diff --git a/Berksfile b/Berksfile index 2dd51f4..068a4ed 100644 --- a/Berksfile +++ b/Berksfile @@ -1,6 +1,6 @@ source "https://api.berkshelf.com" -cookbook "apache2", "= 1.10.4" +cookbook "apache2", "= 3.0.1" cookbook "apt", "= 2.4.0" cookbook "aws", "= 2.2.0" cookbook "build-essential", "= 2.0.2" @@ -13,7 +13,7 @@ cookbook "mysql", "= 5.2.10" cookbook "mysql-chef_gem", "= 0.0.2" cookbook "openssl", "= 1.1.0" cookbook "pacman", "= 1.1.1" -cookbook "php", "= 1.4.6" +cookbook "php", "= 1.5.0" cookbook "postgresql", "= 3.4.0" cookbook "windows", "= 1.31.0" cookbook "xfs", "= 1.1.0" diff --git a/Berksfile.lock b/Berksfile.lock index 85b38b9..af48bf7 100644 --- a/Berksfile.lock +++ b/Berksfile.lock @@ -1,5 +1,5 @@ DEPENDENCIES - apache2 (= 1.10.4) + apache2 (= 3.0.1) apt (= 2.4.0) aws (= 2.2.0) build-essential (= 2.0.2) @@ -12,7 +12,7 @@ DEPENDENCIES mysql-chef_gem (= 0.0.2) openssl (= 1.1.0) pacman (= 1.1.1) - php (= 1.4.6) + php (= 1.5.0) postgresql (= 3.4.0) windows (= 1.31.0) xfs (= 1.1.0) @@ -21,10 +21,9 @@ DEPENDENCIES yum-epel (= 0.3.6) GRAPH - apache2 (1.10.4) + apache2 (3.0.1) iptables (>= 0.0.0) logrotate (>= 0.0.0) - pacman (>= 0.0.0) apt (2.4.0) aws (2.2.0) build-essential (2.0.2) @@ -45,7 +44,7 @@ GRAPH mysql (>= 0.0.0) openssl (1.1.0) pacman (1.1.1) - php (1.4.6) + php (1.5.0) build-essential (>= 0.0.0) iis (>= 0.0.0) mysql (>= 0.0.0) diff --git a/Vagrantfile b/Vagrantfile index e728704..c6f5169 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -4,8 +4,7 @@ Vagrant.configure("2") do |config| config_json = JSON.parse(File.read("config.json")) # Prepare base box. - config.vm.box = "precise32" - config.vm.box_url = "http://files.vagrantup.com/precise32.box" + config.vm.box = "ubuntu/trusty64" # Configure networking. config.vm.network :private_network, ip: config_json["vm"]["ip"] diff --git a/chef/cookbooks/berks/Berksfile.lock b/chef/cookbooks/berks/Berksfile.lock deleted file mode 100644 index 85b38b9..0000000 --- a/chef/cookbooks/berks/Berksfile.lock +++ /dev/null @@ -1,66 +0,0 @@ -DEPENDENCIES - apache2 (= 1.10.4) - apt (= 2.4.0) - aws (= 2.2.0) - build-essential (= 2.0.2) - chef_handler (= 1.1.6) - database (= 2.2.0) - iis (= 2.1.2) - iptables (= 0.13.2) - logrotate (= 1.5.0) - mysql (= 5.2.10) - mysql-chef_gem (= 0.0.2) - openssl (= 1.1.0) - pacman (= 1.1.1) - php (= 1.4.6) - postgresql (= 3.4.0) - windows (= 1.31.0) - xfs (= 1.1.0) - xml (= 1.2.4) - yum (= 3.2.0) - yum-epel (= 0.3.6) - -GRAPH - apache2 (1.10.4) - iptables (>= 0.0.0) - logrotate (>= 0.0.0) - pacman (>= 0.0.0) - apt (2.4.0) - aws (2.2.0) - build-essential (2.0.2) - chef_handler (1.1.6) - database (2.2.0) - aws (>= 0.0.0) - mysql (>= 5.0.0) - mysql-chef_gem (>= 0.0.0) - postgresql (>= 1.0.0) - xfs (>= 0.0.0) - iis (2.1.2) - windows (>= 1.2.6) - iptables (0.13.2) - logrotate (1.5.0) - mysql (5.2.10) - mysql-chef_gem (0.0.2) - build-essential (>= 0.0.0) - mysql (>= 0.0.0) - openssl (1.1.0) - pacman (1.1.1) - php (1.4.6) - build-essential (>= 0.0.0) - iis (>= 0.0.0) - mysql (>= 0.0.0) - windows (>= 0.0.0) - xml (>= 0.0.0) - yum-epel (>= 0.0.0) - postgresql (3.4.0) - apt (>= 1.9.0) - build-essential (>= 0.0.0) - openssl (>= 0.0.0) - windows (1.31.0) - chef_handler (>= 0.0.0) - xfs (1.1.0) - xml (1.2.4) - build-essential (>= 0.0.0) - yum (3.2.0) - yum-epel (0.3.6) - yum (~> 3.0) diff --git a/chef/cookbooks/berks/apache2/CHANGELOG.md b/chef/cookbooks/berks/apache2/CHANGELOG.md index 05dad83..452c16e 100644 --- a/chef/cookbooks/berks/apache2/CHANGELOG.md +++ b/chef/cookbooks/berks/apache2/CHANGELOG.md @@ -2,6 +2,123 @@ apache2 Cookbook Changelog ========================== This file is used to list changes made in each version of the apache2 cookbook. +v3.0.1 (2015-02-11) +------------------- + +- [GH-310] Ubuntu