_spec.rb | 74 - .../stdlib/spec/functions/fqdn_uuid_spec.rb | 12 - .../spec/functions/get_module_path_spec.rb | 57 - .../stdlib/spec/functions/getparam_spec.rb | 34 - .../stdlib/spec/functions/getvar_spec.rb | 45 - .../stdlib/spec/functions/glob_spec.rb | 11 - .../stdlib/spec/functions/grep_spec.rb | 20 - .../spec/functions/has_interface_with_spec.rb | 39 - .../spec/functions/has_ip_address_spec.rb | 22 - .../spec/functions/has_ip_network_spec.rb | 21 - .../stdlib/spec/functions/has_key_spec.rb | 20 - .../stdlib/spec/functions/hash_spec.rb | 15 - .../spec/functions/intersection_spec.rb | 22 - .../stdlib/spec/functions/is_a_spec.rb | 32 - .../stdlib/spec/functions/is_array_spec.rb | 35 - .../stdlib/spec/functions/is_bool_spec.rb | 31 - .../spec/functions/is_domain_name_spec.rb | 43 - .../spec/functions/is_email_address_spec.rb | 14 - .../stdlib/spec/functions/is_float_spec.rb | 40 - .../functions/is_function_available_spec.rb | 9 - .../stdlib/spec/functions/is_hash_spec.rb | 11 - .../stdlib/spec/functions/is_integer_spec.rb | 46 - .../spec/functions/is_ip_address_spec.rb | 40 - .../spec/functions/is_ipv4_address_spec.rb | 31 - .../spec/functions/is_ipv6_address_spec.rb | 29 - .../spec/functions/is_mac_address_spec.rb | 31 - .../stdlib/spec/functions/is_numeric_spec.rb | 46 - .../stdlib/spec/functions/is_string_spec.rb | 45 - .../functions/join_keys_to_values_spec.rb | 34 - .../stdlib/spec/functions/join_spec.rb | 20 - .../stdlib/spec/functions/keys_spec.rb | 24 - .../stdlib/spec/functions/length_spec.rb | 31 - .../functions/load_module_metadata_spec.rb | 47 - .../stdlib/spec/functions/loadjson_spec.rb | 142 - .../stdlib/spec/functions/loadyaml_spec.rb | 101 - .../stdlib/spec/functions/lstrip_spec.rb | 35 - .../modules/stdlib/spec/functions/max_spec.rb | 21 - .../stdlib/spec/functions/member_spec.rb | 23 - .../stdlib/spec/functions/merge_spec.rb | 25 - .../modules/stdlib/spec/functions/min_spec.rb | 22 - .../stdlib/spec/functions/num2bool_spec.rb | 22 - .../spec/functions/os_version_gte_spec.rb | 33 - .../stdlib/spec/functions/parsejson_spec.rb | 66 - .../stdlib/spec/functions/parseyaml_spec.rb | 83 - .../spec/functions/pick_default_spec.rb | 40 - .../stdlib/spec/functions/pick_spec.rb | 17 - .../stdlib/spec/functions/prefix_spec.rb | 29 - .../stdlib/spec/functions/private_spec.rb | 52 - .../stdlib/spec/functions/pw_hash_spec.rb | 79 - .../stdlib/spec/functions/range_spec.rb | 157 - .../spec/functions/regexpescape_spec.rb | 41 - .../stdlib/spec/functions/reject_spec.rb | 20 - .../stdlib/spec/functions/reverse_spec.rb | 33 - .../stdlib/spec/functions/round_spec.rb | 14 - .../stdlib/spec/functions/rstrip_spec.rb | 35 - .../stdlib/spec/functions/seeded_rand_spec.rb | 58 - .../spec/functions/seeded_rand_string_spec.rb | 34 - .../spec/functions/shell_escape_spec.rb | 29 - .../stdlib/spec/functions/shell_join_spec.rb | 30 - .../stdlib/spec/functions/shell_split_spec.rb | 33 - .../stdlib/spec/functions/shuffle_spec.rb | 38 - .../stdlib/spec/functions/size_spec.rb | 38 - .../stdlib/spec/functions/sort_spec.rb | 33 - .../spec/functions/sprintf_hash_spec.rb | 33 - .../stdlib/spec/functions/squeeze_spec.rb | 50 - .../stdlib/spec/functions/str2bool_spec.rb | 23 - .../spec/functions/str2saltedsha512_spec.rb | 26 - .../stdlib/spec/functions/strftime_spec.rb | 26 - .../stdlib/spec/functions/strip_spec.rb | 35 - .../stdlib/spec/functions/suffix_spec.rb | 40 - .../stdlib/spec/functions/swapcase_spec.rb | 40 - .../stdlib/spec/functions/time_spec.rb | 21 - .../stdlib/spec/functions/to_bytes_spec.rb | 70 - .../spec/functions/to_json_pretty_spec.rb | 16 - .../stdlib/spec/functions/to_json_spec.rb | 22 - .../stdlib/spec/functions/to_yaml_spec.rb | 20 - .../spec/functions/try_get_value_spec.rb | 108 - .../stdlib/spec/functions/type3x_spec.rb | 41 - .../stdlib/spec/functions/type_of_spec.rb | 25 - .../stdlib/spec/functions/type_spec.rb | 42 - .../stdlib/spec/functions/union_spec.rb | 25 - .../stdlib/spec/functions/unique_spec.rb | 31 - .../stdlib/spec/functions/unix2dos_spec.rb | 40 - .../stdlib/spec/functions/upcase_spec.rb | 26 - .../stdlib/spec/functions/uriescape_spec.rb | 36 - .../functions/validate_absolute_path_spec.rb | 51 - .../spec/functions/validate_array_spec.rb | 35 - .../spec/functions/validate_augeas_spec.rb | 75 - .../spec/functions/validate_bool_spec.rb | 36 - .../spec/functions/validate_cmd_spec.rb | 41 - .../functions/validate_domain_name_spec.rb | 35 - .../functions/validate_email_address_spec.rb | 23 - .../spec/functions/validate_hash_spec.rb | 38 - .../spec/functions/validate_integer_spec.rb | 101 - .../functions/validate_ip_address_spec.rb | 64 - .../functions/validate_ipv4_address_spec.rb | 40 - .../functions/validate_ipv6_address_spec.rb | 59 - .../spec/functions/validate_legacy_spec.rb | 56 - .../spec/functions/validate_numeric_spec.rb | 100 - .../stdlib/spec/functions/validate_re_spec.rb | 56 - .../spec/functions/validate_slength_spec.rb | 81 - .../spec/functions/validate_string_spec.rb | 33 - .../validate_x509_rsa_key_pair_spec.rb | 180 - .../stdlib/spec/functions/values_at_spec.rb | 54 - .../stdlib/spec/functions/values_spec.rb | 24 - .../modules/stdlib/spec/functions/zip_spec.rb | 20 - .../monkey_patches/alias_should_to_must.rb | 8 - .../spec/monkey_patches/publicize_methods.rb | 10 - puppet/modules/stdlib/spec/spec_helper.rb | 48 - .../stdlib/spec/spec_helper_acceptance.rb | 57 - .../modules/stdlib/spec/spec_helper_local.rb | 31 - .../stdlib/spec/support/shared_data.rb | 38 - .../spec/type_aliases/absolute_path_spec.rb | 39 - .../stdlib/spec/type_aliases/array_spec.rb | 32 - .../stdlib/spec/type_aliases/base32_spec.rb | 39 - .../stdlib/spec/type_aliases/base64_spec.rb | 34 - .../stdlib/spec/type_aliases/bool_spec.rb | 30 - .../spec/type_aliases/compat__ip_address.rb | 38 - .../spec/type_aliases/compat__ipv4_spec.rb | 20 - .../spec/type_aliases/compat__ipv6_spec.rb | 44 - .../stdlib/spec/type_aliases/filemode_spec.rb | 59 - .../spec/type_aliases/filesource_spec.rb | 58 - .../stdlib/spec/type_aliases/float_spec.rb | 26 - .../stdlib/spec/type_aliases/fqdn_spec.rb | 31 - .../stdlib/spec/type_aliases/hash_spec.rb | 30 - .../stdlib/spec/type_aliases/host_spec.rb | 34 - .../stdlib/spec/type_aliases/httpsurl_spec.rb | 35 - .../stdlib/spec/type_aliases/httpurl_spec.rb | 36 - .../stdlib/spec/type_aliases/integer_spec.rb | 29 - .../type_aliases/ip_address_nosubnet_spec.rb | 44 - .../spec/type_aliases/ip_address_spec.rb | 44 - .../ip_address_v4_nosubnet_spec.rb | 30 - .../spec/type_aliases/ip_address_v4_spec.rb | 30 - .../ip_address_v6_alternative_spec.rb | 28 - .../type_aliases/ip_address_v6_cidr_spec.rb | 33 - .../ip_address_v6_compressed_spec.rb | 31 - .../type_aliases/ip_address_v6_full_spec.rb | 28 - ...ip_address_v6_nosubnet_alternative_spec.rb | 28 - .../ip_address_v6_nosubnet_compressed_spec.rb | 31 - .../ip_address_v6_nosubnet_full_spec.rb | 28 - .../spec/type_aliases/ip_address_v6_spec.rb | 32 - .../stdlib/spec/type_aliases/numeric_spec.rb | 30 - .../type_aliases/port__privileged_spec.rb | 39 - .../type_aliases/port__unprivileged_spec.rb | 40 - .../stdlib/spec/type_aliases/port_spec.rb | 39 - .../stdlib/spec/type_aliases/string_spec.rb | 30 - .../stdlib/spec/type_aliases/unixpath_spec.rb | 36 - .../spec/type_aliases/windowspath_spec.rb | 36 - .../spec/unit/facter/facter_dot_d_spec.rb | 30 - .../spec/unit/facter/package_provider_spec.rb | 43 - .../spec/unit/facter/pe_version_spec.rb | 88 - .../stdlib/spec/unit/facter/root_home_spec.rb | 65 - .../spec/unit/facter/service_provider_spec.rb | 35 - .../unit/facter/util/puppet_settings_spec.rb | 36 - .../parser/functions/enclose_ipv6_spec.rb | 68 - .../parser/functions/is_absolute_path_spec.rb | 87 - .../puppet/provider/file_line/ruby_spec.rb | 258 - .../provider/file_line/ruby_spec_alter.rb | 374 - .../provider/file_line/ruby_spec_use_cases.rb | 135 - .../spec/unit/puppet/type/anchor_spec.rb | 9 - .../spec/unit/puppet/type/file_line_spec.rb | 111 - puppet/modules/stdlib/types/absolutepath.pp | 2 - puppet/modules/stdlib/types/base32.pp | 2 - puppet/modules/stdlib/types/base64.pp | 2 - .../stdlib/types/compat/absolute_path.pp | 7 - puppet/modules/stdlib/types/compat/array.pp | 2 - puppet/modules/stdlib/types/compat/bool.pp | 2 - puppet/modules/stdlib/types/compat/float.pp | 19 - puppet/modules/stdlib/types/compat/hash.pp | 2 - puppet/modules/stdlib/types/compat/integer.pp | 23 - .../modules/stdlib/types/compat/ip_address.pp | 1 - puppet/modules/stdlib/types/compat/ipv4.pp | 2 - puppet/modules/stdlib/types/compat/ipv6.pp | 1 - puppet/modules/stdlib/types/compat/numeric.pp | 23 - puppet/modules/stdlib/types/compat/re.pp | 3 - puppet/modules/stdlib/types/compat/string.pp | 2 - puppet/modules/stdlib/types/ensure/service.pp | 1 - puppet/modules/stdlib/types/filemode.pp | 2 - puppet/modules/stdlib/types/filesource.pp | 9 - puppet/modules/stdlib/types/fqdn.pp | 1 - puppet/modules/stdlib/types/host.pp | 1 - puppet/modules/stdlib/types/httpsurl.pp | 1 - puppet/modules/stdlib/types/httpurl.pp | 1 - puppet/modules/stdlib/types/ip/address.pp | 4 - .../stdlib/types/ip/address/nosubnet.pp | 4 - puppet/modules/stdlib/types/ip/address/v4.pp | 4 - .../stdlib/types/ip/address/v4/cidr.pp | 1 - .../stdlib/types/ip/address/v4/nosubnet.pp | 1 - puppet/modules/stdlib/types/ip/address/v6.pp | 6 - .../stdlib/types/ip/address/v6/alternative.pp | 9 - .../stdlib/types/ip/address/v6/cidr.pp | 3 - .../stdlib/types/ip/address/v6/compressed.pp | 10 - .../stdlib/types/ip/address/v6/full.pp | 1 - .../stdlib/types/ip/address/v6/nosubnet.pp | 5 - .../ip/address/v6/nosubnet/alternative.pp | 9 - .../ip/address/v6/nosubnet/compressed.pp | 10 - .../types/ip/address/v6/nosubnet/full.pp | 1 - puppet/modules/stdlib/types/mac.pp | 5 - puppet/modules/stdlib/types/port.pp | 1 - .../modules/stdlib/types/port/privileged.pp | 1 - .../modules/stdlib/types/port/unprivileged.pp | 1 - puppet/modules/stdlib/types/unixpath.pp | 2 - puppet/modules/stdlib/types/windowspath.pp | 1 - puppet/modules/translate/CHANGELOG.md | 47 - puppet/modules/translate/CONTRIBUTING.md | 271 - puppet/modules/translate/Gemfile | 75 - puppet/modules/translate/HISTORY.md | 27 - puppet/modules/translate/LICENSE | 202 - puppet/modules/translate/MAINTAINERS.md | 6 - puppet/modules/translate/NOTICE | 15 - puppet/modules/translate/README.md | 52 - puppet/modules/translate/Rakefile | 75 - puppet/modules/translate/checksums.json | 24 - .../lib/puppet/functions/translate.rb | 17 - puppet/modules/translate/locales/config.yaml | 26 - puppet/modules/translate/metadata.json | 55 - .../spec/acceptance/nodesets/centos-7-x64.yml | 10 - .../spec/acceptance/nodesets/debian-8-x64.yml | 10 - .../spec/acceptance/nodesets/default.yml | 10 - .../acceptance/nodesets/docker/centos-7.yml | 12 - .../acceptance/nodesets/docker/debian-8.yml | 11 - .../nodesets/docker/ubuntu-14.04.yml | 12 - .../spec/acceptance/translate_spec.rb | 3 - .../modules/translate/spec/default_facts.yml | 8 - .../spec/functions/translate_spec.rb | 10 - puppet/modules/translate/spec/spec_helper.rb | 44 - puppet/modules/vcsrepo/CHANGELOG.md | 300 - puppet/modules/vcsrepo/CONTRIBUTING.md | 271 - puppet/modules/vcsrepo/Gemfile | 75 - puppet/modules/vcsrepo/HISTORY.md | 275 - puppet/modules/vcsrepo/LICENSE | 339 - puppet/modules/vcsrepo/MAINTAINERS.md | 6 - puppet/modules/vcsrepo/NOTICE | 20 - puppet/modules/vcsrepo/README.markdown | 865 --- puppet/modules/vcsrepo/Rakefile | 75 - puppet/modules/vcsrepo/checksums.json | 164 - puppet/modules/vcsrepo/examples/bzr/branch.pp | 6 - .../modules/vcsrepo/examples/bzr/init_repo.pp | 4 - puppet/modules/vcsrepo/examples/cvs/local.pp | 11 - puppet/modules/vcsrepo/examples/cvs/remote.pp | 5 - .../modules/vcsrepo/examples/git/bare_init.pp | 4 - puppet/modules/vcsrepo/examples/git/clone.pp | 5 - .../git/shallow-clone-with-just-one-commit.pp | 7 - .../vcsrepo/examples/git/working_copy_init.pp | 4 - puppet/modules/vcsrepo/examples/hg/clone.pp | 6 - .../vcsrepo/examples/hg/clone_basic_auth.pp | 7 - .../modules/vcsrepo/examples/hg/init_repo.pp | 4 - .../vcsrepo/examples/p4/create_client.pp | 4 - .../vcsrepo/examples/p4/delete_client.pp | 4 - .../vcsrepo/examples/p4/latest_client.pp | 5 - .../vcsrepo/examples/p4/sync_client.pp | 6 - .../modules/vcsrepo/examples/svn/checkout.pp | 5 - puppet/modules/vcsrepo/examples/svn/server.pp | 4 - .../vcsrepo/lib/facter/vcsrepo_svn_ver.rb | 18 - .../vcsrepo/lib/puppet/provider/vcsrepo.rb | 47 - .../lib/puppet/provider/vcsrepo/bzr.rb | 108 - .../lib/puppet/provider/vcsrepo/cvs.rb | 155 - .../lib/puppet/provider/vcsrepo/dummy.rb | 17 - .../lib/puppet/provider/vcsrepo/git.rb | 590 -- .../vcsrepo/lib/puppet/provider/vcsrepo/hg.rb | 147 - .../vcsrepo/lib/puppet/provider/vcsrepo/p4.rb | 284 - .../lib/puppet/provider/vcsrepo/svn.rb | 291 - .../vcsrepo/lib/puppet/type/vcsrepo.rb | 295 - puppet/modules/vcsrepo/locales/config.yaml | 26 - puppet/modules/vcsrepo/metadata.json | 78 - .../basic_auth/basic_auth_checkout_http.rb | 68 - .../basic_auth/basic_auth_checkout_https.rb | 76 - .../negative/basic_auth_checkout_git.rb | 51 - .../branch_checkout/branch_checkout_file.rb | 47 - .../branch_checkout_file_path.rb | 47 - .../branch_checkout/branch_checkout_git.rb | 52 - .../branch_checkout/branch_checkout_http.rb | 60 - .../branch_checkout/branch_checkout_https.rb | 66 - .../branch_checkout/branch_checkout_scp.rb | 58 - .../branch_checkout/branch_checkout_ssh.rb | 58 - .../negative/branch_checkout_not_exists.rb | 45 - .../acceptance/beaker/git/clone/clone_file.rb | 45 - .../beaker/git/clone/clone_file_path.rb | 45 - .../acceptance/beaker/git/clone/clone_git.rb | 50 - .../acceptance/beaker/git/clone/clone_http.rb | 58 - .../beaker/git/clone/clone_https.rb | 65 - ..._over_different_exiting_repo_with_force.rb | 48 - .../clone/clone_repo_with_excludes_in_repo.rb | 45 - .../clone_repo_with_excludes_not_in_repo.rb | 45 - .../acceptance/beaker/git/clone/clone_scp.rb | 56 - .../acceptance/beaker/git/clone/clone_ssh.rb | 56 - .../clone_over_different_exiting_repo.rb | 46 - .../negative/clone_repo_with_exec_excludes.rb | 44 - .../git/compression/compression_0_checkout.rb | 42 - .../git/compression/compression_1_checkout.rb | 42 - .../git/compression/compression_2_checkout.rb | 42 - .../git/compression/compression_3_checkout.rb | 42 - .../git/compression/compression_4_checkout.rb | 42 - .../git/compression/compression_5_checkout.rb | 42 - .../git/compression/compression_6_checkout.rb | 42 - .../negative/compression_7_checkout.rb | 42 - .../negative/compression_alpha_checkout.rb | 42 - .../negative/compression_eval_checkout.rb | 42 - .../negative/compression_exec_checkout.rb | 42 - .../negative/compression_negative_checkout.rb | 42 - .../create_bare_repo_that_already_exists.rb | 39 - .../create/create_repo_that_already_exists.rb | 41 - .../create_bare_repo_specifying_revision.rb | 37 - .../git/group_checkout/group_checkout_file.rb | 52 - .../group_checkout_file_path.rb | 52 - .../git/group_checkout/group_checkout_git.rb | 57 - .../git/group_checkout/group_checkout_http.rb | 65 - .../group_checkout/group_checkout_https.rb | 72 - .../git/group_checkout/group_checkout_scp.rb | 63 - .../git/group_checkout/group_checkout_ssh.rb | 63 - .../group_checkout_file_non_existent_group.rb | 50 - .../negative/revision_checkout_not_exists.rb | 45 - .../revision_checkout_file.rb | 52 - .../revision_checkout_file_path.rb | 52 - .../revision_checkout_git.rb | 57 - .../revision_checkout_http.rb | 65 - .../revision_checkout_https.rb | 73 - .../revision_checkout_scp.rb | 63 - .../revision_checkout_ssh.rb | 63 - .../negative/shallow_clone_exec_depth.rb | 42 - .../negative/shallow_clone_file_path.rb | 43 - .../negative/shallow_clone_http.rb | 54 - .../negative/shallow_clone_negative_depth.rb | 42 - .../negative/shallow_clone_overflow_depth.rb | 44 - .../git/shallow_clone/shallow_clone_file.rb | 46 - .../git/shallow_clone/shallow_clone_git.rb | 51 - .../git/shallow_clone/shallow_clone_https.rb | 68 - .../git/shallow_clone/shallow_clone_scp.rb | 57 - .../git/shallow_clone/shallow_clone_ssh.rb | 57 - .../shallow_clone/shallow_clone_zero_depth.rb | 42 - .../negative/tag_checkout_not_exists.rb | 46 - .../git/tag_checkout/tag_checkout_file.rb | 47 - .../tag_checkout/tag_checkout_file_path.rb | 47 - .../git/tag_checkout/tag_checkout_git.rb | 58 - .../git/tag_checkout/tag_checkout_http.rb | 66 - .../git/tag_checkout/tag_checkout_https.rb | 73 - .../git/tag_checkout/tag_checkout_scp.rb | 64 - .../git/tag_checkout/tag_checkout_ssh.rb | 64 - .../user_checkout_file_non_existent_user.rb | 50 - .../git/user_checkout/user_checkout_file.rb | 52 - .../user_checkout/user_checkout_file_path.rb | 52 - .../git/user_checkout/user_checkout_git.rb | 57 - .../git/user_checkout/user_checkout_http.rb | 65 - .../git/user_checkout/user_checkout_https.rb | 72 - .../git/user_checkout/user_checkout_scp.rb | 63 - .../git/user_checkout/user_checkout_ssh.rb | 63 - .../vcsrepo/spec/acceptance/beaker_helper.rb | 51 - .../spec/acceptance/clone_repo_spec.rb | 568 -- .../spec/acceptance/create_repo_spec.rb | 101 - .../spec/acceptance/files/create_git_repo.sh | 39 - .../vcsrepo/spec/acceptance/files/server.crt | 13 - .../vcsrepo/spec/acceptance/files/server.key | 15 - .../spec/acceptance/modules_1596_spec.rb | 69 - .../spec/acceptance/modules_1800_spec.rb | 40 - .../spec/acceptance/modules_2326_spec.rb | 67 - .../spec/acceptance/modules_660_spec.rb | 91 - .../spec/acceptance/modules_753_spec.rb | 65 - .../spec/acceptance/nodesets/centos-7-x64.yml | 10 - .../spec/acceptance/nodesets/debian-8-x64.yml | 10 - .../spec/acceptance/nodesets/default.yml | 10 - .../acceptance/nodesets/docker/centos-7.yml | 12 - .../acceptance/nodesets/docker/debian-8.yml | 11 - .../nodesets/docker/ubuntu-14.04.yml | 12 - .../spec/acceptance/remove_repo_spec.rb | 29 - .../spec/acceptance/remove_repo_spec_noop.rb | 30 - .../vcsrepo/spec/acceptance/svn_paths_spec.rb | 286 - .../vcsrepo/spec/acceptance/svn_spec.rb | 131 - puppet/modules/vcsrepo/spec/default_facts.yml | 8 - .../spec/fixtures/bzr_version_info.txt | 5 - .../vcsrepo/spec/fixtures/git_branch_a.txt | 14 - .../spec/fixtures/git_branch_feature_bar.txt | 14 - .../vcsrepo/spec/fixtures/git_branch_none.txt | 15 - .../vcsrepo/spec/fixtures/hg_parents.txt | 6 - .../modules/vcsrepo/spec/fixtures/hg_tags.txt | 18 - .../vcsrepo/spec/fixtures/svn_info.txt | 10 - puppet/modules/vcsrepo/spec/spec_helper.rb | 44 - .../vcsrepo/spec/spec_helper_acceptance.rb | 61 - .../modules/vcsrepo/spec/spec_helper_local.rb | 7 - .../spec/support/filesystem_helpers.rb | 18 - .../vcsrepo/spec/support/fixture_helpers.rb | 6 - .../spec/unit/facter/vcsrepo_svn_ver_spec.rb | 21 - .../unit/puppet/provider/vcsrepo/bzr_spec.rb | 121 - .../unit/puppet/provider/vcsrepo/cvs_spec.rb | 161 - .../unit/puppet/provider/vcsrepo/git_spec.rb | 552 -- .../unit/puppet/provider/vcsrepo/hg_spec.rb | 139 - .../unit/puppet/provider/vcsrepo/p4_spec.rb | 97 - .../unit/puppet/provider/vcsrepo/svn_spec.rb | 289 - .../spec/unit/puppet/type/README.markdown | 4 - .../spec/unit/puppet/type/vcsrepo_spec.rb | 151 - puppet/update.sh | 2 + 1541 files changed, 38 insertions(+), 117720 deletions(-) create mode 100644 puppet/Puppetfile create mode 100644 puppet/README.md rename puppet/{modules/apache => dw_dev}/LICENSE (100%) rename puppet/{modules => }/dw_dev/manifests/app.pp (100%) rename puppet/{modules => }/dw_dev/manifests/init.pp (100%) rename puppet/{modules => }/dw_dev/manifests/prerequisites.pp (100%) rename puppet/{modules => }/dw_dev/manifests/user.pp (100%) rename puppet/{modules => }/dw_dev/templates/config-local.epp (100%) rename puppet/{modules => }/dw_dev/templates/config-private.epp (100%) rename puppet/{modules => }/dw_dev/templates/gitconfig.epp (100%) rename puppet/{modules => }/dw_dev/templates/vhost.epp (100%) delete mode 100644 puppet/modules/alternatives/CHANGELOG.md delete mode 100644 puppet/modules/alternatives/CONTRIBUTING.md delete mode 100644 puppet/modules/alternatives/Gemfile delete mode 100644 puppet/modules/alternatives/HISTORY.md delete mode 100644 puppet/modules/alternatives/LICENSE delete mode 100644 puppet/modules/alternatives/README.md delete mode 100644 puppet/modules/alternatives/Rakefile delete mode 100644 puppet/modules/alternatives/checksums.json delete mode 100644 puppet/modules/alternatives/lib/puppet/provider/alternative_entry/dpkg.rb delete mode 100644 puppet/modules/alternatives/lib/puppet/provider/alternative_entry/rpm.rb delete mode 100644 puppet/modules/alternatives/lib/puppet/provider/alternatives/dpkg.rb delete mode 100644 puppet/modules/alternatives/lib/puppet/provider/alternatives/rpm.rb delete mode 100644 puppet/modules/alternatives/lib/puppet/type/alternative_entry.rb delete mode 100644 puppet/modules/alternatives/lib/puppet/type/alternatives.rb delete mode 100644 puppet/modules/alternatives/metadata.json delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/archlinux-2-x64.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/centos-511-x64.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/centos-6-x64.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/centos-66-x64-pe.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/centos-66-x64.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/centos-7-x64.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/centos-72-x64.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/debian-78-x64.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/debian-82-x64.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/ec2/image_templates.yaml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/ec2/rhel-73-x64.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/fedora-24-x64.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/fedora-25-x64.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/fedora-26-x64.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/fedora-27-x64.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/ubuntu-server-1204-x64.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml delete mode 100644 puppet/modules/alternatives/spec/acceptance/nodesets/ubuntu-server-1604-x64.yml delete mode 100644 puppet/modules/alternatives/spec/classes/coverage_spec.rb delete mode 100644 puppet/modules/alternatives/spec/default_facts.yml delete mode 100644 puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/dpkg/get-selections delete mode 100644 puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/rpm/alternatives/sample delete mode 100644 puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/rpm/alternatives/testcmd delete mode 100644 puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/rpm/display/sample delete mode 100644 puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/rpm/display/testcmd delete mode 100644 puppet/modules/alternatives/spec/spec_helper.rb delete mode 100644 puppet/modules/alternatives/spec/unit/provider/alternatives/dpkg_spec.rb delete mode 100644 puppet/modules/alternatives/spec/unit/provider/alternatives/rpm_spec.rb delete mode 100644 puppet/modules/alternatives/spec/unit/type/alternatives_spec.rb delete mode 100644 puppet/modules/apache/CHANGELOG.md delete mode 100644 puppet/modules/apache/CONTRIBUTING.md delete mode 100644 puppet/modules/apache/Gemfile delete mode 100644 puppet/modules/apache/HISTORY.md delete mode 100644 puppet/modules/apache/MAINTAINERS.md delete mode 100644 puppet/modules/apache/NOTICE delete mode 100755 puppet/modules/apache/README.md delete mode 100644 puppet/modules/apache/Rakefile delete mode 100644 puppet/modules/apache/checksums.json delete mode 100644 puppet/modules/apache/examples/apache.pp delete mode 100644 puppet/modules/apache/examples/dev.pp delete mode 100644 puppet/modules/apache/examples/init.pp delete mode 100644 puppet/modules/apache/examples/mod_load_params.pp delete mode 100644 puppet/modules/apache/examples/mods.pp delete mode 100644 puppet/modules/apache/examples/mods_custom.pp delete mode 100644 puppet/modules/apache/examples/php.pp delete mode 100644 puppet/modules/apache/examples/vhost.pp delete mode 100644 puppet/modules/apache/examples/vhost_directories.pp delete mode 100644 puppet/modules/apache/examples/vhost_filter.pp delete mode 100644 puppet/modules/apache/examples/vhost_ip_based.pp delete mode 100644 puppet/modules/apache/examples/vhost_proxypass.pp delete mode 100644 puppet/modules/apache/examples/vhost_ssl.pp delete mode 100644 puppet/modules/apache/examples/vhosts_without_listen.pp delete mode 100644 puppet/modules/apache/files/httpd delete mode 100644 puppet/modules/apache/lib/facter/apache_version.rb delete mode 100644 puppet/modules/apache/lib/puppet/functions/apache/apache_pw_hash.rb delete mode 100644 puppet/modules/apache/lib/puppet/functions/apache/bool2httpd.rb delete mode 100644 puppet/modules/apache/lib/puppet/functions/apache/validate_apache_log_level.rb delete mode 100644 puppet/modules/apache/lib/puppet/parser/functions/apache_pw_hash.rb delete mode 100644 puppet/modules/apache/lib/puppet/parser/functions/bool2httpd.rb delete mode 100644 puppet/modules/apache/lib/puppet/parser/functions/validate_apache_log_level.rb delete mode 100644 puppet/modules/apache/lib/puppet/provider/a2mod.rb delete mode 100644 puppet/modules/apache/lib/puppet/provider/a2mod/a2mod.rb delete mode 100644 puppet/modules/apache/lib/puppet/provider/a2mod/gentoo.rb delete mode 100644 puppet/modules/apache/lib/puppet/provider/a2mod/modfix.rb delete mode 100644 puppet/modules/apache/lib/puppet/provider/a2mod/redhat.rb delete mode 100644 puppet/modules/apache/lib/puppet/type/a2mod.rb delete mode 100644 puppet/modules/apache/locales/config.yaml delete mode 100644 puppet/modules/apache/locales/ja/puppetlabs-apache.po delete mode 100644 puppet/modules/apache/locales/puppetlabs-apache.pot delete mode 100644 puppet/modules/apache/manifests/balancer.pp delete mode 100644 puppet/modules/apache/manifests/balancermember.pp delete mode 100644 puppet/modules/apache/manifests/confd/no_accf.pp delete mode 100644 puppet/modules/apache/manifests/custom_config.pp delete mode 100644 puppet/modules/apache/manifests/default_confd_files.pp delete mode 100644 puppet/modules/apache/manifests/default_mods.pp delete mode 100644 puppet/modules/apache/manifests/default_mods/load.pp delete mode 100644 puppet/modules/apache/manifests/dev.pp delete mode 100644 puppet/modules/apache/manifests/fastcgi/server.pp delete mode 100755 puppet/modules/apache/manifests/init.pp delete mode 100644 puppet/modules/apache/manifests/listen.pp delete mode 100644 puppet/modules/apache/manifests/mod.pp delete mode 100644 puppet/modules/apache/manifests/mod/actions.pp delete mode 100644 puppet/modules/apache/manifests/mod/alias.pp delete mode 100644 puppet/modules/apache/manifests/mod/auth_basic.pp delete mode 100644 puppet/modules/apache/manifests/mod/auth_cas.pp delete mode 100644 puppet/modules/apache/manifests/mod/auth_gssapi.pp delete mode 100644 puppet/modules/apache/manifests/mod/auth_kerb.pp delete mode 100644 puppet/modules/apache/manifests/mod/auth_mellon.pp delete mode 100644 puppet/modules/apache/manifests/mod/authn_core.pp delete mode 100644 puppet/modules/apache/manifests/mod/authn_dbd.pp delete mode 100644 puppet/modules/apache/manifests/mod/authn_file.pp delete mode 100644 puppet/modules/apache/manifests/mod/authnz_ldap.pp delete mode 100644 puppet/modules/apache/manifests/mod/authnz_pam.pp delete mode 100644 puppet/modules/apache/manifests/mod/authz_default.pp delete mode 100644 puppet/modules/apache/manifests/mod/authz_user.pp delete mode 100644 puppet/modules/apache/manifests/mod/autoindex.pp delete mode 100644 puppet/modules/apache/manifests/mod/cache.pp delete mode 100644 puppet/modules/apache/manifests/mod/cgi.pp delete mode 100644 puppet/modules/apache/manifests/mod/cgid.pp delete mode 100644 puppet/modules/apache/manifests/mod/cluster.pp delete mode 100644 puppet/modules/apache/manifests/mod/data.pp delete mode 100644 puppet/modules/apache/manifests/mod/dav.pp delete mode 100644 puppet/modules/apache/manifests/mod/dav_fs.pp delete mode 100644 puppet/modules/apache/manifests/mod/dav_svn.pp delete mode 100644 puppet/modules/apache/manifests/mod/dbd.pp delete mode 100644 puppet/modules/apache/manifests/mod/deflate.pp delete mode 100644 puppet/modules/apache/manifests/mod/dev.pp delete mode 100644 puppet/modules/apache/manifests/mod/dir.pp delete mode 100644 puppet/modules/apache/manifests/mod/disk_cache.pp delete mode 100644 puppet/modules/apache/manifests/mod/dumpio.pp delete mode 100644 puppet/modules/apache/manifests/mod/env.pp delete mode 100644 puppet/modules/apache/manifests/mod/event.pp delete mode 100644 puppet/modules/apache/manifests/mod/expires.pp delete mode 100644 puppet/modules/apache/manifests/mod/ext_filter.pp delete mode 100644 puppet/modules/apache/manifests/mod/fastcgi.pp delete mode 100644 puppet/modules/apache/manifests/mod/fcgid.pp delete mode 100644 puppet/modules/apache/manifests/mod/filter.pp delete mode 100644 puppet/modules/apache/manifests/mod/geoip.pp delete mode 100644 puppet/modules/apache/manifests/mod/headers.pp delete mode 100644 puppet/modules/apache/manifests/mod/http2.pp delete mode 100644 puppet/modules/apache/manifests/mod/include.pp delete mode 100644 puppet/modules/apache/manifests/mod/info.pp delete mode 100644 puppet/modules/apache/manifests/mod/intercept_form_submit.pp delete mode 100644 puppet/modules/apache/manifests/mod/itk.pp delete mode 100644 puppet/modules/apache/manifests/mod/jk.pp delete mode 100644 puppet/modules/apache/manifests/mod/ldap.pp delete mode 100644 puppet/modules/apache/manifests/mod/lookup_identity.pp delete mode 100644 puppet/modules/apache/manifests/mod/macro.pp delete mode 100644 puppet/modules/apache/manifests/mod/mime.pp delete mode 100644 puppet/modules/apache/manifests/mod/mime_magic.pp delete mode 100644 puppet/modules/apache/manifests/mod/negotiation.pp delete mode 100644 puppet/modules/apache/manifests/mod/nss.pp delete mode 100644 puppet/modules/apache/manifests/mod/pagespeed.pp delete mode 100644 puppet/modules/apache/manifests/mod/passenger.pp delete mode 100644 puppet/modules/apache/manifests/mod/perl.pp delete mode 100644 puppet/modules/apache/manifests/mod/peruser.pp delete mode 100644 puppet/modules/apache/manifests/mod/php.pp delete mode 100644 puppet/modules/apache/manifests/mod/prefork.pp delete mode 100644 puppet/modules/apache/manifests/mod/proxy.pp delete mode 100644 puppet/modules/apache/manifests/mod/proxy_ajp.pp delete mode 100644 puppet/modules/apache/manifests/mod/proxy_balancer.pp delete mode 100644 puppet/modules/apache/manifests/mod/proxy_connect.pp delete mode 100644 puppet/modules/apache/manifests/mod/proxy_fcgi.pp delete mode 100644 puppet/modules/apache/manifests/mod/proxy_html.pp delete mode 100644 puppet/modules/apache/manifests/mod/proxy_http.pp delete mode 100644 puppet/modules/apache/manifests/mod/proxy_wstunnel.pp delete mode 100644 puppet/modules/apache/manifests/mod/python.pp delete mode 100644 puppet/modules/apache/manifests/mod/remoteip.pp delete mode 100644 puppet/modules/apache/manifests/mod/reqtimeout.pp delete mode 100644 puppet/modules/apache/manifests/mod/rewrite.pp delete mode 100644 puppet/modules/apache/manifests/mod/rpaf.pp delete mode 100644 puppet/modules/apache/manifests/mod/security.pp delete mode 100644 puppet/modules/apache/manifests/mod/setenvif.pp delete mode 100644 puppet/modules/apache/manifests/mod/shib.pp delete mode 100644 puppet/modules/apache/manifests/mod/socache_shmcb.pp delete mode 100644 puppet/modules/apache/manifests/mod/speling.pp delete mode 100644 puppet/modules/apache/manifests/mod/ssl.pp delete mode 100644 puppet/modules/apache/manifests/mod/status.pp delete mode 100644 puppet/modules/apache/manifests/mod/suexec.pp delete mode 100644 puppet/modules/apache/manifests/mod/suphp.pp delete mode 100644 puppet/modules/apache/manifests/mod/userdir.pp delete mode 100644 puppet/modules/apache/manifests/mod/version.pp delete mode 100644 puppet/modules/apache/manifests/mod/vhost_alias.pp delete mode 100644 puppet/modules/apache/manifests/mod/worker.pp delete mode 100644 puppet/modules/apache/manifests/mod/wsgi.pp delete mode 100644 puppet/modules/apache/manifests/mod/xsendfile.pp delete mode 100644 puppet/modules/apache/manifests/mpm.pp delete mode 100644 puppet/modules/apache/manifests/namevirtualhost.pp delete mode 100644 puppet/modules/apache/manifests/package.pp delete mode 100644 puppet/modules/apache/manifests/params.pp delete mode 100644 puppet/modules/apache/manifests/peruser/multiplexer.pp delete mode 100644 puppet/modules/apache/manifests/peruser/processor.pp delete mode 100644 puppet/modules/apache/manifests/php.pp delete mode 100644 puppet/modules/apache/manifests/proxy.pp delete mode 100644 puppet/modules/apache/manifests/python.pp delete mode 100644 puppet/modules/apache/manifests/security/rule_link.pp delete mode 100644 puppet/modules/apache/manifests/service.pp delete mode 100644 puppet/modules/apache/manifests/ssl.pp delete mode 100644 puppet/modules/apache/manifests/version.pp delete mode 100644 puppet/modules/apache/manifests/vhost.pp delete mode 100644 puppet/modules/apache/manifests/vhost/custom.pp delete mode 100644 puppet/modules/apache/manifests/vhosts.pp delete mode 100644 puppet/modules/apache/metadata.json delete mode 100644 puppet/modules/apache/readmes/README_ja_JP.md delete mode 100755 puppet/modules/apache/spec/acceptance/apache_parameters_spec.rb delete mode 100644 puppet/modules/apache/spec/acceptance/apache_ssl_spec.rb delete mode 100644 puppet/modules/apache/spec/acceptance/class_spec.rb delete mode 100644 puppet/modules/apache/spec/acceptance/custom_config_spec.rb delete mode 100644 puppet/modules/apache/spec/acceptance/default_mods_spec.rb delete mode 100644 puppet/modules/apache/spec/acceptance/init_task_spec.rb delete mode 100644 puppet/modules/apache/spec/acceptance/itk_spec.rb delete mode 100644 puppet/modules/apache/spec/acceptance/mod_php_spec.rb delete mode 100644 puppet/modules/apache/spec/acceptance/nodesets/centos-7-x64.yml delete mode 100644 puppet/modules/apache/spec/acceptance/nodesets/debian-8-x64.yml delete mode 100644 puppet/modules/apache/spec/acceptance/nodesets/default.yml delete mode 100644 puppet/modules/apache/spec/acceptance/nodesets/docker/centos-7.yml delete mode 100644 puppet/modules/apache/spec/acceptance/nodesets/docker/debian-8.yml delete mode 100644 puppet/modules/apache/spec/acceptance/nodesets/docker/ubuntu-14.04.yml delete mode 100644 puppet/modules/apache/spec/acceptance/nodesets/suse.yml delete mode 100644 puppet/modules/apache/spec/acceptance/prefork_worker_spec.rb delete mode 100644 puppet/modules/apache/spec/acceptance/service_spec.rb delete mode 100644 puppet/modules/apache/spec/acceptance/version.rb delete mode 100644 puppet/modules/apache/spec/acceptance/vhost_spec.rb delete mode 100644 puppet/modules/apache/spec/acceptance/vhosts_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/apache_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/dev_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/alias_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/auth_cas_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/auth_gssapi_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/auth_kerb_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/auth_mellon_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/authn_dbd_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/authnz_ldap_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/authnz_pam_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/cluster_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/data_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/dav_svn_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/deflate_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/dev_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/dir_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/disk_cache_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/dumpio_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/event_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/expires_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/ext_filter_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/fastcgi_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/fcgid_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/http2_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/info_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/intercept_form_submit_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/itk_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/jk_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/ldap_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/lookup_identity.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/mime_magic_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/mime_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/negotiation_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/pagespeed_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/passenger_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/perl_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/peruser_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/php_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/prefork_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/proxy_balancer_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/proxy_connect_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/proxy_html_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/proxy_wstunnel.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/python_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/remoteip_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/reqtimeout_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/rpaf_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/security_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/shib_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/speling_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/ssl_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/status_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/suphp_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/userdir_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/worker_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/mod/wsgi_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/params_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/service_spec.rb delete mode 100644 puppet/modules/apache/spec/classes/vhosts_spec.rb delete mode 100644 puppet/modules/apache/spec/default_facts.yml delete mode 100644 puppet/modules/apache/spec/defines/balancer_spec.rb delete mode 100644 puppet/modules/apache/spec/defines/balancermember_spec.rb delete mode 100644 puppet/modules/apache/spec/defines/custom_config_spec.rb delete mode 100644 puppet/modules/apache/spec/defines/fastcgi_server_spec.rb delete mode 100644 puppet/modules/apache/spec/defines/mod_spec.rb delete mode 100644 puppet/modules/apache/spec/defines/modsec_link_spec.rb delete mode 100644 puppet/modules/apache/spec/defines/vhost_custom_spec.rb delete mode 100644 puppet/modules/apache/spec/defines/vhost_spec.rb delete mode 100644 puppet/modules/apache/spec/fixtures/files/negotiation.conf delete mode 100644 puppet/modules/apache/spec/fixtures/files/spec delete mode 100644 puppet/modules/apache/spec/fixtures/site_apache/templates/fake.conf.erb delete mode 100644 puppet/modules/apache/spec/fixtures/templates/negotiation.conf.erb delete mode 100644 puppet/modules/apache/spec/functions/apache_pw_hash_spec.rb delete mode 100644 puppet/modules/apache/spec/functions/bool2httpd_spec.rb delete mode 100644 puppet/modules/apache/spec/functions/validate_apache_log_level_spec.rb delete mode 100644 puppet/modules/apache/spec/spec_helper.rb delete mode 100644 puppet/modules/apache/spec/spec_helper_acceptance.rb delete mode 100644 puppet/modules/apache/spec/spec_helper_local.rb delete mode 100644 puppet/modules/apache/spec/unit/apache_version_spec.rb delete mode 100644 puppet/modules/apache/spec/unit/provider/a2mod/gentoo_spec.rb delete mode 100644 puppet/modules/apache/spec/unit/puppet/parser/functions/apache_pw_hash_spec.rb delete mode 100644 puppet/modules/apache/spec/unit/puppet/parser/functions/bool2httpd_spec.rb delete mode 100644 puppet/modules/apache/spec/unit/puppet/parser/functions/validate_apache_log_level.rb delete mode 100644 puppet/modules/apache/tasks/init.json delete mode 100755 puppet/modules/apache/tasks/init.rb delete mode 100644 puppet/modules/apache/templates/confd/no-accf.conf.erb delete mode 100644 puppet/modules/apache/templates/fastcgi/server.erb delete mode 100755 puppet/modules/apache/templates/httpd.conf.erb delete mode 100644 puppet/modules/apache/templates/listen.erb delete mode 100644 puppet/modules/apache/templates/mod/_allow.erb delete mode 100644 puppet/modules/apache/templates/mod/_require.erb delete mode 100644 puppet/modules/apache/templates/mod/alias.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/auth_cas.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/auth_mellon.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/authn_dbd.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/authnz_ldap.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/autoindex.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/cgid.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/cluster.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/dav_fs.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/deflate.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/dir.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/disk_cache.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/dumpio.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/event.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/expires.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/ext_filter.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/fastcgi.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/fcgid.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/geoip.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/http2.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/info.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/itk.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/jk.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/jk/uriworkermap.properties.erb delete mode 100644 puppet/modules/apache/templates/mod/jk/workers.properties.erb delete mode 100644 puppet/modules/apache/templates/mod/ldap.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/load.erb delete mode 100644 puppet/modules/apache/templates/mod/mime.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/mime_magic.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/mpm_event.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/negotiation.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/nss.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/pagespeed.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/passenger.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/peruser.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/php.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/prefork.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/proxy.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/proxy_balancer.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/proxy_html.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/remoteip.conf.epp delete mode 100644 puppet/modules/apache/templates/mod/reqtimeout.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/rpaf.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/security.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/security_crs.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/setenvif.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/ssl.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/status.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/suphp.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/userdir.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/worker.conf.erb delete mode 100644 puppet/modules/apache/templates/mod/wsgi.conf.erb delete mode 100644 puppet/modules/apache/templates/namevirtualhost.erb delete mode 100644 puppet/modules/apache/templates/ports_header.erb delete mode 100644 puppet/modules/apache/templates/vhost/_access_log.erb delete mode 100644 puppet/modules/apache/templates/vhost/_action.erb delete mode 100644 puppet/modules/apache/templates/vhost/_additional_includes.erb delete mode 100644 puppet/modules/apache/templates/vhost/_aliases.erb delete mode 100644 puppet/modules/apache/templates/vhost/_allow_encoded_slashes.erb delete mode 100644 puppet/modules/apache/templates/vhost/_auth_cas.erb delete mode 100644 puppet/modules/apache/templates/vhost/_auth_kerb.erb delete mode 100644 puppet/modules/apache/templates/vhost/_block.erb delete mode 100644 puppet/modules/apache/templates/vhost/_charsets.erb delete mode 100644 puppet/modules/apache/templates/vhost/_custom_fragment.erb delete mode 100644 puppet/modules/apache/templates/vhost/_directories.erb delete mode 100644 puppet/modules/apache/templates/vhost/_docroot.erb delete mode 100644 puppet/modules/apache/templates/vhost/_error_document.erb delete mode 100644 puppet/modules/apache/templates/vhost/_fallbackresource.erb delete mode 100644 puppet/modules/apache/templates/vhost/_fastcgi.erb delete mode 100644 puppet/modules/apache/templates/vhost/_file_footer.erb delete mode 100644 puppet/modules/apache/templates/vhost/_file_header.erb delete mode 100644 puppet/modules/apache/templates/vhost/_filters.erb delete mode 100644 puppet/modules/apache/templates/vhost/_header.erb delete mode 100644 puppet/modules/apache/templates/vhost/_http2.erb delete mode 100644 puppet/modules/apache/templates/vhost/_http_protocol_options.erb delete mode 100644 puppet/modules/apache/templates/vhost/_itk.erb delete mode 100644 puppet/modules/apache/templates/vhost/_jk_mounts.erb delete mode 100644 puppet/modules/apache/templates/vhost/_keepalive_options.erb delete mode 100644 puppet/modules/apache/templates/vhost/_logging.erb delete mode 100644 puppet/modules/apache/templates/vhost/_passenger.erb delete mode 100644 puppet/modules/apache/templates/vhost/_php.erb delete mode 100644 puppet/modules/apache/templates/vhost/_php_admin.erb delete mode 100644 puppet/modules/apache/templates/vhost/_proxy.erb delete mode 100644 puppet/modules/apache/templates/vhost/_redirect.erb delete mode 100644 puppet/modules/apache/templates/vhost/_requestheader.erb delete mode 100644 puppet/modules/apache/templates/vhost/_require.erb delete mode 100644 puppet/modules/apache/templates/vhost/_rewrite.erb delete mode 100644 puppet/modules/apache/templates/vhost/_scriptalias.erb delete mode 100644 puppet/modules/apache/templates/vhost/_security.erb delete mode 100644 puppet/modules/apache/templates/vhost/_serveralias.erb delete mode 100644 puppet/modules/apache/templates/vhost/_serversignature.erb delete mode 100644 puppet/modules/apache/templates/vhost/_setenv.erb delete mode 100644 puppet/modules/apache/templates/vhost/_shib.erb delete mode 100644 puppet/modules/apache/templates/vhost/_ssl.erb delete mode 100644 puppet/modules/apache/templates/vhost/_sslproxy.erb delete mode 100644 puppet/modules/apache/templates/vhost/_suexec.erb delete mode 100644 puppet/modules/apache/templates/vhost/_suphp.erb delete mode 100644 puppet/modules/apache/templates/vhost/_use_canonical_name.erb delete mode 100644 puppet/modules/apache/templates/vhost/_wsgi.erb delete mode 100644 puppet/modules/augeas/CHANGELOG.md delete mode 100644 puppet/modules/augeas/Gemfile delete mode 100644 puppet/modules/augeas/LICENSE delete mode 100644 puppet/modules/augeas/README.md delete mode 100644 puppet/modules/augeas/Rakefile delete mode 100644 puppet/modules/augeas/checksums.json delete mode 100644 puppet/modules/augeas/lib/puppet/parser/functions/augeas.rb delete mode 100644 puppet/modules/augeas/manifests/files.pp delete mode 100644 puppet/modules/augeas/manifests/init.pp delete mode 100644 puppet/modules/augeas/manifests/lens.pp delete mode 100644 puppet/modules/augeas/manifests/packages.pp delete mode 100644 puppet/modules/augeas/manifests/params.pp delete mode 100644 puppet/modules/augeas/metadata.json delete mode 100644 puppet/modules/augeas/spec/.rspec delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/centos-5-x86_64-docker.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/centos-5.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/centos-6-x86_64-docker.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/centos-6-x86_64-openstack.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/centos-6-x86_64-vagrant.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/centos-6.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/centos-7-x86_64-docker.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/centos-7-x86_64-openstack.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/centos-7-x86_64-vagrant.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/centos-7.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/debian-6-x86_64-docker.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/debian-6-x86_64-openstack.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/debian-6-x86_64-vagrant.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/debian-6.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/debian-7-x86_64-docker.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/debian-7-x86_64-openstack.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/debian-7-x86_64-vagrant.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/debian-7.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/debian-8-x86_64-docker.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/debian-8-x86_64-openstack.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/debian-8-x86_64-vagrant.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/debian-8.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/ubuntu-10.04-x86_64-docker.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/ubuntu-12.04-x86_64-docker.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/ubuntu-12.04-x86_64-openstack.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/ubuntu-12.04.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/ubuntu-14.04-x86_64-docker.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/ubuntu-14.04-x86_64-openstack.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/ubuntu-14.04-x86_64-vagrant.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/ubuntu-14.04.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/ubuntu-14.10-x86_64-docker.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/ubuntu-14.10-x86_64-openstack.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/ubuntu-14.10.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/ubuntu-15.04-x86_64-docker.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/ubuntu-15.04-x86_64-openstack.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/ubuntu-15.04.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/ubuntu-15.10.yml delete mode 100644 puppet/modules/augeas/spec/acceptance/nodesets/ubuntu-16.04.yml delete mode 100644 puppet/modules/augeas/spec/classes/augeas_spec.rb delete mode 100644 puppet/modules/augeas/spec/defines/augeas_lens_spec.rb delete mode 100644 puppet/modules/augeas/spec/spec.opts delete mode 100644 puppet/modules/augeas/spec/spec_helper.rb delete mode 100644 puppet/modules/augeas/spec/unit/puppet/parser/functions/augeas_spec.rb delete mode 100644 puppet/modules/concat/CHANGELOG.md delete mode 100644 puppet/modules/concat/CONTRIBUTING.md delete mode 100644 puppet/modules/concat/Gemfile delete mode 100644 puppet/modules/concat/HISTORY.md delete mode 100644 puppet/modules/concat/LICENSE delete mode 100644 puppet/modules/concat/MAINTAINERS.md delete mode 100644 puppet/modules/concat/NOTICE delete mode 100644 puppet/modules/concat/README.md delete mode 100644 puppet/modules/concat/REFERENCE.md delete mode 100644 puppet/modules/concat/Rakefile delete mode 100644 puppet/modules/concat/appveyor.yml delete mode 100644 puppet/modules/concat/checksums.json delete mode 100644 puppet/modules/concat/examples/format.pp delete mode 100644 puppet/modules/concat/examples/fragment.pp delete mode 100644 puppet/modules/concat/examples/init.pp delete mode 100644 puppet/modules/concat/lib/puppet/type/concat_file.rb delete mode 100644 puppet/modules/concat/lib/puppet/type/concat_fragment.rb delete mode 100644 puppet/modules/concat/locales/config.yaml delete mode 100644 puppet/modules/concat/locales/ja/puppetlabs-concat.po delete mode 100644 puppet/modules/concat/locales/puppetlabs-concat.pot delete mode 100644 puppet/modules/concat/manifests/fragment.pp delete mode 100644 puppet/modules/concat/manifests/init.pp delete mode 100644 puppet/modules/concat/metadata.json delete mode 100644 puppet/modules/concat/readmes/README_ja_JP.md delete mode 100644 puppet/modules/concat/spec/acceptance/backup_spec.rb delete mode 100644 puppet/modules/concat/spec/acceptance/concat_spec.rb delete mode 100644 puppet/modules/concat/spec/acceptance/concurrency_spec.rb delete mode 100644 puppet/modules/concat/spec/acceptance/force_spec.rb delete mode 100644 puppet/modules/concat/spec/acceptance/format_spec.rb delete mode 100644 puppet/modules/concat/spec/acceptance/fragment_order_spec.rb delete mode 100644 puppet/modules/concat/spec/acceptance/fragment_source_spec.rb delete mode 100644 puppet/modules/concat/spec/acceptance/fragments_are_always_replaced_spec.rb delete mode 100644 puppet/modules/concat/spec/acceptance/locales_spec.rb delete mode 100644 puppet/modules/concat/spec/acceptance/newline_spec.rb delete mode 100644 puppet/modules/concat/spec/acceptance/nodesets/centos-7-x64.yml delete mode 100644 puppet/modules/concat/spec/acceptance/nodesets/debian-8-x64.yml delete mode 100644 puppet/modules/concat/spec/acceptance/nodesets/debian-9-x64.yml delete mode 100644 puppet/modules/concat/spec/acceptance/nodesets/default.yml delete mode 100644 puppet/modules/concat/spec/acceptance/nodesets/docker/centos-7.yml delete mode 100644 puppet/modules/concat/spec/acceptance/nodesets/docker/debian-8.yml delete mode 100644 puppet/modules/concat/spec/acceptance/nodesets/docker/ubuntu-14.04.yml delete mode 100644 puppet/modules/concat/spec/acceptance/noop_spec.rb delete mode 100644 puppet/modules/concat/spec/acceptance/order_spec.rb delete mode 100644 puppet/modules/concat/spec/acceptance/pup_1963_spec.rb delete mode 100644 puppet/modules/concat/spec/acceptance/quoted_paths_spec.rb delete mode 100644 puppet/modules/concat/spec/acceptance/replace_spec.rb delete mode 100644 puppet/modules/concat/spec/acceptance/specinfra_stubs.rb delete mode 100644 puppet/modules/concat/spec/acceptance/symbolic_name_spec.rb delete mode 100644 puppet/modules/concat/spec/acceptance/validation_spec.rb delete mode 100644 puppet/modules/concat/spec/acceptance/warn_header_spec.rb delete mode 100644 puppet/modules/concat/spec/acceptance/warnings_spec.rb delete mode 100644 puppet/modules/concat/spec/default_facts.yml delete mode 100644 puppet/modules/concat/spec/defines/concat_fragment_spec.rb delete mode 100644 puppet/modules/concat/spec/defines/concat_spec.rb delete mode 100644 puppet/modules/concat/spec/spec_helper.rb delete mode 100644 puppet/modules/concat/spec/spec_helper_acceptance.rb delete mode 100644 puppet/modules/concat/spec/spec_helper_local.rb delete mode 100644 puppet/modules/concat/spec/unit/type/concat_file_spec.rb delete mode 100644 puppet/modules/concat/spec/unit/type/concat_fragment_spec.rb delete mode 100644 puppet/modules/cpanm/Gemfile delete mode 100644 puppet/modules/cpanm/Gemfile.lock delete mode 100644 puppet/modules/cpanm/README.md delete mode 100644 puppet/modules/cpanm/Rakefile delete mode 100644 puppet/modules/cpanm/checksums.json delete mode 100644 puppet/modules/cpanm/examples/init.pp delete mode 100644 puppet/modules/cpanm/examples/installcheck.pp delete mode 100644 puppet/modules/cpanm/examples/latestcheck.pp delete mode 100644 puppet/modules/cpanm/examples/removecheck.pp delete mode 100644 puppet/modules/cpanm/files/cpanm delete mode 100644 puppet/modules/cpanm/lib/puppet/provider/cpanm/default.rb delete mode 100644 puppet/modules/cpanm/lib/puppet/type/cpanm.rb delete mode 100644 puppet/modules/cpanm/manifests/init.pp delete mode 100644 puppet/modules/cpanm/metadata.json delete mode 100644 puppet/modules/cpanm/spec/classes/init_spec.rb delete mode 100644 puppet/modules/cpanm/spec/spec_helper.rb delete mode 100644 puppet/modules/dw_dev/LICENSE delete mode 100644 puppet/modules/mailalias_core/CHANGELOG.md delete mode 100644 puppet/modules/mailalias_core/Gemfile delete mode 100644 puppet/modules/mailalias_core/LICENSE delete mode 100644 puppet/modules/mailalias_core/README.md delete mode 100644 puppet/modules/mailalias_core/Rakefile delete mode 100644 puppet/modules/mailalias_core/appveyor.yml delete mode 100644 puppet/modules/mailalias_core/checksums.json delete mode 100644 puppet/modules/mailalias_core/lib/puppet/provider/mailalias/aliases.rb delete mode 100644 puppet/modules/mailalias_core/lib/puppet/type/mailalias.rb delete mode 100644 puppet/modules/mailalias_core/locales/config.yaml delete mode 100644 puppet/modules/mailalias_core/locales/puppetlabs-mailalias_core.pot delete mode 100644 puppet/modules/mailalias_core/metadata.json delete mode 100644 puppet/modules/mailalias_core/spec/acceptance/nodesets/default.yml delete mode 100644 puppet/modules/mailalias_core/spec/acceptance/tests/create_spec.rb delete mode 100644 puppet/modules/mailalias_core/spec/acceptance/tests/destroy_spec.rb delete mode 100644 puppet/modules/mailalias_core/spec/acceptance/tests/modify_spec.rb delete mode 100644 puppet/modules/mailalias_core/spec/acceptance/tests/query_spec.rb delete mode 100644 puppet/modules/mailalias_core/spec/default_facts.yml delete mode 100644 puppet/modules/mailalias_core/spec/fixtures/integration/provider/mailalias/aliases/test1 delete mode 100644 puppet/modules/mailalias_core/spec/integration/provider/mailalias/aliases_spec.rb delete mode 100644 puppet/modules/mailalias_core/spec/lib/puppet_spec/files.rb delete mode 100644 puppet/modules/mailalias_core/spec/shared_behaviours/all_parsedfile_providers.rb delete mode 100644 puppet/modules/mailalias_core/spec/spec_helper.rb delete mode 100644 puppet/modules/mailalias_core/spec/spec_helper_acceptance.rb delete mode 100644 puppet/modules/mailalias_core/spec/spec_helper_local.rb delete mode 100644 puppet/modules/mailalias_core/spec/unit/type/mailalias_spec.rb delete mode 100644 puppet/modules/mysql/CHANGELOG.md delete mode 100644 puppet/modules/mysql/CONTRIBUTING.md delete mode 100644 puppet/modules/mysql/Gemfile delete mode 100644 puppet/modules/mysql/HISTORY.md delete mode 100644 puppet/modules/mysql/LICENSE delete mode 100644 puppet/modules/mysql/MAINTAINERS.md delete mode 100644 puppet/modules/mysql/NOTICE delete mode 100644 puppet/modules/mysql/README.md delete mode 100644 puppet/modules/mysql/REFERENCE.md delete mode 100644 puppet/modules/mysql/Rakefile delete mode 100644 puppet/modules/mysql/TODO delete mode 100644 puppet/modules/mysql/checksums.json delete mode 100644 puppet/modules/mysql/examples/backup.pp delete mode 100644 puppet/modules/mysql/examples/bindings.pp delete mode 100644 puppet/modules/mysql/examples/java.pp delete mode 100644 puppet/modules/mysql/examples/mysql_database.pp delete mode 100644 puppet/modules/mysql/examples/mysql_db.pp delete mode 100644 puppet/modules/mysql/examples/mysql_grant.pp delete mode 100644 puppet/modules/mysql/examples/mysql_plugin.pp delete mode 100644 puppet/modules/mysql/examples/mysql_user.pp delete mode 100644 puppet/modules/mysql/examples/perl.pp delete mode 100644 puppet/modules/mysql/examples/python.pp delete mode 100644 puppet/modules/mysql/examples/ruby.pp delete mode 100644 puppet/modules/mysql/examples/server.pp delete mode 100644 puppet/modules/mysql/examples/server/account_security.pp delete mode 100644 puppet/modules/mysql/examples/server/config.pp delete mode 100644 puppet/modules/mysql/lib/facter/mysql_server_id.rb delete mode 100644 puppet/modules/mysql/lib/facter/mysql_version.rb delete mode 100644 puppet/modules/mysql/lib/facter/mysqld_version.rb delete mode 100644 puppet/modules/mysql/lib/puppet/functions/mysql/password.rb delete mode 100644 puppet/modules/mysql/lib/puppet/functions/mysql/strip_hash.rb delete mode 100644 puppet/modules/mysql/lib/puppet/parser/functions/mysql_password.rb delete mode 100644 puppet/modules/mysql/lib/puppet/provider/mysql.rb delete mode 100644 puppet/modules/mysql/lib/puppet/provider/mysql_database/mysql.rb delete mode 100644 puppet/modules/mysql/lib/puppet/provider/mysql_datadir/mysql.rb delete mode 100644 puppet/modules/mysql/lib/puppet/provider/mysql_grant/mysql.rb delete mode 100644 puppet/modules/mysql/lib/puppet/provider/mysql_plugin/mysql.rb delete mode 100644 puppet/modules/mysql/lib/puppet/provider/mysql_user/mysql.rb delete mode 100644 puppet/modules/mysql/lib/puppet/type/mysql_database.rb delete mode 100644 puppet/modules/mysql/lib/puppet/type/mysql_datadir.rb delete mode 100644 puppet/modules/mysql/lib/puppet/type/mysql_grant.rb delete mode 100644 puppet/modules/mysql/lib/puppet/type/mysql_plugin.rb delete mode 100644 puppet/modules/mysql/lib/puppet/type/mysql_user.rb delete mode 100644 puppet/modules/mysql/locales/config.yaml delete mode 100644 puppet/modules/mysql/locales/ja/puppetlabs-mysql.po delete mode 100644 puppet/modules/mysql/locales/puppetlabs-mysql.pot delete mode 100644 puppet/modules/mysql/manifests/backup/mysqlbackup.pp delete mode 100644 puppet/modules/mysql/manifests/backup/mysqldump.pp delete mode 100644 puppet/modules/mysql/manifests/backup/xtrabackup.pp delete mode 100644 puppet/modules/mysql/manifests/bindings.pp delete mode 100644 puppet/modules/mysql/manifests/bindings/client_dev.pp delete mode 100644 puppet/modules/mysql/manifests/bindings/daemon_dev.pp delete mode 100644 puppet/modules/mysql/manifests/bindings/java.pp delete mode 100644 puppet/modules/mysql/manifests/bindings/perl.pp delete mode 100644 puppet/modules/mysql/manifests/bindings/php.pp delete mode 100644 puppet/modules/mysql/manifests/bindings/python.pp delete mode 100644 puppet/modules/mysql/manifests/bindings/ruby.pp delete mode 100644 puppet/modules/mysql/manifests/client.pp delete mode 100644 puppet/modules/mysql/manifests/client/install.pp delete mode 100644 puppet/modules/mysql/manifests/db.pp delete mode 100644 puppet/modules/mysql/manifests/params.pp delete mode 100644 puppet/modules/mysql/manifests/server.pp delete mode 100644 puppet/modules/mysql/manifests/server/account_security.pp delete mode 100644 puppet/modules/mysql/manifests/server/backup.pp delete mode 100644 puppet/modules/mysql/manifests/server/binarylog.pp delete mode 100644 puppet/modules/mysql/manifests/server/config.pp delete mode 100644 puppet/modules/mysql/manifests/server/install.pp delete mode 100644 puppet/modules/mysql/manifests/server/installdb.pp delete mode 100644 puppet/modules/mysql/manifests/server/monitor.pp delete mode 100644 puppet/modules/mysql/manifests/server/mysqltuner.pp delete mode 100644 puppet/modules/mysql/manifests/server/providers.pp delete mode 100644 puppet/modules/mysql/manifests/server/root_password.pp delete mode 100644 puppet/modules/mysql/manifests/server/service.pp delete mode 100644 puppet/modules/mysql/metadata.json delete mode 100644 puppet/modules/mysql/readmes/README_ja_JP.md delete mode 100644 puppet/modules/mysql/readmes/REFERENCE_ja_JP.md delete mode 100644 puppet/modules/mysql/spec/acceptance/locales_spec.rb delete mode 100644 puppet/modules/mysql/spec/acceptance/mysql_backup_spec.rb delete mode 100644 puppet/modules/mysql/spec/acceptance/mysql_db_spec.rb delete mode 100644 puppet/modules/mysql/spec/acceptance/mysql_helper.rb delete mode 100644 puppet/modules/mysql/spec/acceptance/mysql_server_spec.rb delete mode 100644 puppet/modules/mysql/spec/acceptance/nodesets/centos-7-x64.yml delete mode 100644 puppet/modules/mysql/spec/acceptance/nodesets/debian-8-x64.yml delete mode 100644 puppet/modules/mysql/spec/acceptance/nodesets/default.yml delete mode 100644 puppet/modules/mysql/spec/acceptance/nodesets/docker/centos-7.yml delete mode 100644 puppet/modules/mysql/spec/acceptance/nodesets/docker/debian-8.yml delete mode 100644 puppet/modules/mysql/spec/acceptance/nodesets/docker/ubuntu-14.04.yml delete mode 100644 puppet/modules/mysql/spec/acceptance/sql_task_spec.rb delete mode 100644 puppet/modules/mysql/spec/acceptance/types/mysql_database_spec.rb delete mode 100644 puppet/modules/mysql/spec/acceptance/types/mysql_grant_spec.rb delete mode 100644 puppet/modules/mysql/spec/acceptance/types/mysql_plugin_spec.rb delete mode 100644 puppet/modules/mysql/spec/acceptance/types/mysql_user_spec.rb delete mode 100644 puppet/modules/mysql/spec/classes/graceful_failures_spec.rb delete mode 100644 puppet/modules/mysql/spec/classes/mycnf_template_spec.rb delete mode 100644 puppet/modules/mysql/spec/classes/mysql_bindings_spec.rb delete mode 100644 puppet/modules/mysql/spec/classes/mysql_client_spec.rb delete mode 100644 puppet/modules/mysql/spec/classes/mysql_server_account_security_spec.rb delete mode 100644 puppet/modules/mysql/spec/classes/mysql_server_backup_spec.rb delete mode 100644 puppet/modules/mysql/spec/classes/mysql_server_monitor_spec.rb delete mode 100644 puppet/modules/mysql/spec/classes/mysql_server_mysqltuner_spec.rb delete mode 100644 puppet/modules/mysql/spec/classes/mysql_server_spec.rb delete mode 100644 puppet/modules/mysql/spec/default_facts.yml delete mode 100644 puppet/modules/mysql/spec/defines/mysql_db_spec.rb delete mode 100644 puppet/modules/mysql/spec/functions/mysql_password_spec.rb delete mode 100644 puppet/modules/mysql/spec/functions/mysql_strip_hash_spec.rb delete mode 100644 puppet/modules/mysql/spec/spec_helper.rb delete mode 100644 puppet/modules/mysql/spec/spec_helper_acceptance.rb delete mode 100644 puppet/modules/mysql/spec/spec_helper_local.rb delete mode 100644 puppet/modules/mysql/spec/unit/facter/mysql_server_id_spec.rb delete mode 100644 puppet/modules/mysql/spec/unit/facter/mysql_version_spec.rb delete mode 100644 puppet/modules/mysql/spec/unit/facter/mysqld_version_spec.rb delete mode 100644 puppet/modules/mysql/spec/unit/puppet/functions/mysql_password_spec.rb delete mode 100644 puppet/modules/mysql/spec/unit/puppet/provider/mysql_database/mysql_spec.rb delete mode 100644 puppet/modules/mysql/spec/unit/puppet/provider/mysql_plugin/mysql_spec.rb delete mode 100644 puppet/modules/mysql/spec/unit/puppet/provider/mysql_user/mysql_spec.rb delete mode 100644 puppet/modules/mysql/spec/unit/puppet/type/mysql_database_spec.rb delete mode 100644 puppet/modules/mysql/spec/unit/puppet/type/mysql_grant_spec.rb delete mode 100644 puppet/modules/mysql/spec/unit/puppet/type/mysql_plugin_spec.rb delete mode 100644 puppet/modules/mysql/spec/unit/puppet/type/mysql_user_spec.rb delete mode 100644 puppet/modules/mysql/tasks/export.json delete mode 100755 puppet/modules/mysql/tasks/export.rb delete mode 100644 puppet/modules/mysql/tasks/sql.json delete mode 100755 puppet/modules/mysql/tasks/sql.rb delete mode 100644 puppet/modules/mysql/templates/meb.cnf.erb delete mode 100644 puppet/modules/mysql/templates/my.cnf.erb delete mode 100644 puppet/modules/mysql/templates/my.cnf.pass.erb delete mode 100755 puppet/modules/mysql/templates/mysqlbackup.sh.erb delete mode 100644 puppet/modules/mysql/templates/xtrabackup.sh.erb delete mode 100644 puppet/modules/postfix/CHANGELOG.md delete mode 100644 puppet/modules/postfix/CONTRIBUTING.md delete mode 100644 puppet/modules/postfix/Gemfile delete mode 100644 puppet/modules/postfix/LICENSE delete mode 100644 puppet/modules/postfix/README.md delete mode 100644 puppet/modules/postfix/Rakefile delete mode 100644 puppet/modules/postfix/checksums.json delete mode 100644 puppet/modules/postfix/files/lenses/postfix_canonical.aug delete mode 100644 puppet/modules/postfix/files/lenses/postfix_transport.aug delete mode 100644 puppet/modules/postfix/files/lenses/postfix_virtual.aug delete mode 100644 puppet/modules/postfix/files/lenses/test_postfix_canonical.aug delete mode 100644 puppet/modules/postfix/files/lenses/test_postfix_transport.aug delete mode 100644 puppet/modules/postfix/files/lenses/test_postfix_virtual.aug delete mode 100644 puppet/modules/postfix/files/main.cf delete mode 100644 puppet/modules/postfix/manifests/augeas.pp delete mode 100644 puppet/modules/postfix/manifests/canonical.pp delete mode 100644 puppet/modules/postfix/manifests/conffile.pp delete mode 100644 puppet/modules/postfix/manifests/config.pp delete mode 100644 puppet/modules/postfix/manifests/files.pp delete mode 100644 puppet/modules/postfix/manifests/hash.pp delete mode 100644 puppet/modules/postfix/manifests/init.pp delete mode 100644 puppet/modules/postfix/manifests/ldap.pp delete mode 100644 puppet/modules/postfix/manifests/mailalias.pp delete mode 100644 puppet/modules/postfix/manifests/mailman.pp delete mode 100644 puppet/modules/postfix/manifests/map.pp delete mode 100644 puppet/modules/postfix/manifests/mta.pp delete mode 100644 puppet/modules/postfix/manifests/packages.pp delete mode 100644 puppet/modules/postfix/manifests/params.pp delete mode 100644 puppet/modules/postfix/manifests/satellite.pp delete mode 100644 puppet/modules/postfix/manifests/service.pp delete mode 100644 puppet/modules/postfix/manifests/transport.pp delete mode 100644 puppet/modules/postfix/manifests/virtual.pp delete mode 100644 puppet/modules/postfix/metadata.json delete mode 100644 puppet/modules/postfix/spec/.rspec delete mode 100644 puppet/modules/postfix/spec/acceptance/nodesets/centos-5.yml delete mode 100644 puppet/modules/postfix/spec/acceptance/nodesets/centos-6.yml delete mode 100644 puppet/modules/postfix/spec/acceptance/nodesets/centos-7.yml delete mode 100644 puppet/modules/postfix/spec/acceptance/nodesets/debian-6.yml delete mode 100644 puppet/modules/postfix/spec/acceptance/nodesets/debian-7.yml delete mode 100644 puppet/modules/postfix/spec/acceptance/nodesets/debian-8.yml delete mode 100644 puppet/modules/postfix/spec/acceptance/nodesets/debian-9.yml delete mode 100644 puppet/modules/postfix/spec/acceptance/nodesets/ubuntu-12.04.yml delete mode 100644 puppet/modules/postfix/spec/acceptance/nodesets/ubuntu-14.04.yml delete mode 100644 puppet/modules/postfix/spec/acceptance/nodesets/ubuntu-14.10.yml delete mode 100644 puppet/modules/postfix/spec/acceptance/nodesets/ubuntu-15.04.yml delete mode 100644 puppet/modules/postfix/spec/acceptance/nodesets/ubuntu-15.10.yml delete mode 100644 puppet/modules/postfix/spec/acceptance/nodesets/ubuntu-16.04.yml delete mode 100644 puppet/modules/postfix/spec/acceptance/postfix_spec.rb delete mode 100644 puppet/modules/postfix/spec/classes/postfix_augeas_spec.rb delete mode 100644 puppet/modules/postfix/spec/classes/postfix_mailman_spec.rb delete mode 100644 puppet/modules/postfix/spec/classes/postfix_mta_spec.rb delete mode 100644 puppet/modules/postfix/spec/classes/postfix_satellite_spec.rb delete mode 100644 puppet/modules/postfix/spec/classes/postfix_spec.rb delete mode 100644 puppet/modules/postfix/spec/defines/postfix_conffile_spec.rb delete mode 100644 puppet/modules/postfix/spec/defines/postfix_config_spec.rb delete mode 100644 puppet/modules/postfix/spec/defines/postfix_hash_spec.rb delete mode 100644 puppet/modules/postfix/spec/defines/postfix_map_spec.rb delete mode 100644 puppet/modules/postfix/spec/defines/postfix_transport_spec.rb delete mode 100644 puppet/modules/postfix/spec/defines/postfix_virtual_spec.rb delete mode 100644 puppet/modules/postfix/spec/spec.opts delete mode 100644 puppet/modules/postfix/spec/spec_helper.rb delete mode 100644 puppet/modules/postfix/spec/spec_helper_acceptance.rb delete mode 100644 puppet/modules/postfix/templates/conffile.erb delete mode 100644 puppet/modules/postfix/templates/master.cf.SLES11.2.erb delete mode 100644 puppet/modules/postfix/templates/master.cf.SLES11.3.erb delete mode 100644 puppet/modules/postfix/templates/master.cf.SLES11.4.erb delete mode 100644 puppet/modules/postfix/templates/master.cf.SLES12.2.erb delete mode 100644 puppet/modules/postfix/templates/master.cf.SLES12.3.erb delete mode 100644 puppet/modules/postfix/templates/master.cf.common.erb delete mode 100644 puppet/modules/postfix/templates/master.cf.debian.erb delete mode 100644 puppet/modules/postfix/templates/master.cf.redhat.erb delete mode 100644 puppet/modules/postfix/templates/master.cf.sles.erb delete mode 100644 puppet/modules/postfix/templates/postfix-ldap-aliases.cf.erb delete mode 100644 puppet/modules/postfix/tests/init.pp delete mode 100644 puppet/modules/stdlib/CHANGELOG.md delete mode 100644 puppet/modules/stdlib/CONTRIBUTING.md delete mode 100644 puppet/modules/stdlib/Gemfile delete mode 100644 puppet/modules/stdlib/HISTORY.md delete mode 100644 puppet/modules/stdlib/LICENSE delete mode 100644 puppet/modules/stdlib/MAINTAINERS.md delete mode 100644 puppet/modules/stdlib/NOTICE delete mode 100644 puppet/modules/stdlib/README.md delete mode 100644 puppet/modules/stdlib/README_DEVELOPER.markdown delete mode 100644 puppet/modules/stdlib/README_SPECS.markdown delete mode 100644 puppet/modules/stdlib/RELEASE_PROCESS.markdown delete mode 100644 puppet/modules/stdlib/Rakefile delete mode 100644 puppet/modules/stdlib/appveyor.yml delete mode 100644 puppet/modules/stdlib/checksums.json delete mode 100644 puppet/modules/stdlib/examples/file_line.pp delete mode 100644 puppet/modules/stdlib/examples/has_interface_with.pp delete mode 100644 puppet/modules/stdlib/examples/has_ip_address.pp delete mode 100644 puppet/modules/stdlib/examples/has_ip_network.pp delete mode 100644 puppet/modules/stdlib/examples/init.pp delete mode 100644 puppet/modules/stdlib/lib/facter/facter_dot_d.rb delete mode 100644 puppet/modules/stdlib/lib/facter/package_provider.rb delete mode 100644 puppet/modules/stdlib/lib/facter/pe_version.rb delete mode 100644 puppet/modules/stdlib/lib/facter/puppet_settings.rb delete mode 100644 puppet/modules/stdlib/lib/facter/root_home.rb delete mode 100644 puppet/modules/stdlib/lib/facter/service_provider.rb delete mode 100644 puppet/modules/stdlib/lib/facter/util/puppet_settings.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/deprecation.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/fact.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/is_a.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/is_absolute_path.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/is_array.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/is_bool.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/is_float.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/is_ip_address.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/is_ipv4_address.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/is_ipv6_address.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/is_numeric.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/is_string.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/length.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/os_version_gte.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/seeded_rand_string.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/sprintf_hash.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/stdlib/extname.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/to_json.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/to_json_pretty.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/to_yaml.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/type_of.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/validate_absolute_path.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/validate_array.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/validate_bool.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/validate_hash.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/validate_integer.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/validate_ip_address.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/validate_ipv4_address.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/validate_ipv6_address.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/validate_legacy.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/validate_numeric.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/validate_re.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/validate_slength.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/functions/validate_string.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/abs.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/any2array.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/any2bool.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/assert_private.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/base64.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/basename.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/bool2num.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/bool2str.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/camelcase.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/capitalize.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/ceiling.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/chomp.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/chop.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/clamp.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/concat.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/convert_base.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/count.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/deep_merge.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/defined_with_params.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/delete.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/delete_at.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/delete_regex.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/delete_undef_values.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/delete_values.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/deprecation.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/difference.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/dig.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/dig44.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/dirname.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/dos2unix.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/downcase.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/empty.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/enclose_ipv6.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/ensure_packages.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/ensure_resource.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/ensure_resources.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/flatten.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/floor.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/fqdn_rand_string.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/fqdn_rotate.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/fqdn_uuid.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/get_module_path.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/getparam.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/getvar.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/glob.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/grep.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/has_interface_with.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/has_ip_address.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/has_ip_network.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/has_key.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/hash.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/intersection.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/is_absolute_path.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/is_array.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/is_bool.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/is_domain_name.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/is_email_address.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/is_float.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/is_function_available.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/is_hash.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/is_integer.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/is_ip_address.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/is_ipv4_address.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/is_ipv6_address.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/is_mac_address.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/is_numeric.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/is_string.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/join.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/join_keys_to_values.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/keys.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/load_module_metadata.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/loadjson.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/loadyaml.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/lstrip.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/max.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/member.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/merge.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/min.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/num2bool.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/parsejson.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/parseyaml.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/pick.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/pick_default.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/prefix.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/private.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/pry.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/pw_hash.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/range.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/regexpescape.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/reject.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/reverse.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/round.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/rstrip.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/seeded_rand.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/shell_escape.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/shell_join.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/shell_split.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/shuffle.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/size.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/sort.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/squeeze.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/str2bool.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/str2saltedsha512.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/strftime.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/strip.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/suffix.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/swapcase.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/time.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/to_bytes.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/try_get_value.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/type.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/type3x.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/union.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/unique.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/unix2dos.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/upcase.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/uriescape.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/validate_absolute_path.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/validate_array.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/validate_augeas.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/validate_bool.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/validate_cmd.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/validate_domain_name.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/validate_email_address.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/validate_hash.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/validate_integer.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/validate_ip_address.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/validate_ipv4_address.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/validate_ipv6_address.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/validate_numeric.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/validate_re.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/validate_slength.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/validate_string.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/validate_x509_rsa_key_pair.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/values.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/values_at.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/parser/functions/zip.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/provider/file_line/ruby.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/type/anchor.rb delete mode 100644 puppet/modules/stdlib/lib/puppet/type/file_line.rb delete mode 100644 puppet/modules/stdlib/locales/config.yaml delete mode 100644 puppet/modules/stdlib/locales/ja/puppetlabs-stdlib.po delete mode 100644 puppet/modules/stdlib/locales/puppetlabs-stdlib.pot delete mode 100644 puppet/modules/stdlib/manifests/init.pp delete mode 100644 puppet/modules/stdlib/manifests/stages.pp delete mode 100644 puppet/modules/stdlib/metadata.json delete mode 100644 puppet/modules/stdlib/readmes/README_ja_JP.md delete mode 100644 puppet/modules/stdlib/spec/acceptance/abs_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/anchor_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/any2array_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/base64_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/bool2num_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/build_csv.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/capitalize_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/ceiling_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/chomp_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/chop_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/clamp_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/concat_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/count_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/deep_merge_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/defined_with_params_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/delete_at_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/delete_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/delete_undef_values_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/delete_values_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/deprecation_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/difference_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/dirname_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/downcase_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/empty_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/ensure_resource_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/flatten_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/floor_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/fqdn_rand_string_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/fqdn_rotate_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/get_module_path_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/getparam_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/getvar_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/grep_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/has_interface_with_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/has_ip_address_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/has_ip_network_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/has_key_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/hash_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/intersection_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/is_a_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/is_array_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/is_bool_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/is_domain_name_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/is_float_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/is_function_available_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/is_hash_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/is_integer_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/is_ip_address_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/is_ipv4_address_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/is_ipv6_address_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/is_mac_address_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/is_numeric_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/is_string_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/join_keys_to_values_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/join_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/keys_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/loadjson_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/loadyaml_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/lstrip_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/max_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/member_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/merge_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/min_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/nodesets/centos-7-x64.yml delete mode 100644 puppet/modules/stdlib/spec/acceptance/nodesets/debian-8-x64.yml delete mode 100644 puppet/modules/stdlib/spec/acceptance/nodesets/default.yml delete mode 100644 puppet/modules/stdlib/spec/acceptance/nodesets/docker/centos-7.yml delete mode 100644 puppet/modules/stdlib/spec/acceptance/nodesets/docker/debian-8.yml delete mode 100644 puppet/modules/stdlib/spec/acceptance/nodesets/docker/ubuntu-14.04.yml delete mode 100644 puppet/modules/stdlib/spec/acceptance/num2bool_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/parsejson_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/parseyaml_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/pick_default_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/pick_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/prefix_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/pw_hash_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/range_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/reject_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/reverse_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/rstrip_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/shuffle_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/size_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/sort_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/squeeze_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/str2bool_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/str2saltedsha512_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/strftime_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/strip_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/suffix_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/swapcase_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/time_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/to_bytes_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/try_get_value_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/type3x_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/type_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/union_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/unique_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/upcase_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/uriescape_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/validate_absolute_path_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/validate_array_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/validate_augeas_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/validate_bool_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/validate_cmd_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/validate_hash_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/validate_ipv4_address_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/validate_ipv6_address_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/validate_re_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/validate_slength_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/validate_string_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/values_at_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/values_spec.rb delete mode 100644 puppet/modules/stdlib/spec/acceptance/zip_spec.rb delete mode 100644 puppet/modules/stdlib/spec/default_facts.yml delete mode 100644 puppet/modules/stdlib/spec/fixtures/dscacheutil/root delete mode 100644 puppet/modules/stdlib/spec/fixtures/lsuser/root delete mode 100644 puppet/modules/stdlib/spec/fixtures/test/manifests/base32.pp delete mode 100644 puppet/modules/stdlib/spec/fixtures/test/manifests/base64.pp delete mode 100644 puppet/modules/stdlib/spec/fixtures/test/manifests/deftype.pp delete mode 100644 puppet/modules/stdlib/spec/fixtures/test/manifests/ensure_resources.pp delete mode 100644 puppet/modules/stdlib/spec/functions/abs_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/any2array_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/any2bool_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/assert_private_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/base64_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/basename_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/bool2num_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/bool2str_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/camelcase_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/capitalize_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/ceiling_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/chomp_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/chop_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/clamp_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/concat_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/convert_base_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/count_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/deep_merge_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/defined_with_params_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/delete_at_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/delete_regex_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/delete_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/delete_undef_values_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/delete_values_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/deprecation_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/difference_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/dig44_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/dig_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/dirname_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/dos2unix_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/downcase_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/empty_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/ensure_packages_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/ensure_resource_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/ensure_resources_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/extname_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/flatten_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/floor_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/fqdn_rand_string_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/fqdn_rotate_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/fqdn_uuid_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/get_module_path_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/getparam_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/getvar_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/glob_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/grep_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/has_interface_with_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/has_ip_address_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/has_ip_network_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/has_key_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/hash_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/intersection_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/is_a_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/is_array_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/is_bool_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/is_domain_name_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/is_email_address_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/is_float_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/is_function_available_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/is_hash_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/is_integer_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/is_ip_address_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/is_ipv4_address_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/is_ipv6_address_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/is_mac_address_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/is_numeric_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/is_string_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/join_keys_to_values_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/join_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/keys_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/length_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/load_module_metadata_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/loadjson_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/loadyaml_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/lstrip_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/max_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/member_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/merge_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/min_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/num2bool_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/os_version_gte_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/parsejson_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/parseyaml_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/pick_default_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/pick_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/prefix_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/private_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/pw_hash_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/range_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/regexpescape_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/reject_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/reverse_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/round_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/rstrip_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/seeded_rand_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/seeded_rand_string_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/shell_escape_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/shell_join_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/shell_split_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/shuffle_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/size_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/sort_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/sprintf_hash_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/squeeze_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/str2bool_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/str2saltedsha512_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/strftime_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/strip_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/suffix_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/swapcase_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/time_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/to_bytes_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/to_json_pretty_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/to_json_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/to_yaml_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/try_get_value_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/type3x_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/type_of_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/type_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/union_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/unique_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/unix2dos_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/upcase_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/uriescape_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/validate_absolute_path_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/validate_array_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/validate_augeas_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/validate_bool_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/validate_cmd_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/validate_domain_name_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/validate_email_address_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/validate_hash_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/validate_integer_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/validate_ip_address_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/validate_ipv4_address_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/validate_ipv6_address_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/validate_legacy_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/validate_numeric_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/validate_re_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/validate_slength_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/validate_string_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/validate_x509_rsa_key_pair_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/values_at_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/values_spec.rb delete mode 100644 puppet/modules/stdlib/spec/functions/zip_spec.rb delete mode 100644 puppet/modules/stdlib/spec/monkey_patches/alias_should_to_must.rb delete mode 100644 puppet/modules/stdlib/spec/monkey_patches/publicize_methods.rb delete mode 100644 puppet/modules/stdlib/spec/spec_helper.rb delete mode 100644 puppet/modules/stdlib/spec/spec_helper_acceptance.rb delete mode 100644 puppet/modules/stdlib/spec/spec_helper_local.rb delete mode 100644 puppet/modules/stdlib/spec/support/shared_data.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/absolute_path_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/array_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/base32_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/base64_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/bool_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/compat__ip_address.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/compat__ipv4_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/compat__ipv6_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/filemode_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/filesource_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/float_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/fqdn_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/hash_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/host_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/httpsurl_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/httpurl_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/integer_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/ip_address_nosubnet_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/ip_address_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/ip_address_v4_nosubnet_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/ip_address_v4_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/ip_address_v6_alternative_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/ip_address_v6_cidr_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/ip_address_v6_compressed_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/ip_address_v6_full_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/ip_address_v6_nosubnet_alternative_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/ip_address_v6_nosubnet_compressed_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/ip_address_v6_nosubnet_full_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/ip_address_v6_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/numeric_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/port__privileged_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/port__unprivileged_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/port_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/string_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/unixpath_spec.rb delete mode 100644 puppet/modules/stdlib/spec/type_aliases/windowspath_spec.rb delete mode 100644 puppet/modules/stdlib/spec/unit/facter/facter_dot_d_spec.rb delete mode 100644 puppet/modules/stdlib/spec/unit/facter/package_provider_spec.rb delete mode 100644 puppet/modules/stdlib/spec/unit/facter/pe_version_spec.rb delete mode 100644 puppet/modules/stdlib/spec/unit/facter/root_home_spec.rb delete mode 100644 puppet/modules/stdlib/spec/unit/facter/service_provider_spec.rb delete mode 100644 puppet/modules/stdlib/spec/unit/facter/util/puppet_settings_spec.rb delete mode 100644 puppet/modules/stdlib/spec/unit/puppet/parser/functions/enclose_ipv6_spec.rb delete mode 100644 puppet/modules/stdlib/spec/unit/puppet/parser/functions/is_absolute_path_spec.rb delete mode 100644 puppet/modules/stdlib/spec/unit/puppet/provider/file_line/ruby_spec.rb delete mode 100644 puppet/modules/stdlib/spec/unit/puppet/provider/file_line/ruby_spec_alter.rb delete mode 100644 puppet/modules/stdlib/spec/unit/puppet/provider/file_line/ruby_spec_use_cases.rb delete mode 100644 puppet/modules/stdlib/spec/unit/puppet/type/anchor_spec.rb delete mode 100644 puppet/modules/stdlib/spec/unit/puppet/type/file_line_spec.rb delete mode 100644 puppet/modules/stdlib/types/absolutepath.pp delete mode 100644 puppet/modules/stdlib/types/base32.pp delete mode 100644 puppet/modules/stdlib/types/base64.pp delete mode 100644 puppet/modules/stdlib/types/compat/absolute_path.pp delete mode 100644 puppet/modules/stdlib/types/compat/array.pp delete mode 100644 puppet/modules/stdlib/types/compat/bool.pp delete mode 100644 puppet/modules/stdlib/types/compat/float.pp delete mode 100644 puppet/modules/stdlib/types/compat/hash.pp delete mode 100644 puppet/modules/stdlib/types/compat/integer.pp delete mode 100644 puppet/modules/stdlib/types/compat/ip_address.pp delete mode 100644 puppet/modules/stdlib/types/compat/ipv4.pp delete mode 100644 puppet/modules/stdlib/types/compat/ipv6.pp delete mode 100644 puppet/modules/stdlib/types/compat/numeric.pp delete mode 100644 puppet/modules/stdlib/types/compat/re.pp delete mode 100644 puppet/modules/stdlib/types/compat/string.pp delete mode 100644 puppet/modules/stdlib/types/ensure/service.pp delete mode 100644 puppet/modules/stdlib/types/filemode.pp delete mode 100644 puppet/modules/stdlib/types/filesource.pp delete mode 100644 puppet/modules/stdlib/types/fqdn.pp delete mode 100644 puppet/modules/stdlib/types/host.pp delete mode 100644 puppet/modules/stdlib/types/httpsurl.pp delete mode 100644 puppet/modules/stdlib/types/httpurl.pp delete mode 100644 puppet/modules/stdlib/types/ip/address.pp delete mode 100644 puppet/modules/stdlib/types/ip/address/nosubnet.pp delete mode 100644 puppet/modules/stdlib/types/ip/address/v4.pp delete mode 100644 puppet/modules/stdlib/types/ip/address/v4/cidr.pp delete mode 100644 puppet/modules/stdlib/types/ip/address/v4/nosubnet.pp delete mode 100644 puppet/modules/stdlib/types/ip/address/v6.pp delete mode 100644 puppet/modules/stdlib/types/ip/address/v6/alternative.pp delete mode 100644 puppet/modules/stdlib/types/ip/address/v6/cidr.pp delete mode 100644 puppet/modules/stdlib/types/ip/address/v6/compressed.pp delete mode 100644 puppet/modules/stdlib/types/ip/address/v6/full.pp delete mode 100644 puppet/modules/stdlib/types/ip/address/v6/nosubnet.pp delete mode 100644 puppet/modules/stdlib/types/ip/address/v6/nosubnet/alternative.pp delete mode 100644 puppet/modules/stdlib/types/ip/address/v6/nosubnet/compressed.pp delete mode 100644 puppet/modules/stdlib/types/ip/address/v6/nosubnet/full.pp delete mode 100644 puppet/modules/stdlib/types/mac.pp delete mode 100644 puppet/modules/stdlib/types/port.pp delete mode 100644 puppet/modules/stdlib/types/port/privileged.pp delete mode 100644 puppet/modules/stdlib/types/port/unprivileged.pp delete mode 100644 puppet/modules/stdlib/types/unixpath.pp delete mode 100644 puppet/modules/stdlib/types/windowspath.pp delete mode 100644 puppet/modules/translate/CHANGELOG.md delete mode 100644 puppet/modules/translate/CONTRIBUTING.md delete mode 100644 puppet/modules/translate/Gemfile delete mode 100644 puppet/modules/translate/HISTORY.md delete mode 100644 puppet/modules/translate/LICENSE delete mode 100644 puppet/modules/translate/MAINTAINERS.md delete mode 100644 puppet/modules/translate/NOTICE delete mode 100644 puppet/modules/translate/README.md delete mode 100644 puppet/modules/translate/Rakefile delete mode 100644 puppet/modules/translate/checksums.json delete mode 100644 puppet/modules/translate/lib/puppet/functions/translate.rb delete mode 100644 puppet/modules/translate/locales/config.yaml delete mode 100644 puppet/modules/translate/metadata.json delete mode 100644 puppet/modules/translate/spec/acceptance/nodesets/centos-7-x64.yml delete mode 100644 puppet/modules/translate/spec/acceptance/nodesets/debian-8-x64.yml delete mode 100644 puppet/modules/translate/spec/acceptance/nodesets/default.yml delete mode 100644 puppet/modules/translate/spec/acceptance/nodesets/docker/centos-7.yml delete mode 100644 puppet/modules/translate/spec/acceptance/nodesets/docker/debian-8.yml delete mode 100644 puppet/modules/translate/spec/acceptance/nodesets/docker/ubuntu-14.04.yml delete mode 100644 puppet/modules/translate/spec/acceptance/translate_spec.rb delete mode 100644 puppet/modules/translate/spec/default_facts.yml delete mode 100644 puppet/modules/translate/spec/functions/translate_spec.rb delete mode 100644 puppet/modules/translate/spec/spec_helper.rb delete mode 100644 puppet/modules/vcsrepo/CHANGELOG.md delete mode 100644 puppet/modules/vcsrepo/CONTRIBUTING.md delete mode 100644 puppet/modules/vcsrepo/Gemfile delete mode 100644 puppet/modules/vcsrepo/HISTORY.md delete mode 100644 puppet/modules/vcsrepo/LICENSE delete mode 100644 puppet/modules/vcsrepo/MAINTAINERS.md delete mode 100644 puppet/modules/vcsrepo/NOTICE delete mode 100644 puppet/modules/vcsrepo/README.markdown delete mode 100755 puppet/modules/vcsrepo/Rakefile delete mode 100644 puppet/modules/vcsrepo/checksums.json delete mode 100644 puppet/modules/vcsrepo/examples/bzr/branch.pp delete mode 100644 puppet/modules/vcsrepo/examples/bzr/init_repo.pp delete mode 100644 puppet/modules/vcsrepo/examples/cvs/local.pp delete mode 100644 puppet/modules/vcsrepo/examples/cvs/remote.pp delete mode 100644 puppet/modules/vcsrepo/examples/git/bare_init.pp delete mode 100644 puppet/modules/vcsrepo/examples/git/clone.pp delete mode 100644 puppet/modules/vcsrepo/examples/git/shallow-clone-with-just-one-commit.pp delete mode 100644 puppet/modules/vcsrepo/examples/git/working_copy_init.pp delete mode 100644 puppet/modules/vcsrepo/examples/hg/clone.pp delete mode 100644 puppet/modules/vcsrepo/examples/hg/clone_basic_auth.pp delete mode 100644 puppet/modules/vcsrepo/examples/hg/init_repo.pp delete mode 100644 puppet/modules/vcsrepo/examples/p4/create_client.pp delete mode 100644 puppet/modules/vcsrepo/examples/p4/delete_client.pp delete mode 100644 puppet/modules/vcsrepo/examples/p4/latest_client.pp delete mode 100644 puppet/modules/vcsrepo/examples/p4/sync_client.pp delete mode 100644 puppet/modules/vcsrepo/examples/svn/checkout.pp delete mode 100644 puppet/modules/vcsrepo/examples/svn/server.pp delete mode 100644 puppet/modules/vcsrepo/lib/facter/vcsrepo_svn_ver.rb delete mode 100644 puppet/modules/vcsrepo/lib/puppet/provider/vcsrepo.rb delete mode 100644 puppet/modules/vcsrepo/lib/puppet/provider/vcsrepo/bzr.rb delete mode 100644 puppet/modules/vcsrepo/lib/puppet/provider/vcsrepo/cvs.rb delete mode 100644 puppet/modules/vcsrepo/lib/puppet/provider/vcsrepo/dummy.rb delete mode 100644 puppet/modules/vcsrepo/lib/puppet/provider/vcsrepo/git.rb delete mode 100644 puppet/modules/vcsrepo/lib/puppet/provider/vcsrepo/hg.rb delete mode 100644 puppet/modules/vcsrepo/lib/puppet/provider/vcsrepo/p4.rb delete mode 100644 puppet/modules/vcsrepo/lib/puppet/provider/vcsrepo/svn.rb delete mode 100644 puppet/modules/vcsrepo/lib/puppet/type/vcsrepo.rb delete mode 100644 puppet/modules/vcsrepo/locales/config.yaml delete mode 100644 puppet/modules/vcsrepo/metadata.json delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/basic_auth/basic_auth_checkout_http.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/basic_auth/basic_auth_checkout_https.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/basic_auth/negative/basic_auth_checkout_git.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/branch_checkout/branch_checkout_file.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/branch_checkout/branch_checkout_file_path.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/branch_checkout/branch_checkout_git.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/branch_checkout/branch_checkout_http.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/branch_checkout/branch_checkout_https.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/branch_checkout/branch_checkout_scp.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/branch_checkout/branch_checkout_ssh.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/branch_checkout/negative/branch_checkout_not_exists.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/clone/clone_file.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/clone/clone_file_path.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/clone/clone_git.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/clone/clone_http.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/clone/clone_https.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/clone/clone_over_different_exiting_repo_with_force.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/clone/clone_repo_with_excludes_in_repo.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/clone/clone_repo_with_excludes_not_in_repo.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/clone/clone_scp.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/clone/clone_ssh.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/clone/negative/clone_over_different_exiting_repo.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/clone/negative/clone_repo_with_exec_excludes.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/compression/compression_0_checkout.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/compression/compression_1_checkout.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/compression/compression_2_checkout.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/compression/compression_3_checkout.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/compression/compression_4_checkout.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/compression/compression_5_checkout.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/compression/compression_6_checkout.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/compression/negative/compression_7_checkout.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/compression/negative/compression_alpha_checkout.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/compression/negative/compression_eval_checkout.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/compression/negative/compression_exec_checkout.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/compression/negative/compression_negative_checkout.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/create/create_bare_repo_that_already_exists.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/create/create_repo_that_already_exists.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/create/negative/create_bare_repo_specifying_revision.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/group_checkout/group_checkout_file.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/group_checkout/group_checkout_file_path.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/group_checkout/group_checkout_git.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/group_checkout/group_checkout_http.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/group_checkout/group_checkout_https.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/group_checkout/group_checkout_scp.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/group_checkout/group_checkout_ssh.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/group_checkout/negative/group_checkout_file_non_existent_group.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/revision_checkout/negative/revision_checkout_not_exists.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/revision_checkout/revision_checkout_file.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/revision_checkout/revision_checkout_file_path.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/revision_checkout/revision_checkout_git.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/revision_checkout/revision_checkout_http.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/revision_checkout/revision_checkout_https.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/revision_checkout/revision_checkout_scp.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/revision_checkout/revision_checkout_ssh.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/shallow_clone/negative/shallow_clone_exec_depth.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/shallow_clone/negative/shallow_clone_file_path.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/shallow_clone/negative/shallow_clone_http.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/shallow_clone/negative/shallow_clone_negative_depth.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/shallow_clone/negative/shallow_clone_overflow_depth.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/shallow_clone/shallow_clone_file.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/shallow_clone/shallow_clone_git.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/shallow_clone/shallow_clone_https.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/shallow_clone/shallow_clone_scp.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/shallow_clone/shallow_clone_ssh.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/shallow_clone/shallow_clone_zero_depth.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/tag_checkout/negative/tag_checkout_not_exists.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/tag_checkout/tag_checkout_file.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/tag_checkout/tag_checkout_file_path.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/tag_checkout/tag_checkout_git.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/tag_checkout/tag_checkout_http.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/tag_checkout/tag_checkout_https.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/tag_checkout/tag_checkout_scp.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/tag_checkout/tag_checkout_ssh.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/user_checkout/negative/user_checkout_file_non_existent_user.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/user_checkout/user_checkout_file.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/user_checkout/user_checkout_file_path.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/user_checkout/user_checkout_git.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/user_checkout/user_checkout_http.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/user_checkout/user_checkout_https.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/user_checkout/user_checkout_scp.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker/git/user_checkout/user_checkout_ssh.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/beaker_helper.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/clone_repo_spec.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/create_repo_spec.rb delete mode 100755 puppet/modules/vcsrepo/spec/acceptance/files/create_git_repo.sh delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/files/server.crt delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/files/server.key delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/modules_1596_spec.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/modules_1800_spec.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/modules_2326_spec.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/modules_660_spec.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/modules_753_spec.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/nodesets/centos-7-x64.yml delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/nodesets/debian-8-x64.yml delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/nodesets/default.yml delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/nodesets/docker/centos-7.yml delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/nodesets/docker/debian-8.yml delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/nodesets/docker/ubuntu-14.04.yml delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/remove_repo_spec.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/remove_repo_spec_noop.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/svn_paths_spec.rb delete mode 100644 puppet/modules/vcsrepo/spec/acceptance/svn_spec.rb delete mode 100644 puppet/modules/vcsrepo/spec/default_facts.yml delete mode 100644 puppet/modules/vcsrepo/spec/fixtures/bzr_version_info.txt delete mode 100644 puppet/modules/vcsrepo/spec/fixtures/git_branch_a.txt delete mode 100644 puppet/modules/vcsrepo/spec/fixtures/git_branch_feature_bar.txt delete mode 100644 puppet/modules/vcsrepo/spec/fixtures/git_branch_none.txt delete mode 100644 puppet/modules/vcsrepo/spec/fixtures/hg_parents.txt delete mode 100644 puppet/modules/vcsrepo/spec/fixtures/hg_tags.txt delete mode 100644 puppet/modules/vcsrepo/spec/fixtures/svn_info.txt delete mode 100644 puppet/modules/vcsrepo/spec/spec_helper.rb delete mode 100644 puppet/modules/vcsrepo/spec/spec_helper_acceptance.rb delete mode 100644 puppet/modules/vcsrepo/spec/spec_helper_local.rb delete mode 100644 puppet/modules/vcsrepo/spec/support/filesystem_helpers.rb delete mode 100644 puppet/modules/vcsrepo/spec/support/fixture_helpers.rb delete mode 100644 puppet/modules/vcsrepo/spec/unit/facter/vcsrepo_svn_ver_spec.rb delete mode 100644 puppet/modules/vcsrepo/spec/unit/puppet/provider/vcsrepo/bzr_spec.rb delete mode 100644 puppet/modules/vcsrepo/spec/unit/puppet/provider/vcsrepo/cvs_spec.rb delete mode 100644 puppet/modules/vcsrepo/spec/unit/puppet/provider/vcsrepo/git_spec.rb delete mode 100644 puppet/modules/vcsrepo/spec/unit/puppet/provider/vcsrepo/hg_spec.rb delete mode 100644 puppet/modules/vcsrepo/spec/unit/puppet/provider/vcsrepo/p4_spec.rb delete mode 100644 puppet/modules/vcsrepo/spec/unit/puppet/provider/vcsrepo/svn_spec.rb delete mode 100644 puppet/modules/vcsrepo/spec/unit/puppet/type/README.markdown delete mode 100755 puppet/modules/vcsrepo/spec/unit/puppet/type/vcsrepo_spec.rb create mode 100755 puppet/update.sh diff --git a/puppet/Puppetfile b/puppet/Puppetfile new file mode 100644 index 0000000..714c919 --- /dev/null +++ b/puppet/Puppetfile @@ -0,0 +1,12 @@ +mod 'puppetlabs/apache' +mod 'puppetlabs/concat' +mod 'puppetlabs/mailalias_core' +mod 'puppetlabs/mysql' +mod 'puppetlabs/stdlib' +mod 'puppetlabs/translate' +mod 'puppetlabs/vcsrepo' + +mod 'alternatives', :git => 'https://github.com/voxpupuli/puppet-alternatives' +mod 'augeas', :git => 'https://github.com/camptocamp/puppet-augeas' +mod 'cpanm', :git => 'https://github.com/jamesmcdonald/puppet-cpanm.git' +mod 'postfix', :git => 'https://github.com/camptocamp/puppet-postfix' diff --git a/puppet/README.md b/puppet/README.md new file mode 100644 index 0000000..a44463f --- /dev/null +++ b/puppet/README.md @@ -0,0 +1,24 @@ +The modules/ directory is maintained by [r10k](https://github.com/puppetlabs/r10k). + +When you first check out this repository, you need to populate the modules via: + +- Install r10k (it's a ruby gem, install via `gem install r10k`) +- Run r10k to fetch the modules +- Copy the `dw_dev` module into `modules` + +``` +$ gem install r10k +$ r10k puppetfile install +$ cp -R dw_dev modules +``` + +The last step is needed because r10k wants to manage the entire `modules/` +directory itself and will delete anything not in the `Puppetfile`; copying in +the directory is simpler than maintaining another git repo for it. + +To update modules, repeat the last two steps (or run update.sh). + +NOTE: If you are developing `dw-dev-vagrant` itself, and are running linux, you +could symlink rather than copying the `dw_dev` directory - it will prevent you +from accidentally changing the copy in `modules/` and having r10k delete your +changes. diff --git a/puppet/modules/apache/LICENSE b/puppet/dw_dev/LICENSE similarity index 100% rename from puppet/modules/apache/LICENSE rename to puppet/dw_dev/LICENSE diff --git a/puppet/modules/dw_dev/manifests/app.pp b/puppet/dw_dev/manifests/app.pp similarity index 100% rename from puppet/modules/dw_dev/manifests/app.pp rename to puppet/dw_dev/manifests/app.pp diff --git a/puppet/modules/dw_dev/manifests/init.pp b/puppet/dw_dev/manifests/init.pp similarity index 100% rename from puppet/modules/dw_dev/manifests/init.pp rename to puppet/dw_dev/manifests/init.pp diff --git a/puppet/modules/dw_dev/manifests/prerequisites.pp b/puppet/dw_dev/manifests/prerequisites.pp similarity index 100% rename from puppet/modules/dw_dev/manifests/prerequisites.pp rename to puppet/dw_dev/manifests/prerequisites.pp diff --git a/puppet/modules/dw_dev/manifests/user.pp b/puppet/dw_dev/manifests/user.pp similarity index 100% rename from puppet/modules/dw_dev/manifests/user.pp rename to puppet/dw_dev/manifests/user.pp diff --git a/puppet/modules/dw_dev/templates/config-local.epp b/puppet/dw_dev/templates/config-local.epp similarity index 100% rename from puppet/modules/dw_dev/templates/config-local.epp rename to puppet/dw_dev/templates/config-local.epp diff --git a/puppet/modules/dw_dev/templates/config-private.epp b/puppet/dw_dev/templates/config-private.epp similarity index 100% rename from puppet/modules/dw_dev/templates/config-private.epp rename to puppet/dw_dev/templates/config-private.epp diff --git a/puppet/modules/dw_dev/templates/gitconfig.epp b/puppet/dw_dev/templates/gitconfig.epp similarity index 100% rename from puppet/modules/dw_dev/templates/gitconfig.epp rename to puppet/dw_dev/templates/gitconfig.epp diff --git a/puppet/modules/dw_dev/templates/vhost.epp b/puppet/dw_dev/templates/vhost.epp similarity index 100% rename from puppet/modules/dw_dev/templates/vhost.epp rename to puppet/dw_dev/templates/vhost.epp diff --git a/puppet/modules/alternatives/CHANGELOG.md b/puppet/modules/alternatives/CHANGELOG.md deleted file mode 100644 index 5e0e8ff..0000000 --- a/puppet/modules/alternatives/CHANGELOG.md +++ /dev/null @@ -1,98 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. -Each new release typically also includes the latest modulesync defaults. -These should not affect the functionality of the module. - -## [v2.1.0](https://github.com/voxpupuli/puppet-alternatives/tree/v2.1.0) (2018-10-13) - -[Full Changelog](https://github.com/voxpupuli/puppet-alternatives/compare/v2.0.1...v2.1.0) - -**Implemented enhancements:** - -- seting multiple alternatives to the same path [\#41](https://github.com/voxpupuli/puppet-alternatives/issues/41) - -**Fixed bugs:** - -- alternative\_entry keying to the wrong parameter? [\#40](https://github.com/voxpupuli/puppet-alternatives/issues/40) -- Added namevar to altlink to create a composite namevar name:altlink. [\#75](https://github.com/voxpupuli/puppet-alternatives/pull/75) ([Raskil](https://github.com/Raskil)) - -**Merged pull requests:** - -- modulesync 2.1.0 and allow puppet 6.x [\#85](https://github.com/voxpupuli/puppet-alternatives/pull/85) ([Dan33l](https://github.com/Dan33l)) -- Remove docker nodesets [\#79](https://github.com/voxpupuli/puppet-alternatives/pull/79) ([bastelfreak](https://github.com/bastelfreak)) -- drop EOL OSs; fix puppet version range [\#76](https://github.com/voxpupuli/puppet-alternatives/pull/76) ([bastelfreak](https://github.com/bastelfreak)) - -## [v2.0.1](https://github.com/voxpupuli/puppet-alternatives/tree/v2.0.1) (2018-04-03) - -[Full Changelog](https://github.com/voxpupuli/puppet-alternatives/compare/v2.0.0...v2.0.1) - -**Merged pull requests:** - -- bump puppet to latest supported version 4.10.0 [\#73](https://github.com/voxpupuli/puppet-alternatives/pull/73) ([bastelfreak](https://github.com/bastelfreak)) -- Add support for Puppet 5 [\#69](https://github.com/voxpupuli/puppet-alternatives/pull/69) ([juniorsysadmin](https://github.com/juniorsysadmin)) - -## [v2.0.0](https://github.com/voxpupuli/puppet-alternatives/tree/v2.0.0) (2017-11-15) - -[Full Changelog](https://github.com/voxpupuli/puppet-alternatives/compare/v1.1.0...v2.0.0) - -**Closed issues:** - -- plugin sync error? [\#39](https://github.com/voxpupuli/puppet-alternatives/issues/39) -- How does one set alternative entry back to 'auto' mode? [\#32](https://github.com/voxpupuli/puppet-alternatives/issues/32) - -**Merged pull requests:** - -- Fix github license detection [\#62](https://github.com/voxpupuli/puppet-alternatives/pull/62) ([alexjfisher](https://github.com/alexjfisher)) - -## [v1.1.0](https://github.com/voxpupuli/puppet-alternatives/tree/v1.1.0) (2017-02-10) - -This is the last release with Puppet3 support! -* Modulesync with latest Vox Pupuli defaults - -## 2016-12-25 Release 1.0.2 - -* Modulesync with latest Vox Pupuli defaults -* Fix ALT_RPM_QUERY_REGEX to catch all entries and not only the default ones -* Add Spectest for rpm provider - -## 2016-08-12 Release 1.0.1 - -* Modulesync with latest Vox Pupuli defaults -* Drop of ruby183 support -* new aternative_entry with rpm provider -* Enable explicitly setting mode property to manual -* First release under the Voxpupuli namespace! Migrated from Adrien Thebo -* Rerelease of 1.0.0, which didn't make it to the forge - - -## 2014-12-19 Release 0.3.0 - -* New RPM based providers for alternatives and alternative_entry -* Debian based distributions use `update-alternatives` based on $PATH -* The alternatives type now autorequires matching alternate_entry types -* dpkg provider explicitly sets the mode property to manual -* alternative_entry can check for alernative entries for a non-existent entry - - -## 2014-08-21 Release 0.2.0 - -* New type: alternative_entry -* The alternatives type now has the `mode` property to use the automatic - option for a given alternative. -* The update-alternatives binary is no longer hardcoded to use - /usr/sbin/update-alternatives - -### Thanks - -Thanks to Michael Moll and jakov Sosic for their work on this release. - - -## 2013-07-16 Release 0.1.1 - -This is a backwards compatible bugfix release. - -* Module rebuilt with correct permissions. - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* diff --git a/puppet/modules/alternatives/CONTRIBUTING.md b/puppet/modules/alternatives/CONTRIBUTING.md deleted file mode 100644 index 9bbffea..0000000 --- a/puppet/modules/alternatives/CONTRIBUTING.md +++ /dev/null @@ -1,96 +0,0 @@ -This module has grown over time based on a range of contributions from -people using it. If you follow these contributing guidelines your patch -will likely make it into a release a little quicker. - - -## Contributing - -Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms. [Contributor Code of Conduct](https://voxpupuli.org/coc/). - -1. Fork the repo. - -1. Create a separate branch for your change. - -1. Run the tests. We only take pull requests with passing tests, and - documentation. - -1. Add a test for your change. Only refactoring and documentation - changes require no new tests. If you are adding functionality - or fixing a bug, please add a test. - -1. Squash your commits down into logical components. Make sure to rebase - against the current master. - -1. Push the branch to your fork and submit a pull request. - -Please be prepared to repeat some of these steps as our contributors review -your code. - -## Dependencies - -The testing and development tools have a bunch of dependencies, -all managed by [bundler](http://bundler.io/) according to the -[Puppet support matrix](http://docs.puppetlabs.com/guides/platforms.html#ruby-versions). - -By default the tests use a baseline version of Puppet. - -If you have Ruby 2.x or want a specific version of Puppet, -you must set an environment variable such as: - - export PUPPET_VERSION="~> 4.2.0" - -Install the dependencies like so... - - bundle install - -## Syntax and style - -The test suite will run [Puppet Lint](http://puppet-lint.com/) and -[Puppet Syntax](https://github.com/gds-operations/puppet-syntax) to -check various syntax and style things. You can run these locally with: - - bundle exec rake lint - bundle exec rake validate - -## Running the unit tests - -The unit test suite covers most of the code, as mentioned above please -add tests if you're adding new functionality. If you've not used -[rspec-puppet](http://rspec-puppet.com/) before then feel free to ask -about how best to test your new feature. - -To run your all the unit tests - - bundle exec rake spec SPEC_OPTS='--format documentation' - -To run a specific spec test set the `SPEC` variable: - - bundle exec rake spec SPEC=spec/foo_spec.rb - -To run the linter, the syntax checker and the unit tests: - - bundle exec rake test - - -## Integration tests - -The unit tests just check the code runs, not that it does exactly what -we want on a real machine. For that we're using -[beaker](https://github.com/puppetlabs/beaker). - -This fires up a new virtual machine (using vagrant) and runs a series of -simple tests against it after applying the module. You can run this -with: - - bundle exec rake acceptance - -This will run the tests on an Ubuntu 12.04 virtual machine. You can also -run the integration tests against Centos 6.5 with. - - RS_SET=centos-64-x64 bundle exec rake acceptances - -If you don't want to have to recreate the virtual machine every time you -can use `BEAKER_DESTROY=no` and `BEAKER_PROVISION=no`. On the first run you will -at least need `BEAKER_PROVISION` set to yes (the default). The Vagrantfile -for the created virtual machines will be in `.vagrant/beaker_vagrant_fies`. - diff --git a/puppet/modules/alternatives/Gemfile b/puppet/modules/alternatives/Gemfile deleted file mode 100644 index dd1b03a..0000000 --- a/puppet/modules/alternatives/Gemfile +++ /dev/null @@ -1,82 +0,0 @@ -source ENV['GEM_SOURCE'] || "https://rubygems.org" - -def location_for(place, fake_version = nil) - if place =~ /^(git[:@][^#]*)#(.*)/ - [fake_version, { :git => $1, :branch => $2, :require => false }].compact - elsif place =~ /^file:\/\/(.*)/ - ['>= 0', { :path => File.expand_path($1), :require => false }] - else - [place, { :require => false }] - end -end - -group :test do - gem 'puppetlabs_spec_helper', '>= 2.11.0', :require => false - gem 'rspec-puppet-facts', :require => false - gem 'rspec-puppet-utils', :require => false - gem 'puppet-lint-leading_zero-check', :require => false - gem 'puppet-lint-trailing_comma-check', :require => false - gem 'puppet-lint-version_comparison-check', :require => false - gem 'puppet-lint-classes_and_types_beginning_with_digits-check', :require => false - gem 'puppet-lint-unquoted_string-check', :require => false - gem 'puppet-lint-variable_contains_upcase', :require => false - gem 'metadata-json-lint', :require => false - gem 'redcarpet', :require => false - gem 'rubocop', '~> 0.49.1', :require => false if RUBY_VERSION >= '2.3.0' - gem 'rubocop-rspec', '~> 1.15.0', :require => false if RUBY_VERSION >= '2.3.0' - gem 'mocha', '~> 1.4.0', :require => false - gem 'coveralls', :require => false - gem 'simplecov-console', :require => false - gem 'rack', '~> 1.0', :require => false if RUBY_VERSION < '2.2.2' - gem 'parallel_tests', :require => false -end - -group :development do - gem 'travis', :require => false - gem 'travis-lint', :require => false - gem 'guard-rake', :require => false - gem 'overcommit', '>= 0.39.1', :require => false -end - -group :system_tests do - gem 'winrm', :require => false - if beaker_version = ENV['BEAKER_VERSION'] - gem 'beaker', *location_for(beaker_version) - else - gem 'beaker', '>= 3.9.0', :require => false - end - if beaker_rspec_version = ENV['BEAKER_RSPEC_VERSION'] - gem 'beaker-rspec', *location_for(beaker_rspec_version) - else - gem 'beaker-rspec', :require => false - end - gem 'serverspec', :require => false - gem 'beaker-hostgenerator', '>= 1.1.10', :require => false - gem 'beaker-docker', :require => false - gem 'beaker-puppet', :require => false - gem 'beaker-puppet_install_helper', :require => false - gem 'beaker-module_install_helper', :require => false - gem 'rbnacl', '>= 4', :require => false if RUBY_VERSION >= '2.2.6' - gem 'rbnacl-libsodium', :require => false if RUBY_VERSION >= '2.2.6' - gem 'bcrypt_pbkdf', :require => false -end - -group :release do - gem 'github_changelog_generator', :require => false, :git => 'https://github.com/github-changelog-generator/github-changelog-generator' if RUBY_VERSION >= '2.2.2' - gem 'puppet-blacksmith', :require => false - gem 'voxpupuli-release', :require => false, :git => 'https://github.com/voxpupuli/voxpupuli-release-gem' - gem 'puppet-strings', '>= 1.0', :require => false -end - - - -if facterversion = ENV['FACTER_GEM_VERSION'] - gem 'facter', facterversion.to_s, :require => false, :groups => [:test] -else - gem 'facter', :require => false, :groups => [:test] -end - -ENV['PUPPET_VERSION'].nil? ? puppetversion = '~> 5.0' : puppetversion = ENV['PUPPET_VERSION'].to_s -gem 'puppet', puppetversion, :require => false, :groups => [:test] - -# vim: syntax=ruby diff --git a/puppet/modules/alternatives/HISTORY.md b/puppet/modules/alternatives/HISTORY.md deleted file mode 100644 index 0415b63..0000000 --- a/puppet/modules/alternatives/HISTORY.md +++ /dev/null @@ -1,48 +0,0 @@ -## [v1.1.0](https://github.com/voxpupuli/puppet-alternatives/tree/v1.1.0) (2017-02-10) - -This is the last release with Puppet3 support! -* Modulesync with latest Vox Pupuli defaults - -## 2016-12-25 Release 1.0.2 - -* Modulesync with latest Vox Pupuli defaults -* Fix ALT_RPM_QUERY_REGEX to catch all entries and not only the default ones -* Add Spectest for rpm provider - -## 2016-08-12 Release 1.0.1 - -* Modulesync with latest Vox Pupuli defaults -* Drop of ruby183 support -* new aternative_entry with rpm provider -* Enable explicitly setting mode property to manual -* First release under the Voxpupuli namespace! Migrated from Adrien Thebo -* Rerelease of 1.0.0, which didn't make it to the forge - - -## 2014-12-19 Release 0.3.0 - -* New RPM based providers for alternatives and alternative_entry -* Debian based distributions use `update-alternatives` based on $PATH -* The alternatives type now autorequires matching alternate_entry types -* dpkg provider explicitly sets the mode property to manual -* alternative_entry can check for alernative entries for a non-existent entry - - -## 2014-08-21 Release 0.2.0 - -* New type: alternative_entry -* The alternatives type now has the `mode` property to use the automatic - option for a given alternative. -* The update-alternatives binary is no longer hardcoded to use - /usr/sbin/update-alternatives - -### Thanks - -Thanks to Michael Moll and jakov Sosic for their work on this release. - - -## 2013-07-16 Release 0.1.1 - -This is a backwards compatible bugfix release. - -* Module rebuilt with correct permissions. diff --git a/puppet/modules/alternatives/LICENSE b/puppet/modules/alternatives/LICENSE deleted file mode 100644 index 7a69c7c..0000000 --- a/puppet/modules/alternatives/LICENSE +++ /dev/null @@ -1,178 +0,0 @@ -Copyright 2013 Adrien Thebo - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS diff --git a/puppet/modules/alternatives/README.md b/puppet/modules/alternatives/README.md deleted file mode 100644 index 56aee3c..0000000 --- a/puppet/modules/alternatives/README.md +++ /dev/null @@ -1,92 +0,0 @@ -# puppet-alternatives - -[![Build Status](https://travis-ci.org/voxpupuli/puppet-alternatives.png?branch=master)](https://travis-ci.org/voxpupuli/puppet-alternatives) -[![Code Coverage](https://coveralls.io/repos/github/voxpupuli/puppet-alternatives/badge.svg?branch=master)](https://coveralls.io/github/voxpupuli/puppet-alternatives) -[![Puppet Forge](https://img.shields.io/puppetforge/v/puppet/alternatives.svg)](https://forge.puppet.com/puppet/alternatives) -[![Puppet Forge - downloads](https://img.shields.io/puppetforge/dt/puppet/alternatives.svg)](https://forge.puppet.com/puppet/alternatives) -[![Puppet Forge - endorsement](https://img.shields.io/puppetforge/e/puppet/alternatives.svg)](https://forge.puppet.com/puppet/alternatives) -[![Puppet Forge - scores](https://img.shields.io/puppetforge/f/puppet/alternatives.svg)](https://forge.puppet.com/puppet/alternatives) - -Manage alternatives symlinks. - -## Synopsis - -Using `puppet resource` to inspect alternatives - - root@master:~# puppet resource alternatives - alternatives { 'aptitude': - path => '/usr/bin/aptitude-curses', - } - alternatives { 'awk': - path => '/usr/bin/mawk', - } - alternatives { 'builtins.7.gz': - path => '/usr/share/man/man7/bash-builtins.7.gz', - } - alternatives { 'c++': - path => '/usr/bin/g++', - } - alternatives { 'c89': - path => '/usr/bin/c89-gcc', - } - alternatives { 'c99': - path => '/usr/bin/c99-gcc', - } - alternatives { 'cc': - path => '/usr/bin/gcc', - } - -- - - - -Using `puppet resource` to update an alternative - - root@master:~# puppet resource alternatives editor - alternatives { 'editor': - path => '/bin/nano', - } - root@master:~# puppet resource alternatives editor path=/usr/bin/vim.tiny - notice: /Alternatives[editor]/path: path changed '/bin/nano' to '/usr/bin/vim.tiny' - alternatives { 'editor': - path => '/usr/bin/vim.tiny', - } - -- - - - -Using the alternatives resource in a manifest: - - class ruby::193 { - - package { 'ruby1.9.3': - ensure => present, - } - - # Will also update gem, irb, rdoc, rake, etc. - alternatives { 'ruby': - path => '/usr/bin/ruby1.9.3', - require => Package['ruby1.9.3'], - } - } - - # magic! - include ruby::193 - -- - - - -Creating a new alternative entry: - - alternative_entry {'/usr/bin/gcc-4.4': - ensure => present, - altlink => '/usr/bin/gcc', - altname => 'gcc', - priority => 10, - require => Package['gcc-4.4-multilib'], - } - -- - - - -This module should work on any Debian and RHEL based distribution. - -## Contact - -* [Source code](https://github.com/voxpupuli/puppet-alternatives) -* [Issue tracker](https://github.com/voxpupuli/puppet-alternatives/issues) diff --git a/puppet/modules/alternatives/Rakefile b/puppet/modules/alternatives/Rakefile deleted file mode 100644 index 279580a..0000000 --- a/puppet/modules/alternatives/Rakefile +++ /dev/null @@ -1,92 +0,0 @@ -require 'puppetlabs_spec_helper/rake_tasks' - -# load optional tasks for releases -# only available if gem group releases is installed -begin - require 'puppet_blacksmith/rake_tasks' - require 'voxpupuli/release/rake_tasks' - require 'puppet-strings/tasks' -rescue LoadError -end - -PuppetLint.configuration.log_format = '%{path}:%{line}:%{check}:%{KIND}:%{message}' -PuppetLint.configuration.fail_on_warnings = true -PuppetLint.configuration.send('relative') -PuppetLint.configuration.send('disable_140chars') -PuppetLint.configuration.send('disable_class_inherits_from_params_class') -PuppetLint.configuration.send('disable_documentation') -PuppetLint.configuration.send('disable_single_quote_string_with_variables') - -exclude_paths = %w( - pkg/**/* - vendor/**/* - .vendor/**/* - spec/**/* -) -PuppetLint.configuration.ignore_paths = exclude_paths -PuppetSyntax.exclude_paths = exclude_paths - -desc 'Auto-correct puppet-lint offenses' -task 'lint:auto_correct' do - PuppetLint.configuration.fix = true - Rake::Task[:lint].invoke -end - -desc 'Run acceptance tests' -RSpec::Core::RakeTask.new(:acceptance) do |t| - t.pattern = 'spec/acceptance' -end - -desc 'Run tests metadata_lint, release_checks' -task test: [ - :metadata_lint, - :release_checks, -] - -desc "Run main 'test' task and report merged results to coveralls" -task test_with_coveralls: [:test] do - if Dir.exist?(File.expand_path('../lib', __FILE__)) - require 'coveralls/rake/task' - Coveralls::RakeTask.new - Rake::Task['coveralls:push'].invoke - else - puts 'Skipping reporting to coveralls. Module has no lib dir' - end -end - -desc "Print supported beaker sets" -task 'beaker_sets', [:directory] do |t, args| - directory = args[:directory] - - metadata = JSON.load(File.read('metadata.json')) - - (metadata['operatingsystem_support'] || []).each do |os| - (os['operatingsystemrelease'] || []).each do |release| - if directory - beaker_set = "#{directory}/#{os['operatingsystem'].downcase}-#{release}" - else - beaker_set = "#{os['operatingsystem'].downcase}-#{release}-x64" - end - - filename = "spec/acceptance/nodesets/#{beaker_set}.yml" - - puts beaker_set if File.exists? filename - end - end -end - -begin - require 'github_changelog_generator/task' - GitHubChangelogGenerator::RakeTask.new :changelog do |config| - version = (Blacksmith::Modulefile.new).version - config.future_release = "v#{version}" if version =~ /^\d+\.\d+.\d+$/ - config.header = "# Changelog\n\nAll notable changes to this project will be documented in this file.\nEach new release typically also includes the latest modulesync defaults.\nThese should not affect the functionality of the module." - config.exclude_labels = %w{duplicate question invalid wontfix wont-fix modulesync skip-changelog} - config.user = 'voxpupuli' - metadata_json = File.join(File.dirname(__FILE__), 'metadata.json') - metadata = JSON.load(File.read(metadata_json)) - config.project = metadata['name'] - end -rescue LoadError -end -# vim: syntax=ruby diff --git a/puppet/modules/alternatives/checksums.json b/puppet/modules/alternatives/checksums.json deleted file mode 100644 index 8a78e3c..0000000 --- a/puppet/modules/alternatives/checksums.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "CHANGELOG.md": "a80828db6901f2927e8a29fe0e2731ba", - "CONTRIBUTING.md": "54542d0f5895d5f63a8a82a52eb8aa82", - "Gemfile": "c118755e95766d6cbb843ad994062315", - "HISTORY.md": "064cdc4c68798e93ff35ae850151ccaa", - "LICENSE": "a0127b2216809606bba26342ff70bb79", - "README.md": "9e1258cee7a5b050b5d12fe046e50fd4", - "Rakefile": "3c6f218e7e63e1a6e24251f365423e49", - "lib/puppet/provider/alternative_entry/dpkg.rb": "dad55a8dcd038eb0bfbd968b30c3bf5d", - "lib/puppet/provider/alternative_entry/rpm.rb": "446afbb6d5d29760fbc90a6beefd93a6", - "lib/puppet/provider/alternatives/dpkg.rb": "c1856f559e35764eea792f6250d0f24e", - "lib/puppet/provider/alternatives/rpm.rb": "e033e69d6c3f0f230ba6714eeb4924c4", - "lib/puppet/type/alternative_entry.rb": "9c57bf18f6ce2233790759784b0d52da", - "lib/puppet/type/alternatives.rb": "e76af8840e7bee6e1cbfe8f07b3e93b8", - "metadata.json": "d11faa346375c73329e773cc4fc6f238", - "spec/acceptance/nodesets/archlinux-2-x64.yml": "daafcfcb4c8c8766856f52cec6ae5e86", - "spec/acceptance/nodesets/centos-511-x64.yml": "ca8258bc835dd985a1754689d124cd66", - "spec/acceptance/nodesets/centos-6-x64.yml": "58065782a8d40780d9728257a23504cd", - "spec/acceptance/nodesets/centos-66-x64-pe.yml": "e68e03dc562bf58f7c5bba54a1a34619", - "spec/acceptance/nodesets/centos-66-x64.yml": "7ffa6d9164a88668fcd51a1988c4dc03", - "spec/acceptance/nodesets/centos-7-x64.yml": "68d3556f670b8ac0a169a8270ff8c37a", - "spec/acceptance/nodesets/centos-72-x64.yml": "194841a65e8835ac9ee6620e60b58f80", - "spec/acceptance/nodesets/debian-78-x64.yml": "56af2760a64c13a0bccd59404435939c", - "spec/acceptance/nodesets/debian-82-x64.yml": "26f2f696e6073549fe0a844f9a46f85b", - "spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml": "b3dc2d81918fcc6d56855c88ba5b7ce8", - "spec/acceptance/nodesets/ec2/image_templates.yaml": "516f9c4c3407993a100090ce9e1a643c", - "spec/acceptance/nodesets/ec2/rhel-73-x64.yml": "e74670a1cb8eea32afc879a5d786f9bd", - "spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml": "2506efcc9fb420132edc37bf88d6e21d", - "spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml": "87efd97ff1b073c3448f429a8ffc5a7c", - "spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml": "e9db4dd16c60c52b433694130c2583a0", - "spec/acceptance/nodesets/fedora-24-x64.yml": "431cd85b87a65a55af193a360aa52f26", - "spec/acceptance/nodesets/fedora-25-x64.yml": "807fbf45f95fc7bc2af8c689d34e4160", - "spec/acceptance/nodesets/fedora-26-x64.yml": "e7ee1e18590548ff098192c2127c6697", - "spec/acceptance/nodesets/fedora-27-x64.yml": "326a10c4eb327ccd85775dfa0f76e5c1", - "spec/acceptance/nodesets/ubuntu-server-1204-x64.yml": "0dd7639bf95bfb18169ebba9a2bac163", - "spec/acceptance/nodesets/ubuntu-server-1404-x64.yml": "7455367b784060b921360b29a56cd74c", - "spec/acceptance/nodesets/ubuntu-server-1604-x64.yml": "37673118cc3bf052755d65fb5dd90226", - "spec/classes/coverage_spec.rb": "166c74e93a4e70e9de79ae69f3c10e1d", - "spec/default_facts.yml": "3da74b0aff340a4fbcca9cc4eba104c1", - "spec/fixtures/unit/provider/alternatives/dpkg/get-selections": "4b9d2c97e297526629d5236140a8b2dd", - "spec/fixtures/unit/provider/alternatives/rpm/alternatives/sample": "ac233a5eb4aceb6553d2aa95666b03f2", - "spec/fixtures/unit/provider/alternatives/rpm/alternatives/testcmd": "a3e1d7ea9a6d1046de33c5ae878ec309", - "spec/fixtures/unit/provider/alternatives/rpm/display/sample": "ccb186b052452da252ec335e9b9b2af8", - "spec/fixtures/unit/provider/alternatives/rpm/display/testcmd": "d200f47280e9abe0727ab3a4f27be4ca", - "spec/spec_helper.rb": "47efc4310f578a0a5c1cdb585b19c6d1", - "spec/unit/provider/alternatives/dpkg_spec.rb": "df26629bfd965a8a97c892b97779d8fd", - "spec/unit/provider/alternatives/rpm_spec.rb": "cef53f4dfaa83599af140634f66078bc", - "spec/unit/type/alternatives_spec.rb": "9496433ee218115007cd669841ff8b25" -} \ No newline at end of file diff --git a/puppet/modules/alternatives/lib/puppet/provider/alternative_entry/dpkg.rb b/puppet/modules/alternatives/lib/puppet/provider/alternative_entry/dpkg.rb deleted file mode 100644 index 200c551..0000000 --- a/puppet/modules/alternatives/lib/puppet/provider/alternative_entry/dpkg.rb +++ /dev/null @@ -1,103 +0,0 @@ -Puppet::Type.type(:alternative_entry).provide(:dpkg) do - confine osfamily: 'Debian' - defaultfor operatingsystem: [:debian, :ubuntu] - - commands update: 'update-alternatives' - - mk_resource_methods - - def create - update('--install', - @resource.value(:altlink), - @resource.value(:altname), - @resource.value(:name), - @resource.value(:priority)) - end - - def exists? - # we cannot fetch @resource.value(:altname) if running 'puppet resource alternative_entry' - begin - output = update('--list', @resource.value(:altname) || altname) - rescue - return false - end - - output.split(%r{\n}).map(&:strip).any? do |line| - line == @resource.value(:name) - end - end - - def destroy - update('--remove', @resource.value(:altname), @resource.value(:name)) - end - - def self.instances - output = update('--get-selections') - - entries = [] - - output.each_line do |line| - altname = line.split(%r{\s+}).first - query_alternative(altname).each do |alt| - entries << new(alt) - end - end - - entries - end - - def self.prefetch(resources) - catalog = resources.values.first.catalog - instances.each do |prov| - catalog.resources.each do |item| - if item.class.to_s == 'Puppet::Type::Alternative_entry' && item.name == prov.name && item.parameter('altlink').value == prov.altlink - item.provider = prov - end - end - end - end - - ALT_QUERY_REGEX = %r{Alternative: (.*?)$.Priority: (.*?)$}m - - def self.query_alternative(altname) - output = update('--query', altname) - - altlink = output.match(%r{Link: (.*)$})[1] - - output.scan(ALT_QUERY_REGEX).map do |(path, priority)| - { altname: altname, altlink: altlink, name: path, priority: priority } - end - end - - def name=(new_name) - rebuild do - @property_hash[:name] = new_name - end - end - - def altname=(new_altname) - rebuild do - @property_hash[:altname] = new_altname - end - end - - def altlink=(new_altlink) - rebuild do - @property_hash[:altlink] = new_altlink - end - end - - def priority=(new_priority) - rebuild do - @property_hash[:priority] = new_priority - end - end - - private - - def rebuild(&_block) - destroy - yield - create - end -end diff --git a/puppet/modules/alternatives/lib/puppet/provider/alternative_entry/rpm.rb b/puppet/modules/alternatives/lib/puppet/provider/alternative_entry/rpm.rb deleted file mode 100644 index a138bd4..0000000 --- a/puppet/modules/alternatives/lib/puppet/provider/alternative_entry/rpm.rb +++ /dev/null @@ -1,97 +0,0 @@ -Puppet::Type.type(:alternative_entry).provide(:rpm) do - confine osfamily: :redhat - defaultfor osfamily: :redhat - - commands update: '/usr/sbin/alternatives' - - mk_resource_methods - - def create - update('--install', - @resource.value(:altlink), - @resource.value(:altname), - @resource.value(:name), - @resource.value(:priority)) - end - - def exists? - @property_hash[:ensure] == :present - end - - def destroy - # rubocop:disable Style/RedundantBegin - begin - # rubocop::enable Style/RedundantBegin - update('--remove', @resource.value(:altname), @resource.value(:name)) - # rubocop:disable Lint/HandleExceptions - rescue - # rubocop:enable Lint/HandleExceptions - end - end - - def self.instances - output = Dir.glob('/var/lib/alternatives/*').map { |x| File.basename(x) } - - entries = [] - - output.each do |altname| - query_alternative(altname).each do |alt| - entries << new(alt) - end - end - entries - end - - def self.prefetch(resources) - catalog = resources.values.first.catalog - instances.each do |prov| - catalog.resources.each do |item| - if item.class.to_s == 'Puppet::Type::Alternative_entry' && item.name == prov.name && item.parameter('altlink').value == prov.altlink - item.provider = prov - end - end - end - end - - ALT_RPM_QUERY_REGEX = %r{^(.*\/[^\/]*) -.*priority (\w+)$} - - def self.query_alternative(altname) - output = update('--display', altname) - altlink = File.readlines('/var/lib/alternatives/' + altname)[1].chomp - output.scan(ALT_RPM_QUERY_REGEX).map do |(path, priority)| - { altname: altname, altlink: altlink, name: path, priority: priority, altlink_ro: altlink, ensure: :present } - end - end - - def name=(new_name) - rebuild do - @property_hash[:name] = new_name - end - end - - def altname=(new_altname) - rebuild do - @property_hash[:altname] = new_altname - end - end - - def altlink=(new_altlink) - rebuild do - @property_hash[:altlink] = new_altlink - end - end - - def priority=(new_priority) - rebuild do - @property_hash[:priority] = new_priority - end - end - - private - - def rebuild(&_block) - destroy - yield - create - end -end diff --git a/puppet/modules/alternatives/lib/puppet/provider/alternatives/dpkg.rb b/puppet/modules/alternatives/lib/puppet/provider/alternatives/dpkg.rb deleted file mode 100644 index 4a26fa3..0000000 --- a/puppet/modules/alternatives/lib/puppet/provider/alternatives/dpkg.rb +++ /dev/null @@ -1,73 +0,0 @@ -Puppet::Type.type(:alternatives).provide(:dpkg) do - confine osfamily: :debian - defaultfor operatingsystem: [:debian, :ubuntu] - - commands update: 'update-alternatives' - - has_feature :mode - - # Return all instances for this provider - # - # @return [Array] A list of all current provider instances - def self.instances - all.map { |name, attributes| new(name: name, path: attributes[:path]) } - end - - # Generate a hash of hashes containing a link name and associated properties - # - # This is structured as {'key' => {attributes}} to do fast lookups on entries - # - # @return [Hash>] - def self.all - output = update('--get-selections') - # Ruby 1.8.7 does not have each_with_object - # rubocop:disable Style/EachWithObject - output.split(%r{\n}).reduce({}) do |hash, line| - # rubocop:enable Style/EachWithObject - name, mode, path = line.split(%r{\s+}) - hash[name] = { path: path, mode: mode } - hash - end - end - - # Retrieve the current path link - def path - name = @resource.value(:name) - # rubocop:disable Style/GuardClause - if (attrs = self.class.all[name]) - # rubocop:enable Style/GuardClause - attrs[:path] - end - end - - # @param [String] newpath The path to use as the new alternative link - def path=(newpath) - name = @resource.value(:name) - update('--set', name, newpath) - end - - # @return [String] The alternative mode - def mode - output = update('--display', @resource.value(:name)) - first = output.split("\n").first - - if first =~ %r{auto mode} - 'auto' - elsif first =~ %r{manual mode} - 'manual' - else - raise Puppet::Error, "Could not determine if #{self} is in auto or manual mode" - end - end - - # Set the mode to manual or auto. - # @param [Symbol] newmode Either :auto or :manual for the alternatives mode - def mode=(newmode) - if newmode == :auto - update('--auto', @resource.value(:name)) - elsif newmode == :manual - # No change in value, but sets it to manual - update('--set', name, path) - end - end -end diff --git a/puppet/modules/alternatives/lib/puppet/provider/alternatives/rpm.rb b/puppet/modules/alternatives/lib/puppet/provider/alternatives/rpm.rb deleted file mode 100644 index 759e696..0000000 --- a/puppet/modules/alternatives/lib/puppet/provider/alternatives/rpm.rb +++ /dev/null @@ -1,75 +0,0 @@ -Puppet::Type.type(:alternatives).provide(:rpm) do - confine osfamily: :redhat - defaultfor osfamily: :redhat - - commands update: 'alternatives' - - has_feature :mode - - # Return all instances for this provider - # - # @return [Array] A list of all current provider instances - def self.instances - all.map { |name, attributes| new(name: name, path: attributes[:path]) } - end - - def self.list_alternatives - Dir.glob('/var/lib/alternatives/*') - end - - ALT_RPM_QUERY_CURRENT_REGEX = %r{status is (\w+)\.\n\slink currently points to (.*\/[^\/]*)\n} - - # Generate a hash of hashes containing a link name and associated properties - # - # This is structured as {'key' => {attributes}} to do fast lookups on entries - # - # @return [Hash>] - def self.all - hash = {} - list_alternatives.map { |x| File.basename(x) }.each do |name| - # rubocop:enable Style/EachWithObject - output = update('--display', name) - mode = output.match(ALT_RPM_QUERY_CURRENT_REGEX)[1] - path = output.match(ALT_RPM_QUERY_CURRENT_REGEX)[2] - hash[name] = { path: path, mode: mode } - end - hash - end - - # Retrieve the current path link - def path - name = @resource.value(:name) - self.class.all[name][:path] - end - - # @param [String] newpath The path to use as the new alternative link - def path=(newpath) - name = @resource.value(:name) - update('--set', name, newpath) - end - - # @return [String] The alternative mode - def mode - output = update('--display', @resource.value(:name)) - first = output.split("\n").first - - if first =~ %r{auto mode} - 'auto' - elsif first =~ %r{manual mode} - 'manual' - else - raise Puppet::Error, "Could not determine if #{self} is in auto or manual mode" - end - end - - # Set the mode to manual or auto. - # @param [Symbol] newmode Either :auto or :manual for the alternatives mode - def mode=(newmode) - if newmode == :auto - update('--auto', @resource.value(:name)) - elsif newmode == :manual - # No change in value, but sets it to manual - update('--set', name, path) - end - end -end diff --git a/puppet/modules/alternatives/lib/puppet/type/alternative_entry.rb b/puppet/modules/alternatives/lib/puppet/type/alternative_entry.rb deleted file mode 100644 index 3a1078b..0000000 --- a/puppet/modules/alternatives/lib/puppet/type/alternative_entry.rb +++ /dev/null @@ -1,68 +0,0 @@ -Puppet::Type.newtype(:alternative_entry) do - ensurable - - newparam(:name) do - desc 'The path to the actual alternative' - - isnamevar - - validate do |path| - raise ArgumentError, 'path must be a fully qualified path' unless absolute_path? path - end - end - - newparam(:altlink) do - desc 'The name of the generic symlink for this alternative entry' - - isnamevar - - validate do |path| - raise ArgumentError, 'path must be a fully qualified path' unless absolute_path? path - end - end - - newproperty(:altlink_ro, readonly: true) do - desc 'The name of the generic symlink for this alternative entry as parameter. This is readonly.' - end - - newproperty(:altname) do - desc 'The name of symlink in the alternatives directory' - end - - newproperty(:priority) do - desc 'The value of the priority of this alternative' - - validate do |prio| - begin - Integer(prio) - rescue - raise ArgumentError, 'priority must be an integer' - end - end - end - - def self.title_patterns - [ - [ - %r{^([^:]+)$}, - [ - [:name] - ] - ], - [ - %r{^(.*):([a-z]:(/|\\).*)$}i, - [ - [:name], - [:altlink] - ] - ], - [ - %r{^(.*):(.*)$}, - [ - [:name], - [:altlink] - ] - ] - ] - end -end diff --git a/puppet/modules/alternatives/lib/puppet/type/alternatives.rb b/puppet/modules/alternatives/lib/puppet/type/alternatives.rb deleted file mode 100644 index 61dd711..0000000 --- a/puppet/modules/alternatives/lib/puppet/type/alternatives.rb +++ /dev/null @@ -1,36 +0,0 @@ -Puppet::Type.newtype(:alternatives) do - feature :mode, 'The alternative can provide auto and manual modes' - - newparam(:name, isnamevar: true) do - desc 'The name of the alternative.' - end - - newproperty(:path) do - desc 'The path of the desired source for the given alternative' - - validate do |path| - raise ArgumentError, 'path must be a fully qualified path' unless absolute_path? path - end - end - - newproperty(:mode, required_features: [:mode]) do - desc 'Use the automatic option for this alternative' - - newvalue('auto') - newvalue('manual') - end - - # Turns out this isn't a valid hook. - # validate do - # case self[:mode] - # when 'auto' - # raise ArgumentError, "Mode cannot be 'auto' if a path is given" if self[:path] - # when 'manual' - # raise ArgumentError, "Mode cannot be 'manual' without a path" unless self[:path] - # end - # end - - autorequire(:alternative_entry) do - self[:path] - end -end diff --git a/puppet/modules/alternatives/metadata.json b/puppet/modules/alternatives/metadata.json deleted file mode 100644 index 43fb55b..0000000 --- a/puppet/modules/alternatives/metadata.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "name": "puppet-alternatives", - "version": "2.1.0", - "author": "Vox Pupuli", - "summary": "Maintain symbolic links determining default commands", - "license": "Apache-2.0", - "source": "https://github.com/voxpupuli/puppet-alternatives", - "project_page": "https://github.com/voxpupuli/puppet-alternatives", - "issues_url": "https://github.com/voxpupuli/puppet-alternatives", - "dependencies": [ - - ], - "data_provider": null, - "operatingsystem_support": [ - { - "operatingsystem": "RedHat", - "operatingsystemrelease": [ - "6", - "7" - ] - }, - { - "operatingsystem": "CentOS", - "operatingsystemrelease": [ - "6", - "7" - ] - }, - { - "operatingsystem": "OracleLinux", - "operatingsystemrelease": [ - "6", - "7" - ] - }, - { - "operatingsystem": "Scientific", - "operatingsystemrelease": [ - "6", - "7" - ] - }, - { - "operatingsystem": "Ubuntu", - "operatingsystemrelease": [ - "14.04" - ] - } - ], - "requirements": [ - { - "name": "puppet", - "version_requirement": ">= 4.10.0 < 7.0.0" - } - ] -} diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/archlinux-2-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/archlinux-2-x64.yml deleted file mode 100644 index 89b6300..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/archlinux-2-x64.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -HOSTS: - archlinux-2-x64: - roles: - - master - platform: archlinux-2-x64 - box: archlinux/archlinux - hypervisor: vagrant -CONFIG: - type: foss diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/centos-511-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/centos-511-x64.yml deleted file mode 100644 index 089d646..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/centos-511-x64.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -HOSTS: - centos-511-x64: - roles: - - master - platform: el-5-x86_64 - box: puppetlabs/centos-5.11-64-nocm - hypervisor: vagrant -CONFIG: - type: foss -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/centos-6-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/centos-6-x64.yml deleted file mode 100644 index 16abc8f..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/centos-6-x64.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -HOSTS: - centos-6-x64: - roles: - - master - platform: el-6-x86_64 - box: centos/6 - hypervisor: vagrant -CONFIG: - type: aio -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/centos-66-x64-pe.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/centos-66-x64-pe.yml deleted file mode 100644 index 1e7aea6..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/centos-66-x64-pe.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -HOSTS: - centos-66-x64: - roles: - - master - - database - - dashboard - platform: el-6-x86_64 - box: puppetlabs/centos-6.6-64-puppet-enterprise - hypervisor: vagrant -CONFIG: - type: pe -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/centos-66-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/centos-66-x64.yml deleted file mode 100644 index 42455e7..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/centos-66-x64.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -HOSTS: - centos-66-x64: - roles: - - master - platform: el-6-x86_64 - box: puppetlabs/centos-6.6-64-nocm - hypervisor: vagrant -CONFIG: - type: foss -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/centos-7-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/centos-7-x64.yml deleted file mode 100644 index e05a3ae..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/centos-7-x64.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -HOSTS: - centos-7-x64: - roles: - - master - platform: el-7-x86_64 - box: centos/7 - hypervisor: vagrant -CONFIG: - type: aio -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/centos-72-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/centos-72-x64.yml deleted file mode 100644 index 85af89d..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/centos-72-x64.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -HOSTS: - centos-72-x64: - roles: - - master - platform: el-7-x86_64 - box: puppetlabs/centos-7.2-64-nocm - hypervisor: vagrant -CONFIG: - type: foss -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/debian-78-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/debian-78-x64.yml deleted file mode 100644 index 6ef6de8..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/debian-78-x64.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -HOSTS: - debian-78-x64: - roles: - - master - platform: debian-7-amd64 - box: puppetlabs/debian-7.8-64-nocm - hypervisor: vagrant -CONFIG: - type: foss -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/debian-82-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/debian-82-x64.yml deleted file mode 100644 index 9897a8f..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/debian-82-x64.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -HOSTS: - debian-82-x64: - roles: - - master - platform: debian-8-amd64 - box: puppetlabs/debian-8.2-64-nocm - hypervisor: vagrant -CONFIG: - type: foss -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml deleted file mode 100644 index 19dd43e..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/ec2/amazonlinux-2016091.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -# -# Additional ~/.fog config file with AWS EC2 credentials -# required. -# -# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md -# -# Amazon Linux is not a RHEL clone. -# -HOSTS: - amazonlinux-2016091-x64: - roles: - - master - platform: centos-6-x86_64 - hypervisor: ec2 - # refers to image_tempaltes.yaml AMI[vmname] entry: - vmname: amazonlinux-2016091-eu-central-1 - # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: - snapshot: aio - # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): - amisize: t2.micro - # required so that beaker sanitizes sshd_config and root authorized_keys: - user: ec2-user -CONFIG: - type: aio - :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/ec2/image_templates.yaml b/puppet/modules/alternatives/spec/acceptance/nodesets/ec2/image_templates.yaml deleted file mode 100644 index e50593e..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/ec2/image_templates.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -# -# see also: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md -# -# Hint: image IDs (ami-*) for the same image are different per location. -# -AMI: - # Amazon Linux AMI 2016.09.1 (HVM), SSD Volume Type - amazonlinux-2016091-eu-central-1: - :image: - :aio: ami-af0fc0c0 - :region: eu-central-1 - # Red Hat Enterprise Linux 7.3 (HVM), SSD Volume Type - rhel-73-eu-central-1: - :image: - :aio: ami-e4c63e8b - :region: eu-central-1 - # SUSE Linux Enterprise Server 12 SP2 (HVM), SSD Volume Type - sles-12sp2-eu-central-1: - :image: - :aio: ami-c425e4ab - :region: eu-central-1 - # Ubuntu Server 16.04 LTS (HVM), SSD Volume Type - ubuntu-1604-eu-central-1: - :image: - :aio: ami-fe408091 - :region: eu-central-1 - # Microsoft Windows Server 2016 Base - windows-2016-base-eu-central-1: - :image: - :aio: ami-88ec20e7 - :region: eu-central-1 diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/ec2/rhel-73-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/ec2/rhel-73-x64.yml deleted file mode 100644 index 7fac823..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/ec2/rhel-73-x64.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -# -# Additional ~/.fog config file with AWS EC2 credentials -# required. -# -# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md -# -HOSTS: - rhel-73-x64: - roles: - - master - platform: el-7-x86_64 - hypervisor: ec2 - # refers to image_tempaltes.yaml AMI[vmname] entry: - vmname: rhel-73-eu-central-1 - # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: - snapshot: aio - # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): - amisize: t2.micro - # required so that beaker sanitizes sshd_config and root authorized_keys: - user: ec2-user -CONFIG: - type: aio - :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml deleted file mode 100644 index 8542154..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/ec2/sles-12sp2-x64.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -# -# Additional ~/.fog config file with AWS EC2 credentials -# required. -# -# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md -# -HOSTS: - sles-12sp2-x64: - roles: - - master - platform: sles-12-x86_64 - hypervisor: ec2 - # refers to image_tempaltes.yaml AMI[vmname] entry: - vmname: sles-12sp2-eu-central-1 - # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: - snapshot: aio - # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): - amisize: t2.micro - # required so that beaker sanitizes sshd_config and root authorized_keys: - user: ec2-user -CONFIG: - type: aio - :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml deleted file mode 100644 index 9cf59d5..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/ec2/ubuntu-1604-x64.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -# -# Additional ~/.fog config file with AWS EC2 credentials -# required. -# -# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md -# -HOSTS: - ubuntu-1604-x64: - roles: - - master - platform: ubuntu-16.04-amd64 - hypervisor: ec2 - # refers to image_tempaltes.yaml AMI[vmname] entry: - vmname: ubuntu-1604-eu-central-1 - # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: - snapshot: aio - # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): - amisize: t2.micro - # required so that beaker sanitizes sshd_config and root authorized_keys: - user: ubuntu -CONFIG: - type: aio - :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml deleted file mode 100644 index 0932e29..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/ec2/windows-2016-base-x64.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -# -# Additional ~/.fog config file with AWS EC2 credentials -# required. -# -# see: https://github.com/puppetlabs/beaker/blob/master/docs/how_to/hypervisors/ec2.md -# -HOSTS: - windows-2016-base-x64: - roles: - - master - platform: windows-2016-64 - hypervisor: ec2 - # refers to image_tempaltes.yaml AMI[vmname] entry: - vmname: windows-2016-base-eu-central-1 - # refers to image_tempaltes.yaml entry inside AMI[vmname][:image]: - snapshot: aio - # t2.micro is free tier eligible (https://aws.amazon.com/en/free/): - amisize: t2.micro - # required so that beaker sanitizes sshd_config and root authorized_keys: - user: ec2-user -CONFIG: - type: aio - :ec2_yaml: spec/acceptance/nodesets/ec2/image_templates.yaml -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/fedora-24-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/fedora-24-x64.yml deleted file mode 100644 index 820b62d..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/fedora-24-x64.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -HOSTS: - fedora-24-x64: - roles: - - master - platform: fedora-24-x86_64 - box: fedora/24-cloud-base - hypervisor: vagrant -CONFIG: - type: aio -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/fedora-25-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/fedora-25-x64.yml deleted file mode 100644 index 54dd330..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/fedora-25-x64.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -# -HOSTS: - fedora-25-x64: - roles: - - master - platform: fedora-25-x86_64 - box: fedora/25-cloud-base - hypervisor: vagrant -CONFIG: - type: aio -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/fedora-26-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/fedora-26-x64.yml deleted file mode 100644 index 598822b..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/fedora-26-x64.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -# -HOSTS: - fedora-26-x64: - roles: - - master - platform: fedora-26-x86_64 - box: fedora/26-cloud-base - hypervisor: vagrant -CONFIG: - type: aio -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/fedora-27-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/fedora-27-x64.yml deleted file mode 100644 index c2b61eb..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/fedora-27-x64.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -# -# platform is fedora 26 because there is no puppet-agent -# for fedora 27 as of 2017-11-17 -HOSTS: - fedora-27-x64: - roles: - - master - platform: fedora-26-x86_64 - box: fedora/27-cloud-base - hypervisor: vagrant -CONFIG: - type: aio -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/ubuntu-server-1204-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/ubuntu-server-1204-x64.yml deleted file mode 100644 index 29102c5..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/ubuntu-server-1204-x64.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -HOSTS: - ubuntu-server-1204-x64: - roles: - - master - platform: ubuntu-12.04-amd64 - box: puppetlabs/ubuntu-12.04-64-nocm - hypervisor: vagrant -CONFIG: - type: foss -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml deleted file mode 100644 index 054e658..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/ubuntu-server-1404-x64.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -HOSTS: - ubuntu-server-1404-x64: - roles: - - master - platform: ubuntu-14.04-amd64 - box: puppetlabs/ubuntu-14.04-64-nocm - hypervisor: vagrant -CONFIG: - type: foss -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/acceptance/nodesets/ubuntu-server-1604-x64.yml b/puppet/modules/alternatives/spec/acceptance/nodesets/ubuntu-server-1604-x64.yml deleted file mode 100644 index bc85e0e..0000000 --- a/puppet/modules/alternatives/spec/acceptance/nodesets/ubuntu-server-1604-x64.