Apache 2.2 requires the lock_dir to be owned by www-data +- [GH-307] Clarify that apache.version is a string +- [GH-305] Restart service after MPM changes +- [GH-304] Don't install systemd module on Amazon Linux +- [GH-298] Add non-threaded MPM break notice for PHP users +- [GH-296] Create lock_dir automatically + +v3.0.0 (2014-11-30) +------------------- +Major version update because of SSL Improvements and new platform MPM and Version defaults. + +- [GH-286] Refactor MPM and Apache version defaults: default is now apache 2.4 +- Note: set `apache.mpm` to `prefork` if you are using `mod_php` in Ubuntu >=14.04 +- [GH-281] mod_ssl: Disable SSLv3 by default to protect against POODLE attack (CVE-2014-3566) +- [GH-280] mod_ssl: Major update with modern Cipher Suite, and best practices. + Updated to a more modern default `apache.mod_ssl.cipher_suite`. + Added the following additional mod_ssl attributes + * `apache.mod_ssl.honor_cipher_order` + * `apache.mod_ssl.insecure_renegotiation` + * `apache.mod_ssl.strict_sni_vhost_check` + * `apache.mod_ssl.session_cache_timeout` + * `apache.mod_ssl.compression` + * `apache.mod_ssl.use_stapling` + * `apache.mod_ssl.stapling_responder_timeout` + * `apache.mod_ssl.stapling_return_responder_errors` + * `apache.mod_ssl.stapling_cache` + * `apache.mod_ssl.pass_phrase_dialog` + * `apache.mod_ssl.mutex` + * `apache.mod_ssl.directives` +- [GH-278] Improved chefspec tests execution time +- [GH-277] Optimize files watching for Guard on Win32 platform +- [GH-270] Don't attempt start until after configuration is written +- [GH-268] Now uses chefspec 4.1 +- [GH-267] Use Supermarket as the Berkshelf 3 source +- [GH-266] Rubocop based ruby style/syntax improvements +- [GH-264] mod_ssl: Add new attribute for to be ready to any custom directive +- [GH-249] Don't prepend Apache log path when requesting error logging to syslog +- [GH-247] Explicitly include mod_ldap before mod_authnz_ldap +- [GH-243] Expand mpm options for different distros/versions. +- [GH-239] Added `apache.mod_php5.install_method` attribute defaults to `package`. Install packages unless PHP is compiled from source. +- OneHealth Solutions was acquired by Viverae +- Remove ArchLinux pacman as a dependency and handle similar to apt, yum, zypper +- Adjust ubuntu apache 2.4 docroot_dir to match package (from /var/www to /var/www/html) +- [GH-238] Bump service config syntax check guard timeout to 10 seconds +- [GH-235] Removed `apache2::mpm_itk` which is not part of core and therefore should be its own cookbook +- [GH-234] /var/run/httpd/mod_fcgid directory now belongs to apache on Fedora/RHEL systems. +- [GH-233] Default web_app template should return 503 status code when maintenance file is present +- [GH-232] Cookbook now deletes a2* if they are symlinks before dropping template versions +- [GH-222] Set TraceEnable to off by default. +- [GH-213] Adjust chefspec to use the package resource on FreeBSD (previously freebsd_package) +- [GH-212] New attribute apache.locale which sets LANG. defaults to 'C' +- [GH-210] Clarify web_app definition usage around configuration templates. +- [GH-208] `apache_conf` now accepts `source` and `cookbook` parameters. + +v2.0.0 (2014-08-06) +-------------------- +Major version update because of major overhaul to support Apache 2.4 and a2enconf and a2endisconf changes. + +- [GH-204] mod_auth_openid: Added `apache.mod_auth_openid.version` attribute +- FreeBSD support has been improved with the release of chef 11.14.2, portsnap is no longer used in favor of pkgng. +- [GH-157] - Apache will only be started when a configuration test passes, this allows the chef run to fix any broken configuration without failing the chef