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -HOSTS: - ubuntu-server-1604-x64: - roles: - - master - platform: ubuntu-16.04-amd64 - box: puppetlabs/ubuntu-16.04-64-nocm - hypervisor: vagrant -CONFIG: - type: foss -... -# vim: syntax=yaml diff --git a/puppet/modules/alternatives/spec/classes/coverage_spec.rb b/puppet/modules/alternatives/spec/classes/coverage_spec.rb deleted file mode 100644 index de44654..0000000 --- a/puppet/modules/alternatives/spec/classes/coverage_spec.rb +++ /dev/null @@ -1,4 +0,0 @@ -require 'rspec-puppet' - -at_exit { RSpec::Puppet::Coverage.report! } -# vim: syntax=ruby diff --git a/puppet/modules/alternatives/spec/default_facts.yml b/puppet/modules/alternatives/spec/default_facts.yml deleted file mode 100644 index 13c4165..0000000 --- a/puppet/modules/alternatives/spec/default_facts.yml +++ /dev/null @@ -1,14 +0,0 @@ -# This file is managed via modulesync -# https://github.com/voxpupuli/modulesync -# https://github.com/voxpupuli/modulesync_config -# -# use default_module_facts.yaml for module specific -# facts. -# -# Hint if using with rspec-puppet-facts ("on_supported_os.each"): -# if a same named fact exists in facterdb it will be overridden. ---- -concat_basedir: "/tmp" -ipaddress: "172.16.254.254" -is_pe: false -macaddress: "AA:AA:AA:AA:AA:AA" diff --git a/puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/dpkg/get-selections b/puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/dpkg/get-selections deleted file mode 100644 index c07a3aa..0000000 --- a/puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/dpkg/get-selections +++ /dev/null @@ -1,44 +0,0 @@ -aptitude auto /usr/bin/aptitude-curses -awk auto /usr/bin/mawk -builtins.7.gz auto /usr/share/man/man7/bash-builtins.7.gz -c++ auto /usr/bin/g++ -c89 auto /usr/bin/c89-gcc -c99 auto /usr/bin/c99-gcc -cc auto /usr/bin/gcc -cpp auto /usr/bin/cpp -editor manual /usr/bin/vim.tiny -ex auto /usr/bin/vim.basic -fakeroot auto /usr/bin/fakeroot-sysv -from auto /usr/bin/bsd-from -ftp auto /usr/bin/netkit-ftp -gem auto /usr/bin/gem1.9.1 -infobrowser auto /usr/bin/info -lft auto /usr/bin/lft.db -locate auto /usr/bin/mlocate -lzma auto /usr/bin/xz -mailx auto /usr/bin/bsd-mailx -mt auto /bin/mt-gnu -mutt auto /usr/bin/mutt-org -nc auto /bin/nc.traditional -pager auto /bin/less -pico auto /bin/nano -rcp auto /usr/bin/scp -rename auto /usr/bin/prename -rlogin auto /usr/bin/slogin -rmt auto /usr/sbin/rmt-tar -rsh auto /usr/bin/ssh -ruby auto /usr/bin/ruby1.9.1 -rview auto /usr/bin/vim.basic -rvim auto /usr/bin/vim.basic -tcptraceroute auto /usr/sbin/tcptraceroute.db -telnet auto /usr/bin/telnet.netkit -traceproto auto /usr/bin/traceproto.db -traceroute auto /usr/bin/traceroute.db -traceroute6 auto /usr/bin/traceroute6.db -vi auto /usr/bin/vim.basic -view auto /usr/bin/vim.basic -vim auto /usr/bin/vim.basic -vimdiff auto /usr/bin/vim.basic -w auto /usr/bin/w.procps -write auto /usr/bin/bsd-write -www-browser auto /usr/bin/w3m diff --git a/puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/rpm/alternatives/sample b/puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/rpm/alternatives/sample deleted file mode 100644 index 73b586e..0000000 --- a/puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/rpm/alternatives/sample +++ /dev/null @@ -1,9 +0,0 @@ -manual -/usr/bin/sample - -/opt/sample1 -10 -/opt/sample2 -20 -/opt/sample3 -30 \ No newline at end of file diff --git a/puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/rpm/alternatives/testcmd b/puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/rpm/alternatives/testcmd deleted file mode 100644 index 3bbe3ca..0000000 --- a/puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/rpm/alternatives/testcmd +++ /dev/null @@ -1,7 +0,0 @@ -manual -/usr/bin/testcmd - -/opt/testcmd1 -10 -/opt/testcmd2 -20 \ No newline at end of file diff --git a/puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/rpm/display/sample b/puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/rpm/display/sample deleted file mode 100644 index ced6d43..0000000 --- a/puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/rpm/display/sample +++ /dev/null @@ -1,5 +0,0 @@ -sample - status is manual. - link currently points to /opt/sample2 -/opt/sample1 - priority 10 -/opt/sample2 - priority 20 -Current `best' version is /opt/sample2. \ No newline at end of file diff --git a/puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/rpm/display/testcmd b/puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/rpm/display/testcmd deleted file mode 100644 index 51f2207..0000000 --- a/puppet/modules/alternatives/spec/fixtures/unit/provider/alternatives/rpm/display/testcmd +++ /dev/null @@ -1,5 +0,0 @@ -testcmd - status is manual. - link currently points to /opt/testcmd1 -/opt/testcmd1 - priority 10 -/opt/testcmd2 - priority 20 -Current `best' version is /opt/testcmd2. \ No newline at end of file diff --git a/puppet/modules/alternatives/spec/spec_helper.rb b/puppet/modules/alternatives/spec/spec_helper.rb deleted file mode 100644 index cb74e9e..0000000 --- a/puppet/modules/alternatives/spec/spec_helper.rb +++ /dev/null @@ -1,28 +0,0 @@ -dir = File.expand_path(File.join(File.dirname(__FILE__), '..')) -$LOAD_PATH.unshift(dir, dir + 'lib', dir + '../lib') - -require 'mocha/api' -require 'puppet' - -if Dir.exist?(File.expand_path('../../lib', __FILE__)) && RUBY_VERSION !~ %r{^1.9} - require 'coveralls' - require 'simplecov' - require 'simplecov-console' - SimpleCov.formatters = [ - SimpleCov::Formatter::HTMLFormatter, - SimpleCov::Formatter::Console, - Coveralls::SimpleCov::Formatter - ] - SimpleCov.start do - track_files 'lib/**/*.rb' - add_filter '/spec' - add_filter '/vendor' - add_filter '/.vendor' - end -end - -PROJECT_ROOT = File.expand_path('..', File.dirname(__FILE__)) - -RSpec.configure do |config| - config.mock_with :mocha -end diff --git a/puppet/modules/alternatives/spec/unit/provider/alternatives/dpkg_spec.rb b/puppet/modules/alternatives/spec/unit/provider/alternatives/dpkg_spec.rb deleted file mode 100644 index adc23c7..0000000 --- a/puppet/modules/alternatives/spec/unit/provider/alternatives/dpkg_spec.rb +++ /dev/null @@ -1,77 +0,0 @@ -require 'spec_helper' - -describe Puppet::Type.type(:alternatives).provider(:dpkg) do - def my_fixture(path) - File.join(PROJECT_ROOT, 'spec', 'fixtures', 'unit', 'provider', 'alternatives', 'dpkg', path) - end - - def my_fixture_read(path) - File.read(my_fixture(path)) - end - - let(:stub_selections) do - { - 'editor' => { mode: 'manual', path: '/usr/bin/vim.tiny' }, - 'aptitude' => { mode: 'auto', path: '/usr/bin/aptitude-curses' } - } - end - - describe '.all' do - it 'calls update-alternatives --get-selections' do - described_class.expects(:update).with('--get-selections').returns my_fixture_read('get-selections') - described_class.all - end - - describe 'returning data' do - before do - described_class.stubs(:update).with('--get-selections').returns my_fixture_read('get-selections') - end - - subject { described_class.all } - - it { is_expected.to be_a Hash } - it { expect(subject['editor']).to eq(mode: 'manual', path: '/usr/bin/vim.tiny') } - it { expect(subject['aptitude']).to eq(mode: 'auto', path: '/usr/bin/aptitude-curses') } - end - end - - describe '.instances' do - it 'delegates to .all' do - described_class.expects(:all).returns(stub_selections) - described_class.expects(:new).twice.returns(stub) - described_class.instances - end - end - - describe 'instances' do - subject { described_class.new(name: 'editor') } - - let(:resource) { Puppet::Type.type(:alternatives).new(name: 'editor') } - - before do - Puppet::Type.type(:alternatives).stubs(:defaultprovider).returns described_class - resource.provider = subject - described_class.stubs(:all).returns(stub_selections) - end - - it '#path retrieves the path from class.all' do - expect(subject.path).to eq('/usr/bin/vim.tiny') - end - - it '#path= updates the path with update-alternatives --set' do - subject.expects(:update).with('--set', 'editor', '/bin/nano') - subject.path = '/bin/nano' - end - - it '#mode=(:auto) calls update-alternatives --auto' do - subject.expects(:update).with('--auto', 'editor') - subject.mode = :auto - end - - it '#mode=(:manual) calls update-alternatives --set with current value' do - subject.expects(:path).returns('/usr/bin/vim.tiny') - subject.expects(:update).with('--set', 'editor', '/usr/bin/vim.tiny') - subject.mode = :manual - end - end -end diff --git a/puppet/modules/alternatives/spec/unit/provider/alternatives/rpm_spec.rb b/puppet/modules/alternatives/spec/unit/provider/alternatives/rpm_spec.rb deleted file mode 100644 index 068331a..0000000 --- a/puppet/modules/alternatives/spec/unit/provider/alternatives/rpm_spec.rb +++ /dev/null @@ -1,87 +0,0 @@ -require 'spec_helper' - -describe Puppet::Type.type(:alternatives).provider(:rpm) do - def my_fixture_alternatives - Dir.glob(File.join(PROJECT_ROOT, 'spec', 'fixtures', 'unit', 'provider', 'alternatives', 'rpm', 'alternatives', '*')) - end - - def my_fixture_display(type, path) - File.join(PROJECT_ROOT, 'spec', 'fixtures', 'unit', 'provider', 'alternatives', 'rpm', type, path) - end - - def my_fixture_read(type, path) - File.read(my_fixture_display(type, path)) - end - - let(:stub_selections) do - { - 'sample' => { path: '/opt/sample1' }, - 'testcmd' => { path: '/opt/testcmd1' } - } - end - - describe '.all' do - it 'List all alternatives in folder /var/lib/alternatives' do - described_class.expects(:list_alternatives).returns my_fixture_alternatives - described_class.expects(:update).with('--display', 'sample').returns my_fixture_read('display', 'sample') - described_class.expects(:update).with('--display', 'testcmd').returns my_fixture_read('display', 'testcmd') - described_class.all - end - - describe 'returning data' do - before do - described_class.stubs(:list_alternatives).returns my_fixture_alternatives - described_class.stubs(:update).with('--display', 'sample').returns my_fixture_read('display', 'sample') - described_class.stubs(:update).with('--display', 'testcmd').returns my_fixture_read('display', 'testcmd') - end - - subject { described_class.all } - - it { is_expected.to be_a Hash } - it { expect(subject['sample']).to eq(mode: 'manual', path: '/opt/sample2') } - it { expect(subject['testcmd']).to eq(mode: 'manual', path: '/opt/testcmd1') } - end - end - - describe '.instances' do - it 'delegates to .all' do - described_class.expects(:all).returns(stub_selections) - described_class.expects(:new).twice.returns(stub) - described_class.instances - end - end - - describe 'instances' do - subject { described_class.new(name: 'sample') } - - let(:resource) { Puppet::Type.type(:alternatives).new(name: 'sample') } - - before do - Puppet::Type.type(:alternatives).stubs(:defaultprovider).returns described_class - described_class.stubs(:update).with('--display', 'sample').returns my_fixture_read('display', 'sample') - described_class.stubs(:update).with('--display', 'testcmd').returns my_fixture_read('display', 'testcmd') - resource.provider = subject - described_class.stubs(:all).returns(stub_selections) - end - - it '#path retrieves the path from class.all' do - expect(subject.path).to eq('/opt/sample1') - end - - it '#path= updates the path with alternatives --set' do - subject.expects(:update).with('--set', 'sample', '/opt/sample1') - subject.path = '/opt/sample1' - end - - it '#mode=(:auto) calls alternatives --auto' do - subject.expects(:update).with('--auto', 'sample') - subject.mode = :auto - end - - it '#mode=(:manual) calls alternatives --set with current value' do - subject.expects(:path).returns('/opt/sample2') - subject.expects(:update).with('--set', 'sample', '/opt/sample2') - subject.mode = :manual - end - end -end diff --git a/puppet/modules/alternatives/spec/unit/type/alternatives_spec.rb b/puppet/modules/alternatives/spec/unit/type/alternatives_spec.rb deleted file mode 100644 index 22ba689..0000000 --- a/puppet/modules/alternatives/spec/unit/type/alternatives_spec.rb +++ /dev/null @@ -1,55 +0,0 @@ -require 'spec_helper' - -describe Puppet::Type.type(:alternatives) do - describe 'property `path`' do - it 'passes validation with an absolute path' do - expect { described_class.new(name: 'ruby', path: '/usr/bin/ruby1.9') }.not_to raise_error - end - it 'fails validation without an absolute path' do - expect { described_class.new(name: 'ruby', path: "The bees they're in my eyes") }.to raise_error Puppet::Error, %r{must be a fully qualified path} - end - end - - describe 'validating the mode', pending: 'Type level validation' do - it 'raises an error if the mode is auto and a path is set' do - expect do - described_class.new(name: 'thing', mode: 'auto', path: '/usr/bin/explode') - end.to raise_error Puppet::Error, %r{Mode cannot be 'auto'} - end - - it 'raises an error if the mode is manual and a path is not set' do - expect do - described_class.new(name: 'thing', mode: 'manual').validate - end.to raise_error Puppet::Error, %r{Mode cannot be 'manual'} - end - end - - describe 'when autorequiring resources' do - alternative_entry = Puppet::Type.type(:alternative_entry).new( - name: '/usr/pgsql-9.1/bin/pg_config', - ensure: :present, - altlink: '/usr/bin/pg_config', - altname: 'pgsql-pg_config', - priority: '910' - ) - alternatives = described_class.new( - name: 'pgsql-pg_config', - path: '/usr/pgsql-9.1/bin/pg_config' - ) - - catalog = Puppet::Resource::Catalog.new - catalog.add_resource alternative_entry - catalog.add_resource alternatives - req = alternatives.autorequire - - it 'is equal' do - expect(req.size).to eq(1) - end - it 'has matching source' do - expect(req[0].source).to eq alternative_entry - end - it 'has matching target' do - expect(req[0].target).to eq alternatives - end - end -end diff --git a/puppet/modules/apache/CHANGELOG.md b/puppet/modules/apache/CHANGELOG.md deleted file mode 100644 index 55ee7c6..0000000 --- a/puppet/modules/apache/CHANGELOG.md +++ /dev/null @@ -1,1184 +0,0 @@ -# Change log - -All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). - -## [4.1.0](https://github.com/puppetlabs/puppetlabs-apache/tree/4.1.0) (2019-04-03) - -[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/4.0.0...4.1.0) - -### Added - -- \(MODULES-7196\) Allow setting CASRootProxiedAs per virtualhost \(replaces \#1857\) [\#1900](https://github.com/puppetlabs/puppetlabs-apache/pull/1900) ([Lavinia-Dan](https://github.com/Lavinia-Dan)) -- \(feat\) - Amazon Linux 2 compatibility added [\#1898](https://github.com/puppetlabs/puppetlabs-apache/pull/1898) ([david22swan](https://github.com/david22swan)) -- \(MODULES-8731\) Allow CIDRs for proxy\_ips/internal\_proxy in remoteip [\#1891](https://github.com/puppetlabs/puppetlabs-apache/pull/1891) ([JAORMX](https://github.com/JAORMX)) -- Manage all mod\_remoteip parameters supported by Apache [\#1882](https://github.com/puppetlabs/puppetlabs-apache/pull/1882) ([johanfleury](https://github.com/johanfleury)) -- MODULES-8541 : Allow HostnameLookups to be modified [\#1881](https://github.com/puppetlabs/puppetlabs-apache/pull/1881) ([k2patel](https://github.com/k2patel)) -- Add support for mod\_http2 [\#1867](https://github.com/puppetlabs/puppetlabs-apache/pull/1867) ([smortex](https://github.com/smortex)) -- Added code to paramertize the libphp prefix [\#1852](https://github.com/puppetlabs/puppetlabs-apache/pull/1852) ([grahamuk2018](https://github.com/grahamuk2018)) -- Added WSGI Options WSGIApplicationGroup and WSGIPythonOptimize [\#1847](https://github.com/puppetlabs/puppetlabs-apache/pull/1847) ([emetriqLikedeeler](https://github.com/emetriqLikedeeler)) - -### Fixed - -- \(bugfix\) set kernel for facter version test [\#1895](https://github.com/puppetlabs/puppetlabs-apache/pull/1895) ([tphoney](https://github.com/tphoney)) -- \(MODULES-5990\) - Managing conf\_enabled [\#1875](https://github.com/puppetlabs/puppetlabs-apache/pull/1875) ([david22swan](https://github.com/david22swan)) - -## [4.0.0](https://github.com/puppetlabs/puppetlabs-apache/tree/4.0.0) (2019-01-10) - -[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.5.0...4.0.0) - -### Changed - -- default server\_tokens to prod - more secure default [\#1746](https://github.com/puppetlabs/puppetlabs-apache/pull/1746) ([juju4](https://github.com/juju4)) - -### Added - -- \(Modules 8141/Modules 8379\) - Addition of support for SLES 15 [\#1862](https://github.com/puppetlabs/puppetlabs-apache/pull/1862) ([david22swan](https://github.com/david22swan)) -- SCL support for httpd and php7.1 [\#1822](https://github.com/puppetlabs/puppetlabs-apache/pull/1822) ([mmoll](https://github.com/mmoll)) - -### Fixed - -- \(MODULES-5990\) - conf-enabled defaulted to undef [\#1869](https://github.com/puppetlabs/puppetlabs-apache/pull/1869) ([david22swan](https://github.com/david22swan)) -- pdksync - \(FM-7655\) Fix rubygems-update for ruby \< 2.3 [\#1866](https://github.com/puppetlabs/puppetlabs-apache/pull/1866) ([tphoney](https://github.com/tphoney)) - -## [3.5.0](https://github.com/puppetlabs/puppetlabs-apache/tree/3.5.0) (2018-12-17) - -[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.4.0...3.5.0) - -### Added - -- \(MODULES-5990\) Addition of 'IncludeOptional conf-enabled/\*.conf' to apache2.conf' on Debian Family OS [\#1851](https://github.com/puppetlabs/puppetlabs-apache/pull/1851) ([david22swan](https://github.com/david22swan)) -- \(MODULES-8107\) - Support added for Ubuntu 18.04. [\#1850](https://github.com/puppetlabs/puppetlabs-apache/pull/1850) ([david22swan](https://github.com/david22swan)) -- \(MODULES-8108\) - Support added for Debian 9 [\#1849](https://github.com/puppetlabs/puppetlabs-apache/pull/1849) ([david22swan](https://github.com/david22swan)) -- Add option to add comments to the header of a vhost file [\#1841](https://github.com/puppetlabs/puppetlabs-apache/pull/1841) ([jovandeginste](https://github.com/jovandeginste)) - -### Fixed - -- \(FM-7605\) - Disabling conf\_enabled on Ubuntu 18.04 by default as it conflicts with Shibboleth causing errors with apache2. [\#1856](https://github.com/puppetlabs/puppetlabs-apache/pull/1856) ([david22swan](https://github.com/david22swan)) -- \(MODULES-8429\) Update GPG key for phusion passenger [\#1848](https://github.com/puppetlabs/puppetlabs-apache/pull/1848) ([abottchen](https://github.com/abottchen)) -- Fix default vhost priority in readme [\#1843](https://github.com/puppetlabs/puppetlabs-apache/pull/1843) ([HT43-bqxFqB](https://github.com/HT43-bqxFqB)) -- fix apache::mod::jk example typo and add link for more info [\#1812](https://github.com/puppetlabs/puppetlabs-apache/pull/1812) ([xorpaul](https://github.com/xorpaul)) -- MODULES-7379: Fixing syntax by adding newline [\#1803](https://github.com/puppetlabs/puppetlabs-apache/pull/1803) ([wimvr](https://github.com/wimvr)) -- ensure mpm\_event is disabled under debian 9 if mpm itk is used [\#1766](https://github.com/puppetlabs/puppetlabs-apache/pull/1766) ([zivis](https://github.com/zivis)) - -## [3.4.0](https://github.com/puppetlabs/puppetlabs-apache/tree/3.4.0) (2018-09-27) - -[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.3.0...3.4.0) - -### Added - -- pdksync - \(FM-7392\) - Puppet 6 Testing Changes [\#1838](https://github.com/puppetlabs/puppetlabs-apache/pull/1838) ([pmcmaw](https://github.com/pmcmaw)) -- pdksync - \(MODULES-6805\) metadata.json shows support for puppet 6 [\#1836](https://github.com/puppetlabs/puppetlabs-apache/pull/1836) ([tphoney](https://github.com/tphoney)) - -### Fixed - -- Fix "audit\_log\_relevant\_status" typo in README.md [\#1830](https://github.com/puppetlabs/puppetlabs-apache/pull/1830) ([smokris](https://github.com/smokris)) - -## [3.3.0](https://github.com/puppetlabs/puppetlabs-apache/tree/3.3.0) (2018-09-11) - -[Full Changelog](https://github.com/puppetlabs/puppetlabs-apache/compare/3.2.0...3.3.0) - -### Added - -- pdksync - \(MODULES-7705\) - Bumping stdlib dependency from \< 5.0.0 to \< 6.0.0 [\#1821](https://github.com/puppetlabs/puppetlabs-apache/pull/1821) ([pmcmaw](https://github.com/pmcmaw)) -- Add support for ProxyTimeout [\#1805](https://github.com/puppetlabs/puppetlabs-apache/pull/1805) ([agoodno](https://github.com/agoodno)) -- \(MODULES-7343\) - Allow overrides by adding mod\_libs in apache class [\#1800](https://github.com/puppetlabs/puppetlabs-apache/pull/1800) ([karelyatin](https://github.com/karelyatin)) -- Rework passenger VHost and Directories [\#1778](https://github.com/puppetlabs/puppetlabs-apache/pull/1778) ([smortex](https://github.com/smortex)) - -### Fixed - -- MODULES-7575 reverse sort the aliases [\#1808](https://github.com/puppetlabs/puppetlabs-apache/pull/1808) ([k2patel](https://github.com/k2patel)) -- fixes for OpenSUSE ans SLES [\#1783](https://github.com/puppetlabs/puppetlabs-apache/pull/1783) ([tuxmea](https://github.com/tuxmea)) - -## 3.2.0 -### Summary -This is a clean release to prepare for several planned backwards incompatible changes. - -#### Changed -- Parameter `passenger_pre_start` has been moved outside of ``. -- Apache version fact has been enabled on FreeBSD. -- Parameter `ssl_proxyengine` has had it's default changed to false. - -#### Added -- Parameter `passenger_group` can now be set in `apache::vhost`. -- Multiple `passenger_pre_start` URIs can now be set at once. -- Manifest `mod::auth_gssapi` has been added to allow the deployment of authorisation with kerberos, through GSSAPI. - -#### Removed -- Scientific 5 and Debian 7 are no longer supported on Apache. - -## Supported Release [3.1.0] -### Summary -This release includes the module being converted using version 1.4.1 of the PDK. It also includes a couple of additional parameters added. - -#### Added -- Module has been pdk converted with version 1.4.1 ([MODULES-6331](https://tickets.puppet.com/browse/MODULES-6331)) -- Parameter `ssl_cert` to provide a SSLCertificateFile option for use with SSL, optional of type String. -- Parameter `ssl_key` to provide a SSLCertificateKey option for use with SSL, optional of type String. - -#### Fixed -- Documentation updates. -- Updates to the Japanese translation based on documentation update. - -## Supported Release [3.0.0] -### Summary -This major release changes the default value of `keepalive` to `On`. It also includes many other features and bugfixes. - -#### Changed -- Default `apache::keepalive` from `Off` to `On`. - -#### Added -- Class `apache::mod::data` -- Function `apache::apache_pw_hash` function (puppet 4 port of `apache_pw_hash()`) -- Function `apache::bool2httpd` function (puppet 4 port of `bool2httpd()`) -- Function `apache::validate_apache_log_level` function (puppet 4 port of `validate_apache_log_level()`) -- Parameter `apache::balancer::options` for additional directives. -- Parameter `apache::limitreqfields` setting the LimitRequestFields directive to 100. -- Parameter `apache::use_canonical_name` to control how httpd uses self-referential URLs. -- Parameter `apache::mod::disk_cache::cache_ignore_headers` to ignore cache headers. -- Parameter `apache::mod::itk::enablecapabilities` to manage ITK capabilities. -- Parameter `apache::mod::ldap::ldap_trusted_mode` to manage trusted mode. -- Parameters for `apache::mod::passenger`: - - `passenger_allow_encoded_slashes` - - `passenger_app_group_name` - - `passenger_app_root` - - `passenger_app_type` - - `passenger_base_uri` - - `passenger_buffer_response` - - `passenger_buffer_upload` - - `passenger_concurrency_model` - - `passenger_debug_log_file` - - `passenger_debugger` - - `passenger_default_group` - - `passenger_default_user` - - `passenger_disable_security_update_check` - - `passenger_enabled` - - `passenger_error_override` - - `passenger_file_descriptor_log_file` - - `passenger_fly_with` - - `passenger_force_max_concurrent_requests_per_process` - - `passenger_friendly_error_pages` - - `passenger_group` - - `passenger_installed_version` - - `passenger_instance_registry_dir` - - `passenger_load_shell_envvars` - - `passenger_lve_min_uid` - - `passenger_max_instances` - - `passenger_max_preloader_idle_time` - - `passenger_max_request_time` - - `passenger_memory_limit` - - `passenger_meteor_app_settings` - - `passenger_nodejs` - - `passenger_pre_start` - - `passenger_python` - - `passenger_resist_deployment_errors` - - `passenger_resolve_symlinks_in_document_root` - - `passenger_response_buffer_high_watermark` - - `passenger_restart_dir` - - `passenger_rolling_restarts` - - `passenger_security_update_check_proxy` - - `passenger_show_version_in_header` - - `passenger_socket_backlog` - - `passenger_start_timeout` - - `passenger_startup_file` - - `passenger_sticky_sessions` - - `passenger_sticky_sessions_cookie_name` - - `passenger_thread_count` - - `passenger_user` - - `passenger_user_switching` - - `rack_auto_detect` - - `rack_base_uri` - - `rack_env` - - `rails_allow_mod_rewrite` - - `rails_app_spawner_idle_time` - - `rails_auto_detect` - - `rails_base_uri` - - `rails_default_user` - - `rails_env` - - `rails_framework_spawner_idle_time` - - `rails_ruby` - - `rails_spawn_method` - - `rails_user_switching` - - `wsgi_auto_detect` -- Parameter `apache::mod::prefork::listenbacklog` to set the listen backlog to 511. -- Parameter `apache::mod::python::loadfile_name` to workaround python.load filename conflicts. -- Parameter `apache::mod::ssl::ssl_cert` to manage the client auth cert. -- Parameter `apache::mod::ssl::ssl_key` to manage the client auth key. -- Parameter `apache::mod::status::requires` as an alternative to `apache::mod::status::allow_from` -- Parameter `apache::vhost::ssl_proxy_cipher_suite` to manage that directive. -- Parameter `apache::vhost::shib_compat_valid_user` to manage that directive. -- Parameter `apache::vhost::use_canonical_name` to manage that directive. -- Parameter value `mellon_session_length` for `apache::vhost::directories` - -### Fixed -- `apache_version` is confined to just Linux to avoid erroring on AIX. -- Parameter `apache::mod::jk::workers_file_content` docs typo of "mantain" instead of maintain. -- Deduplicate `apache::mod::ldap` managing `File['ldap.conf']` to avoid resource conflicts. -- ITK package name on Debian 9 -- Dav_svn package for SLES -- Log client IP instead of loadbalancer IP when behind a loadbalancer. -- `apache::mod::remoteip` now notifies the `Class['apache::service']` class instead of `Service['httpd']` to avoid restarting the service when `apache::service_manage` is false. -- `apache::vhost::cas_scrub_request_headers` actually manages the directive. - -## Supported Release [2.3.1] -### Summary -This release fixes CVE-2018-6508 which is a potential arbitrary code execution via tasks. - -### Fixed -- Fix init task for arbitrary remote code - -## Supported Release [2.3.0] -### Summary -This is a feature release. It includes a task that will reload the apache service. - -#### Added -- Add a task that allows the reloading of the Apache service. - -## Supported Release [2.2.0] -### Summary -This is a maintainence and feature release. It will include updates to translations in Japanese, some maintainence and adding `PassengerSpawnMethod` to vhost. - -#### Added -- `PassengerSpawnMethod` added to `vhost`. - -#### Changed -- Improve version match fact for `apache_version` -- Update to prefork.conf params for Apache 2.4 -- Updates to `CONTRIBUTING.md` -- Do not install mod_fastcgi on el7 -- Include mod_wsgi when using wsgi options - -## Supported Release [2.1.0] -### Summary -This is a feature release including a security patch (CVE-2017-2299) - -#### Added -- `apache::mod::jk` class for managing the mod_jk connector -- `apache_pw_hash` function -- the ProxyPass directive in location contexts -- more Puppet 4 type validation -- `apache::mod::macro` class for managing mod_macro - -#### Changed -- $ssl_certs_dir default to `undef` for all platorms -- $ssl_verify_client must now be set to use any of the following: `$ssl_certs_dir`, `$ssl_ca`, `$ssl_crl_path`, `$ssl_crl`, `$ssl_verify_depth`, `$ssl_crl_check` - -#### Fixed -- issue where mod_alias was not being loaded when RedirectMatch* directives were being used ([MODULES-3942](https://tickets.puppet.com/browse/MODULES-3942)) -- issue with `$directories` parameter in `apache::vhost` -- issue in UserDir template where the UserDir path did not match the Directory path -- **Issue where the $ssl_certs_dir default set Apache to implicitly trust all client certificates that were issued by any CA in that directory** - -#### Removed -- support for EOL platforms: Ubuntu 10.04, 12.04 and Debian 6 (Squeeze) - -## Supported Release [2.0.0] -### Summary -Major release **removing Puppet 3 support** and other backwards-incompatible changes. - -#### Added -- support for FileETag directive configurable with the `file_e_tag` parameter -- ability to configure multiple ports per vhost -- RequestHeader directive to vhost template ([MODULES-4156](https://tickets.puppet.com/browse/MODULES-4156)) -- customizability for AllowOverride directive in userdir.conf ([MODULES-4516](https://tickets.puppet.com/browse/MODULES-4516)) -- AdvertiseFrequency directive for cluster.conf ([MODULES-4500](https://tickets.puppet.com/browse/MODULES-4500)) -- `ssl_proxy_protocol` and `ssl_sessioncache` parameters for mod::ssl ([MODULES-4737](https://tickets.puppet.com/browse/MODULES-4737)) -- SSLCACertificateFile directive in ssl.conf configurable with `ssl_ca` parameter -- mod::authnz_pam -- mod::intercept_form_submit -- mod::lookup_identity -- Suse compatibility for mod::proxy_html -- support for AddCharset directive configurable with `add_charset` parameter -- support for SSLProxyVerifyDepth and SSLProxyCACertificateFile directives configurable with `ssl_proxy_verify_depth` and `ssl_proxy_ca_cert` respectively -- `manage_security_crs` parameter for mod::security -- support for LimitExcept directive configurable with `limit_except` parameter -- support for WSGIRestrictEmbedded directive configurable with `wsgi_restrict_embedded` parameter -- support for custom UserDir path ([MODULES-4933](https://tickets.puppet.com/browse/MODULES-4933)) -- support for PassengerMaxRequests directive configurable with `passenger_max_requests` -- option to override module package names with `mod_packages` parameter ([MODULES-3838](https://tickets.puppet.com/browse/MODULES-3838)) - -#### Removed -- enclose_ipv6 as it was added to puppetlabs-stdlib -- deprecated `$verifyServerCert` parameter from the `apache::mod::authnz_ldap` class ([MODULES-4445](https://tickets.puppet.com/browse/MODULES-4445)) - -#### Changed -- `keepalive` default to 'On' from 'Off' -- Puppet version compatibility to ">= 4.7.0 < 6.0.0" -- puppetlabs-stdlib dependency to ">= 4.12.0 < 5.0.0" -- `ssl_cipher` to explicitly disable 3DES because of Sweet32 - -#### Fixed -- various issues in the vhost template -- use of deprecated `include_src` parameter in vhost_spec -- management of ssl.conf on RedHat systems -- various SLES/Suse params -- mod::cgi ordering for FreeBSD -- issue where ProxyPreserveHost could not be set without other Proxy* directives -- the module attempting to install proxy_html on Ubuntu Xenial and Debian Stretch - -## Supported Release [1.11.1] -#### Summary -This is a security patch release (CVE-2017-2299). These changes are also in version 2.1.0 and higher. - -#### Changed -- $ssl_certs_dir default to `undef` for all platorms -- $ssl_verify_client must now be set to use any of the following: `$ssl_certs_dir`, `$ssl_ca`, `$ssl_crl_path`, `$ssl_crl`, `$ssl_verify_depth`, `$ssl_crl_check` - -#### Fixed -- **Issue where the $ssl_certs_dir default set Apache to implicitly trust all client certificates that were issued by any CA in that directory** ([MODULES-5471](https://tickets.puppet.com/browse/MODULES-5471)) - -## Supported Release [1.11.0] -### Summary -This release adds SLES12 Support and many more features and bugfixes. - -#### Features -- (MODULES-4049) Adds SLES 12 Support -- Adds additional directories options for LDAP Auth - - `auth_ldap_url` - - `auth_ldap_bind_dn` - - `auth_ldap_bind_password` - - `auth_ldap_group_attribute` - - `auth_ldap_group_attribute_is_dn` -- Allows `mod_event` parameters to be unset -- Allows management of default root directory access rights -- Adds class `apache::vhosts` to create apache::vhost resources -- Adds class `apache::mod::proxy_wstunnel` -- Adds class `apache::mod::dumpio` -- Adds class `apache::mod::socache_shmcb` -- Adds class `apache::mod::authn_dbd` -- Adds support for apache 2.4 on Amazon Linux -- Support the newer `mod_auth_cas` config options -- Adds `wsgi_script_aliases_match` parameter to `apache::vhost` -- Allow to override all SecDefaultAction attributes -- Add audit_log_relevant_status parameter to apache::mod::security -- Allow absolute path to $apache::mod::security::activated_rules -- Allow setting SecAuditLog -- Adds `passenger_max_instances_per_app` to `mod::passenger` -- Allow the proxy_via setting to be configured -- Allow no_proxy_uris to be used within proxy_pass -- Add rpaf.conf template parameter to `mod::rpaf` -- Allow user to specify alternative package and library names for shibboleth module -- Allows configuration of shibboleth lib path -- Adds parameter `passenger_data_buffer_dir` to `mod::passenger` -- Adds SSL stapling -- Allows use of `balance_manager` with `mod_proxy_balancer` -- Raises lower bound of `stdlib` dependency to version 4.2 -- Adds support for Passenger repo on Amazon Linux -- Add ability to set SSLStaplingReturnResponderErrors on server level -- (MODULES-4213) Allow global rewrite rules inheritance in vhosts -- Moves `mod_env` to its own class and load it when required - -#### Bugfixes -- Deny access to .ht and .hg, which are created by mercurial hg. -- Instead of failing, include apache::mod::prefork in manifests/mod/itk.pp instead. -- Only set SSLCompression when it is set to true. -- Remove duplicate shib2 hash element -- (MODULES-3388) Include mpm_module classes instead of class declaration -- Updates `apache::balancer` to respect `apache::confd_dir` -- Wrap mod_security directives in an IfModule -- Fixes to various mods for Ubuntu Xenial -- Fix /etc/modsecurity perms to match package -- Fix PassengerRoot under Debian stretch -- (MODULES-3476) Updates regex in apache_version custom fact to work with EL5 -- Dont sql_injection_attacks.data -- Add force option to confd file resource to purge directory without warnings -- Patch httpoxy through mod_security -- Fixes config ordering of IncludeOptional -- Fixes bug where port numbers were unquoted -- Fixes bug where empty servername for vhost were written to template -- Auto-load `slotmem_shm` and `lbmethod_byrequests` with `proxy_balancer` on 2.4 -- Simplify MPM setup on FreeBSD -- Adds requirement for httpd package -- Do not set ssl_certs_dir on FreeBSD -- Fixes bug that produces a duplicate `Listen 443` after a package update on EL7 -- Fixes bug where custom facts break structured facts -- Avoid relative classname inclusion -- Fixes a failure in `vhost` if the first element of `$rewrites` is not a hash -- (MODULES-3744) Process $crs_package before $modsec_dir -- (MODULES-1491) Adds `::apache` include to mods that need it - -## Supported Release [1.10.0] -#### Summary -This release fixes backwards compatibility bugs introduced in 1.9.0. Also includes a new mod class and a new vhost feature. - -#### Features -- Allow setting KeepAlive related options per vhost - - `apache::vhost::keepalive` - - `apache::vhost::keepalive_timeout` - - `apache::vhost::max_keepalive_requests` -- Adds new class `apache::mod::cluster` - -#### Bugfixes -- MODULES-2890: Allow php_version != 5 -- MODULES-2890: mod::php: Explicit test on jessie -- MODULES-2890: Fix PHP on Debian stretch and Ubuntu Xenial -- MODULES-2890: Fix mod_php SetHandler and cleanup -- Fixed trailing slash in lib_path on Suse -- Revert "MODULES-2956: Enable options within location block on proxy_match". Bug introduced in release 1.9.0. -- Revert "changed rpaf Configuration Directives: RPAF -> RPAF_". Bug introduced in release 1.9.0. -- Set actual path to apachectl on FreeBSD. Fixes snippets verification. - -## Supported Release [1.9.0] [DELETED] -#### Features -- Added `apache_version` fact -- Added `apache::balancer::target` attribute -- Added `apache::fastcgi::server::pass_header` attribute -- Added ability for `apache::fastcgi::server::host` using sockets -- Added `apache::root_directory_options` attribute -- Added for `apache::mod::ldap`: - - `ldap_shared_cache_size` - - `ldap_cache_entries` - - `ldap_cache_ttl` - - `ldap_opcache_entries` - - `ldap_opcache_ttl` -- Added `apache::mod::pagespeed::package_ensure` attribute -- Added `apache::mod::passenger` attributes: - - `passenger_log_level` - - `manage_repo` -- Added upstream repo for `apache::mod::passenger` -- Added `apache::mod::proxy_fcgi` class -- Added `apache::mod::security` attributes: - - `audit_log_parts` - - `secpcrematchlimit` - - `secpcrematchlimitrecursion` - - `secdefaultaction` - - `anomaly_score_blocking` - - `inbound_anomaly_threshold` - - `outbound_anomaly_threshold` -- Added `apache::mod::ssl` attributes: - - `ssl_mutex` - - `apache_version` -- Added ubuntu 16.04 support -- Added `apache::mod::authnz_ldap::package_name` attribute -- Added `apache::mod::ldap::package_name` attribute -- Added `apache::mod::proxy::package_name` attribute -- Added `apache::vhost` attributes: - - `ssl_proxy_check_peen_expire` - - `ssl_proxy_protocol` - - `logroot_owner` - - `logroot_group` - - `setenvifnocase` - - `passenger_user` - - `passenger_high_performance` - - `jk_mounts` - - `fastcgi_idle_timeout` - - `modsec_disable_msgs` - - `modsec_disable_tags` -- Added ability for 2.4-style `RequireAll|RequireNone|RequireAny` directory permissions -- Added ability for includes in vhost directory -- Added directory values: - - `AuthMerging` - - `MellonSPMetadataFile` -- Adds Configurability of Collaborative Detection Severity Levels for OWASP Core Rule Set to `apache::mod::security` class - - `critical_anomaly_score` - - `error_anomaly_score` - - `warning_anomaly_score` - - `notice_anomaly_score` -- Adds ability to configure `info_path` in `apache::mod::info` class -- Adds ability to configure `verify_config` in `apache::vhost::custom` - -#### Bugfixes -- Fixed apache mod setup for event/worker failing syntax -- Fixed concat deprecation warnings -- Fixed pagespeed mod -- Fixed service restart on mod update -- Fixed mod dir purging to happen after package installs -- Fixed various `apache::mod::*` file modes -- Fixed `apache::mod::authnz_ldap` parameter `verifyServerCert` to be `verify_server_cert` -- Fixed loadfile name in `apache::mod::fcgid` -- Fixed `apache::mod::remoteip` to fail on apache < 2.4 (because it is not available) -- Fixed `apache::mod::ssl::ssl_honorcipherorder` interpolation -- Lint fixes -- Strict variable fixes -- Fixed `apache::vhost` attribute `redirectmatch_status` to be optional -- Fixed SSLv3 on by default in mod\_nss -- Fixed mod\_rpaf directive names in template -- Fixed mod\_worker needing MaxClients with ThreadLimit -- Fixed quoting on vhost php\_value -- Fixed xml2enc for proxy\_html on debian -- Fixed a problem where the apache service restarts too fast - -## Supported Release [1.8.1] -### Summary -This release includes bug fixes and a documentation update. - -#### Bugfixes -- Fixes a bug that occurs when using the module in combination with puppetlabs-concat 2.x. -- Fixes a bug where passenger.conf was vulnerable to purging. -- Removes the pin of the concat module dependency. - -## Supported Release [1.8.0] -### Summary -This release includes a lot of bug fixes and feature updates, including support for Debian 8, as well as many test improvements. - -#### Features -- Debian 8 Support. -- Added the 'file_mode' property to allow a custom permission setting for config files. -- Enable 'PassengerMaxRequestQueueSize' to be set for mod_passenger. -- MODULES-2956: Enable options within location block on proxy_match. -- Support itk on redhat. -- Support the mod_ssl SSLProxyVerify directive. -- Support ProxPassReverseCookieDomain directive (mod_proxy). -- Support proxy provider for vhost directories. -- Added new 'apache::vhost::custom' resource. - -#### Bugfixes -- Fixed ProxyPassReverse configuration. -- Fixed error in Amazon operatingsystem detection. -- Fixed mod_security catalog ordering issues for RedHat 7. -- Fixed paths and packages for the shib2 apache module on Debian pre Jessie. -- Fixed EL7 directory path for apache modules. -- Fixed validation error when empty array is passed for the rewrites parameter. -- Idempotency fixes with regards to '::apache::mod_enable_dir'. -- ITK fixes. -- (MODULES-2865) fix $mpm_module logic for 'false'. -- Set SSLProxy directives even if ssl is false, due to issue with RewriteRules and ProxyPass directives. -- Enable setting LimitRequestFieldSize globally, and remove it from vhost. - -#### Improvements -- apache::mod::php now uses FilesMatch to configure the php handler. This is following the recommended upstream configuration guidelines (http://php.net/manual/en/install.unix.apache2.php#example-20) and distribution's default config (e.g.: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/vivid/php5/vivid/view/head:/debian/php5.conf). It avoids inadvertently exposing the PHP handler to executing uploads with names like 'file.php.jpg', but might impact setups with unusual requirements. -- Improved compatibility for Gentoo. -- Vhosts can now be supplied with a wildcard listen value. -- Numerous test improvements. -- Removed workarounds for https://bz.apache.org/bugzilla/show_bug.cgi?id=38864 as the issues have been fixed in Apache. -- Documentation updates. -- Ensureed order of ProxyPass and ProxyPassMatch parameters. -- Ensure that ProxyPreserveHost is set to off mode explicitly if not set in manifest. -- Put headers and request headers before proxy with regards to template generation. -- Added X-Forwarded-For into log_formats defaults. -- (MODULES-2703) Allow mod pagespeed to take an array of lines as additional_configuration. - -## Supported Release [1.7.1] -###Summary - -Small release for support of newer PE versions. This increments the version of PE in the metadata.json file. - -## Supported Release [1.7.0] -### Summary -This release includes many new features and bugfixes. There are test, documentation and misc improvements. - -#### Features -- allow groups with - like vhost-users -- ability to enable/disable the secruleengine through a parameter -- add mod_auth_kerb parameters to vhost -- client auth for reverse proxy -- support for mod_auth_mellon -- change SSLProtocol in apache::vhost to be space separated -- RewriteLock support - -#### Bugfixes -- fix apache::mod::cgid so it can be used with the event MPM -- load unixd before fcgid on all operating systems -- fixes conditional in vhost aliases -- corrects mod_cgid worker/event defaults -- ProxyPassMatch parameters were ending up on a newline -- catch that mod_authz_default has been removed in Apache 2.4 -- mod::ssl fails on SLES -- fix typo of MPM_PREFORK for FreeBSD package install -- install all modules before adding custom configs -- fix acceptance testing for SSLProtocol behaviour for real -- fix ordering issue with conf_file and ports_file - -#### Known Issues -- mod_passenger is having issues installing on Redhat/Centos 6, This is due to package dependency issues. - -#### Improvements -- added docs for forcetype directive -- removes ruby 1.8.7 from the travisci test matrix -- readme reorganisation, minor fixups -- support the mod_proxy ProxyPassReverseCookiePath directive -- the purge_vhost_configs parameter is actually called purge_vhost_dir -- add ListenBacklog for mod worker -- deflate application/json by default -- install mod_authn_alias as default mod in debian for apache < 2.4 -- optionally set LimitRequestFieldSize on an apache::vhost -- add SecUploadDir parameter to support file uploads with mod_security -- optionally set parameters for mod_ext_filter module -- allow SetOutputFilter to be set on a directory -- RC4 is deprecated -- allow empty docroot -- add option to configure the include pattern for the vhost_enable dir -- allow multiple IP addresses per vhost -- default document root update for Ubuntu 14.04 and Debian 8 - -## Supported Release [1.6.0] -### Summary -This release includes a couple of new features, along with test and documentation updates, and support for the latest AIO puppet builds. - -#### Features -- Add `scan_proxy_header_field` parameter to `apache::mod::geoip` -- Add `ssl_openssl_conf_cmd` parameter to `apache::vhost` and `apache::mod::ssl` -- Add `filters` parameter to `apache::vhost` - -#### Bugfixes -- Test updates -- Do not use systemd on Amazon Linux -- Add missing docs for `timeout` parameter (MODULES-2148) - -## Supported Release [1.5.0] -### Summary -This release primarily adds Suse compatibility. It also adds a handful of other -parameters for greater configuration control. - -#### Features -- Add `apache::lib_path` parameter -- Add `apache::service_restart` parameter -- Add `apache::vhost::geoip_enable` parameter -- Add `apache::mod::geoip` class -- Add `apache::mod::remoteip` class -- Add parameters to `apache::mod::expires` class -- Add `index_style_sheet` handling to `apache::vhost::directories` -- Add some compatibility for SLES 11 -- Add `apache::mod::ssl::ssl_sessioncachetimeout` parameter -- Add `apache::mod::ssl::ssl_cryptodevice` parameter -- Add `apache::mod::ssl::ssl_honorcipherorder` parameter -- Add `apache::mod::userdir::options` parameter - -#### Bugfixes -- Document `apache::user` parameter -- Document `apache::group` parameter -- Fix apache::dev on FreeBSD -- Fix proxy\_connect on apache >= 2.2 -- Validate log levels better -- Fix `apache::apache_name` for package and vhost -- Fix Debian Jessie mod\_prefork package name -- Fix alias module being declared even when vhost is absent -- Fix proxy\_pass\_match handling in vhost's proxy template -- Fix userdir access permissions -- Fix issue where the module was trying to use systemd on Amazon Linux. - -## Supported Release [1.4.1] - -This release corrects a metadata issue that has been present since release 1.2.0. The refactoring of `apache::vhost` to use `puppetlabs-concat` requires a version of concat newer than the version required in PE. If you are using PE 3.3.0 or earlier you will need to use version 1.1.1 or earlier of the `puppetlabs-apache` module. - -## Supported Release [1.4.0] -###Summary - -This release fixes the issue where the docroot was still managed even if the default vhosts were disabled and has many other features and bugfixes including improved support for 'deny' and 'require' as arrays in the 'directories' parameter under `apache::vhost` - -#### Features -- New parameters to `apache` - - `default_charset` - - `default_type` -- New parameters to `apache::vhost` - - `proxy_error_override` - - `passenger_app_env` (MODULES-1776) - - `proxy_dest_match` - - `proxy_dest_reverse_match` - - `proxy_pass_match` - - `no_proxy_uris_match` -- New parameters to `apache::mod::passenger` - - `passenger_app_env` - - `passenger_min_instances` -- New parameter to `apache::mod::alias` - - `icons_options` -- New classes added under `apache::mod::*` - - `authn_file` - - `authz_default` - - `authz_user` -- Added support for 'deny' as an array in 'directories' under `apache::vhost` -- Added support for RewriteMap -- Improved support for FreeBSD. (Note: If using apache < 2.4.12, see the discussion [here](https://github.com/puppetlabs/puppetlabs-apache/pull/1030)) -- Added check for deprecated options in directories and fail when they are unsupported -- Added gentoo compatibility -- Added proper array support for `require` in the `directories` parameter in `apache::vhost` -- Added support for `setenv` inside proxy locations - -### Bugfixes -- Fix issue in `apache::vhost` that was preventing the scriptalias fragment from being included (MODULES-1784) -- Install required `mod_ldap` package for EL7 (MODULES-1779) -- Change default value of `maxrequestworkers` in `apache::mod::event` to be a multiple of the default `ThreadsPerChild` of 25. -- Use the correct `mod_prefork` package name for trusty and jessie -- Don't manage docroot when default vhosts are disabled -- Ensure resources notify `Class['Apache::Service']` instead of `Service['httpd']` (MODULES-1829) -- Change the loadfile name for `mod_passenger` so `mod_proxy` will load by default before `mod_passenger` -- Remove old Debian work-around that removed `passenger_extra.conf` - -## Supported Release [1.3.0] -### Summary - -This release has many new features and bugfixes, including the ability to optionally not trigger service restarts on config changes. - -#### Features -- New parameters - `apache` - - `service_manage` - - `use_optional_includes` -- New parameters - `apache::service` - - `service_manage` -- New parameters - `apache::vhost` - - `access_logs` - - `php_flags` - - `php_values` - - `modsec_disable_vhost` - - `modsec_disable_ids` - - `modsec_disable_ips` - - `modsec_body_limit` -- Improved FreeBSD support -- Add ability to omit priority prefix if `$priority` is set to false -- Add `apache::security::rule_link` define -- Improvements to `apache::mod::*` - - Add `apache::mod::auth_cas` class - - Add `threadlimit`, `listenbacklog`, `maxrequestworkers`, `maxconnectionsperchild` parameters to `apache::mod::event` - - Add `apache::mod::filter` class - - Add `root_group` to `apache::mod::php` - - Add `apache::mod::proxy_connect` class - - Add `apache::mod::security` class - - Add `ssl_pass_phrase_dialog` and `ssl_random_seed_bytes` parameters to `apache::mod::ssl` (MODULES-1719) - - Add `status_path` parameter to `apache::mod::status` - - Add `apache_version` parameter to `apache::mod::version` - - Add `package_name` and `mod_path` parameters to `apache::mod::wsgi` (MODULES-1458) -- Improved SCL support - - Add support for specifying the docroot -- Updated `_directories.erb` to add support for SetEnv -- Support multiple access log directives (MODULES-1382) -- Add passenger support for Debian Jessie -- Add support for not having puppet restart the apache service (MODULES-1559) - -#### Bugfixes -- For apache 2.4 `mod_itk` requires `mod_prefork` (MODULES-825) -- Allow SSLCACertificatePath to be unset in `apache::vhost` (MODULES-1457) -- Load fcgid after unixd on RHEL7 -- Allow disabling default vhost for Apache 2.4 -- Test fixes -- `mod_version` is now built-in (MODULES-1446) -- Sort LogFormats for idempotency -- `allow_encoded_slashes` was omitted from `apache::vhost` -- Fix documentation bug (MODULES-1403, MODULES-1510) -- Sort `wsgi_script_aliases` for idempotency (MODULES-1384) -- lint fixes -- Fix automatic version detection for Debian Jessie -- Fix error docs and icons path for RHEL7-based systems (MODULES-1554) -- Sort php_* hashes for idempotency (MODULES-1680) -- Ensure `mod::setenvif` is included if needed (MODULES-1696) -- Fix indentation in `vhost/_directories.erb` template (MODULES-1688) -- Create symlinks on all distros if `vhost_enable_dir` is specified - -## Supported Release [1.2.0] -### Summary - -This release features many improvements and bugfixes, including several new defines, a reworking of apache::vhost for more extensibility, and many new parameters for more customization. This release also includes improved support for strict variables and the future parser. - -#### Features -- Convert apache::vhost to use concat for easier extensions -- Test improvements -- Synchronize files with modulesync -- Strict variable and future parser support -- Added apache::custom_config defined type to allow validation of configs before they are created -- Added bool2httpd function to convert true/false to apache 'On' and 'Off'. Intended for internal use in the module. -- Improved SCL support - - allow overriding of the mod_ssl package name -- Add support for reverse_urls/ProxyPassReverse in apache::vhost -- Add satisfy directive in apache::vhost::directories -- Add apache::fastcgi::server defined type -- New parameters - apache - - allow_encoded_slashes - - apache_name - - conf_dir - - default_ssl_crl_check - - docroot - - logroot_mode - - purge_vhost_dir -- New parameters - apache::vhost - - add_default_charset - - allow_encoded_slashes - - logroot_ensure - - logroot_mode - - manage_docroot - - passenger_app_root - - passenger_min_instances - - passenger_pre_start - - passenger_ruby - - passenger_start_timeout - - proxy_preserve_host - - redirectmatch_dest - - ssl_crl_check - - wsgi_chunked_request - - wsgi_pass_authorization -- Add support for ScriptAlias and ScriptAliasMatch in the apache::vhost::aliases parameter -- Add support for rewrites in the apache::vhost::directories parameter -- If the service_ensure parameter in apache::service is set to anything other than true, false, running, or stopped, ensure will not be passed to the service resource, allowing for the service to not be managed by puppet -- Turn of SSLv3 by default -- Improvements to apache::mod* - - Add restrict_access parameter to apache::mod::info - - Add force_language_priority and language_priority parameters to apache::mod::negotiation - - Add threadlimit parameter to apache::mod::worker - - Add content, template, and source parameters to apache::mod::php - - Add mod_authz_svn support via the authz_svn_enabled parameter in apache::mod::dav_svn - - Add loadfile_name parameter to apache::mod - - Add apache::mod::deflate class - - Add options parameter to apache::mod::fcgid - - Add timeouts parameter to apache::mod::reqtimeout - - Add apache::mod::shib - - Add apache_version parameter to apache::mod::ldap - - Add magic_file parameter to apache::mod::mime_magic - - Add apache_version parameter to apache::mod::pagespeed - - Add passenger_default_ruby parameter to apache::mod::passenger - - Add content, template, and source parameters to apache::mod::php - - Add apache_version parameter to apache::mod::proxy - - Add loadfiles parameter to apache::mod::proxy_html - - Add ssl_protocol and package_name parameters to apache::mod::ssl - - Add apache_version parameter to apache::mod::status - - Add apache_version parameter to apache::mod::userdir - - Add apache::mod::version class - -#### Bugfixes -- Set osfamily defaults for wsgi_socket_prefix -- Support multiple balancermembers with the same url -- Validate apache::vhost::custom_fragment -- Add support for itk with mod_php -- Allow apache::vhost::ssl_certs_dir to not be set -- Improved passenger support for Debian -- Improved 2.4 support without mod_access_compat -- Support for more than one 'Allow from'-directive in _directories.erb -- Don't load systemd on Amazon linux based on CentOS6 with apache 2.4 -- Fix missing newline in ModPagespeed filter and memcached servers directive -- Use interpolated strings instead of numbers where required by future parser -- Make auth_require take precedence over default with apache 2.4 -- Lint fixes -- Set default for php_admin_flags and php_admin_values to be empty hash instead of empty array -- Correct typo in mod::pagespeed -- spec_helper fixes -- Install mod packages before dealing with the configuration -- Use absolute scope to check class definition in apache::mod::php -- Fix dependency loop in apache::vhost -- Properly scope variables in the inline template in apache::balancer -- Documentation clarification, typos, and formatting -- Set apache::mod::ssl::ssl_mutex to default for debian on apache >= 2.4 -- Strict variables fixes -- Add authn_core mode to Ubuntu trusty defaults -- Keep default loadfile for authz_svn on Debian -- Remove '.conf' from the site-include regexp for better Ubuntu/Debian support -- Load unixd before fcgid for EL7 -- Fix RedirectMatch rules -- Fix misleading error message in apache::version - -#### Known Bugs -* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. -* SLES is unsupported. - -## Supported Release [1.1.1] -### Summary - -This release merely updates metadata.json so the module can be uninstalled and -upgraded via the puppet module command. - -## Supported Release [1.1.0] - -### Summary - -This release primarily focuses on extending the httpd 2.4 support, tested -through adding RHEL7 and Ubuntu 14.04 support. It also includes Passenger -4 support, as well as several new modules and important bugfixes. - -#### Features - -- Add support for RHEL7 and Ubuntu 14.04 -- More complete apache24 support -- Passenger 4 support -- Add support for max_keepalive_requests and log_formats parameters -- Add mod_pagespeed support -- Add mod_speling support -- Added several parameters for mod_passenger -- Added ssl_cipher parameter to apache::mod::ssl -- Improved examples in documentation -- Added docroot_mode, action, and suexec_user_group parameters to apache::vhost -- Add support for custom extensions for mod_php -- Improve proxy_html support for Debian - -#### Bugfixes - -- Remove NameVirtualHost directive for apache >= 2.4 -- Order proxy_set option so it doesn't change between runs -- Fix inverted SSL compression -- Fix missing ensure on concat::fragment resources -- Fix bad dependencies in apache::mod and apache::mod::mime - -#### Known Bugs -* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. -* SLES is unsupported. - -## Supported Release [1.0.1] -### Summary - -This is a supported release. This release removes a testing symlink that can -cause trouble on systems where /var is on a seperate filesystem from the -modulepath. - -#### Features -#### Bugfixes -#### Known Bugs -* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. -* SLES is unsupported. - -## Supported Release [1.0.0] -### Summary - -This is a supported release. This release introduces Apache 2.4 support for -Debian and RHEL based osfamilies. - -#### Features - -- Add apache24 support -- Add rewrite_base functionality to rewrites -- Updated README documentation -- Add WSGIApplicationGroup and WSGIImportScript directives - -#### Bugfixes - -- Replace mutating hashes with merge() for Puppet 3.5 -- Fix WSGI import_script and mod_ssl issues on Lucid - -#### Known Bugs -* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. -* SLES is unsupported. - ---- - -## Supported Release [0.11.0] -### Summary: - -This release adds preliminary support for Windows compatibility and multiple rewrite support. - -#### Backwards-incompatible Changes: - -- The rewrite_rule parameter is deprecated in favor of the new rewrite parameter - and will be removed in a future release. - -#### Features: - -- add Match directive -- quote paths for windows compatibility -- add auth_group_file option to README.md -- allow AuthGroupFile directive for vhosts -- Support Header directives in vhost context -- Don't purge mods-available dir when separate enable dir is used -- Fix the servername used in log file name -- Added support for mod_include -- Remove index parameters. -- Support environment variable control for CustomLog -- added redirectmatch support -- Setting up the ability to do multiple rewrites and conditions. -- Convert spec tests to beaker. -- Support php_admin_(flag|value)s - -#### Bugfixes: - -- directories are either a Hash or an Array of Hashes -- Configure Passenger in separate .conf file on RH so PassengerRoot isn't lost -- (docs) Update list of `apache::mod::[name]` classes -- (docs) Fix apache::namevirtualhost example call style -- Fix $ports_file reference in apache::listen. -- Fix $ports_file reference in Namevirtualhost. - - -## Supported Release [0.10.0] -### Summary: - -This release adds FreeBSD osfamily support and various other improvements to some mods. - -#### Features: - -- Add suPHP_UserGroup directive to directory context -- Add support for ScriptAliasMatch directives -- Set SSLOptions StdEnvVars in server context -- No implicit entry for ScriptAlias path -- Add support for overriding ErrorDocument -- Add support for AliasMatch directives -- Disable default "allow from all" in vhost-directories -- Add WSGIPythonPath as an optional parameter to mod_wsgi. -- Add mod_rpaf support -- Add directives: IndexOptions, IndexOrderDefault -- Add ability to include additional external configurations in vhost -- need to use the provider variable not the provider key value from the directory hash for matches -- Support for FreeBSD and few other features -- Add new params to apache::mod::mime class -- Allow apache::mod to specify module id and path -- added $server_root parameter -- Add Allow and ExtendedStatus support to mod_status -- Expand vhost/_directories.pp directive support -- Add initial support for nss module (no directives in vhost template yet) -- added peruser and event mpms -- added $service_name parameter -- add parameter for TraceEnable -- Make LogLevel configurable for server and vhost -- Add documentation about $ip -- Add ability to pass ip (instead of wildcard) in default vhost files - -#### Bugfixes: - -- Don't listen on port or set NameVirtualHost for non-existent vhost -- only apply Directory defaults when provider is a directory -- Working mod_authnz_ldap support on Debian/Ubuntu - -## Supported Release [0.9.0] -### Summary: -This release adds more parameters to the base apache class and apache defined -resource to make the module more flexible. It also adds or enhances SuPHP, -WSGI, and Passenger mod support, and support for the ITK mpm module. - -#### Backwards-incompatible Changes: -- Remove many default mods that are not normally needed. -- Remove `rewrite_base` `apache::vhost` parameter; did not work anyway. -- Specify dependencies on stdlib >=2.4.0 (this was already the case, but -making explicit) -- Deprecate `a2mod` in favor of the `apache::mod::*` classes and `apache::mod` -defined resource. - -#### Features: -- `apache` class - - Add `httpd_dir` parameter to change the location of the configuration - files. - - Add `logroot` parameter to change the logroot - - Add `ports_file` parameter to changes the `ports.conf` file location - - Add `keepalive` parameter to enable persistent connections - - Add `keepalive_timeout` parameter to change the timeout - - Update `default_mods` to be able to take an array of mods to enable. -- `apache::vhost` - - Add `wsgi_daemon_process`, `wsgi_daemon_process_options`, - `wsgi_process_group`, and `wsgi_script_aliases` parameters for per-vhost - WSGI configuration. - - Add `access_log_syslog` parameter to enable syslogging. - - Add `error_log_syslog` parameter to enable syslogging of errors. - - Add `directories` hash parameter. Please see README for documentation. - - Add `sslproxyengine` parameter to enable SSLProxyEngine - - Add `suphp_addhandler`, `suphp_engine`, and `suphp_configpath` for - configuring SuPHP. - - Add `custom_fragment` parameter to allow for arbitrary apache - configuration injection. (Feature pull requests are prefered over using - this, but it is available in a pinch.) -- Add `apache::mod::suphp` class for configuring SuPHP. -- Add `apache::mod::itk` class for configuring ITK mpm module. -- Update `apache::mod::wsgi` class for global WSGI configuration with -`wsgi_socket_prefix` and `wsgi_python_home` parameters. -- Add README.passenger.md to document the `apache::mod::passenger` usage. -Added `passenger_high_performance`, `passenger_pool_idle_time`, -`passenger_max_requests`, `passenger_stat_throttle_rate`, `rack_autodetect`, -and `rails_autodetect` parameters. -- Separate the httpd service resource into a new `apache::service` class for -dependency chaining of `Class['apache'] -> ~> -Class['apache::service']` -- Added `apache::mod::proxy_balancer` class for `apache::balancer` - -#### Bugfixes: -- Change dependency to puppetlabs-concat -- Fix ruby 1.9 bug for `a2mod` -- Change servername to be `$::hostname` if there is no `$::fqdn` -- Make `/etc/ssl/certs` the default ssl certs directory for RedHat non-5. -- Make `php` the default php package for RedHat non-5. -- Made `aliases` able to take a single alias hash instead of requiring an -array. - -## Supported Release [0.8.1] -#### Bugfixes: -- Update `apache::mpm_module` detection for worker/prefork -- Update `apache::mod::cgi` and `apache::mod::cgid` detection for -worker/prefork - -## Supported Release [0.8.0] -#### Features: -- Add `servername` parameter to `apache` class -- Add `proxy_set` parameter to `apache::balancer` define - -#### Bugfixes: -- Fix ordering for multiple `apache::balancer` clusters -- Fix symlinking for sites-available on Debian-based OSs -- Fix dependency ordering for recursive confdir management -- Fix `apache::mod::*` to notify the service on config change -- Documentation updates - -## Supported Release [0.7.0] -#### Changes: -- Essentially rewrite the module -- too many to list -- `apache::vhost` has many abilities -- see README.md for details -- `apache::mod::*` classes provide httpd mod-loading capabilities -- `apache` base class is much more configurable - -#### Bugfixes: -- Many. And many more to come - -## Supported Release [0.6.0] -- update travis tests (add more supported versions) -- add access log_parameter -- make purging of vhost dir configurable - -## Supported Release [0.4.0] -#### Changes: -- `include apache` is now required when using `apache::mod::*` - -#### Bugfixes: -- Fix syntax for validate_re -- Fix formatting in vhost template -- Fix spec tests such that they pass - -## Supported Release [0.0.4] -* e62e362 Fix broken tests for ssl, vhost, vhost::* -* 42c6363 Changes to match style guide and pass puppet-lint without error -* 42bc8ba changed name => path for file resources in order to name namevar by it's name -* 72e13de One end too much -* 0739641 style guide fixes: 'true' <> true, $operatingsystem needs to be $::operatingsystem, etc. -* 273f94d fix tests -* a35ede5 (#13860) Make a2enmod/a2dismo commands optional -* 98d774e (#13860) Autorequire Package['httpd'] -* 05fcec5 (#13073) Add missing puppet spec tests -* 541afda (#6899) Remove virtual a2mod definition -* 976cb69 (#13072) Move mod python and wsgi package names to params -* 323915a (#13060) Add .gitignore to repo -* fdf40af (#13060) Remove pkg directory from source tree -* fd90015 Add LICENSE file and update the ModuleFile -* d3d0d23 Re-enable local php class -* d7516c7 Make management of firewalls configurable for vhosts -* 60f83ba Explicitly lookup scope of apache_name in templates. -* f4d287f (#12581) Add explicit ordering for vdir directory -* 88a2ac6 (#11706) puppetlabs-apache depends on puppetlabs-firewall -* a776a8b (#11071) Fix to work with latest firewall module -* 2b79e8b (#11070) Add support for Scientific Linux -* 405b3e9 Fix for a2mod -* 57b9048 Commit apache::vhost::redirect Manifest -* 8862d01 Commit apache::vhost::proxy Manifest -* d5c1fd0 Commit apache::mod::wsgi Manifest -* a825ac7 Commit apache::mod::python Manifest -* b77062f Commit Templates -* 9a51b4a Vhost File Declarations -* 6cf7312 Defaults for Parameters -* 6a5b11a Ensure installed -* f672e46 a2mod fix -* 8a56ee9 add pthon support to apache - -[3.2.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/3.1.0...3.2.0 -[3.1.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/3.0.0...3.1.0 -[3.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.3.1...3.0.0 -[2.3.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.3.0...2.3.1 -[2.3.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.2.0...2.3.0 -[2.2.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.1.0...2.2.0 -[2.1.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.0.0...2.1.0 -[2.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...2.0.0 -[1.11.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...1.11.1 -[1.11.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.10.0...1.11.0 -[1.10.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.9.0...1.10.0 -[1.9.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.8.1...1.9.0 -[1.8.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.8.0...1.8.1 -[1.8.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.7.1...1.8.0 -[1.7.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.7.0...1.7.1 -[1.7.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.6.0...1.7.0 -[1.6.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.5.0...1.6.0 -[1.5.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.4.1...1.5.0 -[1.4.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.4.0...1.4.1 -[1.4.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.3.0...1.4.0 -[1.3.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.2.0...1.3.0 -[1.2.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.1.1...1.2.0 -[1.1.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.1.0...1.1.1 -[1.1.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.0.1...1.1.0 -[1.0.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.0.0...1.0.1 -[1.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.11.0...1.0.0 -[0.11.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.10.0...0.11.0 -[0.10.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.9.0...0.10.0 -[0.9.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.8.1...0.9.0 -[0.8.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.8.0...0.8.1 -[0.8.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.7.0...0.8.0 -[0.7.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.6.0...0.7.0 -[0.6.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.5.0-rc1...0.6.0 -[0.5.0-rc1]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.4.0...0.5.0-rc1 -[0.4.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.3.0...0.4.0 -[0.0.4]:https://github.com/puppetlabs/puppetlabs-apache/commits/0.0.4 - - -\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)* diff --git a/puppet/modules/apache/CONTRIBUTING.md b/puppet/modules/apache/CONTRIBUTING.md deleted file mode 100644 index 1a9fb3a..0000000 --- a/puppet/modules/apache/CONTRIBUTING.md +++ /dev/null @@ -1,271 +0,0 @@ -# Contributing to Puppet modules - -So you want to contribute to a Puppet module: Great! Below are some instructions to get you started doing -that very thing while setting expectations around code quality as well as a few tips for making the -process as easy as possible. - -### Table of Contents - -1. [Getting Started](#getting-started) -1. [Commit Checklist](#commit-checklist) -1. [Submission](#submission) -1. [More about commits](#more-about-commits) -1. [Testing](#testing) - - [Running Tests](#running-tests) - - [Writing Tests](#writing-tests) -1. [Get Help](#get-help) - -## Getting Started - -- Fork the module repository on GitHub and clone to your workspace - -- Make your changes! - -## Commit Checklist - -### The Basics - -- [x] my commit is a single logical unit of work - -- [x] I have checked for unnecessary whitespace with "git diff --check" - -- [x] my commit does not include commented out code or unneeded files - -### The Content - -- [x] my commit includes tests for the bug I fixed or feature I added - -- [x] my commit includes appropriate documentation changes if it is introducing a new feature or changing existing functionality - -- [x] my code passes existing test suites - -### The Commit Message - -- [x] the first line of my commit message includes: - - - [x] an issue number (if applicable), e.g. "(MODULES-xxxx) This is the first line" - - - [x] a short description (50 characters is the soft limit, excluding ticket number(s)) - -- [x] the body of my commit message: - - - [x] is meaningful - - - [x] uses the imperative, present tense: "change", not "changed" or "changes" - - - [x] includes motivation for the change, and contrasts its implementation with the previous behavior - -## Submission - -### Pre-requisites - -- Make sure you have a [GitHub account](https://github.com/join) - -- [Create a ticket](https://tickets.puppet.com/secure/CreateIssue!default.jspa), or [watch the ticket](https://tickets.puppet.com/browse/) you are patching for. - -### Push and PR - -- Push your changes to your fork - -- [Open a Pull Request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/) against the repository in the puppetlabs organization - -## More about commits - - 1. Make separate commits for logically separate changes. - - Please break your commits down into logically consistent units - which include new or changed tests relevant to the rest of the - change. The goal of doing this is to make the diff easier to - read for whoever is reviewing your code. In general, the easier - your diff is to read, the more likely someone will be happy to - review it and get it into the code base. - - If you are going to refactor a piece of code, please do so as a - separate commit from your feature or bug fix changes. - - We also really appreciate changes that include tests to make - sure the bug is not re-introduced, and that the feature is not - accidentally broken. - - Describe the technical detail of the change(s). If your - description starts to get too long, that is a good sign that you - probably need to split up your commit into more finely grained - pieces. - - Commits which plainly describe the things which help - reviewers check the patch and future developers understand the - code are much more likely to be merged in with a minimum of - bike-shedding or requested changes. Ideally, the commit message - would include information, and be in a form suitable for - inclusion in the release notes for the version of Puppet that - includes them. - - Please also check that you are not introducing any trailing - whitespace or other "whitespace errors". You can do this by - running "git diff --check" on your changes before you commit. - - 2. Sending your patches - - To submit your changes via a GitHub pull request, we _highly_ - recommend that you have them on a topic branch, instead of - directly on "master". - It makes things much easier to keep track of, especially if - you decide to work on another thing before your first change - is merged in. - - GitHub has some pretty good - [general documentation](http://help.github.com/) on using - their site. They also have documentation on - [creating pull requests](https://help.github.com/articles/creating-a-pull-request-from-a-fork/). - - In general, after pushing your topic branch up to your - repository on GitHub, you can switch to the branch in the - GitHub UI and click "Pull Request" towards the top of the page - in order to open a pull request. - - 3. Update the related JIRA issue. - - If there is a JIRA issue associated with the change you - submitted, then you should update the ticket to include the - location of your branch, along with any other commentary you - may wish to make. - -# Testing - -## Getting Started - -Our Puppet modules provide [`Gemfile`](./Gemfile)s, which can tell a Ruby package manager such as [bundler](http://bundler.io/) what Ruby packages, -or Gems, are required to build, develop, and test this software. - -Please make sure you have [bundler installed](http://bundler.io/#getting-started) on your system, and then use it to -install all dependencies needed for this project in the project root by running - -```shell -% bundle install --path .bundle/gems -Fetching gem metadata from https://rubygems.org/........ -Fetching gem metadata from https://rubygems.org/.. -Using rake (10.1.0) -Using builder (3.2.2) --- 8><-- many more --><8 -- -Using rspec-system-puppet (2.2.0) -Using serverspec (0.6.3) -Using rspec-system-serverspec (1.0.0) -Using bundler (1.3.5) -Your bundle is complete! -Use `bundle show [gemname]` to see where a bundled gem is installed. -``` - -NOTE: some systems may require you to run this command with sudo. - -If you already have those gems installed, make sure they are up-to-date: - -```shell -% bundle update -``` - -## Running Tests - -With all dependencies in place and up-to-date, run the tests: - -### Unit Tests - -```shell -% bundle exec rake spec -``` - -This executes all the [rspec tests](http://rspec-puppet.com/) in the directories defined [here](https://github.com/puppetlabs/puppetlabs_spec_helper/blob/699d9fbca1d2489bff1736bb254bb7b7edb32c74/lib/puppetlabs_spec_helper/rake_tasks.rb#L17) and so on. -rspec tests may have the same kind of dependencies as the module they are testing. Although the module defines these dependencies in its [metadata.json](./metadata.json), -rspec tests define them in [.fixtures.yml](./fixtures.yml). - -### Acceptance Tests - -Some Puppet modules also come with acceptance tests, which use [beaker][]. These tests spin up a virtual machine under -[VirtualBox](https://www.virtualbox.org/), controlled with [Vagrant](http://www.vagrantup.com/), to simulate scripted test -scenarios. In order to run these, you need both Virtualbox and Vagrant installed on your system. - -Run the tests by issuing the following command - -```shell -% bundle exec rake spec_clean -% bundle exec rspec spec/acceptance -``` - -This will now download a pre-fabricated image configured in the [default node-set](./spec/acceptance/nodesets/default.yml), -install Puppet, copy this module, and install its dependencies per [spec/spec_helper_acceptance.rb](./spec/spec_helper_acceptance.rb) -and then run all the tests under [spec/acceptance](./spec/acceptance). - -## Writing Tests - -### Unit Tests - -When writing unit tests for Puppet, [rspec-puppet][] is your best friend. It provides tons of helper methods for testing your manifests against a -catalog (e.g. contain_file, contain_package, with_params, etc). It would be ridiculous to try and top rspec-puppet's [documentation][rspec-puppet_docs] -but here's a tiny sample: - -Sample manifest: - -```puppet -file { "a test file": - ensure => present, - path => "/etc/sample", -} -``` - -Sample test: - -```ruby -it 'does a thing' do - expect(subject).to contain_file("a test file").with({:path => "/etc/sample"}) -end -``` - -### Acceptance Tests - -Writing acceptance tests for Puppet involves [beaker][] and its cousin [beaker-rspec][]. A common pattern for acceptance tests is to create a test manifest, apply it -twice to check for idempotency or errors, then run expectations. - -```ruby -it 'does an end-to-end thing' do - pp = <<-EOF - file { 'a test file': - ensure => present, - path => "/etc/sample", - content => "test string", - } - - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) - -end - -describe file("/etc/sample") do - it { is_expected.to contain "test string" } -end - -``` - -# If you have commit access to the repository - -Even if you have commit access to the repository, you still need to go through the process above, and have someone else review and merge -in your changes. The rule is that **all changes must be reviewed by a project developer that did not write the code to ensure that -all changes go through a code review process.** - -The record of someone performing the merge is the record that they performed the code review. Again, this should be someone other than the author of the topic branch. - -# Get Help - -### On the web -* [Puppet help messageboard](http://puppet.com/community/get-help) -* [Writing tests](https://docs.puppet.com/guides/module_guides/bgtm.html#step-three-module-testing) -* [General GitHub documentation](http://help.github.com/) -* [GitHub pull request documentation](http://help.github.com/send-pull-requests/) - -### On chat -* Slack (slack.puppet.com) #forge-modules, #puppet-dev, #windows, #voxpupuli -* IRC (freenode) #puppet-dev, #voxpupuli - - -[rspec-puppet]: http://rspec-puppet.com/ -[rspec-puppet_docs]: http://rspec-puppet.com/documentation/ -[beaker]: https://github.com/puppetlabs/beaker -[beaker-rspec]: https://github.com/puppetlabs/beaker-rspec diff --git a/puppet/modules/apache/Gemfile b/puppet/modules/apache/Gemfile deleted file mode 100644 index b7d80c3..0000000 --- a/puppet/modules/apache/Gemfile +++ /dev/null @@ -1,76 +0,0 @@ -source ENV['GEM_SOURCE'] || 'https://rubygems.org' - -def location_for(place_or_version, fake_version = nil) - git_url_regex = %r{\A(?(https?|git)[:@][^#]*)(#(?.*))?} - file_url_regex = %r{\Afile:\/\/(?.*)} - - if place_or_version && (git_url = place_or_version.match(git_url_regex)) - [fake_version, { git: git_url[:url], branch: git_url[:branch], require: false }].compact - elsif place_or_version && (file_url = place_or_version.match(file_url_regex)) - ['>= 0', { path: File.expand_path(file_url[:path]), require: false }] - else - [place_or_version, { require: false }] - end -end - -ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments -minor_version = ruby_version_segments[0..1].join('.') - -group :development do - gem "fast_gettext", '1.1.0', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') - gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') - gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') - gem "json", '= 1.8.1', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9') - gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "puppet-module-posix-default-r#{minor_version}", require: false, platforms: [:ruby] - gem "puppet-module-posix-dev-r#{minor_version}", require: false, platforms: [:ruby] - gem "puppet-module-win-default-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-module-win-dev-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "github_changelog_generator", require: false, git: 'https://github.com/skywinder/github-changelog-generator', ref: '20ee04ba1234e9e83eb2ffb5056e23d641c7a018' if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.2.2') -end -group :system_tests do - gem "puppet-module-posix-system-r#{minor_version}", require: false, platforms: [:ruby] - gem "puppet-module-win-system-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] -end - -puppet_version = ENV['PUPPET_GEM_VERSION'] -facter_version = ENV['FACTER_GEM_VERSION'] -hiera_version = ENV['HIERA_GEM_VERSION'] - -gems = {} - -gems['puppet'] = location_for(puppet_version) - -# If facter or hiera versions have been specified via the environment -# variables - -gems['facter'] = location_for(facter_version) if facter_version -gems['hiera'] = location_for(hiera_version) if hiera_version - -if Gem.win_platform? && puppet_version =~ %r{^(file:///|git://)} - # If we're using a Puppet gem on Windows which handles its own win32-xxx gem - # dependencies (>= 3.5.0), set the maximum versions (see PUP-6445). - gems['win32-dir'] = ['<= 0.4.9', require: false] - gems['win32-eventlog'] = ['<= 0.6.5', require: false] - gems['win32-process'] = ['<= 0.7.5', require: false] - gems['win32-security'] = ['<= 0.2.5', require: false] - gems['win32-service'] = ['0.8.8', require: false] -end - -gems.each do |gem_name, gem_params| - gem gem_name, *gem_params -end - -# Evaluate Gemfile.local and ~/.gemfile if they exist -extra_gemfiles = [ - "#{__FILE__}.local", - File.join(Dir.home, '.gemfile'), -] - -extra_gemfiles.each do |gemfile| - if File.file?(gemfile) && File.readable?(gemfile) - eval(File.read(gemfile), binding) - end -end -# vim: syntax=ruby diff --git a/puppet/modules/apache/HISTORY.md b/puppet/modules/apache/HISTORY.md deleted file mode 100644 index 90e65f6..0000000 --- a/puppet/modules/apache/HISTORY.md +++ /dev/null @@ -1,1090 +0,0 @@ -## 3.2.0 -### Summary -This is a clean release to prepare for several planned backwards incompatible changes. - -#### Changed -- Parameter `passenger_pre_start` has been moved outside of ``. -- Apache version fact has been enabled on FreeBSD. -- Parameter `ssl_proxyengine` has had it's default changed to false. - -#### Added -- Parameter `passenger_group` can now be set in `apache::vhost`. -- Multiple `passenger_pre_start` URIs can now be set at once. -- Manifest `mod::auth_gssapi` has been added to allow the deployment of authorisation with kerberos, through GSSAPI. - -#### Removed -- Scientific 5 and Debian 7 are no longer supported on Apache. - -## Supported Release [3.1.0] -### Summary -This release includes the module being converted using version 1.4.1 of the PDK. It also includes a couple of additional parameters added. - -#### Added -- Module has been pdk converted with version 1.4.1 ([MODULES-6331](https://tickets.puppet.com/browse/MODULES-6331)) -- Parameter `ssl_cert` to provide a SSLCertificateFile option for use with SSL, optional of type String. -- Parameter `ssl_key` to provide a SSLCertificateKey option for use with SSL, optional of type String. - -#### Fixed -- Documentation updates. -- Updates to the Japanese translation based on documentation update. - -## Supported Release [3.0.0] -### Summary -This major release changes the default value of `keepalive` to `On`. It also includes many other features and bugfixes. - -#### Changed -- Default `apache::keepalive` from `Off` to `On`. - -#### Added -- Class `apache::mod::data` -- Function `apache::apache_pw_hash` function (puppet 4 port of `apache_pw_hash()`) -- Function `apache::bool2httpd` function (puppet 4 port of `bool2httpd()`) -- Function `apache::validate_apache_log_level` function (puppet 4 port of `validate_apache_log_level()`) -- Parameter `apache::balancer::options` for additional directives. -- Parameter `apache::limitreqfields` setting the LimitRequestFields directive to 100. -- Parameter `apache::use_canonical_name` to control how httpd uses self-referential URLs. -- Parameter `apache::mod::disk_cache::cache_ignore_headers` to ignore cache headers. -- Parameter `apache::mod::itk::enablecapabilities` to manage ITK capabilities. -- Parameter `apache::mod::ldap::ldap_trusted_mode` to manage trusted mode. -- Parameters for `apache::mod::passenger`: - - `passenger_allow_encoded_slashes` - - `passenger_app_group_name` - - `passenger_app_root` - - `passenger_app_type` - - `passenger_base_uri` - - `passenger_buffer_response` - - `passenger_buffer_upload` - - `passenger_concurrency_model` - - `passenger_debug_log_file` - - `passenger_debugger` - - `passenger_default_group` - - `passenger_default_user` - - `passenger_disable_security_update_check` - - `passenger_enabled` - - `passenger_error_override` - - `passenger_file_descriptor_log_file` - - `passenger_fly_with` - - `passenger_force_max_concurrent_requests_per_process` - - `passenger_friendly_error_pages` - - `passenger_group` - - `passenger_installed_version` - - `passenger_instance_registry_dir` - - `passenger_load_shell_envvars` - - `passenger_lve_min_uid` - - `passenger_max_instances` - - `passenger_max_preloader_idle_time` - - `passenger_max_request_time` - - `passenger_memory_limit` - - `passenger_meteor_app_settings` - - `passenger_nodejs` - - `passenger_pre_start` - - `passenger_python` - - `passenger_resist_deployment_errors` - - `passenger_resolve_symlinks_in_document_root` - - `passenger_response_buffer_high_watermark` - - `passenger_restart_dir` - - `passenger_rolling_restarts` - - `passenger_security_update_check_proxy` - - `passenger_show_version_in_header` - - `passenger_socket_backlog` - - `passenger_start_timeout` - - `passenger_startup_file` - - `passenger_sticky_sessions` - - `passenger_sticky_sessions_cookie_name` - - `passenger_thread_count` - - `passenger_user` - - `passenger_user_switching` - - `rack_auto_detect` - - `rack_base_uri` - - `rack_env` - - `rails_allow_mod_rewrite` - - `rails_app_spawner_idle_time` - - `rails_auto_detect` - - `rails_base_uri` - - `rails_default_user` - - `rails_env` - - `rails_framework_spawner_idle_time` - - `rails_ruby` - - `rails_spawn_method` - - `rails_user_switching` - - `wsgi_auto_detect` -- Parameter `apache::mod::prefork::listenbacklog` to set the listen backlog to 511. -- Parameter `apache::mod::python::loadfile_name` to workaround python.load filename conflicts. -- Parameter `apache::mod::ssl::ssl_cert` to manage the client auth cert. -- Parameter `apache::mod::ssl::ssl_key` to manage the client auth key. -- Parameter `apache::mod::status::requires` as an alternative to `apache::mod::status::allow_from` -- Parameter `apache::vhost::ssl_proxy_cipher_suite` to manage that directive. -- Parameter `apache::vhost::shib_compat_valid_user` to manage that directive. -- Parameter `apache::vhost::use_canonical_name` to manage that directive. -- Parameter value `mellon_session_length` for `apache::vhost::directories` - -### Fixed -- `apache_version` is confined to just Linux to avoid erroring on AIX. -- Parameter `apache::mod::jk::workers_file_content` docs typo of "mantain" instead of maintain. -- Deduplicate `apache::mod::ldap` managing `File['ldap.conf']` to avoid resource conflicts. -- ITK package name on Debian 9 -- Dav_svn package for SLES -- Log client IP instead of loadbalancer IP when behind a loadbalancer. -- `apache::mod::remoteip` now notifies the `Class['apache::service']` class instead of `Service['httpd']` to avoid restarting the service when `apache::service_manage` is false. -- `apache::vhost::cas_scrub_request_headers` actually manages the directive. - -## Supported Release [2.3.1] -### Summary -This release fixes CVE-2018-6508 which is a potential arbitrary code execution via tasks. - -### Fixed -- Fix init task for arbitrary remote code - -## Supported Release [2.3.0] -### Summary -This is a feature release. It includes a task that will reload the apache service. - -#### Added -- Add a task that allows the reloading of the Apache service. - -## Supported Release [2.2.0] -### Summary -This is a maintainence and feature release. It will include updates to translations in Japanese, some maintainence and adding `PassengerSpawnMethod` to vhost. - -#### Added -- `PassengerSpawnMethod` added to `vhost`. - -#### Changed -- Improve version match fact for `apache_version` -- Update to prefork.conf params for Apache 2.4 -- Updates to `CONTRIBUTING.md` -- Do not install mod_fastcgi on el7 -- Include mod_wsgi when using wsgi options - -## Supported Release [2.1.0] -### Summary -This is a feature release including a security patch (CVE-2017-2299) - -#### Added -- `apache::mod::jk` class for managing the mod_jk connector -- `apache_pw_hash` function -- the ProxyPass directive in location contexts -- more Puppet 4 type validation -- `apache::mod::macro` class for managing mod_macro - -#### Changed -- $ssl_certs_dir default to `undef` for all platorms -- $ssl_verify_client must now be set to use any of the following: `$ssl_certs_dir`, `$ssl_ca`, `$ssl_crl_path`, `$ssl_crl`, `$ssl_verify_depth`, `$ssl_crl_check` - -#### Fixed -- issue where mod_alias was not being loaded when RedirectMatch* directives were being used ([MODULES-3942](https://tickets.puppet.com/browse/MODULES-3942)) -- issue with `$directories` parameter in `apache::vhost` -- issue in UserDir template where the UserDir path did not match the Directory path -- **Issue where the $ssl_certs_dir default set Apache to implicitly trust all client certificates that were issued by any CA in that directory** - -#### Removed -- support for EOL platforms: Ubuntu 10.04, 12.04 and Debian 6 (Squeeze) - -## Supported Release [2.0.0] -### Summary -Major release **removing Puppet 3 support** and other backwards-incompatible changes. - -#### Added -- support for FileETag directive configurable with the `file_e_tag` parameter -- ability to configure multiple ports per vhost -- RequestHeader directive to vhost template ([MODULES-4156](https://tickets.puppet.com/browse/MODULES-4156)) -- customizability for AllowOverride directive in userdir.conf ([MODULES-4516](https://tickets.puppet.com/browse/MODULES-4516)) -- AdvertiseFrequency directive for cluster.conf ([MODULES-4500](https://tickets.puppet.com/browse/MODULES-4500)) -- `ssl_proxy_protocol` and `ssl_sessioncache` parameters for mod::ssl ([MODULES-4737](https://tickets.puppet.com/browse/MODULES-4737)) -- SSLCACertificateFile directive in ssl.conf configurable with `ssl_ca` parameter -- mod::authnz_pam -- mod::intercept_form_submit -- mod::lookup_identity -- Suse compatibility for mod::proxy_html -- support for AddCharset directive configurable with `add_charset` parameter -- support for SSLProxyVerifyDepth and SSLProxyCACertificateFile directives configurable with `ssl_proxy_verify_depth` and `ssl_proxy_ca_cert` respectively -- `manage_security_crs` parameter for mod::security -- support for LimitExcept directive configurable with `limit_except` parameter -- support for WSGIRestrictEmbedded directive configurable with `wsgi_restrict_embedded` parameter -- support for custom UserDir path ([MODULES-4933](https://tickets.puppet.com/browse/MODULES-4933)) -- support for PassengerMaxRequests directive configurable with `passenger_max_requests` -- option to override module package names with `mod_packages` parameter ([MODULES-3838](https://tickets.puppet.com/browse/MODULES-3838)) - -#### Removed -- enclose_ipv6 as it was added to puppetlabs-stdlib -- deprecated `$verifyServerCert` parameter from the `apache::mod::authnz_ldap` class ([MODULES-4445](https://tickets.puppet.com/browse/MODULES-4445)) - -#### Changed -- `keepalive` default to 'On' from 'Off' -- Puppet version compatibility to ">= 4.7.0 < 6.0.0" -- puppetlabs-stdlib dependency to ">= 4.12.0 < 5.0.0" -- `ssl_cipher` to explicitly disable 3DES because of Sweet32 - -#### Fixed -- various issues in the vhost template -- use of deprecated `include_src` parameter in vhost_spec -- management of ssl.conf on RedHat systems -- various SLES/Suse params -- mod::cgi ordering for FreeBSD -- issue where ProxyPreserveHost could not be set without other Proxy* directives -- the module attempting to install proxy_html on Ubuntu Xenial and Debian Stretch - -## Supported Release [1.11.1] -#### Summary -This is a security patch release (CVE-2017-2299). These changes are also in version 2.1.0 and higher. - -#### Changed -- $ssl_certs_dir default to `undef` for all platorms -- $ssl_verify_client must now be set to use any of the following: `$ssl_certs_dir`, `$ssl_ca`, `$ssl_crl_path`, `$ssl_crl`, `$ssl_verify_depth`, `$ssl_crl_check` - -#### Fixed -- **Issue where the $ssl_certs_dir default set Apache to implicitly trust all client certificates that were issued by any CA in that directory** ([MODULES-5471](https://tickets.puppet.com/browse/MODULES-5471)) - -## Supported Release [1.11.0] -### Summary -This release adds SLES12 Support and many more features and bugfixes. - -#### Features -- (MODULES-4049) Adds SLES 12 Support -- Adds additional directories options for LDAP Auth - - `auth_ldap_url` - - `auth_ldap_bind_dn` - - `auth_ldap_bind_password` - - `auth_ldap_group_attribute` - - `auth_ldap_group_attribute_is_dn` -- Allows `mod_event` parameters to be unset -- Allows management of default root directory access rights -- Adds class `apache::vhosts` to create apache::vhost resources -- Adds class `apache::mod::proxy_wstunnel` -- Adds class `apache::mod::dumpio` -- Adds class `apache::mod::socache_shmcb` -- Adds class `apache::mod::authn_dbd` -- Adds support for apache 2.4 on Amazon Linux -- Support the newer `mod_auth_cas` config options -- Adds `wsgi_script_aliases_match` parameter to `apache::vhost` -- Allow to override all SecDefaultAction attributes -- Add audit_log_relevant_status parameter to apache::mod::security -- Allow absolute path to $apache::mod::security::activated_rules -- Allow setting SecAuditLog -- Adds `passenger_max_instances_per_app` to `mod::passenger` -- Allow the proxy_via setting to be configured -- Allow no_proxy_uris to be used within proxy_pass -- Add rpaf.conf template parameter to `mod::rpaf` -- Allow user to specify alternative package and library names for shibboleth module -- Allows configuration of shibboleth lib path -- Adds parameter `passenger_data_buffer_dir` to `mod::passenger` -- Adds SSL stapling -- Allows use of `balance_manager` with `mod_proxy_balancer` -- Raises lower bound of `stdlib` dependency to version 4.2 -- Adds support for Passenger repo on Amazon Linux -- Add ability to set SSLStaplingReturnResponderErrors on server level -- (MODULES-4213) Allow global rewrite rules inheritance in vhosts -- Moves `mod_env` to its own class and load it when required - -#### Bugfixes -- Deny access to .ht and .hg, which are created by mercurial hg. -- Instead of failing, include apache::mod::prefork in manifests/mod/itk.pp instead. -- Only set SSLCompression when it is set to true. -- Remove duplicate shib2 hash element -- (MODULES-3388) Include mpm_module classes instead of class declaration -- Updates `apache::balancer` to respect `apache::confd_dir` -- Wrap mod_security directives in an IfModule -- Fixes to various mods for Ubuntu Xenial -- Fix /etc/modsecurity perms to match package -- Fix PassengerRoot under Debian stretch -- (MODULES-3476) Updates regex in apache_version custom fact to work with EL5 -- Dont sql_injection_attacks.data -- Add force option to confd file resource to purge directory without warnings -- Patch httpoxy through mod_security -- Fixes config ordering of IncludeOptional -- Fixes bug where port numbers were unquoted -- Fixes bug where empty servername for vhost were written to template -- Auto-load `slotmem_shm` and `lbmethod_byrequests` with `proxy_balancer` on 2.4 -- Simplify MPM setup on FreeBSD -- Adds requirement for httpd package -- Do not set ssl_certs_dir on FreeBSD -- Fixes bug that produces a duplicate `Listen 443` after a package update on EL7 -- Fixes bug where custom facts break structured facts -- Avoid relative classname inclusion -- Fixes a failure in `vhost` if the first element of `$rewrites` is not a hash -- (MODULES-3744) Process $crs_package before $modsec_dir -- (MODULES-1491) Adds `::apache` include to mods that need it - -## Supported Release [1.10.0] -#### Summary -This release fixes backwards compatibility bugs introduced in 1.9.0. Also includes a new mod class and a new vhost feature. - -#### Features -- Allow setting KeepAlive related options per vhost - - `apache::vhost::keepalive` - - `apache::vhost::keepalive_timeout` - - `apache::vhost::max_keepalive_requests` -- Adds new class `apache::mod::cluster` - -#### Bugfixes -- MODULES-2890: Allow php_version != 5 -- MODULES-2890: mod::php: Explicit test on jessie -- MODULES-2890: Fix PHP on Debian stretch and Ubuntu Xenial -- MODULES-2890: Fix mod_php SetHandler and cleanup -- Fixed trailing slash in lib_path on Suse -- Revert "MODULES-2956: Enable options within location block on proxy_match". Bug introduced in release 1.9.0. -- Revert "changed rpaf Configuration Directives: RPAF -> RPAF_". Bug introduced in release 1.9.0. -- Set actual path to apachectl on FreeBSD. Fixes snippets verification. - -## Supported Release [1.9.0] [DELETED] -#### Features -- Added `apache_version` fact -- Added `apache::balancer::target` attribute -- Added `apache::fastcgi::server::pass_header` attribute -- Added ability for `apache::fastcgi::server::host` using sockets -- Added `apache::root_directory_options` attribute -- Added for `apache::mod::ldap`: - - `ldap_shared_cache_size` - - `ldap_cache_entries` - - `ldap_cache_ttl` - - `ldap_opcache_entries` - - `ldap_opcache_ttl` -- Added `apache::mod::pagespeed::package_ensure` attribute -- Added `apache::mod::passenger` attributes: - - `passenger_log_level` - - `manage_repo` -- Added upstream repo for `apache::mod::passenger` -- Added `apache::mod::proxy_fcgi` class -- Added `apache::mod::security` attributes: - - `audit_log_parts` - - `secpcrematchlimit` - - `secpcrematchlimitrecursion` - - `secdefaultaction` - - `anomaly_score_blocking` - - `inbound_anomaly_threshold` - - `outbound_anomaly_threshold` -- Added `apache::mod::ssl` attributes: - - `ssl_mutex` - - `apache_version` -- Added ubuntu 16.04 support -- Added `apache::mod::authnz_ldap::package_name` attribute -- Added `apache::mod::ldap::package_name` attribute -- Added `apache::mod::proxy::package_name` attribute -- Added `apache::vhost` attributes: - - `ssl_proxy_check_peen_expire` - - `ssl_proxy_protocol` - - `logroot_owner` - - `logroot_group` - - `setenvifnocase` - - `passenger_user` - - `passenger_high_performance` - - `jk_mounts` - - `fastcgi_idle_timeout` - - `modsec_disable_msgs` - - `modsec_disable_tags` -- Added ability for 2.4-style `RequireAll|RequireNone|RequireAny` directory permissions -- Added ability for includes in vhost directory -- Added directory values: - - `AuthMerging` - - `MellonSPMetadataFile` -- Adds Configurability of Collaborative Detection Severity Levels for OWASP Core Rule Set to `apache::mod::security` class - - `critical_anomaly_score` - - `error_anomaly_score` - - `warning_anomaly_score` - - `notice_anomaly_score` -- Adds ability to configure `info_path` in `apache::mod::info` class -- Adds ability to configure `verify_config` in `apache::vhost::custom` - -#### Bugfixes -- Fixed apache mod setup for event/worker failing syntax -- Fixed concat deprecation warnings -- Fixed pagespeed mod -- Fixed service restart on mod update -- Fixed mod dir purging to happen after package installs -- Fixed various `apache::mod::*` file modes -- Fixed `apache::mod::authnz_ldap` parameter `verifyServerCert` to be `verify_server_cert` -- Fixed loadfile name in `apache::mod::fcgid` -- Fixed `apache::mod::remoteip` to fail on apache < 2.4 (because it is not available) -- Fixed `apache::mod::ssl::ssl_honorcipherorder` interpolation -- Lint fixes -- Strict variable fixes -- Fixed `apache::vhost` attribute `redirectmatch_status` to be optional -- Fixed SSLv3 on by default in mod\_nss -- Fixed mod\_rpaf directive names in template -- Fixed mod\_worker needing MaxClients with ThreadLimit -- Fixed quoting on vhost php\_value -- Fixed xml2enc for proxy\_html on debian -- Fixed a problem where the apache service restarts too fast - -## Supported Release [1.8.1] -### Summary -This release includes bug fixes and a documentation update. - -#### Bugfixes -- Fixes a bug that occurs when using the module in combination with puppetlabs-concat 2.x. -- Fixes a bug where passenger.conf was vulnerable to purging. -- Removes the pin of the concat module dependency. - -## Supported Release [1.8.0] -### Summary -This release includes a lot of bug fixes and feature updates, including support for Debian 8, as well as many test improvements. - -#### Features -- Debian 8 Support. -- Added the 'file_mode' property to allow a custom permission setting for config files. -- Enable 'PassengerMaxRequestQueueSize' to be set for mod_passenger. -- MODULES-2956: Enable options within location block on proxy_match. -- Support itk on redhat. -- Support the mod_ssl SSLProxyVerify directive. -- Support ProxPassReverseCookieDomain directive (mod_proxy). -- Support proxy provider for vhost directories. -- Added new 'apache::vhost::custom' resource. - -#### Bugfixes -- Fixed ProxyPassReverse configuration. -- Fixed error in Amazon operatingsystem detection. -- Fixed mod_security catalog ordering issues for RedHat 7. -- Fixed paths and packages for the shib2 apache module on Debian pre Jessie. -- Fixed EL7 directory path for apache modules. -- Fixed validation error when empty array is passed for the rewrites parameter. -- Idempotency fixes with regards to '::apache::mod_enable_dir'. -- ITK fixes. -- (MODULES-2865) fix $mpm_module logic for 'false'. -- Set SSLProxy directives even if ssl is false, due to issue with RewriteRules and ProxyPass directives. -- Enable setting LimitRequestFieldSize globally, and remove it from vhost. - -#### Improvements -- apache::mod::php now uses FilesMatch to configure the php handler. This is following the recommended upstream configuration guidelines (http://php.net/manual/en/install.unix.apache2.php#example-20) and distribution's default config (e.g.: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/vivid/php5/vivid/view/head:/debian/php5.conf). It avoids inadvertently exposing the PHP handler to executing uploads with names like 'file.php.jpg', but might impact setups with unusual requirements. -- Improved compatibility for Gentoo. -- Vhosts can now be supplied with a wildcard listen value. -- Numerous test improvements. -- Removed workarounds for https://bz.apache.org/bugzilla/show_bug.cgi?id=38864 as the issues have been fixed in Apache. -- Documentation updates. -- Ensureed order of ProxyPass and ProxyPassMatch parameters. -- Ensure that ProxyPreserveHost is set to off mode explicitly if not set in manifest. -- Put headers and request headers before proxy with regards to template generation. -- Added X-Forwarded-For into log_formats defaults. -- (MODULES-2703) Allow mod pagespeed to take an array of lines as additional_configuration. - -## Supported Release [1.7.1] -###Summary - -Small release for support of newer PE versions. This increments the version of PE in the metadata.json file. - -## Supported Release [1.7.0] -### Summary -This release includes many new features and bugfixes. There are test, documentation and misc improvements. - -#### Features -- allow groups with - like vhost-users -- ability to enable/disable the secruleengine through a parameter -- add mod_auth_kerb parameters to vhost -- client auth for reverse proxy -- support for mod_auth_mellon -- change SSLProtocol in apache::vhost to be space separated -- RewriteLock support - -#### Bugfixes -- fix apache::mod::cgid so it can be used with the event MPM -- load unixd before fcgid on all operating systems -- fixes conditional in vhost aliases -- corrects mod_cgid worker/event defaults -- ProxyPassMatch parameters were ending up on a newline -- catch that mod_authz_default has been removed in Apache 2.4 -- mod::ssl fails on SLES -- fix typo of MPM_PREFORK for FreeBSD package install -- install all modules before adding custom configs -- fix acceptance testing for SSLProtocol behaviour for real -- fix ordering issue with conf_file and ports_file - -#### Known Issues -- mod_passenger is having issues installing on Redhat/Centos 6, This is due to package dependency issues. - -#### Improvements -- added docs for forcetype directive -- removes ruby 1.8.7 from the travisci test matrix -- readme reorganisation, minor fixups -- support the mod_proxy ProxyPassReverseCookiePath directive -- the purge_vhost_configs parameter is actually called purge_vhost_dir -- add ListenBacklog for mod worker -- deflate application/json by default -- install mod_authn_alias as default mod in debian for apache < 2.4 -- optionally set LimitRequestFieldSize on an apache::vhost -- add SecUploadDir parameter to support file uploads with mod_security -- optionally set parameters for mod_ext_filter module -- allow SetOutputFilter to be set on a directory -- RC4 is deprecated -- allow empty docroot -- add option to configure the include pattern for the vhost_enable dir -- allow multiple IP addresses per vhost -- default document root update for Ubuntu 14.04 and Debian 8 - -## Supported Release [1.6.0] -### Summary -This release includes a couple of new features, along with test and documentation updates, and support for the latest AIO puppet builds. - -#### Features -- Add `scan_proxy_header_field` parameter to `apache::mod::geoip` -- Add `ssl_openssl_conf_cmd` parameter to `apache::vhost` and `apache::mod::ssl` -- Add `filters` parameter to `apache::vhost` - -#### Bugfixes -- Test updates -- Do not use systemd on Amazon Linux -- Add missing docs for `timeout` parameter (MODULES-2148) - -## Supported Release [1.5.0] -### Summary -This release primarily adds Suse compatibility. It also adds a handful of other -parameters for greater configuration control. - -#### Features -- Add `apache::lib_path` parameter -- Add `apache::service_restart` parameter -- Add `apache::vhost::geoip_enable` parameter -- Add `apache::mod::geoip` class -- Add `apache::mod::remoteip` class -- Add parameters to `apache::mod::expires` class -- Add `index_style_sheet` handling to `apache::vhost::directories` -- Add some compatibility for SLES 11 -- Add `apache::mod::ssl::ssl_sessioncachetimeout` parameter -- Add `apache::mod::ssl::ssl_cryptodevice` parameter -- Add `apache::mod::ssl::ssl_honorcipherorder` parameter -- Add `apache::mod::userdir::options` parameter - -#### Bugfixes -- Document `apache::user` parameter -- Document `apache::group` parameter -- Fix apache::dev on FreeBSD -- Fix proxy\_connect on apache >= 2.2 -- Validate log levels better -- Fix `apache::apache_name` for package and vhost -- Fix Debian Jessie mod\_prefork package name -- Fix alias module being declared even when vhost is absent -- Fix proxy\_pass\_match handling in vhost's proxy template -- Fix userdir access permissions -- Fix issue where the module was trying to use systemd on Amazon Linux. - -## Supported Release [1.4.1] - -This release corrects a metadata issue that has been present since release 1.2.0. The refactoring of `apache::vhost` to use `puppetlabs-concat` requires a version of concat newer than the version required in PE. If you are using PE 3.3.0 or earlier you will need to use version 1.1.1 or earlier of the `puppetlabs-apache` module. - -## Supported Release [1.4.0] -###Summary - -This release fixes the issue where the docroot was still managed even if the default vhosts were disabled and has many other features and bugfixes including improved support for 'deny' and 'require' as arrays in the 'directories' parameter under `apache::vhost` - -#### Features -- New parameters to `apache` - - `default_charset` - - `default_type` -- New parameters to `apache::vhost` - - `proxy_error_override` - - `passenger_app_env` (MODULES-1776) - - `proxy_dest_match` - - `proxy_dest_reverse_match` - - `proxy_pass_match` - - `no_proxy_uris_match` -- New parameters to `apache::mod::passenger` - - `passenger_app_env` - - `passenger_min_instances` -- New parameter to `apache::mod::alias` - - `icons_options` -- New classes added under `apache::mod::*` - - `authn_file` - - `authz_default` - - `authz_user` -- Added support for 'deny' as an array in 'directories' under `apache::vhost` -- Added support for RewriteMap -- Improved support for FreeBSD. (Note: If using apache < 2.4.12, see the discussion [here](https://github.com/puppetlabs/puppetlabs-apache/pull/1030)) -- Added check for deprecated options in directories and fail when they are unsupported -- Added gentoo compatibility -- Added proper array support for `require` in the `directories` parameter in `apache::vhost` -- Added support for `setenv` inside proxy locations - -### Bugfixes -- Fix issue in `apache::vhost` that was preventing the scriptalias fragment from being included (MODULES-1784) -- Install required `mod_ldap` package for EL7 (MODULES-1779) -- Change default value of `maxrequestworkers` in `apache::mod::event` to be a multiple of the default `ThreadsPerChild` of 25. -- Use the correct `mod_prefork` package name for trusty and jessie -- Don't manage docroot when default vhosts are disabled -- Ensure resources notify `Class['Apache::Service']` instead of `Service['httpd']` (MODULES-1829) -- Change the loadfile name for `mod_passenger` so `mod_proxy` will load by default before `mod_passenger` -- Remove old Debian work-around that removed `passenger_extra.conf` - -## Supported Release [1.3.0] -### Summary - -This release has many new features and bugfixes, including the ability to optionally not trigger service restarts on config changes. - -#### Features -- New parameters - `apache` - - `service_manage` - - `use_optional_includes` -- New parameters - `apache::service` - - `service_manage` -- New parameters - `apache::vhost` - - `access_logs` - - `php_flags` - - `php_values` - - `modsec_disable_vhost` - - `modsec_disable_ids` - - `modsec_disable_ips` - - `modsec_body_limit` -- Improved FreeBSD support -- Add ability to omit priority prefix if `$priority` is set to false -- Add `apache::security::rule_link` define -- Improvements to `apache::mod::*` - - Add `apache::mod::auth_cas` class - - Add `threadlimit`, `listenbacklog`, `maxrequestworkers`, `maxconnectionsperchild` parameters to `apache::mod::event` - - Add `apache::mod::filter` class - - Add `root_group` to `apache::mod::php` - - Add `apache::mod::proxy_connect` class - - Add `apache::mod::security` class - - Add `ssl_pass_phrase_dialog` and `ssl_random_seed_bytes` parameters to `apache::mod::ssl` (MODULES-1719) - - Add `status_path` parameter to `apache::mod::status` - - Add `apache_version` parameter to `apache::mod::version` - - Add `package_name` and `mod_path` parameters to `apache::mod::wsgi` (MODULES-1458) -- Improved SCL support - - Add support for specifying the docroot -- Updated `_directories.erb` to add support for SetEnv -- Support multiple access log directives (MODULES-1382) -- Add passenger support for Debian Jessie -- Add support for not having puppet restart the apache service (MODULES-1559) - -#### Bugfixes -- For apache 2.4 `mod_itk` requires `mod_prefork` (MODULES-825) -- Allow SSLCACertificatePath to be unset in `apache::vhost` (MODULES-1457) -- Load fcgid after unixd on RHEL7 -- Allow disabling default vhost for Apache 2.4 -- Test fixes -- `mod_version` is now built-in (MODULES-1446) -- Sort LogFormats for idempotency -- `allow_encoded_slashes` was omitted from `apache::vhost` -- Fix documentation bug (MODULES-1403, MODULES-1510) -- Sort `wsgi_script_aliases` for idempotency (MODULES-1384) -- lint fixes -- Fix automatic version detection for Debian Jessie -- Fix error docs and icons path for RHEL7-based systems (MODULES-1554) -- Sort php_* hashes for idempotency (MODULES-1680) -- Ensure `mod::setenvif` is included if needed (MODULES-1696) -- Fix indentation in `vhost/_directories.erb` template (MODULES-1688) -- Create symlinks on all distros if `vhost_enable_dir` is specified - -## Supported Release [1.2.0] -### Summary - -This release features many improvements and bugfixes, including several new defines, a reworking of apache::vhost for more extensibility, and many new parameters for more customization. This release also includes improved support for strict variables and the future parser. - -#### Features -- Convert apache::vhost to use concat for easier extensions -- Test improvements -- Synchronize files with modulesync -- Strict variable and future parser support -- Added apache::custom_config defined type to allow validation of configs before they are created -- Added bool2httpd function to convert true/false to apache 'On' and 'Off'. Intended for internal use in the module. -- Improved SCL support - - allow overriding of the mod_ssl package name -- Add support for reverse_urls/ProxyPassReverse in apache::vhost -- Add satisfy directive in apache::vhost::directories -- Add apache::fastcgi::server defined type -- New parameters - apache - - allow_encoded_slashes - - apache_name - - conf_dir - - default_ssl_crl_check - - docroot - - logroot_mode - - purge_vhost_dir -- New parameters - apache::vhost - - add_default_charset - - allow_encoded_slashes - - logroot_ensure - - logroot_mode - - manage_docroot - - passenger_app_root - - passenger_min_instances - - passenger_pre_start - - passenger_ruby - - passenger_start_timeout - - proxy_preserve_host - - redirectmatch_dest - - ssl_crl_check - - wsgi_chunked_request - - wsgi_pass_authorization -- Add support for ScriptAlias and ScriptAliasMatch in the apache::vhost::aliases parameter -- Add support for rewrites in the apache::vhost::directories parameter -- If the service_ensure parameter in apache::service is set to anything other than true, false, running, or stopped, ensure will not be passed to the service resource, allowing for the service to not be managed by puppet -- Turn of SSLv3 by default -- Improvements to apache::mod* - - Add restrict_access parameter to apache::mod::info - - Add force_language_priority and language_priority parameters to apache::mod::negotiation - - Add threadlimit parameter to apache::mod::worker - - Add content, template, and source parameters to apache::mod::php - - Add mod_authz_svn support via the authz_svn_enabled parameter in apache::mod::dav_svn - - Add loadfile_name parameter to apache::mod - - Add apache::mod::deflate class - - Add options parameter to apache::mod::fcgid - - Add timeouts parameter to apache::mod::reqtimeout - - Add apache::mod::shib - - Add apache_version parameter to apache::mod::ldap - - Add magic_file parameter to apache::mod::mime_magic - - Add apache_version parameter to apache::mod::pagespeed - - Add passenger_default_ruby parameter to apache::mod::passenger - - Add content, template, and source parameters to apache::mod::php - - Add apache_version parameter to apache::mod::proxy - - Add loadfiles parameter to apache::mod::proxy_html - - Add ssl_protocol and package_name parameters to apache::mod::ssl - - Add apache_version parameter to apache::mod::status - - Add apache_version parameter to apache::mod::userdir - - Add apache::mod::version class - -#### Bugfixes -- Set osfamily defaults for wsgi_socket_prefix -- Support multiple balancermembers with the same url -- Validate apache::vhost::custom_fragment -- Add support for itk with mod_php -- Allow apache::vhost::ssl_certs_dir to not be set -- Improved passenger support for Debian -- Improved 2.4 support without mod_access_compat -- Support for more than one 'Allow from'-directive in _directories.erb -- Don't load systemd on Amazon linux based on CentOS6 with apache 2.4 -- Fix missing newline in ModPagespeed filter and memcached servers directive -- Use interpolated strings instead of numbers where required by future parser -- Make auth_require take precedence over default with apache 2.4 -- Lint fixes -- Set default for php_admin_flags and php_admin_values to be empty hash instead of empty array -- Correct typo in mod::pagespeed -- spec_helper fixes -- Install mod packages before dealing with the configuration -- Use absolute scope to check class definition in apache::mod::php -- Fix dependency loop in apache::vhost -- Properly scope variables in the inline template in apache::balancer -- Documentation clarification, typos, and formatting -- Set apache::mod::ssl::ssl_mutex to default for debian on apache >= 2.4 -- Strict variables fixes -- Add authn_core mode to Ubuntu trusty defaults -- Keep default loadfile for authz_svn on Debian -- Remove '.conf' from the site-include regexp for better Ubuntu/Debian support -- Load unixd before fcgid for EL7 -- Fix RedirectMatch rules -- Fix misleading error message in apache::version - -#### Known Bugs -* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. -* SLES is unsupported. - -## Supported Release [1.1.1] -### Summary - -This release merely updates metadata.json so the module can be uninstalled and -upgraded via the puppet module command. - -## Supported Release [1.1.0] - -### Summary - -This release primarily focuses on extending the httpd 2.4 support, tested -through adding RHEL7 and Ubuntu 14.04 support. It also includes Passenger -4 support, as well as several new modules and important bugfixes. - -#### Features - -- Add support for RHEL7 and Ubuntu 14.04 -- More complete apache24 support -- Passenger 4 support -- Add support for max_keepalive_requests and log_formats parameters -- Add mod_pagespeed support -- Add mod_speling support -- Added several parameters for mod_passenger -- Added ssl_cipher parameter to apache::mod::ssl -- Improved examples in documentation -- Added docroot_mode, action, and suexec_user_group parameters to apache::vhost -- Add support for custom extensions for mod_php -- Improve proxy_html support for Debian - -#### Bugfixes - -- Remove NameVirtualHost directive for apache >= 2.4 -- Order proxy_set option so it doesn't change between runs -- Fix inverted SSL compression -- Fix missing ensure on concat::fragment resources -- Fix bad dependencies in apache::mod and apache::mod::mime - -#### Known Bugs -* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. -* SLES is unsupported. - -## Supported Release [1.0.1] -### Summary - -This is a supported release. This release removes a testing symlink that can -cause trouble on systems where /var is on a seperate filesystem from the -modulepath. - -#### Features -#### Bugfixes -#### Known Bugs -* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. -* SLES is unsupported. - -## Supported Release [1.0.0] -### Summary - -This is a supported release. This release introduces Apache 2.4 support for -Debian and RHEL based osfamilies. - -#### Features - -- Add apache24 support -- Add rewrite_base functionality to rewrites -- Updated README documentation -- Add WSGIApplicationGroup and WSGIImportScript directives - -#### Bugfixes - -- Replace mutating hashes with merge() for Puppet 3.5 -- Fix WSGI import_script and mod_ssl issues on Lucid - -#### Known Bugs -* By default, the version of Apache that ships with Ubuntu 10.04 does not work with `wsgi_import_script`. -* SLES is unsupported. - ---- - -## Supported Release [0.11.0] -### Summary: - -This release adds preliminary support for Windows compatibility and multiple rewrite support. - -#### Backwards-incompatible Changes: - -- The rewrite_rule parameter is deprecated in favor of the new rewrite parameter - and will be removed in a future release. - -#### Features: - -- add Match directive -- quote paths for windows compatibility -- add auth_group_file option to README.md -- allow AuthGroupFile directive for vhosts -- Support Header directives in vhost context -- Don't purge mods-available dir when separate enable dir is used -- Fix the servername used in log file name -- Added support for mod_include -- Remove index parameters. -- Support environment variable control for CustomLog -- added redirectmatch support -- Setting up the ability to do multiple rewrites and conditions. -- Convert spec tests to beaker. -- Support php_admin_(flag|value)s - -#### Bugfixes: - -- directories are either a Hash or an Array of Hashes -- Configure Passenger in separate .conf file on RH so PassengerRoot isn't lost -- (docs) Update list of `apache::mod::[name]` classes -- (docs) Fix apache::namevirtualhost example call style -- Fix $ports_file reference in apache::listen. -- Fix $ports_file reference in Namevirtualhost. - - -## Supported Release [0.10.0] -### Summary: - -This release adds FreeBSD osfamily support and various other improvements to some mods. - -#### Features: - -- Add suPHP_UserGroup directive to directory context -- Add support for ScriptAliasMatch directives -- Set SSLOptions StdEnvVars in server context -- No implicit entry for ScriptAlias path -- Add support for overriding ErrorDocument -- Add support for AliasMatch directives -- Disable default "allow from all" in vhost-directories -- Add WSGIPythonPath as an optional parameter to mod_wsgi. -- Add mod_rpaf support -- Add directives: IndexOptions, IndexOrderDefault -- Add ability to include additional external configurations in vhost -- need to use the provider variable not the provider key value from the directory hash for matches -- Support for FreeBSD and few other features -- Add new params to apache::mod::mime class -- Allow apache::mod to specify module id and path -- added $server_root parameter -- Add Allow and ExtendedStatus support to mod_status -- Expand vhost/_directories.pp directive support -- Add initial support for nss module (no directives in vhost template yet) -- added peruser and event mpms -- added $service_name parameter -- add parameter for TraceEnable -- Make LogLevel configurable for server and vhost -- Add documentation about $ip -- Add ability to pass ip (instead of wildcard) in default vhost files - -#### Bugfixes: - -- Don't listen on port or set NameVirtualHost for non-existent vhost -- only apply Directory defaults when provider is a directory -- Working mod_authnz_ldap support on Debian/Ubuntu - -## Supported Release [0.9.0] -### Summary: -This release adds more parameters to the base apache class and apache defined -resource to make the module more flexible. It also adds or enhances SuPHP, -WSGI, and Passenger mod support, and support for the ITK mpm module. - -#### Backwards-incompatible Changes: -- Remove many default mods that are not normally needed. -- Remove `rewrite_base` `apache::vhost` parameter; did not work anyway. -- Specify dependencies on stdlib >=2.4.0 (this was already the case, but -making explicit) -- Deprecate `a2mod` in favor of the `apache::mod::*` classes and `apache::mod` -defined resource. - -#### Features: -- `apache` class - - Add `httpd_dir` parameter to change the location of the configuration - files. - - Add `logroot` parameter to change the logroot - - Add `ports_file` parameter to changes the `ports.conf` file location - - Add `keepalive` parameter to enable persistent connections - - Add `keepalive_timeout` parameter to change the timeout - - Update `default_mods` to be able to take an array of mods to enable. -- `apache::vhost` - - Add `wsgi_daemon_process`, `wsgi_daemon_process_options`, - `wsgi_process_group`, and `wsgi_script_aliases` parameters for per-vhost - WSGI configuration. - - Add `access_log_syslog` parameter to enable syslogging. - - Add `error_log_syslog` parameter to enable syslogging of errors. - - Add `directories` hash parameter. Please see README for documentation. - - Add `sslproxyengine` parameter to enable SSLProxyEngine - - Add `suphp_addhandler`, `suphp_engine`, and `suphp_configpath` for - configuring SuPHP. - - Add `custom_fragment` parameter to allow for arbitrary apache - configuration injection. (Feature pull requests are prefered over using - this, but it is available in a pinch.) -- Add `apache::mod::suphp` class for configuring SuPHP. -- Add `apache::mod::itk` class for configuring ITK mpm module. -- Update `apache::mod::wsgi` class for global WSGI configuration with -`wsgi_socket_prefix` and `wsgi_python_home` parameters. -- Add README.passenger.md to document the `apache::mod::passenger` usage. -Added `passenger_high_performance`, `passenger_pool_idle_time`, -`passenger_max_requests`, `passenger_stat_throttle_rate`, `rack_autodetect`, -and `rails_autodetect` parameters. -- Separate the httpd service resource into a new `apache::service` class for -dependency chaining of `Class['apache'] -> ~> -Class['apache::service']` -- Added `apache::mod::proxy_balancer` class for `apache::balancer` - -#### Bugfixes: -- Change dependency to puppetlabs-concat -- Fix ruby 1.9 bug for `a2mod` -- Change servername to be `$::hostname` if there is no `$::fqdn` -- Make `/etc/ssl/certs` the default ssl certs directory for RedHat non-5. -- Make `php` the default php package for RedHat non-5. -- Made `aliases` able to take a single alias hash instead of requiring an -array. - -## Supported Release [0.8.1] -#### Bugfixes: -- Update `apache::mpm_module` detection for worker/prefork -- Update `apache::mod::cgi` and `apache::mod::cgid` detection for -worker/prefork - -## Supported Release [0.8.0] -#### Features: -- Add `servername` parameter to `apache` class -- Add `proxy_set` parameter to `apache::balancer` define - -#### Bugfixes: -- Fix ordering for multiple `apache::balancer` clusters -- Fix symlinking for sites-available on Debian-based OSs -- Fix dependency ordering for recursive confdir management -- Fix `apache::mod::*` to notify the service on config change -- Documentation updates - -## Supported Release [0.7.0] -#### Changes: -- Essentially rewrite the module -- too many to list -- `apache::vhost` has many abilities -- see README.md for details -- `apache::mod::*` classes provide httpd mod-loading capabilities -- `apache` base class is much more configurable - -#### Bugfixes: -- Many. And many more to come - -## Supported Release [0.6.0] -- update travis tests (add more supported versions) -- add access log_parameter -- make purging of vhost dir configurable - -## Supported Release [0.4.0] -#### Changes: -- `include apache` is now required when using `apache::mod::*` - -#### Bugfixes: -- Fix syntax for validate_re -- Fix formatting in vhost template -- Fix spec tests such that they pass - -## Supported Release [0.0.4] -* e62e362 Fix broken tests for ssl, vhost, vhost::* -* 42c6363 Changes to match style guide and pass puppet-lint without error -* 42bc8ba changed name => path for file resources in order to name namevar by it's name -* 72e13de One end too much -* 0739641 style guide fixes: 'true' <> true, $operatingsystem needs to be $::operatingsystem, etc. -* 273f94d fix tests -* a35ede5 (#13860) Make a2enmod/a2dismo commands optional -* 98d774e (#13860) Autorequire Package['httpd'] -* 05fcec5 (#13073) Add missing puppet spec tests -* 541afda (#6899) Remove virtual a2mod definition -* 976cb69 (#13072) Move mod python and wsgi package names to params -* 323915a (#13060) Add .gitignore to repo -* fdf40af (#13060) Remove pkg directory from source tree -* fd90015 Add LICENSE file and update the ModuleFile -* d3d0d23 Re-enable local php class -* d7516c7 Make management of firewalls configurable for vhosts -* 60f83ba Explicitly lookup scope of apache_name in templates. -* f4d287f (#12581) Add explicit ordering for vdir directory -* 88a2ac6 (#11706) puppetlabs-apache depends on puppetlabs-firewall -* a776a8b (#11071) Fix to work with latest firewall module -* 2b79e8b (#11070) Add support for Scientific Linux -* 405b3e9 Fix for a2mod -* 57b9048 Commit apache::vhost::redirect Manifest -* 8862d01 Commit apache::vhost::proxy Manifest -* d5c1fd0 Commit apache::mod::wsgi Manifest -* a825ac7 Commit apache::mod::python Manifest -* b77062f Commit Templates -* 9a51b4a Vhost File Declarations -* 6cf7312 Defaults for Parameters -* 6a5b11a Ensure installed -* f672e46 a2mod fix -* 8a56ee9 add pthon support to apache - -[3.2.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/3.1.0...3.2.0 -[3.1.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/3.0.0...3.1.0 -[3.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.3.1...3.0.0 -[2.3.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.3.0...2.3.1 -[2.3.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.2.0...2.3.0 -[2.2.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.1.0...2.2.0 -[2.1.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/2.0.0...2.1.0 -[2.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...2.0.0 -[1.11.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.11.0...1.11.1 -[1.11.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.10.0...1.11.0 -[1.10.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.9.0...1.10.0 -[1.9.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.8.1...1.9.0 -[1.8.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.8.0...1.8.1 -[1.8.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.7.1...1.8.0 -[1.7.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.7.0...1.7.1 -[1.7.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.6.0...1.7.0 -[1.6.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.5.0...1.6.0 -[1.5.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.4.1...1.5.0 -[1.4.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.4.0...1.4.1 -[1.4.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.3.0...1.4.0 -[1.3.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.2.0...1.3.0 -[1.2.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.1.1...1.2.0 -[1.1.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.1.0...1.1.1 -[1.1.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.0.1...1.1.0 -[1.0.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.0.0...1.0.1 -[1.0.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.11.0...1.0.0 -[0.11.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.10.0...0.11.0 -[0.10.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.9.0...0.10.0 -[0.9.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/1.8.1...0.9.0 -[0.8.1]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.8.0...0.8.1 -[0.8.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.7.0...0.8.0 -[0.7.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.6.0...0.7.0 -[0.6.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.5.0-rc1...0.6.0 -[0.5.0-rc1]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.4.0...0.5.0-rc1 -[0.4.0]:https://github.com/puppetlabs/puppetlabs-apache/compare/0.3.0...0.4.0 -[0.0.4]:https://github.com/puppetlabs/puppetlabs-apache/commits/0.0.4 diff --git a/puppet/modules/apache/MAINTAINERS.md b/puppet/modules/apache/MAINTAINERS.md deleted file mode 100644 index 18a3388..0000000 --- a/puppet/modules/apache/MAINTAINERS.md +++ /dev/null @@ -1,6 +0,0 @@ -## Maintenance - -Maintainers: - - Puppet Forge Modules Team `forge-modules |at| puppet |dot| com` - -Tickets: https://tickets.puppet.com/browse/MODULES. Make sure to set component to `apache`. diff --git a/puppet/modules/apache/NOTICE b/puppet/modules/apache/NOTICE deleted file mode 100644 index 0bd0604..0000000 --- a/puppet/modules/apache/NOTICE +++ /dev/null @@ -1,15 +0,0 @@ -Puppet Module - puppetlabs-apache - -Copyright 2018 Puppet, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file diff --git a/puppet/modules/apache/README.md b/puppet/modules/apache/README.md deleted file mode 100755 index 5c02b2a..0000000 --- a/puppet/modules/apache/README.md +++ /dev/null @@ -1,6056 +0,0 @@ -# apache - -[Module description]: #module-description - -[Setup]: #setup -[Beginning with Apache]: #beginning-with-apache - -[Usage]: #usage -[Configuring virtual hosts]: #configuring-virtual-hosts -[Configuring virtual hosts with SSL]: #configuring-virtual-hosts-with-ssl -[Configuring virtual host port and address bindings]: #configuring-virtual-host-port-and-address-bindings -[Configuring virtual hosts for apps and processors]: #configuring-virtual-hosts-for-apps-and-processors -[Configuring IP-based virtual hosts]: #configuring-ip-based-virtual-hosts -[Installing Apache modules]: #installing-apache-modules -[Installing arbitrary modules]: #installing-arbitrary-modules -[Installing specific modules]: #installing-specific-modules -[Configuring FastCGI servers]: #configuring-fastcgi-servers-to-handle-php-files -[Load balancing examples]: #load-balancing-examples -[apache affects]: #what-the-apache-module-affects - -[Reference]: #reference -[Public classes]: #public-classes -[Private classes]: #private-classes -[Public defined types]: #public-defined-types -[Private defined types]: #private-defined-types -[Templates]: #templates -[Tasks]: #tasks - -[Limitations]: #limitations - -[Development]: #development -[Contributing]: #contributing - -[`AddDefaultCharset`]: https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset -[`add_listen`]: #add_listen -[`Alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#alias -[`AliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#aliasmatch -[aliased servers]: https://httpd.apache.org/docs/current/urlmapping.html -[`AllowEncodedSlashes`]: https://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes -[`apache`]: #class-apache -[`apache_version`]: #apache_version -[`apache::balancer`]: #defined-type-apachebalancer -[`apache::balancermember`]: #defined-type-apachebalancermember -[`apache::fastcgi::server`]: #defined-type-apachefastcgiserver -[`apache::mod`]: #defined-type-apachemod -[`apache::mod::`]: #classes-apachemodmodule-name -[`apache::mod::alias`]: #class-apachemodalias -[`apache::mod::auth_cas`]: #class-apachemodauth_cas -[`apache::mod::auth_mellon`]: #class-apachemodauth_mellon -[`apache::mod::authn_dbd`]: #class-apachemodauthn_dbd -[`apache::mod::authnz_ldap`]: #class-apachemodauthnz_ldap -[`apache::mod::cluster`]: #class-apachemodcluster -[`apache::mod::data]: #class-apachemoddata -[`apache::mod::disk_cache`]: #class-apachemoddisk_cache -[`apache::mod::dumpio`]: #class-apachemoddumpio -[`apache::mod::event`]: #class-apachemodevent -[`apache::mod::ext_filter`]: #class-apachemodext_filter -[`apache::mod::geoip`]: #class-apachemodgeoip -[`apache::mod::http2`]: #class-apachemodhttp2 -[`apache::mod::itk`]: #class-apachemoditk -[`apache::mod::jk`]: #class-apachemodjk -[`apache::mod::ldap`]: #class-apachemodldap -[`apache::mod::passenger`]: #class-apachemodpassenger -[`apache::mod::peruser`]: #class-apachemodperuser -[`apache::mod::prefork`]: #class-apachemodprefork -[`apache::mod::proxy`]: #class-apachemodproxy -[`apache::mod::proxy_balancer`]: #class-apachemodproxybalancer -[`apache::mod::proxy_fcgi`]: #class-apachemodproxy_fcgi -[`apache::mod::proxy_html`]: #class-apachemodproxy_html -[`apache::mod::python`]: #class-apachemodpython -[`apache::mod::security`]: #class-apachemodsecurity -[`apache::mod::shib`]: #class-apachemodshib -[`apache::mod::ssl`]: #class-apachemodssl -[`apache::mod::status`]: #class-apachemodstatus -[`apache::mod::userdir`]: #class-apachemoduserdir -[`apache::mod::worker`]: #class-apachemodworker -[`apache::mod::wsgi`]: #class-apachemodwsgi -[`apache::params`]: #class-apacheparams -[`apache::version`]: #class-apacheversion -[`apache::vhost`]: #defined-type-apachevhost -[`apache::vhost::custom`]: #defined-type-apachevhostcustom -[`apache::vhost::WSGIImportScript`]: #wsgiimportscript -[Apache HTTP Server]: https://httpd.apache.org -[Apache modules]: https://httpd.apache.org/docs/current/mod/ -[array]: https://docs.puppet.com/puppet/latest/reference/lang_data_array.html - -[audit log]: https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats#audit-log - -[beaker-rspec]: https://github.com/puppetlabs/beaker-rspec - -[certificate revocation list]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationfile -[certificate revocation list path]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationpath -[common gateway interface]: https://httpd.apache.org/docs/current/howto/cgi.html -[`confd_dir`]: #confd_dir -[`content`]: #content -[CONTRIBUTING.md]: CONTRIBUTING.md -[custom error documents]: https://httpd.apache.org/docs/current/custom-error.html -[`custom_fragment`]: #custom_fragment - -[`default_mods`]: #default_mods -[`default_ssl_crl`]: #default_ssl_crl -[`default_ssl_crl_path`]: #default_ssl_crl_path -[`default_ssl_vhost`]: #default_ssl_vhost -[`dev_packages`]: #dev_packages -[`directory`]: #directory -[`directories`]: #parameter-directories-for-apachevhost -[`DirectoryIndex`]: https://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex -[`docroot`]: #docroot -[`docroot_owner`]: #docroot_owner -[`docroot_group`]: #docroot_group -[`DocumentRoot`]: https://httpd.apache.org/docs/current/mod/core.html#documentroot - -[`EnableSendfile`]: https://httpd.apache.org/docs/current/mod/core.html#enablesendfile -[enforcing mode]: http://selinuxproject.org/page/Guide/Mode -[`ensure`]: https://docs.puppet.com/latest/type.html#package-attribute-ensure -[`error_log_file`]: #error_log_file -[`error_log_syslog`]: #error_log_syslog -[`error_log_pipe`]: #error_log_pipe -[`ExpiresByType`]: https://httpd.apache.org/docs/current/mod/mod_expires.html#expiresbytype -[exported resources]: http://docs.puppet.com/latest/reference/lang_exported.md -[`ExtendedStatus`]: https://httpd.apache.org/docs/current/mod/core.html#extendedstatus - -[Facter]: http://docs.puppet.com/facter/ -[FastCGI]: http://www.fastcgi.com/ -[FallbackResource]: https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource -[`fallbackresource`]: #fallbackresource -[`FileETag`]: https://httpd.apache.org/docs/current/mod/core.html#fileetag -[filter rules]: https://httpd.apache.org/docs/current/filter.html -[`filters`]: #filters -[`ForceType`]: https://httpd.apache.org/docs/current/mod/core.html#forcetype - -[GeoIPScanProxyHeaders]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Proxy-Related_Directives -[`gentoo/puppet-portage`]: https://github.com/gentoo/puppet-portage - -[Hash]: https://docs.puppet.com/puppet/latest/reference/lang_data_hash.html -[`HttpProtocolOptions`]: http://httpd.apache.org/docs/current/mod/core.html#httpprotocoloptions - -[`IncludeOptional`]: https://httpd.apache.org/docs/current/mod/core.html#includeoptional -[`Include`]: https://httpd.apache.org/docs/current/mod/core.html#include -[interval syntax]: https://httpd.apache.org/docs/current/mod/mod_expires.html#AltSyn -[`ip`]: #ip -[`ip_based`]: #ip_based -[IP-based virtual hosts]: https://httpd.apache.org/docs/current/vhosts/ip-based.html - -[`KeepAlive`]: https://httpd.apache.org/docs/current/mod/core.html#keepalive -[`KeepAliveTimeout`]: https://httpd.apache.org/docs/current/mod/core.html#keepalivetimeout -[`keepalive` parameter]: #keepalive -[`keepalive_timeout`]: #keepalive_timeout -[`limitreqfieldsize`]: https://httpd.apache.org/docs/current/mod/core.html#limitrequestfieldsize -[`limitreqfields`]: http://httpd.apache.org/docs/current/mod/core.html#limitrequestfields - -[`lib`]: #lib -[`lib_path`]: #lib_path -[`Listen`]: https://httpd.apache.org/docs/current/bind.html -[`ListenBackLog`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#listenbacklog -[`LoadFile`]: https://httpd.apache.org/docs/current/mod/mod_so.html#loadfile -[`LogFormat`]: https://httpd.apache.org/docs/current/mod/mod_log_config.html#logformat -[`logroot`]: #logroot -[Log security]: https://httpd.apache.org/docs/current/logs.html#security - -[`manage_docroot`]: #manage_docroot -[`manage_user`]: #manage_user -[`manage_group`]: #manage_group -[`supplementary_groups`]: #supplementary_groups -[`MaxConnectionsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxconnectionsperchild -[`max_keepalive_requests`]: #max_keepalive_requests -[`MaxRequestWorkers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxrequestworkers -[`MaxSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxsparethreads -[MIME `content-type`]: https://www.iana.org/assignments/media-types/media-types.xhtml -[`MinSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#minsparethreads -[`mod_alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html -[`mod_auth_cas`]: https://github.com/Jasig/mod_auth_cas -[`mod_auth_kerb`]: http://modauthkerb.sourceforge.net/configure.html -[`mod_auth_gssapi`]: https://github.com/modauthgssapi/mod_auth_gssapi -[`mod_authnz_external`]: https://github.com/phokz/mod-auth-external -[`mod_auth_dbd`]: http://httpd.apache.org/docs/current/mod/mod_authn_dbd.html -[`mod_auth_mellon`]: https://github.com/UNINETT/mod_auth_mellon -[`mod_dbd`]: http://httpd.apache.org/docs/current/mod/mod_dbd.html -[`mod_disk_cache`]: https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html -[`mod_dumpio`]: https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html -[`mod_env`]: http://httpd.apache.org/docs/current/mod/mod_env.html -[`mod_expires`]: https://httpd.apache.org/docs/current/mod/mod_expires.html -[`mod_ext_filter`]: https://httpd.apache.org/docs/current/mod/mod_ext_filter.html -[`mod_fcgid`]: https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html -[`mod_geoip`]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/ -[`mod_http2`]: https://httpd.apache.org/docs/current/mod/mod_http2.html -[`mod_info`]: https://httpd.apache.org/docs/current/mod/mod_info.html -[`mod_ldap`]: https://httpd.apache.org/docs/2.2/mod/mod_ldap.html -[`mod_mpm_event`]: https://httpd.apache.org/docs/current/mod/event.html -[`mod_negotiation`]: https://httpd.apache.org/docs/current/mod/mod_negotiation.html -[`mod_pagespeed`]: https://developers.google.com/speed/pagespeed/module/?hl=en -[`mod_passenger`]: https://www.phusionpassenger.com/library/config/apache/reference/ -[`mod_php`]: http://php.net/manual/en/book.apache.php -[`mod_proxy`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html -[`mod_proxy_balancer`]: https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html -[`mod_reqtimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html -[`mod_python`]: http://modpython.org/ -[`mod_rewrite`]: https://httpd.apache.org/docs/current/mod/mod_rewrite.html -[`mod_security`]: https://www.modsecurity.org/ -[`mod_ssl`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html -[`mod_status`]: https://httpd.apache.org/docs/current/mod/mod_status.html -[`mod_version`]: https://httpd.apache.org/docs/current/mod/mod_version.html -[`mod_wsgi`]: https://modwsgi.readthedocs.org/en/latest/ -[module contribution guide]: https://docs.puppet.com/forge/contributing.html -[`mpm_module`]: #mpm_module -[multi-processing module]: https://httpd.apache.org/docs/current/mpm.html - -[name-based virtual hosts]: https://httpd.apache.org/docs/current/vhosts/name-based.html -[`no_proxy_uris`]: #no_proxy_uris - -[open source Puppet]: https://docs.puppet.com/puppet/ -[`Options`]: https://httpd.apache.org/docs/current/mod/core.html#options - -[`path`]: #path -[`Peruser`]: https://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr -[`port`]: #port -[`priority`]: #defined-types-apachevhost -[`proxy_dest`]: #proxy_dest -[`proxy_dest_match`]: #proxy_dest_match -[`proxy_pass`]: #proxy_pass -[`ProxyPass`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass -[`ProxySet`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset -[Puppet Enterprise]: https://docs.puppet.com/pe/ -[Puppet Forge]: https://forge.puppet.com -[Puppet]: https://puppet.com -[Puppet module]: https://docs.puppet.com/puppet/latest/reference/modules_fundamentals.html -[Puppet module's code]: https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp -[`purge_configs`]: #purge_configs -[`purge_vhost_dir`]: #purge_vhost_dir -[Python]: https://www.python.org/ - -[Rack]: http://rack.github.io/ -[`rack_base_uris`]: #rack_base_uris -[RFC 2616]: https://www.ietf.org/rfc/rfc2616.txt -[`RequestReadTimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html#requestreadtimeout -[rspec-puppet]: http://rspec-puppet.com/ - -[`ScriptAlias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptalias -[`ScriptAliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptaliasmatch -[`scriptalias`]: #scriptalias -[SELinux]: http://selinuxproject.org/ -[`ServerAdmin`]: https://httpd.apache.org/docs/current/mod/core.html#serveradmin -[`serveraliases`]: #serveraliases -[`ServerLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#serverlimit -[`ServerName`]: https://httpd.apache.org/docs/current/mod/core.html#servername -[`ServerRoot`]: https://httpd.apache.org/docs/current/mod/core.html#serverroot -[`ServerTokens`]: https://httpd.apache.org/docs/current/mod/core.html#servertokens -[`ServerSignature`]: https://httpd.apache.org/docs/current/mod/core.html#serversignature -[Service attribute restart]: http://docs.puppet.com/latest/type.html#service-attribute-restart -[`source`]: #source -[`SSLCARevocationCheck`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck -[SSL certificate key file]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile -[SSL chain]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainfile -[SSL encryption]: https://httpd.apache.org/docs/current/ssl/index.html -[`ssl`]: #ssl -[`ssl_cert`]: #ssl_cert -[`ssl_compression`]: #ssl_compression -[`ssl_key`]: #ssl_key -[`StartServers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#startservers -[suPHP]: http://www.suphp.org/Home.html -[`suphp_addhandler`]: #suphp_addhandler -[`suphp_configpath`]: #suphp_configpath -[`suphp_engine`]: #suphp_engine -[supported operating system]: https://forge.puppet.com/supported#puppet-supported-modules-compatibility-matrix - -[`ThreadLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadlimit -[`ThreadsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadsperchild -[`TimeOut`]: https://httpd.apache.org/docs/current/mod/core.html#timeout -[template]: http://docs.puppet.com/puppet/latest/reference/lang_template.html -[`TraceEnable`]: https://httpd.apache.org/docs/current/mod/core.html#traceenable - -[`UseCanonicalName`]: https://httpd.apache.org/docs/current/mod/core.html#usecanonicalname - -[`verify_config`]: #verify_config -[`vhost`]: #defined-type-apachevhost -[`vhost_dir`]: #vhost_dir -[`virtual_docroot`]: #virtual_docroot - -[Web Server Gateway Interface]: https://www.python.org/dev/peps/pep-3333/#abstract -[`WSGIRestrictEmbedded`]: http://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIRestrictEmbedded.html -[`WSGIPythonPath`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonPath.html -[`WSGIPythonHome`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonHome.html -[`WSGIApplicationGroup`]: https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html -[`WSGIPythonOptimize`]: https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIPythonOptimize.html - -#### Table of Contents - -1. [Module description - What is the apache module, and what does it do?][Module description] -2. [Setup - The basics of getting started with apache][Setup] - - [What the apache module affects][apache affects] - - [Beginning with Apache - Installation][Beginning with Apache] -3. [Usage - The classes and defined types available for configuration][Usage] - - [Configuring virtual hosts - Examples to help get started][Configuring virtual hosts] - - [Configuring FastCGI servers to handle PHP files][Configuring FastCGI servers] - - [Load balancing with exported and non-exported resources][Load balancing examples] -4. [Reference - An under-the-hood peek at what the module is doing and how][Reference] - - [Public classes][] - - [Private classes][] - - [Public defined types][] - - [Private defined types][] - - [Templates][] - - [Tasks][] -5. [Limitations - OS compatibility, etc.][Limitations] -6. [Development - Guide for contributing to the module][Development] - - [Contributing to the apache module][Contributing] - - -## Module description - -[Apache HTTP Server][] (also called Apache HTTPD, or simply Apache) is a widely used web server. This [Puppet module][] simplifies the task of creating configurations to manage Apache servers in your infrastructure. It can configure and manage a range of virtual host setups and provides a streamlined way to install and configure [Apache modules][]. - - -## Setup - - -### What the apache module affects: - -- Configuration files and directories (created and written to) - - **WARNING**: Configurations *not* managed by Puppet will be purged. -- Package/service/configuration files for Apache -- Apache modules -- Virtual hosts -- Listened-to ports -- `/etc/make.conf` on FreeBSD and Gentoo - -On Gentoo, this module depends on the [`gentoo/puppet-portage`][] Puppet module. Note that while several options apply or enable certain features and settings for Gentoo, it is not a [supported operating system][] for this module. - -> **Warning**: This module modifies Apache configuration files and directories and purges any configuration not managed by Puppet. Apache configuration should be managed by Puppet, as unmanaged configuration files can cause unexpected failures. -> ->To temporarily disable full Puppet management, set the [`purge_configs`][] parameter in the [`apache`][] class declaration to false. We recommend this only as a temporary means of saving and relocating customized configurations. - - -### Beginning with Apache - -To have Puppet install Apache with the default parameters, declare the [`apache`][] class: - -``` puppet -class { 'apache': } -``` - -When you declare this class with the default options, the module: - -- Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system. -- Places the required configuration files in a directory, with the [default location](#conf_dir) Depends on operating system. -- Configures the server with a default virtual host and standard port ('80') and address ('\*') bindings. -- Creates a document root directory Depends on operating system, typically `/var/www`. -- Starts the Apache service. - -Apache defaults depend on your operating system. These defaults work in testing environments but are not suggested for production. We recommend customizing the class's parameters to suit your site. - -For instance, this declaration installs Apache without the apache module's [default virtual host configuration][Configuring virtual hosts], allowing you to customize all Apache virtual hosts: - -``` puppet -class { 'apache': - default_vhost => false, -} -``` - -> **Note**: When `default_vhost` is set to `false`, you have to add at least one `apache::vhost` resource or Apache will not start. To establish a default virtual host, either set the `default_vhost` in the `apache` class or use the [`apache::vhost`][] defined type. You can also configure additional specific virtual hosts with the [`apache::vhost`][] defined type. - - -## Usage - - -### Configuring virtual hosts - -The default [`apache`][] class sets up a virtual host on port 80, listening on all interfaces and serving the [`docroot`][] parameter's default directory of `/var/www`. - - -To configure basic [name-based virtual hosts][], specify the [`port`][] and [`docroot`][] parameters in the [`apache::vhost`][] defined type: - -``` puppet -apache::vhost { 'vhost.example.com': - port => '80', - docroot => '/var/www/vhost', -} -``` - -See the [`apache::vhost`][] defined type's reference for a list of all virtual host parameters. - -> **Note**: Apache processes virtual hosts in alphabetical order, and server administrators can prioritize Apache's virtual host processing by prefixing a virtual host's configuration file name with a number. The [`apache::vhost`][] defined type applies a default [`priority`][] of 25, which Puppet interprets by prefixing the virtual host's file name with `25-`. This means that if multiple sites have the same priority, or if you disable priority numbers by setting the `priority` parameter's value to false, Apache still processes virtual hosts in alphabetical order. - -To configure user and group ownership for `docroot`, use the [`docroot_owner`][] and [`docroot_group`][] parameters: - -``` puppet -apache::vhost { 'user.example.com': - port => '80', - docroot => '/var/www/user', - docroot_owner => 'www-data', - docroot_group => 'www-data', -} -``` - -#### Configuring virtual hosts with SSL - -To configure a virtual host to use [SSL encryption][] and default SSL certificates, set the [`ssl`][] parameter. You must also specify the [`port`][] parameter, typically with a value of '443', to accommodate HTTPS requests: - -``` puppet -apache::vhost { 'ssl.example.com': - port => '443', - docroot => '/var/www/ssl', - ssl => true, -} -``` - -To configure a virtual host to use SSL and specific SSL certificates, use the paths to the certificate and key in the [`ssl_cert`][] and [`ssl_key`][] parameters, respectively: - -``` puppet -apache::vhost { 'cert.example.com': - port => '443', - docroot => '/var/www/cert', - ssl => true, - ssl_cert => '/etc/ssl/fourth.example.com.cert', - ssl_key => '/etc/ssl/fourth.example.com.key', -} -``` - -To configure a mix of SSL and unencrypted virtual hosts at the same domain, declare them with separate [`apache::vhost`][] defined types: - -``` puppet -# The non-ssl virtual host -apache::vhost { 'mix.example.com non-ssl': - servername => 'mix.example.com', - port => '80', - docroot => '/var/www/mix', -} - -# The SSL virtual host at the same domain -apache::vhost { 'mix.example.com ssl': - servername => 'mix.example.com', - port => '443', - docroot => '/var/www/mix', - ssl => true, -} -``` - -To configure a virtual host to redirect unencrypted connections to SSL, declare them with separate [`apache::vhost`][] defined types and redirect unencrypted requests to the virtual host with SSL enabled: - -``` puppet -apache::vhost { 'redirect.example.com non-ssl': - servername => 'redirect.example.com', - port => '80', - docroot => '/var/www/redirect', - redirect_status => 'permanent', - redirect_dest => 'https://redirect.example.com/' -} - -apache::vhost { 'redirect.example.com ssl': - servername => 'redirect.example.com', - port => '443', - docroot => '/var/www/redirect', - ssl => true, -} -``` - -#### Configuring virtual host port and address bindings - -Virtual hosts listen on all IP addresses ('\*') by default. To configure the virtual host to listen on a specific IP address, use the [`ip`][] parameter: - -``` puppet -apache::vhost { 'ip.example.com': - ip => '127.0.0.1', - port => '80', - docroot => '/var/www/ip', -} -``` - -You can also configure more than one IP address per virtual host by using an array of IP addresses for the [`ip`][] parameter: - -``` puppet -apache::vhost { 'ip.example.com': - ip => ['127.0.0.1','169.254.1.1'], - port => '80', - docroot => '/var/www/ip', -} -``` - -You can configure multiple ports per virtual host by using an array of ports for the [`port`][] parameter: - -``` puppet -apache::vhost { 'ip.example.com': - ip => ['127.0.0.1'], - port => ['80','8080'] - docroot => '/var/www/ip', -} -``` - -To configure a virtual host with [aliased servers][], refer to the aliases using the [`serveraliases`][] parameter: - -``` puppet -apache::vhost { 'aliases.example.com': - serveraliases => [ - 'aliases.example.org', - 'aliases.example.net', - ], - port => '80', - docroot => '/var/www/aliases', -} -``` - -To set up a virtual host with a wildcard alias for the subdomain mapped to a directory of the same name, such as 'http://example.com.loc' mapped to `/var/www/example.com`, define the wildcard alias using the [`serveraliases`][] parameter and the document root with the [`virtual_docroot`][] parameter: - -``` puppet -apache::vhost { 'subdomain.loc': - vhost_name => '*', - port => '80', - virtual_docroot => '/var/www/%-2+', - docroot => '/var/www', - serveraliases => ['*.loc',], -} -``` - -To configure a virtual host with [filter rules][], pass the filter directives as an [array][] using the [`filters`][] parameter: - -``` puppet -apache::vhost { 'subdomain.loc': - port => '80', - filters => [ - 'FilterDeclare COMPRESS', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', - 'FilterChain COMPRESS', - 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', - ], - docroot => '/var/www/html', -} -``` - -#### Configuring virtual hosts for apps and processors - -To set up a virtual host with [suPHP][], use the following parameters: - -* [`suphp_engine`][], to enable the suPHP engine. -* [`suphp_addhandler`][], to define a MIME type. -* [`suphp_configpath`][], to set which path suPHP passes to the PHP interpreter. -* [`directory`][], to configure Directory, File, and Location directive blocks. - -For example: - -``` puppet -apache::vhost { 'suphp.example.com': - port => '80', - docroot => '/home/appuser/myphpapp', - suphp_addhandler => 'x-httpd-php', - suphp_engine => 'on', - suphp_configpath => '/etc/php5/apache2', - directories => [ - { 'path' => '/home/appuser/myphpapp', - 'suphp' => { - user => 'myappuser', - group => 'myappgroup', - }, - }, - ], -} -``` - -To configure a virtual host to use the [Web Server Gateway Interface][] (WSGI) for [Python][] applications, use the `wsgi` set of parameters: - -``` puppet -apache::vhost { 'wsgi.example.com': - port => '80', - docroot => '/var/www/pythonapp', - wsgi_application_group => '%{GLOBAL}', - wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => { - processes => '2', - threads => '15', - display-name => '%{GROUP}', - }, - wsgi_import_script => '/var/www/demo.wsgi', - wsgi_import_script_options => { - process-group => 'wsgi', - application-group => '%{GLOBAL}', - }, - wsgi_process_group => 'wsgi', - wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, -} -``` - -As of Apache 2.2.16, Apache supports [FallbackResource][], a simple replacement for common RewriteRules. You can set a FallbackResource using the [`fallbackresource`][] parameter: - -``` puppet -apache::vhost { 'wordpress.example.com': - port => '80', - docroot => '/var/www/wordpress', - fallbackresource => '/index.php', -} -``` - -> **Note**: The `fallbackresource` parameter only supports the 'disabled' value since Apache 2.2.24. - -To configure a virtual host with a designated directory for [Common Gateway Interface][] (CGI) files, use the [`scriptalias`][] parameter to define the `cgi-bin` path: - -``` puppet -apache::vhost { 'cgi.example.com': - port => '80', - docroot => '/var/www/cgi', - scriptalias => '/usr/lib/cgi-bin', -} -``` - -To configure a virtual host for [Rack][], use the [`rack_base_uris`][] parameter: - -``` puppet -apache::vhost { 'rack.example.com': - port => '80', - docroot => '/var/www/rack', - rack_base_uris => ['/rackapp1', '/rackapp2'], -} -``` - -#### Configuring IP-based virtual hosts - -You can configure [IP-based virtual hosts][] to listen on any port and have them respond to requests on specific IP addresses. In this example, the server listens on ports 80 and 81, because the example virtual hosts are _not_ declared with a [`port`][] parameter: - -``` puppet -apache::listen { '80': } - -apache::listen { '81': } -``` - -Configure the IP-based virtual hosts with the [`ip_based`][] parameter: - -``` puppet -apache::vhost { 'first.example.com': - ip => '10.0.0.10', - docroot => '/var/www/first', - ip_based => true, -} - -apache::vhost { 'second.example.com': - ip => '10.0.0.11', - docroot => '/var/www/second', - ip_based => true, -} -``` - -You can also configure a mix of IP- and [name-based virtual hosts][] in any combination of [SSL][SSL encryption] and unencrypted configurations. - -In this example, we add two IP-based virtual hosts on an IP address (in this example, 10.0.0.10). One uses SSL and the other is unencrypted: - -``` puppet -apache::vhost { 'The first IP-based virtual host, non-ssl': - servername => 'first.example.com', - ip => '10.0.0.10', - port => '80', - ip_based => true, - docroot => '/var/www/first', -} - -apache::vhost { 'The first IP-based vhost, ssl': - servername => 'first.example.com', - ip => '10.0.0.10', - port => '443', - ip_based => true, - docroot => '/var/www/first-ssl', - ssl => true, -} -``` - -Next, we add two name-based virtual hosts listening on a second IP address (10.0.0.20): - -``` puppet -apache::vhost { 'second.example.com': - ip => '10.0.0.20', - port => '80', - docroot => '/var/www/second', -} - -apache::vhost { 'third.example.com': - ip => '10.0.0.20', - port => '80', - docroot => '/var/www/third', -} -``` - -To add name-based virtual hosts that answer on either 10.0.0.10 or 10.0.0.20, you **must** disable the Apache default `Listen 80`, as it conflicts with the preceding IP-based virtual hosts. To do this, set the [`add_listen`][] parameter to `false`: - -``` puppet -apache::vhost { 'fourth.example.com': - port => '80', - docroot => '/var/www/fourth', - add_listen => false, -} - -apache::vhost { 'fifth.example.com': - port => '80', - docroot => '/var/www/fifth', - add_listen => false, -} -``` - -### Installing Apache modules - -There are two ways to install [Apache modules][] using the Puppet apache module: - -- Use the [`apache::mod::`][] classes to [install specific Apache modules with parameters][Installing specific modules]. -- Use the [`apache::mod`][] defined type to [install arbitrary Apache modules][Installing arbitrary modules]. - -#### Installing specific modules - -The Puppet apache module supports installing many common [Apache modules][], often with parameterized configuration options. For a list of supported Apache modules, see the [`apache::mod::`][] class references. - -For example, you can install the `mod_ssl` Apache module with default settings by declaring the [`apache::mod::ssl`][] class: - -``` puppet -class { 'apache::mod::ssl': } -``` - -[`apache::mod::ssl`][] has several parameterized options that you can set when declaring it. For instance, to enable `mod_ssl` with compression enabled, set the [`ssl_compression`][] parameter to true: - -``` puppet -class { 'apache::mod::ssl': - ssl_compression => true, -} -``` - -Note that some modules have prerequisites, which are documented in their references under [`apache::mod::`][]. - -#### Installing arbitrary modules - -You can pass the name of any module that your operating system's package manager can install to the [`apache::mod`][] defined type to install it. Unlike the specific-module classes, the [`apache::mod`][] defined type doesn't tailor the installation based on other installed modules or with specific parameters---Puppet only grabs and installs the module's package, leaving detailed configuration up to you. - -For example, to install the [`mod_authnz_external`][] Apache module, declare the defined type with the 'mod_authnz_external' name: - -``` puppet -apache::mod { 'mod_authnz_external': } -``` - -There are several optional parameters you can specify when defining Apache modules this way. See the [defined type's reference][`apache::mod`] for details. - - -### Configuring FastCGI servers to handle PHP files - -Add the [`apache::fastcgi::server`][] defined type to allow [FastCGI][] servers to handle requests for specific files. For example, the following defines a FastCGI server at 127.0.0.1 (localhost) on port 9000 to handle PHP requests: - -``` puppet -apache::fastcgi::server { 'php': - host => '127.0.0.1:9000', - timeout => 15, - flush => false, - faux_path => '/var/www/php.fcgi', - fcgi_alias => '/php.fcgi', - file_type => 'application/x-httpd-php' -} -``` - -You can then use the [`custom_fragment`][] parameter to configure the virtual host to have the FastCGI server handle the specified file type: - -``` puppet -apache::vhost { 'www': - ... - custom_fragment => 'AddType application/x-httpd-php .php' - ... -} -``` - - -### Load balancing examples - -Apache supports load balancing across groups of servers through the [`mod_proxy`][] Apache module. Puppet supports configuring Apache load balancing groups (also known as balancer clusters) through the [`apache::balancer`][] and [`apache::balancermember`][] defined types. - -To enable load balancing with [exported resources][], export the [`apache::balancermember`][] defined type from the load balancer member server: - -``` puppet -@@apache::balancermember { "${::fqdn}-puppet00": - balancer_cluster => 'puppet00', - url => "ajp://${::fqdn}:8009", - options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], -} -``` - -Then, on the proxy server, create the load balancing group: - -``` puppet -apache::balancer { 'puppet00': } -``` - -To enable load balancing without exporting resources, declare the following on the proxy server: - -``` puppet -apache::balancer { 'puppet00': } - -apache::balancermember { "${::fqdn}-puppet00": - balancer_cluster => 'puppet00', - url => "ajp://${::fqdn}:8009", - options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], -} -``` - -Then declare the `apache::balancer` and `apache::balancermember` defined types on the proxy server. - -To use the [ProxySet](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset) directive on the balancer, use the [`proxy_set`](#proxy_set) parameter of `apache::balancer`: - -``` puppet -apache::balancer { 'puppet01': - proxy_set => { - 'stickysession' => 'JSESSIONID', - 'lbmethod' => 'bytraffic', - }, -} -``` - -Load balancing scheduler algorithms (`lbmethod`) are listed [in mod_proxy_balancer documentation](https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html). - - -## Reference - -- [**Public classes**](#public-classes) - - [Class: apache](#class-apache) - - [Class: apache::dev](#class-apachedev) - - [Class: apache::vhosts](#class-apachevhosts) - - [Classes: apache::mod::\*](#classes-apachemodname) -- [**Private classes**](#private-classes) - - [Class: apache::confd::no_accf](#class-apacheconfdno_accf) - - [Class: apache::default_confd_files](#class-apachedefault_confd_files) - - [Class: apache::default_mods](#class-apachedefault_mods) - - [Class: apache::package](#class-apachepackage) - - [Class: apache::params](#class-apacheparams) - - [Class: apache::service](#class-apacheservice) - - [Class: apache::version](#class-apacheversion) -- [**Public defined types**](#public-defined-types) - - [Defined type: apache::balancer](#defined-type-apachebalancer) - - [Defined type: apache::balancermember](#defined-type-apachebalancermember) - - [Defined type: apache::custom_config](#defined-type-apachecustom_config) - - [Defined type: apache::fastcgi::server](#defined-type-fastcgi-server) - - [Defined type: apache::listen](#defined-type-apachelisten) - - [Defined type: apache::mod](#defined-type-apachemod) - - [Defined type: apache::namevirtualhost](#defined-type-apachenamevirtualhost) - - [Defined type: apache::vhost](#defined-type-apachevhost) - - [Defined type: apache::vhost::custom](#defined-type-apachevhostcustom) -- [**Private defined types**](#private-defined-types) - - [Defined type: apache::default_mods::load](#defined-type-default_mods-load) - - [Defined type: apache::peruser::multiplexer](#defined-type-apacheperusermultiplexer) - - [Defined type: apache::peruser::processor](#defined-type-apacheperuserprocessor) - - [Defined type: apache::security::file_link](#defined-type-apachesecurityfile_link) -- [**Templates**](#templates) -- [**Tasks**](#tasks) - -### Public Classes - -#### Class: `apache` - -Guides the basic setup and installation of Apache on your system. - -When this class is declared with the default options, Puppet: - -- Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system. -- Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system. -- Configures the server with a default virtual host and standard port ('80') and address ('\*') bindings. -- Creates a document root directory determined by your operating system, typically `/var/www`. -- Starts the Apache service. - -You can simply declare the default `apache` class: - -``` puppet -class { 'apache': } -``` - -##### `allow_encoded_slashes` - -Sets the server default for the [`AllowEncodedSlashes`][] declaration, which modifies the responses to URLs containing '\' and '/' characters. If not specified, this parameter omits the declaration from the server's configuration and uses Apache's default setting of 'off'. - -Values: 'on', 'off', 'nodecode'. - -Default: `undef`. - -##### `apache_version` - -Configures module template behavior, package names, and default Apache modules by defining the version of Apache to use. We do not recommend manually configuring this parameter without reason. - -Default: Depends on operating system and release version detected by the [`apache::version`][] class. - -##### `conf_dir` - -Sets the directory where the Apache server's main configuration file is located. - -Default: Depends on operating system. - -- **Debian**: `/etc/apache2` -- **FreeBSD**: `/usr/local/etc/apache22` -- **Gentoo**: `/etc/apache2` -- **Red Hat**: `/etc/httpd/conf` - -##### `conf_template` - -Defines the [template][] used for the main Apache configuration file. Modifying this parameter is potentially risky, as the apache module is designed to use a minimal configuration file customized by `conf.d` entries. - -Default: `apache/httpd.conf.erb`. - -##### `confd_dir` - -Sets the location of the Apache server's custom configuration directory. - -Default: Depends on operating system. - -- **Debian**: `/etc/apache2/conf.d` -- **FreeBSD**: `/usr/local/etc/apache22` -- **Gentoo**: `/etc/apache2/conf.d` -- **Red Hat**: `/etc/httpd/conf.d` - -##### `default_charset` - -Used as the [`AddDefaultCharset`][] directive in the main configuration file. - -Default: `undef`. - -##### `default_confd_files` - -Determines whether Puppet generates a default set of includable Apache configuration files in the directory defined by the [`confd_dir`][] parameter. These configuration files correspond to what is typically installed with the Apache package on the server's operating system. - -Boolean. - -Default: `true`. - -##### `default_mods` - -Determines whether to configure and enable a set of default [Apache modules][] depending on your operating system. - -If `false`, Puppet includes only the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the [`apache::mod::`][] class or [`apache::mod`][] defined type. - -If `true`, Puppet installs additional modules, depending on the operating system and the values of [`apache_version`][] and [`mpm_module`][] parameters. Because these lists of modules can change frequently, consult the [Puppet module's code][] for up-to-date lists. - -If this parameter contains an array, Puppet instead enables all passed Apache modules. - -Values: Boolean or an array of Apache module names. - -Default: `true`. - -##### `default_ssl_ca` - -Sets the default certificate authority for the Apache server. - -Although the default value results in a functioning Apache server, you **must** update this parameter with your certificate authority information before deploying this server in a production environment. - -Boolean. - -Default: `undef`. - -##### `default_ssl_cert` - -Sets the [SSL encryption][] certificate location. - -Although the default value results in a functioning Apache server, you **must** update this parameter with your certificate location before deploying this server in a production environment. - -Default: Depends on operating system. - -- **Debian**: `/etc/ssl/certs/ssl-cert-snakeoil.pem` -- **FreeBSD**: `/usr/local/etc/apache22/server.crt` -- **Gentoo**: `/etc/ssl/apache2/server.crt` -- **Red Hat**: `/etc/pki/tls/certs/localhost.crt` - -##### `default_ssl_chain` - -Sets the default [SSL chain][] location. - -Although this default value results in a functioning Apache server, you **must** update this parameter with your SSL chain before deploying this server in a production environment. - -Default: `undef`. - -##### `default_ssl_crl` - -Sets the path of the default [certificate revocation list][] (CRL) file to use. - -Although this default value results in a functioning Apache server, you **must** update this parameter with the CRL file path before deploying this server in a production environment. You can use this parameter with or in place of the [`default_ssl_crl_path`][]. - -Default: `undef`. - -##### `default_ssl_crl_path` - -Sets the server's [certificate revocation list path][], which contains your CRLs. - -Although this default value results in a functioning Apache server, you **must** update this parameter with the CRL file path before deploying this server in a production environment. - -Default: `undef`. - -##### `default_ssl_crl_check` - -Sets the default certificate revocation check level via the [`SSLCARevocationCheck`][] directive. This parameter applies only to Apache 2.4 or higher and is ignored on older versions. - -Although this default value results in a functioning Apache server, you **must** specify this parameter when using certificate revocation lists in a production environment. - -Default: `undef`. - -##### `default_ssl_key` - -Sets the [SSL certificate key file][] location. - -Although the default values result in a functioning Apache server, you **must** update this parameter with your SSL key's location before deploying this server in a production environment. - -Default: Depends on operating system. - -- **Debian**: `/etc/ssl/private/ssl-cert-snakeoil.key` -- **FreeBSD**: `/usr/local/etc/apache22/server.key` -- **Gentoo**: `/etc/ssl/apache2/server.key` -- **Red Hat**: `/etc/pki/tls/private/localhost.key` - - -##### `default_ssl_vhost` - -Configures a default [SSL][SSL encryption] virtual host. - -If `true`, Puppet automatically configures the following virtual host using the [`apache::vhost`][] defined type: - -```puppet -apache::vhost { 'default-ssl': - port => 443, - ssl => true, - docroot => $docroot, - scriptalias => $scriptalias, - serveradmin => $serveradmin, - access_log_file => "ssl_${access_log_file}", - } -``` - -> **Note**: SSL virtual hosts only respond to HTTPS queries. - - -Boolean. - -Default: `false`. - -##### `default_type` - -_Apache 2.2 only_. Sets the [MIME `content-type`][] sent if the server cannot otherwise determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and newer, and is only for backwards compatibility in configuration files. - -Default: `undef`. - -##### `default_vhost` - -Configures a default virtual host when the class is declared. - -To configure [customized virtual hosts][Configuring virtual hosts], set this parameter's value to `false`. - -> **Note**: Apache will not start without at least one virtual host. If you set this to `false` you must configure a virtual host elsewhere. - -Boolean. - -Default: `true`. - -##### `dev_packages` - -Configures a specific dev package to use. - -Values: A string or array of strings. - -Example for using httpd 2.4 from the IUS yum repo: - -``` puppet -include ::apache::dev -class { 'apache': - apache_name => 'httpd24u', - dev_packages => 'httpd24u-devel', -} -``` - -Default: Depends on operating system. - -- **Red Hat:** 'httpd-devel' -- **Debian 8/Ubuntu 13.10 or newer:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev'] -- **Older Debian/Ubuntu versions:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] -- **FreeBSD, Gentoo:** `undef` -- **Suse:** ['libapr-util1-devel', 'libapr1-devel'] - -##### `docroot` - -Sets the default [`DocumentRoot`][] location. - -Default: Depends on operating system. - -- **Debian**: `/var/www/html` -- **FreeBSD**: `/usr/local/www/apache22/data` -- **Gentoo**: `/var/www/localhost/htdocs` -- **Red Hat**: `/var/www/html` - -##### `error_documents` - -Determines whether to enable [custom error documents][] on the Apache server. - -Boolean. - -Default: `false`. - -##### `group` - -Sets the group ID that owns any Apache processes spawned to answer requests. - -By default, Puppet attempts to manage this group as a resource under the `apache` class, determining the group based on the operating system as detected by the [`apache::params`][] class. To prevent the group resource from being created and use a group created by another Puppet module, set the [`manage_group`][] parameter's value to `false`. - -> **Note**: Modifying this parameter only changes the group ID that Apache uses to spawn child processes to access resources. It does not change the user that owns the parent server process. - -##### `httpd_dir` - -Sets the Apache server's base configuration directory. This is useful for specially repackaged Apache server builds but might have unintended consequences when combined with the default distribution packages. - -Default: Depends on operating system. - -- **Debian**: `/etc/apache2` -- **FreeBSD**: `/usr/local/etc/apache22` -- **Gentoo**: `/etc/apache2` -- **Red Hat**: `/etc/httpd` - -##### `http_protocol_options` - -Specifies the strictness of HTTP protocol checks. - -Valid options: any sequence of the following alternative values: `Strict` or `Unsafe`, `RegisteredMethods` or `LenientMethods`, and `Allow0.9` or `Require1.0`. - -Default '`Strict LenientMethods Allow0.9`'. - -##### `keepalive` - -Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive. If you set this to 'On', use the [`keepalive_timeout`][] and [`max_keepalive_requests`][] parameters to set relevant options. - -Values: 'Off', 'On'. - -Default: 'On'. - -##### `keepalive_timeout` - -Sets the [`KeepAliveTimeout`] directive, which determines the amount of time the Apache server waits for subsequent requests on a persistent HTTP connection. This parameter is only relevant if the [`keepalive` parameter][] is enabled. - -Default: '15'. - -##### `max_keepalive_requests` - -Limits the number of requests allowed per connection when the [`keepalive` parameter][] is enabled. - -Default: '100'. - -##### `hostname_lookups` - -This directive enables DNS lookups so that host names can be logged and passed to CGIs/SSIs in REMOTE_HOST. Values:'On','Off','Double'. - -Default: 'Off'. -> **Note**: If enabled, it impacts performance significantly. - -##### `lib_path` - -Specifies the location where [Apache module][Apache modules] files are stored. - -Default: Depends on operating system. - -- **Debian** and **Gentoo**: `/usr/lib/apache2/modules` -- **FreeBSD**: `/usr/local/libexec/apache24` -- **Red Hat**: `modules` - -> **Note**: Do not configure this parameter manually without special reason. - -##### `log_level` - -Changes the error log's verbosity. Values: 'alert', 'crit', 'debug', 'emerg', 'error', 'info', 'notice', 'warn'. - -Default: 'warn'. - -##### `log_formats` - -Define additional [`LogFormat`][] directives. Values: A [hash][], such as: - -``` puppet -$log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' } -``` - -There are a number of predefined `LogFormats` in the `httpd.conf` that Puppet creates: - -``` httpd -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%h %l %u %t \"%r\" %>s %b" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent -LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded -``` - -If your `log_formats` parameter contains one of those, it will be overwritten with **your** definition. - -##### `logroot` - -Changes the directory of Apache log files for the virtual host. - -Default: Depends on operating system. - -- **Debian**: `/var/log/apache2` -- **FreeBSD**: `/var/log/apache22` -- **Gentoo**: `/var/log/apache2` -- **Red Hat**: `/var/log/httpd` - -##### `logroot_mode` - -Overrides the default [`logroot`][] directory's mode. - -> **Note**: Do _not_ grant write access to the directory where the logs are stored without being aware of the consequences. See the [Apache documentation][Log security] for details. - -Default: `undef`. - -##### `manage_group` - -When `false`, stops Puppet from creating the group resource. - -If you have a group created from another Puppet module that you want to use to run Apache, set this to `false`. Without this parameter, attempting to use a previously established group results in a duplicate resource error. - -Boolean. - -Default: `true`. - -##### `supplementary_groups` - -A list of groups to which the user belongs. These groups are in addition to the primary group. - -Default: No additional groups. - -Notice: This option only has an effect when `manage_user` is set to true. - -##### `manage_user` - -When `false`, stops Puppet from creating the user resource. - -This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error. - -Boolean. - -Default: `true`. - -##### `mod_dir` - -Sets where Puppet places configuration files for your [Apache modules][]. - -Default: Depends on operating system. - -- **Debian**: `/etc/apache2/mods-available` -- **FreeBSD**: `/usr/local/etc/apache22/Modules` -- **Gentoo**: `/etc/apache2/modules.d` -- **Red Hat**: `/etc/httpd/conf.d` - -##### `mod_libs` - -Allows the user to override default module library names. - -```puppet -include apache::params -class { 'apache': - mod_libs => merge($::apache::params::mod_libs, { - 'wsgi' => 'mod_wsgi_python3.so', - }) -} -``` - -Hash. Default: `$apache::params::mod_libs` - -##### `mod_packages` - -Allows the user to override default module package names. - -```puppet -include apache::params -class { 'apache': - mod_packages => merge($::apache::params::mod_packages, { - 'auth_kerb' => 'httpd24-mod_auth_kerb', - }) -} -``` - -Hash. Default: `$apache::params::mod_packages` - -##### `mpm_module` - -Determines which [multi-processing module][] (MPM) is loaded and configured for the HTTPD process. Values: 'event', 'itk', 'peruser', 'prefork', 'worker', or `false`. - -You must set this to `false` to explicitly declare the following classes with custom parameters: - -- [`apache::mod::event`][] -- [`apache::mod::itk`][] -- [`apache::mod::peruser`][] -- [`apache::mod::prefork`][] -- [`apache::mod::worker`][] - -Default: Depends on operating system. - -- **Debian**: 'worker' -- **FreeBSD, Gentoo, and Red Hat**: 'prefork' - -##### `package_ensure` - -Controls the `package` resource's [`ensure`][] attribute. Values: 'absent', 'installed' (or equivalent 'present'), or a version string. - -Default: 'installed'. - -##### `pidfile` - -Allows settting a custom location for the pid file. Useful if using a custom-built Apache rpm. - -Default: Depends on operating system. - -- **Debian:** '\${APACHE_PID_FILE}' -- **FreeBSD:** '/var/run/httpd.pid' -- **Red Hat:** 'run/httpd.pid' - -##### `ports_file` - -Sets the path to the file containing Apache ports configuration. - -Default: '{$conf_dir}/ports.conf'. - -##### `protocols` - -Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols) directive, which lists available protocols for the server. - -Default: `undef` - -##### `protocols_honor_order` - -Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder) directive which determines whether the order of Protocols sets precedence during negotiation. - -Default: `undef` - -##### `purge_configs` - -Removes all other Apache configs and virtual hosts. - -Setting this to `false` is a stopgap measure to allow the apache module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see [`purge_vhost_dir`][]. - -Boolean. - -Default: `true`. - -##### `purge_vhost_dir` - -If the [`vhost_dir`][] parameter's value differs from the [`confd_dir`][] parameter's, this parameter determines whether Puppet removes any configurations inside `vhost_dir` that are _not_ managed by Puppet. - -Setting `purge_vhost_dir` to `false` is a stopgap measure to allow the apache module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`. - -Boolean. - -Default: same as [`purge_configs`][]. - -##### `rewrite_lock` - -Allows setting a custom location for a rewrite lock - considered best practice if using a RewriteMap of type prg in the [`rewrites`][] parameter of your virtual host. This parameter only applies to Apache version 2.2 or lower and is ignored on newer versions. - -Default: `undef`. - -##### `sendfile` - -Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the [`EnableSendfile`][] directive. Values: 'On', 'Off'. - -Default: 'On'. - -##### `serveradmin` - -Sets the Apache server administrator's contact information via Apache's [`ServerAdmin`][] directive. - -Default: 'root@localhost'. - -##### `servername` - -Sets the Apache server name via Apache's [`ServerName`][] directive. - -Setting to `false` will not set ServerName at all. - -Default: the 'fqdn' fact reported by [Facter][]. - -##### `server_root` - -Sets the Apache server's root directory via Apache's [`ServerRoot`][] directive. - -Default: Depends on operating system. - -- **Debian**: `/etc/apache2` -- **FreeBSD**: `/usr/local` -- **Gentoo**: `/var/www` -- **Red Hat**: `/etc/httpd` - -##### `server_signature` - -Configures a trailing footer line to display at the bottom of server-generated documents, such as error documents and output of certain [Apache modules][], via Apache's [`ServerSignature`][] directive. Values: 'Off', 'On'. - -Default: 'On'. - -##### `server_tokens` - -Controls how much information Apache sends to the browser about itself and the operating system, via Apache's [`ServerTokens`][] directive. - -Default: 'Prod'. - -##### `service_enable` - -Determines whether Puppet enables the Apache HTTPD service when the system is booted. - -Boolean. - -Default: `true`. - -##### `service_ensure` - -Determines whether Puppet should make sure the service is running. Values: `true` (or 'running'), `false` (or 'stopped'). - -The `false` or 'stopped' values set the 'httpd' service resource's `ensure` parameter to `false`, which is useful when you want to let the service be managed by another application, such as Pacemaker. - -Default: 'running'. - -##### `service_name` - -Sets the name of the Apache service. - -Default: Depends on operating system. - -- **Debian and Gentoo**: 'apache2' -- **FreeBSD**: 'apache22' -- **Red Hat**: 'httpd' - -##### `service_manage` - -Determines whether Puppet manages the HTTPD service's state. - -Boolean. - -Default: `true`. - -##### `service_restart` - -Determines whether Puppet should use a specific command to restart the HTTPD service. - -Values: a command to restart the Apache service. The default setting uses the [default Puppet behavior][Service attribute restart]. - -Default: `undef`. - -##### `ssl_cert` - -This enables the user to specify a specific SSLCertificateFile. - -For more information see: [SSLCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#SSLCertificateFile) - -Default: `undef.