run. +- `apache.log_dir` directory is now 0755 on all platforms (including the debian platform family) +- [GH-166, GH-173] - `conf.d` is no longer used and replaced by `conf-available` and `conf-enabled` managed via the `a2enconf` and `a2disconf` scripts +- [GH-166, GH-173] - All configuration files need to end in `.conf` for them to be loaded +- [GH-173] - Perl is a required package on all platforms to support the a2* scripts as we now use the debian versions directly. +- [GH-193] - per MPM settings: `maxclients` is now `maxrequestworkers` +- [GH-194] - per MPM settings: `maxrequestsperchild` is now `maxconnectionsperchild` +- [GH-161] - Added support for CentOS 7 +- [GH-180] - Improved SuSE support +- [GH-100] - Apache HTTP 2.4 support + This provides Apache 2.4 support in a backwards compatible way. + It adds the following new attributes: + - `apache.version` - This defaults to `2.2` and if changed to `2.4`; it triggers and assumes 2.4 packages will be installed. + - `apache.mpm` - In 2.4 mode, this specifies which mpm to install. Default is `prefork`. + - `apache.run_dir` + - `apache.lock_dir` + - `apache.libexec_dir` replaces `apache.libexecdir` + - `apache.prefork.maxrequestworkers` replaces `apache.prefork.maxclients` + - `apache.prefork.maxconnectionsperchild` replaces `apache.prefork.maxrequestsperchild` + - `apache.worker.threadlimit` + - `apache.worker.maxrequestworkers` replaces `apache.worker.maxclients` + - `apache.worker.maxconnectionsperchild `replaces `apache.worker.maxrequestsperchild` + - `apache.event.startservers` + - `apache.event.serverlimit` + - `apache.event.minsparethreads` + - `apache.event.maxsparethreads` + - `apache.event.threadlimit` + - `apache.event.threadsperchild` + - `apache.event.maxrequestworkers` + - `apache.event.maxconnectionsperchild` + - `apache.itk.startservers` + - `apache.itk.minspareservers` + - `apache.itk.maxspareservers` + - `apache.itk.maxrequestworkers` + - `apache.itk.maxconnectionsperchild` + + Apache 2.4 Upgrade Notes: + + Since the changes between apache 2.2 and apache 2.4 are pretty significant, we are unable to account for all changes needed for your upgrade. Please take a moment to familiarize yourself with the Apache Software Foundation provided upgrade documentation before attempting to use this cookbook with apache 2.4. See http://httpd.apache.org/docs/current/upgrading.html + + - This cookbook does not automatically specify which version of apache to install. We are at the mercy of the `package` provider. It is important, however, to make sure that you configure the `apache.version` attribute to match. For your convenience, we try to set reasonable defaults based on different platforms in our test suite. + - `mod_proxy` - In 2.4 mode, `apache.proxy.order`, `apache.proxy.deny_from`, `apache.proxy.allow_from` are ignored, as the attributes can not be supported in a backwards compatible way. Please use `apache.proxy.require` instead. + +v1.11.0 (2014-07-25) +-------------------- +- [GH-152] - Checking if server_aliases is defined in example +- [GH-106] - Only turn rewrite on once in web_app.conf.erb +- [GH-156] - Correct mod_basic/digest recipe names in README +- Recipe iptables now includes the iptables::default recipe +- Upgrade test-kitchen to latest version +- Replaced minitest integration tests with serverspec tests +- Added chefspec tests + + v1.10.4 (2014-04-23) -------------------- - [COOK-4249] mod_proxy_http requires mod_proxy @@ -42,7 +159,7 @@ v1.9.0 (2014-02-21) ------------------- ### Improvement - **[COOK-4076](https://tickets.opscode.com/browse/COOK-4076)** - foodcritic: dependencies are not defined properly -- **[COOK-2572](https://tickets.opscode.com/browse/COOK-2572)** - Add mod_pagespeed recipe to