` - -##### `ssl_key` -This enables the user to specify a specific SSLCertificateKey. - -For more information see: [SSLCertificateKey](https://httpd.apache.org/docs/current/mod/mod_ssl.html#SSLCertificateKeyFile) - -Default: `undef`. - - -##### `ssl_ca` - -Specifies the SSL certificate authority. [SSLCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcacertificatefile) to use to verify certificate used in ssl client authentication. - -It is possible to override this on a vhost level. - -Default: `undef`. - - -##### `timeout` - -Sets Apache's [`TimeOut`][] directive, which defines the number of seconds Apache waits for certain events before failing a request. - -Default: 120. - -##### `trace_enable` - -Controls how Apache handles `TRACE` requests (per [RFC 2616][]) via the [`TraceEnable`][] directive. - -Values: 'Off', 'On'. - -Default: 'On'. - -##### `use_canonical_name` - -Controls Apache's [`UseCanonicalName`][] directive which controls how Apache handles self-referential URLs. If not specified, this parameter omits the declaration from the server's configuration and uses Apache's default setting of 'off'. - -Values: 'On', 'on', 'Off', 'off', 'DNS', 'dns'. - -Default: `undef`. - -##### `use_systemd` - -Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom-built RPMs. - -Boolean. - -Default: `true`. - -##### `file_mode` - -Sets the desired permissions mode for config files. - -Values: A string, with permissions mode in symbolic or numeric notation. - -Default: '0644'. - -##### `root_directory_options` - -Array of the desired options for the / directory in httpd.conf. - -Defaults: 'FollowSymLinks'. - -##### `root_directory_secured` - -Sets the default access policy for the / directory in httpd.conf. A value of `false` allows access to all resources that are missing a more specific access policy. A value of `true` denies access to all resources by default. If `true`, more specific rules must be used to allow access to these resources (for example, in a directory block using the [`directories`](#parameter-directories-for-apachevhost) parameter). - -Boolean. - -Default: `false`. - -##### `vhost_dir` - -Changes your virtual host configuration files' location. - -Default: Depends on operating system: - -- **Debian**: `/etc/apache2/sites-available` -- **FreeBSD**: `/usr/local/etc/apache22/Vhosts` -- **Gentoo**: `/etc/apache2/vhosts.d` -- **Red Hat**: `/etc/httpd/conf.d` - -##### `vhost_include_pattern` - -Defines the pattern for files included from the `vhost_dir`. - -If set to a value like `[^.#]\*.conf[^~]` to make sure that files accidentally created in this directory (such as files created by version control systems or editor backups) are *not* included in your server configuration. - -Default: '*'. - -Some operating systems use a value of `*.conf`. By default, this module creates configuration files ending in `.conf`. - -##### `user` - -Changes the user that Apache uses to answer requests. Apache's parent process continues to run as root, but child processes access resources as the user defined by this parameter. To prevent Puppet from managing the user, set the [`manage_user`][] parameter to `false`. - -Default: Depends on the user set by [`apache::params`][] class, based on your operating system: - -- **Debian**: 'www-data' -- **FreeBSD**: 'www' -- **Gentoo** and **Red Hat**: 'apache' - -To prevent Puppet from managing the user, set the [`manage_user`][] parameter to false. - -##### `apache_name` - -The name of the Apache package to install. If you are using a non-standard Apache package you might need to override the default setting. - -For CentOS/RHEL Software Collections (SCL), you can also use `apache::version::scl_httpd_version`. - -Default: Depends on the user set by [`apache::params`][] class, based on your operating system: - -- **Debian**: 'apache2' -- **FreeBSD**: 'apache24' -- **Gentoo**: 'www-servers/apache' -- **Red Hat**: 'httpd' - -##### `error_log` - -The name of the error log file for the main server instance. If the string starts with `/`, `|`, or `syslog`: the full path is set. Otherwise, the filename is prefixed with `$logroot`. - -Default: Depends on operating system: - -- **Debian**: 'error.log' -- **FreeBSD**: 'httpd-error.log' -- **Gentoo**: 'error.log' -- **Red Hat**: 'error_log' -- **Suse**: 'error.log' - -##### `scriptalias` - -Directory to use for global script alias - -Default: Depends on operating system: - -- **Debian**: '/usr/lib/cgi-bin' -- **FreeBSD**: '/usr/local/www/apache24/cgi-bin' -- **Gentoo**: 'var/www/localhost/cgi-bin' -- **Red Hat**: '/var/www/cgi-bin' -- **Suse**: '/usr/lib/cgi-bin' - -##### `access_log_file` - -The name of the access log file for the main server instance. - -Default: Depends on operating system: - -- **Debian**: 'error.log' -- **FreeBSD**: 'httpd-access.log' -- **Gentoo**: 'access.log' -- **Red Hat**: 'access_log' -- **Suse**: 'access.log' - -##### `limitreqfields` - -The [`limitreqfields`][] parameter sets the maximum number of request header fields in an HTTP request. This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. The value should be increased if normal clients see an error response from the server that indicates too many fields were sent in the request. - -Default: '100' - -#### Class: `apache::dev` - -Installs Apache development libraries. - -Default: Depends on the operating system:[`dev_packages`][] parameter of the [`apache::params`][] class, based on your operating system: - -- **Debian** : 'libaprutil1-dev', 'libapr1-dev'; 'apache2-dev' on Ubuntu 13.10 and Debian 8; 'apache2-prefork-dev' on other versions. -- **FreeBSD**: `undef`; on FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`. -- **Gentoo**: `undef`. -- **Red Hat**: 'httpd-devel'. - -#### Class: `apache::vhosts` - -Creates [`apache::vhost`][] defined types. - -**Parameters**: - -* `vhosts`: Specifies the [`apache::vhost`][] defined type's parameters. - - Values: A [hash][], where the key represents the name and the value represents a [hash][] of [`apache::vhost`][] defined type's parameters. - - Default: '{}' - - > **Note**: See the [`apache::vhost`][] defined type's reference for a list of all virtual host parameters or [Configuring virtual hosts]. - - For example, to create a [name-based virtual host][name-based virtual hosts] 'custom_vhost_1, declare this class with the `vhosts` parameter set to '{ "custom_vhost_1" => { "docroot" => "/var/www/custom_vhost_1", "port" => "81" }': - -``` puppet -class { 'apache::vhosts': - vhosts => { - 'custom_vhost_1' => { - 'docroot' => '/var/www/custom_vhost_1', - 'port' => '81', - }, - }, -} -``` - -#### Classes: `apache::mod::` - -Enables specific [Apache modules][]. Enable and configure an Apache module by declaring its class. - -For example, to install and enable [`mod_alias`][] with no icons, declare the [`apache::mod::alias`][] class with the `icons_options` parameter set to 'None': - -``` puppet -class { 'apache::mod::alias': - icons_options => 'None', -} -``` - -The following Apache modules have supported classes, many of which allow for parameterized configuration. You can install other Apache modules with the [`apache::mod`][] defined type. - -* `actions` -* `alias` (see [`apache::mod::alias`][]) -* `auth_basic` -* `auth_cas`\* (see [`apache::mod::auth_cas`][]) -* `auth_mellon`\* (see [`apache::mod::auth_mellon`][]) -* `auth_kerb` -* `auth_gssapi` -* `authn_core` -* `authn_dbd`\* (see [`apache::mod::authn_dbd`][]) -* `authn_file` -* `authnz_ldap`\* (see [`apache::mod::authnz_ldap`][]) -* `authnz_pam` -* `authz_default` -* `authz_user` -* `autoindex` -* `cache` -* `cgi` -* `cgid` -* `cluster` (see [`apache::mod::cluster`][]) -* `data` -* `dav` -* `dav_fs` -* `dav_svn`\* -* `dbd` -* `deflate\` -* `dev` -* `dir`\* -* `disk_cache` (see [`apache::mod::disk_cache`][]) -* `dumpio` (see [`apache::mod::dumpio`][]) -* `env` -* `event` (see [`apache::mod::event`][]) -* `expires` -* `ext_filter` (see [`apache::mod::ext_filter`][]) -* `fastcgi` -* `fcgid` -* `filter` -* `geoip` (see [`apache::mod::geoip`][]) -* `headers` -* `http2` (see [`apache::mod::http2`][]) -* `include` -* `info`\* -* `intercept_form_submit` -* `itk` -* `jk` (see [`apache::mod::jk`]) -* `ldap` (see [`apache::mod::ldap`][]) -* `lookup_identity` -* `macro` (see [`apache:mod:macro`][]) -* `mime` -* `mime_magic`\* -* `negotiation` -* `nss`\* (see [`apache::mod::nss`][]) -* `pagespeed` (see [`apache::mod::pagespeed`][]) -* `passenger`\* (see [`apache::mod::passenger`][]) -* `perl` -* `peruser` -* `php` (requires [`mpm_module`][] set to `prefork`) -* `prefork`\* -* `proxy`\* (see [`apache::mod::proxy`][]) -* `proxy_ajp` -* `proxy_balancer`\* (see [`apache::mod::proxy_balancer`][]) -* `proxy_balancer` -* `proxy_html` (see [`apache::mod::proxy_html`][]) -* `proxy_http` -* `python` (see [`apache::mod::python`][]) -* `reqtimeout` -* `remoteip`\* -* `rewrite` -* `rpaf`\* -* `setenvif` -* `security` -* `shib`\* (see [`apache::mod::shib`]) -* `speling` -* `ssl`\* (see [`apache::mod::ssl`][]) -* `status`\* (see [`apache::mod::status`][]) -* `suphp` -* `userdir`\* (see [`apache::mod::userdir`][]) -* `version` -* `vhost_alias` -* `worker`\* -* `wsgi` (see [`apache::mod::wsgi`][]) -* `xsendfile` - -Modules noted with a * indicate that the module has settings and a template that includes parameters to configure the module. Most Apache module class parameters have default values and don't require configuration. For modules with templates, Puppet installs template files with the module; these template files are required for the module to work. - -##### Class: `apache::mod::alias` - -Installs and manages [`mod_alias`][]. - -**Parameters**: - -* `icons_options`: Disables directory listings for the icons directory, via Apache [`Options`] directive. - - Default: 'Indexes MultiViews'. - -* `icons_path`: Sets the local path for an `/icons/` Alias. - - Default: Depends on operating system. - - * **Debian**: `/usr/share/apache2/icons` - * **FreeBSD**: `/usr/local/www/apache24/icons` - * **Gentoo**: `/var/www/icons` - * **Red Hat**: `/var/www/icons`, except on Apache 2.4, where it's `/usr/share/httpd/icons` - -#### Class: `apache::mod::disk_cache` - -Installs and configures [`mod_disk_cache`][] on Apache 2.2, or [`mod_cache_disk`][] on Apache 2.4. - -Default: Depends on the Apache version and operating system: - -- **Debian**: `/var/cache/apache2/mod_cache_disk` -- **FreeBSD**: `/var/cache/mod_cache_disk` -- **Red Hat, Apache 2.4**: `/var/cache/httpd/proxy` -- **Red Hat, Apache 2.2**: `/var/cache/mod_proxy` - -To specify the cache root, pass a path as a string to the `cache_root` parameter. - -``` puppet -class {'::apache::mod::disk_cache': - cache_root => '/path/to/cache', -} -``` - -To specify cache ignore headers, pass a string to the `cache_ignore_headers` parameter. - -``` puppet -class {'::apache::mod::disk_cache': - cache_ignore_headers => "Set-Cookie", -} -``` - -##### Class: `apache::mod::dumpio` - -Installs and configures [`mod_dumpio`][]. - -```puppet -class{'apache': - default_mods => false, - log_level => 'dumpio:trace7', -} -class{'apache::mod::dumpio': - dump_io_input => 'On', - dump_io_output => 'Off', -} -``` - -**Parameters**: - -* `dump_io_input`: Dump all input data to the error log. - - Values: 'On', 'Off'. - - Default: 'Off'. - -* `dump_io_output`: Dump all output data to the error log. - - Values: 'On', 'Off'. - - Defaults to 'Off'. - -##### Class: `apache::mod::event` - -Installs and manages [`mod_mpm_event`][]. You cannot include `apache::mod::event` with [`apache::mod::itk`][], [`apache::mod::peruser`][], [`apache::mod::prefork`][], or [`apache::mod::worker`][] on the same server. - -**Parameters**: - -* `listenbacklog`: Sets the maximum length of the pending connections queue via the module's [`ListenBackLog`][] directive. Setting this to `false` removes the parameter. - - Default: '511'. - -* `maxrequestworkers` (_Apache 2.3.12 or older_: `maxclients`): Sets the maximum number of connections Apache can simultaneously process, via the module's [`MaxRequestWorkers`][] directive. Setting these to `false` removes the parameters. - - Default: '150'. - -* `maxconnectionsperchild` (_Apache 2.3.8 or older_: `maxrequestsperchild`): Limits the number of connections a child server handles during its life, via the module's [`MaxConnectionsPerChild`][] directive. Setting these to `false` removes the parameters. - - Default: '0'. - -* `maxsparethreads` and `minsparethreads`: Sets the maximum and minimum number of idle threads, via the [`MaxSpareThreads`][] and [`MinSpareThreads`][] directives. Setting these to `false` removes the parameters. - - Default: '75' and '25', respectively. - -* `serverlimit`: Limits the configurable number of processes via the [`ServerLimit`][] directive. Setting this to `false` removes the parameter. - - Default: '25'. - -* `startservers`: Sets the number of child server processes created at startup, via the module's [`StartServers`][] directive. Setting this to `false` removes the parameter. - - Default: '2'. - -* `threadlimit`: Limits the number of event threads via the module's [`ThreadLimit`][] directive. Setting this to `false` removes the parameter. - - Default: '64'. - -* `threadsperchild`: Sets the number of threads created by each child process, via the [`ThreadsPerChild`][] directive. - - Default: '25'. Setting this to `false` removes the parameter. - -##### Class: `apache::mod::auth_cas` - -Installs and manages [`mod_auth_cas`][]. Parameters share names with the Apache module's directives. - -The `cas_login_url` and `cas_validate_url` parameters are required; several other parameters have `undef` default values. - -> **Note**: The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL. See [https://github.com/Jasig/mod_auth_cas]() - -**Parameters**: - -- `cas_attribute_prefix`: Adds a header with the value of this header being the attribute values when SAML validation is enabled. - - Default: CAS_. - -- `cas_attribute_delimiter`: The delimiter between attribute values in the header created by `cas_attribute_prefix`. - - Default: , - -- `cas_authoritative`: Determines whether an optional authorization directive is authoritative and binding. - - Default: `undef`. - -- `cas_certificate_path`: Sets the path to the X509 certificate of the Certificate Authority for the server in `cas_login_url` and `cas_validate_url`. - - Default: `undef`. - -- `cas_cache_clean_interval`: Sets the minimum number of seconds that must pass between cache cleanings. - - Default: `undef`. - -- `cas_cookie_domain`: Sets the value of the `Domain=` parameter in the `Set-Cookie` HTTP header. - - Default: `undef`. - -- `cas_cookie_entropy`: Sets the number of bytes to use when creating session identifiers. - - Default: `undef`. - -- `cas_cookie_http_only`: Sets the optional `HttpOnly` flag when `mod_auth_cas` issues cookies. - - Default: `undef`. - -- `cas_cookie_path`: Where cas cookie session data is stored. Should be writable by web server user. - - Default: OS dependent. - -- `cas_cookie_path_mode`: The mode of `cas_cookie_path`. - - Default: '0750'. - -- `cas_debug`: Determines whether to enable the module's debugging mode. - - Default: 'Off'. - -- `cas_idle_timeout`: Sets the idle timeout limit, in seconds. - - Default: `undef`. - -- `cas_login_url`: **Required**. Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session. - -- `cas_proxy_validate_url`: The URL to use when performing a proxy validation. - - Default: `undef`. - -- `cas_root_proxied_as`: Sets the URL end users see when access to this Apache server is proxied. This URL should not include a trailing slash. - - Default: `undef`. - -- `cas_scrub_request_headers`: Remove inbound request headers that may have special meaning within mod_auth_cas. - -- `cas_sso_enabled`: Enables experimental support for single sign out (may mangle POST data). - - Default: 'Off'. - -- `cas_timeout`: Limits the number of seconds a `mod_auth_cas` session can remain active. - - Default: `undef`. - -- `cas_validate_depth`: Limits the depth for chained certificate validation. - - Default: `undef`. - -- `cas_validate_saml`: Parse response from CAS server for SAML. - - Default: 'Off'. - -- `cas_validate_server`: Whether to validate the cert of the CAS server (deprecated in 1.1 - RedHat 7). - - Default: `undef`. - -- `cas_validate_url`: **Required**. Sets the URL to use when validating a client-presented ticket in an HTTP query string. - -- `cas_version`: The CAS protocol version to adhere to. Values: '1', '2'. - - Default: '2'. - -- `suppress_warning`: Suppress warning about being on RedHat (`mod_auth_cas` package is now available in epel-testing repo). - - Default: `false`. - -##### Class: `apache::mod::auth_mellon` - -Installs and manages [`mod_auth_mellon`][]. Parameters share names with the Apache module's directives. - -``` puppet -class{ 'apache::mod::auth_mellon': - mellon_cache_size => 101, -} -``` - -**Parameters**: - -* `mellon_cache_entry_size`: Maximum size for a single session. - - Default: `undef`. - -* `mellon_cache_size`: Size in megabytes of the mellon cache. - - Default: 100. - -* `mellon_lock_file`: Location of lock file. - - Default: '`/run/mod_auth_mellon/lock`'. - -* `mellon_post_directory`: Full path where post requests are saved. - - Default: '`/var/cache/apache2/mod_auth_mellon/`' - -* `mellon_post_ttl`: Time to keep post requests. - - Default: `undef`. - -* `mellon_post_size`: Maximum size of post requests. - - Default: `undef`. - -* `mellon_post_count`: Maximum number of post requests. - - Default: `undef`. - -##### Class: `apache::mod::authn_dbd` - -Installs `mod_authn_dbd` and uses `authn_dbd.conf.erb` template to generate its configuration. Optionally, creates AuthnProviderAlias. - -``` puppet -class { 'apache::mod::authn_dbd': - $authn_dbd_params => - 'host=db01 port=3306 user=apache password=xxxxxx dbname=apacheauth', - $authn_dbd_query => 'SELECT password FROM authn WHERE user = %s', - $authn_dbd_alias => 'db_auth', -} -``` - -**Parameters**: - -* `authn_dbd_alias`: Name for the 'AuthnProviderAlias'. - -* `authn_dbd_dbdriver`: Specifies the database driver to use. - - Default: 'mysql'. - -* `authn_dbd_exptime`: corresponds to DBDExptime. - - Default: 300. - -* `authn_dbd_keep`: Corresponds to DBDKeep. - - Default: 8. - -* `authn_dbd_max`: Corresponds to DBDMax. - - Default: 20. - -* `authn_dbd_min`: Corresponds to DBDMin. - - Default: 4. - -* `authn_dbd_params`: **Required**. Corresponds to DBDParams for the connection string. - -* `authn_dbd_query`: Whether to query the user and password for authentication. - -##### Class: `apache::mod::authnz_ldap` - -Installs `mod_authnz_ldap` and uses the `authnz_ldap.conf.erb` template to generate its configuration. - -**Parameters**: - -* `package_name`: The name of the package. - - Default: `undef`. - -* `verify_server_cert`: Whether to verify the server certificate. - - Default: `undef`. - -##### Class: `apache::mod::cluster` - -**Note**: There is no official package available for `mod_cluster`, so you must make it available outside of the apache module. Binaries can be found at [here](http://mod-cluster.jboss.org/). - -``` puppet -class { '::apache::mod::cluster': - ip => '172.17.0.1', - allowed_network => '172.17.0.', - balancer_name => 'mycluster', - version => '1.3.1' -} -``` - -**Parameters**: - -* `port`: mod_cluster listen port. - - Default: '6666'. - -* `server_advertise`: Whether the server should advertise. - - Default: `true`. - -* `advertise_frequency`: Sets the interval between advertise messages in seconds[.miliseconds]. - - Default: 10. - -* `manager_allowed_network`: Whether to allow the network to access the mod_cluster_manager. - - Default: '127.0.0.1'. - -* `keep_alive_timeout`: Specifies how long Apache should wait for a request, in seconds. - - Default: 60. - -* `max_keep_alive_requests`: Maximum number of requests kept alive. - - Default: 0. - -* `enable_mcpm_receive`: Whether MCPM should be enabled. - - Default: `true`. - -* `ip`: Specifies the IP address to listen to. - -* `allowed_network`: Balanced members network. - -* `version`: Specifies the `mod_cluster` version. Version 1.3.0 or greater is required for httpd 2.4. - -##### Class: `apache::mod::deflate` - -Installs and configures [`mod_deflate`][]. - -**Parameters**: - -* `types`: An [array][] of [MIME types][MIME `content-type`] to be deflated. - - Default: ['text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json']. - -* `notes`: A [Hash][] where the key represents the type and the value represents the note name. - - Default: { 'Input' => 'instream', 'Output' => 'outstream', 'Ratio' => 'ratio' }. - -##### Class: `apache::mod::expires` - -Installs [`mod_expires`][] and uses the `expires.conf.erb` template to generate its configuration. - -**Parameters**: - -* `expires_active`: Enables generation of `Expires` headers for a document realm. - - Boolean. - - Default: `true`. - -* `expires_default`: Specifies the default algorithm for calculating expiration time using [`ExpiresByType`][] syntax or [interval syntax][]. - - Default: `undef`. - -* `expires_by_type`: Describes a set of [MIME `content-type`][] and their expiration times. - - Values: An [array][] of [Hashes][Hash], with each Hash's key a valid MIME `content-type` (i.e. 'text/json') and its value following valid [interval syntax][]. - - Default: `undef`. - -##### Class: `apache::mod::ext_filter` - -Installs and configures [`mod_ext_filter`][]. - -``` puppet -class { 'apache::mod::ext_filter': - ext_filter_define => { - 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength', - 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"', - }, -} -``` - -**Parameters**: - -* `ext_filter_define`: A hash of filter names and their parameters. - - Default: `undef`. - -##### Class: `apache::mod::fcgid` - -Installs and configures [`mod_fcgid`][]. - -The class does not individually parameterize all available options. Instead, configure `mod_fcgid` using the `options` [hash][]. For example: - -``` puppet -class { 'apache::mod::fcgid': - options => { - 'FcgidIPCDir' => '/var/run/fcgidsock', - 'SharememPath' => '/var/run/fcgid_shm', - 'AddHandler' => 'fcgid-script .fcgi', - }, -} -``` - -For a full list of options, see the [official `mod_fcgid` documentation][`mod_fcgid`]. - -If you include `apache::mod::fcgid`, you can set the [`FcgidWrapper`][] per directory, per virtual host. The module must be loaded first; Puppet will not automatically enable it if you set the `fcgiwrapper` parameter in `apache::vhost`. - -``` puppet -include apache::mod::fcgid - -apache::vhost { 'example.org': - docroot => '/var/www/html', - directories => { - path => '/var/www/html', - fcgiwrapper => { - command => '/usr/local/bin/fcgiwrapper', - } - }, -} -``` - -##### Class: `apache::mod::geoip` - -Installs and manages [`mod_geoip`][]. - -**Parameters**: - -* `db_file`: Sets the path to your GeoIP database file. - - Values: a path, or an [array][] paths for multiple GeoIP database files. - - Default: `/usr/share/GeoIP/GeoIP.dat`. - -* `enable`: Determines whether to globally enable [`mod_geoip`][]. - - Boolean. - - Default: `false`. - -* `flag`: Sets the GeoIP flag. - - Values: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'. - - Default: 'Standard'. - -* `output`: Defines which output variables to use. - - Values: 'All', 'Env', 'Request', 'Notes'. - - Default: 'All'. - -* `enable_utf8`: Changes the output from ISO*8859*1 (Latin*1) to UTF*8. - - Boolean. - - Default: `undef`. - -* `scan_proxy_headers`: Enables the [GeoIPScanProxyHeaders][] option. - - Boolean. - - Default: `undef`. - -* `scan_proxy_header_field`: Specifies the header [`mod_geoip`][] uses to determine the client's IP address. - - Default: `undef`. - -* `use_last_xforwarededfor_ip` (sic): Determines whether to use the first or last IP address for the client's IP in a comma-separated list of IP addresses is found. - - Boolean. - - Default: `undef`. - -##### Class: `apache::mod::http2` - -Installs and manages [`mod_http2`][]. - -**Parameters**: - -* `h2_copy_files`: Determines if file handles or copies of file content are -passed from the requestion processing down to the main connection. - - Boolean. - - Default: `undef` - -* `h2_direct`: Toggles the usage of the HTTP/2 Direct Mode. - - Boolean. - - Default: `undef` - -* `h2_early_hints`: Controls if HTTP status 103 interim responses are forwarded -to the client or not. - - Boolean. - - Default: `undef` - -* `h2_max_session_streams`: Sets the maximum number of active streams per -HTTP/2 session that the server allows. - - Integer. - - Default: `undef` - -* `h2_max_worker_idle_seconds`: Sets the maximum number of seconds a h2 worker - may idle until it shuts itself down. - - Integer. - - Default: `undef` - -* `h2_max_workers`: Sets the maximum number of worker threads to spawn per - child process for HTTP/2 processing. - - Integer. - - Default: `undef` - -* `h2_min_workers`: Sets the minimum number of worker threads to spawn per - child process for HTTP/2 processing. - - Integer. - - Default: `undef` - -* `h2_modern_tls_only`: Toggles the security checks on HTTP/2 connections in - TLS mode. - - Boolean. - - Default: `undef` - -* `h2_push`: Toggles the usage of the HTTP/2 server push protocol feature. - - Boolean. - - Default: `undef` - -* `h2_push_diary_size`: Toggles the maximum number of HTTP/2 server pushes that - are remembered per HTTP/2 connection. - - Integer. - - Default: `undef` - -* `h2_push_priority`: Defines the priority handling of pushed responses based - on the content-type of the response. - - Values: An array of priority definitions. - - Default: `[]` - -* `h2_push_resource`: Declares resources for early pushing to the client. - - Values: An array of resources. - - Default: `[]` - -* `h2_serialize_headers`: Toggles if HTTP/2 requests shall be serialized in - HTTP/1.1 format for processing by httpd core. - - Boolean. - - Default: `undef` - -* `h2_stream_max_mem_size`: Maximum number of outgoing data bytes buffered in - memory for an active streams. - - Integer. - - Default: `undef` - -* `h2_tls_cool_down_secs`: Sets the number of seconds of idle time on a TLS - connection before the TLS write size falls back to a small (~1300 bytes) - length. - - Integer. - - Default: `undef` - -* `h2_tls_warm_up_size`: Sets the number of bytes to be sent in small TLS - records (~1300 bytes) until doing maximum sized writes (16k) on https: HTTP/2 - connections. - - Integer. - - Default: `undef` - -* `h2_upgrade`: Toggles the usage of the HTTP/1.1 Upgrade method for switching - to HTTP/2. - - Boolean. - - Default: `undef` - -* `h2_window_size`: Sets the size of the window that is used for flow control - from client to server and limits the amount of data the server has to buffer. - - Integer. - - Default: `undef` - - -##### Class: `apache::mod::info` - -Installs and manages [`mod_info`][], which provides a comprehensive overview of the server configuration. - -**Parameters**: - -* `allow_from`: Whitelist of IPv4 or IPv6 addresses or ranges that can access `/server*info`. - - Values: One or more octets of an IPv4 address, an IPv6 address or range, or an array of either. - - Default: ['127.0.0.1','::1']. - -* `apache_version`: Apache's version number as a string, such as '2.2' or '2.4'. - - Default: The value of [`$::apache::apache_version`][`apache_version`]. - - -* `restrict_access`: Determines whether to enable access restrictions. If `false`, the `allow_from` whitelist is ignored and any IP address can access `/server*info`. - - Boolean. - - Default: `true`. - -##### Class: `apache::mod::itk` - -Installs and manages [`mod_itk`][], which is an (MPM) that is loaded and configured for the HTTPD process. [official documentation](http://mpm-itk.sesse.net/) - -**Parameters**: - -* `startservers`: The number of child server processes created on startup. - - Values: Integer. - - Default: `8`. - -* `minspareservers`: The desired minimum number of idle child server processes. - - Values: Integer. - - Default: `5`. - -* `maxspareservers`: The desired maximum number of idle child server processes. - - Values: Integer. - - Default: `20`. - -* `serverlimit`: The maximum configured value for MaxRequestWorkers for the lifetime of the Apache httpd process. - - Values: Integer. - - Default: `256`. - -* `maxclients`: The limit on the number of simultaneous requests that will be served. - - Values: Integer. - - Default: `256`. - -* `maxrequestsperchild`: The limit on the number of connections that an individual child server process will handle. - - Values: Integer. - - Default: `4000`. - -* `enablecapabilities`: Drop most root capabilities in the parent process, and instead run as the user given by the User/Group directives with some extra capabilities (in particular setuid). Somewhat more secure, but can cause problems when serving from filesystems that do not honor capabilities, such as NFS. - - Values: Boolean. - - Default: `undef`. - -##### Class: `apache::mod::jk` - -Installs and manages `mod_jk`, a connector for Apache httpd redirection to old versions of TomCat and JBoss - -**Note**: There is no official package available for mod\_jk and thus it must be made available by means outside of the control of the apache module. Binaries can be found at [Apache Tomcat Connectors download page](https://tomcat.apache.org/download-connectors.cgi) - -``` puppet -class { '::apache::mod::jk': - ip => '192.168.2.15', - workers_file => 'conf/workers.properties', - mount_file => 'conf/uriworkermap.properties', - shm_file => 'run/jk.shm', - shm_size => '50M', - workers_file_content => { - - }, -} -``` - -See [templates/mod/jk/workers.properties.erb](templates/mod/jk/workers.properties.erb) for more information. - -**Parameters within `apache::mod::jk`**: - -The best source for understanding the `mod_jk` parameters is the [official documentation](https://tomcat.apache.org/connectors-doc/reference/apache.html), except for: - -**add_listen** - -Defines if a `Listen` directive according to parameters `ip` and `port` (see below), so that Apache listens to the IP/port combination and redirect to `mod_jk`. -Useful when another `Listen` directive, like `Listen *:` or `Listen `, can conflict with the one necessary for `mod_jk` binding. - -Type: Boolean -Default: true - -**ip** - -IP for binding to `mod_jk`. -Useful when the binding address is not the primary network interface IP. - -Type: String -Default: `$facts['ipaddress']` - -**port** - -Port for binding to `mod_jk`. -Useful when something else, like a reverse proxy or cache, is receiving requests at port 80, then needs to forward them to Apache at a different port. - -Type: String (numerical) -Default: '80' - -**workers\_file\_content** - -Each directive has the format `worker..=`. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash specifies each worker properties and values. -Plus, there are two global directives, 'worker.list' and 'worker.maintain' -For example, the workers file below should be parameterized as Figure 1: - -``` puppet -worker.list = status -worker.list = some_name,other_name - -worker.maintain = 60 - -# Optional comment -worker.some_name.type=ajp13 -worker.some_name.socket_keepalive=true - -# I just like comments -worker.other_name.type=ajp12 (why would you?) -worker.other_name.socket_keepalive=false -``` - -**Figure 1:** - -``` puppet -$workers_file_content = { - worker_lists => ['status', 'some_name,other_name'], - worker_maintain => '60', - some_name => { - comment => 'Optional comment', - type => 'ajp13', - socket_keepalive => 'true', - }, - other_name => { - comment => 'I just like comments', - type => 'ajp12', - socket_keepalive => 'false', - }, -} -``` - -**mount\_file\_content** - -Each directive has the format ` = `. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash contains two items: -* uri_list—an array with URIs to be mapped to the worker -* comment—an optional string with a comment for the worker. -For example, the mount file below should be parameterized as Figure 2: - -``` puppet -# Worker 1 -/context_1/ = worker_1 -/context_1/* = worker_1 - -# Worker 2 -/ = worker_2 -/context_2/ = worker_2 -/context_2/* = worker_2 -``` - -**Figure 2:** - -``` puppet -$mount_file_content = { - worker_1 => { - uri_list => ['/context_1/', '/context_1/*'], - comment => 'Worker 1', - }, - worker_2 => { - uri_list => ['/context_2/', '/context_2/*'], - comment => 'Worker 2', - }, -}, -``` - -**shm\_file and log\_file** - -Depending on how these files are specified, the class creates their final path differently: -- Relative path: prepends supplied path with `logroot` (see below) -- Absolute path or pipe: uses supplied path as-is - -Examples (RHEL 6): - -``` puppet -shm_file => 'shm_file' -# Ends up in -$shm_path = '/var/log/httpd/shm_file' -``` -``` puppet -shm_file => '/run/shm_file' -# Ends up in -$shm_path = '/run/shm_file' -``` -``` puppet -shm_file => '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"' -# Ends up in -$shm_path = '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"' -``` - -> The default logroot is sane enough. Therefore, it is not recommended to specify absolute paths. - -**logroot** - -The base directory for `shm_file` and `log_file` is determined by the `logroot` parameter. If unspecified, defaults to `apache::params::logroot`. - -> The default logroot is sane enough. Therefore, it is not recommended to override it. - -##### Class: `apache::mod::passenger` - -Installs and manages [`mod_passenger`][]. For Red Hat-based systems, ensure that you meet the minimum requirements described in the [passenger docs](https://www.phusionpassenger.com/library/install/apache/install/oss/el6/#step-1:-upgrade-your-kernel,-or-disable-selinux). - -The current set of server configurations settings were taken directly from the [Passenger Reference](https://www.phusionpassenger.com/library/config/apache/reference/). To enable deprecation warnings and removal failure messages, set the `passenger_installed_version` to the version number installed on the server. - -**Parameters**: - -|parameter|default value|passenger config setting|context|notes| -|---------|-------------|------------------------|-------|-----| -|manage_repo|true|n/a||| -|mod_id|undef|n/a||| -|mod_lib|undef|n/a||| -|mod_lib_path|undef|n/a||| -|mod_package|undef|n/a||| -|mod_package_ensure|undef|n/a||| -|mod_path|undef|n/a||| -|passenger_allow_encoded_slashes|undef|[`PassengerAllowEncodedSlashes`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAllowEncodedSlashes)|server-config virtual-host htaccess directory || -|passenger_app_env|undef|[`PassengerAppEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppEnv)|server-config virtual-host htaccess directory || -|passenger_app_group_name|undef|[`PassengerAppGroupName`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppGroupName)|server-config virtual-host htaccess directory || -|passenger_app_root|undef|[`PassengerAppRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppRoot)|server-config virtual-host htaccess directory || -|passenger_app_type|undef|[`PassengerAppType`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppType)|server-config virtual-host htaccess directory || -|passenger_base_uri|undef|[`PassengerBaseURI`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBaseURI)|server-config virtual-host htaccess directory || -|passenger_buffer_response|undef|[`PassengerBufferResponse`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBufferResponse)|server-config virtual-host htaccess directory || -|passenger_buffer_upload|undef|[`PassengerBufferUpload`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBufferUpload)|server-config virtual-host htaccess directory || -|passenger_concurrency_model|undef|[`PassengerConcurrencyModel`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerConcurrencyModel)|server-config virtual-host htaccess directory || -|passenger_conf_file|$::apache::params::passenger_conf_file|n/a||| -|passenger_conf_package_file|$::apache::params::passenger_conf_package_file|n/a||| -|passenger_data_buffer_dir|undef|[`PassengerDataBufferDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDataBufferDir)|server-config || -|passenger_debug_log_file|undef|PassengerDebugLogFile|server-config |This option has been renamed in version 5.0.5 to PassengerLogFile.| -|passenger_debugger|undef|[`PassengerDebugger`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDebugger)|server-config virtual-host htaccess directory || -|passenger_default_group|undef|[`PassengerDefaultGroup`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultGroup)|server-config || -|passenger_default_ruby|$::apache::params::passenger_default_ruby|[`PassengerDefaultRuby`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultRuby)|server-config || -|passenger_default_user|undef|[`PassengerDefaultUser`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultUser)|server-config || -|passenger_disable_security_update_check|undef|[`PassengerDisableSecurityUpdateCheck`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDisableSecurityUpdateCheck)|server-config || -|passenger_enabled|undef|[`PassengerEnabled`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerEnabled)|server-config virtual-host htaccess directory || -|passenger_error_override|undef|[`PassengerErrorOverride`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerErrorOverride)|server-config virtual-host htaccess directory || -|passenger_file_descriptor_log_file|undef|[`PassengerFileDescriptorLogFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFileDescriptorLogFile)|server-config || -|passenger_fly_with|undef|[`PassengerFlyWith`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFlyWith)|server-config || -|passenger_force_max_concurrent_requests_per_process|undef|[`PassengerForceMaxConcurrentRequestsPerProcess`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerForceMaxConcurrentRequestsPerProcess)|server-config virtual-host htaccess directory || -|passenger_friendly_error_pages|undef|[`PassengerFriendlyErrorPages`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFriendlyErrorPages)|server-config virtual-host htaccess directory || -|passenger_group|undef|[`PassengerGroup`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerGroup)|server-config virtual-host directory || -|passenger_high_performance|undef|[`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerHighPerformance)|server-config virtual-host htaccess directory || -|passenger_installed_version|undef|n/a| |If set, will enable version checking of the passenger options against the value set.| -|passenger_instance_registry_dir|undef|[`PassengerInstanceRegistryDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerInstanceRegistryDir)|server-config || -|passenger_load_shell_envvars|undef|[`PassengerLoadShellEnvvars`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLoadShellEnvvars)|server-config virtual-host htaccess directory || -|passenger_log_file|undef|[`PassengerLogFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLogFile)|server-config || -|passenger_log_level|undef|[`PassengerLogLevel`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLogLevel)|server-config || -|passenger_lve_min_uid|undef|[`PassengerLveMinUid`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLveMinUid)|server-config virtual-host || -|passenger_max_instances|undef|[`PassengerMaxInstances`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxInstances)|server-config virtual-host htaccess directory || -|passenger_max_instances_per_app|undef|[`PassengerMaxInstancesPerApp`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxInstancesPerApp)|server-config || -|passenger_max_pool_size|undef|[`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxPoolSize)|server-config || -|passenger_max_preloader_idle_time|undef|[`PassengerMaxPreloaderIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxPreloaderIdleTime)|server-config virtual-host || -|passenger_max_request_queue_size|undef|[`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequestQueueSize)|server-config virtual-host htaccess directory || -|passenger_max_request_time|undef|[`PassengerMaxRequestTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequestTime)|server-config virtual-host htaccess directory || -|passenger_max_requests|undef|[`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequests)|server-config virtual-host htaccess directory || -|passenger_memory_limit|undef|[`PassengerMemoryLimit`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMemoryLimit)|server-config virtual-host htaccess directory || -|passenger_meteor_app_settings|undef|[`PassengerMeteorAppSettings`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMeteorAppSettings)|server-config virtual-host htaccess directory || -|passenger_min_instances|undef|[`PassengerMinInstances`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMinInstances)|server-config virtual-host htaccess directory || -|passenger_nodejs|undef|[`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerNodejs)|server-config virtual-host htaccess directory || -|passenger_pool_idle_time|undef|[`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPoolIdleTime)|server-config || -|passenger_pre_start|undef|[`PassengerPreStart`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPreStart)|server-config virtual-host || -|passenger_python|undef|[`PassengerPython`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPython)|server-config virtual-host htaccess directory || -|passenger_resist_deployment_errors|undef|[`PassengerResistDeploymentErrors`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResistDeploymentErrors)|server-config virtual-host htaccess directory || -|passenger_resolve_symlinks_in_document_root|undef|[`PassengerResolveSymlinksInDocumentRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResolveSymlinksInDocumentRoot)|server-config virtual-host htaccess directory || -|passenger_response_buffer_high_watermark|undef|[`PassengerResponseBufferHighWatermark`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResponseBufferHighWatermark)|server-config || -|passenger_restart_dir|undef|[`PassengerRestartDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRestartDir)|server-config virtual-host htaccess directory || -|passenger_rolling_restarts|undef|[`PassengerRollingRestarts`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRollingRestarts)|server-config virutal-host htaccess directory || -|passenger_root|$::apache::params::passenger_root|[`PassengerRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRoot)|server-config || -|passenger_ruby|$::apache::params::passenger_ruby|[`PassengerRuby`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRuby)|server-config virutal-host htaccess directory || -|passenger_security_update_check_proxy|undef|[`PassengerSecurityUpdateCheckProxy`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSecurityUpdateCheckProxy)|server-config || -|passenger_show_version_in_header|undef|[`PassengerShowVersionInHeader`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerShowVersionInHeader)|server-config || -|passenger_socket_backlog|undef|[`PassengerSocketBacklog`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSocketBacklog)|server-config || -|passenger_spawn_method|undef|[`PassengerSpawnMethod`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSpawnMethod)|server-config virtual-host || -|passenger_start_timeout|undef|[`PassengerStartTimeout`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStartTimeout)|server-config virtual-host htaccess directory || -|passenger_startup_file|undef|[`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStartupFile)|server-config virtual-host htaccess directory || -|passenger_stat_throttle_rate|undef|[`PassengerStatThrottleRate`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStatThrottleRate)|server-config || -|passenger_sticky_sessions|undef|[`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStickySessions)|server-config virtual-host htaccess directory || -|passenger_sticky_sessions_cookie_name|undef|[`PassengerStickySessionsCookieName`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStickySessionsCookieName)|server-config virtual-host htaccess directory || -|passenger_thread_count|undef|[`PassengerThreadCount`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerThreadCount)|server-config virtual-host htaccess directory || -|passenger_use_global_queue|undef|PassengerUseGlobalQueue|server-config || -|passenger_user|undef|[`PassengerUser`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerUser)|server-config virtual-host directory || -|passenger_user_switching|undef|[`PassengerUserSwitching`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerUserSwitching)|server-config || -|rack_auto_detect|undef|RackAutoDetect|server-config |These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.| -|rack_autodetect|undef|n/a||| -|rack_base_uri|undef|RackBaseURI|server-config |Deprecated in 3.0.0 in favor of PassengerBaseURI.| -|rack_env|undef|[`RackEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#RackEnv)|server-config virtual-host htaccess directory || -|rails_allow_mod_rewrite|undef|RailsAllowModRewrite|server-config |This option doesn't do anything anymore in since version 4.0.0.| -|rails_app_spawner_idle_time|undef|RailsAppSpawnerIdleTime|server-config |This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.| -|rails_auto_detect|undef|RailsAutoDetect|server-config |These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.| -|rails_autodetect|undef|n/a||| -|rails_base_uri|undef|RailsBaseURI|server-config |Deprecated in 3.0.0 in favor of PassengerBaseURI.| -|rails_default_user|undef|RailsDefaultUser|server-config |Deprecated in 3.0.0 in favor of PassengerDefaultUser.| -|rails_env|undef|[`RailsEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#RailsEnv)|server-config virtual-host htaccess directory || -|rails_framework_spawner_idle_time|undef|RailsFrameworkSpawnerIdleTime|server-config |This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed altogether. You should use smart spawning instead.| -|rails_ruby|undef|RailsRuby|server-config |Deprecated in 3.0.0 in favor of PassengerRuby.| -|rails_spawn_method|undef|RailsSpawnMethod|server-config |Deprecated in 3.0.0 in favor of PassengerSpawnMethod.| -|rails_user_switching|undef|RailsUserSwitching|server-config |Deprecated in 3.0.0 in favor of PassengerUserSwitching.| -|wsgi_auto_detect|undef|WsgiAutoDetect|server-config |These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.| - - -##### Class: `apache::mod::ldap` - -Installs and configures [`mod_ldap`][], and allows you to modify the -[`LDAPTrustedGlobalCert`](https://httpd.apache.org/docs/current/mod/mod_ldap.html#ldaptrustedglobalcert) Directive: - -``` puppet -class { 'apache::mod::ldap': - ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt', - ldap_trusted_global_cert_type => 'CA_DER', - ldap_trusted_mode => 'TLS', - ldap_shared_cache_size => '500000', - ldap_cache_entries => '1024', - ldap_cache_ttl => '600', - ldap_opcache_entries => '1024', - ldap_opcache_ttl => '600', -} -``` - -**Parameters** - -* `apache_version`: Specifies the installed Apache version. - - Default: `undef`. - -* `ldap_trusted_global_cert_file`: Specifies the path and file name of the trusted CA certificates to use when establishing SSL or TLS connections to an LDAP server. - -* `ldap_trusted_global_cert_type`: Specifies the global trust certificate format. - - Default: 'CA_BASE64'. - -* `ldap_trusted_mode`: Specifies the SSL/TLS mode to be used when connecting to an LDAP server. - -* `ldap_shared_cache_size`: Specifies the size, in bytes, of the shared memory cache. - -* `ldap_cache_entries`: Specifies the maximum number of entries in the primary LDAP cache. - -* `ldap_cache_ttl`: Specifies the time, in seconds, that cached items remain valid. - -* `ldap_opcache_entries`: Specifies the number of entries used to cache LDAP compare operations. - -* `ldap_opcache_ttl`: Specifies the time, in seconds, that entries in the operation cache remain valid. - -* `package_name`: Specifies the custom package name. - - Default: `undef`. - -##### Class: `apache::mod::negotiation` - -Installs and configures [`mod_negotiation`][]. - -**Parameters**: - -* `force_language_priority`: Sets the `ForceLanguagePriority` option. - - Values: A string. - - Default: `Prefer Fallback`. - -* `language_priority`: An [array][] of languages to set the `LanguagePriority` option of the module. - - Default: ['en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN', 'zh-TW'] - -##### Class: `apache::mod::nss` - -An SSL provider for Apache using the NSS crypto libraries. - -**Parameters:** - -- `transfer_log`: path to access.log -- `error_log`: path to error.log -- `passwd_file`: path to file used for NSSPassPhraseDialog directive -- `port`: SSL port. Defaults to 8443 - -##### Class: `apache::mod::pagespeed` - -Installs and manages [`mod_pagespeed`][], a Google module that rewrites web pages to reduce latency and bandwidth. - -Although this apache module requires the `mod-pagespeed-stable` package, Puppet **does not** manage the software repositories required to automatically install the package. If you declare this class when the package is either not installed or not available to your package manager, your Puppet run will fail. - -> **Note:** Verify that your system is compatible with the latest Google Pagespeed requirements. - -**Parameters**: - -These parameters correspond to the module's directives. See the [module's documentation][`mod_pagespeed`] for details. - -* `inherit_vhost_config`: Default: 'on'. -* `filter_xhtml`: Default: `false`. -* `cache_path`: Default: '/var/cache/mod_pagespeed/'. -* `log_dir`: Default: '/var/log/pagespeed'. -* `memcache_servers`: Default: []. -* `rewrite_level`: Default: 'CoreFilters'. -* `disable_filters`: Default: []. -* `enable_filters`: Default: []. -* `forbid_filters`: Default: []. -* `rewrite_deadline_per_flush_ms`: Default: 10. -* `additional_domains`: Default: `undef`. -* `file_cache_size_kb`: Default: 102400. -* `file_cache_clean_interval_ms`: Default: 3600000. -* `lru_cache_per_process`: Default: 1024. -* `lru_cache_byte_limit`: Default: 16384. -* `css_flatten_max_bytes`: Default: 2048. -* `css_inline_max_bytes`: Default: 2048. -* `css_image_inline_max_bytes`: Default: 2048. -* `image_inline_max_bytes`: Default: 2048. -* `js_inline_max_bytes`: Default: 2048. -* `css_outline_min_bytes`: Default: 3000. -* `js_outline_min_bytes`: Default: 3000. -* `inode_limit`: Default: 500000. -* `image_max_rewrites_at_once`: Default: 8. -* `num_rewrite_threads`: Default: 4. -* `num_expensive_rewrite_threads`: Default: 4. -* `collect_statistics`: Default: 'on'. -* `statistics_logging`: Default: 'on'. -* `allow_view_stats`: Default: []. -* `allow_pagespeed_console`: Default: []. -* `allow_pagespeed_message`: Default: []. -* `message_buffer_size`: Default: 100000. -* `additional_configuration`: A hash of directive value pairs, or an array of lines to insert at the end of the pagespeed configuration. Default: '{ }'. - -##### Class: `apache::mod::passenger` - -Installs and configures `mod_passenger`. - ->**Note**: The passenger module isn't available on RH/CentOS without providing the dependency packages provided by EPEL and the `mod_passengers` custom repository. See the `manage_repo` parameter above and [https://www.phusionpassenger.com/library/install/apache/install/oss/el7/]() - -**Parameters**: - -* `passenger_conf_file`: `$::apache::params::passenger_conf_file` -* `passenger_conf_package_file: `$::apache::params::passenger_conf_package_file` -* `passenger_high_performance`: Default: `undef` -* `passenger_pool_idle_time`: Default: `undef` -* `passenger_max_request_queue_size`: Default: `undef` -* `passenger_max_requests`: Default: `undef` -* `passenger_spawn_method`: Default: `undef` -* `passenger_stat_throttle_rate`: Default: `undef` -* `rack_autodetect`: Default: `undef` -* `rails_autodetect`: Default: `undef` -* `passenger_root` : `$::apache::params::passenger_root` -* `passenger_ruby` : `$::apache::params::passenger_ruby` -* `passenger_default_ruby`: `$::apache::params::passenger_default_ruby` -* `passenger_max_pool_size`: Default: `undef` -* `passenger_min_instances`: Default: `undef` -* `passenger_max_instances_per_app`: Default: `undef` -* `passenger_use_global_queue`: Default: `undef` -* `passenger_app_env`: Default: `undef` -* `passenger_log_file`: Default: `undef` -* `passenger_log_level`: Default: `undef` -* `passenger_data_buffer_dir`: Default: `undef` -* `manage_repo`: Whether to manage the phusionpassenger.com repository. Default: `true`. -* `mod_package`: Default: `undef`. -* `mod_package_ensure`: Default: `undef`. -* `mod_lib`: Default: `undef`. -* `mod_lib_path`: Default: `undef`. -* `mod_id`: Default: `undef`. -* `mod_path`: Default: `undef`. - -##### Class: `apache::mod::proxy` - -Installs `mod_proxy` and uses the `proxy.conf.erb` template to generate its configuration. - -**Parameters within `apache::mod::proxy`**: - -- `allow_from`: Default: `undef`. -- `apache_version`: Default: `undef`. -- `package_name`: Default: `undef`. -- `proxy_requests`: Default: 'Off'. -- `proxy_via`: Default: 'On'. - -##### Class: `apache::mod::proxy_balancer` - -Installs and manages [`mod_proxy_balancer`][], which provides load balancing. - -**Parameters**: - -* `manager`: Determines whether to enable balancer manager support. - - Default: `false`. - -* `manager_path`: The server location of the balancer manager. - - Default: '/balancer-manager'. - -* `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/balancer-manager`. - - Default: ['127.0.0.1','::1']. - -* `apache_version`: Apache's version number as a string, such as '2.2' or '2.4'. - - Default: the value of [`$::apache::apache_version`][`apache_version`]. On Apache 2.4 or greater, `mod_slotmem_shm` is loaded. - -##### Class: `apache::mod::php` - -Installs and configures [`mod_php`][]. - -**Parameters**: - -Default values for these parameters depend on your operating system. Most of this class's parameters correspond to `mod_php` directives; see the [module's documentation][`mod_php`] for details. - -* `package_name`: Names the package that installs `mod_php`. -* `path`: Defines the path to the `mod_php` shared object (`.so`) file. -* `source`: Defines the path to the default configuration. Values include a `puppet:///` path. -* `template`: Defines the path to the `php.conf` template Puppet uses to generate the configuration file. -* `content`: Adds arbitrary content to `php.conf`. -* `libphp_prefix`: Allows the definition of a libphp prefix. Defaults to `libphp`. - -##### Class: `apache::mod::proxy_html` - -**Note**: There is no official package available for `mod_proxy_html`, so you must make it available outside of the apache module. - -##### Class: `apache::mod::python` - -Installs and configures [`mod_python`][]. - -**Parameters** - -* `loadfile_name`: Sets the name of the configuration file that is used to load the python module. - -##### Class: `apache::mod::reqtimeout` - -Installs and configures [`mod_reqtimeout`][]. - -**Parameters** - -* `timeouts`: Sets the [`RequestReadTimeout`][] option. - - Values: A string or [array][]. - - Default: ['header=20-40,MinRate=500', 'body=20,MinRate=500']. - -##### Class: `apache::mod::rewrite` - -Installs and enables the Apache module `mod_rewrite`. - -##### Class: `apache::mod::shib` - -Installs the [Shibboleth](http://shibboleth.net/) Apache module `mod_shib`, which enables SAML2 single sign-on (SSO) authentication by Shibboleth Identity Providers and Shibboleth Federations. Defining this class enables Shibboleth-specific parameters in `apache::vhost` instances. - -This class installs and configures only the Apache components of a web application that consumes Shibboleth SSO identities. You can manage the Shibboleth configuration manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth). - -**Note**: The Shibboleth module isn't available on RH/CentOS without providing dependency packages provided by Shibboleth's repositories. See the [Shibboleth Service Provider Installation Guide](http://wiki.aaf.edu.au/tech-info/sp-install-guide). - -##### Class: `apache::mod::ssl` - -Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template to generate its configuration. On most operating systems, this `ssl.conf` is placed in the module configuration directory. On Red Hat-based operating systems, this file is placed in `/etc/httpd/conf.d`, the same location in which the RPM stores the configuration. - -To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] parameter in `::apache` to `true` **or** the [`ssl`][] parameter in [`apache::vhost`][] to `true`. - -- `ssl_cipher`: Default: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4'. -- `ssl_compression`: Default: false. -- `ssl_cryptodevice`: Default: 'builtin'. -- `ssl_honorcipherorder`: Default: true. -- `ssl_openssl_conf_cmd`: Default: undef. -- `ssl_cert`: Default: undef. -- `ssl_key`: Default: undef. -- `ssl_options`: Default: ['StdEnvVars'] -- `ssl_pass_phrase_dialog`: Default: 'builtin'. -- `ssl_protocol`: Default: ['all', '-SSLv2', '-SSLv3']. -- `ssl_proxy_protocol`: Default: []. -- `ssl_random_seed_bytes`: Valid options: A string. Default: '512'. -- `ssl_sessioncache`: Valid options: A string. Default: '300'. -- `ssl_sessioncachetimeout`: Valid options: A string. Default: '300'. -- `ssl_mutex`: Default: Determined based on the OS. Valid options: See [mod_ssl][mod_ssl] documentation. - - RedHat/FreeBSD/Suse/Gentoo: 'default' - - Debian/Ubuntu + Apache >= 2.4: 'default' - - Debian/Ubuntu + Apache < 2.4: 'file:\${APACHE_RUN_DIR}/ssl_mutex' -**Parameters: - -* `ssl_cipher` - - Default: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4'. - -* `ssl_compression` - - Default: `false`. - -* `ssl_cryptodevice` - - Default: 'builtin'. - -* `ssl_honorcipherorder` - - Default: `true`. - -* `ssl_openssl_conf_cmd` - - Default: `undef`. - -* `ssl_cert` - - Default: `undef`. - -* `ssl_key` - - Default: `undef`. - -* `ssl_options` - - Default: ['StdEnvVars'] - -* `ssl_pass_phrase_dialog` - - Default: 'builtin'. - -* `ssl_protocol` - - Default: ['all', '-SSLv2', '-SSLv3']. - -* `ssl_random_seed_bytes` - - Values: A string. - - Default: '512'. - -* `ssl_sessioncachetimeout` - - Values: A string. - - Default: '300'. - -* `ssl_mutex`: - - Values: See [mod_ssl][mod_ssl] documentation. - - Default: Based on the OS: - - * RedHat/FreeBSD/Suse/Gentoo: 'default'. - * Debian/Ubuntu + Apache >= 2.4: 'default'. - * Debian/Ubuntu + Apache < 2.4: 'file:\${APACHE_RUN_DIR}/ssl_mutex'. - * Ubuntu 10.04: 'file:/var/run/apache2/ssl_mutex'. - - -##### Class: `apache::mod::status` - -Installs [`mod_status`][] and uses the `status.conf.erb` template to generate its configuration. - -**Parameters**: - -* `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/server-status`. - - Default: ['127.0.0.1','::1']. - -* `requires`: A string, an [array][] or a [hash][], of IPs and/or names that can/can't access `/server-status`, using Apache v. >= 2.4 `mod_authz_host` directives (`require ip`, `require host`, etc.). This parameter should follow one of the structures below: - - > Only used if Apache version >= 2.4 - - - `undef` - Uses `allow_from` and old directive syntax (`Allow from `). Issues deprecation warning. - - String - - `''` or `'unmanaged'` - No auth directives (access controlled elsewhere) - - `'ip '` - IPs/ranges allowed to access `/server-status` - - `'host '` - Names/domains allowed to access `/server-status` - - `'all [granted|denied]'` - Allow / block everyone - - Array - Each item should be a string from those described above. Results in one directive per array item. - - Hash with structure below (shown as key => value, where keys are strings): - - `'requires'` => Array as above - Same effect as the array - - `'enforce'` => String `'Any'`, `'All'` or `'None'` (optional) - Encloses all directives from `'requires'` key in a `` block - - Default: 'ip 127.0.0.1 ::1' - -* `extended_status`: Determines whether to track extended status information for each request, via the [`ExtendedStatus`][] directive. - - Values: 'Off', 'On'. - - Default: 'On'. - -* `status_path`: The server location of the status page. - - Default: '/server-status'. - -##### Class: `apache::mod::userdir` - -Allows user-specific directories to be accessed using the `http://example.com/~user/` syntax. All parameters can be found in in the [official Apache documentation](https://httpd.apache.org/docs/2.4/mod/mod_userdir.html). - -**Parameters**: - -* `overrides`: An [array][] of directive-types. - - Default: ['FileInfo', 'AuthConfig', 'Limit', 'Indexes']. - -##### Class: `apache::mod::version` - -Installs [`mod_version`][] on many operating systems and Apache configurations. - -If Debian and Ubuntu systems with Apache 2.4 are classified with `apache::mod::version`, Puppet warns that `mod_version` is built-in and can't be loaded. - -##### Class: `apache::mod::security` - -Installs and configures Trustwave's [`mod_security`][]. It is enabled and runs by default on all virtual hosts. - -**Parameters**: - -* `activated_rules`: An [array][] of rules from the `modsec_crs_path` or absolute to activate via symlinks. -* `allowed_methods`: A space-separated list of allowed HTTP methods. - - Default: 'GET HEAD POST OPTIONS'. - -* `content_types`: A list of one or more allowed [MIME types][MIME `content-type`]. - - Default: 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf'. - -* `crs_package`: Names the package that installs CRS rules. - - Default: `modsec_crs_package` in [`apache::params`][]. - -* `manage_security_crs`: Manage security_crs.conf rules file. - - Default: `true`. - -* `modsec_dir`: Defines the path where Puppet installs the modsec configuration and activated rules links. - - Default: 'On', set by `modsec_dir` in [`apache::params`][]. -${modsec\_dir}/activated\_rules. - -* `modsec_secruleengine`: Configures the modsec rules engine. Values: 'On', 'Off', and 'DetectionOnly'. - - Default: `modsec_secruleengine` in [`apache::params`][]. - -* `restricted_extensions`: A space-sparated list of prohibited file extensions. - - Default: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'. - -* `restricted_headers`: A list of restricted headers separated by slashes and spaces. - - Default: 'Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'. - -* `secdefaultaction`: Configures the Mode of Operation, Self-Contained ('deny') or Collaborative Detection ('pass'), for the OWASP ModSecurity Core Rule Set. - - Default: 'deny'. You can also set full values, such as "log,auditlog,deny,status:406,tag:'SLA 24/7'". - -* `secpcrematchlimit`: Sets the number for the match limit in the PCRE library. - - Default: 1500. - -* `secpcrematchlimitrecursion`: Sets the number for the match limit recursion in the PCRE library. - - Default: 1500. - -* `logroot`: Configures the location of audit and debug logs. - - Defaults to the Apache log directory (Redhat: `/var/log/httpd`, Debian: `/var/log/apache2`). - -* `audit_log_relevant_status`: Configures which response status code is to be considered relevant for the purpose of audit logging. - - Default: '^(?:5|4(?!04))'. - -* `audit_log_parts`: Sets the sections to be put in the [audit log][]. - - Default: 'ABIJDEFHZ'. - -* `anomaly_score_blocking`: Activates or deactivates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set. - - Default: 'off'. - -* `inbound_anomaly_threshold`: Sets the scoring threshold level of the inbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. - - Default: 5. - -* `outbound_anomaly_threshold`: Sets the scoring threshold level of the outbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. - - Default: 4. - -* `critical_anomaly_score`: Sets the scoring points of the critical severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. - - Default: 5. - -* `error_anomaly_score`: Sets the scoring points of the error severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. - - Default: 4. - -* `warning_anomaly_score`: Sets the scoring points of the warning severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. - - Default: 3. - -* `notice_anomaly_score`: Sets the scoring points of the notice severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set. - -Default: 2. - -* `secrequestmaxnumargs`: Sets the Maximum number of arguments in the request. - - Default: 255. - -* `secrequestbodylimit`: Sets the maximum request body size ModSecurity accepts for buffering. - - Default: '13107200'. - -* `secrequestbodynofileslimit`: Sets the maximum request body size ModSecurity accepts for buffering, excluding the size of any files being transported in the request. - - Default: '131072'. - -* `secrequestbodyinmemorylimit`: Sets the maximum request body size that ModSecurity stores in memory. - - Default: '131072' - -##### Class: `apache::mod::wsgi` - -Enables Python support via [`mod_wsgi`][]. - -**Parameters**: - -* `mod_path`: Defines the path to the `mod_wsgi` shared object (`.so`) file. - - Default: `undef`. - - * If the `mod_path` parameter doesn't contain `/`, Puppet prefixes it with your operating system's default module path. Otherwise, Puppet follows it literally. - -* `package_name`: Names the package that installs `mod_wsgi`. - - Default: `undef`. - -* `wsgi_python_home`: Defines the [`WSGIPythonHome`][] directive, such as '/path/to/venv'. - - Values: A string specifying a path. - - Default: `undef`. - -* `wsgi_python_path`: Defines the [`WSGIPythonPath`][] directive, such as '/path/to/venv/site-packages'. - - Values: A string specifying a path. - - Default: `undef`. - -* `wsgi_restrict_embedded`: Defines the [`WSGIRestrictEmbedded`][] directive, such as 'On'. - - Values: On|Off|undef. - - Default: undef. - -* `wsgi_application_group`: Defines the [`WSGIApplicationGroup`][] directive, such as "%{GLOBAL}". - - Values: A string specifying a wsgi application. - - Default: `undef`. - -* `wsgi_python_optimize`: Defines the [`WSGIPythonOptimize`][] directive, such as 1. - - Values: A integer specifying the level of Python compiler optimisations. - - Default: `undef`. - -* `wsgi_socket_prefix`: Defines the [`WSGISocketPrefix`][] directive, such as "\${APACHE\_RUN\_DIR}WSGI". - - Default: `wsgi_socket_prefix` in [`apache::params`][]. - -The class's parameters correspond to the module's directives. See the [module's documentation][`mod_wsgi`] for details. - -### Private Classes - -#### Class: `apache::confd::no_accf` - -Creates the `no-accf.conf` configuration file in `conf.d`, required by FreeBSD's Apache 2.4. - -#### Class: `apache::default_confd_files` - -Includes `conf.d` files for FreeBSD. - -#### Class: `apache::default_mods` - -Installs the Apache modules required to run the default configuration. See the `apache` class's [`default_mods`][] parameter for details. - -#### Class: `apache::package` - -Installs and configures basic Apache packages. - -#### Class: `apache::params` - -Manages Apache parameters for different operating systems. - -#### Class: `apache::service` - -Manages the Apache daemon. - -#### Class: `apache::version` - -Attempts to automatically detect the Apache version based on the operating system. - -##### Red Hat Software Collections (SCL) - -Software Collections on CentOS/RHEL allow for newer Apache and PHP, amongst other packages. - -If `scl_httpd_version` is set, Apache Httpd will get installed from [Software Collections](https://www.softwarecollections.org/en/). - -If `scl_httpd_version` is set, `scl_php_version` also needs to be set, even if PHP is not going to be installed. - -The repository is not managed by this module yet. For CentOS you can enable the repo by installing the package `centos-release-scl-rh`. - -##### `scl_httpd_version` - -Version of httpd to install using Red Hat Software Collections (SCL). These collections for CentOS and RHEL allow for newer Apache and PHP packages. - -If you set `scl_httpd_version`, Apache httpd is installed from [Software Collections](https://www.softwarecollections.org/en/). - -If you set `scl_httpd_version`, you must also set `scl_php_version`, even if you are not installing PHP. - -The SCL repository is not managed by this module. For CentOS, enable the repo by installing the package `centos-release-scl-rh`. - -Valid value: A string specifying the version of httpd to install. For example, for Apache 2.4, specify '2.4'. - -Default: undef. - -##### `scl_php_version` - -Version of PHP to install using Red Hat Software Collections (SCL). These collections for CentOS and RHEL allow for newer Apache and PHP packages. - -If you set `scl_php_version`, PHP is installed from [Software Collections](https://www.softwarecollections.org/en/). - -The SCL repository is not managed by this module. For CentOS, enable the repo by installing the package `centos-release-scl-rh`. - -Valid value: A string specifying the version of PHP to install. For example, for PHP 7.1, specify '7.1'. - -Default: undef. - -### Public defined types - -#### Defined type: `apache::balancer` - -Creates an Apache load balancing group, also known as a balancer cluster, using [`mod_proxy`][]. Each load balancing group needs one or more balancer members, which you can declare in Puppet with the [`apache::balancermember`][] defined type. - -Declare one `apache::balancer` defined type for each Apache load balancing group. You can export `apache::balancermember` defined types for all balancer members and collect them on a single Apache load balancer server using [exported resources][]. - -**Parameters**: - -##### `name` - -Sets the title of the balancer cluster and name of the `conf.d` file containing its configuration. - -##### `proxy_set` - -Configures key-value pairs as [`ProxySet`][] lines. Values: a [hash][]. - -Default: '{}'. - -##### `options` - -Specifies an [array][] of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) after the balancer URL, and accepts any key-value pairs available to [`ProxyPass`][]. - -Default: []. - -##### `collect_exported` - -Determines whether to use [exported resources][]. - -If you statically declare all of your backend servers, set this parameter to `false` to rely on existing, declared balancer member resources. Also, use `apache::balancermember` with [array][] arguments. - -To dynamically declare backend servers via exported resources collected on a central node, set this parameter to `true` to collect the balancer member resources exported by the balancer member nodes. - -If you don't use exported resources, a single Puppet run configures all balancer members. If you use exported resources, Puppet has to run on the balanced nodes first, then run on the balancer. - -Boolean. - -Default: `true`. - -#### Defined type: `apache::balancermember` - -Defines members of [`mod_proxy_balancer`][], which sets up a balancer member inside a listening service configuration block in the load balancer's `apache.cfg`. - -**Parameters**: - -##### `balancer_cluster` - -**Required**. - -Sets the Apache service's instance name, and must match the name of a declared [`apache::balancer`][] resource. - -##### `url` - -Specifies the URL used to contact the balancer member server. - -Default: 'http://${::fqdn}/'. - -##### `options` - -Specifies an [array][] of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) after the URL, and accepts any key-value pairs available to [`ProxyPass`][]. - -Default: an empty array. - -#### Defined type: `apache::custom_config` - -Adds a custom configuration file to the Apache server's `conf.d` directory. If the file is invalid and this defined type's [`verify_config`][] parameter's value is `true`, Puppet throws an error during a Puppet run. - -**Parameters**: - -##### `ensure` - -Specifies whether the configuration file should be present. - -Values: 'absent', 'present'. - -Default: 'present'. - -##### `confdir` - -Sets the directory in which Puppet places configuration files. - -Default: the value of [`$::apache::confd_dir`][`confd_dir`]. - -##### `content` - -Sets the configuration file's content. The `content` and [`source`][] parameters are exclusive of each other. - -Default: `undef` - -##### `filename` - -Sets the name of the file under `confdir` in which Puppet stores the configuration. - -Default: Filename generated from the `priority` parameter and the resource name. - -##### `priority` - -Sets the configuration file's priority by prefixing its filename with this parameter's numeric value, as Apache processes configuration files in alphanumeric order. - -To omit the priority prefix in the configuration file's name, set this parameter to `false`. - -Default: '25'. - -##### `source` - -Points to the configuration file's source. The [`content`][] and `source` parameters are exclusive of each other. - -Default: `undef` - -##### `verify_command` - -Specifies the command Puppet uses to verify the configuration file. Use a fully qualified command. - -This parameter is used only if the [`verify_config`][] parameter's value is `true`. If the `verify_command` fails, the Puppet run deletes the configuration file and raises an error, but does not notify the Apache service. - -Default: '/usr/sbin/apachectl -t'. - -##### `verify_config` - -Specifies whether to validate the configuration file before notifying the Apache service. - -Boolean. - -Default: `true`. - -#### Defined type: `apache::fastcgi::server` - -Defines one or more external FastCGI servers to handle specific file types. Use this defined type with [`mod_fastcgi`][FastCGI]. - -**Parameters** - -##### `host` - -Determines the FastCGI's hostname or IP address and TCP port number (1-65535). - -Default: '127.0.0.1:9000'. - -##### `timeout` - -Sets the number of seconds a [FastCGI][] application can be inactive before aborting the request and logging the event at the error LogLevel. The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond by writing and flushing within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply. - -Default: 15. - -##### `flush` - -Forces [`mod_fastcgi`][FastCGI] to write to the client as data is received from the application. By default, `mod_fastcgi` buffers data in order to free the application as quickly as possible. - -Default: `false`. - -##### `faux_path` - -Apache has [FastCGI][] handle URIs that resolve to this filename. The path set in this parameter does not have to exist in the local filesystem. - -Default: "/var/www/${name}.fcgi". - -##### `alias` - -Internally links actions with the FastCGI server. This alias must be unique. - -Default: "/${name}.fcgi". - -##### `file_type` - -Sets the [MIME `content-type`][] of the file to be processed by the FastCGI server. - -Default: 'application/x-httpd-php'. - -#### Defined type: `apache::listen` - -Adds [`Listen`][] directives to `ports.conf` in the Apache configuration directory that define the Apache server's or a virtual host's listening address and port. The [`apache::vhost`][] class uses this defined type, and titles take the form ``, `:`, or `:`. - -#### Defined type: `apache::mod` - -Installs packages for an Apache module that doesn't have a corresponding [`apache::mod::`][] class, and checks for or places the module's default configuration files in the Apache server's `module` and `enable` directories. The default locations depend on your operating system. - -**Parameters**: - -##### `package` - -**Required**. - -Names the package Puppet uses to install the Apache module. - -Default: `undef`. - -##### `package_ensure` - -Determines whether Puppet ensures the Apache module should be installed. - -Values: 'absent', 'present'. - -Default: 'present'. - -##### `lib` - -Defines the module's shared object name. Do not configure manually without special reason. - -Default: `mod_$name.so`. - -##### `lib_path` - -Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The [`path`][] parameter overrides this value. - -Default: The `apache` class's [`lib_path`][] parameter. - - -##### `loadfile_name` - -Sets the filename for the module's [`LoadFile`][] directive, which can also set the module load order as Apache processes them in alphanumeric order. - -Values: Filenames formatted `\*.load`. - -Default: the resource's name followed by 'load', as in '$name.load'. - -##### `loadfiles` - -Specifies an array of [`LoadFile`][] directives. - -Default: `undef`. - -##### `path` - -Specifies a path to the module. Do not manually set this parameter without a special reason. - -Default: [`lib_path`][]/[`lib`][]. - -#### Defined type: `apache::namevirtualhost` - -Enables [name-based virtual hosts][] and adds all related directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles can take the forms '\*', '\*:\', '\_default\_:\, '\', or '\:\'. - -#### Defined type: `apache::vhost` - -The apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache to evaluate it multiple times with different parameters. - -The `apache::vhost` defined type allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default virtual host within the base `::apache` class, as well as set a customized virtual host as the default. Customized virtual hosts have a lower numeric [`priority`][] than the base class's, causing Apache to process the customized virtual host first. - -The `apache::vhost` defined type uses `concat::fragment` to build the configuration file. To inject custom fragments for pieces of the configuration that the defined type doesn't inherently support, add a custom fragment. - -For the custom fragment's `order` parameter, the `apache::vhost` defined type uses multiples of 10, so any `order` that isn't a multiple of 10 should work. - -> **Note:** When creating an `apache::vhost`, it cannot be named `default` or `default-ssl`, because vhosts with these titles are always managed by the module. This means that you cannot override `Apache::Vhost['default']` or `Apache::Vhost['default-ssl]` resources. An optional workaround is to create a vhost named something else, such as `my default`, and ensure that the `default` and `default_ssl` vhosts are set to `false`: - -``` -class { 'apache': - default_vhost => false, - default_ssl_vhost => false, -} -``` - -**Parameters**: - -##### `access_log` - -Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`). - -Boolean. - -Default: `true`. - -##### `access_log_env_var` - -Specifies that only requests with particular environment variables be logged. - -Default: `undef`. - -##### `access_log_file` - -Sets the filename of the `*_access.log` placed in [`logroot`][]. Given a virtual host---for instance, example.com---it defaults to 'example.com_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com_access.log' for unencrypted virtual hosts. - -Default: `false`. - -##### `access_log_format` - -Specifies the use of either a [`LogFormat`][] nickname or a custom-formatted string for the access log. - -Default: 'combined'. - -##### `access_log_pipe` - -Specifies a pipe where Apache sends access log messages. - -Default: `undef`. - -##### `access_log_syslog` - -Sends all access log messages to syslog. - -Default: `undef`. - -##### `add_default_charset` - -Sets a default media charset value for the [`AddDefaultCharset`][] directive, which is added to `text/plain` and `text/html` responses. - -Default: `undef`. - -##### `add_listen` - -Determines whether the virtual host creates a [`Listen`][] statement. - -Setting `add_listen` to `false` prevents the virtual host from creating a `Listen` statement. This is important when combining virtual hosts that aren't passed an `ip` parameter with those that are. - -Boolean. - -Default: `true`. - -##### `use_optional_includes` - -Specifies whether Apache uses the [`IncludeOptional`][] directive instead of [`Include`][] for `additional_includes` in Apache 2.4 or newer. - -Boolean. - -Default: `false`. - -##### `additional_includes` - -Specifies paths to additional static, virtual host-specific Apache configuration files. You can use this parameter to implement a unique, custom configuration not supported by this module. - -Values: a string or [array][] of strings specifying paths. - -Default: an empty array. - -##### `aliases` - -Passes a list of [hashes][hash] to the virtual host to create [`Alias`][], [`AliasMatch`][], [`ScriptAlias`][] or [`ScriptAliasMatch`][] directives as per the [`mod_alias`][] documentation. - -For example: - -``` puppet -aliases => [ - { aliasmatch => '^/image/(.*)\.jpg$', - path => '/files/jpg.images/$1.jpg', - }, - { alias => '/image', - path => '/ftp/pub/image', - }, - { scriptaliasmatch => '^/cgi-bin(.*)', - path => '/usr/local/share/cgi-bin$1', - }, - { scriptalias => '/nagios/cgi-bin/', - path => '/usr/lib/nagios/cgi-bin/', - }, - { alias => '/nagios', - path => '/usr/share/nagios/html', - }, -], -``` - -For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs a corresponding context, such as `` or ``. Puppet creates the directives in the order specified in the `aliases` parameter. As described in the [`mod_alias`][] documentation, add more specific `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more general ones to avoid shadowing. - -> **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because you can precisely control the order of various alias directives. Defining `ScriptAliases` using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias` directives. This often causes problems; for example, this could cause problems with Nagios. - -If [`apache::mod::passenger`][] is loaded and `PassengerHighPerformance` is `true`, the `Alias` directive might not be able to honor the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details. - -##### `allow_encoded_slashes` - -Sets the [`AllowEncodedSlashes`][] declaration for the virtual host, overriding the server default. This modifies the virtual host responses to URLs with `\` and `/` characters. Values: 'nodecode', 'off', 'on'. The default setting omits the declaration from the server configuration and selects the Apache default setting of 'Off'. - -Default: `undef` - -##### `block` - -Specifies the list of things to which Apache blocks access. Valid option: 'scm', which blocks web access to `.svn`, `.git`, and `.bzr` directories. - -Default: an empty [array][]. - -##### `cas_attribute_prefix` - -Adds a header with the value of this header being the attribute values when SAML validation is enabled. - -Defaults: The value set by [`apache::mod::auth_cas`][]. - -##### `cas_attribute_delimiter` - -Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`. - -Default: The value set by [`apache::mod::auth_cas`][]. - -##### `cas_login_url` - -Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and -don't have an active session. - -Default: The value set by [`apache::mod::auth_cas`][]. - -##### `cas_scrub_request_headers` - -Remove inbound request headers that may have special meaning within mod_auth_cas. - -Default: The value set by [`apache::mod::auth_cas`][]. - -##### `cas_sso_enabled` - -Enables experimental support for single sign out (may mangle POST data). - -Default: The value set by [`apache::mod::auth_cas`][]. - -##### `cas_validate_saml` - -Parse response from CAS server for SAML. - -Default: The value set by [`apache::mod::auth_cas`][]. - -##### `cas_validate_url` - -Sets the URL to use when validating a client-presented ticket in an HTTP query string. - -Defaults to the value set by [`apache::mod::auth_cas`][]. - - -##### `comment` - -Adds comments to the header of the configuration file. Pass as string or an array of strings. - -Default: `undef`. - -For example: - -``` puppet -comment => "Account number: 123B", -``` - -Or: - -``` puppet -comment => [ - "Customer: X", - "Frontend domain: x.example.org", -] -``` - -##### `custom_fragment` - -Passes a string of custom configuration directives to place at the end of the virtual host configuration. - -Default: `undef`. - -##### `default_vhost` - -Sets a given `apache::vhost` defined type as the default to serve requests that do not match any other `apache::vhost` defined types. - -Default: `false`. - -##### `directories` - -See the [`directories`](#parameter-directories-for-apachevhost) section. - -##### `directoryindex` - -Sets the list of resources to look for when a client requests an index of the directory by specifying a '/' at the end of the directory name. See the [`DirectoryIndex`][] directive documentation for details. - -Default: `undef`. - -##### `docroot` - -**Required**. - -Sets the [`DocumentRoot`][] location, from which Apache serves files. - -If `docroot` and [`manage_docroot`][] are both set to `false`, no [`DocumentRoot`][] will be set and the accompanying `` block will not be created. - -Values: A string specifying a directory path. - -##### `docroot_group` - -Sets group access to the [`docroot`][] directory. - -Values: A string specifying a system group. - -Default: 'root'. - -##### `docroot_owner` - -Sets individual user access to the [`docroot`][] directory. - -Values: A string specifying a user account. - -Default: 'root'. - -##### `docroot_mode` - -Sets access permissions for the [`docroot`][] directory, in numeric notation. - -Values: A string. - -Default: `undef`. - -##### `manage_docroot` - -Determines whether Puppet manages the [`docroot`][] directory. - -Boolean. - -Default: `true`. - -##### `error_log` - -Specifies whether `*_error.log` directives should be configured. - -Boolean. - -Default: `true`. - -##### `error_log_file` - -Points the virtual host's error logs to a `*_error.log` file. If this parameter is undefined, Puppet checks for values in [`error_log_pipe`][], then [`error_log_syslog`][]. - -If none of these parameters is set, given a virtual host `example.com`, Puppet defaults to '$logroot/example.com_error_ssl.log' for SSL virtual hosts and '$logroot/example.com_error.log' for non-SSL virtual hosts. - -Default: `undef`. - -##### `error_log_pipe` - -Specifies a pipe to send error log messages to. - -This parameter has no effect if the [`error_log_file`][] parameter has a value. If neither this parameter nor `error_log_file` has a value, Puppet then checks [`error_log_syslog`][]. - -Default: `undef`. - -##### `error_log_syslog` - -Determines whether to send all error log messages to syslog. - -This parameter has no effect if either of the [`error_log_file`][] or [`error_log_pipe`][] parameters has a value. If none of these parameters has a value, given a virtual host `example.com`, Puppet defaults to '$logroot/example.com_error_ssl.log' for SSL virtual hosts and '$logroot/example.com_error.log' for non-SSL virtual hosts. - -Boolean. - -Default: `undef`. - -##### `error_documents` - -A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for this virtual host. - -For example: - -``` puppet -apache::vhost { 'sample.example.net': - error_documents => [ - { 'error_code' => '503', 'document' => '/service-unavail' }, - { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' }, - ], -} -``` - -Default: []. - -##### `ensure` - -Specifies if the virtual host is present or absent. - -Values: 'absent', 'present'. - -Default: 'present'. - -##### `fallbackresource` - -Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) directive, which specifies an action to take for any URL that doesn't map to anything in your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Values must either begin with a '/' or be 'disabled'. - -Default: `undef`. - -##### `fastcgi_idle_timeout` - -If using fastcgi, this option sets the timeout for the server to respond. - -Default: `undef`. - -##### `file_e_tag` - -Sets the server default for the [`FileETag`][] declaration, which modifies the response header field for static files. - -Values: 'INode', 'MTime', 'Size', 'All', 'None'. - -Default: `undef`, which uses Apache's default setting of 'MTime Size'. - -##### `filters` - -[Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart, context-sensitive configuration of output content filters. - -``` puppet -apache::vhost { "$::fqdn": - filters => [ - 'FilterDeclare COMPRESS', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', - 'FilterChain COMPRESS', - 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', - ], -} -``` - -##### `force_type` - -Sets the [`ForceType`][] directive, which forces Apache to serve all matching files with a [MIME `content-type`][] matching this parameter's value. - -#### `add_charset` - -Lets Apache set custom content character sets per directory and/or file extension - -##### `h2_copy_files` - -Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles) -directive which influences how the requestion process pass files to the main -connection. - -##### `h2_direct` - -Sets the [H2Direct](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2direct) -directive which toggles the usage of the HTTP/2 Direct Mode. - -##### `h2_early_hints` - -Sets the [H2EarlyHints](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2earlyhints) -directive which controls if HTTP status 103 interim responses are forwarded to -the client or not. - -##### `h2_max_session_streams` - -Sets the [H2MaxSessionStreams](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2maxsessionstreams) -directive which sets the maximum number of active streams per HTTP/2 session -that the server allows. - -##### `h2_modern_tls_only` - -Sets the [H2ModernTLSOnly](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2moderntlsonly) -directive which toggles the security checks on HTTP/2 connections in TLS mode. - -##### `h2_push` - -Sets the [H2Push](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2push) -directive which toggles the usage of the HTTP/2 server push protocol feature. - -##### `h2_push_diary_size` - -Sets the [H2PushDiarySize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushdiarysize) -directive which toggles the maximum number of HTTP/2 server pushes that are -remembered per HTTP/2 connection. - -##### `h2_push_priority` - -Sets the [H2PushPriority](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushpriority) -directive which defines the priority handling of pushed responses based on the -content-type of the response. - -##### `h2_push_resource` - -Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource) -directive which declares resources for early pushing to the client. - -##### `h2_serialize_headers` - -Sets the [H2SerializeHeaders](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2serializeheaders) -directive which toggles if HTTP/2 requests are serialized in HTTP/1.1 -format for processing by httpd core. - -##### `h2_stream_max_mem_size` - -Sets the [H2StreamMaxMemSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2streammaxmemsize) -directive which sets the maximum number of outgoing data bytes buffered in -memory for an active stream. - -##### `h2_tls_cool_down_secs` - -Sets the [H2TLSCoolDownSecs](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlscooldownsecs) -directive which sets the number of seconds of idle time on a TLS connection -before the TLS write size falls back to a small (~1300 bytes) length. - -##### `h2_tls_warm_up_size` - -Sets the [H2TLSWarmUpSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlswarmupsize) -directive which sets the number of bytes to be sent in small TLS records (~1300 -bytes) until doing maximum sized writes (16k) on https: HTTP/2 connections. - -##### `h2_upgrade` - -Sets the [H2Upgrade](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2upgrade) -directive which toggles the usage of the HTTP/1.1 Upgrade method for switching -to HTTP/2. - -##### `h2_window_size` - -Sets the [H2WindowSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2windowsize) -directive which sets the size of the window that is used for flow control from -client to server and limits the amount of data the server has to buffer. - - -##### `headers` - -Adds lines to replace, merge, or remove response headers. See [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information. - -Values: A string or an array of strings. - -Default: `undef`. - -##### `ip` - -Sets the IP address the virtual host listens on. By default, uses Apache's default behavior of listening on all IPs. - -Values: A string or an array of strings. - -Default: `undef`. - -##### `ip_based` - -Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual host. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based virtual hosts. - -Default: `false`. - -##### `itk` - -Configures [ITK](http://mpm-itk.sesse.net/) in a hash. - -Usage typically looks something like: - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - itk => { - user => 'someuser', - group => 'somegroup', - }, -} -``` - -Values: a hash, which can include the keys: - -* user + group -* `assignuseridexpr` -* `assigngroupidexpr` -* `maxclientvhost` -* `nice` -* `limituidrange` (Linux 3.5.0 or newer) -* `limitgidrange` (Linux 3.5.0 or newer) - -Usage typically looks like: - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - itk => { - user => 'someuser', - group => 'somegroup', - }, -} -``` - -Default: `undef`. - -##### `jk_mounts` - -Sets up a virtual host with 'JkMount' and 'JkUnMount' directives to handle the paths for URL mapping between Tomcat and Apache. - -The parameter must be an array of hashes where each hash must contain the 'worker' and either the 'mount' or 'unmount' keys. - -Usage typically looks like: - -``` puppet -apache::vhost { 'sample.example.net': - jk_mounts => [ - { mount => '/*', worker => 'tcnode1', }, - { unmount => '/*.jpg', worker => 'tcnode1', }, - ], -} -``` -Default: `undef`. - -##### `keepalive` - -Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive for the virtual host. By default, the global, server-wide [`KeepAlive`][] setting is in effect. - -Use the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options for the virtual host. - -Values: 'Off', 'On'. - -Default: `undef` - -##### `keepalive_timeout` - -Sets the [`KeepAliveTimeout`] directive for the virtual host, which determines the amount of time to wait for subsequent requests on a persistent HTTP connection. By default, the global, server-wide [`KeepAlive`][] setting is in effect. - -This parameter is only relevant if either the global, server-wide [`keepalive` parameter][] or the per-vhost `keepalive` parameter is enabled. - -Default: `undef` - -##### `max_keepalive_requests` - -Limits the number of requests allowed per connection to the virtual host. By default, the global, server-wide [`KeepAlive`][] setting is in effect. - -This parameter is only relevant if either the global, server-wide [`keepalive` parameter][] or the per-vhost `keepalive` parameter is enabled. - -Default: `undef`. - -##### `auth_kerb` - -Enable [`mod_auth_kerb`][] parameters for a virtual host. - -Usage typically looks like: - -``` puppet -apache::vhost { 'sample.example.net': - auth_kerb => `true`, - krb_method_negotiate => 'on', - krb_auth_realms => ['EXAMPLE.ORG'], - krb_local_user_mapping => 'on', - directories => { - path => '/var/www/html', - auth_name => 'Kerberos Login', - auth_type => 'Kerberos', - auth_require => 'valid-user', - }, -} -``` - -Related parameters follow the names of `mod_auth_kerb` directives: - -- `krb_method_negotiate`: Determines whether to use the Negotiate method. Default: 'on'. -- `krb_method_k5passwd`: Determines whether to use password-based authentication for Kerberos v5. Default: 'on'. -- `krb_authoritative`: If set to 'off', authentication controls can be passed on to another module. Default: 'on'. -- `krb_auth_realms`: Specifies an array of Kerberos realms to use for authentication. Default: []. -- `krb_5keytab`: Specifies the Kerberos v5 keytab file's location. Default: `undef`. -- `krb_local_user_mapping`: Strips @REALM from usernames for further use. Default: `undef`. - -Boolean. - -Default: `false`. - -##### `krb_verify_kdc` - -This option can be used to disable the verification tickets against local keytab to prevent KDC spoofing attacks. - -Default: 'on'. - -##### `krb_servicename` - -Specifies the service name that will be used by Apache for authentication. Corresponding key of this name must be stored in the keytab. - -Default: 'HTTP'. - -##### `krb_save_credentials` - -This option enables credential saving functionality. - -Default is 'off' - -##### `logroot` - -Specifies the location of the virtual host's logfiles. - -Default: `/var/log//`. - -##### `$logroot_ensure` - -Determines whether or not to remove the logroot directory for a virtual host. - -Values: 'directory', 'absent'. - -Default: 'directory'. - -##### `logroot_mode` - -Overrides the mode the logroot directory is set to. Do *not* grant write access to the directory the logs are stored in without being aware of the consequences; for more information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security). - -Default: `undef`. - -##### `logroot_owner` - -Sets individual user access to the logroot directory. - -Defaults to `undef`. - -##### `logroot_group` - -Sets group access to the [`logroot`][] directory. - -Defaults to `undef`. - -##### `log_level` - -Specifies the verbosity of the error log. - -Values: 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'. - -Default: 'warn' for the global server configuration. Can be overridden on a per-virtual host basis. - -###### `modsec_body_limit` - -Configures the maximum request body size (in bytes) ModSecurity accepts for buffering. - -Values: An integer. - -Default: `undef`. - -###### `modsec_disable_vhost` - -Disables [`mod_security`][] on a virtual host. Only valid if [`apache::mod::security`][] is included. - -Boolean. - -Default: `undef`. - -###### `modsec_disable_ids` - -Removes `mod_security` IDs from the virtual host. - -Values: An array of `mod_security` IDs to remove from the virtual host. Also takes a hash allowing removal of an ID from a specific location. - -``` puppet -apache::vhost { 'sample.example.net': - modsec_disable_ids => [ 90015, 90016 ], -} -``` - -``` puppet -apache::vhost { 'sample.example.net': - modsec_disable_ids => { '/location1' => [ 90015, 90016 ] }, -} -``` - -Default: `undef`. - -###### `modsec_disable_ips` - -Specifies an array of IP addresses to exclude from [`mod_security`][] rule matching. - -Default: `undef`. - -###### `modsec_disable_msgs` - -Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing removal of an Msg from a specific location. - -``` puppet -apache::vhost { 'sample.example.net': - modsec_disable_msgs => ['Blind SQL Injection Attack', 'Session Fixation Attack'], -} -``` - -``` puppet -apache::vhost { 'sample.example.net': - modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] }, -} -``` - -Default: `undef`. - -###### `modsec_disable_tags` - -Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing removal of an Tag from a specific location. - -``` puppet -apache::vhost { 'sample.example.net': - modsec_disable_tags => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'], -} -``` - -``` puppet -apache::vhost { 'sample.example.net': - modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] }, -} -``` - -Default: `undef`. - -##### `modsec_audit*` - -* `modsec_audit_log` -* `modsec_audit_log_file` -* `modsec_audit_log_pipe` - -These three parameters together determine how to send `mod_security` audit log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)). - -* If `modsec_audit_log_file` is set, it is relative to [`logroot`][]. - - Default: `undef`. - -* If `modsec_audit_log_pipe` is set, it should start with a pipe. Example '|/path/to/mlogc /path/to/mlogc.conf'. - - Default: `undef`. - -* If `modsec_audit_log` is `true`, given a virtual host---for instance, example.com---it defaults to 'example.com\_security\_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com\_security.log' for unencrypted virtual hosts. - - Default: `false`. - -If none of those parameters are set, the global audit log is used (''/var/log/httpd/modsec\_audit.log''; Debian and derivatives: ''/var/log/apache2/modsec\_audit.log''; others: ). - -##### `no_proxy_uris` - -Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest). - -Default: []. - -##### `no_proxy_uris_match` - -This directive is equivalent to [`no_proxy_uris`][], but takes regular expressions. - -Default: []. - -##### `proxy_preserve_host` - -Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost). - -Setting this parameter to `true` enables the `Host:` line from an incoming request to be proxied to the host instead of hostname. Setting it to `false` sets this directive to 'Off'. - -Boolean. - -Default: `false`. - -##### `proxy_add_headers` - -Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders). - -This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server. - -Boolean. - -Default: `false`. - -##### `proxy_error_override` - -Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). This directive controls whether Apache should override error pages for proxied content. - -Boolean. - -Default: `false`. - -##### `options` - -Sets the [`Options`][] for the specified virtual host. For example: - -``` puppet -apache::vhost { 'site.name.fdqn': - … - options => ['Indexes','FollowSymLinks','MultiViews'], -} -``` - -> **Note**: If you use the [`directories`][] parameter of [`apache::vhost`][], 'Options', 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`. - -Default: ['Indexes','FollowSymLinks','MultiViews'], - -##### `override` - -Sets the overrides for the specified virtual host. Accepts an array of [AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments. - -Default: ['None']. - -##### `passenger_spawn_method` - -Sets [PassengerSpawnMethod](https://www.phusionpassenger.com/library/config/apache/reference/#passengerspawnmethod), whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism. - -Valid options: `smart` or `direct`. - -Default: `undef`. - -##### `passenger_app_root` - -Sets [PassengerRoot](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapproot), the location of the Passenger application root if different from the DocumentRoot. - -Values: A string specifying a path. - -Default: `undef`. - -##### `passenger_app_env` - -Sets [PassengerAppEnv](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappenv), the environment for the Passenger application. If not specified, defaults to the global setting or 'production'. - -Values: A string specifying the name of the environment. - -Default: `undef`. - -##### `passenger_log_file` - -By default, Passenger log messages are written to the Apache global error log. With [PassengerLogFile](https://www.phusionpassenger.com/library/config/apache/reference/#passengerlogfile), you can configure those messages to be logged to a different file. This option is only available since Passenger 5.0.5. - -Values: A string specifying a path. - -Default: `undef`. - -##### `passenger_log_level` - -This option allows to specify how much information should be written to the log file. If not set, [PassengerLogLevel](https://www.phusionpassenger.com/library/config/apache/reference/#passengerloglevel) will not show up in the configuration file and the defaults are used. - -Default: Passenger versions less than 3.0.0: '0'; 5.0.0 and later: '3'. - -##### `passenger_ruby` - -Sets [PassengerRuby](https://www.phusionpassenger.com/library/config/apache/reference/#passengerruby), the Ruby interpreter to use for the application, on this virtual host. - -Default: `undef`. - -##### `passenger_min_instances` - -Sets [PassengerMinInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermininstances), the minimum number of application processes to run. - -##### `passenger_max_requests` - -Sets [PassengerMaxRequests](https://www.phusionpassenger.com/library/config/apache/reference/#pas -sengermaxrequests), the maximum number of requests an application process will process. - -##### `passenger_max_instances_per_app` - -Sets [PassengerMaxInstancesPerApp](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxinstancesperapp), the maximum number of application processes that may simultaneously exist for a single application. - -Default: `undef`. - -##### `passenger_start_timeout` - -Sets [PassengerStartTimeout](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstarttimeout), the timeout for the application startup. - -##### `passenger_pre_start` - -Sets [PassengerPreStart](https://www.phusionpassenger.com/library/config/apache/reference/#passengerprestart), the URL of the application if pre-starting is required. - -##### `passenger_user` - -Sets [PassengerUser](https://www.phusionpassenger.com/library/config/apache/reference/#passengeruser), the running user for sandboxing applications. - -##### `passenger_group` - -Sets [PassengerGroup](https://www.phusionpassenger.com/library/config/apache/reference/#passengergroup), the running group for sandboxing applications. - -##### `passenger_high_performance` - -Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance) parameter. - -Values: `true`, `false`. - -Default: `undef`. - -##### `passenger_nodejs` - -Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#passengernodejs), the NodeJS interpreter to use for the application, on this virtual host. - -##### `passenger_sticky_sessions` - -Sets the [`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessions) parameter. - -Boolean. - -Default: `undef`. - -##### `passenger_startup_file` - -Sets the [`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstartupfile) path. This path is relative to the application root. - -##### `php_values & php_flags` - -Allows per-virtual host setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application. - -Default: '{}'. - -Within a vhost declaration: -``` puppet - php_values => [ 'include_path ".:/usr/local/example-app/include"' ], -``` - -##### `php_admin_flags & values` - -Allows per-virtual host setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application. - -Default: '{}'. - -##### `port` - -Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL virtual hosts and port 443 for SSL virtual hosts. The host only listens on the port set in this parameter. - -##### `priority` - -Sets the relative load-order for Apache HTTPD VirtualHost configuration files. - -If nothing matches the priority, the first name-based virtual host is used. Likewise, passing a higher priority causes the alphabetically first name-based virtual host to be used if no other names match. - -> **Note:** You should not need to use this parameter. However, if you do use it, be aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'. - -To omit the priority prefix in file names, pass a priority of `false`. - -Default: '25'. - -##### `protocols` - -Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols) directive, which lists available protocols for the virutal host. - -Default: `undef` - -##### `protocols_honor_order` - -Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder) directive which determines wether the order of Protocols sets precedence during negotiation. - -Default: `undef` - -##### `proxy_dest` - -Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. - -Default: `undef`. - -##### `proxy_pass` - -Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Optionally, parameters can be added as an array. - -Default: `undef`. - -``` puppet -apache::vhost { 'site.name.fdqn': - … - proxy_pass => [ - { 'path' => '/a', 'url' => 'http://backend-a/' }, - { 'path' => '/b', 'url' => 'http://backend-b/' }, - { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}}, - { 'path' => '/l', 'url' => 'http://backend-xy', - 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, - { 'path' => '/d', 'url' => 'http://backend-a/d', - 'params' => { 'retry' => '0', 'timeout' => '5' }, }, - { 'path' => '/e', 'url' => 'http://backend-a/e', - 'keywords' => ['nocanon', 'interpolate'] }, - { 'path' => '/f', 'url' => 'http://backend-f/', - 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']}, - { 'path' => '/g', 'url' => 'http://backend-g/', - 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], }, - { 'path' => '/h', 'url' => 'http://backend-h/h', - 'no_proxy_uris' => ['/h/admin', '/h/server-status'] }, - ], -} -``` - -* `reverse_urls`. *Optional.* This setting is useful when used with `mod_proxy_balancer`. Values: an array or string. -* `reverse_cookies`. *Optional.* Sets `ProxyPassReverseCookiePath` and `ProxyPassReverseCookieDomain`. -* `params`. *Optional.* Allows for ProxyPass key-value parameters, such as connection settings. -* `setenv`. *Optional.* Sets [environment variables](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings) for the proxy directive. Values: array. - -##### `proxy_dest_match` - -This directive is equivalent to [`proxy_dest`][], but takes regular expressions, see [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. - -##### `proxy_dest_reverse_match` - -Allows you to pass a ProxyPassReverse if [`proxy_dest_match`][] is specified. See [ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse) for details. - -##### `proxy_pass_match` - -This directive is equivalent to [`proxy_pass`][], but takes regular expressions, see [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details. - -##### `rack_base_uris` - -Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template. - -Default: `undef`. - -##### `passenger_base_uris` - -Used to specify that the given URI is a Phusion Passenger-served application. The file paths specified are listed as passenger application roots for [Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI) in the _passenger_base_uris.erb template. - -Default: `undef`. - -##### `redirect_dest` - -Specifies the address to redirect to. - -Default: `undef`. - -##### `redirect_source` - -Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent. - -``` puppet -apache::vhost { 'site.name.fdqn': - … - redirect_source => ['/images','/downloads'], - redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], -} -``` - -##### `redirect_status` - -Specifies the status to append to the redirect. - -Default: `undef`. - -``` puppet -apache::vhost { 'site.name.fdqn': - … - redirect_status => ['temp','permanent'], -} -``` - -##### `redirectmatch_*` - -* `redirectmatch_regexp` -* `redirectmatch_status` -* `redirectmatch_dest` - -Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays. - -Default: `undef`. - -``` puppet -apache::vhost { 'site.name.fdqn': - … - redirectmatch_status => ['404','404'], - redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], - redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'], -} -``` - -##### `request_headers` - -Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, and so on. - -Default: `undef`. - -``` puppet -apache::vhost { 'site.name.fdqn': - … - request_headers => [ - 'append MirrorID "mirror 12"', - 'unset MirrorID', - ], -} -``` - -##### `rewrites` - -Creates URL rewrite rules. Expects an array of hashes. - -Values: Hash keys that are any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'. - -Default: `undef`. - -For example, you can specify that anyone trying to access index.html is served welcome.html - -``` puppet -apache::vhost { 'site.name.fdqn': - … - rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] -} -``` - -The parameter allows rewrite conditions that, when `true`, execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE - -``` puppet -apache::vhost { 'site.name.fdqn': - … - rewrites => [ - { - comment => 'redirect IE', - rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], - rewrite_rule => ['^index\.html$ welcome.html'], - }, - ], -} -``` - -You can also apply multiple conditions. For instance, rewrite index.html to welcome.html only when the browser is Lynx or Mozilla (version 1 or 2) - -``` puppet -apache::vhost { 'site.name.fdqn': - … - rewrites => [ - { - comment => 'Lynx or Mozilla v1/2', - rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], - rewrite_rule => ['^index\.html$ welcome.html'], - }, - ], -} -``` - -Multiple rewrites and conditions are also possible - -``` puppet -apache::vhost { 'site.name.fdqn': - … - rewrites => [ - { - comment => 'Lynx or Mozilla v1/2', - rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], - rewrite_rule => ['^index\.html$ welcome.html'], - }, - { - comment => 'Internet Explorer', - rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], - rewrite_rule => ['^index\.html$ /index.IE.html [L]'], - }, - { - rewrite_base => /apps/, - rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], - }, - { comment => 'Rewrite to lower case', - rewrite_cond => ['%{REQUEST_URI} [A-Z]'], - rewrite_map => ['lc int:tolower'], - rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'], - }, - ], -} -``` - -Refer to the [`mod_rewrite` documentation][`mod_rewrite`] for more details on what is possible with rewrite rules and conditions. - -##### `rewrite_inherit` - -Determines whether the virtual host inherits global rewrite rules. - -Default: `false`. - -Rewrite rules may be specified globally (in `$conf_file` or `$confd_dir`) or inside the virtual host `.conf` file. By default, virtual hosts do not inherit global settings. To activate inheritance, specify the `rewrites` parameter and set `rewrite_inherit` parameter to `true`: - -``` puppet -apache::vhost { 'site.name.fdqn': - … - rewrites => [ - , - ], - rewrite_inherit => `true`, -} -``` - -> **Note**: The `rewrites` parameter is **required** for this to have effect - -Apache activates global `Rewrite` rules inheritance if the virtual host files contains the following directives: - -``` ApacheConf -RewriteEngine On -RewriteOptions Inherit -``` - -Refer to the [official `mod_rewrite` documentation](https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html), section "Rewriting in Virtual Hosts". - -##### `scriptalias` - -Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as '/usr/scripts'. - -Default: `undef`. - -##### `scriptaliases` - -> **Note**: This parameter is deprecated in favor of the `aliases` parameter. - -Passes an array of hashes to the virtual host to create either ScriptAlias or ScriptAliasMatch statements per the [`mod_alias` documentation][`mod_alias`]. - -``` puppet -scriptaliases => [ - { - alias => '/myscript', - path => '/usr/share/myscript', - }, - { - aliasmatch => '^/foo(.*)', - path => '/usr/share/fooscripts$1', - }, - { - aliasmatch => '^/bar/(.*)', - path => '/usr/share/bar/wrapper.sh/$1', - }, - { - alias => '/neatscript', - path => '/usr/share/neatscript', - }, -] -``` - -The ScriptAlias and ScriptAliasMatch directives are created in the order specified. As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases before more general ones to avoid shadowing. - -##### `serveradmin` - -Specifies the email address Apache displays when it renders one of its error pages. - -Default: `undef`. - -##### `serveraliases` - -Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias) of the site. - -Default: []. - -##### `servername` - -Sets the servername corresponding to the hostname you connect to the virtual host at. - -Default: the title of the resource. - -##### `setenv` - -Used by HTTPD to set environment variables for virtual hosts. - -Default: []. - -Example: - -``` puppet -apache::vhost { 'setenv.example.com': - setenv => ['SPECIAL_PATH /foo/bin'], -} -``` - -##### `setenvif` - -Used by HTTPD to conditionally set environment variables for virtual hosts. - -Default: []. - -##### `setenvifnocase` - -Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching). - -Default: []. - -##### `suphp_*` - -* `suphp_addhandler` -* `suphp_configpath` -* `suphp_engine` - -Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG). - -* `suphp_addhandler`. Default: 'php5-script' on RedHat and FreeBSD, and 'x-httpd-php' on Debian and Gentoo. -* `suphp_configpath`. Default: `undef` on RedHat and FreeBSD, and '/etc/php5/apache2' on Debian and Gentoo. -* `suphp_engine`. Values: 'on' or 'off'. Default: 'off'. - -An example virtual host configuration with suPHP: - -``` puppet -apache::vhost { 'suphp.example.com': - port => '80', - docroot => '/home/appuser/myphpapp', - suphp_addhandler => 'x-httpd-php', - suphp_engine => 'on', - suphp_configpath => '/etc/php5/apache2', - directories => { path => '/home/appuser/myphpapp', - 'suphp' => { user => 'myappuser', group => 'myappgroup' }, - } -} -``` - -##### `vhost_name` - -Enables name-based virtual hosting. If no IP is passed to the virtual host, but the virtual host is assigned a port, then the virtual host name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the virtual host name is set to the title of the resource. - -Default: '*'. - -##### `virtual_docroot` - -Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'. - -Default: `false`. - -``` puppet -apache::vhost { 'subdomain.loc': - vhost_name => '*', - port => '80', - virtual_docroot => '/var/www/%-2+', - docroot => '/var/www', - serveraliases => ['*.loc',], -} -``` - -##### `wsgi*` - -* `wsgi_daemon_process` -* `wsgi_daemon_process_options` -* `wsgi_process_group` -* `wsgi_script_aliases` -* `wsgi_pass_authorization` - -Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi). - -* `wsgi_daemon_process`: A hash that sets the name of the WSGI daemon, accepting [certain keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html). Default: `undef`. -* `wsgi_daemon_process_options`. _Optional._ Default: `undef`. -* `wsgi_process_group`: Sets the group ID that the virtual host runs under. Default: `undef`. -* `wsgi_script_aliases`: Requires a hash of web paths to filesystem .wsgi paths. Default: `undef`. -* `wsgi_script_aliases_match`: Requires a hash of web path regexes to filesystem .wsgi paths. Default: `undef` -* `wsgi_pass_authorization`: Uses the WSGI application to handle authorization instead of Apache when set to 'On'. For more information, see [mod_wsgi's WSGIPassAuthorization documentation] (https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Default: `undef`, leading Apache to use its default value of 'Off'. -* `wsgi_chunked_request`: Enables support for chunked requests. Default: `undef`. - -An example virtual host configuration with WSGI: - -``` puppet -apache::vhost { 'wsgi.example.com': - port => '80', - docroot => '/var/www/pythonapp', - wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => - { processes => '2', - threads => '15', - display-name => '%{GROUP}', - }, - wsgi_process_group => 'wsgi', - wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, - wsgi_chunked_request => 'On', -} -``` - -#### Parameter `directories` for `apache::vhost` - -The `directories` parameter within the `apache::vhost` class passes an array of hashes to the virtual host to create [Directory](https://httpd.apache.org/docs/current/mod/core.html#directory), [File](https://httpd.apache.org/docs/current/mod/core.html#files), and [Location](https://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '< Directory /path/to/directory>...< /Directory>'. - -The `path` key sets the path for the directory, files, and location blocks. Its value must be a path for the 'directory', 'files', and 'location' providers, or a regex for the 'directorymatch', 'filesmatch', or 'locationmatch' providers. Each hash passed to `directories` **must** contain `path` as one of the keys. - -The `provider` key is optional. If missing, this key defaults to 'directory'. Values: 'directory', 'files', 'proxy', 'location', 'directorymatch', 'filesmatch', 'proxymatch' or 'locationmatch'. If you set `provider` to 'directorymatch', it uses the keyword 'DirectoryMatch' in the Apache config file. - -An example use of `directories`: - -``` puppet -apache::vhost { 'files.example.net': - docroot => '/var/www/files', - directories => [ - { 'path' => '/var/www/files', - 'provider' => 'files', - 'deny' => 'from all', - }, - ], -} -``` - -> **Note:** At least one directory should match the `docroot` parameter. After you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block is created that matches the `docroot` parameter. - -Available handlers, represented as keys, should be placed within the `directory`, `files`, or `location` hashes. This looks like - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ { path => '/path/to/directory', handler => value } ], -} -``` - -Any handlers you do not set in these hashes are considered 'undefined' within Puppet and are not added to the virtual host, resulting in the module using their default values. Supported handlers are: - -##### `addhandlers` - -Sets [AddHandler](https://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension'] }`. - -An example: - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}], - }, - ], -} -``` - -##### `allow` - -Sets an [Allow](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow => 'from example.org', - }, - ], -} -``` - -##### `allow_override` - -Sets the types of directives allowed in [.htaccess](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) files. Accepts an array. - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow_override => ['AuthConfig', 'Indexes'], - }, - ], -} -``` - -##### `auth_basic_authoritative` - -Sets the value for [AuthBasicAuthoritative](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicauthoritative), which determines whether authorization and authentication are passed to lower level Apache modules. - -##### `auth_basic_fake` - -Sets the value for [AuthBasicFake](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicfake), which statically configures authorization credentials for a given directive block. - -##### `auth_basic_provider` - -Sets the value for [AuthBasicProvider](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider), which sets the authentication provider for a given location. - -##### `auth_digest_algorithm` - -Sets the value for [AuthDigestAlgorithm](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestalgorithm), which selects the algorithm used to calculate the challenge and response hashes. - -###### `auth_digest_domain` - -Sets the value for [AuthDigestDomain](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestdomain), which allows you to specify one or more URIs in the same protection space for digest authentication. - -##### `auth_digest_nonce_lifetime` - -Sets the value for [AuthDigestNonceLifetime](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestnoncelifetime), which controls how long the server nonce is valid. - -##### `auth_digest_provider` - -Sets the value for [AuthDigestProvider](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestprovider), which sets the authentication provider for a given location. - -##### `auth_digest_qop` - -Sets the value for [AuthDigestQop](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestqop), which determines the quality-of-protection to use in digest authentication. - -##### `auth_digest_shmem_size` - -Sets the value for [AuthAuthDigestShmemSize](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestshmemsize), which defines the amount of shared memory allocated to the server for keeping track of clients. - -##### `auth_group_file` - -Sets the value for [AuthGroupFile](https://httpd.apache.org/docs/current/mod/mod_authz_groupfile.html#authgroupfile), which sets the name of the text file containing the list of user groups for authorization. - -##### `auth_name` - -Sets the value for [AuthName](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authname), which sets the name of the authorization realm. - -##### `auth_require` - -Sets the entity name you're requiring to allow access. Read more about [Require](https://httpd.apache.org/docs/current/mod/mod_authz_host.html#requiredirectives). - -##### `auth_type` - -Sets the value for [AuthType](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype), which guides the type of user authentication. - -##### `auth_user_file` - -Sets the value for [AuthUserFile](https://httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile), which sets the name of the text file containing the users/passwords for authentication. - -##### `auth_merging` - -Sets the value for [AuthMerging](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#authmerging), which determines if authorization logic should be combined - -##### `auth_ldap_url` - -Sets the value for [AuthLDAPURL](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapurl), which determines URL of LDAP-server(s) if AuthBasicProvider 'ldap' is used - -##### `auth_ldap_bind_dn` - -Sets the value for [AuthLDAPBindDN](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbinddn), which allows use of an optional DN used to bind to the LDAP-server when searching for entries if AuthBasicProvider 'ldap' is used. - -##### `auth_ldap_bind_password` - -Sets the value for [AuthLDAPBindPassword](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbindpassword), which allows use of an optional bind password to use in conjunction with the bind DN if AuthBasicProvider 'ldap' is used. - -##### `auth_ldap_group_attribute` - -Array of values for [AuthLDAPGroupAttribute](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattribute), specifies which LDAP attributes are used to check for user members within ldap-groups. - -Default: "member" and "uniquemember". - -##### `auth_ldap_group_attribute_is_dn` - -Sets value for [AuthLDAPGroupAttributeIsDN](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattributeisdn), specifies if member of a ldapgroup is a dn or simple username. When set on, this directive says to use the distinguished name of the client username when checking for group membership. Otherwise, the username will be used. valid values are: "on" or "off" - -##### `custom_fragment` - -Pass a string of custom configuration directives to be placed at the end of the directory configuration. - -``` puppet -apache::vhost { 'monitor': - … - directories => [ - { - path => '/path/to/directory', - custom_fragment => ' - - SetHandler balancer-manager - Order allow,deny - Allow from all - - - SetHandler server-status - Order allow,deny - Allow from all - -ProxyStatus On', - }, - ] -} -``` - -##### `dav` - -Sets the value for [Dav](http://httpd.apache.org/docs/current/mod/mod_dav.html#dav), which determines if the WebDAV HTTP methods should be enabled. The value can be either 'On', 'Off' or the name of the provider. A value of 'On' enables the default filesystem provider implemented by the `mod_dav_fs` module. - -##### `dav_depth_infinity` - -Sets the value for [DavDepthInfinity](http://httpd.apache.org/docs/current/mod/mod_dav.html#davdepthinfinity), which is used to enable the processing of `PROPFIND` requests having a `Depth: Infinity` header. - -##### `dav_min_timeout` - -Sets the value for [DavMinTimeout](http://httpd.apache.org/docs/current/mod/mod_dav.html#davmintimeout), which sets the time the server holds a lock on a DAV resource. The value should be the number of seconds to set. - -##### `deny` - -Sets a [Deny](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one. - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - deny => 'from example.org', - }, - ], -} -``` - -##### `error_documents` - -An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory. - -``` puppet -apache::vhost { 'sample.example.net': - directories => [ - { path => '/srv/www', - error_documents => [ - { 'error_code' => '503', - 'document' => '/service-unavail', - }, - ], - }, - ], -} -``` - -##### `ext_filter_options` - -Sets the [ExtFilterOptions](https://httpd.apache.org/docs/current/mod/mod_ext_filter.html) directive. -Note that you must declare `class { 'apache::mod::ext_filter': }` before using this directive. - -``` puppet -apache::vhost { 'filter.example.org': - docroot => '/var/www/filter', - directories => [ - { path => '/var/www/filter', - ext_filter_options => 'LogStderr Onfail=abort', - }, - ], -} -``` - -##### `geoip_enable` - -Sets the [GeoIPEnable](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Configuration) directive. -Note that you must declare `class {'apache::mod::geoip': }` before using this directive. - -``` puppet -apache::vhost { 'first.example.com': - docroot => '/var/www/first', - directories => [ - { path => '/var/www/first', - geoip_enable => `true`, - }, - ], -} -``` - -##### `h2_copy_files` - -Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles) directive. -Note that you must declare `class {'apache::mod::http2': }` before using this directive. - -##### `h2_push_resource` - -Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource) directive. -Note that you must declare `class {'apache::mod::http2': }` before using this directive. - -##### `headers` - -Adds lines for [Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives. - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => { - path => '/path/to/directory', - headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', - }, -} -``` - -##### `index_options` - -Allows configuration settings for [directory indexing](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions). - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - directoryindex => 'disabled', # this is needed on Apache 2.4 or mod_autoindex doesn't work - options => ['Indexes','FollowSymLinks','MultiViews'], - index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], - }, - ], -} -``` - -##### `index_order_default` - -Sets the [default ordering](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault) of the directory index. - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', - index_order_default => ['Descending', 'Date'], - }, - ], -} -``` - -###### `index_style_sheet` - -Sets the [IndexStyleSheet](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet), which adds a CSS stylesheet to the directory index. - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], - index_options => ['FancyIndexing'], - index_style_sheet => '/styles/style.css', - }, - ], -} -``` - -##### `limit` - -Creates a [Limit](https://httpd.apache.org/docs/current/mod/core.html#limit) block inside the Directory block, which can also contain `require` directives. - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/docroot', - directories => [ - { path => '/', - provider => 'location', - limit => [ - { methods => 'GET HEAD', - require => ['valid-user'] - }, - ], - }, - ], -} -``` - -##### `limit_except` - -Creates a [LimitExcept](https://httpd.apache.org/docs/current/mod/core.html#limitexcept) block inside the Directory block, which can also contain `require` directives. - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/docroot', - directories => [ - { path => '/', - provider => 'location', - limit_except => [ - { methods => 'GET HEAD', - require => ['valid-user'] - }, - ], - }, - ], -} -``` - -##### `mellon_enable` - -Sets the [MellonEnable][`mod_auth_mellon`] directory to enable [`mod_auth_mellon`][]. You can use [`apache::mod::auth_mellon`][] to install `mod_auth_mellon`. - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/', - provider => 'directory', - mellon_enable => 'info', - mellon_sp_private_key_file => '/etc/certs/${::fqdn}.key', - mellon_endpoint_path => '/mellon', - mellon_set_env_no_prefix => { 'ADFS_GROUP' => 'http://schemas.xmlsoap.org/claims/Group', - 'ADFS_EMAIL' => 'http://schemas.xmlsoap.org/claims/EmailAddress', }, - mellon_user => 'ADFS_LOGIN', - }, - { path => '/protected', - provider => 'location', - mellon_enable => 'auth', - auth_type => 'Mellon', - auth_require => 'valid-user', - mellon_cond => ['ADFS_LOGIN userA [MAP]','ADFS_LOGIN userB [MAP]'], - }, - ] -} -``` - -Related parameters follow the names of `mod_auth_mellon` directives: - -- `mellon_cond`: Takes an array of mellon conditions that must be met to grant access, and creates a [MellonCond][`mod_auth_mellon`] directive for each item in the array. -- `mellon_endpoint_path`: Sets the [MellonEndpointPath][`mod_auth_mellon`] to set the mellon endpoint path. -- `mellon_sp_metadata_file`: Sets the [MellonSPMetadataFile][`mod_auth_mellon`] location of the SP metadata file. -- `mellon_idp_metadata_file`: Sets the [MellonIDPMetadataFile][`mod_auth_mellon`] location of the IDP metadata file. -- `mellon_saml_rsponse_dump`: Sets the [MellonSamlResponseDump][`mod_auth_mellon`] directive to enable debug of SAML. -- `mellon_set_env_no_prefix`: Sets the [MellonSetEnvNoPrefix][`mod_auth_mellon`] directive to a hash of attribute names to map -to environment variables. -- `mellon_sp_private_key_file`: Sets the [MellonSPPrivateKeyFile][`mod_auth_mellon`] directive for the private key location of the service provider. -- `mellon_sp_cert_file`: Sets the [MellonSPCertFile][`mod_auth_mellon`] directive for the public key location of the service provider. -- `mellon_user`: Sets the [MellonUser][`mod_auth_mellon`] attribute to use for the username. -- `mellon_session_length`: Sets the [MellonSessionLength][`mod_auth_mellon`] attribute. - -##### `options` - -Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block. - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], - }, - ], -} -``` - -##### `order` - -Sets the order of processing Allow and Deny statements as per [Apache core documentation](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', - }, - ], -} -``` - -##### `passenger_enabled` - -Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directive to 'on' or 'off'. Requires `apache::mod::passenger` to be included. - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - passenger_enabled => 'on', - }, - ], -} -``` - -> **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive. - -##### `php_value` and `php_flag` - -`php_value` sets the value of the directory, and `php_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). - -##### `php_admin_value` and `php_admin_flag` - -`php_admin_value` sets the value of the directory, and `php_admin_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php). - - -##### `require` - - -Sets a `Require` directive as per the [Apache Authz documentation](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#require). If no `require` is set, it will default to `Require all granted`. - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - require => 'ip 10.17.42.23', - } - ], -} -``` - -When more complex sets of requirement are needed, apache >= 2.4 provides the use of [RequireAll](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireall), [RequireNone](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requirenone) or [RequireAny](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireany) directives. -Using the 'enforce' key, which only supports 'any','none','all' (other values are silently ignored), this could be established like: - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - require => { - enforce => 'any', - requires => [ - 'ip 1.2.3.4', - 'not host host.example.com', - 'user xyz', - ], - }, - }, - ], -} -``` - -If `require` is set to `unmanaged` it will not be set at all. This is useful for complex authentication/authorization requirements which are handled in a custom fragment. - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - require => 'unmanaged', - } - ], -} -``` - - - -##### `satisfy` - -Sets a `Satisfy` directive per the [Apache Core documentation](https://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is deprecated due to a change in Apache and only works with Apache 2.2 and lower. - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - satisfy => 'Any', - } - ], -} -``` - -##### `sethandler` - -Sets a `SetHandler` directive per the [Apache Core documentation](https://httpd.apache.org/docs/2.2/mod/core.html#sethandler). - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - sethandler => 'None', - } - ], -} -``` - -##### `set_output_filter` - -Sets a `SetOutputFilter` directive per the [Apache Core documentation](https://httpd.apache.org/docs/current/mod/core.html#setoutputfilter). - -``` puppet -apache::vhost{ 'filter.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - set_output_filter => puppetdb-strip-resource-params, - }, - ], -} -``` - -##### `rewrites` - -Creates URL [`rewrites`](#rewrites) rules in virtual host directories. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'. - -``` puppet -apache::vhost { 'secure.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - rewrites => [ { comment => 'Permalink Rewrites', - rewrite_base => '/' - }, - { rewrite_rule => ['^index\.php$ - [L]'] - }, - { rewrite_cond => ['%{REQUEST_FILENAME} !-f', - '%{REQUEST_FILENAME} !-d', - ], - rewrite_rule => ['. /index.php [L]'], - } - ], - }, - ], -} -``` - -> **Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the virtual host's directories. - -##### `shib_request_settings` - -Allows a valid content setting to be set or altered for the application request. This command takes two parameters: the name of the content setting, and the value to set it to. Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. - -``` puppet -apache::vhost { 'secure.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - shib_request_settings => { 'requiresession' => 'On' }, - shib_use_headers => 'On', - }, - ], -} -``` - -##### `shib_use_headers` - -When set to 'On', this turns on the use of request headers to publish attributes to applications. Values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details. - -##### `shib_compat_valid_user` - -Default is Off, matching the behavior prior to this command's existence. Addresses a conflict when using Shibboleth in conjunction with other auth/auth modules by restoring "standard" Apache behavior when processing the "valid-user" and "user" Require rules. See the [`mod_shib`documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions), and [NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess) topic for more details. This key is disabled if `apache::mod::shib` is not defined. - -##### `ssl_options` - -String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the virtual host. - -``` puppet -apache::vhost { 'secure.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - ssl_options => '+ExportCertData', - }, - { path => '/path/to/different/dir', - ssl_options => ['-StdEnvVars', '+ExportCertData'], - }, - ], -} -``` - -##### `suphp` - -A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the virtual host declaration, and can only be passed within `directories`. - -``` puppet -apache::vhost { 'secure.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - suphp => { - user => 'myappuser', - group => 'myappgroup', - }, - }, - ], -} -``` -##### `additional_includes` - -Specifies paths to additional static, specific Apache configuration files in virtual host directories. Values: a array of string path. - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/different/dir', - additional_includes => ['/custom/path/includes', '/custom/path/another_includes',], - }, - ], -} -``` - -#### SSL parameters for `apache::vhost` - -All of the SSL parameters for `::vhost` default to whatever is set in the base `apache` class. Use the below parameters to tweak individual SSL settings for specific virtual hosts. - -##### `ssl` - -Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries. Values: Boolean. - -Default: `false`. - -##### `ssl_ca` - -Specifies the SSL certificate authority to be used to verify client certificates used for authentication. You must also set `ssl_verify_client` to use this. - -Default: `undef`. - -##### `ssl_cert` - -Specifies the SSL certification. - -Default: Depends on operating system. - -* RedHat: '/etc/pki/tls/certs/localhost.crt' -* Debian: '/etc/ssl/certs/ssl-cert-snakeoil.pem' -* FreeBSD: '/usr/local/etc/apache22/server.crt' -* Gentoo: '/etc/ssl/apache2/server.crt' - -##### `ssl_protocol` - -Specifies [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array or space separated string of accepted protocols. - -Defaults: 'all', '-SSLv2', '-SSLv3'. - -##### `ssl_cipher` - -Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite). - -Default: 'HIGH:MEDIUM:!aNULL:!MD5'. - -##### `ssl_honorcipherorder` - -Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), to cause Apache to use the server's preferred order of ciphers rather than the client's preferred order. Values: - -Values: Boolean, 'on', 'off'. - -Default: `true`. - -##### `ssl_certs_dir` - -Specifies the location of the SSL certification directory to verify client certs. Will not be used unless `ssl_verify_client` is also set (see below). - -Default: undef - -##### `ssl_chain` - -Specifies the SSL chain. This default works out of the box, but it must be updated in the base `apache` class with your specific certificate information before being used in production. - -Default: `undef`. - -##### `ssl_crl` - -Specifies the certificate revocation list to use. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) - -Default: `undef`. - -##### `ssl_crl_path` - -Specifies the location of the certificate revocation list to verify certificates for client authentication with. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.) - -Default: `undef`. - -##### `ssl_crl_check` - -Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck) for ssl client authentication. The default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions. - -Default: `undef`. - -##### `ssl_key` - -Specifies the SSL key. - -Defaults are based on your operating system. Default work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production. - -* RedHat: '/etc/pki/tls/private/localhost.key' -* Debian: '/etc/ssl/private/ssl-cert-snakeoil.key' -* FreeBSD: '/usr/local/etc/apache22/server.key' -* Gentoo: '/etc/ssl/apache2/server.key' - -##### `ssl_verify_client` - -Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication. - -``` puppet -apache::vhost { 'sample.example.net': - … - ssl_verify_client => 'optional', -} -``` - -Values: 'none', 'optional', 'require', and 'optional_no_ca'. - -Default: `undef`. - - -##### `ssl_verify_depth` - -Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. You must set `ssl_verify_client` for it to take effect. - -``` puppet -apache::vhost { 'sample.example.net': - … - ssl_verify_client => 'require', - ssl_verify_depth => 1, -} -``` - -Default: `undef`. - -##### `ssl_proxy_protocol` - -Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol) directive, which controls which SSL protocol flavors `mod_ssl` should use when establishing its server environment for proxy. It connects to servers using only one of the provided protocols. - -Default: `undef`. - -##### `ssl_proxy_verify` - -Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify) directive, which configures certificate verification of the remote server when a proxy is configured to forward requests to a remote SSL server. - -Default: `undef`. - -##### `ssl_proxy_verify_depth` - -Sets the [SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth) directive, which configures how deeply mod_ssl should verify before deciding that the remote server does not have a valid certificate. - -A depth of 0 means that only self-signed remote server certificates are accepted, the default depth of 1 means the remote server certificate can be self-signed or signed by a CA that is directly known to the server. - -Default: `undef` - -##### `ssl_proxy_cipher_suite` - -Sets the [SSLProxyCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyciphersuite) directive, which controls cipher suites supported for ssl proxy traffic. - -Default: `undef` - -##### `ssl_proxy_ca_cert` - -Sets the [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile) directive, which specifies an all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose remote servers you deal with. These are used for Remote Server Authentication. This file should be a concatenation of the PEM-encoded certificate files in order of preference. - -Default: `undef` - -##### `ssl_proxy_machine_cert` - -Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) directive, which specifies an all-in-one file where you keep the certs and keys used for this server to authenticate itself to remote servers. This file should be a concatenation of the PEM-encoded certificate files in order of preference. - -``` puppet -apache::vhost { 'sample.example.net': - … - ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem', -} -``` - -Default: `undef` - -##### `ssl_proxy_check_peer_cn` - -Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. - -Values: 'on', 'off'. - -Default: `undef` - -##### `ssl_proxy_check_peer_name` - -Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL. - -Values: 'on', 'off'. - -Default: `undef` - -##### `ssl_proxy_check_peer_expire` - -Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire) directive, which specifies whether the remote server certificate is checked for expiration or not. - -Values: 'on', 'off'. - -Default: `undef` - -##### `ssl_options` - -Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given virtual host and can be a string or an array. - -A string: - -``` puppet -apache::vhost { 'sample.example.net': - … - ssl_options => '+ExportCertData', -} -``` - -An array: - -``` puppet -apache::vhost { 'sample.example.net': - … - ssl_options => ['+StrictRequire', '+ExportCertData'], -} -``` - -Default: `undef`. - -##### `ssl_openssl_conf_cmd` - -Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters. - -Default: `undef` - -##### `ssl_proxyengine` - -Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). - -Boolean. - -Default: `false`. - -##### `ssl_stapling` - -Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). By default, uses what is set globally. - -This parameter only applies to Apache 2.4 or higher and is ignored on older versions. - -Boolean or `undef`. - -Default: `undef` - -##### `ssl_stapling_timeout` - -Can be used to set the [SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout) directive. - -This parameter only applies to Apache 2.4 or higher and is ignored on older versions. - -Default: none. - -##### `ssl_stapling_return_errors` - -Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive. - -This parameter only applies to Apache 2.4 or higher and is ignored on older versions. - -Default: none. - -#### Defined type: FastCGI Server - -This type is intended for use with mod\_fastcgi. It allows you to define one or more external FastCGI servers to handle specific file types. - -** Note ** If using Ubuntu 10.04+, you'll need to manually enable the multiverse repository. - -Ex: - -``` puppet -apache::fastcgi::server { 'php': - host => '127.0.0.1:9000', - timeout => 15, - flush => `false`, - faux_path => '/var/www/php.fcgi', - fcgi_alias => '/php.fcgi', - file_type => 'application/x-httpd-php', - pass_header => '' -} -``` - -Within your virtual host, you can then configure the specified file type to be handled by the fastcgi server specified above. - -``` puppet -apache::vhost { 'www': - ... - custom_fragment => 'AddType application/x-httpd-php .php' - ... -} -``` - -##### `host` - -The hostname or IP address and TCP port number (1-65535) of the FastCGI server. - -It is also possible to pass a unix socket: - -``` puppet -apache::fastcgi::server { 'php': - host => '/var/run/fcgi.sock', -} -``` - -##### `timeout` - -The number of seconds of FastCGI application inactivity allowed before the request is aborted and the event is logged (at the error LogLevel). The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond (by writing and flushing) within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply. - -##### `flush` - -Force a write to the client as data is received from the application. By default, `mod_fastcgi` buffers data in order to free the application as quickly as possible. - -##### `faux_path` - -Does not have to exist in the local filesystem. URIs that Apache resolves to this filename are handled by this external FastCGI application. - -##### `alias` - -A unique alias. This is used internally to link the action with the FastCGI server. - -##### `file_type` - -The MIME-type of the file to be processed by the FastCGI server. - -##### `pass_header` - -The name of an HTTP Request Header to be passed in the request environment. This option makes available the contents of headers which are normally not available (e.g. Authorization) to a CGI environment. - -#### Defined type: `apache::vhost::custom` - -The `apache::vhost::custom` defined type is a thin wrapper around the `apache::custom_config` defined type, and simply overrides some of its default settings specific to the virtual host directory in Apache. - -**Parameters within `apache::vhost::custom`**: - -##### `content` - -Sets the configuration file's content. - -##### `ensure` - -Specifies if the virtual host file is present or absent. - -Values: 'absent', 'present'. - -Default: 'present'. - -##### `priority` - -Sets the relative load order for Apache HTTPD VirtualHost configuration files. - -Default: '25'. - -##### `verify_config` - -Specifies whether to validate the configuration file before notifying the Apache service. - -Boolean. - -Default: `true`. - -### Private defined types - -#### Defined type: `apache::peruser::multiplexer` - -This defined type checks if an Apache module has a class. If it does, it includes that class. If it does not, it passes the module name to the [`apache::mod`][] defined type. - -#### Defined type: `apache::peruser::multiplexer` - -Enables the [`Peruser`][] module for FreeBSD only. - -#### Defined type: `apache::peruser::processor` - -Enables the [`Peruser`][] module for FreeBSD only. - -#### Defined type: `apache::security::file_link` - -Links the `activated_rules` from [`apache::mod::security`][] to the respective CRS rules on disk. - -### Templates - -The Apache module relies heavily on templates to enable the [`apache::vhost`][] and [`apache::mod`][] defined types. These templates are built based on [Facter][] facts specific to your operating system. Unless explicitly called out, most templates are not meant for configuration. - -### Tasks - -The Apache module has a task that allows a user to reload the Apache config without restarting the service. Please refer to to the [PE documentation](https://puppet.com/docs/pe/2017.3/orchestrator/running_tasks.html) or [Bolt documentation](https://puppet.com/docs/bolt/latest/bolt.html) on how to execute a task. - -### Functions -#### apache_pw_hash -Hashes a password in a format suitable for htpasswd files read by apache. - -Currently uses SHA-hashes, because although this format is considered insecure, its the -most secure format supported by the most platforms. - - -## Limitations - -For an extensive list of supported operating systems, see [metadata.json](https://github.com/puppetlabs/puppetlabs-apache/blob/master/metadata.json) - -### FreeBSD - -In order to use this module on FreeBSD, you _must_ use apache24-2.4.12 (www/apache24) or newer. - -### Gentoo - -On Gentoo, this module depends on the [`gentoo/puppet-portage`][] Puppet module. Although several options apply or enable certain features and settings for Gentoo, it is not a [supported operating system][] for this module. - -### RHEL/CentOS -The [`apache::mod::auth_cas`][], [`apache::mod::passenger`][], [`apache::mod::proxy_html`][] and [`apache::mod::shib`][] classes are not functional on RH/CentOS without providing dependency packages from extra repositories. - -See their respective documentation below for related repositories and packages. - -#### RHEL/CentOS 5 - -The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested because repositories are missing compatible packages. - -#### RHEL/CentOS 6 - -The [`apache::mod::passenger`][] class is not installing, because the the EL6 repository is missing compatible packages. - -#### RHEL/CentOS 7 - -The [`apache::mod::passenger`][] and [`apache::mod::proxy_html`][] classes are untested because the EL7 repository is missing compatible packages, which also blocks us from testing the [`apache::vhost`][] defined type's [`rack_base_uris`][] parameter. - -### SELinux and custom paths - -If [SELinux][] is in [enforcing mode][] and you want to use custom paths for `logroot`, `mod_dir`, `vhost_dir`, and `docroot`, you need to manage the files' context yourself. - -You can do this with Puppet: - -``` puppet -exec { 'set_apache_defaults': - command => 'semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - require => Package['policycoreutils-python'], -} - -package { 'policycoreutils-python': - ensure => installed, -} - -exec { 'restorecon_apache': - command => 'restorecon -Rv /apache_spec', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - before => Class['Apache::Service'], - require => Class['apache'], -} - -class { 'apache': } - -host { 'test.server': - ip => '127.0.0.1', -} - -file { '/custom/path': - ensure => directory, -} - -file { '/custom/path/include': - ensure => present, - content => '#additional_includes', -} - -apache::vhost { 'test.server': - docroot => '/custom/path', - additional_includes => '/custom/path/include', -} -``` - -You must set the contexts using `semanage fcontext` instead of `chcon` because Puppet's `file` resources reset the values' context in the database if the resource doesn't specify it. - -### Ubuntu 10.04 - -The [`apache::vhost::WSGIImportScript`][] parameter creates a statement inside the virtual host that is unsupported on older versions of Apache, causing it to fail. This will be remedied in a future refactoring. - -### Ubuntu 16.04 -The [`apache::mod::suphp`][] class is untested since repositories are missing compatible packages. - - -## Development - -### Testing - -Due to the difficult and specialised nature of acceptance testing mods in apache IE (high OS specificity), we have replaced acceptance tests with unit tests. - -To run the unit tests, install the necessary gems: - -``` -bundle install -``` - -And then execute the command: - -``` -bundle exec rake parallel_spec -``` - -To check the code coverage, run: - -``` -COVERAGE=yes bundle exec rake parallel_spec -``` - -### Contributing - -[Puppet][] modules on the [Puppet Forge][] are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve. - -We want to make it as easy as possible to contribute changes so our modules work in your environment, but we also need contributors to follow a few guidelines to help us maintain and improve the modules' quality. - -For more information, please read the complete [module contribution guide][] and check out [CONTRIBUTING.md][]. diff --git a/puppet/modules/apache/Rakefile b/puppet/modules/apache/Rakefile deleted file mode 100644 index a1d0de1..0000000 --- a/puppet/modules/apache/Rakefile +++ /dev/null @@ -1,77 +0,0 @@ -require 'puppetlabs_spec_helper/rake_tasks' -require 'puppet-syntax/tasks/puppet-syntax' -require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any? -require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any? -require 'puppet-strings/tasks' if Bundler.rubygems.find_name('puppet-strings').any? -require 'puppet-lint/tasks/puppet-lint' - -def changelog_user - return unless Rake.application.top_level_tasks.include? "changelog" - returnVal = nil || JSON.load(File.read('metadata.json'))['author'] - raise "unable to find the changelog_user in .sync.yml, or the author in metadata.json" if returnVal.nil? - puts "GitHubChangelogGenerator user:#{returnVal}" - returnVal -end - -def changelog_project - return unless Rake.application.top_level_tasks.include? "changelog" - returnVal = nil || JSON.load(File.read('metadata.json'))['name'] - raise "unable to find the changelog_project in .sync.yml or the name in metadata.json" if returnVal.nil? - puts "GitHubChangelogGenerator project:#{returnVal}" - returnVal -end - -def changelog_future_release - return unless Rake.application.top_level_tasks.include? "changelog" - returnVal = "v%s" % JSON.load(File.read('metadata.json'))['version'] - raise "unable to find the future_release (version) in metadata.json" if returnVal.nil? - puts "GitHubChangelogGenerator future_release:#{returnVal}" - returnVal -end - -PuppetLint.configuration.send('disable_relative') - -if Bundler.rubygems.find_name('github_changelog_generator').any? - GitHubChangelogGenerator::RakeTask.new :changelog do |config| - raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil? - config.user = "#{changelog_user}" - config.project = "#{changelog_project}" - config.future_release = "#{changelog_future_release}" - config.exclude_labels = ['maintenance'] - config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)." - config.add_pr_wo_labels = true - config.issues = false - config.merge_prefix = "### UNCATEGORIZED PRS; GO LABEL THEM" - config.configure_sections = { - "Changed" => { - "prefix" => "### Changed", - "labels" => ["backwards-incompatible"], - }, - "Added" => { - "prefix" => "### Added", - "labels" => ["feature", "enhancement"], - }, - "Fixed" => { - "prefix" => "### Fixed", - "labels" => ["bugfix"], - }, - } - end -else - desc 'Generate a Changelog from GitHub' - task :changelog do - raise <= Gem::Version.new('2.2.2')" -EOM - end -end - diff --git a/puppet/modules/apache/checksums.json b/puppet/modules/apache/checksums.json deleted file mode 100644 index c6d35c2..0000000 --- a/puppet/modules/apache/checksums.json +++ /dev/null @@ -1,367 +0,0 @@ -{ - "CHANGELOG.md": "dd509028c5db332f6889c92314c00899", - "CONTRIBUTING.md": "4d17f3c942e7c93d1577cc4438a231e4", - "Gemfile": "3864447c01e8ca140685b2f085f2d262", - "HISTORY.md": "b21465bbe2fcf4b395d854f1dcdfa2e6", - "LICENSE": "3b83ef96387f14655fc854ddc3c6bd57", - "MAINTAINERS.md": "6508b1d302b38186425992a66186c060", - "NOTICE": "33bfe803d322df8f0fb9a65ebe2808e1", - "README.md": "559976745ef6bb0ab0af048db429b67a", - "Rakefile": "62da7aec85d5c34a90c35c24b64328a7", - "examples/apache.pp": "41e97262421ea5734fac16a338701a78", - "examples/dev.pp": "8da0d50d9d06834dd06329b8945f06d5", - "examples/init.pp": "d27415f33028c26d4031d30305eec5e0", - "examples/mod_load_params.pp": "e8d1c1b1b96d560c8288c51a76bffc87", - "examples/mods.pp": "78a25c9e226265353eabefd3ddfd4218", - "examples/mods_custom.pp": "bc9e6959c282984cf9cdd93869c89499", - "examples/php.pp": "afa0871b94040e3ae91fce9c375fb725", - "examples/vhost.pp": "70ef5d1fc95cd51761fc6a541da2d5b6", - "examples/vhost_directories.pp": "95aa446a2fccf9f3561581a5d71c61a7", - "examples/vhost_filter.pp": "62c5af7868af9887b7d71769c319c1e5", - "examples/vhost_ip_based.pp": "7a4d4c1c00147c45e4534f58d2fbf4ed", - "examples/vhost_proxypass.pp": "2f0bd33b34a48554adcdf20d6d31a4c2", - "examples/vhost_ssl.pp": "ddd3c45964df56837d6c051a7d692378", - "examples/vhosts_without_listen.pp": "226afb3e87129a56fc9add21b120feb2", - "files/httpd": "295f5e924afe6f752d29327e73fe6d0a", - "lib/facter/apache_version.rb": "1b7d238d360fc0c73e936084c971d925", - "lib/puppet/functions/apache/apache_pw_hash.rb": "ea9130e61607429eff5af3124458fed0", - "lib/puppet/functions/apache/bool2httpd.rb": "3279b288304c4be78f36a8430b432f30", - "lib/puppet/functions/apache/validate_apache_log_level.rb": "d254807bf3577f261430bfc9fdca71c6", - "lib/puppet/parser/functions/apache_pw_hash.rb": "93f3a9658f79bc7e1943804e719fd33b", - "lib/puppet/parser/functions/bool2httpd.rb": "39718d39e324709686e7406248833ab6", - "lib/puppet/parser/functions/validate_apache_log_level.rb": "9445dd499a4c4a06ce4d181ee3641338", - "lib/puppet/provider/a2mod/a2mod.rb": "3e605e7ee91fdb24015ef551b6c5f6c0", - "lib/puppet/provider/a2mod/gentoo.rb": "38bfa4ca531faf386be8b4f7c5fc306e", - "lib/puppet/provider/a2mod/modfix.rb": "5f7be8bfdb72e5b52ed83a63ac861dcb", - "lib/puppet/provider/a2mod/redhat.rb": "a853a87f36eda1597d4c5959f1e337a2", - "lib/puppet/provider/a2mod.rb": "71d301713c155278dc0b95a97805d512", - "lib/puppet/type/a2mod.rb": "7163e1c80c3e8a164c855d18420d55b2", - "locales/config.yaml": "5097a0a36a08ac68835001a96b376b46", - "locales/ja/puppetlabs-apache.po": "709261183cc8d4fed57edee36ea843a5", - "locales/puppetlabs-apache.pot": "4bd09a821333cf6c272a64e944ef4e01", - "manifests/balancer.pp": "050fdf4f99eae8d3eac5dca80f80c4f8", - "manifests/balancermember.pp": "d74ab23d74fa198853b13ad837df925c", - "manifests/confd/no_accf.pp": "406d0ca41c3b90f83740ca218dc3f484", - "manifests/custom_config.pp": "357badc11586c8bb726f2a36364c0932", - "manifests/default_confd_files.pp": "86fdbe5773abb7c2da26db096973865c", - "manifests/default_mods/load.pp": "bc0b3b65edd1ba6178c09672352f9bce", - "manifests/default_mods.pp": "e6de622bf507deea49bfb5a7c7ed281d", - "manifests/dev.pp": "8a7ead42f991e5dfdd364ba1aa1304e0", - "manifests/fastcgi/server.pp": "646b7c685921edc2316fe3515c705d7d", - "manifests/init.pp": "94ecec19ec781cc7f3e8f1bd983c5f47", - "manifests/listen.pp": "6e44a9f49376cefb5694d52be5bc5a88", - "manifests/mod/actions.pp": "ec2a5d1cf54790204750f9b67938d230", - "manifests/mod/alias.pp": "1ef0d98a941bd796d428297b74acc8c4", - "manifests/mod/auth_basic.pp": "dffef6ff10145393cb78fcaa27220c53", - "manifests/mod/auth_cas.pp": "f2e61e67393a998a19f8b34506e07e0d", - "manifests/mod/auth_gssapi.pp": "e355c041e28b6b6a057c650e535ba79c", - "manifests/mod/auth_kerb.pp": "8759cab3dc12d6ba4cc12fcdbb699418", - "manifests/mod/auth_mellon.pp": "5bfbc604dd79923bdb65ecab02353059", - "manifests/mod/authn_core.pp": "4db773ddbc0d875230085782d4521951", - "manifests/mod/authn_dbd.pp": "8f03863a483184ca53b9bc3a45b2297f", - "manifests/mod/authn_file.pp": "eeb11513490beee901574746faaeabdf", - "manifests/mod/authnz_ldap.pp": "c64f544ce5aacc549663200feae2c7ad", - "manifests/mod/authnz_pam.pp": "9f99d93e289a2db42c74046c8ae1889f", - "manifests/mod/authz_default.pp": "b7c94cfa4e008155fffd241d35834064", - "manifests/mod/authz_user.pp": "d446c90c44304594206bd2a0112be625", - "manifests/mod/autoindex.pp": "3b50dc082dba420c3d564309601fd419", - "manifests/mod/cache.pp": "b56d68b9401ba3e02a1f2fe55cdfbcca", - "manifests/mod/cgi.pp": "19e616e40d511e5bf60b29cc38896ab9", - "manifests/mod/cgid.pp": "fb9ae9b5012d41e22cb85c0b50e17361", - "manifests/mod/cluster.pp": "8b67026e9a6a4bdc6a2481613896ded1", - "manifests/mod/data.pp": "2a222e601107fcb2e7b36fcc41e6ce1b", - "manifests/mod/dav.pp": "9df80d36dd609be9032a8260aa9d10c1", - "manifests/mod/dav_fs.pp": "9ad2359d64b0b6f219bd8a338917d114", - "manifests/mod/dav_svn.pp": "148d05eea8a70a8d4c237285d7ea1dd4", - "manifests/mod/dbd.pp": "4471dbd9fd67d0db885d4ba2a47a194a", - "manifests/mod/deflate.pp": "20231a22aba12eb905f1d7f1853e383e", - "manifests/mod/dev.pp": "42673bab60b6fc0f3aa6e2357ec0a27c", - "manifests/mod/dir.pp": "75039bc8c77b9b82fa12fc5aa1061291", - "manifests/mod/disk_cache.pp": "b80b2653e3beaa3e83c66244e6871820", - "manifests/mod/dumpio.pp": "5492a7249450a7fdf335ecb0c3b948f4", - "manifests/mod/env.pp": "2a0321180a59161565b2b5f1b79d6b15", - "manifests/mod/event.pp": "a82a7ab979cc351eb660576bdc91d0e8", - "manifests/mod/expires.pp": "6f12edcf6863958af832db73b56e5f08", - "manifests/mod/ext_filter.pp": "287966c2c0fd450c72a1c9ef88a0e155", - "manifests/mod/fastcgi.pp": "f6625abe9b6dc3cc17e3a22559808c81", - "manifests/mod/fcgid.pp": "96e0a5f09c2d1ba21b2209a6e21b6847", - "manifests/mod/filter.pp": "b0039f3ae932b1204994ef2180dd76d2", - "manifests/mod/geoip.pp": "41762c637ab45dac05e564d1b3d03c3e", - "manifests/mod/headers.pp": "ef3de538a0a4c9406236faf43eb89710", - "manifests/mod/http2.pp": "146888c46f52c99beccf06f4924aef1d", - "manifests/mod/include.pp": "a3b66eda88e38d90825c16b834bacd8d", - "manifests/mod/info.pp": "c3e815ed9912bb9147805f7274508489", - "manifests/mod/intercept_form_submit.pp": "b3e55433272082bac1e7a5334df3b01f", - "manifests/mod/itk.pp": "ec8a29364bd0d17a51b3a862e703f168", - "manifests/mod/jk.pp": "ea22fbaffa12b8ab16ea1a9215e4a718", - "manifests/mod/ldap.pp": "ca56d185c798ebd655adf002bfb2604a", - "manifests/mod/lookup_identity.pp": "a3fd01d395ea09ec1488494fd077dd7b", - "manifests/mod/macro.pp": "af7db43b0244664f14397b8ea4549d48", - "manifests/mod/mime.pp": "24fe99c65367a3f606441605a2ff26dd", - "manifests/mod/mime_magic.pp": "d31702cee9007c2e65c8d3ccbed1fda3", - "manifests/mod/negotiation.pp": "2ccabe3f6788961feab3c54e100c48c2", - "manifests/mod/nss.pp": "3cc69b59bba579181b0ceb1dfd2976d0", - "manifests/mod/pagespeed.pp": "1fcf4c30084bd1e4fa3006b4d3265c1a", - "manifests/mod/passenger.pp": "08617e46f2bb04014c4be67ff91af191", - "manifests/mod/perl.pp": "b8180ca0e1e7f8d60030321f52c28d6d", - "manifests/mod/peruser.pp": "13761222709094653bca7bad4435fcdb", - "manifests/mod/php.pp": "31244035d5aa4bad25ab9068b31fe60d", - "manifests/mod/prefork.pp": "3544fcddeb42ffc6f6721a8c84412705", - "manifests/mod/proxy.pp": "64ff23b33d20fe2fb27fe6a96f6bf785", - "manifests/mod/proxy_ajp.pp": "073e2406aea7822750d4c21f02d8ac80", - "manifests/mod/proxy_balancer.pp": "c717e51517043084854b26c89d7b99d9", - "manifests/mod/proxy_connect.pp": "7cd9b4b61ec6feb020f753ee74910a48", - "manifests/mod/proxy_fcgi.pp": "8c7fd559419b159e27218a17463d850d", - "manifests/mod/proxy_html.pp": "aa012e927e20d3f7734fdc026491fd20", - "manifests/mod/proxy_http.pp": "0db1b26f8b4036b0d46ba86b7eaac561", - "manifests/mod/proxy_wstunnel.pp": "88ee88d6d56a70f0000e690f80f64acb", - "manifests/mod/python.pp": "3b0f87658c20b56cd87c0b288dd0be99", - "manifests/mod/remoteip.pp": "8e1f77cd371b9ecaea467cc810516ce3", - "manifests/mod/reqtimeout.pp": "17b245b5d14f3f7b8c1d5fa07e5c159e", - "manifests/mod/rewrite.pp": "292f2d6ce2078fa9df7f686105ea7b95", - "manifests/mod/rpaf.pp": "54991f51a06e2b4171956e6ce1caf3a3", - "manifests/mod/security.pp": "efa96b042ccdd5f29539ae9a76566167", - "manifests/mod/setenvif.pp": "fa3b3e5f3a7e029f9db5b66ae499c6c8", - "manifests/mod/shib.pp": "8b75f8818fe9dc5728a478fc27962447", - "manifests/mod/socache_shmcb.pp": "c94ae23ab8cce744acad2f7e33dbfa9c", - "manifests/mod/speling.pp": "b6971e10caf22837e410b94910b66b1a", - "manifests/mod/ssl.pp": "420751a3b9bf5be2e6256e0795ca5108", - "manifests/mod/status.pp": "63ab03404a869a6670ea387575f1fab2", - "manifests/mod/suexec.pp": "2a8671856a0ece597e9b57867dc35e76", - "manifests/mod/suphp.pp": "0a76d0045bd5898cf5f9baa364ff692d", - "manifests/mod/userdir.pp": "8cce2ae6536eab6b809c63cb6ed59c55", - "manifests/mod/version.pp": "6cb31057ebffa796f95642cc95f9499d", - "manifests/mod/vhost_alias.pp": "ee1225a748daaf50aca39a6d93fb8470", - "manifests/mod/worker.pp": "41137580c48b89f2795c1295d87962c0", - "manifests/mod/wsgi.pp": "ff832bc056de02d3bee21c097cc478b6", - "manifests/mod/xsendfile.pp": "fba06f05a19c466654aca5ecaa705bf0", - "manifests/mod.pp": "1ebd1bd562c646775d8a5f1c66203255", - "manifests/mpm.pp": "2777360598e1206107fc30093edcecc1", - "manifests/namevirtualhost.pp": "5ad54a441ff26a55cc536069d8fad238", - "manifests/package.pp": "ebd1e1e815ef744ebd4e9d8a6c94a07a", - "manifests/params.pp": "4efd4ad66c3acd5bd652202851b7218c", - "manifests/peruser/multiplexer.pp": "0ea75341b7a93e55bcfb431a93b1a6c9", - "manifests/peruser/processor.pp": "62f0ad5ed2ec36dadc7f40ad2a9e1bb9", - "manifests/php.pp": "9c9d07e12bf5d112b0b54f5bd69046fc", - "manifests/proxy.pp": "7c8515b88406922e148322ee15044b29", - "manifests/python.pp": "ddef4cd73850fdc2dc126d4579c30adf", - "manifests/security/rule_link.pp": "9c879ecfd7534347ccc8cf3ea77fa859", - "manifests/service.pp": "9984fd2cfd49cea0b8db61f7cc3c1c4b", - "manifests/ssl.pp": "173f3d6a7fd2b5f4100c4ff03d84e13b", - "manifests/version.pp": "dd4999659116fb951f44679466392dcc", - "manifests/vhost/custom.pp": "421081f6c4f33e1aca07ff789e53345e", - "manifests/vhost.pp": "e4cf472784511bfda59cbe9d39498d09", - "manifests/vhosts.pp": "d5cd9e6b701b7b2948c011546bc55497", - "metadata.json": "6903f5a64bf979a3b41c27d2a336483a", - "readmes/README_ja_JP.md": "8398df54ac2085f3344aac754c964f94", - "spec/acceptance/apache_parameters_spec.rb": "f8387a1200a3c9703a91a92f2b6604d7", - "spec/acceptance/apache_ssl_spec.rb": "322b6d93ec1822668526c4b2949e3f16", - "spec/acceptance/class_spec.rb": "785eb067230f051c05e89e3b9f40dce8", - "spec/acceptance/custom_config_spec.rb": "2ae20f2f5e4d86755db2e5c0d13bf172", - "spec/acceptance/default_mods_spec.rb": "e319cd4e4eb428423cfe0e5116ed4840", - "spec/acceptance/init_task_spec.rb": "c2f52349de647d83fc31ba802d773efd", - "spec/acceptance/itk_spec.rb": "535f381ba41c11f2f9acfbbe34b56297", - "spec/acceptance/mod_php_spec.rb": "440faff369236fb4f8192da2b81507e2", - "spec/acceptance/nodesets/centos-7-x64.yml": "a713f3abd3657f0ae2878829badd23cd", - "spec/acceptance/nodesets/debian-8-x64.yml": "d2d2977900989f30086ad251a14a1f39", - "spec/acceptance/nodesets/default.yml": "b42da5a1ea0c964567ba7495574b8808", - "spec/acceptance/nodesets/docker/centos-7.yml": "8a3892807bdd62306ae4774f41ba11ae", - "spec/acceptance/nodesets/docker/debian-8.yml": "ac8e871d1068c96de5e85a89daaec6df", - "spec/acceptance/nodesets/docker/ubuntu-14.04.yml": "dc42ee922a96908d85b8f0f08203ce58", - "spec/acceptance/nodesets/suse.yml": "eff62186e4de2ffed45a72a375380338", - "spec/acceptance/prefork_worker_spec.rb": "46c419c51d603b30242d26e55ae4eb9e", - "spec/acceptance/service_spec.rb": "2de0240c177997b3bed17e60eade5dd0", - "spec/acceptance/version.rb": "b4098747f339536fb13e8bad80f7a22d", - "spec/acceptance/vhost_spec.rb": "ef935740b8cfd8f6e28eb627db3f35cc", - "spec/acceptance/vhosts_spec.rb": "d7ed8a43f9c962674bbf467831f5b17f", - "spec/classes/apache_spec.rb": "c169ff9b9239ebb52287829085e5ff43", - "spec/classes/dev_spec.rb": "a5a7ecc293dd84a9395509965066db17", - "spec/classes/mod/alias_spec.rb": "72e1f8652dd140f2d755b4c7e67c02ab", - "spec/classes/mod/auth_cas_spec.rb": "859a553ec43f05c79da901e550d06bbe", - "spec/classes/mod/auth_gssapi_spec.rb": "b8d84e6bdd837c8e2ccd030016aded85", - "spec/classes/mod/auth_kerb_spec.rb": "84128f84ad7f173bf8d70d84409d5ecd", - "spec/classes/mod/auth_mellon_spec.rb": "bf80233012f4d6206ecdce28f23d2804", - "spec/classes/mod/authn_dbd_spec.rb": "c35918b5bf76de63cad5e2cb0aadf3a8", - "spec/classes/mod/authnz_ldap_spec.rb": "b62d6ef1cd650593cfd98ba7c9ed3d74", - "spec/classes/mod/authnz_pam_spec.rb": "01aa7c6a30386e34bf96d81060334be8", - "spec/classes/mod/cluster_spec.rb": "adde71d9d29805c7cf1dec39428e9d68", - "spec/classes/mod/data_spec.rb": "6265b7eaafb57db8d8df043244dc5162", - "spec/classes/mod/dav_svn_spec.rb": "3060c39168040310f7d3ba1111b5afe3", - "spec/classes/mod/deflate_spec.rb": "7fe47f320433db0714736e2484785d5e", - "spec/classes/mod/dev_spec.rb": "a111d5fc8c740900efc8b230564cca44", - "spec/classes/mod/dir_spec.rb": "407b643da08eaf397cc4e70d9b5c9ad9", - "spec/classes/mod/disk_cache_spec.rb": "b0078665e34f3e59588f8294090d5ef0", - "spec/classes/mod/dumpio_spec.rb": "8b2ba97f2b0ac0889b68063c107f7939", - "spec/classes/mod/event_spec.rb": "2c998b61ea7ba4ddfdbc4a8b03d11022", - "spec/classes/mod/expires_spec.rb": "7a4a59e9b665df7976b9fdf552ff50b0", - "spec/classes/mod/ext_filter_spec.rb": "f64eb82934584d1d2ea61a3bb8da27a1", - "spec/classes/mod/fastcgi_spec.rb": "0bc03eb0a46c943bedaf52d5b51d824c", - "spec/classes/mod/fcgid_spec.rb": "48e873bfb44d767866898617526ddc1e", - "spec/classes/mod/http2_spec.rb": "e0eacd37a2c05c5f47b94400639cb1e3", - "spec/classes/mod/info_spec.rb": "638a489bdeed722a85d49ada295c8a84", - "spec/classes/mod/intercept_form_submit_spec.rb": "26105ff07d81bf7492396498245fcee3", - "spec/classes/mod/itk_spec.rb": "e4a859ad7c866f55f6f7c0d2db0af1ba", - "spec/classes/mod/jk_spec.rb": "9394351454328eccec2f719c27439857", - "spec/classes/mod/ldap_spec.rb": "af31c3ea80062c0fe065bc76825e6600", - "spec/classes/mod/lookup_identity.rb": "e6cfc4883ed98e608ddd26ac7c72cb05", - "spec/classes/mod/mime_magic_spec.rb": "9bc4b51357b2fd1639eac6ee93dfa1b5", - "spec/classes/mod/mime_spec.rb": "677e75a788213a96d8844ba38de1b8a8", - "spec/classes/mod/negotiation_spec.rb": "0ee17c6e26e0a40ddd701875cca11b80", - "spec/classes/mod/pagespeed_spec.rb": "186e7c52e2c27e253b7e4343e15548f5", - "spec/classes/mod/passenger_spec.rb": "e4f8a4ef0a940116fad636f0a727b8eb", - "spec/classes/mod/perl_spec.rb": "5bcf76320c961c9e320ce1b004433d86", - "spec/classes/mod/peruser_spec.rb": "05f188044a74a0eae2ec34a1c87ca98e", - "spec/classes/mod/php_spec.rb": "f3cbf0b8c2c623052ee5efdb0db68e29", - "spec/classes/mod/prefork_spec.rb": "27b4b0e0135ce3f42d23b21b2ab6593b", - "spec/classes/mod/proxy_balancer_spec.rb": "e32b2a141d39e47123aae56f893d724f", - "spec/classes/mod/proxy_connect_spec.rb": "1c01b4b251ff3a93110e79cc609bf047", - "spec/classes/mod/proxy_html_spec.rb": "652312e3a99c24899442876db2f048e3", - "spec/classes/mod/proxy_wstunnel.rb": "8e95c7a50bc4821b2ea7286a72d19a51", - "spec/classes/mod/python_spec.rb": "9d1944716048e820b69f8a59a5cc22d8", - "spec/classes/mod/remoteip_spec.rb": "c86c1bae8af58ab0571bdd4bfc027b5e", - "spec/classes/mod/reqtimeout_spec.rb": "ff5641bdac62f9970b7c3030f51e108c", - "spec/classes/mod/rpaf_spec.rb": "b1410e9d490ee59d0353fee4e9ab163f", - "spec/classes/mod/security_spec.rb": "1b69d3bd4b249f2829659e1d40253e88", - "spec/classes/mod/shib_spec.rb": "4dbe9b8354b24203db82d97995a469a9", - "spec/classes/mod/speling_spec.rb": "78eb1ed59af1771c36364ec8cc7bb453", - "spec/classes/mod/ssl_spec.rb": "28da429d26c148ddb2c53a460b365101", - "spec/classes/mod/status_spec.rb": "517fa4341aaaee0e912a8f3dd403f6f4", - "spec/classes/mod/suphp_spec.rb": "f4dd110c9ccd36df43ac70378e144c45", - "spec/classes/mod/userdir_spec.rb": "d331fe8b47a47a1aa65b0b757400f808", - "spec/classes/mod/worker_spec.rb": "315781709afd4cb1d70645429c5e08d0", - "spec/classes/mod/wsgi_spec.rb": "bd38ce1ab0b36f5e3ba8e9f9b7c086c9", - "spec/classes/params_spec.rb": "d116851cf370a959e8aae9749eccb612", - "spec/classes/service_spec.rb": "5095179974d56c5f5b655a18adf367d8", - "spec/classes/vhosts_spec.rb": "b0e04f7f4b679bd4bcb003486f236e2a", - "spec/default_facts.yml": "d4442f09ee2f33f2d55f078d0ee2634f", - "spec/defines/balancer_spec.rb": "82bfb7b78be5df507088107a0ab8bd97", - "spec/defines/balancermember_spec.rb": "11a817bcf01e573f9b8fd4f0ec1f36bb", - "spec/defines/custom_config_spec.rb": "aa2a0a9515c6e7c2dde27ab892d608e2", - "spec/defines/fastcgi_server_spec.rb": "43e9ab0bdd14e48c5d28ab8d261f6df2", - "spec/defines/mod_spec.rb": "0ad8687dc9adcf02e3874eb2986261fa", - "spec/defines/modsec_link_spec.rb": "67fde56968e628674bab5ff54dd89499", - "spec/defines/vhost_custom_spec.rb": "ed12b5897f9604a7e9549380ef57d3e2", - "spec/defines/vhost_spec.rb": "00b0619b7efa2642f2c81d72bf7c82c9", - "spec/fixtures/files/negotiation.conf": "9c11872e26327ec880749b5dfdea25d6", - "spec/fixtures/files/spec": "e964ecac35c35baa9b4c57dac4ff5b3e", - "spec/fixtures/site_apache/templates/fake.conf.erb": "6b0431dd0b9a0bf803eb0684300c2cff", - "spec/fixtures/templates/negotiation.conf.erb": "c838e612ce6f82a5efd12871ad562011", - "spec/functions/apache_pw_hash_spec.rb": "de922f948832499885936fc98a26a227", - "spec/functions/bool2httpd_spec.rb": "5362a9d9600ca5f2763c4070658ed1e1", - "spec/functions/validate_apache_log_level_spec.rb": "6db28e2445a46ea4a4bdaf2f3799b030", - "spec/spec_helper.rb": "12f17315eff18ac6546873e0fdc1c5c0", - "spec/spec_helper_acceptance.rb": "136bd57bd03501a8f121119de9799717", - "spec/spec_helper_local.rb": "e7cbcbef6fe9a47ac462358cd9fdbf4f", - "spec/unit/apache_version_spec.rb": "780b94bf01682a7463c4a8937a0ce5ae", - "spec/unit/provider/a2mod/gentoo_spec.rb": "b1df4126b9aee0b7e2e26cc02be90e38", - "spec/unit/puppet/parser/functions/apache_pw_hash_spec.rb": "9cd6d954180f50ea44102eb595326018", - "spec/unit/puppet/parser/functions/bool2httpd_spec.rb": "f023e94647643ab7f2e58b9c0541d13e", - "spec/unit/puppet/parser/functions/validate_apache_log_level.rb": "a164de62e4a5fab615a5e565edd4731e", - "tasks/init.json": "00c3701d7b1f71cc268bb26fe8011a8a", - "tasks/init.rb": "71213af282fda50d77a528a56a9418c2", - "templates/confd/no-accf.conf.erb": "a614f28c4b54370e4fa88403dfe93eb0", - "templates/fastcgi/server.erb": "30cdd04393bdb4f68678d00e2930721b", - "templates/httpd.conf.erb": "ae9c8185fb1301b9fadb933eb8f89e50", - "templates/listen.erb": "6286aa08f9e28caee54b1e1ee031b9d6", - "templates/mod/_allow.erb": "2468bf2675605ff34a50d86cbabcf507", - "templates/mod/_require.erb": "aa6856fb04de1e476d64d8f219d777ab", - "templates/mod/alias.conf.erb": "370e9d394dd462d3ebc0dd345ab68f6f", - "templates/mod/auth_cas.conf.erb": "35e1291a5fa05067d7623c02bafb0ada", - "templates/mod/auth_mellon.conf.erb": "4e17d22a8f1bc312e976e8513199c945", - "templates/mod/authn_dbd.conf.erb": "7a84f5d3b3a4b92a88fe052b13376f8e", - "templates/mod/authnz_ldap.conf.erb": "2262e6d90ae81f2b732bbf0163006c59", - "templates/mod/autoindex.conf.erb": "2421a3c6df32c7e38c2a7a22afdf5728", - "templates/mod/cgid.conf.erb": "f8ce27d60bc495bab16de2696ebb2fd0", - "templates/mod/cluster.conf.erb": "bcc31ff258e903f2edbf2d216925e349", - "templates/mod/dav_fs.conf.erb": "10c1131168e35319e22b3fbfe51aebfd", - "templates/mod/deflate.conf.erb": "e866ecf2bfe8e42ea984267f569723db", - "templates/mod/dir.conf.erb": "2485da78a2506c14bf51dde38dd03360", - "templates/mod/disk_cache.conf.erb": "d278b52b47c24073d4bfb82a270bf6c5", - "templates/mod/dumpio.conf.erb": "260a03d5f5b450095a5374690fbb34b2", - "templates/mod/event.conf.erb": "5e4095242d8e5dd99fe0823cfa2f1434", - "templates/mod/expires.conf.erb": "cf6b13c5a617ffec81408d41bfd9c81b", - "templates/mod/ext_filter.conf.erb": "4e4e4143ab402a9f9d51301b1a192202", - "templates/mod/fastcgi.conf.erb": "2404caa7d91dea083fc4f8b6f18acd24", - "templates/mod/fcgid.conf.erb": "1780c7808bb3811deaf0007c890df4dc", - "templates/mod/geoip.conf.erb": "f6a423e771287fc81ddaf1082ce1ef6c", - "templates/mod/http2.conf.erb": "55a5b79d5d99ff88599c013340e7986a", - "templates/mod/info.conf.erb": "c8580f35594e8f76da9c961def618739", - "templates/mod/itk.conf.erb": "3054029b7fe04998462b641401694531", - "templates/mod/jk/uriworkermap.properties.erb": "7c1bf568b51f40caa9959fa5e6867367", - "templates/mod/jk/workers.properties.erb": "a8ff52eab04c79bc140192dcaaafc5a2", - "templates/mod/jk.conf.erb": "d9b7538cac21ad34e868b181ea5231c2", - "templates/mod/ldap.conf.erb": "577c301bfe3c791b34033b696787c834", - "templates/mod/load.erb": "01132434e6101080c41548b0ba7e57d8", - "templates/mod/mime.conf.erb": "2fa5a10d06ff979de1d5d2544586ab45", - "templates/mod/mime_magic.conf.erb": "067c3180b4216439b039822114144e78", - "templates/mod/mpm_event.conf.erb": "80097a19d063a4f973465d9ef5c0c0bf", - "templates/mod/negotiation.conf.erb": "a2f0fb40cd038cb17bedc2b84d9f48ea", - "templates/mod/nss.conf.erb": "03a7a3721b19706e00df00e457c5df69", - "templates/mod/pagespeed.conf.erb": "d1d8dfb00e528aab10a24518c7f148a6", - "templates/mod/passenger.conf.erb": "2fd4d617d2ff8304150525debe1c4c01", - "templates/mod/peruser.conf.erb": "c4f4054aee899249ea6fef5a9e5c14ff", - "templates/mod/php.conf.erb": "c535da6adea16bdcb0586260eedf8c93", - "templates/mod/prefork.conf.erb": "af0963a314db8d24e047bce7f45ee3ef", - "templates/mod/proxy.conf.erb": "a39f193ed4da5204bd26acfb73e7d8db", - "templates/mod/proxy_balancer.conf.erb": "a9f8d51a2a7169e5fd0c8415a3f9c662", - "templates/mod/proxy_html.conf.erb": "00f10b5cf505587971cdcc6f146757b9", - "templates/mod/remoteip.conf.epp": "15b4f99764b399b709980c97deaf1992", - "templates/mod/reqtimeout.conf.erb": "314ef068b786ae5afded290a8b6eab15", - "templates/mod/rpaf.conf.erb": "5447539c083ae54f3a9e93c1ac8c988b", - "templates/mod/security.conf.erb": "e309716298ed8709df5496c27d47fe36", - "templates/mod/security_crs.conf.erb": "5c7bc134c0675d75b66a5c8faaf11eb6", - "templates/mod/setenvif.conf.erb": "c7ede4173da1915b7ec088201f030c28", - "templates/mod/ssl.conf.erb": "ceb6dbf793bb5a5a3670ba21d8c094ca", - "templates/mod/status.conf.erb": "6d27abd09fa1a24a61ffb390013eb2c6", - "templates/mod/suphp.conf.erb": "05bb7b3ea23976b032ce405bfd4edd18", - "templates/mod/userdir.conf.erb": "d05d417868378466d213f51506d987be", - "templates/mod/worker.conf.erb": "dc4c7049af7312f5e82b3e72e8fccdfd", - "templates/mod/wsgi.conf.erb": "bd239ee1b084fea122681033c2d5ad9e", - "templates/namevirtualhost.erb": "fbfca19a639e18e6c477e191344ac8ae", - "templates/ports_header.erb": "afe35cb5747574b700ebaa0f0b3a626e", - "templates/vhost/_access_log.erb": "522414033856b19a50a7ebb1c729438a", - "templates/vhost/_action.erb": "a004dfcac2e63cef65cf8aa0e270b636", - "templates/vhost/_additional_includes.erb": "10e9c0056e962c49459839a1576b082e", - "templates/vhost/_aliases.erb": "6412f695e911feac18986da38f290dae", - "templates/vhost/_allow_encoded_slashes.erb": "37dee0b6fe9287342a10b533955dff81", - "templates/vhost/_auth_cas.erb": "de574e40f97d2b642f8d73b79666be2b", - "templates/vhost/_auth_kerb.erb": "3d0de0c3066440dffcbc75215174705b", - "templates/vhost/_block.erb": "8fa2f970222dbc0a38898b5a0ab80411", - "templates/vhost/_charsets.erb": "d152b6a7815e9edc0fe9bf9acbe2f1ec", - "templates/vhost/_custom_fragment.erb": "325ff48cefc06db035daa3491c391a88", - "templates/vhost/_directories.erb": "a6db53c5e0fc3393bdab839ffc22467a", - "templates/vhost/_docroot.erb": "65d882a3c9d6b6bdd2f9b771f378035a", - "templates/vhost/_error_document.erb": "81d3007c1301a5c5f244c082cfee9de2", - "templates/vhost/_fallbackresource.erb": "e6c103bee7f6f76b10f244fc9fd1cd3b", - "templates/vhost/_fastcgi.erb": "e6d743e11b776e155dc4f80c602fb7e1", - "templates/vhost/_file_footer.erb": "6bd1f82577a664b72acc76370822353e", - "templates/vhost/_file_header.erb": "296d89436ec5c59992ad9899bc23f23c", - "templates/vhost/_filters.erb": "597b9de5ae210af9182a1c95172115e7", - "templates/vhost/_header.erb": "9eb9d4075f288183d8224ddec5b2f126", - "templates/vhost/_http2.erb": "55fb92639203e648861d198c81f60889", - "templates/vhost/_http_protocol_options.erb": "9df9dec592fdb8fb4ab4abf7227cef9c", - "templates/vhost/_itk.erb": "8bf90b9855a9277f7a665b10f6c57fe9", - "templates/vhost/_jk_mounts.erb": "ce997ee7b5602af04062cd5f785da345", - "templates/vhost/_keepalive_options.erb": "16876858bac1e55b13545866b0428d90", - "templates/vhost/_logging.erb": "5bc4cbb1bc8a292acc0ba0420f96ca4e", - "templates/vhost/_passenger.erb": "e11dad5d3840b7133e2068396c069a91", - "templates/vhost/_php.erb": "a16a9f3e146ce463481205e083d4bf79", - "templates/vhost/_php_admin.erb": "107a57e9e7b3f86d1abcf743f672a292", - "templates/vhost/_proxy.erb": "18b9bbb791d248179a08eb36ab895e12", - "templates/vhost/_redirect.erb": "2d40ece74203cc00b861a058db91962c", - "templates/vhost/_requestheader.erb": "db1b0cdda069ae809b5b83b0871ef991", - "templates/vhost/_require.erb": "932106f2c9ea604bba4ace78d22bdfee", - "templates/vhost/_rewrite.erb": "b7858eac95352744196006b57d4091df", - "templates/vhost/_scriptalias.erb": "98713f33cca15b22c749bd35ea9a7b41", - "templates/vhost/_security.erb": "0ade536a9d25342e7128996add04be56", - "templates/vhost/_serveralias.erb": "95fed45853629924467aefc271d5b396", - "templates/vhost/_serversignature.erb": "9bf5a458783ab459e5043e1cdf671fa7", - "templates/vhost/_setenv.erb": "6e6a7efb1b168da9673c9e6d00eadec5", - "templates/vhost/_shib.erb": "fc292ae4006a66ba83c597e04b9d18d7", - "templates/vhost/_ssl.erb": "b51330d156b958e9ccc4ac9c1e2da3ea", - "templates/vhost/_sslproxy.erb": "739bbc2060a621cf034878646461e7ea", - "templates/vhost/_suexec.erb": "f2b3f9b9ff8fbac4e468e02cd824675a", - "templates/vhost/_suphp.erb": "a1c4a5e4461adbfce870df0abd158b59", - "templates/vhost/_use_canonical_name.erb": "cde1179431770daf3c20f8b4099e4f80", - "templates/vhost/_wsgi.erb": "36e19da77b21a40df44cb14d886f1a81" -} \ No newline at end of file diff --git a/puppet/modules/apache/examples/apache.pp b/puppet/modules/apache/examples/apache.pp deleted file mode 100644 index 18ec553..0000000 --- a/puppet/modules/apache/examples/apache.pp +++ /dev/null @@ -1,6 +0,0 @@ -include ::apache -include ::apache::mod::php -include ::apache::mod::cgi -include ::apache::mod::userdir -include ::apache::mod::disk_cache -include ::apache::mod::proxy_http diff --git a/puppet/modules/apache/examples/dev.pp b/puppet/modules/apache/examples/dev.pp deleted file mode 100644 index 5616e32..0000000 --- a/puppet/modules/apache/examples/dev.pp +++ /dev/null @@ -1 +0,0 @@ -include ::apache::mod::dev diff --git a/puppet/modules/apache/examples/init.pp b/puppet/modules/apache/examples/init.pp deleted file mode 100644 index 3391107..0000000 --- a/puppet/modules/apache/examples/init.pp +++ /dev/null @@ -1 +0,0 @@ -include ::apache diff --git a/puppet/modules/apache/examples/mod_load_params.pp b/puppet/modules/apache/examples/mod_load_params.pp deleted file mode 100644 index fa43132..0000000 --- a/puppet/modules/apache/examples/mod_load_params.pp +++ /dev/null @@ -1,11 +0,0 @@ -# Tests the path and identifier parameters for the apache::mod class - -# Base class for clarity: -class { '::apache': } - - -# Exaple parameter usage: -apache::mod { 'testmod': - path => '/usr/some/path/mod_testmod.so', - id => 'testmod_custom_name', -} diff --git a/puppet/modules/apache/examples/mods.pp b/puppet/modules/apache/examples/mods.pp deleted file mode 100644 index 6996382..0000000 --- a/puppet/modules/apache/examples/mods.pp +++ /dev/null @@ -1,9 +0,0 @@ -## Default mods - -# Base class. Declares default vhost on port 80 and default ssl -# vhost on port 443 listening on all interfaces and serving -# $apache::docroot, and declaring our default set of modules. -class { '::apache': - default_mods => true, -} - diff --git a/puppet/modules/apache/examples/mods_custom.pp b/puppet/modules/apache/examples/mods_custom.pp deleted file mode 100644 index 4098c83..0000000 --- a/puppet/modules/apache/examples/mods_custom.pp +++ /dev/null @@ -1,16 +0,0 @@ -## custom mods - -# Base class. Declares default vhost on port 80 and default ssl -# vhost on port 443 listening on all interfaces and serving -# $apache::docroot, and declaring a custom set of modules. -class { '::apache': - default_mods => [ - 'info', - 'alias', - 'mime', - 'env', - 'setenv', - 'expires', - ], -} - diff --git a/puppet/modules/apache/examples/php.pp b/puppet/modules/apache/examples/php.pp deleted file mode 100644 index ee18771..0000000 --- a/puppet/modules/apache/examples/php.pp +++ /dev/null @@ -1,4 +0,0 @@ -class { '::apache': - mpm_module => 'prefork', -} -include ::apache::mod::php diff --git a/puppet/modules/apache/examples/vhost.pp b/puppet/modules/apache/examples/vhost.pp deleted file mode 100644 index 60acda5..0000000 --- a/puppet/modules/apache/examples/vhost.pp +++ /dev/null @@ -1,258 +0,0 @@ -## Default vhosts, and custom vhosts -# NB: Please see the other vhost_*.pp example files for further -# examples. - -# Base class. Declares default vhost on port 80 and default ssl -# vhost on port 443 listening on all interfaces and serving -# $apache::docroot -class { '::apache': } - -# Most basic vhost -apache::vhost { 'first.example.com': - port => '80', - docroot => '/var/www/first', -} - -# Vhost with different docroot owner/group/mode -apache::vhost { 'second.example.com': - port => '80', - docroot => '/var/www/second', - docroot_owner => 'third', - docroot_group => 'third', - docroot_mode => '0770', -} - -# Vhost with serveradmin -apache::vhost { 'third.example.com': - port => '80', - docroot => '/var/www/third', - serveradmin => 'admin@example.com', -} - -# Vhost with ssl (uses default ssl certs) -apache::vhost { 'ssl.example.com': - port => '443', - docroot => '/var/www/ssl', - ssl => true, -} - -# Vhost with ssl and specific ssl certs -apache::vhost { 'fourth.example.com': - port => '443', - docroot => '/var/www/fourth', - ssl => true, - ssl_cert => '/etc/ssl/fourth.example.com.cert', - ssl_key => '/etc/ssl/fourth.example.com.key', -} - -# Vhost with english title and servername parameter -apache::vhost { 'The fifth vhost': - servername => 'fifth.example.com', - port => '80', - docroot => '/var/www/fifth', -} - -# Vhost with server aliases -apache::vhost { 'sixth.example.com': - serveraliases => [ - 'sixth.example.org', - 'sixth.example.net', - ], - port => '80', - docroot => '/var/www/fifth', -} - -# Vhost with alternate options -apache::vhost { 'seventh.example.com': - port => '80', - docroot => '/var/www/seventh', - options => [ - 'Indexes', - 'MultiViews', - ], -} - -# Vhost with AllowOverride for .htaccess -apache::vhost { 'eighth.example.com': - port => '80', - docroot => '/var/www/eighth', - override => 'All', -} - -# Vhost with access and error logs disabled -apache::vhost { 'ninth.example.com': - port => '80', - docroot => '/var/www/ninth', - access_log => false, - error_log => false, -} - -# Vhost with custom access and error logs and logroot -apache::vhost { 'tenth.example.com': - port => '80', - docroot => '/var/www/tenth', - access_log_file => 'tenth_vhost.log', - error_log_file => 'tenth_vhost_error.log', - logroot => '/var/log', -} - -# Vhost with a cgi-bin -apache::vhost { 'eleventh.example.com': - port => '80', - docroot => '/var/www/eleventh', - scriptalias => '/usr/lib/cgi-bin', -} - -# Vhost with a proxypass configuration -apache::vhost { 'twelfth.example.com': - port => '80', - docroot => '/var/www/twelfth', - proxy_dest => 'http://internal.example.com:8080/twelfth', - no_proxy_uris => ['/login','/logout'], -} - -# Vhost to redirect /login and /logout -apache::vhost { 'thirteenth.example.com': - port => '80', - docroot => '/var/www/thirteenth', - redirect_source => [ - '/login', - '/logout', - ], - redirect_dest => [ - 'http://10.0.0.10/login', - 'http://10.0.0.10/logout', - ], -} - -# Vhost to permamently redirect -apache::vhost { 'fourteenth.example.com': - port => '80', - docroot => '/var/www/fourteenth', - redirect_source => '/blog', - redirect_dest => 'http://blog.example.com', - redirect_status => 'permanent', -} - -# Vhost with a rack configuration -apache::vhost { 'fifteenth.example.com': - port => '80', - docroot => '/var/www/fifteenth', - rack_base_uris => ['/rackapp1', '/rackapp2'], -} - - -# Vhost to redirect non-ssl to ssl -apache::vhost { 'sixteenth.example.com non-ssl': - servername => 'sixteenth.example.com', - port => '80', - docroot => '/var/www/sixteenth', - rewrites => [ - { - comment => 'redirect non-SSL traffic to SSL site', - rewrite_cond => ['%{HTTPS} off'], - rewrite_rule => ['(.*) https://%{HTTP_HOST}%{REQUEST_URI}'], - } - ], -} - -# Rewrite a URL to lower case -apache::vhost { 'sixteenth.example.com non-ssl': - servername => 'sixteenth.example.com', - port => '80', - docroot => '/var/www/sixteenth', - rewrites => [ - { comment => 'Rewrite to lower case', - rewrite_cond => ['%{REQUEST_URI} [A-Z]'], - rewrite_map => ['lc int:tolower'], - rewrite_rule => ["(.*) \${lc:\$1} [R=301,L]"], - } - ], -} - -apache::vhost { 'sixteenth.example.com ssl': - servername => 'sixteenth.example.com', - port => '443', - docroot => '/var/www/sixteenth', - ssl => true, -} - -# Vhost to redirect non-ssl to ssl using old rewrite method -apache::vhost { 'sixteenth.example.com non-ssl old rewrite': - servername => 'sixteenth.example.com', - port => '80', - docroot => '/var/www/sixteenth', - rewrite_cond => '%{HTTPS} off', - rewrite_rule => '(.*) https://%{HTTP_HOST}%{REQUEST_URI}', -} -apache::vhost { 'sixteenth.example.com ssl old rewrite': - servername => 'sixteenth.example.com', - port => '443', - docroot => '/var/www/sixteenth', - ssl => true, -} - -# Vhost to block repository files -apache::vhost { 'seventeenth.example.com': - port => '80', - docroot => '/var/www/seventeenth', - block => 'scm', -} - -# Vhost with special environment variables -apache::vhost { 'eighteenth.example.com': - port => '80', - docroot => '/var/www/eighteenth', - setenv => ['SPECIAL_PATH /foo/bin','KILROY was_here'], -} - -apache::vhost { 'nineteenth.example.com': - port => '80', - docroot => '/var/www/nineteenth', - setenvif => 'Host "^([^\.]*)\.website\.com$" CLIENT_NAME=$1', -} - -# Vhost with additional include files -apache::vhost { 'twentyieth.example.com': - port => '80', - docroot => '/var/www/twelfth', - additional_includes => ['/tmp/proxy_group_a','/tmp/proxy_group_b'], -} - -# Vhost with alias for subdomain mapped to same named directory -# http://example.com.loc => /var/www/example.com -apache::vhost { 'subdomain.loc': - vhost_name => '*', - port => '80', - virtual_docroot => '/var/www/%-2+', - docroot => '/var/www', - serveraliases => ['*.loc',], -} - -# Vhost with SSL (SSLProtocol, SSLCipherSuite & SSLHonorCipherOrder from default) -apache::vhost { 'securedomain.com': - priority => '10', - vhost_name => 'www.securedomain.com', - port => '443', - docroot => '/var/www/secure', - ssl => true, - ssl_cert => '/etc/ssl/securedomain.cert', - ssl_key => '/etc/ssl/securedomain.key', - ssl_chain => '/etc/ssl/securedomain.crt', - add_listen => false, -} - -# Vhost with access log environment variables writing control -apache::vhost { 'twentyfirst.example.com': - port => '80', - docroot => '/var/www/twentyfirst', - access_log_env_var => 'admin', -} - -# Vhost with a passenger_base configuration -apache::vhost { 'twentysecond.example.com': - port => '80', - docroot => '/var/www/twentysecond', - rack_base_uris => ['/passengerapp1', '/passengerapp2'], -} - diff --git a/puppet/modules/apache/examples/vhost_directories.pp b/puppet/modules/apache/examples/vhost_directories.pp deleted file mode 100644 index df5a2d5..0000000 --- a/puppet/modules/apache/examples/vhost_directories.pp +++ /dev/null @@ -1,44 +0,0 @@ -# Base class. Declares default vhost on port 80 and default ssl -# vhost on port 443 listening on all interfaces and serving -# $apache::docroot -class { '::apache': } - -# Example from README adapted. -apache::vhost { 'readme.example.net': - docroot => '/var/www/readme', - directories => [ - { - 'path' => '/var/www/readme', - 'ServerTokens' => 'prod' , - }, - { - 'path' => '/usr/share/empty', - 'allow' => 'from all', - }, - ], -} - -# location test -apache::vhost { 'location.example.net': - docroot => '/var/www/location', - directories => [ - { - 'path' => '/location', - 'provider' => 'location', - 'ServerTokens' => 'prod' - }, - ], -} - -# files test, curedly disable access to accidental backup files. -apache::vhost { 'files.example.net': - docroot => '/var/www/files', - directories => [ - { - 'path' => '(\.swp|\.bak|~)$', - 'provider' => 'filesmatch', - 'deny' => 'from all' - }, - ], -} - diff --git a/puppet/modules/apache/examples/vhost_filter.pp b/puppet/modules/apache/examples/vhost_filter.pp deleted file mode 100644 index 1a66b85..0000000 --- a/puppet/modules/apache/examples/vhost_filter.pp +++ /dev/null @@ -1,17 +0,0 @@ -# Base class. Declares default vhost on port 80 with filters. -class { '::apache': } - -# Example from README adapted. -apache::vhost { 'readme.example.net': - docroot => '/var/www/html', - filters => [ - 'FilterDeclare COMPRESS', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml', - 'FilterChain COMPRESS', - 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', - ], -} - diff --git a/puppet/modules/apache/examples/vhost_ip_based.pp b/puppet/modules/apache/examples/vhost_ip_based.pp deleted file mode 100644 index 249c419..0000000 --- a/puppet/modules/apache/examples/vhost_ip_based.pp +++ /dev/null @@ -1,25 +0,0 @@ -## IP-based vhosts on any listen port -# IP-based vhosts respond to requests on specific IP addresses. - -# Base class. Turn off the default vhosts; we will be declaring -# all vhosts below. -class { '::apache': - default_vhost => false, -} - -# Listen on port 80 and 81; required because the following vhosts -# are not declared with a port parameter. -apache::listen { '80': } -apache::listen { '81': } - -# IP-based vhosts -apache::vhost { 'first.example.com': - ip => '10.0.0.10', - docroot => '/var/www/first', - ip_based => true, -} -apache::vhost { 'second.example.com': - ip => '10.0.0.11', - docroot => '/var/www/second', - ip_based => true, -} diff --git a/puppet/modules/apache/examples/vhost_proxypass.pp b/puppet/modules/apache/examples/vhost_proxypass.pp deleted file mode 100644 index 8edd0de..0000000 --- a/puppet/modules/apache/examples/vhost_proxypass.pp +++ /dev/null @@ -1,66 +0,0 @@ -## vhost with proxyPass directive -# NB: Please see the other vhost_*.pp example files for further -# examples. - -# Base class. Declares default vhost on port 80 and default ssl -# vhost on port 443 listening on all interfaces and serving -# $apache::docroot -class { '::apache': } - -# Most basic vhost with proxy_pass -apache::vhost { 'first.example.com': - port => 80, - docroot => '/var/www/first', - proxy_pass => [ - { - 'path' => '/first', - 'url' => 'http://localhost:8080/first' - }, - ], -} - -# vhost with proxy_pass and parameters -apache::vhost { 'second.example.com': - port => 80, - docroot => '/var/www/second', - proxy_pass => [ - { - 'path' => '/second', - 'url' => 'http://localhost:8080/second', - 'params' => { - 'retry' => '0', - 'timeout' => '5', - } - }, - ], -} - -# vhost with proxy_pass and keywords -apache::vhost { 'third.example.com': - port => 80, - docroot => '/var/www/third', - proxy_pass => [ - { - 'path' => '/third', - 'url' => 'http://localhost:8080/third', - 'keywords' => ['noquery', 'interpolate'] - }, - ], -} - -# vhost with proxy_pass, parameters and keywords -apache::vhost { 'fourth.example.com': - port => 80, - docroot => '/var/www/fourth', - proxy_pass => [ - { - 'path' => '/fourth', - 'url' => 'http://localhost:8080/fourth', - 'params' => { - 'retry' => '0', - 'timeout' => '5', - }, - 'keywords' => ['noquery', 'interpolate'] - }, - ], -} diff --git a/puppet/modules/apache/examples/vhost_ssl.pp b/puppet/modules/apache/examples/vhost_ssl.pp deleted file mode 100644 index 53989ff..0000000 --- a/puppet/modules/apache/examples/vhost_ssl.pp +++ /dev/null @@ -1,23 +0,0 @@ -## SSL-enabled vhosts -# SSL-enabled vhosts respond only to HTTPS queries. - -# Base class. Turn off the default vhosts; we will be declaring -# all vhosts below. -class { '::apache': - default_vhost => false, -} - -# Non-ssl vhost -apache::vhost { 'first.example.com non-ssl': - servername => 'first.example.com', - port => '80', - docroot => '/var/www/first', -} - -# SSL vhost at the same domain -apache::vhost { 'first.example.com ssl': - servername => 'first.example.com', - port => '443', - docroot => '/var/www/first', - ssl => true, -} diff --git a/puppet/modules/apache/examples/vhosts_without_listen.pp b/puppet/modules/apache/examples/vhosts_without_listen.pp deleted file mode 100644 index 0e97a02..0000000 --- a/puppet/modules/apache/examples/vhosts_without_listen.pp +++ /dev/null @@ -1,53 +0,0 @@ -## Declare ip-based and name-based vhosts -# Mixing Name-based vhost with IP-specific vhosts requires `add_listen => -# 'false'` on the non-IP vhosts - -# Base class. Turn off the default vhosts; we will be declaring -# all vhosts below. -class { '::apache': - default_vhost => false, -} - - -# Add two an IP-based vhost on 10.0.0.10, ssl and non-ssl -apache::vhost { 'The first IP-based vhost, non-ssl': - servername => 'first.example.com', - ip => '10.0.0.10', - port => '80', - ip_based => true, - docroot => '/var/www/first', -} -apache::vhost { 'The first IP-based vhost, ssl': - servername => 'first.example.com', - ip => '10.0.0.10', - port => '443', - ip_based => true, - docroot => '/var/www/first-ssl', - ssl => true, -} - -# Two name-based vhost listening on 10.0.0.20 -apache::vhost { 'second.example.com': - ip => '10.0.0.20', - port => '80', - docroot => '/var/www/second', -} -apache::vhost { 'third.example.com': - ip => '10.0.0.20', - port => '80', - docroot => '/var/www/third', -} - -# Two name-based vhosts without IPs specified, so that they will answer on either 10.0.0.10 or 10.0.0.20 . It is requried to declare -# `add_listen => 'false'` to disable declaring "Listen 80" which will conflict -# with the IP-based preceeding vhosts. -apache::vhost { 'fourth.example.com': - port => '80', - docroot => '/var/www/fourth', - add_listen => false, -} -apache::vhost { 'fifth.example.com': - port => '80', - docroot => '/var/www/fifth', - add_listen => false, -} diff --git a/puppet/modules/apache/files/httpd b/puppet/modules/apache/files/httpd deleted file mode 100644 index d65a8d4..0000000 --- a/puppet/modules/apache/files/httpd +++ /dev/null @@ -1,24 +0,0 @@ -# Configuration file for the httpd service. - -# -# The default processing model (MPM) is the process-based -# 'prefork' model. A thread-based model, 'worker', is also -# available, but does not work with some modules (such as PHP). -# The service must be stopped before changing this variable. -# -#HTTPD=/usr/sbin/httpd.worker - -# -# To pass additional options (for instance, -D definitions) to the -# httpd binary at startup, set OPTIONS here. -# -#OPTIONS= -#OPTIONS=-DDOWN - -# -# By default, the httpd process is started in the C locale; to -# change the locale in which the server runs, the HTTPD_LANG -# variable can be set. -# -#HTTPD_LANG=C -export SHORTHOST=`hostname -s` diff --git a/puppet/modules/apache/lib/facter/apache_version.rb b/puppet/modules/apache/lib/facter/apache_version.rb deleted file mode 100644 index cd29c1d..0000000 --- a/puppet/modules/apache/lib/facter/apache_version.rb +++ /dev/null @@ -1,14 +0,0 @@ -Facter.add(:apache_version) do - confine kernel: ['FreeBSD', 'Linux'] - setcode do - if Facter::Util::Resolution.which('apachectl') - apache_version = Facter::Util::Resolution.exec('apachectl -v 2>&1') - Facter.debug "Matching apachectl '#{apache_version}'" - %r{^Server version: Apache/(\d+\.\d+(\.\d+)?)}.match(apache_version)[1] - elsif Facter::Util::Resolution.which('apache2ctl') - apache_version = Facter::Util::Resolution.exec('apache2ctl -v 2>&1') - Facter.debug "Matching apache2ctl '#{apache_version}'" - %r{^Server version: Apache/(\d+\.\d+(\.\d+)?)}.match(apache_version)[1] - end - end -end diff --git a/puppet/modules/apache/lib/puppet/functions/apache/apache_pw_hash.rb b/puppet/modules/apache/lib/puppet/functions/apache/apache_pw_hash.rb deleted file mode 100644 index dc73bfd..0000000 --- a/puppet/modules/apache/lib/puppet/functions/apache/apache_pw_hash.rb +++ /dev/null @@ -1,15 +0,0 @@ -# Hashes a password in a format suitable for htpasswd files read by apache. -# -# Currently uses SHA-hashes, because although this format is considered insecure, its the -# most secure format supported by the most platforms. -Puppet::Functions.create_function(:'apache::apache_pw_hash') do - dispatch :apache_pw_hash do - required_param 'String[1]', :password - return_type 'String' - end - - def apache_pw_hash(password) - require 'base64' - '{SHA}' + Base64.strict_encode64(Digest::SHA1.digest(password)) - end -end diff --git a/puppet/modules/apache/lib/puppet/functions/apache/bool2httpd.rb b/puppet/modules/apache/lib/puppet/functions/apache/bool2httpd.rb deleted file mode 100644 index a173c8b..0000000 --- a/puppet/modules/apache/lib/puppet/functions/apache/bool2httpd.rb +++ /dev/null @@ -1,21 +0,0 @@ -# Transform a supposed boolean to On or Off. Pass all other values through. -# Given a nil value (undef), bool2httpd will return 'Off' -# -# Example: -# -# $trace_enable = false -# $server_signature = 'mail' -# -# bool2httpd($trace_enable) -# # => 'Off' -# bool2httpd($server_signature) -# # => 'mail' -# bool2httpd(undef) -# # => 'Off' -Puppet::Functions.create_function(:'apache::bool2httpd') do - def bool2httpd(arg) - return 'Off' if arg.nil? || arg == false || arg =~ %r{false}i || arg == :undef - return 'On' if arg == true || arg =~ %r{true}i - arg.to_s - end -end diff --git a/puppet/modules/apache/lib/puppet/functions/apache/validate_apache_log_level.rb b/puppet/modules/apache/lib/puppet/functions/apache/validate_apache_log_level.rb deleted file mode 100644 index 1ae906c..0000000 --- a/puppet/modules/apache/lib/puppet/functions/apache/validate_apache_log_level.rb +++ /dev/null @@ -1,21 +0,0 @@ -# Perform simple validation of a string against the list of known log -# levels as per http://httpd.apache.org/docs/current/mod/core.html#loglevel -# validate_apache_loglevel('info') -# -# Modules maybe specified with their own levels like these: -# validate_apache_loglevel('warn ssl:info') -# validate_apache_loglevel('warn mod_ssl.c:info') -# validate_apache_loglevel('warn ssl_module:info') -# -# Expected to be used from the main or vhost. -# Might be used from directory too later as apache supports that -Puppet::Functions.create_function(:'apache::validate_apache_log_level') do - dispatch :validate_apache_log_level do - required_param 'String', :log_level - end - - def validate_apache_log_level(log_level) - msg = "Log level '${log_level}' is not one of the supported Apache HTTP Server log levels." - raise Puppet::ParseError, msg unless log_level =~ Regexp.compile('(emerg|alert|crit|error|warn|notice|info|debug|trace[1-8])') - end -end diff --git a/puppet/modules/apache/lib/puppet/parser/functions/apache_pw_hash.rb b/puppet/modules/apache/lib/puppet/parser/functions/apache_pw_hash.rb deleted file mode 100644 index eda0875..0000000 --- a/puppet/modules/apache/lib/puppet/parser/functions/apache_pw_hash.rb +++ /dev/null @@ -1,15 +0,0 @@ -require 'base64' - -Puppet::Parser::Functions.newfunction(:apache_pw_hash, type: :rvalue, doc: <<-DOC - Hashes a password in a format suitable for htpasswd files read by apache. - Currently uses SHA-hashes, because although this format is considered insecure, its the - most secure format supported by the most platforms. -DOC - ) do |args| - raise(Puppet::ParseError, "apache_pw_hash() wrong number of arguments. Given: #{args.size} for 1)") if args.size != 1 - raise(Puppet::ParseError, 'apache_pw_hash(): first argument must be a string') unless args[0].is_a? String - raise(Puppet::ParseError, 'apache_pw_hash(): first argument must not be empty') if args[0].empty? - - password = args[0] - return '{SHA}' + Base64.strict_encode64(Digest::SHA1.digest(password)) -end diff --git a/puppet/modules/apache/lib/puppet/parser/functions/bool2httpd.rb b/puppet/modules/apache/lib/puppet/parser/functions/bool2httpd.rb deleted file mode 100644 index 00e4993..0000000 --- a/puppet/modules/apache/lib/puppet/parser/functions/bool2httpd.rb +++ /dev/null @@ -1,21 +0,0 @@ -Puppet::Parser::Functions.newfunction(:bool2httpd, type: :rvalue, doc: <<-DOC - Transform a supposed boolean to On or Off. Pass all other values through. - Given a nil value (undef), bool2httpd will return 'Off' - Example: - $trace_enable = false - $server_signature = 'mail' - bool2httpd($trace_enable) - # => 'Off' - bool2httpd($server_signature) - # => 'mail' - bool2httpd(undef) - # => 'Off' -DOC - ) do |args| - raise(Puppet::ParseError, "bool2httpd() wrong number of arguments. Given: #{args.size} for 1)") if args.size != 1 - - arg = args[0] - return 'Off' if arg.nil? || arg == false || arg =~ %r{false}i || arg == :undef - return 'On' if arg == true || arg =~ %r{true}i - return arg.to_s -end diff --git a/puppet/modules/apache/lib/puppet/parser/functions/validate_apache_log_level.rb b/puppet/modules/apache/lib/puppet/parser/functions/validate_apache_log_level.rb deleted file mode 100644 index bcbf8e7..0000000 --- a/puppet/modules/apache/lib/puppet/parser/functions/validate_apache_log_level.rb +++ /dev/null @@ -1,23 +0,0 @@ -# validate_apache_log_level.rb -module Puppet::Parser::Functions - newfunction(:validate_apache_log_level, doc: <<-DOC - Perform simple validation of a string against the list of known log - levels as per http://httpd.apache.org/docs/current/mod/core.html#loglevel - validate_apache_loglevel('info') - Modules maybe specified with their own levels like these: - validate_apache_loglevel('warn ssl:info') - validate_apache_loglevel('warn mod_ssl.c:info') - validate_apache_loglevel('warn ssl_module:info') - Expected to be used from the main or vhost. - Might be used from directory too later as apaceh supports that -DOC - ) do |args| - if args.size != 1 - raise Puppet::ParseError, "validate_apache_loglevel(): wrong number of arguments (#{args.length}; must be 1)" - end - - log_level = args[0] - msg = "Log level '${log_level}' is not one of the supported Apache HTTP Server log levels." - raise Puppet::ParseError, msg unless log_level =~ Regexp.compile('(emerg|alert|crit|error|warn|notice|info|debug|trace[1-8])') - end -end diff --git a/puppet/modules/apache/lib/puppet/provider/a2mod.rb b/puppet/modules/apache/lib/puppet/provider/a2mod.rb deleted file mode 100644 index af704b6..0000000 --- a/puppet/modules/apache/lib/puppet/provider/a2mod.rb +++ /dev/null @@ -1,36 +0,0 @@ -# a2mod.rb -class Puppet::Provider::A2mod < Puppet::Provider - def self.prefetch(mods) - instances.each do |prov| - mod = mods[prov.name] - if mod - mod.provider = prov - end - end - end - - def flush - @property_hash.clear - end - - def properties - if @property_hash.empty? - @property_hash = query || { ensure: :absent } - @property_hash[:ensure] = :absent if @property_hash.empty? - end - @property_hash.dup - end - - def query - self.class.instances.each do |mod| - if mod.name == name || mod.name.downcase == name - return mod.properties - end - end - nil - end - - def exists? - properties[:ensure] != :absent - end -end diff --git a/puppet/modules/apache/lib/puppet/provider/a2mod/a2mod.rb b/puppet/modules/apache/lib/puppet/provider/a2mod/a2mod.rb deleted file mode 100644 index 8b18686..0000000 --- a/puppet/modules/apache/lib/puppet/provider/a2mod/a2mod.rb +++ /dev/null @@ -1,35 +0,0 @@ -require 'puppet/provider/a2mod' - -Puppet::Type.type(:a2mod).provide(:a2mod, parent: Puppet::Provider::A2mod) do - desc 'Manage Apache 2 modules on Debian and Ubuntu' - - optional_commands encmd: 'a2enmod' - optional_commands discmd: 'a2dismod' - commands apache2ctl: 'apache2ctl' - - confine osfamily: :debian - defaultfor operatingsystem: [:debian, :ubuntu] - - def self.instances - modules = apache2ctl('-M').lines.map { |line| - m = line.match(%r{(\w+)_module \(shared\)$}) - m[1] if m - }.compact - - modules.map do |mod| - new( - name: mod, - ensure: :present, - provider: :a2mod, - ) - end - end - - def create - encmd resource[:name] - end - - def destroy - discmd resource[:name] - end -end diff --git a/puppet/modules/apache/lib/puppet/provider/a2mod/gentoo.rb b/puppet/modules/apache/lib/puppet/provider/a2mod/gentoo.rb deleted file mode 100644 index d4c0b6d..0000000 --- a/puppet/modules/apache/lib/puppet/provider/a2mod/gentoo.rb +++ /dev/null @@ -1,114 +0,0 @@ -require 'puppet/util/filetype' -Puppet::Type.type(:a2mod).provide(:gentoo, parent: Puppet::Provider) do - desc 'Manage Apache 2 modules on Gentoo' - - confine operatingsystem: :gentoo - defaultfor operatingsystem: :gentoo - - attr_accessor :property_hash - - def create - @property_hash[:ensure] = :present - end - - def exists? - (!@property_hash[:ensure].nil? && @property_hash[:ensure] == :present) - end - - def destroy - @property_hash[:ensure] = :absent - end - - def flush - self.class.flush - end - - class << self - attr_reader :conf_file - end - - def self.clear - @mod_resources = [] - @modules = [] - @other_args = '' - end - - def self.initvars - @conf_file = '/etc/conf.d/apache2' - @filetype = Puppet::Util::FileType.filetype(:flat).new(conf_file) - @mod_resources = [] - @modules = [] - @other_args = '' - end - - initvars - - # Retrieve an array of all existing modules - def self.modules - if @modules.length <= 0 - # Locate the APACHE_OPTS variable - records = filetype.read.split(%r{\n}) - apache2_opts = records.grep(%r{^\s*APACHE2_OPTS=}).first - - # Extract all defines - @modules << Regexp.last_match(1).downcase while apache2_opts.sub!(%r{-D\s+(\w+)}, '') - - # Hang on to any remaining options. - if apache2_opts =~ %r{APACHE2_OPTS="(.+)"} - @other_args = Regexp.last_match(1).strip - end - - @modules.sort!.uniq! - end - - @modules - end - - def self.prefetch(resources = {}) - # Match resources with existing providers - instances.each do |provider| - resource = resources[provider.name] - if resource - resource.provider = provider - end - end - - # Store all resources using this provider for flushing - resources.each do |_name, resource| - @mod_resources << resource - end - end - - def self.instances - modules.map { |mod| new(name: mod, provider: :gentoo, ensure: :present) } - end - - def self.flush - mod_list = modules - mods_to_remove = @mod_resources.select { |mod| mod.should(:ensure) == :absent }.map { |mod| mod[:name] } - mods_to_add = @mod_resources.select { |mod| mod.should(:ensure) == :present }.map { |mod| mod[:name] } - - mod_list -= mods_to_remove - mod_list += mods_to_add - mod_list.sort!.uniq! - - return unless modules != mod_list - - opts = @other_args + ' ' - opts << mod_list.map { |mod| "-D #{mod.upcase}" }.join(' ') - opts.strip! - opts.gsub!(%r{\s+}, ' ') - - apache2_opts = %(APACHE2_OPTS="#{opts}") - Puppet.debug("Writing back \"#{apache2_opts}\" to #{conf_file}") - - records = filetype.read.split(%r{\n}) - - opts_index = records.find_index { |i| i.match(%r{^\s*APACHE2_OPTS}) } - records[opts_index] = apache2_opts - - filetype.backup - filetype.write(records.join("\n")) - @modules = mod_list - end -end diff --git a/puppet/modules/apache/lib/puppet/provider/a2mod/modfix.rb b/puppet/modules/apache/lib/puppet/provider/a2mod/modfix.rb deleted file mode 100644 index 59fdc92..0000000 --- a/puppet/modules/apache/lib/puppet/provider/a2mod/modfix.rb +++ /dev/null @@ -1,11 +0,0 @@ -Puppet::Type.type(:a2mod).provide :modfix do - desc "Dummy provider for A2mod. - Fake nil resources when there is no crontab binary available. Allows - puppetd to run on a bootstrapped machine before a Cron package has been - installed. Workaround for: http://projects.puppetlabs.com/issues/2384 - " - - def self.instances - [] - end -end diff --git a/puppet/modules/apache/lib/puppet/provider/a2mod/redhat.rb b/puppet/modules/apache/lib/puppet/provider/a2mod/redhat.rb deleted file mode 100644 index 6b06377..0000000 --- a/puppet/modules/apache/lib/puppet/provider/a2mod/redhat.rb +++ /dev/null @@ -1,60 +0,0 @@ -require 'puppet/provider/a2mod' - -Puppet::Type.type(:a2mod).provide(:redhat, parent: Puppet::Provider::A2mod) do - desc 'Manage Apache 2 modules on RedHat family OSs' - - commands apachectl: 'apachectl' - - confine osfamily: :redhat - defaultfor osfamily: :redhat - - require 'pathname' - - # modpath: Path to default apache modules directory /etc/httpd/mod.d - # modfile: Path to module load configuration file; Default: resides under modpath directory - # libfile: Path to actual apache module library. Added in modfile LoadModule - - attr_accessor :modfile, :libfile - class << self - attr_accessor :modpath - def preinit - @modpath = '/etc/httpd/mod.d' - end - end - - preinit - - def create - File.open(modfile, 'w') do |f| - f.puts "LoadModule #{resource[:identifier]} #{libfile}" - end - end - - def destroy - File.delete(modfile) - end - - def self.instances - modules = apachectl('-M').lines.map { |line| - m = line.match(%r{(\w+)_module \(shared\)$}) - m[1] if m - }.compact - - modules.map do |mod| - new( - name: mod, - ensure: :present, - provider: :redhat, - ) - end - end - - def modfile - "#{self.class.modpath}/#{resource[:name]}.load" - end - - # Set libfile path: If absolute path is passed, then maintain it. Else, make it default from 'modules' dir. - def libfile - Pathname.new(resource[:lib]).absolute? ? resource[:lib] : "modules/#{resource[:lib]}" - end -end diff --git a/puppet/modules/apache/lib/puppet/type/a2mod.rb b/puppet/modules/apache/lib/puppet/type/a2mod.rb deleted file mode 100644 index 0251698..0000000 --- a/puppet/modules/apache/lib/puppet/type/a2mod.rb +++ /dev/null @@ -1,28 +0,0 @@ -Puppet::Type.newtype(:a2mod) do - @doc = 'Manage Apache 2 modules' - - ensurable - - newparam(:name) do - Puppet.warning 'The a2mod provider is deprecated, please use apache::mod instead' - desc 'The name of the module to be managed' - - isnamevar - end - - newparam(:lib) do - desc 'The name of the .so library to be loaded' - - defaultto { "mod_#{@resource[:name]}.so" } - end - - newparam(:identifier) do - desc 'Module identifier string used by LoadModule. Default: module-name_module' - - # http://httpd.apache.org/docs/2.2/mod/module-dict.html#ModuleIdentifier - - defaultto { "#{resource[:name]}_module" } - end - - autorequire(:package) { catalog.resource(:package, 'httpd') } -end diff --git a/puppet/modules/apache/locales/config.yaml b/puppet/modules/apache/locales/config.yaml deleted file mode 100644 index c837de7..0000000 --- a/puppet/modules/apache/locales/config.yaml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# This is the project-specific configuration file for setting up -# fast_gettext for your project. -gettext: - # This is used for the name of the .pot and .po files; they will be - # called .pot? - project_name: puppetlabs-apache - # This is used in comments in the .pot and .po files to indicate what - # project the files belong to and should bea little more desctiptive than - # - package_name: puppetlabs-apache - # The locale that the default messages in the .pot file are in - default_locale: en - # The email used for sending bug reports. - bugs_address: docs@puppet.com - # The holder of the copyright. - copyright_holder: Puppet, Inc. - # This determines which comments in code should be eligible for translation. - # Any comments that start with this string will be externalized. (Leave - # empty to include all.) - comments_tag: TRANSLATOR - # Patterns for +Dir.glob+ used to find all files that might contain - # translatable content, relative to the project root directory - source_files: - - './lib/**/*.rb' - diff --git a/puppet/modules/apache/locales/ja/puppetlabs-apache.po b/puppet/modules/apache/locales/ja/puppetlabs-apache.po deleted file mode 100644 index 1d61c89..0000000 --- a/puppet/modules/apache/locales/ja/puppetlabs-apache.po +++ /dev/null @@ -1,28 +0,0 @@ -# -#, fuzzy -msgid "" -msgstr "" -"Project-Id-Version: PACKAGE VERSION\n" -"Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2017-03-21 14:19+0100\n" -"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -"Last-Translator: 梅田智世 , 2017\n" -"Language-Team: Japanese (Japan) (https://www.transifex.com/puppet/teams/29089/ja_JP/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Language: ja_JP\n" -"Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Translate Toolkit 2.0.0\n" - -#. metadata.json -#: .summary -msgid "" -"Installs, configures, and manages Apache virtual hosts, web services, and " -"modules." -msgstr "Apacheバーチャルホスト、Webサービス、モジュールのインストール、設定、管理。" - -#. metadata.json -#: .description -msgid "Module for Apache configuration" -msgstr "Apache設定用のモジュール。" diff --git a/puppet/modules/apache/locales/puppetlabs-apache.pot b/puppet/modules/apache/locales/puppetlabs-apache.pot deleted file mode 100644 index 7602dd8..0000000 --- a/puppet/modules/apache/locales/puppetlabs-apache.pot +++ /dev/null @@ -1,25 +0,0 @@ -#, fuzzy -msgid "" -msgstr "" -"Project-Id-Version: PACKAGE VERSION\n" -"Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2017-03-21 14:19+0100\n" -"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -"Last-Translator: FULL NAME \n" -"Language-Team: LANGUAGE \n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"X-Generator: Translate Toolkit 2.0.0\n" - -#. metadata.json -#: .summary -msgid "" -"Installs, configures, and manages Apache virtual hosts, web services, and " -"modules." -msgstr "" - -#. metadata.json -#: .description -msgid "Module for Apache configuration" -msgstr "" diff --git a/puppet/modules/apache/manifests/balancer.pp b/puppet/modules/apache/manifests/balancer.pp deleted file mode 100644 index 9f824d2..0000000 --- a/puppet/modules/apache/manifests/balancer.pp +++ /dev/null @@ -1,107 +0,0 @@ -# == Define Resource Type: apache::balancer -# -# This type will create an apache balancer cluster file inside the conf.d -# directory. Each balancer cluster needs one or more balancer members (that can -# be declared with the apache::balancermember defined resource type). Using -# storeconfigs, you can export the apache::balancermember resources on all -# balancer members, and then collect them on a single apache load balancer -# server. -# -# === Requirement/Dependencies: -# -# Currently requires the puppetlabs/concat module on the Puppet Forge and uses -# storeconfigs on the Puppet Master to export/collect resources from all -# balancer members. -# -# === Parameters -# -# [*name*] -# The namevar of the defined resource type is the balancer clusters name. -# This name is also used in the name of the conf.d file -# -# [*proxy_set*] -# Hash, default empty. If given, each key-value pair will be used as a ProxySet -# line in the configuration. -# -# [*target*] -# String, default undef. If given, path to the file the balancer definition will -# be written. -# -# [*collect_exported*] -# Boolean, default 'true'. True means 'collect exported @@balancermember -# resources' (for the case when every balancermember node exports itself), -# false means 'rely on the existing declared balancermember resources' (for the -# case when you know the full set of balancermembers in advance and use -# apache::balancermember with array arguments, which allows you to deploy -# everything in 1 run) -# -# [*options*] -# Array, default empty. If given, additional directives may be added to the -# block. -# -# === Examples -# -# Exporting the resource for a balancer member: -# -# apache::balancer { 'puppet00': } -# -define apache::balancer ( - $proxy_set = {}, - $collect_exported = true, - $target = undef, - $options = [], -) { - include ::apache::mod::proxy_balancer - - if versioncmp($apache::mod::proxy_balancer::apache_version, '2.4') >= 0 { - $lbmethod = $proxy_set['lbmethod'] ? { - undef => 'byrequests', - default => $proxy_set['lbmethod'], - } - ensure_resource('apache::mod', "lbmethod_${lbmethod}") - } - - if $target { - $_target = $target - } else { - $_target = "${::apache::confd_dir}/balancer_${name}.conf" - } - - if !empty($options) { - $_options = " ${join($options, ' ')}" - } else { - $_options = '' - } - - concat { "apache_balancer_${name}": - owner => '0', - group => '0', - path => $_target, - mode => $::apache::file_mode, - notify => Class['Apache::Service'], - } - - concat::fragment { "00-${name}-header": - target => "apache_balancer_${name}", - order => '01', - content => "\n", - } - - if $collect_exported { - Apache::Balancermember <<| balancer_cluster == $name |>> - } - # else: the resources have been created and they introduced their - # concat fragments. We don't have to do anything about them. - - concat::fragment { "01-${name}-proxyset": - target => "apache_balancer_${name}", - order => '19', - content => inline_template("<% @proxy_set.keys.sort.each do |key| %> Proxyset <%= key %>=<%= @proxy_set[key] %>\n<% end %>"), - } - - concat::fragment { "01-${name}-footer": - target => "apache_balancer_${name}", - order => '20', - content => "\n", - } -} diff --git a/puppet/modules/apache/manifests/balancermember.pp b/puppet/modules/apache/manifests/balancermember.pp deleted file mode 100644 index 6e8b29f..0000000 --- a/puppet/modules/apache/manifests/balancermember.pp +++ /dev/null @@ -1,52 +0,0 @@ -# == Define Resource Type: apache::balancermember -# -# This type will setup a balancer member inside a listening service -# configuration block in /etc/apache/apache.cfg on the load balancer. -# currently it only has the ability to specify the instance name, url and an -# array of options. More features can be added as needed. The best way to -# implement this is to export this resource for all apache balancer member -# servers, and then collect them on the main apache load balancer. -# -# === Requirement/Dependencies: -# -# Currently requires the puppetlabs/concat module on the Puppet Forge and -# uses storeconfigs on the Puppet Master to export/collect resources -# from all balancer members. -# -# === Parameters -# -# [*name*] -# The title of the resource is arbitrary and only utilized in the concat -# fragment name. -# -# [*balancer_cluster*] -# The apache service's instance name (or, the title of the apache::balancer -# resource). This must match up with a declared apache::balancer resource. -# -# [*url*] -# The url used to contact the balancer member server. -# -# [*options*] -# An array of options to be specified after the url. -# -# === Examples -# -# Exporting the resource for a balancer member: -# -# @@apache::balancermember { 'apache': -# balancer_cluster => 'puppet00', -# url => "ajp://${::fqdn}:8009" -# options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], -# } -# -define apache::balancermember( - $balancer_cluster, - $url = "http://${::fqdn}/", - $options = [], -) { - - concat::fragment { "BalancerMember ${name}": - target => "apache_balancer_${balancer_cluster}", - content => inline_template(" BalancerMember ${url} <%= @options.join ' ' %>\n"), - } -} diff --git a/puppet/modules/apache/manifests/confd/no_accf.pp b/puppet/modules/apache/manifests/confd/no_accf.pp deleted file mode 100644 index f35c0c8..0000000 --- a/puppet/modules/apache/manifests/confd/no_accf.pp +++ /dev/null @@ -1,10 +0,0 @@ -class apache::confd::no_accf { - # Template uses no variables - file { 'no-accf.conf': - ensure => 'file', - path => "${::apache::confd_dir}/no-accf.conf", - content => template('apache/confd/no-accf.conf.erb'), - require => Exec["mkdir ${::apache::confd_dir}"], - before => File[$::apache::confd_dir], - } -} diff --git a/puppet/modules/apache/manifests/custom_config.pp b/puppet/modules/apache/manifests/custom_config.pp deleted file mode 100644 index 6bffa05..0000000 --- a/puppet/modules/apache/manifests/custom_config.pp +++ /dev/null @@ -1,67 +0,0 @@ -# See README.md for usage information -define apache::custom_config ( - Enum['absent', 'present'] $ensure = 'present', - $confdir = $::apache::confd_dir, - $content = undef, - $priority = '25', - $source = undef, - $verify_command = $::apache::params::verify_command, - Boolean $verify_config = true, - $filename = undef, -) { - - if $content and $source { - fail('Only one of $content and $source can be specified.') - } - - if $ensure == 'present' and ! $content and ! $source { - fail('One of $content and $source must be specified.') - } - - if $filename { - $_filename = $filename - } else { - if $priority { - $priority_prefix = "${priority}-" - } else { - $priority_prefix = '' - } - - ## Apache include does not always work with spaces in the filename - $filename_middle = regsubst($name, ' ', '_', 'G') - $_filename = "${priority_prefix}${filename_middle}.conf" - } - - if ! $verify_config or $ensure == 'absent' { - $notifies = Class['Apache::Service'] - } else { - $notifies = undef - } - - file { "apache_${name}": - ensure => $ensure, - path => "${confdir}/${_filename}", - content => $content, - source => $source, - require => Package['httpd'], - notify => $notifies, - } - - if $ensure == 'present' and $verify_config { - exec { "syntax verification for ${name}": - command => $verify_command, - subscribe => File["apache_${name}"], - refreshonly => true, - notify => Class['Apache::Service'], - before => Exec["remove ${name} if invalid"], - require => Anchor['::apache::modules_set_up'], - } - - exec { "remove ${name} if invalid": - command => "/bin/rm ${confdir}/${_filename}", - unless => $verify_command, - subscribe => File["apache_${name}"], - refreshonly => true, - } - } -} diff --git a/puppet/modules/apache/manifests/default_confd_files.pp b/puppet/modules/apache/manifests/default_confd_files.pp deleted file mode 100644 index c06b30c..0000000 --- a/puppet/modules/apache/manifests/default_confd_files.pp +++ /dev/null @@ -1,15 +0,0 @@ -class apache::default_confd_files ( - $all = true, -) { - # The rest of the conf.d/* files only get loaded if we want them - if $all { - case $::osfamily { - 'freebsd': { - include ::apache::confd::no_accf - } - default: { - # do nothing - } - } - } -} diff --git a/puppet/modules/apache/manifests/default_mods.pp b/puppet/modules/apache/manifests/default_mods.pp deleted file mode 100644 index 2e82d4d..0000000 --- a/puppet/modules/apache/manifests/default_mods.pp +++ /dev/null @@ -1,182 +0,0 @@ -class apache::default_mods ( - $all = true, - $mods = undef, - $apache_version = $::apache::apache_version, - $use_systemd = $::apache::use_systemd, -) { - # These are modules required to run the default configuration. - # They are not configurable at this time, so we just include - # them to make sure it works. - case $::osfamily { - 'redhat': { - ::apache::mod { 'log_config': } - if versioncmp($apache_version, '2.4') >= 0 { - # Lets fork it - # Do not try to load mod_systemd on RHEL/CentOS 6 SCL. - if ( !($::osfamily == 'redhat' and versioncmp($::operatingsystemrelease, '7.0') == -1) and !($::operatingsystem == 'Amazon') ) { - if ($use_systemd) { - ::apache::mod { 'systemd': } - } - } - if ($::operatingsystem == 'Amazon' and $::operatingsystemrelease == '2') { - ::apache::mod { 'systemd': } - } - ::apache::mod { 'unixd': } - } - } - 'freebsd': { - ::apache::mod { 'log_config': } - ::apache::mod { 'unixd': } - } - 'Suse': { - ::apache::mod { 'log_config': } - } - default: {} - } - case $::osfamily { - 'gentoo': {} - default: { - ::apache::mod { 'authz_host': } - } - } - # The rest of the modules only get loaded if we want all modules enabled - if $all { - case $::osfamily { - 'debian': { - include ::apache::mod::authn_core - include ::apache::mod::reqtimeout - if versioncmp($apache_version, '2.4') < 0 { - ::apache::mod { 'authn_alias': } - } - } - 'redhat': { - include ::apache::mod::actions - include ::apache::mod::authn_core - include ::apache::mod::cache - include ::apache::mod::ext_filter - include ::apache::mod::mime - include ::apache::mod::mime_magic - include ::apache::mod::rewrite - include ::apache::mod::speling - include ::apache::mod::suexec - include ::apache::mod::version - include ::apache::mod::vhost_alias - ::apache::mod { 'auth_digest': } - ::apache::mod { 'authn_anon': } - ::apache::mod { 'authn_dbm': } - ::apache::mod { 'authz_dbm': } - ::apache::mod { 'authz_owner': } - ::apache::mod { 'expires': } - ::apache::mod { 'include': } - ::apache::mod { 'logio': } - ::apache::mod { 'substitute': } - ::apache::mod { 'usertrack': } - - if versioncmp($apache_version, '2.4') < 0 { - ::apache::mod { 'authn_alias': } - ::apache::mod { 'authn_default': } - } - } - 'freebsd': { - include ::apache::mod::actions - include ::apache::mod::authn_core - include ::apache::mod::cache - include ::apache::mod::disk_cache - include ::apache::mod::headers - include ::apache::mod::info - include ::apache::mod::mime_magic - include ::apache::mod::reqtimeout - include ::apache::mod::rewrite - include ::apache::mod::userdir - include ::apache::mod::version - include ::apache::mod::vhost_alias - include ::apache::mod::speling - include ::apache::mod::filter - - ::apache::mod { 'asis': } - ::apache::mod { 'auth_digest': } - ::apache::mod { 'auth_form': } - ::apache::mod { 'authn_anon': } - ::apache::mod { 'authn_dbm': } - ::apache::mod { 'authn_socache': } - ::apache::mod { 'authz_dbd': } - ::apache::mod { 'authz_dbm': } - ::apache::mod { 'authz_owner': } - ::apache::mod { 'dumpio': } - ::apache::mod { 'expires': } - ::apache::mod { 'file_cache': } - ::apache::mod { 'imagemap':} - ::apache::mod { 'include': } - ::apache::mod { 'logio': } - ::apache::mod { 'request': } - ::apache::mod { 'session': } - ::apache::mod { 'unique_id': } - } - default: {} - } - case $::apache::mpm_module { - 'prefork': { - include ::apache::mod::cgi - } - 'worker': { - include ::apache::mod::cgid - } - default: { - # do nothing - } - } - include ::apache::mod::alias - include ::apache::mod::authn_file - include ::apache::mod::autoindex - include ::apache::mod::dav - include ::apache::mod::dav_fs - include ::apache::mod::deflate - include ::apache::mod::dir - include ::apache::mod::mime - include ::apache::mod::negotiation - include ::apache::mod::setenvif - ::apache::mod { 'auth_basic': } - - if versioncmp($apache_version, '2.4') >= 0 { - # filter is needed by mod_deflate - include ::apache::mod::filter - - # authz_core is needed for 'Require' directive - ::apache::mod { 'authz_core': - id => 'authz_core_module', - } - - # lots of stuff seems to break without access_compat - ::apache::mod { 'access_compat': } - } else { - include ::apache::mod::authz_default - } - - include ::apache::mod::authz_user - - ::apache::mod { 'authz_groupfile': } - include ::apache::mod::env - } elsif $mods { - ::apache::default_mods::load { $mods: } - - if versioncmp($apache_version, '2.4') >= 0 { - # authz_core is needed for 'Require' directive - ::apache::mod { 'authz_core': - id => 'authz_core_module', - } - - # filter is needed by mod_deflate - include ::apache::mod::filter - } - } else { - if versioncmp($apache_version, '2.4') >= 0 { - # authz_core is needed for 'Require' directive - ::apache::mod { 'authz_core': - id => 'authz_core_module', - } - - # filter is needed by mod_deflate - include ::apache::mod::filter - } - } -} diff --git a/puppet/modules/apache/manifests/default_mods/load.pp b/puppet/modules/apache/manifests/default_mods/load.pp deleted file mode 100644 index 356e9fa..0000000 --- a/puppet/modules/apache/manifests/default_mods/load.pp +++ /dev/null @@ -1,8 +0,0 @@ -# private define -define apache::default_mods::load ($module = $title) { - if defined("apache::mod::${module}") { - include "::apache::mod::${module}" - } else { - ::apache::mod { $module: } - } -} diff --git a/puppet/modules/apache/manifests/dev.pp b/puppet/modules/apache/manifests/dev.pp deleted file mode 100644 index d4a25a7..0000000 --- a/puppet/modules/apache/manifests/dev.pp +++ /dev/null @@ -1,14 +0,0 @@ -class apache::dev { - - if ! defined(Class['apache']) { - fail('You must include the apache base class before using any apache defined resources') - } - - $packages = $::apache::dev_packages - if $packages { # FreeBSD doesn't have dev packages to install - package { $packages: - ensure => present, - require => Package['httpd'], - } - } -} diff --git a/puppet/modules/apache/manifests/fastcgi/server.pp b/puppet/modules/apache/manifests/fastcgi/server.pp deleted file mode 100644 index df53556..0000000 --- a/puppet/modules/apache/manifests/fastcgi/server.pp +++ /dev/null @@ -1,29 +0,0 @@ -define apache::fastcgi::server ( - $host = '127.0.0.1:9000', - $timeout = 15, - $flush = false, - $faux_path = "/var/www/${name}.fcgi", - $fcgi_alias = "/${name}.fcgi", - $file_type = 'application/x-httpd-php', - $pass_header = undef, -) { - include ::apache::mod::fastcgi - - Apache::Mod['fastcgi'] -> Apache::Fastcgi::Server[$title] - - if $host =~ Stdlib::Absolutepath { - $socket = $host - } - - file { "fastcgi-pool-${name}.conf": - ensure => file, - path => "${::apache::confd_dir}/fastcgi-pool-${name}.conf", - owner => 'root', - group => $::apache::params::root_group, - mode => $::apache::file_mode, - content => template('apache/fastcgi/server.erb'), - require => Exec["mkdir ${::apache::confd_dir}"], - before => File[$::apache::confd_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/init.pp b/puppet/modules/apache/manifests/init.pp deleted file mode 100755 index 2244037..0000000 --- a/puppet/modules/apache/manifests/init.pp +++ /dev/null @@ -1,417 +0,0 @@ -# Class: apache -# -# This class installs Apache -# -# Parameters: -# -# Actions: -# - Install Apache -# - Manage Apache service -# -# Requires: -# -# Sample Usage: -# -class apache ( - $apache_name = $::apache::params::apache_name, - $service_name = $::apache::params::service_name, - $default_mods = true, - Boolean $default_vhost = true, - $default_charset = undef, - Boolean $default_confd_files = true, - Boolean $default_ssl_vhost = false, - $default_ssl_cert = $::apache::params::default_ssl_cert, - $default_ssl_key = $::apache::params::default_ssl_key, - $default_ssl_chain = undef, - $default_ssl_ca = undef, - $default_ssl_crl_path = undef, - $default_ssl_crl = undef, - $default_ssl_crl_check = undef, - $default_type = 'none', - $dev_packages = $::apache::params::dev_packages, - $ip = undef, - Boolean $service_enable = true, - Boolean $service_manage = true, - $service_ensure = 'running', - $service_restart = undef, - $purge_configs = true, - $purge_vhost_dir = undef, - $purge_vdir = false, - $serveradmin = 'root@localhost', - Enum['On', 'Off', 'on', 'off'] $sendfile = 'On', - $error_documents = false, - $timeout = '60', - $httpd_dir = $::apache::params::httpd_dir, - $server_root = $::apache::params::server_root, - $conf_dir = $::apache::params::conf_dir, - $confd_dir = $::apache::params::confd_dir, - Enum['Off', 'On', 'Double', 'off', 'on', 'double'] $hostname_lookups = $::apache::params::hostname_lookups, - $conf_enabled = $::apache::params::conf_enabled, - $vhost_dir = $::apache::params::vhost_dir, - $vhost_enable_dir = $::apache::params::vhost_enable_dir, - $mod_libs = $::apache::params::mod_libs, - $mod_packages = $::apache::params::mod_packages, - $vhost_include_pattern = $::apache::params::vhost_include_pattern, - $mod_dir = $::apache::params::mod_dir, - $mod_enable_dir = $::apache::params::mod_enable_dir, - $mpm_module = $::apache::params::mpm_module, - $lib_path = $::apache::params::lib_path, - $conf_template = $::apache::params::conf_template, - $servername = $::apache::params::servername, - $pidfile = $::apache::params::pidfile, - Optional[Stdlib::Absolutepath] $rewrite_lock = undef, - Boolean $manage_user = true, - Boolean $manage_group = true, - $user = $::apache::params::user, - $group = $::apache::params::group, - $http_protocol_options = $::apache::params::http_protocol_options, - $supplementary_groups = [], - $keepalive = $::apache::params::keepalive, - $keepalive_timeout = $::apache::params::keepalive_timeout, - $max_keepalive_requests = $::apache::params::max_keepalive_requests, - $limitreqfieldsize = '8190', - $limitreqfields = '100', - $logroot = $::apache::params::logroot, - $logroot_mode = $::apache::params::logroot_mode, - $log_level = $::apache::params::log_level, - $log_formats = {}, - $ssl_file = undef, - $ports_file = $::apache::params::ports_file, - $docroot = $::apache::params::docroot, - $apache_version = $::apache::version::default, - $server_tokens = 'Prod', - $server_signature = 'On', - $trace_enable = 'On', - Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes = undef, - $file_e_tag = undef, - Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']] - $use_canonical_name = undef, - $package_ensure = 'installed', - Boolean $use_optional_includes = $::apache::params::use_optional_includes, - $use_systemd = $::apache::params::use_systemd, - $mime_types_additional = $::apache::params::mime_types_additional, - $file_mode = $::apache::params::file_mode, - $root_directory_options = $::apache::params::root_directory_options, - Boolean $root_directory_secured = false, - $error_log = $::apache::params::error_log, - $scriptalias = $::apache::params::scriptalias, - $access_log_file = $::apache::params::access_log_file, - Array[Enum['h2', 'h2c', 'http/1.1']] $protocols = [], - Optional[Boolean] $protocols_honor_order = undef, -) inherits ::apache::params { - - $valid_mpms_re = $apache_version ? { - '2.4' => '(event|itk|peruser|prefork|worker)', - default => '(event|itk|prefork|worker)' - } - - if $::osfamily == 'RedHat' and $::apache::version::distrelease == '7' { - # On redhat 7 the ssl.conf lives in /etc/httpd/conf.d (the confd_dir) - # when all other module configs live in /etc/httpd/conf.modules.d (the - # mod_dir). On all other platforms and versions, ssl.conf lives in the - # mod_dir. This should maintain the expected location of ssl.conf - $_ssl_file = $ssl_file ? { - undef => "${apache::confd_dir}/ssl.conf", - default => $ssl_file - } - } else { - $_ssl_file = $ssl_file ? { - undef => "${apache::mod_dir}/ssl.conf", - default => $ssl_file - } - } - - if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans - assert_type(Pattern[$valid_mpms_re], $mpm_module) - } - - # NOTE: on FreeBSD it's mpm module's responsibility to install httpd package. - # NOTE: the same strategy may be introduced for other OSes. For this, you - # should delete the 'if' block below and modify all MPM modules' manifests - # such that they include apache::package class (currently event.pp, itk.pp, - # peruser.pp, prefork.pp, worker.pp). - if $::osfamily != 'FreeBSD' { - package { 'httpd': - ensure => $package_ensure, - name => $apache_name, - notify => Class['Apache::Service'], - } - } - - # declare the web server user and group - # Note: requiring the package means the package ought to create them and not puppet - if $manage_user { - user { $user: - ensure => present, - gid => $group, - groups => $supplementary_groups, - require => Package['httpd'], - } - } - if $manage_group { - group { $group: - ensure => present, - require => Package['httpd'], - } - } - - apache::validate_apache_log_level($log_level) - - class { '::apache::service': - service_name => $service_name, - service_enable => $service_enable, - service_manage => $service_manage, - service_ensure => $service_ensure, - service_restart => $service_restart, - } - - # Deprecated backwards-compatibility - if $purge_vdir { - warning('Class[\'apache\'] parameter purge_vdir is deprecated in favor of purge_configs') - $purge_confd = $purge_vdir - } else { - $purge_confd = $purge_configs - } - - # Set purge vhostd appropriately - if $purge_vhost_dir == undef { - $purge_vhostd = $purge_confd - } else { - $purge_vhostd = $purge_vhost_dir - } - - Exec { - path => '/bin:/sbin:/usr/bin:/usr/sbin', - } - - exec { "mkdir ${confd_dir}": - creates => $confd_dir, - require => Package['httpd'], - } - file { $confd_dir: - ensure => directory, - recurse => true, - purge => $purge_confd, - force => $purge_confd, - notify => Class['Apache::Service'], - require => Package['httpd'], - } - - if $conf_enabled and ! defined(File[$conf_enabled]) { - file { $conf_enabled: - ensure => directory, - recurse => true, - purge => $purge_confd, - force => $purge_confd, - notify => Class['Apache::Service'], - require => Package['httpd'], - } - } - - if ! defined(File[$mod_dir]) { - exec { "mkdir ${mod_dir}": - creates => $mod_dir, - require => Package['httpd'], - } - # Don't purge available modules if an enable dir is used - $purge_mod_dir = $purge_configs and !$mod_enable_dir - file { $mod_dir: - ensure => directory, - recurse => true, - purge => $purge_mod_dir, - notify => Class['Apache::Service'], - require => Package['httpd'], - before => Anchor['::apache::modules_set_up'], - } - } - - if $mod_enable_dir and ! defined(File[$mod_enable_dir]) { - $mod_load_dir = $mod_enable_dir - exec { "mkdir ${mod_enable_dir}": - creates => $mod_enable_dir, - require => Package['httpd'], - } - file { $mod_enable_dir: - ensure => directory, - recurse => true, - purge => $purge_configs, - notify => Class['Apache::Service'], - require => Package['httpd'], - } - } else { - $mod_load_dir = $mod_dir - } - - if ! defined(File[$vhost_dir]) { - exec { "mkdir ${vhost_dir}": - creates => $vhost_dir, - require => Package['httpd'], - } - file { $vhost_dir: - ensure => directory, - recurse => true, - purge => $purge_vhostd, - notify => Class['Apache::Service'], - require => Package['httpd'], - } - } - - if $vhost_enable_dir and ! defined(File[$vhost_enable_dir]) { - $vhost_load_dir = $vhost_enable_dir - exec { "mkdir ${vhost_load_dir}": - creates => $vhost_load_dir, - require => Package['httpd'], - } - file { $vhost_enable_dir: - ensure => directory, - recurse => true, - purge => $purge_vhostd, - notify => Class['Apache::Service'], - require => Package['httpd'], - } - } else { - $vhost_load_dir = $vhost_dir - } - - concat { $ports_file: - ensure => present, - owner => 'root', - group => $::apache::params::root_group, - mode => $::apache::file_mode, - notify => Class['Apache::Service'], - require => Package['httpd'], - } - concat::fragment { 'Apache ports header': - target => $ports_file, - content => template('apache/ports_header.erb'), - } - - if $::apache::conf_dir and $::apache::params::conf_file { - if $::osfamily == 'gentoo' { - $error_documents_path = '/usr/share/apache2/error' - if $default_mods =~ Array { - if versioncmp($apache_version, '2.4') >= 0 { - if defined('apache::mod::ssl') { - ::portage::makeconf { 'apache2_modules': - content => concat($default_mods, [ 'authz_core', 'socache_shmcb' ]), - } - } else { - ::portage::makeconf { 'apache2_modules': - content => concat($default_mods, 'authz_core'), - } - } - } else { - ::portage::makeconf { 'apache2_modules': - content => $default_mods, - } - } - } - - file { [ - '/etc/apache2/modules.d/.keep_www-servers_apache-2', - '/etc/apache2/vhosts.d/.keep_www-servers_apache-2', - ]: - ensure => absent, - require => Package['httpd'], - } - } - - $apxs_workaround = $::osfamily ? { - 'freebsd' => true, - default => false - } - - # Template uses: - # - $pidfile - # - $user - # - $group - # - $logroot - # - $error_log - # - $sendfile - # - $mod_dir - # - $ports_file - # - $confd_dir - # - $vhost_dir - # - $error_documents - # - $error_documents_path - # - $apxs_workaround - # - $http_protocol_options - # - $keepalive - # - $keepalive_timeout - # - $max_keepalive_requests - # - $server_root - # - $server_tokens - # - $server_signature - # - $trace_enable - # - $rewrite_lock - # - $root_directory_secured - file { "${::apache::conf_dir}/${::apache::params::conf_file}": - ensure => file, - content => template($conf_template), - notify => Class['Apache::Service'], - require => [Package['httpd'], Concat[$ports_file]], - } - - # preserve back-wards compatibility to the times when default_mods was - # only a boolean value. Now it can be an array (too) - if $default_mods =~ Array { - class { '::apache::default_mods': - all => false, - mods => $default_mods, - } - } else { - class { '::apache::default_mods': - all => $default_mods, - } - } - class { '::apache::default_confd_files': - all => $default_confd_files, - } - if $mpm_module and $mpm_module != 'false' { # lint:ignore:quoted_booleans - include "::apache::mod::${mpm_module}" - } - - $default_vhost_ensure = $default_vhost ? { - true => 'present', - false => 'absent' - } - $default_ssl_vhost_ensure = $default_ssl_vhost ? { - true => 'present', - false => 'absent' - } - - ::apache::vhost { 'default': - ensure => $default_vhost_ensure, - port => '80', - docroot => $docroot, - scriptalias => $scriptalias, - serveradmin => $serveradmin, - access_log_file => $access_log_file, - priority => '15', - ip => $ip, - logroot_mode => $logroot_mode, - manage_docroot => $default_vhost, - } - $ssl_access_log_file = $::osfamily ? { - 'freebsd' => $access_log_file, - default => "ssl_${access_log_file}", - } - ::apache::vhost { 'default-ssl': - ensure => $default_ssl_vhost_ensure, - port => '443', - ssl => true, - docroot => $docroot, - scriptalias => $scriptalias, - serveradmin => $serveradmin, - access_log_file => $ssl_access_log_file, - priority => '15', - ip => $ip, - logroot_mode => $logroot_mode, - manage_docroot => $default_ssl_vhost, - } - } - - # This anchor can be used as a reference point for things that need to happen *after* - # all modules have been put in place. - anchor { '::apache::modules_set_up': } -} diff --git a/puppet/modules/apache/manifests/listen.pp b/puppet/modules/apache/manifests/listen.pp deleted file mode 100644 index 503ee88..0000000 --- a/puppet/modules/apache/manifests/listen.pp +++ /dev/null @@ -1,9 +0,0 @@ -define apache::listen { - $listen_addr_port = $name - - # Template uses: $listen_addr_port - concat::fragment { "Listen ${listen_addr_port}": - target => $::apache::ports_file, - content => template('apache/listen.erb'), - } -} diff --git a/puppet/modules/apache/manifests/mod.pp b/puppet/modules/apache/manifests/mod.pp deleted file mode 100644 index c7f3908..0000000 --- a/puppet/modules/apache/manifests/mod.pp +++ /dev/null @@ -1,176 +0,0 @@ -define apache::mod ( - $package = undef, - $package_ensure = 'present', - $lib = undef, - $lib_path = $::apache::lib_path, - $id = undef, - $path = undef, - $loadfile_name = undef, - $loadfiles = undef, -) { - if ! defined(Class['apache']) { - fail('You must include the apache base class before using any apache defined resources') - } - - $mod = $name - #include apache #This creates duplicate resources in rspec-puppet - $mod_dir = $::apache::mod_dir - - # Determine if we have special lib - $mod_libs = $::apache::mod_libs - if $lib { - $_lib = $lib - } elsif has_key($mod_libs, $mod) { # 2.6 compatibility hack - $_lib = $mod_libs[$mod] - } else { - $_lib = "mod_${mod}.so" - } - - # Determine if declaration specified a path to the module - if $path { - $_path = $path - } else { - $_path = "${lib_path}/${_lib}" - } - - if $id { - $_id = $id - } else { - $_id = "${mod}_module" - } - - if $loadfile_name { - $_loadfile_name = $loadfile_name - } else { - $_loadfile_name = "${mod}.load" - } - - # Determine if we have a package - $mod_packages = $::apache::mod_packages - if $package { - $_package = $package - } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack - if ($::apache::apache_version == '2.4' and $::operatingsystem =~ /^[Aa]mazon$/ and $::operatingsystemmajrelease != '2') { - # On amazon linux we need to prefix our package name with mod24 instead of mod to support apache 2.4 - $_package = regsubst($mod_packages[$mod],'^(mod_)?(.*)','mod24_\2') - } else { - $_package = $mod_packages[$mod] - } - } else { - $_package = undef - } - if $_package and ! defined(Package[$_package]) { - # note: FreeBSD/ports uses apxs tool to activate modules; apxs clutters - # httpd.conf with 'LoadModule' directives; here, by proper resource - # ordering, we ensure that our version of httpd.conf is reverted after - # the module gets installed. - $package_before = $::osfamily ? { - 'freebsd' => [ - File[$_loadfile_name], - File["${::apache::conf_dir}/${::apache::params::conf_file}"] - ], - default => [ - File[$_loadfile_name], - File[$::apache::confd_dir], - ], - } - # if there are any packages, they should be installed before the associated conf file - Package[$_package] -> File<| title == "${mod}.conf" |> - # $_package may be an array - package { $_package: - ensure => $package_ensure, - require => Package['httpd'], - before => $package_before, - notify => Class['apache::service'], - } - } - - file { $_loadfile_name: - ensure => file, - path => "${mod_dir}/${_loadfile_name}", - owner => 'root', - group => $::apache::params::root_group, - mode => $::apache::file_mode, - content => template('apache/mod/load.erb'), - require => [ - Package['httpd'], - Exec["mkdir ${mod_dir}"], - ], - before => File[$mod_dir], - notify => Class['apache::service'], - } - - if $::osfamily == 'Debian' { - $enable_dir = $::apache::mod_enable_dir - file{ "${_loadfile_name} symlink": - ensure => link, - path => "${enable_dir}/${_loadfile_name}", - target => "${mod_dir}/${_loadfile_name}", - owner => 'root', - group => $::apache::params::root_group, - mode => $::apache::file_mode, - require => [ - File[$_loadfile_name], - Exec["mkdir ${enable_dir}"], - ], - before => File[$enable_dir], - notify => Class['apache::service'], - } - # Each module may have a .conf file as well, which should be - # defined in the class apache::mod::module - # Some modules do not require this file. - if defined(File["${mod}.conf"]) { - file{ "${mod}.conf symlink": - ensure => link, - path => "${enable_dir}/${mod}.conf", - target => "${mod_dir}/${mod}.conf", - owner => 'root', - group => $::apache::params::root_group, - mode => $::apache::file_mode, - require => [ - File["${mod}.conf"], - Exec["mkdir ${enable_dir}"], - ], - before => File[$enable_dir], - notify => Class['apache::service'], - } - } - } elsif $::osfamily == 'Suse' { - $enable_dir = $::apache::mod_enable_dir - file{ "${_loadfile_name} symlink": - ensure => link, - path => "${enable_dir}/${_loadfile_name}", - target => "${mod_dir}/${_loadfile_name}", - owner => 'root', - group => $::apache::params::root_group, - mode => $::apache::file_mode, - require => [ - File[$_loadfile_name], - Exec["mkdir ${enable_dir}"], - ], - before => File[$enable_dir], - notify => Class['apache::service'], - } - # Each module may have a .conf file as well, which should be - # defined in the class apache::mod::module - # Some modules do not require this file. - if defined(File["${mod}.conf"]) { - file{ "${mod}.conf symlink": - ensure => link, - path => "${enable_dir}/${mod}.conf", - target => "${mod_dir}/${mod}.conf", - owner => 'root', - group => $::apache::params::root_group, - mode => $::apache::file_mode, - require => [ - File["${mod}.conf"], - Exec["mkdir ${enable_dir}"], - ], - before => File[$enable_dir], - notify => Class['apache::service'], - } - } - } - - Apache::Mod[$name] -> Anchor['::apache::modules_set_up'] -} diff --git a/puppet/modules/apache/manifests/mod/actions.pp b/puppet/modules/apache/manifests/mod/actions.pp deleted file mode 100644 index 3b60f29..0000000 --- a/puppet/modules/apache/manifests/mod/actions.pp +++ /dev/null @@ -1,3 +0,0 @@ -class apache::mod::actions { - apache::mod { 'actions': } -} diff --git a/puppet/modules/apache/manifests/mod/alias.pp b/puppet/modules/apache/manifests/mod/alias.pp deleted file mode 100644 index 4eb42ac..0000000 --- a/puppet/modules/apache/manifests/mod/alias.pp +++ /dev/null @@ -1,23 +0,0 @@ -class apache::mod::alias( - $apache_version = undef, - $icons_options = 'Indexes MultiViews', - # set icons_path to false to disable the alias - $icons_path = $::apache::params::alias_icons_path, -) inherits ::apache::params { - include ::apache - $_apache_version = pick($apache_version, $apache::apache_version) - apache::mod { 'alias': } - - # Template uses $icons_path, $_apache_version - if $icons_path { - file { 'alias.conf': - ensure => file, - path => "${::apache::mod_dir}/alias.conf", - mode => $::apache::file_mode, - content => template('apache/mod/alias.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } - } -} diff --git a/puppet/modules/apache/manifests/mod/auth_basic.pp b/puppet/modules/apache/manifests/mod/auth_basic.pp deleted file mode 100644 index cacfafa..0000000 --- a/puppet/modules/apache/manifests/mod/auth_basic.pp +++ /dev/null @@ -1,3 +0,0 @@ -class apache::mod::auth_basic { - ::apache::mod { 'auth_basic': } -} diff --git a/puppet/modules/apache/manifests/mod/auth_cas.pp b/puppet/modules/apache/manifests/mod/auth_cas.pp deleted file mode 100644 index 00de622..0000000 --- a/puppet/modules/apache/manifests/mod/auth_cas.pp +++ /dev/null @@ -1,55 +0,0 @@ -class apache::mod::auth_cas ( - String $cas_login_url, - String $cas_validate_url, - String $cas_cookie_path = $::apache::params::cas_cookie_path, - $cas_cookie_path_mode = '0750', - $cas_version = 2, - $cas_debug = 'Off', - $cas_validate_server = undef, - $cas_validate_depth = undef, - $cas_certificate_path = undef, - $cas_proxy_validate_url = undef, - $cas_root_proxied_as = undef, - $cas_cookie_entropy = undef, - $cas_timeout = undef, - $cas_idle_timeout = undef, - $cas_cache_clean_interval = undef, - $cas_cookie_domain = undef, - $cas_cookie_http_only = undef, - $cas_authoritative = undef, - $cas_validate_saml = undef, - $cas_sso_enabled = undef, - $cas_attribute_prefix = undef, - $cas_attribute_delimiter = undef, - $cas_scrub_request_headers = undef, - $suppress_warning = false, -) inherits ::apache::params { - - if $::osfamily == 'RedHat' and ! $suppress_warning { - warning('RedHat distributions do not have Apache mod_auth_cas in their default package repositories.') - } - - include ::apache - ::apache::mod { 'auth_cas': } - - file { $cas_cookie_path: - ensure => directory, - before => File['auth_cas.conf'], - mode => $cas_cookie_path_mode, - owner => $apache::user, - group => $apache::group, - } - - # Template uses - # - All variables beginning with cas_ - file { 'auth_cas.conf': - ensure => file, - path => "${::apache::mod_dir}/auth_cas.conf", - mode => $::apache::file_mode, - content => template('apache/mod/auth_cas.conf.erb'), - require => [ Exec["mkdir ${::apache::mod_dir}"], ], - before => File[$::apache::mod_dir], - notify => Class['Apache::Service'], - } - -} diff --git a/puppet/modules/apache/manifests/mod/auth_gssapi.pp b/puppet/modules/apache/manifests/mod/auth_gssapi.pp deleted file mode 100644 index 45b8cb3..0000000 --- a/puppet/modules/apache/manifests/mod/auth_gssapi.pp +++ /dev/null @@ -1,5 +0,0 @@ -class apache::mod::auth_gssapi { - include apache - include apache::mod::authn_core - apache::mod { 'auth_gssapi': } -} diff --git a/puppet/modules/apache/manifests/mod/auth_kerb.pp b/puppet/modules/apache/manifests/mod/auth_kerb.pp deleted file mode 100644 index 4b4887f..0000000 --- a/puppet/modules/apache/manifests/mod/auth_kerb.pp +++ /dev/null @@ -1,7 +0,0 @@ -class apache::mod::auth_kerb { - include ::apache - include ::apache::mod::authn_core - ::apache::mod { 'auth_kerb': } -} - - diff --git a/puppet/modules/apache/manifests/mod/auth_mellon.pp b/puppet/modules/apache/manifests/mod/auth_mellon.pp deleted file mode 100644 index 5dbb6b5..0000000 --- a/puppet/modules/apache/manifests/mod/auth_mellon.pp +++ /dev/null @@ -1,26 +0,0 @@ -class apache::mod::auth_mellon ( - $mellon_cache_size = $::apache::params::mellon_cache_size, - $mellon_lock_file = $::apache::params::mellon_lock_file, - $mellon_post_directory = $::apache::params::mellon_post_directory, - $mellon_cache_entry_size = undef, - $mellon_post_ttl = undef, - $mellon_post_size = undef, - $mellon_post_count = undef -) inherits ::apache::params { - - include ::apache - ::apache::mod { 'auth_mellon': } - - # Template uses - # - All variables beginning with mellon_ - file { 'auth_mellon.conf': - ensure => file, - path => "${::apache::mod_dir}/auth_mellon.conf", - mode => $::apache::file_mode, - content => template('apache/mod/auth_mellon.conf.erb'), - require => [ Exec["mkdir ${::apache::mod_dir}"], ], - before => File[$::apache::mod_dir], - notify => Class['Apache::Service'], - } - -} diff --git a/puppet/modules/apache/manifests/mod/authn_core.pp b/puppet/modules/apache/manifests/mod/authn_core.pp deleted file mode 100644 index c5ce5b1..0000000 --- a/puppet/modules/apache/manifests/mod/authn_core.pp +++ /dev/null @@ -1,7 +0,0 @@ -class apache::mod::authn_core( - $apache_version = $::apache::apache_version -) { - if versioncmp($apache_version, '2.4') >= 0 { - ::apache::mod { 'authn_core': } - } -} diff --git a/puppet/modules/apache/manifests/mod/authn_dbd.pp b/puppet/modules/apache/manifests/mod/authn_dbd.pp deleted file mode 100644 index be6ff3e..0000000 --- a/puppet/modules/apache/manifests/mod/authn_dbd.pp +++ /dev/null @@ -1,30 +0,0 @@ -class apache::mod::authn_dbd ( - $authn_dbd_params, - $authn_dbd_dbdriver = 'mysql', - $authn_dbd_query = undef, - $authn_dbd_min = '4', - $authn_dbd_max = '20', - $authn_dbd_keep = '8', - $authn_dbd_exptime = '300', - $authn_dbd_alias = undef, -) inherits ::apache::params { - include ::apache - include ::apache::mod::dbd - ::apache::mod { 'authn_dbd': } - - if $authn_dbd_alias { - include ::apache::mod::authn_core - } - - # Template uses - # - All variables beginning with authn_dbd - file { 'authn_dbd.conf': - ensure => file, - path => "${::apache::mod_dir}/authn_dbd.conf", - mode => $::apache::file_mode, - content => template('apache/mod/authn_dbd.conf.erb'), - require => [ Exec["mkdir ${::apache::mod_dir}"], ], - before => File[$::apache::mod_dir], - notify => Class['Apache::Service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/authn_file.pp b/puppet/modules/apache/manifests/mod/authn_file.pp deleted file mode 100644 index bc78724..0000000 --- a/puppet/modules/apache/manifests/mod/authn_file.pp +++ /dev/null @@ -1,3 +0,0 @@ -class apache::mod::authn_file { - ::apache::mod { 'authn_file': } -} diff --git a/puppet/modules/apache/manifests/mod/authnz_ldap.pp b/puppet/modules/apache/manifests/mod/authnz_ldap.pp deleted file mode 100644 index 560909f..0000000 --- a/puppet/modules/apache/manifests/mod/authnz_ldap.pp +++ /dev/null @@ -1,23 +0,0 @@ -class apache::mod::authnz_ldap ( - Boolean $verify_server_cert = true, - $package_name = undef, -) { - - include ::apache - include '::apache::mod::ldap' - ::apache::mod { 'authnz_ldap': - package => $package_name, - } - - # Template uses: - # - $verify_server_cert - file { 'authnz_ldap.conf': - ensure => file, - path => "${::apache::mod_dir}/authnz_ldap.conf", - mode => $::apache::file_mode, - content => template('apache/mod/authnz_ldap.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/authnz_pam.pp b/puppet/modules/apache/manifests/mod/authnz_pam.pp deleted file mode 100644 index c267212..0000000 --- a/puppet/modules/apache/manifests/mod/authnz_pam.pp +++ /dev/null @@ -1,4 +0,0 @@ -class apache::mod::authnz_pam { - include ::apache - ::apache::mod { 'authnz_pam': } -} diff --git a/puppet/modules/apache/manifests/mod/authz_default.pp b/puppet/modules/apache/manifests/mod/authz_default.pp deleted file mode 100644 index e457774..0000000 --- a/puppet/modules/apache/manifests/mod/authz_default.pp +++ /dev/null @@ -1,9 +0,0 @@ -class apache::mod::authz_default( - $apache_version = $::apache::apache_version -) { - if versioncmp($apache_version, '2.4') >= 0 { - warning('apache::mod::authz_default has been removed in Apache 2.4') - } else { - ::apache::mod { 'authz_default': } - } -} diff --git a/puppet/modules/apache/manifests/mod/authz_user.pp b/puppet/modules/apache/manifests/mod/authz_user.pp deleted file mode 100644 index 948a3e2..0000000 --- a/puppet/modules/apache/manifests/mod/authz_user.pp +++ /dev/null @@ -1,3 +0,0 @@ -class apache::mod::authz_user { - ::apache::mod { 'authz_user': } -} diff --git a/puppet/modules/apache/manifests/mod/autoindex.pp b/puppet/modules/apache/manifests/mod/autoindex.pp deleted file mode 100644 index 67c7580..0000000 --- a/puppet/modules/apache/manifests/mod/autoindex.pp +++ /dev/null @@ -1,14 +0,0 @@ -class apache::mod::autoindex { - include ::apache - ::apache::mod { 'autoindex': } - # Template uses no variables - file { 'autoindex.conf': - ensure => file, - path => "${::apache::mod_dir}/autoindex.conf", - mode => $::apache::file_mode, - content => template('apache/mod/autoindex.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/cache.pp b/puppet/modules/apache/manifests/mod/cache.pp deleted file mode 100644 index 4ab9f44..0000000 --- a/puppet/modules/apache/manifests/mod/cache.pp +++ /dev/null @@ -1,3 +0,0 @@ -class apache::mod::cache { - ::apache::mod { 'cache': } -} diff --git a/puppet/modules/apache/manifests/mod/cgi.pp b/puppet/modules/apache/manifests/mod/cgi.pp deleted file mode 100644 index e4a8023..0000000 --- a/puppet/modules/apache/manifests/mod/cgi.pp +++ /dev/null @@ -1,24 +0,0 @@ -class apache::mod::cgi { - include ::apache - case $::osfamily { - 'FreeBSD': {} - default: { - if defined(Class['::apache::mod::itk']) { - Class['::apache::mod::itk'] -> Class['::apache::mod::cgi'] - } elsif defined(Class['::apache::mod::peruser']) { - Class['::apache::mod::peruser'] -> Class['::apache::mod::cgi'] - } else { - Class['::apache::mod::prefork'] -> Class['::apache::mod::cgi'] - } - } - } - - if $::osfamily == 'Suse' { - ::apache::mod { 'cgi': - lib_path => '/usr/lib64/apache2-prefork', - } - } else { - ::apache::mod { 'cgi': } - } - -} diff --git a/puppet/modules/apache/manifests/mod/cgid.pp b/puppet/modules/apache/manifests/mod/cgid.pp deleted file mode 100644 index b2cb016..0000000 --- a/puppet/modules/apache/manifests/mod/cgid.pp +++ /dev/null @@ -1,42 +0,0 @@ -class apache::mod::cgid { - include ::apache - case $::osfamily { - 'FreeBSD': {} - default: { - if defined(Class['::apache::mod::event']) { - Class['::apache::mod::event'] -> Class['::apache::mod::cgid'] - } else { - Class['::apache::mod::worker'] -> Class['::apache::mod::cgid'] - } - } - } - - # Debian specifies it's cgid sock path, but RedHat uses the default value - # with no config file - $cgisock_path = $::osfamily ? { - 'debian' => "\${APACHE_RUN_DIR}/cgisock", - 'freebsd' => 'cgisock', - default => undef, - } - - if $::osfamily == 'Suse' { - ::apache::mod { 'cgid': - lib_path => '/usr/lib64/apache2-worker', - } - } else { - ::apache::mod { 'cgid': } - } - - if $cgisock_path { - # Template uses $cgisock_path - file { 'cgid.conf': - ensure => file, - path => "${::apache::mod_dir}/cgid.conf", - mode => $::apache::file_mode, - content => template('apache/mod/cgid.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } - } -} diff --git a/puppet/modules/apache/manifests/mod/cluster.pp b/puppet/modules/apache/manifests/mod/cluster.pp deleted file mode 100644 index 442b583..0000000 --- a/puppet/modules/apache/manifests/mod/cluster.pp +++ /dev/null @@ -1,39 +0,0 @@ -class apache::mod::cluster ( - $allowed_network, - $balancer_name, - $ip, - $version, - $enable_mcpm_receive = true, - $port = '6666', - $keep_alive_timeout = 60, - $manager_allowed_network = '127.0.0.1', - $max_keep_alive_requests = 0, - $server_advertise = true, - $advertise_frequency = undef, -) { - - include ::apache - - ::apache::mod { 'proxy': } - ::apache::mod { 'proxy_ajp': } - ::apache::mod { 'manager': } - ::apache::mod { 'proxy_cluster': } - ::apache::mod { 'advertise': } - - if (versioncmp($version, '1.3.0') >= 0 ) { - ::apache::mod { 'cluster_slotmem': } - } else { - ::apache::mod { 'slotmem': } - } - - file {'cluster.conf': - ensure => file, - path => "${::apache::mod_dir}/cluster.conf", - mode => $::apache::file_mode, - content => template('apache/mod/cluster.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } - -} diff --git a/puppet/modules/apache/manifests/mod/data.pp b/puppet/modules/apache/manifests/mod/data.pp deleted file mode 100644 index 00807e9..0000000 --- a/puppet/modules/apache/manifests/mod/data.pp +++ /dev/null @@ -1,10 +0,0 @@ -class apache::mod::data ( - $apache_version = undef, -) { - include ::apache - $_apache_version = pick($apache_version, $apache::apache_version) - if versioncmp($_apache_version, '2.3') < 0 { - fail('mod_data is only available in Apache 2.3 and later') - } - ::apache::mod { 'data': } -} diff --git a/puppet/modules/apache/manifests/mod/dav.pp b/puppet/modules/apache/manifests/mod/dav.pp deleted file mode 100644 index ade9c08..0000000 --- a/puppet/modules/apache/manifests/mod/dav.pp +++ /dev/null @@ -1,3 +0,0 @@ -class apache::mod::dav { - ::apache::mod { 'dav': } -} diff --git a/puppet/modules/apache/manifests/mod/dav_fs.pp b/puppet/modules/apache/manifests/mod/dav_fs.pp deleted file mode 100644 index 60127e3..0000000 --- a/puppet/modules/apache/manifests/mod/dav_fs.pp +++ /dev/null @@ -1,22 +0,0 @@ -class apache::mod::dav_fs { - include ::apache - $dav_lock = $::osfamily ? { - 'debian' => "\${APACHE_LOCK_DIR}/DAVLock", - 'freebsd' => '/usr/local/var/DavLock', - default => '/var/lib/dav/lockdb', - } - - Class['::apache::mod::dav'] -> Class['::apache::mod::dav_fs'] - ::apache::mod { 'dav_fs': } - - # Template uses: $dav_lock - file { 'dav_fs.conf': - ensure => file, - path => "${::apache::mod_dir}/dav_fs.conf", - mode => $::apache::file_mode, - content => template('apache/mod/dav_fs.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/dav_svn.pp b/puppet/modules/apache/manifests/mod/dav_svn.pp deleted file mode 100644 index 6cb5af5..0000000 --- a/puppet/modules/apache/manifests/mod/dav_svn.pp +++ /dev/null @@ -1,28 +0,0 @@ -class apache::mod::dav_svn ( - $authz_svn_enabled = false, -) { - Class['::apache::mod::dav'] -> Class['::apache::mod::dav_svn'] - include ::apache - include ::apache::mod::dav - if($::operatingsystem == 'SLES' and $::operatingsystemmajrelease < '12'){ - package { 'subversion-server': - ensure => 'installed', - provider => 'zypper', - } - } - - ::apache::mod { 'dav_svn': } - - if $::osfamily == 'Debian' and ! ($::operatingsystemmajrelease in ['6', '9', '16.04', '18.04']) { - $loadfile_name = undef - } else { - $loadfile_name = 'dav_svn_authz_svn.load' - } - - if $authz_svn_enabled { - ::apache::mod { 'authz_svn': - loadfile_name => $loadfile_name, - require => Apache::Mod['dav_svn'], - } - } -} diff --git a/puppet/modules/apache/manifests/mod/dbd.pp b/puppet/modules/apache/manifests/mod/dbd.pp deleted file mode 100644 index 547acc7..0000000 --- a/puppet/modules/apache/manifests/mod/dbd.pp +++ /dev/null @@ -1,3 +0,0 @@ -class apache::mod::dbd { - ::apache::mod { 'dbd': } -} diff --git a/puppet/modules/apache/manifests/mod/deflate.pp b/puppet/modules/apache/manifests/mod/deflate.pp deleted file mode 100644 index 70ac5be..0000000 --- a/puppet/modules/apache/manifests/mod/deflate.pp +++ /dev/null @@ -1,27 +0,0 @@ -class apache::mod::deflate ( - $types = [ - 'text/html text/plain text/xml', - 'text/css', - 'application/x-javascript application/javascript application/ecmascript', - 'application/rss+xml', - 'application/json', - ], - $notes = { - 'Input' => 'instream', - 'Output' => 'outstream', - 'Ratio' => 'ratio', - } -) { - include ::apache - ::apache::mod { 'deflate': } - - file { 'deflate.conf': - ensure => file, - path => "${::apache::mod_dir}/deflate.conf", - mode => $::apache::file_mode, - content => template('apache/mod/deflate.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/dev.pp b/puppet/modules/apache/manifests/mod/dev.pp deleted file mode 100644 index 5abdedd..0000000 --- a/puppet/modules/apache/manifests/mod/dev.pp +++ /dev/null @@ -1,5 +0,0 @@ -class apache::mod::dev { - # Development packages are not apache modules - warning('apache::mod::dev is deprecated; please use apache::dev') - include ::apache::dev -} diff --git a/puppet/modules/apache/manifests/mod/dir.pp b/puppet/modules/apache/manifests/mod/dir.pp deleted file mode 100644 index 3c994d3..0000000 --- a/puppet/modules/apache/manifests/mod/dir.pp +++ /dev/null @@ -1,23 +0,0 @@ -# Note: this sets the global DirectoryIndex directive, it may be necessary to consider being able to modify the apache::vhost to declare DirectoryIndex statements in a vhost configuration -# Parameters: -# - $indexes provides a string for the DirectoryIndex directive http://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex -class apache::mod::dir ( - $dir = 'public_html', - Array[String] $indexes = ['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml'], -) { - - include ::apache - ::apache::mod { 'dir': } - - # Template uses - # - $indexes - file { 'dir.conf': - ensure => file, - path => "${::apache::mod_dir}/dir.conf", - mode => $::apache::file_mode, - content => template('apache/mod/dir.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/disk_cache.pp b/puppet/modules/apache/manifests/mod/disk_cache.pp deleted file mode 100644 index 25f864b..0000000 --- a/puppet/modules/apache/manifests/mod/disk_cache.pp +++ /dev/null @@ -1,43 +0,0 @@ -class apache::mod::disk_cache ( - $cache_root = undef, - $cache_ignore_headers = undef, -) { - include ::apache - if $cache_root { - $_cache_root = $cache_root - } - elsif versioncmp($::apache::apache_version, '2.4') >= 0 { - $_cache_root = $::osfamily ? { - 'debian' => '/var/cache/apache2/mod_cache_disk', - 'redhat' => '/var/cache/httpd/proxy', - 'freebsd' => '/var/cache/mod_cache_disk', - } - } - else { - $_cache_root = $::osfamily ? { - 'debian' => '/var/cache/apache2/mod_disk_cache', - 'redhat' => '/var/cache/mod_proxy', - 'freebsd' => '/var/cache/mod_disk_cache', - } - } - - if versioncmp($::apache::apache_version, '2.4') >= 0 { - apache::mod { 'cache_disk': } - } - else { - apache::mod { 'disk_cache': } - } - - Class['::apache::mod::cache'] -> Class['::apache::mod::disk_cache'] - - # Template uses $_cache_root - file { 'disk_cache.conf': - ensure => file, - path => "${::apache::mod_dir}/disk_cache.conf", - mode => $::apache::file_mode, - content => template('apache/mod/disk_cache.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/dumpio.pp b/puppet/modules/apache/manifests/mod/dumpio.pp deleted file mode 100644 index c79f6da..0000000 --- a/puppet/modules/apache/manifests/mod/dumpio.pp +++ /dev/null @@ -1,18 +0,0 @@ -class apache::mod::dumpio( - Enum['Off', 'On', 'off', 'on'] $dump_io_input = 'Off', - Enum['Off', 'On', 'off', 'on'] $dump_io_output = 'Off', -) { - include ::apache - - ::apache::mod { 'dumpio': } - file{'dumpio.conf': - ensure => file, - path => "${::apache::mod_dir}/dumpio.conf", - mode => $::apache::file_mode, - content => template('apache/mod/dumpio.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } - -} diff --git a/puppet/modules/apache/manifests/mod/env.pp b/puppet/modules/apache/manifests/mod/env.pp deleted file mode 100644 index b973005..0000000 --- a/puppet/modules/apache/manifests/mod/env.pp +++ /dev/null @@ -1,3 +0,0 @@ -class apache::mod::env { - ::apache::mod { 'env': } -} diff --git a/puppet/modules/apache/manifests/mod/event.pp b/puppet/modules/apache/manifests/mod/event.pp deleted file mode 100644 index a873959..0000000 --- a/puppet/modules/apache/manifests/mod/event.pp +++ /dev/null @@ -1,76 +0,0 @@ -class apache::mod::event ( - $startservers = '2', - $maxclients = '150', - $maxrequestworkers = undef, - $minsparethreads = '25', - $maxsparethreads = '75', - $threadsperchild = '25', - $maxrequestsperchild = '0', - $maxconnectionsperchild = undef, - $serverlimit = '25', - $apache_version = undef, - $threadlimit = '64', - $listenbacklog = '511', -) { - include ::apache - - $_apache_version = pick($apache_version, $apache::apache_version) - - if defined(Class['apache::mod::itk']) { - fail('May not include both apache::mod::event and apache::mod::itk on the same node') - } - if defined(Class['apache::mod::peruser']) { - fail('May not include both apache::mod::event and apache::mod::peruser on the same node') - } - if defined(Class['apache::mod::prefork']) { - fail('May not include both apache::mod::event and apache::mod::prefork on the same node') - } - if defined(Class['apache::mod::worker']) { - fail('May not include both apache::mod::event and apache::mod::worker on the same node') - } - File { - owner => 'root', - group => $::apache::params::root_group, - mode => $::apache::file_mode, - } - - # Template uses: - # - $startservers - # - $maxclients - # - $minsparethreads - # - $maxsparethreads - # - $threadsperchild - # - $maxrequestsperchild - # - $serverlimit - file { "${::apache::mod_dir}/event.conf": - ensure => file, - mode => $::apache::file_mode, - content => template('apache/mod/event.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } - - case $::osfamily { - 'redhat': { - if versioncmp($_apache_version, '2.4') >= 0 { - apache::mpm{ 'event': - apache_version => $_apache_version, - } - } - } - 'debian','freebsd' : { - apache::mpm{ 'event': - apache_version => $_apache_version, - } - } - 'gentoo': { - ::portage::makeconf { 'apache2_mpms': - content => 'event', - } - } - default: { - fail("Unsupported osfamily ${::osfamily}") - } - } -} diff --git a/puppet/modules/apache/manifests/mod/expires.pp b/puppet/modules/apache/manifests/mod/expires.pp deleted file mode 100644 index 07ec82e..0000000 --- a/puppet/modules/apache/manifests/mod/expires.pp +++ /dev/null @@ -1,22 +0,0 @@ -class apache::mod::expires ( - $expires_active = true, - $expires_default = undef, - $expires_by_type = undef, -) { - include ::apache - ::apache::mod { 'expires': } - - # Template uses - # $expires_active - # $expires_default - # $expires_by_type - file { 'expires.conf': - ensure => file, - path => "${::apache::mod_dir}/expires.conf", - mode => $::apache::file_mode, - content => template('apache/mod/expires.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/ext_filter.pp b/puppet/modules/apache/manifests/mod/ext_filter.pp deleted file mode 100644 index 1155032..0000000 --- a/puppet/modules/apache/manifests/mod/ext_filter.pp +++ /dev/null @@ -1,22 +0,0 @@ -class apache::mod::ext_filter( - Optional[Hash] $ext_filter_define = undef -) { - include ::apache - - ::apache::mod { 'ext_filter': } - - # Template uses - # -$ext_filter_define - - if $ext_filter_define { - file { 'ext_filter.conf': - ensure => file, - path => "${::apache::mod_dir}/ext_filter.conf", - mode => $::apache::file_mode, - content => template('apache/mod/ext_filter.conf.erb'), - require => [ Exec["mkdir ${::apache::mod_dir}"], ], - before => File[$::apache::mod_dir], - notify => Class['Apache::Service'], - } - } -} diff --git a/puppet/modules/apache/manifests/mod/fastcgi.pp b/puppet/modules/apache/manifests/mod/fastcgi.pp deleted file mode 100644 index ef4f8f2..0000000 --- a/puppet/modules/apache/manifests/mod/fastcgi.pp +++ /dev/null @@ -1,31 +0,0 @@ -class apache::mod::fastcgi { - include ::apache - if ($::osfamily == 'Redhat' and versioncmp($::operatingsystemrelease, '7.0') >= 0) { - fail('mod_fastcgi is no longer supported on el7 and above.') - } - if ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '18.04') >= 0) { - fail('mod_fastcgi is no longer supported on Ubuntu 18.04 and above. Please use mod_proxy_fcgi') - } - # Debian specifies it's fastcgi lib path, but RedHat uses the default value - # with no config file - $fastcgi_lib_path = $::apache::params::fastcgi_lib_path - - ::apache::mod { 'fastcgi': } - - if $fastcgi_lib_path { - # Template uses: - # - $fastcgi_server - # - $fastcgi_socket - # - $fastcgi_dir - file { 'fastcgi.conf': - ensure => file, - path => "${::apache::mod_dir}/fastcgi.conf", - mode => $::apache::file_mode, - content => template('apache/mod/fastcgi.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } - } - -} diff --git a/puppet/modules/apache/manifests/mod/fcgid.pp b/puppet/modules/apache/manifests/mod/fcgid.pp deleted file mode 100644 index 0e99a9b..0000000 --- a/puppet/modules/apache/manifests/mod/fcgid.pp +++ /dev/null @@ -1,28 +0,0 @@ -class apache::mod::fcgid( - $options = {}, -) { - include ::apache - if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7') or $::osfamily == 'FreeBSD' { - $loadfile_name = 'unixd_fcgid.load' - $conf_name = 'unixd_fcgid.conf' - } else { - $loadfile_name = undef - $conf_name = 'fcgid.conf' - } - - ::apache::mod { 'fcgid': - loadfile_name => $loadfile_name, - } - - # Template uses: - # - $options - file { $conf_name: - ensure => file, - path => "${::apache::mod_dir}/${conf_name}", - mode => $::apache::file_mode, - content => template('apache/mod/fcgid.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/filter.pp b/puppet/modules/apache/manifests/mod/filter.pp deleted file mode 100644 index 26dc488..0000000 --- a/puppet/modules/apache/manifests/mod/filter.pp +++ /dev/null @@ -1,3 +0,0 @@ -class apache::mod::filter { - ::apache::mod { 'filter': } -} diff --git a/puppet/modules/apache/manifests/mod/geoip.pp b/puppet/modules/apache/manifests/mod/geoip.pp deleted file mode 100644 index 66ae887..0000000 --- a/puppet/modules/apache/manifests/mod/geoip.pp +++ /dev/null @@ -1,33 +0,0 @@ -class apache::mod::geoip ( - $enable = false, - $db_file = '/usr/share/GeoIP/GeoIP.dat', - $flag = 'Standard', - $output = 'All', - $enable_utf8 = undef, - $scan_proxy_headers = undef, - $scan_proxy_header_field = undef, - $use_last_xforwarededfor_ip = undef, -) { - include ::apache - ::apache::mod { 'geoip': } - - # Template uses: - # - enable - # - db_file - # - flag - # - output - # - enable_utf8 - # - scan_proxy_headers - # - scan_proxy_header_field - # - use_last_xforwarededfor_ip - file { 'geoip.conf': - ensure => file, - path => "${::apache::mod_dir}/geoip.conf", - mode => $::apache::file_mode, - content => template('apache/mod/geoip.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } - -} diff --git a/puppet/modules/apache/manifests/mod/headers.pp b/puppet/modules/apache/manifests/mod/headers.pp deleted file mode 100644 index d18c5e2..0000000 --- a/puppet/modules/apache/manifests/mod/headers.pp +++ /dev/null @@ -1,3 +0,0 @@ -class apache::mod::headers { - ::apache::mod { 'headers': } -} diff --git a/puppet/modules/apache/manifests/mod/http2.pp b/puppet/modules/apache/manifests/mod/http2.pp deleted file mode 100644 index 468c0db..0000000 --- a/puppet/modules/apache/manifests/mod/http2.pp +++ /dev/null @@ -1,38 +0,0 @@ -class apache::mod::http2 ( - Optional[Boolean] $h2_copy_files = undef, - Optional[Boolean] $h2_direct = undef, - Optional[Boolean] $h2_early_hints = undef, - Optional[Integer] $h2_max_session_streams = undef, - Optional[Integer] $h2_max_worker_idle_seconds = undef, - Optional[Integer] $h2_max_workers = undef, - Optional[Integer] $h2_min_workers = undef, - Optional[Boolean] $h2_modern_tls_only = undef, - Optional[Boolean] $h2_push = undef, - Optional[Integer] $h2_push_diary_size = undef, - Array[String] $h2_push_priority = [], - Array[String] $h2_push_resource = [], - Optional[Boolean] $h2_serialize_headers = undef, - Optional[Integer] $h2_stream_max_mem_size = undef, - Optional[Integer] $h2_tls_cool_down_secs = undef, - Optional[Integer] $h2_tls_warm_up_size = undef, - Optional[Boolean] $h2_upgrade = undef, - Optional[Integer] $h2_window_size = undef, - Optional[String] $apache_version = undef, -) { - include ::apache - apache::mod { 'http2': } - - $_apache_version = pick($apache_version, $apache::apache_version) - - file { 'http2.conf': - ensure => file, - content => template('apache/mod/http2.conf.erb'), - mode => $::apache::file_mode, - path => "${::apache::mod_dir}/http2.conf", - owner => $::apache::params::user, - group => $::apache::params::group, - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/include.pp b/puppet/modules/apache/manifests/mod/include.pp deleted file mode 100644 index edbe81f..0000000 --- a/puppet/modules/apache/manifests/mod/include.pp +++ /dev/null @@ -1,3 +0,0 @@ -class apache::mod::include { - ::apache::mod { 'include': } -} diff --git a/puppet/modules/apache/manifests/mod/info.pp b/puppet/modules/apache/manifests/mod/info.pp deleted file mode 100644 index c6f1355..0000000 --- a/puppet/modules/apache/manifests/mod/info.pp +++ /dev/null @@ -1,33 +0,0 @@ -class apache::mod::info ( - $allow_from = ['127.0.0.1','::1'], - $apache_version = undef, - $restrict_access = true, - $info_path = '/server-info', -){ - include ::apache - $_apache_version = pick($apache_version, $apache::apache_version) - - if $::osfamily == 'Suse' { - if defined(Class['::apache::mod::worker']){ - $suse_path = '/usr/lib64/apache2-worker' - } else { - $suse_path = '/usr/lib64/apache2-prefork' - } - ::apache::mod { 'info': - lib_path => $suse_path, - } - } else { - ::apache::mod { 'info': } - } - - # Template uses $allow_from, $_apache_version - file { 'info.conf': - ensure => file, - path => "${::apache::mod_dir}/info.conf", - mode => $::apache::file_mode, - content => template('apache/mod/info.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/intercept_form_submit.pp b/puppet/modules/apache/manifests/mod/intercept_form_submit.pp deleted file mode 100644 index 39f1f5e..0000000 --- a/puppet/modules/apache/manifests/mod/intercept_form_submit.pp +++ /dev/null @@ -1,4 +0,0 @@ -class apache::mod::intercept_form_submit { - include ::apache - ::apache::mod { 'intercept_form_submit': } -} diff --git a/puppet/modules/apache/manifests/mod/itk.pp b/puppet/modules/apache/manifests/mod/itk.pp deleted file mode 100644 index 38dad00..0000000 --- a/puppet/modules/apache/manifests/mod/itk.pp +++ /dev/null @@ -1,97 +0,0 @@ -class apache::mod::itk ( - $startservers = '8', - $minspareservers = '5', - $maxspareservers = '20', - $serverlimit = '256', - $maxclients = '256', - $maxrequestsperchild = '4000', - $enablecapabilities = undef, - $apache_version = undef, -) { - include ::apache - - $_apache_version = pick($apache_version, $apache::apache_version) - - if defined(Class['apache::mod::event']) { - fail('May not include both apache::mod::itk and apache::mod::event on the same node') - } - if defined(Class['apache::mod::peruser']) { - fail('May not include both apache::mod::itk and apache::mod::peruser on the same node') - } - if versioncmp($_apache_version, '2.4') < 0 { - if defined(Class['apache::mod::prefork']) { - fail('May not include both apache::mod::itk and apache::mod::prefork on the same node') - } - } else { - # prefork is a requirement for itk in 2.4; except on FreeBSD and Gentoo, which are special - if $::osfamily =~ /^(FreeBSD|Gentoo)/ { - if defined(Class['apache::mod::prefork']) { - fail('May not include both apache::mod::itk and apache::mod::prefork on the same node') - } - } else { - if ! defined(Class['apache::mod::prefork']) { - include ::apache::mod::prefork - } - } - } - if defined(Class['apache::mod::worker']) { - fail('May not include both apache::mod::itk and apache::mod::worker on the same node') - } - File { - owner => 'root', - group => $::apache::params::root_group, - mode => $::apache::file_mode, - } - - # Template uses: - # - $startservers - # - $minspareservers - # - $maxspareservers - # - $serverlimit - # - $maxclients - # - $maxrequestsperchild - file { "${::apache::mod_dir}/itk.conf": - ensure => file, - mode => $::apache::file_mode, - content => template('apache/mod/itk.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } - - case $::osfamily { - 'redhat': { - package { 'httpd-itk': - ensure => present, - } - if versioncmp($_apache_version, '2.4') >= 0 { - ::apache::mpm{ 'itk': - apache_version => $_apache_version, - } - } - else { - file_line { '/etc/sysconfig/httpd itk enable': - ensure => present, - path => '/etc/sysconfig/httpd', - line => 'HTTPD=/usr/sbin/httpd.itk', - match => '#?HTTPD=/usr/sbin/httpd.itk', - require => Package['httpd'], - notify => Class['apache::service'], - } - } - } - 'debian', 'freebsd': { - apache::mpm{ 'itk': - apache_version => $_apache_version, - } - } - 'gentoo': { - ::portage::makeconf { 'apache2_mpms': - content => 'itk', - } - } - default: { - fail("Unsupported osfamily ${::osfamily}") - } - } -} diff --git a/puppet/modules/apache/manifests/mod/jk.pp b/puppet/modules/apache/manifests/mod/jk.pp deleted file mode 100644 index fc459b1..0000000 --- a/puppet/modules/apache/manifests/mod/jk.pp +++ /dev/null @@ -1,148 +0,0 @@ -# Class apache::mod::jk -# -# Manages mod_jk connector -# -# All parameters are optional. When undefined, some receive default values, -# while others cause an optional directive to be absent -# -# For help on parameters, pls see official reference at: -# https://tomcat.apache.org/connectors-doc/reference/apache.html -# -class apache::mod::jk ( - # Binding to mod_jk - Optional[String] $ip = undef, - Integer $port = 80, - Boolean $add_listen = true, - # Conf file content - $workers_file = undef, - $worker_property = {}, - $logroot = undef, - $shm_file = 'jk-runtime-status', - $shm_size = undef, - $mount_file = undef, - $mount_file_reload = undef, - $mount = {}, - $un_mount = {}, - $auto_alias = undef, - $mount_copy = undef, - $worker_indicator = undef, - $watchdog_interval = undef, - $log_file = 'mod_jk.log', - $log_level = undef, - $log_stamp_format = undef, - $request_log_format = undef, - $extract_ssl = undef, - $https_indicator = undef, - $sslprotocol_indicator = undef, - $certs_indicator = undef, - $cipher_indicator = undef, - $certchain_prefix = undef, - $session_indicator = undef, - $keysize_indicator = undef, - $local_name_indicator = undef, - $ignore_cl_indicator = undef, - $local_addr_indicator = undef, - $local_port_indicator = undef, - $remote_host_indicator = undef, - $remote_addr_indicator = undef, - $remote_port_indicator = undef, - $remote_user_indicator = undef, - $auth_type_indicator = undef, - $options = [], - $env_var = {}, - $strip_session = undef, - # Location list - # See comments in template mod/jk.conf.erb - $location_list = [], - # Workers file content - # See comments in template mod/jk/workers.properties.erb - $workers_file_content = {}, - # Mount file content - # See comments in template mod/jk/uriworkermap.properties.erb - $mount_file_content = {}, -){ - - # Provides important variables - include ::apache - # Manages basic module config - ::apache::mod { 'jk': } - - # Ensure that we are not using variables with the typo fixed by MODULES-6225 - # anymore: - if !empty($workers_file_content) and has_key($workers_file_content, 'worker_mantain') { - fail('Please replace $workers_file_content[\'worker_mantain\'] by $workers_file_content[\'worker_maintain\']. See MODULES-6225 for details.') - } - - - # Binding to mod_jk - if $add_listen { - $_ip = $ip ? { - undef => $facts['ipaddress'], - default => $ip, - } - ensure_resource('apache::listen', "${_ip}:${port}", {}) - } - - # File resource common parameters - File { - ensure => file, - mode => $::apache::file_mode, - notify => Class['apache::service'], - } - - # Shared memory and log paths - # If logroot unspecified, use default - $log_dir = $logroot ? { - undef => $::apache::logroot, - default => $logroot, - } - # If absolute path or pipe, use as-is - # If relative path, prepend with log directory - # If unspecified, use default - $shm_path = $shm_file ? { - undef => "${log_dir}/jk-runtime-status", - /^\"?[|\/]/ => $shm_file, - default => "${log_dir}/${shm_file}", - } - $log_path = $log_file ? { - undef => "${log_dir}/mod_jk.log", - /^\"?[|\/]/ => $log_file, - default => "${log_dir}/${log_file}", - } - - # Main config file - $mod_dir = $::apache::mod_dir - file {'jk.conf': - path => "${mod_dir}/jk.conf", - content => template('apache/mod/jk.conf.erb'), - require => [ - Exec["mkdir ${mod_dir}"], - File[$mod_dir], - ], - } - - # Workers file - if $workers_file != undef { - $workers_path = $workers_file ? { - /^\// => $workers_file, - default => "${apache::httpd_dir}/${workers_file}", - } - file { $workers_path: - content => template('apache/mod/jk/workers.properties.erb'), - require => Package['httpd'], - } - } - - # Mount file - if $mount_file != undef { - $mount_path = $mount_file ? { - /^\// => $mount_file, - default => "${apache::httpd_dir}/${mount_file}", - } - file { $mount_path: - content => template('apache/mod/jk/uriworkermap.properties.erb'), - require => Package['httpd'], - } - } - -} diff --git a/puppet/modules/apache/manifests/mod/ldap.pp b/puppet/modules/apache/manifests/mod/ldap.pp deleted file mode 100644 index 98dd462..0000000 --- a/puppet/modules/apache/manifests/mod/ldap.pp +++ /dev/null @@ -1,29 +0,0 @@ -class apache::mod::ldap ( - $apache_version = undef, - $package_name = undef, - $ldap_trusted_global_cert_file = undef, - Optional[String] $ldap_trusted_global_cert_type = 'CA_BASE64', - $ldap_shared_cache_size = undef, - $ldap_cache_entries = undef, - $ldap_cache_ttl = undef, - $ldap_opcache_entries = undef, - $ldap_opcache_ttl = undef, - $ldap_trusted_mode = undef, -){ - - include ::apache - $_apache_version = pick($apache_version, $apache::apache_version) - ::apache::mod { 'ldap': - package => $package_name, - } - # Template uses $_apache_version - file { 'apache-mod-ldap.conf': - ensure => file, - path => "${::apache::mod_dir}/ldap.conf", - mode => $::apache::file_mode, - content => template('apache/mod/ldap.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/lookup_identity.pp b/puppet/modules/apache/manifests/mod/lookup_identity.pp deleted file mode 100644 index 445c60e..0000000 --- a/puppet/modules/apache/manifests/mod/lookup_identity.pp +++ /dev/null @@ -1,4 +0,0 @@ -class apache::mod::lookup_identity { - include ::apache - ::apache::mod { 'lookup_identity': } -} diff --git a/puppet/modules/apache/manifests/mod/macro.pp b/puppet/modules/apache/manifests/mod/macro.pp deleted file mode 100644 index 2a1218b..0000000 --- a/puppet/modules/apache/manifests/mod/macro.pp +++ /dev/null @@ -1,4 +0,0 @@ -class apache::mod::macro { - include ::apache - ::apache::mod { 'macro': } -} diff --git a/puppet/modules/apache/manifests/mod/mime.pp b/puppet/modules/apache/manifests/mod/mime.pp deleted file mode 100644 index f686930..0000000 --- a/puppet/modules/apache/manifests/mod/mime.pp +++ /dev/null @@ -1,25 +0,0 @@ -class apache::mod::mime ( - $mime_support_package = $::apache::params::mime_support_package, - $mime_types_config = $::apache::params::mime_types_config, - $mime_types_additional = undef, -) inherits ::apache::params { - include ::apache - $_mime_types_additional = pick($mime_types_additional, $apache::mime_types_additional) - apache::mod { 'mime': } - # Template uses $_mime_types_config - file { 'mime.conf': - ensure => file, - path => "${::apache::mod_dir}/mime.conf", - mode => $::apache::file_mode, - content => template('apache/mod/mime.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } - if $mime_support_package { - package { $mime_support_package: - ensure => 'installed', - before => File['mime.conf'], - } - } -} diff --git a/puppet/modules/apache/manifests/mod/mime_magic.pp b/puppet/modules/apache/manifests/mod/mime_magic.pp deleted file mode 100644 index ecc74cf..0000000 --- a/puppet/modules/apache/manifests/mod/mime_magic.pp +++ /dev/null @@ -1,17 +0,0 @@ -class apache::mod::mime_magic ( - $magic_file = undef, -) { - include ::apache - $_magic_file = pick($magic_file, "${::apache::conf_dir}/magic") - apache::mod { 'mime_magic': } - # Template uses $magic_file - file { 'mime_magic.conf': - ensure => file, - path => "${::apache::mod_dir}/mime_magic.conf", - mode => $::apache::file_mode, - content => template('apache/mod/mime_magic.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/negotiation.pp b/puppet/modules/apache/manifests/mod/negotiation.pp deleted file mode 100644 index 1bdea6b..0000000 --- a/puppet/modules/apache/manifests/mod/negotiation.pp +++ /dev/null @@ -1,21 +0,0 @@ -class apache::mod::negotiation ( - Variant[Array[String], String] $force_language_priority = 'Prefer Fallback', - Variant[Array[String], String] $language_priority = [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', - 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', - 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN', - 'zh-TW' ], -) { - include ::apache - - ::apache::mod { 'negotiation': } - # Template uses no variables - file { 'negotiation.conf': - ensure => file, - mode => $::apache::file_mode, - path => "${::apache::mod_dir}/negotiation.conf", - content => template('apache/mod/negotiation.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/nss.pp b/puppet/modules/apache/manifests/mod/nss.pp deleted file mode 100644 index 8814c93..0000000 --- a/puppet/modules/apache/manifests/mod/nss.pp +++ /dev/null @@ -1,28 +0,0 @@ -class apache::mod::nss ( - $transfer_log = "${::apache::params::logroot}/access.log", - $error_log = "${::apache::params::logroot}/error.log", - $passwd_file = undef, - $port = 8443, -) { - include ::apache - include ::apache::mod::mime - - apache::mod { 'nss': } - - $httpd_dir = $::apache::httpd_dir - - # Template uses: - # $transfer_log - # $error_log - # $http_dir - # passwd_file - file { 'nss.conf': - ensure => file, - path => "${::apache::mod_dir}/nss.conf", - mode => $::apache::file_mode, - content => template('apache/mod/nss.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/pagespeed.pp b/puppet/modules/apache/manifests/mod/pagespeed.pp deleted file mode 100644 index 052dad0..0000000 --- a/puppet/modules/apache/manifests/mod/pagespeed.pp +++ /dev/null @@ -1,60 +0,0 @@ -class apache::mod::pagespeed ( - $inherit_vhost_config = 'on', - $filter_xhtml = false, - $cache_path = '/var/cache/mod_pagespeed/', - $log_dir = '/var/log/pagespeed', - $memcache_servers = [], - $rewrite_level = 'CoreFilters', - $disable_filters = [], - $enable_filters = [], - $forbid_filters = [], - $rewrite_deadline_per_flush_ms = 10, - $additional_domains = undef, - $file_cache_size_kb = 102400, - $file_cache_clean_interval_ms = 3600000, - $lru_cache_per_process = 1024, - $lru_cache_byte_limit = 16384, - $css_flatten_max_bytes = 2048, - $css_inline_max_bytes = 2048, - $css_image_inline_max_bytes = 2048, - $image_inline_max_bytes = 2048, - $js_inline_max_bytes = 2048, - $css_outline_min_bytes = 3000, - $js_outline_min_bytes = 3000, - $inode_limit = 500000, - $image_max_rewrites_at_once = 8, - $num_rewrite_threads = 4, - $num_expensive_rewrite_threads = 4, - $collect_statistics = 'on', - $statistics_logging = 'on', - $allow_view_stats = [], - $allow_pagespeed_console = [], - $allow_pagespeed_message = [], - $message_buffer_size = 100000, - $additional_configuration = {}, - $apache_version = undef, - $package_ensure = undef, -){ - include ::apache - $_apache_version = pick($apache_version, $apache::apache_version) - $_lib = $_apache_version ? { - '2.4' => 'mod_pagespeed_ap24.so', - default => undef - } - - apache::mod { 'pagespeed': - lib => $_lib, - package_ensure => $package_ensure, - } - - # Template uses $_apache_version - file { 'pagespeed.conf': - ensure => file, - path => "${::apache::mod_dir}/pagespeed.conf", - mode => $::apache::file_mode, - content => template('apache/mod/pagespeed.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/passenger.pp b/puppet/modules/apache/manifests/mod/passenger.pp deleted file mode 100644 index be12255..0000000 --- a/puppet/modules/apache/manifests/mod/passenger.pp +++ /dev/null @@ -1,640 +0,0 @@ -# Manages the settings for the mod_passenger -# The result is the /etc/mods-available/mod_passenger.conf file -# -# Where do we get these settings? -# Settings are dervied from https://www.phusionpassenger.com/library/config/apache/reference -# Also in passenger source code you can strip out what are all the available options by looking in -# * src/apache2_module/Configuration.cpp -# * src/apache2_module/ConfigurationCommands.cpp -# Note: in the src there are several undocumented settings. -# -# Change Log: -# * As of 08/13/2017 there are 84 available/deprecated/removed settings. -# * Around 08/20/2017 UnionStation was discontinued options were removed. -# * As of 08/20/2017 there are 77 available/deprecated/removed settings. -class apache::mod::passenger ( - $manage_repo = true, - $mod_id = undef, - $mod_lib = undef, - $mod_lib_path = undef, - $mod_package = undef, - $mod_package_ensure = undef, - $mod_path = undef, - $passenger_allow_encoded_slashes = undef, - $passenger_app_env = undef, - $passenger_app_group_name = undef, - $passenger_app_root = undef, - $passenger_app_type = undef, - $passenger_base_uri = undef, - $passenger_buffer_response = undef, - $passenger_buffer_upload = undef, - $passenger_concurrency_model = undef, - $passenger_conf_file = $::apache::params::passenger_conf_file, - $passenger_conf_package_file = $::apache::params::passenger_conf_package_file, - $passenger_data_buffer_dir = undef, - $passenger_debug_log_file = undef, - $passenger_debugger = undef, - $passenger_default_group = undef, - $passenger_default_ruby = $::apache::params::passenger_default_ruby, - $passenger_default_user = undef, - $passenger_disable_security_update_check = undef, - $passenger_enabled = undef, - $passenger_error_override = undef, - $passenger_file_descriptor_log_file = undef, - $passenger_fly_with = undef, - $passenger_force_max_concurrent_requests_per_process = undef, - $passenger_friendly_error_pages = undef, - $passenger_group = undef, - $passenger_high_performance = undef, - $passenger_installed_version = undef, - $passenger_instance_registry_dir = undef, - $passenger_load_shell_envvars = undef, - Optional[Stdlib::Absolutepath] $passenger_log_file = undef, - $passenger_log_level = undef, - $passenger_lve_min_uid = undef, - $passenger_max_instances = undef, - $passenger_max_instances_per_app = undef, - $passenger_max_pool_size = undef, - $passenger_max_preloader_idle_time = undef, - $passenger_max_request_queue_size = undef, - $passenger_max_request_time = undef, - $passenger_max_requests = undef, - $passenger_memory_limit = undef, - $passenger_meteor_app_settings = undef, - $passenger_min_instances = undef, - $passenger_nodejs = undef, - $passenger_pool_idle_time = undef, - Optional[Variant[String,Array[String]]] $passenger_pre_start = undef, - $passenger_python = undef, - $passenger_resist_deployment_errors = undef, - $passenger_resolve_symlinks_in_document_root = undef, - $passenger_response_buffer_high_watermark = undef, - $passenger_restart_dir = undef, - $passenger_rolling_restarts = undef, - $passenger_root = $::apache::params::passenger_root, - $passenger_ruby = $::apache::params::passenger_ruby, - $passenger_security_update_check_proxy = undef, - $passenger_show_version_in_header = undef, - $passenger_socket_backlog = undef, - Optional[Enum['smart', 'direct', 'smart-lv2', 'conservative']] $passenger_spawn_method = undef, - $passenger_start_timeout = undef, - $passenger_startup_file = undef, - $passenger_stat_throttle_rate = undef, - $passenger_sticky_sessions = undef, - $passenger_sticky_sessions_cookie_name = undef, - $passenger_thread_count = undef, - $passenger_use_global_queue = undef, - $passenger_user = undef, - $passenger_user_switching = undef, - $rack_auto_detect = undef, - $rack_autodetect = undef, - $rack_base_uri = undef, - $rack_env = undef, - $rails_allow_mod_rewrite = undef, - $rails_app_spawner_idle_time = undef, - $rails_auto_detect = undef, - $rails_autodetect = undef, - $rails_base_uri = undef, - $rails_default_user = undef, - $rails_env = undef, - $rails_framework_spawner_idle_time = undef, - $rails_ruby = undef, - $rails_spawn_method = undef, - $rails_user_switching = undef, - $wsgi_auto_detect = undef, -) inherits ::apache::params { - include ::apache - if $passenger_installed_version { - if $passenger_allow_encoded_slashes { - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: passenger_allow_encoded_slashes is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_app_env { - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: passenger_app_env is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_app_group_name { - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: passenger_app_group_name is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_app_root { - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: passenger_app_root is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_app_type { - if (versioncmp($passenger_installed_version, '4.0.25') < 0) { - fail("Passenger config option :: passenger_app_type is not introduced until version 4.0.25 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_base_uri { - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: passenger_base_uri is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_buffer_response { - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: passenger_buffer_response is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_buffer_upload { - if (versioncmp($passenger_installed_version, '4.0.26') < 0) { - fail("Passenger config option :: passenger_buffer_upload is not introduced until version 4.0.26 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_concurrency_model { - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: passenger_concurrency_model is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_data_buffer_dir { - if (versioncmp($passenger_installed_version, '5.0.0') < 0) { - fail("Passenger config option :: passenger_data_buffer_dir is not introduced until version 5.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_debug_log_file { - if (versioncmp($passenger_installed_version, '5.0.5') > 0) { - warning('DEPRECATED PASSENGER OPTION :: passenger_debug_log_file :: This option has been renamed in version 5.0.5 to PassengerLogFile.') - } - } - if $passenger_debugger { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: passenger_debugger is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_default_group { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: passenger_default_group is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_default_ruby { - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: passenger_default_ruby is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_default_user { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: passenger_default_user is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_disable_security_update_check { - if (versioncmp($passenger_installed_version, '5.1.0') < 0) { - fail("Passenger config option :: passenger_disable_security_update_check is not introduced until version 5.1.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_enabled { - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: passenger_enabled is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_error_override { - if (versioncmp($passenger_installed_version, '4.0.24') < 0) { - fail("Passenger config option :: passenger_error_override is not introduced until version 4.0.24 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_file_descriptor_log_file { - if (versioncmp($passenger_installed_version, '5.0.5') < 0) { - fail("Passenger config option :: passenger_file_descriptor_log_file is not introduced until version 5.0.5 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_fly_with { - if (versioncmp($passenger_installed_version, '4.0.45') < 0) { - fail("Passenger config option :: passenger_fly_with is not introduced until version 4.0.45 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_force_max_concurrent_requests_per_process { - if (versioncmp($passenger_installed_version, '5.0.22') < 0) { - fail("Passenger config option :: passenger_force_max_concurrent_requests_per_process is not introduced until version 5.0.22 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_friendly_error_pages { - if (versioncmp($passenger_installed_version, '4.0.42') < 0) { - fail("Passenger config option :: passenger_friendly_error_pages is not introduced until version 4.0.42 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_group { - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: passenger_group is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_high_performance { - if (versioncmp($passenger_installed_version, '2.0.0') < 0) { - fail("Passenger config option :: passenger_high_performance is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_instance_registry_dir { - if (versioncmp($passenger_installed_version, '5.0.0') < 0) { - fail("Passenger config option :: passenger_instance_registry_dir is not introduced until version 5.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_load_shell_envvars { - if (versioncmp($passenger_installed_version, '4.0.20') < 0) { - fail("Passenger config option :: passenger_load_shell_envvars is not introduced until version 4.0.20 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_log_file { - if (versioncmp($passenger_installed_version, '5.0.5') < 0) { - fail("Passenger config option :: passenger_log_file is not introduced until version 5.0.5 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_log_level { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: passenger_log_level is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_lve_min_uid { - if (versioncmp($passenger_installed_version, '5.0.28') < 0) { - fail("Passenger config option :: passenger_lve_min_uid is not introduced until version 5.0.28 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_max_instances { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: passenger_max_instances is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_max_instances_per_app { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: passenger_max_instances_per_app is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_max_pool_size { - if (versioncmp($passenger_installed_version, '1.0.0') < 0) { - fail("Passenger config option :: passenger_max_pool_size is not introduced until version 1.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_max_preloader_idle_time { - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: passenger_max_preloader_idle_time is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_max_request_queue_size { - if (versioncmp($passenger_installed_version, '4.0.15') < 0) { - fail("Passenger config option :: passenger_max_request_queue_size is not introduced until version 4.0.15 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_max_request_time { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: passenger_max_request_time is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_max_requests { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: passenger_max_requests is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_memory_limit { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: passenger_memory_limit is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_meteor_app_settings { - if (versioncmp($passenger_installed_version, '5.0.7') < 0) { - fail("Passenger config option :: passenger_meteor_app_settings is not introduced until version 5.0.7 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_min_instances { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: passenger_min_instances is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_nodejs { - if (versioncmp($passenger_installed_version, '4.0.24') < 0) { - fail("Passenger config option :: passenger_nodejs is not introduced until version 4.0.24 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_pool_idle_time { - if (versioncmp($passenger_installed_version, '1.0.0') < 0) { - fail("Passenger config option :: passenger_pool_idle_time is not introduced until version 1.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_pre_start { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: passenger_pre_start is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_python { - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: passenger_python is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_resist_deployment_errors { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: passenger_resist_deployment_errors is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_resolve_symlinks_in_document_root { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: passenger_resolve_symlinks_in_document_root is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_response_buffer_high_watermark { - if (versioncmp($passenger_installed_version, '5.0.0') < 0) { - fail("Passenger config option :: passenger_response_buffer_high_watermark is not introduced until version 5.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_restart_dir { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: passenger_restart_dir is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_rolling_restarts { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: passenger_rolling_restarts is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_root { - if (versioncmp($passenger_installed_version, '1.0.0') < 0) { - fail("Passenger config option :: passenger_root is not introduced until version 1.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_ruby { - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: passenger_ruby is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_security_update_check_proxy { - if (versioncmp($passenger_installed_version, '5.1.0') < 0) { - fail("Passenger config option :: passenger_security_update_check_proxy is not introduced until version 5.1.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_show_version_in_header { - if (versioncmp($passenger_installed_version, '5.1.0') < 0) { - fail("Passenger config option :: passenger_show_version_in_header is not introduced until version 5.1.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_socket_backlog { - if (versioncmp($passenger_installed_version, '5.0.24') < 0) { - fail("Passenger config option :: passenger_socket_backlog is not introduced until version 5.0.24 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_spawn_method { - if (versioncmp($passenger_installed_version, '2.0.0') < 0) { - fail("Passenger config option :: passenger_spawn_method is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_start_timeout { - if (versioncmp($passenger_installed_version, '4.0.15') < 0) { - fail("Passenger config option :: passenger_start_timeout is not introduced until version 4.0.15 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_startup_file { - if (versioncmp($passenger_installed_version, '4.0.25') < 0) { - fail("Passenger config option :: passenger_startup_file is not introduced until version 4.0.25 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_stat_throttle_rate { - if (versioncmp($passenger_installed_version, '2.2.0') < 0) { - fail("Passenger config option :: passenger_stat_throttle_rate is not introduced until version 2.2.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_sticky_sessions { - if (versioncmp($passenger_installed_version, '4.0.45') < 0) { - fail("Passenger config option :: passenger_sticky_sessions is not introduced until version 4.0.45 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_sticky_sessions_cookie_name { - if (versioncmp($passenger_installed_version, '4.0.45') < 0) { - fail("Passenger config option :: passenger_sticky_sessions_cookie_name is not introduced until version 4.0.45 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_thread_count { - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: passenger_thread_count is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_use_global_queue { - if (versioncmp($passenger_installed_version, '4.0.0') > 0) { - fail('REMOVED PASSENGER OPTION :: passenger_use_global_queue :: -- no message on the current passenger reference webpage -- ') - } - if (versioncmp($passenger_installed_version, '2.0.4') < 0) { - fail("Passenger config option :: passenger_use_global_queue is not introduced until version 2.0.4 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_user { - if (versioncmp($passenger_installed_version, '4.0.0') < 0) { - fail("Passenger config option :: passenger_user is not introduced until version 4.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $passenger_user_switching { - if (versioncmp($passenger_installed_version, '3.0.0') < 0) { - fail("Passenger config option :: passenger_user_switching is not introduced until version 3.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if ($rack_auto_detect or $rack_autodetect) { - if (versioncmp($passenger_installed_version, '4.0.0') > 0) { - fail('REMOVED PASSENGER OPTION :: rack_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.') - } - } - if $rack_base_uri { - if (versioncmp($passenger_installed_version, '3.0.0') > 0) { - warning('DEPRECATED PASSENGER OPTION :: rack_base_uri :: Deprecated in 3.0.0 in favor of PassengerBaseURI.') - } - } - if $rack_env { - if (versioncmp($passenger_installed_version, '2.0.0') < 0) { - fail("Passenger config option :: rack_env is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $rails_allow_mod_rewrite { - if (versioncmp($passenger_installed_version, '4.0.0') > 0) { - warning("DEPRECATED PASSENGER OPTION :: rails_allow_mod_rewrite :: This option doesn't do anything anymore in since version 4.0.0.") - } - } - if $rails_app_spawner_idle_time { - if (versioncmp($passenger_installed_version, '4.0.0') > 0) { - fail('REMOVED PASSENGER OPTION :: rails_app_spawner_idle_time :: This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.') - } - } - if ($rails_auto_detect or $rails_autodetect) { - if (versioncmp($passenger_installed_version, '4.0.0') > 0) { - fail('REMOVED PASSENGER OPTION :: rails_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.') - } - } - if $rails_base_uri { - if (versioncmp($passenger_installed_version, '3.0.0') > 0) { - warning('DEPRECATED PASSENGER OPTION :: rails_base_uri :: Deprecated in 3.0.0 in favor of PassengerBaseURI.') - } - } - if $rails_default_user { - if (versioncmp($passenger_installed_version, '3.0.0') > 0) { - warning('DEPRECATED PASSENGER OPTION :: rails_default_user :: Deprecated in 3.0.0 in favor of PassengerDefaultUser.') - } - } - if $rails_env { - if (versioncmp($passenger_installed_version, '2.0.0') < 0) { - fail("Passenger config option :: rails_env is not introduced until version 2.0.0 :: ${passenger_installed_version} is the version reported") - } - } - if $rails_framework_spawner_idle_time { - if (versioncmp($passenger_installed_version, '4.0.0') > 0) { - fail('REMOVED PASSENGER OPTION :: rails_framework_spawner_idle_time :: This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed altogether. You should use smart spawning instead.') - } - } - if $rails_ruby { - if (versioncmp($passenger_installed_version, '3.0.0') > 0) { - warning('DEPRECATED PASSENGER OPTION :: rails_ruby :: Deprecated in 3.0.0 in favor of PassengerRuby.') - } - } - if $rails_spawn_method { - if (versioncmp($passenger_installed_version, '3.0.0') > 0) { - warning('DEPRECATED PASSENGER OPTION :: rails_spawn_method :: Deprecated in 3.0.0 in favor of PassengerSpawnMethod.') - } - } - if $rails_user_switching { - if (versioncmp($passenger_installed_version, '3.0.0') > 0) { - warning('DEPRECATED PASSENGER OPTION :: rails_user_switching :: Deprecated in 3.0.0 in favor of PassengerUserSwitching.') - } - } - if $wsgi_auto_detect { - if (versioncmp($passenger_installed_version, '4.0.0') > 0) { - fail('REMOVED PASSENGER OPTION :: wsgi_auto_detect :: These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.') - } - } - } - # Managed by the package, but declare it to avoid purging - if $passenger_conf_package_file { - file { 'passenger_package.conf': - path => "${::apache::confd_dir}/${passenger_conf_package_file}", - } - } - - $_package = $mod_package - $_package_ensure = $mod_package_ensure - $_lib = $mod_lib - if $::osfamily == 'FreeBSD' { - if $mod_lib_path { - $_lib_path = $mod_lib_path - } else { - $_lib_path = "${passenger_root}/buildout/apache2" - } - } else { - $_lib_path = $mod_lib_path - } - - if $::osfamily == 'RedHat' and $manage_repo { - if $::operatingsystem == 'Amazon' { - $baseurl = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/6Server/$basearch' - } else { - $baseurl = 'https://oss-binaries.phusionpassenger.com/yum/passenger/el/$releasever/$basearch' - } - - yumrepo { 'passenger': - ensure => 'present', - baseurl => $baseurl, - descr => 'passenger', - enabled => '1', - gpgcheck => '0', - gpgkey => 'https://packagecloud.io/phusion/passenger/gpgkey', - repo_gpgcheck => '1', - sslcacert => '/etc/pki/tls/certs/ca-bundle.crt', - sslverify => '1', - before => Apache::Mod['passenger'], - } - } - - unless ($::operatingsystem == 'SLES') { - $_id = $mod_id - $_path = $mod_path - ::apache::mod { 'passenger': - package => $_package, - package_ensure => $_package_ensure, - lib => $_lib, - lib_path => $_lib_path, - id => $_id, - path => $_path, - loadfile_name => 'zpassenger.load', - } - } - - # Template uses: - # - $passenger_allow_encoded_slashes : since 4.0.0. - # - $passenger_app_env : since 4.0.0. - # - $passenger_app_group_name : since 4.0.0. - # - $passenger_app_root : since 4.0.0. - # - $passenger_app_type : since 4.0.25. - # - $passenger_base_uri : since 4.0.0. - # - $passenger_buffer_response : since 4.0.0. - # - $passenger_buffer_upload : since 4.0.26. - # - $passenger_concurrency_model : since 4.0.0. - # - $passenger_data_buffer_dir : since 5.0.0. - # - $passenger_debug_log_file : since unkown. Deprecated in 5.0.5. - # - $passenger_debugger : since 3.0.0. - # - $passenger_default_group : since 3.0.0. - # - $passenger_default_ruby : since 4.0.0. - # - $passenger_default_user : since 3.0.0. - # - $passenger_disable_security_update_check : since 5.1.0. - # - $passenger_enabled : since 4.0.0. - # - $passenger_error_override : since 4.0.24. - # - $passenger_file_descriptor_log_file : since 5.0.5. - # - $passenger_fly_with : since 4.0.45. - # - $passenger_force_max_concurrent_requests_per_process : since 5.0.22. - # - $passenger_friendly_error_pages : since 4.0.42. - # - $passenger_group : since 4.0.0. - # - $passenger_high_performance : since 2.0.0. - # - $passenger_instance_registry_dir : since 5.0.0. - # - $passenger_load_shell_envvars : since 4.0.20. - # - $passenger_log_file : since 5.0.5. - # - $passenger_log_level : since 3.0.0. - # - $passenger_lve_min_uid : since 5.0.28. - # - $passenger_max_instances : since 3.0.0. - # - $passenger_max_instances_per_app : since 3.0.0. - # - $passenger_max_pool_size : since 1.0.0. - # - $passenger_max_preloader_idle_time : since 4.0.0. - # - $passenger_max_request_queue_size : since 4.0.15. - # - $passenger_max_request_time : since 3.0.0. - # - $passenger_max_requests : since 3.0.0. - # - $passenger_memory_limit : since 3.0.0. - # - $passenger_meteor_app_settings : since 5.0.7. - # - $passenger_min_instances : since 3.0.0. - # - $passenger_nodejs : since 4.0.24. - # - $passenger_pool_idle_time : since 1.0.0. - # - $passenger_pre_start : since 3.0.0. - # - $passenger_python : since 4.0.0. - # - $passenger_resist_deployment_errors : since 3.0.0. - # - $passenger_resolve_symlinks_in_document_root : since 3.0.0. - # - $passenger_response_buffer_high_watermark : since 5.0.0. - # - $passenger_restart_dir : since 3.0.0. - # - $passenger_rolling_restarts : since 3.0.0. - # - $passenger_root : since 1.0.0. - # - $passenger_ruby : since 4.0.0. - # - $passenger_security_update_check_proxy : since 5.1.0. - # - $passenger_show_version_in_header : since 5.1.0. - # - $passenger_socket_backlog : since 5.0.24. - # - $passenger_spawn_method : since 2.0.0. - # - $passenger_start_timeout : since 4.0.15. - # - $passenger_startup_file : since 4.0.25. - # - $passenger_stat_throttle_rate : since 2.2.0. - # - $passenger_sticky_sessions : since 4.0.45. - # - $passenger_sticky_sessions_cookie_name : since 4.0.45. - # - $passenger_thread_count : since 4.0.0. - # - $passenger_use_global_queue : since 2.0.4.Deprecated in 4.0.0. - # - $passenger_user : since 4.0.0. - # - $passenger_user_switching : since 3.0.0. - # - $rack_auto_detect : since unkown. Deprecated in 4.0.0. - # - $rack_base_uri : since unkown. Deprecated in 3.0.0. - # - $rack_env : since 2.0.0. - # - $rails_allow_mod_rewrite : since unkown. Deprecated in 4.0.0. - # - $rails_app_spawner_idle_time : since unkown. Deprecated in 4.0.0. - # - $rails_auto_detect : since unkown. Deprecated in 4.0.0. - # - $rails_base_uri : since unkown. Deprecated in 3.0.0. - # - $rails_default_user : since unkown. Deprecated in 3.0.0. - # - $rails_env : since 2.0.0. - # - $rails_framework_spawner_idle_time : since unkown. Deprecated in 4.0.0. - # - $rails_ruby : since unkown. Deprecated in 3.0.0. - # - $rails_spawn_method : since unkown. Deprecated in 3.0.0. - # - $rails_user_switching : since unkown. Deprecated in 3.0.0. - # - $wsgi_auto_detect : since unkown. Deprecated in 4.0.0. - # - $rails_autodetect : this options is only for backward compatiblity with older versions of this class - # - $rack_autodetect : this options is only for backward compatiblity with older versions of this class - file { 'passenger.conf': - ensure => file, - path => "${::apache::mod_dir}/${passenger_conf_file}", - content => template('apache/mod/passenger.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/perl.pp b/puppet/modules/apache/manifests/mod/perl.pp deleted file mode 100644 index 3bfeac9..0000000 --- a/puppet/modules/apache/manifests/mod/perl.pp +++ /dev/null @@ -1,4 +0,0 @@ -class apache::mod::perl { - include ::apache - ::apache::mod { 'perl': } -} diff --git a/puppet/modules/apache/manifests/mod/peruser.pp b/puppet/modules/apache/manifests/mod/peruser.pp deleted file mode 100644 index 5683dd6..0000000 --- a/puppet/modules/apache/manifests/mod/peruser.pp +++ /dev/null @@ -1,77 +0,0 @@ -class apache::mod::peruser ( - $minspareprocessors = '2', - $minprocessors = '2', - $maxprocessors = '10', - $maxclients = '150', - $maxrequestsperchild = '1000', - $idletimeout = '120', - $expiretimeout = '120', - $keepalive = 'Off', -) { - include ::apache - case $::osfamily { - 'freebsd' : { - fail("Unsupported osfamily ${::osfamily}") - } - default: { - if $::osfamily == 'gentoo' { - ::portage::makeconf { 'apache2_mpms': - content => 'peruser', - } - } - - if defined(Class['apache::mod::event']) { - fail('May not include both apache::mod::peruser and apache::mod::event on the same node') - } - if defined(Class['apache::mod::itk']) { - fail('May not include both apache::mod::peruser and apache::mod::itk on the same node') - } - if defined(Class['apache::mod::prefork']) { - fail('May not include both apache::mod::peruser and apache::mod::prefork on the same node') - } - if defined(Class['apache::mod::worker']) { - fail('May not include both apache::mod::peruser and apache::mod::worker on the same node') - } - File { - owner => 'root', - group => $::apache::params::root_group, - mode => $::apache::file_mode, - } - - $mod_dir = $::apache::mod_dir - - # Template uses: - # - $minspareprocessors - # - $minprocessors - # - $maxprocessors - # - $maxclients - # - $maxrequestsperchild - # - $idletimeout - # - $expiretimeout - # - $keepalive - # - $mod_dir - file { "${::apache::mod_dir}/peruser.conf": - ensure => file, - mode => $::apache::file_mode, - content => template('apache/mod/peruser.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } - file { "${::apache::mod_dir}/peruser": - ensure => directory, - require => File[$::apache::mod_dir], - } - file { "${::apache::mod_dir}/peruser/multiplexers": - ensure => directory, - require => File["${::apache::mod_dir}/peruser"], - } - file { "${::apache::mod_dir}/peruser/processors": - ensure => directory, - require => File["${::apache::mod_dir}/peruser"], - } - - ::apache::peruser::multiplexer { '01-default': } - } - } -} diff --git a/puppet/modules/apache/manifests/mod/php.pp b/puppet/modules/apache/manifests/mod/php.pp deleted file mode 100644 index 28f6404..0000000 --- a/puppet/modules/apache/manifests/mod/php.pp +++ /dev/null @@ -1,102 +0,0 @@ -class apache::mod::php ( - $package_name = undef, - $package_ensure = 'present', - $path = undef, - Array $extensions = ['.php'], - $content = undef, - $template = 'apache/mod/php.conf.erb', - $source = undef, - $root_group = $::apache::params::root_group, - $php_version = $::apache::params::php_version, - $libphp_prefix = 'libphp' -) inherits apache::params { - - include ::apache - $mod = "php${php_version}" - - if $::apache::version::scl_httpd_version == undef and $::apache::version::scl_php_version != undef { - fail('If you define apache::version::scl_php_version, you also need to specify apache::version::scl_httpd_version') - } - if defined(Class['::apache::mod::prefork']) { - Class['::apache::mod::prefork']->File["${mod}.conf"] - } - elsif defined(Class['::apache::mod::itk']) { - Class['::apache::mod::itk']->File["${mod}.conf"] - } - else { - fail('apache::mod::php requires apache::mod::prefork or apache::mod::itk; please enable mpm_module => \'prefork\' or mpm_module => \'itk\' on Class[\'apache\']') - } - - if $source and ($content or $template != 'apache/mod/php.conf.erb') { - warning('source and content or template parameters are provided. source parameter will be used') - } elsif $content and $template != 'apache/mod/php.conf.erb' { - warning('content and template parameters are provided. content parameter will be used') - } - - $manage_content = $source ? { - undef => $content ? { - undef => template($template), - default => $content, - }, - default => undef, - } - - # Determine if we have a package - $mod_packages = $::apache::mod_packages - if $package_name { - $_package_name = $package_name - } elsif has_key($mod_packages, $mod) { # 2.6 compatibility hack - $_package_name = $mod_packages[$mod] - } elsif has_key($mod_packages, 'phpXXX') { # 2.6 compatibility hack - $_package_name = regsubst($mod_packages['phpXXX'], 'XXX', $php_version) - } else { - $_package_name = undef - } - - $_php_major = regsubst($php_version, '^(\d+)\..*$', '\1') - $_php_version_no_dot = regsubst($php_version, '\.', '') - if $apache::version::scl_httpd_version { - $_lib = "librh-php${_php_version_no_dot}-php${_php_major}.so" - } else { - # Controls php version and libphp prefix - $_lib = "${libphp_prefix}${php_version}.so" - } - - if $::operatingsystem == 'SLES' { - ::apache::mod { $mod: - package => $_package_name, - package_ensure => $package_ensure, - lib => "mod_${mod}.so", - id => "php${_php_major}_module", - path => "${::apache::lib_path}/mod_${mod}.so", - } - } else { - ::apache::mod { $mod: - package => $_package_name, - package_ensure => $package_ensure, - lib => $_lib, - id => "php${_php_major}_module", - path => $path, - } - } - - include ::apache::mod::mime - include ::apache::mod::dir - Class['::apache::mod::mime'] -> Class['::apache::mod::dir'] -> Class['::apache::mod::php'] - - # Template uses $extensions - file { "${mod}.conf": - ensure => file, - path => "${::apache::mod_dir}/${mod}.conf", - owner => 'root', - group => $root_group, - mode => $::apache::file_mode, - content => $manage_content, - source => $source, - require => [ - Exec["mkdir ${::apache::mod_dir}"], - ], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/prefork.pp b/puppet/modules/apache/manifests/mod/prefork.pp deleted file mode 100644 index 63e3a29..0000000 --- a/puppet/modules/apache/manifests/mod/prefork.pp +++ /dev/null @@ -1,99 +0,0 @@ -class apache::mod::prefork ( - $startservers = '8', - $minspareservers = '5', - $maxspareservers = '20', - $serverlimit = '256', - $maxclients = '256', - $maxrequestworkers = undef, - $maxrequestsperchild = '4000', - $maxconnectionsperchild = undef, - $apache_version = undef, - $listenbacklog = '511' -) { - include ::apache - $_apache_version = pick($apache_version, $apache::apache_version) - if defined(Class['apache::mod::event']) { - fail('May not include both apache::mod::prefork and apache::mod::event on the same node') - } - if versioncmp($_apache_version, '2.4') < 0 { - if defined(Class['apache::mod::itk']) { - fail('May not include both apache::mod::prefork and apache::mod::itk on the same node') - } - } - if defined(Class['apache::mod::peruser']) { - fail('May not include both apache::mod::prefork and apache::mod::peruser on the same node') - } - if defined(Class['apache::mod::worker']) { - fail('May not include both apache::mod::prefork and apache::mod::worker on the same node') - } - - if versioncmp($_apache_version, '2.3.13') < 0 { - if $maxrequestworkers == undef { - warning("For newer versions of Apache, \$maxclients is deprecated, please use \$maxrequestworkers.") - } elsif $maxconnectionsperchild == undef { - warning("For newer versions of Apache, \$maxrequestsperchild is deprecated, please use \$maxconnectionsperchild.") - } - } - - File { - owner => 'root', - group => $::apache::params::root_group, - mode => $::apache::file_mode, - } - - # Template uses: - # - $startservers - # - $minspareservers - # - $maxspareservers - # - $serverlimit - # - $maxclients - # - $maxrequestworkers - # - $maxrequestsperchild - # - $maxconnectionsperchild - file { "${::apache::mod_dir}/prefork.conf": - ensure => file, - content => template('apache/mod/prefork.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } - - case $::osfamily { - 'redhat': { - if versioncmp($_apache_version, '2.4') >= 0 { - ::apache::mpm{ 'prefork': - apache_version => $_apache_version, - } - } - else { - file_line { '/etc/sysconfig/httpd prefork enable': - ensure => present, - path => '/etc/sysconfig/httpd', - line => '#HTTPD=/usr/sbin/httpd.worker', - match => '#?HTTPD=/usr/sbin/httpd.worker', - require => Package['httpd'], - notify => Class['apache::service'], - } - } - } - 'debian', 'freebsd': { - ::apache::mpm{ 'prefork': - apache_version => $_apache_version, - } - } - 'Suse': { - ::apache::mpm{ 'prefork': - apache_version => $apache_version, - lib_path => '/usr/lib64/apache2-prefork', - } - } - 'gentoo': { - ::portage::makeconf { 'apache2_mpms': - content => 'prefork', - } - } - default: { - fail("Unsupported osfamily ${::osfamily}") - } - } -} diff --git a/puppet/modules/apache/manifests/mod/proxy.pp b/puppet/modules/apache/manifests/mod/proxy.pp deleted file mode 100644 index 84d1165..0000000 --- a/puppet/modules/apache/manifests/mod/proxy.pp +++ /dev/null @@ -1,24 +0,0 @@ -class apache::mod::proxy ( - $proxy_requests = 'Off', - $allow_from = undef, - $apache_version = undef, - $package_name = undef, - $proxy_via = 'On', - $proxy_timeout = '60', -) { - include ::apache - $_apache_version = pick($apache_version, $apache::apache_version) - ::apache::mod { 'proxy': - package => $package_name, - } - # Template uses $proxy_requests, $_apache_version - file { 'proxy.conf': - ensure => file, - path => "${::apache::mod_dir}/proxy.conf", - mode => $::apache::file_mode, - content => template('apache/mod/proxy.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/proxy_ajp.pp b/puppet/modules/apache/manifests/mod/proxy_ajp.pp deleted file mode 100644 index a011a17..0000000 --- a/puppet/modules/apache/manifests/mod/proxy_ajp.pp +++ /dev/null @@ -1,4 +0,0 @@ -class apache::mod::proxy_ajp { - Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_ajp'] - ::apache::mod { 'proxy_ajp': } -} diff --git a/puppet/modules/apache/manifests/mod/proxy_balancer.pp b/puppet/modules/apache/manifests/mod/proxy_balancer.pp deleted file mode 100644 index dbc86df..0000000 --- a/puppet/modules/apache/manifests/mod/proxy_balancer.pp +++ /dev/null @@ -1,29 +0,0 @@ -class apache::mod::proxy_balancer( - Boolean $manager = false, - Stdlib::Absolutepath $manager_path = '/balancer-manager', - Array $allow_from = ['127.0.0.1','::1'], - $apache_version = $::apache::apache_version, -) { - - include ::apache::mod::proxy - include ::apache::mod::proxy_http - if versioncmp($apache_version, '2.4') >= 0 { - ::apache::mod { 'slotmem_shm': } - } - - Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_balancer'] - Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_balancer'] - ::apache::mod { 'proxy_balancer': } - if $manager { - include ::apache::mod::status - file { 'proxy_balancer.conf': - ensure => file, - path => "${::apache::mod_dir}/proxy_balancer.conf", - mode => $::apache::file_mode, - content => template('apache/mod/proxy_balancer.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } - } -} diff --git a/puppet/modules/apache/manifests/mod/proxy_connect.pp b/puppet/modules/apache/manifests/mod/proxy_connect.pp deleted file mode 100644 index cda5b89..0000000 --- a/puppet/modules/apache/manifests/mod/proxy_connect.pp +++ /dev/null @@ -1,10 +0,0 @@ -class apache::mod::proxy_connect ( - $apache_version = undef, -) { - include ::apache - $_apache_version = pick($apache_version, $apache::apache_version) - if versioncmp($_apache_version, '2.2') >= 0 { - Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_connect'] - ::apache::mod { 'proxy_connect': } - } -} diff --git a/puppet/modules/apache/manifests/mod/proxy_fcgi.pp b/puppet/modules/apache/manifests/mod/proxy_fcgi.pp deleted file mode 100644 index 21473eb..0000000 --- a/puppet/modules/apache/manifests/mod/proxy_fcgi.pp +++ /dev/null @@ -1,4 +0,0 @@ -class apache::mod::proxy_fcgi { - Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_fcgi'] - ::apache::mod { 'proxy_fcgi': } -} diff --git a/puppet/modules/apache/manifests/mod/proxy_html.pp b/puppet/modules/apache/manifests/mod/proxy_html.pp deleted file mode 100644 index 94259bd..0000000 --- a/puppet/modules/apache/manifests/mod/proxy_html.pp +++ /dev/null @@ -1,42 +0,0 @@ -class apache::mod::proxy_html { - include ::apache - Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_html'] - Class['::apache::mod::proxy_http'] -> Class['::apache::mod::proxy_html'] - - # Add libxml2 - case $::osfamily { - /RedHat|FreeBSD|Gentoo|Suse/: { - ::apache::mod { 'xml2enc': } - $loadfiles = undef - } - 'Debian': { - $gnu_path = $::hardwaremodel ? { - 'i686' => 'i386', - default => $::hardwaremodel, - } - $loadfiles = $::apache::params::distrelease ? { - '6' => ['/usr/lib/libxml2.so.2'], - '10' => ['/usr/lib/libxml2.so.2'], - default => ["/usr/lib/${gnu_path}-linux-gnu/libxml2.so.2"], - } - if versioncmp($::apache::apache_version, '2.4') >= 0 { - ::apache::mod { 'xml2enc': } - } - } - } - - ::apache::mod { 'proxy_html': - loadfiles => $loadfiles, - } - - # Template uses $icons_path - file { 'proxy_html.conf': - ensure => file, - path => "${::apache::mod_dir}/proxy_html.conf", - mode => $::apache::file_mode, - content => template('apache/mod/proxy_html.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/proxy_http.pp b/puppet/modules/apache/manifests/mod/proxy_http.pp deleted file mode 100644 index 1579e68..0000000 --- a/puppet/modules/apache/manifests/mod/proxy_http.pp +++ /dev/null @@ -1,4 +0,0 @@ -class apache::mod::proxy_http { - Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_http'] - ::apache::mod { 'proxy_http': } -} diff --git a/puppet/modules/apache/manifests/mod/proxy_wstunnel.pp b/puppet/modules/apache/manifests/mod/proxy_wstunnel.pp deleted file mode 100644 index 290954b..0000000 --- a/puppet/modules/apache/manifests/mod/proxy_wstunnel.pp +++ /dev/null @@ -1,5 +0,0 @@ -class apache::mod::proxy_wstunnel { - include ::apache, ::apache::mod::proxy - Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_wstunnel'] - ::apache::mod { 'proxy_wstunnel': } -} diff --git a/puppet/modules/apache/manifests/mod/python.pp b/puppet/modules/apache/manifests/mod/python.pp deleted file mode 100644 index 67f578d..0000000 --- a/puppet/modules/apache/manifests/mod/python.pp +++ /dev/null @@ -1,10 +0,0 @@ -class apache::mod::python ( - Optional[String] $loadfile_name = undef, -) { - include ::apache - ::apache::mod { 'python': - loadfile_name => $loadfile_name, - } -} - - diff --git a/puppet/modules/apache/manifests/mod/remoteip.pp b/puppet/modules/apache/manifests/mod/remoteip.pp deleted file mode 100644 index d628819..0000000 --- a/puppet/modules/apache/manifests/mod/remoteip.pp +++ /dev/null @@ -1,111 +0,0 @@ -# @summary Setup and load Apache `mod_remoteip` -# -# @see https://httpd.apache.org/docs/current/mod/mod_remoteip.html -# -# @param header -# The header field in which `mod_remoteip` will look for the useragent IP. -# -# @param internal_proxy -# A list of IP addresses, IP blocks or hostname that are trusted to set a -# valid value inside specified header. Unlike the `$trusted_proxy_ips` -# parameter, any IP address (including private addresses) presented by these -# proxies will trusted by `mod_remoteip`. -# -# @param proxy_ips -# *Deprecated*: use `$internal_proxy` instead. -# -# @param internal_proxy_list -# The path to a file containing a list of IP addresses, IP blocks or hostname -# that are trusted to set a valid value inside the specified header. See -# `$internal_proxy` for details. -# -# @param proxies_header -# A header into which `mod_remoteip` will collect a list of all of the -# intermediate client IP addresses trusted to resolve the useragent IP of the -# request (e.g. `X-Forwarded-By`). -# -# @param proxy_protocol -# Wether or not to enable the PROXY protocol header handling. If enabled -# upstream clients must set the header every time they open a connection. -# -# @param proxy_protocol_exceptions -# A list of IP address or IP blocks that are not required to use the PROXY -# protocol. -# -# @param trusted_proxy -# A list of IP addresses, IP blocks or hostname that are trusted to set a -# valid value inside the specified header. Unlike the `$proxy_ips` parameter, -# any private IP presented by these proxies will be disgarded by -# `mod_remoteip`. -# -# @param trusted_proxy_ips -# *Deprecated*: use `$trusted_proxy` instead. -# -# @param trusted_proxy_list -# The path to a file containing a list of IP addresses, IP blocks or hostname -# that are trusted to set a valid value inside the specified header. See -# `$trusted_proxy` for details. -# -# @param apache_version -# A version string used to validate that your apache version supports -# `mod_remoteip`. If not specified, `$::apache::apache_version` is used. -# -class apache::mod::remoteip ( - String $header = 'X-Forwarded-For', - Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]] $internal_proxy = undef, - Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]] $proxy_ips = undef, - Optional[Stdlib::Absolutepath] $internal_proxy_list = undef, - Optional[String] $proxies_header = undef, - Boolean $proxy_protocol = false, - Optional[Array[Stdlib::Host]] $proxy_protocol_exceptions = undef, - Optional[Array[Stdlib::Host]] $trusted_proxy = undef, - Optional[Array[Stdlib::Host]] $trusted_proxy_ips = undef, - Optional[Stdlib::Absolutepath] $trusted_proxy_list = undef, - Optional[String] $apache_version = undef, -) { - include ::apache - - $_apache_version = pick($apache_version, $apache::apache_version) - if versioncmp($_apache_version, '2.4') < 0 { - fail('mod_remoteip is only available in Apache 2.4') - } - - if $proxy_ips { - deprecation('apache::mod::remoteip::proxy_ips', 'This parameter is deprecated, please use `internal_proxy`.') - $_internal_proxy = $proxy_ips - } elsif $internal_proxy { - $_internal_proxy = $internal_proxy - } else { - $_internal_proxy = ['127.0.0.1'] - } - - if $trusted_proxy_ips { - deprecation('apache::mod::remoteip::trusted_proxy_ips', 'This parameter is deprecated, please use `trusted_proxy`.') - $_trusted_proxy = $trusted_proxy_ips - } else { - $_trusted_proxy = $trusted_proxy - } - - ::apache::mod { 'remoteip': } - - $template_parameters = { - header => $header, - internal_proxy => $_internal_proxy, - internal_proxy_list => $internal_proxy_list, - proxies_header => $proxies_header, - proxy_protocol => $proxy_protocol, - proxy_protocol_exceptions => $proxy_protocol_exceptions, - trusted_proxy => $_trusted_proxy, - trusted_proxy_list => $trusted_proxy_list, - } - - file { 'remoteip.conf': - ensure => file, - path => "${::apache::mod_dir}/remoteip.conf", - mode => $::apache::file_mode, - content => epp('apache/mod/remoteip.conf.epp', $template_parameters), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/reqtimeout.pp b/puppet/modules/apache/manifests/mod/reqtimeout.pp deleted file mode 100644 index f166f6d..0000000 --- a/puppet/modules/apache/manifests/mod/reqtimeout.pp +++ /dev/null @@ -1,15 +0,0 @@ -class apache::mod::reqtimeout ( - $timeouts = ['header=20-40,minrate=500', 'body=10,minrate=500'] -){ - include ::apache - ::apache::mod { 'reqtimeout': } - # Template uses no variables - file { 'reqtimeout.conf': - ensure => file, - path => "${::apache::mod_dir}/reqtimeout.conf", - content => template('apache/mod/reqtimeout.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/rewrite.pp b/puppet/modules/apache/manifests/mod/rewrite.pp deleted file mode 100644 index 694f0b6..0000000 --- a/puppet/modules/apache/manifests/mod/rewrite.pp +++ /dev/null @@ -1,4 +0,0 @@ -class apache::mod::rewrite { - include ::apache::params - ::apache::mod { 'rewrite': } -} diff --git a/puppet/modules/apache/manifests/mod/rpaf.pp b/puppet/modules/apache/manifests/mod/rpaf.pp deleted file mode 100644 index b9afa14..0000000 --- a/puppet/modules/apache/manifests/mod/rpaf.pp +++ /dev/null @@ -1,23 +0,0 @@ -class apache::mod::rpaf ( - $sethostname = true, - $proxy_ips = [ '127.0.0.1' ], - $header = 'X-Forwarded-For', - $template = 'apache/mod/rpaf.conf.erb' -) { - include ::apache - ::apache::mod { 'rpaf': } - - # Template uses: - # - $sethostname - # - $proxy_ips - # - $header - file { 'rpaf.conf': - ensure => file, - path => "${::apache::mod_dir}/rpaf.conf", - mode => $::apache::file_mode, - content => template($template), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/security.pp b/puppet/modules/apache/manifests/mod/security.pp deleted file mode 100644 index 68d90b4..0000000 --- a/puppet/modules/apache/manifests/mod/security.pp +++ /dev/null @@ -1,135 +0,0 @@ -class apache::mod::security ( - $logroot = $::apache::params::logroot, - $crs_package = $::apache::params::modsec_crs_package, - $activated_rules = $::apache::params::modsec_default_rules, - $modsec_dir = $::apache::params::modsec_dir, - $modsec_secruleengine = $::apache::params::modsec_secruleengine, - $audit_log_relevant_status = '^(?:5|4(?!04))', - $audit_log_parts = $::apache::params::modsec_audit_log_parts, - $secpcrematchlimit = $::apache::params::secpcrematchlimit, - $secpcrematchlimitrecursion = $::apache::params::secpcrematchlimitrecursion, - $allowed_methods = 'GET HEAD POST OPTIONS', - $content_types = 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf', - $restricted_extensions = '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', - $restricted_headers = '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/', - $secdefaultaction = 'deny', - $anomaly_score_blocking = 'off', - $inbound_anomaly_threshold = '5', - $outbound_anomaly_threshold = '4', - $critical_anomaly_score = '5', - $error_anomaly_score = '4', - $warning_anomaly_score = '3', - $notice_anomaly_score = '2', - $secrequestmaxnumargs = '255', - $secrequestbodylimit = '13107200', - $secrequestbodynofileslimit = '131072', - $secrequestbodyinmemorylimit = '131072', - $manage_security_crs = true, -) inherits ::apache::params { - include ::apache - - $_secdefaultaction = $secdefaultaction ? { - /log/ => $secdefaultaction, # it has log or nolog,auditlog or log,noauditlog - default => "${secdefaultaction},log", - } - - if $::osfamily == 'FreeBSD' { - fail('FreeBSD is not currently supported') - } - - if ($::osfamily == 'Suse' and $::operatingsystemrelease < '11') { - fail('SLES 10 is not currently supported.') - } - - ::apache::mod { 'security': - id => 'security2_module', - lib => 'mod_security2.so', - } - - - ::apache::mod { 'unique_id_module': - id => 'unique_id_module', - lib => 'mod_unique_id.so', - } - - if $crs_package { - package { $crs_package: - ensure => 'installed', - before => [ - File[$::apache::confd_dir], - File[$modsec_dir], - ], - } - } - - # Template uses: - # - logroot - # - $modsec_dir - # - $audit_log_parts - # - secpcrematchlimit - # - secpcrematchlimitrecursion - # - secrequestbodylimit - # - secrequestbodynofileslimit - # - secrequestbodyinmemorylimit - file { 'security.conf': - ensure => file, - content => template('apache/mod/security.conf.erb'), - mode => $::apache::file_mode, - path => "${::apache::mod_dir}/security.conf", - owner => $::apache::params::user, - group => $::apache::params::group, - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } - - file { $modsec_dir: - ensure => directory, - owner => 'root', - group => 'root', - mode => '0755', - purge => true, - force => true, - recurse => true, - require => Package['httpd'], - } - - file { "${modsec_dir}/activated_rules": - ensure => directory, - owner => $::apache::params::user, - group => $::apache::params::group, - mode => '0555', - purge => true, - force => true, - recurse => true, - notify => Class['apache::service'], - } - - if $manage_security_crs { - # Template uses: - # - $_secdefaultaction - # - $critical_anomaly_score - # - $error_anomaly_score - # - $warning_anomaly_score - # - $notice_anomaly_score - # - $inbound_anomaly_threshold - # - $outbound_anomaly_threshold - # - $anomaly_score_blocking - # - $allowed_methods - # - $content_types - # - $restricted_extensions - # - $restricted_headers - # - $secrequestmaxnumargs - file { "${modsec_dir}/security_crs.conf": - ensure => file, - content => template('apache/mod/security_crs.conf.erb'), - require => File[$modsec_dir], - notify => Class['apache::service'], - } - } - - # Debian 9 has a different rule setup - unless $::operatingsystem == 'SLES' or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) or ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') >= 0) { - apache::security::rule_link { $activated_rules: } - } -} diff --git a/puppet/modules/apache/manifests/mod/setenvif.pp b/puppet/modules/apache/manifests/mod/setenvif.pp deleted file mode 100644 index d7baf58..0000000 --- a/puppet/modules/apache/manifests/mod/setenvif.pp +++ /dev/null @@ -1,14 +0,0 @@ -class apache::mod::setenvif { - include ::apache - ::apache::mod { 'setenvif': } - # Template uses no variables - file { 'setenvif.conf': - ensure => file, - path => "${::apache::mod_dir}/setenvif.conf", - mode => $::apache::file_mode, - content => template('apache/mod/setenvif.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/shib.pp b/puppet/modules/apache/manifests/mod/shib.pp deleted file mode 100644 index 318a3a3..0000000 --- a/puppet/modules/apache/manifests/mod/shib.pp +++ /dev/null @@ -1,20 +0,0 @@ -class apache::mod::shib ( - $suppress_warning = false, - $mod_full_path = undef, - $package_name = undef, - $mod_lib = undef, -) { - include ::apache - if $::osfamily == 'RedHat' and ! $suppress_warning { - warning('RedHat distributions do not have Apache mod_shib in their default package repositories.') - } - - $mod_shib = 'shib2' - - apache::mod {$mod_shib: - id => 'mod_shib', - path => $mod_full_path, - package => $package_name, - lib => $mod_lib, - } -} diff --git a/puppet/modules/apache/manifests/mod/socache_shmcb.pp b/puppet/modules/apache/manifests/mod/socache_shmcb.pp deleted file mode 100644 index 7bfb4c6..0000000 --- a/puppet/modules/apache/manifests/mod/socache_shmcb.pp +++ /dev/null @@ -1,3 +0,0 @@ -class apache::mod::socache_shmcb { - ::apache::mod { 'socache_shmcb': } -} \ No newline at end of file diff --git a/puppet/modules/apache/manifests/mod/speling.pp b/puppet/modules/apache/manifests/mod/speling.pp deleted file mode 100644 index fbd19d3..0000000 --- a/puppet/modules/apache/manifests/mod/speling.pp +++ /dev/null @@ -1,4 +0,0 @@ -class apache::mod::speling { - include ::apache - ::apache::mod { 'speling': } -} diff --git a/puppet/modules/apache/manifests/mod/ssl.pp b/puppet/modules/apache/manifests/mod/ssl.pp deleted file mode 100644 index 3064bf8..0000000 --- a/puppet/modules/apache/manifests/mod/ssl.pp +++ /dev/null @@ -1,120 +0,0 @@ -class apache::mod::ssl ( - Boolean $ssl_compression = false, - $ssl_cryptodevice = 'builtin', - $ssl_options = [ 'StdEnvVars' ], - $ssl_openssl_conf_cmd = undef, - Optional[String] $ssl_cert = undef, - Optional[String] $ssl_key = undef, - $ssl_ca = undef, - $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES', - Variant[Boolean, Enum['on', 'off']] $ssl_honorcipherorder = true, - $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], - Array $ssl_proxy_protocol = [], - $ssl_pass_phrase_dialog = 'builtin', - $ssl_random_seed_bytes = '512', - String $ssl_sessioncache = $::apache::params::ssl_sessioncache, - $ssl_sessioncachetimeout = '300', - Boolean $ssl_stapling = false, - Optional[Boolean] $ssl_stapling_return_errors = undef, - $ssl_mutex = undef, - $apache_version = undef, - $package_name = undef, -) inherits ::apache::params { - - include ::apache - include ::apache::mod::mime - $_apache_version = pick($apache_version, $apache::apache_version) - if $ssl_mutex { - $_ssl_mutex = $ssl_mutex - } else { - case $::osfamily { - 'debian': { - if versioncmp($_apache_version, '2.4') >= 0 { - $_ssl_mutex = 'default' - } elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' { - $_ssl_mutex = 'file:/var/run/apache2/ssl_mutex' - } else { - $_ssl_mutex = "file:\${APACHE_RUN_DIR}/ssl_mutex" - } - } - 'redhat': { - $_ssl_mutex = 'default' - } - 'freebsd': { - $_ssl_mutex = 'default' - } - 'gentoo': { - $_ssl_mutex = 'default' - } - 'Suse': { - $_ssl_mutex = 'default' - } - default: { - fail("Unsupported osfamily ${::osfamily}, please explicitly pass in \$ssl_mutex") - } - } - } - - if $ssl_honorcipherorder =~ Boolean { - $_ssl_honorcipherorder = $ssl_honorcipherorder - } else { - $_ssl_honorcipherorder = $ssl_honorcipherorder ? { - 'on' => true, - 'off' => false, - default => true, - } - } - - $stapling_cache = $::osfamily ? { - 'debian' => "\${APACHE_RUN_DIR}/ocsp(32768)", - 'redhat' => '/run/httpd/ssl_stapling(32768)', - 'freebsd' => '/var/run/ssl_stapling(32768)', - 'gentoo' => '/var/run/ssl_stapling(32768)', - 'Suse' => '/var/lib/apache2/ssl_stapling(32768)', - } - - if $::osfamily == 'Suse' { - if defined(Class['::apache::mod::worker']){ - $suse_path = '/usr/lib64/apache2-worker' - } else { - $suse_path = '/usr/lib64/apache2-worker' - } - ::apache::mod { 'ssl': - package => $package_name, - lib_path => $suse_path, - } - } else { - ::apache::mod { 'ssl': - package => $package_name, - } - } - - if versioncmp($_apache_version, '2.4') >= 0 { - include ::apache::mod::socache_shmcb - } - - # Template uses - # - # $ssl_compression - # $ssl_cryptodevice - # $ssl_ca - # $ssl_cipher - # $ssl_honorcipherorder - # $ssl_options - # $ssl_openssl_conf_cmd - # $ssl_sessioncache - # $stapling_cache - # $ssl_mutex - # $ssl_random_seed_bytes - # $ssl_sessioncachetimeout - # $_apache_version - file { 'ssl.conf': - ensure => file, - path => $::apache::_ssl_file, - mode => $::apache::file_mode, - content => template('apache/mod/ssl.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/status.pp b/puppet/modules/apache/manifests/mod/status.pp deleted file mode 100644 index 988e13b..0000000 --- a/puppet/modules/apache/manifests/mod/status.pp +++ /dev/null @@ -1,68 +0,0 @@ -# Class: apache::mod::status -# -# This class enables and configures Apache mod_status -# See: http://httpd.apache.org/docs/current/mod/mod_status.html -# -# Parameters: -# - $allow_from is an array of hosts, ip addresses, partial network numbers -# or networks in CIDR notation specifying what hosts can view the special -# /server-status URL. Defaults to ['127.0.0.1', '::1']. -# > Creates Apache < 2.4 directive "Allow from" -# - $requires is either a: -# - String with: -# - '' or 'unmanaged' - Host auth control done elsewhere -# - 'ip ' - Allowed IPs/ranges -# - 'host ' - Allowed names/domains -# - 'all [granted|denied]' -# - Array of strings with ip or host as above -# - Hash with following keys: -# - 'requires' - Value => Array as above -# - 'enforce' - Value => String 'Any', 'All' or 'None' -# This encloses "Require" directives in "" block -# Optional - If unspecified, "Require" directives follow current flow -# > Creates Apache >= 2.4 directives "Require" -# - $extended_status track and display extended status information. Valid -# values are 'On' or 'Off'. Defaults to 'On'. -# - $status_path is the path assigned to the Location directive which -# defines the URL to access the server status. Defaults to '/server-status'. -# -# Actions: -# - Enable and configure Apache mod_status -# -# Requires: -# - The apache class -# -# Sample Usage: -# -# # Simple usage allowing access from localhost and a private subnet -# class { 'apache::mod::status': -# $allow_from => ['127.0.0.1', '10.10.10.10/24'], -# } -# -class apache::mod::status ( - Optional[Array] $allow_from = undef, - Optional[Variant[String, Array, Hash]] $requires = undef, - Enum['On', 'Off', 'on', 'off'] $extended_status = 'On', - $apache_version = undef, - $status_path = '/server-status', -) inherits ::apache::params { - - include ::apache - $_apache_version = pick($apache_version, $apache::apache_version) - ::apache::mod { 'status': } - - # Defaults for "Allow from" or "Require" directives - $allow_defaults = ['127.0.0.1','::1'] - $requires_defaults = 'ip 127.0.0.1 ::1' - - # Template uses $allow_from, $extended_status, $_apache_version, $status_path - file { 'status.conf': - ensure => file, - path => "${::apache::mod_dir}/status.conf", - mode => $::apache::file_mode, - content => template('apache/mod/status.