apache2 +- **[COOK-2572](https://tickets.opscode.com/browse/COOK-2572)** - Add mod_pagespeed recipe to apache2 ### Bug - **[COOK-4043](https://tickets.opscode.com/browse/COOK-4043)** - apache2 cookbook does not depend on 'iptables' diff --git a/chef/cookbooks/berks/apache2/README.md b/chef/cookbooks/berks/apache2/README.md index af7b5d5..d4d1a65 100644 --- a/chef/cookbooks/berks/apache2/README.md +++ b/chef/cookbooks/berks/apache2/README.md @@ -1,6 +1,7 @@ apache2 Cookbook ================ -[![Build Status](https://secure.travis-ci.org/onehealth-cookbooks/apache2.png?branch=master)](http://travis-ci.org/onehealth-cookbooks/apache2) +[![Build Status](https://travis-ci.org/svanzoest/apache2-cookbook.svg?branch=master)](https://travis-ci.org/svanzoest/apache2-cookbook) +[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/svanzoest/apache2-cookbook?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge) This cookbook provides a complete Debian/Ubuntu style Apache HTTPD configuration. Non-Debian based distributions such as Red Hat/CentOS, @@ -15,6 +16,8 @@ sites (vhosts). The scripts are: * a2dissite * a2enmod * a2dismod +* a2enconf +* a2disconf This cookbook ships with templates of these scripts for non Debian/Ubuntu platforms. The scripts are used in the __Definitions__ @@ -32,7 +35,7 @@ As of v1.2.0, this cookbook makes use of `node['platform_family']` to simplify platform selection logic. This attribute was introduced in Ohai v0.6.12. The recipe methods were introduced in Chef v0.10.10. If you must run an older version of Chef or Ohai, use [version 1.1.16 of -this cookbook](http://community.opscode.com/cookbooks/apache2/versions/1_1_16/downloads). +this cookbook](https://supermarket.chef.io/cookbooks/apache2/versions/1.1.16). ## Cookbooks: @@ -53,7 +56,7 @@ settings may affect the behavior of this cookbook: On Ubuntu/Debian, use Opscode's `apt` cookbook to ensure the package cache is updated so Chef can install packages, or consider putting apt-get in your bootstrap process or -[knife bootstrap template](http://wiki.opscode.com/display/chef/Knife+Bootstrap). +[knife bootstrap template](http://docs.chef.io/knife_bootstrap.html) On RHEL, SELinux is enabled by default. The `selinux` cookbook contains a `permissive` recipe that can be used to set SELinux to @@ -87,15 +90,15 @@ ensure that the cookbook is available to the node, and to set up `god`. ## Platforms: The following platforms and versions are tested and supported using -Opscode's [test-kitchen](http://github.com/opscode/test-kitchen). +[test-kitchen](http://kitchen.ci/) -* Ubuntu 10.04, 12.04 -* CentOS 5.8, 6.3 +* Ubuntu 12.04, 14.04 +* Debian 7.6 +* CentOS 6.5, 7.0 The following platform families are supported in the code, and are assumed to work based on the successful testing on Ubuntu and CentOS. -* Debian * Red Hat (rhel) * Fedora * Amazon Linux @@ -112,25 +115,20 @@ tested manually but are not tested under test-kitchen. On Red Hat Enterprise Linux and derivatives, the EPEL repository may be necessary to install packages used in certain recipes. The `apache2::default` recipe, however, does not require any additional -repositories. Opscode's `yum` cookbook contains a recipe to add the +repositories. Opscode's `yum-epel` cookbook can be used to add the EPEL repository. See __Examples__ for more information. ### Notes for FreeBSD: -The `apache2::mod_php5` recipe depends on the `freebsd` cookbook, -which it uses to set the correct options for compiling the `php5` port -from sources. You need to ensure the `freebsd` is in the expanded run -list, or this recipe will fail. We don't set an explicit dependency -because we feel the `freebsd` cookbook is something users would want -on their nodes, and due to the generality of this cookbook we don't -want additional specific dependencies. +Version 2.0 has been had some basic testing against FreeBSD 10.0 using +Chef 11.14.2 which has support for pkgng (CHEF-4637). Tests ===== This cookbook in the -[source repository](https://github.com/opscode-cookbooks/apache2) -contains minitest and cucumber tests. This is an initial proof of +[source repository](https://github.com/svanzoest/apache2-cookbook/) +contains chefspec, serverspec and cucumber tests. This is an initial proof of concept that will be fleshed out with more supporting infrastructure at a future time. @@ -160,6 +158,7 @@ the top of the file. * `node['apache']['user']` - User Apache runs as * `node['apache']['group']` - Group Apache runs as * `node['apache']['binary']` - Apache httpd server daemon +* `node['apache']['conf_dir']` - Location for the main config file (e.g apache2.conf or httpd.conf) * `node['apache']['docroot_dir']` - Location for docroot * `node['apache']['cgibin_dir']` - Location for cgi-bin * `node['apache']['icondir']` - Location for icons @@ -168,6 +167,7 @@ the top of the file. * `node['apache']['lib_dir']` - Location for shared libraries * `node['apache']['default_site_enabled']` - Default site enabled. Default is false. * `node['apache']['ext_status']` - if true, enables ExtendedStatus for `mod_status` +* `node['apache']['locale'] - Locale to set in sysconfig or envvars and used for subprocesses and modules (like mod_dav and mod_wsgi). On debian systems Uses system-local if set to 'system', defaults to 'C'. General settings ---------------- @@ -175,6 +175,7 @@ General settings These are general settings used in recipes and templates. Default values are noted. +* `node['apache']['version']` - Specifing 2.4 triggers apache 2.4 support. If the platform is known during our test to install 2.4 by default, it will be set to 2.4 for you. Otherwise it falls back to 2.2. This value should be specified as a string. * `node['apache']['listen_addresses']` - Addresses that httpd should listen on. Default is any ("*"). * `node['apache']['listen_ports']` - Ports that httpd should listen on. Default is port 80. * `node['apache']['contact']` - Value for ServerAdmin directive. Default "ops@example.com". @@ -184,34 +185,49 @@ values are noted. * `node['apache']['keepalivetimeout']` - Value for the KeepAliveTimeout directive. Default is 5. * `node['apache']['sysconfig_additional_params']` - Additionals variables set in sysconfig file. Default is empty. * `node['apache']['default_modules']` - Array of module names. Can take "mod_FOO" or "FOO" as names, where FOO is the apache module, e.g. "`mod_status`" or "`status`". +* `node['apache']['mpm']` - With apache.version 2.4, specifies what Multi-Processing Module to enable. Default is "prefork". The modules listed in `default_modules` will be included as recipes in `recipe[apache::default]`. Prefork attributes ------------------ -Prefork attributes are used for tuning the Apache HTTPD prefork MPM -configuration. +Prefork attributes are used for tuning the Apache HTTPD [prefork MPM](http://httpd.apache.org/docs/current/mod/prefork.html) configuration. * `node['apache']['prefork']['startservers']` - initial number of server processes to start. Default is 16. * `node['apache']['prefork']['minspareservers']` - minimum number of spare server processes. Default 16. * `node['apache']['prefork']['maxspareservers']` - maximum number of spare server processes. Default 32. * `node['apache']['prefork']['serverlimit']` - upper limit on configurable server processes. Default 400. -* `node['apache']['prefork']['maxclients']` - Maximum number of simultaneous connections. -* `node['apache']['prefork']['maxrequestsperchild']` - Maximum