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/suexec.pp b/puppet/modules/apache/manifests/mod/suexec.pp deleted file mode 100644 index ded013d..0000000 --- a/puppet/modules/apache/manifests/mod/suexec.pp +++ /dev/null @@ -1,3 +0,0 @@ -class apache::mod::suexec { - ::apache::mod { 'suexec': } -} diff --git a/puppet/modules/apache/manifests/mod/suphp.pp b/puppet/modules/apache/manifests/mod/suphp.pp deleted file mode 100644 index 52b8b3d..0000000 --- a/puppet/modules/apache/manifests/mod/suphp.pp +++ /dev/null @@ -1,20 +0,0 @@ -class apache::mod::suphp ( -){ - if ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '15.10') >= 0) or - ($facts['os']['name'] == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) { - fail("suphp was declared EOL by it's creators as of 2013 and so is no longer supported on Ubuntu 15.10/Debian 8 and above. Please use php-fpm") - } - include ::apache - ::apache::mod { 'suphp': } - - file {'suphp.conf': - ensure => file, - path => "${::apache::mod_dir}/suphp.conf", - mode => $::apache::file_mode, - content => template('apache/mod/suphp.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} - diff --git a/puppet/modules/apache/manifests/mod/userdir.pp b/puppet/modules/apache/manifests/mod/userdir.pp deleted file mode 100644 index 203b93d..0000000 --- a/puppet/modules/apache/manifests/mod/userdir.pp +++ /dev/null @@ -1,40 +0,0 @@ -class apache::mod::userdir ( - $home = undef, - $dir = undef, - $disable_root = true, - $apache_version = undef, - $path = '/home/*/public_html', - $overrides = [ 'FileInfo', 'AuthConfig', 'Limit', 'Indexes' ], - $options = [ 'MultiViews', 'Indexes', 'SymLinksIfOwnerMatch', 'IncludesNoExec' ], -) { - include ::apache - $_apache_version = pick($apache_version, $apache::apache_version) - - if $home or $dir { - $_home = $home ? { - undef => '/home', - default => $home, - } - $_dir = $dir ? { - undef => 'public_html', - default => $dir, - } - warning('home and dir are deprecated; use path instead') - $_path = "${_home}/*/${_dir}" - } else { - $_path = $path - } - - ::apache::mod { 'userdir': } - - # Template uses $home, $dir, $disable_root, $_apache_version - file { 'userdir.conf': - ensure => file, - path => "${::apache::mod_dir}/userdir.conf", - mode => $::apache::file_mode, - content => template('apache/mod/userdir.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/mod/version.pp b/puppet/modules/apache/manifests/mod/version.pp deleted file mode 100644 index 1cc4412..0000000 --- a/puppet/modules/apache/manifests/mod/version.pp +++ /dev/null @@ -1,10 +0,0 @@ -class apache::mod::version( - $apache_version = $::apache::apache_version -) { - - if ($::osfamily == 'debian' and versioncmp($apache_version, '2.4') >= 0) { - warning("${module_name}: module version_module is built-in and can't be loaded") - } else { - ::apache::mod { 'version': } - } -} diff --git a/puppet/modules/apache/manifests/mod/vhost_alias.pp b/puppet/modules/apache/manifests/mod/vhost_alias.pp deleted file mode 100644 index 30ae122..0000000 --- a/puppet/modules/apache/manifests/mod/vhost_alias.pp +++ /dev/null @@ -1,3 +0,0 @@ -class apache::mod::vhost_alias { - ::apache::mod { 'vhost_alias': } -} diff --git a/puppet/modules/apache/manifests/mod/worker.pp b/puppet/modules/apache/manifests/mod/worker.pp deleted file mode 100644 index 00a9439..0000000 --- a/puppet/modules/apache/manifests/mod/worker.pp +++ /dev/null @@ -1,147 +0,0 @@ -# == Class: apache::mod::worker -# -# -# === Parameters -# -# [*startservers*] -# (optional) The number of child server processes created on startup -# Defaults is '2' -# -# [*maxclients*] -# (optional) The max number of simultaneous requests that will be served. -# This is the old name and is still supported. The new name is -# MaxRequestWorkers as of 2.3.13. -# Default is '150' -# -# [*minsparethreads*] -# (optional) Minimum number of idle threads to handle request spikes. -# Default is '25' -# -# [*maxsparethreads*] -# (optional) Maximum number of idle threads. -# Default is '75' -# -# [*threadsperchild*] -# (optional) The number of threads created by each child process. -# Default is '25' -# -# [*maxrequestsperchild*] -# (optional) Limit on the number of connectiojns an individual child server -# process will handle. This is the old name and is still supported. The new -# name is MaxConnectionsPerChild as of 2.3.9+. -# Default is '0' -# -# [*serverlimit*] -# (optional) With worker, use this directive only if your MaxRequestWorkers -# and ThreadsPerChild settings require more than 16 server processes -# (default). Do not set the value of this directive any higher than the -# number of server processes required by what you may want for -# MaxRequestWorkers and ThreadsPerChild. -# Default is '25' -# -# [*threadlimit*] -# (optional) This directive sets the maximum configured value for -# ThreadsPerChild for the lifetime of the Apache httpd process. -# Default is '64' -# -# [*listenbacklog*] -# (optional) Maximum length of the queue of pending connections. -# Defaults is '511' -# -# [*apache_version*] -# (optional) -# Default is $::apache::apache_version -# -class apache::mod::worker ( - $startservers = '2', - $maxclients = '150', - $minsparethreads = '25', - $maxsparethreads = '75', - $threadsperchild = '25', - $maxrequestsperchild = '0', - $serverlimit = '25', - $threadlimit = '64', - $listenbacklog = '511', - $apache_version = undef, -) { - include ::apache - $_apache_version = pick($apache_version, $apache::apache_version) - - if defined(Class['apache::mod::event']) { - fail('May not include both apache::mod::worker and apache::mod::event on the same node') - } - if defined(Class['apache::mod::itk']) { - fail('May not include both apache::mod::worker and apache::mod::itk on the same node') - } - if defined(Class['apache::mod::peruser']) { - fail('May not include both apache::mod::worker and apache::mod::peruser on the same node') - } - if defined(Class['apache::mod::prefork']) { - fail('May not include both apache::mod::worker and apache::mod::prefork on the same node') - } - File { - owner => 'root', - group => $::apache::params::root_group, - mode => $::apache::file_mode, - } - - # Template uses: - # - $startservers - # - $maxclients - # - $minsparethreads - # - $maxsparethreads - # - $threadsperchild - # - $maxrequestsperchild - # - $serverlimit - # - $threadLimit - # - $listenbacklog - file { "${::apache::mod_dir}/worker.conf": - ensure => file, - content => template('apache/mod/worker.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } - - case $::osfamily { - 'redhat': { - - if versioncmp($_apache_version, '2.4') >= 0 { - ::apache::mpm{ 'worker': - apache_version => $_apache_version, - } - } - else { - file_line { '/etc/sysconfig/httpd worker enable': - ensure => present, - path => '/etc/sysconfig/httpd', - line => 'HTTPD=/usr/sbin/httpd.worker', - match => '#?HTTPD=/usr/sbin/httpd.worker', - require => Package['httpd'], - notify => Class['apache::service'], - } - } - } - - 'debian', 'freebsd': { - ::apache::mpm{ 'worker': - apache_version => $_apache_version, - } - } - 'Suse': { - ::apache::mpm { 'worker': - apache_version => $apache_version, - lib_path => '/usr/lib64/apache2-worker', - } - } - - 'gentoo': { - ::portage::makeconf { 'apache2_mpms': - content => 'worker', - } - } - default: { - fail("Unsupported osfamily ${::osfamily}") - } - } -} diff --git a/puppet/modules/apache/manifests/mod/wsgi.pp b/puppet/modules/apache/manifests/mod/wsgi.pp deleted file mode 100644 index 38e7a86..0000000 --- a/puppet/modules/apache/manifests/mod/wsgi.pp +++ /dev/null @@ -1,46 +0,0 @@ -class apache::mod::wsgi ( - $wsgi_restrict_embedded = undef, - $wsgi_socket_prefix = $::apache::params::wsgi_socket_prefix, - $wsgi_python_path = undef, - $wsgi_python_home = undef, - $wsgi_python_optimize = undef, - $wsgi_application_group = undef, - $package_name = undef, - $mod_path = undef, -) inherits ::apache::params { - include ::apache - if ($package_name != undef and $mod_path == undef) or ($package_name == undef and $mod_path != undef) { - fail('apache::mod::wsgi - both package_name and mod_path must be specified!') - } - - if $package_name != undef { - if $mod_path =~ /\// { - $_mod_path = $mod_path - } else { - $_mod_path = "${::apache::lib_path}/${mod_path}" - } - ::apache::mod { 'wsgi': - package => $package_name, - path => $_mod_path, - } - } - else { - ::apache::mod { 'wsgi': } - } - - # Template uses: - # - $wsgi_restrict_embedded - # - $wsgi_socket_prefix - # - $wsgi_python_path - # - $wsgi_python_home - file {'wsgi.conf': - ensure => file, - path => "${::apache::mod_dir}/wsgi.conf", - mode => $::apache::file_mode, - content => template('apache/mod/wsgi.conf.erb'), - require => Exec["mkdir ${::apache::mod_dir}"], - before => File[$::apache::mod_dir], - notify => Class['apache::service'], - } -} - diff --git a/puppet/modules/apache/manifests/mod/xsendfile.pp b/puppet/modules/apache/manifests/mod/xsendfile.pp deleted file mode 100644 index 7c5e884..0000000 --- a/puppet/modules/apache/manifests/mod/xsendfile.pp +++ /dev/null @@ -1,4 +0,0 @@ -class apache::mod::xsendfile { - include ::apache::params - ::apache::mod { 'xsendfile': } -} diff --git a/puppet/modules/apache/manifests/mpm.pp b/puppet/modules/apache/manifests/mpm.pp deleted file mode 100644 index 7f3585c..0000000 --- a/puppet/modules/apache/manifests/mpm.pp +++ /dev/null @@ -1,159 +0,0 @@ -define apache::mpm ( - $lib_path = $::apache::lib_path, - $apache_version = $::apache::apache_version, -) { - if ! defined(Class['apache']) { - fail('You must include the apache base class before using any apache defined resources') - } - - $mpm = $name - $mod_dir = $::apache::mod_dir - - $_lib = "mod_mpm_${mpm}.so" - $_path = "${lib_path}/${_lib}" - $_id = "mpm_${mpm}_module" - - if $::osfamily == 'Suse' { - #mpms on Suse 12 don't use .so libraries so create a placeholder load file - if versioncmp($apache_version, '2.4') >= 0 { - file { "${mod_dir}/${mpm}.load": - ensure => file, - path => "${mod_dir}/${mpm}.load", - content => '', - require => [ - Package['httpd'], - Exec["mkdir ${mod_dir}"], - ], - before => File[$mod_dir], - notify => Class['apache::service'], - } - } - } else { - if versioncmp($apache_version, '2.4') >= 0 { - file { "${mod_dir}/${mpm}.load": - ensure => file, - path => "${mod_dir}/${mpm}.load", - content => "LoadModule ${_id} ${_path}\n", - require => [ - Package['httpd'], - Exec["mkdir ${mod_dir}"], - ], - before => File[$mod_dir], - notify => Class['apache::service'], - } - } - } - - case $::osfamily { - 'debian': { - file { "${::apache::mod_enable_dir}/${mpm}.conf": - ensure => link, - target => "${::apache::mod_dir}/${mpm}.conf", - require => Exec["mkdir ${::apache::mod_enable_dir}"], - before => File[$::apache::mod_enable_dir], - notify => Class['apache::service'], - } - - if versioncmp($apache_version, '2.4') >= 0 { - file { "${::apache::mod_enable_dir}/${mpm}.load": - ensure => link, - target => "${::apache::mod_dir}/${mpm}.load", - require => Exec["mkdir ${::apache::mod_enable_dir}"], - before => File[$::apache::mod_enable_dir], - notify => Class['apache::service'], - } - - if $mpm == 'itk' { - file { "${lib_path}/mod_mpm_itk.so": - ensure => link, - target => "${lib_path}/mpm_itk.so", - require => Package['httpd'], - before => Class['apache::service'], - } - } - } else { - package { "apache2-mpm-${mpm}": - ensure => present, - before => [ - Class['apache::service'], - File[$::apache::mod_enable_dir], - ], - } - } - - if $mpm == 'itk' { - if ( ( $::operatingsystem == 'Ubuntu' ) or ( ($::operatingsystem == 'Debian') and ( versioncmp($::operatingsystemrelease, '8.0.0') >= 0 ) ) ) { - ensure_resource('exec', '/usr/sbin/a2dismod mpm_event', { - onlyif => "/usr/bin/test -e ${apache::mod_enable_dir}/mpm_event.load", - require => Package['httpd'], - before => Class['apache::service'], - }) - } - - package { 'libapache2-mpm-itk': - ensure => present, - before => [ - Class['apache::service'], - File[$::apache::mod_enable_dir], - ], - } - } - - if $mpm == 'prefork' { - if ( ( $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease,'18.04') >= 0 ) or ( $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9.0.0') >= 0 ) ) { - ensure_resource('exec', '/usr/sbin/a2dismod mpm_event', { - onlyif => "/usr/bin/test -e ${apache::mod_enable_dir}/mpm_event.load", - require => Package['httpd'], - before => Class['apache::service'], - }) - } - } - - } - - 'freebsd': { - class { '::apache::package': - mpm_module => $mpm, - } - } - 'gentoo': { - # so we don't fail - } - 'redhat': { - # so we don't fail - } - 'Suse': { - file { "${::apache::mod_enable_dir}/${mpm}.conf": - ensure => link, - target => "${::apache::mod_dir}/${mpm}.conf", - require => Exec["mkdir ${::apache::mod_enable_dir}"], - before => File[$::apache::mod_enable_dir], - notify => Class['apache::service'], - } - - if versioncmp($apache_version, '2.4') >= 0 { - file { "${::apache::mod_enable_dir}/${mpm}.load": - ensure => link, - target => "${::apache::mod_dir}/${mpm}.load", - require => Exec["mkdir ${::apache::mod_enable_dir}"], - before => File[$::apache::mod_enable_dir], - notify => Class['apache::service'], - } - - if $mpm == 'itk' { - file { "${lib_path}/mod_mpm_itk.so": - ensure => link, - target => "${lib_path}/mpm_itk.so", - } - } - } - - package { "apache2-${mpm}": - ensure => present, - } - } - default: { - fail("Unsupported osfamily ${::osfamily}") - } - } -} diff --git a/puppet/modules/apache/manifests/namevirtualhost.pp b/puppet/modules/apache/manifests/namevirtualhost.pp deleted file mode 100644 index 4fa8795..0000000 --- a/puppet/modules/apache/manifests/namevirtualhost.pp +++ /dev/null @@ -1,9 +0,0 @@ -define apache::namevirtualhost { - $addr_port = $name - - # Template uses: $addr_port - concat::fragment { "NameVirtualHost ${addr_port}": - target => $::apache::ports_file, - content => template('apache/namevirtualhost.erb'), - } -} diff --git a/puppet/modules/apache/manifests/package.pp b/puppet/modules/apache/manifests/package.pp deleted file mode 100644 index 7c95f99..0000000 --- a/puppet/modules/apache/manifests/package.pp +++ /dev/null @@ -1,37 +0,0 @@ -class apache::package ( - $ensure = 'present', - $mpm_module = $::apache::params::mpm_module, -) inherits ::apache::params { - - # The base class must be included first because it is used by parameter defaults - if ! defined(Class['apache']) { - fail('You must include the apache base class before using any apache defined resources') - } - - case $::osfamily { - 'FreeBSD': { - case $mpm_module { - 'prefork': { - } - 'worker': { - } - 'event': { - } - 'itk': { - package { 'www/mod_mpm_itk': - ensure => installed, - } - } - default: { fail("MPM module ${mpm_module} not supported on FreeBSD") } - } - } - default: { - } - } - - package { 'httpd': - ensure => $ensure, - name => $::apache::apache_name, - notify => Class['Apache::Service'], - } -} diff --git a/puppet/modules/apache/manifests/params.pp b/puppet/modules/apache/manifests/params.pp deleted file mode 100644 index 3ea1054..0000000 --- a/puppet/modules/apache/manifests/params.pp +++ /dev/null @@ -1,824 +0,0 @@ -# Class: apache::params -# -# This class manages Apache parameters -# -# Parameters: -# - The $user that Apache runs as -# - The $group that Apache runs as -# - The $apache_name is the name of the package and service on the relevant -# distribution -# - The $php_package is the name of the package that provided PHP -# - The $ssl_package is the name of the Apache SSL package -# - The $apache_dev is the name of the Apache development libraries package -# - The $conf_contents is the contents of the Apache configuration file -# -# Actions: -# -# Requires: -# -# Sample Usage: -# -class apache::params inherits ::apache::version { - if($::fqdn) { - $servername = $::fqdn - } else { - $servername = $::hostname - } - - # The default error log level - $log_level = 'warn' - $use_optional_includes = false - - # Default mime types settings - $mime_types_additional = { - 'AddHandler' => { 'type-map' => 'var', }, - 'AddType' => { 'text/html' => '.shtml', }, - 'AddOutputFilter' => { 'INCLUDES' => '.shtml', }, - } - - # should we use systemd module? - $use_systemd = true - - # Default mode for files - $file_mode = '0644' - - # The default value for host hame lookup - $hostname_lookups = 'Off' - - # Default options for / directory - $root_directory_options = ['FollowSymLinks'] - - $vhost_include_pattern = '*' - - $modsec_audit_log_parts = 'ABIJDEFHZ' - - # no client certs should be trusted for auth by default. - $ssl_certs_dir = undef - - if ($::apache::version::scl_httpd_version) { - if $::apache::version::scl_php_version == undef { - fail('If you define apache::version::scl_httpd_version, you also need to specify apache::version::scl_php_version') - } - $_scl_httpd_version_nodot = regsubst($::apache::version::scl_httpd_version, '\.', '') - $_scl_httpd_name = "httpd${_scl_httpd_version_nodot}" - - $_scl_php_version_no_dot = regsubst($::apache::version::scl_php_version, '\.', '') - $user = 'apache' - $group = 'apache' - $root_group = 'root' - $apache_name = "${_scl_httpd_name}-httpd" - $service_name = "${_scl_httpd_name}-httpd" - $httpd_root = "/opt/rh/${_scl_httpd_name}/root" - $httpd_dir = "${httpd_root}/etc/httpd" - $server_root = "${httpd_root}/etc/httpd" - $conf_dir = "${httpd_dir}/conf" - $confd_dir = "${httpd_dir}/conf.d" - $mod_dir = $::apache::version::distrelease ? { - '7' => "${httpd_dir}/conf.modules.d", - default => "${httpd_dir}/conf.d", - } - $mod_enable_dir = undef - $vhost_dir = "${httpd_dir}/conf.d" - $vhost_enable_dir = undef - $conf_file = 'httpd.conf' - $ports_file = "${conf_dir}/ports.conf" - $pidfile = 'run/httpd.pid' - $logroot = "/var/log/${_scl_httpd_name}" - $logroot_mode = undef - $lib_path = 'modules' - $mpm_module = 'prefork' - $dev_packages = "${_scl_httpd_name}-httpd-devel" - $default_ssl_cert = '/etc/pki/tls/certs/localhost.crt' - $default_ssl_key = '/etc/pki/tls/private/localhost.key' - $ssl_sessioncache = '/var/cache/mod_ssl/scache(512000)' - $passenger_conf_file = 'passenger_extra.conf' - $passenger_conf_package_file = 'passenger.conf' - $passenger_root = undef - $passenger_ruby = undef - $passenger_default_ruby = undef - $suphp_addhandler = 'php5-script' - $suphp_engine = 'off' - $suphp_configpath = undef - $php_version = $::apache::version::scl_php_version - $mod_packages = { - "php${::apache::version::scl_php_version}" => "rh-php${_scl_php_version_no_dot}-php", - 'ssl' => "${_scl_httpd_name}-mod_ssl", - } - $mod_libs = { - 'nss' => 'libmodnss.so', - } - $conf_template = 'apache/httpd.conf.erb' - $http_protocol_options = undef - $keepalive = 'On' - $keepalive_timeout = 15 - $max_keepalive_requests = 100 - $fastcgi_lib_path = undef - $mime_support_package = 'mailcap' - $mime_types_config = '/etc/mime.types' - $docroot = "${httpd_root}/var/www/html" - $alias_icons_path = $::apache::version::distrelease ? { - '7' => "${httpd_root}/usr/share/httpd/icons", - default => '/var/www/icons', - } - $error_documents_path = $::apache::version::distrelease ? { - '7' => "${httpd_root}/usr/share/httpd/error", - default => '/var/www/error' - } - if $::osfamily == 'RedHat' { - $wsgi_socket_prefix = '/var/run/wsgi' - } else { - $wsgi_socket_prefix = undef - } - $cas_cookie_path = '/var/cache/mod_auth_cas/' - $mellon_lock_file = '/run/mod_auth_mellon/lock' - $mellon_cache_size = 100 - $mellon_post_directory = undef - $modsec_crs_package = 'mod_security_crs' - $modsec_crs_path = '/usr/lib/modsecurity.d' - $modsec_dir = '/etc/httpd/modsecurity.d' - $secpcrematchlimit = 1500 - $secpcrematchlimitrecursion = 1500 - $modsec_secruleengine = 'On' - $modsec_default_rules = [ - 'base_rules/modsecurity_35_bad_robots.data', - 'base_rules/modsecurity_35_scanners.data', - 'base_rules/modsecurity_40_generic_attacks.data', - 'base_rules/modsecurity_50_outbound.data', - 'base_rules/modsecurity_50_outbound_malware.data', - 'base_rules/modsecurity_crs_20_protocol_violations.conf', - 'base_rules/modsecurity_crs_21_protocol_anomalies.conf', - 'base_rules/modsecurity_crs_23_request_limits.conf', - 'base_rules/modsecurity_crs_30_http_policy.conf', - 'base_rules/modsecurity_crs_35_bad_robots.conf', - 'base_rules/modsecurity_crs_40_generic_attacks.conf', - 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf', - 'base_rules/modsecurity_crs_41_xss_attacks.conf', - 'base_rules/modsecurity_crs_42_tight_security.conf', - 'base_rules/modsecurity_crs_45_trojans.conf', - 'base_rules/modsecurity_crs_47_common_exceptions.conf', - 'base_rules/modsecurity_crs_49_inbound_blocking.conf', - 'base_rules/modsecurity_crs_50_outbound.conf', - 'base_rules/modsecurity_crs_59_outbound_blocking.conf', - 'base_rules/modsecurity_crs_60_correlation.conf', - ] - $error_log = 'error_log' - $scriptalias = "${httpd_root}/var/www/cgi-bin" - $access_log_file = 'access_log' - } - elsif $::osfamily == 'RedHat' or $::operatingsystem =~ /^[Aa]mazon$/ { - $user = 'apache' - $group = 'apache' - $root_group = 'root' - $apache_name = 'httpd' - $service_name = 'httpd' - $httpd_dir = '/etc/httpd' - $server_root = '/etc/httpd' - $conf_dir = "${httpd_dir}/conf" - $confd_dir = "${httpd_dir}/conf.d" - $conf_enabled = undef - if $::operatingsystem =~ /^[Aa]mazon$/ and $::operatingsystemmajrelease == '2' { - # Amazon Linux 2 uses the /conf.modules.d/ dir - $mod_dir = "${httpd_dir}/conf.modules.d" - } else { - $mod_dir = $::apache::version::distrelease ? { - '7' => "${httpd_dir}/conf.modules.d", - default => "${httpd_dir}/conf.d", - } - } - $mod_enable_dir = undef - $vhost_dir = "${httpd_dir}/conf.d" - $vhost_enable_dir = undef - $conf_file = 'httpd.conf' - $ports_file = "${conf_dir}/ports.conf" - $pidfile = 'run/httpd.pid' - $logroot = '/var/log/httpd' - $logroot_mode = undef - $lib_path = 'modules' - $mpm_module = 'prefork' - $dev_packages = 'httpd-devel' - $default_ssl_cert = '/etc/pki/tls/certs/localhost.crt' - $default_ssl_key = '/etc/pki/tls/private/localhost.key' - $ssl_sessioncache = '/var/cache/mod_ssl/scache(512000)' - $passenger_conf_file = 'passenger_extra.conf' - $passenger_conf_package_file = 'passenger.conf' - $passenger_root = undef - $passenger_ruby = undef - $passenger_default_ruby = undef - $suphp_addhandler = 'php5-script' - $suphp_engine = 'off' - $suphp_configpath = undef - $php_version = '5' - $mod_packages = { - # NOTE: The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL. - 'auth_cas' => 'mod_auth_cas', - 'auth_kerb' => 'mod_auth_kerb', - 'auth_gssapi' => 'mod_auth_gssapi', - 'auth_mellon' => 'mod_auth_mellon', - 'authnz_ldap' => $::apache::version::distrelease ? { - '7' => 'mod_ldap', - default => 'mod_authz_ldap', - }, - 'authnz_pam' => 'mod_authnz_pam', - 'fastcgi' => $::apache::version::distrelease ? { - '5' => 'mod_fastcgi', - '6' => 'mod_fastcgi', - default => undef, - }, - 'fcgid' => 'mod_fcgid', - 'geoip' => 'mod_geoip', - 'intercept_form_submit' => 'mod_intercept_form_submit', - 'ldap' => $::apache::version::distrelease ? { - '7' => 'mod_ldap', - default => undef, - }, - 'lookup_identity' => 'mod_lookup_identity', - 'pagespeed' => 'mod-pagespeed-stable', - # NOTE: The passenger module isn't available on RH/CentOS without - # providing dependency packages provided by EPEL and passenger - # repositories. See - # https://www.phusionpassenger.com/library/install/apache/install/oss/el7/ - 'passenger' => 'mod_passenger', - 'perl' => 'mod_perl', - 'php5' => $::apache::version::distrelease ? { - '5' => 'php53', - default => 'php', - }, - 'phpXXX' => 'php', - 'proxy_html' => 'mod_proxy_html', - 'python' => 'mod_python', - 'security' => 'mod_security', - # NOTE: The module for Shibboleth is not available on RH/CentOS without - # providing dependency packages provided by Shibboleth's repositories. - # See http://wiki.aaf.edu.au/tech-info/sp-install-guide - 'shibboleth' => 'shibboleth', - 'ssl' => 'mod_ssl', - 'wsgi' => 'mod_wsgi', - 'dav_svn' => 'mod_dav_svn', - 'suphp' => 'mod_suphp', - 'xsendfile' => 'mod_xsendfile', - 'nss' => 'mod_nss', - 'shib2' => 'shibboleth', - } - $mod_libs = { - 'nss' => 'libmodnss.so', - } - $conf_template = 'apache/httpd.conf.erb' - $http_protocol_options = undef - $keepalive = 'On' - $keepalive_timeout = 15 - $max_keepalive_requests = 100 - $fastcgi_lib_path = undef - $mime_support_package = 'mailcap' - $mime_types_config = '/etc/mime.types' - $docroot = '/var/www/html' - $alias_icons_path = $::apache::version::distrelease ? { - '7' => '/usr/share/httpd/icons', - default => '/var/www/icons', - } - $error_documents_path = $::apache::version::distrelease ? { - '7' => '/usr/share/httpd/error', - default => '/var/www/error' - } - if $::osfamily == 'RedHat' { - $wsgi_socket_prefix = '/var/run/wsgi' - } else { - $wsgi_socket_prefix = undef - } - $cas_cookie_path = '/var/cache/mod_auth_cas/' - $mellon_lock_file = '/run/mod_auth_mellon/lock' - $mellon_cache_size = 100 - $mellon_post_directory = undef - $modsec_crs_package = 'mod_security_crs' - $modsec_crs_path = '/usr/lib/modsecurity.d' - $modsec_dir = '/etc/httpd/modsecurity.d' - $secpcrematchlimit = 1500 - $secpcrematchlimitrecursion = 1500 - $modsec_secruleengine = 'On' - $modsec_default_rules = [ - 'base_rules/modsecurity_35_bad_robots.data', - 'base_rules/modsecurity_35_scanners.data', - 'base_rules/modsecurity_40_generic_attacks.data', - 'base_rules/modsecurity_50_outbound.data', - 'base_rules/modsecurity_50_outbound_malware.data', - 'base_rules/modsecurity_crs_20_protocol_violations.conf', - 'base_rules/modsecurity_crs_21_protocol_anomalies.conf', - 'base_rules/modsecurity_crs_23_request_limits.conf', - 'base_rules/modsecurity_crs_30_http_policy.conf', - 'base_rules/modsecurity_crs_35_bad_robots.conf', - 'base_rules/modsecurity_crs_40_generic_attacks.conf', - 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf', - 'base_rules/modsecurity_crs_41_xss_attacks.conf', - 'base_rules/modsecurity_crs_42_tight_security.conf', - 'base_rules/modsecurity_crs_45_trojans.conf', - 'base_rules/modsecurity_crs_47_common_exceptions.conf', - 'base_rules/modsecurity_crs_49_inbound_blocking.conf', - 'base_rules/modsecurity_crs_50_outbound.conf', - 'base_rules/modsecurity_crs_59_outbound_blocking.conf', - 'base_rules/modsecurity_crs_60_correlation.conf', - ] - $error_log = 'error_log' - $scriptalias = '/var/www/cgi-bin' - $access_log_file = 'access_log' - } elsif $::osfamily == 'Debian' { - $user = 'www-data' - $group = 'www-data' - $root_group = 'root' - $apache_name = 'apache2' - $service_name = 'apache2' - $httpd_dir = '/etc/apache2' - $server_root = '/etc/apache2' - $conf_dir = $httpd_dir - $confd_dir = "${httpd_dir}/conf.d" - # Overwrite conf_enabled causes errors with Shibboleth when enabled on Ubuntu 18.04 - $conf_enabled = undef #"${httpd_dir}/conf-enabled.d" - $mod_dir = "${httpd_dir}/mods-available" - $mod_enable_dir = "${httpd_dir}/mods-enabled" - $vhost_dir = "${httpd_dir}/sites-available" - $vhost_enable_dir = "${httpd_dir}/sites-enabled" - $conf_file = 'apache2.conf' - $ports_file = "${conf_dir}/ports.conf" - $pidfile = "\${APACHE_PID_FILE}" - $logroot = '/var/log/apache2' - $logroot_mode = undef - $lib_path = '/usr/lib/apache2/modules' - $mpm_module = 'worker' - $default_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' - $default_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' - $ssl_sessioncache = "\${APACHE_RUN_DIR}/ssl_scache(512000)" - $suphp_addhandler = 'x-httpd-php' - $suphp_engine = 'off' - $suphp_configpath = '/etc/php5/apache2' - if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '16.04') < 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') < 0) { - # Only the major version is used here - $php_version = '5' - $mod_packages = { - 'auth_cas' => 'libapache2-mod-auth-cas', - 'auth_kerb' => 'libapache2-mod-auth-kerb', - 'auth_gssapi' => 'libapache2-mod-auth-gssapi', - 'auth_mellon' => 'libapache2-mod-auth-mellon', - 'authnz_pam' => 'libapache2-mod-authnz-pam', - 'dav_svn' => 'libapache2-svn', - 'fastcgi' => 'libapache2-mod-fastcgi', - 'fcgid' => 'libapache2-mod-fcgid', - 'geoip' => 'libapache2-mod-geoip', - 'intercept_form_submit' => 'libapache2-mod-intercept-form-submit', - 'lookup_identity' => 'libapache2-mod-lookup-identity', - 'nss' => 'libapache2-mod-nss', - 'pagespeed' => 'mod-pagespeed-stable', - 'passenger' => 'libapache2-mod-passenger', - 'perl' => 'libapache2-mod-perl2', - 'phpXXX' => 'libapache2-mod-phpXXX', - 'proxy_html' => 'libapache2-mod-proxy-html', - 'python' => 'libapache2-mod-python', - 'rpaf' => 'libapache2-mod-rpaf', - 'security' => 'libapache2-modsecurity', - 'shib2' => 'libapache2-mod-shib2', - 'suphp' => 'libapache2-mod-suphp', - 'wsgi' => 'libapache2-mod-wsgi', - 'xsendfile' => 'libapache2-mod-xsendfile', - } - } elsif ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) { - # Debian stretch uses a different dav_svn from Ubuntu Xenial - $php_version = '7.0' - $mod_packages = { - 'auth_cas' => 'libapache2-mod-auth-cas', - 'auth_kerb' => 'libapache2-mod-auth-kerb', - 'auth_gssapi' => 'libapache2-mod-auth-gssapi', - 'auth_mellon' => 'libapache2-mod-auth-mellon', - 'authnz_pam' => 'libapache2-mod-authnz-pam', - 'dav_svn' => 'libapache2-mod-svn', - 'fastcgi' => 'libapache2-mod-fastcgi', - 'fcgid' => 'libapache2-mod-fcgid', - 'geoip' => 'libapache2-mod-geoip', - 'intercept_form_submit' => 'libapache2-mod-intercept-form-submit', - 'lookup_identity' => 'libapache2-mod-lookup-identity', - 'nss' => 'libapache2-mod-nss', - 'pagespeed' => 'mod-pagespeed-stable', - 'passenger' => 'libapache2-mod-passenger', - 'perl' => 'libapache2-mod-perl2', - 'phpXXX' => 'libapache2-mod-phpXXX', - 'python' => 'libapache2-mod-python', - 'rpaf' => 'libapache2-mod-rpaf', - 'security' => 'libapache2-mod-security2', - 'shib2' => 'libapache2-mod-shib2', - 'suphp' => 'libapache2-mod-suphp', - 'wsgi' => 'libapache2-mod-wsgi', - 'xsendfile' => 'libapache2-mod-xsendfile', - } - } elsif ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') >= 0) { - # major.minor version used since Debian stretch and Ubuntu Xenial - $php_version = '7.2' # different to Ubuntu 16.04 - # fastcgi and suphp got removed from #mod_packages, they aren't supported anymore - $mod_packages = { - 'auth_cas' => 'libapache2-mod-auth-cas', - 'auth_kerb' => 'libapache2-mod-auth-kerb', - 'auth_gssapi' => 'libapache2-mod-auth-gssapi', - 'auth_mellon' => 'libapache2-mod-auth-mellon', - 'authnz_pam' => 'libapache2-mod-authnz-pam', - 'dav_svn' => 'libapache2-mod-svn', # different to Ubuntu16.04 - 'fcgid' => 'libapache2-mod-fcgid', - 'geoip' => 'libapache2-mod-geoip', - 'intercept_form_submit' => 'libapache2-mod-intercept-form-submit', - 'lookup_identity' => 'libapache2-mod-lookup-identity', - 'nss' => 'libapache2-mod-nss', - 'pagespeed' => 'mod-pagespeed-stable', - 'passenger' => 'libapache2-mod-passenger', - 'perl' => 'libapache2-mod-perl2', - 'phpXXX' => 'libapache2-mod-phpXXX', - 'python' => 'libapache2-mod-python', - 'rpaf' => 'libapache2-mod-rpaf', - 'security' => 'libapache2-mod-security2', - 'shib2' => 'libapache2-mod-shib2', - 'wsgi' => 'libapache2-mod-wsgi', - 'xsendfile' => 'libapache2-mod-xsendfile', - } - } else { - # major.minor version used since Debian stretch and Ubuntu Xenial - $php_version = '7.0' - $mod_packages = { - 'auth_cas' => 'libapache2-mod-auth-cas', - 'auth_kerb' => 'libapache2-mod-auth-kerb', - 'auth_gssapi' => 'libapache2-mod-auth-gssapi', - 'auth_mellon' => 'libapache2-mod-auth-mellon', - 'authnz_pam' => 'libapache2-mod-authnz-pam', - 'dav_svn' => 'libapache2-svn', - 'fastcgi' => 'libapache2-mod-fastcgi', - 'fcgid' => 'libapache2-mod-fcgid', - 'geoip' => 'libapache2-mod-geoip', - 'intercept_form_submit' => 'libapache2-mod-intercept-form-submit', - 'lookup_identity' => 'libapache2-mod-lookup-identity', - 'nss' => 'libapache2-mod-nss', - 'pagespeed' => 'mod-pagespeed-stable', - 'passenger' => 'libapache2-mod-passenger', - 'perl' => 'libapache2-mod-perl2', - 'phpXXX' => 'libapache2-mod-phpXXX', - 'python' => 'libapache2-mod-python', - 'rpaf' => 'libapache2-mod-rpaf', - 'security' => 'libapache2-modsecurity', - 'shib2' => 'libapache2-mod-shib2', - 'suphp' => 'libapache2-mod-suphp', - 'wsgi' => 'libapache2-mod-wsgi', - 'xsendfile' => 'libapache2-mod-xsendfile', - } - } - $error_log = 'error.log' - $scriptalias = '/usr/lib/cgi-bin' - $access_log_file = 'access.log' - if $::osfamily == 'Debian' and versioncmp($::operatingsystemrelease, '8') < 0 { - $shib2_lib = 'mod_shib_22.so' - } else { - $shib2_lib = 'mod_shib2.so' - } - $mod_libs = { - 'shib2' => $shib2_lib, - } - $conf_template = 'apache/httpd.conf.erb' - $http_protocol_options = undef - $keepalive = 'On' - $keepalive_timeout = 15 - $max_keepalive_requests = 100 - $fastcgi_lib_path = '/var/lib/apache2/fastcgi' - $mime_support_package = 'mime-support' - $mime_types_config = '/etc/mime.types' - if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) { - $docroot = '/var/www/html' - } else { - $docroot = '/var/www' - } - $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/' - $mellon_lock_file = undef - $mellon_cache_size = undef - $mellon_post_directory = '/var/cache/apache2/mod_auth_mellon/' - $modsec_crs_package = 'modsecurity-crs' - $modsec_crs_path = '/usr/share/modsecurity-crs' - $modsec_dir = '/etc/modsecurity' - $secpcrematchlimit = 1500 - $secpcrematchlimitrecursion = 1500 - $modsec_secruleengine = 'On' - if ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) or ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') >= 0) { - $modsec_default_rules = [ - 'crawlers-user-agents.data', - 'iis-errors.data', - 'java-code-leakages.data', - 'java-errors.data', - 'lfi-os-files.data', - 'php-config-directives.data', - 'php-errors.data', - 'php-function-names-933150.data', - 'php-function-names-933151.data', - 'php-variables.data', - 'restricted-files.data', - 'scanners-headers.data', - 'scanners-urls.data', - 'scanners-user-agents.data', - 'scripting-user-agents.data', - 'sql-errors.data', - 'sql-function-names.data', - 'unix-shell.data', - 'windows-powershell-commands.data', - ] - } else { - $modsec_default_rules = [ - 'base_rules/modsecurity_35_bad_robots.data', - 'base_rules/modsecurity_35_scanners.data', - 'base_rules/modsecurity_40_generic_attacks.data', - 'base_rules/modsecurity_50_outbound.data', - 'base_rules/modsecurity_50_outbound_malware.data', - 'base_rules/modsecurity_crs_20_protocol_violations.conf', - 'base_rules/modsecurity_crs_21_protocol_anomalies.conf', - 'base_rules/modsecurity_crs_23_request_limits.conf', - 'base_rules/modsecurity_crs_30_http_policy.conf', - 'base_rules/modsecurity_crs_35_bad_robots.conf', - 'base_rules/modsecurity_crs_40_generic_attacks.conf', - 'base_rules/modsecurity_crs_41_sql_injection_attacks.conf', - 'base_rules/modsecurity_crs_41_xss_attacks.conf', - 'base_rules/modsecurity_crs_42_tight_security.conf', - 'base_rules/modsecurity_crs_45_trojans.conf', - 'base_rules/modsecurity_crs_47_common_exceptions.conf', - 'base_rules/modsecurity_crs_49_inbound_blocking.conf', - 'base_rules/modsecurity_crs_50_outbound.conf', - 'base_rules/modsecurity_crs_59_outbound_blocking.conf', - 'base_rules/modsecurity_crs_60_correlation.conf', - ] - } - $alias_icons_path = '/usr/share/apache2/icons' - $error_documents_path = '/usr/share/apache2/error' - if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) { - $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev'] - } else { - $dev_packages = ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] - } - - # - # Passenger-specific settings - # - - $passenger_conf_file = 'passenger.conf' - $passenger_conf_package_file = undef - - if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '14.04') < 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') < 0) { - $passenger_root = '/usr' - $passenger_ruby = '/usr/bin/ruby' - $passenger_default_ruby = undef - } else { - $passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini' - $passenger_ruby = undef - $passenger_default_ruby = '/usr/bin/ruby' - } - $wsgi_socket_prefix = undef - } elsif $::osfamily == 'FreeBSD' { - $user = 'www' - $group = 'www' - $root_group = 'wheel' - $apache_name = 'apache24' - $service_name = 'apache24' - $httpd_dir = '/usr/local/etc/apache24' - $server_root = '/usr/local' - $conf_dir = $httpd_dir - $confd_dir = "${httpd_dir}/Includes" - $conf_enabled = undef - $mod_dir = "${httpd_dir}/Modules" - $mod_enable_dir = undef - $vhost_dir = "${httpd_dir}/Vhosts" - $vhost_enable_dir = undef - $conf_file = 'httpd.conf' - $ports_file = "${conf_dir}/ports.conf" - $pidfile = '/var/run/httpd.pid' - $logroot = '/var/log/apache24' - $logroot_mode = undef - $lib_path = '/usr/local/libexec/apache24' - $mpm_module = 'prefork' - $dev_packages = undef - $default_ssl_cert = '/usr/local/etc/apache24/server.crt' - $default_ssl_key = '/usr/local/etc/apache24/server.key' - $ssl_sessioncache = '/var/run/ssl_scache(512000)' - $passenger_conf_file = 'passenger.conf' - $passenger_conf_package_file = undef - $passenger_root = '/usr/local/lib/ruby/gems/2.0/gems/passenger-4.0.58' - $passenger_ruby = '/usr/local/bin/ruby' - $passenger_default_ruby = undef - $suphp_addhandler = 'php5-script' - $suphp_engine = 'off' - $suphp_configpath = undef - $php_version = '5' - $mod_packages = { - # NOTE: I list here only modules that are not included in www/apache24 - # NOTE: 'passenger' needs to enable APACHE_SUPPORT in make config - # NOTE: 'php' needs to enable APACHE option in make config - # NOTE: 'dav_svn' needs to enable MOD_DAV_SVN make config - # NOTE: not sure where the shibboleth should come from - 'auth_kerb' => 'www/mod_auth_kerb2', - 'auth_gssapi' => 'www/mod_auth_gssapi', - 'fcgid' => 'www/mod_fcgid', - 'passenger' => 'www/rubygem-passenger', - 'perl' => 'www/mod_perl2', - 'phpXXX' => 'www/mod_phpXXX', - 'proxy_html' => 'www/mod_proxy_html', - 'python' => 'www/mod_python3', - 'wsgi' => 'www/mod_wsgi', - 'dav_svn' => 'devel/subversion', - 'xsendfile' => 'www/mod_xsendfile', - 'rpaf' => 'www/mod_rpaf2', - 'shib2' => 'security/shibboleth2-sp', - } - $mod_libs = { - } - $conf_template = 'apache/httpd.conf.erb' - $http_protocol_options = undef - $keepalive = 'On' - $keepalive_timeout = 15 - $max_keepalive_requests = 100 - $fastcgi_lib_path = undef # TODO: revisit - $mime_support_package = 'misc/mime-support' - $mime_types_config = '/usr/local/etc/mime.types' - $wsgi_socket_prefix = undef - $docroot = '/usr/local/www/apache24/data' - $alias_icons_path = '/usr/local/www/apache24/icons' - $error_documents_path = '/usr/local/www/apache24/error' - $error_log = 'httpd-error.log' - $scriptalias = '/usr/local/www/apache24/cgi-bin' - $access_log_file = 'httpd-access.log' - } elsif $::osfamily == 'Gentoo' { - $user = 'apache' - $group = 'apache' - $root_group = 'wheel' - $apache_name = 'www-servers/apache' - $service_name = 'apache2' - $httpd_dir = '/etc/apache2' - $server_root = '/var/www' - $conf_dir = $httpd_dir - $confd_dir = "${httpd_dir}/conf.d" - $conf_enabled = undef - $mod_dir = "${httpd_dir}/modules.d" - $mod_enable_dir = undef - $vhost_dir = "${httpd_dir}/vhosts.d" - $vhost_enable_dir = undef - $conf_file = 'httpd.conf' - $ports_file = "${conf_dir}/ports.conf" - $logroot = '/var/log/apache2' - $logroot_mode = undef - $lib_path = '/usr/lib/apache2/modules' - $mpm_module = 'prefork' - $dev_packages = undef - $default_ssl_cert = '/etc/ssl/apache2/server.crt' - $default_ssl_key = '/etc/ssl/apache2/server.key' - $ssl_sessioncache = '/var/run/ssl_scache(512000)' - $passenger_root = '/usr' - $passenger_ruby = '/usr/bin/ruby' - $passenger_conf_file = 'passenger.conf' - $passenger_conf_package_file = undef - $passenger_default_ruby = undef - $suphp_addhandler = 'x-httpd-php' - $suphp_engine = 'off' - $suphp_configpath = '/etc/php5/apache2' - $php_version = '5' - $mod_packages = { - # NOTE: I list here only modules that are not included in www-servers/apache - 'auth_kerb' => 'www-apache/mod_auth_kerb', - 'auth_gssapi' => 'www-apache/mod_auth_gssapi', - 'authnz_external' => 'www-apache/mod_authnz_external', - 'fcgid' => 'www-apache/mod_fcgid', - 'passenger' => 'www-apache/passenger', - 'perl' => 'www-apache/mod_perl', - 'phpXXX' => 'dev-lang/php', - 'proxy_html' => 'www-apache/mod_proxy_html', - 'proxy_fcgi' => 'www-apache/mod_proxy_fcgi', - 'python' => 'www-apache/mod_python', - 'wsgi' => 'www-apache/mod_wsgi', - 'dav_svn' => 'dev-vcs/subversion', - 'xsendfile' => 'www-apache/mod_xsendfile', - 'rpaf' => 'www-apache/mod_rpaf', - 'xml2enc' => 'www-apache/mod_xml2enc', - } - $mod_libs = { - } - $conf_template = 'apache/httpd.conf.erb' - $http_protocol_options = undef - $keepalive = 'On' - $keepalive_timeout = 15 - $max_keepalive_requests = 100 - $fastcgi_lib_path = undef # TODO: revisit - $mime_support_package = 'app-misc/mime-types' - $mime_types_config = '/etc/mime.types' - $wsgi_socket_prefix = undef - $docroot = '/var/www/localhost/htdocs' - $alias_icons_path = '/usr/share/apache2/icons' - $error_documents_path = '/usr/share/apache2/error' - $pidfile = '/var/run/apache2.pid' - $error_log = 'error.log' - $scriptalias = '/var/www/localhost/cgi-bin' - $access_log_file = 'access.log' - } elsif $::osfamily == 'Suse' { - $user = 'wwwrun' - $group = 'www' - $root_group = 'root' - $apache_name = 'apache2' - $service_name = 'apache2' - $httpd_dir = '/etc/apache2' - $server_root = '/etc/apache2' - $conf_dir = $httpd_dir - $confd_dir = "${httpd_dir}/conf.d" - $conf_enabled = undef - $mod_dir = "${httpd_dir}/mods-available" - $mod_enable_dir = "${httpd_dir}/mods-enabled" - $vhost_dir = "${httpd_dir}/sites-available" - $vhost_enable_dir = "${httpd_dir}/sites-enabled" - $conf_file = 'httpd.conf' - $ports_file = "${conf_dir}/ports.conf" - $pidfile = '/var/run/httpd2.pid' - $logroot = '/var/log/apache2' - $logroot_mode = undef - $lib_path = '/usr/lib64/apache2' #changes for some modules based on mpm - $mpm_module = 'prefork' - - if $::operatingsystemrelease < '15' { - $default_ssl_cert = '/etc/apache2/ssl.crt/server.crt' - $default_ssl_key = '/etc/apache2/ssl.key/server.key' - } else { - $default_ssl_cert = '/etc/apache2/ssl.crt/default-server.crt' - $default_ssl_key = '/etc/apache2/ssl.key/default-server.key' - } - $ssl_sessioncache = '/var/lib/apache2/ssl_scache(512000)' - $suphp_addhandler = 'x-httpd-php' - $suphp_engine = 'off' - $suphp_configpath = '/etc/php5/apache2' - $php_version = '5' - if $::operatingsystemrelease < '11' or $::operatingsystemrelease >= '12' { - $mod_packages = { - 'auth_kerb' => 'apache2-mod_auth_kerb', - 'auth_gssapi' => 'apache2-mod_auth_gssapi', - 'dav_svn' => 'subversion-server', - 'perl' => 'apache2-mod_perl', - 'php5' => 'apache2-mod_php5', - 'python' => 'apache2-mod_python', - 'security' => 'apache2-mod_security2', - 'worker' => 'apache2-worker', - } - } else { - $mod_packages = { - 'auth_kerb' => 'apache2-mod_auth_kerb', - 'auth_gssapi' => 'apache2-mod_auth_gssapi', - 'dav_svn' => 'subversion-server', - 'perl' => 'apache2-mod_perl', - 'php5' => 'apache2-mod_php53', - 'python' => 'apache2-mod_python', - 'security' => 'apache2-mod_security2', - } - } - $mod_libs = { - 'security' => '/usr/lib64/apache2/mod_security2.so', - 'php53' => '/usr/lib64/apache2/mod_php5.so', - } - $conf_template = 'apache/httpd.conf.erb' - $http_protocol_options = undef - $keepalive = 'On' - $keepalive_timeout = 15 - $max_keepalive_requests = 100 - $fastcgi_lib_path = '/var/lib/apache2/fastcgi' - $mime_support_package = 'aaa_base' - $mime_types_config = '/etc/mime.types' - $docroot = '/srv/www' - $cas_cookie_path = '/var/cache/apache2/mod_auth_cas/' - $mellon_lock_file = undef - $mellon_cache_size = undef - $mellon_post_directory = undef - $alias_icons_path = '/usr/share/apache2/icons' - $error_documents_path = '/usr/share/apache2/error' - $dev_packages = ['libapr-util1-devel', 'libapr1-devel', 'libcurl-devel'] - $modsec_crs_package = undef - $modsec_crs_path = undef - $modsec_default_rules = undef - $modsec_dir = '/etc/apache2/modsecurity' - $secpcrematchlimit = 1500 - $secpcrematchlimitrecursion = 1500 - $modsec_secruleengine = 'On' - $error_log = 'error.log' - $scriptalias = '/usr/lib/cgi-bin' - $access_log_file = 'access.log' - - # - # Passenger-specific settings - # - - $passenger_conf_file = 'passenger.conf' - $passenger_conf_package_file = undef - - $passenger_root = '/usr/lib64/ruby/gems/1.8/gems/passenger-5.0.30' - $passenger_ruby = '/usr/bin/ruby' - $passenger_default_ruby = '/usr/bin/ruby' - $wsgi_socket_prefix = undef - - } else { - fail("Class['apache::params']: Unsupported osfamily: ${::osfamily}") - } - - if ($::operatingsystem == 'Ubuntu' and $::lsbdistrelease == '10.04') or ($::operatingsystem == 'SLES') { - $verify_command = '/usr/sbin/apache2ctl -t' - } elsif $::operatingsystem == 'FreeBSD' { - $verify_command = '/usr/local/sbin/apachectl -t' - } elsif ($::apache::version::scl_httpd_version) { - $verify_command = "/opt/rh/${_scl_httpd_name}/root/usr/sbin/apachectl -t" - } else { - $verify_command = '/usr/sbin/apachectl -t' - } -} diff --git a/puppet/modules/apache/manifests/peruser/multiplexer.pp b/puppet/modules/apache/manifests/peruser/multiplexer.pp deleted file mode 100644 index 97143a1..0000000 --- a/puppet/modules/apache/manifests/peruser/multiplexer.pp +++ /dev/null @@ -1,17 +0,0 @@ -define apache::peruser::multiplexer ( - $user = $::apache::user, - $group = $::apache::group, - $file = undef, -) { - if ! $file { - $filename = "${name}.conf" - } else { - $filename = $file - } - file { "${::apache::mod_dir}/peruser/multiplexers/${filename}": - ensure => file, - content => "Multiplexer ${user} ${group}\n", - require => File["${::apache::mod_dir}/peruser/multiplexers"], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/peruser/processor.pp b/puppet/modules/apache/manifests/peruser/processor.pp deleted file mode 100644 index 30de61d..0000000 --- a/puppet/modules/apache/manifests/peruser/processor.pp +++ /dev/null @@ -1,17 +0,0 @@ -define apache::peruser::processor ( - $user, - $group, - $file = undef, -) { - if ! $file { - $filename = "${name}.conf" - } else { - $filename = $file - } - file { "${::apache::mod_dir}/peruser/processors/${filename}": - ensure => file, - content => "Processor ${user} ${group}\n", - require => File["${::apache::mod_dir}/peruser/processors"], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/php.pp b/puppet/modules/apache/manifests/php.pp deleted file mode 100644 index 9fa9c68..0000000 --- a/puppet/modules/apache/manifests/php.pp +++ /dev/null @@ -1,18 +0,0 @@ -# Class: apache::php -# -# This class installs PHP for Apache -# -# Parameters: -# - $php_package -# -# Actions: -# - Install Apache PHP package -# -# Requires: -# -# Sample Usage: -# -class apache::php { - warning('apache::php is deprecated; please use apache::mod::php') - include ::apache::mod::php -} diff --git a/puppet/modules/apache/manifests/proxy.pp b/puppet/modules/apache/manifests/proxy.pp deleted file mode 100644 index 050f36c..0000000 --- a/puppet/modules/apache/manifests/proxy.pp +++ /dev/null @@ -1,15 +0,0 @@ -# Class: apache::proxy -# -# This class enabled the proxy module for Apache -# -# Actions: -# - Enables Apache Proxy module -# -# Requires: -# -# Sample Usage: -# -class apache::proxy { - warning('apache::proxy is deprecated; please use apache::mod::proxy') - include ::apache::mod::proxy -} diff --git a/puppet/modules/apache/manifests/python.pp b/puppet/modules/apache/manifests/python.pp deleted file mode 100644 index 723a753..0000000 --- a/puppet/modules/apache/manifests/python.pp +++ /dev/null @@ -1,18 +0,0 @@ -# Class: apache::python -# -# This class installs Python for Apache -# -# Parameters: -# - $php_package -# -# Actions: -# - Install Apache Python package -# -# Requires: -# -# Sample Usage: -# -class apache::python { - warning('apache::python is deprecated; please use apache::mod::python') - include ::apache::mod::python -} diff --git a/puppet/modules/apache/manifests/security/rule_link.pp b/puppet/modules/apache/manifests/security/rule_link.pp deleted file mode 100644 index 7edb1f4..0000000 --- a/puppet/modules/apache/manifests/security/rule_link.pp +++ /dev/null @@ -1,18 +0,0 @@ -define apache::security::rule_link () { - - $parts = split($title, '/') - $filename = $parts[-1] - - $target = $title ? { - /^\// => $title, - default => "${::apache::params::modsec_crs_path}/${title}", - } - - file { $filename: - ensure => 'link', - path => "${::apache::mod::security::modsec_dir}/activated_rules/${filename}", - target => $target , - require => File["${::apache::mod::security::modsec_dir}/activated_rules"], - notify => Class['apache::service'], - } -} diff --git a/puppet/modules/apache/manifests/service.pp b/puppet/modules/apache/manifests/service.pp deleted file mode 100644 index ff082dc..0000000 --- a/puppet/modules/apache/manifests/service.pp +++ /dev/null @@ -1,51 +0,0 @@ -# Class: apache::service -# -# Manages the Apache daemon -# -# Parameters: -# -# Actions: -# - Manage Apache service -# -# Requires: -# -# Sample Usage: -# -# sometype { 'foo': -# notify => Class['apache::service'], -# } -# -# -class apache::service ( - $service_name = $::apache::params::service_name, - Boolean $service_enable = true, - $service_ensure = 'running', - Boolean $service_manage = true, - $service_restart = undef -) { - - # The base class must be included first because parameter defaults depend on it - if ! defined(Class['apache::params']) { - fail('You must include the apache::params class before using any apache defined resources') - } - case $service_ensure { - true, false, 'running', 'stopped': { - $_service_ensure = $service_ensure - } - default: { - $_service_ensure = undef - } - } - - $service_hasrestart = $service_restart == undef - - if $service_manage { - service { 'httpd': - ensure => $_service_ensure, - name => $service_name, - enable => $service_enable, - restart => $service_restart, - hasrestart => $service_hasrestart, - } - } -} diff --git a/puppet/modules/apache/manifests/ssl.pp b/puppet/modules/apache/manifests/ssl.pp deleted file mode 100644 index d0b3659..0000000 --- a/puppet/modules/apache/manifests/ssl.pp +++ /dev/null @@ -1,18 +0,0 @@ -# Class: apache::ssl -# -# This class installs Apache SSL capabilities -# -# Parameters: -# - The $ssl_package name from the apache::params class -# -# Actions: -# - Install Apache SSL capabilities -# -# Requires: -# -# Sample Usage: -# -class apache::ssl { - warning('apache::ssl is deprecated; please use apache::mod::ssl') - include ::apache::mod::ssl -} diff --git a/puppet/modules/apache/manifests/version.pp b/puppet/modules/apache/manifests/version.pp deleted file mode 100644 index 82c00c5..0000000 --- a/puppet/modules/apache/manifests/version.pp +++ /dev/null @@ -1,55 +0,0 @@ -# Class: apache::version -# -# Try to automatically detect the version by OS -# -class apache::version( - Optional[String] $scl_httpd_version = undef, - Optional[String] $scl_php_version = undef, -) { - # This will be 5 or 6 on RedHat, 6 or wheezy on Debian, 12 or quantal on Ubuntu, etc. - $osr_array = split($::operatingsystemrelease,'[\/\.]') - $distrelease = $osr_array[0] - if ! $distrelease { - fail("Class['apache::version']: Unparsable \$::operatingsystemrelease: ${::operatingsystemrelease}") - } - - case $::osfamily { - 'RedHat': { - if $scl_httpd_version { - $default = $scl_httpd_version - } - elsif ($::operatingsystem == 'Amazon') { - $default = '2.2' - } elsif ($::operatingsystem == 'Fedora' and versioncmp($distrelease, '18') >= 0) or ($::operatingsystem != 'Fedora' and versioncmp($distrelease, '7') >= 0) { - $default = '2.4' - } else { - $default = '2.2' - } - } - 'Debian': { - if $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0 { - $default = '2.4' - } elsif $::operatingsystem == 'Debian' and versioncmp($distrelease, '8') >= 0 { - $default = '2.4' - } else { - $default = '2.2' - } - } - 'FreeBSD': { - $default = '2.4' - } - 'Gentoo': { - $default = '2.4' - } - 'Suse': { - if ($::operatingsystem == 'SLES' and $::operatingsystemrelease >= '12') or ($::operatingsystem == 'OpenSuSE' and $::operatingsystemrelease >= '42') { - $default = '2.4' - } else { - $default = '2.2' - } - } - default: { - fail("Class['apache::version']: Unsupported osfamily: ${::osfamily}") - } - } -} diff --git a/puppet/modules/apache/manifests/vhost.pp b/puppet/modules/apache/manifests/vhost.pp deleted file mode 100644 index 515ade7..0000000 --- a/puppet/modules/apache/manifests/vhost.pp +++ /dev/null @@ -1,1111 +0,0 @@ -# See README.md for usage information -define apache::vhost( - Variant[Boolean,String] $docroot, - $manage_docroot = true, - $virtual_docroot = false, - $port = undef, - $ip = undef, - Boolean $ip_based = false, - $add_listen = true, - $docroot_owner = 'root', - $docroot_group = $::apache::params::root_group, - $docroot_mode = undef, - Array[Enum['h2', 'h2c', 'http/1.1']] $protocols = [], - Optional[Boolean] $protocols_honor_order = undef, - $serveradmin = undef, - Boolean $ssl = false, - $ssl_cert = $::apache::default_ssl_cert, - $ssl_key = $::apache::default_ssl_key, - $ssl_chain = $::apache::default_ssl_chain, - $ssl_ca = $::apache::default_ssl_ca, - $ssl_crl_path = $::apache::default_ssl_crl_path, - $ssl_crl = $::apache::default_ssl_crl, - $ssl_crl_check = $::apache::default_ssl_crl_check, - $ssl_certs_dir = $::apache::params::ssl_certs_dir, - $ssl_protocol = undef, - $ssl_cipher = undef, - $ssl_honorcipherorder = undef, - $ssl_verify_client = undef, - $ssl_verify_depth = undef, - Optional[Enum['none', 'optional', 'require', 'optional_no_ca']] $ssl_proxy_verify = undef, - Optional[Integer[0]] $ssl_proxy_verify_depth = undef, - $ssl_proxy_ca_cert = undef, - Optional[Enum['on', 'off']] $ssl_proxy_check_peer_cn = undef, - Optional[Enum['on', 'off']] $ssl_proxy_check_peer_name = undef, - Optional[Enum['on', 'off']] $ssl_proxy_check_peer_expire = undef, - $ssl_proxy_machine_cert = undef, - $ssl_proxy_cipher_suite = undef, - $ssl_proxy_protocol = undef, - $ssl_options = undef, - $ssl_openssl_conf_cmd = undef, - Boolean $ssl_proxyengine = false, - Optional[Boolean] $ssl_stapling = undef, - $ssl_stapling_timeout = undef, - $ssl_stapling_return_errors = undef, - $priority = undef, - Boolean $default_vhost = false, - $servername = $name, - $serveraliases = [], - $options = ['Indexes','FollowSymLinks','MultiViews'], - $override = ['None'], - $directoryindex = '', - $vhost_name = '*', - $logroot = $::apache::logroot, - Enum['directory', 'absent'] $logroot_ensure = 'directory', - $logroot_mode = undef, - $logroot_owner = undef, - $logroot_group = undef, - $log_level = undef, - Boolean $access_log = true, - $access_log_file = false, - $access_log_pipe = false, - $access_log_syslog = false, - $access_log_format = false, - $access_log_env_var = false, - Optional[Array] $access_logs = undef, - $aliases = undef, - Optional[Variant[Hash, Array[Variant[Array,Hash]]]] $directories = undef, - Boolean $error_log = true, - $error_log_file = undef, - $error_log_pipe = undef, - $error_log_syslog = undef, - Optional[Pattern[/^((Strict|Unsafe)?\s*(\b(Registered|Lenient)Methods)?\s*(\b(Allow0\.9|Require1\.0))?)$/]] $http_protocol_options = undef, - $modsec_audit_log = undef, - $modsec_audit_log_file = undef, - $modsec_audit_log_pipe = undef, - $error_documents = [], - Optional[Variant[Stdlib::Absolutepath, Enum['disabled']]] $fallbackresource = undef, - $scriptalias = undef, - $scriptaliases = [], - $proxy_dest = undef, - $proxy_dest_match = undef, - $proxy_dest_reverse_match = undef, - $proxy_pass = undef, - $proxy_pass_match = undef, - $suphp_addhandler = $::apache::params::suphp_addhandler, - Enum['on', 'off'] $suphp_engine = $::apache::params::suphp_engine, - $suphp_configpath = $::apache::params::suphp_configpath, - $php_flags = {}, - $php_values = {}, - $php_admin_flags = {}, - $php_admin_values = {}, - $no_proxy_uris = [], - $no_proxy_uris_match = [], - $proxy_preserve_host = false, - $proxy_add_headers = undef, - $proxy_error_override = false, - $redirect_source = '/', - $redirect_dest = undef, - $redirect_status = undef, - $redirectmatch_status = undef, - $redirectmatch_regexp = undef, - $redirectmatch_dest = undef, - $headers = undef, - $request_headers = undef, - $filters = undef, - Optional[Array] $rewrites = undef, - $rewrite_base = undef, - $rewrite_rule = undef, - $rewrite_cond = undef, - $rewrite_inherit = false, - $setenv = [], - $setenvif = [], - $setenvifnocase = [], - $block = [], - Enum['absent', 'present'] $ensure = 'present', - $wsgi_application_group = undef, - $wsgi_daemon_process = undef, - Optional[Hash] $wsgi_daemon_process_options = undef, - $wsgi_import_script = undef, - Optional[Hash] $wsgi_import_script_options = undef, - $wsgi_process_group = undef, - Optional[Hash] $wsgi_script_aliases_match = undef, - Optional[Hash] $wsgi_script_aliases = undef, - Optional[Enum['on', 'off', 'On', 'Off']] $wsgi_pass_authorization = undef, - $wsgi_chunked_request = undef, - Optional[String] $custom_fragment = undef, - Optional[Hash] $itk = undef, - $action = undef, - $fastcgi_server = undef, - $fastcgi_socket = undef, - $fastcgi_dir = undef, - $fastcgi_idle_timeout = undef, - $additional_includes = [], - $use_optional_includes = $::apache::use_optional_includes, - $apache_version = $::apache::apache_version, - Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes = undef, - Optional[Pattern[/^[\w-]+ [\w-]+$/]] $suexec_user_group = undef, - - Optional[Boolean] $h2_copy_files = undef, - Optional[Boolean] $h2_direct = undef, - Optional[Boolean] $h2_early_hints = undef, - Optional[Integer] $h2_max_session_streams = undef, - Optional[Boolean] $h2_modern_tls_only = undef, - Optional[Boolean] $h2_push = undef, - Optional[Integer] $h2_push_diary_size = undef, - Array[String] $h2_push_priority = [], - Array[String] $h2_push_resource = [], - Optional[Boolean] $h2_serialize_headers = undef, - Optional[Integer] $h2_stream_max_mem_size = undef, - Optional[Integer] $h2_tls_cool_down_secs = undef, - Optional[Integer] $h2_tls_warm_up_size = undef, - Optional[Boolean] $h2_upgrade = undef, - Optional[Integer] $h2_window_size = undef, - - Optional[Boolean] $passenger_enabled = undef, - Optional[String] $passenger_base_uri = undef, - Optional[Stdlib::Absolutepath] $passenger_ruby = undef, - Optional[Stdlib::Absolutepath] $passenger_python = undef, - Optional[Stdlib::Absolutepath] $passenger_nodejs = undef, - Optional[String] $passenger_meteor_app_settings = undef, - Optional[String] $passenger_app_env = undef, - Optional[Stdlib::Absolutepath] $passenger_app_root = undef, - Optional[String] $passenger_app_group_name = undef, - Optional[Enum['meteor', 'node', 'rack', 'wsgi']] $passenger_app_type = undef, - Optional[String] $passenger_startup_file = undef, - Optional[String] $passenger_restart_dir = undef, - Optional[Enum['direct', 'smart']] $passenger_spawn_method = undef, - Optional[Boolean] $passenger_load_shell_envvars = undef, - Optional[Boolean] $passenger_rolling_restarts = undef, - Optional[Boolean] $passenger_resist_deployment_errors = undef, - Optional[String] $passenger_user = undef, - Optional[String] $passenger_group = undef, - Optional[Boolean] $passenger_friendly_error_pages = undef, - Optional[Integer] $passenger_min_instances = undef, - Optional[Integer] $passenger_max_instances = undef, - Optional[Integer] $passenger_max_preloader_idle_time = undef, - Optional[Integer] $passenger_force_max_concurrent_requests_per_process = undef, - Optional[Integer] $passenger_start_timeout = undef, - Optional[Enum['process', 'thread']] $passenger_concurrency_model = undef, - Optional[Integer] $passenger_thread_count = undef, - Optional[Integer] $passenger_max_requests = undef, - Optional[Integer] $passenger_max_request_time = undef, - Optional[Integer] $passenger_memory_limit = undef, - Optional[Integer] $passenger_stat_throttle_rate = undef, - Optional[Variant[String,Array[String]]] $passenger_pre_start = undef, - Optional[Boolean] $passenger_high_performance = undef, - Optional[Boolean] $passenger_buffer_upload = undef, - Optional[Boolean] $passenger_buffer_response = undef, - Optional[Boolean] $passenger_error_override = undef, - Optional[Integer] $passenger_max_request_queue_size = undef, - Optional[Integer] $passenger_max_request_queue_time = undef, - Optional[Boolean] $passenger_sticky_sessions = undef, - Optional[String] $passenger_sticky_sessions_cookie_name = undef, - Optional[Boolean] $passenger_allow_encoded_slashes = undef, - Optional[Boolean] $passenger_debugger = undef, - Optional[Integer] $passenger_lve_min_uid = undef, - $add_default_charset = undef, - $modsec_disable_vhost = undef, - Optional[Variant[Hash, Array]] $modsec_disable_ids = undef, - $modsec_disable_ips = undef, - Optional[Variant[Hash, Array]] $modsec_disable_msgs = undef, - Optional[Variant[Hash, Array]] $modsec_disable_tags = undef, - $modsec_body_limit = undef, - $jk_mounts = undef, - Boolean $auth_kerb = false, - $krb_method_negotiate = 'on', - $krb_method_k5passwd = 'on', - $krb_authoritative = 'on', - $krb_auth_realms = [], - $krb_5keytab = undef, - $krb_local_user_mapping = undef, - $krb_verify_kdc = 'on', - $krb_servicename = 'HTTP', - $krb_save_credentials = 'off', - Optional[Enum['on', 'off']] $keepalive = undef, - $keepalive_timeout = undef, - $max_keepalive_requests = undef, - $cas_attribute_prefix = undef, - $cas_attribute_delimiter = undef, - $cas_root_proxied_as = undef, - $cas_scrub_request_headers = undef, - $cas_sso_enabled = undef, - $cas_login_url = undef, - $cas_validate_url = undef, - $cas_validate_saml = undef, - Optional[String] $shib_compat_valid_user = undef, - Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']] $use_canonical_name = undef, - Optional[Variant[String,Array[String]]] $comment = undef, -) { - - # The base class must be included first because it is used by parameter defaults - if ! defined(Class['apache']) { - fail('You must include the apache base class before using any apache defined resources') - } - - $apache_name = $::apache::apache_name - - if $rewrites { - unless empty($rewrites) { - $rewrites_flattened = delete_undef_values(flatten([$rewrites])) - assert_type(Array[Hash], $rewrites_flattened) - } - } - - # Input validation begins - - if $log_level { - apache::validate_apache_log_level($log_level) - } - - if $access_log_file and $access_log_pipe { - fail("Apache::Vhost[${name}]: 'access_log_file' and 'access_log_pipe' cannot be defined at the same time") - } - - if $error_log_file and $error_log_pipe { - fail("Apache::Vhost[${name}]: 'error_log_file' and 'error_log_pipe' cannot be defined at the same time") - } - - if $modsec_audit_log_file and $modsec_audit_log_pipe { - fail("Apache::Vhost[${name}]: 'modsec_audit_log_file' and 'modsec_audit_log_pipe' cannot be defined at the same time") - } - - # Input validation ends - - if $ssl and $ensure == 'present' { - include ::apache::mod::ssl - # Required for the AddType lines. - include ::apache::mod::mime - } - - if $auth_kerb and $ensure == 'present' { - include ::apache::mod::auth_kerb - } - - if $virtual_docroot { - include ::apache::mod::vhost_alias - } - - if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { - include ::apache::mod::wsgi - } - - if $suexec_user_group { - include ::apache::mod::suexec - } - - if $passenger_spawn_method or $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_max_requests or $passenger_start_timeout or $passenger_pre_start or $passenger_user or $passenger_group or $passenger_high_performance or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file { - include ::apache::mod::passenger - } - - # Configure the defaultness of a vhost - if $priority { - $priority_real = "${priority}-" - } elsif $priority == false { - $priority_real = '' - } elsif $default_vhost { - $priority_real = '10-' - } else { - $priority_real = '25-' - } - - ## Apache include does not always work with spaces in the filename - $filename = regsubst($name, ' ', '_', 'G') - - # This ensures that the docroot exists - # But enables it to be specified across multiple vhost resources - if $manage_docroot and $docroot and ! defined(File[$docroot]) { - file { $docroot: - ensure => directory, - owner => $docroot_owner, - group => $docroot_group, - mode => $docroot_mode, - require => Package['httpd'], - before => Concat["${priority_real}${filename}.conf"], - } - } - - # Same as above, but for logroot - if ! defined(File[$logroot]) { - file { $logroot: - ensure => $logroot_ensure, - owner => $logroot_owner, - group => $logroot_group, - mode => $logroot_mode, - require => Package['httpd'], - before => Concat["${priority_real}${filename}.conf"], - } - } - - # Is apache::mod::shib enabled (or apache::mod['shib2']) - $shibboleth_enabled = defined(Apache::Mod['shib2']) - - # Is apache::mod::cas enabled (or apache::mod['cas']) - $cas_enabled = defined(Apache::Mod['auth_cas']) - - if $access_log and !$access_logs { - $_access_logs = [{ - 'file' => $access_log_file, - 'pipe' => $access_log_pipe, - 'syslog' => $access_log_syslog, - 'format' => $access_log_format, - 'env' => $access_log_env_var - }] - } elsif $access_logs { - $_access_logs = $access_logs - } - - if $error_log_file { - if $error_log_file =~ /^\// { - # Absolute path provided - don't prepend $logroot - $error_log_destination = $error_log_file - } else { - $error_log_destination = "${logroot}/${error_log_file}" - } - } elsif $error_log_pipe { - $error_log_destination = $error_log_pipe - } elsif $error_log_syslog { - $error_log_destination = $error_log_syslog - } else { - if $ssl { - $error_log_destination = "${logroot}/${name}_error_ssl.log" - } else { - $error_log_destination = "${logroot}/${name}_error.log" - } - } - - if $modsec_audit_log == false { - $modsec_audit_log_destination = undef - } elsif $modsec_audit_log_file { - $modsec_audit_log_destination = "${logroot}/${modsec_audit_log_file}" - } elsif $modsec_audit_log_pipe { - $modsec_audit_log_destination = $modsec_audit_log_pipe - } elsif $modsec_audit_log { - if $ssl { - $modsec_audit_log_destination = "${logroot}/${name}_security_ssl.log" - } else { - $modsec_audit_log_destination = "${logroot}/${name}_security.log" - } - } else { - $modsec_audit_log_destination = undef - } - - - if $ip { - $_ip = any2array(enclose_ipv6($ip)) - if $port { - $_port = any2array($port) - $listen_addr_port = split(inline_template("<%= @_ip.product(@_port).map {|x| x.join(':') }.join(',')%>"), ',') - $nvh_addr_port = split(inline_template("<%= @_ip.product(@_port).map {|x| x.join(':') }.join(',')%>"), ',') - } else { - $listen_addr_port = undef - $nvh_addr_port = $_ip - if ! $servername and ! $ip_based { - fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters for name-based vhosts") - } - } - } else { - if $port { - $listen_addr_port = $port - $nvh_addr_port = prefix(any2array($port),"${vhost_name}:") - } else { - $listen_addr_port = undef - $nvh_addr_port = $name - if ! $servername and $servername != '' { - fail("Apache::Vhost[${name}]: must pass 'ip' and/or 'port' parameters, and/or 'servername' parameter") - } - } - } - - if $add_listen { - if $ip and defined(Apache::Listen[String($port)]) { - fail("Apache::Vhost[${name}]: Mixing IP and non-IP Listen directives is not possible; check the add_listen parameter of the apache::vhost define to disable this") - } - if $listen_addr_port and $ensure == 'present' { - ensure_resource('apache::listen', $listen_addr_port) - } - } - if ! $ip_based { - if $ensure == 'present' and (versioncmp($apache_version, '2.4') < 0) { - ensure_resource('apache::namevirtualhost', $nvh_addr_port) - } - } - - # Load mod_rewrite if needed and not yet loaded - if $rewrites or $rewrite_cond { - if ! defined(Class['apache::mod::rewrite']) { - include ::apache::mod::rewrite - } - } - - # Load mod_alias if needed and not yet loaded - if ($scriptalias or $scriptaliases != []) - or ($aliases and $aliases != []) - or ($redirect_source and $redirect_dest) - or ($redirectmatch_regexp or $redirectmatch_status or $redirectmatch_dest){ - if ! defined(Class['apache::mod::alias']) and ($ensure == 'present') { - include ::apache::mod::alias - } - } - - # Load mod_proxy if needed and not yet loaded - if ($proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match) { - if ! defined(Class['apache::mod::proxy']) { - include ::apache::mod::proxy - } - if ! defined(Class['apache::mod::proxy_http']) { - include ::apache::mod::proxy_http - } - } - - # Load mod_fastci if needed and not yet loaded - if $fastcgi_server and $fastcgi_socket { - if ! defined(Class['apache::mod::fastcgi']) { - include ::apache::mod::fastcgi - } - } - - # Check if mod_headers is required to process $headers/$request_headers - if $headers or $request_headers { - if ! defined(Class['apache::mod::headers']) { - include ::apache::mod::headers - } - } - - # Check if mod_filter is required to process $filters - if $filters { - if ! defined(Class['apache::mod::filter']) { - include ::apache::mod::filter - } - } - - # Check if mod_env is required and not yet loaded. - # create an expression to simplify the conditional check - $use_env_mod = $setenv and ! empty($setenv) - if ($use_env_mod) { - if ! defined(Class['apache::mod::env']) { - include ::apache::mod::env - } - } - # Check if mod_setenvif is required and not yet loaded. - # create an expression to simplify the conditional check - $use_setenvif_mod = ($setenvif and ! empty($setenvif)) or ($setenvifnocase and ! empty($setenvifnocase)) - - if ($use_setenvif_mod) { - if ! defined(Class['apache::mod::setenvif']) { - include ::apache::mod::setenvif - } - } - - ## Create a default directory list if none defined - if $directories { - $_directories = $directories - } elsif $docroot { - $_directory = { - provider => 'directory', - path => $docroot, - options => $options, - allow_override => $override, - directoryindex => $directoryindex, - } - - if versioncmp($apache_version, '2.4') >= 0 { - $_directory_version = { - require => 'all granted', - } - } else { - $_directory_version = { - order => 'allow,deny', - allow => 'from all', - } - } - - $_directories = [ merge($_directory, $_directory_version) ] - } else { - $_directories = undef - } - - ## Create a global LocationMatch if locations aren't defined - if $modsec_disable_ids { - if $modsec_disable_ids =~ Array { - $_modsec_disable_ids = { '.*' => $modsec_disable_ids } - } else { - $_modsec_disable_ids = $modsec_disable_ids - } - } - - if $modsec_disable_msgs { - if $modsec_disable_msgs =~ Array { - $_modsec_disable_msgs = { '.*' => $modsec_disable_msgs } - } else { - $_modsec_disable_msgs = $modsec_disable_msgs - } - } - - if $modsec_disable_tags { - if $modsec_disable_tags =~ Array { - $_modsec_disable_tags = { '.*' => $modsec_disable_tags } - } else { - $_modsec_disable_tags = $modsec_disable_tags - } - } - - concat { "${priority_real}${filename}.conf": - ensure => $ensure, - path => "${::apache::vhost_dir}/${priority_real}${filename}.conf", - owner => 'root', - group => $::apache::params::root_group, - mode => $::apache::file_mode, - order => 'numeric', - require => Package['httpd'], - notify => Class['apache::service'], - } - # NOTE(pabelanger): This code is duplicated in ::apache::vhost::custom and - # needs to be converted into something generic. - if $::apache::vhost_enable_dir { - $vhost_enable_dir = $::apache::vhost_enable_dir - $vhost_symlink_ensure = $ensure ? { - present => link, - default => $ensure, - } - file{ "${priority_real}${filename}.conf symlink": - ensure => $vhost_symlink_ensure, - path => "${vhost_enable_dir}/${priority_real}${filename}.conf", - target => "${::apache::vhost_dir}/${priority_real}${filename}.conf", - owner => 'root', - group => $::apache::params::root_group, - mode => $::apache::file_mode, - require => Concat["${priority_real}${filename}.conf"], - notify => Class['apache::service'], - } - } - - # Template uses: - # - $comment - # - $nvh_addr_port - # - $servername - # - $serveradmin - # - $protocols - # - $protocols_honor_order - # - $apache_version - concat::fragment { "${name}-apache-header": - target => "${priority_real}${filename}.conf", - order => 0, - content => template('apache/vhost/_file_header.erb'), - } - - # Template uses: - # - $virtual_docroot - # - $docroot - if $docroot { - concat::fragment { "${name}-docroot": - target => "${priority_real}${filename}.conf", - order => 10, - content => template('apache/vhost/_docroot.erb'), - } - } - - # Template uses: - # - $aliases - if $aliases and ! empty($aliases) { - concat::fragment { "${name}-aliases": - target => "${priority_real}${filename}.conf", - order => 20, - content => template('apache/vhost/_aliases.erb'), - } - } - - # Template uses: - # - $itk - # - $::kernelversion - if $itk and ! empty($itk) { - concat::fragment { "${name}-itk": - target => "${priority_real}${filename}.conf", - order => 30, - content => template('apache/vhost/_itk.erb'), - } - } - - # Template uses: - # - $fallbackresource - if $fallbackresource { - concat::fragment { "${name}-fallbackresource": - target => "${priority_real}${filename}.conf", - order => 40, - content => template('apache/vhost/_fallbackresource.erb'), - } - } - - # Template uses: - # - $allow_encoded_slashes - if $allow_encoded_slashes { - concat::fragment { "${name}-allow_encoded_slashes": - target => "${priority_real}${filename}.conf", - order => 50, - content => template('apache/vhost/_allow_encoded_slashes.erb'), - } - } - - # Template uses: - # - $_directories - # - $docroot - # - $apache_version - # - $suphp_engine - # - $shibboleth_enabled - if $_directories and ! empty($_directories) { - concat::fragment { "${name}-directories": - target => "${priority_real}${filename}.conf", - order => 60, - content => template('apache/vhost/_directories.erb'), - } - } - - # Template uses: - # - $additional_includes - if $additional_includes and ! empty($additional_includes) { - concat::fragment { "${name}-additional_includes": - target => "${priority_real}${filename}.conf", - order => 70, - content => template('apache/vhost/_additional_includes.erb'), - } - } - - # Template uses: - # - $error_log - # - $log_level - # - $error_log_destination - # - $log_level - if $error_log or $log_level { - concat::fragment { "${name}-logging": - target => "${priority_real}${filename}.conf", - order => 80, - content => template('apache/vhost/_logging.erb'), - } - } - - # Template uses no variables - concat::fragment { "${name}-serversignature": - target => "${priority_real}${filename}.conf", - order => 90, - content => template('apache/vhost/_serversignature.erb'), - } - - # Template uses: - # - $access_log - # - $_access_log_env_var - # - $access_log_destination - # - $_access_log_format - # - $_access_log_env_var - # - $access_logs - if $access_log or $access_logs { - concat::fragment { "${name}-access_log": - target => "${priority_real}${filename}.conf", - order => 100, - content => template('apache/vhost/_access_log.erb'), - } - } - - # Template uses: - # - $action - if $action { - concat::fragment { "${name}-action": - target => "${priority_real}${filename}.conf", - order => 110, - content => template('apache/vhost/_action.erb'), - } - } - - # Template uses: - # - $block - # - $apache_version - if $block and ! empty($block) { - concat::fragment { "${name}-block": - target => "${priority_real}${filename}.conf", - order => 120, - content => template('apache/vhost/_block.erb'), - } - } - - # Template uses: - # - $error_documents - if $error_documents and ! empty($error_documents) { - concat::fragment { "${name}-error_document": - target => "${priority_real}${filename}.conf", - order => 130, - content => template('apache/vhost/_error_document.erb'), - } - } - - # Template uses: - # - $headers - if $headers and ! empty($headers) { - concat::fragment { "${name}-header": - target => "${priority_real}${filename}.conf", - order => 140, - content => template('apache/vhost/_header.erb'), - } - } - - # Template uses: - # - $request_headers - if $request_headers and ! empty($request_headers) { - concat::fragment { "${name}-requestheader": - target => "${priority_real}${filename}.conf", - order => 150, - content => template('apache/vhost/_requestheader.erb'), - } - } - - # Template uses: - # - $proxy_dest - # - $proxy_pass - # - $proxy_pass_match - # - $proxy_preserve_host - # - $proxy_add_headers - # - $no_proxy_uris - if $proxy_dest or $proxy_pass or $proxy_pass_match or $proxy_dest_match or $proxy_preserve_host { - concat::fragment { "${name}-proxy": - target => "${priority_real}${filename}.conf", - order => 160, - content => template('apache/vhost/_proxy.erb'), - } - } - - # Template uses: - # - $redirect_source - # - $redirect_dest - # - $redirect_status - # - $redirect_dest_a - # - $redirect_source_a - # - $redirect_status_a - # - $redirectmatch_status - # - $redirectmatch_regexp - # - $redirectmatch_dest - # - $redirectmatch_status_a - # - $redirectmatch_regexp_a - # - $redirectmatch_dest - if ($redirect_source and $redirect_dest) or ($redirectmatch_regexp and $redirectmatch_dest) { - concat::fragment { "${name}-redirect": - target => "${priority_real}${filename}.conf", - order => 180, - content => template('apache/vhost/_redirect.erb'), - } - } - - # Template uses: - # - $rewrites - # - $rewrite_base - # - $rewrite_rule - # - $rewrite_cond - # - $rewrite_map - if $rewrites or $rewrite_rule { - concat::fragment { "${name}-rewrite": - target => "${priority_real}${filename}.conf", - order => 190, - content => template('apache/vhost/_rewrite.erb'), - } - } - - # Template uses: - # - $scriptaliases - # - $scriptalias - if ( $scriptalias or $scriptaliases != [] ) { - concat::fragment { "${name}-scriptalias": - target => "${priority_real}${filename}.conf", - order => 200, - content => template('apache/vhost/_scriptalias.erb'), - } - } - - # Template uses: - # - $serveraliases - if $serveraliases and ! empty($serveraliases) { - concat::fragment { "${name}-serveralias": - target => "${priority_real}${filename}.conf", - order => 210, - content => template('apache/vhost/_serveralias.erb'), - } - } - - # Template uses: - # - $setenv - # - $setenvif - if ($use_env_mod or $use_setenvif_mod) { - concat::fragment { "${name}-setenv": - target => "${priority_real}${filename}.conf", - order => 220, - content => template('apache/vhost/_setenv.erb'), - } - } - - # Template uses: - # - $ssl - # - $ssl_cert - # - $ssl_key - # - $ssl_chain - # - $ssl_certs_dir - # - $ssl_ca - # - $ssl_crl_path - # - $ssl_crl - # - $ssl_crl_check - # - $ssl_protocol - # - $ssl_cipher - # - $ssl_honorcipherorder - # - $ssl_verify_client - # - $ssl_verify_depth - # - $ssl_options - # - $ssl_openssl_conf_cmd - # - $ssl_stapling - # - $apache_version - if $ssl { - concat::fragment { "${name}-ssl": - target => "${priority_real}${filename}.conf", - order => 230, - content => template('apache/vhost/_ssl.erb'), - } - } - - # Template uses: - # - $ssl_proxyengine - # - $ssl_proxy_verify - # - $ssl_proxy_verify_depth - # - $ssl_proxy_ca_cert - # - $ssl_proxy_check_peer_cn - # - $ssl_proxy_check_peer_name - # - $ssl_proxy_check_peer_expire - # - $ssl_proxy_machine_cert - # - $ssl_proxy_protocol - if $ssl_proxyengine { - concat::fragment { "${name}-sslproxy": - target => "${priority_real}${filename}.conf", - order => 230, - content => template('apache/vhost/_sslproxy.erb'), - } - } - - # Template uses: - # - $auth_kerb - # - $krb_method_negotiate - # - $krb_method_k5passwd - # - $krb_authoritative - # - $krb_auth_realms - # - $krb_5keytab - # - $krb_local_user_mapping - if $auth_kerb { - concat::fragment { "${name}-auth_kerb": - target => "${priority_real}${filename}.conf", - order => 230, - content => template('apache/vhost/_auth_kerb.erb'), - } - } - - # Template uses: - # - $suphp_engine - # - $suphp_addhandler - # - $suphp_configpath - if $suphp_engine == 'on' { - concat::fragment { "${name}-suphp": - target => "${priority_real}${filename}.conf", - order => 240, - content => template('apache/vhost/_suphp.erb'), - } - } - - # Template uses: - # - $php_values - # - $php_flags - if ($php_values and ! empty($php_values)) or ($php_flags and ! empty($php_flags)) { - concat::fragment { "${name}-php": - target => "${priority_real}${filename}.conf", - order => 240, - content => template('apache/vhost/_php.erb'), - } - } - - # Template uses: - # - $php_admin_values - # - $php_admin_flags - if ($php_admin_values and ! empty($php_admin_values)) or ($php_admin_flags and ! empty($php_admin_flags)) { - concat::fragment { "${name}-php_admin": - target => "${priority_real}${filename}.conf", - order => 250, - content => template('apache/vhost/_php_admin.erb'), - } - } - - # Template uses: - # - $wsgi_application_group - # - $wsgi_daemon_process - # - $wsgi_daemon_process_options - # - $wsgi_import_script - # - $wsgi_import_script_options - # - $wsgi_process_group - # - $wsgi_script_aliases - # - $wsgi_pass_authorization - if $wsgi_application_group or $wsgi_daemon_process or ($wsgi_import_script and $wsgi_import_script_options) or $wsgi_process_group or ($wsgi_script_aliases and ! empty($wsgi_script_aliases)) or $wsgi_pass_authorization { - concat::fragment { "${name}-wsgi": - target => "${priority_real}${filename}.conf", - order => 260, - content => template('apache/vhost/_wsgi.erb'), - } - } - - # Template uses: - # - $custom_fragment - if $custom_fragment { - concat::fragment { "${name}-custom_fragment": - target => "${priority_real}${filename}.conf", - order => 270, - content => template('apache/vhost/_custom_fragment.erb'), - } - } - - # Template uses: - # - $fastcgi_server - # - $fastcgi_socket - # - $fastcgi_dir - # - $fastcgi_idle_timeout - # - $apache_version - if $fastcgi_server or $fastcgi_dir { - concat::fragment { "${name}-fastcgi": - target => "${priority_real}${filename}.conf", - order => 280, - content => template('apache/vhost/_fastcgi.erb'), - } - } - - # Template uses: - # - $suexec_user_group - if $suexec_user_group { - concat::fragment { "${name}-suexec": - target => "${priority_real}${filename}.conf", - order => 290, - content => template('apache/vhost/_suexec.erb'), - } - } - - if $h2_copy_files != undef or $h2_direct != undef or $h2_early_hints != undef or $h2_max_session_streams != undef or $h2_modern_tls_only != undef or $h2_push != undef or $h2_push_diary_size != undef or $h2_push_priority != [] or $h2_push_resource != [] or $h2_serialize_headers != undef or $h2_stream_max_mem_size != undef or $h2_tls_cool_down_secs != undef or $h2_tls_warm_up_size != undef or $h2_upgrade != undef or $h2_window_size != undef { - include ::apache::mod::http2 - - concat::fragment { "${name}-http2": - target => "${priority_real}${filename}.conf", - order => 300, - content => template('apache/vhost/_http2.erb'), - } - } - - # Template uses: - # - $passenger_spawn_method - # - $passenger_app_root - # - $passenger_app_env - # - $passenger_ruby - # - $passenger_min_instances - # - $passenger_max_requests - # - $passenger_start_timeout - # - $passenger_user - # - $passenger_group - # - $passenger_nodejs - # - $passenger_sticky_sessions - # - $passenger_startup_file - if $passenger_spawn_method or $passenger_app_root or $passenger_app_env or $passenger_ruby or $passenger_min_instances or $passenger_start_timeout or $passenger_user or $passenger_group or $passenger_nodejs or $passenger_sticky_sessions or $passenger_startup_file{ - concat::fragment { "${name}-passenger": - target => "${priority_real}${filename}.conf", - order => 300, - content => template('apache/vhost/_passenger.erb'), - } - } - - # Template uses: - # - $add_default_charset - if $add_default_charset { - concat::fragment { "${name}-charsets": - target => "${priority_real}${filename}.conf", - order => 310, - content => template('apache/vhost/_charsets.erb'), - } - } - - # Template uses: - # - $modsec_disable_vhost - # - $modsec_disable_ids - # - $modsec_disable_ips - # - $modsec_disable_msgs - # - $modsec_disable_tags - # - $modsec_body_limit - # - $modsec_audit_log_destination - if $modsec_disable_vhost or $modsec_disable_ids or $modsec_disable_ips or $modsec_disable_msgs or $modsec_disable_tags or $modsec_audit_log_destination { - concat::fragment { "${name}-security": - target => "${priority_real}${filename}.conf", - order => 320, - content => template('apache/vhost/_security.erb'), - } - } - - # Template uses: - # - $filters - if $filters and ! empty($filters) { - concat::fragment { "${name}-filters": - target => "${priority_real}${filename}.conf", - order => 330, - content => template('apache/vhost/_filters.erb'), - } - } - - # Template uses: - # - $jk_mounts - if $jk_mounts and ! empty($jk_mounts) { - concat::fragment { "${name}-jk_mounts": - target => "${priority_real}${filename}.conf", - order => 340, - content => template('apache/vhost/_jk_mounts.erb'), - } - } - - # Template uses: - # - $keepalive - # - $keepalive_timeout - # - $max_keepalive_requests - if $keepalive or $keepalive_timeout or $max_keepalive_requests { - concat::fragment { "${name}-keepalive_options": - target => "${priority_real}${filename}.conf", - order => 350, - content => template('apache/vhost/_keepalive_options.erb'), - } - } - - # Template uses: - # - $cas_* - if $cas_enabled { - concat::fragment { "${name}-auth_cas": - target => "${priority_real}${filename}.conf", - order => 350, - content => template('apache/vhost/_auth_cas.erb'), - } - } - - # Template uses: - # - $http_protocol_options - if $http_protocol_options { - concat::fragment { "${name}-http_protocol_options": - target => "${priority_real}${filename}.conf", - order => 350, - content => template('apache/vhost/_http_protocol_options.erb'), - } - } - - # Template uses: - # - $shib_compat_valid_user - if $shibboleth_enabled { - concat::fragment { "${name}-shibboleth": - target => "${priority_real}${filename}.conf", - order => 370, - content => template('apache/vhost/_shib.erb'), - } - } - - # - $use_canonical_name - if $use_canonical_name { - concat::fragment { "${name}-use_canonical_name": - target => "${priority_real}${filename}.conf", - order => 360, - content => template('apache/vhost/_use_canonical_name.erb'), - } - } - - # Template uses no variables - concat::fragment { "${name}-file_footer": - target => "${priority_real}${filename}.conf", - order => 999, - content => template('apache/vhost/_file_footer.erb'), - } -} diff --git a/puppet/modules/apache/manifests/vhost/custom.pp b/puppet/modules/apache/manifests/vhost/custom.pp deleted file mode 100644 index cfb06c2..0000000 --- a/puppet/modules/apache/manifests/vhost/custom.pp +++ /dev/null @@ -1,40 +0,0 @@ -# See README.md for usage information -define apache::vhost::custom( - $content, - $ensure = 'present', - $priority = '25', - $verify_config = true, -) { - include ::apache - - ## Apache include does not always work with spaces in the filename - $filename = regsubst($name, ' ', '_', 'G') - - ::apache::custom_config { $filename: - ensure => $ensure, - confdir => $::apache::vhost_dir, - content => $content, - priority => $priority, - verify_config => $verify_config, - } - - # NOTE(pabelanger): This code is duplicated in ::apache::vhost and needs to - # converted into something generic. - if $::apache::vhost_enable_dir { - $vhost_symlink_ensure = $ensure ? { - present => link, - default => $ensure, - } - - file { "${priority}-${filename}.conf symlink": - ensure => $vhost_symlink_ensure, - path => "${::apache::vhost_enable_dir}/${priority}-${filename}.conf", - target => "${::apache::vhost_dir}/${priority}-${filename}.conf", - owner => 'root', - group => $::apache::params::root_group, - mode => $::apache::file_mode, - require => Apache::Custom_config[$filename], - notify => Class['apache::service'], - } - } -} diff --git a/puppet/modules/apache/manifests/vhosts.pp b/puppet/modules/apache/manifests/vhosts.pp deleted file mode 100644 index cf212c4..0000000 --- a/puppet/modules/apache/manifests/vhosts.pp +++ /dev/null @@ -1,6 +0,0 @@ -class apache::vhosts ( - $vhosts = {}, -) { - include ::apache - create_resources('apache::vhost', $vhosts) -} diff --git a/puppet/modules/apache/metadata.json b/puppet/modules/apache/metadata.json deleted file mode 100644 index 43db798..0000000 --- a/puppet/modules/apache/metadata.json +++ /dev/null @@ -1,86 +0,0 @@ -{ - "name": "puppetlabs-apache", - "version": "4.1.0", - "author": "puppetlabs", - "summary": "Installs, configures, and manages Apache virtual hosts, web services, and modules.", - "license": "Apache-2.0", - "source": "git://github.com/puppetlabs/puppetlabs-apache.git", - "project_page": "https://github.com/puppetlabs/puppetlabs-apache", - "issues_url": "https://tickets.puppetlabs.com/browse/MODULES", - "dependencies": [ - { - "name": "puppetlabs/stdlib", - "version_requirement": ">= 4.13.1 < 6.0.0" - }, - { - "name": "puppetlabs/concat", - "version_requirement": ">= 2.2.1 < 6.0.0" - } - ], - "data_provider": null, - "operatingsystem_support": [ - { - "operatingsystem": "RedHat", - "operatingsystemrelease": [ - "5", - "6", - "7" - ] - }, - { - "operatingsystem": "CentOS", - "operatingsystemrelease": [ - "5", - "6", - "7" - ] - }, - { - "operatingsystem": "OracleLinux", - "operatingsystemrelease": [ - "6", - "7" - ] - }, - { - "operatingsystem": "Scientific", - "operatingsystemrelease": [ - "6", - "7" - ] - }, - { - "operatingsystem": "Debian", - "operatingsystemrelease": [ - "8", - "9" - ] - }, - { - "operatingsystem": "SLES", - "operatingsystemrelease": [ - "11 SP1", - "12", - "15" - ] - }, - { - "operatingsystem": "Ubuntu", - "operatingsystemrelease": [ - "14.04", - "16.04", - "18.04" - ] - } - ], - "requirements": [ - { - "name": "puppet", - "version_requirement": ">= 4.7.0 < 7.0.0" - } - ], - "description": "Module for Apache configuration", - "pdk-version": "1.9.0", - "template-url": "https://github.com/puppetlabs/pdk-templates", - "template-ref": "heads/master-0-g615413e" -} diff --git a/puppet/modules/apache/readmes/README_ja_JP.md b/puppet/modules/apache/readmes/README_ja_JP.md deleted file mode 100644 index 958b839..0000000 --- a/puppet/modules/apache/readmes/README_ja_JP.md +++ /dev/null @@ -1,5753 +0,0 @@ -# apache - -[モジュールの概要]: #module-description - -[セットアップ]: #setup -[Apacheの使用を始める]: #beginning-with-apache - -[使用方法]: #usage -[バーチャルホストの設定]: #configuring-virtual-hosts -[SSLを使ったバーチャルホストの設定]: #configuring-virtual-hosts-with-ssl -[バーチャルホストのポートおよびアドレスのバインディング設定]: #configuring-virtual-host-port-and-address-bindings -[アプリおよびプロセッサのバーチャルホストの設定]: #configuring-virtual-hosts-for-apps-and-processors -[IPベースのバーチャルホストの設定]: #configuring-ip-based-virtual-hosts -[Apacheモジュールのインストール]: #installing-apache-modules -[任意モジュールのインストール]: #installing-arbitrary-modules -[固有モジュールのインストール]: #installing-specific-modules -[FastCGIサーバの設定]: #configuring-fastcgi-servers-to-handle-php-files -[ロードバランシングの例]: #load-balancing-examples -[apacheの影響]: #what-the-apache-module-affects - -[リファレンス]: #reference -[パブリッククラス]: #public-classes -[プライベートクラス]: #private-classes -[パブリック定義タイプ]: #public-defined-types -[プライベート定義タイプ]: #private-defined-types -[テンプレート]: #templates -[タスク]: #tasks - -[制約事項]: #limitations - -[開発]: #development -[貢献]: #contributing - -[`AddDefaultCharset`]: https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset -[`add_listen`]: #add_listen -[`Alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#alias -[`AliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#aliasmatch -[エイリアスサーバ]: https://httpd.apache.org/docs/current/urlmapping.html -[`AllowEncodedSlashes`]: https://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes -[`apache`]: #class-apache -[`apache_version`]: #apache_version -[`apache::balancer`]: #defined-type-apachebalancer -[`apache::balancermember`]: #defined-type-apachebalancermember -[`apache::fastcgi::server`]: #defined-type-apachefastcgiserver -[`apache::mod`]: #defined-type-apachemod -[`apache::mod::`]: #classes-apachemodmodule-name -[`apache::mod::alias`]: #class-apachemodalias -[`apache::mod::auth_cas`]: #class-apachemodauth_cas -[`apache::mod::auth_mellon`]: #class-apachemodauth_mellon -[`apache::mod::authn_dbd`]: #class-apachemodauthn_dbd -[`apache::mod::authnz_ldap`]: #class-apachemodauthnz_ldap -[`apache::mod::cluster`]: #class-apachemodcluster -[`apache::mod::data]: #class-apachemoddata -[`apache::mod::disk_cache`]: #class-apachemoddisk_cache -[`apache::mod::dumpio`]: #class-apachemoddumpio -[`apache::mod::event`]: #class-apachemodevent -[`apache::mod::ext_filter`]: #class-apachemodext_filter -[`apache::mod::geoip`]: #class-apachemodgeoip -[`apache::mod::itk`]: #class-apachemoditk -[`apache::mod::jk`]: #class-apachemodjk -[`apache::mod::ldap`]: #class-apachemodldap -[`apache::mod::passenger`]: #class-apachemodpassenger -[`apache::mod::peruser`]: #class-apachemodperuser -[`apache::mod::prefork`]: #class-apachemodprefork -[`apache::mod::proxy`]: #class-apachemodproxy -[`apache::mod::proxy_balancer`]: #class-apachemodproxybalancer -[`apache::mod::proxy_fcgi`]: #class-apachemodproxy_fcgi -[`apache::mod::proxy_html`]: #class-apachemodproxy_html -[`apache::mod::python`]: #class-apachemodpython -[`apache::mod::security`]: #class-apachemodsecurity -[`apache::mod::shib`]: #class-apachemodshib -[`apache::mod::ssl`]: #class-apachemodssl -[`apache::mod::status`]: #class-apachemodstatus -[`apache::mod::userdir`]: #class-apachemoduserdir -[`apache::mod::worker`]: #class-apachemodworker -[`apache::mod::wsgi`]: #class-apachemodwsgi -[`apache::params`]: #class-apacheparams -[`apache::version`]: #class-apacheversion -[`apache::vhost`]: #defined-type-apachevhost -[`apache::vhost::custom`]: #defined-type-apachevhostcustom -[`apache::vhost::WSGIImportScript`]: #wsgiimportscript -[Apache HTTPサーバ]: https://httpd.apache.org -[Apacheモジュール]: https://httpd.apache.org/docs/current/mod/ -[配列]: https://docs.puppet.com/puppet/latest/reference/lang_data_array.html - -[オーディットログ]: https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats#audit-log - -[beaker-rspec]: https://github.com/puppetlabs/beaker-rspec - -[証明書失効リスト]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationfile -[証明書失効リストパス]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationpath -[コモンゲートウェイインターフェース]: https://httpd.apache.org/docs/current/howto/cgi.html -[`confd_dir`]: #confd_dir -[`content`]: #content -[CONTRIBUTING.md]: CONTRIBUTING.md -[カスタムエラードキュメント]: https://httpd.apache.org/docs/current/custom-error.html -[`custom_fragment`]: #custom_fragment - -[`default_mods`]: #default_mods -[`default_ssl_crl`]: #default_ssl_crl -[`default_ssl_crl_path`]: #default_ssl_crl_path -[`default_ssl_vhost`]: #default_ssl_vhost -[`dev_packages`]: #dev_packages -[`directory`]: #directory -[`directories`]: #parameter-directories-for-apachevhost -[`DirectoryIndex`]: https://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex -[`docroot`]: #docroot -[`docroot_owner`]: #docroot_owner -[`docroot_group`]: #docroot_group -[`DocumentRoot`]: https://httpd.apache.org/docs/current/mod/core.html#documentroot - -[`EnableSendfile`]: https://httpd.apache.org/docs/current/mod/core.html#enablesendfile -[適用モード]: http://selinuxproject.org/page/Guide/Mode -[`ensure`]: https://docs.puppet.com/latest/type.html#package-attribute-ensure -[`error_log_file`]: #error_log_file -[`error_log_syslog`]: #error_log_syslog -[`error_log_pipe`]: #error_log_pipe -[`ExpiresByType`]: https://httpd.apache.org/docs/current/mod/mod_expires.html#expiresbytype -[エクスポートリソース]: http://docs.puppet.com/latest/reference/lang_exported.md -[`ExtendedStatus`]: https://httpd.apache.org/docs/current/mod/core.html#extendedstatus - -[Facter]: http://docs.puppet.com/facter/ -[FastCGI]: http://www.fastcgi.com/ -[FallbackResource]: https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource -[`fallbackresource`]: #fallbackresource -[`FileETag`]: https://httpd.apache.org/docs/current/mod/core.html#fileetag -[フィルタルール]: https://httpd.apache.org/docs/current/filter.html -[`filters`]: #filters -[`ForceType`]: https://httpd.apache.org/docs/current/mod/core.html#forcetype - -[GeoIPScanProxyHeaders]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Proxy-Related_Directives -[`gentoo/puppet-portage`]: https://github.com/gentoo/puppet-portage - -[ハッシュ]: https://docs.puppet.com/puppet/latest/reference/lang_data_hash.html -[`HttpProtocolOptions`]: http://httpd.apache.org/docs/current/mod/core.html#httpprotocoloptions - -[`IncludeOptional`]: https://httpd.apache.org/docs/current/mod/core.html#includeoptional -[`Include`]: https://httpd.apache.org/docs/current/mod/core.html#include -[インターバル構文]: https://httpd.apache.org/docs/current/mod/mod_expires.html#AltSyn -[`ip`]: #ip -[`ip_based`]: #ip_based -[IPベースのバーチャルホスト]: https://httpd.apache.org/docs/current/vhosts/ip-based.html - -[`KeepAlive`]: https://httpd.apache.org/docs/current/mod/core.html#keepalive -[`KeepAliveTimeout`]: https://httpd.apache.org/docs/current/mod/core.html#keepalivetimeout -[`keepalive`パラメータ]: #keepalive -[`keepalive_timeout`]: #keepalive_timeout -[`limitreqfieldsize`]: https://httpd.apache.org/docs/current/mod/core.html#limitrequestfieldsize -[`limitreqfields`]: http://httpd.apache.org/docs/current/mod/core.html#limitrequestfields - -[`lib`]: #lib -[`lib_path`]: #lib_path -[`Listen`]: https://httpd.apache.org/docs/current/bind.html -[`ListenBackLog`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#listenbacklog -[`LoadFile`]: https://httpd.apache.org/docs/current/mod/mod_so.html#loadfile -[`LogFormat`]: https://httpd.apache.org/docs/current/mod/mod_log_config.html#logformat -[`logroot`]: #logroot -[ログセキュリティ]: https://httpd.apache.org/docs/current/logs.html#security - -[`manage_docroot`]: #manage_docroot -[`manage_user`]: #manage_user -[`manage_group`]: #manage_group -[`supplementary_groups`]: #supplementary_groups -[`MaxConnectionsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxconnectionsperchild -[`max_keepalive_requests`]: #max_keepalive_requests -[`MaxRequestWorkers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxrequestworkers -[`MaxSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#maxsparethreads -[MIME `content-type`]: https://www.iana.org/assignments/media-types/media-types.xhtml -[`MinSpareThreads`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#minsparethreads -[`mod_alias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html -[`mod_auth_cas`]: https://github.com/Jasig/mod_auth_cas -[`mod_auth_kerb`]: http://modauthkerb.sourceforge.net/configure.html -[`mod_auth_gssapi`]: https://github.com/modauthgssapi/mod_auth_gssapi -[`mod_authnz_external`]: https://github.com/phokz/mod-auth-external -[`mod_auth_dbd`]: http://httpd.apache.org/docs/current/mod/mod_authn_dbd.html -[`mod_auth_mellon`]: https://github.com/UNINETT/mod_auth_mellon -[`mod_dbd`]: http://httpd.apache.org/docs/current/mod/mod_dbd.html -[`mod_disk_cache`]: https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html -[`mod_dumpio`]: https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html -[`mod_env`]: http://httpd.apache.org/docs/current/mod/mod_env.html -[`mod_expires`]: https://httpd.apache.org/docs/current/mod/mod_expires.html -[`mod_ext_filter`]: https://httpd.apache.org/docs/current/mod/mod_ext_filter.html -[`mod_fcgid`]: https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html -[`mod_geoip`]: http://dev.maxmind.com/geoip/legacy/mod_geoip2/ -[`mod_info`]: https://httpd.apache.org/docs/current/mod/mod_info.html -[`mod_ldap`]: https://httpd.apache.org/docs/2.2/mod/mod_ldap.html -[`mod_mpm_event`]: https://httpd.apache.org/docs/current/mod/event.html -[`mod_negotiation`]: https://httpd.apache.org/docs/current/mod/mod_negotiation.html -[`mod_pagespeed`]: https://developers.google.com/speed/pagespeed/module/?hl=en -[`mod_passenger`]: https://www.phusionpassenger.com/library/config/apache/reference/ -[`mod_php`]: http://php.net/manual/en/book.apache.php -[`mod_proxy`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html -[`mod_proxy_balancer`]: https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html -[`mod_reqtimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html -[`mod_python`]: http://modpython.org/ -[`mod_rewrite`]: https://httpd.apache.org/docs/current/mod/mod_rewrite.html -[`mod_security`]: https://www.modsecurity.org/ -[`mod_ssl`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html -[`mod_status`]: https://httpd.apache.org/docs/current/mod/mod_status.html -[`mod_version`]: https://httpd.apache.org/docs/current/mod/mod_version.html -[`mod_wsgi`]: https://modwsgi.readthedocs.org/en/latest/ -[モジュール貢献ガイド]: https://docs.puppet.com/forge/contributing.html -[`mpm_module`]: #mpm_module -[マルチプロセッシングモジュール]: https://httpd.apache.org/docs/current/mpm.html - -[名前ベースのバーチャルホスト]: https://httpd.apache.org/docs/current/vhosts/name-based.html -[`no_proxy_uris`]: #no_proxy_uris - -[オープンソース版Puppet]: https://docs.puppet.com/puppet/ -[`Options`]: https://httpd.apache.org/docs/current/mod/core.html#options - -[`path`]: #path -[`Peruser`]: https://www.freebsd.org/cgi/url.cgi?ports/www/apache22-peruser-mpm/pkg-descr -[`port`]: #port -[`priority`]: #defined-types-apachevhost -[`proxy_dest`]: #proxy_dest -[`proxy_dest_match`]: #proxy_dest_match -[`proxy_pass`]: #proxy_pass -[`ProxyPass`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass -[`ProxySet`]: https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset -[Puppet Enterprise]: https://docs.puppet.com/pe/ -[Puppet Forge]: https://forge.puppet.com -[Puppet]: https://puppet.com -[Puppetモジュール]: https://docs.puppet.com/puppet/latest/reference/modules_fundamentals.html -[Puppetモジュールのコード]: https://github.com/puppetlabs/puppetlabs-apache/blob/master/manifests/default_mods.pp -[`purge_configs`]: #purge_configs -[`purge_vhost_dir`]: #purge_vhost_dir -[Python]: https://www.python.org/ - -[Rack]: http://rack.github.io/ -[`rack_base_uris`]: #rack_base_uris -[RFC 2616]: https://www.ietf.org/rfc/rfc2616.txt -[`RequestReadTimeout`]: https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html#requestreadtimeout -[rspec-puppet]: http://rspec-puppet.com/ - -[`ScriptAlias`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptalias -[`ScriptAliasMatch`]: https://httpd.apache.org/docs/current/mod/mod_alias.html#scriptaliasmatch -[`scriptalias`]: #scriptalias -[SELinux]: http://selinuxproject.org/ -[`ServerAdmin`]: https://httpd.apache.org/docs/current/mod/core.html#serveradmin -[`serveraliases`]: #serveraliases -[`ServerLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#serverlimit -[`ServerName`]: https://httpd.apache.org/docs/current/mod/core.html#servername -[`ServerRoot`]: https://httpd.apache.org/docs/current/mod/core.html#serverroot -[`ServerTokens`]: https://httpd.apache.org/docs/current/mod/core.html#servertokens -[`ServerSignature`]: https://httpd.apache.org/docs/current/mod/core.html#serversignature -[サービス属性リスタート]: http://docs.puppet.com/latest/type.html#service-attribute-restart -[`source`]: #source -[`SSLCARevocationCheck`]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck -[SSL証明書のキーファイル]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatekeyfile -[SSLチェーン]: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainfile -[SSL暗号化]: https://httpd.apache.org/docs/current/ssl/index.html -[`ssl`]: #ssl -[`ssl_cert`]: #ssl_cert -[`ssl_compression`]: #ssl_compression -[`ssl_key`]: #ssl_key -[`StartServers`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#startservers -[suPHP]: http://www.suphp.org/Home.html -[`suphp_addhandler`]: #suphp_addhandler -[`suphp_configpath`]: #suphp_configpath -[`suphp_engine`]: #suphp_engine -[対応するオペレーティングシステム]: https://forge.puppet.com/supported#puppet-supported-modules-compatibility-matrix - -[`ThreadLimit`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadlimit -[`ThreadsPerChild`]: https://httpd.apache.org/docs/current/mod/mpm_common.html#threadsperchild -[`TimeOut`]: https://httpd.apache.org/docs/current/mod/core.html#timeout -[テンプレート]: http://docs.puppet.com/puppet/latest/reference/lang_template.html -[`TraceEnable`]: https://httpd.apache.org/docs/current/mod/core.html#traceenable - -[`UseCanonicalName`]: https://httpd.apache.org/docs/current/mod/core.html#usecanonicalname - -[`verify_config`]: #verify_config -[`vhost`]: #defined-type-apachevhost -[`vhost_dir`]: #vhost_dir -[`virtual_docroot`]: #virtual_docroot - -[Webサーバゲートウェイインターフェース ]: https://www.python.org/dev/peps/pep-3333/#abstract -[`WSGIRestrictEmbedded`]: http://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIRestrictEmbedded.html -[`WSGIPythonPath`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonPath.html -[`WSGIPythonHome`]: http://modwsgi.readthedocs.org/en/develop/configuration-directives/WSGIPythonHome.html - -#### 目次 - -1. [モジュールの概要 - apacheモジュールとは? 何をするためのもの?][モジュールの概要] -2. [セットアップ - apacheの使用を開始するにあたっての基礎][セットアップ] - - [apacheモジュールが影響を与えるもの][apacheの影響] - - [Apacheの使用を始める - インストール][Apacheの使用を始める] -3. [使用方法 - 設定に使用できるクラスと定義タイプ][使用方法] - - [バーチャルホストの設定 - 使用開始に役立つ例][バーチャルホストの設定] - - [PHPファイルを処理するFastCGIサーバの設定][FastCGIサーバの設定] - - [エクスポートおよび非エクスポートリソースのロードバランシング][ロードバランシングの例] -4. [リファレンス - モジュールの機能と動作について][リファレンス] - - [パブリッククラス][] - - [プライベートクラス][] - - [パブリック定義タイプ][] - - [プライベート定義タイプ][] - - [テンプレート][] - - [タスク][] -5. [制約事項 - OSの互換性など][制約事項] -6. [開発 - モジュールへの貢献方法][開発] - - [apacheモジュールへの貢献][貢献] - - [テストの実施 - クイックガイド][テストの実施] - - -## モジュールの概要 - -[Apache HTTPサーバ][] (Apache HTTPD、あるいは単にApacheとも呼ばれます)は、広く使用されているWebサーバです。この[Puppetモジュール][]によって、インフラ内でApacheを管理するための設定がシンプルなものになります。幅広いバーチャルホストセットアップを設定および管理し、[Apacheモジュール][]を効率的にインストールして設定することができます。 - - -## セットアップ - - -### apacheモジュールが影響を与えるもの: - -- (作成し、書き込みを行う)設定ファイルおよびディレクトリ - - **警告**: Puppetにより管理*されていない*設定はパージされます。 -- Apacheのパッケージ/サービス/設定ファイル -- Apacheモジュール -- バーチャルホスト -- リッスンするポート -- FreeBSDおよびGentooの`/etc/make.conf` - -Gentooでは、このモジュールは [`gentoo/puppet-portage`][] Puppetモジュールに依存します。Gentooについては、いくつかのオプションが適用され、一部の機能や設定が有効になりますが、このモジュールに[対応するオペレーティングシステム][]ではない点に留意してください。 - -> **警告**: このモジュールにより、Apache設定ファイルおよびディレクトリが修正され、Puppetで管理されていない設定がパージされます。Apache設定はPuppetで管理する必要があります。これは、管理されていない設定ファイルにより、予期せぬ不具合が生じる可能性があるためです。 -> ->全面的なPuppet管理を一時的に無効にするには、[`apache`][]クラス宣言の[`purge_configs`][]パラメータをfalseに設定します。この手順は、カスタマイズした設定を保存し、リロケーションするための一時的な対策としてのみ推奨されます。 - - -### Apacheの使用を始める - -デフォルトパラメータを用いてPuppetでApacheをインストールするには、[`apache`][]クラスを宣言します。 - -``` puppet -class { 'apache': } -``` - -デフォルトオプションを用いてこのクラスを宣言すると、モジュールでは以下のことが実行されます。 - -- オペレーティングシステムに適したApacheソフトウェアパッケージおよび[必要なApacheモジュール](#default_mods)をインストールします。 -- オペレーティングシステムに応じた[デフォルトロケーション](#conf_dir)を用いて、ディレクトリ内に必要な設定ファイルを配置します。 -- デフォルトのバーチャルホストおよび標準的なポート('80')とアドレス('\*')のバインディングを用いてサーバを設定します。 -- ドキュメントルートディレクトリを作成します。オペレーティングシステムによって異なりますが、通常は`/var/www`です。 -- Apacheサービスを開始します。 - -Apacheのデフォルト設定は、オペレーティングシステムによって異なります。これらのデフォルトは、テスト環境では機能しますが、本稼働環境には推奨されません。実際のサイトに応じてクラスのパラメータをカスタマイズすることを推奨します。 - -例えば、以下の宣言では、apacheモジュールの[デフォルトのバーチャルホスト設定][バーチャルホストの設定]を使わずにApacheがインストールされるので、すべてのApacheバーチャルホストをカスタマイズすることができます。 - -``` puppet -class { 'apache': - default_vhost => false, -} -``` - -> **注意**: `default_vhost`を`false`に設定する場合、少なくとも1つの`apache::vhost`リソースを追加する必要があります。追加しなければ、Apacheは起動しません。デフォルトのバーチャルホストを設定するには、`apache`クラスで`default_vhost`を設定するか、[`apache::vhost`][]定義タイプを使用します。[`apache::vhost`][]定義タイプを用いて、追加の固有バーチャルホストを設定することもできます。 - - -## 使用方法 - - -### バーチャルホストの設定 - -デフォルトの[`apache`][]クラスは、ポート80にバーチャルホストを設定します。すべてのインターフェースをリッスンし、[`docroot`][]パラメータのデフォルトディレクトリ`/var/www`をサーブします。 - - -基本の[名前ベースのバーチャルホスト][]を設定するには、[`apache::vhost`][]定義タイプで[`port`][]および[`docroot`][]パラメータを指定します。 - -``` puppet -apache::vhost { 'vhost.example.com': - port => '80', - docroot => '/var/www/vhost', -} -``` - -すべてのバーチャルホストパラメータのリストについては、[`apache::vhost`][]定義タイプのリファレンスを参照してください。 - -> **注意**: Apacheはバーチャルホストをアルファベット順に処理します。サーバ管理者は、バーチャルホスト設定ファイル名の先頭に数字を付けることで、 Apacheバーチャルホスト処理の優先順位を設定できます。[`apache::vhost`][]定義タイプは、デフォルトの [`priority`][]である25を適用します。これはPuppetではバーチャルホストのファイル名の先頭に`25-`が付いていると解釈されます。そのため、優先順位が同じサイトが複数ある場合や、`priority`パラメータの値をfalseに設定して優先順位番号を無効にした場合でも、Apacheはバーチャルホストをアルファベット順に処理します。 - -`docroot`のユーザおよびグループのオーナーシップを設定するには、[`docroot_owner`][]および[`docroot_group`][]パラメータを使用します。 - -``` puppet -apache::vhost { 'user.example.com': - port => '80', - docroot => '/var/www/user', - docroot_owner => 'www-data', - docroot_group => 'www-data', -} -``` - -#### SSLを使ったバーチャルホストの設定 - -[SSL encryption][]およびデフォルトのSSL証明書を使うようにバーチャルホストを設定するには、[`ssl`][]パラメータを設定します。また、[`port`][]パラメータを指定する必要もあります。通常は、'443'という値がHTTPSリクエストに対応します。 - -``` puppet -apache::vhost { 'ssl.example.com': - port => '443', - docroot => '/var/www/ssl', - ssl => true, -} -``` - -SSLおよび固有SSL証明書を使うようにバーチャルホストを設定するには、[`ssl_cert`][]および[`ssl_key`][]パラメータで証明書およびキーへのパスを使用します。 - -``` puppet -apache::vhost { 'cert.example.com': - port => '443', - docroot => '/var/www/cert', - ssl => true, - ssl_cert => '/etc/ssl/fourth.example.com.cert', - ssl_key => '/etc/ssl/fourth.example.com.key', -} -``` - -同じドメインでSSLと暗号化されていないバーチャルホストを混ぜて設定するには、それぞれを個別の[`apache::vhost`][]定義タイプで宣言します。 - -``` puppet -# The non-ssl virtual host -apache::vhost { 'mix.example.com non-ssl': - servername => 'mix.example.com', - port => '80', - docroot => '/var/www/mix', -} - -# The SSL virtual host at the same domain -apache::vhost { 'mix.example.com ssl': - servername => 'mix.example.com', - port => '443', - docroot => '/var/www/mix', - ssl => true, -} -``` - -暗号化されていない接続をSSLにリダイレクトするようにバーチャルホストを設定するには、それぞれを個別の[`apache::vhost`][]定義タイプで宣言し、SSLが有効化されているバーチャルホストに、暗号化されていないリクエストをリダイレクトします。 - -``` puppet -apache::vhost { 'redirect.example.com non-ssl': - servername => 'redirect.example.com', - port => '80', - docroot => '/var/www/redirect', - redirect_status => 'permanent', - redirect_dest => 'https://redirect.example.com/' -} - -apache::vhost { 'redirect.example.com ssl': - servername => 'redirect.example.com', - port => '443', - docroot => '/var/www/redirect', - ssl => true, -} -``` - -#### バーチャルホストのポートおよびアドレスのバインディング設定  - -バーチャルホストはデフォルトですべてのIPアドレス('\*')をリッスンします。特定のIPアドレスをリッスンするようにバーチャルホストを設定するには、[`ip`][]パラメータを使用します。 - -``` puppet -apache::vhost { 'ip.example.com': - ip => '127.0.0.1', - port => '80', - docroot => '/var/www/ip', -} -``` - -[`ip`][]パラメータにIPアドレスの配列を使えば、1つのバーチャルホストに複数のIPアドレスを設定することもできます。 - -``` puppet -apache::vhost { 'ip.example.com': - ip => ['127.0.0.1','169.254.1.1'], - port => '80', - docroot => '/var/www/ip', -} -``` - -[`port`][]パラメータにポートの配列を使えば、1つのバーチャルホストに複数のポートを設定することができます。 - -``` puppet -apache::vhost { 'ip.example.com': - ip => ['127.0.0.1'], - port => ['80','8080'] - docroot => '/var/www/ip', -} -``` - -[エイリアスサーバ][]を使ってバーチャルホストを設定するには、[`serveraliases`][]パラメータを使ってエイリアスを指定します。 - -``` puppet -apache::vhost { 'aliases.example.com': - serveraliases => [ - 'aliases.example.org', - 'aliases.example.net', - ], - port => '80', - docroot => '/var/www/aliases', -} -``` - -`/var/www/example.com`に'http://example.com.loc'をマッピングするケースのように、 同じ名前のディレクトリにマッピングされたサブドメイン用にワイルドカードエイリアスを使ってバーチャルホストを設定するには、[`serveraliases`][]パラメータを使ってワイルドカードエイリアスを、[`virtual_docroot`][]パラメータを使ってドキュメントルートを定義します。 - -``` puppet -apache::vhost { 'subdomain.loc': - vhost_name => '*', - port => '80', - virtual_docroot => '/var/www/%-2+', - docroot => '/var/www', - serveraliases => ['*.loc',], -} -``` - -[フィルタルール][]を使ってバーチャルホストを設定するには、[`filters`][]パラメータを使って、フィルタディレクティブを[array][]として渡します。 - -``` puppet -apache::vhost { 'subdomain.loc': - port => '80', - filters => [ - 'FilterDeclare COMPRESS', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', - 'FilterChain COMPRESS', - 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', - ], - docroot => '/var/www/html', -} -``` - -#### アプリおよびプロセッサのバーチャルホストの設定  - -[suPHP][]を使ってバーチャルホストを設定するには、以下のパラメータを使用します。 - -* [`suphp_engine`][]、suPHPエンジンを有効にします。 -* [`suphp_addhandler`][]、MIMEタイプを定義します。 -* [`suphp_configpath`][]、suPHPがPHPインタープリタに渡すパスを設定します。 -* [`directory`][]、ディレクトリ、ファイル、ロケーションの各ディレクティブブロックを設定します。 - -例:  - -``` puppet -apache::vhost { 'suphp.example.com': - port => '80', - docroot => '/home/appuser/myphpapp', - suphp_addhandler => 'x-httpd-php', - suphp_engine => 'on', - suphp_configpath => '/etc/php5/apache2', - directories => [ - { 'path' => '/home/appuser/myphpapp', - 'suphp' => { - user => 'myappuser', - group => 'myappgroup', - }, - }, - ], -} -``` - -[Python][]アプリケーション用の[Webサーバゲートウェイインターフェース][] (WSGI)を使ってバーチャルホストを設定するには、`wsgi`パラメータセットを使用します。 - -``` puppet -apache::vhost { 'wsgi.example.com': - port => '80', - docroot => '/var/www/pythonapp', - wsgi_application_group => '%{GLOBAL}', - wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => { - processes => '2', - threads => '15', - display-name => '%{GROUP}', - }, - wsgi_import_script => '/var/www/demo.wsgi', - wsgi_import_script_options => { - process-group => 'wsgi', - application-group => '%{GLOBAL}', - }, - wsgi_process_group => 'wsgi', - wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, -} -``` - -Apache 2.2.16の時点では、Apacheは[FallbackResource][]をサポートしています。これは、一般的なRewriteRulesに代わるシンプルなディレクティブです。[`fallbackresource`][]パラメータを使えば、FallbackResourceを設定できます。 - -``` puppet -apache::vhost { 'wordpress.example.com': - port => '80', - docroot => '/var/www/wordpress', - fallbackresource => '/index.php', -} -``` - -> **注意**: Apache 2.2.24以降では、`fallbackresource`パラメータがサポートするのは'disabled'値のみです。 - -[コモンゲートウェイインターフェース][] (CGI)ファイル用の指定ディレクトリを使ってバーチャルホストを設定するには、[`scriptalias`][]パラメータを使って`cgi-bin`パスを定義します。 - -``` puppet -apache::vhost { 'cgi.example.com': - port => '80', - docroot => '/var/www/cgi', - scriptalias => '/usr/lib/cgi-bin', -} -``` - -[Rack][]用のバーチャルホストを設定するには、[`rack_base_uris`][]パラメータを使用します。 - -``` puppet -apache::vhost { 'rack.example.com': - port => '80', - docroot => '/var/www/rack', - rack_base_uris => ['/rackapp1', '/rackapp2'], -} -``` - -#### IPベースのバーチャルホストの設定  - -任意のポートをリッスンし、固有IPアドレスのリクエストに応答する[IPベースのバーチャルホスト][]を設定することができます。この例では、サーバはポート80および81をリッスンします。これは、この例のバーチャルホストが[`port`][]パラメータにより宣言されて_いない_ ためです。 - -``` puppet -apache::listen { '80': } - -apache::listen { '81': } -``` - -[`ip_based`][]パラメータを使ってIPベースのバーチャルホストを設定します。 - -``` puppet -apache::vhost { 'first.example.com': - ip => '10.0.0.10', - docroot => '/var/www/first', - ip_based => true, -} - -apache::vhost { 'second.example.com': - ip => '10.0.0.11', - docroot => '/var/www/second', - ip_based => true, -} -``` - -任意の[SSL][SSL暗号化]構成と暗号化されていない構成を組み合わせ、IPベースと[名前ベースのバーチャルホスト][]を混ぜて設定することもできます。 - -この例では、1つのIPアドレス(この例では、10.0.0.10)に2つのIPベースのバーチャルホストを追加します。一方はSSLを使用するもの、もう一方は暗号化されていないものです。 - -``` puppet -apache::vhost { 'The first IP-based virtual host, non-ssl': - servername => 'first.example.com', - ip => '10.0.0.10', - port => '80', - ip_based => true, - docroot => '/var/www/first', -} - -apache::vhost { 'The first IP-based vhost, ssl': - servername => 'first.example.com', - ip => '10.0.0.10', - port => '443', - ip_based => true, - docroot => '/var/www/first-ssl', - ssl => true, -} -``` - -次に、第2のIPアドレス(10.0.0.20)に2つの名前ベースのバーチャルホストを追加します。 - -``` puppet -apache::vhost { 'second.example.com': - ip => '10.0.0.20', - port => '80', - docroot => '/var/www/second', -} - -apache::vhost { 'third.example.com': - ip => '10.0.0.20', - port => '80', - docroot => '/var/www/third', -} -``` - -10.0.0.10または10.0.0.20のいずれかで応答する名前ベースのバーチャルホストを追加するには、Apacheのデフォルトの`Listen 80`を無効にする**必要があります**。これは、前述のIPベースのバーチャルホストとコンフリクトするためです。無効にするには、[`add_listen`][]パラメータを`false`に設定します。 - -``` puppet -apache::vhost { 'fourth.example.com': - port => '80', - docroot => '/var/www/fourth', - add_listen => false, -} - -apache::vhost { 'fifth.example.com': - port => '80', - docroot => '/var/www/fifth', - add_listen => false, -} -``` - -### Apacheモジュールのインストール  - -Puppet apacheモジュールを使って[Apacheモジュール][]をインストールするには、2つの方法があります。 - -- [`apache::mod::`][] クラスを使って、[パラメータを伴う固有のApacheモジュールをインストール][固有モジュールのインストール]する方法 -- [`apache::mod`][]定義タイプを使って、[任意のApacheモジュールをインストール][任意モジュールのインストール]する方法 - -#### 固有モジュールのインストール - -Puppet apacheモジュールは、多くの一般的な[Apacheモジュール][]のインストールをサポートしており、多くの場合、パラメータ化された設定オプションがあります。サポートされるApacheモジュールのリストについては、[`apache::mod::`][]クラスリファレンスを参照してください。 - -例えば、[`apache::mod::ssl`][]クラスを宣言すれば、デフォルト設定で`mod_ssl` Apacheモジュールをインストールすることができます。 - -``` puppet -class { 'apache::mod::ssl': } -``` - -[`apache::mod::ssl`][]には複数のパラメータ化されたオプションがあり、宣言する際に設定することができます。たとえば、圧縮を有効にして`mod_ssl`を有効化するには、[`ssl_compression`][]パラメータをtrueに設定します。 - -``` puppet -class { 'apache::mod::ssl': - ssl_compression => true, -} -``` - -一部のモジュールには必須条件があります。[`apache::mod::`][]のリファレンスを参照してください。 - -#### 任意モジュールのインストール - -オペレーティングシステムのパッケージマネージャでインストール可能な任意のモジュールの名前を[`apache::mod`][]定義タイプに渡し、それをインストールすることができます。固有モジュールクラスとは異なり、 [`apache::mod`][]定義タイプでは、インストールされている他のモジュールや固有のパラメータに基づいてインストールが調整されることはありません。Puppetはモジュールのパッケージを取得し、インストールするだけです。詳細な設定はユーザが必要に応じて行います。 - -例えば、[`mod_authnz_external`][] Apacheモジュールをインストールするには、'mod_authnz_external'の名前を使って定義タイプを宣言します。 - -``` puppet -apache::mod { 'mod_authnz_external': } -``` - -この方法でApacheモジュールを定義する際には、いくつかのオプションパラメータを指定できます。詳細については、[定義タイプのリファレンス][`apache::mod`]を参照してください。 - - -### PHPファイルを処理するFastCGIサーバの設定 - -[`apache::fastcgi::server`][]定義タイプを追加すれば、 [FastCGI][]サーバで特定のファイルに関するリクエストを処理することができます。以下の例では、PHPリクエストを処理するFastCGIサーバをポート9000の127.0.0.1 (ローカルホスト)で定義しています。 - -``` puppet -apache::fastcgi::server { 'php': - host => '127.0.0.1:9000', - timeout => 15, - flush => false, - faux_path => '/var/www/php.fcgi', - fcgi_alias => '/php.fcgi', - file_type => 'application/x-httpd-php' -} -``` - -[`custom_fragment`][]パラメータを使えば、指定したファイルタイプがFastCGIサーバで処理されるように、バーチャルホストを設定することができます。 - -``` puppet -apache::vhost { 'www': - ... - custom_fragment => 'AddType application/x-httpd-php .php' - ... -} -``` - - -### ロードバランシングの例 - -Apacheは、[`mod_proxy`][] Apacheモジュールを通じて、複数のグループのサーバにわたるロードバランシングをサポートしています。Puppetでは、[`apache::balancer`][]および[`apache::balancermember`][]定義タイプにより、Apacheロードバランシンググループ(バランサクラスタとも呼ばれます)をサポートしています。 - -[エクスポートリソース][]でロードバランシングを有効にするには、[`apache::balancermember`][]定義タイプをロードバランサメンバーサーバからエクスポートします。 - -``` puppet -@@apache::balancermember { "${::fqdn}-puppet00": - balancer_cluster => 'puppet00', - url => "ajp://${::fqdn}:8009", - options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], -} -``` - -次に、プロキシサーバでロードバランシンググループを作成します。 - -``` puppet -apache::balancer { 'puppet00': } -``` - -リソースをエクスポートせずにロードバランシングを有効にするには、プロキシサーバで以下を宣言します。 - -``` puppet -apache::balancer { 'puppet00': } - -apache::balancermember { "${::fqdn}-puppet00": - balancer_cluster => 'puppet00', - url => "ajp://${::fqdn}:8009", - options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'], -} -``` - -次に、プロキシサーバで`apache::balancer`および`apache::balancermember`定義タイプを宣言します。 - -バランサで[ProxySet](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyset)ディレクティブを使うには、`apache::balancer`の[`proxy_set`](#proxy_set)パラメータを使用します。 - -``` puppet -apache::balancer { 'puppet01': - proxy_set => { - 'stickysession' => 'JSESSIONID', - 'lbmethod' => 'bytraffic', - }, -} -``` - -ロードバランシングのスケジューラのアルゴリズム(`lbmethod`)は、[mod_proxy_balancerドキュメント](https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html)に記載されています。 - - -## リファレンス - -- [**パブリッククラス**](#public-classes) - - [クラス: apache](#class-apache) - - [クラス: apache::dev](#class-apachedev) - - [クラス: apache::vhosts](#class-apachevhosts) - - [クラス: apache::mod::\*](#classes-apachemodname) -- [**プライベートクラス**](#private-classes) - - [クラス: apache::confd::no_accf](#class-apacheconfdno_accf) - - [クラス: apache::default_confd_files](#class-apachedefault_confd_files) - - [クラス: apache::default_mods](#class-apachedefault_mods) - - [クラス: apache::package](#class-apachepackage) - - [クラス: apache::params](#class-apacheparams) - - [クラス: apache::service](#class-apacheservice) - - [クラス: apache::version](#class-apacheversion) -- [**パブリック定義タイプ**](#public-defined-types) - - [定義タイプ: apache::balancer](#defined-type-apachebalancer) - - [定義タイプ: apache::balancermember](#defined-type-apachebalancermember) - - [定義タイプ: apache::custom_config](#defined-type-apachecustom_config) - - [定義タイプ: apache::fastcgi::server](#defined-type-fastcgi-server) - - [定義タイプ: apache::listen](#defined-type-apachelisten) - - [定義タイプ: apache::mod](#defined-type-apachemod) - - [定義タイプ: apache::namevirtualhost](#defined-type-apachenamevirtualhost) - - [定義タイプ: apache::vhost](#defined-type-apachevhost) - - [定義タイプ: apache::vhost::custom](#defined-type-apachevhostcustom) -- [**プライベート定義タイプ**](#private-defined-types) - - [定義タイプ: apache::default_mods::load](#defined-type-default_mods-load) - - [定義タイプ: apache::peruser::multiplexer](#defined-type-apacheperusermultiplexer) - - [定義タイプ: apache::peruser::processor](#defined-type-apacheperuserprocessor) - - [定義タイプ: apache::security::file_link](#defined-type-apachesecurityfile_link) -- [**テンプレート**](#templates) -- [**タスク**](#tasks) - -### パブリッククラス - -#### クラス: `apache` - -システムでのApacheの基本的な設定とインストールをガイドします。 - -デフォルトオプションを用いてこのクラスを宣言すると、Puppetでは以下が実行されます。 - -- オペレーティングシステムに適したApacheソフトウェアパッケージおよび[必要なApacheモジュール](#default_mods)をインストールします。 -- [デフォルトロケーション](#conf_dir)を用いて、ディレクトリ内に必要な設定ファイルを配置します。デフォルトロケーションは、オペレーティングシステムによって異なります。 -- デフォルトのバーチャルホストおよび標準的なポート('80')とアドレス('\*')のバインディングを用いてサーバを設定します。 -- ドキュメントルートディレクトリを作成します。オペレーティングシステムによって異なりますが、通常は`/var/www`です。 -- Apacheサービスを開始します。 - -ここでは、デフォルトの`apache`クラスを宣言するだけです。 - -``` puppet -class { 'apache': } -``` - -##### `allow_encoded_slashes` - -[`AllowEncodedSlashes`][]宣言のサーバデフォルトを設定します。これにより、'\'および'/'を含むURLに対する応答が変更されます。このパラメータを指定しない場合、サーバの設定でこの宣言が省かれ、Apacheのデフォルト設定'off'が使用されます。 - -値: 'on'、'off'、'nodecode'。 - -デフォルト値: `undef`。 - -##### `apache_version` - -使用するApacheのバージョンを定義し、モジュールテンプレートの挙動、パッケージ名、デフォルトのApacheモジュールを設定します。このパラメータを理由なく手動で設定することは、推奨していません。 - -デフォルト値: [`apache::version`][]クラスにより検出されたオペレーティングシステムとリリースバージョンによって異なります。 - -##### `conf_dir` - -Apacheサーバのメイン設定ファイルを置くディレクトリを設定します。 - -デフォルト値: オペレーティングシステムによって異なります。 - -- **Debian**: `/etc/apache2` -- **FreeBSD**: `/usr/local/etc/apache22` -- **Gentoo**: `/etc/apache2` -- **Red Hat**: `/etc/httpd/conf` - -##### `conf_template` - -メインのApache設定ファイルで使用される[テンプレート][]を定義します。apacheモジュールは、`conf.d`エントリによりカスタマイズされた最小限の設定ファイルを使用するように設計されているため、このパラメータの変更には潜在的なリスクが伴います。 - -デフォルト値: `apache/httpd.conf.erb`。 - -##### `confd_dir` - -Apacheサーバのカスタム設定ディレクトリの場所を設定します。 - -デフォルト値: オペレーティングシステムによって異なります。 - -- **Debian**: `/etc/apache2/conf.d` -- **FreeBSD**: `/usr/local/etc/apache22` -- **Gentoo**: `/etc/apache2/conf.d` -- **Red Hat**: `/etc/httpd/conf.d` - -##### `default_charset` - -メイン設定ファイルで[`AddDefaultCharset`][]ディレクティブとして使用されます。 - -デフォルト値: `undef`。 - -##### `default_confd_files` - -[`confd_dir`][]パラメータにより定義されるディレクトリに、インクルード可能なApache設定ファイルのデフォルトセットを生成するかどうかを決定します。この設定ファイルは、サーバのオペレーティングシステムにApacheパッケージとともに通常インストールされるものに相当します。 - -ブーリアン。 - -デフォルト値: `true`。 - -##### `default_mods` - -オペレーティングシステムに応じたデフォルトの[Apacheモジュール][]のセットを設定して有効にするかどうかを決定します。 - -`false`の場合、Puppetはオペレーティングシステム上でHTTPデーモンを機能させるのに必要なApacheモジュールのみを含めます。[`apache::mod::`][]クラスまたは[`apache::mod`][]定義タイプを使えば、他のモジュールを個別に宣言することができます。 - -`true`の場合、Puppetはオペレーティングシステムと [`apache_version`][]および[`mpm_module`][]パラメータの値に応じて、その他のモジュールもインストールします。このモジュールリストは頻繁に変更されるので、最新のリストについては[Puppetモジュールのコード][]を参照してください。 - -このパラメータに配列が含まれる場合、Puppetは渡されたすべてのApacheモジュールを有効にします。 - -値: ブーリアンまたはApacheモジュール名の配列。 - -デフォルト値: `true`。 - -##### `default_ssl_ca` - -Apacheサーバのデフォルトの証明書認証局を設定します。 - -デフォルト値を使えばApacheサーバは機能しますが、本稼働環境にこのサーバをデプロイする前に、各自の認証局情報を用いてこのパラメータを更新する**必要があります**。 - -ブーリアン。 - -デフォルト値: `undef`。 - -##### `default_ssl_cert` - -[SSL暗号化][]証明書の保存場所を設定します。 - -デフォルト値を使えばApacheサーバは機能しますが、本稼働環境にこのサーバをデプロイする前に、各自の証明書ロケーション情報を用いてこのパラメータを更新する**必要があります**。 - -デフォルト値: オペレーティングシステムによって異なります。 - -- **Debian**: `/etc/ssl/certs/ssl-cert-snakeoil.pem` -- **FreeBSD**: `/usr/local/etc/apache22/server.crt` -- **Gentoo**: `/etc/ssl/apache2/server.crt` -- **Red Hat**: `/etc/pki/tls/certs/localhost.crt` - -##### `default_ssl_chain` - -デフォルトの[SSLチェーン][]の保存場所を設定します。 - -デフォルト値を使えばApacheサーバは機能しますが、本稼働環境にこのサーバをデプロイする前に、各自のSSLチェーンを用いてこのパラメータを更新する**必要があります**。 - -デフォルト値: `undef`。 - -##### `default_ssl_crl` - -使用するデフォルトの[証明書失効リスト][] (CRL)ファイルのパスを設定します。 - -デフォルト値を使えばApacheサーバは機能しますが、本稼働環境にこのサーバをデプロイする前に、CRLファイルパスを用いてこのパラメータを更新する**必要があります**。このパラメータは、[`default_ssl_crl_path`][]とともに使用することも、その代わりに使用することもできます。 - -デフォルト値: `undef`。 - -##### `default_ssl_crl_path` - -サーバの[証明書失効リストパス][]を設定します。これにはCRLが含まれます。 - -デフォルト値を使えばApacheサーバは機能しますが、本稼働環境でこのサーバをデプロイする前に、CRLファイルパスを用いてこのパラメータを更新する**必要があります**。 - -デフォルト値: `undef`。 - -##### `default_ssl_crl_check` - -[`SSLCARevocationCheck`][]ディレクティブを通じてデフォルトの証明書失効チェックレベルを設定します。このパラメータはApache 2.4以上にのみ適用され、それ以前のバージョンでは無視されます。 - -デフォルト値を使えばApacheサーバは機能しますが、本稼働環境で証明書失効リストを使用する際には、このパラメータを指定する**必要があります**。 - -デフォルト値: `undef`。 - -##### `default_ssl_key` - -[SSL証明書キーファイル][]の保存場所を設定します。 - -デフォルト値を使えばApacheサーバは機能しますが、本稼働環境にこのサーバをデプロイする前に、各自のSSLキーのロケーションを用いてこのパラメータを更新する**必要があります**。 - -デフォルト値: オペレーティングシステムによって異なります。 - -- **Debian**: `/etc/ssl/private/ssl-cert-snakeoil.key` -- **FreeBSD**: `/usr/local/etc/apache22/server.key` -- **Gentoo**: `/etc/ssl/apache2/server.key` -- **Red Hat**: `/etc/pki/tls/private/localhost.key` - - -##### `default_ssl_vhost` - -デフォルトの[SSL][SSL暗号化]バーチャルホストを設定します。 - -`true`の場合、Puppetは [`apache::vhost`][]定義タイプを用いて、以下のバーチャルホストを自動的に設定します。 - -```puppet -apache::vhost { 'default-ssl': - port => 443, - ssl => true, - docroot => $docroot, - scriptalias => $scriptalias, - serveradmin => $serveradmin, - access_log_file => "ssl_${access_log_file}", - } -``` - -> **注意**: SSLバーチャルホストはHTTPSクエリにのみ応答します。 - - -ブーリアン。 - -デフォルト値: `false`。 - -##### `default_type` - -_Apache 2.2のみ_。サーバが他の方法で適切な`content-type`を決定できない場合に送信される[MIME `content-type`][]を設定します。このディレクティブはApache 2.4以降では廃止予定になっており、設定ファイルの下位互換性確保の目的でのみ使われます。 - -デフォルト値: `undef`。 - -##### `default_vhost` - -クラスが宣言された際にデフォルトのバーチャルホストを設定します。 - -[カスタマイズしたバーチャルホスト][バーチャルホストの設定]を設定するには、このパラメータの値を`false`に設定します。 - -> **注意**: 少なくとも1つのバーチャルホストがなければ、Apacheは起動しません。このパラメータを`false`に設定する場合は、別の場所でバーチャルホストを設定する必要があります。 - -ブーリアン。 - -デフォルト値: `true`。 - -##### `dev_packages` - -使用する固有devパッケージを設定します。 - -値: 文字列または文字列の配列。 - -IUS yumリポジトリからhttpd 2.4を使用する例: - -``` puppet -include ::apache::dev -class { 'apache': - apache_name => 'httpd24u', - dev_packages => 'httpd24u-devel', -} -``` - -デフォルト値: オペレーティングシステムによって異なります。 - -- **Red Hat:** 'httpd-devel' -- **Debian 8/Ubuntu 13.10以降:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev'] -- **それ以前のDebian/Ubuntuバージョン:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev'] -- **FreeBSD, Gentoo:** `undef` -- **Suse:** ['libapr-util1-devel', 'libapr1-devel'] - -##### `docroot` - -デフォルトの[`DocumentRoot`][]の場所を設定します。 - -デフォルト値: オペレーティングシステムによって異なります。 - -- **Debian**: `/var/www/html` -- **FreeBSD**: `/usr/local/www/apache22/data` -- **Gentoo**: `/var/www/localhost/htdocs` -- **Red Hat**: `/var/www/html` - -##### `error_documents` - -Apacheサーバの[カスタムエラードキュメント][]を有効にするかどうかを決定します。 - -ブーリアン。 - -デフォルト値: `false`。 - -##### `group` - -リクエストに応答するために生成されるApacheプロセスを所有するグループIDを設定します。 - -デフォルトでは、Puppetはこのグループを`apache`クラスの下のリソースとして管理するよう試み、[`apache::params`][]クラスにより検出されたオペレーティングシステムに基づいてグループを決定します。このグループリソースを作成せずに、別のPuppetモジュールで作成されたグループを使用するには、[`manage_group`][]パラメータの値を`false`に設定します。 - -> **注意**: このパラメータを修正すると、Apacheが子プロセスを生成してリソースにアクセスする際に使用するグループIDのみが変更されます。親サーバプロセスを所有するユーザは変更されません。 - -##### `httpd_dir` - -Apacheサーバの基本設定ディレクトリを設定します。これは、特別に再パッケージされたApacheサーバビルドにおいて、デフォルトのディストリビューションパッケージと組み合わせると意図せぬ結果が生じる可能性がある場合に役立ちます。 - -デフォルト値: オペレーティングシステムによって異なります。 - -- **Debian**: `/etc/apache2` -- **FreeBSD**: `/usr/local/etc/apache22` -- **Gentoo**: `/etc/apache2` -- **Red Hat**: `/etc/httpd` - -##### `http_protocol_options` - -HTTPプロトコルチェックの厳密さを指定します。 - -有効なオプション: 以下の値の選択肢のシーケンス: `Strict`または`Unsafe`、`RegisteredMethods`または`LenientMethods`、`Allow0.9`または`Require1.0`。 - -デフォルト '`Strict LenientMethods Allow0.9`'。 - -##### `keepalive` - -[`KeepAlive`][]ディレクティブによってHTTPの持続的接続を有効にするかどうかを決定します。 'On'に設定する場合は、[`keepalive_timeout`][]および[`max_keepalive_requests`][]パラメータを使って関連オプションを設定してください。 - -値: 'Off'、'On'。 - -デフォルト値: 'On'。 - -##### `keepalive_timeout` - -[`KeepAliveTimeout`]ディレクティブによって、HTTPの持続的接続でApacheサーバが後続のリクエストを行うまでの待機時間を設定します。このパラメータが意味を持つのは、[`keepalive` parameter][]を有効にしている場合のみです。 - -デフォルト値: '15'。 - -##### `max_keepalive_requests` - -[`keepalive` parameter][]が有効の場合に、1回の接続で許可されるリクエストの数を制限します。 - -デフォルト値: '100'。 - -##### `lib_path` - -[Apacheモジュール][Apacheモジュール]ファイルの保存場所を指定します。 - -デフォルト値: オペレーティングシステムによって異なります。 - -- **Debian**および**Gentoo**: `/usr/lib/apache2/modules` -- **FreeBSD**: `/usr/local/libexec/apache24` -- **Red Hat**: `modules` - -> **注意**: このパラメータは、特別な理由がない限り手動で設定しないでください。 - -##### `log_level` - -エラーログの詳細レベルを変更します。値: 'alert'、'crit'、'debug'、'emerg'、'error'、'info'、'notice'、'warn'。 - -デフォルト値: 'warn'。 - -##### `log_formats` - -追加の[`LogFormat`][]ディレクティブを定義します。値: [ハッシュ][]、例: - -``` puppet -$log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' } -``` - -Puppetの作成する`httpd.conf`には、以下のような複数の`LogFormats`が事前定義されています。 - -``` httpd -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%h %l %u %t \"%r\" %>s %b" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent -LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded -``` - -定義した`log_formats`パラメータに上記のいずれかが含まれる場合は、**ユーザの**定義により上書きされます。 - -##### `logroot` - -バーチャルホストのApacheログファイルのディレクトリを変更します。 - -デフォルト値: オペレーティングシステムによって異なります。 - -- **Debian**: `/var/log/apache2` -- **FreeBSD**: `/var/log/apache22` -- **Gentoo**: `/var/log/apache2` -- **Red Hat**: `/var/log/httpd` - -##### `logroot_mode` - -デフォルトの[`logroot`][]ディレクトリをオーバーライドします。 - -> **注意**: 影響を把握できない場合は、ログが保存されているディレクトリへの書き込みアクセス権限を付与_しないで_ください。詳細については、[Apacheドキュメント][ログセキュリティ]を参照してください。 - -デフォルト値: `undef`。 - -##### `manage_group` - -`false`の場合、Puppetではグループリソースは作成されません。 - -別のPuppetモジュールで作成されたグループをApacheの実行に使用する場合は、この値を`false`に設定してください。このパラメータを設定せずに過去に作成されたグループを使用しようとすると、重複リソースエラーが生じます。 - -ブーリアン。 - -デフォルト値: `true`。 - -##### `supplementary_groups` - -ユーザの所属するグループのリスト。主要グループに加えて設定する場合に使用します。 - -デフォルト値: 追加グループなし。 - -注意: このオプションは、`manage_user`がtrueに設定されている場合のみ有効です。 - -##### `manage_user` - -`false`の場合、Puppetではユーザリソースが作成されません。 - -このパラメータは、別のPuppetモジュールで作成されたユーザをApache実行に使用する場合などに使用します。このパラメータを設定せずに過去に作成されたユーザを使用しようとすると、重複リソースエラーが生じます。 - -ブーリアン。 - -デフォルト値: `true`。 - -##### `mod_dir` - -Puppetが[Apacheモジュール][]の設定ファイルを置く場所を設定します。 - -デフォルト値: オペレーティングシステムによって異なります。 - -- **Debian**: `/etc/apache2/mods-available` -- **FreeBSD**: `/usr/local/etc/apache22/Modules` -- **Gentoo**: `/etc/apache2/modules.d` -- **Red Hat**: `/etc/httpd/conf.d` - -##### `mod_libs` - -デフォルトのモジュールライブラリ名をユーザがオーバーライドすることを許可します。 - -```puppet -include apache::params -class { 'apache': - mod_libs => merge($::apache::params::mod_libs, { - 'wsgi' => 'mod_wsgi_python3.so', - }) -} -``` - -ハッシュ。デフォルト値: `$apache::params::mod_libs` - -##### `mod_packages` - -デフォルトのモジュールパッケージ名をユーザがオーバーライドすることを許可します。 - -```puppet -include apache::params -class { 'apache': - mod_packages => merge($::apache::params::mod_packages, { - 'auth_kerb' => 'httpd24-mod_auth_kerb', - }) -} -``` - -ハッシュ。デフォルト値: `$apache::params::mod_packages`。 - -##### `mpm_module` - -HTTPDプロセスに関してロードおよび設定する[マルチプロセッシングモジュール][] (MPM)を決定します。値: 'event'、'itk'、'peruser'、'prefork'、'worker'、`false`。 - -カスタムパラメータを用いて以下のクラスを明示的に宣言するためには、このパラメータを`false`に設定する必要があります。 - -- [`apache::mod::event`][] -- [`apache::mod::itk`][] -- [`apache::mod::peruser`][] -- [`apache::mod::prefork`][] -- [`apache::mod::worker`][] - -デフォルト値: オペレーティングシステムによって異なります。 - -- **Debian**: 'worker' -- **FreeBSD、Gentoo、Red Hat**: 'prefork' - -##### `package_ensure` - -`package`リソースの[`ensure`][]属性を制御します。値: 'absent'、'installed' (またはそれに相当する'present')、またはバージョン文字列。 - -デフォルト値: 'installed'。 - -##### `pidfile` - -pidファイルのカスタムロケーションの設定を許可します。カスタムビルトのApache rpmを使用する場合に役立ちます。 - -デフォルト値: オペレーティングシステムによって異なります。 - -- **Debian:** '\${APACHE_PID_FILE}' -- **FreeBSD:** '/var/run/httpd.pid' -- **Red Hat:** 'run/httpd.pid' - -##### `ports_file` - -Apacheポート設定を含むファイルのパスを設定します。 - -デフォルト値: '{$conf_dir}/ports.conf'。 - -##### `purge_configs` - -他のすべてのApache設定およびバーチャルホストを削除します。 - -このパラメータを`false`に設定すると、一時的な対策として、既存の設定や管理されていない設定をApacheモジュールと共存させることができます。この場合、設定をこのモジュール内のリソースに移すことを推奨します。バーチャルホストの設定については、[`purge_vhost_dir`][]を参照してください。 - -ブーリアン。 - -デフォルト値: `true`。 - -##### `purge_vhost_dir` - -[`vhost_dir`][]パラメータの値が[`confd_dir`][]パラメータの値と異なる場合は、このパラメータにより、Puppetにより管理されて_いない_`vhost_dir`内の設定を削除するかどうかが決定されます。 - -`purge_vhost_dir`を`false`に設定すると、一時的な対策として、`vhost_dir`内の既存の設定や管理されていない設定をapacheモジュールと共存させることができます。 - -ブーリアン。 - -デフォルト値: [`purge_configs`][]と同じ。 - -##### `rewrite_lock` - -リライトロックのカスタムロケーションの設定を可能にします。これは、バーチャルホストの[`rewrites`][]パラメータでタイプprgのRewriteMapを使用している場合のベストプラクティスとされています。このパラメータは、Apacheバージョン2.2以前のみに適用され、それよりも新しいバージョンでは無視されます。 - -デフォルト値: `undef`。 - -##### `sendfile` - -[`EnableSendfile`][]ディレクティブで静的ファイルをサーブする際に、ApacheがLinuxカーネルの`sendfile`サポートを使用するようにします。値: 'On'、'Off'。 - -デフォルト値: 'On'。 - -##### `serveradmin` - -Apacheの[`ServerAdmin`][]ディレクティブでApacheサーバ管理者の連絡先情報を設定します。 - -デフォルト値: 'root@localhost'。 - -##### `servername` - -Apacheの[`ServerName`][]ディレクティブでApacheサーバ名を設定します。 - -`false`に設定すると、ServerNameは設定されません。 - -デフォルト値: [Facter][]により報告された'fqdn' fact。 - -##### `server_root` - -Apacheの[`ServerRoot`][]ディレクティブでApacheサーバのルートを設定します。 - -デフォルト値: オペレーティングシステムによって異なります。 - -- **Debian**: `/etc/apache2` -- **FreeBSD**: `/usr/local` -- **Gentoo**: `/var/www` -- **Red Hat**: `/etc/httpd` - -##### `server_signature` - -Apacheの[`ServerSignature`][]ディレクティブで、エラードキュメントや一部の[Apacheモジュール][]のアウトプットなどの、サーバ生成ドキュメントの下部に表示される末尾のフッタの行を設定します。値: 'Off'、'On'。 - -デフォルト値: 'On'。 - -##### `server_tokens` - -Apacheの[`ServerTokens`][]ディレクティブで、Apacheからブラウザに送信される、Apacheやオペレーティングシステムに関する情報の量を制御します。 - -デフォルト値: 'Prod'. - -##### `service_enable` - -システムの起動時にPuppetがApache HTTPDサービスを有効にするかどうかを決定します。 - -ブーリアン。 - -デフォルト値: `true`。 - -##### `service_ensure` - -サービスが稼働していることをPuppetが確認するかどうかを決定します。値: `true` (または'running')、`false` (または'stopped')。 - -値を`false`または'stopped'にすると、'httpd'サービスリソースの`ensure`パラメータが`false`に設定されます。この設定は、Pacemakerなどの別のアプリケーションでサービスを管理する場合に役立ちます。 - -デフォルト値: 'running'。 - -##### `service_name` - -Apacheサービスの名前を設定します。 - -デフォルト値: オペレーティングシステムによって異なります。 - -- **DebianおよびGentoo**: 'apache2' -- **FreeBSD**: 'apache22' -- **Red Hat**: 'httpd' - -##### `service_manage` - -PuppetでHTTPDサービスの状態を管理するかどうかを決定します。 - -ブーリアン。 - -デフォルト値: `true`。 - -##### `service_restart` - -HTTPDサービスの再起動にあたり、Puppetが特定のコマンドを使用するかどうかを決定します。 - -値: Apacheサービスを再起動するためのコマンド。デフォルト設定では、 [デフォルトのPuppet挙動][サービス属性リスタート]が使われます。 - -デフォルト値: `undef`。 - -##### `ssl_cert` - -特定の SSLCertificateFile を指定できるようになります。 - -詳細については、[SSLCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#SSLCertificateFile)を参照してください。 - -デフォルト値: `undef`。 - -##### `ssl_key` -特定の SSLCertificateKey を指定できるようになります。 - -詳細については、[SSLCertificateKey](https://httpd.apache.org/docs/current/mod/mod_ssl.html#SSLCertificateKeyFile)を参照してください。 - -デフォルト値: `undef`。 - - -##### `ssl_ca` - -SSL証明書認証局を指定します。[SSLCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcacertificatefile)を使用してSSLクライアント認証で使用する証明書を確認します。 - -これはバーチャルホストレベルでオーバーライドすることが可能です。 - -デフォルト値: `undef`。 - - -##### `timeout` - -Apacheの[`TimeOut`][]ディレクティブを設定します。このディレクティブは、一部のイベントに関してリクエスト履行を止めるまでの Apacheの待機秒数を定義します。 - -デフォルト値: 120。 - -##### `trace_enable` - -[`TraceEnable`][]ディレクティブで、Apacheが`TRACE`リクエスト([RFC 2616][]ごと)をどのように処理するかを制御します。 - -値: 'Off'、'On'。 - -デフォルト値: 'On'。 - -##### `use_canonical_name` - -Apacheの [`UseCanonicalName`][]ディレクティブを制御します。このディレクティブは、Apacheが自己参照URLをどのように処理するかを制御します。指定しない場合、このパラメータの宣言がサーバの設定から除外され、Apacheのデフォルト設定'off'が使用されます。 - -値: 'On', 'on', 'Off', 'off', 'DNS', 'dns'。 - -デフォルト値: `undef`。 - -##### `use_systemd` - -systemdモジュールをCentos 7サーバにインストールするかどうかを制御します。これは、カスタムビルトのRPMを使用している場合は特に役立ちます。 - -ブーリアン。 - -デフォルト値: `true`。 - -##### `file_mode` - -設定ファイルの許可モードを設定します。 - -値: 文字列、記号表記法または数字表記法での許可モード。 - -デフォルト値: '0644'。 - -##### `root_directory_options` - -httpd.confの/ディレクトリで指定するオプションの配列。 - -デフォルト値: 'FollowSymLinks'。 - -##### `root_directory_secured` - -httpd.confの/ディレクトリについて、デフォルトのアクセスポリシーを設定します。`false`にすると、特定のアクセスポリシーがないすべてのリソースへのアクセスが許可されます。 `true`にするとデフォルトですべてのリソースへのアクセスが拒否されます。`true`の場合、リソースへのアクセスを許可するには、具体的なルールを使用する必要があります([`directories`](#parameter-directories-for-apachevhost)パラメータを用いたディレクトリブロックなどで)。 - -ブーリアン。 - -デフォルト値: `false`。 - -##### `vhost_dir` - -バーチャルホストの設定ファイルの保存場所を変更します。 - -デフォルト値: オペレーティングシステムによって異なります。 - -- **Debian**: `/etc/apache2/sites-available` -- **FreeBSD**: `/usr/local/etc/apache22/Vhosts` -- **Gentoo**: `/etc/apache2/vhosts.d` -- **Red Hat**: `/etc/httpd/conf.d` - -##### `vhost_include_pattern` - -`vhost_dir`に含まれるファイルのパターンを定義します。 - -`[^.#]\*.conf[^~]`などの値に設定すると、このディレクトリで偶発的に作成されたファイル(バージョン管理システムやエディタのバックアップにより作成されたファイルなど)がサーバ設定に*含まれなく*なります。 - -デフォルト値: '*'。 - -一部のオペレーティングシステムでは、`*.conf`の値が使用されます。デフォルトでは、このモジュールは`.conf`で終わる設定ファイルを作成します。 - -##### `user` - -Apacheがリクエストの応答に使用するユーザを変更します。Apacheの親プロセスは引き続きルートとして稼働しますが、子プロセスはこのパラメータで定義されたユーザとしてリソースにアクセスします。Puppetがこのユーザを管理しないようにするには、[`manage_user`][]パラメータを`false`に設定します。 - -デフォルト値: [`apache::params`][]クラスにより設定されたユーザに依存します。これはオペレーティングシステムによって異なります。 - -- **Debian**: 'www-data' -- **FreeBSD**: 'www' -- **Gentoo**および**Red Hat**: 'apache' - -Puppetがこのユーザを管理しないようにするには、[`manage_user`][]パラメータをfalseに設定します。 - -##### `apache_name` - -インストールするApacheパッケージの名前。標準的ではないApacheパッケージを使用している場合は、デフォルト設定をオーバーライドする必要があるかもしれません。 - -CentOS/RHELソフトウェアコレクション(SCL)では、`apache::version::scl_httpd_version`も使用できます。 - -デフォルト値: [`apache::params`][]クラスにより設定されたユーザに依存します。これはオペレーティングシステムによって異なります。 - -- **Debian**: 'apache2' -- **FreeBSD**: 'apache24' -- **Gentoo**: 'www-servers/apache' -- **Red Hat**: 'httpd' - -##### `error_log` - -メインサーバインスタンスのエラーログファイルの名前。`/`、`|`、または`syslog`で始まる文字列の場合、フルパスが設定されます。それ以外の場合は、ファイル名の先頭に`$logroot`がつきます。 - -デフォルト値: オペレーティングシステムによって異なります。 - -- **Debian**: 'error.log' -- **FreeBSD**: 'httpd-error.log' -- **Gentoo**: 'error.log' -- **Red Hat**: 'error_log' -- **Suse**: 'error.log' - -##### `scriptalias` - -グローバルスクリプトエイリアスに使用するディレクトリ。 - -デフォルト値: オペレーティングシステムによって異なります。 - -- **Debian**: '/usr/lib/cgi-bin' -- **FreeBSD**: '/usr/local/www/apache24/cgi-bin' -- **Gentoo**: 'var/www/localhost/cgi-bin' -- **Red Hat**: '/var/www/cgi-bin' -- **Suse**: '/usr/lib/cgi-bin' - -##### `access_log_file` - -メインサーバインスタンスのアクセスログファイルの名前。 - -デフォルト値: オペレーティングシステムによって異なります。 - -- **Debian**: 'error.log' -- **FreeBSD**: 'httpd-access.log' -- **Gentoo**: 'access.log' -- **Red Hat**: 'access_log' -- **Suse**: 'access.log' - -##### `limitreqfields` - -[`limitreqfields`][]パラメータは、HTTPリクエスト内のリクエストヘッダフィールドの最大数を設定します。このディレクティブを使用すると、サーバ管理者は異常なクライアントリクエスト動作の制御を強化できるので、ある種のDoS攻撃の防止に役立てることができます。送信リクエスト内のフィールドが多過ぎることを示すエラー応答が、通常のクライアントに対して表示される場合、この値を増やす必要があります。 - -デフォルト値: '100'。 - -#### クラス: `apache::dev` - -Apache開発ライブラリをインストールします。 - -デフォルト値: オペレーティングシステムによって異なります。使用するオペレーティングシステムに基づく、[`apache::params`][]クラスの[`dev_packages`][]パラメータ。 - -- **Debian**: Ubuntu 13.10およびDebian 8では'libaprutil1-dev'、'libapr1-dev'、'apache2-dev'。その他のバージョンでは'apache2-prefork-dev'。 -- **FreeBSD**: `undef`; FreeBSDでは、`apache::dev`を宣言する前に`apache::package`または`apache`クラスを宣言する必要があります。 -- **Gentoo**: `undef` -- **Red Hat**: 'httpd-devel' - -#### クラス: `apache::vhosts` - -[`apache::vhost`][]定義タイプを作成します。 - -**パラメータ**:  - -* `vhosts`: [`apache::vhost`][]定義タイプのパラメータを指定します。 - - 値: [ハッシュ][]、キーは名前を表し、値は[`apache::vhost`][]定義タイプのパラメータの[ハッシュ][]を表します。 - - デフォルト値: '{}'。 - - > **注意**: すべてのバーチャルホストのパラメータのリストや[バーチャルホストの設定]については、[`apache::vhost`][]定義タイプのリファレンスを参照してください。 - - 例えば、[名前ベースのバーチャルホスト][名前ベースのバーチャルホスト]のcustom_vhost_1を作成するには、`vhosts`パラメータを'{ "custom_vhost_1" => { "docroot" => "/var/www/custom_vhost_1", "port" => "81" }'に設定し、このクラスを宣言します。 - -``` puppet -class { 'apache::vhosts': - vhosts => { - 'custom_vhost_1' => { - 'docroot' => '/var/www/custom_vhost_1', - 'port' => '81', - }, - }, -} -``` - -#### クラス: `apache::mod::` - -指定した[Apacheモジュール][]を有効にします。Apacheモジュールを有効にして設定するには、このクラスを宣言します。 - -例えば、アイコンなしで[`mod_alias`][]をインストールして有効にするには、`icons_options`パラメータをNone'に設定して[`apache::mod::alias`][]クラスを宣言します。 - -``` puppet -class { 'apache::mod::alias': - icons_options => 'None', -} -``` - -以下のApacheモジュールにはサポートするクラスがあり、その多くは、パラメータ化された設定が可能です。[`apache::mod`][]定義タイプを使えば、他のApacheモジュールをインストールできます。 - -* `actions` -* `alias` ([`apache::mod::alias`][]参照) -* `auth_basic` -* `auth_cas`\* ([`apache::mod::auth_cas`][]参照) -* `auth_mellon`\* ([`apache::mod::auth_mellon`][]参照) -* `auth_kerb` -* auth_gssapi -* `authn_core` -* `authn_dbd`\* ([`apache::mod::authn_dbd`][]参照) -* `authn_file` -* `authnz_ldap`\* ([`apache::mod::authnz_ldap`][]参照) -* `authnz_pam` -* `authz_default` -* `authz_user` -* `autoindex` -* `cache` -* `cgi` -* `cgid` -* `cluster` ([`apache::mod::cluster`][]参照) -* `data` -* `dav` -* `dav_fs` -* `dav_svn`\* -* `dbd` -* `deflate\` -* `dev` -* `dir`\* -* `disk_cache` ([`apache::mod::disk_cache`][]参照) -* `dumpio` ([`apache::mod::dumpio`][]参照) -* `env` -* `event` ([`apache::mod::event`][]参照) -* `expires` -* `ext_filter` ([`apache::mod::ext_filter`][]参照) -* `fastcgi` -* `fcgid` -* `filter` -* `geoip` ([`apache::mod::geoip`][]参照) -* `headers` -* `include` -* `info`\* -* `intercept_form_submit` -* `itk` -* `jk` ([`apache::mod::jk`]参照) -* `ldap` ([`apache::mod::ldap`][]参照) -* `lookup_identity` -* `macro` ([`apache:mod:macro`][]参照) -* `mime` -* `mime_magic`\* -* `negotiation` -* `nss`\* ([`apache::mod::nss`][]参照) -* `pagespeed` ([`apache::mod::pagespeed`][]参照) -* `passenger`\* ([`apache::mod::passenger`][]参照) -* `perl` -* `peruser` -* `php` ([`mpm_module`][]を`prefork`に設定する必要があります) -* `prefork`\* -* `proxy`\* ([`apache::mod::proxy`][]参照) -* `proxy_ajp` -* `proxy_balancer`\* ([`apache::mod::proxy_balancer`][]参照) -* `proxy_balancer` -* `proxy_html` ([`apache::mod::proxy_html`][]参照) -* `proxy_http` -* `python` ([`apache::mod::python`][]参照) -* `reqtimeout` -* `remoteip`\* -* `rewrite` -* `rpaf`\* -* `setenvif` -* `security` -* `shib`\* ([`apache::mod::shib`]参照) -* `speling` -* `ssl`\* ([`apache::mod::ssl`][]参照) -* `status`\* ([`apache::mod::status`][]参照) -* `suphp` -* `userdir`\* ([`apache::mod::userdir`][]参照) -* `version` -* `vhost_alias` -* `worker`\* -* `wsgi` ([`apache::mod::wsgi`][]参照) -* `xsendfile` - -モジュールに付いている*のマークは、設定やモジュールを設定するためのパラメータが含まれるテンプレートがあることを示しています。ほとんどのApacheモジュールクラスパラメータにはデフォルト値があり、設定は必要ありません。 テンプレートのあるモジュールについては、Puppetでモジュールとともにテンプレートファイルがインストールされます。これらのテンプレートファイルは、モジュールが機能するために必要です。 - -##### クラス: `apache::mod::alias` - -[`mod_alias`][]をインストールして管理します。 - -**パラメータ**:  - -* `icons_options`: Apache [`Options`]ディレクティブにより、アイコンディレクトリのディレクトリリスティングを無効にします。 - - デフォルト値: 'Indexes MultiViews'。 - -* `icons_path`: `/icons/`エイリアスのローカルパスを設定します。 - - デフォルト値: オペレーティングシステムによって異なります。 - - * **Debian**: `/usr/share/apache2/icons` - * **FreeBSD**: `/usr/local/www/apache24/icons` - * **Gentoo**: `/var/www/icons` - * **Red Hat**: `/var/www/icons`、Apache 2.4の場合のみ、`/usr/share/httpd/icons` - -#### クラス: `apache::mod::disk_cache` - -Apache 2.2に[`mod_disk_cache`][]、またはApache 2.4に[`mod_cache_disk`][]をインストールして設定します。 - -デフォルト値: Apacheバージョンとオペレーティングシステムによって異なります。 - -- **Debian**: `/var/cache/apache2/mod_cache_disk` -- **FreeBSD**: `/var/cache/mod_cache_disk` -- **Red Hat、Apache 2.4**: `/var/cache/httpd/proxy` -- **Red Hat、Apache 2.2**: `/var/cache/mod_proxy` - -キャッシュルートを指定するには、パスを文字列として`cache_root`パラメータに渡します。 - -``` puppet -class {'::apache::mod::disk_cache': - cache_root => '/path/to/cache', -} -``` - -キャッシュ無視ヘッダを指定するには、文字列を`cache_ignore_headers`パラメータに渡します。 - -``` puppet -class {'::apache::mod::disk_cache': - cache_ignore_headers => "Set-Cookie", -} -``` - -##### クラス: `apache::mod::dumpio` - -[`mod_dumpio`][]をインストールして設定します。 - -```puppet -class{'apache': - default_mods => false, - log_level => 'dumpio:trace7', -} -class{'apache::mod::dumpio': - dump_io_input => 'On', - dump_io_output => 'Off', -} -``` - -**パラメータ**:  - -* `dump_io_input`: すべての入力データをエラーログにダンプします。 - - 値: 'On'、'Off'。  - - デフォルト値: 'Off'。 - -* `dump_io_output`: すべての出力データをエラーログにダンプします。 - - 値: 'On'、'Off'。  - - デフォルト値: 'Off'。 - -##### クラス: `apache::mod::event` - -[`mod_mpm_event`][]をインストールして管理します。同じサーバ上に、`apache::mod::event`と一緒に[`apache::mod::itk`][]、[`apache::mod::peruser`][]、[`apache::mod::prefork`][]、[`apache::mod::worker`][]を含めることはできません。 - -**パラメータ**:  - -* `listenbacklog`: モジュールの[`ListenBackLog`][]ディレクティブでペンディング接続キューの最大長を設定します。`false`に設定すると、このパラメータが削除されます。 - - デフォルト値: '511'。 - -* `maxrequestworkers` (_Apache 2.3.12以前_: `maxclients`): モジュールの[`MaxRequestWorkers`][]ディレクティブで、Apacheが同時に処理できる接続の最大数を設定します。`false`に設定すると、このパラメータが削除されます。 - - デフォルト値: '150'。 - -* `maxconnectionsperchild` (_Apache 2.3.8以前_: `maxrequestsperchild`): モジュールの[`MaxConnectionsPerChild`][]ディレクティブで、子サーバが稼働中に処理する接続の数を制限します。`false`に設定すると、このパラメータが削除されます。 - - デフォルト値: '0'。 - -* `maxsparethreads` and `minsparethreads`: [`MaxSpareThreads`][]および[`MinSpareThreads`][]ディレクティブで、待機スレッドの最大数と最小数を設定します。`false`に設定すると、このパラメータが削除されます。 - - デフォルト値: それぞれ'75'および'25'。 - -* `serverlimit`: [`ServerLimit`][]ディレクティブで、プロセスの設定数を制限します。`false`に設定すると、このパラメータが削除されます。 - - デフォルト値: '25'。 - -* `startservers`: モジュールの[`StartServers`][]ディレクティブで、起動時に作成される子サーバプロセスの数を設定します。`false`に設定すると、このパラメータが削除されます。 - - デフォルト値: '2'。 - -* `threadlimit`: モジュールの[`ThreadLimit`][]ディレクティブで、イベントスレッドの数を制限します。`false`に設定すると、このパラメータが削除されます。 - - デフォルト値: '64'。 - -* `threadsperchild`: [`ThreadsPerChild`][]ディレクティブで、各子サーバにより作成されるスレッドの数を設定します。 - - デフォルト値: '25'。`false`に設定すると、このパラメータが削除されます。 - -##### クラス: `apache::mod::auth_cas` - -[`mod_auth_cas`][]をインストールして管理します。パラメータの名前はApacheモジュールのディレクティブと共通です。 - -`cas_login_url`および`cas_validate_url`パラメータは必須です。 その他のいくつかのパラメータのデフォルト値は`undef`です。 - -> **注意**: auth_casモジュールは、EPELにより提供される依存関係パッケージがなければ、RH/CentOSで使用できません。 [https://github.com/Jasig/mod_auth_cas]()を参照してください。 - -**パラメータ**:  - -- `cas_attribute_prefix`: ヘッダを追加します。SAMLバリデーションが有効になっている場合には、このヘッダの値が属性値になります。 - - デフォルト値: CAS_。 - -- `cas_attribute_delimiter`:`cas_attribute_prefix`により作成されたヘッダの属性値の区切り文字。 - - デフォルト値: ,。 - -- `cas_authoritative`: オプションの認証ディレクティブを承認してバインドするかどうかを決定します。 - - デフォルト値: `undef`。 - -- `cas_certificate_path`: `cas_login_url`および`cas_validate_url`のサーバについて、証明書認証局のX509証明書へのパスを設定します。 - - デフォルト値: `undef`。 - -- `cas_cache_clean_interval`: キャッシュクリーニング時間の最小秒数を設定します。 - - デフォルト値: `undef`。 - -- `cas_cookie_domain`: `Set-Cookie` HTTPヘッダの`Domain=`パラメータの値を設定します。 - - デフォルト値: `undef`。 - -- `cas_cookie_entropy`: セッション識別子を作成する際に使用するバイト数を設定します。 - - デフォルト値: `undef`。 - -- `cas_cookie_http_only`: `mod_auth_cas`がクッキーを発行する際のオプションの`HttpOnly`フラグを設定します。 - - デフォルト値: `undef`。 - -- `cas_cookie_path`: casクッキーセッションデータの保存場所。Webサーバユーザによる書き込みを可能にする必要があります。 - - デフォルト値: OSによって異なります。 - -- `cas_cookie_path_mode`: `cas_cookie_path`のモード。 - - デフォルト値: '0750'。 - -- `cas_debug`: モジュールのデバッギングモードを有効にするかどうかを決定します。 - - デフォルト値: 'Off'。 - -- `cas_idle_timeout`: 待機タイムアウトの制限を秒数で設定します。 - - デフォルト値: `undef`。 - -- `cas_login_url`: **必須**。ユーザがCASで保護されたリソースへのアクセスを試み、かつアクティブなセッションがない場合に、モジュールがユーザをリダイレクトする先のURLを設定します。 - -- `cas_proxy_validate_url`: プロキシバリデーションを実施する際に使用するURL。 - - デフォルト値: `undef`。 - -- `cas_root_proxied_as`: このApacheサーバへのアクセスがプロキシされた場合に、エンドユーザに表示されるURLを設定します。 - - デフォルト値: `undef`。 - -- `cas_scrub_request_headers`: mod_auth_cas内で特別な意味を持つ可能性のあるインバウンドリクエストヘッダを削除します。 - -- `cas_sso_enabled`: シングルサインアウトの実験的サポートを有効にします(POSTデータが壊れる可能性があります)。 - - デフォルト値: 'Off'。 - -- `cas_timeout`: `mod_auth_cas`セッションのアクティブ状態を維持する時間(秒数)を制限します。 - - デフォルト値: `undef`。 - -- `cas_validate_depth`: チェーンされた証明書バリデーションの深さを制限します。 - - デフォルト値: `undef`。 - -- `cas_validate_saml`: SAMLに関するCASサーバからの解析応答。 - - デフォルト値: 'Off'。 - -- `cas_validate_server`: CASサーバの証明書をバリデーションするかどうか(1.1 - RedHat 7では廃止予定)。 - - デフォルト値: `undef`。 - -- `cas_validate_url`: **必須**。HTTPクエリ文字列でクライアントの提示するチケットをバリデーションする際に使用するURL。 - -- `cas_version`: 従うべきCASプロトコルバージョン。値: '1'、'2'。 - - デフォルト値: '2'。 - -- `suppress_warning`: RedHat上にいることを示す警告を表示しないようにします(`mod_auth_cas`パッケージは、現在はepel-testingレポジトリで使用できます)。 - - デフォルト値: `false`。 - -##### クラス: `apache::mod::auth_mellon` - -[`mod_auth_mellon`][]をインストールして管理します。パラメータの名前はApacheモジュールのディレクティブと共通です。 - -``` puppet -class{ 'apache::mod::auth_mellon': - mellon_cache_size => 101, -} -``` - -**パラメータ**:  - -* `mellon_cache_entry_size`: 1回のセッションの最大サイズ。 - - デフォルト値: `undef`。 - -* `mellon_cache_size`: mellonキャッシュのサイズ、単位はメガバイト。 - - デフォルト値: 100。 - -* `mellon_lock_file`: ロックファイルの場所。 - - デフォルト値: '`/run/mod_auth_mellon/lock`'。 - -* `mellon_post_directory`: ポストリクエストが保存される場所のフルパス。 - - デフォルト値: '`/var/cache/apache2/mod_auth_mellon/`'。 - -* `mellon_post_ttl`: ポストリクエストの維持時間。 - - デフォルト値: `undef`。 - -* `mellon_post_size`: ポストリクエストの最大サイズ。 - - デフォルト値: `undef`。 - -* `mellon_post_count`: ポストリクエストの最大数。 - - デフォルト値: `undef`。 - -##### クラス: `apache::mod::authn_dbd` - -`mod_authn_dbd`をインストールし、`authn_dbd.conf.erb`テンプレートを使用して設定を生成します。オプションで、AuthnProviderAliasを作成します。 - -``` puppet -class { 'apache::mod::authn_dbd': - $authn_dbd_params => - 'host=db01 port=3306 user=apache password=xxxxxx dbname=apacheauth', - $authn_dbd_query => 'SELECT password FROM authn WHERE user = %s', - $authn_dbd_alias => 'db_auth', -} -``` - -**パラメータ**:  - -* `authn_dbd_alias`: AuthnProviderAlias'の名前。 - -* `authn_dbd_dbdriver`: 使用するデータベースドライブを指定します。 - - デフォルト値: 'mysql'。 - -* `authn_dbd_exptime`: DBDExptimeに相当します。 - - デフォルト値: 300。 - -* `authn_dbd_keep`: DBDKeepに相当します。 - - デフォルト値: 8。 - -* `authn_dbd_max`: DBDMaxに相当します。 - - デフォルト値: 20。 - -* `authn_dbd_min`: DBDMinに相当します。 - - デフォルト値: 4。  - -* `authn_dbd_params`: **必須**。接続文字列に関して、DBDParamsに相当します。 - -* `authn_dbd_query`: 認証に関してユーザとパスワードを問い合わせるかどうか。 - -##### クラス: `apache::mod::authnz_ldap` - -`mod_authnz_ldap`をインストールし、`authnz_ldap.conf.erb`テンプレートを使用して設定を生成します。 - -**パラメータ**:  - -* `package_name`: パッケージの名前。 - - デフォルト値: `undef`。 - -* `verify_server_cert`: サーバの証明書を確認するかどうか。 - - デフォルト値: `undef`。 - -##### クラス: `apache::mod::cluster` - -**注意**: `mod_cluster`に関して提供されている公式なパッケージはありません。そのため、Apacheモジュールの外部から使用できるようにする必要があります。バイナリは[こちら](http://mod-cluster.jboss.org/)にあります。 - -``` puppet -class { '::apache::mod::cluster': - ip => '172.17.0.1', - allowed_network => '172.17.0.', - balancer_name => 'mycluster', - version => '1.3.1' -} -``` - -**パラメータ**:  - -* `port`: mod_clusterのリッスンポート。 - - デフォルト値: '6666'。 - -* `server_advertise`: サーバをアドバタイズするかどうか。 - - デフォルト値: `true`。 - -* `advertise_frequency`: アドバタイズメッセージ間のインターバルを秒数[.ミリ秒]で設定します。 - - デフォルト値: 10。 - -* `manager_allowed_network`: ネットワークにmod_cluster_managerへのアクセスを許可するかどうか。 - - デフォルト値: '127.0.0.1'。 - -* `keep_alive_timeout`: Apacheがリクエストを待機する長さを秒数で指定します。 - - デフォルト値: 60。 - -* `max_keep_alive_requests`: 維持されるリクエストの最大数。 - - デフォルト値: 0。 - -* `enable_mcpm_receive`: MCPMを有効にするかどうか。 - - デフォルト値: `true`。 - -* `ip`: リッスンするIPアドレスを指定します。 - -* `allowed_network`: バランスドメンバーネットワーク。 - -* `version`: `mod_cluster`バージョンを指定します。httpd 2.4ではバージョン1.3.0以上が必要です。 - -##### クラス: `apache::mod::deflate` - -[`mod_deflate`][]をインストールして設定します。 - -**パラメータ**:  - -* `types`: デフレートする[配列][]または[MIMEタイプ][MIME `content-type`]。 - - デフォルト値: ['text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json']。 - -* `notes`: [ハッシュ][]、キーはタイプを表し、値はノート名を表します。 - - デフォルト値: { 'Input' => 'instream'、'Output' => 'outstream'、'Ratio' => 'ratio' }。 - -##### クラス: `apache::mod::expires` - -[`mod_expires`][]をインストールし、`expires.conf.erb`を使用して設定を生成します。 - -**パラメータ**:  - -* `expires_active`: ドキュメント領域に関して`Expires`ヘッダの生成を有効にします。 - - ブーリアン。 - - デフォルト値: `true`。 - -* `expires_default`: [`ExpiresByType`][]構文または[インターバル構文][]を用いた有効期限計算のためのデフォルトアルゴリズムを指定します。 - - デフォルト値: `undef`。 - -* `expires_by_type`: 一連の[MIME `content-type`][]とその有効期限を表します。 - - 値: [ハッシュ][ハッシュ]の[配列][]、各ハッシュのキーは有効なMIME `content-type` ('text/json'など)、値は以下の有効な [インターバル構文][]。 - - デフォルト値: `undef`。 - -##### クラス: `apache::mod::ext_filter` - -[`mod_ext_filter`][]をインストールして設定します。 - -``` puppet -class { 'apache::mod::ext_filter': - ext_filter_define => { - 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength', - 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"', - }, -} -``` - -**パラメータ**:  - -* `ext_filter_define`: フィルタ名とそのパラメータのハッシュ。 - - デフォルト値: `undef`。 - -##### クラス: `apache::mod::fcgid` - -[`mod_fcgid`][]をインストールして設定します。 - -このクラスでは、使用可能なすべてのオプションを個別にパラメータ化するのではなく、`options` [ハッシュ][]を使って`mod_fcgid`を設定します。例: - -``` puppet -class { 'apache::mod::fcgid': - options => { - 'FcgidIPCDir' => '/var/run/fcgidsock', - 'SharememPath' => '/var/run/fcgid_shm', - 'AddHandler' => 'fcgid-script .fcgi', - }, -} -``` - -すべてのオプションのリストについては、[公式`mod_fcgid`ドキュメント][`mod_fcgid`]を参照してください。 - -`apache::mod::fcgid`を含める場合は、ディレクトリごと、バーチャルホストごとに[`FcgidWrapper`][]を設定できます。最初にモジュールをロードする必要があります。`apache::vhost`で`fcgiwrapper`パラメータを設定している場合、Puppetは自動的にはモジュールを有効化しません。 - -``` puppet -include apache::mod::fcgid - -apache::vhost { 'example.org': - docroot => '/var/www/html', - directories => { - path => '/var/www/html', - fcgiwrapper => { - command => '/usr/local/bin/fcgiwrapper', - } - }, -} -``` - -##### クラス: `apache::mod::geoip` - -[`mod_geoip`][]をインストールして管理します。 - -**パラメータ**:  - -* `db_file`: GeoIPデータベースファイルのパスを設定します。 - - 値: パス、または複数のGeoIPデータベースファイルの[配列][]パス。 - - デフォルト値: `/usr/share/GeoIP/GeoIP.dat`。 - -* `enable`: [`mod_geoip`][]を全体で有効にするかどうかを決定します。 - - ブーリアン。 - - デフォルト値: `false`。 - -* `flag`: GeoIPフラグを設定します。 - - 値: 'CheckCache'、'IndexCache'、'MemoryCache'、'Standard'。 - - デフォルト値: 'Standard'。 - -* `output`: 使用するアウトプット変数を定義します。 - - 値: 'All'、'Env'、'Request'、'Notes'。 - - デフォルト値: 'All'。 - -* `enable_utf8`: アウトプットをISO*8859*1 (ラテン*1)からUTF*8に変更します。 - - ブーリアン。 - - デフォルト値: `undef`。 - -* `scan_proxy_headers`: [GeoIPScanProxyHeaders][]オプションを有効にします。 - - ブーリアン。 - - デフォルト値: `undef`。 - -* `scan_proxy_header_field`: クライアントのIPアドレスの決定に使用するヘッダの[`mod_geoip`][]を指定します。 - - デフォルト値: `undef`。 - -* `use_last_xforwarededfor_ip` (sic): IPアドレスのカンマ区切りリストで見つかったクライアントのIPの最初または最後のIPアドレスを使うかどうかを決定します。 - - ブーリアン。 - - デフォルト値: `undef`。 - -##### クラス: `apache::mod::info` - -サーバ設定の全体的な概要を提供する[`mod_info`][]をインストールして管理します。 - -**パラメータ**:  - -* `allow_from`: IPv4またはIPv6アドレスのホワイトリスト、または`/server*info`にアクセスできる範囲。 - - 値: IPv4アドレス、IPv6アドレス、または範囲の1つまたは複数のオクテット、またはいずれかの配列。 - - デフォルト値: ['127.0.0.1','::1']。  - -* `apache_version`: 文字列で表されるApacheのバージョン番号、'2.2'や'2.4'など。  - - デフォルト値: [`$::apache::apache_version`][`apache_version`]の値。 - - -* `restrict_access`: アクセス制限を有効にするかどうかを決定します。`false`の場合、`allow_from`ホワイトリストは無視され、すべてのIPアドレスが `/server*info`にアクセスできるようになります。 - - ブーリアン。 - - デフォルト値: `true`。 - -##### クラス: `apache::mod::itk` - -[`mod_itk`][]をインストールして管理します。これはHTTPDプロセス向けにロードおよび設定されるMPMです。[公式ドキュメント](http://mpm-itk.sesse.net/)。 - -**パラメータ**:  - -* `startservers`: 起動時に作成される子サーバプロセスの数。 - - 値: 整数。 - - デフォルト値: `8`。 - -* `minspareservers`: 待機する子サーバプロセスに望ましい最小数。 - - 値: 整数。 - - デフォルト値: `5`。 - -* `maxspareservers`: 待機する子サーバプロセスに望ましい最大数。 - - 値: 整数。 - - デフォルト値: `20`。 - -* `serverlimit`: Apache httpdプロセスの継続期間に対して設定されるMaxRequestWorkersの最大数。 - - 値: 整数。 - - デフォルト値: `256`。 - -* `maxclients`: 処理される同時リクエストの最大数。 - - 値: 整数。 - - デフォルト値: `256`。 - -* `maxrequestsperchild`: 個々の子サーバプロセスが処理する接続の最大数。 - - 値: 整数。 - - デフォルト値: `4000`。 - -* `enablecapabilities`: 親プロセスのルート機能をほぼすべて削除し、User/Groupディレクティブで指定されたユーザとして、いくつかの追加機能(特にsetuid)付きで実行します。 セキュリティはある程度強化されますが、NFSなどの機能に対応しないファイルシステムによる処理では問題が生じるおそれがあります。 - - 値: ブール値。 - - デフォルト値: `undef`。 - -##### クラス: `apache::mod::jk` - -`mod_jk`をインストールして管理します。これは、Apache httpdリダイレクションと古いバージョンのTomCatおよびJBossを結ぶコネクタです。 - -**注意**: mod\_jkに関して提供されている公式のパッケージはありません。そのため、apacheモジュールの制御以外の手段で使用できるようにする必要があります。バイナリは[Apache Tomcatコネクタダウンロードページ](https://tomcat.apache.org/download-connectors.cgi)にあります。 - -``` puppet -class { '::apache::mod::jk': - ip => '192.168.2.15', - workers_file => 'conf/workers.properties', - mount_file => 'conf/uriworkermap.properties', - shm_file => 'run/jk.shm', - shm_size => '50M', - workers_file_content => { - - }, -} -``` - -詳細については、[templates/mod/jk/workers.properties.erb](templates/mod/jk/workers.properties.erb)を参照してください。 - -**`apache::mod::jk`**内のパラメータ: - -`mod_jk`パラメータを理解するための情報源としては、[公式ドキュメント](https://tomcat.apache.org/connectors-doc/reference/apache.html)が最適です。ただし、次はこれに含まれません: - -**add_listen** - -パラメータ`ip`および `port`に従って`Listen`ディレクティブを定義して(下記参照)、ApacheがIP/portの組合せをリッスンし`mod_jk`にリダイレクトするようにします。 -`Listen *:`または`Listen `のように、別の`Listen`ディレクティブが`mod_jk`バインディングで必要なものと競合するときに役立ちます。 - -タイプ: ブール値 -デフォルト: true - -**ip** - -`mod_jk`にバインディングするIP。 -バインディングアドレスがプライマリのネットワークインターフェースIPではないときに役立ちます。 - -タイプ: 文字列 -デフォルト: `$facts['ipaddress']` - -**port** - -`mod_jk`にバインディングするポート。 -リバースプロキシまたはキャッシュのような、別のものがポート80でリクエストを受信して、異なるポートのApacheに転送する必要があるときに役立ちます。 - -タイプ: 文字列(数値) -デフォルト: '80' - -**workers\_file\_content** - -各ディレクティブにはフォーマット`worker..=`があります。このマップは複数ハッシュのハッシュとして表され、外側のハッシュはワーカーを指定し、内側の各ハッシュは各ワーカーのプロパティと値を指定します。 -また、2つのグローバルディレクティブ 'worker.list'および'worker.maintain'もあります。 -例えば、以下のワーカーファイルは図1のようにパラメータ化します。 - -``` puppet -worker.list = status -worker.list = some_name,other_name - -worker.maintain = 60 - -# Optional comment -worker.some_name.type=ajp13 -worker.some_name.socket_keepalive=true - -# I just like comments -worker.other_name.type=ajp12 (why would you?) -worker.other_name.socket_keepalive=false -``` - -**図1:** - -``` puppet -$workers_file_content = { - worker_lists => ['status', 'some_name,other_name'], - worker_maintain => '60', - some_name => { - comment => 'Optional comment', - type => 'ajp13', - socket_keepalive => 'true', - }, - other_name => { - comment => 'I just like comments', - type => 'ajp12', - socket_keepalive => 'false', - }, -} -``` - -**mount\_file\_content** - -各ディレクティブにはフォーマット` = `があります。このマップは複数ハッシュのハッシュとして表され、外側のハッシュはワーカーを指定し、内側の各ハッシュは次の2つのアイテムを含みます: -* uri_list&mdash - ワーカーにマップするURIを用いた配列 -* comment&mdash - ワーカーに関するコメントを記したオプションの文字列 -例えば、以下のマウントファイルは図2のようにパラメータ化します。 - -``` puppet -# Worker 1 -/context_1/ = worker_1 -/context_1/* = worker_1 - -# Worker 2 -/ = worker_2 -/context_2/ = worker_2 -/context_2/* = worker_2 -``` - -**図2:** - -``` puppet -$mount_file_content = { - worker_1 => { - uri_list => ['/context_1/', '/context_1/*'], - comment => 'Worker 1', - }, - worker_2 => { - uri_list => ['/context_2/', '/context_2/*'], - comment => 'Worker 2', - }, -}, -``` - -**shm\_file and log\_file** - -これらのファイルがどのように定義されているかによって、クラスはそれらの最終パスを別々に作成します。 -- 相対パス: `logroot`で提供されたパスを追加します (下記参照) -- 絶対パスまたはパイプ: 提供されたパスをそのまま使用します - -例 (RHEL 6): - -``` puppet -shm_file => 'shm_file' -# Ends up in -$shm_path = '/var/log/httpd/shm_file' -``` -``` puppet -shm_file => '/run/shm_file' -# Ends up in -$shm_path = '/run/shm_file' -``` -``` puppet -shm_file => '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"' -# Ends up in -$shm_path = '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"' -``` - -> デフォルトのlogrootは十分健全です。このため、絶対パスを指定することは推奨しません。 - -**logroot** - -`shm_file`および`log_file`のベースディレクトリは`logroot`パラメータで決定されます。指定されない場合、デフォルトは`apache::params::logroot`です。 - -> デフォルトのlogrootは十分健全です。このため、上書きすることは推奨しません。 - -##### クラス: `apache::mod::passenger`  - -[`mod_passenger`][]をインストールして管理します。Red Hatベースのシステムの場合は、[passengerドキュメント](https://www.phusionpassenger.com/library/install/apache/install/oss/el6/#step-1:-upgrade-your-kernel,-or-disable-selinux)に記載された最小要件を満たしていることを確認してください。 - -現在のサーバ設定は、[Passengerリファレンス](https://www.phusionpassenger.com/library/config/apache/reference/)から直接取得されています。廃止予定の警告と削除失敗メッセージを有効にするには、 サーバにインストールされているバージョン番号を`passenger_installed_version`に設定します。 - -**パラメータ**:  - -|パラメータ|デフォルト値|passengerの設定|コンテキスト|注記| -|---------|-------------|------------------------|-------|-----| -|manage_repo|true|n/a||| -|mod_id|未定義|n/a||| -|mod_lib|未定義|n/a||| -|mod_lib_path|未定義|n/a||| -|mod_package|未定義|n/a||| -|mod_package_ensure|未定義|n/a||| -|mod_path|未定義|n/a||| -|passenger_allow_encoded_slashes|未定義|[`PassengerAllowEncodedSlashes`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAllowEncodedSlashes)|server-config virutal-host htaccess directory || -|passenger_app_env|未定義|[`PassengerAppEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppEnv)|server-config virutal-host htaccess directory || -|passenger_app_group_name|未定義|[`PassengerAppGroupName`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppGroupName)|server-config virutal-host htaccess directory || -|passenger_app_root|未定義|[`PassengerAppRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppRoot)|server-config virutal-host htaccess directory || -|passenger_app_type|未定義|[`PassengerAppType`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppType)|server-config virutal-host htaccess directory || -|passenger_base_uri|未定義|[`PassengerBaseURI`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBaseURI)|server-config virutal-host htaccess directory || -|passenger_buffer_response|未定義|[`PassengerBufferResponse`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBufferResponse)|server-config virutal-host htaccess directory || -|passenger_buffer_upload|未定義|[`PassengerBufferUpload`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBufferUpload)|server-config virutal-host htaccess directory || -|passenger_concurrency_model|未定義|[`PassengerConcurrencyModel`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerConcurrencyModel)|server-config virutal-host htaccess directory || -|passenger_conf_file|$::apache::params::passenger_conf_file|n/a||| -|passenger_conf_package_file|$::apache::params::passenger_conf_package_file|n/a||| -|passenger_data_buffer_dir|未定義|[`PassengerDataBufferDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDataBufferDir)|server-config || -|passenger_debug_log_file|未定義|PassengerDebugLogFile|server-config |このオプションの名前は、バージョン5.0.5でPassengerLogFileに変更されています。| -|passenger_debugger|未定義|[`PassengerDebugger`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDebugger)|server-config virutal-host htaccess directory || -|passenger_default_group|未定義|[`PassengerDefaultGroup`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultGroup)|server-config || -|passenger_default_ruby|$::apache::params::passenger_default_ruby|[`PassengerDefaultRuby`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultRuby)|server-config || -|passenger_default_user|未定義|[`PassengerDefaultUser`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultUser)|server-config || -|passenger_disable_security_update_check|未定義|[`PassengerDisableSecurityUpdateCheck`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDisableSecurityUpdateCheck)|server-config || -|passenger_enabled|未定義|[`PassengerEnabled`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerEnabled)|server-config virutal-host htaccess directory || -|passenger_error_override|未定義|[`PassengerErrorOverride`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerErrorOverride)|server-config virutal-host htaccess directory || -|passenger_file_descriptor_log_file|未定義|[`PassengerFileDescriptorLogFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFileDescriptorLogFile)|server-config || -|passenger_fly_with|未定義|[`PassengerFlyWith`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFlyWith)|server-config || -|passenger_force_max_concurrent_requests_per_process|未定義|[`PassengerForceMaxConcurrentRequestsPerProcess`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerForceMaxConcurrentRequestsPerProcess)|server-config virutal-host htaccess directory || -|passenger_friendly_error_pages|未定義|[`PassengerFriendlyErrorPages`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFriendlyErrorPages)|server-config virutal-host htaccess directory || -|passenger_group|未定義|[`PassengerGroup`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerGroup)|server-config virutal-host directory || -|passenger_high_performance|未定義|[`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerHighPerformance)|server-config virutal-host htaccess directory || -|passenger_installed_version|未定義|n/a| |このオプションを設定すると、指定した値に対するpassengerオプションのバージョンチェックが有効になります。| -|passenger_instance_registry_dir|未定義|[`PassengerInstanceRegistryDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerInstanceRegistryDir)|server-config || -|passenger_load_shell_envvars|未定義|[`PassengerLoadShellEnvvars`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLoadShellEnvvars)|server-config virutal-host htaccess directory || -|passenger_log_file|未定義|[`PassengerLogFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLogFile)|server-config || -|passenger_log_level|未定義|[`PassengerLogLevel`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLogLevel)|server-config || -|passenger_lve_min_uid|未定義|[`PassengerLveMinUid`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLveMinUid)|server-config virtual-host || -|passenger_max_instances|未定義|[`PassengerMaxInstances`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxInstances)|server-config virutal-host htaccess directory || -|passenger_max_instances_per_app|未定義|[`PassengerMaxInstancesPerApp`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxInstancesPerApp)|server-config || -|passenger_max_pool_size|未定義|[`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxPoolSize)|server-config || -|passenger_max_preloader_idle_time|未定義|[`PassengerMaxPreloaderIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxPreloaderIdleTime)|server-config virtual-host || -|passenger_max_request_queue_size|未定義|[`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequestQueueSize)|server-config virutal-host htaccess directory || -|passenger_max_request_time|未定義|[`PassengerMaxRequestTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequestTime)|server-config virutal-host htaccess directory || -|passenger_max_requests|未定義|[`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequests)|server-config virutal-host htaccess directory || -|passenger_memory_limit|未定義|[`PassengerMemoryLimit`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMemoryLimit)|server-config virutal-host htaccess directory || -|passenger_meteor_app_settings|未定義|[`PassengerMeteorAppSettings`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMeteorAppSettings)|server-config virutal-host htaccess directory || -|passenger_min_instances|未定義|[`PassengerMinInstances`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMinInstances)|server-config virutal-host htaccess directory || -|passenger_nodejs|未定義|[`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerNodejs)|server-config virutal-host htaccess directory || -|passenger_pool_idle_time|未定義|[`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPoolIdleTime)|server-config || -|passenger_pre_start|未定義|[`PassengerPreStart`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPreStart)|server-config virtual-host || -|passenger_python|未定義|[`PassengerPython`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPython)|server-config virutal-host htaccess directory || -|passenger_resist_deployment_errors|未定義|[`PassengerResistDeploymentErrors`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResistDeploymentErrors)|server-config virutal-host htaccess directory || -|passenger_resolve_symlinks_in_document_root|未定義|[`PassengerResolveSymlinksInDocumentRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResolveSymlinksInDocumentRoot)|server-config virutal-host htaccess directory || -|passenger_response_buffer_high_watermark|未定義|[`PassengerResponseBufferHighWatermark`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResponseBufferHighWatermark)|server-config || -|passenger_restart_dir|未定義|[`PassengerRestartDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRestartDir)|server-config virutal-host htaccess directory || -|passenger_rolling_restarts|未定義|[`PassengerRollingRestarts`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRollingRestarts)|server-config virutal-host htaccess directory || -|passenger_root|$::apache::params::passenger_root|[`PassengerRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRoot)|server-config || -|passenger_ruby|$::apache::params::passenger_ruby|[`PassengerRuby`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRuby)|server-config virutal-host htaccess directory || -|passenger_security_update_check_proxy|未定義|[`PassengerSecurityUpdateCheckProxy`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSecurityUpdateCheckProxy)|server-config || -|passenger_show_version_in_header|未定義|[`PassengerShowVersionInHeader`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerShowVersionInHeader)|server-config || -|passenger_socket_backlog|未定義|[`PassengerSocketBacklog`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSocketBacklog)|server-config || -|passenger_spawn_method|未定義|[`PassengerSpawnMethod`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSpawnMethod)|server-config virtual-host || -|passenger_start_timeout|未定義|[`PassengerStartTimeout`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStartTimeout)|server-config virutal-host htaccess directory || -|passenger_startup_file|未定義|[`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStartupFile)|server-config virutal-host htaccess directory || -|passenger_stat_throttle_rate|未定義|[`PassengerStatThrottleRate`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStatThrottleRate)|server-config || -|passenger_sticky_sessions|未定義|[`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStickySessions)|server-config virutal-host htaccess directory || -|passenger_sticky_sessions_cookie_name|未定義|[`PassengerStickySessionsCookieName`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStickySessionsCookieName)|server-config virutal-host htaccess directory || -|passenger_thread_count|未定義|[`PassengerThreadCount`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerThreadCount)|server-config virutal-host htaccess directory || -|passenger_use_global_queue|未定義|PassengerUseGlobalQueue|server-config || -|passenger_user|未定義|[`PassengerUser`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerUser)|server-config virutal-host directory || -|passenger_user_switching|未定義|[`PassengerUserSwitching`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerUserSwitching)|server-config || -|rack_auto_detect|未定義|RackAutoDetect|server-config |これらのオプションは、バージョン4.0.0で最適化の一環として削除されました。代わりにPassengerEnabledを使用してください。| -|rack_autodetect|未定義|n/a||| -|rack_base_uri|未定義|RackBaseURI|server-config |3.0.0で廃止され、PassengerBaseURIが採用されました。| -|rack_env|未定義|[`RackEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#RackEnv)|server-config virutal-host htaccess directory || -|rails_allow_mod_rewrite|未定義|RailsAllowModRewrite|server-config |このオプションは、バージョン4.0.0以降では何の影響も与えません。| -|rails_app_spawner_idle_time|未定義|RailsAppSpawnerIdleTime|server-config |このオプションはバージョン4.0.0で削除され、PassengerMaxPreloaderIdleTimeに置き換えられました。| -|rails_auto_detect|未定義|RailsAutoDetect|server-config |これらのオプションは、バージョン4.0.0で最適化の一環として削除されました。代わりにPassengerEnabledを使用してください。| -|rails_autodetect|未定義|n/a||| -|rails_base_uri|未定義|RailsBaseURI|server-config |3.0.0で廃止され、PassengerBaseURIが採用されました。| -|rails_default_user|未定義|RailsDefaultUser|server-config |3.0.0で廃止され、PassengerDefaultUserが採用されました。| -|rails_env|未定義|[`RailsEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#RailsEnv)|server-config virutal-host htaccess directory || -|rails_framework_spawner_idle_time|未定義|RailsFrameworkSpawnerIdleTime|server-config |このオプションはバージョン4.0.0では使用できません。フレームワークスポーンも同時に削除されたので、代わりのオプションはありません。スマートスポーンを使用してください。| -|rails_ruby|未定義|RailsRuby|server-config |3.0.0で廃止され、PassengerRubyが採用されました。| -|rails_spawn_method|未定義|RailsSpawnMethod|server-config |3.0.0で廃止され、PassengerSpawnMethodが採用されました。| -|rails_user_switching|未定義|RailsUserSwitching|server-config |3.0.0で廃止され、PassengerUserSwitchingが採用されました。| -|wsgi_auto_detect|未定義|WsgiAutoDetect|server-config |これらのオプションは、バージョン4.0.0で最適化の一環として削除されました。代わりにPassengerEnabledを使用してください。| - - -##### クラス: `apache::mod::ldap` - -[`mod_ldap`][]をインストールして設定し、[`LDAPTrustedGlobalCert`](https://httpd.apache.org/docs/current/mod/mod_ldap.html#ldaptrustedglobalcert)ディレクティブの修正を可能にします。 - -``` puppet -class { 'apache::mod::ldap': - ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt', - ldap_trusted_global_cert_type => 'CA_DER', - ldap_trusted_mode => 'TLS', - ldap_shared_cache_size => '500000', - ldap_cache_entries => '1024', - ldap_cache_ttl => '600', - ldap_opcache_entries => '1024', - ldap_opcache_ttl => '600', -} -``` - -**パラメータ**  - -* `apache_version`: インストールされたApacheバージョンを指定します。 - - デフォルト値: `undef`。 - -* `ldap_trusted_global_cert_file`: LDAPサーバ上でSSLまたはTLS接続を確立する際に使用する、信頼できるCA証明書のパスとファイル名を指定します。 - -* `ldap_trusted_global_cert_type`:グローバルな信頼できる証明書フォーマットを指定します。 - - デフォルト値: 'CA_BASE64'。 - -* `ldap_trusted_mode`: LDAPサーバ接続時に使用されるSSL/TLSモードを指定します。 - -* `ldap_shared_cache_size`: 共有されたメモリのキャッシュのサイズをバイトで指定します。 - -* `ldap_cache_entries`: 一次LDAPキャッシュのエントリの最大数を指定します。 - -* `ldap_cache_ttl`: キャッシュされたアイテムが有効に保たれる時間を秒数で指定します。 - -* `ldap_opcache_entries`: LDAP比較演算のキャッシュに用いるエントリ数を指定します。 - -* `ldap_opcache_ttl`: 演算キャッシュのエントリが有効に保たれる時間を秒数で指定します。 - -* `package_name`: カスタムパッケージ名を指定します。 - - デフォルト値: `undef`。 - -##### クラス: `apache::mod::negotiation` - -[`mod_negotiation`][]をインストールして設定します。 - -**パラメータ**:  - -* `force_language_priority`: `ForceLanguagePriority`オプションを設定します。 - - 値: 文字列。  - - デフォルト値: `Prefer Fallback`。 - -* `language_priority`: モジュールの`LanguagePriority`オプションを設定するための言語の[配列][]。 - - デフォルト値: ['en'、'ca'、cs'、'da'、'de'、'el'、'eo'、'es'、'et'、'fr'、'he'、'hr'、'it'、'ja'、'ko'、'ltz'、'nl'、'nn'、'no'、'pl'、'pt'、'pt-BR'、'ru'、'sv'、'zh-CN'、'zh-TW']。 - -##### クラス: `apache::mod::nss` - -NSS暗号化ライブラリを使用するApacheのSSLプロバイダ。 - -**パラメータ:** - -- `transfer_log`: access.logのパス。 -- `error_log`: error.logのパス。 -- `passwd_file`: NSSPassPhraseDialogディレクティブに使用するファイルのパス。 -- `port`: SSLポート。デフォルト値8443。 - -##### クラス: `apache::mod::pagespeed` - -[`mod_pagespeed`][]をインストールして管理します。これは、Webページをリライトして冗長性と帯域を軽減するためのGoogleモジュールです。 - -このapacheモジュールには`mod-pagespeed-stable`が必要ですが、Puppetはパッケージを自動的にインストールするために必要なソフトウェアを管理**しません**。パッケージがインストールされていないか、お使いのパッケージマネージャで使用できない場合にこのクラスを宣言すると、Puppet実行は失敗します。 - -> **注意:** お使いのシステムが最新のGoogle Pagespeed要件を満たしていることを確認してください。 - -**パラメータ**:  - -以下のパラメータはモジュールのディレクティブに相当します。詳細については、[モジュールのドキュメント][`mod_pagespeed`]を参照してください。 - -* `inherit_vhost_config`: デフォルト値: 'on'。 -* `filter_xhtml`: デフォルト値: `false`。 -* `cache_path`: デフォルト値: '/var/cache/mod_pagespeed/'。 -* `log_dir`: デフォルト値: '/var/log/pagespeed'。 -* `memcache_servers`: デフォルト値: []。 -* `rewrite_level`: デフォルト値: 'CoreFilters'。 -* `disable_filters`: デフォルト値: []。 -* `enable_filters`: デフォルト値: []。 -* `forbid_filters`: デフォルト値: []。 -* `rewrite_deadline_per_flush_ms`: デフォルト値: 10。 -* `additional_domains`: デフォルト値: `undef`。 -* `file_cache_size_kb`: デフォルト値: 102400。 -* `file_cache_clean_interval_ms`: デフォルト値: 3600000。 -* `lru_cache_per_process`: デフォルト値: 1024。 -* `lru_cache_byte_limit`: デフォルト値: 16384。 -* `css_flatten_max_bytes`: デフォルト値: 2048。 -* `css_inline_max_bytes`: デフォルト値: 2048。 -* `css_image_inline_max_bytes`: デフォルト値: 2048。 -* `image_inline_max_bytes`: デフォルト値: 2048。 -* `js_inline_max_bytes`: デフォルト値: 2048。 -* `css_outline_min_bytes`: デフォルト値: 3000。 -* `js_outline_min_bytes`: デフォルト値: 3000。 -* `inode_limit`: デフォルト値: 500000。 -* `image_max_rewrites_at_once`: デフォルト値: 8。 -* `num_rewrite_threads`: デフォルト値: 4。 -* `num_expensive_rewrite_threads`: デフォルト値: 4。 -* `collect_statistics`: デフォルト値: 'on'。 -* `statistics_logging`: デフォルト値: 'on'。 -* `allow_view_stats`: デフォルト値: []。 -* `allow_pagespeed_console`: デフォルト値: []。 -* `allow_pagespeed_message`: デフォルト値: []。 -* `message_buffer_size`: デフォルト値: 100000。 -* `additional_configuration`: ディレクティブ値ペアのハッシュ、またはpagespeed設定の最後に挿入する行の配列。デフォルト値: '{ }'。 - -##### クラス: `apache::mod::passenger`  - -`mod_passenger`をインストールして設定します。 - ->**注意**: passengerモジュールは、EPELにより提供される依存関係パッケージと`mod_passengers`カスタムリポジトリがなければ、RH/CentOSでは使用できません。前述の`manage_repo`パラメータと[https://www.phusionpassenger.com/library/install/apache/install/oss/el7/]()を参照してください。 - -**パラメータ**:  - -* `passenger_conf_file`: `$::apache::params::passenger_conf_file` -* `passenger_conf_package_file: `$::apache::params::passenger_conf_package_file` -* `passenger_high_performance`: デフォルト値: `undef` -* `passenger_pool_idle_time`: デフォルト値: `undef` -* `passenger_max_request_queue_size`: デフォルト値: `undef` -* `passenger_max_requests`: デフォルト値: `undef` -* `passenger_spawn_method`: デフォルト値: `undef` -* `passenger_stat_throttle_rate`: デフォルト値: `undef` -* `rack_autodetect`: デフォルト値: `undef` -* `rails_autodetect`: デフォルト値: `undef` -* `passenger_root` : `$::apache::params::passenger_root` -* `passenger_ruby` : `$::apache::params::passenger_ruby` -* `passenger_default_ruby`: `$::apache::params::passenger_default_ruby` -* `passenger_max_pool_size`: デフォルト値: `undef` -* `passenger_min_instances`: デフォルト値: `undef` -* `passenger_max_instances_per_app`: デフォルト値: `undef` -* `passenger_use_global_queue`: デフォルト値: `undef` -* `passenger_app_env`: デフォルト値: `undef` -* `passenger_log_file`: デフォルト値: `undef` -* `passenger_log_level`: デフォルト値: `undef` -* `passenger_data_buffer_dir`: デフォルト値: `undef` -* `manage_repo`: phusionpassenger.comリポジトリを管理するかどうか。デフォルト値: `true` -* `mod_package`: デフォルト値: `undef` -* `mod_package_ensure`: デフォルト値: `undef` -* `mod_lib`: デフォルト値: `undef` -* `mod_lib_path`: デフォルト値: `undef` -* `mod_id`: デフォルト値: `undef` -* `mod_path`: デフォルト値: `undef` - -##### クラス: `apache::mod::proxy` - -I`mod_proxy`をインストールし、`proxy.conf.erb`テンプレートを使用して設定を生成します。 - -**`apache::mod::proxy`内のパラメータ**: - -- `allow_from`: デフォルト値: `undef` -- `apache_version`: デフォルト値: `undef` -- `package_name`: デフォルト値: `undef` -- `proxy_requests`: デフォルト値: 'Off' -- `proxy_via`: デフォルト値: 'On' - -##### クラス: `apache::mod::proxy_balancer` - -ロードバランシングを提供する[`mod_proxy_balancer`][]をインストールして管理します。 - -**パラメータ**:  - -* `manager`: バランサマネージャのサポートを有効にするかどうかを決定します。 - - デフォルト値: `false`。 - -* `manager_path`: バランサマネージャのサーバロケーション。 - - デフォルト値: '/balancer-manager'。 - -* `allow_from`: `/balancer-manager`にアクセスできるIPv4またはIPv6アドレスの[配列][]。 - - デフォルト値: ['127.0.0.1','::1']。  - -* `apache_version`: 文字列で表されるApacheのバージョン番号、'2.2'や'2.4'など。  - - デフォルト値: [`$::apache::apache_version`][`apache_version`]の値。Apache 2.4以上では、`mod_slotmem_shm`がロードされます。 - -##### クラス: `apache::mod::php` - -[`mod_php`][]をインストールして設定します。 - -**パラメータ**:  - -以下のパラメータのデフォルト値は、オペレーティングシステムによって異なります。このクラスのパラメータのほとんどは、`mod_php`ディレクティブに相当します。詳細については、[モジュールのドキュメント][`mod_php`]を参照してください。 - -* `package_name`: `mod_php`をインストールするパッケージの名前。 -* `path`: `mod_php`共有オブジェクト(`.so`)ファイルのパスを定義します。 -* `source`: デフォルト設定のパスを定義します。値には`puppet:///`パスが含まれます。 -* `template`: Puppetが設定ファイルの生成に使用する`php.conf`テンプレートのパスを定義します。 -* `content`: `php.conf`に任意のコンテンツを追加します。 - -##### クラス: `apache::mod::proxy_html` - -**注意**: `mod_proxy_html`に関して提供されている公式なパッケージはありません。そのため、apacheモジュールの外部から使用できるようにする必要があります。 - -##### クラス: `apache::mod::python` - -[`mod_python`][]をインストールして設定します。 - -**パラメータ**  - -* `loadfile_name`: pythonモジュールのロードに使用される設定ファイルの名前を指定します。 - -##### クラス: `apache::mod::reqtimeout` - -[`mod_reqtimeout`][]をインストールして設定します。 - -**パラメータ**  - -* `timeouts`: [`RequestReadTimeout`][]オプションを設定します。 - - 値: 文字列または[配列][]。 - - デフォルト値: ['header=20-40,MinRate=500', 'body=20,MinRate=500']。 - -##### クラス: `apache::mod::rewrite` - -Apacheモジュール`mod_rewrite`をインストールして有効にします。 - -##### クラス: `apache::mod::shib` - -[Shibboleth](http://shibboleth.net/) Apacheモジュール`mod_shib`をインストールします。このモジュールは、Shibboleth認証プロバイダおよびShibboleth FederationsによるSAML2シングルサインオン(SSO)認証を有効にするものです。このクラスを定義すると、`apache::vhost`インスタンス内でShibboleth固有のパラメータが有効になります。 - -このクラスでインストールおよび設定されるのは、Shibboleth SSO認証をコンシュームするWebアプリケーションのApacheコンポーネントのみです。PuppetでShibboleth設定を手動で管理することも、[Shibboleth Puppetモジュール](https://github.com/aethylred/puppet-shibboleth)を使用することもできます。 - -**注意**: shibbolethモジュールは、Shibbolethのリポジトリにより提供される依存関係パッケージがなければ、RH/CentOSでは使用できません。[Shibboleth Service Provider Installation Guide](http://wiki.aaf.edu.au/tech-info/sp-install-guide)を参照してください。 - -##### クラス: `apache::mod::ssl` - -[Apache SSL機能][`mod_ssl`]をインストールし、`ssl.conf.erb`テンプレートを使用して設定を生成します。ほとんどのオペレーティングシステムでは、この`ssl.conf`はモジュール設定ディレクトリに置かれています。Red Hatベースのオペレーティングシステムでは、このファイルは`/etc/httpd/conf.d`にあります。これは、RPMが設定を保存するのと同じロケーションです。 - -バーチャルホストでSSLを使用するには、`::apache`の[`default_ssl_vhost`][]パラメータを`true`に設定する**か**、[`apache::vhost`][]の[`ssl`][]パラメータを`true`に設定する必要があります。 - -- `ssl_cipher`: デフォルト値: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4' -- `ssl_compression`: デフォルト値: false -- `ssl_cryptodevice`: デフォルト値: 'builtin' -- `ssl_honorcipherorder`: デフォルト値: true -- `ssl_openssl_conf_cmd`: デフォルト値: undef -- `ssl_cert`: デフォルト値: undef。 -- `ssl_key`: デフォルト値: undef。 -- `ssl_options`: デフォルト値: ['StdEnvVars'] -- `ssl_pass_phrase_dialog`: デフォルト値: 'builtin' -- `ssl_protocol`: デフォルト値: ['all', '-SSLv2', '-SSLv3']。 -- `ssl_proxy_protocol`: デフォルト値: [] -- `ssl_random_seed_bytes`: 有効なオプション: 文字列、デフォルト値: '512' -- `ssl_sessioncache`: 有効なオプション: 文字列。デフォルト値: '300' -- `ssl_sessioncachetimeout`: 有効なオプション: 文字列。デフォルト値: '300' -- `ssl_mutex`: デフォルト値: OSによって異なります。有効なオプション: [mod_ssl][mod_ssl]ドキュメントを参照 - - RedHat/FreeBSD/Suse/Gentoo: 'default' - - Debian/Ubuntu + Apache >= 2.4: 'default' - - Debian/Ubuntu + Apache < 2.4: 'file:\${APACHE_RUN_DIR}/ssl_mutex' -**パラメータ: - -* `ssl_cipher` - - デフォルト値: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4' - -* `ssl_compression` - - デフォルト値: `false`。 - -* `ssl_cryptodevice` - - デフォルト値: 'builtin'  - -* `ssl_honorcipherorder` - - デフォルト値: `true`。 - -* `ssl_openssl_conf_cmd` - - デフォルト値: `undef`。 - -* `ssl_cert` - - デフォルト値: `undef`。 - -* `ssl_key` - - デフォルト値: `undef`。 - -* `ssl_options` - - デフォルト値: ['StdEnvVars'] - -* `ssl_pass_phrase_dialog` - - デフォルト値: 'builtin'  - -* `ssl_protocol` - - デフォルト値: ['all', '-SSLv2', '-SSLv3'] - -* `ssl_random_seed_bytes` - - 値: 文字列。  - - デフォルト値: '512' - -* `ssl_sessioncachetimeout` - - 値: 文字列。  - - デフォルト値: '300' - -* `ssl_mutex`: - - 値: [mod_ssl][mod_ssl]ドキュメントを参照。 - - デフォルト値: OSによって異なります: - - * RedHat/FreeBSD/Suse/Gentoo: 'default'. - * Debian/Ubuntu + Apache >= 2.4: 'default'. - * Debian/Ubuntu + Apache < 2.4: 'file:\${APACHE_RUN_DIR}/ssl_mutex'. - * Ubuntu 10.04: 'file:/var/run/apache2/ssl_mutex'. - - -##### クラス: `apache::mod::status` - -[`mod_status`][]をインストールし、`status.conf.erb`テンプレートを使用して設定を生成します。 - -**パラメータ**:  - -* `allow_from`: `/server-status`にアクセスできるIPv4またはIPv6アドレスの[配列][]。 - - デフォルト値: ['127.0.0.1','::1']。  - -* Apacheバージョン2.4以降の`mod_authz_host` ディレクティブ(`require ip`、`require host`など)を使用して、アクセスできる/できないIPまたは名前の文字列、[配列][]、または[ハッシュ][]。このパラメータは、以下のいずれかの構成で指定します。 - - > Apacheバージョンが2.4以降の場合のみ使用 - - - `undef` - `allow_from` および古いディレクティブ構文(`Allow from `)を使用し、廃止予定の警告を通知します。 - - String - - `''`または`'unmanaged'` - authディレクティブなし(アクセス制御は別の方法で実施) - - `'ip '` - `/server-status`にアクセスできるIP/範囲 - - `'host '` - `/server-status`にアクセスできる名前/ドメイン - - `'all [granted|denied]'` - すべてのユーザを許可/ブロック - - 配列 - 各要素には上記のいずれかの文字列が入ります。配列要素ごとに1つのディレクティブになります。 - - 以下の構造を持つハッシュ(キー => 値の形式で表示、キーは文字列) - - `'requires'` => 上記に従った配列 - 配列と同じ作用 - - `'enforce'` => `'Any'`、`'All'`、`'None'`のいずれかの文字列(任意指定) - `'requires'`キーで指定されたすべてのディレクティブを``ブロックで囲みます。 - - デフォルト値: 'ip 127.0.0.1 ::1' - -* `extended_status`: [`ExtendedStatus`][]ディレクティブをつうじて、各リクエストに関する拡張ステータス情報を追跡するかどうかを決定します。 - - 値: 'Off'、'On'。 - - デフォルト値: 'On'。 - -* `status_path`: ステータスページのサーバロケーション。 - - デフォルト値: '/server-status'。 - -##### クラス: `apache::mod::userdir` - -`http://example.com/~user/`構文を用いて、ユーザ指定のディレクトリにアクセスできるようにします。すべてのパラメータは、[公式のApacheドキュメント](https://httpd.apache.org/docs/2.4/mod/mod_userdir.html)で見られます。 - -**パラメータ**:  - -* `overrides`: ディレクティブタイプの[配列][]。 - - デフォルト値: ['FileInfo', 'AuthConfig', 'Limit', 'Indexes']。 - -##### クラス: `apache::mod::version` - -多くのオペレーティングシステムおよびApache構成上で[`mod_version`][]をインストールします。 - -Apache 2.4を使用するDebianおよびUbuntuが`apache::mod::version`で分類された場合は、`mod_version`がビルトインされているためロードできない旨の警告をPuppetが表示します。 - -##### クラス: `apache::mod::security` - -Trustwaveの[`mod_security`][]をインストールして設定します。これはすべてのバーチャルホストでデフォルトで有効化され、実行されます。 - -**パラメータ**:  - -* `activated_rules`: `modsec_crs_path`のルールの[配列][]またはsymlinkを使用してアクティベートする絶対値。 -* `allowed_methods`: 許可されるHTTPメソッドのスペース区切りリスト。 - - デフォルト値: 'GET HEAD POST OPTIONS'。 - -* `content_types`: 1つまたは複数の許可される[MIMEタイプ][MIME `content-type`]のリスト。 - - デフォルト値: 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf'。 - -* `crs_package`: CRSルールをインストールするパッケージの名前。 - - デフォルト値: [`apache::params`][]内の`modsec_crs_package`。 - -* `manage_security_crs`: security_crs.confルールファイルを管理します。 - - デフォルト値: `true`。 - -* `modsec_dir`: Puppetがmodsec設定およびアクティベートされたルールリンクをインストールする場所のパスを定義します。 - - デフォルト値: 'On'、[`apache::params`][]の`modsec_dir`により設定。 -${modsec\_dir}/activated\_rules。 - -* `modsec_secruleengine`: modsecルールエンジンを設定します。値: 'On'、'Off'、'DetectionOnly'。 - - デフォルト値: [`apache::params`][]の`modsec_secruleengine`。 - -* `restricted_extensions`: 禁止されるファイル拡張子のスペース区切りリスト。 - - デフォルト値: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'。 - -* `restricted_headers`: 禁止されるヘッダのスラッシュおよびスペースで区切ったリスト。 - - デフォルト値: 'Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'。 - -* `secdefaultaction`: OWASP ModSecurityコアルールセットに関して、動作モード、自己完結('deny')、コラボレーティブ検出('pass')を設定します。 - - デフォルト値: 'deny'。"log,auditlog,deny,status:406,tag:'SLA 24/7'"などの完全な値を設定することもできます。 - -* `secpcrematchlimit`: PCREライブラリのマッチ限度数を設定します。 - - デフォルト値: 1500。  - -* `secpcrematchlimitrecursion`: PCREライブラリのマッチ再帰制限数を設定します。 - - デフォルト値: 1500。  - -* `logroot`: オーディットおよびデバッグログの場所を設定します。 - - デフォルト値はApacheのログディレクトリ(Redhat: `/var/log/httpd`、Debian: `/var/log/apache2`)。 - -* `audit_log_relevant_status`: オーディットロギングの目的に関して、考慮すべき応答ステータスコードを設定します。 - - デフォルト値: '^(?:5|4(?!04))'。 - -* `audit_log_parts`: [オーディットログ][]に入れるべきセクションを設定します。 - - デフォルト値: 'ABIJDEFHZ'。 - -* `anomaly_score_blocking`: OWASP ModSecurityコアルールセットのコラボレーティブ検出ブロッキングをアクティベートまたはディアクティベートします。 - - デフォルト値: 'off'。 - -* `inbound_anomaly_threshold`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、インバウンドブロッキングルールのスコアリング閾値レベルを設定します。 - - デフォルト値: 5。  - -* `outbound_anomaly_threshold`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、アウトバウンドブロッキングルールのスコアリング閾値レベルを設定します。 - - デフォルト値: 4。  - -* `critical_anomaly_score`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、重要なセキュリティレベルのスコアリングポイントを設定します。 - - デフォルト値: 5。  - -* `error_anomaly_score`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、エラー深刻度レベルのスコアリングポイントを設定します。 - - デフォルト値: 4。  - -* `warning_anomaly_score`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、警告深刻度レベルのスコアリングポイントを設定します。 - - デフォルト値: 3。 - -* `notice_anomaly_score`: OWASP ModSecurityコアルールセットのコラボレーティブ検出モードに関して、通知深刻度レベルのスコアリングポイントを設定します。 - -デフォルト値: 2。 - -* `secrequestmaxnumargs`: リクエストの引数の最大数を設定します。 - - デフォルト値: 255。 - -* `secrequestbodylimit`: バッファリングに関してModSecurityが受け入れる最大リクエストボディサイズを設定します。 - - デフォルト値: '13107200'。 - -* `secrequestbodynofileslimit`: バッファリングに関してModSecurityが受け入れる最大リクエストボディサイズを設定します。リクエスト内でトランスポートされたファイルのサイズは除外されます。 - - デフォルト値: '131072'。 - -* `secrequestbodyinmemorylimit`: ModSecurityがメモリに保存する最大リクエストボディサイズを設定します。 - - デフォルト値: '131072'。 - -##### クラス: `apache::mod::wsgi` - -[`mod_wsgi`][]を使用したPythonサポートを有効にします。 - -**パラメータ**:  - -* `mod_path`: `mod_wsgi`共有オブジェクト(`.so`)ファイルのパスを定義します。 - - デフォルト値: `undef`。 - - * `mod_path`パラメータに`/`が含まれていない場合、Puppetではオペレーティングシステムのデフォルトのモジュールパスの先頭にこれを付加します。含まれている場合は、そのとおりに扱われます。 - -* `package_name`: `mod_wsgi`をインストールするパッケージの名前。 - - デフォルト値: `undef`。 - -* `wsgi_python_home`: '/path/to/venv'などの[`WSGIPythonHome`][]ディレクティブを定義します。 - - 値: パスを指定する文字列。  - - デフォルト値: `undef`。 - -* `wsgi_python_path`: '/path/to/venv/site-packages'などの[`WSGIPythonPath`][]ディレクティブを定義します。 - - 値: パスを指定する文字列。  - - デフォルト値: `undef`。 - -* `wsgi_restrict_embedded`: 'On'などの[`WSGIRestrictEmbedded`][]ディレクティブを定義します。 - -値: On|Off|undef。 - -デフォルト値: undef。 - -* `wsgi_socket_prefix`: "\${APACHE\_RUN\_DIR}WSGI"などの[`WSGISocketPrefix`][]ディレクティブを定義します。 - - デフォルト値: [`apache::params`][]の`wsgi_socket_prefix`。 - -このクラスのパラメータはモジュールのディレクティブに相当します。詳細については、[モジュールのドキュメント][`mod_wsgi`]を参照してください。 - -### プライベートクラス - -#### クラス: `apache::confd::no_accf` - -FreeBSDの Apache 2.4で必要とされる`no-accf.conf`設定ファイルを`conf.d`内に作成します。 - -#### クラス: `apache::default_confd_files` - -FreeBSDに`conf.d`を含めます。 - -#### クラス: `apache::default_mods` - -デフォルト設定の実行に必要なApacheモジュールをインストールします。詳細については、`apache`クラスの[`default_mods`][]パラメータを参照してください。 - -#### クラス: `apache::package` - -基本のApacheパッケージをインストールして設定します。 - -#### クラス: `apache::params` - -各種のオペレーティングシステムのApacheパラメータを管理します。 - -#### クラス: `apache::service` - -Apacheデーモンを管理します。 - -#### クラス: `apache::version` - -オペレーティングシステムに基づき、Apacheバージョンの自動検出を試みます。 - -##### Red Hat Software Collections (SCL) - -CentOS/RHELのSoftware Collectionsでは、新しいApacheおよびPHPに加え、他のパッケージも使用できます。 - -`scl_httpd_version`が設定されている場合、Apache Httpdは[Software Collections](https://www.softwarecollections.org/en/)からインストールされます。 - -`scl_httpd_version`が設定されている場合、PHPをインストールする予定がない場合でも`scl_php_version`を設定する必要があります。 - -リポジトリはこのモジュールではまだ管理されていません。CentOSでは、`centos-release-scl-rh`パッケージをインストールすることでリポジトリを有効にできます。 - -##### `scl_httpd_version` - -Red Hat Software Collections (SCL)を使用してインストールされるhttpdのバージョン。CentOSおよびRHELのコレクションでは、新しいApacheおよびPHPパッケージを使用できます。 - -`scl_httpd_version`を設定すると、Apache httpdは[Software Collections](https://www.softwarecollections.org/en/)からインストールされます。 - -`scl_httpd_version`を設定した場合、PHPをインストールする予定がない場合でも`scl_php_version`を設定する必要があります。 - -SCLリポジトリはこのモジュールではまだ管理されていません。CentOSでは、`centos-release-scl-rh`パッケージをインストールすることでリポジトリを有効にできます。 - -有効な値: インストールするhttpdのバージョンを指定する文字列。例えば、Apache 2.4の場合は'2.4'を指定します。 - -デフォルト値: undef。 - -##### `scl_php_version` - -Red Hat Software Collections (SCL)を使用してインストールするhttpdのバージョン。CentOSおよびRHELのコレクションでは、新しいApacheおよびPHPのパッケージを使用できます。 - -`scl_php_version`を設定すると、PHPは[Software Collections](https://www.softwarecollections.org/en/)からインストールされます。 - -SCLリポジトリはこのモジュールではまだ管理されていません。CentOSでは、`centos-release-scl-rh`パッケージをインストールすることでリポジトリを有効にできます。 - -有効な値: インストールするPHPのバージョンを指定する文字列。例えば、PHP 7.1の場合は'7.1'を指定します。 - -デフォルト値: undef。 - -### パブリック定義タイプ  - -#### 定義タイプ: `apache::balancer` - -[`mod_proxy`][]を用いて、Apacheロードバランシンググループ(バランサクラスタとも呼ばれます)を作成します。各ロードバランシンググループには、1つ以上のバランサメンバーが必要です。これは、 [`apache::balancermember`][]定義タイプによりPuppet内で宣言することができます。 - -各Apacheロードバランシンググループにつき、1つの`apache::balancer`定義タイプを宣言します。すべてのバランサメンバーについて`apache::balancermember`定義タイプをエクスポートし、[エクスポートリソース][]を用いて単一のApacheロードバランササーバで収集することもできます。 - -**パラメータ**:  - -##### `name` - -バランサクラスタのタイトルと、その設定を含む`conf.d`の名前を設定します。 - -##### `proxy_set` - -キー‐値ペアを[`ProxySet`][]行として設定します。値: [ハッシュ][]。 - -デフォルト値: '{}'。 - -##### `options` - -バランサURLの後に[オプション](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember)の[配列][]を指定します。[`ProxyPass`][]で使用可能な任意のキー-値ペアを使用できます。 - -デフォルト値: []。  - -##### `collect_exported` - -[エクスポートリソース][]を使用するかどうかを決定します。 - -すべてのバックエンドサーバを静的に宣言する場合は、このパラメータを`false`に設定し、宣言済みの既存のバランサメンバーリソースに依存するようにします。また、[配列][]引数とともに`apache::balancermember`を使用します。 - -中央ノードで収集したエクスポートリソースを使用してバックエンドサーバを動的に宣言するには、このパラメータを`true`に設定し、バランサメンバーノードによりエクスポートされたバランサメンバーリソースを収集します。 - -エクスポートリソースを使用しない場合は、1回のPuppet実行ですべてのバランサメンバーが設定されます。エクスポートリソースを使用する場合は、まずバランシングしたノードについてPuppetを実行し、次にバランサで実行する必要があります。 - -ブーリアン。 - -デフォルト値: `true`。 - -#### 定義タイプ: `apache::balancermember` - -[`mod_proxy_balancer`][]のメンバーを定義します。これにより、ロードバランサの`apache.cfg`内でリッスンするサービス設定ブロック内のバランサメンバーが設定されます。 - -**パラメータ**:  - -##### `balancer_cluster` - -**必須**。  - -Apacheサービスのインスタンス名を設定します。宣言された[`apache::balancer`][]リソースの名前と一致する必要があります。 - -##### `url` - -バランサメンバーサーバとの連絡に使用するURLを指定します。 - -デフォルト値: 'http://${::fqdn}/'。 - -##### `options` - -URL後に[オプション](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember)の[配列][]を指定します。[`ProxyPass`][]で使用可能な任意のキー-値ペアを使用できます。 - -デフォルト値: 空配列。  - -#### 定義タイプ: `apache::custom_config` - -Apacheサーバの`conf.d`ディレクトリにカスタム設定ファイルを追加します。このファイルが無効で、この定義タイプの[`verify_config`][]パラメータの値が`true`になっている場合は、Puppet実行時にエラーが生じます。 - -**パラメータ**:  - -##### `ensure` - -設定ファイルが存在するべきかどうかを指定します。 - -値: 'absent'、'present'。  - -デフォルト値: 'present'。  - -##### `confdir`  - -Puppetが設定ファイルを置くディレクトリを設定します。 - -デフォルト値: [`$::apache::confd_dir`][`confd_dir`]の値。 - -##### `content` - -設定ファイルのコンテンツを設定します。`content`および[`source`][]パラメータは、相互排他的な関係にあります。 - -デフォルト値: `undef`。  - -##### `filename` - -Puppetが設定を保存する`confdir`下のファイル名を設定します。 - -デフォルト値: `priority`パラメータから生成したファイル名およびリソース名。 - -##### `priority` - -Apacheでは設定ファイルがアルファベット順に処理されるため、ファイル名の先頭にこのパラメータの数値を付加することで、設定ファイルの優先順位を設定します。 - -設定ファイル名の優先順位の接頭値を無視するには、このパラメータを`false`に設定します。 - -デフォルト値: '25'。 - -##### `source` - -設定ファイルのソースを指します。[`content`][]および`source`パラメータは互いに排他的です。 - -デフォルト値: `undef`。  - -##### `verify_command` - -Puppetが設定ファイルの確認に用いるコマンドを指定します。完全修飾コマンドを使用してください。 - -このパラメータは、[`verify_config`][]パラメータの値が`true`になっている場合にのみ使用されます。`verify_command`が失敗すると、Puppet実行により設定ファイルが削除されてエラーが生じますが、Apacheサービスには通知されません。 - -デフォルト値: '/usr/sbin/apachectl -t'。 - -##### `verify_config` - -Apacheサービスに通知する前に設定ファイルのバリデーションを行うかどうかを指定します。 - -ブーリアン。 - -デフォルト値: `true`。 - -#### 定義タイプ: `apache::fastcgi::server` - -特定のファイルタイプを処理する1つまたは複数の外部FastCGIサーバを定義します。この定義タイプは、[`mod_fastcgi`][FastCGI]とともに使用します。 - -**パラメータ**  - -##### `host` - -FastCGIのホスト名またはIPアドレスおよびTCPポート番号(1-65535)を決定します。 - -デフォルト値: '127.0.0.1:9000'。 - -##### `timeout` - -リクエストが中止され、エラーLogLevelにイベントが記録されるまでに、[FastCGI][]アプリケーションが非アクティブの状態で待機する秒数を設定します。この非アクティブタイマーは、FastCGIアプリケーションとの接続が待機中の場合のみ適用されます。アプリケーションの待ち行列に入ったリクエストに対して時間内に記述やフラッシュによる応答がないと、リクエストは中止されます。アプリケーションとの通信は完了したものの、クライアントとの通信が完了しなかった(応答がバッファリングされた)場合は、タイムアウトは適用されません。 - -デフォルト値: 15。 - -##### `flush` - -アプリケーションから受信したデータを、強制的に[`mod_fastcgi`][FastCGI]がクライアントに書き込みます。デフォルトでは、アプリケーションをできるだけ早くフリーな状態にするために、`mod_fastcgi`はデータをバッファリングします。 - -デフォルト値: `false`。 - -##### `faux_path` - -Apacheには、このファイル名を決定するURIを処理する[FastCGI][]があります。このパラメータで設定されたパスは、ローカルのファイルシステムに存在する必要はありません。 - -デフォルト値: "/var/www/${name}.fcgi"。 - -##### `alias` - -FastCGIサーバとアクションを内部でリンクします。このエイリアスは一意である必要があります。 - -デフォルト値: "/${name}.fcgi"。 - -##### `file_type` - -FastCGIサーバにより処理するファイルの[MIME `content-type`][]を設定します。 - -デフォルト値: 'application/x-httpd-php'。 - -#### 定義タイプ: `apache::listen` - -Apacheサーバまたはバーチャルホストのリッスンするアドレスとポートを定義する、Apache設定ディレクトリの`ports.conf`に、[`Listen`][]ディレクティブを追加します。[`apache::vhost`][]クラスはこの定義タイプを使用します。タイトルは ``、`:`、または`:`の形式をとります。 - -#### 定義タイプ: `apache::mod` - -対応する[`apache::mod::`][]クラスを持たないApacheモジュール用のパッケージをインストールし、Apacheサーバの`module`および`enable`ディレクトリ内で、モジュールのデフォルト設定ファイルを確認または配置します。デフォルトのロケーションは、オペレーティングシステムによって異なります。 - -**パラメータ**:  - -##### `package` - -**必須**。  - -PuppetがApacheモジュールのインストールに使用するパッケージの名前。 - -デフォルト値: `undef`。 - -##### `package_ensure` - -Apacheモジュールをインストールの必要性をPuppetが確認するかどうかを決定します。 - -値: 'absent'、'present'。  - -デフォルト値: 'present'。  - -##### `lib` - -モジュールの共有オブジェクト名を定義します。特別な理由がない限り、手動で設定しないでください。 - -デフォルト値: `mod_$name.so`。 - -##### `lib_path` - -モジュールのライブラリのパスを指定します。特別な理由がない限り、手動で設定しないでください。[`path`][]パラメータは、この値をオーバーライドします。 - -デフォルト値: `apache`クラスの[`lib_path`][]パラメータ。 - - -##### `loadfile_name` - -モジュールの[`LoadFile`][]ディレクティブのファイル名を設定します。Apacheの処理はアルファベット順に行われるため、ファイル名によってモジュールのロード順序も設定できます。 - -値: `\*.load`の形式のファイル名。 - -デフォルト値: '$name.load'のように、リソース名の後に'load'をつけた値。 - -##### `loadfiles` - -[`LoadFile`][]ディレクティブの配列を指定します。 - -デフォルト値: `undef`。 - -##### `path` - -モジュールのパスを指定します。特別な理由がない限り、このパラメータは手動で設定しないでください。 - -デフォルト値: [`lib_path`][]/[`lib`][]。 - -#### 定義タイプ: `apache::namevirtualhost` - -[名前ベースのバーチャルホスト][]を有効にし、Apache HTTPD設定ディレクトリの `ports.conf`ファイルに関連するすべてのディレクティブを追加します。タイトルは、'\*'、'\*:\'、'\_default\_:\、'\'、または'\:\'の形式をとることができます。 - -#### 定義タイプ: `apache::vhost` - -apacheモジュールでは、バーチャルホストのセットアップと設定に関して、かなりの柔軟性が認められています。この柔軟性の一部は、定義リソースタイプの`vhost`によるものです。これを使えば、さまざまなパラメータを用いて、Apacheを何度も検証することができます。 - -`apache::vhost`定義タイプを使えば、デフォルトの範囲外の要件を持つバーチャルホストについて、特別な設定をすることができます。基本の`::apache`クラス内でデフォルトのバーチャルホストを設定することも、カスタマイズしたバーチャルホストをデフォルトとして設定することもできます。カスタマイズしたバーチャルホストの[`priority`][]の数値は基本のクラスよりも小さくなるため、Apacheはカスタマイズしたバーチャルホストを先に処理します。 - -`apache::vhost`定義タイプでは、`concat::fragment`を使用して設定ファイルを構築します。定義タイプがもともとサポートしていない設定の要素についてカスタムフラグメントを挿入するには、カスタムフラグメントをひとつずつ追加します。 - -`apache::vhost`定義タイプでは、カスタムフラグメントの`order`パラメータについては10の倍数が使用されるため、10の倍数ではない`order`が機能します。 - -> **Note:** `apache::vhost`を作成するとき、`default`または`default-ssl`を指定することはできません。これはこの属性を持つvhostsが常にモジュールによって管理されるためです。これは`Apache::Vhost['default']`または`Apache::Vhost['default-ssl]`リソースを上書きできないことを意味します。 オプションの回避策として、`my default`などの別の名前のvhostを作成して、`default`および`default_ssl`が`false`に設定されていることを確認します。 - -``` -class { 'apache': - default_vhost => false - default_ssl_vhost => false, -} -``` - -**パラメータ**:  - -##### `access_log` - -`*_access.log`ディレクティブ(`*_file`,`*_pipe`または`*_syslog`)を設定するかどうかを決定します。 - -ブーリアン。 - -デフォルト値: `true`。 - -##### `access_log_env_var` - -特定の環境変数を持つリクエストのみをロギングするように指定します。 - -デフォルト値: `undef`。 - -##### `access_log_file` - -[`logroot`][]に置く`*_access.log`のファイル名を設定します。バーチャルホスト---例えばexample.comなど---を与えると、[SSL暗号化][SSL暗号化]バーチャルホストの場合はデフォルト値が'example.com_ssl.log'、暗号化されていないバーチャルホストの場合は'example.com_access.log'になります。 - -デフォルト値: `false`。 - -##### `access_log_format` - -アクセスログに、[`LogFormat`][]のニックネームかカスタムフォーマットの文字列のいずれを使うかを指定します。 - -デフォルト値: 'combined'。 - -##### `access_log_pipe` - -Apacheがアクセスログメッセージを送信するパイプを指定します。 - -デフォルト値: `undef`。 - -##### `access_log_syslog` - -すべてのアクセスログメッセージをsyslogに送ります。 - -デフォルト値: `undef`。 - -##### `add_default_charset` - -[`AddDefaultCharset`][]ディレクティブのデフォルトのメディア文字セット値を設定します。これは`text/plain`および`text/html`応答に追加されます。 - -デフォルト値: `undef`。 - -##### `add_listen` - -バーチャルホストが[`Listen`][]ステートメントを作成するかどうかを決定します。 - -`add_listen`を`false`に設定すると、バーチャルホストは`Listen`ステートメントを作成しません。これは、`ip`パラメータを渡されていないバーチャルホストと渡されているバーチャルホストを組み合わせる場合に重要となります。 - -ブーリアン。 - -デフォルト値: `true`。 - -##### `use_optional_includes` - -Apache 2.4以降の`additional_includes`について、Apacheが[`Include`][]の代わりに[`IncludeOptional`][]ディレクティブを使うかどうかを指定します。 - -ブーリアン。 - -デフォルト値: `false`。 - -##### `additional_includes` - -追加の静的なバーチャルホスト固有のApache設定ファイルのパスを指定します。このパラメータを使えば、このモジュールでサポートされていない固有のカスタム設定を実装することができます。 - -値: パスを指定する文字列また文字列の[配列][]。 - -デフォルト値: 空配列。  - -##### `aliases` - -[ハッシュ][ハッシュ]のリストをバーチャルホストに渡し、[`mod_alias`][]ドキュメントに従って[`Alias`][]、[`AliasMatch`][]、[`ScriptAlias`][]、または[`ScriptAliasMatch`][]ディレクティブを作成します。 - -例:  - -``` puppet -aliases => [ - { aliasmatch => '^/image/(.*)\.jpg$', - path => '/files/jpg.images/$1.jpg', - }, - { alias => '/image', - path => '/ftp/pub/image', - }, - { scriptaliasmatch => '^/cgi-bin(.*)', - path => '/usr/local/share/cgi-bin$1', - }, - { scriptalias => '/nagios/cgi-bin/', - path => '/usr/lib/nagios/cgi-bin/', - }, - { alias => '/nagios', - path => '/usr/share/nagios/html', - }, -], -``` - -`alias`、`aliasmatch`、`scriptalias`、`scriptaliasmatch`キーを機能させるには、``、``などの、それぞれに対応するコンテキストが必要です。Puppetは`aliases`パラメータで指定された順序でディレクティブを作成します。[`mod_alias`][]ドキュメントにもあるように、シャドーイングを避けるため、まず具体性の高い`alias`、`aliasmatch`、`scriptalias`、`scriptaliasmatch`パラメータを追加してから、全般的なパラメータを追加してください。 - -> **注意**: `scriptaliases`パラメータの代わりに`aliases`パラメータを使用すれば、各種のエイリアスディレクティブの順序を正確に制御できます。`scriptaliases`パラメータを使って`ScriptAliases`を定義すると、すべての*`Alias`ディレクティブの後に*すべての*`ScriptAlias`ディレクティブが*処理されます。これは`Alias`ディレクティブによる`ScriptAlias`ディレクティブのシャドーイングにつながり、多くの場合、問題が生じます。例えば、Nagiosに関する問題が生じる可能性があります。 - -I[`apache::mod::passenger`][]がロードされ、`PassengerHighPerformance`が`true`になっている場合、`Alias`ディレクティブが`PassengerEnabled => off`ステートメントを履行できない可能性があります。詳細については、[この記事](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html)を参照してください。 - -##### `allow_encoded_slashes` - -バーチャルホストの[`AllowEncodedSlashes`][]宣言を設定し、サーバのデフォルトをオーバーライドします。これにより、`\`および`/`文字を含むURLに対するバーチャルホストの応答が変更されます。値: 'nodecode'、'off'、'on'。デフォルト設定では、サーバ設定からこの宣言が省かれ、Apacheのデフォルト設定'Off'が選択されます。 - -デフォルト値: `undef`。  - -##### `block` - -Apacheがアクセスをブロックする対象のリストを指定します。有効なオプション: 'scm'、これにより、`.svn`、`.git`、`.bzr`ディレクティブへのWebアクセスがブロックされます。 - -デフォルト値: 空[配列][]。 - -##### `cas_attribute_prefix` - -SAMLバリデーションが有効になっている場合に、このヘッダの値を属性値としてヘッダを追加します。 - -デフォルト値: [`apache::mod::auth_cas`][]により設定された値。 - -##### `cas_attribute_delimiter` - -`cas_attribute_prefix`により作成されたヘッダの属性値の区切り文字を設定します。 - -デフォルト値: [`apache::mod::auth_cas`][]により設定された値。  - -##### `cas_login_url` - -ユーザがCASで保護されたリソースへのアクセスを試み、かつアクティブなセッションがない場合に、モジュールがユーザをリダイレクトする先のURLを設定します。 - -デフォルト値: [`apache::mod::auth_cas`][]により設定された値。  - -##### `cas_scrub_request_headers` - -mod_auth_cas内で特別な意味を持つ可能性のあるインバウンドリクエストヘッダを削除します。 - -デフォルト値: [`apache::mod::auth_cas`][]により設定された値。  - -##### `cas_sso_enabled` - -`cas_sso_enabled`: シングルサインアウトの実験的サポートを有効にします(POSTデータが壊れる可能性があります)。 - -デフォルト値: [`apache::mod::auth_cas`][]により設定された値。  - -##### `cas_validate_saml` - -SAMLに関するCASサーバからの解析応答。 - -デフォルト値: [`apache::mod::auth_cas`][]により設定された値。  - -##### `cas_validate_url` - -HTTPクエリ文字列でクライアントの提示するチケットをバリデーションする際に使用するURL。 - -デフォルト値: [`apache::mod::auth_cas`][]により設定された値。 - - -##### `comment` - -設定ファイルのヘッダにコメントを追加します。文字列または文字列の配列として渡します。 - -デフォルト値: `undef`。 - -例:  - -``` puppet -comment => "Account number: 123B", -``` - -Or: - -``` puppet -comment => [ - "Customer: X", - "Frontend domain: x.example.org", -] -``` - -##### `custom_fragment` - -カスタム設定ディレクティブの文字列を渡し、バーチャルホスト設定の最後に配置します。 - -デフォルト値: `undef`。 - -##### `default_vhost` - -任意の`apache::vhost`定義タイプを、他の`apache::vhost`定義タイプと一致しないリクエストをサーブするためのデフォルトとして設定します。 - -デフォルト値: `false`。 - -##### `directories` - -[`directories`](#parameter-directories-for-apachevhost)セクションを参照してください。 - -##### `directoryindex` - -ディレクトリ名の最後で'/'を指定することで、クライアントがディレクトリのインデックスをリクエストした際に探すべきリソースのリストを設定します。詳細については、[`DirectoryIndex`][]ディレクティブドキュメントを参照してください。 - -デフォルト値: `undef`。 - -##### `docroot` - -**必須**。  - -[`DocumentRoot`][]ロケーションを設定します。Apacheはここからファイルをサーブします。 - -`docroot`と[`manage_docroot`][]がともに`false`に設定されている場合、[`DocumentRoot`][]は設定されず、それに付随する``ブロックは作成されません。 - -値: ディレクトリパスを指定する文字列。 - -##### `docroot_group` - -[`docroot`][]ディレクトリへのグループアクセスを設定します。 - -値: システムグループを指定する文字列。 - -デフォルト値: 'root'。  - -##### `docroot_owner` - -[`docroot`][]ディレクトリへの個々のユーザのアクセスを設定します。 - -値: ユーザアカウントを指定する文字列。 - -デフォルト値: 'root'。  - -##### `docroot_mode` - -[`docroot`][]ディレクトリへのアクセス許可を数字表記法で設定します。 - -値: 文字列。  - -デフォルト値: `undef`。 - -##### `manage_docroot` - -Puppetが[`docroot`][]ディレクトリを管理するかどうかを決定します。 - -ブーリアン。 - -デフォルト値: `true`。 - -##### `error_log` - -`*_error.log`ディレクティブを設定するかどうかを指定します。 - -ブーリアン。 - -デフォルト値: `true`。 - -##### `error_log_file` - -バーチャルホストのエラーログについて、`*_error.log`ファイルを優先します。このパラメータが定義されていない場合、Puppetはまず[`error_log_pipe`][]で、次に[`error_log_syslog`][]で値を確認します。 - -これらのパラメータをいずれも設定しない場合は、例えばバーチャルホストが`example.com`なら、PuppetはSSLバーチャルホストのデフォルトを'$logroot/example.com_error_ssl.log'、非SSLバーチャルホストのデフォルトを'$logroot/example.com_error.log'とします。 - -デフォルト値: `undef`。 - -##### `error_log_pipe` - -エラーログメッセージを送るパイプを指定します。 - -[`error_log_file`][]パラメータに値がある場合は、このパラメータに効力は生じません。このパラメータにも`error_log_file`にも値がない場合、Puppetは[`error_log_syslog`][]をチェックします。 - -デフォルト値: `undef`。 - -##### `error_log_syslog` - -すべてのエラーログメッセージをsyslogに送るかどうかを決定します。 - -[`error_log_file`][]パラメータまたは[`error_log_pipe`][]パラメータのいずれかに値がある場合、このパラメータの効力は生じません。これらのパラメータのいずれにも値がない場合は、例えばバーチャルホスト`example.com`では、PuppetはSSLバーチャルホストのデフォルトを'$logroot/example.com_error_ssl.log'、非SSLバーチャルホストのデフォルトを '$logroot/example.com_error.log'とします。 - -ブーリアン。 - -デフォルト値: `undef`。 - -##### `error_documents` - -このバーチャルホストの[エラードキュメント](https://httpd.apache.org/docs/current/mod/core.html#errordocument)設定のオーバーライドに使用できるハッシュのリスト。 - -例:  - -``` puppet -apache::vhost { 'sample.example.net': - error_documents => [ - { 'error_code' => '503', 'document' => '/service-unavail' }, - { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' }, - ], -} -``` - -デフォルト値: []。  - -##### `ensure` - -バーチャルホストが存在するかどうかを指定します。 - -値: 'absent'、'present'。  - -デフォルト値: 'present'。  - -##### `fallbackresource` - -[FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource)ディレクティブを設定します。このディレクティブは、ファイルシステム内のどこにもマッピングされていないURLに対してどのようなアクションをとるか指定します。指定されていない場合は'HTTP 404 (Not Found)'が返されます。値は'/'で始めるか、'disabled'とする必要があります。 - -デフォルト値: `undef`。 - -##### `fastcgi_idle_timeout` - -fastcgiを使用する場合に、このオプションにより、サーバ応答のタイムアウトを設定します。 - -デフォルト値: `undef`。 - -##### `file_e_tag` - -[`FileETag`][]宣言のサーバデフォルトを設定します。これにより、静的ファイルの応答ヘッダフィールドが変更されます。 - -値: 'INode'、'MTime'、'Size'、'All'、'None'。 - -デフォルト値: `undef`、この場合、Apacheのデフォルト設定'MTime Size'が使用されます。 - -##### `filters` - -[フィルタ](https://httpd.apache.org/docs/current/mod/mod_filter.html)により、アウトプットコンテンツフィルタのスマートな文脈依存設定が有効になります。 - -``` puppet -apache::vhost { "$::fqdn": - filters => [ - 'FilterDeclare COMPRESS', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', - 'FilterChain COMPRESS', - 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', - ], -} -``` - -##### `force_type` - -[`ForceType`][]ディレクティブを設定します。このディレクティブは、[MIME `content-type`][]がこのパラメータの値に一致するすべてのマッチングファイルをApacheに強制的にサーブさせます。 - -#### `add_charset` - -ディレクトリおよびファイル拡張子ごとに、Apacheにカスタムコンテンツ文字セットを設定させます。 - -##### `headers` - -レスポンスヘッダを置換、結合、または削除するための行を追加します。詳細については、[Apacheのmod_headersドキュメント](https://httpd.apache.org/docs/current/mod/mod_headers.html#header)を参照してください。 - -値: 文字列または文字列の配列。  - -デフォルト値: `undef`。 - -##### `ip` - -バーチャルホストがリッスンするIPアドレスを設定します。デフォルトでは、Apacheのデフォルト挙動が使用され、すべてのIPをリッスンします。 - -値: 文字列または文字列の配列。  - -デフォルト値: `undef`。 - -##### `ip_based` - -[IPベースの](https://httpd.apache.org/docs/current/vhosts/ip-based.html)バーチャルホストを有効にします。このパラメータにより、NameVirtualHostディレクティブの作成が禁止されます。これは、このディレクティブが名前ベースのバーチャルホストにリクエストを送る際に使用されるためです。 - -デフォルト値: `false`。 - -##### `itk` - -ハッシュで[ITK](http://mpm-itk.sesse.net/)を設定します。 - -通常は、以下のように使用します。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - itk => { - user => 'someuser', - group => 'somegroup', - }, -} -```  - -値: ハッシュ。キーを含めることもできます。 - -* ユーザ + グループ -* `assignuseridexpr` -* `assigngroupidexpr` -* `maxclientvhost` -* `nice` -* `limituidrange` (Linux 3.5.0以降) -* `limitgidrange` (Linux 3.5.0以降) - -通常は、以下のように使用します。  - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - itk => { - user => 'someuser', - group => 'somegroup', - }, -} -```  - -デフォルト値: `undef`。 - -##### `jk_mounts` - -'JkMount'および'JkUnMount'ディレクティブによりバーチャルホストを設定し、TomcatとApacheの間をマッピングするURLのパスを処理します。 - -このパラメータは、ハッシュの配列にする必要があります。各ハッシュには、'worker'と、'mount'または'unmount'キーのいずれかが含まれている必要があります。 - -通常は、以下のように使用します。  - -``` puppet -apache::vhost { 'sample.example.net': - jk_mounts => [ - { mount => '/*', worker => 'tcnode1', }, - { unmount => '/*.jpg', worker => 'tcnode1', }, - ], -} -``` -デフォルト値: `undef`。 - -##### `keepalive` - -バーチャルホストで[`KeepAlive`][]ディレクティブによるHTTPの持続的接続を有効にするかどうかを決定します。デフォルトでは、グローバルなサーバ全体の[`KeepAlive`][]設定が有効になります。 - -バーチャルホストの関連オプションを設定するには、`keepalive_timeout`および`max_keepalive_requests`パラメータを使用します。 - -値: 'Off'、'On'。 - -デフォルト値: `undef`。  - -##### `keepalive_timeout` - -バーチャルホストの[`KeepAliveTimeout`]ディレクティブを設定します。これにより、HTTPの持続的接続で後続のリクエストを実行するまでの待機時間が決まります。デフォルトでは、グローバルなサーバ全体の[`KeepAlive`][]設定が有効になります。 - -このパラメータが意味を持つのは、グローバルなサーバ全体の[`keepalive`パラメータ][]またはバーチャルホストごとの`keepalive`パラメータのいずれかが有効になっている場合のみです。  - -デフォルト値: `undef`。  - -##### `max_keepalive_requests` - -接続1回につき許可されるバーチャルホストへのリクエスト数を制限します。デフォルトでは、グローバルなサーバ全体の[`KeepAlive`][]設定が有効になります。 - -このパラメータが意味を持つのは、グローバルなサーバ全体の[`keepalive`パラメータ][]またはバーチャルホストごとの`keepalive`パラメータのいずれかが有効になっている場合のみです。  - -デフォルト値: `undef`。 - -##### `auth_kerb` - -バーチャルホストの[`mod_auth_kerb`][]パラメータを有効にします。 - -通常は、以下のように使用します。  - -``` puppet -apache::vhost { 'sample.example.net': - auth_kerb => `true`, - krb_method_negotiate => 'on', - krb_auth_realms => ['EXAMPLE.ORG'], - krb_local_user_mapping => 'on', - directories => { - path => '/var/www/html', - auth_name => 'Kerberos Login', - auth_type => 'Kerberos', - auth_require => 'valid-user', - }, -} -``` - -関連するパラメータは、`mod_auth_kerb`ディレクティブの名前に従います。 - -- `krb_method_negotiate`: Negotiateメソッドを使用するかどうかを決定します。デフォルト値: 'on'。 -- `krb_method_k5passwd`: Kerberos v5に関してパスワードベースの認証を使用するかどうかを決定します。デフォルト値: 'on'。 -- `krb_authoritative`: 'off'に設定すると、認証コントロールを別のモジュールに渡すことができます。デフォルト値: 'on'。 -- `krb_auth_realms`: 認証に使用するKerberos領域の配列を指定します。デフォルト値: []。 -- `krb_5keytab`: Kerberos v5キータブファイルのロケーションを指定します。デフォルト値: `undef`。 -- `krb_local_user_mapping`: 今後の使用のために、ユーザ名から@REALMを取り除きます。デフォルト値: `undef`。 - -ブーリアン。 - -デフォルト値: `false`。 - -##### `krb_verify_kdc` - -このオプションを使えば、ローカルなキータブに対する認証チケットを無効にし、KDCスプーフィング攻撃を防ぐことができます。 - -デフォルト値: 'on'。 - -##### `krb_servicename` - -Apacheが認証に使用するサービス名を指定します。この名前に対応するキーをキータブに保存する必要があります。 - -デフォルト値: 'HTTP'。 - -##### `krb_save_credentials` - -このオプションにより、認証情報の保存機能が有効になります。 - -デフォルト値: 'off'。 - -##### `logroot` - -バーチャルホストのログファイルの保存場所を指定します。 - -デフォルト値: `/var/log//`。 - -##### `$logroot_ensure` - -バーチャルホストのlogrootディレクトリを削除するかどうかを決定します。 - -値: 'directory'、'absent'。 - -デフォルト値: 'directory'。 - -##### `logroot_mode` - -logrootディレクトリで設定されたモードをオーバーライドします。影響を把握できない場合は、ログが保存されているディレクトリへの書き込みアクセス権限を付与*しないで*ください。詳細については、[Apacheのログセキュリティドキュメント](https://httpd.apache.org/docs/2.4/logs.html#security)を参照してください。 - -デフォルト値: `undef`。 - -##### `logroot_owner` - -logrootディレクトリへの個々のユーザのアクセスを設定します。 - -デフォルト値:`undef`。 - -##### `logroot_group` - -[`logroot`][]ディレクトリへのグループアクセスを設定します。 - -デフォルト値:`undef`。 - -##### `log_level` - -エラーログの詳細レベルを指定します。 - -値: 'emerg'、'alert'、'crit'、'error'、'warn'、'notice'、'info'、'debug'。 - -デフォルト値: グローバルサーバ設定については'warn'。バーチャルホストごとにオーバーライドできます。 - -###### `modsec_body_limit` - -バッファリングに関してModSecurityが受け入れる最大リクエストボディサイズをバイト数で設定します。 - -値: 整数。 - -デフォルト値: `undef`。 - -###### `modsec_disable_vhost` - -バーチャルホストで[`mod_security`][]を無効にします。[`apache::mod::security`][]が含まれている場合にのみ有効です。 - -ブーリアン。 - -デフォルト値: `undef`。 - -###### `modsec_disable_ids` - -バーチャルホストから`mod_security` IDを削除します。 - -値: バーチャルホストから削除する`mod_security` IDの配列。ハッシュも使用できます。この場合、特定のロケーションからのIDの削除が可能です。 - -``` puppet -apache::vhost { 'sample.example.net': - modsec_disable_ids => [ 90015, 90016 ], -} -``` - -``` puppet -apache::vhost { 'sample.example.net': - modsec_disable_ids => { '/location1' => [ 90015, 90016 ] }, -} -``` - -デフォルト値: `undef`。 - -###### `modsec_disable_ips` - -[`mod_security`][]ルールマッチングから除外するIPアドレスの配列を指定します。 - -デフォルト値: `undef`。 - -###### `modsec_disable_msgs` - -バーチャルホストから削除するmod_security Msgの配列。ハッシュも使用できます。この場合、特定のロケーションからのMsgの削除が可能です。 - -``` puppet -apache::vhost { 'sample.example.net': - modsec_disable_msgs => ['Blind SQL Injection Attack', 'Session Fixation Attack'], -} -``` - -``` puppet -apache::vhost { 'sample.example.net': - modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] }, -} -``` - -デフォルト値: `undef`。 - -###### `modsec_disable_tags` - - バーチャルホストから削除するmod_securityタグの配列。ハッシュも使用できます。この場合、特定のロケーションからのタグの削除が可能です。 - -``` puppet -apache::vhost { 'sample.example.net': - modsec_disable_tags => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'], -} -``` - -``` puppet -apache::vhost { 'sample.example.net': - modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] }, -} -``` - -デフォルト値: `undef`。 - -##### `modsec_audit*` - -* `modsec_audit_log` -* `modsec_audit_log_file` -* `modsec_audit_log_pipe` - -この3つのパラメータは、いずれも`mod_security`オーディットログの送信方法を決定します([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog))。 - -* `modsec_audit_log_file`が設定されている場合は、[`logroot`][]と比較されます。 - - デフォルト値: `undef`。 - -* `modsec_audit_log_pipe`を設定する場合は、パイプで始める必要があります。例えば、'|/path/to/mlogc /path/to/mlogc.conf'のようになります。 - - デフォルト値: `undef`。 - -* `modsec_audit_log`が`true`になっている場合、バーチャルホスト---example.comなど---を与えると、[SSL暗号化][SSL encryption]バーチャルホストの場合はデフォルト値が'example.com\_security\_ssl.log'、暗号化されていないバーチャルホストの場合は'example.com\_security.log'になります。 - - デフォルト値: `false`。 - -上述のパラメータがいずれも設定されていない場合、グローバルオーディットログが使用されます(''/var/log/httpd/modsec\_audit.log''; Debianおよびデリバティブ: ''/var/log/apache2/modsec\_audit.log''; その他: )。 - -##### `no_proxy_uris` - -プロキシを使用しないURLを指定します。このパラメータは、[`proxy_dest`](#proxy_dest)と組み合わせて使用することはできません。 - -デフォルト値: []。  - -##### `no_proxy_uris_match` - -このディレクティブは[`no_proxy_uris`][]と同じですが、正規表現をとります。 - -デフォルト値: []。  - -##### `proxy_preserve_host` - -[ProxyPreserveHostディレクティブ](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost)を設定します。 - -このパラメータを`true`に設定すると、受信リクエストの`Host:`行が有効になり、ホスト名ではなくホストにプロキシされます。`false`に設定すると、このディレクティブが'Off'になります。 - -ブーリアン。 - -デフォルト値: `false`。 - -##### `proxy_add_headers` - -[ProxyAddHeadersディレクティブ](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders)を設定します。 - -このパラメータは、プロキシ関連のHTTPヘッダ(X-Forwarded-For、X-Forwarded-Host、X-Forwarded-Server)をバックエンドサーバに送信するかどうかを制御します。 - -ブーリアン。 - -デフォルト値: `false`。 - -##### `proxy_error_override` - -[ProxyErrorOverrideディレクティブ](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride)を設定します。このディレクティブは、プロキシされたコンテンツに関するエラーページをApacheによりオーバーライドすべきかどうかを制御します。 - -ブーリアン。 - -デフォルト値: `false`。 - -##### `options` - -指定されたバーチャルホストの[`Options`][]を設定します。例: - -``` puppet -apache::vhost { 'site.name.fdqn': - … - options => ['Indexes','FollowSymLinks','MultiViews'], -} -``` - -> **注意**: [`apache::vhost`][]の[`directories`][]パラメータを使うと、'Options'、'Override'、'DirectoryIndex'は`directories`内のパラメータであるため、無視されます。 - -デフォルト値: ['Indexes','FollowSymLinks','MultiViews']。 - -##### `override` - -指定されたバーチャルホストのオーバーライドを設定します。[AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride)引数の配列を使用できます。 - -デフォルト値: ['None']。 - -##### `passenger_spawn_method` - -[PassengerSpawnMethod](https://www.phusionpassenger.com/library/config/apache/reference/#passengerspawnmethod)を設定します。Passengerが引き起こしたアプリケーションに直接か、preforkのcopy-on-writeメカニズムを使用します。 - -有効なオプション: `smart`または`direct`。 - -デフォルト値: `undef`。 - -##### `passenger_app_root` - -[PassengerRoot](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapproot)を設定します。これは、DocumentRootと異なる場合のPassengerアプリケーションルートのロケーションです。 - -値: パスを指定する文字列。  - -デフォルト値: `undef`。 - -##### `passenger_app_env` - -[PassengerAppEnv](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappenv)を設定します。これは、Passengerアプリケーションに関する環境です。指定されていない場合は、グローバル設定の'production'がデフォルトになります。 - -値: 環境名を指定する文字列。 - -デフォルト値: `undef`。 - -##### `passenger_log_file` - -デフォルトでは、PassengerログメッセージはApacheグローバルエラーログに書き込まれます。[PassengerLogFile](https://www.phusionpassenger.com/library/config/apache/reference/#passengerlogfile)を使えば、そのメッセージを別のファイルに書き込むように設定することができます。このオプションは、Passenger 5.0.5以降でのみ使用できます。 - -値: パスを指定する文字列。  - -デフォルト値: `undef`。 - -##### `passenger_log_level` - -このオプションを使えば、ログファイルに書き込む情報の量を指定できます。設定されていない場合は、[PassengerLogLevel](https://www.phusionpassenger.com/library/config/apache/reference/#passengerloglevel)は設定ファイルに表示されず、デフォルト値が使用されます。 - -デフォルト値: 3.0.0以前のPassengerバージョン: '0'; 5.0.0以降: '3'。 - -##### `passenger_ruby` - -[PassengerRuby](https://www.phusionpassenger.com/library/config/apache/reference/#passengerruby)を設定します。これは、バーチャルホスト上でこのアプリケーションに関して使用するRubyインタープリタです。 - -デフォルト値: `undef`。 - -##### `passenger_min_instances` - -[PassengerMinInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermininstances)を設定します。これは、実行するアプリケーションプロセスの最小数です。 - -##### `passenger_max_requests` - -[PassengerMaxRequests](https://www.phusionpassenger.com/library/config/apache/reference/#pas -sengermaxrequests)を設定します。これは、アプリケーションプロセスが処理するリクエストの最大数です。 - -##### `passenger_max_instances_per_app` - -[PassengerMaxInstancesPerApp](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxinstancesperapp)を設定します。これは、単一のアプリケーションに関して同時に存在できるアプリケーションプロセスの最大数です。 - -デフォルト値: `undef`。 - -##### `passenger_start_timeout` - -[PassengerStartTimeout](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstarttimeout)を設定します。これは、アプリケーション起動のタイムアウトです。 - -##### `passenger_pre_start` - -[PassengerPreStart](https://www.phusionpassenger.com/library/config/apache/reference/#passengerprestart)を設定します。これは、プレ起動が必要とされる場合のアプリケーションのURLです。 - -##### `passenger_user` - -[PassengerUser](https://www.phusionpassenger.com/library/config/apache/reference/#passengeruser)を設定します。これは、サンドボックスアプリケーションの実行ユーザです。 - -##### passenger_group - - [PassengerGroup](https://www.phusionpassenger.com/library/config/apache/reference/#passengergroup)を設定します。これは、サンドボックスアプリケーションの実行グループです。 - -##### `passenger_high_performance` - -[`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance)パラメータを設定します。 - -値: `true`、`false`。 - -デフォルト値: `undef`。 - -##### `passenger_nodejs` - -[`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#passengernodejs)を設定します。これは、バーチャルホスト上でこのアプリケーションに関して使用するNodeJSインタープリタです。 - -##### `passenger_sticky_sessions` - -[`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessions)パラメータを設定します。 - -ブーリアン。 - -デフォルト値: `undef`。 - -##### `passenger_startup_file` - -[`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstartupfile)パスを設定します。このパスは、アプリケーションルートに関連しています。 - -##### `php_values & php_flags` - -バーチャルホストごとの設定[`php_value`または`php_flag`](http://php.net/manual/en/configuration.changes.php)を許可します。これらのフラグや値は、ユーザまたはアプリケーションにより上書きすることができます。 - -デフォルト値: '{}'。 - -vhostの宣言内 -``` puppet - php_values => [ 'include_path ".:/usr/local/example-app/include"' ], -``` - -##### `php_admin_flags & values` - -バーチャルホストごとの設定[`php_admin_value`または`php_admin_flag`](http://php.net/manual/en/configuration.changes.php)を許可します。これらのフラグや値は、ユーザまたはアプリケーションにより上書きすることができます。 - -デフォルト値: '{}'。 - -##### `port` - -ホストを設定するポートを設定します。モジュールのデフォルトでは、ホストがリッスンするのは、非SSLバーチャルホストではポート80、SSLバーチャルホストではポート443です。ホストはこのパラメータで設定されたポートのみをリッスンします。 - -##### `priority` - -Apache HTTPD VirtualHost設定ファイルに関連するロード順序を設定します。 - -優先順位に一致するものがない場合は、アルファベット順で最初の名前ベースのバーチャルホストが使用されます。同様に、高い優先順位を渡すと、他に一致する名前がなければ、アルファベット順で最初の名前ベースのバーチャルホストが使用されます。 - -> **注意:** このパラメータを使用する必要はありません。ただし、使用する場合は、`apache::vhost`の`default_vhost`パラメータの優先順位は'15'になる点に留意してください。 - -ファイル名の優先順位の接頭値を無視するには、優先順位として`false`を渡します。 - -デフォルト値: '25'。 - -##### `proxy_dest` - -[ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass)設定の宛先アドレスを指定します。 - -デフォルト値: `undef`。 - -##### `proxy_pass` - -[ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass)設定の`path => URI`値の配列を指定します。オプションで、配列としてパラメータを追加できます。 - -デフォルト値: `undef`。 - -``` puppet -apache::vhost { 'site.name.fdqn': - … - proxy_pass => [ - { 'path' => '/a', 'url' => 'http://backend-a/' }, - { 'path' => '/b', 'url' => 'http://backend-b/' }, - { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}}, - { 'path' => '/l', 'url' => 'http://backend-xy', - 'reverse_urls' => ['http://backend-x', 'http://backend-y'] }, - { 'path' => '/d', 'url' => 'http://backend-a/d', - 'params' => { 'retry' => '0', 'timeout' => '5' }, }, - { 'path' => '/e', 'url' => 'http://backend-a/e', - 'keywords' => ['nocanon', 'interpolate'] }, - { 'path' => '/f', 'url' => 'http://backend-f/', - 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']}, - { 'path' => '/g', 'url' => 'http://backend-g/', - 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], }, - { 'path' => '/h', 'url' => 'http://backend-h/h', - 'no_proxy_uris' => ['/h/admin', '/h/server-status'] }, - ], -} -``` - -* `reverse_urls`。*オプション。*この設定は、`mod_proxy_balancer`とともに使用する場合に役立ちます。値: 配列または文字列。 -* `reverse_cookies`。*オプション。*`ProxyPassReverseCookiePath`および`ProxyPassReverseCookieDomain`を設定します。 -* `params`。*オプション。*接続設定などのProxyPassキー-値パラメータを許可します。 -* `setenv`。*オプション。*プロキシディレクティブの[環境変数](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings)を設定します。値: 配列。 - -##### `proxy_dest_match` - -このディレクティブは[`proxy_dest`][]と同じですが、正規表現をとります。詳細については、[ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch)を参照してください。 - -##### `proxy_dest_reverse_match` - -[`proxy_dest_match`][]が指定されている場合に、ProxyPassReverseを渡せるようにします。詳細については、[ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse)を参照してください。 - -##### `proxy_pass_match` - -このディレクティブは[`proxy_pass`][]と同じですが、正規表現をとります。詳細については、[ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch)を参照してください。 - -##### `rack_base_uris` - -rack設定のリソース識別子を設定します。指定されたファイルパスは、_rack.erbテンプレート内の[Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri)のrackアプリケーションルートとしてリストされます。 - -デフォルト値: `undef`。 - -##### `passenger_base_uris` - -任意のURIをPhusion Passengerのサーブするアプリケーションとして指定するのに使用します。指定されたファイルパスは、_passenger_base_uris.erbテンプレート内の[Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI)のpassengerアプリケーションルートとしてリストされます。 - -デフォルト値: `undef`。 - -##### `redirect_dest` - -リダイレクト先のアドレスを指定します。 - -デフォルト値: `undef`。 - -##### `redirect_source` - -`redirect_dest`で指定された宛先にリダイレクトするソースURIを指定します。リダイレクトするアイテムが複数提供されている場合は、ソースと宛先の長さを一致させる必要があります。また、アイテムは順序に依存します。 - -``` puppet -apache::vhost { 'site.name.fdqn': - … - redirect_source => ['/images','/downloads'], - redirect_dest => ['http://img.example.com/','http://downloads.example.com/'], -} -``` - -##### `redirect_status` - -リダイレクトに追加するステータスを指定します。 - -デフォルト値: `undef`。 - -``` puppet -apache::vhost { 'site.name.fdqn': - … - redirect_status => ['temp','permanent'], -} -``` - -##### `redirectmatch_*` - -* `redirectmatch_regexp` -* `redirectmatch_status` -* `redirectmatch_dest` - -任意の正規表現について呼び出すサーバステータスとユーザの転送先を決定します。配列として入力します。 - -デフォルト値: `undef`。 - -``` puppet -apache::vhost { 'site.name.fdqn': - … - redirectmatch_status => ['404','404'], - redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'], - redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'], -} -``` - -##### `request_headers` - -他のリクエストヘッダの追加、リクエストヘッダの削除など、収集した[リクエストヘッダ](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader)をさまざまな形で修正します。 - -デフォルト値: `undef`。 - -``` puppet -apache::vhost { 'site.name.fdqn': - … - request_headers => [ - 'append MirrorID "mirror 12"', - 'unset MirrorID', - ], -} -``` - -##### `rewrites` - -URLリライトルールを作成します。ハッシュの配列が求められます。 - -値: 'comment'、'rewrite_base'、'rewrite_cond'、'rewrite_rule'、'rewrite_map'のいずれかのハッシュキー。 - -デフォルト値: `undef`。 - -誰かがindex.htmlにアクセスした場合、welcome.htmlを表示するように指定できます。 - -``` puppet -apache::vhost { 'site.name.fdqn': - … - rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ] -} -``` - -このパラメータにより条件をリライトし、`true`の場合に関連ルールを実行させることが可能です。例えば、ビジターがIEを使っている場合のみURLをリライトするには、以下のように設定します。 - -``` puppet -apache::vhost { 'site.name.fdqn': - … - rewrites => [ - { - comment => 'redirect IE', - rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], - rewrite_rule => ['^index\.html$ welcome.html'], - }, - ], -} -``` - -複数の条件を適用することもできます。たとえば、ブラウザがLynxかMozilla(バージョン1または2)の場合にのみ、index.htmlをwelcome.htmlにリライトする場合は、以下のようになります。 - -``` puppet -apache::vhost { 'site.name.fdqn': - … - rewrites => [ - { - comment => 'Lynx or Mozilla v1/2', - rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], - rewrite_rule => ['^index\.html$ welcome.html'], - }, - ], -} -``` - -複数のリライトと条件を設定することも可能です。 - -``` puppet -apache::vhost { 'site.name.fdqn': - … - rewrites => [ - { - comment => 'Lynx or Mozilla v1/2', - rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'], - rewrite_rule => ['^index\.html$ welcome.html'], - }, - { - comment => 'Internet Explorer', - rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'], - rewrite_rule => ['^index\.html$ /index.IE.html [L]'], - }, - { - rewrite_base => /apps/, - rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'], - }, - { comment => 'Rewrite to lower case', - rewrite_cond => ['%{REQUEST_URI} [A-Z]'], - rewrite_map => ['lc int:tolower'], - rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'], - }, - ], -} -``` - -リライトのルールおよび条件については、[`mod_rewrite`ドキュメント][`mod_rewrite`]を参照してください。 - -##### `rewrite_inherit` - -バーチャルホストが全体のリライトルールを継承するかどうかを決定します。 - -デフォルト値: `false`。 - -リライトルールは、全体(`$conf_file`または`$confd_dir`で)またはバーチャルホストの`.conf`ファイル内で指定することができます。デフォルトでは、バーチャルホストは全体の設定を継承しません。継承を有効にするには、`rewrites`パラメータを指定し、`rewrite_inherit`パラメータを`true`に設定します。 - -``` puppet -apache::vhost { 'site.name.fdqn': - … - rewrites => [ - , - ], - rewrite_inherit => `true`, -} -``` - -> **注意**: この設定を有効にするには、`rewrites`パラメータが**必須**です。 - -バーチャルホストに以下のディレクティブが含まれている場合は、Apacheが全体の`Rewrite`ルールを有効にします。 - -``` ApacheConf -RewriteEngine On -RewriteOptions Inherit -``` - -[公式`mod_rewrite`ドキュメント](https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html)のセクション"Rewriting in Virtual Hosts"を参照してください。 - -##### `scriptalias` - -'/usr/scripts'などの、パス'/cgi-bin'のエイリアスとするCGIスクリプトのディレクトリを定義します。 - -デフォルト値: `undef`。 - -##### `scriptaliases` - -> **注意**: このパラメータは廃止予定であり、`aliases`パラメータに置き換えられます。 - -ハッシュの配列をバーチャルホストに渡し、[`mod_alias`ドキュメント][`mod_alias`]に従ってScriptAliasまたはScriptAliasMatchステートメントのいずれかを作成します。 - -``` puppet -scriptaliases => [ - { - alias => '/myscript', - path => '/usr/share/myscript', - }, - { - aliasmatch => '^/foo(.*)', - path => '/usr/share/fooscripts$1', - }, - { - aliasmatch => '^/bar/(.*)', - path => '/usr/share/bar/wrapper.sh/$1', - }, - { - alias => '/neatscript', - path => '/usr/share/neatscript', - }, -] -``` - -ScriptAliasおよびScriptAliasMatchディレクティブは、指定した順に作成されます。 [AliasおよびAliasMatch](#aliases)ディレクティブと同様、シャドーイングを避けるため、まず具体的なエイリアスを指定してから、全般的なものを指定してください。 - -##### `serveradmin` - -エラーページの表示時にApacheが表示するEメールアドレスを指定します。 - -デフォルト値: `undef`。 - -##### `serveraliases` - -サイトの[ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias)を設定します。 - -デフォルト値: []。  - -##### `servername` - -バーチャルホストに接続するホスト名に対応するサーバ名を設定します。 - -デフォルト値: リソースのタイトル。 - -##### `setenv` - -HTTPDにより使用し、バーチャルホストの環境変数を設定します。 - -デフォルト値: []。  - -例: - -``` puppet -apache::vhost { 'setenv.example.com': - setenv => ['SPECIAL_PATH /foo/bin'], -} -``` - -##### `setenvif` - -HTTPDにより使用し、条件を用いてバーチャルホストの環境変数を設定します。 - -デフォルト値: []。  - -##### `setenvifnocase` - -HTTPDにより使用し、条件を用いてバーチャルホストの環境変数を設定します(大文字小文字を区別しないマッチング)。 - -デフォルト値: []。  - -##### `suphp_*` - -* `suphp_addhandler` -* `suphp_configpath` -* `suphp_engine` - -[suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)によりバーチャルホストを設定します。 - -* `suphp_addhandler`。デフォルト値: RedHatおよびFreeBSDでは'php5-script'、DebianおよびGentooでは'x-httpd-php'。 -* `suphp_configpath`。デフォルト値: RedHatおよびFreeBSDでは`undef`、DebianおよびGentooでは'/etc/php5/apache2'。 -* `suphp_engine`。値: 'on'または'off'。デフォルト値: 'off'。 - -suPHPによるバーチャルホスト設定の例: - -``` puppet -apache::vhost { 'suphp.example.com': - port => '80', - docroot => '/home/appuser/myphpapp', - suphp_addhandler => 'x-httpd-php', - suphp_engine => 'on', - suphp_configpath => '/etc/php5/apache2', - directories => { path => '/home/appuser/myphpapp', - 'suphp' => { user => 'myappuser', group => 'myappgroup' }, - } -} -``` - -##### `vhost_name` - -名前ベースのバーチャルホストを有効にします。バーチャルホストにIPではなくポートが割り当てられている場合は、バーチャルホスト名は'vhost_name:port'になります。バーチャルホストにIPもポートも割り当てられていない場合は、バーチャルホスト名はリソースのタイトルに設定されます。 - -デフォルト値: '*'。 - -##### `virtual_docroot` - -同じ名前を持つディレクトリにマッピングされたワイルドカードエイリアスサブドメインにより、バーチャルホストを設定します。例えば、'http://example.com' would map to '/var/www/example.com'のようになります。 - -デフォルト値: `false`。 - -``` puppet -apache::vhost { 'subdomain.loc': - vhost_name => '*', - port => '80', - virtual_docroot => '/var/www/%-2+', - docroot => '/var/www', - serveraliases => ['*.loc',], -} -``` - -##### `wsgi*` - -* `wsgi_daemon_process` -* `wsgi_daemon_process_options` -* `wsgi_process_group` -* `wsgi_script_aliases` -* `wsgi_pass_authorization` - -[WSGI](https://github.com/GrahamDumpleton/mod_wsgi)によりバーチャルホストを設定します。 - -* `wsgi_daemon_process`: WSGIデーモンの名前を設定するハッシュ。[特定のキー](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html)を使用できます。デフォルト値: `undef`。 -* `wsgi_daemon_process_options`。_オプション。_ デフォルト値: `undef`。 -* `wsgi_process_group`: バーチャルホストが実行されるグループIDを設定します。デフォルト値: `undef`。 -* `wsgi_script_aliases`: ファイルシステム.wsgiパスへのWebパスのハッシュにする必要があります。デフォルト値: `undef`。 -* `wsgi_script_aliases_match`: ファイルシステム.wsgiパスへのWebパスの正規表現のハッシュにする必要があります。デフォルト値: `undef`。 -* `wsgi_pass_authorization`: 'On'に設定すると、Apacheの代わりにWSGIアプリケーションを使って認証を処理します。詳細については、[mod_wsgi's WSGIPassAuthorizationドキュメント] (https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html)を参照してください。デフォルト値: `undef`、これにより、Apacheのデフォルト値である'Off'が使われます。 -* `wsgi_chunked_request`: チャンク形式のリクエストのサポートを有効にします。デフォルト値: `undef`。 - -WSGIによるバーチャルホスト設定の例: - -``` puppet -apache::vhost { 'wsgi.example.com': - port => '80', - docroot => '/var/www/pythonapp', - wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => - { processes => '2', - threads => '15', - display-name => '%{GROUP}', - }, - wsgi_process_group => 'wsgi', - wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' }, - wsgi_chunked_request => 'On', -} -``` - -#### `apache::vhost`のパラメータ`directories` - -`apache::vhost`クラスの`directories`パラメータは、バーチャルホストにハッシュの配列を渡し、[Directory](https://httpd.apache.org/docs/current/mod/core.html#directory)、[File](https://httpd.apache.org/docs/current/mod/core.html#files)、[Location](https://httpd.apache.org/docs/current/mod/core.html#location)ディレクティブブロックを作成します。これらのブロックは、'< Directory /path/to/directory>...< /Directory>'の形式をとります。 - -`path`キーは、ディレクトリ、ファイル、ロケーションブロックのパスを設定します。この値は、'directory'、'files'、または'location'プロバイダのパスか、'directorymatch'、'filesmatch'、または 'locationmatch'プロバイダの正規表現でなければなりません。`directories`に渡される各ハッシュには、キーのひとつとして`path`が含まれていなければ**なりません**。 - -`provider`キーはオプションです。設定されていない場合、このキーのデフォルトは'directory'になります。値: 'directory'、'files'、'proxy'、'location'、'directorymatch'、'filesmatch'、'proxymatch'、'locationmatch'。`provider`を'directorymatch'に設定すると、 Apache設定ファイルでキーワード'DirectoryMatch'が使用されます。 - -`directories`の使用例: - -``` puppet -apache::vhost { 'files.example.net': - docroot => '/var/www/files', - directories => [ - { 'path' => '/var/www/files', - 'provider' => 'files', - 'deny' => 'from all', - }, - ], -} -``` - -> **注意:** 少なくとも1つのディレクトリが`docroot`パラメータとマッチする必要があります。ディレクトリの宣言を開始すると、`apache::vhost`は必要なすべてのディレクトリブロックが宣言されるものと見なします。定義されない場合、`docroot`パラメータにマッチする1つのデフォルトディレクトリブロックが作成されます。 - -`directory`、`files`、または`location`ハッシュ内に、使用可能なハンドラを配置し、キーとして表す必要があります。以下のようになります。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ { path => '/path/to/directory', handler => value } ], -} -``` - -これらのハッシュで設定していないハンドラは、Puppet内で'undefined'と見なされ、バーチャルホストに追加されず、モジュールではデフォルト値が使われます。サポートされているハンドラは、次のとおりです。 - -##### `addhandlers` - -[AddHandler](https://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler)ディレクティブを設定します。これは、ファイル名の拡張子を指定されたハンドラにマッピングするものです。ハッシュのリストを使用し、`extensions`はハンドラによりマッピングされた拡張子を記述するために使用されます。`{ handler => 'handler-name', extensions => ['extension'] }`の形式をとります。 - -例: - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}], - }, - ], -} -``` - -##### `allow` - -[Allow](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow)ディレクティブを設定します。これは、ホスト名またはIPに基づく認証をグループ化するものです。**廃止予定:**このパラメータは、Apacheが変更されたため、廃止予定になっています。Apache 2.2以下でのみ機能します。1つのルールに対する単一の文字列としても、複数のルールに対する配列としても使用できます。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow => 'from example.org', - }, - ], -} -``` - -##### `allow_override` - -[.htaccess](https://httpd.apache.org/docs/current/mod/core.html#allowoverride)ファイルで許可されるディレクティブのタイプを設定します。配列を使用できます。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - allow_override => ['AuthConfig', 'Indexes'], - }, - ], -} -``` - -##### `auth_basic_authoritative` - -[AuthBasicAuthoritative](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicauthoritative)の値を設定します。これにより、下位のApacheモジュールに権限と認証を渡すかどうかが決定されます。 - -##### `auth_basic_fake` - -[AuthBasicFake](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicfake)の値を設定します。これにより、任意のディレクティブブロックに関する認証情報が静的に設定されます。 - -##### `auth_basic_provider` - -[AuthBasicProvider](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider)の値を設定します。これにより、任意のロケーションの認証プロバイダが設定されます。 - -##### `auth_digest_algorithm` - -[AuthDigestAlgorithm](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestalgorithm)の値を設定します。これにより、チャレンジおよびレスポンスハッシュの計算に用いるアルゴリズムを選択します。 - -###### `auth_digest_domain` - -[AuthDigestDomain](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestdomain)の値を設定します。これにより、ダイジェスト認証に関して、同じ保護スペースで1つまたは複数のURIを指定できます。 - -##### `auth_digest_nonce_lifetime` - -[AuthDigestNonceLifetime](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestnoncelifetime)の値を設定します。これにより、サーバのノンスが有効になる長さを制御します。 - -##### `auth_digest_provider` - -[AuthDigestProvider](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestprovider)の値を設定します。これにより、任意のロケーションに関する認証プロバイダを設定します。 - -##### `auth_digest_qop` - -[AuthDigestQop](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestqop)の値を設定します。これにより、ダイジェスト認証で用いる保護品質を決定します。 - -##### `auth_digest_shmem_size` - -[AuthAuthDigestShmemSize](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestshmemsize)の値を設定します。これにより、クライアントの追跡に関して、サーバに割り当てられる共通メモリの量を定義します。 - -##### `auth_group_file` - -[AuthGroupFile](https://httpd.apache.org/docs/current/mod/mod_authz_groupfile.html#authgroupfile)の値を設定します。これにより、認証に関して、ユーザグループのリストを含むテキストファイルの名前を設定します。 - -##### `auth_name` - -[AuthName](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authname)の値を設定します。これにより、認証領域の名前を設定します。 - -##### `auth_require` - -アクセスを許可するのに必要なエンティティ名を設定します。詳細については、[Require](https://httpd.apache.org/docs/current/mod/mod_authz_host.html#requiredirectives)を参照してください。 - -##### `auth_type` - -[AuthType](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype)の値を設定します。これにより、ユーザ認証のタイプをガイドします。 - -##### `auth_user_file` - -[AuthUserFile](https://httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile)の値を設定します。これにより、認証に関するユーザ/パスワードを含むテキストファイルの名前を設定します。 - -##### `auth_merging` - -[AuthMerging](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#authmerging)の値を設定します。これにより、認証ロジックを組み合わせるかどうかを決定します。 - -##### `auth_ldap_url` - -[AuthLDAPURL](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapurl)の値を設定します。これにより、AuthBasicProvider 'ldap'を使用する場合のLDAPサーバのURLを決定します。 - -##### `auth_ldap_bind_dn` - -[AuthLDAPBindDN](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbinddn)の値を設定します。これにより、AuthBasicProvider 'ldap'を使用する場合に、エントリの検索時にLDAPサーバにバインドするオプションのDNを使用できるようになります。 - -##### `auth_ldap_bind_password` - -[AuthLDAPBindPassword](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbindpassword)の値を設定します。これにより、AuthBasicProvider 'ldap'を使用する場合に、バインドDNとともに用いるオプションのバインドパスワードを使用できるようになります。 - -##### `auth_ldap_group_attribute` - -[AuthLDAPGroupAttribute](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattribute)の値の配列。ldapグループ内のユーザメンバーの確認に使用するLDAP属性を指定します。 - -デフォルト値: "member"および "uniquemember"。 - -##### `auth_ldap_group_attribute_is_dn` - -[AuthLDAPGroupAttributeIsDN](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattributeisdn)の値を設定し、ldapグループのメンバーにDNかシンプルなユーザ名のどちらを使用するかを指定します。onに設定すると、グループメンバーシップの確認時に、クライアントユーザ名の識別名が使用されます。そうでない場合は、ユーザ名が使われます。有効な値は"on"か"off"です。 - -##### `custom_fragment` - -カスタム設定ディレクティブの文字列を渡し、ディレクトリ設定の最後に配置します。 - -``` puppet -apache::vhost { 'monitor': - … - directories => [ - { - path => '/path/to/directory', - custom_fragment => ' - - SetHandler balancer-manager - Order allow,deny - Allow from all - - - SetHandler server-status - Order allow,deny - Allow from all - -ProxyStatus On', - }, - ] -} -``` - -##### `dav` - -[Dav](http://httpd.apache.org/docs/current/mod/mod_dav.html#dav)の値を設定します。これにより、WebDAV HTTPメソッドを有効にするかどうかを決定します。値としては、'On'、'Off'、またはプロバイダの名前を使用できます。'On'に設定すると、`mod_dav_fs`モジュールにより実装されているデフォルトのファイルシステムプロバイダが有効になります。 - -##### `dav_depth_infinity` - -[DavDepthInfinity](http://httpd.apache.org/docs/current/mod/mod_dav.html#davdepthinfinity)の値を設定します。これは、`Depth: Infinity`ヘッダを持つ`PROPFIND`リクエストの処理を有効にするのに使用されます。 - -##### `dav_min_timeout` - -[DavMinTimeout](http://httpd.apache.org/docs/current/mod/mod_dav.html#davmintimeout)の値を設定します。DAVリソースでサーバがロック状態を維持する時間(秒数)を指定します。 - -##### `deny` - -[Deny](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny)ディレクティブを設定し、サーバへのアクセスを否定するホストを指定します。**廃止予定:** このパラメータは、Apacheが変更されたため、廃止予定になっています。Apache 2.2以下でのみ機能します。1つのルールに対する単一の文字列としても、複数のルールに対する配列としても使用できます。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - deny => 'from example.org', - }, - ], -} -``` - -##### `error_documents` - -ディレクトリの[ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument)設定をオーバーライドするハッシュの配列。 - -``` puppet -apache::vhost { 'sample.example.net': - directories => [ - { path => '/srv/www', - error_documents => [ - { 'error_code' => '503', - 'document' => '/service-unavail', - }, - ], - }, - ], -} -``` - -##### `ext_filter_options` - -[ExtFilterOptions](https://httpd.apache.org/docs/current/mod/mod_ext_filter.html)ディレクティブを設定します。 -このディレクティブを使用する前に、`class { 'apache::mod::ext_filter': }`を宣言する必要があります。 - -``` puppet -apache::vhost { 'filter.example.org': - docroot => '/var/www/filter', - directories => [ - { path => '/var/www/filter', - ext_filter_options => 'LogStderr Onfail=abort', - }, - ], -} -``` - -##### `geoip_enable` - -[GeoIPEnable](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Configuration)ディレクティブを設定します。 -このディレクティブを使用する前に、`class {'apache::mod::geoip': }`を宣言する必要があります。 - -``` puppet -apache::vhost { 'first.example.com': - docroot => '/var/www/first', - directories => [ - { path => '/var/www/first', - geoip_enable => `true`, - }, - ], -} -``` - -##### `headers` - -[Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header)ディレクティブの行を追加します。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => { - path => '/path/to/directory', - headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', - }, -} -``` - -##### `index_options` - -[ディレクトリインデキシング](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions)の設定を可能にします。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - directoryindex => 'disabled', # this is needed on Apache 2.4 or mod_autoindex doesn't work - options => ['Indexes','FollowSymLinks','MultiViews'], - index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'], - }, - ], -} -``` - -##### `index_order_default` - -ディレクトリインデックスの[デフォルトの順序付け](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault)を設定します。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', - index_order_default => ['Descending', 'Date'], - }, - ], -} -``` - -###### `index_style_sheet` - -[IndexStyleSheet](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet)を設定します。これにより、ディレクトリインデックスにCSSスタイルシートが追加されます。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], - index_options => ['FancyIndexing'], - index_style_sheet => '/styles/style.css', - }, - ], -} -``` - -##### `limit` - -ディレクトリブロック内に[Limit](https://httpd.apache.org/docs/current/mod/core.html#limit)ブロックを作成します。`require`ディレクティブを含めることもできます。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/docroot', - directories => [ - { path => '/', - provider => 'location', - limit => [ - { methods => 'GET HEAD', - require => ['valid-user'] - }, - ], - }, - ], -} -``` - -##### `limit_except` - -ディレクトリブロック内に[LimitExcept](https://httpd.apache.org/docs/current/mod/core.html#limitexcept)ブロックを作成します。`require`ディレクティブを含めることもできます。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/docroot', - directories => [ - { path => '/', - provider => 'location', - limit_except => [ - { methods => 'GET HEAD', - require => ['valid-user'] - }, - ], - }, - ], -} -``` - -##### `mellon_enable` - -[MellonEnable][`mod_auth_mellon`]ディレクトリを設定し、 [`mod_auth_mellon`][]を有効にします。[`apache::mod::auth_mellon`][]を使って`mod_auth_mellon`をインストールできます。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/', - provider => 'directory', - mellon_enable => 'info', - mellon_sp_private_key_file => '/etc/certs/${::fqdn}.key', - mellon_endpoint_path => '/mellon', - mellon_set_env_no_prefix => { 'ADFS_GROUP' => 'http://schemas.xmlsoap.org/claims/Group', - 'ADFS_EMAIL' => 'http://schemas.xmlsoap.org/claims/EmailAddress', }, - mellon_user => 'ADFS_LOGIN', - }, - { path => '/protected', - provider => 'location', - mellon_enable => 'auth', - auth_type => 'Mellon', - auth_require => 'valid-user', - mellon_cond => ['ADFS_LOGIN userA [MAP]','ADFS_LOGIN userB [MAP]'], - }, - ] -} -``` - -関連するパラメータは、`mod_auth_mellon`ディレクティブの名前に従います。 - -- `mellon_cond`: アクセスを許可するために満たす必要のあるmellon条件の配列をとり、配列内の各アイテムについて [MellonCond][`mod_auth_mellon`]ディレクティブを作成します。 -- `mellon_endpoint_path`: [MellonEndpointPath][`mod_auth_mellon`]を設定し、mellonエンドポイントパスを設定します。 -- `mellon_sp_metadata_file`: SPメタデータファイルの[MellonSPMetadataFile][`mod_auth_mellon`]ロケーションを設定します。 -- `mellon_idp_metadata_file`: IDPメタデータファイルの[MellonIDPMetadataFile][`mod_auth_mellon`]ロケーションを設定します。 -- `mellon_saml_rsponse_dump`: [MellonSamlResponseDump][`mod_auth_mellon`]ディレクティブを設定し、SAMLのデバッグを有効にします。 -- `mellon_set_env_no_prefix`:環境変数にマッピングする属性名のハッシュに関する [MellonSetEnvNoPrefix][`mod_auth_mellon`]ディレクティブを -設定します。 -- `mellon_sp_private_key_file`: サービスプロバイダのプライベートキー保存場所に関する[MellonSPPrivateKeyFile][`mod_auth_mellon`]ディレクティブを設定します。 -- `mellon_sp_cert_file`: サービスプロバイダの公開キー保存場所に関する[MellonSPCertFile][`mod_auth_mellon`]ディレクティブを設定します。 -- `mellon_user`: ユーザ名に関して使用する[MellonUser][`mod_auth_mellon`]属性を設定します。 -- `mellon_session_length`: [MellonSessionLength][`mod_auth_mellon`]属性を設定します。 - -##### `options` - -任意のディレクトリブロックに関する[オプション](https://httpd.apache.org/docs/current/mod/core.html#options)をリスト化します。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - options => ['Indexes','FollowSymLinks','MultiViews'], - }, - ], -} -``` - -##### `order` - -[Apacheコアドキュメント](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order)に従い、AllowおよびDenyステートメントの処理順序を設定します。**廃止予定:** このパラメータは、Apacheが変更されたため、廃止予定になっています。Apache 2.2以下でのみ機能します。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - order => 'Allow,Deny', - }, - ], -} -``` - -##### `passenger_enabled` - -[PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled)ディレクティブの値を'on'または'off'に設定します。`apache::mod::passenger`を含める必要があります。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - passenger_enabled => 'on', - }, - ], -} -``` - -> **注意:** PassengerEnabledディレクティブをPassengerHighPerformanceディレクティブとともに使用すると、[問題](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html)が生じます。 - -##### `php_value`および`php_flag` - -`php_value`はディレクトリの値を設定し、`php_flag`はブーリアンを用いてディレクトリを設定します。詳細は[こちら](http://php.net/manual/en/configuration.changes.php)で確認できます。 - -##### `php_admin_value`および`php_admin_flag` - -`php_admin_value`はディレクトリの値を設定し、`php_admin_flag`はブーリアンを用いてディレクトリを設定します。詳細は[こちら](http://php.net/manual/en/configuration.changes.php)で確認できます。 - - -##### `require` - - -[Apache Authzドキュメント](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#require)に従い、`Require`ディレクティブを設定します。`require`が設定されていない場合、`Require all granted`がデフォルトになります。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - require => 'ip 10.17.42.23', - } - ], -} -``` - -より複雑な要件設定が必要な場合、apache >= 2.4では[RequireAll](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireall)、[RequireNone](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requirenone)または[RequireAny](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireany)ディレクティブを使用できます。'any'、'none'、'all'のみをサポートする(その他の値は無視されます)'enforce'キーを使うと、以下のように設定できます。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - require => { - enforce => 'any', - requires => [ - 'ip 1.2.3.4', - 'not host host.example.com', - 'user xyz', - ], - }, - }, - ], -} -``` - -`require`を`unmanaged`に設定すると、何も設定されません。これは、カスタムフラグメントで扱われる複雑な認証/権限要件に役立ちます。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - require => 'unmanaged', - } - ], -} -``` - - - -##### `satisfy` - -[Apacheコアドキュメント](https://httpd.apache.org/docs/2.2/mod/core.html#satisfy)に従い、`Satisfy`ディレクティブを設定します。**廃止予定:** このパラメータは、Apacheが変更されたため、廃止予定になっています。Apache 2.2以下でのみ機能します。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - satisfy => 'Any', - } - ], -} -``` - -##### `sethandler` - -[Apache Coreドキュメント](https://httpd.apache.org/docs/2.2/mod/core.html#sethandler)に従い、`SetHandler`ディレクティブを設定します。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - sethandler => 'None', - } - ], -} -``` - -##### `set_output_filter` - -[Apache Coreドキュメント](https://httpd.apache.org/docs/current/mod/core.html#setoutputfilter)に従い、`SetOutputFilter`ディレクティブを設定します。 - -``` puppet -apache::vhost{ 'filter.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - set_output_filter => puppetdb-strip-resource-params, - }, - ], -} -``` - -##### `rewrites` - -バーチャルホストディレクトリ内でURL [`rewrites`](#rewrites)ルールを作成します。ハッシュの配列が求められます。ハッシュキーは'comment'、'rewrite_base'、'rewrite_cond'または'rewrite_rule'のいずれかにすることができます。 - -``` puppet -apache::vhost { 'secure.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - rewrites => [ { comment => 'Permalink Rewrites', - rewrite_base => '/' - }, - { rewrite_rule => ['^index\.php$ - [L]'] - }, - { rewrite_cond => ['%{REQUEST_FILENAME} !-f', - '%{REQUEST_FILENAME} !-d', - ], - rewrite_rule => ['. /index.php [L]'], - } - ], - }, - ], -} -``` - -> **注意**: ディレクトリにリライトを含める場合は、`apache::mod::rewrite`も含めてください。また、バーチャルホストのディレクトリのリライト設定ではなく、`apache::vhost`の`rewrites`パラメータを用いたリライトの設定を考慮してください。 - -##### `shib_request_settings` - -アプリケーションリクエストに関して、有効なコンテンツ設定の設定または変更を可能にします。このコマンドは、次の2つのパラメータをとります: コンテンツ設定の名前、およびそれについて設定する値。有効な設定については、Shibboleth [コンテンツ設定ドキュメント](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings)を参照してください。このキーは、`apache::mod::shib`が定義されていない場合は無効になります。詳細については、[`mod_shib`ドキュメント](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions)を参照してください。 - -``` puppet -apache::vhost { 'secure.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - shib_request_settings => { 'requiresession' => 'On' }, - shib_use_headers => 'On', - }, - ], -} -``` - -##### `shib_use_headers` - -'On'に設定すると、アプリケーションに属性を公開するリクエストヘッダの使用がオンになります。このキーの値は'On'または'Off'です。デフォルト値は'Off'です。このキーは、`apache::mod::shib`が定義されていない場合は無効になります。詳細については、[`mod_shib`ドキュメント](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions)を参照してください。 - -##### `shib_compat_valid_user` - -このコマンドが存在しなかったときの動作と合わせるため、デフォルト値はOffです。 "valid-user"および"user"のRequireルールの処理で、「標準」Apacheの動作を復元して、Shibbolethをその他のauth/authモジュールと組み合わせて使用する場合の競合を解消します。詳細については、[`mod_shib`ドキュメント](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions)、および[NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess)を参照してください。`apache::mod::shib`が定義されていない場合、このキーは無効です。 - -##### `ssl_options` - -[SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions)の文字列またはリスト。これにより、SSLエンジンのランタイムオプションが設定されます。このハンドラは、バーチャルホストの親ブロック内のSSLOptionsセットよりも優先されます。 - -``` puppet -apache::vhost { 'secure.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - ssl_options => '+ExportCertData', - }, - { path => '/path/to/different/dir', - ssl_options => ['-StdEnvVars', '+ExportCertData'], - }, - ], -} -``` - -##### `suphp` - -[suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG)設定に関する'user'および'group'キーを含むハッシュ。バーチャルホスト宣言で`suphp_engine => on`とともに使用する必要があり、`directories`内でのみ渡すことができます。 - -``` puppet -apache::vhost { 'secure.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/directory', - suphp => { - user => 'myappuser', - group => 'myappgroup', - }, - }, - ], -} -``` -##### `additional_includes` - -バーチャルホストディレクトリ内にある追加の静的な固有のApache設定ファイルのパスを指定します。値: 文字列パスの配列。 - -``` puppet -apache::vhost { 'sample.example.net': - docroot => '/path/to/directory', - directories => [ - { path => '/path/to/different/dir', - additional_includes => ['/custom/path/includes', '/custom/path/another_includes',], - }, - ], -} -``` - -#### `apache::vhost`のSSLパラメータ - -`::vhost`のすべてのSSLパラメータは、基本の`apache`クラスで設定された値がデフォルトになります。以下のパラメータを使えば、特定のバーチャルホストに関する個別のSSL設定を調整できます。 - -##### `ssl` - -バーチャルホストのSSLを有効にします。SSLバーチャルホストはHTTPSクエリにのみ応答します。値: ブーリアン。 - -デフォルト値: `false`。 - -##### `ssl_ca` - -使用するSSL認証局を指定して、認証に使用するクライアントの証明書を検証します。これを使用するには、`ssl_verify_client`も設定する必要があります。 - -デフォルト値: `undef`。 - -##### `ssl_cert` - -SSL証明書を指定します。 - -デフォルト値: オペレーティングシステムによって異なります。 - -* RedHat: '/etc/pki/tls/certs/localhost.crt' -* Debian: '/etc/ssl/certs/ssl-cert-snakeoil.pem' -* FreeBSD: '/usr/local/etc/apache22/server.crt' -* Gentoo: '/etc/ssl/apache2/server.crt' - -##### `ssl_protocol` - -[SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol)を指定します。許可されるプロトコルの配列またはスペースで区切った文字列が求められます。 - -デフォルト値: 'all'、'-SSLv2'、'-SSLv3'。 - -##### `ssl_cipher` - -[SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite)を指定します。 - -デフォルト値: 'HIGH:MEDIUM:!aNULL:!MD5'。 - -##### `ssl_honorcipherorder` - -[SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder)を指定し、クライアントの優先順ではなくサーバの優先順をApacheに使用させます。値: - -値: ブーリアン、'on'、'off'。 - -デフォルト値: `true`。 - -##### `ssl_certs_dir` - -SSL認証ディレクトリの場所を指定してクライアントの証明書を検証します。`ssl_verify_client`も設定されていない限り使用されません(下記参照)。 - -デフォルト: undef - -##### `ssl_chain` - -SSLチェーンを指定します。このデフォルト値は設定しなくても機能しますが、本稼働環境で使用する前に、固有の証明書情報により基本の`apache`クラス内で更新する必要があります。 - -デフォルト値: `undef`。 - -##### `ssl_crl` - -使用する証明書失効リストを指定します。(このデフォルト値は設定しなくても機能しますが、本稼働環境で使用する前に、固有の証明書情報により基本の`apache`クラス内で更新する必要があります。) - -デフォルト値: `undef`。 - -##### `ssl_crl_path` - -証明書失効リストの保存場所を指定して、クライアント認証の証明書を検証します(このデフォルト値は設定しなくても機能しますが、本稼働環境で使用する前に、固有の証明書情報により基本の`apache`クラス内で更新する必要があります)。 - -デフォルト値: `undef`。 - -##### `ssl_crl_check` - -[SSLCARevocationCheckディレクティブ](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck)により、SSLクライアント認証の証明書失効チェックレベルを設定します。このデフォルト値は設定しなくても機能しますが、本稼働環境でCRLを使用する際に指定する必要があります。Apache 2.4以上にのみ適用され、それ以前のバージョンではこの値は無視されます。 - -デフォルト値: `undef`。 - -##### `ssl_key` - -SSLキーを指定します。 - -デフォルト値はオペレーティングシステムによって異なります。このデフォルト値は設定しなくても機能しますが、本稼働環境で使用する前に、固有の証明書情報により基本の`apache`クラス内で更新する必要があります。 - -* RedHat: '/etc/pki/tls/private/localhost.key' -* Debian: '/etc/ssl/private/ssl-cert-snakeoil.key' -* FreeBSD: '/usr/local/etc/apache22/server.key' -* Gentoo: '/etc/ssl/apache2/server.key' - -##### `ssl_verify_client` - -[SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient)ディレクティブを設定します。これにより、クライアント認証に関する証明書確認レベルが設定されます。 - -``` puppet -apache::vhost { 'sample.example.net': - … - ssl_verify_client => 'optional', -} -``` - -値: 'none'、'optional'、'require'、'optional_no_ca'。 - -デフォルト値: `undef`。 - - -##### `ssl_verify_depth` - -[SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth)ディレクティブを設定します。これにより、クライアント認証確認におけるCA証明書の最大深さが指定されます。これを有効にするには、`ssl_verify_client`を設定する必要があります。 - -``` puppet -apache::vhost { 'sample.example.net': - … - ssl_verify_client => 'require', - ssl_verify_depth => 1, -} -``` - -デフォルト値: `undef`。 - -##### `ssl_proxy_protocol` - -[SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol)ディレクティブを設定します。これにより、プロキシに関するサーバ環境を確立する際に`mod_ssl`が使用すべきSSLプロトコルフレーバーを制御します。提示されたプロトコルのうちの1つのみを使用しているサーバに接続します。 - -デフォルト値: `undef`。 - -##### `ssl_proxy_verify` - -[SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify)ディレクティブを設定します。これにより、リクエストをリモートSSLサーバに転送するようにプロキシが設定されている場合のリモートサーバの証明書確認を設定します。 - -デフォルト値: `undef`。 - -##### `ssl_proxy_verify_depth` - -[SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth)ディレクティブを設定します。これにより、リモートサーバに有効な証明書がないと判断するにあたり、mod_sslが行う確認の深さを設定します。 - -深さ0では、自己署名リモートサーバ証明書のみが許可されます。デフォルトの深さ 1では、リモートサーバ証明書を自己署名にすることも、サーバが直接知っているCAにより署名することもできます。 - -デフォルト値: `undef`。  - -##### `ssl_proxy_cipher_suite` - -[SSLProxyCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyciphersuite)ディレクティブを設定します。このディレクティブは、sslプロキシトラフィックに対してサポートされる暗号化スイートを制御します。 - -デフォルト値: `undef`。  - -##### `ssl_proxy_ca_cert` - -[SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile)ディレクティブを設定します。これにより、やりとりするリモートサーバに関する認証局(CA)の証明書を集められるオールインワンファイルを指定します。これはリモートサーバ認証に用いられます。このファイルは、PEMエンコード証明書ファイルを優先順に連結したものにする必要があります。 - -デフォルト値: `undef`。  - -##### `ssl_proxy_machine_cert` - -[SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile)ディレクティブを設定します。これにより、このサーバがリモートサーバの認証に用いる証明書とキーを保存するオールインワンファイルを指定します。このファイルは、PEMエンコード証明書ファイルを優先順に連結したものにする必要があります。 - -``` puppet -apache::vhost { 'sample.example.net': - … - ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem', -} -``` - -デフォルト値: `undef`。  - -##### `ssl_proxy_check_peer_cn` - -[SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn)ディレクティブを設定します。これにより、リモートサーバの証明書のCNフィールドをリクエストURLのホスト名と比較するかどうかを指定します。 - -値: 'on'、'off'。  - -デフォルト値: `undef`。  - -##### `ssl_proxy_check_peer_name` - -[SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername)ディレクティブを設定します。これにより、リモートサーバの証明書のCNフィールドをリクエストURLのホスト名と比較するかどうかを決定します。 - -値: 'on'、'off'。  - -デフォルト値: `undef`。  - -##### `ssl_proxy_check_peer_expire` - -[SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire)ディレクティブを設定します。これにより、リモートサーバの証明書の有効期限をチェックするかどうかを指定します。 - -値: 'on'、'off'。  - -デフォルト値: `undef`。  - -##### `ssl_options` - -[SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions)ディレクティブを設定します。これにより、各種のSSLエンジンのランタイムオプションを設定します。これは任意のバーチャルホスト全体の設定で、文字列にすることも配列にすることもできます。 - -文字列: - -``` puppet -apache::vhost { 'sample.example.net': - … - ssl_options => '+ExportCertData', -} -``` - -配列: - -``` puppet -apache::vhost { 'sample.example.net': - … - ssl_options => ['+StrictRequire', '+ExportCertData'], -} -``` - -デフォルト値: `undef`。 - -##### `ssl_openssl_conf_cmd` - -[SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd)ディレクティブを設定します。これにより、OpenSSLパラメータを直接設定できます。 - -デフォルト値: `undef`。  - -##### `ssl_proxyengine` - -[SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine)を使用するかどうかを指定します。 - -ブーリアン。 - -デフォルト値: `false`。 - -##### `ssl_stapling` - -[SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling)を使用するかどうかを指定します。デフォルトでは、全体で設定されているものを使用します。 - -このパラメータはApache 2.4以上にのみ適用され、それ以前のバージョンでは無視されます。  - -ブーリアンまたは`undef`。 - -デフォルト値: `undef`。  - -##### `ssl_stapling_timeout` - -[SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout)ディレクティブの設定に使用できます。 - -このパラメータはApache 2.4以上にのみ適用され、それ以前のバージョンでは無視されます。  - -デフォルト値: なし。  - -##### `ssl_stapling_return_errors` - -[SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors)ディレクティブの設定に使用できます。 - -このパラメータはApache 2.4以上にのみ適用され、それ以前のバージョンでは無視されます。  - -デフォルト値: なし。  - -#### 定義タイプ: FastCGIサーバ - -このタイプは、mod\_fastcgiとともに使用します。特定のファイルタイプを扱う1つまたは複数の外部FastCGIサーバを定義することができます。 - -** 注意 ** Ubuntu 10.04+では、マルチバースリポジトリを手動で有効にする必要があります。 - -例: - -``` puppet -apache::fastcgi::server { 'php': - host => '127.0.0.1:9000', - timeout => 15, - flush => `false`, - faux_path => '/var/www/php.fcgi', - fcgi_alias => '/php.fcgi', - file_type => 'application/x-httpd-php', - pass_header => '' -} -``` - -その後、バーチャルホスト内で、上で指定したfastcgiサーバで扱う特定のファイルタイプを設定することができます。 - -``` puppet -apache::vhost { 'www': - ... - custom_fragment => 'AddType application/x-httpd-php .php' - ... -} -``` - -##### `host` - -FastCGIサーバのホスト名またはIPアドレスおよびTCPポート番号(1-65535)。 - -unixソケットを渡すこともできます。 - -``` puppet -apache::fastcgi::server { 'php': - host => '/var/run/fcgi.sock', -} -``` - -##### `timeout` - -リクエストが中止され、(エラーLogLevel)にイベントが記録されるまでに、FastCGIアプリケーションが非アクティブの状態で待機する秒数。この非アクティブタイマーは、FastCGIアプリケーションとの接続が待機中の場合のみ適用されます。アプリケーションの待ち行列に入ったリクエストに対して、時間内に記述やフラッシュによる応答がないと、リクエストは中止されます。アプリケーションとの通信が完了したものの、クライアントとの通信が完了しなかった(応答がバッファリングされた)場合は、タイムアウトは適用されません。 - -##### `flush` - -アプリケーションから受信したデータを、強制的にクライアントに書き込みます。デフォルトでは、アプリケーションをできるだけ早くフリーな状態にするために、`mod_fastcgi`はデータをバッファリングします。 - -##### `faux_path` - -ローカルファイルシステムに存在する必要はありません。Apacheがこのファイル名に解読するURIは、この外部FastCGIアプリケーションにより処理されます。 - -##### `alias` - -一意のエイリアス。 アクションとFastCGIサーバをリンクさせるために内部で用いられます。 - -##### `file_type` - -FastCGIサーバにより処理するファイルのMIMEタイプ。 - -##### `pass_header` - -リクエスト環境で渡されるHTTPリクエストヘッダの名前。このオプションにより、通常はCGI環境で利用できないヘッダコンテンツ(認証など)が利用できるようになります。 - -#### 定義タイプ: `apache::vhost::custom` - -`apache::vhost::custom`定義タイプは、 `apache::custom_config`定義タイプのシンラッパーで、Apacheにおいてバーチャルホストディレクトリに固有のデフォルト設定の一部をオーバーライドします。 - -**`apache::vhost::custom`内のパラメータ**: - -##### `content` - -設定ファイルのコンテンツを設定します。 - -##### `ensure` - -バーチャルホストファイルが存在するかどうかを指定します。 - -値: 'absent'、'present'。  - -デフォルト値: 'present'。  - -##### `priority` - -Apache HTTPD VirtualHost設定ファイルに関する相対的なロード順序を設定します。 - -デフォルト値: '25'。 - -##### `verify_config` - -Apacheサービスに通知する前に設定ファイルのバリデーションを行うかどうかを指定します。 - -ブーリアン。 - -デフォルト値: `true`。 - -### プライベート定義タイプ - -#### 定義タイプ: `apache::peruser::multiplexer`  - -この定義タイプは、Apacheモジュールにクラスがあるかどうかを確認します。クラスがある場合は、そのクラスを含めます。ない場合は、モジュール名を[`apache::mod`][]定義タイプに渡します。 - -#### 定義タイプ: `apache::peruser::multiplexer`  - -FreeBSDに関してのみ、[`Peruser`][]モジュールを有効にします。  - -#### 定義タイプ: `apache::peruser::processor` - -FreeBSDに関してのみ、[`Peruser`][]モジュールを有効にします。  - -#### 定義タイプ: `apache::security::file_link` - -[`apache::mod::security`][]の`activated_rules`をディスク上のそれぞれのCRSルールにリンクします。 - -### テンプレート - -Apacheモジュールは、[`apache::vhost`][]および[`apache::mod`][]定義タイプを有効にするにあたり、テンプレートに大きく依存しています。このテンプレートは、オペレーティングシステムに固有の[Facter][] factsをベースに構築されています。明示的にコールアウトされない限り、ほとんどのテンプレートは設定には使われません。 - -### タスク - -Apacheモジュールには、サービスの再起動なしでApache設定を再ロードできるタスクがあります。タスクの実行方法については、[Puppet Enterpriseマニュアル](https://puppet.com/docs/pe/2017.3/orchestrator/running_tasks.html)または[Boltマニュアル](https://puppet.com/docs/bolt/latest/bolt.html)を参照してください。 - -### 関数 -#### apache_pw_hash -Apacheが読みこむhtpasswdファイルに適したフォーマットでパスワードをハッシュします。 - -現在はSHAハッシュを使用しています。これは、このフォーマットは安全ではないとされているものの、ほとんどのプラットフォームでサポートされているもっとも安全なフォーマットであるためです。 - - -## 制約事項 - - サポートされているオペレーティングシステムの一覧については、[metadata.json](https://github.com/puppetlabs/puppetlabs-apache/blob/master/metadata.json)を参照してください。 - -### FreeBSD - -FreeBSDでこのモジュールを使用するには、apache24-2.4.12 (www/apache24)以降を使用する_必要があります_。 - -### Gentoo - -Gentooでは、このモジュールは[`gentoo/puppet-portage`][] Puppetモジュールに依存します。Gentooに関しては、一部の機能や設定が適用または有効化されますが、このモジュールに[対応するオペレーティングシステム][]ではありません。 - -### RHEL/CentOS -[`apache::mod::auth_cas`][]、[`apache::mod::passenger`][]、[`apache::mod::proxy_html`][]、[`apache::mod::shib`][]クラスは、追加のリポジトリから依存関係パッケージが提供されていなければ、RH/CentOSでは機能しません。 - -関連するリポジトリとパッケージについては、以下の各ドキュメントを参照してください。 - -#### RHEL/CentOS 5 - -[`apache::mod::passenger`][]および[`apache::mod::proxy_html`][]クラスは、リポジトリに適合するパッケージがないため、テストされていません。 - -#### RHEL/CentOS 6 - -[`apache::mod::passenger`][]クラスは、EL6リポジトリに適合するパッケージがないため、インストールされません。 - -#### RHEL/CentOS 7 - -[`apache::mod::passenger`][]および[`apache::mod::proxy_html`][]クラスは、EL7リポジトリに適合するパッケージがないため、テストされていません。また、[`apache::vhost`][]定義タイプの[`rack_base_uris`][]パラメータも、同様の理由でテストされていません。 - -### SELinuxおよびカスタムパス - -[SELinux][]が[適用モード][]になっていて、`logroot`、`mod_dir`、`vhost_dir`、`docroot`に関してカスタムパスを使用したい場合は、ファイルのコンテキストを各自で管理する必要があります。 - -これにはPuppetを使用できます。 - -``` puppet -exec { 'set_apache_defaults': - command => 'semanage fcontext -a -t httpd_sys_content_t "/custom/path(/.*)?"', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - require => Package['policycoreutils-python'], -} - -package { 'policycoreutils-python': - ensure => installed, -} - -exec { 'restorecon_apache': - command => 'restorecon -Rv /apache_spec', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - before => Class['Apache::Service'], - require => Class['apache'], -} - -class { 'apache': } - -host { 'test.server': - ip => '127.0.0.1', -} - -file { '/custom/path': - ensure => directory, -} - -file { '/custom/path/include': - ensure => present, - content => '#additional_includes', -} - -apache::vhost { 'test.server': - docroot => '/custom/path', - additional_includes => '/custom/path/include', -} -``` - -`chcon`ではなく、`semanage fcontext`を用いてコンテキストを設定する必要があります。これは、Puppetの`file`リソースでは、リソースにより指定されていない場合、その値のコンテキストがリセットされるためです。 - -### Ubuntu 10.04 - -[`apache::vhost::WSGIImportScript`][]パラメータにより、Apacheの古いバージョンではサポートされていないバーチャルホスト内のステートメントが作成され、不具合が生じます。これは今後のリファクタリングで修正される予定です。 - -### Ubuntu 16.04 -[`apache::mod::suphp`][]クラスは、リポジトリに適合するパッケージがないため、テストされていません。 - - -## 開発 - -### 貢献 - -[Puppet Forge][]上の[Puppet][]モジュールはオープンプロジェクトであり、その価値を維持するにはコミュニティからの貢献が欠かせません。Puppetが提供する膨大な数のプラットフォームや、無数のハードウェア、ソフトウェア、デプロイ設定に弊社がアクセスすることは不可能です。 - -できるだけ変更に簡単に貢献していただき、お使いの環境でモジュールが動作するようにしたいと考えています。モジュールの品質の維持と改善のため、Puppetは貢献者に守っていただくガイドラインを設けています。 - -詳細については、[モジュールコントリビューションガイド][]および[CONTRIBUTING.md][]を参照してください。 diff --git a/puppet/modules/apache/spec/acceptance/apache_parameters_spec.rb b/puppet/modules/apache/spec/acceptance/apache_parameters_spec.rb deleted file mode 100755 index 98c7dd2..0000000 --- a/puppet/modules/apache/spec/acceptance/apache_parameters_spec.rb +++ /dev/null @@ -1,616 +0,0 @@ -require 'spec_helper_acceptance' -require_relative './version.rb' - -describe 'apache parameters' do - # Currently this test only does something on FreeBSD. - describe 'default_confd_files => false' do - it 'doesnt do anything' do - pp = "class { 'apache': default_confd_files => false }" - apply_manifest(pp, catch_failures: true) - end - - if host_inventory['facter']['os']['family'] == 'FreeBSD' - describe file("#{$confd_dir}/no-accf.conf.erb") do - it { is_expected.not_to be_file } - end - end - end - describe 'default_confd_files => true' do - it 'copies conf.d files' do - pp = "class { 'apache': default_confd_files => true }" - apply_manifest(pp, catch_failures: true) - end - - if host_inventory['facter']['os']['family'] == 'FreeBSD' - describe file("#{$confd_dir}/no-accf.conf.erb") do - it { is_expected.to be_file } - end - end - end - - describe 'when set adds a listen statement' do - it 'applys cleanly' do - pp = "class { 'apache': ip => '10.1.1.1', service_ensure => stopped }" - apply_manifest(pp, catch_failures: true) - end - - describe file($ports_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'Listen 10.1.1.1' } - end - end - - describe 'service tests => true' do - pp = <<-MANIFEST - class { 'apache': - service_enable => true, - service_manage => true, - service_ensure => running, - } - MANIFEST - it 'starts the service' do - apply_manifest(pp, catch_failures: true) - end - - describe service($service_name) do - it { is_expected.to be_running } - if host_inventory['facter']['os']['name'] == 'debian' && os[:release][0] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif host_inventory['facter']['os']['name'] == 'sles' && os[:release][0..1] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - end - end - - describe 'service tests => false' do - pp = <<-MANIFEST - class { 'apache': - service_enable => false, - service_ensure => stopped, - } - MANIFEST - it 'stops the service' do - apply_manifest(pp, catch_failures: true) - end - - describe service($service_name) do - it { is_expected.not_to be_running } - if host_inventory['facter']['os']['name'] == 'debian' && os[:release][0] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif host_inventory['facter']['os']['name'] == 'sles' && os[:release][0..1] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.not_to be_enabled } - end - end - end - - describe 'service manage => false' do - pp = <<-MANIFEST - class { 'apache': - service_enable => true, - service_manage => false, - service_ensure => true, - } - MANIFEST - it 'we dont manage the service, so it shouldnt start the service' do - apply_manifest(pp, catch_failures: true) - end - - describe service($service_name) do - it { is_expected.not_to be_running } - if host_inventory['facter']['os']['name'] == 'debian' && os[:release][0] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif host_inventory['facter']['os']['name'] == 'sles' && os[:release][0..1] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.not_to be_enabled } - end - end - end - - if host_inventory['facter']['os']['family'] == 'Debian' - describe 'conf_enabled => /etc/apache2/conf-enabled' do - pp = <<-MANIFEST - class { 'apache': - purge_configs => false, - conf_enabled => "/etc/apache2/conf-enabled" - } - MANIFEST - it 'applies cleanly' do - shell('touch /etc/apache2/conf-enabled/test.conf') - apply_manifest(pp, catch_failures: true) - end - - # Ensure the created file didn't disappear. - describe file('/etc/apache2/conf-enabled/test.conf') do - it { is_expected.to be_file } - end - - # Ensure the default file didn't disappear. - describe file('/etc/apache2/conf-enabled/security.conf') do - it { is_expected.to be_file } - end - end - end - - describe 'purge parameters => false' do - pp = <<-MANIFEST - class { 'apache': - purge_configs => false, - purge_vhost_dir => false, - vhost_dir => "#{$confd_dir}.vhosts" - } - MANIFEST - it 'applies cleanly' do - shell("touch #{$confd_dir}/test.conf") - shell("mkdir -p #{$confd_dir}.vhosts && touch #{$confd_dir}.vhosts/test.conf") - apply_manifest(pp, catch_failures: true) - end - - # Ensure the files didn't disappear. - describe file("#{$confd_dir}/test.conf") do - it { is_expected.to be_file } - end - describe file("#{$confd_dir}.vhosts/test.conf") do - it { is_expected.to be_file } - end - end - - if host_inventory['facter']['os']['family'] != 'Debian' - describe 'purge parameters => true' do - pp = <<-MANIFEST - class { 'apache': - purge_configs => true, - purge_vhost_dir => true, - vhost_dir => "#{$confd_dir}.vhosts" - } - MANIFEST - it 'applies cleanly' do - shell("touch #{$confd_dir}/test.conf") - shell("mkdir -p #{$confd_dir}.vhosts && touch #{$confd_dir}.vhosts/test.conf") - apply_manifest(pp, catch_failures: true) - end - - # File should be gone - describe file("#{$confd_dir}/test.conf") do - it { is_expected.not_to be_file } - end - describe file("#{$confd_dir}.vhosts/test.conf") do - it { is_expected.not_to be_file } - end - end - end - - describe 'serveradmin' do - it 'applies cleanly' do - pp = "class { 'apache': serveradmin => 'test@example.com' }" - apply_manifest(pp, catch_failures: true) - end - - describe file($vhost) do - it { is_expected.to be_file } - it { is_expected.to contain 'ServerAdmin test@example.com' } - end - end - - describe 'sendfile' do - describe 'setup' do - it 'applies cleanly' do - pp = "class { 'apache': sendfile => 'On' }" - apply_manifest(pp, catch_failures: true) - end - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'EnableSendfile On' } - end - - describe 'setup' do - it 'applies cleanly' do - pp = "class { 'apache': sendfile => 'Off' }" - apply_manifest(pp, catch_failures: true) - end - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'Sendfile Off' } - end - end - - describe 'error_documents' do - describe 'setup' do - it 'applies cleanly' do - pp = "class { 'apache': error_documents => true }" - apply_manifest(pp, catch_failures: true) - end - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'Alias /error/' } - end - end - - describe 'timeout' do - describe 'setup' do - it 'applies cleanly' do - pp = "class { 'apache': timeout => '1234' }" - apply_manifest(pp, catch_failures: true) - end - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'Timeout 1234' } - end - end - - describe 'httpd_dir' do - describe 'setup' do - pp = <<-MANIFEST - class { 'apache': httpd_dir => '/tmp', service_ensure => stopped } - include 'apache::mod::mime' - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - end - - describe file("#{$mod_dir}/mime.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'AddLanguage eo .eo' } - end - end - - describe 'http_protocol_options' do - # Actually >= 2.4.24, but the minor version is not provided - # https://bugs.launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.15 - # basically versions of the ubuntu or sles apache package cause issue - if $apache_version >= '2.4' && host_inventory['facter']['os']['name'] !~ %r{Ubuntu|SLES} - describe 'setup' do - it 'applies cleanly' do - pp = "class { 'apache': http_protocol_options => 'Unsafe RegisteredMethods Require1.0'}" - apply_manifest(pp, catch_failures: true) - end - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'HttpProtocolOptions Unsafe RegisteredMethods Require1.0' } - end - end - end - - describe 'server_root' do - describe 'setup' do - it 'applies cleanly' do - pp = "class { 'apache': server_root => '/tmp/root', service_ensure => stopped }" - apply_manifest(pp, catch_failures: true) - end - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'ServerRoot "/tmp/root"' } - end - end - - describe 'confd_dir' do - describe 'setup' do - it 'applies cleanly' do - pp = "class { 'apache': confd_dir => '/tmp/root', service_ensure => stopped, use_optional_includes => true }" - apply_manifest(pp, catch_failures: true) - end - end - - if $apache_version == '2.4' - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'IncludeOptional "/tmp/root/*.conf"' } - end - else - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'Include "/tmp/root/*.conf"' } - end - end - end - - describe 'conf_template' do - describe 'setup' do - it 'applies cleanly' do - pp = "class { 'apache': conf_template => 'another/test.conf.erb', service_ensure => stopped }" - shell("mkdir -p #{default['distmoduledir']}/another/templates") - shell("echo 'testcontent' >> #{default['distmoduledir']}/another/templates/test.conf.erb") - apply_manifest(pp, catch_failures: true) - end - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'testcontent' } - end - end - - describe 'servername' do - describe 'setup' do - it 'applies cleanly' do - pp = "class { 'apache': servername => 'test.server', service_ensure => stopped }" - apply_manifest(pp, catch_failures: true) - end - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'ServerName "test.server"' } - end - end - - describe 'user' do - describe 'setup' do - pp = <<-MANIFEST - class { 'apache': - manage_user => true, - manage_group => true, - user => 'testweb', - group => 'testweb', - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - end - - describe user('testweb') do - it { is_expected.to exist } - it { is_expected.to belong_to_group 'testweb' } - end - - describe group('testweb') do - it { is_expected.to exist } - end - end - - describe 'logformats' do - describe 'setup' do - pp = <<-MANIFEST - class { 'apache': - log_formats => { - 'vhost_common' => '%v %h %l %u %t \\\"%r\\\" %>s %b', - 'vhost_combined' => '%v %h %l %u %t \\\"%r\\\" %>s %b \\\"%{Referer}i\\\" \\\"%{User-agent}i\\\"', - } - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common' } - it { is_expected.to contain 'LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined' } - end - end - - describe 'keepalive' do - describe 'setup' do - it 'applies cleanly' do - pp = "class { 'apache': keepalive => 'Off', keepalive_timeout => '30', max_keepalive_requests => '200' }" - apply_manifest(pp, catch_failures: true) - end - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'KeepAlive Off' } - it { is_expected.to contain 'KeepAliveTimeout 30' } - it { is_expected.to contain 'MaxKeepAliveRequests 200' } - end - end - - describe 'limitrequestfieldsize' do - describe 'setup' do - it 'applies cleanly' do - pp = "class { 'apache': limitreqfieldsize => '16830' }" - apply_manifest(pp, catch_failures: true) - end - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'LimitRequestFieldSize 16830' } - end - end - - describe 'limitrequestfields' do - describe 'setup' do - it 'applies cleanly' do - pp = "class { 'apache': limitreqfields => '120' }" - apply_manifest(pp, catch_failures: true) - end - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'LimitRequestFields 120' } - end - end - - describe 'logging' do - describe 'setup' do - pp = <<-MANIFEST - if $::osfamily == 'RedHat' and "$::selinux" == "true" { - $semanage_package = $::operatingsystemmajrelease ? { - '5' => 'policycoreutils', - default => 'policycoreutils-python', - } - - package { $semanage_package: ensure => installed } - exec { 'set_apache_defaults': - command => 'semanage fcontext -a -t httpd_log_t "/apache_spec(/.*)?"', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - require => Package[$semanage_package], - } - exec { 'restorecon_apache': - command => 'restorecon -Rv /apache_spec', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - before => Service['httpd'], - require => Class['apache'], - } - } - file { '/apache_spec': ensure => directory, } - class { 'apache': logroot => '/apache_spec' } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - end - - describe file("/apache_spec/#{$error_log}") do - it { is_expected.to be_file } - end - end - - describe 'ports_file' do - pp = <<-MANIFEST - file { '/apache_spec': ensure => directory, } - class { 'apache': - ports_file => '/apache_spec/ports_file', - ip => '10.1.1.1', - service_ensure => stopped - } - MANIFEST - it 'applys cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file('/apache_spec/ports_file') do - it { is_expected.to be_file } - it { is_expected.to contain 'Listen 10.1.1.1' } - end - end - - describe 'server_tokens' do - pp = <<-MANIFEST - class { 'apache': - server_tokens => 'Minor', - } - MANIFEST - it 'applys cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'ServerTokens Minor' } - end - end - - describe 'server_signature' do - pp = <<-MANIFEST - class { 'apache': - server_signature => 'testsig', - service_ensure => stopped, - } - MANIFEST - it 'applys cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'ServerSignature testsig' } - end - end - - describe 'hostname_lookups' do - describe 'setup' do - it 'applies cleanly' do - pp = "class { 'apache': hostname_lookups => 'On' }" - apply_manifest(pp, catch_failures: true) - end - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'HostnameLookups On' } - end - - describe 'setup' do - it 'applies cleanly' do - pp = "class { 'apache': hostname_lookups => 'Off' }" - apply_manifest(pp, catch_failures: true) - end - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'HostnameLookups Off' } - end - - describe 'setup' do - it 'applies cleanly' do - pp = "class { 'apache': hostname_lookups => 'Double' }" - apply_manifest(pp, catch_failures: true) - end - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'HostnameLookups Double' } - end - end - - describe 'trace_enable' do - pp = <<-MANIFEST - class { 'apache': - trace_enable => 'Off', - } - MANIFEST - it 'applys cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'TraceEnable Off' } - end - end - - describe 'file_e_tag' do - pp = <<-MANIFEST - class { 'apache': - file_e_tag => 'None', - } - MANIFEST - it 'applys cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file($conf_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'FileETag None' } - end - end - - describe 'package_ensure' do - pp = <<-MANIFEST - class { 'apache': - package_ensure => present, - } - MANIFEST - it 'applys cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe package($package_name) do - it { is_expected.to be_installed } - end - end -end diff --git a/puppet/modules/apache/spec/acceptance/apache_ssl_spec.rb b/puppet/modules/apache/spec/acceptance/apache_ssl_spec.rb deleted file mode 100644 index 63a44e7..0000000 --- a/puppet/modules/apache/spec/acceptance/apache_ssl_spec.rb +++ /dev/null @@ -1,154 +0,0 @@ -require 'spec_helper_acceptance' -require_relative './version.rb' - -describe 'apache ssl' do - describe 'ssl parameters' do - pp = <<-MANIFEST - class { 'apache': - service_ensure => stopped, - default_ssl_vhost => true, - default_ssl_cert => '/tmp/ssl_cert', - default_ssl_key => '/tmp/ssl_key', - default_ssl_chain => '/tmp/ssl_chain', - default_ssl_ca => '/tmp/ssl_ca', - default_ssl_crl_path => '/tmp/ssl_crl_path', - default_ssl_crl => '/tmp/ssl_crl', - default_ssl_crl_check => 'chain', - } - MANIFEST - it 'runs without error' do - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) - end - - describe file("#{$vhost_dir}/15-default-ssl.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } - it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } - it { is_expected.to contain 'SSLCertificateChainFile "/tmp/ssl_chain"' } - it { is_expected.not_to contain 'SSLCACertificateFile "/tmp/ssl_ca"' } - it { is_expected.not_to contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } - it { is_expected.not_to contain 'SSLCARevocationFile "/tmp/ssl_crl"' } - if $apache_version == '2.4' - it { is_expected.not_to contain 'SSLCARevocationCheck "chain"' } - else - it { is_expected.not_to contain 'SSLCARevocationCheck' } - end - end - end - - describe 'vhost ssl parameters' do - pp = <<-MANIFEST - class { 'apache': - service_ensure => stopped, - } - - apache::vhost { 'test_ssl': - docroot => '/tmp/test', - ssl => true, - ssl_cert => '/tmp/ssl_cert', - ssl_key => '/tmp/ssl_key', - ssl_chain => '/tmp/ssl_chain', - ssl_ca => '/tmp/ssl_ca', - ssl_crl_path => '/tmp/ssl_crl_path', - ssl_crl => '/tmp/ssl_crl', - ssl_crl_check => 'chain', - ssl_certs_dir => '/tmp', - ssl_protocol => 'test', - ssl_cipher => 'test', - ssl_honorcipherorder => 'test', - ssl_verify_client => 'test', - ssl_verify_depth => 'test', - ssl_options => ['test', 'test1'], - ssl_proxyengine => true, - ssl_proxy_protocol => 'TLSv1.2', - } - MANIFEST - it 'runs without error' do - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) - end - - describe file("#{$vhost_dir}/25-test_ssl.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } - it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } - it { is_expected.to contain 'SSLCertificateChainFile "/tmp/ssl_chain"' } - it { is_expected.to contain 'SSLCACertificateFile "/tmp/ssl_ca"' } - it { is_expected.to contain 'SSLCACertificatePath "/tmp"' } - it { is_expected.to contain 'SSLCARevocationPath "/tmp/ssl_crl_path"' } - it { is_expected.to contain 'SSLCARevocationFile "/tmp/ssl_crl"' } - it { is_expected.to contain 'SSLProxyEngine On' } - it { is_expected.to contain 'SSLProtocol test' } - it { is_expected.to contain 'SSLCipherSuite test' } - it { is_expected.to contain 'SSLHonorCipherOrder test' } - it { is_expected.to contain 'SSLVerifyClient test' } - it { is_expected.to contain 'SSLVerifyDepth test' } - it { is_expected.to contain 'SSLOptions test test1' } - if $apache_version == '2.4' - it { is_expected.to contain 'SSLCARevocationCheck "chain"' } - else - it { is_expected.not_to contain 'SSLCARevocationCheck' } - end - end - end - - describe 'vhost ssl ssl_ca only' do - pp = <<-MANIFEST - class { 'apache': - service_ensure => stopped, - } - - apache::vhost { 'test_ssl_ca_only': - docroot => '/tmp/test', - ssl => true, - ssl_cert => '/tmp/ssl_cert', - ssl_key => '/tmp/ssl_key', - ssl_ca => '/tmp/ssl_ca', - ssl_verify_client => 'test', - } - MANIFEST - it 'runs without error' do - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) - end - - describe file("#{$vhost_dir}/25-test_ssl_ca_only.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } - it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } - it { is_expected.to contain 'SSLCACertificateFile "/tmp/ssl_ca"' } - it { is_expected.not_to contain 'SSLCACertificatePath' } - end - end - - describe 'vhost ssl ssl_certs_dir' do - pp = <<-MANIFEST - class { 'apache': - service_ensure => stopped, - } - - apache::vhost { 'test_ssl_certs_dir_only': - docroot => '/tmp/test', - ssl => true, - ssl_cert => '/tmp/ssl_cert', - ssl_key => '/tmp/ssl_key', - ssl_certs_dir => '/tmp', - ssl_verify_client => 'test', - } - MANIFEST - it 'runs without error' do - apply_manifest(pp, catch_failures: true) - apply_manifest(pp, catch_changes: true) - end - - describe file("#{$vhost_dir}/25-test_ssl_certs_dir_only.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'SSLCertificateFile "/tmp/ssl_cert"' } - it { is_expected.to contain 'SSLCertificateKeyFile "/tmp/ssl_key"' } - it { is_expected.to contain 'SSLCACertificatePath "/tmp"' } - it { is_expected.to contain 'SSLVerifyClient test' } - it { is_expected.not_to contain 'SSLCACertificateFile' } - end - end -end diff --git a/puppet/modules/apache/spec/acceptance/class_spec.rb b/puppet/modules/apache/spec/acceptance/class_spec.rb deleted file mode 100644 index d86a8df..0000000 --- a/puppet/modules/apache/spec/acceptance/class_spec.rb +++ /dev/null @@ -1,93 +0,0 @@ -require 'spec_helper_acceptance' -require_relative './version.rb' - -describe 'apache class' do - context 'default parameters' do - let(:pp) { "class { 'apache': }" } - - it_behaves_like 'a idempotent resource' - - describe 'apache_version fact' do - let(:result) do - apply_manifest('include apache', catch_failures: true) - version_check_pp = <<-MANIFEST - notice("apache_version = >${apache_version}<") - MANIFEST - apply_manifest(version_check_pp, catch_failures: true) - end - - it { - expect(result.output).to match(%r{apache_version = >#{$apache_version}.*<}) - } - end - - describe package($package_name) do - it { is_expected.to be_installed } - end - - describe service($service_name) do - if host_inventory['facter']['os']['name'] == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif host_inventory['facter']['os']['name'] == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - it { is_expected.to be_running } - end - - describe port(80) do - it { is_expected.to be_listening } - end - end - - context 'custom site/mod dir parameters' do - # Using puppet_apply as a helper - let(:pp) do - <<-MANIFEST - if $::osfamily == 'RedHat' and "$::selinux" == "true" { - $semanage_package = $::operatingsystemmajrelease ? { - '5' => 'policycoreutils', - default => 'policycoreutils-python', - } - - package { $semanage_package: ensure => installed } - exec { 'set_apache_defaults': - command => 'semanage fcontext -a -t httpd_sys_content_t "/apache_spec(/.*)?"', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - subscribe => Package[$semanage_package], - refreshonly => true, - } - exec { 'restorecon_apache': - command => 'restorecon -Rv /apache_spec', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - before => Service['httpd'], - require => Class['apache'], - subscribe => Exec['set_apache_defaults'], - refreshonly => true, - } - } - file { '/apache_spec': ensure => directory, } - file { '/apache_spec/apache_custom': ensure => directory, } - class { 'apache': - mod_dir => '/apache_spec/apache_custom/mods', - vhost_dir => '/apache_spec/apache_custom/vhosts', - } - MANIFEST - end - - # Run it twice and test for idempotency - it_behaves_like 'a idempotent resource' - - describe service($service_name) do - if host_inventory['facter']['os']['name'] == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif host_inventory['facter']['os']['name'] == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - it { is_expected.to be_running } - end - end -end diff --git a/puppet/modules/apache/spec/acceptance/custom_config_spec.rb b/puppet/modules/apache/spec/acceptance/custom_config_spec.rb deleted file mode 100644 index 799fdc1..0000000 --- a/puppet/modules/apache/spec/acceptance/custom_config_spec.rb +++ /dev/null @@ -1,91 +0,0 @@ -require 'spec_helper_acceptance' -require_relative './version.rb' - -describe 'apache::custom_config define' do - context 'invalid config' do - pp = <<-MANIFEST - class { 'apache': } - apache::custom_config { 'acceptance_test': - content => 'INVALID', - } - MANIFEST - it 'does not add the config' do - apply_manifest(pp, expect_failures: true) - end - - describe file("#{$confd_dir}/25-acceptance_test.conf") do - it { expect(file).not_to exist } - end - end - - context 'valid config' do - pp = <<-MANIFEST - class { 'apache': } - apache::custom_config { 'acceptance_test': - content => '# just a comment', - } - MANIFEST - it 'adds the config' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$confd_dir}/25-acceptance_test.conf") do - it { is_expected.to contain '# just a comment' } - end - end - - context 'with a custom filename' do - pp = <<-MANIFEST - class { 'apache': } - apache::custom_config { 'filename_test': - filename => 'custom_filename', - content => '# just another comment', - } - MANIFEST - it 'stores content in the described file' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$confd_dir}/custom_filename") do - it { is_expected.to contain '# just another comment' } - end - end - - describe 'custom_config without priority prefix' do - pp = <<-MANIFEST - class { 'apache': } - apache::custom_config { 'prefix_test': - priority => false, - content => '# just a comment', - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$confd_dir}/prefix_test.conf") do - it { is_expected.to be_file } - end - end - - describe 'custom_config only applied after configs are written' do - pp = <<-MANIFEST - class { 'apache': } - - apache::custom_config { 'ordering_test': - content => '# just a comment', - } - - # Try to wedge the apache::custom_config call between when httpd.conf is written and - # ports.conf is written. This should trigger a dependency cycle - File["#{$conf_file}"] -> Apache::Custom_config['ordering_test'] -> Concat["#{$ports_file}"] - MANIFEST - it 'applies in the right order' do - expect(apply_manifest(pp, expect_failures: true).stderr).to match(%r{Found 1 dependency cycle}i) - end - - describe file("#{$confd_dir}/25-ordering_test.conf") do - it { is_expected.not_to be_file } - end - end -end diff --git a/puppet/modules/apache/spec/acceptance/default_mods_spec.rb b/puppet/modules/apache/spec/acceptance/default_mods_spec.rb deleted file mode 100644 index e14dca7..0000000 --- a/puppet/modules/apache/spec/acceptance/default_mods_spec.rb +++ /dev/null @@ -1,112 +0,0 @@ -require 'spec_helper_acceptance' -require_relative './version.rb' - -describe 'apache::default_mods class' do - describe 'no default mods' do - # Using puppet_apply as a helper - let(:pp) do - <<-MANIFEST - class { 'apache': - default_mods => false, - } - MANIFEST - end - - # Run it twice and test for idempotency - it_behaves_like 'a idempotent resource' - describe service($service_name) do - it { is_expected.to be_running } - end - end - - unless host_inventory['facter']['os']['name'] == 'SLES' && os[:release].to_i >= 12 - describe 'no default mods and failing' do - before :all do - pp = <<-PP - include apache::params - class { 'apache': default_mods => false, service_ensure => stopped, } - PP - apply_manifest(pp) - end - # Using puppet_apply as a helper - pp = <<-MANIFEST - class { 'apache': - default_mods => false, - } - apache::vhost { 'defaults.example.com': - docroot => '#{$doc_root}/defaults', - aliases => { - alias => '/css', - path => '#{$doc_root}/css', - }, - directories => [ - { - 'path' => "#{$doc_root}/admin", - 'auth_basic_fake' => 'demo demopass', - } - ], - setenv => 'TEST1 one', - } - MANIFEST - it 'applies with errors' do - apply_manifest(pp, expect_failures: true) - end - end - - describe service($service_name) do - it { is_expected.not_to be_running } - end - end - - describe 'alternative default mods' do - # Using puppet_apply as a helper - let(:pp) do - <<-MANIFEST - class { 'apache': - default_mods => [ - 'info', - 'alias', - 'mime', - 'env', - 'expires', - ], - } - apache::vhost { 'defaults.example.com': - docroot => '#{$doc_root}/defaults', - aliases => { - alias => '/css', - path => '#{$doc_root}/css', - }, - setenv => 'TEST1 one', - } - MANIFEST - end - - it_behaves_like 'a idempotent resource' - - describe service($service_name) do - it { is_expected.to be_running } - end - end - - describe 'change loadfile name' do - let(:pp) do - <<-MANIFEST - class { 'apache': default_mods => false } - ::apache::mod { 'auth_basic': - loadfile_name => 'zz_auth_basic.load', - } - MANIFEST - end - - # Run it twice and test for idempotency - it_behaves_like 'a idempotent resource' - describe service($service_name) do - it { is_expected.to be_running } - end - - describe file("#{$mod_dir}/zz_auth_basic.load") do - it { is_expected.to be_file } - end - end -end diff --git a/puppet/modules/apache/spec/acceptance/init_task_spec.rb b/puppet/modules/apache/spec/acceptance/init_task_spec.rb deleted file mode 100644 index 4c074e1..0000000 --- a/puppet/modules/apache/spec/acceptance/init_task_spec.rb +++ /dev/null @@ -1,19 +0,0 @@ -# run a test task -require 'spec_helper_acceptance' - -describe 'apache tasks', if: puppet_version =~ %r{(5\.\d+\.\d+)} && host_inventory['facter']['os']['name'] != 'SLES' do - describe 'reload' do - pp = <<-MANIFEST - class { 'apache': - default_vhost => false, - } - apache::listen { '9090':} - MANIFEST - it 'execute reload' do - apply_manifest(pp, catch_failures: true) - - result = run_task(task_name: 'apache', params: 'action=reload') - expect_multiple_regexes(result: result, regexes: [%r{reload successful}, %r{Job completed. 1/1 nodes succeeded|Ran on 1 node}]) - end - end -end diff --git a/puppet/modules/apache/spec/acceptance/itk_spec.rb b/puppet/modules/apache/spec/acceptance/itk_spec.rb deleted file mode 100644 index 4376b00..0000000 --- a/puppet/modules/apache/spec/acceptance/itk_spec.rb +++ /dev/null @@ -1,52 +0,0 @@ -require 'spec_helper_acceptance' - -case host_inventory['facter']['os']['family'] -when 'Debian' - service_name = 'apache2' - variant = :prefork -when 'RedHat' - unless host_inventory['facter']['os']['release']['major'] == '5' - variant = (os[:release].to_i >= 7) ? :prefork : :itk_only - service_name = 'httpd' - end -when 'FreeBSD' - service_name = 'apache24' - variant = :prefork -end - -describe 'apache::mod::itk class', if: service_name do - describe 'running puppet code' do - # Using puppet_apply as a helper - let(:pp) do - case variant - when :prefork - <<-MANIFEST - class { 'apache': - mpm_module => 'prefork', - } - class { 'apache::mod::itk': } - MANIFEST - when :itk_only - <<-MANIFEST - class { 'apache': - mpm_module => 'itk', - } - MANIFEST - end - end - - # Run it twice and test for idempotency - it_behaves_like 'a idempotent resource' - end - - describe service(service_name) do - it { is_expected.to be_running } - if host_inventory['facter']['os']['name'] == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif host_inventory['facter']['os']['name'] == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - end -end diff --git a/puppet/modules/apache/spec/acceptance/mod_php_spec.rb b/puppet/modules/apache/spec/acceptance/mod_php_spec.rb deleted file mode 100644 index e05290b..0000000 --- a/puppet/modules/apache/spec/acceptance/mod_php_spec.rb +++ /dev/null @@ -1,77 +0,0 @@ -require 'spec_helper_acceptance' -require_relative './version.rb' - -unless host_inventory['facter']['os']['name'] == 'SLES' && os[:release].to_i >= 12 - describe 'apache::mod::php class' do - context 'default php config' do - pp = <<-MANIFEST - class { 'apache': - mpm_module => 'prefork', - } - class { 'apache::mod::php': } - apache::vhost { 'php.example.com': - port => '80', - docroot => '#{$doc_root}/php', - } - host { 'php.example.com': ip => '127.0.0.1', } - file { '#{$doc_root}/php/index.php': - ensure => file, - content => "\\n", - } - MANIFEST - it 'succeeds in puppeting php' do - apply_manifest(pp, catch_failures: true) - end - - if (host_inventory['facter']['os']['name'] == 'Ubuntu' && host_inventory['facter']['os']['release']['full'] == '16.04') || - (host_inventory['facter']['os']['name'] == 'Debian' && os[:release].to_i == 9) - describe file("#{$mod_dir}/php7.0.conf") do - it { is_expected.to contain 'DirectoryIndex index.php' } - end - elsif host_inventory['facter']['os']['name'] == 'Ubuntu' && host_inventory['facter']['os']['release']['full'] == '18.04' - describe file("#{$mod_dir}/php7.2.conf") do - it { is_expected.to contain 'DirectoryIndex index.php' } - end - else - describe file("#{$mod_dir}/php5.conf") do - it { is_expected.to contain 'DirectoryIndex index.php' } - end - end - end - - context 'custom extensions, php_flag, php_value, php_admin_flag, and php_admin_value' do - pp = <<-MANIFEST - class { 'apache': - mpm_module => 'prefork', - } - class { 'apache::mod::php': - extensions => ['.php','.php5'], - } - - apache::vhost { 'php.example.com': - port => '80', - docroot => '#{$doc_root}/php', - php_values => { 'include_path' => '.:/usr/share/pear:/usr/bin/php', }, - php_flags => { 'display_errors' => 'on', }, - php_admin_values => { 'open_basedir' => '/var/www/php/:/usr/share/pear/', }, - php_admin_flags => { 'engine' => 'on', }, - } - host { 'php.example.com': ip => '127.0.0.1', } - file { '#{$doc_root}/php/index.php5': - ensure => file, - content => "\\n", - } - MANIFEST - it 'succeeds in puppeting php' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-php.example.com.conf") do - it { is_expected.to contain ' php_flag display_errors on' } - it { is_expected.to contain ' php_value include_path ".:/usr/share/pear:/usr/bin/php"' } - it { is_expected.to contain ' php_admin_flag engine on' } - it { is_expected.to contain ' php_admin_value open_basedir /var/www/php/:/usr/share/pear/' } - end - end - end -end diff --git a/puppet/modules/apache/spec/acceptance/nodesets/centos-7-x64.yml b/puppet/modules/apache/spec/acceptance/nodesets/centos-7-x64.yml deleted file mode 100644 index 5eebdef..0000000 --- a/puppet/modules/apache/spec/acceptance/nodesets/centos-7-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - centos-7-x64: - roles: - - agent - - default - platform: el-7-x86_64 - hypervisor: vagrant - box: puppetlabs/centos-7.2-64-nocm -CONFIG: - type: foss diff --git a/puppet/modules/apache/spec/acceptance/nodesets/debian-8-x64.yml b/puppet/modules/apache/spec/acceptance/nodesets/debian-8-x64.yml deleted file mode 100644 index fef6e63..0000000 --- a/puppet/modules/apache/spec/acceptance/nodesets/debian-8-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - debian-8-x64: - roles: - - agent - - default - platform: debian-8-amd64 - hypervisor: vagrant - box: puppetlabs/debian-8.2-64-nocm -CONFIG: - type: foss diff --git a/puppet/modules/apache/spec/acceptance/nodesets/default.yml b/puppet/modules/apache/spec/acceptance/nodesets/default.yml deleted file mode 100644 index dba339c..0000000 --- a/puppet/modules/apache/spec/acceptance/nodesets/default.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - ubuntu-1404-x64: - roles: - - agent - - default - platform: ubuntu-14.04-amd64 - hypervisor: vagrant - box: puppetlabs/ubuntu-14.04-64-nocm -CONFIG: - type: foss diff --git a/puppet/modules/apache/spec/acceptance/nodesets/docker/centos-7.yml b/puppet/modules/apache/spec/acceptance/nodesets/docker/centos-7.yml deleted file mode 100644 index a3333aa..0000000 --- a/puppet/modules/apache/spec/acceptance/nodesets/docker/centos-7.yml +++ /dev/null @@ -1,12 +0,0 @@ -HOSTS: - centos-7-x64: - platform: el-7-x86_64 - hypervisor: docker - image: centos:7 - docker_preserve_image: true - docker_cmd: '["/usr/sbin/init"]' - # install various tools required to get the image up to usable levels - docker_image_commands: - - 'yum install -y crontabs tar wget openssl sysvinit-tools iproute which initscripts' -CONFIG: - trace_limit: 200 diff --git a/puppet/modules/apache/spec/acceptance/nodesets/docker/debian-8.yml b/puppet/modules/apache/spec/acceptance/nodesets/docker/debian-8.yml deleted file mode 100644 index df5c319..0000000 --- a/puppet/modules/apache/spec/acceptance/nodesets/docker/debian-8.yml +++ /dev/null @@ -1,11 +0,0 @@ -HOSTS: - debian-8-x64: - platform: debian-8-amd64 - hypervisor: docker - image: debian:8 - docker_preserve_image: true - docker_cmd: '["/sbin/init"]' - docker_image_commands: - - 'apt-get update && apt-get install -y net-tools wget locales strace lsof && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen' -CONFIG: - trace_limit: 200 diff --git a/puppet/modules/apache/spec/acceptance/nodesets/docker/ubuntu-14.04.yml b/puppet/modules/apache/spec/acceptance/nodesets/docker/ubuntu-14.04.yml deleted file mode 100644 index b1efa58..0000000 --- a/puppet/modules/apache/spec/acceptance/nodesets/docker/ubuntu-14.04.yml +++ /dev/null @@ -1,12 +0,0 @@ -HOSTS: - ubuntu-1404-x64: - platform: ubuntu-14.04-amd64 - hypervisor: docker - image: ubuntu:14.04 - docker_preserve_image: true - docker_cmd: '["/sbin/init"]' - docker_image_commands: - # ensure that upstart is booting correctly in the container - - 'rm /usr/sbin/policy-rc.d && rm /sbin/initctl && dpkg-divert --rename --remove /sbin/initctl && apt-get update && apt-get install -y net-tools wget && locale-gen en_US.UTF-8' -CONFIG: - trace_limit: 200 diff --git a/puppet/modules/apache/spec/acceptance/nodesets/suse.yml b/puppet/modules/apache/spec/acceptance/nodesets/suse.yml deleted file mode 100644 index ac04926..0000000 --- a/puppet/modules/apache/spec/acceptance/nodesets/suse.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -HOSTS: - sles-11-x86_64-agent: - roles: - - agent - - default - platform: sles-11-x86_64 - template: sles-11-x86_64 - hypervisor: virtualbox - redhat-7-x86_64-master: - roles: - - master - - dashboard - - database - - agent - platform: el-7-x86_64 - template: redhat-7-x86_64 - hypervisor: virtualbox -CONFIG: - nfs_server: none - consoleport: 443 - datastore: instance0 - folder: Delivery/Quality Assurance/Enterprise/Dynamic - resourcepool: delivery/Quality Assurance/Enterprise/Dynamic - pooling_api: http://vcloud.delivery.puppetlabs.net/ diff --git a/puppet/modules/apache/spec/acceptance/prefork_worker_spec.rb b/puppet/modules/apache/spec/acceptance/prefork_worker_spec.rb deleted file mode 100644 index 6ff8651..0000000 --- a/puppet/modules/apache/spec/acceptance/prefork_worker_spec.rb +++ /dev/null @@ -1,88 +0,0 @@ -require 'spec_helper_acceptance' -require_relative './version.rb' - -describe 'prefork_worker_spec.rb' do - case host_inventory['facter']['os']['family'] - when 'FreeBSD' - describe 'apache::mod::event class' do - describe 'running puppet code' do - # Using puppet_apply as a helper - pp = <<-MANIFEEST - class { 'apache': - mpm_module => 'event', - } - MANIFEEST - it 'works with no errors' do - # Run it twice and test for idempotency - apply_manifest(pp, catch_failures: true) - expect(apply_manifest(pp, catch_failures: true).exit_code).to be_zero - end - end - - describe service($service_name) do - it { is_expected.to be_running } - if host_inventory['facter']['os']['name'] == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif host_inventory['facter']['os']['name'] == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - end - end - end - - describe 'apache::mod::worker class' do - describe 'running puppet code' do - # Using puppet_apply as a helper - let(:pp) do - <<-MANIFEEST - class { 'apache': - mpm_module => 'worker', - } - MANIFEEST - end - - # Run it twice and test for idempotency - it_behaves_like 'a idempotent resource' - end - - describe service($service_name) do - it { is_expected.to be_running } - if host_inventory['facter']['os']['name'] == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif host_inventory['facter']['os']['name'] == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - end - end - - describe 'apache::mod::prefork class' do - describe 'running puppet code' do - # Using puppet_apply as a helper - let(:pp) do - <<-MANIFEEST - class { 'apache': - mpm_module => 'prefork', - } - MANIFEEST - end - - # Run it twice and test for idempotency - it_behaves_like 'a idempotent resource' - end - - describe service($service_name) do - it { is_expected.to be_running } - if host_inventory['facter']['os']['name'] == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif host_inventory['facter']['os']['name'] == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - end - end -end diff --git a/puppet/modules/apache/spec/acceptance/service_spec.rb b/puppet/modules/apache/spec/acceptance/service_spec.rb deleted file mode 100644 index ee6aa0b..0000000 --- a/puppet/modules/apache/spec/acceptance/service_spec.rb +++ /dev/null @@ -1,18 +0,0 @@ -require 'spec_helper_acceptance' - -describe 'apache::service class' do - describe 'adding dependencies in between the base class and service class' do - let(:pp) do - <<-MANIFEST - class { 'apache': } - file { '/tmp/test': - require => Class['apache'], - notify => Class['apache::service'], - } - MANIFEST - end - - # Run it twice and test for idempotency - it_behaves_like 'a idempotent resource' - end -end diff --git a/puppet/modules/apache/spec/acceptance/version.rb b/puppet/modules/apache/spec/acceptance/version.rb deleted file mode 100644 index 6aefcec..0000000 --- a/puppet/modules/apache/spec/acceptance/version.rb +++ /dev/null @@ -1,93 +0,0 @@ -@osfamily = fact('osfamily') -@operatingsystem = fact('operatingsystem') -@operatingsystemrelease = fact('operatingsystemrelease').to_f - -case @osfamily -when 'RedHat' - $confd_dir = '/etc/httpd/conf.d' - $conf_file = '/etc/httpd/conf/httpd.conf' - $ports_file = '/etc/httpd/conf/ports.conf' - $vhost_dir = '/etc/httpd/conf.d' - $vhost = '/etc/httpd/conf.d/15-default.conf' - $run_dir = '/var/run/httpd' - $doc_root = '/var/www' - $service_name = 'httpd' - $package_name = 'httpd' - $error_log = 'error_log' - $suphp_handler = 'php5-script' - $suphp_configpath = 'undef' - - if (@operatingsystem == 'Fedora' && @operatingsystemrelease >= 18) || (@operatingsystem != 'Fedora' && @operatingsystemrelease >= 7) - $apache_version = '2.4' - $mod_dir = '/etc/httpd/conf.modules.d' - else - $apache_version = '2.2' - $mod_dir = '/etc/httpd/conf.d' - end -when 'Debian' - $confd_dir = '/etc/apache2/conf.d' - $mod_dir = '/etc/apache2/mods-available' - $conf_file = '/etc/apache2/apache2.conf' - $ports_file = '/etc/apache2/ports.conf' - $vhost = '/etc/apache2/sites-available/15-default.conf' - $vhost_dir = '/etc/apache2/sites-enabled' - $run_dir = '/var/run/apache2' - $doc_root = '/var/www' - $service_name = 'apache2' - $package_name = 'apache2' - $error_log = 'error.log' - $suphp_handler = 'x-httpd-php' - $suphp_configpath = '/etc/php5/apache2' - $apache_version = if @operatingsystem == 'Ubuntu' && @operatingsystemrelease >= 13.10 - '2.4' - elsif @operatingsystem == 'Debian' && @operatingsystemrelease >= 8.0 - '2.4' - else - '2.2' - end -when 'FreeBSD' - $confd_dir = '/usr/local/etc/apache24/Includes' - $mod_dir = '/usr/local/etc/apache24/Modules' - $conf_file = '/usr/local/etc/apache24/httpd.conf' - $ports_file = '/usr/local/etc/apache24/Includes/ports.conf' - $vhost = '/usr/local/etc/apache24/Vhosts/15-default.conf' - $vhost_dir = '/usr/local/etc/apache24/Vhosts' - $run_dir = '/var/run/apache24' - $doc_root = '/var/www' - $service_name = 'apache24' - $package_name = 'apache24' - $error_log = 'http-error.log' - $apache_version = '2.2' -when 'Gentoo' - $confd_dir = '/etc/apache2/conf.d' - $mod_dir = '/etc/apache2/modules.d' - $conf_file = '/etc/apache2/httpd.conf' - $ports_file = '/etc/apache2/ports.conf' - $vhost = '/etc/apache2/vhosts.d/15-default.conf' - $vhost_dir = '/etc/apache2/vhosts.d' - $run_dir = '/var/run/apache2' - $doc_root = '/var/www' - $service_name = 'apache2' - $package_name = 'www-servers/apache' - $error_log = 'http-error.log' - $apache_version = '2.4' -when 'Suse' - $confd_dir = '/etc/apache2/conf.d' - $mod_dir = '/etc/apache2/mods-available' - $conf_file = '/etc/apache2/httpd.conf' - $ports_file = '/etc/apache2/ports.conf' - $vhost = '/etc/apache2/sites-available/15-default.conf' - $vhost_dir = '/etc/apache2/sites-available' - $run_dir = '/var/run/apache2' - $doc_root = '/srv/www' - $service_name = 'apache2' - $package_name = 'apache2' - $error_log = 'error.log' - $apache_version = if @operatingsystemrelease < 12 - '2.2' - else - '2.4' - end -else - $apache_version = '0' -end diff --git a/puppet/modules/apache/spec/acceptance/vhost_spec.rb b/puppet/modules/apache/spec/acceptance/vhost_spec.rb deleted file mode 100644 index d587ba1..0000000 --- a/puppet/modules/apache/spec/acceptance/vhost_spec.rb +++ /dev/null @@ -1,1771 +0,0 @@ -require 'spec_helper_acceptance' -require_relative './version.rb' - -describe 'apache::vhost define' do - context 'no default vhosts' do - pp = <<-MANIFEST - class { 'apache': - default_vhost => false, - default_ssl_vhost => false, - service_ensure => stopped, - } - if ($::osfamily == 'Suse' and $::operatingsystemrelease < '15') { - exec { '/usr/bin/gensslcert': - require => Class['apache'], - } - } elsif ($::osfamily == 'Suse' and $::operatingsystemrelease >= '15') { - # In SLES 15, if not given a name, gensslcert defaults the name to be the hostname - exec { '/usr/bin/gensslcert -n default': - require => Class['apache'], - } - } - MANIFEST - it 'creates no default vhosts' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/15-default.conf") do - it { is_expected.not_to be_file } - end - - describe file("#{$vhost_dir}/15-default-ssl.conf") do - it { is_expected.not_to be_file } - end - end - - context 'default vhost without ssl' do - pp = <<-MANIFEST - class { 'apache': } - MANIFEST - it 'creates a default vhost config' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/15-default.conf") do - it { is_expected.to contain '' } - end - - describe file("#{$vhost_dir}/15-default-ssl.conf") do - it { is_expected.not_to be_file } - end - end - - context 'default vhost with ssl' do - pp = <<-MANIFEST - file { '#{$run_dir}': - ensure => 'directory', - recurse => true, - } - - class { 'apache': - default_ssl_vhost => true, - require => File['#{$run_dir}'], - } - MANIFEST - it 'creates default vhost configs' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/15-default.conf") do - it { is_expected.to contain '' } - end - - describe file("#{$vhost_dir}/15-default-ssl.conf") do - it { is_expected.to contain '' } - it { is_expected.to contain 'SSLEngine on' } - end - end - - context 'new vhost on port 80' do - pp = <<-MANIFEST - class { 'apache': } - file { '/var/www': - ensure => 'directory', - recurse => true, - } - - apache::vhost { 'first.example.com': - port => '80', - docroot => '/var/www/first', - require => File['/var/www'], - } - MANIFEST - it 'configures an apache vhost' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-first.example.com.conf") do - it { is_expected.to contain '' } - it { is_expected.to contain 'ServerName first.example.com' } - end - end - - context 'new proxy vhost on port 80' do - pp = <<-MANIFEST - class { 'apache': } - apache::vhost { 'proxy.example.com': - port => '80', - docroot => '/var/www/proxy', - proxy_pass => [ - { 'path' => '/foo', 'url' => 'http://backend-foo/'}, - ], - proxy_preserve_host => true, - proxy_error_override => true, - } - MANIFEST - it 'configures an apache proxy vhost' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-proxy.example.com.conf") do - it { is_expected.to contain '' } - it { is_expected.to contain 'ServerName proxy.example.com' } - it { is_expected.to contain 'ProxyPass' } - it { is_expected.to contain 'ProxyPreserveHost On' } - it { is_expected.to contain 'ProxyErrorOverride On' } - it { is_expected.not_to contain 'ProxyAddHeaders' } - it { is_expected.not_to contain "" } - end - end - - context 'new proxy vhost on port 80' do - pp = <<-MANIFEST - class { 'apache': } - apache::vhost { 'proxy.example.com': - port => '80', - docroot => '#{$docroot}/proxy', - proxy_pass_match => [ - { 'path' => '/foo', 'url' => 'http://backend-foo/'}, - ], - proxy_preserve_host => true, - proxy_error_override => true, - } - MANIFEST - it 'configures an apache proxy vhost' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-proxy.example.com.conf") do - it { is_expected.to contain '' } - it { is_expected.to contain 'ServerName proxy.example.com' } - it { is_expected.to contain 'ProxyPassMatch /foo http://backend-foo/' } - it { is_expected.to contain 'ProxyPreserveHost On' } - it { is_expected.to contain 'ProxyErrorOverride On' } - it { is_expected.not_to contain 'ProxyAddHeaders' } - it { is_expected.not_to contain "" } - end - end - - context 'new vhost on port 80' do - pp = <<-MANIFEST - class { 'apache': } - apache::vhost { 'first.example.com': - port => '80', - docroot => '/var/www/first', - } - host { 'first.example.com': ip => '127.0.0.1', } - file { '/var/www/first/index.html': - ensure => file, - content => "Hello from first\\n", - } - apache::vhost { 'second.example.com': - port => '80', - docroot => '/var/www/second', - } - host { 'second.example.com': ip => '127.0.0.1', } - file { '/var/www/second/index.html': - ensure => file, - content => "Hello from second\\n", - } - MANIFEST - it 'configures two apache vhosts' do - apply_manifest(pp, catch_failures: true) - end - - describe service($service_name) do - if fact('operatingsystem') == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif fact('operatingsystem') == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - it { is_expected.to be_running } - end - - it 'answers to first.example.com' do - shell('/usr/bin/curl first.example.com:80', acceptable_exit_codes: 0) do |r| - expect(r.stdout).to eq("Hello from first\n") - end - end - - it 'answers to second.example.com' do - shell('/usr/bin/curl second.example.com:80', acceptable_exit_codes: 0) do |r| - expect(r.stdout).to eq("Hello from second\n") - end - end - end - - context 'new vhost with multiple IP addresses on port 80' do - pp = <<-MANIFEST - class { 'apache': - default_vhost => false, - } - apache::vhost { 'example.com': - port => '80', - ip => ['127.0.0.1','127.0.0.2'], - ip_based => true, - docroot => '/var/www/html', - } - host { 'host1.example.com': ip => '127.0.0.1', } - host { 'host2.example.com': ip => '127.0.0.2', } - file { '/var/www/html/index.html': - ensure => file, - content => "Hello from vhost\\n", - } - MANIFEST - it 'configures one apache vhost with 2 ip addresses' do - apply_manifest(pp, catch_failures: true) - end - - describe service($service_name) do - if fact('operatingsystem') == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif fact('operatingsystem') == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - it { is_expected.to be_running } - end - - describe file("#{$vhost_dir}/25-example.com.conf") do - it { is_expected.to contain '' } - it { is_expected.to contain 'ServerName example.com' } - end - - describe file($ports_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'Listen 127.0.0.1:80' } - it { is_expected.to contain 'Listen 127.0.0.2:80' } - it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:80' } - it { is_expected.not_to contain 'NameVirtualHost 127.0.0.2:80' } - end - - it 'answers to host1.example.com' do - shell('/usr/bin/curl host1.example.com:80', acceptable_exit_codes: 0) do |r| - expect(r.stdout).to eq("Hello from vhost\n") - end - end - - it 'answers to host2.example.com' do - shell('/usr/bin/curl host2.example.com:80', acceptable_exit_codes: 0) do |r| - expect(r.stdout).to eq("Hello from vhost\n") - end - end - end - - context 'new vhost with multiple ports on 1 IP address' do - pp = <<-MANIFEST - class { 'apache': - default_vhost => false, - } - apache::vhost { 'example.com': - port => ['80','8080'], - ip => '127.0.0.1', - ip_based => true, - docroot => '/var/www/html', - } - host { 'host1.example.com': ip => '127.0.0.1', } - file { '/var/www/html/index.html': - ensure => file, - content => "Hello from vhost\\n", - } - MANIFEST - it 'configures one apache vhost with 2 ports' do - apply_manifest(pp, catch_failures: true) - end - - describe service($service_name) do - if fact('operatingsystem') == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif fact('operatingsystem') == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - it { is_expected.to be_running } - end - - describe file("#{$vhost_dir}/25-example.com.conf") do - it { is_expected.to contain '' } - it { is_expected.to contain 'ServerName example.com' } - end - - describe file($ports_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'Listen 127.0.0.1:80' } - it { is_expected.to contain 'Listen 127.0.0.1:8080' } - it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:80' } - it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:8080' } - end - - it 'answers to host1.example.com port 80' do - shell('/usr/bin/curl host1.example.com:80', acceptable_exit_codes: 0) do |r| - expect(r.stdout).to eq("Hello from vhost\n") - end - end - - it 'answers to host1.example.com port 8080' do - shell('/usr/bin/curl host1.example.com:8080', acceptable_exit_codes: 0) do |r| - expect(r.stdout).to eq("Hello from vhost\n") - end - end - end - - context 'new vhost with multiple IP addresses on multiple ports' do - pp = <<-MANIFEST - class { 'apache': - default_vhost => false, - } - apache::vhost { 'example.com': - port => ['80', '8080'], - ip => ['127.0.0.1','127.0.0.2'], - ip_based => true, - docroot => '/var/www/html', - } - host { 'host1.example.com': ip => '127.0.0.1', } - host { 'host2.example.com': ip => '127.0.0.2', } - file { '/var/www/html/index.html': - ensure => file, - content => "Hello from vhost\\n", - } - MANIFEST - it 'configures one apache vhost with 2 ip addresses and 2 ports' do - apply_manifest(pp, catch_failures: true) - end - - describe service($service_name) do - if fact('operatingsystem') == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif fact('operatingsystem') == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - it { is_expected.to be_running } - end - - describe file("#{$vhost_dir}/25-example.com.conf") do - it { is_expected.to contain '' } - it { is_expected.to contain 'ServerName example.com' } - end - - describe file($ports_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'Listen 127.0.0.1:80' } - it { is_expected.to contain 'Listen 127.0.0.1:8080' } - it { is_expected.to contain 'Listen 127.0.0.2:80' } - it { is_expected.to contain 'Listen 127.0.0.2:8080' } - it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:80' } - it { is_expected.not_to contain 'NameVirtualHost 127.0.0.1:8080' } - it { is_expected.not_to contain 'NameVirtualHost 127.0.0.2:80' } - it { is_expected.not_to contain 'NameVirtualHost 127.0.0.2:8080' } - end - - it 'answers to host1.example.com port 80' do - shell('/usr/bin/curl host1.example.com:80', acceptable_exit_codes: 0) do |r| - expect(r.stdout).to eq("Hello from vhost\n") - end - end - - it 'answers to host1.example.com port 8080' do - shell('/usr/bin/curl host1.example.com:8080', acceptable_exit_codes: 0) do |r| - expect(r.stdout).to eq("Hello from vhost\n") - end - end - - it 'answers to host2.example.com port 80' do - shell('/usr/bin/curl host2.example.com:80', acceptable_exit_codes: 0) do |r| - expect(r.stdout).to eq("Hello from vhost\n") - end - end - - it 'answers to host2.example.com port 8080' do - shell('/usr/bin/curl host2.example.com:8080', acceptable_exit_codes: 0) do |r| - expect(r.stdout).to eq("Hello from vhost\n") - end - end - end - - context 'new vhost with IPv6 address on port 80', :ipv6 do - pp = <<-MANIFEST - class { 'apache': - default_vhost => false, - } - apache::vhost { 'example.com': - port => '80', - ip => '::1', - ip_based => true, - docroot => '/var/www/html', - } - host { 'ipv6.example.com': ip => '::1', } - file { '/var/www/html/index.html': - ensure => file, - content => "Hello from vhost\\n", - } - MANIFEST - it 'configures one apache vhost with an ipv6 address' do - apply_manifest(pp, catch_failures: true) - end - - describe service($service_name) do - if fact('operatingsystem') == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif fact('operatingsystem') == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - it { is_expected.to be_running } - end - - describe file("#{$vhost_dir}/25-example.com.conf") do - it { is_expected.to contain '' } - it { is_expected.to contain 'ServerName example.com' } - end - - describe file($ports_file) do - it { is_expected.to be_file } - it { is_expected.to contain 'Listen [::1]:80' } - it { is_expected.not_to contain 'NameVirtualHost [::1]:80' } - end - - it 'answers to ipv6.example.com' do - shell('/usr/bin/curl ipv6.example.com:80', acceptable_exit_codes: 0) do |r| - expect(r.stdout).to eq("Hello from vhost\n") - end - end - end - - context 'apache_directories' do - describe 'readme example, adapted' do - pp = <<-MANIFEST - class { 'apache': } - - if versioncmp($apache_version, '2.4') >= 0 { - $_files_match_directory = { 'path' => '(\.swp|\.bak|~)$', 'provider' => 'filesmatch', 'require' => 'all denied', } - } else { - $_files_match_directory = { 'path' => '(\.swp|\.bak|~)$', 'provider' => 'filesmatch', 'deny' => 'from all', } - } - - $_directories = [ - { 'path' => '/var/www/files', }, - $_files_match_directory, - ] - - apache::vhost { 'files.example.net': - docroot => '/var/www/files', - directories => $_directories, - } - file { '/var/www/files/index.html': - ensure => file, - content => "Hello World\\n", - } - file { '/var/www/files/index.html.bak': - ensure => file, - content => "Hello World\\n", - } - host { 'files.example.net': ip => '127.0.0.1', } - MANIFEST - it 'configures a vhost with Files' do - apply_manifest(pp, catch_failures: true) - end - - describe service($service_name) do - if fact('operatingsystem') == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif fact('operatingsystem') == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - it { is_expected.to be_running } - end - - it 'answers to files.example.net #stdout' do - expect(shell('/usr/bin/curl -sSf files.example.net:80/index.html').stdout).to eq("Hello World\n") - end - it 'answers to files.example.net #stderr' do - expect(shell('/usr/bin/curl -sSf files.example.net:80/index.html.bak', acceptable_exit_codes: 22).stderr).to match(%r{curl: \(22\) The requested URL returned error: 403}) - end - end - - describe 'other Directory options' do - pp_one = <<-MANIFEST - class { 'apache': } - - if versioncmp($apache_version, '2.4') >= 0 { - $_files_match_directory = { 'path' => 'private.html$', 'provider' => 'filesmatch', 'require' => 'all denied' } - } else { - $_files_match_directory = [ - { 'path' => 'private.html$', 'provider' => 'filesmatch', 'deny' => 'from all' }, - { 'path' => '/bar/bar.html', 'provider' => 'location', allow => [ 'from 127.0.0.1', ] }, - ] - } - - $_directories = [ - { 'path' => '/var/www/files', }, - { 'path' => '/foo/', 'provider' => 'location', 'directoryindex' => 'notindex.html', }, - $_files_match_directory, - ] - - apache::vhost { 'files.example.net': - docroot => '/var/www/files', - directories => $_directories, - } - file { '/var/www/files/foo': - ensure => directory, - } - file { '/var/www/files/foo/notindex.html': - ensure => file, - content => "Hello Foo\\n", - } - file { '/var/www/files/private.html': - ensure => file, - content => "Hello World\\n", - } - file { '/var/www/files/bar': - ensure => directory, - } - file { '/var/www/files/bar/bar.html': - ensure => file, - content => "Hello Bar\\n", - } - host { 'files.example.net': ip => '127.0.0.1', } - MANIFEST - it 'configures a vhost with multiple Directory sections' do - apply_manifest(pp_one, catch_failures: true) - end - - describe service($service_name) do - if fact('operatingsystem') == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif fact('operatingsystem') == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - it { is_expected.to be_running } - end - - it 'answers to files.example.net #stdout' do - expect(shell('/usr/bin/curl -sSf files.example.net:80/').stdout).to eq("Hello World\n") - end - it 'answers to files.example.net #stdout foo' do - expect(shell('/usr/bin/curl -sSf files.example.net:80/foo/').stdout).to eq("Hello Foo\n") - end - it 'answers to files.example.net #stderr' do - expect(shell('/usr/bin/curl -sSf files.example.net:80/private.html', acceptable_exit_codes: 22).stderr).to match(%r{curl: \(22\) The requested URL returned error: 403}) - end - it 'answers to files.example.net #stdout bar' do - expect(shell('/usr/bin/curl -sSf files.example.net:80/bar/bar.html').stdout).to eq("Hello Bar\n") - end - end - - describe 'SetHandler directive' do - pp_two = <<-MANIFEST - class { 'apache': } - apache::mod { 'status': } - host { 'files.example.net': ip => '127.0.0.1', } - apache::vhost { 'files.example.net': - docroot => '/var/www/files', - directories => [ - { path => '/var/www/files', }, - { path => '/server-status', provider => 'location', sethandler => 'server-status', }, - ], - } - file { '/var/www/files/index.html': - ensure => file, - content => "Hello World\\n", - } - MANIFEST - it 'configures a vhost with a SetHandler directive' do - apply_manifest(pp_two, catch_failures: true) - end - - describe service($service_name) do - if fact('operatingsystem') == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif fact('operatingsystem') == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - it { is_expected.to be_running } - end - - it 'answers to files.example.net #stdout' do - expect(shell('/usr/bin/curl -sSf files.example.net:80/index.html').stdout).to eq("Hello World\n") - end - it 'answers to files.example.net #stdout regex' do - expect(shell('/usr/bin/curl -sSf files.example.net:80/server-status?auto').stdout).to match(%r{Scoreboard: }) - end - end - - describe 'Satisfy and Auth directive', unless: $apache_version == '2.4' do - pp_two = <<-MANIFEST - class { 'apache': } - host { 'files.example.net': ip => '127.0.0.1', } - apache::vhost { 'files.example.net': - docroot => '/var/www/files', - directories => [ - { - path => '/var/www/files/foo', - auth_type => 'Basic', - auth_name => 'Basic Auth', - auth_user_file => '/var/www/htpasswd', - auth_require => "valid-user", - }, - { - path => '/var/www/files/bar', - auth_type => 'Basic', - auth_name => 'Basic Auth', - auth_user_file => '/var/www/htpasswd', - auth_require => 'valid-user', - satisfy => 'Any', - }, - { - path => '/var/www/files/baz', - allow => 'from 10.10.10.10', - auth_type => 'Basic', - auth_name => 'Basic Auth', - auth_user_file => '/var/www/htpasswd', - auth_require => 'valid-user', - satisfy => 'Any', - }, - ], - } - file { '/var/www/files/foo': - ensure => directory, - } - file { '/var/www/files/bar': - ensure => directory, - } - file { '/var/www/files/baz': - ensure => directory, - } - file { '/var/www/files/foo/index.html': - ensure => file, - content => "Hello World\\n", - } - file { '/var/www/files/bar/index.html': - ensure => file, - content => "Hello World\\n", - } - file { '/var/www/files/baz/index.html': - ensure => file, - content => "Hello World\\n", - } - file { '/var/www/htpasswd': - ensure => file, - content => "login:IZ7jMcLSx0oQk", # "password" as password - } - MANIFEST - it 'configures a vhost with Satisfy and Auth directive' do - apply_manifest(pp_two, catch_failures: true) - end - - describe service($service_name) do - if fact('operatingsystem') == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif fact('operatingsystem') == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - it { is_expected.to be_running } - - it 'answers to files.example.net' do - shell('/usr/bin/curl -sSf files.example.net:80/foo/index.html', acceptable_exit_codes: 22).stderr.should match(%r{curl: \(22\) The requested URL returned error: 401}) - shell('/usr/bin/curl -sSf -u login:password files.example.net:80/foo/index.html').stdout.should eq("Hello World\n") - shell('/usr/bin/curl -sSf files.example.net:80/bar/index.html').stdout.should eq("Hello World\n") - shell('/usr/bin/curl -sSf -u login:password files.example.net:80/bar/index.html').stdout.should eq("Hello World\n") - shell('/usr/bin/curl -sSf files.example.net:80/baz/index.html', acceptable_exit_codes: 22).stderr.should match(%r{curl: \(22\) The requested URL returned error: 401}) - shell('/usr/bin/curl -sSf -u login:password files.example.net:80/baz/index.html').stdout.should eq("Hello World\n") - end - end - end - end - - unless host_inventory['facter']['os']['distro'].nil? - case host_inventory['facter']['os']['distro']['codename'] - when 'precise', 'wheezy' - context 'vhost FallbackResource example' do - pp = <<-MANIFEST - class { 'apache': } - apache::vhost { 'fallback.example.net': - docroot => '/var/www/fallback', - fallbackresource => '/index.html' - } - file { '/var/www/fallback/index.html': - ensure => file, - content => "Hello World\\n", - } - host { 'fallback.example.net': ip => '127.0.0.1', } - MANIFEST - it 'configures a vhost with FallbackResource' do - apply_manifest(pp, catch_failures: true) - end - - describe service($service_name) do - if host_inventory['facter']['os']['name'] == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif host_inventory['facter']['os']['name'] == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - it { is_expected.to be_running } - end - - it 'answers to fallback.example.net' do - shell('/usr/bin/curl fallback.example.net:80/Does/Not/Exist') do |r| - expect(r.stdout).to eq("Hello World\n") - end - end - end - end - end - - context 'virtual_docroot hosting separate sites' do - pp = <<-MANIFEST - class { 'apache': } - apache::vhost { 'virt.example.com': - vhost_name => '*', - serveraliases => '*virt.example.com', - port => '80', - docroot => '/var/www/virt', - virtual_docroot => '/var/www/virt/%1', - } - host { 'virt.example.com': ip => '127.0.0.1', } - host { 'a.virt.example.com': ip => '127.0.0.1', } - host { 'b.virt.example.com': ip => '127.0.0.1', } - file { [ '/var/www/virt/a', '/var/www/virt/b', ]: ensure => directory, } - file { '/var/www/virt/a/index.html': ensure => file, content => "Hello from a.virt\\n", } - file { '/var/www/virt/b/index.html': ensure => file, content => "Hello from b.virt\\n", } - MANIFEST - it 'configures a vhost with VirtualDocumentRoot' do - apply_manifest(pp, catch_failures: true) - end - - describe service($service_name) do - if host_inventory['facter']['os']['name'] == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif host_inventory['facter']['os']['name'] == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - it { is_expected.to be_running } - end - - it 'answers to a.virt.example.com' do - shell('/usr/bin/curl a.virt.example.com:80', acceptable_exit_codes: 0) do |r| - expect(r.stdout).to eq("Hello from a.virt\n") - end - end - - it 'answers to b.virt.example.com' do - shell('/usr/bin/curl b.virt.example.com:80', acceptable_exit_codes: 0) do |r| - expect(r.stdout).to eq("Hello from b.virt\n") - end - end - end - - context 'proxy_pass for alternative vhost' do - it 'configures a local vhost and a proxy vhost' do - apply_manifest(%( - class { 'apache': default_vhost => false, } - apache::vhost { 'localhost': - docroot => '/var/www/local', - ip => '127.0.0.1', - port => '8888', - } - apache::listen { '*:80': } - apache::vhost { 'proxy.example.com': - docroot => '/var/www', - port => '80', - add_listen => false, - proxy_pass => { - 'path' => '/', - 'url' => 'http://localhost:8888/subdir/', - }, - } - host { 'proxy.example.com': ip => '127.0.0.1', } - file { ['/var/www/local', '/var/www/local/subdir']: ensure => directory, } - file { '/var/www/local/subdir/index.html': - ensure => file, - content => "Hello from localhost\\n", - } - ), catch_failures: true) - end - - describe service($service_name) do - if host_inventory['facter']['os']['name'] == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif host_inventory['facter']['os']['name'] == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - it { is_expected.to be_running } - end - - it 'gets a response from the back end #stdout' do - shell('/usr/bin/curl --max-redirs 0 proxy.example.com:80') do |r| - expect(r.stdout).to eq("Hello from localhost\n") - end - end - it 'gets a response from the back end #exit_code' do - shell('/usr/bin/curl --max-redirs 0 proxy.example.com:80') do |r| - expect(r.exit_code).to eq(0) - end - end - end - - context 'proxy_pass_match for alternative vhost' do - it 'configures a local vhost and a proxy vhost' do - apply_manifest(%( - class { 'apache': default_vhost => false, } - apache::vhost { 'localhost': - docroot => '/var/www/local', - ip => '127.0.0.1', - port => '8888', - } - apache::listen { '*:80': } - apache::vhost { 'proxy.example.com': - docroot => '/var/www', - port => '80', - add_listen => false, - proxy_pass_match => { - 'path' => '/', - 'url' => 'http://localhost:8888/subdir/', - }, - } - host { 'proxy.example.com': ip => '127.0.0.1', } - file { ['/var/www/local', '/var/www/local/subdir']: ensure => directory, } - file { '/var/www/local/subdir/index.html': - ensure => file, - content => "Hello from localhost\\n", - } - ), catch_failures: true) - end - - describe service($service_name) do - if host_inventory['facter']['os']['name'] == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' - pending 'Should be enabled - Bug 760616 on Debian 8' - elsif host_inventory['facter']['os']['name'] == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pending 'Should be enabled - MODULES-8379 `be_enabled` check does not currently work for apache2 on SLES 15' - else - it { is_expected.to be_enabled } - end - it { is_expected.to be_running } - end - - it 'gets a response from the back end #stdout' do - shell('/usr/bin/curl --max-redirs 0 proxy.example.com:80') do |r| - expect(r.stdout).to eq("Hello from localhost\n") - end - end - it 'gets a response from the back end #exit_code' do - shell('/usr/bin/curl --max-redirs 0 proxy.example.com:80') do |r| - expect(r.exit_code).to eq(0) - end - end - end - - describe 'ip_based' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - ip_based => true, - servername => 'test.server', - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file($ports_file) do - it { is_expected.to be_file } - it { is_expected.not_to contain 'NameVirtualHost test.server' } - end - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'ServerName test.server' } - end - end - - describe 'ip_based and no servername' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - ip_based => true, - servername => '', - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file($ports_file) do - it { is_expected.to be_file } - it { is_expected.not_to contain 'NameVirtualHost test.server' } - end - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.not_to contain 'ServerName' } - end - end - - describe 'add_listen' do - pp = <<-MANIFEST - class { 'apache': default_vhost => false } - host { 'testlisten.server': ip => '127.0.0.1' } - apache::listen { '81': } - apache::vhost { 'testlisten.server': - docroot => '/tmp', - port => '80', - add_listen => false, - servername => 'testlisten.server', - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file($ports_file) do - it { is_expected.to be_file } - it { is_expected.not_to contain 'Listen 80' } - it { is_expected.to contain 'Listen 81' } - end - end - - describe 'docroot' do - pp = <<-MANIFEST - user { 'test_owner': ensure => present, } - group { 'test_group': ensure => present, } - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp/test', - docroot_owner => 'test_owner', - docroot_group => 'test_group', - docroot_mode => '0750', - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file('/tmp/test') do - it { is_expected.to be_directory } - it { is_expected.to be_owned_by 'test_owner' } - it { is_expected.to be_grouped_into 'test_group' } - it { is_expected.to be_mode 750 } - end - end - - describe 'default_vhost' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - default_vhost => true, - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file($ports_file) do - it { is_expected.to be_file } - if fact('osfamily') == 'RedHat' && host_inventory['facter']['os']['release']['major'] == '7' || - fact('osfamily') == 'Debian' || - host_inventory['facter']['os']['name'] == 'SLES' && fact('operatingsystemrelease') >= '12' - it { is_expected.not_to contain 'NameVirtualHost test.server' } - else - it { is_expected.to contain 'NameVirtualHost test.server' } - end - end - - describe file("#{$vhost_dir}/10-test.server.conf") do - it { is_expected.to be_file } - end - end - - describe 'options' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - options => ['Indexes','FollowSymLinks', 'ExecCGI'], - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'Options Indexes FollowSymLinks ExecCGI' } - end - end - - describe 'override' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - override => ['All'], - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'AllowOverride All' } - end - end - - describe 'logroot' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - logroot => '/tmp', - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain ' CustomLog "/tmp' } - end - end - - ['access', 'error'].each do |logtype| - case logtype - when 'access' - logname = 'CustomLog' - when 'error' - logname = 'ErrorLog' - end - - describe "#{logtype}_log" do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - logroot => '/tmp', - #{logtype}_log => false, - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.not_to contain " #{logname} \"/tmp" } - end - end - - describe "#{logtype}_log_pipe" do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - logroot => '/tmp', - #{logtype}_log_pipe => '|/bin/sh', - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain " #{logname} \"|/bin/sh" } - end - end - - describe "#{logtype}_log_syslog" do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - logroot => '/tmp', - #{logtype}_log_syslog => 'syslog', - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain " #{logname} \"syslog\"" } - end - end - end - - describe 'access_log_format' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - logroot => '/tmp', - access_log_syslog => 'syslog', - access_log_format => '%h %l', - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'CustomLog "syslog" "%h %l"' } - end - end - - describe 'access_log_env_var' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - logroot => '/tmp', - access_log_syslog => 'syslog', - access_log_env_var => 'admin', - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'CustomLog "syslog" combined env=admin' } - end - end - - describe 'multiple access_logs' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - logroot => '/tmp', - access_logs => [ - {'file' => 'log1'}, - {'file' => 'log2', 'env' => 'admin' }, - {'file' => '/var/tmp/log3', 'format' => '%h %l'}, - {'syslog' => 'syslog' } - ] - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'CustomLog "/tmp/log1" combined' } - it { is_expected.to contain 'CustomLog "/tmp/log2" combined env=admin' } - it { is_expected.to contain 'CustomLog "/var/tmp/log3" "%h %l"' } - it { is_expected.to contain 'CustomLog "syslog" combined' } - end - end - - describe 'aliases' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - aliases => [ - { alias => '/image' , path => '/ftp/pub/image' } , - { scriptalias => '/myscript' , path => '/usr/share/myscript' } - ], - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'Alias /image "/ftp/pub/image"' } - it { is_expected.to contain 'ScriptAlias /myscript "/usr/share/myscript"' } - end - end - - describe 'scriptaliases' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - scriptaliases => [{ alias => '/myscript', path => '/usr/share/myscript', }], - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'ScriptAlias /myscript "/usr/share/myscript"' } - end - end - - describe 'proxy' do - pp = <<-MANIFEST - class { 'apache': service_ensure => stopped, } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - proxy_dest => 'test2', - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'ProxyPass / test2/' } - end - end - - describe 'actions' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - action => 'php-fastcgi', - } - MANIFEST - it 'applies cleanly' do - pp += "\nclass { 'apache::mod::actions': }" if fact('osfamily') == 'Debian' || fact('osfamily') == 'Suse' - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'Action php-fastcgi /cgi-bin virtual' } - end - end - - describe 'suphp' do - pp = <<-MANIFEST - class { 'apache': service_ensure => stopped, } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - suphp_addhandler => '#{$suphp_handler}', - suphp_engine => 'on', - suphp_configpath => '#{$suphp_configpath}', - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain "suPHP_AddHandler #{$suphp_handler}" } - it { is_expected.to contain 'suPHP_Engine on' } - it { is_expected.to contain "suPHP_ConfigPath \"#{$suphp_configpath}\"" } - end - end - - describe 'rack_base_uris' do - unless fact('osfamily') == 'RedHat' || host_inventory['facter']['os']['name'] == 'SLES' - test = -> do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - rack_base_uris => ['/test'], - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - test.call - end - end - end - - describe 'no_proxy_uris' do - pp = <<-MANIFEST - class { 'apache': service_ensure => stopped, } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - proxy_dest => 'http://test2', - no_proxy_uris => [ 'http://test2/test' ], - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'ProxyPass http://test2/test !' } - it { is_expected.to contain 'ProxyPass / http://test2/' } - end - end - - describe 'redirect' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - redirect_source => ['/images'], - redirect_dest => ['http://test.server/'], - redirect_status => ['permanent'], - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'Redirect permanent /images http://test.server/' } - end - end - - describe 'request_headers' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - request_headers => ['append MirrorID "mirror 12"'], - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'append MirrorID "mirror 12"' } - end - end - - describe 'rewrite rules' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - rewrites => [ - { comment => 'test', - rewrite_cond => '%{HTTP_USER_AGENT} ^Lynx/ [OR]', - rewrite_rule => ['^index\.html$ welcome.html'], - rewrite_map => ['lc int:tolower'], - } - ], - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain '#test' } - it { is_expected.to contain 'RewriteCond %{HTTP_USER_AGENT} ^Lynx/ [OR]' } - it { is_expected.to contain 'RewriteRule ^index.html$ welcome.html' } - it { is_expected.to contain 'RewriteMap lc int:tolower' } - end - end - - describe 'directory rewrite rules' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - if ! defined(Class['apache::mod::rewrite']) { - include ::apache::mod::rewrite - } - apache::vhost { 'test.server': - docroot => '/tmp', - directories => [ - { - path => '/tmp', - rewrites => [ - { - comment => 'Permalink Rewrites', - rewrite_base => '/', - }, - { rewrite_rule => [ '^index\\.php$ - [L]' ] }, - { rewrite_cond => [ - '%{REQUEST_FILENAME} !-f', - '%{REQUEST_FILENAME} !-d', ], rewrite_rule => [ '. /index.php [L]' ], } - ], - }, - ], - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain '#Permalink Rewrites' } - it { is_expected.to contain 'RewriteEngine On' } - it { is_expected.to contain 'RewriteBase /' } - it { is_expected.to contain 'RewriteRule ^index\.php$ - [L]' } - it { is_expected.to contain 'RewriteCond %{REQUEST_FILENAME} !-f' } - it { is_expected.to contain 'RewriteCond %{REQUEST_FILENAME} !-d' } - it { is_expected.to contain 'RewriteRule . /index.php [L]' } - end - end - - describe 'setenv/setenvif' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - setenv => ['TEST /test'], - setenvif => ['Request_URI "\.gif$" object_is_image=gif'] - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'SetEnv TEST /test' } - it { is_expected.to contain 'SetEnvIf Request_URI "\.gif$" object_is_image=gif' } - end - end - - describe 'block' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - block => 'scm', - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain '' } - end - end - - describe 'wsgi' do - unless host_inventory['facter']['os']['distro'].nil? - context 'on lucid', if: host_inventory['facter']['os']['distro']['codename'] == 'lucid' do - pp = <<-MANIFEST - class { 'apache': } - class { 'apache::mod::wsgi': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - wsgi_application_group => '%{GLOBAL}', - wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => {processes => '2'}, - wsgi_process_group => 'nobody', - wsgi_script_aliases => { '/test' => '/test1' }, - wsgi_script_aliases_match => { '/test/([^/*])' => '/test1' }, - wsgi_pass_authorization => 'On', - } - MANIFEST - it 'import_script applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - end - - context 'on everything but lucid', unless: (host_inventory['facter']['os']['distro']['codename'] == 'lucid' || host_inventory['facter']['os']['name'] == 'SLES') do - pp = <<-MANIFEST - class { 'apache': } - class { 'apache::mod::wsgi': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - wsgi_application_group => '%{GLOBAL}', - wsgi_daemon_process => 'wsgi', - wsgi_daemon_process_options => {processes => '2'}, - wsgi_import_script => '/test1', - wsgi_import_script_options => { application-group => '%{GLOBAL}', process-group => 'wsgi' }, - wsgi_process_group => 'nobody', - wsgi_script_aliases => { '/test' => '/test1' }, - wsgi_script_aliases_match => { '/test/([^/*])' => '/test1' }, - wsgi_pass_authorization => 'On', - wsgi_chunked_request => 'On', - } - MANIFEST - it 'import_script applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'WSGIApplicationGroup %{GLOBAL}' } - it { is_expected.to contain 'WSGIDaemonProcess wsgi processes=2' } - it { is_expected.to contain 'WSGIImportScript /test1 application-group=%{GLOBAL} process-group=wsgi' } - it { is_expected.to contain 'WSGIProcessGroup nobody' } - it { is_expected.to contain 'WSGIScriptAlias /test "/test1"' } - it { is_expected.to contain 'WSGIPassAuthorization On' } - it { is_expected.to contain 'WSGIChunkedRequest On' } - end - end - end - end - - describe 'custom_fragment' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - custom_fragment => inline_template('#weird test string'), - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain '#weird test string' } - end - end - - describe 'itk' do - pp = <<-MANIFEST - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - itk => { user => 'nobody', group => 'nobody' } - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'AssignUserId nobody nobody' } - end - end - - # Limit testing to Debian, since Centos does not have fastcgi package. - # In addition Debian 9/Ubuntu 18.04 no longer support this fastcgi - if fact('osfamily') == 'Debian' && !['9', '18.04'].include?(host_inventory['facter']['os']['release']['major']) - describe 'fastcgi' do - pp_one = <<-MANIFEST - $_os = $::operatingsystem - - if $_os == 'Ubuntu' { - $_location = "http://archive.ubuntu.com/ubuntu/" - $_security_location = "http://archive.ubuntu.com/ubuntu/" - $_release = $::lsbdistcodename - $_release_security = "${_release}-security" - $_repos = "main universe multiverse" - } else { - $_location = "http://httpredir.debian.org/debian/" - $_security_location = "http://security.debian.org/" - $_release = $::lsbdistcodename - $_release_security = "${_release}/updates" - $_repos = "main contrib non-free" - } - - include ::apt - apt::source { "${_os}_${_release}": - location => $_location, - release => $_release, - repos => $_repos, - } - - apt::source { "${_os}_${_release}-updates": - location => $_location, - release => "${_release}-updates", - repos => $_repos, - } - - apt::source { "${_os}_${_release}-security": - location => $_security_location, - release => $_release_security, - repos => $_repos, - } - MANIFEST - pp_two = <<-MANIFEST - class { 'apache': } - class { 'apache::mod::fastcgi': } - host { 'test.server': ip => '127.0.0.1' } - apache::vhost { 'test.server': - docroot => '/tmp', - fastcgi_server => 'localhost', - fastcgi_socket => '/tmp/fast/1234', - fastcgi_dir => '/tmp/fast', - } - MANIFEST - it 'applies cleanly' do - # apt-get update may not run clean here. Should be OK. - apply_manifest(pp_one, catch_failures: false) - - apply_manifest(pp_two, catch_failures: true, acceptable_exit_codes: [0, 2]) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'FastCgiExternalServer localhost -socket /tmp/fast/1234' } - it { is_expected.to contain '' } - end - end - end - - describe 'additional_includes' do - pp = <<-MANIFEST - if $::osfamily == 'RedHat' and "$::selinux" == "true" { - $semanage_package = $::operatingsystemmajrelease ? { - '5' => 'policycoreutils', - default => 'policycoreutils-python', - } - exec { 'set_apache_defaults': - command => 'semanage fcontext -a -t httpd_sys_content_t "/apache_spec(/.*)?"', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - require => Package[$semanage_package], - } - package { $semanage_package: ensure => installed } - exec { 'restorecon_apache': - command => 'restorecon -Rv /apache_spec', - path => '/bin:/usr/bin/:/sbin:/usr/sbin', - before => Service['httpd'], - require => Class['apache'], - } - } - class { 'apache': } - host { 'test.server': ip => '127.0.0.1' } - file { '/apache_spec': ensure => directory, } - file { '/apache_spec/include': ensure => present, content => '#additional_includes' } - apache::vhost { 'test.server': - docroot => '/apache_spec', - additional_includes => '/apache_spec/include', - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'Include "/apache_spec/include"' } - end - end - - describe 'virtualhost without priority prefix' do - pp = <<-MANIFEST - class { 'apache': } - apache::vhost { 'test.server': - priority => false, - docroot => '/tmp' - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/test.server.conf") do - it { is_expected.to be_file } - end - end - - describe 'SSLProtocol directive' do - pp = <<-MANIFEST - class { 'apache': } - apache::vhost { 'test.server': - docroot => '/tmp', - ssl => true, - ssl_protocol => ['All', '-SSLv2'], - } - apache::vhost { 'test2.server': - docroot => '/tmp', - ssl => true, - ssl_protocol => 'All -SSLv2', - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'SSLProtocol *All -SSLv2' } - end - - describe file("#{$vhost_dir}/25-test2.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'SSLProtocol *All -SSLv2' } - end - end - - describe 'shibboleth parameters', if: (fact('osfamily') == 'Debian' && host_inventory['facter']['os']['release']['major'] != '7') do - # Debian 7 is too old for ShibCompatValidUser - pp = <<-MANIFEST - class { 'apache': } - class { 'apache::mod::shib': } - apache::vhost { 'test.server': - port => '80', - docroot => '/var/www/html', - shib_compat_valid_user => 'On' - } - MANIFEST - it 'applies cleanly' do - apply_manifest(pp, catch_failures: true) - end - describe file("#{$vhost_dir}/25-test.server.conf") do - it { is_expected.to be_file } - it { is_expected.to contain 'ShibCompatValidUser On' } - end - end -end diff --git a/puppet/modules/apache/spec/acceptance/vhosts_spec.rb b/puppet/modules/apache/spec/acceptance/vhosts_spec.rb deleted file mode 100644 index 9c49c5b..0000000 --- a/puppet/modules/apache/spec/acceptance/vhosts_spec.rb +++ /dev/null @@ -1,32 +0,0 @@ -require 'spec_helper_acceptance' -require_relative './version.rb' - -describe 'apache::vhosts class' do - context 'custom vhosts defined via class apache::vhosts' do - pp = <<-MANIFEST - class { 'apache::vhosts': - vhosts => { - 'custom_vhost_1' => { - 'docroot' => '/var/www/custom_vhost_1', - 'port' => '81', - }, - 'custom_vhost_2' => { - 'docroot' => '/var/www/custom_vhost_2', - 'port' => '82', - }, - }, - } - MANIFEST - it 'creates custom vhost config files' do - apply_manifest(pp, catch_failures: true) - end - - describe file("#{$vhost_dir}/25-custom_vhost_1.conf") do - it { is_expected.to contain '' } - end - - describe file("#{$vhost_dir}/25-custom_vhost_2.conf") do - it { is_expected.to contain '' } - end - end -end diff --git a/puppet/modules/apache/spec/classes/apache_spec.rb b/puppet/modules/apache/spec/classes/apache_spec.rb deleted file mode 100644 index ad4f8dc..0000000 --- a/puppet/modules/apache/spec/classes/apache_spec.rb +++ /dev/null @@ -1,917 +0,0 @@ -require 'spec_helper' - -describe 'apache', type: :class do - context 'on a Debian OS' do - let :facts do - { - id: 'root', - kernel: 'Linux', - lsbdistcodename: 'squeeze', - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '6', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { - is_expected.to contain_package('httpd').with( - 'notify' => 'Class[Apache::Service]', - 'ensure' => 'installed', - ) - } - it { is_expected.to contain_user('www-data') } - it { is_expected.to contain_group('www-data') } - it { is_expected.to contain_class('apache::service') } - it { - is_expected.to contain_file('/var/www').with( - 'ensure' => 'directory', - ) - } - it { - is_expected.to contain_file('/etc/apache2/sites-enabled').with( - 'ensure' => 'directory', 'recurse' => 'true', - 'purge' => 'true', 'notify' => 'Class[Apache::Service]', - 'require' => 'Package[httpd]' - ) - } - it { - is_expected.to contain_file('/etc/apache2/mods-enabled').with( - 'ensure' => 'directory', 'recurse' => 'true', - 'purge' => 'true', 'notify' => 'Class[Apache::Service]', - 'require' => 'Package[httpd]' - ) - } - it { - is_expected.to contain_file('/etc/apache2/mods-available').with( - 'ensure' => 'directory', 'recurse' => 'true', - 'purge' => 'false', 'notify' => 'Class[Apache::Service]', - 'require' => 'Package[httpd]' - ) - } - it { - is_expected.to contain_concat('/etc/apache2/ports.conf').with( - 'owner' => 'root', 'group' => 'root', - 'mode' => '0644', 'notify' => 'Class[Apache::Service]' - ) - } - # Assert that load files are placed and symlinked for these mods, but no conf file. - ['auth_basic', 'authn_file', 'authz_default', 'authz_groupfile', 'authz_host', 'authz_user', 'dav', 'env'].each do |modname| - it { - is_expected.to contain_file("#{modname}.load").with( - 'path' => "/etc/apache2/mods-available/#{modname}.load", - 'ensure' => 'file', - ) - } - it { - is_expected.to contain_file("#{modname}.load symlink").with( - 'path' => "/etc/apache2/mods-enabled/#{modname}.load", - 'ensure' => 'link', - 'target' => "/etc/apache2/mods-available/#{modname}.load", - ) - } - it { is_expected.not_to contain_file("#{modname}.conf") } - it { is_expected.not_to contain_file("#{modname}.conf symlink") } - end - - context 'with Apache version < 2.4' do - let :params do - { apache_version: '2.2' } - end - - it { is_expected.to contain_file('/etc/apache2/apache2.conf').with_content %r{^Include "/etc/apache2/conf\.d/\*\.conf"$} } - end - - context 'with Apache version >= 2.4' do - let :params do - { - apache_version: '2.4', - use_optional_includes: true, - } - end - - it { is_expected.to contain_file('/etc/apache2/apache2.conf').with_content %r{^IncludeOptional "/etc/apache2/conf\.d/\*\.conf"$} } - end - - context 'when specifying slash encoding behaviour' do - let :params do - { allow_encoded_slashes: 'nodecode' } - end - - it { is_expected.to contain_file('/etc/apache2/apache2.conf').with_content %r{^AllowEncodedSlashes nodecode$} } - end - - context 'when specifying fileETag behaviour' do - let :params do - { file_e_tag: 'None' } - end - - it { is_expected.to contain_file('/etc/apache2/apache2.conf').with_content %r{^FileETag None$} } - end - - context 'when specifying canonical name behaviour' do - let :params do - { use_canonical_name: 'dns' } - end - - it { is_expected.to contain_file('/etc/apache2/apache2.conf').with_content %r{^UseCanonicalName dns$} } - end - - context 'when specifying default character set' do - let :params do - { default_charset: 'none' } - end - - it { is_expected.to contain_file('/etc/apache2/apache2.conf').with_content %r{^AddDefaultCharset none$} } - end - - # Assert that both load files and conf files are placed and symlinked for these mods - ['alias', 'autoindex', 'dav_fs', 'deflate', 'dir', 'mime', 'negotiation', 'setenvif'].each do |modname| - it { - is_expected.to contain_file("#{modname}.load").with( - 'path' => "/etc/apache2/mods-available/#{modname}.load", - 'ensure' => 'file', - ) - } - it { - is_expected.to contain_file("#{modname}.load symlink").with( - 'path' => "/etc/apache2/mods-enabled/#{modname}.load", - 'ensure' => 'link', - 'target' => "/etc/apache2/mods-available/#{modname}.load", - ) - } - it { - is_expected.to contain_file("#{modname}.conf").with( - 'path' => "/etc/apache2/mods-available/#{modname}.conf", - 'ensure' => 'file', - ) - } - it { - is_expected.to contain_file("#{modname}.conf symlink").with( - 'path' => "/etc/apache2/mods-enabled/#{modname}.conf", - 'ensure' => 'link', - 'target' => "/etc/apache2/mods-available/#{modname}.conf", - ) - } - end - - describe "Check default type with Apache version < 2.2 when default_type => 'none'" do - let :params do - { - apache_version: '2.2', - default_type: 'none', - } - end - - it { is_expected.to contain_file('/etc/apache2/apache2.conf').with_content %r{^DefaultType none$} } - end - describe "Check default type with Apache version < 2.2 when default_type => 'text/plain'" do - let :params do - { - apache_version: '2.2', - default_type: 'text/plain', - } - end - - it { is_expected.to contain_file('/etc/apache2/apache2.conf').with_content %r{^DefaultType text/plain$} } - end - - describe 'Check default type with Apache version >= 2.4' do - let :params do - { apache_version: '2.4' } - end - - it { is_expected.to contain_file('/etc/apache2/apache2.conf').without_content %r{^DefaultType [.]*$} } - end - - describe "Don't create user resource when parameter manage_user is false" do - let :params do - { manage_user: false } - end - - it { is_expected.not_to contain_user('www-data') } - it { is_expected.to contain_file('/etc/apache2/apache2.conf').with_content %r{^User www-data\n} } - end - describe "Don't create group resource when parameter manage_group is false" do - let :params do - { manage_group: false } - end - - it { is_expected.not_to contain_group('www-data') } - it { is_expected.to contain_file('/etc/apache2/apache2.conf').with_content %r{^Group www-data\n} } - end - - describe 'Add extra LogFormats When parameter log_formats is a hash' do - let :params do - { log_formats: { - 'vhost_common' => '%v %h %l %u %t "%r" %>s %b', - 'vhost_combined' => '%v %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"', - } } - end - - it { is_expected.to contain_file('/etc/apache2/apache2.conf').with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common\n} } - it { is_expected.to contain_file('/etc/apache2/apache2.conf').with_content %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" vhost_combined\n} } - end - - describe 'Override existing LogFormats When parameter log_formats is a hash' do - let :params do - { log_formats: { - 'common' => '%v %h %l %u %t "%r" %>s %b', - 'combined' => '%v %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"', - } } - end - - expected = [ - %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" common\n}, - %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b" common\n}, - %r{^LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n}, - ] - unexpected = [ - %r{^LogFormat "%h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n}, - %r{^LogFormat "%h %l %u %t \"%r\" %>s %b \"%\{Referer\}i\" \"%\{User-agent\}i\"" combined\n}, - ] - it 'Expected to contain' do - expected.each do |reg| - is_expected.to contain_file('/etc/apache2/apache2.conf').with_content reg - end - end - it 'Not expected to contain' do - unexpected.each do |reg| - is_expected.to contain_file('/etc/apache2/apache2.conf').without_content reg - end - end - end - - context '8' do - let :facts do - super().merge(lsbdistcodename: 'jessie', - operatingsystemrelease: '8') - end - - it { - is_expected.to contain_file('/var/www/html').with( - 'ensure' => 'directory', - ) - } - end - context 'on Ubuntu 14.04' do - let :facts do - super().merge(operatingsystem: 'Ubuntu', - lsbdistrelease: '14.04', - operatingsystemrelease: '14.04') - end - - it { - is_expected.to contain_file('/var/www/html').with( - 'ensure' => 'directory', - ) - } - end - end - - context 'on a RedHat 5 OS' do - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '5', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { - is_expected.to contain_package('httpd').with( - 'notify' => 'Class[Apache::Service]', - 'ensure' => 'installed', - ) - } - it { is_expected.to contain_user('apache') } - it { is_expected.to contain_group('apache') } - it { is_expected.to contain_class('apache::service') } - it { - is_expected.to contain_file('/var/www/html').with( - 'ensure' => 'directory', - ) - } - it { - is_expected.to contain_file('/etc/httpd/conf.d').with( - 'ensure' => 'directory', 'recurse' => 'true', - 'purge' => 'true', 'notify' => 'Class[Apache::Service]', - 'require' => 'Package[httpd]' - ) - } - it { - is_expected.to contain_concat('/etc/httpd/conf/ports.conf').with( - 'owner' => 'root', 'group' => 'root', - 'mode' => '0644', 'notify' => 'Class[Apache::Service]' - ) - } - describe 'Alternate confd/mod/vhosts directory' do - let :params do - { - vhost_dir: '/etc/httpd/site.d', - confd_dir: '/etc/httpd/conf.d', - mod_dir: '/etc/httpd/mod.d', - } - end - - ['mod.d', 'site.d', 'conf.d'].each do |dir| - it { - is_expected.to contain_file("/etc/httpd/#{dir}").with( - 'ensure' => 'directory', 'recurse' => 'true', - 'purge' => 'true', 'notify' => 'Class[Apache::Service]', - 'require' => 'Package[httpd]' - ) - } - end - - # Assert that load files are placed for these mods, but no conf file. - ['auth_basic', 'authn_file', 'authz_default', 'authz_groupfile', 'authz_host', 'authz_user', 'dav', 'env'].each do |modname| - it { - is_expected.to contain_file("#{modname}.load").with_path( - "/etc/httpd/mod.d/#{modname}.load", - ) - } - it { - is_expected.not_to contain_file("#{modname}.conf").with_path( - "/etc/httpd/mod.d/#{modname}.conf", - ) - } - end - - # Assert that both load files and conf files are placed for these mods - ['alias', 'autoindex', 'dav_fs', 'deflate', 'dir', 'mime', 'negotiation', 'setenvif'].each do |modname| - it { - is_expected.to contain_file("#{modname}.load").with_path( - "/etc/httpd/mod.d/#{modname}.load", - ) - } - it { - is_expected.to contain_file("#{modname}.conf").with_path( - "/etc/httpd/mod.d/#{modname}.conf", - ) - } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^Include "/etc/httpd/site\.d/\*"$} } - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^Include "/etc/httpd/mod\.d/\*\.conf"$} } - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^Include "/etc/httpd/mod\.d/\*\.load"$} } - end - describe 'Alternate confd/mod/vhosts directory with Apache version < 2.4' do - let :params do - { - vhost_dir: '/etc/httpd/site.d', - confd_dir: '/etc/httpd/conf.d', - mod_dir: '/etc/httpd/mod.d', - apache_version: '2.2', - } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^Include "/etc/httpd/conf\.d/\*\.conf"$} } - end - describe 'Alternate confd/mod/vhosts directory with Apache version >= 2.4' do - let :params do - { - vhost_dir: '/etc/httpd/site.d', - confd_dir: '/etc/httpd/conf.d', - mod_dir: '/etc/httpd/mod.d', - apache_version: '2.4', - use_optional_includes: true, - } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^IncludeOptional "/etc/httpd/conf\.d/\*\.conf"$} } - end - describe 'Alternate confd/mod/vhosts directory with Apache version < 2.4' do - let :params do - { - vhost_dir: '/etc/httpd/site.d', - confd_dir: '/etc/httpd/conf.d', - mod_dir: '/etc/httpd/mod.d', - apache_version: '2.2', - rewrite_lock: '/var/lock/subsys/rewrite-lock', - } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^RewriteLock /var/lock/subsys/rewrite-lock$} } - end - describe 'Alternate confd/mod/vhosts directory with Apache version < 2.4' do - let :params do - { - vhost_dir: '/etc/httpd/site.d', - confd_dir: '/etc/httpd/conf.d', - mod_dir: '/etc/httpd/mod.d', - apache_version: '2.2', - } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').without_content %r{^RewriteLock [.]*$} } - end - describe 'Alternate confd/mod/vhosts directory with Apache version >= 2.4' do - let :params do - { - vhost_dir: '/etc/httpd/site.d', - confd_dir: '/etc/httpd/conf.d', - mod_dir: '/etc/httpd/mod.d', - apache_version: '2.4', - rewrite_lock: '/var/lock/subsys/rewrite-lock', - } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').without_content %r{^RewriteLock [.]*$} } - end - describe 'Alternate confd/mod/vhosts directory when specifying slash encoding behaviour' do - let :params do - { - vhost_dir: '/etc/httpd/site.d', - confd_dir: '/etc/httpd/conf.d', - mod_dir: '/etc/httpd/mod.d', - allow_encoded_slashes: 'nodecode', - } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^AllowEncodedSlashes nodecode$} } - end - - describe 'Alternate confd/mod/vhosts directory when specifying default character set' do - let :params do - { - vhost_dir: '/etc/httpd/site.d', - confd_dir: '/etc/httpd/conf.d', - mod_dir: '/etc/httpd/mod.d', - default_charset: 'none', - } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^AddDefaultCharset none$} } - end - describe "Alternate confd/mod/vhosts directory with Apache version < 2.4 when default_type => 'none'" do - let :params do - { - vhost_dir: '/etc/httpd/site.d', - confd_dir: '/etc/httpd/conf.d', - mod_dir: '/etc/httpd/mod.d', - apache_version: '2.2', - default_type: 'none', - } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^DefaultType none$} } - end - describe "Alternate confd/mod/vhosts directory with Apache version < 2.4 when default_type => 'text/plain'" do - let :params do - { - vhost_dir: '/etc/httpd/site.d', - confd_dir: '/etc/httpd/conf.d', - mod_dir: '/etc/httpd/mod.d', - apache_version: '2.2', - default_type: 'text/plain', - } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^DefaultType text/plain$} } - end - describe 'Alternate confd/mod/vhosts directory with Apache version >= 2.4' do - let :params do - { - vhost_dir: '/etc/httpd/site.d', - confd_dir: '/etc/httpd/conf.d', - mod_dir: '/etc/httpd/mod.d', - apache_version: '2.4', - } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').without_content %r{^DefaultType [.]