number of request a child process will handle. Default 10000. +* `node['apache']['prefork']['maxrequestworkers']` - Maximum number of connections that will be processed simultaneously +* `node['apache']['prefork']['maxconnectionsperchild']` - Maximum number of request a child process will handle. Default 10000. Worker attributes ----------------- -Worker attributes are used for tuning the Apache HTTPD worker MPM +Worker attributes are used for tuning the Apache HTTPD [worker MPM](http://httpd.apache.org/docs/current/mod/worker.html) configuration. * `node['apache']['worker']['startservers']` - Initial number of server processes to start. Default 4 -* `node['apache']['worker']['serverlimit']` - upper limit on configurable server processes. Default 16. -* `node['apache']['worker']['maxclients']` - Maximum number of simultaneous connections. Default 1024. +* `node['apache']['worker']['serverlimit']` - Upper limit on configurable server processes. Default 16. * `node['apache']['worker']['minsparethreads']` - Minimum number of spare worker threads. Default 64 * `node['apache']['worker']['maxsparethreads']` - Maximum number of spare worker threads. Default 192. -* `node['apache']['worker']['maxrequestsperchild']` - Maximum number of requests a child process will handle. +* `node['apache']['worker']['maxrequestworkers']` - Maximum number of simultaneous connections. Default 1024. +* `node['apache']['worker']['maxconnectionsperchild']` - Limit on the number of connections that an individual child server will handle during its life. + +Event attributes +---------------- + +Event attributes are used for tuning the Apache HTTPD [event MPM](http://httpd.apache.org/docs/current/mod/event.html) +configuration. + +* `node['apache']['event']['startservers']` - Initial number of child server processes created at startup. Default 4. +* `node['apache']['event']['serverlimit']` - Upper limit on configurable number of processes. Default 16. +* `node['apache']['event']['minsparethreads']` - Minimum number of spare worker threads. Default 64 +* `node['apache']['event']['maxsparethreads']` - Maximum number of spare worker threads. Default 192. +* `node['apache']['event']['threadlimit']` - Upper limit on the configurable number of threads per child process. Default 192. +* `node['apache']['event']['threadsperchild']` - Number of threads created by each child process. Default 64. +* `node['apache']['event']['maxrequestworkers']` - Maximum number of connections that will be processed simultaneously. +* `node['apache']['event']['maxconnectionsperchild']` - Limit on the number of connections that an individual child server will handle during its life. mod\_auth\_openid attributes ---------------------------- @@ -223,6 +239,7 @@ they're logistically unrelated to the others, being specific to the * `node['apache']['mod_auth_openid']['checksum']` - sha256sum of the tarball containing the source. * `node['apache']['mod_auth_openid']['ref']` - Any sha, tag, or branch found from https://github.com/bmuller/mod_auth_openid +* `node['apache']['mod_auth_openid']['version']` - directory name version within the tarball * `node['apache']['mod_auth_openid']['cache_dir']` - the cache directory is where the sqlite3 database is stored. It is separate so it can be managed as a directory resource. * `node['apache']['mod_auth_openid']['dblocation']` - filename of the sqlite3 database used for directive `AuthOpenIDDBLocation`, stored in the `cache_dir` by default. * `node['apache']['mod_auth_openid']['configure_flags']` - optional array of configure flags passed to the `./configure` step in the compilation of the module. @@ -230,12 +247,33 @@ they're logistically unrelated to the others, being specific to the mod\_ssl