*$} } - end - - describe 'Alternate conf directory' do - let :params do - { conf_dir: '/opt/rh/root/etc/httpd/conf' } - end - - it { - is_expected.to contain_file('/opt/rh/root/etc/httpd/conf/httpd.conf').with( - 'ensure' => 'file', - 'notify' => 'Class[Apache::Service]', - 'require' => ['Package[httpd]', 'Concat[/etc/httpd/conf/ports.conf]'], - ) - } - end - - describe 'Alternate conf.d directory' do - let :params do - { confd_dir: '/etc/httpd/special_conf.d' } - end - - it { - is_expected.to contain_file('/etc/httpd/special_conf.d').with( - 'ensure' => 'directory', 'recurse' => 'true', - 'purge' => 'true', 'notify' => 'Class[Apache::Service]', - 'require' => 'Package[httpd]' - ) - } - end - - describe 'Alternate mpm_modules when declaring mpm_module is false' do - let :params do - { mpm_module: false } - end - - unexpected = ['apache::mod::event', 'apache::mod::itk', 'apache::mod::peruser', 'apache::mod::prefork', 'apache::mod::worker'] - it 'does not declare mpm modules' do - unexpected.each do |not_expect| - is_expected.not_to contain_class(not_expect) - end - end - end - describe 'Alternate mpm_modules when declaring mpm_module => prefork' do - let :params do - { mpm_module: 'prefork' } - end - - it { is_expected.to contain_class('apache::mod::prefork') } - it { is_expected.not_to contain_class('apache::mod::event') } - it { is_expected.not_to contain_class('apache::mod::itk') } - it { is_expected.not_to contain_class('apache::mod::peruser') } - it { is_expected.not_to contain_class('apache::mod::worker') } - end - describe 'Alternate mpm_modules when declaring mpm_module => worker' do - let :params do - { mpm_module: 'worker' } - end - - it { is_expected.to contain_class('apache::mod::worker') } - it { is_expected.not_to contain_class('apache::mod::event') } - it { is_expected.not_to contain_class('apache::mod::itk') } - it { is_expected.not_to contain_class('apache::mod::peruser') } - it { is_expected.not_to contain_class('apache::mod::prefork') } - end - - describe 'different templates for httpd.conf with default' do - let :params do - { conf_template: 'apache/httpd.conf.erb' } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^# Security\n} } - end - describe 'different templates for httpd.conf with non-default' do - let :params do - { conf_template: 'site_apache/fake.conf.erb' } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^Fake template for rspec.$} } - end - - describe 'default mods without' do - let :params do - { default_mods: false } - end - - it { is_expected.to contain_apache__mod('authz_host') } - it { is_expected.not_to contain_apache__mod('env') } - end - describe 'default mods custom' do - let :params do - { default_mods: ['info', 'alias', 'mime', 'env', 'setenv', 'expires'] } - end - - it { is_expected.to contain_apache__mod('authz_host') } - it { is_expected.to contain_apache__mod('env') } - it { is_expected.to contain_class('apache::mod::info') } - it { is_expected.to contain_class('apache::mod::mime') } - end - describe "Don't create user resource when parameter manage_user is false" do - let :params do - { manage_user: false } - end - - it { is_expected.not_to contain_user('apache') } - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^User apache\n} } - end - describe "Don't create group resource when parameter manage_group is false" do - let :params do - { manage_group: false } - end - - it { is_expected.not_to contain_group('apache') } - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^Group apache\n} } - end - - describe 'sendfile with invalid value' do - let :params do - { sendfile: 'foo' } - end - - it 'fails' do - expect { - catalogue - }.to raise_error(Puppet::PreformattedError, %r{Evaluation Error: Error while evaluating a Resource Statement, Class\[Apache\]: parameter 'sendfile' expects a match for Enum\['Off', 'On', 'off', 'on'\]}) # rubocop:disable Metrics/LineLength - end - end - describe 'sendfile On' do - let :params do - { sendfile: 'On' } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^EnableSendfile On\n} } - end - describe 'sendfile Off' do - let :params do - { sendfile: 'Off' } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^EnableSendfile Off\n} } - end - - describe 'hostname lookup with invalid value' do - let :params do - { hostname_lookups: 'foo' } - end - - it 'fails' do - expect { - catalogue - }.to raise_error(Puppet::Error, %r{Evaluation Error}) - end - end - describe 'hostname_lookups On' do - let :params do - { hostname_lookups: 'On' } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^HostnameLookups On\n} } - end - describe 'hostname_lookups Off' do - let :params do - { hostname_lookups: 'Off' } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^HostnameLookups Off\n} } - end - - describe 'hostname_lookups Double' do - let :params do - { hostname_lookups: 'Double' } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^HostnameLookups Double\n} } - end - - context 'on Fedora 21' do - let :facts do - super().merge(operatingsystem: 'Fedora', - lsbdistrelease: '21', - operatingsystemrelease: '21') - end - - it { is_expected.to contain_class('apache').with_apache_version('2.4') } - end - context 'on Fedora Rawhide' do - let :facts do - super().merge(operatingsystem: 'Fedora', - lsbdistrelease: 'Rawhide', - operatingsystemrelease: 'Rawhide') - end - - it { is_expected.to contain_class('apache').with_apache_version('2.4') } - end - # kinda obsolete - context 'on Fedora 17' do - let :facts do - super().merge(operatingsystem: 'Fedora', - lsbdistrelease: '17', - operatingsystemrelease: '17') - end - - it { is_expected.to contain_class('apache').with_apache_version('2.2') } - end - end - context 'on a FreeBSD OS' do - let :facts do - { - id: 'root', - kernel: 'FreeBSD', - osfamily: 'FreeBSD', - operatingsystem: 'FreeBSD', - operatingsystemrelease: '10', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_class('apache::package').with('ensure' => 'present') } - it { is_expected.to contain_user('www') } - it { is_expected.to contain_group('www') } - it { is_expected.to contain_class('apache::service') } - it { - is_expected.to contain_file('/usr/local/www/apache24/data').with( - 'ensure' => 'directory', - ) - } - it { - is_expected.to contain_file('/usr/local/etc/apache24/Vhosts').with( - 'ensure' => 'directory', 'recurse' => 'true', - 'purge' => 'true', 'notify' => 'Class[Apache::Service]', - 'require' => 'Package[httpd]' - ) - } - it { - is_expected.to contain_file('/usr/local/etc/apache24/Modules').with( - 'ensure' => 'directory', 'recurse' => 'true', - 'purge' => 'true', 'notify' => 'Class[Apache::Service]', - 'require' => 'Package[httpd]' - ) - } - it { - is_expected.to contain_concat('/usr/local/etc/apache24/ports.conf').with( - 'owner' => 'root', 'group' => 'wheel', - 'mode' => '0644', 'notify' => 'Class[Apache::Service]' - ) - } - # Assert that load files are placed for these mods, but no conf file. - ['auth_basic', 'authn_core', 'authn_file', 'authz_groupfile', 'authz_host', 'authz_user', 'dav', 'env'].each do |modname| - it { - is_expected.to contain_file("#{modname}.load").with( - 'path' => "/usr/local/etc/apache24/Modules/#{modname}.load", - 'ensure' => 'file', - ) - } - it { is_expected.not_to contain_file("#{modname}.conf") } - end - - # Assert that both load files and conf files are placed for these mods - ['alias', 'autoindex', 'dav_fs', 'deflate', 'dir', 'mime', 'negotiation', 'setenvif'].each do |modname| - it { - is_expected.to contain_file("#{modname}.load").with( - 'path' => "/usr/local/etc/apache24/Modules/#{modname}.load", - 'ensure' => 'file', - ) - } - it { - is_expected.to contain_file("#{modname}.conf").with( - 'path' => "/usr/local/etc/apache24/Modules/#{modname}.conf", - 'ensure' => 'file', - ) - } - end - end - context 'on a Gentoo OS' do - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_user('apache') } - it { is_expected.to contain_group('apache') } - it { is_expected.to contain_class('apache::service') } - it { - is_expected.to contain_file('/var/www/localhost/htdocs').with( - 'ensure' => 'directory', - ) - } - it { - is_expected.to contain_file('/etc/apache2/vhosts.d').with( - 'ensure' => 'directory', 'recurse' => 'true', - 'purge' => 'true', 'notify' => 'Class[Apache::Service]', - 'require' => 'Package[httpd]' - ) - } - it { - is_expected.to contain_file('/etc/apache2/modules.d').with( - 'ensure' => 'directory', 'recurse' => 'true', - 'purge' => 'true', 'notify' => 'Class[Apache::Service]', - 'require' => 'Package[httpd]' - ) - } - it { - is_expected.to contain_concat('/etc/apache2/ports.conf').with( - 'owner' => 'root', 'group' => 'wheel', - 'mode' => '0644', 'notify' => 'Class[Apache::Service]' - ) - } - end - context 'on all OSes' do - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '6', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - context 'with a custom apache_name parameter' do - let :params do - { - apache_name: 'httpd24-httpd', - } - end - - it { - is_expected.to contain_package('httpd').with( - 'notify' => 'Class[Apache::Service]', - 'ensure' => 'installed', - 'name' => 'httpd24-httpd', - ) - } - end - context 'with a custom file_mode parameter' do - let :params do - { - file_mode: '0640', - } - end - - it { - is_expected.to contain_concat('/etc/httpd/conf/ports.conf').with( - 'mode' => '0640', - ) - } - end - context 'with a custom root_directory_options parameter' do - let :params do - { - root_directory_options: ['-Indexes', '-FollowSymLinks'], - } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{Options -Indexes -FollowSymLinks} } - end - context 'with a custom root_directory_secured parameter and Apache < 2.4' do - let :params do - { - apache_version: '2.2', - root_directory_secured: true, - } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{Options FollowSymLinks\n\s+AllowOverride None\n\s+Order deny,allow\n\s+Deny from all} } - end - context 'with a custom root_directory_secured parameter and Apache >= 2.4' do - let :params do - { - apache_version: '2.4', - root_directory_secured: true, - } - end - - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{Options FollowSymLinks\n\s+AllowOverride None\n\s+Require all denied} } - end - context 'default vhost defaults' do - it { is_expected.to contain_apache__vhost('default').with_ensure('present') } - it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('absent') } - it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{Options FollowSymLinks} } - end - context 'without default non-ssl vhost' do - let :params do - { - default_vhost: false, - } - end - - it { is_expected.to contain_apache__vhost('default').with_ensure('absent') } - it { is_expected.not_to contain_file('/var/www/html') } - end - context 'with default ssl vhost' do - let :params do - { - default_ssl_vhost: true, - } - end - - it { is_expected.to contain_apache__vhost('default-ssl').with_ensure('present') } - it { is_expected.to contain_file('/var/www/html') } - end - end - context 'with unsupported osfamily' do - let :facts do - { osfamily: 'Darwin', - operatingsystemrelease: '13.1.0', - is_pe: false } - end - - it do - expect { - catalogue - }.to raise_error(Puppet::Error, %r{Unsupported osfamily}) - end - end -end diff --git a/puppet/modules/apache/spec/classes/dev_spec.rb b/puppet/modules/apache/spec/classes/dev_spec.rb deleted file mode 100644 index 7ef4281..0000000 --- a/puppet/modules/apache/spec/classes/dev_spec.rb +++ /dev/null @@ -1,34 +0,0 @@ -require 'spec_helper' - -describe 'apache::dev' do - on_supported_os.each do |os, facts| - context "on #{os} " do - let :facts do - facts - end - - context 'with all defaults' do - let(:pre_condition) do - [ - 'include apache', - ] - end - - it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_class('apache::params') } - case facts[:os]['name'] - when 'Debian' - it { is_expected.to contain_package('libaprutil1-dev') } - it { is_expected.to contain_package('libapr1-dev') } - if facts[:os]['release']['major'].to_i < 8 - it { is_expected.to contain_package('apache2-prefork-dev') } - end - when 'Ubuntu' - it { is_expected.to contain_package('apache2-dev') } - when 'RedHat' - it { is_expected.to contain_package('httpd-devel') } - end - end - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/alias_spec.rb b/puppet/modules/apache/spec/classes/mod/alias_spec.rb deleted file mode 100644 index ecb9c69..0000000 --- a/puppet/modules/apache/spec/classes/mod/alias_spec.rb +++ /dev/null @@ -1,97 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::alias', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'default configuration with parameters' do - context 'on a Debian OS', :compile do - let :facts do - { - id: 'root', - kernel: 'Linux', - lsbdistcodename: 'jessie', - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '8', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_apache__mod('alias') } - it { is_expected.to contain_file('alias.conf').with(content: %r{Alias \/icons\/ "\/usr\/share\/apache2\/icons\/"}) } - end - context 'on a RedHat 6-based OS', :compile do - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '6', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_apache__mod('alias') } - it { is_expected.to contain_file('alias.conf').with(content: %r{Alias \/icons\/ "\/var\/www\/icons\/"}) } - end - context 'on a RedHat 7-based OS', :compile do - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '7', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_apache__mod('alias') } - it { is_expected.to contain_file('alias.conf').with(content: %r{Alias \/icons\/ "\/usr\/share\/httpd\/icons\/"}) } - end - context 'with icons options', :compile do - let :pre_condition do - 'class { apache: default_mods => false }' - end - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '7', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let :params do - { - 'icons_options' => 'foo', - } - end - - it { is_expected.to contain_apache__mod('alias') } - it { is_expected.to contain_file('alias.conf').with(content: %r{Options foo}) } - end - context 'on a FreeBSD OS', :compile do - let :facts do - { - id: 'root', - kernel: 'FreeBSD', - osfamily: 'FreeBSD', - operatingsystem: 'FreeBSD', - operatingsystemrelease: '10', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_apache__mod('alias') } - it { is_expected.to contain_file('alias.conf').with(content: %r{Alias \/icons\/ "\/usr\/local\/www\/apache24\/icons\/"}) } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/auth_cas_spec.rb b/puppet/modules/apache/spec/classes/mod/auth_cas_spec.rb deleted file mode 100644 index 611370d..0000000 --- a/puppet/modules/apache/spec/classes/mod/auth_cas_spec.rb +++ /dev/null @@ -1,91 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::auth_cas', type: :class do - context 'default params' do - let :params do - { - cas_login_url: 'https://cas.example.com/login', - cas_validate_url: 'https://cas.example.com/validate', - cas_cookie_path: '/var/cache/apache2/mod_auth_cas/', - } - end - - it_behaves_like 'a mod class, without including apache' - end - - context 'default configuration with parameters' do - let :params do - { - cas_login_url: 'https://cas.example.com/login', - cas_validate_url: 'https://cas.example.com/validate', - } - end - - context 'on a Debian OS', :compile do - let :facts do - { - id: 'root', - kernel: 'Linux', - lsbdistcodename: 'jessie', - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '8', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('auth_cas') } - it { is_expected.to contain_package('libapache2-mod-auth-cas') } - it { is_expected.to contain_file('auth_cas.conf').with_path('/etc/apache2/mods-available/auth_cas.conf') } - it { is_expected.to contain_file('/var/cache/apache2/mod_auth_cas/').with_owner('www-data') } - end - context 'on a RedHat OS', :compile do - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '6', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('auth_cas') } - it { is_expected.to contain_package('mod_auth_cas') } - it { is_expected.to contain_file('auth_cas.conf').with_path('/etc/httpd/conf.d/auth_cas.conf') } - it { is_expected.to contain_file('/var/cache/mod_auth_cas/').with_owner('apache') } - end - - context 'vhost setup', :compile do - let :pre_condition do - "class { 'apache': } apache::vhost { 'test.server': docroot => '/var/www/html', cas_root_proxied_as => 'http://test.server'} " - end - - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '6', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('auth_cas') } - it { is_expected.to contain_package('mod_auth_cas') } - it { is_expected.to contain_file('auth_cas.conf').with_path('/etc/httpd/conf.d/auth_cas.conf') } - it { is_expected.to contain_file('/var/cache/mod_auth_cas/').with_owner('apache') } - it { - is_expected.to contain_concat__fragment('test.server-auth_cas').with(content: %r{^\s+CASRootProxiedAs http://test.server$}) - } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/auth_gssapi_spec.rb b/puppet/modules/apache/spec/classes/mod/auth_gssapi_spec.rb deleted file mode 100644 index 96b95ba..0000000 --- a/puppet/modules/apache/spec/classes/mod/auth_gssapi_spec.rb +++ /dev/null @@ -1,77 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::auth_gssapi', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'default configuration with parameters' do - context 'on a Debian OS', :compile do - let :facts do - { - id: 'root', - kernel: 'Linux', - lsbdistcodename: 'squeeze', - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '6', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('auth_gssapi') } - it { is_expected.to contain_package('libapache2-mod-auth-gssapi') } - end - context 'on a RedHat OS', :compile do - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '6', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('auth_gssapi') } - it { is_expected.to contain_package('mod_auth_gssapi') } - end - context 'on a FreeBSD OS', :compile do - let :facts do - { - id: 'root', - kernel: 'FreeBSD', - osfamily: 'FreeBSD', - operatingsystem: 'FreeBSD', - operatingsystemrelease: '9', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('auth_gssapi') } - it { is_expected.to contain_package('www/mod_auth_gssapi') } - end - context 'on a Gentoo OS', :compile do - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - operatingsystemrelease: '3.16.1-gentoo', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('auth_gssapi') } - it { is_expected.to contain_package('www-apache/mod_auth_gssapi') } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/auth_kerb_spec.rb b/puppet/modules/apache/spec/classes/mod/auth_kerb_spec.rb deleted file mode 100644 index 87177e8..0000000 --- a/puppet/modules/apache/spec/classes/mod/auth_kerb_spec.rb +++ /dev/null @@ -1,106 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::auth_kerb', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'default configuration with parameters' do - context 'on a Debian OS', :compile do - let :facts do - { - id: 'root', - kernel: 'Linux', - lsbdistcodename: 'jessie', - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '8', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('auth_kerb') } - it { is_expected.to contain_package('libapache2-mod-auth-kerb') } - end - context 'on a RedHat OS', :compile do - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '6', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('auth_kerb') } - it { is_expected.to contain_package('mod_auth_kerb') } - end - context 'on a FreeBSD OS', :compile do - let :facts do - { - id: 'root', - kernel: 'FreeBSD', - osfamily: 'FreeBSD', - operatingsystem: 'FreeBSD', - operatingsystemrelease: '9', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('auth_kerb') } - it { is_expected.to contain_package('www/mod_auth_kerb2') } - end - context 'on a Gentoo OS', :compile do - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - operatingsystemrelease: '3.16.1-gentoo', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('auth_kerb') } - it { is_expected.to contain_package('www-apache/mod_auth_kerb') } - end - end - context 'overriding mod_packages' do - context 'on a RedHat OS', :compile do - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '6', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let :pre_condition do - <<-MANIFEST - include apache::params - class { 'apache': - mod_packages => merge($::apache::params::mod_packages, { - 'auth_kerb' => 'httpd24-mod_auth_kerb', - }) - } - MANIFEST - end - - it { is_expected.to contain_apache__mod('auth_kerb') } - it { is_expected.to contain_package('httpd24-mod_auth_kerb') } - it { is_expected.not_to contain_package('mod_auth_kerb') } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/auth_mellon_spec.rb b/puppet/modules/apache/spec/classes/mod/auth_mellon_spec.rb deleted file mode 100644 index 86dca27..0000000 --- a/puppet/modules/apache/spec/classes/mod/auth_mellon_spec.rb +++ /dev/null @@ -1,87 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::auth_mellon', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'default configuration with parameters on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - fqdn: 'test.example.com', - is_pe: false, - } - end - - describe 'with no parameters' do - it { is_expected.to contain_apache__mod('auth_mellon') } - it { is_expected.to contain_package('libapache2-mod-auth-mellon') } - it { is_expected.to contain_file('auth_mellon.conf').with_path('/etc/apache2/mods-available/auth_mellon.conf') } - it { is_expected.to contain_file('auth_mellon.conf').with_content("MellonPostDirectory \"\/var\/cache\/apache2\/mod_auth_mellon\/\"\n") } - end - describe 'with parameters' do - let :params do - { mellon_cache_size: '200', - mellon_cache_entry_size: '2010', - mellon_lock_file: '/tmp/junk', - mellon_post_directory: '/tmp/post', - mellon_post_ttl: '5', - mellon_post_size: '8', - mellon_post_count: '10' } - end - - it { is_expected.to contain_file('auth_mellon.conf').with_content(%r{^MellonCacheSize\s+200$}) } - it { is_expected.to contain_file('auth_mellon.conf').with_content(%r{^MellonCacheEntrySize\s+2010$}) } - it { is_expected.to contain_file('auth_mellon.conf').with_content(%r{^MellonLockFile\s+"\/tmp\/junk"$}) } - it { is_expected.to contain_file('auth_mellon.conf').with_content(%r{^MellonPostDirectory\s+"\/tmp\/post"$}) } - it { is_expected.to contain_file('auth_mellon.conf').with_content(%r{^MellonPostTTL\s+5$}) } - it { is_expected.to contain_file('auth_mellon.conf').with_content(%r{^MellonPostSize\s+8$}) } - it { is_expected.to contain_file('auth_mellon.conf').with_content(%r{^MellonPostCount\s+10$}) } - end - end - context 'default configuration with parameters on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - fqdn: 'test.example.com', - is_pe: false, - } - end - - describe 'with no parameters' do - it { is_expected.to contain_apache__mod('auth_mellon') } - it { is_expected.to contain_package('mod_auth_mellon') } - it { is_expected.to contain_file('auth_mellon.conf').with_path('/etc/httpd/conf.d/auth_mellon.conf') } - it { is_expected.to contain_file('auth_mellon.conf').with_content("MellonCacheSize 100\nMellonLockFile \"/run/mod_auth_mellon/lock\"\n") } - end - describe 'with parameters' do - let :params do - { mellon_cache_size: '200', - mellon_cache_entry_size: '2010', - mellon_lock_file: '/tmp/junk', - mellon_post_directory: '/tmp/post', - mellon_post_ttl: '5', - mellon_post_size: '8', - mellon_post_count: '10' } - end - - it { is_expected.to contain_file('auth_mellon.conf').with_content(%r{^MellonCacheSize\s+200$}) } - it { is_expected.to contain_file('auth_mellon.conf').with_content(%r{^MellonCacheEntrySize\s+2010$}) } - it { is_expected.to contain_file('auth_mellon.conf').with_content(%r{^MellonLockFile\s+"\/tmp\/junk"$}) } - it { is_expected.to contain_file('auth_mellon.conf').with_content(%r{^MellonPostDirectory\s+"\/tmp\/post"$}) } - it { is_expected.to contain_file('auth_mellon.conf').with_content(%r{^MellonPostTTL\s+5$}) } - it { is_expected.to contain_file('auth_mellon.conf').with_content(%r{^MellonPostSize\s+8$}) } - it { is_expected.to contain_file('auth_mellon.conf').with_content(%r{^MellonPostCount\s+10$}) } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/authn_dbd_spec.rb b/puppet/modules/apache/spec/classes/mod/authn_dbd_spec.rb deleted file mode 100644 index a40fc50..0000000 --- a/puppet/modules/apache/spec/classes/mod/authn_dbd_spec.rb +++ /dev/null @@ -1,62 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::authn_dbd', type: :class do - context 'default params' do - let :params do - { - authn_dbd_params: 'host=db_host port=3306 user=apache password=###### dbname=apache_auth', - } - end - - it_behaves_like 'a mod class, without including apache' - end - - context 'default configuration with parameters' do - let :params do - { - authn_dbd_params: 'host=db_host port=3306 user=apache password=###### dbname=apache_auth', - authn_dbd_alias: 'db_authn', - authn_dbd_query: 'SELECT password FROM authn WHERE username = %s', - } - end - - context 'on a Debian OS', :compile do - let :facts do - { - id: 'root', - kernel: 'Linux', - lsbdistcodename: 'jessie', - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '8', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('authn_dbd') } - it { is_expected.to contain_apache__mod('dbd') } - it { is_expected.to contain_file('authn_dbd.conf').with_path('/etc/apache2/mods-available/authn_dbd.conf') } - end - - context 'on a RedHat OS', :compile do - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '6', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('authn_dbd') } - it { is_expected.to contain_apache__mod('dbd') } - it { is_expected.to contain_file('authn_dbd.conf').with_path('/etc/httpd/conf.d/authn_dbd.conf') } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/authnz_ldap_spec.rb b/puppet/modules/apache/spec/classes/mod/authnz_ldap_spec.rb deleted file mode 100644 index 7d449b9..0000000 --- a/puppet/modules/apache/spec/classes/mod/authnz_ldap_spec.rb +++ /dev/null @@ -1,78 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::authnz_ldap', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'default configuration with parameters on a Debian OS' do - let :facts do - { - lsbdistcodename: 'jessie', - osfamily: 'Debian', - operatingsystemrelease: '8', - id: 'root', - kernel: 'Linux', - operatingsystem: 'Debian', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_class('apache::mod::ldap') } - it { is_expected.to contain_apache__mod('authnz_ldap') } - - context 'default verify_server_cert' do - it { is_expected.to contain_file('authnz_ldap.conf').with_content(%r{^LDAPVerifyServerCert On$}) } - end - - context 'verify_server_cert = false' do - let(:params) { { verify_server_cert: false } } - - it { is_expected.to contain_file('authnz_ldap.conf').with_content(%r{^LDAPVerifyServerCert Off$}) } - end - - context 'verify_server_cert = wrong' do - let(:params) { { verify_server_cert: 'wrong' } } - - it 'raises an error' do - expect { is_expected.to raise_error Puppet::Error } - end - end - end # Debian - - context 'default configuration with parameters on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - id: 'root', - kernel: 'Linux', - operatingsystem: 'RedHat', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_class('apache::mod::ldap') } - it { is_expected.to contain_apache__mod('authnz_ldap') } - - context 'default verify_server_cert' do - it { is_expected.to contain_file('authnz_ldap.conf').with_content(%r{^LDAPVerifyServerCert On$}) } - end - - context 'verify_server_cert = false' do - let(:params) { { verify_server_cert: false } } - - it { is_expected.to contain_file('authnz_ldap.conf').with_content(%r{^LDAPVerifyServerCert Off$}) } - end - - context 'verify_server_cert = wrong' do - let(:params) { { verify_server_cert: 'wrong' } } - - it 'raises an error' do - expect { is_expected.to raise_error Puppet::Error } - end - end - end # Redhat -end diff --git a/puppet/modules/apache/spec/classes/mod/authnz_pam_spec.rb b/puppet/modules/apache/spec/classes/mod/authnz_pam_spec.rb deleted file mode 100644 index 2438c1c..0000000 --- a/puppet/modules/apache/spec/classes/mod/authnz_pam_spec.rb +++ /dev/null @@ -1,44 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::authnz_pam', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'default configuration with parameters' do - context 'on a Debian OS' do - let :facts do - { - lsbdistcodename: 'jessie', - osfamily: 'Debian', - operatingsystemrelease: '8', - id: 'root', - kernel: 'Linux', - operatingsystem: 'Debian', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_package('libapache2-mod-authnz-pam') } - it { is_expected.to contain_apache__mod('authnz_pam') } - end # Debian - - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '8', - id: 'root', - kernel: 'Linux', - operatingsystem: 'RedHat', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_package('mod_authnz_pam') } - it { is_expected.to contain_apache__mod('authnz_pam') } - end # Redhat - end -end diff --git a/puppet/modules/apache/spec/classes/mod/cluster_spec.rb b/puppet/modules/apache/spec/classes/mod/cluster_spec.rb deleted file mode 100644 index 2862b72..0000000 --- a/puppet/modules/apache/spec/classes/mod/cluster_spec.rb +++ /dev/null @@ -1,102 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::cluster', type: :class do - context 'on a RedHat OS Release 7 with mod version = 1.3.0' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '7', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - let(:params) do - { - allowed_network: '172.17.0', - balancer_name: 'mycluster', - ip: '172.17.0.1', - version: '1.3.0', - } - end - - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_apache__mod('proxy') } - it { is_expected.to contain_apache__mod('proxy_ajp') } - it { is_expected.to contain_apache__mod('manager') } - it { is_expected.to contain_apache__mod('proxy_cluster') } - it { is_expected.to contain_apache__mod('advertise') } - it { is_expected.to contain_apache__mod('cluster_slotmem') } - - it { is_expected.to contain_file('cluster.conf') } - end - - context 'on a RedHat OS Release 7 with mod version > 1.3.0' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '7', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - let(:params) do - { - allowed_network: '172.17.0', - balancer_name: 'mycluster', - ip: '172.17.0.1', - version: '1.3.1', - } - end - - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_apache__mod('proxy') } - it { is_expected.to contain_apache__mod('proxy_ajp') } - it { is_expected.to contain_apache__mod('manager') } - it { is_expected.to contain_apache__mod('proxy_cluster') } - it { is_expected.to contain_apache__mod('advertise') } - it { is_expected.to contain_apache__mod('cluster_slotmem') } - - it { is_expected.to contain_file('cluster.conf') } - end - - context 'on a RedHat OS Release 6 with mod version < 1.3.0' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - let(:params) do - { - allowed_network: '172.17.0', - balancer_name: 'mycluster', - ip: '172.17.0.1', - version: '1.2.0', - } - end - - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_apache__mod('proxy') } - it { is_expected.to contain_apache__mod('proxy_ajp') } - it { is_expected.to contain_apache__mod('manager') } - it { is_expected.to contain_apache__mod('proxy_cluster') } - it { is_expected.to contain_apache__mod('advertise') } - it { is_expected.to contain_apache__mod('slotmem') } - - it { is_expected.to contain_file('cluster.conf') } - end -end diff --git a/puppet/modules/apache/spec/classes/mod/data_spec.rb b/puppet/modules/apache/spec/classes/mod/data_spec.rb deleted file mode 100644 index 7efb3c2..0000000 --- a/puppet/modules/apache/spec/classes/mod/data_spec.rb +++ /dev/null @@ -1,32 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::data', type: :class do - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - } - end - let :params do - { apache_version: '2.4' } - end - - it { is_expected.to contain_apache__mod('data') } - - describe 'with Apache version < 2.3' do - let :params do - { apache_version: '2.2' } - end - - it 'fails' do - expect { catalogue }.to raise_error(Puppet::Error, %r{mod_data is only available in Apache 2.3 and later}) - end - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/dav_svn_spec.rb b/puppet/modules/apache/spec/classes/mod/dav_svn_spec.rb deleted file mode 100644 index 21d8406..0000000 --- a/puppet/modules/apache/spec/classes/mod/dav_svn_spec.rb +++ /dev/null @@ -1,138 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::dav_svn', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'default configuration with parameters' do - context 'on a Debian OS' do - let :facts do - { - lsbdistcodename: 'jessie', - osfamily: 'Debian', - operatingsystemrelease: '8', - operatingsystemmajrelease: '8', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('dav_svn') } - it { is_expected.to contain_package('libapache2-svn') } - it { is_expected.to contain_file('dav_svn.load').with_content(%r{LoadModule dav_svn_module}) } - describe 'with parameters' do - let :params do - { - 'authz_svn_enabled' => true, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('dav_svn') } - it { is_expected.to contain_package('libapache2-svn') } - it { is_expected.to contain_apache__mod('authz_svn') } - it { is_expected.to contain_file('authz_svn.load').with_content(%r{LoadModule authz_svn_module}) } - end - end - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystemmajrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('dav_svn') } - it { is_expected.to contain_package('mod_dav_svn') } - it { is_expected.to contain_file('dav_svn.load').with_content(%r{LoadModule dav_svn_module}) } - describe 'with parameters' do - let :params do - { - 'authz_svn_enabled' => true, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('dav_svn') } - it { is_expected.to contain_package('mod_dav_svn') } - it { is_expected.to contain_apache__mod('authz_svn') } - it { is_expected.to contain_file('dav_svn_authz_svn.load').with_content(%r{LoadModule authz_svn_module}) } - end - end - context 'on a FreeBSD OS' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '9', - operatingsystemmajrelease: '9', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('dav_svn') } - it { is_expected.to contain_package('devel/subversion') } - it { is_expected.to contain_file('dav_svn.load').with_content(%r{LoadModule dav_svn_module}) } - - describe 'with parameters' do - let :params do - { - 'authz_svn_enabled' => true, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('dav_svn') } - it { is_expected.to contain_package('devel/subversion') } - it { is_expected.to contain_apache__mod('authz_svn') } - it { is_expected.to contain_file('dav_svn_authz_svn.load').with_content(%r{LoadModule authz_svn_module}) } - end - end - context 'on a Gentoo OS', :compile do - let :facts do - { - id: 'root', - operatingsystemrelease: '3.16.1-gentoo', - kernel: 'Linux', - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('dav_svn') } - it { is_expected.to contain_package('dev-vcs/subversion') } - it { is_expected.to contain_file('dav_svn.load').with_content(%r{LoadModule dav_svn_module}) } - - describe 'with parameters' do - let :params do - { - 'authz_svn_enabled' => true, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('dav_svn') } - it { is_expected.to contain_package('dev-vcs/subversion') } - it { is_expected.to contain_apache__mod('authz_svn') } - it { is_expected.to contain_file('dav_svn_authz_svn.load').with_content(%r{LoadModule authz_svn_module}) } - end - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/deflate_spec.rb b/puppet/modules/apache/spec/classes/mod/deflate_spec.rb deleted file mode 100644 index b32f622..0000000 --- a/puppet/modules/apache/spec/classes/mod/deflate_spec.rb +++ /dev/null @@ -1,127 +0,0 @@ -require 'spec_helper' - -# This function is called inside the OS specific contexts -def general_deflate_specs - it { is_expected.to contain_apache__mod('deflate') } - - expected = "AddOutputFilterByType DEFLATE application/rss+xml\n"\ - "AddOutputFilterByType DEFLATE application/x-javascript\n"\ - "AddOutputFilterByType DEFLATE text/css\n"\ - "AddOutputFilterByType DEFLATE text/html\n"\ - "\n"\ - "DeflateFilterNote Input instream\n"\ - "DeflateFilterNote Output outstream\n"\ - "DeflateFilterNote Ratio ratio\n" - - it do - is_expected.to contain_file('deflate.conf').with_content(expected) - end -end - -describe 'apache::mod::deflate', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'default configuration with parameters' do - let :pre_condition do - 'class { "apache::mod::deflate": - types => [ "text/html", "text/css" , "application/x-javascript", "application/rss+xml"], - notes => { - "Input" => "instream", - "Ratio" => "ratio", - "Output" => "outstream", - } - } - ' - end - - context 'On a Debian OS with default params' do - let :facts do - { - id: 'root', - lsbdistcodename: 'jessie', - kernel: 'Linux', - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '8', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - # Load the more generic tests for this context - general_deflate_specs - - it { - is_expected.to contain_file('deflate.conf').with(ensure: 'file', - path: '/etc/apache2/mods-available/deflate.conf') - } - it { - is_expected.to contain_file('deflate.conf symlink').with(ensure: 'link', - path: '/etc/apache2/mods-enabled/deflate.conf') - } - end - - context 'on a RedHat OS with default params' do - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '6', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - # Load the more generic tests for this context - general_deflate_specs - - it { is_expected.to contain_file('deflate.conf').with_path('/etc/httpd/conf.d/deflate.conf') } - end - - context 'On a FreeBSD OS with default params' do - let :facts do - { - id: 'root', - kernel: 'FreeBSD', - osfamily: 'FreeBSD', - operatingsystem: 'FreeBSD', - operatingsystemrelease: '9', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - # Load the more generic tests for this context - general_deflate_specs - - it { - is_expected.to contain_file('deflate.conf').with(ensure: 'file', - path: '/usr/local/etc/apache24/Modules/deflate.conf') - } - end - - context 'On a Gentoo OS with default params' do - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - operatingsystemrelease: '3.16.1-gentoo', - is_pe: false, - } - end - - # Load the more generic tests for this context - general_deflate_specs - - it { - is_expected.to contain_file('deflate.conf').with(ensure: 'file', - path: '/etc/apache2/modules.d/deflate.conf') - } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/dev_spec.rb b/puppet/modules/apache/spec/classes/mod/dev_spec.rb deleted file mode 100644 index 9304634..0000000 --- a/puppet/modules/apache/spec/classes/mod/dev_spec.rb +++ /dev/null @@ -1,34 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::dev', type: :class do - let(:pre_condition) do - [ - 'include apache', - ] - end - - it_behaves_like 'a mod class, without including apache' - - [ - ['RedHat', '6', 'Santiago', 'Linux'], - ['Debian', '8', 'jessie', 'Linux'], - ['FreeBSD', '9', 'FreeBSD', 'FreeBSD'], - ].each do |osfamily, operatingsystemrelease, lsbdistcodename, kernel| - context "on a #{osfamily} OS" do - let :facts do - { - lsbdistcodename: lsbdistcodename, - osfamily: osfamily, - operatingsystem: osfamily, - operatingsystemrelease: operatingsystemrelease, - is_pe: false, - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin', - kernel: kernel, - } - end - - it { is_expected.to contain_class('apache::dev') } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/dir_spec.rb b/puppet/modules/apache/spec/classes/mod/dir_spec.rb deleted file mode 100644 index f077446..0000000 --- a/puppet/modules/apache/spec/classes/mod/dir_spec.rb +++ /dev/null @@ -1,139 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::dir', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'default configuration with parameters on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - lsbdistcodename: 'jessie', - is_pe: false, - } - end - - context 'passing no parameters' do - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('dir') } - it { is_expected.to contain_file('dir.conf').with_content(%r{^DirectoryIndex }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.html }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.html\.var }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.cgi }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.pl }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.php }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.xhtml$}) } - end - context "passing indexes => ['example.txt','fearsome.aspx']" do - let :params do - { indexes: ['example.txt', 'fearsome.aspx'] } - end - - it { is_expected.to contain_file('dir.conf').with_content(%r{ example\.txt }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ fearsome\.aspx$}) } - end - end - context 'default configuration with parameters on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'Redhat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - context 'passing no parameters' do - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('dir') } - it { is_expected.to contain_file('dir.conf').with_content(%r{^DirectoryIndex }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.html }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.html\.var }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.cgi }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.pl }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.php }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.xhtml$}) } - end - context "passing indexes => ['example.txt','fearsome.aspx']" do - let :params do - { indexes: ['example.txt', 'fearsome.aspx'] } - end - - it { is_expected.to contain_file('dir.conf').with_content(%r{ example\.txt }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ fearsome\.aspx$}) } - end - end - context 'default configuration with parameters on a FreeBSD OS' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '9', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - context 'passing no parameters' do - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('dir') } - it { is_expected.to contain_file('dir.conf').with_content(%r{^DirectoryIndex }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.html }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.html\.var }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.cgi }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.pl }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.php }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.xhtml$}) } - end - context "passing indexes => ['example.txt','fearsome.aspx']" do - let :params do - { indexes: ['example.txt', 'fearsome.aspx'] } - end - - it { is_expected.to contain_file('dir.conf').with_content(%r{ example\.txt }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ fearsome\.aspx$}) } - end - end - context 'default configuration with parameters on a Gentoo OS' do - let :facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - context 'passing no parameters' do - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('dir') } - it { is_expected.to contain_file('dir.conf').with_content(%r{^DirectoryIndex }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.html }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.html\.var }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.cgi }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.pl }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.php }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ index\.xhtml$}) } - end - context "passing indexes => ['example.txt','fearsome.aspx']" do - let :params do - { indexes: ['example.txt', 'fearsome.aspx'] } - end - - it { is_expected.to contain_file('dir.conf').with_content(%r{ example\.txt }) } - it { is_expected.to contain_file('dir.conf').with_content(%r{ fearsome\.aspx$}) } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/disk_cache_spec.rb b/puppet/modules/apache/spec/classes/mod/disk_cache_spec.rb deleted file mode 100644 index 93a6b77..0000000 --- a/puppet/modules/apache/spec/classes/mod/disk_cache_spec.rb +++ /dev/null @@ -1,167 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::disk_cache', type: :class do - context 'on a Debian OS' do - let :facts do - { - id: 'root', - kernel: 'Linux', - lsbdistcodename: 'jessie', - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '8', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - let(:params) do - { - cache_ignore_headers: 'Set-Cookie', - } - end - - context 'with Apache version < 2.4' do - let :pre_condition do - 'class{ "apache": - apache_version => "2.2", - default_mods => ["cache"], - mod_dir => "/tmp/junk", - }' - end - - it { is_expected.to compile } - it { is_expected.to contain_class('apache::mod::disk_cache') } - it { is_expected.to contain_apache__mod('disk_cache') } - it { - is_expected.to contain_file('disk_cache.conf') - .with(content: %r{CacheEnable disk \/\nCacheRoot \"\/var\/cache\/apache2\/mod_disk_cache\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders Set-Cookie}) - } - end - context 'with Apache version >= 2.4' do - let :pre_condition do - 'class{ "apache": - apache_version => "2.4", - default_mods => ["cache"], - mod_dir => "/tmp/junk", - }' - end - - it { is_expected.to compile } - it { is_expected.to contain_class('apache::mod::disk_cache') } - it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } - it { is_expected.to contain_apache__mod('cache_disk') } - it { - is_expected.to contain_file('disk_cache.conf') - .with(content: %r{CacheEnable disk \/\nCacheRoot \"\/var\/cache\/apache2\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders Set-Cookie}) - } - end - end - - context 'on a RedHat 6-based OS' do - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '6', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - let(:params) do - { - cache_ignore_headers: 'Set-Cookie', - } - end - - context 'with Apache version < 2.4' do - let :pre_condition do - 'class{ "apache": - apache_version => "2.2", - default_mods => ["cache"], - mod_dir => "/tmp/junk", - }' - end - - it { is_expected.to contain_apache__mod('disk_cache') } - it { - is_expected.to contain_file('disk_cache.conf') - .with(content: %r{CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_proxy\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders Set-Cookie}) - } - end - context 'with Apache version >= 2.4' do - let :pre_condition do - 'class{ "apache": - apache_version => "2.4", - default_mods => ["cache"], - mod_dir => "/tmp/junk", - }' - end - - it { is_expected.to contain_apache__mod('cache_disk') } - it { - is_expected.to contain_file('disk_cache.conf') - .with(content: %r{CacheEnable disk \/\nCacheRoot \"\/var\/cache\/httpd\/proxy\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders Set-Cookie}) - } - end - end - context 'on a FreeBSD OS' do - let :facts do - { - id: 'root', - kernel: 'FreeBSD', - osfamily: 'FreeBSD', - operatingsystem: 'FreeBSD', - operatingsystemrelease: '10', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - let(:params) do - { - cache_ignore_headers: 'Set-Cookie', - } - end - - context 'with Apache version < 2.4' do - let :pre_condition do - 'class{ "apache": - apache_version => "2.2", - default_mods => ["cache"], - mod_dir => "/tmp/junk", - }' - end - - it { is_expected.to compile } - it { is_expected.to contain_class('apache::mod::disk_cache') } - it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } - it { is_expected.to contain_apache__mod('disk_cache') } - it { - is_expected.to contain_file('disk_cache.conf') - .with(content: %r{CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_disk_cache\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders Set-Cookie}) - } - end - context 'with Apache version >= 2.4' do - let :pre_condition do - 'class{ "apache": - apache_version => "2.4", - default_mods => ["cache"], - mod_dir => "/tmp/junk", - }' - end - - it { is_expected.to compile } - it { is_expected.to contain_class('apache::mod::disk_cache') } - it { is_expected.to contain_class('apache::mod::cache').that_comes_before('Class[Apache::Mod::Disk_cache]') } - it { is_expected.to contain_apache__mod('cache_disk') } - it { - is_expected.to contain_file('disk_cache.conf') - .with(content: %r{CacheEnable disk \/\nCacheRoot \"\/var\/cache\/mod_cache_disk\"\nCacheDirLevels 2\nCacheDirLength 1\nCacheIgnoreHeaders Set-Cookie}) - } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/dumpio_spec.rb b/puppet/modules/apache/spec/classes/mod/dumpio_spec.rb deleted file mode 100644 index 6b84192..0000000 --- a/puppet/modules/apache/spec/classes/mod/dumpio_spec.rb +++ /dev/null @@ -1,53 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::dumpio', type: :class do - context 'on a Debian OS' do - let :pre_condition do - 'class{"apache": - default_mods => false, - mod_dir => "/tmp/junk", - }' - end - let :facts do - { - lsbdistcodename: 'jessie', - osfamily: 'Debian', - operatingsystemrelease: '8', - operatingsystemmajrelease: '8', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - context 'default configuration fore parameters' do - it { is_expected.to compile } - it { is_expected.to contain_class('apache::mod::dumpio') } - it { is_expected.to contain_file('dumpio.conf').with_path('/tmp/junk/dumpio.conf') } - it { is_expected.to contain_file('dumpio.conf').with_content(%r{^\s*DumpIOInput\s+"Off"$}) } - it { is_expected.to contain_file('dumpio.conf').with_content(%r{^\s*DumpIOOutput\s+"Off"$}) } - end - context 'with dumpio_input set to On' do - let :params do - { - dump_io_input: 'On', - } - end - - it { is_expected.to contain_file('dumpio.conf').with_content(%r{^\s*DumpIOInput\s+"On"$}) } - it { is_expected.to contain_file('dumpio.conf').with_content(%r{^\s*DumpIOOutput\s+"Off"$}) } - end - context 'with dumpio_ouput set to On' do - let :params do - { - dump_io_output: 'On', - } - end - - it { is_expected.to contain_file('dumpio.conf').with_content(%r{^\s*DumpIOInput\s+"Off"$}) } - it { is_expected.to contain_file('dumpio.conf').with_content(%r{^\s*DumpIOOutput\s+"On"$}) } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/event_spec.rb b/puppet/modules/apache/spec/classes/mod/event_spec.rb deleted file mode 100644 index 368e956..0000000 --- a/puppet/modules/apache/spec/classes/mod/event_spec.rb +++ /dev/null @@ -1,210 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::event', type: :class do - let :pre_condition do - 'class { "apache": mpm_module => false, }' - end - - context 'on a FreeBSD OS' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '9', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.not_to contain_apache__mod('event') } - it { is_expected.to contain_file('/usr/local/etc/apache24/Modules/event.conf').with_ensure('file') } - end - context 'on a Gentoo OS' do - let :facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.not_to contain_apache__mod('event') } - it { is_expected.to contain_file('/etc/apache2/modules.d/event.conf').with_ensure('file') } - end - context 'on a Debian OS' do - let :facts do - { - lsbdistcodename: 'jessie', - osfamily: 'Debian', - operatingsystemrelease: '8', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.not_to contain_apache__mod('event') } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file') } - it { is_expected.to contain_file('/etc/apache2/mods-enabled/event.conf').with_ensure('link') } - - context 'Test mpm_event new params' do - let :params do - { - serverlimit: '0', - startservers: '1', - maxclients: '2', - minsparethreads: '3', - maxsparethreads: '4', - threadsperchild: '5', - maxrequestsperchild: '6', - threadlimit: '7', - listenbacklog: '8', - maxrequestworkers: '9', - maxconnectionsperchild: '10', - } - end - - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').with_content(%r{^\s*ServerLimit\s*0}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').with_content(%r{^\s*StartServers\s*1}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').without_content(%r{^\s*MaxClients}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').with_content(%r{^\s*MinSpareThreads\s*3}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').with_content(%r{^\s*MaxSpareThreads\s*4}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').with_content(%r{^\s*ThreadsPerChild\s*5}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').without_content(%r{^\s*MaxRequestsPerChild}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').with_content(%r{^\s*ThreadLimit\s*7}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').with_content(%r{^\s*ListenBacklog\s*8}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').with_content(%r{^\s*MaxRequestWorkers\s*9}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').with_content(%r{^\s*MaxConnectionsPerChild\s*10}) } - end - - context 'Test mpm_event old style params' do - let :params do - { - serverlimit: '0', - startservers: '1', - maxclients: '2', - minsparethreads: '3', - maxsparethreads: '4', - threadsperchild: '5', - maxrequestsperchild: '6', - threadlimit: '7', - listenbacklog: '8', - maxrequestworkers: :undef, - maxconnectionsperchild: :undef, - } - end - - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').with_content(%r{^\s*ServerLimit\s*0}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').with_content(%r{^\s*StartServers\s*1}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').with_content(%r{^\s*MaxClients\s*2}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').with_content(%r{^\s*MinSpareThreads\s*3}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').with_content(%r{^\s*MaxSpareThreads\s*4}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').with_content(%r{^\s*ThreadsPerChild\s*5}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').with_content(%r{^\s*MaxRequestsPerChild\s*6}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').with_content(%r{^\s*ThreadLimit\s*7}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').with_content(%r{^\s*ListenBacklog\s*8}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').without_content(%r{^\s*MaxRequestWorkers}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').without_content(%r{^\s*MaxConnectionsPerChild}) } - end - - context 'Test mpm_event false params' do - let :params do - { - serverlimit: false, - startservers: false, - maxclients: false, - minsparethreads: false, - maxsparethreads: false, - threadsperchild: false, - maxrequestsperchild: false, - threadlimit: false, - listenbacklog: false, - maxrequestworkers: false, - maxconnectionsperchild: false, - } - end - - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').without_content(%r{^\s*ServerLimit}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').without_content(%r{^\s*StartServers}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').without_content(%r{^\s*MaxClients}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').without_content(%r{^\s*MinSpareThreads}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').without_content(%r{^\s*MaxSpareThreads}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').without_content(%r{^\s*ThreadsPerChild}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').without_content(%r{^\s*MaxRequestsPerChild}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').without_content(%r{^\s*ThreadLimit}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').without_content(%r{^\s*ListenBacklog}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').without_content(%r{^\s*MaxRequestWorkers}) } - it { is_expected.to contain_file('/etc/apache2/mods-available/event.conf').with_ensure('file').without_content(%r{^\s*MaxConnectionsPerChild}) } - end - - context 'with Apache version < 2.4' do - let :params do - { - apache_version: '2.2', - } - end - - it { is_expected.not_to contain_file('/etc/apache2/mods-available/event.load') } - it { is_expected.not_to contain_file('/etc/apache2/mods-enabled/event.load') } - - it { is_expected.to contain_package('apache2-mpm-event') } - end - - context 'with Apache version >= 2.4' do - let :params do - { - apache_version: '2.4', - } - end - - it { - is_expected.to contain_file('/etc/apache2/mods-available/event.load').with('ensure' => 'file', - 'content' => "LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so\n") - } - it { is_expected.to contain_file('/etc/apache2/mods-enabled/event.load').with_ensure('link') } - end - end - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - context 'with Apache version >= 2.4' do - let :params do - { - apache_version: '2.4', - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.not_to contain_apache__mod('worker') } - it { is_expected.not_to contain_apache__mod('prefork') } - - it { is_expected.to contain_file('/etc/httpd/conf.d/event.conf').with_ensure('file') } - - it { - is_expected.to contain_file('/etc/httpd/conf.d/event.load').with('ensure' => 'file', - 'content' => "LoadModule mpm_event_module modules/mod_mpm_event.so\n") - } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/expires_spec.rb b/puppet/modules/apache/spec/classes/mod/expires_spec.rb deleted file mode 100644 index d79158c..0000000 --- a/puppet/modules/apache/spec/classes/mod/expires_spec.rb +++ /dev/null @@ -1,85 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::expires', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'with expires active', :compile do - let :facts do - { - id: 'root', - kernel: 'Linux', - lsbdistcodename: 'jessie', - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '8', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_apache__mod('expires') } - it { is_expected.to contain_file('expires.conf').with(content: %r{ExpiresActive On\n}) } - end - context 'with expires default', :compile do - let :pre_condition do - 'class { apache: default_mods => false }' - end - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '7', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let :params do - { - 'expires_default' => 'access plus 1 month', - } - end - - it { is_expected.to contain_apache__mod('expires') } - it { - is_expected.to contain_file('expires.conf').with_content( - "ExpiresActive On\n" \ - "ExpiresDefault \"access plus 1 month\"\n", - ) - } - end - context 'with expires by type', :compile do - let :pre_condition do - 'class { apache: default_mods => false }' - end - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '7', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let :params do - { - 'expires_by_type' => [ - { 'text/json' => 'mod plus 1 day' }, - { 'text/html' => 'access plus 1 year' }, - ], - } - end - - it { is_expected.to contain_apache__mod('expires') } - it { - is_expected.to contain_file('expires.conf').with_content( - "ExpiresActive On\n" \ - "ExpiresByType text/json \"mod plus 1 day\"\n" \ - "ExpiresByType text/html \"access plus 1 year\"\n", - ) - } - end -end diff --git a/puppet/modules/apache/spec/classes/mod/ext_filter_spec.rb b/puppet/modules/apache/spec/classes/mod/ext_filter_spec.rb deleted file mode 100644 index 78bc0a9..0000000 --- a/puppet/modules/apache/spec/classes/mod/ext_filter_spec.rb +++ /dev/null @@ -1,63 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::ext_filter', type: :class do - it_behaves_like 'a mod class, without including apache' - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - fqdn: 'test.example.com', - is_pe: false, - } - end - - describe 'with no parameters' do - it { is_expected.to contain_apache__mod('ext_filter') } - it { is_expected.not_to contain_file('ext_filter.conf') } - end - describe 'with parameters' do - let :params do - { ext_filter_define: { 'filtA' => 'input=A output=B', - 'filtB' => 'input=C cmd="C"' } } - end - - it { is_expected.to contain_file('ext_filter.conf').with_content(%r{^ExtFilterDefine\s+filtA\s+input=A output=B$}) } - it { is_expected.to contain_file('ext_filter.conf').with_content(%r{^ExtFilterDefine\s+filtB\s+input=C cmd="C"$}) } - end - end - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - fqdn: 'test.example.com', - is_pe: false, - } - end - - describe 'with no parameters' do - it { is_expected.to contain_apache__mod('ext_filter') } - it { is_expected.not_to contain_file('ext_filter.conf') } - end - describe 'with parameters' do - let :params do - { ext_filter_define: { 'filtA' => 'input=A output=B', - 'filtB' => 'input=C cmd="C"' } } - end - - it { is_expected.to contain_file('ext_filter.conf').with_path('/etc/httpd/conf.d/ext_filter.conf') } - it { is_expected.to contain_file('ext_filter.conf').with_content(%r{^ExtFilterDefine\s+filtA\s+input=A output=B$}) } - it { is_expected.to contain_file('ext_filter.conf').with_content(%r{^ExtFilterDefine\s+filtB\s+input=C cmd="C"$}) } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/fastcgi_spec.rb b/puppet/modules/apache/spec/classes/mod/fastcgi_spec.rb deleted file mode 100644 index 1e054a9..0000000 --- a/puppet/modules/apache/spec/classes/mod/fastcgi_spec.rb +++ /dev/null @@ -1,40 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::fastcgi', type: :class do - on_supported_os.each do |os, facts| - context "on #{os} " do - let :facts do - facts - end - - context 'with all defaults' do - case facts[:os]['name'] - when 'Debian' - it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('fastcgi') } - it { is_expected.to contain_package('libapache2-mod-fastcgi') } - it { is_expected.to contain_file('fastcgi.conf') } - when 'RedHat', 'CentOS', 'OracleLinux', 'Scientific' - if facts[:os]['release']['major'].to_i < 7 - it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('fastcgi') } - it { is_expected.to contain_package('mod_fastcgi') } - it { is_expected.not_to contain_file('fastcgi.conf') } - else - it { is_expected.not_to compile } - end - when 'Ubuntu' - if facts[:os]['release']['major'].to_i < 18 - it { is_expected.to compile.with_all_deps } - else - it { is_expected.not_to compile } - end - else - it { is_expected.to compile.with_all_deps } - end - end - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/fcgid_spec.rb b/puppet/modules/apache/spec/classes/mod/fcgid_spec.rb deleted file mode 100644 index da091a4..0000000 --- a/puppet/modules/apache/spec/classes/mod/fcgid_spec.rb +++ /dev/null @@ -1,140 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::fcgid', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - operatingsystemmajrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { - is_expected.to contain_apache__mod('fcgid').with('loadfile_name' => nil) - } - it { is_expected.to contain_package('libapache2-mod-fcgid') } - end - - context 'on a RHEL6' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystemmajrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - describe 'without parameters' do - it { is_expected.to contain_class('apache::params') } - it { - is_expected.to contain_apache__mod('fcgid').with('loadfile_name' => nil) - } - it { is_expected.to contain_package('mod_fcgid') } - end - - describe 'with parameters' do - let :params do - { - options: { - 'FcgidIPCDir' => '/var/run/fcgidsock', - 'SharememPath' => '/var/run/fcgid_shm', - 'FcgidMinProcessesPerClass' => '0', - 'AddHandler' => 'fcgid-script .fcgi', - }, - } - end - - expected = [ - '', - ' AddHandler fcgid-script .fcgi', - ' FcgidIPCDir /var/run/fcgidsock', - ' FcgidMinProcessesPerClass 0', - ' SharememPath /var/run/fcgid_shm', - '', - ] - it 'contains the correct config' do - content = catalogue.resource('file', 'fcgid.conf').send(:parameters)[:content] - expect(content.split("\n").reject { |c| c =~ %r{(^#|^$)} }).to eq(expected) - end - end - end - - context 'on RHEL7' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '7', - operatingsystemmajrelease: '7', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - describe 'without parameters' do - it { is_expected.to contain_class('apache::params') } - it { - is_expected.to contain_apache__mod('fcgid').with('loadfile_name' => 'unixd_fcgid.load') - } - it { is_expected.to contain_package('mod_fcgid') } - end - end - - context 'on a FreeBSD OS' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '10', - operatingsystemmajrelease: '10', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { - is_expected.to contain_apache__mod('fcgid').with('loadfile_name' => 'unixd_fcgid.load') - } - it { is_expected.to contain_package('www/mod_fcgid') } - end - - context 'on a Gentoo OS' do - let :facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { - is_expected.to contain_apache__mod('fcgid').with('loadfile_name' => nil) - } - it { is_expected.to contain_package('www-apache/mod_fcgid') } - end -end diff --git a/puppet/modules/apache/spec/classes/mod/http2_spec.rb b/puppet/modules/apache/spec/classes/mod/http2_spec.rb deleted file mode 100644 index d1a9c4b..0000000 --- a/puppet/modules/apache/spec/classes/mod/http2_spec.rb +++ /dev/null @@ -1,98 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::http2', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'default configuration with parameters on a Debian OS' do - let :facts do - { - lsbdistcodename: 'jessie', - osfamily: 'Debian', - operatingsystemrelease: '8', - id: 'root', - kernel: 'Linux', - operatingsystem: 'Debian', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::mod::http2') } - context 'with default values' do - let(:expected_content) do - <\n" - it { is_expected.to contain_file('info.conf').with_content(expected) } - end - context 'passing restrict_access => false' do - let :params do - { - restrict_access: false, - } - end - - it { - is_expected.to contain_file('info.conf').with_content( - "\n"\ - " SetHandler server-info\n"\ - "\n", - ) - } - end - context "passing allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']" do - let :params do - { allow_from: ['10.10.1.2', '192.168.1.2', '127.0.0.1'] } - end - - expected = "\n"\ - " SetHandler server-info\n"\ - " Order deny,allow\n"\ - " Deny from all\n"\ - " Allow from 10.10.1.2\n"\ - " Allow from 192.168.1.2\n"\ - " Allow from 127.0.0.1\n"\ - "\n" - it { is_expected.to contain_file('info.conf').with_content(expected) } - end - context 'passing both restrict_access and allow_from' do - let :params do - { - restrict_access: false, - allow_from: ['10.10.1.2', '192.168.1.2', '127.0.0.1'], - } - end - - it { - is_expected.to contain_file('info.conf').with_content( - "\n"\ - " SetHandler server-info\n"\ - "\n", - ) - } - end -end - -def general_info_specs_24 - it { is_expected.to contain_apache__mod('info') } - - context 'passing no parameters' do - expected = "\n"\ - " SetHandler server-info\n"\ - " Require ip 127.0.0.1 ::1\n"\ - "\n" - it { is_expected.to contain_file('info.conf').with_content(expected) } - end - context 'passing restrict_access => false' do - let :params do - { - restrict_access: false, - } - end - - it { - is_expected.to contain_file('info.conf').with_content( - "\n"\ - " SetHandler server-info\n"\ - "\n", - ) - } - end - context "passing allow_from => ['10.10.1.2', '192.168.1.2', '127.0.0.1']" do - let :params do - { allow_from: ['10.10.1.2', '192.168.1.2', '127.0.0.1'] } - end - - expected = "\n"\ - " SetHandler server-info\n"\ - " Require ip 10.10.1.2 192.168.1.2 127.0.0.1\n"\ - "\n" - it { - is_expected.to contain_file('info.conf').with_content(expected) - } - end - context 'passing both restrict_access and allow_from' do - let :params do - { - restrict_access: false, - allow_from: ['10.10.1.2', '192.168.1.2', '127.0.0.1'], - } - end - - it { - is_expected.to contain_file('info.conf').with_content( - "\n"\ - " SetHandler server-info\n"\ - "\n", - ) - } - end -end - -describe 'apache::mod::info', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'On a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '6', - lsbdistcodename: 'squeeze', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - # Load the more generic tests for this context - general_info_specs_22 - - it { - is_expected.to contain_file('info.conf').with(ensure: 'file', - path: '/etc/apache2/mods-available/info.conf') - } - it { - is_expected.to contain_file('info.conf symlink').with(ensure: 'link', - path: '/etc/apache2/mods-enabled/info.conf') - } - end - - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - # Load the more generic tests for this context - general_info_specs_22 - - it { - is_expected.to contain_file('info.conf').with(ensure: 'file', - path: '/etc/httpd/conf.d/info.conf') - } - end - - context 'on a FreeBSD OS' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '10', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - # Load the more generic tests for this context - general_info_specs_24 - - it { - is_expected.to contain_file('info.conf').with(ensure: 'file', - path: '/usr/local/etc/apache24/Modules/info.conf') - } - end - - context 'on a Gentoo OS' do - let :facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - # Load the more generic tests for this context - general_info_specs_24 - - it { - is_expected.to contain_file('info.conf').with(ensure: 'file', - path: '/etc/apache2/modules.d/info.conf') - } - end -end diff --git a/puppet/modules/apache/spec/classes/mod/intercept_form_submit_spec.rb b/puppet/modules/apache/spec/classes/mod/intercept_form_submit_spec.rb deleted file mode 100644 index 1623814..0000000 --- a/puppet/modules/apache/spec/classes/mod/intercept_form_submit_spec.rb +++ /dev/null @@ -1,44 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::intercept_form_submit', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'default configuration with parameters' do - context 'on a Debian OS' do - let :facts do - { - lsbdistcodename: 'jessie', - osfamily: 'Debian', - operatingsystemrelease: '8', - id: 'root', - kernel: 'Linux', - operatingsystem: 'Debian', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_package('libapache2-mod-intercept-form-submit') } - it { is_expected.to contain_apache__mod('intercept_form_submit') } - end # Debian - - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - id: 'root', - kernel: 'Linux', - operatingsystem: 'RedHat', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_package('mod_intercept_form_submit') } - it { is_expected.to contain_apache__mod('intercept_form_submit') } - end # Redhat - end -end diff --git a/puppet/modules/apache/spec/classes/mod/itk_spec.rb b/puppet/modules/apache/spec/classes/mod/itk_spec.rb deleted file mode 100644 index 1c010d4..0000000 --- a/puppet/modules/apache/spec/classes/mod/itk_spec.rb +++ /dev/null @@ -1,196 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::itk', type: :class do - let :pre_condition do - 'class { "apache": mpm_module => false, }' - end - - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.not_to contain_apache__mod('itk') } - it { is_expected.to contain_file('/etc/apache2/mods-available/itk.conf').with_ensure('file') } - it { is_expected.to contain_file('/etc/apache2/mods-enabled/itk.conf').with_ensure('link') } - - context 'with Apache version < 2.4' do - let :params do - { - apache_version: '2.2', - } - end - - it { is_expected.not_to contain_file('/etc/apache2/mods-available/itk.load') } - it { is_expected.not_to contain_file('/etc/apache2/mods-enabled/itk.load') } - - it { is_expected.to contain_package('apache2-mpm-itk') } - end - context 'with Apache version < 2.4 with enablecapabilities set' do - let :params do - { - apache_version: '2.2', - enablecapabilities: true, - } - end - - it { is_expected.not_to contain_file('/etc/apache2/mods-available/itk.conf').with_content(%r{EnableCapabilities}) } - end - - context 'with Apache version >= 2.4' do - let :pre_condition do - 'class { "apache": mpm_module => prefork, }' - end - - let :params do - { - apache_version: '2.4', - } - end - - it { - is_expected.to contain_file('/etc/apache2/mods-available/itk.load').with('ensure' => 'file', - 'content' => "LoadModule mpm_itk_module /usr/lib/apache2/modules/mod_mpm_itk.so\n") - } - it { is_expected.to contain_file('/etc/apache2/mods-enabled/itk.load').with_ensure('link') } - end - context 'with Apache version >= 2.4 with enablecapabilities not set' do - let :pre_condition do - 'class { "apache": mpm_module => prefork, }' - end - let :params do - { - apache_version: '2.4', - } - end - - it { is_expected.not_to contain_file('/etc/apache2/mods-available/itk.conf').with_content(%r{EnableCapabilities}) } - end - end - - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.not_to contain_apache__mod('itk') } - it { is_expected.to contain_file('/etc/httpd/conf.d/itk.conf').with_ensure('file') } - it { is_expected.to contain_package('httpd-itk') } - - context 'with Apache version < 2.4' do - let :params do - { - apache_version: '2.2', - } - end - - it { - is_expected.to contain_file_line('/etc/sysconfig/httpd itk enable').with('require' => 'Package[httpd]') - } - end - context 'with Apache version < 2.4 with enablecapabilities set' do - let :params do - { - apache_version: '2.2', - enablecapabilities: 'On', - } - end - - it { is_expected.not_to contain_file('/etc/httpd/conf.d/itk.conf').with_content(%r{EnableCapabilities}) } - end - - context 'with Apache version >= 2.4' do - let :pre_condition do - 'class { "apache": mpm_module => prefork, }' - end - - let :params do - { - apache_version: '2.4', - } - end - - it { - is_expected.to contain_file('/etc/httpd/conf.d/itk.load').with('ensure' => 'file', - 'content' => "LoadModule mpm_itk_module modules/mod_mpm_itk.so\n") - } - end - context 'with Apache version >= 2.4 with enablecapabilities set' do - let :pre_condition do - 'class { "apache": mpm_module => prefork, }' - end - - let :params do - { - apache_version: '2.4', - enablecapabilities: false, - } - end - - it { is_expected.to contain_file('/etc/httpd/conf.d/itk.conf').with_content(%r{EnableCapabilities Off}) } - end - end - context 'on a FreeBSD OS' do - let :pre_condition do - 'class { "apache": mpm_module => false, }' - end - - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '10', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - mpm_module: 'itk', - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.not_to contain_apache__mod('itk') } - it { is_expected.to contain_file('/usr/local/etc/apache24/Modules/itk.conf').with_ensure('file') } - it { is_expected.to contain_package('www/mod_mpm_itk') } - - context 'with Apache version < 2.4 with enablecapabilities not set' do - let :params do - { - apache_version: '2.2', - } - end - - it { is_expected.not_to contain_file('/usr/local/etc/apache24/Modules/itk.conf').with_content(%r{EnableCapabilities}) } - end - - context 'with Apache version >= 2.4 with enablecapabilities set' do - let :params do - { - apache_version: '2.4', - enablecapabilities: true, - } - end - - it { is_expected.to contain_file('/usr/local/etc/apache24/Modules/itk.conf').with_content(%r{EnableCapabilities On}) } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/jk_spec.rb b/puppet/modules/apache/spec/classes/mod/jk_spec.rb deleted file mode 100644 index d253c2f..0000000 --- a/puppet/modules/apache/spec/classes/mod/jk_spec.rb +++ /dev/null @@ -1,243 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::jk', type: :class do - it_behaves_like 'a mod class, without including apache' - - shared_examples 'minimal resources' do |mod_dir| - it { is_expected.to compile } - it { is_expected.to compile.with_all_deps } - it { is_expected.to create_class('apache::mod::jk') } - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_apache__mod('jk') } - it { is_expected.to contain_file('jk.conf').that_notifies('Class[apache::service]') } - it { is_expected.to contain_file('jk.conf').with(path: "#{mod_dir}/jk.conf") } - end - - shared_examples 'specific workers_file' do |mod_dir| - # let(:pre_condition) do - # 'include apache' - # end - let(:params) do - { - workers_file: "#{mod_dir}/workers.properties", - workers_file_content: { - 'worker_a' => { - 'type' => 'ajp13', - 'socket_keepalive' => 'true', - 'comment' => 'This is worker A', - }, - 'worker_b' => { - 'type' => 'ajp13', - 'socket_keepalive' => 'true', - 'comment' => 'This is worker B', - }, - 'worker_maintain' => 40, - 'worker_lists' => ['worker_a,worker_b'], - }, - } - end - - it { is_expected.to compile } - it { is_expected.to compile.with_all_deps } - expected_content = "# This file is generated automatically by Puppet - DO NOT EDIT\n"\ - "# Any manual changes will be overwritten\n"\ - "\n"\ - "worker.list = worker_a,worker_b\n"\ - "\n"\ - "worker.maintain = 40\n"\ - "\n"\ - "# This is worker A\n"\ - "worker.worker_a.socket_keepalive=true\n"\ - "worker.worker_a.type=ajp13\n"\ - "\n"\ - "# This is worker B\n"\ - "worker.worker_b.socket_keepalive=true\n"\ - "worker.worker_b.type=ajp13\n" - it { is_expected.to contain_file("#{mod_dir}/workers.properties").with_content(expected_content) } - end - - default_ip = '192.168.1.1' - altern8_ip = '10.1.2.3' - default_port = 80 - altern8_port = 8008 - - context 'RHEL 6 with only required facts and default parameters' do - let(:facts) do - { - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '6', - ipaddress: default_ip, - } - end - let(:pre_condition) do - 'include apache' - end - let(:params) do - { - logroot: '/var/log/httpd', - } - end - let(:mod_dir) { mod_dir } - - mod_dir = '/etc/httpd/conf.d' - - it_behaves_like 'minimal resources', mod_dir - it_behaves_like 'specific workers_file', mod_dir - it { is_expected.to contain_apache__listen("#{default_ip}:#{default_port}") } - it { - verify_contents(catalogue, 'jk.conf', ['', '']) - } - end - - context 'Debian 8 with only required facts and default parameters' do - let(:facts) do - { - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '8', - ipaddress: default_ip, - } - end - let(:pre_condition) do - 'include apache' - end - let(:params) do - { - logroot: '/var/log/apache2', - } - end - let(:mod_dir) { mod_dir } - - mod_dir = '/etc/apache2/mods-available' - - it_behaves_like 'minimal resources', mod_dir - it_behaves_like 'specific workers_file', mod_dir - it { is_expected.to contain_apache__listen("#{default_ip}:#{default_port}") } - it { - verify_contents(catalogue, 'jk.conf', ['', '']) - } - end - - context 'RHEL 6 with required facts and alternative IP' do - let(:facts) do - { - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '6', - ipaddress: default_ip, - } - end - let(:pre_condition) do - 'include apache' - end - let(:params) do - { - ip: altern8_ip, - logroot: '/var/log/httpd', - } - end - - it { is_expected.to contain_apache__listen("#{altern8_ip}:#{default_port}") } - end - - context 'RHEL 6 with required facts and alternative port' do - let(:facts) do - { - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '6', - ipaddress: default_ip, - } - end - let(:pre_condition) do - 'include apache' - end - let(:params) do - { - port: altern8_port, - logroot: '/var/log/httpd', - } - end - - it { is_expected.to contain_apache__listen("#{default_ip}:#{altern8_port}") } - end - - context 'RHEL 6 with required facts and no binding' do - let(:facts) do - { - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '6', - ipaddress: default_ip, - } - end - let(:pre_condition) do - 'include apache' - end - let(:params) do - { - add_listen: false, - logroot: '/var/log/httpd', - } - end - - it { is_expected.not_to contain_apache__listen("#{default_ip}:#{default_port}") } - end - - { - default: { - shm_file: :undef, - log_file: :undef, - shm_path: '/var/log/httpd/jk-runtime-status', - log_path: '/var/log/httpd/mod_jk.log', - }, - relative: { - shm_file: 'shm_file', - log_file: 'log_file', - shm_path: '/var/log/httpd/shm_file', - log_path: '/var/log/httpd/log_file', - }, - absolute: { - shm_file: '/run/shm_file', - log_file: '/tmp/log_file', - shm_path: '/run/shm_file', - log_path: '/tmp/log_file', - }, - pipe: { - shm_file: :undef, - log_file: '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"', - shm_path: '/var/log/httpd/jk-runtime-status', - log_path: '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"', - }, - }.each do |option, paths| - context "RHEL 6 with #{option} shm_file and log_file paths" do - let(:facts) do - { - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '6', - } - end - let(:pre_condition) do - 'include apache' - end - let(:params) do - { - logroot: '/var/log/httpd', - shm_file: paths[:shm_file], - log_file: paths[:log_file], - } - end - - expected = "# This file is generated automatically by Puppet - DO NOT EDIT\n"\ - "# Any manual changes will be overwritten\n"\ - "\n"\ - "\n"\ - " JkShmFile #{paths[:shm_path]}\n"\ - " JkLogFile #{paths[:log_path]}\n"\ - "\n" - it { is_expected.to contain_file('jk.conf').with_content(expected) } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/ldap_spec.rb b/puppet/modules/apache/spec/classes/mod/ldap_spec.rb deleted file mode 100644 index 46f6de7..0000000 --- a/puppet/modules/apache/spec/classes/mod/ldap_spec.rb +++ /dev/null @@ -1,96 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::ldap', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'on a Debian OS' do - let :facts do - { - lsbdistcodename: 'jessie', - osfamily: 'Debian', - operatingsystemrelease: '8', - id: 'root', - kernel: 'Linux', - operatingsystem: 'Debian', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_class('apache::mod::ldap') } - it { is_expected.to contain_apache__mod('ldap') } - - context 'default ldap_trusted_global_cert_file' do - it { is_expected.to contain_file('apache-mod-ldap.conf').without_content(%r{^LDAPTrustedGlobalCert}) } - end - - context 'ldap_trusted_global_cert_file param' do - let(:params) { { ldap_trusted_global_cert_file: 'ca.pem' } } - - it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(%r{^LDAPTrustedGlobalCert CA_BASE64 ca\.pem$}) } - end - - context 'set multiple ldap params' do - let(:params) do - { - ldap_trusted_global_cert_file: 'ca.pem', - ldap_trusted_global_cert_type: 'CA_DER', - ldap_trusted_mode: 'TLS', - ldap_shared_cache_size: '500000', - ldap_cache_entries: '1024', - ldap_cache_ttl: '600', - ldap_opcache_entries: '1024', - ldap_opcache_ttl: '600', - } - end - - it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(%r{^LDAPTrustedGlobalCert CA_DER ca\.pem$}) } - it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(%r{^LDAPTrustedMode TLS$}) } - it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(%r{^LDAPSharedCacheSize 500000$}) } - it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(%r{^LDAPCacheEntries 1024$}) } - it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(%r{^LDAPCacheTTL 600$}) } - it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(%r{^LDAPOpCacheEntries 1024$}) } - it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(%r{^LDAPOpCacheTTL 600$}) } - end - end # Debian - - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - id: 'root', - kernel: 'Linux', - operatingsystem: 'RedHat', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_class('apache::mod::ldap') } - it { is_expected.to contain_apache__mod('ldap') } - - context 'default ldap_trusted_global_cert_file' do - it { is_expected.to contain_file('apache-mod-ldap.conf').without_content(%r{^LDAPTrustedGlobalCert}) } - end - - context 'ldap_trusted_global_cert_file param' do - let(:params) { { ldap_trusted_global_cert_file: 'ca.pem' } } - - it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(%r{^LDAPTrustedGlobalCert CA_BASE64 ca\.pem$}) } - end - - context 'ldap_trusted_global_cert_file and ldap_trusted_global_cert_type params' do - let(:params) do - { - ldap_trusted_global_cert_file: 'ca.pem', - ldap_trusted_global_cert_type: 'CA_DER', - } - end - - it { is_expected.to contain_file('apache-mod-ldap.conf').with_content(%r{^LDAPTrustedGlobalCert CA_DER ca\.pem$}) } - end - end # Redhat -end diff --git a/puppet/modules/apache/spec/classes/mod/lookup_identity.rb b/puppet/modules/apache/spec/classes/mod/lookup_identity.rb deleted file mode 100644 index 5fae97d..0000000 --- a/puppet/modules/apache/spec/classes/mod/lookup_identity.rb +++ /dev/null @@ -1,44 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::lookup_identity', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'default configuration with parameters' do - context 'on a Debian OS' do - let :facts do - { - lsbdistcodename: 'jessie', - osfamily: 'Debian', - operatingsystemrelease: '8', - id: 'root', - kernel: 'Linux', - operatingsystem: 'Debian', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_package('libapache2-mod-lookup-identity') } - it { is_expected.to contain_apache__mod('lookup_identity') } - end # Debian - - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - id: 'root', - kernel: 'Linux', - operatingsystem: 'RedHat', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_package('mod_lookup_identity') } - it { is_expected.to contain_apache__mod('lookup_identity') } - end # Redhat - end -end diff --git a/puppet/modules/apache/spec/classes/mod/mime_magic_spec.rb b/puppet/modules/apache/spec/classes/mod/mime_magic_spec.rb deleted file mode 100644 index 6d01ed5..0000000 --- a/puppet/modules/apache/spec/classes/mod/mime_magic_spec.rb +++ /dev/null @@ -1,103 +0,0 @@ -require 'spec_helper' - -# This function is called inside the OS specific contexts -def general_mime_magic_specs - it { is_expected.to contain_apache__mod('mime_magic') } -end - -describe 'apache::mod::mime_magic', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'On a Debian OS with default params' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '6', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - general_mime_magic_specs - - it do - is_expected.to contain_file('mime_magic.conf').with_content( - "MIMEMagicFile \"/etc/apache2/magic\"\n", - ) - end - - it { - is_expected.to contain_file('mime_magic.conf').with(ensure: 'file', - path: '/etc/apache2/mods-available/mime_magic.conf') - } - it { - is_expected.to contain_file('mime_magic.conf symlink').with(ensure: 'link', - path: '/etc/apache2/mods-enabled/mime_magic.conf') - } - - context 'with magic_file => /tmp/Debian_magic' do - let :params do - { magic_file: '/tmp/Debian_magic' } - end - - it do - is_expected.to contain_file('mime_magic.conf').with_content( - "MIMEMagicFile \"/tmp/Debian_magic\"\n", - ) - end - end - end - - context 'on a RedHat OS with default params' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - general_mime_magic_specs - - it do - is_expected.to contain_file('mime_magic.conf').with_content( - "MIMEMagicFile \"/etc/httpd/conf/magic\"\n", - ) - end - - it { is_expected.to contain_file('mime_magic.conf').with_path('/etc/httpd/conf.d/mime_magic.conf') } - end - - context 'with magic_file => /tmp/magic' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '6', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - let :params do - { magic_file: '/tmp/magic' } - end - - it do - is_expected.to contain_file('mime_magic.conf').with_content( - "MIMEMagicFile \"/tmp/magic\"\n", - ) - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/mime_spec.rb b/puppet/modules/apache/spec/classes/mod/mime_spec.rb deleted file mode 100644 index 6fbba65..0000000 --- a/puppet/modules/apache/spec/classes/mod/mime_spec.rb +++ /dev/null @@ -1,54 +0,0 @@ -require 'spec_helper' - -# This function is called inside the OS specific conte, :compilexts -def general_mime_specs - it { is_expected.to contain_apache__mod('mime') } - - it do - is_expected.to contain_file('mime.conf').with_content(%r{AddHandler type-map var}) - is_expected.to contain_file('mime.conf').with_content(%r{ddOutputFilter INCLUDES .shtml}) - is_expected.to contain_file('mime.conf').with_content(%r{AddType text/html .shtml}) - is_expected.to contain_file('mime.conf').with_content(%r{AddType application/x-compress .Z}) - end -end - -describe 'apache::mod::mime', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'On a Debian OS with default params', :compile do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - general_mime_specs - - it { is_expected.to contain_file('mime.conf').with_path('/etc/apache2/mods-available/mime.conf') } - end - - context 'on a RedHat OS with default params', :compile do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - general_mime_specs - - it { is_expected.to contain_file('mime.conf').with_path('/etc/httpd/conf.d/mime.conf') } - end -end diff --git a/puppet/modules/apache/spec/classes/mod/negotiation_spec.rb b/puppet/modules/apache/spec/classes/mod/negotiation_spec.rb deleted file mode 100644 index 4d23bf6..0000000 --- a/puppet/modules/apache/spec/classes/mod/negotiation_spec.rb +++ /dev/null @@ -1,51 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::negotiation', type: :class do - it_behaves_like 'a mod class, without including apache' - describe 'OS independent tests' do - let :facts do - { - osfamily: 'Debian', - operatingsystem: 'Debian', - kernel: 'Linux', - lsbdistcodename: 'jessie', - operatingsystemrelease: '8', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - context 'default params' do - it { is_expected.to contain_class('apache') } - it do - is_expected.to contain_file('negotiation.conf').with(ensure: 'file', - content: 'LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW -ForceLanguagePriority Prefer Fallback -') - end - end - - context 'with force_language_priority parameter' do - let :params do - { force_language_priority: 'Prefer' } - end - - it do - is_expected.to contain_file('negotiation.conf').with(ensure: 'file', - content: %r{^ForceLanguagePriority Prefer$}) - end - end - - context 'with language_priority parameter' do - let :params do - { language_priority: ['en', 'es'] } - end - - it do - is_expected.to contain_file('negotiation.conf').with(ensure: 'file', - content: %r{^LanguagePriority en es$}) - end - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/pagespeed_spec.rb b/puppet/modules/apache/spec/classes/mod/pagespeed_spec.rb deleted file mode 100644 index 171b767..0000000 --- a/puppet/modules/apache/spec/classes/mod/pagespeed_spec.rb +++ /dev/null @@ -1,57 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::pagespeed', type: :class do - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('pagespeed') } - it { is_expected.to contain_package('mod-pagespeed-stable') } - - context 'when setting additional_configuration to a Hash' do - let :params do - { additional_configuration: { 'Key' => 'Value' } } - end - - it { is_expected.to contain_file('pagespeed.conf').with_content %r{Key Value} } - end - - context 'when setting additional_configuration to an Array' do - let :params do - { additional_configuration: ['Key Value'] } - end - - it { is_expected.to contain_file('pagespeed.conf').with_content %r{Key Value} } - end - end - - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('pagespeed') } - it { is_expected.to contain_package('mod-pagespeed-stable') } - it { is_expected.to contain_file('pagespeed.conf') } - end -end diff --git a/puppet/modules/apache/spec/classes/mod/passenger_spec.rb b/puppet/modules/apache/spec/classes/mod/passenger_spec.rb deleted file mode 100644 index 2bcd0ac..0000000 --- a/puppet/modules/apache/spec/classes/mod/passenger_spec.rb +++ /dev/null @@ -1,444 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::passenger', type: :class do - on_supported_os.each do |os, facts| - context "on #{os} " do - let :facts do - facts - end - - case facts[:os]['family'] - when 'Debian' - context 'validating all passenger params - using Debian' do - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('passenger') } - it { is_expected.to contain_package('libapache2-mod-passenger') } - it { - is_expected.to contain_file('zpassenger.load').with('path' => '/etc/apache2/mods-available/zpassenger.load') - } - it { - is_expected.to contain_file('passenger.conf').with('path' => '/etc/apache2/mods-available/passenger.conf') - } - - passenger_config_options = { - 'passenger_allow_encoded_slashes' => { type: 'OnOff', pass_opt: :PassengerAllowEncodedSlashes }, - 'passenger_app_env' => { type: 'String', pass_opt: :PassengerAppEnv }, - 'passenger_app_group_name' => { type: 'String', pass_opt: :PassengerAppGroupName }, - 'passenger_app_root' => { type: 'FullPath', pass_opt: :PassengerAppRoot }, - 'passenger_app_type' => { type: 'String', pass_opt: :PassengerAppType }, - 'passenger_base_uri' => { type: 'URI', pass_opt: :PassengerBaseURI }, - 'passenger_buffer_response' => { type: 'OnOff', pass_opt: :PassengerBufferResponse }, - 'passenger_buffer_upload' => { type: 'OnOff', pass_opt: :PassengerBufferUpload }, - 'passenger_concurrency_model' => { type: ['process', 'thread'], pass_opt: :PassengerConcurrencyModel }, - 'passenger_data_buffer_dir' => { type: 'FullPath', pass_opt: :PassengerDataBufferDir }, - 'passenger_debug_log_file' => { type: 'String', pass_opt: :PassengerDebugLogFile }, - 'passenger_debugger' => { type: 'OnOff', pass_opt: :PassengerDebugger }, - 'passenger_default_group' => { type: 'String', pass_opt: :PassengerDefaultGroup }, - 'passenger_default_ruby' => { type: 'FullPath', pass_opt: :PassengerDefaultRuby }, - 'passenger_default_user' => { type: 'String', pass_opt: :PassengerDefaultUser }, - 'passenger_disable_security_update_check' => { type: 'OnOff', pass_opt: :PassengerDisableSecurityUpdateCheck }, - 'passenger_enabled' => { type: 'OnOff', pass_opt: :PassengerEnabled }, - 'passenger_error_override' => { type: 'OnOff', pass_opt: :PassengerErrorOverride }, - 'passenger_file_descriptor_log_file' => { type: 'FullPath', pass_opt: :PassengerFileDescriptorLogFile }, - 'passenger_fly_with' => { type: 'FullPath', pass_opt: :PassengerFlyWith }, - 'passenger_force_max_concurrent_requests_per_process' => { type: 'Integer', pass_opt: :PassengerForceMaxConcurrentRequestsPerProcess }, - 'passenger_friendly_error_pages' => { type: 'OnOff', pass_opt: :PassengerFriendlyErrorPages }, - 'passenger_group' => { type: 'String', pass_opt: :PassengerGroup }, - 'passenger_high_performance' => { type: 'OnOff', pass_opt: :PassengerHighPerformance }, - 'passenger_instance_registry_dir' => { type: 'FullPath', pass_opt: :PassengerInstanceRegistryDir }, - 'passenger_load_shell_envvars' => { type: 'OnOff', pass_opt: :PassengerLoadShellEnvvars }, - 'passenger_log_file' => { type: 'FullPath', pass_opt: :PassengerLogFile }, - 'passenger_log_level' => { type: 'Integer', pass_opt: :PassengerLogLevel }, - 'passenger_lve_min_uid' => { type: 'Integer', pass_opt: :PassengerLveMinUid }, - 'passenger_max_instances' => { type: 'Integer', pass_opt: :PassengerMaxInstances }, - 'passenger_max_instances_per_app' => { type: 'Integer', pass_opt: :PassengerMaxInstancesPerApp }, - 'passenger_max_pool_size' => { type: 'Integer', pass_opt: :PassengerMaxPoolSize }, - 'passenger_max_preloader_idle_time' => { type: 'Integer', pass_opt: :PassengerMaxPreloaderIdleTime }, - 'passenger_max_request_queue_size' => { type: 'Integer', pass_opt: :PassengerMaxRequestQueueSize }, - 'passenger_max_request_time' => { type: 'Integer', pass_opt: :PassengerMaxRequestTime }, - 'passenger_max_requests' => { type: 'Integer', pass_opt: :PassengerMaxRequests }, - 'passenger_memory_limit' => { type: 'Integer', pass_opt: :PassengerMemoryLimit }, - 'passenger_meteor_app_settings' => { type: 'FullPath', pass_opt: :PassengerMeteorAppSettings }, - 'passenger_min_instances' => { type: 'Integer', pass_opt: :PassengerMinInstances }, - 'passenger_nodejs' => { type: 'FullPath', pass_opt: :PassengerNodejs }, - 'passenger_pool_idle_time' => { type: 'Integer', pass_opt: :PassengerPoolIdleTime }, - 'passenger_pre_start' => { type: 'URI', pass_opt: :PassengerPreStart }, - 'passenger_python' => { type: 'FullPath', pass_opt: :PassengerPython }, - 'passenger_resist_deployment_errors' => { type: 'OnOff', pass_opt: :PassengerResistDeploymentErrors }, - 'passenger_resolve_symlinks_in_document_root' => { type: 'OnOff', pass_opt: :PassengerResolveSymlinksInDocumentRoot }, - 'passenger_response_buffer_high_watermark' => { type: 'Integer', pass_opt: :PassengerResponseBufferHighWatermark }, - 'passenger_restart_dir' => { type: 'Path', pass_opt: :PassengerRestartDir }, - 'passenger_rolling_restarts' => { type: 'OnOff', pass_opt: :PassengerRollingRestarts }, - 'passenger_root' => { type: 'FullPath', pass_opt: :PassengerRoot }, - 'passenger_ruby' => { type: 'FullPath', pass_opt: :PassengerRuby }, - 'passenger_security_update_check_proxy' => { type: 'URI', pass_opt: :PassengerSecurityUpdateCheckProxy }, - 'passenger_show_version_in_header' => { type: 'OnOff', pass_opt: :PassengerShowVersionInHeader }, - 'passenger_socket_backlog' => { type: 'Integer', pass_opt: :PassengerSocketBacklog }, - 'passenger_spawn_method' => { type: ['smart', 'direct'], pass_opt: :PassengerSpawnMethod }, - 'passenger_start_timeout' => { type: 'Integer', pass_opt: :PassengerStartTimeout }, - 'passenger_startup_file' => { type: 'RelPath', pass_opt: :PassengerStartupFile }, - 'passenger_stat_throttle_rate' => { type: 'Integer', pass_opt: :PassengerStatThrottleRate }, - 'passenger_sticky_sessions' => { type: 'OnOff', pass_opt: :PassengerStickySessions }, - 'passenger_sticky_sessions_cookie_name' => { type: 'String', pass_opt: :PassengerStickySessionsCookieName }, - 'passenger_thread_count' => { type: 'Integer', pass_opt: :PassengerThreadCount }, - 'passenger_use_global_queue' => { type: 'String', pass_opt: :PassengerUseGlobalQueue }, - 'passenger_user' => { type: 'String', pass_opt: :PassengerUser }, - 'passenger_user_switching' => { type: 'OnOff', pass_opt: :PassengerUserSwitching }, - 'rack_auto_detect' => { type: 'String', pass_opt: :RackAutoDetect }, - 'rack_autodetect' => { type: 'String', pass_opt: :RackAutoDetect }, - 'rack_base_uri' => { type: 'String', pass_opt: :RackBaseURI }, - 'rack_env' => { type: 'String', pass_opt: :RackEnv }, - 'rails_allow_mod_rewrite' => { type: 'String', pass_opt: :RailsAllowModRewrite }, - 'rails_app_spawner_idle_time' => { type: 'String', pass_opt: :RailsAppSpawnerIdleTime }, - 'rails_auto_detect' => { type: 'String', pass_opt: :RailsAutoDetect }, - 'rails_autodetect' => { type: 'String', pass_opt: :RailsAutoDetect }, - 'rails_base_uri' => { type: 'String', pass_opt: :RailsBaseURI }, - 'rails_default_user' => { type: 'String', pass_opt: :RailsDefaultUser }, - 'rails_env' => { type: 'String', pass_opt: :RailsEnv }, - 'rails_framework_spawner_idle_time' => { type: 'String', pass_opt: :RailsFrameworkSpawnerIdleTime }, - 'rails_ruby' => { type: 'String', pass_opt: :RailsRuby }, - 'rails_spawn_method' => { type: 'String', pass_opt: :RailsSpawnMethod }, - 'rails_user_switching' => { type: 'String', pass_opt: :RailsUserSwitching }, - 'wsgi_auto_detect' => { type: 'String', pass_opt: :WsgiAutoDetect }, - } - passenger_config_options.each do |config_option, config_hash| - puppetized_config_option = config_option - case config_hash[:type] - # UnionStationFilter values are quoted strings - when 'QuotedString' - valid_config_values = ['"a quoted string"'] - valid_config_values.each do |valid_value| - describe "with #{puppetized_config_option} => '#{valid_value.delete('"')}'" do - let :params do - { puppetized_config_option.to_sym => valid_value } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ #{config_hash[:pass_opt]} "#{valid_value}"$}) } - end - end - when 'FullPath', 'RelPath', 'Path' - valid_config_values = ['/some/path/to/somewhere'] - valid_config_values.each do |valid_value| - describe "with #{puppetized_config_option} => #{valid_value}" do - let :params do - { puppetized_config_option.to_sym => valid_value } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ #{config_hash[:pass_opt]} "#{valid_value}"$}) } - end - end - when 'URI', 'String', 'Integer' - valid_config_values = ['some_value_for_you'] - valid_config_values.each do |valid_value| - describe "with #{puppetized_config_option} => #{valid_value}" do - let :params do - { puppetized_config_option.to_sym => valid_value } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ #{config_hash[:pass_opt]} #{valid_value}$}) } - end - end - when 'OnOff' - valid_config_values = ['on', 'off'] - valid_config_values.each do |valid_value| - describe "with #{puppetized_config_option} => '#{valid_value}'" do - let :params do - { puppetized_config_option.to_sym => valid_value } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ #{config_hash[:pass_opt]} #{valid_value}$}) } - end - end - else - valid_config_values = config_hash[:type] - valid_config_values.each do |valid_value| - describe "with #{puppetized_config_option} => '#{valid_value}'" do - let :params do - { puppetized_config_option.to_sym => valid_value } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ #{config_hash[:pass_opt]} #{valid_value}$}) } - end - end - end - end - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('passenger') } - it { is_expected.to contain_package('libapache2-mod-passenger') } - it { - is_expected.to contain_file('zpassenger.load').with('path' => '/etc/apache2/mods-available/zpassenger.load') - } - it { - is_expected.to contain_file('passenger.conf').with('path' => '/etc/apache2/mods-available/passenger.conf') - } - - context 'passenger config with passenger_installed_version set', test: true do - describe 'fails when an option is not valid for $passenger_installed_version' do - let :params do - { - passenger_installed_version: '4.0.0', - passenger_instance_registry_dir: '/some/path/to/nowhere', - } - end - - it { is_expected.to raise_error(%r{passenger_instance_registry_dir is not introduced until version 5.0.0}) } - end - - describe 'fails when an option is removed' do - let :params do - { - passenger_installed_version: '5.0.0', - rails_autodetect: 'on', - } - end - - it { is_expected.to raise_error(%r{REMOVED PASSENGER OPTION}) } - end - - describe 'warns when an option is deprecated' do - puts facts[:os]['family'] - puts facts[:os]['release'] - - let :params do - { - passenger_installed_version: '5.0.0', - rails_ruby: '/some/path/to/ruby', - } - end - - specify { expect { warn(%r{DEPRECATED PASSENGER OPTION}) }.to output(%r{DEPRECATED PASSENGER OPTION}).to_stderr } - end - end - - describe "with passenger_root => '/usr/lib/example'" do - let :params do - { passenger_root: '/usr/lib/example' } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/example"}) } - end - describe 'with passenger_ruby => /usr/lib/example/ruby' do - let :params do - { passenger_ruby: '/usr/lib/example/ruby' } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby"}) } - end - describe 'with passenger_default_ruby => /usr/lib/example/ruby1.9.3' do - let :params do - { passenger_ruby: '/usr/lib/example/ruby1.9.3' } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRuby "/usr/lib/example/ruby1.9.3"}) } - end - describe 'with passenger_high_performance => on' do - let :params do - { passenger_high_performance: 'on' } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerHighPerformance on$}) } - end - describe 'with passenger_pool_idle_time => 1200' do - let :params do - { passenger_pool_idle_time: 1200 } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerPoolIdleTime 1200$}) } - end - describe 'with passenger_max_request_queue_size => 100' do - let :params do - { passenger_max_request_queue_size: 100 } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerMaxRequestQueueSize 100$}) } - end - - describe 'with passenger_max_requests => 20' do - let :params do - { passenger_max_requests: 20 } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerMaxRequests 20$}) } - end - describe 'with passenger_spawn_method => direct' do - let :params do - { passenger_spawn_method: 'direct' } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerSpawnMethod direct$}) } - end - describe 'with passenger_stat_throttle_rate => 10' do - let :params do - { passenger_stat_throttle_rate: 10 } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerStatThrottleRate 10$}) } - end - describe 'with passenger_max_pool_size => 16' do - let :params do - { passenger_max_pool_size: 16 } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerMaxPoolSize 16$}) } - end - describe 'with passenger_min_instances => 5' do - let :params do - { passenger_min_instances: 5 } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerMinInstances 5$}) } - end - describe 'with passenger_max_instances_per_app => 8' do - let :params do - { passenger_max_instances_per_app: 8 } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerMaxInstancesPerApp 8$}) } - end - describe 'with rack_autodetect => on' do - let :params do - { rack_autodetect: 'on' } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ RackAutoDetect on$}) } - end - describe 'with rails_autodetect => on' do - let :params do - { rails_autodetect: 'on' } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ RailsAutoDetect on$}) } - end - describe 'with passenger_use_global_queue => on' do - let :params do - { passenger_use_global_queue: 'on' } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerUseGlobalQueue on$}) } - end - describe "with passenger_app_env => 'foo'" do - let :params do - { passenger_app_env: 'foo' } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerAppEnv foo$}) } - end - describe "with passenger_log_file => '/var/log/apache2/passenger.log'" do - let :params do - { passenger_log_file: '/var/log/apache2/passenger.log' } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerLogFile "/var/log/apache2/passenger.log"$}) } - end - describe 'with passenger_log_level => 3' do - let :params do - { passenger_log_level: 3 } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerLogLevel 3$}) } - end - describe "with mod_path => '/usr/lib/foo/mod_foo.so'" do - let :params do - { mod_path: '/usr/lib/foo/mod_foo.so' } - end - - it { is_expected.to contain_file('zpassenger.load').with_content(%r{^LoadModule passenger_module \/usr\/lib\/foo\/mod_foo\.so$}) } - end - describe "with mod_lib_path => '/usr/lib/foo'" do - let :params do - { mod_lib_path: '/usr/lib/foo' } - end - - it { is_expected.to contain_file('zpassenger.load').with_content(%r{^LoadModule passenger_module \/usr\/lib\/foo\/mod_passenger\.so$}) } - end - describe "with mod_lib => 'mod_foo.so'" do - let :params do - { mod_lib: 'mod_foo.so' } - end - - it { is_expected.to contain_file('zpassenger.load').with_content(%r{^LoadModule passenger_module \/usr\/lib\/apache2\/modules\/mod_foo\.so$}) } - end - describe "with mod_id => 'mod_foo'" do - let :params do - { mod_id: 'mod_foo' } - end - - it { is_expected.to contain_file('zpassenger.load').with_content(%r{^LoadModule mod_foo \/usr\/lib\/apache2\/modules\/mod_passenger\.so$}) } - end - - context 'with Ubuntu 16.04 defaults' do - it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini"}) } - it { is_expected.to contain_file('passenger.conf').without_content(%r{PassengerRuby}) } - it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerDefaultRuby "/usr/bin/ruby"}) } - end - - if facts[:os]['release']['major'].to_i == 8 - context 'with Debian 8 defaults' do - it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerRoot "/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini"}) } - it { is_expected.to contain_file('passenger.conf').without_content(%r{PassengerRuby}) } - it { is_expected.to contain_file('passenger.conf').with_content(%r{PassengerDefaultRuby "/usr/bin/ruby"}) } - end - end - when 'RedHat' - context 'on a RedHat OS' do - case facts[:os]['release']['major'] - when '6' - context 'on EL6' do - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('passenger') } - it { is_expected.to contain_package('mod_passenger') } - it { - is_expected.to contain_file('passenger_package.conf').with('path' => '/etc/httpd/conf.d/passenger.conf') - } - it { is_expected.to contain_file('passenger_package.conf').without_content } - it { is_expected.to contain_file('passenger_package.conf').without_source } - it { - is_expected.to contain_file('zpassenger.load').with('path' => '/etc/httpd/conf.d/zpassenger.load') - } - it { is_expected.to contain_file('passenger.conf').without_content(%r{PassengerRoot}) } - it { is_expected.to contain_file('passenger.conf').without_content(%r{PassengerRuby}) } - describe "with passenger_root => '/usr/lib/example'" do - let :params do - { passenger_root: '/usr/lib/example' } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerRoot "\/usr\/lib\/example"$}) } - end - describe 'with passenger_ruby => /usr/lib/example/ruby' do - let :params do - { passenger_ruby: '/usr/lib/example/ruby' } - end - - it { is_expected.to contain_file('passenger.conf').with_content(%r{^ PassengerRuby "\/usr\/lib\/example\/ruby"$}) } - end - end - when '7' - - context 'on EL7' do - it { - is_expected.to contain_file('passenger_package.conf').with('path' => '/etc/httpd/conf.d/passenger.conf') - } - it { - is_expected.to contain_file('zpassenger.load').with('path' => '/etc/httpd/conf.modules.d/zpassenger.load') - } - end - end - end - when 'FreeBSD' - context 'on a FreeBSD OS' do - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('passenger') } - it { is_expected.to contain_package('www/rubygem-passenger') } - end - when 'Gentoo' - context 'on a Gentoo OS' do - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('passenger') } - it { is_expected.to contain_package('www-apache/passenger') } - end - end - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/perl_spec.rb b/puppet/modules/apache/spec/classes/mod/perl_spec.rb deleted file mode 100644 index 0176c16..0000000 --- a/puppet/modules/apache/spec/classes/mod/perl_spec.rb +++ /dev/null @@ -1,74 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::perl', type: :class do - it_behaves_like 'a mod class, without including apache' - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('perl') } - it { is_expected.to contain_package('libapache2-mod-perl2') } - end - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('perl') } - it { is_expected.to contain_package('mod_perl') } - end - context 'on a FreeBSD OS' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '9', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('perl') } - it { is_expected.to contain_package('www/mod_perl2') } - end - context 'on a Gentoo OS' do - let :facts do - { - osfamily: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - operatingsystem: 'Gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('perl') } - it { is_expected.to contain_package('www-apache/mod_perl') } - end -end diff --git a/puppet/modules/apache/spec/classes/mod/peruser_spec.rb b/puppet/modules/apache/spec/classes/mod/peruser_spec.rb deleted file mode 100644 index 0f6a62b..0000000 --- a/puppet/modules/apache/spec/classes/mod/peruser_spec.rb +++ /dev/null @@ -1,44 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::peruser', type: :class do - let :pre_condition do - 'class { "apache": mpm_module => false, }' - end - - context 'on a FreeBSD OS' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '10', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it do - expect { - catalogue - }.to raise_error(Puppet::Error, %r{Unsupported osfamily FreeBSD}) - end - end - context 'on a Gentoo OS' do - let :facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.not_to contain_apache__mod('peruser') } - it { is_expected.to contain_file('/etc/apache2/modules.d/peruser.conf').with_ensure('file') } - end -end diff --git a/puppet/modules/apache/spec/classes/mod/php_spec.rb b/puppet/modules/apache/spec/classes/mod/php_spec.rb deleted file mode 100644 index e4a654f..0000000 --- a/puppet/modules/apache/spec/classes/mod/php_spec.rb +++ /dev/null @@ -1,310 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::php', type: :class do - on_supported_os.each do |os, facts| - context "on #{os} " do - let :facts do - facts - end - let :pre_condition do - 'class { "apache": mpm_module => prefork, }' - end - - case facts[:os]['family'] - when 'Debian' - describe 'on a Debian OS' do - context 'with mpm_module => prefork' do - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_class('apache::mod::prefork') } - end - case facts[:os]['release']['major'] - when '8' - context 'on jessie' do - it { - is_expected.to contain_file('php5.load').with( - content: "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n", - ) - } - context 'with mpm_module => itk on jessie' do - let :pre_condition do - 'class { "apache": mpm_module => itk, }' - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_class('apache::mod::itk') } - it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package('libapache2-mod-php5') } - it { - is_expected.to contain_file('php5.load').with( - content: "LoadModule php5_module /usr/lib/apache2/modules/libphp5.so\n", - ) - } - end - end - when '9' - context 'on stretch' do - it { is_expected.to contain_apache__mod('php7.0') } - it { is_expected.to contain_package('libapache2-mod-php7.0') } - it { - is_expected.to contain_file('php7.0.load').with( - content: "LoadModule php7_module /usr/lib/apache2/modules/libphp7.0.so\n", - ) - } - end - when '16.04' - context 'on stretch' do - let :params do - { content: 'somecontent' } - end - - it { - is_expected.to contain_file('php7.0.conf').with( - content: 'somecontent', - ) - } - end - - when '18.04' - context 'on stretch' do - let :params do - { content: 'somecontent' } - end - - it { - is_expected.to contain_file('php7.2.conf').with( - content: 'somecontent', - ) - } - end - end - end - when 'RedHat' - describe 'on a RedHat OS' do - context 'with default params' do - let :pre_condition do - 'class { "apache": }' - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package('php') } if facts[:os]['release']['major'].to_i > 5 - it { - is_expected.to contain_file('php5.load').with( - content: "LoadModule php5_module modules/libphp5.so\n", - ) - } - end - context 'with alternative package name' do - let :pre_condition do - 'class { "apache": }' - end - let :params do - { package_name: 'php54' } - end - - it { is_expected.to contain_package('php54') } - end - context 'with alternative path' do - let :pre_condition do - 'class { "apache": }' - end - let :params do - { path: 'alternative-path' } - end - - it { - is_expected.to contain_file('php5.load').with( - content: "LoadModule php5_module alternative-path\n", - ) - } - end - context 'with alternative extensions' do - let :pre_condition do - 'class { "apache": }' - end - let :params do - { - extensions: ['.php', '.php5'], - } - end - - it { is_expected.to contain_file('php5.conf').with_content(Regexp.new(Regexp.escape(''))) } - end - if facts[:os]['release']['major'].to_i > 5 - context 'with specific version' do - let :pre_condition do - 'class { "apache": }' - end - let :params do - { package_ensure: '5.3.13' } - end - - it { - is_expected.to contain_package('php').with( - ensure: '5.3.13', - ) - } - end - end - context 'with mpm_module => prefork' do - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_class('apache::mod::prefork') } - it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package('php') } if facts[:os]['release']['major'].to_i > 5 - it { - is_expected.to contain_file('php5.load').with( - content: "LoadModule php5_module modules/libphp5.so\n", - ) - } - end - context 'with mpm_module => itk' do - let :pre_condition do - 'class { "apache": mpm_module => itk, }' - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_class('apache::mod::itk') } - it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package('php') } if facts[:os]['release']['major'].to_i > 5 - it { - is_expected.to contain_file('php5.load').with( - content: "LoadModule php5_module modules/libphp5.so\n", - ) - } - end - end - when 'FreeBSD' - describe 'on a FreeBSD OS' do - context 'with mpm_module => prefork' do - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package('www/mod_php5') } - it { is_expected.to contain_file('php5.load') } - end - context 'with mpm_module => itk' do - let :pre_condition do - 'class { "apache": mpm_module => itk, }' - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_class('apache::mod::itk') } - it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package('www/mod_php5') } - it { is_expected.to contain_file('php5.load') } - end - end - when 'Gentoo' - describe 'on a Gentoo OS' do - context 'with mpm_module => prefork' do - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package('dev-lang/php') } - it { is_expected.to contain_file('php5.load') } - end - context 'with mpm_module => itk' do - let :pre_condition do - 'class { "apache": mpm_module => itk, }' - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_class('apache::mod::itk') } - it { is_expected.to contain_apache__mod('php5') } - it { is_expected.to contain_package('dev-lang/php') } - it { is_expected.to contain_file('php5.load') } - end - end - end - - # all the following tests are for legacy php/apache versions. They don't work on modern ubuntu - next if (facts[:os]['release']['major'].to_i > 15 && facts[:os]['name'] == 'Ubuntu') || - (facts[:os]['release']['major'].to_i >= 9 && facts[:os]['name'] == 'Debian') - - describe 'OS independent tests' do - context 'with content param' do - let :params do - { content: 'somecontent' } - end - - it { - is_expected.to contain_file('php5.conf').with( - content: 'somecontent', - ) - } - end - context 'with template param' do - let :params do - { template: 'apache/mod/php.conf.erb' } - end - - it { - is_expected.to contain_file('php5.conf').with( - content: %r{^# PHP is an HTML-embedded scripting language which attempts to make it}, - ) - } - end - context 'with source param' do - let :params do - { source: 'some-path' } - end - - it { - is_expected.to contain_file('php5.conf').with( - source: 'some-path', - ) - } - end - context 'content has priority over template' do - let :params do - { - template: 'apache/mod/php5.conf.erb', - content: 'somecontent', - } - end - - it { - is_expected.to contain_file('php5.conf').with( - content: 'somecontent', - ) - } - end - context 'source has priority over template' do - let :params do - { - template: 'apache/mod/php5.conf.erb', - source: 'some-path', - } - end - - it { - is_expected.to contain_file('php5.conf').with( - source: 'some-path', - ) - } - end - context 'source has priority over content' do - let :params do - { - content: 'somecontent', - source: 'some-path', - } - end - - it { - is_expected.to contain_file('php5.conf').with( - source: 'some-path', - ) - } - end - context 'with mpm_module => worker' do - let :pre_condition do - 'class { "apache": mpm_module => worker, }' - end - - it 'raises an error' do - expect { expect(subject).to contain_apache__mod('php5') }.to raise_error Puppet::Error, %r{mpm_module => 'prefork' or mpm_module => 'itk'} - end - end - end - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/prefork_spec.rb b/puppet/modules/apache/spec/classes/mod/prefork_spec.rb deleted file mode 100644 index 8554577..0000000 --- a/puppet/modules/apache/spec/classes/mod/prefork_spec.rb +++ /dev/null @@ -1,138 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::prefork', type: :class do - let :pre_condition do - 'class { "apache": mpm_module => false, }' - end - - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.not_to contain_apache__mod('prefork') } - it { is_expected.to contain_file('/etc/apache2/mods-available/prefork.conf').with_ensure('file') } - it { is_expected.to contain_file('/etc/apache2/mods-enabled/prefork.conf').with_ensure('link') } - - context 'with Apache version < 2.4' do - let :params do - { - apache_version: '2.2', - } - end - - it { is_expected.not_to contain_file('/etc/apache2/mods-available/prefork.load') } - it { is_expected.not_to contain_file('/etc/apache2/mods-enabled/prefork.load') } - - it { is_expected.to contain_package('apache2-mpm-prefork') } - end - - context 'with Apache version >= 2.4' do - let :params do - { - apache_version: '2.4', - } - end - - it { - is_expected.to contain_file('/etc/apache2/mods-available/prefork.load').with('ensure' => 'file', - 'content' => "LoadModule mpm_prefork_module /usr/lib/apache2/modules/mod_mpm_prefork.so\n") - } - it { is_expected.to contain_file('/etc/apache2/mods-enabled/prefork.load').with_ensure('link') } - end - end - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.not_to contain_apache__mod('prefork') } - it { is_expected.to contain_file('/etc/httpd/conf.d/prefork.conf').with_ensure('file') } - - context 'with Apache version < 2.4' do - let :params do - { - apache_version: '2.2', - } - end - - it { - is_expected.to contain_file_line('/etc/sysconfig/httpd prefork enable').with('require' => 'Package[httpd]') - } - it { is_expected.to contain_file('/etc/httpd/conf.d/prefork.conf').without('content' => %r{MaxRequestWorkers}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/prefork.conf').without('content' => %r{MaxConnectionsPerChild}) } - end - - context 'with Apache version >= 2.4' do - let :params do - { - apache_version: '2.4', - maxrequestworkers: '512', - maxconnectionsperchild: '4000', - } - end - - it { is_expected.not_to contain_apache__mod('event') } - - it { - is_expected.to contain_file('/etc/httpd/conf.d/prefork.load').with('ensure' => 'file', - 'content' => "LoadModule mpm_prefork_module modules/mod_mpm_prefork.so\n") - } - it { is_expected.to contain_file('/etc/httpd/conf.d/prefork.conf').without('content' => %r{MaxClients}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/prefork.conf').without('content' => %r{MaxRequestsPerChild}) } - end - end - context 'on a FreeBSD OS' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '9', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.not_to contain_apache__mod('prefork') } - it { is_expected.to contain_file('/usr/local/etc/apache24/Modules/prefork.conf').with_ensure('file') } - end - context 'on a Gentoo OS' do - let :facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.not_to contain_apache__mod('prefork') } - it { is_expected.to contain_file('/etc/apache2/modules.d/prefork.conf').with_ensure('file') } - end -end diff --git a/puppet/modules/apache/spec/classes/mod/proxy_balancer_spec.rb b/puppet/modules/apache/spec/classes/mod/proxy_balancer_spec.rb deleted file mode 100644 index 8071a69..0000000 --- a/puppet/modules/apache/spec/classes/mod/proxy_balancer_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -require 'spec_helper' - -# Helper function for testing the contents of `proxy_balancer.conf` -def balancer_manager_conf_spec(allow_from, manager_path) - expected = "\n"\ - " SetHandler balancer-manager\n"\ - " Require ip #{Array(allow_from).join(' ')}\n"\ - "\n" - it do - is_expected.to contain_file('proxy_balancer.conf').with_content(expected) - end -end - -describe 'apache::mod::proxy_balancer', type: :class do - let :pre_condition do - [ - 'include apache::mod::proxy', - ] - end - - it_behaves_like 'a mod class, without including apache' - - context 'default configuration with default parameters' do - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_apache__mod('proxy_balancer') } - - it { is_expected.not_to contain_file('proxy_balancer.conf') } - it { is_expected.not_to contain_file('proxy_balancer.conf symlink') } - end - - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_apache__mod('proxy_balancer') } - - it { is_expected.not_to contain_file('proxy_balancer.conf') } - it { is_expected.not_to contain_file('proxy_balancer.conf symlink') } - end - end - context "default configuration with custom parameters $manager => true, $allow_from => ['10.10.10.10','11.11.11.11'], $status_path => '/custom-manager' on a Debian OS" do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let :params do - { - manager: true, - allow_from: ['10.10.10.10', '11.11.11.11'], - manager_path: '/custom-manager', - } - end - - balancer_manager_conf_spec(['10.10.10.10', '11.11.11.11'], '/custom-manager') - end -end diff --git a/puppet/modules/apache/spec/classes/mod/proxy_connect_spec.rb b/puppet/modules/apache/spec/classes/mod/proxy_connect_spec.rb deleted file mode 100644 index 0f39a05..0000000 --- a/puppet/modules/apache/spec/classes/mod/proxy_connect_spec.rb +++ /dev/null @@ -1,63 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::proxy_connect', type: :class do - let :pre_condition do - [ - 'include apache::mod::proxy', - ] - end - - it_behaves_like 'a mod class, without including apache' - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - context 'with Apache version < 2.2' do - let :facts do - super().merge(operatingsystemrelease: '7.0', - lsbdistcodename: 'wheezy') - end - let :params do - { - apache_version: '2.1', - } - end - - it { is_expected.not_to contain_apache__mod('proxy_connect') } - end - context 'with Apache version = 2.2' do - let :facts do - super().merge(operatingsystemrelease: '7.0', - lsbdistcodename: 'wheezy') - end - let :params do - { - apache_version: '2.2', - } - end - - it { is_expected.to contain_apache__mod('proxy_connect') } - end - context 'with Apache version >= 2.4' do - let :facts do - super().merge(operatingsystemrelease: '8.0', - lsbdistcodename: 'jessie') - end - let :params do - { - apache_version: '2.4', - } - end - - it { is_expected.to contain_apache__mod('proxy_connect') } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/proxy_html_spec.rb b/puppet/modules/apache/spec/classes/mod/proxy_html_spec.rb deleted file mode 100644 index b8944ad..0000000 --- a/puppet/modules/apache/spec/classes/mod/proxy_html_spec.rb +++ /dev/null @@ -1,108 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::proxy_html', type: :class do - let :pre_condition do - [ - 'include apache::mod::proxy', - 'include apache::mod::proxy_http', - ] - end - - it_behaves_like 'a mod class, without including apache' - context 'on a Debian OS' do - shared_examples 'debian' do |loadfiles| - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('proxy_html').with(loadfiles: loadfiles) } - it { is_expected.to contain_package('libapache2-mod-proxy-html') } - end - let :facts do - { - osfamily: 'Debian', - architecture: 'i386', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - hardwaremodel: 'i386', - is_pe: false, - } - end - - context 'on jessie i386' do - let(:facts) do - super().merge(operatingsystemrelease: '8', - hardwaremodel: 'i686', - architecture: 'i386') - end - - it { is_expected.to contain_apache__mod('xml2enc').with(loadfiles: nil) } - it_behaves_like 'debian', ['/usr/lib/i386-linux-gnu/libxml2.so.2'] - end - context 'on jessie x64' do - let(:facts) do - super().merge(operatingsystemrelease: '8', - hardwaremodel: 'x86_64', - architecture: 'amd64') - end - - it { is_expected.to contain_apache__mod('xml2enc').with(loadfiles: nil) } - it_behaves_like 'debian', ['/usr/lib/x86_64-linux-gnu/libxml2.so.2'] - end - end - - context 'on a RedHat OS', :compile do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('proxy_html').with(loadfiles: nil) } - it { is_expected.to contain_package('mod_proxy_html') } - it { is_expected.to contain_apache__mod('xml2enc').with(loadfiles: nil) } - end - context 'on a FreeBSD OS', :compile do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '9', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('proxy_html').with(loadfiles: nil) } - it { is_expected.to contain_apache__mod('xml2enc').with(loadfiles: nil) } - it { is_expected.to contain_package('www/mod_proxy_html') } - end - context 'on a Gentoo OS', :compile do - let :facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('proxy_html').with(loadfiles: nil) } - it { is_expected.to contain_apache__mod('xml2enc').with(loadfiles: nil) } - it { is_expected.to contain_package('www-apache/mod_proxy_html') } - end -end diff --git a/puppet/modules/apache/spec/classes/mod/proxy_wstunnel.rb b/puppet/modules/apache/spec/classes/mod/proxy_wstunnel.rb deleted file mode 100644 index e332d94..0000000 --- a/puppet/modules/apache/spec/classes/mod/proxy_wstunnel.rb +++ /dev/null @@ -1,5 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::proxy_wstunnel', type: :class do - it_behaves_like 'a mod class, without including apache' -end diff --git a/puppet/modules/apache/spec/classes/mod/python_spec.rb b/puppet/modules/apache/spec/classes/mod/python_spec.rb deleted file mode 100644 index 21e4e42..0000000 --- a/puppet/modules/apache/spec/classes/mod/python_spec.rb +++ /dev/null @@ -1,84 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::python', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('python') } - it { is_expected.to contain_package('libapache2-mod-python') } - end - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('python') } - it { is_expected.to contain_package('mod_python') } - it { is_expected.to contain_file('python.load').with_path('/etc/httpd/conf.d/python.load') } - - describe 'with loadfile_name specified' do - let :params do - { loadfile_name: 'FooBar' } - end - - it { is_expected.to contain_file('FooBar').with_path('/etc/httpd/conf.d/FooBar') } - end - end - context 'on a FreeBSD OS' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '9', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('python') } - it { is_expected.to contain_package('www/mod_python3') } - end - context 'on a Gentoo OS' do - let :facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('python') } - it { is_expected.to contain_package('www-apache/mod_python') } - end -end diff --git a/puppet/modules/apache/spec/classes/mod/remoteip_spec.rb b/puppet/modules/apache/spec/classes/mod/remoteip_spec.rb deleted file mode 100644 index fc2d3bb..0000000 --- a/puppet/modules/apache/spec/classes/mod/remoteip_spec.rb +++ /dev/null @@ -1,101 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::remoteip', type: :class do - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - } - end - let :params do - { apache_version: '2.4' } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('remoteip') } - it { - is_expected.to contain_file('remoteip.conf').with('path' => '/etc/apache2/mods-available/remoteip.conf') - } - - describe 'with header X-Forwarded-For' do - let :params do - { header: 'X-Forwarded-For' } - end - - it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPHeader X-Forwarded-For$}) } - end - describe 'with internal_proxy => [ 10.42.17.8, 10.42.18.99 ]' do - let :params do - { internal_proxy: ['10.42.17.8', '10.42.18.99'] } - end - - it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPInternalProxy 10.42.17.8$}) } - it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPInternalProxy 10.42.18.99$}) } - end - describe 'with IPv4 CIDR in internal_proxy => [ 192.168.1.0/24 ]' do - let :params do - { internal_proxy: ['192.168.1.0/24'] } - end - - it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPInternalProxy 192.168.1.0/24$}) } - end - describe 'with IPv6 CIDR in internal_proxy => [ fd00:fd00:fd00:2000::/64 ]' do - let :params do - { internal_proxy: ['fd00:fd00:fd00:2000::/64'] } - end - - it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPInternalProxy fd00:fd00:fd00:2000::/64$}) } - end - describe 'with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]' do - let :params do - { proxy_ips: ['10.42.17.8', '10.42.18.99'] } - end - - it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPInternalProxy 10.42.17.8$}) } - it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPInternalProxy 10.42.18.99$}) } - end - describe 'with IPv4 CIDR in proxy_ips => [ 192.168.1.0/24 ]' do - let :params do - { proxy_ips: ['192.168.1.0/24'] } - end - - it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPInternalProxy 192.168.1.0/24$}) } - end - describe 'with IPv6 CIDR in proxy_ips => [ fd00:fd00:fd00:2000::/64 ]' do - let :params do - { proxy_ips: ['fd00:fd00:fd00:2000::/64'] } - end - - it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPInternalProxy fd00:fd00:fd00:2000::/64$}) } - end - describe 'with trusted_proxy => [ 10.42.17.8, 10.42.18.99 ]' do - let :params do - { trusted_proxy: ['10.42.17.8', '10.42.18.99'] } - end - - it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPTrustedProxy 10.42.17.8$}) } - it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPTrustedProxy 10.42.18.99$}) } - end - describe 'with trusted_proxy_ips => [ 10.42.17.8, 10.42.18.99 ]' do - let :params do - { trusted_proxy: ['10.42.17.8', '10.42.18.99'] } - end - - it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPTrustedProxy 10.42.17.8$}) } - it { is_expected.to contain_file('remoteip.conf').with_content(%r{^RemoteIPTrustedProxy 10.42.18.99$}) } - end - describe 'with Apache version < 2.4' do - let :params do - { apache_version: '2.2' } - end - - it { expect { catalogue }.to raise_error(Puppet::Error, %r{mod_remoteip is only available in Apache 2.4}) } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/reqtimeout_spec.rb b/puppet/modules/apache/spec/classes/mod/reqtimeout_spec.rb deleted file mode 100644 index d86ed20..0000000 --- a/puppet/modules/apache/spec/classes/mod/reqtimeout_spec.rb +++ /dev/null @@ -1,154 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::reqtimeout', type: :class do - it_behaves_like 'a mod class, without including apache' - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - lsbdistcodename: 'jessie', - is_pe: false, - } - end - - context 'passing no parameters' do - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('reqtimeout') } - it { is_expected.to contain_file('reqtimeout.conf').with_content(%r{^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$}) } - end - context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do - let :params do - { timeouts: ['header=20-60,minrate=600', 'body=60,minrate=600'] } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('reqtimeout') } - it { is_expected.to contain_file('reqtimeout.conf').with_content(%r{^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$}) } - end - context "passing timeouts => 'header=20-60,minrate=600'" do - let :params do - { timeouts: 'header=20-60,minrate=600' } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('reqtimeout') } - it { is_expected.to contain_file('reqtimeout.conf').with_content(%r{^RequestReadTimeout header=20-60,minrate=600$}) } - end - end - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'Redhat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - context 'passing no parameters' do - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('reqtimeout') } - it { is_expected.to contain_file('reqtimeout.conf').with_content(%r{^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$}) } - end - context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do - let :params do - { timeouts: ['header=20-60,minrate=600', 'body=60,minrate=600'] } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('reqtimeout') } - it { is_expected.to contain_file('reqtimeout.conf').with_content(%r{^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$}) } - end - context "passing timeouts => 'header=20-60,minrate=600'" do - let :params do - { timeouts: 'header=20-60,minrate=600' } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('reqtimeout') } - it { is_expected.to contain_file('reqtimeout.conf').with_content(%r{^RequestReadTimeout header=20-60,minrate=600$}) } - end - end - context 'on a FreeBSD OS' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '9', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - context 'passing no parameters' do - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('reqtimeout') } - it { is_expected.to contain_file('reqtimeout.conf').with_content(%r{^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$}) } - end - context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do - let :params do - { timeouts: ['header=20-60,minrate=600', 'body=60,minrate=600'] } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('reqtimeout') } - it { is_expected.to contain_file('reqtimeout.conf').with_content(%r{^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$}) } - end - context "passing timeouts => 'header=20-60,minrate=600'" do - let :params do - { timeouts: 'header=20-60,minrate=600' } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('reqtimeout') } - it { is_expected.to contain_file('reqtimeout.conf').with_content(%r{^RequestReadTimeout header=20-60,minrate=600$}) } - end - end - context 'on a Gentoo OS' do - let :facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - context 'passing no parameters' do - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('reqtimeout') } - it { is_expected.to contain_file('reqtimeout.conf').with_content(%r{^RequestReadTimeout header=20-40,minrate=500\nRequestReadTimeout body=10,minrate=500$}) } - end - context "passing timeouts => ['header=20-60,minrate=600', 'body=60,minrate=600']" do - let :params do - { timeouts: ['header=20-60,minrate=600', 'body=60,minrate=600'] } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('reqtimeout') } - it { is_expected.to contain_file('reqtimeout.conf').with_content(%r{^RequestReadTimeout header=20-60,minrate=600\nRequestReadTimeout body=60,minrate=600$}) } - end - context "passing timeouts => 'header=20-60,minrate=600'" do - let :params do - { timeouts: 'header=20-60,minrate=600' } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('reqtimeout') } - it { is_expected.to contain_file('reqtimeout.conf').with_content(%r{^RequestReadTimeout header=20-60,minrate=600$}) } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/rpaf_spec.rb b/puppet/modules/apache/spec/classes/mod/rpaf_spec.rb deleted file mode 100644 index eb389ba..0000000 --- a/puppet/modules/apache/spec/classes/mod/rpaf_spec.rb +++ /dev/null @@ -1,135 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::rpaf', type: :class do - it_behaves_like 'a mod class, without including apache' - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('rpaf') } - it { is_expected.to contain_package('libapache2-mod-rpaf') } - it { - is_expected.to contain_file('rpaf.conf').with('path' => '/etc/apache2/mods-available/rpaf.conf') - } - it { is_expected.to contain_file('rpaf.conf').with_content(%r{^RPAFenable On$}) } - - describe 'with sethostname => true' do - let :params do - { sethostname: 'true' } - end - - it { is_expected.to contain_file('rpaf.conf').with_content(%r{^RPAFsethostname On$}) } - end - describe 'with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]' do - let :params do - { proxy_ips: ['10.42.17.8', '10.42.18.99'] } - end - - it { is_expected.to contain_file('rpaf.conf').with_content(%r{^RPAFproxy_ips 10.42.17.8 10.42.18.99$}) } - end - describe 'with header => X-Real-IP' do - let :params do - { header: 'X-Real-IP' } - end - - it { is_expected.to contain_file('rpaf.conf').with_content(%r{^RPAFheader X-Real-IP$}) } - end - end - context 'on a FreeBSD OS' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '9', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('rpaf') } - it { is_expected.to contain_package('www/mod_rpaf2') } - it { - is_expected.to contain_file('rpaf.conf').with('path' => '/usr/local/etc/apache24/Modules/rpaf.conf') - } - it { is_expected.to contain_file('rpaf.conf').with_content(%r{^RPAFenable On$}) } - - describe 'with sethostname => true' do - let :params do - { sethostname: 'true' } - end - - it { is_expected.to contain_file('rpaf.conf').with_content(%r{^RPAFsethostname On$}) } - end - describe 'with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]' do - let :params do - { proxy_ips: ['10.42.17.8', '10.42.18.99'] } - end - - it { is_expected.to contain_file('rpaf.conf').with_content(%r{^RPAFproxy_ips 10.42.17.8 10.42.18.99$}) } - end - describe 'with header => X-Real-IP' do - let :params do - { header: 'X-Real-IP' } - end - - it { is_expected.to contain_file('rpaf.conf').with_content(%r{^RPAFheader X-Real-IP$}) } - end - end - context 'on a Gentoo OS' do - let :facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('rpaf') } - it { is_expected.to contain_package('www-apache/mod_rpaf') } - it { - is_expected.to contain_file('rpaf.conf').with('path' => '/etc/apache2/modules.d/rpaf.conf') - } - it { is_expected.to contain_file('rpaf.conf').with_content(%r{^RPAFenable On$}) } - - describe 'with sethostname => true' do - let :params do - { sethostname: 'true' } - end - - it { is_expected.to contain_file('rpaf.conf').with_content(%r{^RPAFsethostname On$}) } - end - describe 'with proxy_ips => [ 10.42.17.8, 10.42.18.99 ]' do - let :params do - { proxy_ips: ['10.42.17.8', '10.42.18.99'] } - end - - it { is_expected.to contain_file('rpaf.conf').with_content(%r{^RPAFproxy_ips 10.42.17.8 10.42.18.99$}) } - end - describe 'with header => X-Real-IP' do - let :params do - { header: 'X-Real-IP' } - end - - it { is_expected.to contain_file('rpaf.conf').with_content(%r{^RPAFheader X-Real-IP$}) } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/security_spec.rb b/puppet/modules/apache/spec/classes/mod/security_spec.rb deleted file mode 100644 index 570d9af..0000000 --- a/puppet/modules/apache/spec/classes/mod/security_spec.rb +++ /dev/null @@ -1,182 +0,0 @@ - -require 'spec_helper' - -describe 'apache::mod::security', type: :class do - on_supported_os.each do |os, facts| - context "on #{os} " do - let :facts do - facts - end - - case facts[:os]['family'] - when 'RedHat' - context 'on RedHat based systems' do - it { - is_expected.to contain_apache__mod('security').with( - id: 'security2_module', - lib: 'mod_security2.so', - ) - } - it { - is_expected.to contain_apache__mod('unique_id_module').with( - id: 'unique_id_module', - lib: 'mod_unique_id.so', - ) - } - it { is_expected.to contain_package('mod_security_crs') } - if facts[:os]['release']['major'].to_i > 6 - it { - is_expected.to contain_file('security.conf').with( - path: '/etc/httpd/conf.modules.d/security.conf', - ) - } - end - it { - is_expected.to contain_file('security.conf') - .with_content(%r{^\s+SecAuditLogRelevantStatus "\^\(\?:5\|4\(\?!04\)\)"$}) - .with_content(%r{^\s+SecAuditLogParts ABIJDEFHZ$}) - .with_content(%r{^\s+SecDebugLog /var/log/httpd/modsec_debug.log$}) - .with_content(%r{^\s+SecAuditLog /var/log/httpd/modsec_audit.log$}) - } - it { - is_expected.to contain_file('/etc/httpd/modsecurity.d').with( - ensure: 'directory', path: '/etc/httpd/modsecurity.d', - owner: 'root', group: 'root', mode: '0755' - ) - } - it { - is_expected.to contain_file('/etc/httpd/modsecurity.d/activated_rules').with( - ensure: 'directory', path: '/etc/httpd/modsecurity.d/activated_rules', - owner: 'apache', group: 'apache' - ) - } - it { - is_expected.to contain_file('/etc/httpd/modsecurity.d/security_crs.conf').with( - path: '/etc/httpd/modsecurity.d/security_crs.conf', - ) - } - it { is_expected.to contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') } - it { - is_expected.to contain_file('modsecurity_35_bad_robots.data').with( - path: '/etc/httpd/modsecurity.d/activated_rules/modsecurity_35_bad_robots.data', - target: '/usr/lib/modsecurity.d/base_rules/modsecurity_35_bad_robots.data', - ) - } - - describe 'with parameters' do - let :params do - { - activated_rules: [ - '/tmp/foo/bar.conf', - ], - audit_log_relevant_status: '^(?:5|4(?!01|04))', - audit_log_parts: 'ABCDZ', - secdefaultaction: 'deny,status:406,nolog,auditlog', - } - end - - it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogRelevantStatus "\^\(\?:5\|4\(\?!01\|04\)\)"$} } - it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABCDZ$} } - it { is_expected.to contain_file('/etc/httpd/modsecurity.d/security_crs.conf').with_content %r{^\s*SecDefaultAction "phase:2,deny,status:406,nolog,auditlog"$} } - it { - is_expected.to contain_file('bar.conf').with( - path: '/etc/httpd/modsecurity.d/activated_rules/bar.conf', - target: '/tmp/foo/bar.conf', - ) - } - end - describe 'with other modsec parameters' do - let :params do - { - manage_security_crs: false, - } - end - - it { is_expected.not_to contain_file('/etc/httpd/modsecurity.d/security_crs.conf') } - end - end - when 'Debian' - context 'on Debian based systems' do - it { - is_expected.to contain_apache__mod('security').with( - id: 'security2_module', - lib: 'mod_security2.so', - ) - } - it { - is_expected.to contain_apache__mod('unique_id_module').with( - id: 'unique_id_module', - lib: 'mod_unique_id.so', - ) - } - it { is_expected.to contain_package('modsecurity-crs') } - it { - is_expected.to contain_file('security.conf').with( - path: '/etc/apache2/mods-available/security.conf', - ) - } - it { - is_expected.to contain_file('security.conf') - .with_content(%r{^\s+SecAuditLogRelevantStatus "\^\(\?:5\|4\(\?!04\)\)"$}) - .with_content(%r{^\s+SecAuditLogParts ABIJDEFHZ$}) - .with_content(%r{^\s+SecDebugLog /var/log/apache2/modsec_debug.log$}) - .with_content(%r{^\s+SecAuditLog /var/log/apache2/modsec_audit.log$}) - } - it { - is_expected.to contain_file('/etc/modsecurity').with( - ensure: 'directory', path: '/etc/modsecurity', - owner: 'root', group: 'root', mode: '0755' - ) - } - it { - is_expected.to contain_file('/etc/modsecurity/activated_rules').with( - ensure: 'directory', path: '/etc/modsecurity/activated_rules', - owner: 'www-data', group: 'www-data' - ) - } - it { - is_expected.to contain_file('/etc/modsecurity/security_crs.conf').with( - path: '/etc/modsecurity/security_crs.conf', - ) - } - if (facts[:os]['release']['major'].to_i < 18 && facts[:os]['name'] == 'Ubuntu') || - (facts[:os]['release']['major'].to_i < 9 && facts[:os]['name'] == 'Debian') - it { is_expected.to contain_apache__security__rule_link('base_rules/modsecurity_35_bad_robots.data') } - it { - is_expected.to contain_file('modsecurity_35_bad_robots.data').with( - path: '/etc/modsecurity/activated_rules/modsecurity_35_bad_robots.data', - target: '/usr/share/modsecurity-crs/base_rules/modsecurity_35_bad_robots.data', - ) - } - end - - describe 'with parameters' do - let :params do - { - activated_rules: [ - '/tmp/foo/bar.conf', - ], - audit_log_relevant_status: '^(?:5|4(?!01|04))', - audit_log_parts: 'ABCDZ', - secdefaultaction: 'deny,status:406,nolog,auditlog', - } - end - - if (facts[:os]['release']['major'].to_i < 18 && facts[:os]['name'] == 'Ubuntu') || - (facts[:os]['release']['major'].to_i < 9 && facts[:os]['name'] == 'Debian') - it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogRelevantStatus "\^\(\?:5\|4\(\?!01\|04\)\)"$} } - it { is_expected.to contain_file('security.conf').with_content %r{^\s+SecAuditLogParts ABCDZ$} } - it { is_expected.to contain_file('/etc/modsecurity/security_crs.conf').with_content %r{^\s*SecDefaultAction "phase:2,deny,status:406,nolog,auditlog"$} } - it { - is_expected.to contain_file('bar.conf').with( - path: '/etc/modsecurity/activated_rules/bar.conf', - target: '/tmp/foo/bar.conf', - ) - } - end - end - end - end - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/shib_spec.rb b/puppet/modules/apache/spec/classes/mod/shib_spec.rb deleted file mode 100644 index ec9706c..0000000 --- a/puppet/modules/apache/spec/classes/mod/shib_spec.rb +++ /dev/null @@ -1,42 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::shib', type: :class do - it_behaves_like 'a mod class, without including apache' - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - fqdn: 'test.example.com', - is_pe: false, - } - end - - describe 'with no parameters' do - it { is_expected.to contain_apache__mod('shib2').with_id('mod_shib') } - end - end - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - fqdn: 'test.example.com', - is_pe: false, - } - end - - describe 'with no parameters' do - it { is_expected.to contain_apache__mod('shib2').with_id('mod_shib') } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/speling_spec.rb b/puppet/modules/apache/spec/classes/mod/speling_spec.rb deleted file mode 100644 index 1824c72..0000000 --- a/puppet/modules/apache/spec/classes/mod/speling_spec.rb +++ /dev/null @@ -1,37 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::speling', type: :class do - it_behaves_like 'a mod class, without including apache' - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_apache__mod('speling') } - end - - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_apache__mod('speling') } - end -end diff --git a/puppet/modules/apache/spec/classes/mod/ssl_spec.rb b/puppet/modules/apache/spec/classes/mod/ssl_spec.rb deleted file mode 100644 index 31fc442..0000000 --- a/puppet/modules/apache/spec/classes/mod/ssl_spec.rb +++ /dev/null @@ -1,337 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::ssl', type: :class do - it_behaves_like 'a mod class, without including apache' - context 'on an unsupported OS' do - let :facts do - { - osfamily: 'Magic', - operatingsystemrelease: '0', - operatingsystem: 'Magic', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { expect { catalogue }.to raise_error(Puppet::Error, %r{Unsupported osfamily:}) } - end - - context 'on a RedHat' do - context '6 OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('ssl') } - it { is_expected.to contain_package('mod_ssl') } - it { is_expected.to contain_file('ssl.conf').with_path('/etc/httpd/conf.d/ssl.conf') } - end - context '6 OS with a custom package_name parameter' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let :params do - { package_name: 'httpd24-mod_ssl' } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('ssl') } - it { is_expected.to contain_package('httpd24-mod_ssl') } - it { is_expected.not_to contain_package('mod_ssl') } - it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLSessionCache "shmcb:/var/cache/mod_ssl/scache\(512000\)"$}) } - end - - context '7 OS with custom directories for PR#1635' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '7', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let :pre_condition do - "class { 'apache': - confd_dir => '/etc/httpd/conf.puppet.d', - default_mods => false, - default_vhost => false, - mod_dir => '/etc/httpd/conf.modules.puppet.d', - vhost_dir => '/etc/httpd/conf.puppet.d', - }" - end - - it { is_expected.to contain_package('mod_ssl') } - it { is_expected.to contain_file('ssl.conf').with_path('/etc/httpd/conf.puppet.d/ssl.conf') } - end - end - - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('ssl') } - it { is_expected.not_to contain_package('libapache2-mod-ssl') } - end - - context 'on a FreeBSD OS' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '9', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('ssl') } - end - - context 'on a Gentoo OS' do - let :facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('ssl') } - it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLSessionCache "shmcb:/var/run/ssl_scache\(512000\)"$}) } - end - - context 'on a Suse OS' do - let :facts do - { - osfamily: 'Suse', - operatingsystem: 'SLES', - operatingsystemrelease: '12', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__mod('ssl') } - it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLSessionCache "shmcb:/var/lib/apache2/ssl_scache\(512000\)"$}) } - end - # Template config doesn't vary by distro - context 'on all distros' do - let :facts do - { - osfamily: 'RedHat', - operatingsystem: 'CentOS', - operatingsystemrelease: '6', - kernel: 'Linux', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - context 'not setting ssl_pass_phrase_dialog' do - it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLPassPhraseDialog builtin$}) } - end - - context 'setting ssl_cert' do - let :params do - { - ssl_cert: '/etc/pki/some/path/localhost.crt', - } - end - - it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLCertificateFile}) } - end - - context 'setting ssl_key' do - let :params do - { - ssl_key: '/etc/pki/some/path/localhost.key', - } - end - - it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLCertificateKeyFile}) } - end - - context 'setting ssl_ca to a path' do - let :params do - { - ssl_ca: '/etc/pki/some/path/ca.crt', - } - end - - it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLCACertificateFile}) } - end - - context 'with Apache version < 2.4 - ssl_compression with default value' do - let :params do - { - apache_version: '2.2', - } - end - - it { is_expected.not_to contain_file('ssl.conf').with_content(%r{^ SSLCompression Off$}) } - end - context 'with Apache version < 2.4 - setting ssl_compression to true' do - let :params do - { - apache_version: '2.2', - ssl_compression: true, - } - end - - it { is_expected.not_to contain_file('ssl.conf').with_content(%r{^ SSLCompression On$}) } - end - context 'with Apache version < 2.4 - setting ssl_stapling to true' do - let :params do - { - apache_version: '2.2', - ssl_stapling: true, - } - end - - it { is_expected.not_to contain_file('ssl.conf').with_content(%r{^ SSLUseStapling}) } - end - - context 'with Apache version >= 2.4 - ssl_compression with default value' do - let :params do - { - apache_version: '2.4', - } - end - - it { is_expected.not_to contain_file('ssl.conf').with_content(%r{^ SSLCompression Off$}) } - end - context 'with Apache version >= 2.4' do - let :params do - { - apache_version: '2.4', - ssl_compression: true, - } - end - - it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLCompression On$}) } - end - context 'with Apache version >= 2.4 - setting ssl_stapling to true' do - let :params do - { - apache_version: '2.4', - ssl_stapling: true, - } - end - - it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLUseStapling On$}) } - end - context 'with Apache version >= 2.4 - setting ssl_stapling_return_errors to true' do - let :params do - { - apache_version: '2.4', - ssl_stapling_return_errors: true, - } - end - - it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLStaplingReturnResponderErrors On$}) } - end - - context 'setting ssl_pass_phrase_dialog' do - let :params do - { - ssl_pass_phrase_dialog: 'exec:/path/to/program', - } - end - - it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLPassPhraseDialog exec:\/path\/to\/program$}) } - end - - context 'setting ssl_random_seed_bytes' do - let :params do - { - ssl_random_seed_bytes: '1024', - } - end - - it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLRandomSeed startup file:/dev/urandom 1024$}) } - end - - context 'setting ssl_openssl_conf_cmd' do - let :params do - { - ssl_openssl_conf_cmd: 'DHParameters "foo.pem"', - } - end - - it { is_expected.to contain_file('ssl.conf').with_content(%r{^\s+SSLOpenSSLConfCmd DHParameters "foo.pem"$}) } - end - - context 'setting ssl_mutex' do - let :params do - { - ssl_mutex: 'posixsem', - } - end - - it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLMutex posixsem$}) } - end - context 'setting ssl_sessioncache' do - let :params do - { - ssl_sessioncache: '/tmp/customsessioncache(51200)', - } - end - - it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLSessionCache "shmcb:/tmp/customsessioncache\(51200\)"$}) } - end - context 'setting ssl_proxy_protocol' do - let :params do - { - ssl_proxy_protocol: ['-ALL', '+TLSv1'], - } - end - - it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLProxyProtocol -ALL \+TLSv1$}) } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/status_spec.rb b/puppet/modules/apache/spec/classes/mod/status_spec.rb deleted file mode 100644 index 09c6bb7..0000000 --- a/puppet/modules/apache/spec/classes/mod/status_spec.rb +++ /dev/null @@ -1,328 +0,0 @@ -require 'spec_helper' - -# Helper function for testing the contents of `status.conf` -# Apache < 2.4 -def status_conf_spec(allow_from, extended_status, status_path) - expected = - "\n"\ - " SetHandler server-status\n"\ - " Order deny,allow\n"\ - " Deny from all\n"\ - " Allow from #{Array(allow_from).join(' ')}\n"\ - "\n"\ - "ExtendedStatus #{extended_status}\n"\ - "\n"\ - "\n"\ - " # Show Proxy LoadBalancer status in mod_status\n"\ - " ProxyStatus On\n"\ - "\n" - it do - is_expected.to contain_file('status.conf').with_content(expected) - end -end - -# Apache >= 2.4 -def require_directives(requires) - if requires == :undef - " Require ip 127.0.0.1 ::1\n" - elsif requires.is_a?(String) - if ['', 'unmanaged'].include? requires.downcase - '' - else - " Require #{requires}\n" - end - elsif requires.is_a?(Array) - requires.map { |req| " Require #{req}\n" }.join('') - elsif requires.is_a?(Hash) - if requires.key?(:enforce) - \ - " \n" + \ - requires[:requires].map { |req| " Require #{req}\n" }.join('') + \ - " \n" - else - requires[:requires].map { |req| " Require #{req}\n" }.join('') - end - end -end - -def status_conf_spec_require(requires, extended_status, status_path) - expected = - "\n"\ - " SetHandler server-status\n"\ - "#{require_directives(requires)}"\ - "\n"\ - "ExtendedStatus #{extended_status}\n"\ - "\n"\ - "\n"\ - " # Show Proxy LoadBalancer status in mod_status\n"\ - " ProxyStatus On\n"\ - "\n" - it do - is_expected.to contain_file('status.conf').with_content(expected) - end -end - -describe 'apache::mod::status', type: :class do - it_behaves_like 'a mod class, without including apache' - - context 'default configuration with parameters' do - context 'on a Debian 6 OS with default params' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '6', - lsbdistcodename: 'squeeze', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_apache__mod('status') } - - status_conf_spec(['127.0.0.1', '::1'], 'On', '/server-status') - - it { - is_expected.to contain_file('status.conf').with(ensure: 'file', - path: '/etc/apache2/mods-available/status.conf') - } - - it { - is_expected.to contain_file('status.conf symlink').with(ensure: 'link', - path: '/etc/apache2/mods-enabled/status.conf') - } - end - - context 'on a RedHat 6 OS with default params' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_apache__mod('status') } - - status_conf_spec(['127.0.0.1', '::1'], 'On', '/server-status') - - it { is_expected.to contain_file('status.conf').with_path('/etc/httpd/conf.d/status.conf') } - end - - valid_requires = { - undef: :undef, - empty: '', - unmanaged: 'unmanaged', - string: 'ip 127.0.0.1 192.168', - array: [ - 'ip 127.0.0.1', - 'ip ::1', - 'host localhost', - ], - hash: { - requires: [ - 'ip 10.1', - 'host somehost', - ], - }, - enforce: { - enforce: 'all', - requires: [ - 'ip 127.0.0.1', - 'host localhost', - ], - }, - } - valid_requires.each do |req_key, req_value| - context "on a Debian 8 OS with default params and #{req_key} requires" do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'squeeze', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - let :params do - { - requires: req_value, - } - end - - it { is_expected.to contain_apache__mod('status') } - - status_conf_spec_require(req_value, 'On', '/server-status') - - it { - is_expected.to contain_file('status.conf').with(ensure: 'file', - path: '/etc/apache2/mods-available/status.conf') - } - - it { - is_expected.to contain_file('status.conf symlink').with(ensure: 'link', - path: '/etc/apache2/mods-enabled/status.conf') - } - end - - context "on a RedHat 7 OS with default params and #{req_key} requires" do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '7', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - let :params do - { - requires: req_value, - } - end - - it { is_expected.to contain_apache__mod('status') } - - status_conf_spec_require(req_value, 'On', '/server-status') - - it { is_expected.to contain_file('status.conf').with_path('/etc/httpd/conf.modules.d/status.conf') } - end - end - - context "with custom parameters $allow_from => ['10.10.10.10','11.11.11.11'], $extended_status => 'Off', $status_path => '/custom-status'" do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '6', - lsbdistcodename: 'squeeze', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let :params do - { - allow_from: ['10.10.10.10', '11.11.11.11'], - extended_status: 'Off', - status_path: '/custom-status', - } - end - - status_conf_spec(['10.10.10.10', '11.11.11.11'], 'Off', '/custom-status') - end - - context "with valid parameter type $allow_from => ['10.10.10.10']" do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '6', - lsbdistcodename: 'squeeze', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let :params do - { allow_from: ['10.10.10.10'] } - end - - it 'expects to succeed array validation' do - expect { - is_expected.to contain_file('status.conf') - }.not_to raise_error - end - end - - context "with invalid parameter type $allow_from => '10.10.10.10'" do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '6', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let :params do - { allow_from: '10.10.10.10' } - end - - it 'expects to fail array validation' do - expect { - is_expected.to contain_file('status.conf') - }.to raise_error(Puppet::Error) - end - end - - # Only On or Off are valid options - ['On', 'Off'].each do |valid_param| - context "with valid value $extended_status => '#{valid_param}'" do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '6', - lsbdistcodename: 'squeeze', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let :params do - { extended_status: valid_param } - end - - it 'expects to succeed regular expression validation' do - expect { - is_expected.to contain_file('status.conf') - }.not_to raise_error - end - end - end - - ['Yes', 'No'].each do |invalid_param| - context "with invalid value $extended_status => '#{invalid_param}'" do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '6', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let :params do - { extended_status: invalid_param } - end - - it 'expects to fail regular expression validation' do - expect { - is_expected.to contain_file('status.conf') - }.to raise_error(Puppet::Error) - end - end - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/suphp_spec.rb b/puppet/modules/apache/spec/classes/mod/suphp_spec.rb deleted file mode 100644 index db4bebd..0000000 --- a/puppet/modules/apache/spec/classes/mod/suphp_spec.rb +++ /dev/null @@ -1,16 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::suphp', type: :class do - on_supported_os.each do |os, facts| - # suphp has been declared EOL and is no longer supported on any Debian module that we test on - next unless facts[:os]['family'] == 'RedHat' - context "on #{os} " do - let :facts do - facts - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_package('mod_suphp') } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/userdir_spec.rb b/puppet/modules/apache/spec/classes/mod/userdir_spec.rb deleted file mode 100644 index f33920a..0000000 --- a/puppet/modules/apache/spec/classes/mod/userdir_spec.rb +++ /dev/null @@ -1,59 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::userdir', type: :class do - context 'on a Debian OS' do - let :pre_condition do - 'class { "apache": - default_mods => false, - mod_dir => "/tmp/junk", - }' - end - let :facts do - { - lsbdistcodename: 'jessie', - osfamily: 'Debian', - operatingsystemrelease: '8', - operatingsystemmajrelease: '8', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - context 'default parameters' do - it { is_expected.to compile } - end - context 'with dir set to something' do - let :params do - { - dir: 'hi', - } - end - - it { is_expected.to contain_file('userdir.conf').with_content(%r{^\s*UserDir\s+/home/\*/hi$}) } - it { is_expected.to contain_file('userdir.conf').with_content(%r{^\s*\$}) } - end - context 'with home set to something' do - let :params do - { - home: '/u', - } - end - - it { is_expected.to contain_file('userdir.conf').with_content(%r{^\s*UserDir\s+/u/\*/public_html$}) } - it { is_expected.to contain_file('userdir.conf').with_content(%r{^\s*\$}) } - end - context 'with path set to something' do - let :params do - { - path: 'public_html /usr/web http://www.example.com/', - } - end - - it { is_expected.to contain_file('userdir.conf').with_content(%r{^\s*UserDir\s+public_html /usr/web http://www\.example\.com/$}) } - it { is_expected.to contain_file('userdir.conf').with_content(%r{^\s*\$}) } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/worker_spec.rb b/puppet/modules/apache/spec/classes/mod/worker_spec.rb deleted file mode 100644 index 2ebd5a9..0000000 --- a/puppet/modules/apache/spec/classes/mod/worker_spec.rb +++ /dev/null @@ -1,187 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::worker', type: :class do - let :pre_condition do - 'class { "apache": mpm_module => false, }' - end - - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.not_to contain_apache__mod('worker') } - it { is_expected.to contain_file('/etc/apache2/mods-available/worker.conf').with_ensure('file') } - it { is_expected.to contain_file('/etc/apache2/mods-enabled/worker.conf').with_ensure('link') } - - context 'with Apache version < 2.4' do - let :params do - { - apache_version: '2.2', - } - end - - it { is_expected.not_to contain_file('/etc/apache2/mods-available/worker.load') } - it { is_expected.not_to contain_file('/etc/apache2/mods-enabled/worker.load') } - - it { is_expected.to contain_package('apache2-mpm-worker') } - end - - context 'with Apache version >= 2.4' do - let :params do - { - apache_version: '2.4', - } - end - - it { - is_expected.to contain_file('/etc/apache2/mods-available/worker.load').with('ensure' => 'file', - 'content' => "LoadModule mpm_worker_module /usr/lib/apache2/modules/mod_mpm_worker.so\n") - } - it { is_expected.to contain_file('/etc/apache2/mods-enabled/worker.load').with_ensure('link') } - end - end - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.not_to contain_apache__mod('worker') } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with_ensure('file') } - - context 'with Apache version < 2.4' do - let :params do - { - apache_version: '2.2', - } - end - - it { - is_expected.to contain_file_line('/etc/sysconfig/httpd worker enable').with('require' => 'Package[httpd]') - } - end - - context 'with Apache version >= 2.4' do - let :params do - { - apache_version: '2.4', - } - end - - it { is_expected.not_to contain_apache__mod('event') } - - it { - is_expected.to contain_file('/etc/httpd/conf.d/worker.load').with('ensure' => 'file', - 'content' => "LoadModule mpm_worker_module modules/mod_mpm_worker.so\n") - } - end - end - context 'on a FreeBSD OS' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '9', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.not_to contain_apache__mod('worker') } - it { is_expected.to contain_file('/usr/local/etc/apache24/Modules/worker.conf').with_ensure('file') } - end - context 'on a Gentoo OS' do - let :facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.not_to contain_apache__mod('worker') } - it { is_expected.to contain_file('/etc/apache2/modules.d/worker.conf').with_ensure('file') } - end - - # Template config doesn't vary by distro - context 'on all distros' do - let :facts do - { - osfamily: 'RedHat', - operatingsystem: 'CentOS', - operatingsystemrelease: '6', - kernel: 'Linux', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - context 'defaults' do - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^$}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^\s+ServerLimit\s+25$}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^\s+StartServers\s+2$}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^\s+MaxClients\s+150$}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^\s+MinSpareThreads\s+25$}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^\s+MaxSpareThreads\s+75$}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^\s+ThreadsPerChild\s+25$}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^\s+MaxRequestsPerChild\s+0$}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^\s+ThreadLimit\s+64$}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^\s*ListenBacklog\s*511}) } - end - - context 'setting params' do - let :params do - { - serverlimit: 10, - startservers: 11, - maxclients: 12, - minsparethreads: 13, - maxsparethreads: 14, - threadsperchild: 15, - maxrequestsperchild: 16, - threadlimit: 17, - listenbacklog: 8, - } - end - - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^$}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^\s+ServerLimit\s+10$}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^\s+StartServers\s+11$}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^\s+MaxClients\s+12$}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^\s+MinSpareThreads\s+13$}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^\s+MaxSpareThreads\s+14$}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^\s+ThreadsPerChild\s+15$}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^\s+MaxRequestsPerChild\s+16$}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^\s+ThreadLimit\s+17$}) } - it { is_expected.to contain_file('/etc/httpd/conf.d/worker.conf').with(content: %r{^\s*ListenBacklog\s*8}) } - end - end -end diff --git a/puppet/modules/apache/spec/classes/mod/wsgi_spec.rb b/puppet/modules/apache/spec/classes/mod/wsgi_spec.rb deleted file mode 100644 index f7c94a5..0000000 --- a/puppet/modules/apache/spec/classes/mod/wsgi_spec.rb +++ /dev/null @@ -1,205 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod::wsgi', type: :class do - it_behaves_like 'a mod class, without including apache' - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { - is_expected.to contain_class('apache::mod::wsgi').with( - 'wsgi_socket_prefix' => nil, - ) - } - it { is_expected.to contain_package('libapache2-mod-wsgi') } - end - context 'on a RedHat OS' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { - is_expected.to contain_class('apache::mod::wsgi').with( - 'wsgi_socket_prefix' => '/var/run/wsgi', - ) - } - it { is_expected.to contain_package('mod_wsgi') } - - describe 'with WSGIRestrictEmbedded enabled' do - let :params do - { wsgi_restrict_embedded: 'On' } - end - - it { is_expected.to contain_file('wsgi.conf').with_content(%r{^ WSGIRestrictEmbedded On$}) } - end - describe 'with custom WSGISocketPrefix' do - let :params do - { wsgi_socket_prefix: 'run/wsgi' } - end - - it { is_expected.to contain_file('wsgi.conf').with_content(%r{^ WSGISocketPrefix run\/wsgi$}) } - end - describe 'with custom WSGIPythonHome' do - let :params do - { wsgi_python_home: '/path/to/virtenv' } - end - - it { is_expected.to contain_file('wsgi.conf').with_content(%r{^ WSGIPythonHome "\/path\/to\/virtenv"$}) } - end - describe 'with custom WSGIApplicationGroup' do - let :params do - { wsgi_application_group: '%{GLOBAL}' } - end - - it { is_expected.to contain_file('wsgi.conf').with_content(%r{^ WSGIApplicationGroup "%{GLOBAL}"$}) } - end - describe 'with custom WSGIPythonOptimize' do - let :params do - { wsgi_python_optimize: 1 } - end - - it { is_expected.to contain_file('wsgi.conf').with_content(%r{^ WSGIPythonOptimize 1$}) } - end - describe 'with custom package_name and mod_path' do - let :params do - { - package_name: 'mod_wsgi_package', - mod_path: '/foo/bar/baz', - } - end - - it { - is_expected.to contain_apache__mod('wsgi').with('package' => 'mod_wsgi_package', - 'path' => '/foo/bar/baz') - } - it { is_expected.to contain_package('mod_wsgi_package') } - it { is_expected.to contain_file('wsgi.load').with_content(%r{LoadModule wsgi_module /foo/bar/baz}) } - end - describe 'with custom mod_path not containing /' do - let :params do - { - package_name: 'mod_wsgi_package', - mod_path: 'wsgi_mod_name.so', - } - end - - it { - is_expected.to contain_apache__mod('wsgi').with('path' => 'modules/wsgi_mod_name.so', - 'package' => 'mod_wsgi_package') - } - it { is_expected.to contain_file('wsgi.load').with_content(%r{LoadModule wsgi_module modules/wsgi_mod_name.so}) } - end - describe 'with package_name but no mod_path' do - let :params do - { - mod_path: '/foo/bar/baz', - } - end - - it { expect { catalogue }.to raise_error Puppet::Error, %r{apache::mod::wsgi - both package_name and mod_path must be specified!} } - end - describe 'with mod_path but no package_name' do - let :params do - { - package_name: '/foo/bar/baz', - } - end - - it { expect { catalogue }.to raise_error Puppet::Error, %r{apache::mod::wsgi - both package_name and mod_path must be specified!} } - end - end - context 'on a FreeBSD OS' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '9', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { - is_expected.to contain_class('apache::mod::wsgi').with( - 'wsgi_socket_prefix' => nil, - ) - } - it { is_expected.to contain_package('www/mod_wsgi') } - end - context 'on a Gentoo OS' do - let :facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - it { is_expected.to contain_class('apache::params') } - it { - is_expected.to contain_class('apache::mod::wsgi').with( - 'wsgi_socket_prefix' => nil, - ) - } - it { is_expected.to contain_package('www-apache/mod_wsgi') } - end - context 'overriding mod_libs' do - context 'on a RedHat OS', :compile do - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'RedHat', - operatingsystem: 'Fedora', - operatingsystemrelease: '28', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let :pre_condition do - <<-MANIFEST - include apache::params - class { 'apache': - mod_packages => merge($::apache::params::mod_packages, { - 'wsgi' => 'python3-mod_wsgi', - }), - mod_libs => merge($::apache::params::mod_libs, { - 'wsgi' => 'mod_wsgi_python3.so', - }) - } - MANIFEST - end - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_file('wsgi.load').with_content(%r{LoadModule wsgi_module modules/mod_wsgi_python3.so}) } - it { is_expected.to contain_package('python3-mod_wsgi') } - end - end -end diff --git a/puppet/modules/apache/spec/classes/params_spec.rb b/puppet/modules/apache/spec/classes/params_spec.rb deleted file mode 100644 index ad61637..0000000 --- a/puppet/modules/apache/spec/classes/params_spec.rb +++ /dev/null @@ -1,21 +0,0 @@ -require 'spec_helper' - -describe 'apache::params', type: :class do - context 'On a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { is_expected.to compile.with_all_deps } - it { is_expected.to have_resource_count(0) } - end -end diff --git a/puppet/modules/apache/spec/classes/service_spec.rb b/puppet/modules/apache/spec/classes/service_spec.rb deleted file mode 100644 index 0ade8ef..0000000 --- a/puppet/modules/apache/spec/classes/service_spec.rb +++ /dev/null @@ -1,173 +0,0 @@ -require 'spec_helper' - -describe 'apache::service', type: :class do - let :pre_condition do - 'include apache::params' - end - - context 'on a Debian OS' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { - is_expected.to contain_service('httpd').with( - 'name' => 'apache2', - 'ensure' => 'running', - 'enable' => 'true', - ) - } - - context "with $service_name => 'foo'" do - let(:params) { { service_name: 'foo' } } - - it { - is_expected.to contain_service('httpd').with( - 'name' => 'foo', - ) - } - end - - context 'with $service_enable => true' do - let(:params) { { service_enable: true } } - - it { - is_expected.to contain_service('httpd').with( - 'name' => 'apache2', - 'ensure' => 'running', - 'enable' => 'true', - ) - } - end - - context 'with $service_enable => false' do - let(:params) { { service_enable: false } } - - it { - is_expected.to contain_service('httpd').with( - 'name' => 'apache2', - 'ensure' => 'running', - 'enable' => 'false', - ) - } - end - - context "with $service_ensure => 'running'" do - let(:params) { { service_ensure: 'running' } } - - it { - is_expected.to contain_service('httpd').with( - 'ensure' => 'running', - 'enable' => 'true', - ) - } - end - - context "with $service_ensure => 'stopped'" do - let(:params) { { service_ensure: 'stopped' } } - - it { - is_expected.to contain_service('httpd').with( - 'ensure' => 'stopped', - 'enable' => 'true', - ) - } - end - - context "with $service_ensure => 'UNDEF'" do - let(:params) { { service_ensure: 'UNDEF' } } - - it { is_expected.to contain_service('httpd').without_ensure } - end - - context 'with $service_restart unset' do - it { is_expected.to contain_service('httpd').without_restart } - end - - context "with $service_restart => '/usr/sbin/apachectl graceful'" do - let(:params) { { service_restart: '/usr/sbin/apachectl graceful' } } - - it { - is_expected.to contain_service('httpd').with( - 'restart' => '/usr/sbin/apachectl graceful', - ) - } - end - end - - context 'on a RedHat 5 OS, do not manage service' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '5', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let(:params) do - { - 'service_ensure' => 'running', - 'service_name' => 'httpd', - 'service_manage' => false, - } - end - - it { is_expected.not_to contain_service('httpd') } - end - - context 'on a FreeBSD 5 OS' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '9', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - it { - is_expected.to contain_service('httpd').with( - 'name' => 'apache24', - 'ensure' => 'running', - 'enable' => 'true', - ) - } - end - - context 'on a Gentoo OS' do - let :facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - it { - is_expected.to contain_service('httpd').with( - 'name' => 'apache2', - 'ensure' => 'running', - 'enable' => 'true', - ) - } - end -end diff --git a/puppet/modules/apache/spec/classes/vhosts_spec.rb b/puppet/modules/apache/spec/classes/vhosts_spec.rb deleted file mode 100644 index 319e3df..0000000 --- a/puppet/modules/apache/spec/classes/vhosts_spec.rb +++ /dev/null @@ -1,37 +0,0 @@ -require 'spec_helper' - -describe 'apache::vhosts', type: :class do - context 'on all OSes' do - let :facts do - { - id: 'root', - kernel: 'Linux', - osfamily: 'RedHat', - operatingsystem: 'RedHat', - operatingsystemrelease: '6', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - context 'with custom vhosts parameter' do - let :params do - { - vhosts: { - 'custom_vhost_1' => { - 'docroot' => '/var/www/custom_vhost_1', - 'port' => '81', - }, - 'custom_vhost_2' => { - 'docroot' => '/var/www/custom_vhost_2', - 'port' => '82', - }, - }, - } - end - - it { is_expected.to contain_apache__vhost('custom_vhost_1') } - it { is_expected.to contain_apache__vhost('custom_vhost_2') } - end - end -end diff --git a/puppet/modules/apache/spec/default_facts.yml b/puppet/modules/apache/spec/default_facts.yml deleted file mode 100644 index ea1e480..0000000 --- a/puppet/modules/apache/spec/default_facts.yml +++ /dev/null @@ -1,7 +0,0 @@ -# Use default_module_facts.yml for module specific facts. -# -# Facts specified here will override the values provided by rspec-puppet-facts. ---- -ipaddress: "172.16.254.254" -is_pe: false -macaddress: "AA:AA:AA:AA:AA:AA" diff --git a/puppet/modules/apache/spec/defines/balancer_spec.rb b/puppet/modules/apache/spec/defines/balancer_spec.rb deleted file mode 100644 index 4b6f96e..0000000 --- a/puppet/modules/apache/spec/defines/balancer_spec.rb +++ /dev/null @@ -1,83 +0,0 @@ -require 'spec_helper' - -describe 'apache::balancer', type: :define do - let :title do - 'myapp' - end - let :facts do - { - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - kernel: 'Linux', - is_pe: false, - } - end - - describe 'apache pre_condition with defaults' do - let :pre_condition do - 'include apache' - end - - describe 'works when only declaring resource title' do - it { is_expected.to contain_concat('apache_balancer_myapp') } - it { is_expected.to contain_concat__fragment('00-myapp-header').with_content(%r{^$}) } - end - describe 'accept a target parameter and use it' do - let :params do - { - target: '/tmp/myapp.conf', - } - end - - it { - is_expected.to contain_concat('apache_balancer_myapp').with(path: '/tmp/myapp.conf') - } - end - describe 'accept an options parameter and use it' do - let :params do - { - options: ['timeout=0', 'nonce=none'], - } - end - - it { - is_expected.to contain_concat__fragment('00-myapp-header').with_content( - %r{^$}, - ) - } - end - end - describe 'apache pre_condition with conf_dir set' do - let :pre_condition do - 'class{"apache": - confd_dir => "/junk/path" - }' - end - - it { - is_expected.to contain_concat('apache_balancer_myapp').with(path: '/junk/path/balancer_myapp.conf') - } - end - - describe 'with lbmethod and with apache::mod::proxy_balancer::apache_version set' do - let :pre_condition do - 'class{"apache::mod::proxy_balancer": - apache_version => "2.4" - }' - end - let :params do - { - proxy_set: { - 'lbmethod' => 'bytraffic', - }, - } - end - - it { is_expected.to contain_apache__mod('slotmem_shm') } - it { is_expected.to contain_apache__mod('lbmethod_bytraffic') } - end -end diff --git a/puppet/modules/apache/spec/defines/balancermember_spec.rb b/puppet/modules/apache/spec/defines/balancermember_spec.rb deleted file mode 100644 index 1e57ca5..0000000 --- a/puppet/modules/apache/spec/defines/balancermember_spec.rb +++ /dev/null @@ -1,63 +0,0 @@ -require 'spec_helper' - -describe 'apache::balancermember', type: :define do - let :pre_condition do - 'include apache' - end - let :facts do - { - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - id: 'root', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - kernel: 'Linux', - is_pe: false, - } - end - - describe 'allows multiple balancermembers with the same url' do - let :pre_condition do - 'include apache - apache::balancer {"balancer":} - apache::balancer {"balancer-external":} - apache::balancermember {"http://127.0.0.1:8080-external": url => "http://127.0.0.1:8080/", balancer_cluster => "balancer-external"} - ' - end - let :title do - 'http://127.0.0.1:8080/' - end - let :params do - { - options: [], - url: 'http://127.0.0.1:8080/', - balancer_cluster: 'balancer-internal', - } - end - - it { is_expected.to contain_concat__fragment('BalancerMember http://127.0.0.1:8080/') } - end - describe 'allows balancermember with a different target' do - let :pre_condition do - 'include apache - apache::balancer {"balancername": target => "/etc/apache/balancer.conf"} - apache::balancermember {"http://127.0.0.1:8080-external": url => "http://127.0.0.1:8080/", balancer_cluster => "balancername"} - ' - end - let :title do - 'http://127.0.0.1:8080/' - end - let :params do - { - options: [], - url: 'http://127.0.0.1:8080/', - balancer_cluster: 'balancername', - } - end - - it { - is_expected.to contain_concat__fragment('BalancerMember http://127.0.0.1:8080/').with(target: 'apache_balancer_balancername') - } - end -end diff --git a/puppet/modules/apache/spec/defines/custom_config_spec.rb b/puppet/modules/apache/spec/defines/custom_config_spec.rb deleted file mode 100644 index 4b262ef..0000000 --- a/puppet/modules/apache/spec/defines/custom_config_spec.rb +++ /dev/null @@ -1,122 +0,0 @@ -require 'spec_helper' - -describe 'apache::custom_config', type: :define do - let :pre_condition do - 'class { "apache": }' - end - let :title do - 'rspec' - end - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - context 'defaults with content' do - let :params do - { - 'content' => '# Test', - } - end - - it { - is_expected.to contain_exec('syntax verification for rspec').with('refreshonly' => 'true', - 'subscribe' => 'File[apache_rspec]', - 'command' => '/usr/sbin/apachectl -t', - 'notify' => 'Class[Apache::Service]', - 'before' => 'Exec[remove rspec if invalid]') - } - it { - is_expected.to contain_exec('remove rspec if invalid').with('unless' => '/usr/sbin/apachectl -t', - 'subscribe' => 'File[apache_rspec]', - 'refreshonly' => 'true') - } - it { - is_expected.to contain_file('apache_rspec').with('ensure' => 'present', - 'content' => '# Test', - 'require' => 'Package[httpd]') - } - end - context 'set everything with source' do - let :params do - { - 'confdir' => '/dne', - 'priority' => '30', - 'source' => 'puppet:///modules/apache/test', - 'verify_command' => '/bin/true', - } - end - - it { - is_expected.to contain_exec('syntax verification for rspec').with('command' => '/bin/true') - } - it { - is_expected.to contain_exec('remove rspec if invalid').with('command' => '/bin/rm /dne/30-rspec.conf', - 'unless' => '/bin/true') - } - it { - is_expected.to contain_file('apache_rspec').with('path' => '/dne/30-rspec.conf', - 'ensure' => 'present', - 'source' => 'puppet:///modules/apache/test', - 'require' => 'Package[httpd]') - } - end - context 'verify_config => false' do - let :params do - { - 'content' => '# test', - 'verify_config' => false, - } - end - - it { is_expected.not_to contain_exec('syntax verification for rspec') } - it { is_expected.not_to contain_exec('remove rspec if invalid') } - it { - is_expected.to contain_file('apache_rspec').with('notify' => 'Class[Apache::Service]') - } - end - context 'ensure => absent' do - let :params do - { - 'ensure' => 'absent', - } - end - - it { is_expected.not_to contain_exec('syntax verification for rspec') } - it { is_expected.not_to contain_exec('remove rspec if invalid') } - it { - is_expected.to contain_file('apache_rspec').with('ensure' => 'absent') - } - end - describe 'validation' do - context 'both content and source' do - let :params do - { - 'content' => 'foo', - 'source' => 'bar', - } - end - - it do - expect { - catalogue - }.to raise_error(Puppet::Error, %r{Only one of \$content and \$source can be specified\.}) - end - end - context 'neither content nor source' do - it do - expect { - catalogue - }.to raise_error(Puppet::Error, %r{One of \$content and \$source must be specified\.}) - end - end - end -end diff --git a/puppet/modules/apache/spec/defines/fastcgi_server_spec.rb b/puppet/modules/apache/spec/defines/fastcgi_server_spec.rb deleted file mode 100644 index fafc63a..0000000 --- a/puppet/modules/apache/spec/defines/fastcgi_server_spec.rb +++ /dev/null @@ -1,105 +0,0 @@ -require 'spec_helper' - -describe 'apache::fastcgi::server', type: :define do - let :pre_condition do - 'include apache' - end - let :title do - 'www' - end - - on_supported_os.each do |os, facts| - next if facts[:os]['release']['major'] == '18.04' - next if facts[:os]['release']['major'] == '7' && facts[:os]['family']['RedHat'] - context "on #{os} " do - let :facts do - facts - end - - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_class('apache::mod::fastcgi') } - case facts[:os]['family'] - when 'RedHat' - it { - is_expected.to contain_file("fastcgi-pool-#{title}.conf").with( - ensure: 'file', - path: "/etc/httpd/conf.d/fastcgi-pool-#{title}.conf", - ) - } - when 'Debian' - it { - is_expected.to contain_file("fastcgi-pool-#{title}.conf").with( - ensure: 'file', - path: "/etc/apache2/conf.d/fastcgi-pool-#{title}.conf", - ) - } - when 'FreeBSD' - it { - is_expected.to contain_file("fastcgi-pool-#{title}.conf").with( - ensure: 'file', - path: "/usr/local/etc/apache24/Includes/fastcgi-pool-#{title}.conf", - ) - } - when 'Gentoo' - it { - is_expected.to contain_file("fastcgi-pool-#{title}.conf").with( - ensure: 'file', - path: "/etc/apache2/conf.d/fastcgi-pool-#{title}.conf", - ) - } - end - - describe 'os-independent items' do - describe '.conf content using TCP communication' do - let :params do - { - host: '127.0.0.1:9001', - timeout: 30, - flush: true, - faux_path: '/var/www/php-www.fcgi', - fcgi_alias: '/php-www.fcgi', - file_type: 'application/x-httpd-php', - pass_header: 'Authorization', - } - end - let :expected do -# rubocop:disable Layout/IndentationWidth : Changes to the indent causes test failures. -'FastCGIExternalServer /var/www/php-www.fcgi -idle-timeout 30 -flush -host 127.0.0.1:9001 -pass-header Authorization -Alias /php-www.fcgi /var/www/php-www.fcgi -Action application/x-httpd-php /php-www.fcgi -' - # rubocop:enable Layout/IndentationWidth - end - - it do - is_expected.to contain_file('fastcgi-pool-www.conf').with_content(expected) - end - end - describe '.conf content using socket communication' do - let :params do - { - host: '/var/run/fcgi.sock', - timeout: 30, - flush: true, - faux_path: '/var/www/php-www.fcgi', - fcgi_alias: '/php-www.fcgi', - file_type: 'application/x-httpd-php', - } - end - let :expected do -# rubocop:disable Layout/IndentationWidth : Changes to the indent causes test failures. -'FastCGIExternalServer /var/www/php-www.fcgi -idle-timeout 30 -flush -socket /var/run/fcgi.sock -Alias /php-www.fcgi /var/www/php-www.fcgi -Action application/x-httpd-php /php-www.fcgi -' - # rubocop:enable Layout/IndentationWidth - end - - it do - is_expected.to contain_file('fastcgi-pool-www.conf').with_content(expected) - end - end - end - end - end -end diff --git a/puppet/modules/apache/spec/defines/mod_spec.rb b/puppet/modules/apache/spec/defines/mod_spec.rb deleted file mode 100644 index 2466161..0000000 --- a/puppet/modules/apache/spec/defines/mod_spec.rb +++ /dev/null @@ -1,156 +0,0 @@ -require 'spec_helper' - -describe 'apache::mod', type: :define do - let :pre_condition do - 'include apache' - end - - context 'on a RedHat osfamily' do - let :facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - describe 'for non-special modules' do - let :title do - 'spec_m' - end - - it { is_expected.to contain_class('apache::params') } - it 'manages the module load file' do - is_expected.to contain_file('spec_m.load').with(path: '/etc/httpd/conf.d/spec_m.load', - content: "LoadModule spec_m_module modules/mod_spec_m.so\n", - owner: 'root', - group: 'root', - mode: '0644') - end - end - - describe 'with file_mode set' do - let :pre_condition do - "class {'::apache': file_mode => '0640'}" - end - let :title do - 'spec_m' - end - - it 'manages the module load file' do - is_expected.to contain_file('spec_m.load').with(mode: '0640') - end - end - - describe 'with shibboleth module and package param passed' do - # name/title for the apache::mod define - let :title do - 'xsendfile' - end - # parameters - let(:params) { { package: 'mod_xsendfile' } } - - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_package('mod_xsendfile') } - end - end - - context 'on a Debian osfamily' do - let :facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - describe 'for non-special modules' do - let :title do - 'spec_m' - end - - it { is_expected.to contain_class('apache::params') } - it 'manages the module load file' do - is_expected.to contain_file('spec_m.load').with(path: '/etc/apache2/mods-available/spec_m.load', - content: "LoadModule spec_m_module /usr/lib/apache2/modules/mod_spec_m.so\n", - owner: 'root', - group: 'root', - mode: '0644') - end - it 'links the module load file' do - is_expected.to contain_file('spec_m.load symlink').with(path: '/etc/apache2/mods-enabled/spec_m.load', - target: '/etc/apache2/mods-available/spec_m.load', - owner: 'root', - group: 'root', - mode: '0644') - end - end - end - - context 'on a FreeBSD osfamily' do - let :facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '9', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - - describe 'for non-special modules' do - let :title do - 'spec_m' - end - - it { is_expected.to contain_class('apache::params') } - it 'manages the module load file' do - is_expected.to contain_file('spec_m.load').with(path: '/usr/local/etc/apache24/Modules/spec_m.load', - content: "LoadModule spec_m_module /usr/local/libexec/apache24/mod_spec_m.so\n", - owner: 'root', - group: 'wheel', - mode: '0644') - end - end - end - - context 'on a Gentoo osfamily' do - let :facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - - describe 'for non-special modules' do - let :title do - 'spec_m' - end - - it { is_expected.to contain_class('apache::params') } - it 'manages the module load file' do - is_expected.to contain_file('spec_m.load').with(path: '/etc/apache2/modules.d/spec_m.load', - content: "LoadModule spec_m_module /usr/lib/apache2/modules/mod_spec_m.so\n", - owner: 'root', - group: 'wheel', - mode: '0644') - end - end - end -end diff --git a/puppet/modules/apache/spec/defines/modsec_link_spec.rb b/puppet/modules/apache/spec/defines/modsec_link_spec.rb deleted file mode 100644 index 3035b71..0000000 --- a/puppet/modules/apache/spec/defines/modsec_link_spec.rb +++ /dev/null @@ -1,39 +0,0 @@ -require 'spec_helper' - -describe 'apache::security::rule_link', type: :define do - let :pre_condition do - 'class { "apache": } - class { "apache::mod::security": activated_rules => [] } - ' - end - - let :title do - 'base_rules/modsecurity_35_bad_robots.data' - end - - on_supported_os.each do |os, facts| - context "on #{os} " do - let :facts do - facts - end - - it { is_expected.to compile.with_all_deps } - case facts[:os]['family'] - when 'RedHat' - it { - is_expected.to contain_file('modsecurity_35_bad_robots.data').with( - path: '/etc/httpd/modsecurity.d/activated_rules/modsecurity_35_bad_robots.data', - target: '/usr/lib/modsecurity.d/base_rules/modsecurity_35_bad_robots.data', - ) - } - when 'Debian' - it { - is_expected.to contain_file('modsecurity_35_bad_robots.data').with( - path: '/etc/modsecurity/activated_rules/modsecurity_35_bad_robots.data', - target: '/usr/share/modsecurity-crs/base_rules/modsecurity_35_bad_robots.data', - ) - } - end - end - end -end diff --git a/puppet/modules/apache/spec/defines/vhost_custom_spec.rb b/puppet/modules/apache/spec/defines/vhost_custom_spec.rb deleted file mode 100644 index 05c9183..0000000 --- a/puppet/modules/apache/spec/defines/vhost_custom_spec.rb +++ /dev/null @@ -1,107 +0,0 @@ -require 'spec_helper' - -describe 'apache::vhost::custom', type: :define do - let :title do - 'rspec.example.com' - end - let :default_params do - { - content: 'foobar', - } - end - - describe 'os-dependent items' do - context 'on RedHat based systems' do - let :default_facts do - { - osfamily: 'RedHat', - operatingsystemrelease: '6', - operatingsystem: 'RedHat', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let(:params) { default_params } - let(:facts) { default_facts } - end - context 'on Debian based systems' do - let :default_facts do - { - osfamily: 'Debian', - operatingsystemrelease: '8', - lsbdistcodename: 'jessie', - operatingsystem: 'Debian', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let(:params) { default_params } - let(:facts) { default_facts } - - it { - is_expected.to contain_file('apache_rspec.example.com').with( - ensure: 'present', - content: 'foobar', - path: '/etc/apache2/sites-available/25-rspec.example.com.conf', - ) - } - it { - is_expected.to contain_file('25-rspec.example.com.conf symlink').with( - ensure: 'link', - path: '/etc/apache2/sites-enabled/25-rspec.example.com.conf', - target: '/etc/apache2/sites-available/25-rspec.example.com.conf', - ) - } - end - context 'on FreeBSD systems' do - let :default_facts do - { - osfamily: 'FreeBSD', - operatingsystemrelease: '9', - operatingsystem: 'FreeBSD', - id: 'root', - kernel: 'FreeBSD', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - is_pe: false, - } - end - let(:params) { default_params } - let(:facts) { default_facts } - - it { - is_expected.to contain_file('apache_rspec.example.com').with( - ensure: 'present', - content: 'foobar', - path: '/usr/local/etc/apache24/Vhosts/25-rspec.example.com.conf', - ) - } - end - context 'on Gentoo systems' do - let :default_facts do - { - osfamily: 'Gentoo', - operatingsystem: 'Gentoo', - operatingsystemrelease: '3.16.1-gentoo', - id: 'root', - kernel: 'Linux', - path: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin', - is_pe: false, - } - end - let(:params) { default_params } - let(:facts) { default_facts } - - it { - is_expected.to contain_file('apache_rspec.example.com').with( - ensure: 'present', - content: 'foobar', - path: '/etc/apache2/vhosts.d/25-rspec.example.com.conf', - ) - } - end - end -end diff --git a/puppet/modules/apache/spec/defines/vhost_spec.rb b/puppet/modules/apache/spec/defines/vhost_spec.rb deleted file mode 100644 index 9279665..0000000 --- a/puppet/modules/apache/spec/defines/vhost_spec.rb +++ /dev/null @@ -1,2192 +0,0 @@ -require 'spec_helper' - -describe 'apache::vhost', type: :define do - describe 'os-independent items' do - on_supported_os.each do |os, facts| - # this setup uses fastcgi wich isn't available on RHEL 7 / Ubuntu 18.04 - next if facts[:os]['release']['major'] == '18.04' - next if facts[:os]['release']['major'] == '7' && facts[:os]['family']['RedHat'] - # next if facts[:os]['name'] == 'SLES' - - apache_name = case facts[:os]['family'] - when 'RedHat' - 'httpd' - when 'Debian' - 'apache2' - else - 'apache2' - end - - let :pre_condition do - "class {'apache': default_vhost => false, default_mods => false, vhost_enable_dir => '/etc/#{apache_name}/sites-enabled'}" - end - - let :title do - 'rspec.example.com' - end - - let :default_params do - { - docroot: '/rspec/docroot', - port: '84', - } - end - - context "on #{os} " do - let :facts do - facts - end - - describe 'basic assumptions' do - let(:params) { default_params } - - it { is_expected.to contain_class('apache') } - it { is_expected.to contain_class('apache::params') } - it { is_expected.to contain_apache__listen(params[:port]) } - # namebased virualhost is only created on apache 2.2 and older - if (facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i < 7) || - (facts[:os]['name'] == 'Amazon') || - (facts[:os]['name'] == 'SLES' && facts[:os]['release']['major'].to_i < 12) - it { is_expected.to contain_apache__namevirtualhost("*:#{params[:port]}") } - end - end - context 'set everything!' do - let :params do - { - 'docroot' => '/var/www/foo', - 'manage_docroot' => false, - 'virtual_docroot' => true, - 'port' => '8080', - 'ip' => '127.0.0.1', - 'ip_based' => true, - 'add_listen' => false, - 'docroot_owner' => 'user', - 'docroot_group' => 'wheel', - 'docroot_mode' => '0664', - 'serveradmin' => 'foo@localhost', - 'ssl' => true, - 'ssl_cert' => '/ssl/cert', - 'ssl_key' => '/ssl/key', - 'ssl_chain' => '/ssl/chain', - 'ssl_crl_path' => '/ssl/crl', - 'ssl_crl' => 'foo.crl', - 'ssl_certs_dir' => '/ssl/certs', - 'ssl_protocol' => 'SSLv2', - 'ssl_cipher' => 'HIGH', - 'ssl_honorcipherorder' => 'Off', - 'ssl_verify_client' => 'optional', - 'ssl_verify_depth' => '3', - 'ssl_options' => '+ExportCertData', - 'ssl_openssl_conf_cmd' => 'DHParameters "foo.pem"', - 'ssl_proxy_verify' => 'require', - 'ssl_proxy_check_peer_cn' => 'on', - 'ssl_proxy_check_peer_name' => 'on', - 'ssl_proxy_check_peer_expire' => 'on', - 'ssl_proxyengine' => true, - 'ssl_proxy_cipher_suite' => 'HIGH', - 'ssl_proxy_protocol' => 'TLSv1.2', - 'priority' => '30', - 'default_vhost' => true, - 'servername' => 'example.com', - 'serveraliases' => ['test-example.com'], - 'options' => ['MultiView'], - 'override' => ['All'], - 'directoryindex' => 'index.html', - 'vhost_name' => 'test', - 'logroot' => '/var/www/logs', - 'logroot_ensure' => 'directory', - 'logroot_mode' => '0600', - 'logroot_owner' => 'root', - 'logroot_group' => 'root', - 'log_level' => 'crit', - 'access_log' => false, - 'access_log_file' => 'httpd_access_log', - 'access_log_syslog' => true, - 'access_log_format' => '%h %l %u %t \"%r\" %>s %b', - 'access_log_env_var' => '', - 'aliases' => '/image', - 'directories' => [ - { - 'path' => '/var/www/files', - 'provider' => 'files', - 'require' => ['valid-user', 'all denied'], - }, - { - 'path' => '/var/www/files', - 'provider' => 'files', - 'additional_includes' => ['/custom/path/includes', '/custom/path/another_includes'], - }, - { - 'path' => '/var/www/files', - 'provider' => 'files', - 'require' => 'all granted', - }, - { - 'path' => '/var/www/files', - 'provider' => 'files', - 'require' => - { - 'enforce' => 'all', - 'requires' => ['all-valid1', 'all-valid2'], - }, - }, - { - 'path' => '/var/www/files', - 'provider' => 'files', - 'require' => - { - 'enforce' => 'none', - 'requires' => ['none-valid1', 'none-valid2'], - }, - }, - { - 'path' => '/var/www/files', - 'provider' => 'files', - 'require' => - { - 'enforce' => 'any', - 'requires' => ['any-valid1', 'any-valid2'], - }, - }, - { - 'path' => '*', - 'provider' => 'proxy', - }, - { 'path' => '/var/www/files/indexed_directory', - 'directoryindex' => 'disabled', - 'options' => ['Indexes', 'FollowSymLinks', 'MultiViews'], - 'index_options' => ['FancyIndexing'], - 'index_style_sheet' => '/styles/style.css' }, - { 'path' => '/var/www/files/output_filtered', - 'set_output_filter' => 'output_filter' }, - { 'path' => '/var/www/files', - 'provider' => 'location', - 'limit' => [ - { 'methods' => 'GET HEAD', - 'require' => ['valid-user'] }, - ] }, - { 'path' => '/var/www/files', - 'provider' => 'location', - 'limit_except' => [ - { 'methods' => 'GET HEAD', - 'require' => ['valid-user'] }, - ] }, - { 'path' => '/var/www/dav', - 'dav' => 'filesystem', - 'dav_depth_infinity' => true, - 'dav_min_timeout' => '600' }, - { - 'path' => '/var/www/http2', - 'h2_copy_files' => true, - 'h2_push_resource' => [ - '/foo.css', - '/foo.js', - ], - }, - { - 'path' => '/var/www/node-app/public', - 'passenger_enabled' => true, - 'passenger_base_uri' => '/app', - 'passenger_ruby' => '/path/to/ruby', - 'passenger_python' => '/path/to/python', - 'passenger_nodejs' => '/path/to/nodejs', - 'passenger_meteor_app_settings' => '/path/to/file.json', - 'passenger_app_env' => 'demo', - 'passenger_app_root' => '/var/www/node-app', - 'passenger_app_group_name' => 'foo_bar', - 'passenger_app_type' => 'node', - 'passenger_startup_file' => 'start.js', - 'passenger_restart_dir' => 'temp', - 'passenger_load_shell_envvars' => false, - 'passenger_rolling_restarts' => false, - 'passenger_resist_deployment_errors' => false, - 'passenger_user' => 'nodeuser', - 'passenger_group' => 'nodegroup', - 'passenger_friendly_error_pages' => true, - 'passenger_min_instances' => 7, - 'passenger_max_instances' => 9, - 'passenger_force_max_concurrent_requests_per_process' => 12, - 'passenger_start_timeout' => 10, - 'passenger_concurrency_model' => 'thread', - 'passenger_thread_count' => 20, - 'passenger_max_requests' => 2000, - 'passenger_max_request_time' => 1, - 'passenger_memory_limit' => 32, - 'passenger_high_performance' => false, - 'passenger_buffer_upload' => false, - 'passenger_buffer_response' => false, - 'passenger_error_override' => false, - 'passenger_max_request_queue_size' => 120, - 'passenger_max_request_queue_time' => 5, - 'passenger_sticky_sessions' => true, - 'passenger_sticky_sessions_cookie_name' => '_delicious_cookie', - 'passenger_allow_encoded_slashes' => false, - 'passenger_debugger' => false, - }, - ], - 'error_log' => false, - 'error_log_file' => 'httpd_error_log', - 'error_log_syslog' => true, - 'error_documents' => 'true', - 'fallbackresource' => '/index.php', - 'scriptalias' => '/usr/lib/cgi-bin', - 'scriptaliases' => [ - { - 'alias' => '/myscript', - 'path' => '/usr/share/myscript', - }, - { - 'aliasmatch' => '^/foo(.*)', - 'path' => '/usr/share/fooscripts$1', - }, - ], - 'proxy_dest' => '/', - 'proxy_pass' => [ - { - 'path' => '/a', - 'url' => 'http://backend-a/', - 'keywords' => ['noquery', 'interpolate'], - 'no_proxy_uris' => ['/a/foo', '/a/bar'], - 'no_proxy_uris_match' => ['/a/foomatch'], - 'reverse_cookies' => [ - { - 'path' => '/a', - 'url' => 'http://backend-a/', - }, - { - 'domain' => 'foo', - 'url' => 'http://foo', - }, - ], - 'params' => { - 'retry' => '0', - 'timeout' => '5', - }, - 'setenv' => ['proxy-nokeepalive 1', 'force-proxy-request-1.0 1'], - }, - ], - 'proxy_pass_match' => [ - { - 'path' => '/a', - 'url' => 'http://backend-a/', - 'keywords' => ['noquery', 'interpolate'], - 'no_proxy_uris' => ['/a/foo', '/a/bar'], - 'no_proxy_uris_match' => ['/a/foomatch'], - 'params' => { - 'retry' => '0', - 'timeout' => '5', - }, - 'setenv' => ['proxy-nokeepalive 1', 'force-proxy-request-1.0 1'], - }, - ], - 'suphp_addhandler' => 'foo', - 'suphp_engine' => 'on', - 'suphp_configpath' => '/var/www/html', - 'php_admin_flags' => ['foo', 'bar'], - 'php_admin_values' => ['true', 'false'], - 'no_proxy_uris' => '/foo', - 'no_proxy_uris_match' => '/foomatch', - 'proxy_preserve_host' => true, - 'proxy_add_headers' => true, - 'proxy_error_override' => true, - 'redirect_source' => '/bar', - 'redirect_dest' => '/', - 'redirect_status' => 'temp', - 'redirectmatch_status' => ['404'], - 'redirectmatch_regexp' => ['\.git$'], - 'redirectmatch_dest' => ['http://www.example.com'], - 'headers' => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"', - 'request_headers' => ['append MirrorID "mirror 12"'], - 'rewrites' => [ - { - 'rewrite_rule' => ['^index\.html$ welcome.html'], - }, - ], - 'filters' => [ - 'FilterDeclare COMPRESS', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain', - 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml', - 'FilterChain COMPRESS', - 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no', - ], - 'rewrite_base' => '/', - 'rewrite_rule' => '^index\.html$ welcome.html', - 'rewrite_cond' => '%{HTTP_USER_AGENT} ^MSIE', - 'rewrite_inherit' => true, - 'setenv' => ['FOO=/bin/true'], - 'setenvif' => 'Request_URI "\.gif$" object_is_image=gif', - 'setenvifnocase' => 'REMOTE_ADDR ^127.0.0.1 localhost=true', - 'block' => 'scm', - 'wsgi_application_group' => '%{GLOBAL}', - 'wsgi_daemon_process' => 'wsgi', - 'wsgi_daemon_process_options' => { - 'processes' => '2', - 'threads' => '15', - 'display-name' => '%{GROUP}', - }, - 'wsgi_import_script' => '/var/www/demo.wsgi', - 'wsgi_import_script_options' => { - 'process-group' => 'wsgi', - 'application-group' => '%{GLOBAL}', - }, - 'wsgi_process_group' => 'wsgi', - 'wsgi_script_aliases' => { - '/' => '/var/www/demo.wsgi', - }, - 'wsgi_script_aliases_match' => { - '^/test/(^[/*)' => '/var/www/demo.wsgi', - }, - 'wsgi_pass_authorization' => 'On', - 'custom_fragment' => '#custom string', - 'itk' => { - 'user' => 'someuser', - 'group' => 'somegroup', - }, - 'wsgi_chunked_request' => 'On', - 'action' => 'foo', - 'fastcgi_server' => 'localhost', - 'fastcgi_socket' => '/tmp/fastcgi.socket', - 'fastcgi_dir' => '/tmp', - 'fastcgi_idle_timeout' => '120', - 'additional_includes' => '/custom/path/includes', - 'apache_version' => '2.4', - 'use_optional_includes' => true, - 'suexec_user_group' => 'root root', - 'allow_encoded_slashes' => 'nodecode', - 'use_canonical_name' => 'dns', - - 'h2_copy_files' => false, - 'h2_direct' => true, - 'h2_early_hints' => false, - 'h2_max_session_streams' => 100, - 'h2_modern_tls_only' => true, - 'h2_push' => true, - 'h2_push_diary_size' => 256, - 'h2_push_priority' => [ - 'application/json 32', - ], - 'h2_push_resource' => [ - '/css/main.css', - '/js/main.js', - ], - 'h2_serialize_headers' => false, - 'h2_stream_max_mem_size' => 65_536, - 'h2_tls_cool_down_secs' => 1, - 'h2_tls_warm_up_size' => 1_048_576, - 'h2_upgrade' => true, - 'h2_window_size' => 65_535, - - 'passenger_enabled' => false, - 'passenger_base_uri' => '/app', - 'passenger_ruby' => '/usr/bin/ruby1.9.1', - 'passenger_python' => '/usr/local/bin/python', - 'passenger_nodejs' => '/usr/bin/node', - 'passenger_meteor_app_settings' => '/path/to/some/file.json', - 'passenger_app_env' => 'test', - 'passenger_app_root' => '/usr/share/myapp', - 'passenger_app_group_name' => 'app_customer', - 'passenger_app_type' => 'rack', - 'passenger_startup_file' => 'bin/www', - 'passenger_restart_dir' => 'tmp', - 'passenger_spawn_method' => 'direct', - 'passenger_load_shell_envvars' => false, - 'passenger_rolling_restarts' => false, - 'passenger_resist_deployment_errors' => true, - 'passenger_user' => 'sandbox', - 'passenger_group' => 'sandbox', - 'passenger_friendly_error_pages' => false, - 'passenger_min_instances' => 1, - 'passenger_max_instances' => 30, - 'passenger_max_preloader_idle_time' => 600, - 'passenger_force_max_concurrent_requests_per_process' => 10, - 'passenger_start_timeout' => 600, - 'passenger_concurrency_model' => 'thread', - 'passenger_thread_count' => 5, - 'passenger_max_requests' => 1000, - 'passenger_max_request_time' => 2, - 'passenger_memory_limit' => 64, - 'passenger_stat_throttle_rate' => 5, - 'passenger_pre_start' => 'http://localhost/myapp', - 'passenger_high_performance' => true, - 'passenger_buffer_upload' => false, - 'passenger_buffer_response' => false, - 'passenger_error_override' => true, - 'passenger_max_request_queue_size' => 10, - 'passenger_max_request_queue_time' => 2, - 'passenger_sticky_sessions' => true, - 'passenger_sticky_sessions_cookie_name' => '_nom_nom_nom', - 'passenger_allow_encoded_slashes' => true, - 'passenger_debugger' => true, - 'passenger_lve_min_uid' => 500, - 'add_default_charset' => 'UTF-8', - 'jk_mounts' => [ - { 'mount' => '/*', 'worker' => 'tcnode1' }, - { 'unmount' => '/*.jpg', 'worker' => 'tcnode1' }, - ], - 'auth_kerb' => true, - 'krb_method_negotiate' => 'off', - 'krb_method_k5passwd' => 'off', - 'krb_authoritative' => 'off', - 'krb_auth_realms' => ['EXAMPLE.ORG', 'EXAMPLE.NET'], - 'krb_5keytab' => '/tmp/keytab5', - 'krb_local_user_mapping' => 'off', - 'http_protocol_options' => 'Strict LenientMethods Allow0.9', - 'keepalive' => 'on', - 'keepalive_timeout' => '100', - 'max_keepalive_requests' => '1000', - 'protocols' => ['h2', 'http/1.1'], - 'protocols_honor_order' => true, - } - end - - it { is_expected.to compile } - it { is_expected.not_to contain_file('/var/www/foo') } - it { is_expected.to contain_class('apache::mod::ssl') } - it { - is_expected.to contain_file('ssl.conf').with( - content: %r{^\s+SSLHonorCipherOrder On$}, - ) - } - it { - is_expected.to contain_file('ssl.conf').with( - content: %r{^\s+SSLPassPhraseDialog builtin$}, - ) - } - it { - is_expected.to contain_file('ssl.conf').with( - content: %r{^\s+SSLSessionCacheTimeout 300$}, - ) - } - it { is_expected.to contain_class('apache::mod::mime') } - it { is_expected.to contain_class('apache::mod::vhost_alias') } - it { is_expected.to contain_class('apache::mod::wsgi') } - it { is_expected.to contain_class('apache::mod::suexec') } - it { is_expected.to contain_class('apache::mod::passenger') } - it { - is_expected.to contain_file('/var/www/logs').with('ensure' => 'directory', - 'mode' => '0600') - } - it { is_expected.to contain_class('apache::mod::rewrite') } - it { is_expected.to contain_class('apache::mod::alias') } - it { is_expected.to contain_class('apache::mod::proxy') } - it { is_expected.to contain_class('apache::mod::proxy_http') } - it { is_expected.to contain_class('apache::mod::fastcgi') } - it { is_expected.to contain_class('apache::mod::headers') } - it { is_expected.to contain_class('apache::mod::filter') } - it { is_expected.to contain_class('apache::mod::env') } - it { is_expected.to contain_class('apache::mod::setenvif') } - it { - is_expected.to contain_concat('30-rspec.example.com.conf').with('owner' => 'root', - 'mode' => '0644', - 'require' => 'Package[httpd]', - 'notify' => 'Class[Apache::Service]') - } - if facts[:os]['release']['major'].to_i >= 18 && facts[:os]['name'] == 'Ubuntu' - it { - is_expected.to contain_file('30-rspec.example.com.conf symlink').with('ensure' => 'link', - 'path' => "/etc/#{apache_name}/sites-enabled/30-rspec.example.com.conf") - } - end - it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') } - it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') } - it { is_expected.to contain_concat__fragment('rspec.example.com-aliases') } - it { is_expected.to contain_concat__fragment('rspec.example.com-itk') } - it { is_expected.to contain_concat__fragment('rspec.example.com-fallbackresource') } - it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Include\s'\/custom\/path\/includes'$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Include\s'\/custom\/path\/another_includes'$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+H2CopyFiles\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+H2PushResource\s/foo.css$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+H2PushResource\s/foo.js$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require valid-user$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require all denied$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require all granted$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+<\/RequireAll>$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require all-valid1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require all-valid2$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+<\/RequireNone>$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require none-valid1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require none-valid2$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+<\/RequireAny>$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require any-valid1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require any-valid2$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Options\sIndexes\sFollowSymLinks\sMultiViews$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+IndexOptions\sFancyIndexing$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+IndexStyleSheet\s'\/styles\/style\.css'$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+DirectoryIndex\sdisabled$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+SetOutputFilter\soutput_filter$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{\s+\s*Require valid-user\s*<\/Limit>}m, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{\s+\s*Require valid-user\s*<\/LimitExcept>}m, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Dav\sfilesystem$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+DavDepthInfinity\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+DavMinTimeout\s600$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerEnabled\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerBaseURI\s/app$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerRuby\s/path/to/ruby$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerPython\s/path/to/python$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerNodejs\s/path/to/nodejs$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerMeteorAppSettings\s/path/to/file\.json$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerAppEnv\sdemo$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerAppRoot\s/var/www/node-app$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerAppGroupName\sfoo_bar$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerAppType\snode$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerStartupFile\sstart\.js$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerRestartDir\stemp$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerLoadShellEnvvars\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerRollingRestarts\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerResistDeploymentErrors\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerUser\snodeuser$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerGroup\snodegroup$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerFriendlyErrorPages\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerMinInstances\s7$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerMaxInstances\s9$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerForceMaxConcurrentRequestsPerProcess\s12$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerStartTimeout\s10$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerConcurrencyModel\sthread$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerThreadCount\s20$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerMaxRequests\s2000$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerMaxRequestTime\s1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerMemoryLimit\s32$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerHighPerformance\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerBufferUpload\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerBufferResponse\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerErrorOverride\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerMaxRequestQueueSize\s120$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerMaxRequestQueueTime\s5$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerStickySessions\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerStickySessionsCookieName\s_delicious_cookie$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerAllowEncodedSlashes\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+PassengerDebugger\sOff$}, - ) - } - it { is_expected.to contain_concat__fragment('rspec.example.com-additional_includes') } - it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } - it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-access_log') } - it { is_expected.to contain_concat__fragment('rspec.example.com-action') } - it { is_expected.to contain_concat__fragment('rspec.example.com-block') } - it { is_expected.to contain_concat__fragment('rspec.example.com-error_document') } - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{retry=0}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{timeout=5}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{SetEnv force-proxy-request-1.0 1}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{SetEnv proxy-nokeepalive 1}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{noquery interpolate}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{ProxyPreserveHost On}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{ProxyAddHeaders On}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{ProxyPassReverseCookiePath\s+\/a\s+http:\/\/}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{ProxyPassReverseCookieDomain\s+foo\s+http:\/\/foo}, - ) - } - it { is_expected.to contain_concat__fragment('rspec.example.com-redirect') } - it { is_expected.to contain_concat__fragment('rspec.example.com-rewrite') } - it { - is_expected.to contain_concat__fragment('rspec.example.com-rewrite').with( - content: %r{^\s+RewriteOptions Inherit$}, - ) - } - it { is_expected.to contain_concat__fragment('rspec.example.com-scriptalias') } - it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias') } - it { - is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content( - %r{SetEnv FOO=/bin/true}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content( - %r{SetEnvIf Request_URI "\\.gif\$" object_is_image=gif}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-setenv').with_content( - %r{SetEnvIfNoCase REMOTE_ADDR \^127.0.0.1 localhost=true}, - ) - } - it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') } - it { - is_expected.to contain_concat__fragment('rspec.example.com-ssl').with( - content: %r{^\s+SSLOpenSSLConfCmd\s+DHParameters "foo.pem"$}, - ) - } - it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy') } - it { - is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( - content: %r{^\s+SSLProxyEngine On$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( - content: %r{^\s+SSLProxyCheckPeerCN\s+on$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( - content: %r{^\s+SSLProxyCheckPeerName\s+on$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( - content: %r{^\s+SSLProxyCheckPeerExpire\s+on$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( - content: %r{^\s+SSLProxyCipherSuite\s+HIGH$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with( - content: %r{^\s+SSLProxyProtocol\s+TLSv1.2$}, - ) - } - it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') } - it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') } - it { is_expected.to contain_concat__fragment('rspec.example.com-header') } - it { - is_expected.to contain_concat__fragment('rspec.example.com-filters').with( - content: %r{^\s+FilterDeclare COMPRESS$}, - ) - } - it { is_expected.to contain_concat__fragment('rspec.example.com-requestheader') } - it { is_expected.to contain_concat__fragment('rspec.example.com-wsgi') } - it { is_expected.to contain_concat__fragment('rspec.example.com-custom_fragment') } - it { is_expected.to contain_concat__fragment('rspec.example.com-fastcgi') } - it { is_expected.to contain_concat__fragment('rspec.example.com-suexec') } - it { is_expected.to contain_concat__fragment('rspec.example.com-allow_encoded_slashes') } - it { is_expected.to contain_concat__fragment('rspec.example.com-passenger') } - it { is_expected.to contain_concat__fragment('rspec.example.com-charsets') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-security') } - it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } - it { - is_expected.to contain_concat__fragment('rspec.example.com-jk_mounts').with( - content: %r{^\s+JkMount\s+\/\*\s+tcnode1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-jk_mounts').with( - content: %r{^\s+JkUnMount\s+\/\*\.jpg\s+tcnode1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( - content: %r{^\s+KrbMethodNegotiate\soff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( - content: %r{^\s+KrbAuthoritative\soff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( - content: %r{^\s+KrbAuthRealms\sEXAMPLE.ORG\sEXAMPLE.NET$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( - content: %r{^\s+Krb5Keytab\s\/tmp\/keytab5$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( - content: %r{^\s+KrbLocalUserMapping\soff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( - content: %r{^\s+KrbServiceName\sHTTP$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( - content: %r{^\s+KrbSaveCredentials\soff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-auth_kerb').with( - content: %r{^\s+KrbVerifyKDC\son$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-http_protocol_options').with( - content: %r{^\s*HttpProtocolOptions\s+Strict\s+LenientMethods\s+Allow0\.9$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with( - content: %r{^\s+KeepAlive\son$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with( - content: %r{^\s+KeepAliveTimeout\s100$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-keepalive_options').with( - content: %r{^\s+MaxKeepAliveRequests\s1000$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( - content: %r{^\s+Protocols\sh2 http/1.1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( - content: %r{^\s+ProtocolsHonorOrder\sOn$}, - ) - } - - it { - is_expected.to contain_concat__fragment('rspec.example.com-http2').with( - content: %r{^\s+H2CopyFiles\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-http2').with( - content: %r{^\s+H2Direct\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-http2').with( - content: %r{^\s+H2EarlyHints\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-http2').with( - content: %r{^\s+H2MaxSessionStreams\s100$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-http2').with( - content: %r{^\s+H2ModernTLSOnly\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-http2').with( - content: %r{^\s+H2Push\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-http2').with( - content: %r{^\s+H2PushDiarySize\s256$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-http2').with( - content: %r{^\s+H2PushPriority\sapplication/json 32$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-http2').with( - content: %r{^\s+H2PushResource\s/css/main.css$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-http2').with( - content: %r{^\s+H2PushResource\s/js/main.js$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-http2').with( - content: %r{^\s+H2SerializeHeaders\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-http2').with( - content: %r{^\s+H2StreamMaxMemSize\s65536$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-http2').with( - content: %r{^\s+H2TLSCoolDownSecs\s1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-http2').with( - content: %r{^\s+H2TLSWarmUpSize\s1048576$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-http2').with( - content: %r{^\s+H2Upgrade\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-http2').with( - content: %r{^\s+H2WindowSize\s65535$}, - ) - } - - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerEnabled\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerBaseURI\s/app$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerRuby\s/usr/bin/ruby1\.9\.1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerPython\s/usr/local/bin/python$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerNodejs\s/usr/bin/node$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerMeteorAppSettings\s/path/to/some/file.json$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerAppEnv\stest$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerAppRoot\s/usr/share/myapp$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerAppGroupName\sapp_customer$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerAppType\srack$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerStartupFile\sbin/www$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerRestartDir\stmp$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerSpawnMethod\sdirect$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerLoadShellEnvvars\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerRollingRestarts\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerResistDeploymentErrors\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerUser\ssandbox$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerGroup\ssandbox$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerFriendlyErrorPages\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerMinInstances\s1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerMaxInstances\s30$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerMaxPreloaderIdleTime\s600$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerForceMaxConcurrentRequestsPerProcess\s10$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerStartTimeout\s600$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerConcurrencyModel\sthread$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerThreadCount\s5$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerMaxRequests\s1000$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerMaxRequestTime\s2$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerMemoryLimit\s64$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerStatThrottleRate\s5$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-file_footer').with( - content: %r{^PassengerPreStart\shttp://localhost/myapp$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerHighPerformance\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerBufferUpload\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerBufferResponse\sOff$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerErrorOverride\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerMaxRequestQueueSize\s10$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerMaxRequestQueueTime\s2$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerStickySessions\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerStickySessionsCookieName\s_nom_nom_nom$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerAllowEncodedSlashes\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerDebugger\sOn$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-passenger').with( - content: %r{^\s+PassengerLveMinUid\s500$}, - ) - } - end - context 'vhost with multiple ip addresses' do - let :params do - { - 'port' => '80', - 'ip' => ['127.0.0.1', '::1'], - 'ip_based' => true, - 'servername' => 'example.com', - 'docroot' => '/var/www/html', - 'add_listen' => true, - 'ensure' => 'present', - } - end - - it { is_expected.to compile } - it { - is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( - content: %r{[.\/m]*[.\/m]*$}, - ) - } - it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:80') } - it { is_expected.to contain_concat__fragment('Listen [::1]:80') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost 127.0.0.1:80') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost [::1]:80') } - end - - context 'vhost with multiple ports' do - let :params do - { - 'port' => ['80', '8080'], - 'ip' => '127.0.0.1', - 'ip_based' => true, - 'servername' => 'example.com', - 'docroot' => '/var/www/html', - 'add_listen' => true, - 'ensure' => 'present', - } - end - - it { is_expected.to compile } - it { - is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( - content: %r{[.\/m]*[.\/m]*$}, - ) - } - it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:80') } - it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:8080') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost 127.0.0.1:80') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost 127.0.0.1:8080') } - end - - context 'vhost with multiple ip addresses, multiple ports' do - let :params do - { - 'port' => ['80', '8080'], - 'ip' => ['127.0.0.1', '::1'], - 'ip_based' => true, - 'servername' => 'example.com', - 'docroot' => '/var/www/html', - 'add_listen' => true, - 'ensure' => 'present', - } - end - - it { is_expected.to compile } - it { - is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( - content: %r{[.\/m]*[.\/m]*$}, - ) - } - it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:80') } - it { is_expected.to contain_concat__fragment('Listen 127.0.0.1:8080') } - it { is_expected.to contain_concat__fragment('Listen [::1]:80') } - it { is_expected.to contain_concat__fragment('Listen [::1]:8080') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost 127.0.0.1:80') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost 127.0.0.1:8080') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost [::1]:80') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost [::1]:8080') } - end - - context 'vhost with ipv6 address' do - let :params do - { - 'port' => '80', - 'ip' => '::1', - 'ip_based' => true, - 'servername' => 'example.com', - 'docroot' => '/var/www/html', - 'add_listen' => true, - 'ensure' => 'present', - } - end - - it { is_expected.to compile } - it { - is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( - content: %r{[.\/m]*[.\/m]*$}, - ) - } - it { is_expected.to contain_concat__fragment('Listen [::1]:80') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost [::1]:80') } - end - - context 'vhost with wildcard ip address' do - let :params do - { - 'port' => '80', - 'ip' => '*', - 'ip_based' => true, - 'servername' => 'example.com', - 'docroot' => '/var/www/html', - 'add_listen' => true, - 'ensure' => 'present', - } - end - - it { is_expected.to compile } - it { - is_expected.to contain_concat__fragment('rspec.example.com-apache-header').with( - content: %r{[.\/m]*[.\/m]*$}, - ) - } - it { is_expected.to contain_concat__fragment('Listen *:80') } - it { is_expected.not_to contain_concat__fragment('NameVirtualHost *:80') } - end - - context 'modsec_audit_log' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'modsec_audit_log' => true, - } - end - - it { is_expected.to compile } - it { - is_expected.to contain_concat__fragment('rspec.example.com-security').with( - content: %r{^\s*SecAuditLog "\/var\/log\/#{apache_name}\/rspec\.example\.com_security\.log"$}, - ) - } - end - context 'modsec_audit_log_file' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'modsec_audit_log_file' => 'foo.log', - } - end - - it { is_expected.to compile } - it { - is_expected.to contain_concat__fragment('rspec.example.com-security').with( - content: %r{\s*SecAuditLog "\/var\/log\/#{apache_name}\/foo.log"$}, - ) - } - end - context 'set only aliases' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'aliases' => [ - { - 'alias' => '/alias', - 'path' => '/rspec/docroot', - }, - ], - } - end - - it { is_expected.to contain_class('apache::mod::alias') } - end - context 'proxy_pass_match' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'proxy_pass_match' => [ - { - 'path' => '.*', - 'url' => 'http://backend-a/', - 'params' => { 'timeout' => 300 }, - }, - ], - } - end - - it { - is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content( - %r{ProxyPassMatch .* http:\/\/backend-a\/ timeout=300}, - ).with_content(%r{## Proxy rules}) - } - end - context 'proxy_dest_match' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'proxy_dest_match' => '/', - } - end - - it { is_expected.to contain_concat__fragment('rspec.example.com-proxy').with_content(%r{## Proxy rules}) } - end - context 'not everything can be set together...' do - let :params do - { - 'access_log_pipe' => '/dev/null', - 'error_log_pipe' => '/dev/null', - 'docroot' => '/var/www/foo', - 'ensure' => 'absent', - 'manage_docroot' => true, - 'logroot' => '/tmp/logroot', - 'logroot_ensure' => 'absent', - 'directories' => [ - { - 'path' => '/var/www/files', - 'provider' => 'files', - 'allow' => ['from 127.0.0.1', 'from 127.0.0.2'], - 'deny' => ['from 127.0.0.3', 'from 127.0.0.4'], - 'satisfy' => 'any', - }, - { - 'path' => '/var/www/foo', - 'provider' => 'files', - 'allow' => 'from 127.0.0.5', - 'deny' => 'from all', - 'order' => 'deny,allow', - }, - ], - - } - end - - it { is_expected.to compile } - it { is_expected.not_to contain_class('apache::mod::ssl') } - it { is_expected.not_to contain_class('apache::mod::mime') } - it { is_expected.not_to contain_class('apache::mod::vhost_alias') } - it { is_expected.not_to contain_class('apache::mod::wsgi') } - it { is_expected.not_to contain_class('apache::mod::passenger') } - it { is_expected.not_to contain_class('apache::mod::suexec') } - it { is_expected.not_to contain_class('apache::mod::rewrite') } - it { is_expected.not_to contain_class('apache::mod::alias') } - it { is_expected.not_to contain_class('apache::mod::proxy') } - it { is_expected.not_to contain_class('apache::mod::proxy_http') } - it { is_expected.not_to contain_class('apache::mod::headers') } - it { is_expected.to contain_file('/var/www/foo') } - it { - is_expected.to contain_file('/tmp/logroot').with('ensure' => 'absent') - } - it { - is_expected.to contain_concat('25-rspec.example.com.conf').with('ensure' => 'absent') - } - it { is_expected.to contain_concat__fragment('rspec.example.com-apache-header') } - it { is_expected.to contain_concat__fragment('rspec.example.com-docroot') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-aliases') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-itk') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-fallbackresource') } - it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } - # the following style is only present on Apache 2.2 - # That is used in SLES 11, RHEL6, Amazon Linux - if (facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i < 7) || - (facts[:os]['name'] == 'Amazon') || - (facts[:os]['name'] == 'SLES' && facts[:os]['release']['major'].to_i < 12) - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Allow from 127\.0\.0\.1$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Allow from 127\.0\.0\.2$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Allow from 127\.0\.0\.5$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Deny from 127\.0\.0\.3$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Deny from 127\.0\.0\.4$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Deny from all$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Satisfy any$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Order deny,allow$}, - ) - } - end - it { is_expected.not_to contain_concat__fragment('rspec.example.com-additional_includes') } - it { is_expected.to contain_concat__fragment('rspec.example.com-logging') } - it { is_expected.to contain_concat__fragment('rspec.example.com-serversignature') } - it { is_expected.to contain_concat__fragment('rspec.example.com-access_log') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-action') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-block') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-error_document') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-proxy') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-redirect') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-rewrite') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-scriptalias') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-serveralias') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-setenv') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-ssl') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-sslproxy') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-suphp') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-php_admin') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-header') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-requestheader') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-wsgi') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-custom_fragment') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-fastcgi') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-suexec') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-charsets') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-limits') } - it { is_expected.to contain_concat__fragment('rspec.example.com-file_footer') } - end - context 'wsgi_application_group should set apache::mod::wsgi' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_application_group' => '%{GLOBAL}', - } - end - - it { is_expected.to contain_class('apache::mod::wsgi') } - end - context 'wsgi_daemon_process should set apache::mod::wsgi' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_daemon_process' => 'wsgi', - } - end - - it { is_expected.to contain_class('apache::mod::wsgi') } - end - context 'wsgi_import_script on its own should not set apache::mod::wsgi' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_import_script' => '/var/www/demo.wsgi', - } - end - - it { is_expected.not_to contain_class('apache::mod::wsgi') } - end - context 'wsgi_import_script_options on its own should not set apache::mod::wsgi' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_import_script_options' => { - 'process-group' => 'wsgi', - 'application-group' => '%{GLOBAL}', - }, - } - end - - it { is_expected.not_to contain_class('apache::mod::wsgi') } - end - context 'wsgi_import_script and wsgi_import_script_options should set apache::mod::wsgi' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_import_script' => '/var/www/demo.wsgi', - 'wsgi_import_script_options' => { - 'process-group' => 'wsgi', - 'application-group' => '%{GLOBAL}', - }, - } - end - - it { is_expected.to contain_class('apache::mod::wsgi') } - end - context 'wsgi_process_group should set apache::mod::wsgi' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_daemon_process' => 'wsgi', - } - end - - it { is_expected.to contain_class('apache::mod::wsgi') } - end - context 'wsgi_script_aliases with non-empty aliases should set apache::mod::wsgi' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_script_aliases' => { - '/' => '/var/www/demo.wsgi', - }, - } - end - - it { is_expected.to contain_class('apache::mod::wsgi') } - end - context 'wsgi_script_aliases with empty aliases should set apache::mod::wsgi' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_script_aliases' => {}, - } - end - - it { is_expected.not_to contain_class('apache::mod::wsgi') } - end - context 'wsgi_pass_authorization should set apache::mod::wsgi' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_pass_authorization' => 'On', - } - end - - it { is_expected.to contain_class('apache::mod::wsgi') } - end - context 'when not setting nor managing the docroot' do - let :params do - { - 'docroot' => false, - 'manage_docroot' => false, - } - end - - it { is_expected.to compile } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-docroot') } - end - context 'ssl_proxyengine without ssl' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'ssl' => false, - 'ssl_proxyengine' => true, - } - end - - it { is_expected.to compile } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-ssl') } - it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy') } - end - context 'ssl_proxy_protocol without ssl_proxyengine' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'ssl' => true, - 'ssl_proxyengine' => false, - 'ssl_proxy_protocol' => 'TLSv1.2', - } - end - - it { is_expected.to compile } - it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') } - it { is_expected.not_to contain_concat__fragment('rspec.example.com-sslproxy') } - end - describe 'access logs' do - context 'single log file' do - let(:params) do - { - 'docroot' => '/rspec/docroot', - 'access_log_file' => 'my_log_file', - } - end - - it { - is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( - content: %r{^\s+CustomLog.*my_log_file" combined\s*$}, - ) - } - end - context 'single log file with environment' do - let(:params) do - { - 'docroot' => '/rspec/docroot', - 'access_log_file' => 'my_log_file', - 'access_log_env_var' => 'prod', - } - end - - it { - is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( - content: %r{^\s+CustomLog.*my_log_file" combined\s+env=prod$}, - ) - } - end - context 'multiple log files' do - let(:params) do - { - 'docroot' => '/rspec/docroot', - 'access_logs' => [ - { 'file' => '/tmp/log1', 'env' => 'dev' }, - { 'file' => 'log2' }, - { 'syslog' => 'syslog', 'format' => '%h %l' }, - ], - } - end - - it { - is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( - content: %r{^\s+CustomLog "\/tmp\/log1"\s+combined\s+env=dev$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( - content: %r{^\s+CustomLog "\/var\/log\/#{apache_name}\/log2"\s+combined\s*$}, - ) - } - it { - is_expected.to contain_concat__fragment('rspec.example.com-access_log').with( - content: %r{^\s+CustomLog "syslog" "%h %l"\s*$}, - ) - } - end - end # access logs - describe 'validation' do - context 'bad ensure' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'ensure' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad suphp_engine' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'suphp_engine' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad ip_based' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'ip_based' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad access_log' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'access_log' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad error_log' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'error_log' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad_ssl' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'ssl' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad default_vhost' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'default_vhost' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad ssl_proxyengine' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'ssl_proxyengine' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad rewrites' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'rewrites' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad rewrites 2' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'rewrites' => ['bogus'], - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'empty rewrites' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'rewrites' => [], - } - end - - it { is_expected.to compile } - end - context 'bad suexec_user_group' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'suexec_user_group' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad wsgi_script_alias' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_script_alias' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad wsgi_daemon_process_options' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_daemon_process_options' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad wsgi_import_script_alias' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'wsgi_import_script_alias' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad itk' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'itk' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad logroot_ensure' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'log_level' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad log_level' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'log_level' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'access_log_file and access_log_pipe' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'access_log_file' => 'bogus', - 'access_log_pipe' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'error_log_file and error_log_pipe' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'error_log_file' => 'bogus', - 'error_log_pipe' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad fallbackresource' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'fallbackresource' => 'bogus', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad custom_fragment' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'custom_fragment' => true, - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'bad access_logs' do - let :params do - { - 'docroot' => '/rspec/docroot', - 'access_logs' => '/var/log/somewhere', - } - end - - it { is_expected.to raise_error(Puppet::Error) } - end - context 'default of require all granted' do - let :params do - { - 'docroot' => '/var/www/foo', - 'directories' => [ - { - 'path' => '/var/www/foo/files', - 'provider' => 'files', - }, - ], - - } - end - - it { is_expected.to compile } - it { is_expected.to contain_concat('25-rspec.example.com.conf') } - it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } - # this works only with apache 2.4 and newer - if (facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i > 6) || - (facts[:os]['name'] == 'SLES' && facts[:os]['release']['major'].to_i > 11) - it { - is_expected.to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require all granted$}, - ) - } - end - end - context 'require unmanaged' do - let :params do - { - 'docroot' => '/var/www/foo', - 'directories' => [ - { - 'path' => '/var/www/foo', - 'require' => 'unmanaged', - }, - ], - - } - end - - it { is_expected.to compile } - it { is_expected.to contain_concat('25-rspec.example.com.conf') } - it { is_expected.to contain_concat__fragment('rspec.example.com-directories') } - it { - is_expected.not_to contain_concat__fragment('rspec.example.com-directories').with( - content: %r{^\s+Require all granted$}, - ) - } - end - describe 'redirectmatch_*' do - let :dparams do - { - docroot: '/rspec/docroot', - port: '84', - } - end - - context 'status' do - let(:params) { dparams.merge(redirectmatch_status: '404') } - - it { is_expected.to contain_class('apache::mod::alias') } - end - context 'dest' do - let(:params) { dparams.merge(redirectmatch_dest: 'http://other.example.com$1.jpg') } - - it { is_expected.to contain_class('apache::mod::alias') } - end - context 'regexp' do - let(:params) { dparams.merge(redirectmatch_regexp: "(.*)\.gif$") } - - it { is_expected.to contain_class('apache::mod::alias') } - end - context 'none' do - let(:params) { dparams } - - it { is_expected.not_to contain_class('apache::mod::alias') } - end - end - end - end - end - end -end diff --git a/puppet/modules/apache/spec/fixtures/files/negotiation.conf b/puppet/modules/apache/spec/fixtures/files/negotiation.conf deleted file mode 100644 index c0bb8b9..0000000 --- a/puppet/modules/apache/spec/fixtures/files/negotiation.conf +++ /dev/null @@ -1,4 +0,0 @@ -# This is a file only for spec testing - -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW -ForceLanguagePriority Prefer Fallback diff --git a/puppet/modules/apache/spec/fixtures/files/spec b/puppet/modules/apache/spec/fixtures/files/spec deleted file mode 100644 index 76e9a14..0000000 --- a/puppet/modules/apache/spec/fixtures/files/spec +++ /dev/null @@ -1 +0,0 @@ -# This is a file only for spec testing diff --git a/puppet/modules/apache/spec/fixtures/site_apache/templates/fake.conf.erb b/puppet/modules/apache/spec/fixtures/site_apache/templates/fake.conf.erb deleted file mode 100644 index 019debf..0000000 --- a/puppet/modules/apache/spec/fixtures/site_apache/templates/fake.conf.erb +++ /dev/null @@ -1 +0,0 @@ -Fake template for rspec. diff --git a/puppet/modules/apache/spec/fixtures/templates/negotiation.conf.erb b/puppet/modules/apache/spec/fixtures/templates/negotiation.conf.erb deleted file mode 100644 index 5575022..0000000 --- a/puppet/modules/apache/spec/fixtures/templates/negotiation.conf.erb +++ /dev/null @@ -1,4 +0,0 @@ -# This is a template only for spec testing - -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW -ForceLanguagePriority Prefer Fallback diff --git a/puppet/modules/apache/spec/functions/apache_pw_hash_spec.rb b/puppet/modules/apache/spec/functions/apache_pw_hash_spec.rb deleted file mode 100644 index b8b6812..0000000 --- a/puppet/modules/apache/spec/functions/apache_pw_hash_spec.rb +++ /dev/null @@ -1,12 +0,0 @@ -require 'spec_helper' - -describe 'apache::apache_pw_hash' do - it { is_expected.not_to eq(nil) } - it { is_expected.to run.with_params.and_raise_error(ArgumentError) } - it { is_expected.to run.with_params('').and_raise_error(ArgumentError) } - it { is_expected.to run.with_params(1).and_raise_error(ArgumentError) } - it { is_expected.to run.with_params(true).and_raise_error(ArgumentError) } - it { is_expected.to run.with_params({}).and_raise_error(ArgumentError) } - it { is_expected.to run.with_params([]).and_raise_error(ArgumentError) } - it { is_expected.to run.with_params('test').and_return('{SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=') } -end diff --git a/puppet/modules/apache/spec/functions/bool2httpd_spec.rb b/puppet/modules/apache/spec/functions/bool2httpd_spec.rb deleted file mode 100644 index 9d37d6b..0000000 --- a/puppet/modules/apache/spec/functions/bool2httpd_spec.rb +++ /dev/null @@ -1,19 +0,0 @@ -require 'spec_helper' - -describe 'apache::bool2httpd' do - it { is_expected.not_to eq(nil) } - it { is_expected.to run.with_params.and_raise_error(ArgumentError) } - it { is_expected.to run.with_params('1', '2').and_raise_error(ArgumentError) } - it { is_expected.to run.with_params(true).and_return('On') } - it 'expected to return a string "On"' do - expect(subject.execute(true)).to be_an_instance_of(String) - end - it { is_expected.to run.with_params(false).and_return('Off') } - it 'expected to return a string "Off"' do - expect(subject.execute(false)).to be_an_instance_of(String) - end - it { is_expected.to run.with_params('mail').and_return('mail') } - it { is_expected.to run.with_params(nil).and_return('Off') } - it { is_expected.to run.with_params(:undef).and_return('Off') } - it { is_expected.to run.with_params('foo').and_return('foo') } -end diff --git a/puppet/modules/apache/spec/functions/validate_apache_log_level_spec.rb b/puppet/modules/apache/spec/functions/validate_apache_log_level_spec.rb deleted file mode 100644 index be69d0c..0000000 --- a/puppet/modules/apache/spec/functions/validate_apache_log_level_spec.rb +++ /dev/null @@ -1,12 +0,0 @@ -require 'spec_helper' - -describe 'apache::validate_apache_log_level' do - it { is_expected.not_to eq(nil) } - it { is_expected.to run.with_params.and_raise_error(ArgumentError) } - it { is_expected.to run.with_params('garbage').and_raise_error(Puppet::ParseError) } - it { is_expected.to run.with_params('info') } - it { is_expected.to run.with_params('warn ssl:info') } - it { is_expected.to run.with_params('warn mod_ssl.c:info') } - it { is_expected.to run.with_params('warn ssl_module:info') } - it { is_expected.to run.with_params('trace4') } -end diff --git a/puppet/modules/apache/spec/spec_helper.rb b/puppet/modules/apache/spec/spec_helper.rb deleted file mode 100644 index 1f8b6b4..0000000 --- a/puppet/modules/apache/spec/spec_helper.rb +++ /dev/null @@ -1,52 +0,0 @@ -RSpec.configure do |c| - c.mock_with :rspec -end - -require 'puppetlabs_spec_helper/module_spec_helper' -require 'rspec-puppet-facts' - -require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb')) - -include RspecPuppetFacts - -default_facts = { - puppetversion: Puppet.version, - facterversion: Facter.version, -} - -default_fact_files = [ - File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')), - File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')), -] - -default_fact_files.each do |f| - next unless File.exist?(f) && File.readable?(f) && File.size?(f) - - begin - default_facts.merge!(YAML.safe_load(File.read(f), [], [], true)) - rescue => e - RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}" - end -end - -RSpec.configure do |c| - c.default_facts = default_facts - c.before :each do - # set to strictest setting for testing - # by default Puppet runs at warning level - Puppet.settings[:strict] = :warning - end - c.filter_run_excluding(bolt: true) unless ENV['GEM_BOLT'] - c.after(:suite) do - RSpec::Puppet::Coverage.report!(0) - end -end - -def ensure_module_defined(module_name) - module_name.split('::').reduce(Object) do |last_module, next_module| - last_module.const_set(next_module, Module.new) unless last_module.const_defined?(next_module, false) - last_module.const_get(next_module, false) - end -end - -# 'spec_overrides' from sync.yml will appear below this line diff --git a/puppet/modules/apache/spec/spec_helper_acceptance.rb b/puppet/modules/apache/spec/spec_helper_acceptance.rb deleted file mode 100644 index 498c826..0000000 --- a/puppet/modules/apache/spec/spec_helper_acceptance.rb +++ /dev/null @@ -1,92 +0,0 @@ -require 'beaker-pe' -require 'beaker-puppet' -require 'puppet' -require 'beaker-rspec/spec_helper' -require 'beaker-rspec/helpers/serverspec' -require 'beaker/puppet_install_helper' -require 'beaker/module_install_helper' -require 'beaker-task_helper' - -run_puppet_install_helper -configure_type_defaults_on(hosts) -install_bolt_on(hosts) unless pe_install? -install_module_on(hosts) -install_module_dependencies_on(hosts) - -RSpec.configure do |c| - c.filter_run focus: true - c.run_all_when_everything_filtered = true - # IPv6 is not enabled by default in the new travis-ci Trusty environment (see https://github.com/travis-ci/travis-ci/issues/8891 ) - if fact('network6_lo') != '::1' - c.filter_run_excluding ipv6: true - end - - # Readable test descriptions - c.formatter = :documentation - - # detect the situation where PUP-5016 is triggered and skip the idempotency tests in that case - # also note how fact('puppetversion') is not available because of PUP-4359 - if host_inventory['facter']['os']['family'] == 'Debian' && host_inventory['facter']['os']['release']['major'] == '8' && shell('puppet --version').stdout =~ %r{^4\.2} - c.filter_run_excluding skip_pup_5016: true - end - - # Configure all nodes in nodeset - c.before :suite do - run_puppet_access_login(user: 'admin') if pe_install? && (Gem::Version.new(puppet_version) >= Gem::Version.new('5.0.0')) - # net-tools required for netstat utility being used by be_listening - if (host_inventory['facter']['os']['family'] == 'RedHat' && host_inventory['facter']['os']['release']['major'] == '7') || - (host_inventory['facter']['os']['family'] == 'Debian' && host_inventory['facter']['os']['release']['major'] == '9') || - (host_inventory['facter']['os']['name'] == 'Ubuntu' && host_inventory['facter']['os']['release']['full'] == '18.04') - pp = <<-EOS - package { 'net-tools': ensure => installed } - EOS - - apply_manifest_on(agents, pp, catch_failures: false) - elsif host_inventory['facter']['os']['name'] == 'SLES' && host_inventory['facter']['os']['release']['major'] == '15' - pp = <<-EOS - package { 'net-tools-deprecated': ensure => installed } - EOS - - apply_manifest_on(agents, pp, catch_failures: false) - end - - if host_inventory['facter']['os']['family'] == 'Debian' - # Make sure snake-oil certs are installed. - shell 'apt-get install -y ssl-cert' - end - - # Install module and dependencies - hosts.each do |host| - # Required for mod_passenger tests. - if host_inventory['facter']['os']['family'] == 'RedHat' - on host, puppet('module', 'install', 'stahnma/epel') - on host, puppet('module', 'install', 'puppetlabs/inifile') - # we need epel installed, so we can get plugins, wsgi, mime ... - pp = <<-EOS - class { 'epel': } - EOS - - apply_manifest_on(host, pp, catch_failures: true) - end - - # Required for manifest to make mod_pagespeed repository available - if host_inventory['facter']['os']['family'] == 'Debian' - on host, puppet('module', 'install', 'puppetlabs-apt') - end - - # Make sure selinux is disabled so the tests work. - on host, puppet('apply', '-e', - %("exec { 'setenforce 0': path => '/bin:/sbin:/usr/bin:/usr/sbin', onlyif => 'which setenforce && getenforce | grep Enforcing', }")) - end - end -end - -shared_examples 'a idempotent resource' do - it 'applies with no errors' do - apply_manifest(pp, catch_failures: true) - end - - it 'applies a second time without changes', :skip_pup_5016 do - apply_manifest(pp, catch_changes: true) - end -end diff --git a/puppet/modules/apache/spec/spec_helper_local.rb b/puppet/modules/apache/spec/spec_helper_local.rb deleted file mode 100644 index d348d87..0000000 --- a/puppet/modules/apache/spec/spec_helper_local.rb +++ /dev/null @@ -1,36 +0,0 @@ -if ENV['COVERAGE'] == 'yes' - require 'simplecov' - require 'simplecov-console' - require 'codecov' - - SimpleCov.formatters = [ - SimpleCov::Formatter::HTMLFormatter, - SimpleCov::Formatter::Console, - SimpleCov::Formatter::Codecov, - ] - SimpleCov.start do - track_files 'lib/**/*.rb' - - add_filter '/spec' - - # do not track vendored files - add_filter '/vendor' - add_filter '/.vendor' - - # do not track gitignored files - # this adds about 4 seconds to the coverage check - # this could definitely be optimized - add_filter do |f| - # system returns true if exit status is 0, which with git-check-ignore means file is ignored - system("git check-ignore --quiet #{f.filename}") - end - end -end - -shared_examples :compile, compile: true do - it { is_expected.to compile.with_all_deps } -end - -shared_context 'a mod class, without including apache' do - let(:facts) { on_supported_os['debian-8-x86_64'] } -end diff --git a/puppet/modules/apache/spec/unit/apache_version_spec.rb b/puppet/modules/apache/spec/unit/apache_version_spec.rb deleted file mode 100644 index 0f155ab..0000000 --- a/puppet/modules/apache/spec/unit/apache_version_spec.rb +++ /dev/null @@ -1,38 +0,0 @@ -require 'spec_helper' - -describe Facter::Util::Fact do - before(:each) do - Facter.clear - end - describe 'apache_version' do - context 'with value' do - before :each do - allow(Facter.fact(:kernel)).to receive(:value).and_return('Linux') - expect(Facter::Util::Resolution).to receive(:which).with('apachectl') { true } - expect(Facter::Util::Resolution).to receive(:exec).with('apachectl -v 2>&1') { - 'Server version: Apache/2.4.16 (Unix) - Server built: Jul 31 2015 15:53:26' - } - end - it do - expect(Facter.fact(:apache_version).value).to eq('2.4.16') - end - end - end - - describe 'apache_version with empty OS' do - context 'with value' do - before :each do - allow(Facter.fact(:kernel)).to receive(:value).and_return('Linux') - expect(Facter::Util::Resolution).to receive(:which).with('apachectl') { true } - expect(Facter::Util::Resolution).to receive(:exec).with('apachectl -v 2>&1') { - 'Server version: Apache/2.4.6 () - Server built: Nov 21 2015 05:34:59' - } - end - it do - expect(Facter.fact(:apache_version).value).to eq('2.4.6') - end - end - end -end diff --git a/puppet/modules/apache/spec/unit/provider/a2mod/gentoo_spec.rb b/puppet/modules/apache/spec/unit/provider/a2mod/gentoo_spec.rb deleted file mode 100644 index 0255897..0000000 --- a/puppet/modules/apache/spec/unit/provider/a2mod/gentoo_spec.rb +++ /dev/null @@ -1,176 +0,0 @@ -require 'spec_helper' - -provider_class = Puppet::Type.type(:a2mod).provider(:gentoo) - -describe provider_class do - before :each do - provider_class.clear - end - - [:conf_file, :instances, :modules, :initvars, :conf_file, :clear].each do |method| - it "should respond to the class method #{method}" do - expect(provider_class).to respond_to(method) - end - end - describe 'when fetching modules' do - let(:filetype) do - double - end - - it 'returns a sorted array of the defined parameters' do - expect(filetype).to receive(:read).and_return(%(APACHE2_OPTS="-D FOO -D BAR -D BAZ"\n)) - expect(provider_class).to receive(:filetype) { filetype } - - expect(provider_class.modules).to eq(['bar', 'baz', 'foo']) - end - - it 'caches the module list' do - expect(filetype).to receive(:read).once { %(APACHE2_OPTS="-D FOO -D BAR -D BAZ"\n) } # rubocop:disable Lint/AmbiguousBlockAssociation - expect(provider_class).to receive(:filetype).once { filetype } # rubocop:disable Lint/AmbiguousBlockAssociation - - 2.times { expect(provider_class.modules).to eq(['bar', 'baz', 'foo']) } - end - - it 'normalizes parameters' do - expect(filetype).to receive(:read).and_return(%(APACHE2_OPTS="-D FOO -D BAR -D BAR"\n)) - expect(provider_class).to receive(:filetype) { filetype } - expect(provider_class.modules).to eq(['bar', 'foo']) - end - end - - describe 'when prefetching' do - it 'matches providers to resources' do - provider = instance_double('ssl_provider', name: 'ssl') - resource = instance_double('ssl_resource') - expect(resource).to receive(:provider=).with(provider) - - expect(provider_class).to receive(:instances) { [provider] } - provider_class.prefetch('ssl' => resource) - end - end - describe 'when flushing' do - before :each do - @filetype = double - allow(@filetype).to receive(:backup) - allow(provider_class).to receive(:filetype).at_least(:once) { @filetype } - - @info = double - allow(@info).to receive(:[]).with(:name) { 'info' } - allow(@info).to receive(:provider=) - - @mpm = double - allow(@mpm).to receive(:[]).with(:name) { 'mpm' } - allow(@mpm).to receive(:provider=) - - @ssl = double - allow(@ssl).to receive(:[]).with(:name) { 'ssl' } - allow(@ssl).to receive(:provider=) - end - it 'adds modules whose ensure is present' do - expect(@filetype).to receive(:read).at_least(:once) { %(APACHE2_OPTS="") } - expect(@filetype).to receive(:write).with(%(APACHE2_OPTS="-D INFO")) - - allow(@info).to receive(:should).with(:ensure) { :present } - provider_class.prefetch('info' => @info) - - provider_class.flush - end - it 'removes modules whose ensure is present' do - expect(@filetype).to receive(:read).at_least(:once) { %(APACHE2_OPTS="-D INFO") } - expect(@filetype).to receive(:write).with(%(APACHE2_OPTS="")) - - allow(@info).to receive(:should).with(:ensure) { :absent } - allow(@info).to receive(:provider=) - provider_class.prefetch('info' => @info) - - provider_class.flush - end - - it 'does not modify providers without resources' do - expect(@filetype).to receive(:read).at_least(:once) { %(APACHE2_OPTS="-D INFO -D MPM") } - expect(@filetype).to receive(:write).with(%(APACHE2_OPTS="-D MPM -D SSL")) - - allow(@info).to receive(:should).with(:ensure) { :absent } - provider_class.prefetch('info' => @info) - - allow(@ssl).to receive(:should).with(:ensure) { :present } - provider_class.prefetch('ssl' => @ssl) - - provider_class.flush - end - - it 'writes the modules in sorted order' do - expect(@filetype).to receive(:read).at_least(:once) { %(APACHE2_OPTS="") } - expect(@filetype).to receive(:write).with(%(APACHE2_OPTS="-D INFO -D MPM -D SSL")) - - allow(@mpm).to receive(:should).with(:ensure) { :present } - provider_class.prefetch('mpm' => @mpm) - allow(@info).to receive(:should).with(:ensure) { :present } - provider_class.prefetch('info' => @info) - allow(@ssl).to receive(:should).with(:ensure) { :present } - provider_class.prefetch('ssl' => @ssl) - - provider_class.flush - end - - it 'writes the records back once' do - expect(@filetype).to receive(:read).at_least(:once) { %(APACHE2_OPTS="") } - expect(@filetype).to receive(:write).once.with(%(APACHE2_OPTS="-D INFO -D SSL")) - - allow(@info).to receive(:should).with(:ensure) { :present } - provider_class.prefetch('info' => @info) - - allow(@ssl).to receive(:should).with(:ensure) { :present } - provider_class.prefetch('ssl' => @ssl) - - provider_class.flush - end - - it 'onlies modify the line containing APACHE2_OPTS' do - expect(@filetype).to receive(:read).at_least(:once) { %(# Comment\nAPACHE2_OPTS=""\n# Another comment) } - expect(@filetype).to receive(:write).once.with(%(# Comment\nAPACHE2_OPTS="-D INFO"\n# Another comment)) - - allow(@info).to receive(:should).with(:ensure) { :present } - provider_class.prefetch('info' => @info) - provider_class.flush - end - - it 'restores any arbitrary arguments' do - expect(@filetype).to receive(:read).at_least(:once) { %(APACHE2_OPTS="-Y -D MPM -X") } - expect(@filetype).to receive(:write).once.with(%(APACHE2_OPTS="-Y -X -D INFO -D MPM")) - - allow(@info).to receive(:should).with(:ensure) { :present } - provider_class.prefetch('info' => @info) - provider_class.flush - end - - it 'backups the file once if changes were made' do - expect(@filetype).to receive(:read).at_least(:once) { %(APACHE2_OPTS="") } - expect(@filetype).to receive(:write).once.with(%(APACHE2_OPTS="-D INFO -D SSL")) - - allow(@info).to receive(:should).with(:ensure) { :present } - provider_class.prefetch('info' => @info) - - allow(@ssl).to receive(:should).with(:ensure) { :present } - provider_class.prefetch('ssl' => @ssl) - - expect(@filetype).to receive(:backup) - - provider_class.flush - end - - it 'does not write the file or run backups if no changes were made' do - expect(@filetype).to receive(:read).at_least(:once) { %(APACHE2_OPTS="-X -D INFO -D SSL -Y") } - expect(@filetype).to receive(:write).never - - allow(@info).to receive(:should).with(:ensure) { :present } - provider_class.prefetch('info' => @info) - - allow(@ssl).to receive(:should).with(:ensure) { :present } - provider_class.prefetch('ssl' => @ssl) - - expect(@filetype).to receive(:backup).never - provider_class.flush - end - end -end diff --git a/puppet/modules/apache/spec/unit/puppet/parser/functions/apache_pw_hash_spec.rb b/puppet/modules/apache/spec/unit/puppet/parser/functions/apache_pw_hash_spec.rb deleted file mode 100644 index 13f7337..0000000 --- a/puppet/modules/apache/spec/unit/puppet/parser/functions/apache_pw_hash_spec.rb +++ /dev/null @@ -1,32 +0,0 @@ -require 'spec_helper' - -describe 'the apache_pw_hash function' do - let(:scope) { PuppetlabsSpec::PuppetInternals.scope } - - it 'exists' do - expect(Puppet::Parser::Functions.function('apache_pw_hash')).to eq('function_apache_pw_hash') - end - - it 'raises a ParseError if there is less than 1 arguments' do - expect { scope.function_apache_pw_hash([]) }.to(raise_error(Puppet::ParseError)) - end - - it 'raises an Puppet::ParseError if argument is an empty string' do - expect { scope.function_apache_pw_hash(['']) }.to(raise_error(Puppet::ParseError)) - end - - context 'when argument is not a string' do - it { expect { scope.function_apache_pw_hash([1]) }.to(raise_error(Puppet::ParseError)) } - it { expect { scope.function_apache_pw_hash([true]) }.to(raise_error(Puppet::ParseError)) } - it { expect { scope.function_apache_pw_hash([{}]) }.to(raise_error(Puppet::ParseError)) } - it { expect { scope.function_apache_pw_hash([[]]) }.to(raise_error(Puppet::ParseError)) } - end - - it 'raises an Puppet::ParseError if argument is not a string' do - expect { scope.function_apache_pw_hash([1]) }.to(raise_error(Puppet::ParseError)) - end - - it 'returns proper hash' do - expect(scope.function_apache_pw_hash(['test'])).to(eq('{SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M=')) - end -end diff --git a/puppet/modules/apache/spec/unit/puppet/parser/functions/bool2httpd_spec.rb b/puppet/modules/apache/spec/unit/puppet/parser/functions/bool2httpd_spec.rb deleted file mode 100644 index 1b73fa2..0000000 --- a/puppet/modules/apache/spec/unit/puppet/parser/functions/bool2httpd_spec.rb +++ /dev/null @@ -1,53 +0,0 @@ -require 'spec_helper' - -describe 'the bool2httpd function' do - let(:scope) { PuppetlabsSpec::PuppetInternals.scope } - - it 'exists' do - expect(Puppet::Parser::Functions.function('bool2httpd')).to eq('function_bool2httpd') - end - - it 'raises a ParseError if there is less than 1 arguments' do - expect { scope.function_bool2httpd([]) }.to(raise_error(Puppet::ParseError)) - end - - it "converts true to 'On'" do - result = scope.function_bool2httpd([true]) - expect(result).to(eq('On')) - end - - it 'converts true to a string' do - result = scope.function_bool2httpd([true]) - expect(result.class).to(eq(String)) - end - - it "converts false to 'Off'" do - result = scope.function_bool2httpd([false]) - expect(result).to(eq('Off')) - end - - it 'converts false to a string' do - result = scope.function_bool2httpd([false]) - expect(result.class).to(eq(String)) - end - - it 'accepts (and return) any string' do - result = scope.function_bool2httpd(['mail']) - expect(result).to(eq('mail')) - end - - it 'accepts a nil value (and return Off)' do - result = scope.function_bool2httpd([nil]) - expect(result).to(eq('Off')) - end - - it "accepts an undef value (and return 'Off')" do - result = scope.function_bool2httpd([:undef]) - expect(result).to(eq('Off')) - end - - it 'returns a default value on non-matches' do - result = scope.function_bool2httpd(['foo']) - expect(result).to(eq('foo')) - end -end diff --git a/puppet/modules/apache/spec/unit/puppet/parser/functions/validate_apache_log_level.rb b/puppet/modules/apache/spec/unit/puppet/parser/functions/validate_apache_log_level.rb deleted file mode 100644 index 9647815..0000000 --- a/puppet/modules/apache/spec/unit/puppet/parser/functions/validate_apache_log_level.rb +++ /dev/null @@ -1,38 +0,0 @@ -#! /usr/bin/env ruby -S rspec # rubocop:disable Lint/ScriptPermission -require 'spec_helper' - -describe 'the validate_apache_log_level function' do - let(:scope) { PuppetlabsSpec::PuppetInternals.scope } - - it 'exists' do - expect(Puppet::Parser::Functions.function('validate_apache_log_level')).to eq('function_validate_apache_log_level') - end - - it 'raises a ParseError if there is less than 1 arguments' do - expect { scope.function_validate_apache_log_level([]) }.to(raise_error(Puppet::ParseError)) - end - - it 'raises a ParseError when given garbage' do - expect { scope.function_validate_apache_log_level(['garbage']) }.to(raise_error(Puppet::ParseError)) - end - - it 'does not raise a ParseError when given a plain log level' do - expect { scope.function_validate_apache_log_level(['info']) }.not_to raise_error - end - - it 'does not raise a ParseError when given a log level and module log level #ssl' do - expect { scope.function_validate_apache_log_level(['warn ssl:info']) }.not_to raise_error - end - - it 'does not raise a ParseError when given a log level and module log level #mod_ssl.c' do - expect { scope.function_validate_apache_log_level(['warn mod_ssl.c:info']) }.not_to raise_error - end - - it 'does not raise a ParseError when given a log level and module log level #ssl_module' do - expect { scope.function_validate_apache_log_level(['warn ssl_module:info']) }.not_to raise_error - end - - it 'does not raise a ParseError when given a trace level' do - expect { scope.function_validate_apache_log_level(['trace4']) }.not_to raise_error - end -end diff --git a/puppet/modules/apache/tasks/init.json b/puppet/modules/apache/tasks/init.json deleted file mode 100644 index 3822ed6..0000000 --- a/puppet/modules/apache/tasks/init.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "description": "Allows you to perform apache service functions", - "input_method": "stdin", - "parameters": { - "action": { - "description": "Action to perform ", - "type": "Enum[reload]" - }, - "service_name": { - "description": "The name of the apache service ", - "type": "Optional[String[1]]" - } - } -} diff --git a/puppet/modules/apache/tasks/init.rb b/puppet/modules/apache/tasks/init.rb deleted file mode 100755 index 1df27bd..0000000 --- a/puppet/modules/apache/tasks/init.rb +++ /dev/null @@ -1,34 +0,0 @@ -#!/opt/puppetlabs/puppet/bin/ruby -require 'json' -require 'open3' -require 'puppet' - -def service(action, service_name) - if service_name.nil? - stdout, _stderr, _status = Open3.capture3('facter', '-p', 'osfamily') - osfamily = stdout.strip - service_name = if osfamily == 'RedHat' - 'httpd' - elsif osfamily == 'FreeBSD' - 'apache24' - else - 'apache2' - end - end - _stdout, stderr, status = Open3.capture3('service', service_name, action) - raise Puppet::Error, stderr if status != 0 - { status: "#{action} successful" } -end - -params = JSON.parse(STDIN.read) -action = params['action'] -service_name = params['service_name'] - -begin - result = service(action, service_name) - puts result.to_json - exit 0 -rescue Puppet::Error => e - puts({ status: 'failure', error: e.message }.to_json) - exit 1 -end diff --git a/puppet/modules/apache/templates/confd/no-accf.conf.erb b/puppet/modules/apache/templates/confd/no-accf.conf.erb deleted file mode 100644 index 10e5164..0000000 --- a/puppet/modules/apache/templates/confd/no-accf.conf.erb +++ /dev/null @@ -1,4 +0,0 @@ - - AcceptFilter http none - AcceptFilter https none - diff --git a/puppet/modules/apache/templates/fastcgi/server.erb b/puppet/modules/apache/templates/fastcgi/server.erb deleted file mode 100644 index bae56d4..0000000 --- a/puppet/modules/apache/templates/fastcgi/server.erb +++ /dev/null @@ -1,22 +0,0 @@ -<% - timeout = " -idle-timeout #{@timeout}" - flush = "" - if @flush - flush = " -flush" - end - if @socket - host_or_socket = " -socket #{@socket}" - else - host_or_socket = " -host #{@host}" - end - - pass_header = "" - if @pass_header and ! @pass_header.empty? - pass_header = " -pass-header #{@pass_header}" - end - - options = timeout + flush + host_or_socket + pass_header --%> -FastCGIExternalServer <%= @faux_path %><%= options %> -Alias <%= @fcgi_alias %> <%= @faux_path %> -Action <%= @file_type %> <%= @fcgi_alias %> diff --git a/puppet/modules/apache/templates/httpd.conf.erb b/puppet/modules/apache/templates/httpd.conf.erb deleted file mode 100755 index 5393cb8..0000000 --- a/puppet/modules/apache/templates/httpd.conf.erb +++ /dev/null @@ -1,174 +0,0 @@ -# Security -ServerTokens <%= @server_tokens %> -ServerSignature <%= scope.call_function('apache::bool2httpd', [@server_signature]) %> -TraceEnable <%= scope.call_function('apache::bool2httpd', [@trace_enable]) %> - -ServerName "<%= @servername %>" -ServerRoot "<%= @server_root %>" -PidFile <%= @pidfile %> -Timeout <%= @timeout %> -KeepAlive <%= @keepalive %> -MaxKeepAliveRequests <%= @max_keepalive_requests %> -KeepAliveTimeout <%= @keepalive_timeout %> -LimitRequestFieldSize <%= @limitreqfieldsize %> -LimitRequestFields <%= @limitreqfields %> -<%# Actually >= 2.4.24, but the minor version is not provided -%> -<%- if @http_protocol_options and scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> -HttpProtocolOptions <%= @http_protocol_options %> -<%- end -%> - -<%# Actually >= 2.4.17, but the minor version is not provided -%> -<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> - <%- unless @protocols.empty? -%> -Protocols <%= @protocols.join(' ') %> - <%- end -%> - <%- unless @protocols_honor_order.nil? -%> -ProtocolsHonorOrder <%= scope.call_function('apache::bool2httpd', [@protocols_honor_order]) %> - <%- end -%> -<%- end -%> - -<%- if @rewrite_lock and scope.function_versioncmp([@apache_version, '2.2']) <= 0 -%> -RewriteLock <%= @rewrite_lock %> -<%- end -%> - -User <%= @user %> -Group <%= @group %> - -AccessFileName .htaccess - -<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> - Require all denied -<%- else -%> - Order allow,deny - Deny from all - Satisfy all -<%- end -%> - - - - Options <%= Array(@root_directory_options).join(' ') %> - AllowOverride None -<%- if @root_directory_secured -%> -<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> - Require all denied -<%- else -%> - Order deny,allow - Deny from all -<%- end -%> -<%- end -%> - - -<% if @default_charset -%> -AddDefaultCharset <%= @default_charset %> -<% end -%> - -<%- if scope.function_versioncmp([@apache_version, '2.4']) < 0 -%> -DefaultType <%= @default_type %> -<%- end -%> -HostnameLookups <%= @hostname_lookups %> -<%- if /^[|\/]/.match(@error_log) || /^syslog:/.match(@error_log) -%> -ErrorLog "<%= @error_log %>" -<%- else -%> -ErrorLog "<%= @logroot %>/<%= @error_log %>" -<%- end -%> -LogLevel <%= @log_level %> -EnableSendfile <%= @sendfile %> -<%- if @allow_encoded_slashes -%> -AllowEncodedSlashes <%= @allow_encoded_slashes %> -<%- end -%> -<%- if @file_e_tag -%> -FileETag <%= @file_e_tag %> -<%- end -%> -<%- if @use_canonical_name -%> -UseCanonicalName <%= @use_canonical_name %> -<%- end -%> - -#Listen 80 - -<% if @apxs_workaround -%> -# Workaround: without this hack apxs would be confused about where to put -# LoadModule directives and fail entire procedure of apache package -# installation/reinstallation. This problem was observed on FreeBSD (apache22). -#LoadModule fake_module libexec/apache22/mod_fake.so -<% end -%> - -Include "<%= @mod_load_dir %>/*.load" -<% if @mod_load_dir != @confd_dir and @mod_load_dir != @vhost_load_dir -%> -Include "<%= @mod_load_dir %>/*.conf" -<% end -%> -Include "<%= @ports_file %>" - -<% unless @log_formats.has_key?('combined') -%> -LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -<% end -%> -<% unless @log_formats.has_key?('common') -%> -LogFormat "%a %l %u %t \"%r\" %>s %b" common -<% end -%> -<% unless @log_formats.has_key?('referer') -%> -LogFormat "%{Referer}i -> %U" referer -<% end -%> -<% unless @log_formats.has_key?('agent') -%> -LogFormat "%{User-agent}i" agent -<% end -%> -<% unless @log_formats.has_key?('forwarded') -%> -LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded -<% end -%> -<% if @log_formats and !@log_formats.empty? -%> - <%- @log_formats.sort.each do |nickname,format| -%> -LogFormat "<%= format -%>" <%= nickname %> - <%- end -%> -<% end -%> - -<%- if @conf_enabled and scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> -IncludeOptional "<%= @conf_enabled %>/*.conf" -<%- end -%> -<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> -IncludeOptional "<%= @confd_dir %>/*.conf" -<%- else -%> -Include "<%= @confd_dir %>/*.conf" -<%- end -%> -<% if @vhost_load_dir != @confd_dir -%> -<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> -IncludeOptional "<%= @vhost_load_dir %>/<%= @vhost_include_pattern %>" -<%- else -%> -Include "<%= @vhost_load_dir %>/<%= @vhost_include_pattern %>" -<%- end -%> -<% end -%> - -<% if @error_documents -%> -# /usr/share/apache2/error on debian -Alias /error/ "<%= @error_documents_path %>/" - -"> - AllowOverride None - Options IncludesNoExec - AddOutputFilter Includes html - AddHandler type-map var -<%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> - Require all granted -<%- else -%> - Order allow,deny - Allow from all -<%- end -%> - LanguagePriority en cs de es fr it nl sv pt-br ro - ForceLanguagePriority Prefer Fallback - - -ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var -ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var -ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var -ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var -ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var -ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var -ErrorDocument 410 /error/HTTP_GONE.html.var -ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var -ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var -ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var -ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var -ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var -ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var -ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var -ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var -ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var -ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var -<% end -%> diff --git a/puppet/modules/apache/templates/listen.erb b/puppet/modules/apache/templates/listen.erb deleted file mode 100644 index 8fc871b..0000000 --- a/puppet/modules/apache/templates/listen.erb +++ /dev/null @@ -1,6 +0,0 @@ -<%# Listen should always be one of: - - - - : - - [ --%> -Listen <%= @listen_addr_port %> diff --git a/puppet/modules/apache/templates/mod/_allow.erb b/puppet/modules/apache/templates/mod/_allow.erb deleted file mode 100644 index 0542e49..0000000 --- a/puppet/modules/apache/templates/mod/_allow.erb +++ /dev/null @@ -1,7 +0,0 @@ - Order deny,allow - Deny from all -<% if @allow_from != nil and ! @allow_from.empty? -%> - Allow from <%= Array(@allow_from).join(" ") %> -<% else -%> - Allow from <%= Array(@allow_defaults).join(" ") %> -<% end -%> diff --git a/puppet/modules/apache/templates/mod/_require.erb b/puppet/modules/apache/templates/mod/_require.erb deleted file mode 100644 index 6a06d68..0000000 --- a/puppet/modules/apache/templates/mod/_require.erb +++ /dev/null @@ -1,44 +0,0 @@ -<% if @requires != nil -%> - <%- _requires = @requires -%> -<% elsif @allow_from != nil and ! @allow_from.empty? -%> - <%- scope.function_warning(["Class #{@title}: Using Allow"]) -%> - <%- scope.function_warning(["is deprecated in Apache #{@_apache_version}"]) -%> - <%- _requires = 'ip ' + Array(@allow_from).join(" ") -%> -<% else -%> - <%- _requires = @requires_defaults -%> -<% end -%> -<%-# -%> -<% if _requires.is_a?(String) -%> - <%- if ! ['', 'unmanaged'].include?_requires.downcase -%> - Require <%= _requires %> - <%- end -%> -<% elsif _requires.is_a?(Array) -%> - <%- _requires.each do |req| -%> - Require <%= req %> - <%- end -%> -<% elsif _requires.is_a?(Hash) -%> - <%- if _requires.has_key?('enforce') and ['all', 'none', 'any'].include?_requires['enforce'].downcase -%> - <%- enforce_str = "Require#{_requires['enforce'].capitalize}>\n" -%> - <%- enforce_open = " <#{enforce_str}" -%> - <%- enforce_close = " - <%- indentation = ' ' -%> - <%- else -%> - <%- if _requires.has_key?('enforce') -%> - <%- scope.function_warning(["Class #{@title}: Require can only"]) -%> - <%- scope.function_warning(["be overwritten with all, none or any."]) -%> - <%- end -%> - <%- enforce_open = '' -%> - <%- enforce_close = '' -%> - <%- indentation = '' -%> - <%- end -%> - <%- if _requires.has_key?('requires') and _requires['requires'].is_a?(Array) -%> -<%# %><%= enforce_open -%> - <%- _requires['requires'].each do |req| -%> -<%# %> <%= indentation -%>Require <%= req %> - <%- end -%> -<%# %><%= enforce_close -%> - <%- else -%> - <%- scope.function_warning(["Class #{@title}: Require hash must have"]) -%> - <%- scope.function_warning(["a key named \"requires\" with array value"]) -%> - <%- end -%> -<% end -%> diff --git a/puppet/modules/apache/templates/mod/alias.conf.erb b/puppet/modules/apache/templates/mod/alias.conf.erb deleted file mode 100644 index 8580f70..0000000 --- a/puppet/modules/apache/templates/mod/alias.conf.erb +++ /dev/null @@ -1,13 +0,0 @@ - -Alias /icons/ "<%= @icons_path %>/" -"> - Options <%= @icons_options %> - AllowOverride None -<%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> - Require all granted -<%- else -%> - Order allow,deny - Allow from all -<%- end -%> - - diff --git a/puppet/modules/apache/templates/mod/auth_cas.conf.erb b/puppet/modules/apache/templates/mod/auth_cas.conf.erb deleted file mode 100644 index b59c535..0000000 --- a/puppet/modules/apache/templates/mod/auth_cas.conf.erb +++ /dev/null @@ -1,58 +0,0 @@ -CASCookiePath <%= @cas_cookie_path %> -CASLoginURL <%= @cas_login_url %> -CASValidateURL <%= @cas_validate_url %> - -CASVersion <%= @cas_version %> -CASDebug <%= @cas_debug %> - -<% if @cas_certificate_path -%> -CASCertificatePath <%= @cas_certificate_path %> -<% end -%> -<% if @cas_proxy_validate_url -%> -CASProxyValidateURL <%= @cas_proxy_validate_url %> -<% end -%> -<% if @cas_validate_server -%> -CASValidateServer <%= @cas_validate_server %> -<% end -%> -<% if @cas_validate_depth -%> -CASValidateDepth <%= @cas_validate_depth %> -<% end -%> -<% if @cas_root_proxied_as -%> -CASRootProxiedAs <%= @cas_root_proxied_as %> -<% end -%> -<% if @cas_cookie_entropy -%> -CASCookieEntropy <%= @cas_cookie_entropy %> -<% end -%> -<% if @cas_timeout -%> -CASTimeout <%= @cas_timeout %> -<% end -%> -<% if @cas_idle_timeout -%> -CASIdleTimeout <%= @cas_idle_timeout %> -<% end -%> -<% if @cas_cache_clean_interval -%> -CASCacheCleanInterval <%= @cas_cache_clean_interval %> -<% end -%> -<% if @cas_cookie_domain -%> -CASCookieDomain <%= @cas_cookie_domain %> -<% end -%> -<% if @cas_cookie_http_only -%> -CASCookieHttpOnly <%= @cas_cookie_http_only %> -<% end -%> -<% if @cas_authoritative -%> -CASAuthoritative <%= @cas_authoritative %> -<% end -%> -<%- if @cas_sso_enabled -%> -CASSSOEnabled On -<%- end -%> -<%- if @cas_validate_saml -%> -CASValidateSAML On -<%- end -%> -<%- if @cas_attribute_prefix -%> -CASAttributePrefix <%= @cas_attribute_prefix %> -<%- end -%> -<%- if @cas_attribute_delimiter -%> -CASAttributeDelimiter <%= @cas_attribute_delimiter %> -<%- end -%> -<%- if @cas_scrub_request_headers -%> -CASAttributeDelimiter On -<%- end -%> diff --git a/puppet/modules/apache/templates/mod/auth_mellon.conf.erb b/puppet/modules/apache/templates/mod/auth_mellon.conf.erb deleted file mode 100644 index e36a733..0000000 --- a/puppet/modules/apache/templates/mod/auth_mellon.conf.erb +++ /dev/null @@ -1,21 +0,0 @@ -<%- if @mellon_cache_size -%> -MellonCacheSize <%= @mellon_cache_size %> -<%- end -%> -<%- if @mellon_cache_entry_size -%> -MellonCacheEntrySize <%= @mellon_cache_entry_size %> -<%- end -%> -<%- if @mellon_lock_file -%> -MellonLockFile "<%= @mellon_lock_file %>" -<%- end -%> -<%- if @mellon_post_directory -%> -MellonPostDirectory "<%= @mellon_post_directory %>" -<%- end -%> -<%- if @mellon_post_ttl -%> -MellonPostTTL <%= @mellon_post_ttl %> -<%- end -%> -<%- if @mellon_post_size -%> -MellonPostSize <%= @mellon_post_size %> -<%- end -%> -<%- if @mellon_post_count -%> -MellonPostCount <%= @mellon_post_count %> -<%- end -%> diff --git a/puppet/modules/apache/templates/mod/authn_dbd.conf.erb b/puppet/modules/apache/templates/mod/authn_dbd.conf.erb deleted file mode 100644 index e04fb3e..0000000 --- a/puppet/modules/apache/templates/mod/authn_dbd.conf.erb +++ /dev/null @@ -1,17 +0,0 @@ -#Database Management -DBDriver <%= @authn_dbd_dbdriver %> - -#Connection string: database name and login credentials -DBDParams "<%= @authn_dbd_params %>" - -#Parameters for Connection Pool Management -DBDMin <%= @authn_dbd_min %> -DBDMax <%= @authn_dbd_max %> -DBDKeep <%= @authn_dbd_keep %> -DBDExptime <%= @authn_dbd_exptime %> - -<%- if @authn_dbd_alias -%> -> - AuthDBDUserPWQuery "<%= @authn_dbd_query %>" - -<%- end -%> diff --git a/puppet/modules/apache/templates/mod/authnz_ldap.conf.erb b/puppet/modules/apache/templates/mod/authnz_ldap.conf.erb deleted file mode 100644 index ed1334e..0000000 --- a/puppet/modules/apache/templates/mod/authnz_ldap.conf.erb +++ /dev/null @@ -1,5 +0,0 @@ -<% if @verify_server_cert == true -%> -LDAPVerifyServerCert On -<% else -%> -LDAPVerifyServerCert Off -<% end -%> diff --git a/puppet/modules/apache/templates/mod/autoindex.conf.erb b/puppet/modules/apache/templates/mod/autoindex.conf.erb deleted file mode 100644 index ef6bbeb..0000000 --- a/puppet/modules/apache/templates/mod/autoindex.conf.erb +++ /dev/null @@ -1,56 +0,0 @@ -IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8 -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2 - -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif /core -AddIcon (SND,/icons/sound2.gif) .ogg -AddIcon (VID,/icons/movie.gif) .ogm - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -AddIcon /icons/odf6odt-20x22.png .odt -AddIcon /icons/odf6ods-20x22.png .ods -AddIcon /icons/odf6odp-20x22.png .odp -AddIcon /icons/odf6odg-20x22.png .odg -AddIcon /icons/odf6odc-20x22.png .odc -AddIcon /icons/odf6odf-20x22.png .odf -AddIcon /icons/odf6odb-20x22.png .odb -AddIcon /icons/odf6odi-20x22.png .odi -AddIcon /icons/odf6odm-20x22.png .odm - -AddIcon /icons/odf6ott-20x22.png .ott -AddIcon /icons/odf6ots-20x22.png .ots -AddIcon /icons/odf6otp-20x22.png .otp -AddIcon /icons/odf6otg-20x22.png .otg -AddIcon /icons/odf6otc-20x22.png .otc -AddIcon /icons/odf6otf-20x22.png .otf -AddIcon /icons/odf6oti-20x22.png .oti -AddIcon /icons/odf6oth-20x22.png .oth - -DefaultIcon /icons/unknown.gif -ReadmeName README.html -HeaderName HEADER.html - -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t diff --git a/puppet/modules/apache/templates/mod/cgid.conf.erb b/puppet/modules/apache/templates/mod/cgid.conf.erb deleted file mode 100644 index 5f82d74..0000000 --- a/puppet/modules/apache/templates/mod/cgid.conf.erb +++ /dev/null @@ -1 +0,0 @@ -ScriptSock "<%= @cgisock_path %>" diff --git a/puppet/modules/apache/templates/mod/cluster.conf.erb b/puppet/modules/apache/templates/mod/cluster.conf.erb deleted file mode 100644 index d2f9d52..0000000 --- a/puppet/modules/apache/templates/mod/cluster.conf.erb +++ /dev/null @@ -1,26 +0,0 @@ -Listen <%= @ip %>:<%= @port %> -:<%= @port %>> - - Order deny,allow - Deny from all - Allow from <%= @allowed_network %> - - - KeepAliveTimeout <%= @keep_alive_timeout %> - MaxKeepAliveRequests <%= @max_keep_alive_requests %> - EnableMCPMReceive <%= scope.call_function('apache::bool2httpd', [@enable_mcpm_receive]) %> - - ManagerBalancerName <%= @balancer_name %> - ServerAdvertise <%= scope.call_function('apache::bool2httpd', [@server_advertise]) %> - <%- if @server_advertise == true and @advertise_frequency != nil -%> - AdvertiseFrequency <%= @advertise_frequency %> - <%- end -%> - - - SetHandler mod_cluster-manager - Order deny,allow - Deny from all - Allow from <%= @manager_allowed_network %> - - - diff --git a/puppet/modules/apache/templates/mod/dav_fs.conf.erb b/puppet/modules/apache/templates/mod/dav_fs.conf.erb deleted file mode 100644 index 3c53e9e..0000000 --- a/puppet/modules/apache/templates/mod/dav_fs.conf.erb +++ /dev/null @@ -1 +0,0 @@ -DAVLockDB "<%= @dav_lock %>" diff --git a/puppet/modules/apache/templates/mod/deflate.conf.erb b/puppet/modules/apache/templates/mod/deflate.conf.erb deleted file mode 100644 index ede8b2e..0000000 --- a/puppet/modules/apache/templates/mod/deflate.conf.erb +++ /dev/null @@ -1,7 +0,0 @@ -<%- @types.sort.each do |type| -%> -AddOutputFilterByType DEFLATE <%= type %> -<%- end -%> - -<%- @notes.sort.each do |type,note| -%> -DeflateFilterNote <%= type %> <%=note %> -<%- end -%> diff --git a/puppet/modules/apache/templates/mod/dir.conf.erb b/puppet/modules/apache/templates/mod/dir.conf.erb deleted file mode 100644 index 741f6ae..0000000 --- a/puppet/modules/apache/templates/mod/dir.conf.erb +++ /dev/null @@ -1 +0,0 @@ -DirectoryIndex <%= @indexes.join(' ') %> diff --git a/puppet/modules/apache/templates/mod/disk_cache.conf.erb b/puppet/modules/apache/templates/mod/disk_cache.conf.erb deleted file mode 100644 index 44d4fd2..0000000 --- a/puppet/modules/apache/templates/mod/disk_cache.conf.erb +++ /dev/null @@ -1,7 +0,0 @@ -CacheEnable disk / -CacheRoot "<%= @_cache_root %>" -CacheDirLevels 2 -CacheDirLength 1 -<% if @cache_ignore_headers -%> -CacheIgnoreHeaders <%= @cache_ignore_headers -%> -<% end -%> \ No newline at end of file diff --git a/puppet/modules/apache/templates/mod/dumpio.conf.erb b/puppet/modules/apache/templates/mod/dumpio.conf.erb deleted file mode 100644 index 29c34e2..0000000 --- a/puppet/modules/apache/templates/mod/dumpio.conf.erb +++ /dev/null @@ -1,3 +0,0 @@ -# https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html -DumpIOInput "<%= @dump_io_input %>" -DumpIOOutput "<%= @dump_io_output %>" diff --git a/puppet/modules/apache/templates/mod/event.conf.erb b/puppet/modules/apache/templates/mod/event.conf.erb deleted file mode 100644 index bca707c..0000000 --- a/puppet/modules/apache/templates/mod/event.conf.erb +++ /dev/null @@ -1,33 +0,0 @@ - - <%- if @serverlimit -%> - ServerLimit <%= @serverlimit %> - <%- end -%> - <%- if @startservers -%> - StartServers <%= @startservers %> - <%- end -%> - <%- if @maxrequestworkers -%> - MaxRequestWorkers <%= @maxrequestworkers %> - <%- elsif @maxclients -%> - MaxClients <%= @maxclients %> - <%- end -%> - <%- if @minsparethreads -%> - MinSpareThreads <%= @minsparethreads %> - <%- end -%> - <%- if @maxsparethreads -%> - MaxSpareThreads <%= @maxsparethreads %> - <%- end -%> - <%- if @threadsperchild -%> - ThreadsPerChild <%= @threadsperchild %> - <%- end -%> - <%- if @maxconnectionsperchild -%> - MaxConnectionsPerChild <%= @maxconnectionsperchild %> - <%- elsif @maxrequestsperchild -%> - MaxRequestsPerChild <%= @maxrequestsperchild %> - <%- end -%> - <%- if @threadlimit -%> - ThreadLimit <%= @threadlimit %> - <%- end -%> - <%- if @listenbacklog -%> - ListenBacklog <%= @listenbacklog %> - <%- end -%> - diff --git a/puppet/modules/apache/templates/mod/expires.conf.erb b/puppet/modules/apache/templates/mod/expires.conf.erb deleted file mode 100644 index a864c6c..0000000 --- a/puppet/modules/apache/templates/mod/expires.conf.erb +++ /dev/null @@ -1,11 +0,0 @@ -ExpiresActive <%= scope.call_function('apache::bool2httpd', [@expires_active]) %> -<%- if ! @expires_default.nil? and ! @expires_default.empty? -%> -ExpiresDefault "<%= @expires_default %>" -<%- end -%> -<%- if ! @expires_by_type.nil? and ! @expires_by_type.empty? -%> -<%- [@expires_by_type].flatten.each do |line| -%> -<%- line.map do |type, seconds| -%> -ExpiresByType <%= type %> "<%= seconds -%>" -<%- end -%> -<%- end -%> -<%- end -%> diff --git a/puppet/modules/apache/templates/mod/ext_filter.conf.erb b/puppet/modules/apache/templates/mod/ext_filter.conf.erb deleted file mode 100644 index 67f98fd..0000000 --- a/puppet/modules/apache/templates/mod/ext_filter.conf.erb +++ /dev/null @@ -1,6 +0,0 @@ -# mod_ext_filter definitions -<%- if @ext_filter_define.length >= 1 -%> -<%- @ext_filter_define.keys.sort.each do |name| -%> -ExtFilterDefine <%= name %> <%= @ext_filter_define[name] %> -<%- end -%> -<%- end -%> diff --git a/puppet/modules/apache/templates/mod/fastcgi.conf.erb b/puppet/modules/apache/templates/mod/fastcgi.conf.erb deleted file mode 100644 index 93c8d86..0000000 --- a/puppet/modules/apache/templates/mod/fastcgi.conf.erb +++ /dev/null @@ -1,8 +0,0 @@ -# The Fastcgi Apache module configuration file is being -# managed by Puppet and changes will be overwritten. - - - SetHandler fastcgi-script - - FastCgiIpcDir "<%= @fastcgi_lib_path %>" - diff --git a/puppet/modules/apache/templates/mod/fcgid.conf.erb b/puppet/modules/apache/templates/mod/fcgid.conf.erb deleted file mode 100644 index a82bc30..0000000 --- a/puppet/modules/apache/templates/mod/fcgid.conf.erb +++ /dev/null @@ -1,5 +0,0 @@ - -<% @options.sort_by {|key, value| key}.each do |key, value| -%> - <%= key %> <%= value %> -<% end -%> - diff --git a/puppet/modules/apache/templates/mod/geoip.conf.erb b/puppet/modules/apache/templates/mod/geoip.conf.erb deleted file mode 100644 index 8cedc79..0000000 --- a/puppet/modules/apache/templates/mod/geoip.conf.erb +++ /dev/null @@ -1,25 +0,0 @@ -GeoIPEnable <%= scope.call_function('apache::bool2httpd', [@enable]) %> - -<%- if @db_file and ! [ false, 'false', '' ].include?(@db_file) -%> - <%- if @db_file.kind_of?(Array) -%> - <%- Array(@db_file).each do |file| -%> -GeoIPDBFile <%= file %> <%= @flag %> - <%- end -%> - <%- else -%> -GeoIPDBFile <%= @db_file %> <%= @flag %> - <%- end -%> -<%- end -%> -GeoIPOutput <%= @output %> -<% if ! @enable_utf8.nil? -%> -GeoIPEnableUTF8 <%= scope.call_function('apache::bool2httpd', [@enable_utf8]) %> -<% end -%> -<% if ! @scan_proxy_headers.nil? -%> -GeoIPScanProxyHeaders <%= scope.function_bool2httpd([@scan_proxy_headers]) %> -<% end -%> -<% if ! @scan_proxy_header_field.nil? -%> -GeoIPScanProxyHeaderField <%= @scan_proxy_header_field %> -<% end -%> -<% if ! @use_last_xforwarededfor_ip.nil? -%> -GeoIPUseLastXForwardedForIP <%= scope.function_bool2httpd([@use_last_xforwarededfor_ip]) %> -<% end -%> - diff --git a/puppet/modules/apache/templates/mod/http2.conf.erb b/puppet/modules/apache/templates/mod/http2.conf.erb deleted file mode 100644 index 4839013..0000000 --- a/puppet/modules/apache/templates/mod/http2.conf.erb +++ /dev/null @@ -1,65 +0,0 @@ -# The http2 Apache module configuration file is being -# managed by Puppet and changes will be overwritten. - -<%# Actually >= 2.4.24, but the minor version is not provided -%> -<% if !@h2_copy_files.nil? && scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> -H2CopyFiles <%= scope.call_function('apache::bool2httpd', [@h2_copy_files]) %> -<% end -%> -<% unless @h2_direct.nil? -%> -H2Direct <%= scope.call_function('apache::bool2httpd', [@h2_direct]) %> -<% end -%> -<%# Actually >= 2.4.24, but the minor version is not provided -%> -<% if !@h2_early_hints.nil? && scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> -H2EarlyHints <%= scope.call_function('apache::bool2httpd', [@h2_early_hints]) %> -<% end -%> -<% unless @h2_max_session_streams.nil? -%> -H2MaxSessionStreams <%= @h2_max_session_streams %> -<% end -%> -<% unless @h2_max_worker_idle_seconds.nil? -%> -H2MaxWorkerIdleSeconds <%= @h2_max_worker_idle_seconds %> -<% end -%> -<% unless @h2_max_workers.nil? -%> -H2MaxWorkers <%= @h2_max_workers %> -<% end -%> -<% unless @h2_min_workers.nil? -%> -H2MinWorkers <%= @h2_min_workers %> -<% end -%> -<%# Actually >= 2.4.24, but the minor version is not provided -%> -<% if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> - <%- unless @h2_modern_tls_only.nil? -%> -H2ModernTLSOnly <%= scope.call_function('apache::bool2httpd', [@h2_modern_tls_only]) %> - <%- end -%> - <%- unless @h2_push.nil? -%> -H2Push <%= scope.call_function('apache::bool2httpd', [@h2_push]) %> - <%- end -%> - <%- unless @h2_push_diary_size.nil? -%> -H2PushDiarySize <%= @h2_push_diary_size %> - <%- end -%> - <%- @h2_push_priority.each do |expr| -%> -H2PushPriority <%= expr %> - <%- end -%> - <%- @h2_push_resource.each do |expr| -%> -H2PushResource <%= expr %> - <%- end -%> -<% end -%> -<% unless @h2_serialize_headers.nil? -%> -H2SerializeHeaders <%= scope.call_function('apache::bool2httpd', [@h2_serialize_headers]) %> -<% end -%> -<% unless @h2_stream_max_mem_size.nil? -%> -H2StreamMaxMemSize <%= @h2_stream_max_mem_size %> -<% end -%> -<%# Actually >= 2.4.24, but the minor version is not provided -%> -<% if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> - <%- unless @h2_tls_cool_down_secs.nil? -%> -H2TLSCoolDownSecs <%= @h2_tls_cool_down_secs %> - <%- end -%> - <%- unless @h2_tls_warm_up_size.nil? -%> -H2TLSWarmUpSize <%= @h2_tls_warm_up_size %> - <%- end -%> -<% end -%> -<% unless @h2_upgrade.nil? -%> -H2Upgrade <%= scope.call_function('apache::bool2httpd', [@h2_upgrade]) %> -<% end -%> -<% unless @h2_window_size.nil? -%> -H2WindowSize <%= @h2_window_size %> -<% end -%> diff --git a/puppet/modules/apache/templates/mod/info.conf.erb b/puppet/modules/apache/templates/mod/info.conf.erb deleted file mode 100644 index c661a23..0000000 --- a/puppet/modules/apache/templates/mod/info.conf.erb +++ /dev/null @@ -1,19 +0,0 @@ -> - SetHandler server-info -<%- if @restrict_access -%> - <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> - Require ip <%= Array(@allow_from).join(" ") %> - <%- else -%> - Order deny,allow - Deny from all - <%- if @allow_from and ! @allow_from.empty? -%> - <%- @allow_from.each do |allowed| -%> - Allow from <%= allowed %> - <%- end -%> - <%- else -%> - Allow from 127.0.0.1 - Allow from ::1 - <%- end -%> - <%- end -%> -<%- end -%> - diff --git a/puppet/modules/apache/templates/mod/itk.conf.erb b/puppet/modules/apache/templates/mod/itk.conf.erb deleted file mode 100644 index fe6ef19..0000000 --- a/puppet/modules/apache/templates/mod/itk.conf.erb +++ /dev/null @@ -1,11 +0,0 @@ - - StartServers <%= @startservers %> - MinSpareServers <%= @minspareservers %> - MaxSpareServers <%= @maxspareservers %> - ServerLimit <%= @serverlimit %> - MaxClients <%= @maxclients %> - MaxRequestsPerChild <%= @maxrequestsperchild %> - <%- if (not @enablecapabilities.nil?) && (scope.function_versioncmp([@_apache_version, '2.4']) >= 0) -%> - EnableCapabilities <%= scope.function_bool2httpd([@enablecapabilities]) %> - <%- end -%> - diff --git a/puppet/modules/apache/templates/mod/jk.conf.erb b/puppet/modules/apache/templates/mod/jk.conf.erb deleted file mode 100644 index c0d5bc2..0000000 --- a/puppet/modules/apache/templates/mod/jk.conf.erb +++ /dev/null @@ -1,167 +0,0 @@ -# This file is generated automatically by Puppet - DO NOT EDIT -# Any manual changes will be overwritten - - - <%- if @workers_file -%> - JkWorkersFile <%= @workers_file %> - <%- end -%> - <%- if @worker_property -%> - <%- @worker_property.sort.each do |property,value| -%> - JkWorkerProperty <%= property %>=<%= value %> - <%- end -%> - <%- end -%> - <%- if @shm_path -%> - JkShmFile <%= @shm_path %> - <%- end -%> - <%- if @shm_size -%> - JkShmSize <%= @shm_size %> - <%- end -%> - <%- if @mount_file -%> - JkMountFile <%= @mount_file %> - <%- end -%> - <%- if @mount_file_reload -%> - JkMountFileReload <%= @mount_file_reload %> - <%- end -%> - <%- if @mount -%> - <%- @mount.sort.each do |url_prefix,worker_name| -%> - JkMount <%= url_prefix %> <%= worker_name %> - <%- end -%> - <%- end -%> - <%- if @un_mount -%> - <%- @un_mount.sort.each do |url_prefix,worker_name| -%> - JkUnMount <%= url_prefix %> <%= worker_name %> - <%- end -%> - <%- end -%> - <%- if @auto_alias -%> - JkAutoAlias <%= @auto_alias %> - <%- end -%> - <%- if @mount_copy -%> - JkMountCopy <%= @mount_copy %> - <%- end -%> - <%- if @worker_indicator -%> - JkWorkerIndicator <%= @worker_indicator %> - <%- end -%> - <%- if @watchdog_interval -%> - JkWatchdogInterval <%= @watchdog_interval %> - <%- end -%> - <%- if @log_path -%> - JkLogFile <%= @log_path %> - <%- end -%> - <%- if @log_level -%> - JkLogLevel <%= @log_level %> - <%- end -%> - <%- if @log_stamp_format -%> - JkLogStampFormat <%= @log_stamp_format %> - <%- end -%> - <%- if @request_log_format -%> - JkRequestLogFormat <%= @request_log_format %> - <%- end -%> - <%- if @extract_ssl -%> - JkExtractSSL <%= @extract_ssl %> - <%- end -%> - <%- if @https_indicator -%> - JkHTTPSIndicator <%= @https_indicator %> - <%- end -%> - <%- if @sslprotocol_indicator -%> - JkSSLPROTOCOLIndicator <%= @sslprotocol_indicator %> - <%- end -%> - <%- if @certs_indicator -%> - JkCERTSIndicator <%= @certs_indicator %> - <%- end -%> - <%- if @cipher_indicator -%> - JkCIPHERIndicator <%= @cipher_indicator %> - <%- end -%> - <%- if @certchain_prefix -%> - JkCERTCHAINPrefix <%= @certchain_prefix %> - <%- end -%> - <%- if @session_indicator -%> - JkSESSIONIndicator <%= @session_indicator %> - <%- end -%> - <%- if @keysize_indicator -%> - JkKEYSIZEIndicator <%= @keysize_indicator %> - <%- end -%> - <%- if @local_name_indicator -%> - JkLocalNameIndicator <%= @local_name_indicator %> - <%- end -%> - <%- if @ignore_cl_indicator -%> - JkIgnoreCLIndicator <%= @ignore_cl_indicator %> - <%- end -%> - <%- if @local_addr_indicator -%> - JkLocalAddrIndicator <%= @local_addr_indicator %> - <%- end -%> - <%- if @local_port_indicator -%> - JkLocalPortIndicator <%= @local_port_indicator %> - <%- end -%> - <%- if @remote_host_indicator -%> - JkRemoteHostIndicator <%= @remote_host_indicator %> - <%- end -%> - <%- if @remote_addr_indicator -%> - JkRemoteAddrIndicator <%= @remote_addr_indicator %> - <%- end -%> - <%- if @remote_port_indicator -%> - JkRemotePortIndicator <%= @remote_port_indicator %> - <%- end -%> - <%- if @remote_user_indicator -%> - JkRemoteUserIndicator <%= @remote_user_indicator %> - <%- end -%> - <%- if @auth_type_indicator -%> - JkAuthTypeIndicator <%= @auth_type_indicator %> - <%- end -%> - <%- if @options -%> - <%- @options.sort.each do |fwd_option| -%> - JkOptions <%= fwd_option %> - <%- end -%> - <%- end -%> - <%- if @env_var -%> - <%- @env_var.sort.each do |variable,value| -%> - JkEnvVar <%= variable %><% if not value.empty? -%> value<% end -%> - <%- end -%> - <%- end -%> - <%- if @strip_session -%> - JkStripSession <%= @strip_session %> - <%- end -%> - <%-# -%> - <%-# Global locations for mod_jk are defined in array location_list -%> - <%-# Each array item is a hash with quoted* property name as key -%> - <%-# and value as value itself -%> - <%-# You can define a comment in a special 'comment' key -%> - <%-# -%> - <%-# Example: -%> - <%-# -%> - <%-# # Configures jkstatus -%> - <%-# JkMount status -%> - <%-# Order deny,allow -%> - <%-# Deny from all -%> - <%-# Allow from 127.0.0.1 -%> - <%-# -%> - <%-# -%> - <%-# Is defined as: -%> - <%-# location_list = [ -%> - <%-# { -%> - <%-# 'Location' => '/jkstatus/', -%> - <%-# 'Comment' => 'Configures jkstatus', -%> - <%-# 'JkMount' => 'status', -%> - <%-# 'Order' => 'deny,allow', -%> - <%-# 'Deny from' => 'all', -%> - <%-# 'Allow from' => '127.0.0.1', -%> - <%-# }, -%> - <%-# ] -%> - <%-# * Keys must be quoted to allow arbitrary case and/or multi-word keys -%> - <%-# (BTW, note the case of 'Location' and 'Comment' keys) -%> - <%-# -%> - <%- if @location_list -%> - <%- @location_list.each do |location_tag| -%> - - > - <%- if location_tag.has_key?('Comment') -%> - # <%= location_tag['Comment'] %> - <%- end -%> - <%- location_tag.each do |property,value| -%> - <%- if property != 'Comment' and property != 'Location' -%> - <%= property %> <%= value %> - <%- end -%> - <%- end -%> - - <%- end -%> - <%- end -%> - diff --git a/puppet/modules/apache/templates/mod/jk/uriworkermap.properties.erb b/puppet/modules/apache/templates/mod/jk/uriworkermap.properties.erb deleted file mode 100644 index 4d9eac0..0000000 --- a/puppet/modules/apache/templates/mod/jk/uriworkermap.properties.erb +++ /dev/null @@ -1,40 +0,0 @@ -# This file is generated automatically by Puppet - DO NOT EDIT -# Any manual changes will be overwritten -<%# -%> -<%# mount_file_content should be a hash which keys are workers names -%> -<%# and values are new hashes with two items: -%> -<%# uri_list - Array with URIs to be mapped to worker -%> -<%# comment - Optional comment line -%> -<%# -%> -<%# Example: -%> -<%# # Worker 1 -%> -<%# /context_1/ = worker_1 -%> -<%# /context_1/* = worker_1 -%> -<%# -%> -<%# # Worker 2 -%> -<%# / = worker_2 -%> -<%# /context_2/ = worker_2 -%> -<%# /context_2/* = worker_2 -%> -<%# -%> -<%# should be parameterized as: -%> -<%# $mount_file_content = { -%> -<%# worker_1 => { -%> -<%# uri_list => ['/context_1/', '/context_1/*'], -%> -<%# comment => 'Worker 1', -%> -<%# }, -%> -<%# worker_2 => { -%> -<%# uri_list => ['/context_2/', '/context_2/*'], -%> -<%# comment => 'Worker 2', -%> -<%# }, -%> -<%# }, -%> -<%# -%> -<% @mount_file_content.sort.each do |worker,directives| -%> - -<%# Places comment before worker mappings -%> -<% if directives.has_key?('comment') -%> -# <%= directives['comment'] %> -<% end -%> -<% directives['uri_list'].sort.each do |uri| -%> -<%= uri %> = <%= worker %> -<% end -%> -<% end -%> diff --git a/puppet/modules/apache/templates/mod/jk/workers.properties.erb b/puppet/modules/apache/templates/mod/jk/workers.properties.erb deleted file mode 100644 index 8292f3d..0000000 --- a/puppet/modules/apache/templates/mod/jk/workers.properties.erb +++ /dev/null @@ -1,62 +0,0 @@ -# This file is generated automatically by Puppet - DO NOT EDIT -# Any manual changes will be overwritten -<%# -%> -<%# workers_file_content should be a hash which keys are workers names -%> -<%# and values are new hashes with properties and values -%> -<%# Two keys are special (and reserved!): -%> -<%# worker_lists - Array of comma-separated worker names lists -%> -<%# Each list is an item of the array and will be placed in one line -%> -<%# worker_maintain - Numeric string -%> -<%# -%> -<%# Example: -%> -<%# worker.list = status -%> -<%# worker.list = some_name,other_name -%> -<%# worker.maintain = 60 -%> -<%# # Optional comment -%> -<%# worker.some_name.type=ajp13 -%> -<%# worker.some_name.socket_keepalive=true -%> -<%# # I just like comments -%> -<%# worker.other_name.type=ajp12 (why would you?) -%> -<%# worker.other_name.socket_keepalive=false -%> -<%# -%> -<%# should be parameterized as: -%> -<%# $workers_file_content = { -%> -<%# worker_lists => ['status', 'some_name,other_name'], -%> -<%# worker_maintain => '60', -%> -<%# some_name => { -%> -<%# type => 'ajp13', -%> -<%# socket_keepalive => 'true', -%> -<%# comment => 'Optional comment', -%> -<%# }, -%> -<%# other_name => { -%> -<%# type => 'ajp12', -%> -<%# socket_keepalive => 'false', -%> -<%# comment => 'I just like comments', -%> -<%# }, -%> -<%# }, -%> -<%# -%> -<% if @workers_file_content.has_key?('worker_lists') -%> - -<% @workers_file_content['worker_lists'].sort.each do |list| -%> -worker.list = <%= list %> -<% end -%> -<% end -%> -<% if @workers_file_content.has_key?('worker_maintain') -%> - -worker.maintain = <%= @workers_file_content['worker_maintain'] %> -<% end -%> -<% @workers_file_content.sort.each do |name,directives| -%> -<%# Skip hash items with the reserved keys -%> -<% if not ['worker_lists', 'worker_maintain'].include?(name) -%> - -<%# Places comment before worker directives -%> -<% if directives.has_key?('comment') -%> -# <%= directives['comment'] %> -<% end -%> -<% directives.sort.each do |property,value| -%> -<% if property != 'comment' -%> -worker.<%= name %>.<%= property %>=<%= value %> -<% end -%> -<% end -%> -<% end -%> -<% end -%> diff --git a/puppet/modules/apache/templates/mod/ldap.conf.erb b/puppet/modules/apache/templates/mod/ldap.conf.erb deleted file mode 100644 index d0a11b6..0000000 --- a/puppet/modules/apache/templates/mod/ldap.conf.erb +++ /dev/null @@ -1,32 +0,0 @@ - - SetHandler ldap-status - <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> - Require ip 127.0.0.1 ::1 - <%- else -%> - Order deny,allow - Deny from all - Allow from 127.0.0.1 ::1 - Satisfy all - <%- end -%> - -<% if @ldap_trusted_global_cert_file -%> -LDAPTrustedGlobalCert <%= @ldap_trusted_global_cert_type %> <%= @ldap_trusted_global_cert_file %> -<% end -%> -<% if @ldap_trusted_mode -%> -LDAPTrustedMode <%= @ldap_trusted_mode %> -<% end -%> -<%- if @ldap_shared_cache_size -%> -LDAPSharedCacheSize <%= @ldap_shared_cache_size %> -<%- end -%> -<%- if @ldap_cache_entries -%> -LDAPCacheEntries <%= @ldap_cache_entries %> -<%- end -%> -<%- if @ldap_cache_ttl -%> -LDAPCacheTTL <%= @ldap_cache_ttl %> -<%- end -%> -<%- if @ldap_opcache_entries -%> -LDAPOpCacheEntries <%= @ldap_opcache_entries %> -<%- end -%> -<%- if @ldap_opcache_ttl -%> -LDAPOpCacheTTL <%= @ldap_opcache_ttl %> -<%- end -%> diff --git a/puppet/modules/apache/templates/mod/load.erb b/puppet/modules/apache/templates/mod/load.erb deleted file mode 100644 index 51f45ed..0000000 --- a/puppet/modules/apache/templates/mod/load.erb +++ /dev/null @@ -1,7 +0,0 @@ -<% if @loadfiles -%> -<% Array(@loadfiles).each do |loadfile| -%> -LoadFile <%= loadfile %> -<% end -%> - -<% end -%> -LoadModule <%= @_id %> <%= @_path %> diff --git a/puppet/modules/apache/templates/mod/mime.conf.erb b/puppet/modules/apache/templates/mod/mime.conf.erb deleted file mode 100644 index 46d021c..0000000 --- a/puppet/modules/apache/templates/mod/mime.conf.erb +++ /dev/null @@ -1,38 +0,0 @@ -TypesConfig <%= @mime_types_config %> - -AddType application/x-compress .Z -AddType application/x-gzip .gz .tgz -AddType application/x-bzip2 .bz2 - -AddLanguage ca .ca -AddLanguage cs .cz .cs -AddLanguage da .dk -AddLanguage de .de -AddLanguage el .el -AddLanguage en .en -AddLanguage eo .eo -AddLanguage es .es -AddLanguage et .et -AddLanguage fr .fr -AddLanguage he .he -AddLanguage hr .hr -AddLanguage it .it -AddLanguage ja .ja -AddLanguage ko .ko -AddLanguage ltz .ltz -AddLanguage nl .nl -AddLanguage nn .nn -AddLanguage no .no -AddLanguage pl .po -AddLanguage pt .pt -AddLanguage pt-BR .pt-br -AddLanguage ru .ru -AddLanguage sv .sv -AddLanguage zh-CN .zh-cn -AddLanguage zh-TW .zh-tw - -<%- @_mime_types_additional.sort.each do |add_mime, config| -%> - <%- config.each do |type, extension| %> -<%= add_mime %> <%= type %> <%= extension%> - <%- end -%> -<% end %> diff --git a/puppet/modules/apache/templates/mod/mime_magic.conf.erb b/puppet/modules/apache/templates/mod/mime_magic.conf.erb deleted file mode 100644 index cbc173d..0000000 --- a/puppet/modules/apache/templates/mod/mime_magic.conf.erb +++ /dev/null @@ -1 +0,0 @@ -MIMEMagicFile "<%= @_magic_file %>" diff --git a/puppet/modules/apache/templates/mod/mpm_event.conf.erb b/puppet/modules/apache/templates/mod/mpm_event.conf.erb deleted file mode 100644 index eb6f1ff..0000000 --- a/puppet/modules/apache/templates/mod/mpm_event.conf.erb +++ /dev/null @@ -1,9 +0,0 @@ - - StartServers 2 - MinSpareThreads 25 - MaxSpareThreads 75 - ThreadLimit 64 - ThreadsPerChild 25 - MaxClients 150 - MaxRequestsPerChild 0 - diff --git a/puppet/modules/apache/templates/mod/negotiation.conf.erb b/puppet/modules/apache/templates/mod/negotiation.conf.erb deleted file mode 100644 index 2fb4700..0000000 --- a/puppet/modules/apache/templates/mod/negotiation.conf.erb +++ /dev/null @@ -1,2 +0,0 @@ -LanguagePriority <%= Array(@language_priority).join(' ') %> -ForceLanguagePriority <%= Array(@force_language_priority).join(' ') %> diff --git a/puppet/modules/apache/templates/mod/nss.conf.erb b/puppet/modules/apache/templates/mod/nss.conf.erb deleted file mode 100644 index 36f83d8..0000000 --- a/puppet/modules/apache/templates/mod/nss.conf.erb +++ /dev/null @@ -1,228 +0,0 @@ -# -# This is the Apache server configuration file providing SSL support using. -# the mod_nss plugin. It contains the configuration directives to instruct -# the server how to serve pages over an https connection. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# - -#LoadModule nss_module modules/libmodnss.so - -# -# When we also provide SSL we have to listen to the -# standard HTTP port (see above) and to the HTTPS port -# -# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two -# Listen directives: "Listen [::]:8443" and "Listen 0.0.0.0:443" -# -Listen <%= @port %> - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# -# Some MIME-types for downloading Certificates and CRLs -# -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -<% if @passwd_file -%> -NSSPassPhraseDialog "file:<%= @passwd_file %>" -<% else -%> -NSSPassPhraseDialog builtin -<% end -%> - -# Pass Phrase Helper: -# This helper program stores the token password pins between -# restarts of Apache. -NSSPassPhraseHelper /usr/sbin/nss_pcache - -# Configure the SSL Session Cache. -# NSSSessionCacheSize is the number of entries in the cache. -# NSSSessionCacheTimeout is the SSL2 session timeout (in seconds). -# NSSSession3CacheTimeout is the SSL3/TLS session timeout (in seconds). -NSSSessionCacheSize 10000 -NSSSessionCacheTimeout 100 -NSSSession3CacheTimeout 86400 - -# -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the SSL library. -# The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. Those platforms usually also provide a non-blocking -# device, /dev/urandom, which may be used instead. -# -# This does not support seeding the RNG with each connection. - -NSSRandomSeed startup builtin -#NSSRandomSeed startup file:/dev/random 512 -#NSSRandomSeed startup file:/dev/urandom 512 - -# -# TLS Negotiation configuration under RFC 5746 -# -# Only renegotiate if the peer's hello bears the TLS renegotiation_info -# extension. Default off. -NSSRenegotiation off - -# Peer must send Signaling Cipher Suite Value (SCSV) or -# Renegotiation Info (RI) extension in ALL handshakes. Default: off -NSSRequireSafeNegotiation off - -## -## SSL Virtual Host Context -## - -> - -# General setup for the virtual host -#DocumentRoot "/etc/httpd/htdocs" -#ServerName www.example.com:8443 -#ServerAdmin you@example.com - -# mod_nss can log to separate log files, you can choose to do that if you'd like -# LogLevel is not inherited from httpd.conf. -ErrorLog "<%= @error_log %>" -TransferLog "<%= @transfer_log %>" -LogLevel warn - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -NSSEngine on - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_nss documentation for a complete list. - -# SSL 3 ciphers. SSL 2 is disabled by default. -NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha - -# SSL 3 ciphers + ECC ciphers. SSL 2 is disabled by default. -# -# Comment out the NSSCipherSuite line above and use the one below if you have -# ECC enabled NSS and mod_nss and want to use Elliptical Curve Cryptography -#NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,+ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,+ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,+ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha - -# SSL Protocol: -# Cryptographic protocols that provide communication security. -# NSS handles the specified protocols as "ranges", and automatically -# negotiates the use of the strongest protocol for a connection starting -# with the maximum specified protocol and downgrading as necessary to the -# minimum specified protocol that can be used between two processes. -# Since all protocol ranges are completely inclusive, and no protocol in the -# middle of a range may be excluded, the entry "NSSProtocol TLSv1.0,TLSv1.2" -# is identical to the entry "NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2". -NSSProtocol TLSv1.0,TLSv1.1 - -# SSL Certificate Nickname: -# The nickname of the RSA server certificate you are going to use. -NSSNickname Server-Cert - -# SSL Certificate Nickname: -# The nickname of the ECC server certificate you are going to use, if you -# have an ECC-enabled version of NSS and mod_nss -#NSSECCNickname Server-Cert-ecc - -# Server Certificate Database: -# The NSS security database directory that holds the certificates and -# keys. The database consists of 3 files: cert8.db, key3.db and secmod.db. -# Provide the directory that these files exist. -NSSCertificateDatabase "<%= @httpd_dir -%>/alias" - -# Database Prefix: -# In order to be able to store multiple NSS databases in one directory -# they need unique names. This option sets the database prefix used for -# cert8.db and key3.db. -#NSSDBPrefix my-prefix- - -# Client Authentication (Type): -# Client certificate verification type. Types are none, optional and -# require. -#NSSVerifyClient none - -# -# Online Certificate Status Protocol (OCSP). -# Verify that certificates have not been revoked before accepting them. -#NSSOCSP off - -# -# Use a default OCSP responder. If enabled this will be used regardless -# of whether one is included in a client certificate. Note that the -# server certificate is verified during startup. -# -# NSSOCSPDefaultURL defines the service URL of the OCSP responder -# NSSOCSPDefaultName is the nickname of the certificate to trust to -# sign the OCSP responses. -#NSSOCSPDefaultResponder on -#NSSOCSPDefaultURL http://example.com/ocsp/status -#NSSOCSPDefaultName ocsp-nickname - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_nss documentation -# for more details. -# -#NSSRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -# - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o StrictRequire: -# This denies access when "NSSRequireSSL" or "NSSRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#NSSOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire - - NSSOptions +StdEnvVars - - - NSSOptions +StdEnvVars - - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -#CustomLog /home/rcrit/redhat/apache/logs/ssl_request_log \ -# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - - - diff --git a/puppet/modules/apache/templates/mod/pagespeed.conf.erb b/puppet/modules/apache/templates/mod/pagespeed.conf.erb deleted file mode 100644 index 56e72fe..0000000 --- a/puppet/modules/apache/templates/mod/pagespeed.conf.erb +++ /dev/null @@ -1,102 +0,0 @@ -ModPagespeed on - -ModPagespeedInheritVHostConfig <%= @inherit_vhost_config %> -AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html -<% if @filter_xhtml -%> -AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER application/xhtml+xml -<% end -%> -ModPagespeedFileCachePath "<%= @cache_path %>" -ModPagespeedLogDir "<%= @log_dir %>" - -<% @memcache_servers.each do |server| -%> -ModPagespeedMemcachedServers <%= server %> -<% end -%> - -ModPagespeedRewriteLevel <%= @rewrite_level -%> - -<% @disable_filters.each do |filter| -%> -ModPagespeedDisableFilters <%= filter %> -<% end -%> - -<% @enable_filters.each do |filter| -%> -ModPagespeedEnableFilters <%= filter %> -<% end -%> - -<% @forbid_filters.each do |filter| -%> -ModPagespeedForbidFilters <%= filter %> -<% end -%> - -ModPagespeedRewriteDeadlinePerFlushMs <%= @rewrite_deadline_per_flush_ms %> - -<% if @additional_domains -%> -ModPagespeedDomain <%= @additional_domains -%> -<% end -%> - -ModPagespeedFileCacheSizeKb <%= @file_cache_size_kb %> -ModPagespeedFileCacheCleanIntervalMs <%= @file_cache_clean_interval_ms %> -ModPagespeedLRUCacheKbPerProcess <%= @lru_cache_per_process %> -ModPagespeedLRUCacheByteLimit <%= @lru_cache_byte_limit %> -ModPagespeedCssFlattenMaxBytes <%= @css_flatten_max_bytes %> -ModPagespeedCssInlineMaxBytes <%= @css_inline_max_bytes %> -ModPagespeedCssImageInlineMaxBytes <%= @css_image_inline_max_bytes %> -ModPagespeedImageInlineMaxBytes <%= @image_inline_max_bytes %> -ModPagespeedJsInlineMaxBytes <%= @js_inline_max_bytes %> -ModPagespeedCssOutlineMinBytes <%= @css_outline_min_bytes %> -ModPagespeedJsOutlineMinBytes <%= @js_outline_min_bytes %> - - -ModPagespeedFileCacheInodeLimit <%= @inode_limit %> -ModPagespeedImageMaxRewritesAtOnce <%= @image_max_rewrites_at_once %> - -ModPagespeedNumRewriteThreads <%= @num_rewrite_threads %> -ModPagespeedNumExpensiveRewriteThreads <%= @num_expensive_rewrite_threads %> - -ModPagespeedStatistics <%= @collect_statistics %> - - - # You may insert other "Allow from" lines to add hosts you want to - # allow to look at generated statistics. Another possibility is - # to comment out the "Order" and "Allow" options from the config - # file, to allow any client that can reach your server to examine - # statistics. This might be appropriate in an experimental setup or - # if the Apache server is protected by a reverse proxy that will - # filter URLs in some fashion. - <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> - Require ip 127.0.0.1 ::1 <%= Array(@allow_view_stats).join(" ") %> - <%- else -%> - Order allow,deny - Allow from 127.0.0.1 ::1 <%= Array(@allow_view_stats).join(" ") %> - <%- end -%> - SetHandler mod_pagespeed_statistics - - -ModPagespeedStatisticsLogging <%= @statistics_logging %> - - <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> - Require ip 127.0.0.1 ::1 <%= Array(@allow_pagespeed_console).join(" ") %> - <%- else -%> - Order allow,deny - Allow from 127.0.0.1 ::1 <%= Array(@allow_pagespeed_console).join(" ") %> - <%- end -%> - SetHandler pagespeed_console - - -ModPagespeedMessageBufferSize <%= @message_buffer_size %> - - - <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> - Require ip 127.0.0.1 ::1 <%= Array(@allow_pagespeed_message).join(" ") %> - <%- else -%> - Order allow,deny - Allow from 127.0.0.1 ::1 <%= Array(@allow_pagespeed_message).join(" ") %> - <%- end -%> - SetHandler mod_pagespeed_message - - -<% if @additional_configuration.is_a? Array -%> -<%= @additional_configuration.join("\n") %> -<% else -%> -<% @additional_configuration.each_pair do |key, value| -%> -<%= key %> <%= value %> -<% end -%> -<% end -%> diff --git a/puppet/modules/apache/templates/mod/passenger.conf.erb b/puppet/modules/apache/templates/mod/passenger.conf.erb deleted file mode 100644 index 11da330..0000000 --- a/puppet/modules/apache/templates/mod/passenger.conf.erb +++ /dev/null @@ -1,244 +0,0 @@ -# The Passenger Apache module configuration file is being -# managed by Puppet and changes will be overwritten. - - <%- if @passenger_allow_encoded_slashes -%> - PassengerAllowEncodedSlashes <%= @passenger_allow_encoded_slashes %> - <%- end -%> - <%- if @passenger_app_env -%> - PassengerAppEnv <%= @passenger_app_env %> - <%- end -%> - <%- if @passenger_app_group_name -%> - PassengerAppGroupName <%= @passenger_app_group_name %> - <%- end -%> - <%- if @passenger_app_root -%> - PassengerAppRoot "<%= @passenger_app_root %>" - <%- end -%> - <%- if @passenger_app_type -%> - PassengerAppType <%= @passenger_app_type %> - <%- end -%> - <%- if @passenger_base_uri -%> - PassengerBaseURI <%= @passenger_base_uri %> - <%- end -%> - <%- if @passenger_buffer_response -%> - PassengerBufferResponse <%= @passenger_buffer_response %> - <%- end -%> - <%- if @passenger_buffer_upload -%> - PassengerBufferUpload <%= @passenger_buffer_upload %> - <%- end -%> - <%- if @passenger_concurrency_model -%> - PassengerConcurrencyModel <%= @passenger_concurrency_model %> - <%- end -%> - <%- if @passenger_data_buffer_dir -%> - PassengerDataBufferDir "<%= @passenger_data_buffer_dir %>" - <%- end -%> - <%- if @passenger_debug_log_file -%> - PassengerDebugLogFile <%= @passenger_debug_log_file %> - <%- end -%> - <%- if @passenger_debugger -%> - PassengerDebugger <%= @passenger_debugger %> - <%- end -%> - <%- if @passenger_default_group -%> - PassengerDefaultGroup <%= @passenger_default_group %> - <%- end -%> - <%- if @passenger_default_ruby -%> - PassengerDefaultRuby "<%= @passenger_default_ruby %>" - <%- end -%> - <%- if @passenger_default_user -%> - PassengerDefaultUser <%= @passenger_default_user %> - <%- end -%> - <%- if @passenger_disable_security_update_check -%> - PassengerDisableSecurityUpdateCheck <%= @passenger_disable_security_update_check %> - <%- end -%> - <%- if @passenger_enabled -%> - PassengerEnabled <%= @passenger_enabled %> - <%- end -%> - <%- if @passenger_error_override -%> - PassengerErrorOverride <%= @passenger_error_override %> - <%- end -%> - <%- if @passenger_file_descriptor_log_file -%> - PassengerFileDescriptorLogFile "<%= @passenger_file_descriptor_log_file %>" - <%- end -%> - <%- if @passenger_fly_with -%> - PassengerFlyWith "<%= @passenger_fly_with %>" - <%- end -%> - <%- if @passenger_force_max_concurrent_requests_per_process -%> - PassengerForceMaxConcurrentRequestsPerProcess <%= @passenger_force_max_concurrent_requests_per_process %> - <%- end -%> - <%- if @passenger_friendly_error_pages -%> - PassengerFriendlyErrorPages <%= @passenger_friendly_error_pages %> - <%- end -%> - <%- if @passenger_group -%> - PassengerGroup <%= @passenger_group %> - <%- end -%> - <%- if @passenger_high_performance -%> - PassengerHighPerformance <%= @passenger_high_performance %> - <%- end -%> - <%- if @passenger_instance_registry_dir -%> - PassengerInstanceRegistryDir "<%= @passenger_instance_registry_dir %>" - <%- end -%> - <%- if @passenger_load_shell_envvars -%> - PassengerLoadShellEnvvars <%= @passenger_load_shell_envvars %> - <%- end -%> - <%- if @passenger_log_file -%> - PassengerLogFile "<%= @passenger_log_file %>" - <%- end -%> - <%- if @passenger_log_level -%> - PassengerLogLevel <%= @passenger_log_level %> - <%- end -%> - <%- if @passenger_lve_min_uid -%> - PassengerLveMinUid <%= @passenger_lve_min_uid %> - <%- end -%> - <%- if @passenger_max_instances -%> - PassengerMaxInstances <%= @passenger_max_instances %> - <%- end -%> - <%- if @passenger_max_instances_per_app -%> - PassengerMaxInstancesPerApp <%= @passenger_max_instances_per_app %> - <%- end -%> - <%- if @passenger_max_pool_size -%> - PassengerMaxPoolSize <%= @passenger_max_pool_size %> - <%- end -%> - <%- if @passenger_max_preloader_idle_time -%> - PassengerMaxPreloaderIdleTime <%= @passenger_max_preloader_idle_time %> - <%- end -%> - <%- if @passenger_max_request_queue_size -%> - PassengerMaxRequestQueueSize <%= @passenger_max_request_queue_size %> - <%- end -%> - <%- if @passenger_max_request_time -%> - PassengerMaxRequestTime <%= @passenger_max_request_time %> - <%- end -%> - <%- if @passenger_max_requests -%> - PassengerMaxRequests <%= @passenger_max_requests %> - <%- end -%> - <%- if @passenger_memory_limit -%> - PassengerMemoryLimit <%= @passenger_memory_limit %> - <%- end -%> - <%- if @passenger_meteor_app_settings -%> - PassengerMeteorAppSettings "<%= @passenger_meteor_app_settings %>" - <%- end -%> - <%- if @passenger_min_instances -%> - PassengerMinInstances <%= @passenger_min_instances %> - <%- end -%> - <%- if @passenger_nodejs -%> - PassengerNodejs "<%= @passenger_nodejs %>" - <%- end -%> - <%- if @passenger_pool_idle_time -%> - PassengerPoolIdleTime <%= @passenger_pool_idle_time %> - <%- end -%> - <%- if @passenger_pre_start -%> - <%- [@passenger_pre_start].flatten.compact.each do |passenger_pre_start| -%> - PassengerPreStart <%= passenger_pre_start %> - <%- end -%> - <%- end -%> - <%- if @passenger_python -%> - PassengerPython "<%= @passenger_python %>" - <%- end -%> - <%- if @passenger_resist_deployment_errors -%> - PassengerResistDeploymentErrors <%= @passenger_resist_deployment_errors %> - <%- end -%> - <%- if @passenger_resolve_symlinks_in_document_root -%> - PassengerResolveSymlinksInDocumentRoot <%= @passenger_resolve_symlinks_in_document_root %> - <%- end -%> - <%- if @passenger_response_buffer_high_watermark -%> - PassengerResponseBufferHighWatermark <%= @passenger_response_buffer_high_watermark %> - <%- end -%> - <%- if @passenger_restart_dir -%> - PassengerRestartDir "<%= @passenger_restart_dir %>" - <%- end -%> - <%- if @passenger_rolling_restarts -%> - PassengerRollingRestarts <%= @passenger_rolling_restarts %> - <%- end -%> - <%- if @passenger_root -%> - PassengerRoot "<%= @passenger_root %>" - <%- end -%> - <%- if @passenger_ruby -%> - PassengerRuby "<%= @passenger_ruby %>" - <%- end -%> - <%- if @passenger_security_update_check_proxy -%> - PassengerSecurityUpdateCheckProxy <%= @passenger_security_update_check_proxy %> - <%- end -%> - <%- if @passenger_show_version_in_header -%> - PassengerShowVersionInHeader <%= @passenger_show_version_in_header %> - <%- end -%> - <%- if @passenger_socket_backlog -%> - PassengerSocketBacklog <%= @passenger_socket_backlog %> - <%- end -%> - <%- if @passenger_spawn_method -%> - PassengerSpawnMethod <%= @passenger_spawn_method %> - <%- end -%> - <%- if @passenger_start_timeout -%> - PassengerStartTimeout <%= @passenger_start_timeout %> - <%- end -%> - <%- if @passenger_startup_file -%> - PassengerStartupFile "<%= @passenger_startup_file %>" - <%- end -%> - <%- if @passenger_stat_throttle_rate -%> - PassengerStatThrottleRate <%= @passenger_stat_throttle_rate %> - <%- end -%> - <%- if @passenger_sticky_sessions -%> - PassengerStickySessions <%= @passenger_sticky_sessions %> - <%- end -%> - <%- if @passenger_sticky_sessions_cookie_name -%> - PassengerStickySessionsCookieName <%= @passenger_sticky_sessions_cookie_name %> - <%- end -%> - <%- if @passenger_thread_count -%> - PassengerThreadCount <%= @passenger_thread_count %> - <%- end -%> - <%- if @passenger_use_global_queue -%> - PassengerUseGlobalQueue <%= @passenger_use_global_queue %> - <%- end -%> - <%- if @passenger_user -%> - PassengerUser <%= @passenger_user %> - <%- end -%> - <%- if @passenger_user_switching -%> - PassengerUserSwitching <%= @passenger_user_switching %> - <%- end -%> - <%- if @rack_auto_detect -%> - RackAutoDetect <%= @rack_auto_detect %> - <%- end -%> - <%- if @rack_base_uri -%> - RackBaseURI <%= @rack_base_uri %> - <%- end -%> - <%- if @rack_env -%> - RackEnv <%= @rack_env %> - <%- end -%> - <%- if @rails_allow_mod_rewrite -%> - RailsAllowModRewrite <%= @rails_allow_mod_rewrite %> - <%- end -%> - <%- if @rails_app_spawner_idle_time -%> - RailsAppSpawnerIdleTime <%= @rails_app_spawner_idle_time %> - <%- end -%> - <%- if @rails_auto_detect -%> - RailsAutoDetect <%= @rails_auto_detect %> - <%- end -%> - <%- if @rails_base_uri -%> - RailsBaseURI <%= @rails_base_uri %> - <%- end -%> - <%- if @rails_default_user -%> - RailsDefaultUser <%= @rails_default_user %> - <%- end -%> - <%- if @rails_env -%> - RailsEnv <%= @rails_env %> - <%- end -%> - <%- if @rails_framework_spawner_idle_time -%> - RailsFrameworkSpawnerIdleTime <%= @rails_framework_spawner_idle_time %> - <%- end -%> - <%- if @rails_ruby -%> - RailsRuby <%= @rails_ruby %> - <%- end -%> - <%- if @rails_spawn_method -%> - RailsSpawnMethod <%= @rails_spawn_method %> - <%- end -%> - <%- if @rails_user_switching -%> - RailsUserSwitching <%= @rails_user_switching %> - <%- end -%> - <%- if @wsgi_auto_detect -%> - WsgiAutoDetect <%= @wsgi_auto_detect %> - <%- end -%> - <%- if @rails_autodetect -%> - RailsAutoDetect <%= @rails_autodetect %> - <%- end -%> - <%- if @rack_autodetect -%> - RackAutoDetect <%= @rack_autodetect %> - <%- end -%> - - diff --git a/puppet/modules/apache/templates/mod/peruser.conf.erb b/puppet/modules/apache/templates/mod/peruser.conf.erb deleted file mode 100644 index 13c8d70..0000000 --- a/puppet/modules/apache/templates/mod/peruser.conf.erb +++ /dev/null @@ -1,12 +0,0 @@ - - MinSpareProcessors <%= @minspareprocessors %> - MinProcessors <%= @minprocessors %> - MaxProcessors <%= @maxprocessors %> - MaxClients <%= @maxclients %> - MaxRequestsPerChild <%= @maxrequestsperchild %> - IdleTimeout <%= @idletimeout %> - ExpireTimeout <%= @expiretimeout %> - KeepAlive <%= @keepalive %> - Include "<%= @mod_dir %>/peruser/multiplexers/*.conf" - Include "<%= @mod_dir %>/peruser/processors/*.conf" - diff --git a/puppet/modules/apache/templates/mod/php.conf.erb b/puppet/modules/apache/templates/mod/php.conf.erb deleted file mode 100644 index 9e684fe..0000000 --- a/puppet/modules/apache/templates/mod/php.conf.erb +++ /dev/null @@ -1,23 +0,0 @@ -# -# PHP is an HTML-embedded scripting language which attempts to make it -# easy for developers to write dynamically generated webpages. -# - -# -# Cause the PHP interpreter to handle files with a .php extension. -# -)$"> - SetHandler application/x-httpd-php - - -# -# Add index.php to the list of files that will be served as directory -# indexes. -# -DirectoryIndex index.php - -# -# Uncomment the following line to allow PHP to pretty-print .phps -# files as PHP source code: -# -#AddType application/x-httpd-php-source .phps diff --git a/puppet/modules/apache/templates/mod/prefork.conf.erb b/puppet/modules/apache/templates/mod/prefork.conf.erb deleted file mode 100644 index 01f0b84..0000000 --- a/puppet/modules/apache/templates/mod/prefork.conf.erb +++ /dev/null @@ -1,17 +0,0 @@ - - StartServers <%= @startservers %> - MinSpareServers <%= @minspareservers %> - MaxSpareServers <%= @maxspareservers %> - ServerLimit <%= @serverlimit %> - <%- if @maxrequestworkers -%> - MaxRequestWorkers <%= @maxrequestworkers %> - <%- elsif @maxclients -%> - MaxClients <%= @maxclients %> - <%- end -%> - <%- if @maxconnectionsperchild -%> - MaxConnectionsPerChild <%= @maxconnectionsperchild %> - <%- elsif @maxrequestsperchild -%> - MaxRequestsPerChild <%= @maxrequestsperchild %> - <%- end -%> - ListenBacklog <%= @listenbacklog %> - diff --git a/puppet/modules/apache/templates/mod/proxy.conf.erb b/puppet/modules/apache/templates/mod/proxy.conf.erb deleted file mode 100644 index f3114fd..0000000 --- a/puppet/modules/apache/templates/mod/proxy.conf.erb +++ /dev/null @@ -1,29 +0,0 @@ -# -# Proxy Server directives. Uncomment the following lines to -# enable the proxy server: -# - - # Do not enable proxying with ProxyRequests until you have secured your - # server. Open proxy servers are dangerous both to your network and to the - # Internet at large. - ProxyRequests <%= @proxy_requests %> - - <% if @proxy_requests != 'Off' or ( @allow_from and ! @allow_from.empty? ) -%> - - <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> - Require ip <%= Array(@allow_from).join(" ") %> - <%- else -%> - Order deny,allow - Deny from all - Allow from <%= Array(@allow_from).join(" ") %> - <%- end -%> - - <% end -%> - - # Enable/disable the handling of HTTP/1.1 "Via:" headers. - # ("Full" adds the server version; "Block" removes all outgoing Via: headers) - # Set to one of: Off | On | Full | Block - ProxyVia <%= @proxy_via %> - - ProxyTimeout <%= @proxy_timeout %> - diff --git a/puppet/modules/apache/templates/mod/proxy_balancer.conf.erb b/puppet/modules/apache/templates/mod/proxy_balancer.conf.erb deleted file mode 100644 index c1f37be..0000000 --- a/puppet/modules/apache/templates/mod/proxy_balancer.conf.erb +++ /dev/null @@ -1,10 +0,0 @@ -> - SetHandler balancer-manager - <%- if scope.function_versioncmp([@apache_version, '2.4']) >= 0 -%> - Require ip <%= Array(@allow_from).join(" ") %> - <%- else -%> - Order deny,allow - Deny from all - Allow from <%= Array(@allow_from).join(" ") %> - <%- end -%> - diff --git a/puppet/modules/apache/templates/mod/proxy_html.conf.erb b/puppet/modules/apache/templates/mod/proxy_html.conf.erb deleted file mode 100644 index 3cb8eca..0000000 --- a/puppet/modules/apache/templates/mod/proxy_html.conf.erb +++ /dev/null @@ -1,20 +0,0 @@ -ProxyHTMLLinks a href -ProxyHTMLLinks area href -ProxyHTMLLinks link href -ProxyHTMLLinks img src longdesc usemap -ProxyHTMLLinks object classid codebase data usemap -ProxyHTMLLinks q cite -ProxyHTMLLinks blockquote cite -ProxyHTMLLinks ins cite -ProxyHTMLLinks del cite -ProxyHTMLLinks form action -ProxyHTMLLinks input src usemap -ProxyHTMLLinks head profile -ProxyHTMLLinks base href -ProxyHTMLLinks script src for -ProxyHTMLLinks meta content - -ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \ - onmouseover onmousemove onmouseout onkeypress \ - onkeydown onkeyup onfocus onblur onload \ - onunload onsubmit onreset onselect onchange diff --git a/puppet/modules/apache/templates/mod/remoteip.conf.epp b/puppet/modules/apache/templates/mod/remoteip.conf.epp deleted file mode 100644 index e15c674..0000000 --- a/puppet/modules/apache/templates/mod/remoteip.conf.epp +++ /dev/null @@ -1,51 +0,0 @@ -<%- | - String $header, - Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]] $internal_proxy = undef, - Optional[Stdlib::Absolutepath] $internal_proxy_list = undef, - Optional[String] $proxies_header = undef, - Boolean $proxy_protocol = undef, - Optional[Array[Stdlib::IP::Address]] $proxy_protocol_exceptions = undef, - Optional[Array[Stdlib::IP::Address]] $trusted_proxy = undef, - Optional[Stdlib::Absolutepath] $trusted_proxy_list = undef, -| -%> -# Declare the header field which should be parsed for useragent IP addresses -RemoteIPHeader <%= $header %> - -<%- if $internal_proxy { -%> -# Declare client intranet IP addresses trusted to present -# the RemoteIPHeader value -<%- [$internal_proxy].flatten.each |$proxy| { -%> -RemoteIPInternalProxy <%= $proxy %> -<%- } -%> -<%- } -%> - -<%- if $internal_proxy_list { -%> -RemoteIPInternalProxyList <%= $internal_proxy_list %> -<%- } -%> - -<%- if $proxies_header { -%> -# Declare the header field which will record all intermediate IP addresses -RemoteIPProxiesHeader <%= $proxies_header %> -<%- } -%> - -<%- if $proxy_protocol { -%> -RemoteIPProxyProtocol On -<%- } -%> - -<%- if $proxy_protocol_exceptions { -%> -<%- [$proxy_protocol_exceptions].flatten.each |$exception| { -%> -RemoteIPProxyProtocolExceptions <%= $exception %> -<%- } -%> -<%- } -%> - -<%- if $trusted_proxy { -%> -# Declare client intranet IP addresses trusted to present -# the RemoteIPHeader value - <%- [$trusted_proxy].flatten.each |$proxy| { -%> -RemoteIPTrustedProxy <%= $proxy %> - <%- } -%> -<%- } -%> - -<%- if $trusted_proxy_list { -%> -RemoteIPTrustedProxyList <%= $trusted_proxy_list %> -<%- } -%> diff --git a/puppet/modules/apache/templates/mod/reqtimeout.conf.erb b/puppet/modules/apache/templates/mod/reqtimeout.conf.erb deleted file mode 100644 index 6ffc5ff..0000000 --- a/puppet/modules/apache/templates/mod/reqtimeout.conf.erb +++ /dev/null @@ -1,3 +0,0 @@ -<% Array(@timeouts).each do |timeout| -%> -RequestReadTimeout <%= timeout %> -<%- end -%> diff --git a/puppet/modules/apache/templates/mod/rpaf.conf.erb b/puppet/modules/apache/templates/mod/rpaf.conf.erb deleted file mode 100644 index 56e2398..0000000 --- a/puppet/modules/apache/templates/mod/rpaf.conf.erb +++ /dev/null @@ -1,15 +0,0 @@ -# Enable reverse proxy add forward -RPAFenable On -# RPAFsethostname will, when enabled, take the incoming X-Host header and -# update the virtual host settings accordingly. This allows to have the same -# hostnames as in the "real" configuration for the forwarding proxy. -<% if @sethostname -%> -RPAFsethostname On -<% else -%> -RPAFsethostname Off -<% end -%> -# Which IPs are forwarding requests to us -RPAFproxy_ips <%= Array(@proxy_ips).join(" ") %> -# Setting RPAFheader allows you to change the header name to parse from the -# default X-Forwarded-For to something of your choice. -RPAFheader <%= @header %> diff --git a/puppet/modules/apache/templates/mod/security.conf.erb b/puppet/modules/apache/templates/mod/security.conf.erb deleted file mode 100644 index 638332e..0000000 --- a/puppet/modules/apache/templates/mod/security.conf.erb +++ /dev/null @@ -1,80 +0,0 @@ - - # Default recommended configuration - SecRuleEngine <%= @modsec_secruleengine %> - SecRequestBodyAccess On - SecRule REQUEST_HEADERS:Content-Type "text/xml" \ - "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" - SecRequestBodyLimit <%= @secrequestbodylimit %> - SecRequestBodyNoFilesLimit <%= @secrequestbodynofileslimit %> - SecRequestBodyInMemoryLimit <%= @secrequestbodyinmemorylimit %> - SecRequestBodyLimitAction Reject - SecRule REQBODY_ERROR "!@eq 0" \ - "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" - SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ - "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body failed strict validation: \ - PE %{REQBODY_PROCESSOR_ERROR}, \ - BQ %{MULTIPART_BOUNDARY_QUOTED}, \ - BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ - DB %{MULTIPART_DATA_BEFORE}, \ - DA %{MULTIPART_DATA_AFTER}, \ - HF %{MULTIPART_HEADER_FOLDING}, \ - LF %{MULTIPART_LF_LINE}, \ - SM %{MULTIPART_MISSING_SEMICOLON}, \ - IQ %{MULTIPART_INVALID_QUOTING}, \ - IP %{MULTIPART_INVALID_PART}, \ - IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ - FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" - - SecRule &REQUEST_HEADERS:Proxy "@gt 0" "id:1000005,log,deny,msg:'httpoxy denied'" - - - SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ - "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" - - SecPcreMatchLimit <%= @secpcrematchlimit %> - SecPcreMatchLimitRecursion <%= @secpcrematchlimitrecursion %> - - SecRule TX:/^MSC_/ "!@streq 0" \ - "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" - - SecResponseBodyAccess Off - SecResponseBodyMimeType text/plain text/html text/xml - SecResponseBodyLimit 524288 - SecResponseBodyLimitAction ProcessPartial - SecDebugLogLevel 0 - SecAuditEngine RelevantOnly - SecAuditLogRelevantStatus "<%= @audit_log_relevant_status %>" - SecAuditLogParts <%= @audit_log_parts %> - SecAuditLogType Serial - SecArgumentSeparator & - SecCookieFormat 0 -<%- if scope.lookupvar('::osfamily') == 'Debian' -%> - SecDebugLog <%= @logroot %>/modsec_debug.log - SecAuditLog <%= @logroot %>/modsec_audit.log - SecTmpDir /var/cache/modsecurity - SecDataDir /var/cache/modsecurity - SecUploadDir /var/cache/modsecurity -<%- elsif scope.lookupvar('::osfamily') == 'Suse' -%> - SecDebugLog /var/log/apache2/modsec_debug.log - SecAuditLog /var/log/apache2/modsec_audit.log - SecTmpDir /var/lib/mod_security - SecDataDir /var/lib/mod_security - SecUploadDir /var/lib/mod_security -<% else -%> - SecDebugLog <%= @logroot %>/modsec_debug.log - SecAuditLog <%= @logroot %>/modsec_audit.log - SecTmpDir /var/lib/mod_security - SecDataDir /var/lib/mod_security - SecUploadDir /var/lib/mod_security -<% end -%> - SecUploadKeepFiles Off - - # ModSecurity Core Rules Set configuration -<%- if scope.function_versioncmp([scope.lookupvar('::apache::apache_version'), '2.4']) >= 0 -%> - IncludeOptional <%= @modsec_dir %>/*.conf - IncludeOptional <%= @modsec_dir %>/activated_rules/*.conf -<%- else -%> - Include <%= @modsec_dir %>/*.conf - Include <%= @modsec_dir %>/activated_rules/*.conf -<%- end -%> - diff --git a/puppet/modules/apache/templates/mod/security_crs.conf.erb b/puppet/modules/apache/templates/mod/security_crs.conf.erb deleted file mode 100644 index 641daac..0000000 --- a/puppet/modules/apache/templates/mod/security_crs.conf.erb +++ /dev/null @@ -1,436 +0,0 @@ -# --------------------------------------------------------------- -# Core ModSecurity Rule Set ver.2.2.9 -# Copyright (C) 2006-2012 Trustwave All rights reserved. -# -# The OWASP ModSecurity Core Rule Set is distributed under -# Apache Software License (ASL) version 2 -# Please see the enclosed LICENCE file for full details. -# --------------------------------------------------------------- - - -# -# -- [[ Recommended Base Configuration ]] ------------------------------------------------- -# -# The configuration directives/settings in this file are used to control -# the OWASP ModSecurity CRS. These settings do **NOT** configure the main -# ModSecurity settings such as: -# -# - SecRuleEngine -# - SecRequestBodyAccess -# - SecAuditEngine -# - SecDebugLog -# -# You should use the modsecurity.conf-recommended file that comes with the -# ModSecurity source code archive. -# -# Ref: https://github.com/SpiderLabs/ModSecurity/blob/master/modsecurity.conf-recommended -# - - -# -# -- [[ Rule Version ]] ------------------------------------------------------------------- -# -# Rule version data is added to the "Producer" line of Section H of the Audit log: -# -# - Producer: ModSecurity for Apache/2.7.0-rc1 (http://www.modsecurity.org/); OWASP_CRS/2.2.4. -# -# Ref: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecComponentSignature -# -SecComponentSignature "OWASP_CRS/2.2.9" - - -# -# -- [[ Modes of Operation: Self-Contained vs. Collaborative Detection ]] ----------------- -# -# Each detection rule uses the "block" action which will inherit the SecDefaultAction -# specified below. Your settings here will determine which mode of operation you use. -# -# -- [[ Self-Contained Mode ]] -- -# Rules inherit the "deny" disruptive action. The first rule that matches will block. -# -# -- [[ Collaborative Detection Mode ]] -- -# This is a "delayed blocking" mode of operation where each matching rule will inherit -# the "pass" action and will only contribute to anomaly scores. Transactional blocking -# can be applied -# -# -- [[ Alert Logging Control ]] -- -# You have three options - -# -# - To log to both the Apache error_log and ModSecurity audit_log file use: "log" -# - To log *only* to the ModSecurity audit_log file use: "nolog,auditlog" -# - To log *only* to the Apache error_log file use: "log,noauditlog" -# -# Ref: http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-traditional-vs-anomaly-scoring-detection-modes.html -# Ref: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecDefaultAction -# -SecDefaultAction "phase:1,<%= @_secdefaultaction -%>" -SecDefaultAction "phase:2,<%= @_secdefaultaction -%>" - -# -# -- [[ Collaborative Detection Severity Levels ]] ---------------------------------------- -# -# These are the default scoring points for each severity level. You may -# adjust these to you liking. These settings will be used in macro expansion -# in the rules to increment the anomaly scores when rules match. -# -# These are the default Severity ratings (with anomaly scores) of the individual rules - -# -# - 2: Critical - Anomaly Score of 5. -# Is the highest severity level possible without correlation. It is -# normally generated by the web attack rules (40 level files). -# - 3: Error - Anomaly Score of 4. -# Is generated mostly from outbound leakage rules (50 level files). -# - 4: Warning - Anomaly Score of 3. -# Is generated by malicious client rules (35 level files). -# - 5: Notice - Anomaly Score of 2. -# Is generated by the Protocol policy and anomaly files. -# -SecAction \ - "id:'900001', \ - phase:1, \ - t:none, \ - setvar:tx.critical_anomaly_score=<%= @critical_anomaly_score -%>, \ - setvar:tx.error_anomaly_score=<%= @error_anomaly_score -%>, \ - setvar:tx.warning_anomaly_score=<%= @warning_anomaly_score -%>, \ - setvar:tx.notice_anomaly_score=<%= @notice_anomaly_score -%>, \ - nolog, \ - pass" - - -# -# -- [[ Collaborative Detection Scoring Initialization and Threshold Levels ]] ------------------------------ -# -# These variables are used in macro expansion in the 49 inbound blocking and 59 -# outbound blocking files. -# -# **MUST HAVE** ModSecurity v2.5.12 or higher to use macro expansion in numeric -# operators. If you have an earlier version, edit the 49/59 files directly to -# set the appropriate anomaly score levels. -# -# You should set the score level (rule 900003) to the proper threshold you -# would prefer. If set to "5" it will work similarly to previous Mod CRS rules -# and will create an event in the error_log file if there are any rules that -# match. If you would like to lessen the number of events generated in the -# error_log file, you should increase the anomaly score threshold to something -# like "20". This would only generate an event in the error_log file if there -# are multiple lower severity rule matches or if any 1 higher severity item matches. -# -SecAction \ - "id:'900002', \ - phase:1, \ - t:none, \ - setvar:tx.anomaly_score=0, \ - setvar:tx.sql_injection_score=0, \ - setvar:tx.xss_score=0, \ - setvar:tx.inbound_anomaly_score=0, \ - setvar:tx.outbound_anomaly_score=0, \ - nolog, \ - pass" - - -SecAction \ - "id:'900003', \ - phase:1, \ - t:none, \ - setvar:tx.inbound_anomaly_score_level=<%= @inbound_anomaly_threshold -%>, \ - setvar:tx.outbound_anomaly_score_level=<%= @outbound_anomaly_threshold -%>, \ - nolog, \ - pass" - - -# -# -- [[ Collaborative Detection Blocking ]] ----------------------------------------------- -# -# This is a collaborative detection mode where each rule will increment an overall -# anomaly score for the transaction. The scores are then evaluated in the following files: -# -# Inbound anomaly score - checked in the modsecurity_crs_49_inbound_blocking.conf file -# Outbound anomaly score - checked in the modsecurity_crs_59_outbound_blocking.conf file -# -# If you want to use anomaly scoring mode, then uncomment this line. -# -SecAction \ - "id:'900004', \ - phase:1, \ - t:none, \ - setvar:tx.anomaly_score_blocking=<%= @anomaly_score_blocking -%>, \ - nolog, \ - pass" - - -# -# -- [[ GeoIP Database ]] ----------------------------------------------------------------- -# -# There are some rulesets that need to inspect the GEO data of the REMOTE_ADDR data. -# -# You must first download the MaxMind GeoIP Lite City DB - -# -# http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz -# -# You then need to define the proper path for the SecGeoLookupDb directive -# -# Ref: http://blog.spiderlabs.com/2010/10/detecting-malice-with-modsecurity-geolocation-data.html -# Ref: http://blog.spiderlabs.com/2010/11/detecting-malice-with-modsecurity-ip-forensics.html -# -#SecGeoLookupDb /opt/modsecurity/lib/GeoLiteCity.dat - -# -# -- [[ Regression Testing Mode ]] -------------------------------------------------------- -# -# If you are going to run the regression testing mode, you should uncomment the -# following rule. It will enable DetectionOnly mode for the SecRuleEngine and -# will enable Response Header tagging so that the client testing script can see -# which rule IDs have matched. -# -# You must specify the your source IP address where you will be running the tests -# from. -# -#SecRule REMOTE_ADDR "@ipMatch 192.168.1.100" \ - "id:'900005', \ - phase:1, \ - t:none, \ - ctl:ruleEngine=DetectionOnly, \ - setvar:tx.regression_testing=1, \ - nolog, \ - pass" - - -# -# -- [[ HTTP Policy Settings ]] ---------------------------------------------------------- -# -# Set the following policy settings here and they will be propagated to the 23 rules -# file (modsecurity_common_23_request_limits.conf) by using macro expansion. -# If you run into false positives, you can adjust the settings here. -# -# Only the max number of args is uncommented by default as there are a high rate -# of false positives. Uncomment the items you wish to set. -# -# -# -- Maximum number of arguments in request limited -SecAction \ - "id:'900006', \ - phase:1, \ - t:none, \ - setvar:tx.max_num_args=<%= @secrequestmaxnumargs %>, \ - nolog, \ - pass" - -# -# -- Limit argument name length -#SecAction \ - "id:'900007', \ - phase:1, \ - t:none, \ - setvar:tx.arg_name_length=100, \ - nolog, \ - pass" - -# -# -- Limit value name length -#SecAction \ - "id:'900008', \ - phase:1, \ - t:none, \ - setvar:tx.arg_length=400, \ - nolog, \ - pass" - -# -# -- Limit arguments total length -#SecAction \ - "id:'900009', \ - phase:1, \ - t:none, \ - setvar:tx.total_arg_length=64000, \ - nolog, \ - pass" - -# -# -- Individual file size is limited -#SecAction \ - "id:'900010', \ - phase:1, \ - t:none, \ - setvar:tx.max_file_size=1048576, \ - nolog, \ - pass" - -# -# -- Combined file size is limited -#SecAction \ - "id:'900011', \ - phase:1, \ - t:none, \ - setvar:tx.combined_file_sizes=1048576, \ - nolog, \ - pass" - - -# -# Set the following policy settings here and they will be propagated to the 30 rules -# file (modsecurity_crs_30_http_policy.conf) by using macro expansion. -# If you run into false positves, you can adjust the settings here. -# -SecAction \ - "id:'900012', \ - phase:1, \ - t:none, \ - setvar:'tx.allowed_methods=<%= @allowed_methods -%>', \ - setvar:'tx.allowed_request_content_type=<%= @content_types -%>', \ - setvar:'tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1', \ - setvar:'tx.restricted_extensions=<%= @restricted_extensions -%>', \ - setvar:'tx.restricted_headers=<%= @restricted_headers -%>', \ - nolog, \ - pass" - - -# -# -- [[ Content Security Policy (CSP) Settings ]] ----------------------------------------- -# -# The purpose of these settings is to send CSP response headers to -# Mozilla FireFox users so that you can enforce how dynamic content -# is used. CSP usage helps to prevent XSS attacks against your users. -# -# Reference Link: -# -# https://developer.mozilla.org/en/Security/CSP -# -# Uncomment this SecAction line if you want use CSP enforcement. -# You need to set the appropriate directives and settings for your site/domain and -# and activate the CSP file in the experimental_rules directory. -# -# Ref: http://blog.spiderlabs.com/2011/04/modsecurity-advanced-topic-of-the-week-integrating-content-security-policy-csp.html -# -#SecAction \ - "id:'900013', \ - phase:1, \ - t:none, \ - setvar:tx.csp_report_only=1, \ - setvar:tx.csp_report_uri=/csp_violation_report, \ - setenv:'csp_policy=allow \'self\'; img-src *.yoursite.com; media-src *.yoursite.com; style-src *.yoursite.com; frame-ancestors *.yoursite.com; script-src *.yoursite.com; report-uri %{tx.csp_report_uri}', \ - nolog, \ - pass" - - -# -# -- [[ Brute Force Protection ]] --------------------------------------------------------- -# -# If you are using the Brute Force Protection rule set, then uncomment the following -# lines and set the following variables: -# - Protected URLs: resources to protect (e.g. login pages) - set to your login page -# - Burst Time Slice Interval: time interval window to monitor for bursts -# - Request Threshold: request # threshold to trigger a burst -# - Block Period: temporary block timeout -# -#SecAction \ - "id:'900014', \ - phase:1, \ - t:none, \ - setvar:'tx.brute_force_protected_urls=#/login.jsp# #/partner_login.php#', \ - setvar:'tx.brute_force_burst_time_slice=60', \ - setvar:'tx.brute_force_counter_threshold=10', \ - setvar:'tx.brute_force_block_timeout=300', \ - nolog, \ - pass" - - -# -# -- [[ DoS Protection ]] ---------------------------------------------------------------- -# -# If you are using the DoS Protection rule set, then uncomment the following -# lines and set the following variables: -# - Burst Time Slice Interval: time interval window to monitor for bursts -# - Request Threshold: request # threshold to trigger a burst -# - Block Period: temporary block timeout -# -SecAction \ - "id:'900015', \ - phase:1, \ - t:none, \ - setvar:'tx.dos_burst_time_slice=60', \ - setvar:'tx.dos_counter_threshold=100', \ - setvar:'tx.dos_block_timeout=600', \ - nolog, \ - pass" - - -# -# -- [[ Check UTF enconding ]] ----------------------------------------------------------- -# -# We only want to apply this check if UTF-8 encoding is actually used by the site, otherwise -# it will result in false positives. -# -# Uncomment this line if your site uses UTF8 encoding -#SecAction \ - "id:'900016', \ - phase:1, \ - t:none, \ - setvar:tx.crs_validate_utf8_encoding=1, \ - nolog, \ - pass" - - -# -# -- [[ Enable XML Body Parsing ]] ------------------------------------------------------- -# -# The rules in this file will trigger the XML parser upon an XML request -# -# Initiate XML Processor in case of xml content-type -# -SecRule REQUEST_HEADERS:Content-Type "text/xml" \ - "id:'900017', \ - phase:1, \ - t:none,t:lowercase, \ - nolog, \ - pass, \ - chain" - SecRule REQBODY_PROCESSOR "!@streq XML" \ - "ctl:requestBodyProcessor=XML" - - -# -# -- [[ Global and IP Collections ]] ----------------------------------------------------- -# -# Create both Global and IP collections for rules to use -# There are some CRS rules that assume that these two collections -# have already been initiated. -# -SecRule REQUEST_HEADERS:User-Agent "^(.*)$" \ - "id:'900018', \ - phase:1, \ - t:none,t:sha1,t:hexEncode, \ - setvar:tx.ua_hash=%{matched_var}, \ - nolog, \ - pass" - - -SecRule REQUEST_HEADERS:x-forwarded-for "^\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b" \ - "id:'900019', \ - phase:1, \ - t:none, \ - capture, \ - setvar:tx.real_ip=%{tx.1}, \ - nolog, \ - pass" - - -SecRule &TX:REAL_IP "!@eq 0" \ - "id:'900020', \ - phase:1, \ - t:none, \ - initcol:global=global, \ - initcol:ip=%{tx.real_ip}_%{tx.ua_hash}, \ - nolog, \ - pass" - - -SecRule &TX:REAL_IP "@eq 0" \ - "id:'900021', \ - phase:1, \ - t:none, \ - initcol:global=global, \ - initcol:ip=%{remote_addr}_%{tx.ua_hash}, \ - setvar:tx.real_ip=%{remote_addr}, \ - nolog, \ - pass" - diff --git a/puppet/modules/apache/templates/mod/setenvif.conf.erb b/puppet/modules/apache/templates/mod/setenvif.conf.erb deleted file mode 100644 index d31c79f..0000000 --- a/puppet/modules/apache/templates/mod/setenvif.conf.erb +++ /dev/null @@ -1,34 +0,0 @@ -# -# The following directives modify normal HTTP response behavior to -# handle known problems with browser implementations. -# -BrowserMatch "Mozilla/2" nokeepalive -BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 -BrowserMatch "RealPlayer 4\.0" force-response-1.0 -BrowserMatch "Java/1\.0" force-response-1.0 -BrowserMatch "JDK/1\.0" force-response-1.0 - -# -# The following directive disables redirects on non-GET requests for -# a directory that does not include the trailing slash. This fixes a -# problem with Microsoft WebFolders which does not appropriately handle -# redirects for folders with DAV methods. -# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. -# -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "MS FrontPage" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully -BrowserMatch "^gnome-vfs/1.0" redirect-carefully -BrowserMatch "^gvfs/1" redirect-carefully -BrowserMatch "^XML Spy" redirect-carefully -BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully -BrowserMatch " Konqueror/4" redirect-carefully - - - BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - # MSIE 7 and newer should be able to use keepalive - BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown - diff --git a/puppet/modules/apache/templates/mod/ssl.conf.erb b/puppet/modules/apache/templates/mod/ssl.conf.erb deleted file mode 100644 index a3cf618..0000000 --- a/puppet/modules/apache/templates/mod/ssl.conf.erb +++ /dev/null @@ -1,50 +0,0 @@ - - SSLRandomSeed startup builtin - SSLRandomSeed startup file:/dev/urandom <%= @ssl_random_seed_bytes %> - SSLRandomSeed connect builtin - SSLRandomSeed connect file:/dev/urandom <%= @ssl_random_seed_bytes %> - - AddType application/x-x509-ca-cert .crt - AddType application/x-pkcs7-crl .crl - - SSLPassPhraseDialog <%= @ssl_pass_phrase_dialog %> - SSLSessionCache "shmcb:<%= @ssl_sessioncache %>" - SSLSessionCacheTimeout <%= @ssl_sessioncachetimeout %> - <%- if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> - Mutex <%= @_ssl_mutex %> - <%- if @ssl_compression -%> - SSLCompression <%= scope.call_function('apache::bool2httpd', [@ssl_compression]) %> - <%- end -%> - <%- else -%> - SSLMutex <%= @_ssl_mutex %> - <%- end -%> - SSLCryptoDevice <%= @ssl_cryptodevice %> - SSLHonorCipherOrder <%= scope.call_function('apache::bool2httpd', [@_ssl_honorcipherorder]) %> - <%- if @ssl_cert -%> - SSLCertificateFile "<%= @ssl_cert %>" - <%- end -%> - <%- if @ssl_key -%> - SSLCertificateKeyFile "<%= @ssl_key %>" - <%- end -%> - <%- if @ssl_ca -%> - SSLCACertificateFile "<%= @ssl_ca %>" - <%- end -%> -<% if scope.function_versioncmp([@_apache_version, '2.4']) >= 0 -%> - SSLUseStapling <%= scope.call_function('apache::bool2httpd', [@ssl_stapling]) %> - <%- if not @ssl_stapling_return_errors.nil? -%> - SSLStaplingReturnResponderErrors <%= scope.call_function('apache::bool2httpd', [@ssl_stapling_return_errors]) %> - <%- end -%> - SSLStaplingCache "shmcb:<%= @stapling_cache %>" -<% end -%> - SSLCipherSuite <%= @ssl_cipher %> - SSLProtocol <%= @ssl_protocol.compact.join(' ') %> -<% if not @ssl_proxy_protocol.empty? -%> - SSLProxyProtocol <%= @ssl_proxy_protocol.compact.join(' ') %> -<% end -%> -<% if @ssl_options -%> - SSLOptions <%= @ssl_options.compact.join(' ') %> -<% end -%> -<%- if @ssl_openssl_conf_cmd -%> - SSLOpenSSLConfCmd <%= @ssl_openssl_conf_cmd %> -<%- end -%> - diff --git a/puppet/modules/apache/templates/mod/status.conf.erb b/puppet/modules/apache/templates/mod/status.conf.erb deleted file mode 100644 index 28cc55b..0000000 --- a/puppet/modules/apache/templates/mod/status.conf.erb +++ /dev/null @@ -1,18 +0,0 @@ -> - SetHandler server-status - <%-# From Puppet 4.2 up, replace: -%> - <%-# "scope.function_template(["apache/mod/