attributes ------------------- -* `node['apache']['mod_ssl']['cipher_suite']` - sets the - SSLCiphersuite value to the specified string. The default is - considered "sane" but you may need to change it for your local - security policy, e.g. if you have PCI-DSS requirements. Additional +For general information on this attributes see http://httpd.apache.org/docs/current/mod/mod_ssl.html + +* `node['apache']['mod_ssl']['cipher_suite']` - sets the SSLCiphersuite value to the specified string. The default is + considered "sane" but you may need to change it for your local security policy, e.g. if you have PCI-DSS requirements. Additional commentary on the - [original pull request](https://github.com/opscode-cookbooks/apache2/pull/15#commitcomment-1605406). + [original pull request](https://github.com/svanzoest/apache2-cookbook/pull/15#commitcomment-1605406). +* `node['apache']['mod_ssl']['honor_cipher_order']` - Option to prefer the server's cipher preference order. Default 'On'. +* `node['apache']['mod_ssl']['insecure_renegotiation']` - Option to enable support for insecure renegotiation. Default 'Off'. +* `node['apache']['mod_ssl']['strict_sni_vhost_check']` - Whether to allow non-SNI clients to access a name-based virtual host. Default 'Off'. +* `node['apache']['mod_ssl']['session_cache']` - Configures the OCSP stapling cache. Default `shmcb:/var/run/apache2/ssl_scache` +* `node['apache']['mod_ssl']['session_cache_timeout']` - Number of seconds before an SSL session expires in the Session Cache. Default 300. +* `node['apache']['mod_ssl']['compression']` - Enable compression on the SSL level. Default 'Off'. +* `node['apache']['mod_ssl']['use_stapling']` - Enable stapling of OCSP responses in the TLS handshake. Default 'Off'. +* `node['apache']['mod_ssl']['stapling_responder_timeout']` - Timeout for OCSP stapling queries. Default 5 +* `node['apache']['mod_ssl']['stapling_return_responder_errors']` - Pass stapling related OCSP errors on to client. Default 'Off' +* `node['apache']['mod_ssl']['stapling_cache']` - Configures the OCSP stapling cache. Default `shmcb:/var/run/ocsp(128000)` +* `node['apache']['mod_ssl']['pass_phrase_dialog']` - Configures SSLPassPhraseDialog. Default `builtin` +* `node['apache']['mod_ssl']['mutex']` - Configures SSLMutex. Default `file:/var/run/apache2/ssl_mutex` +* `node['apache']['mod_ssl']['directives']` - Hash for add any custom directive. + +For more information on these directives and how to best secure your site see +- https://bettercrypto.org/ +- https://wiki.mozilla.org/Security/Server_Side_TLS +- https://www.insecure.ws/linux/apache_ssl.html +- https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ +- https://istlsfastyet.com/ +- https://www.ssllabs.com/projects/best-practices/ Recipes ======= @@ -245,7 +283,7 @@ Where additional configuration or behavior is used, it is documented below in more detail. The following recipes merely enable the specified module: `mod_alias`, -`mod_basic`, `mod_digest`, `mod_authn_file`, `mod_authnz_ldap`, +`mod_auth_basic`, `mod_auth_digest`, `mod_authn_file`, `mod_authnz_ldap`, `mod_authz_default`, `mod_authz_groupfile`, `mod_authz_host`, `mod_authz_user`, `mod_autoindex`, `mod_cgi`, `mod_dav_fs`, `mod_dav_svn`, `mod_deflate`, `mod_dir`, `mod_env`, `mod_expires`, @@ -356,6 +394,8 @@ On Red Hat family distributions including Fedora, the php.conf that comes with the package is removed. On RHEL platforms less than v6, the `php53` package is used. +* `node['apache']['mod_php5']['install_method']` - default `package` can be overridden to avoid package installs. + mod\_ssl -------- @@ -383,9 +423,89 @@ these definitions may be refactored into lightweight resources and providers as suggested by [foodcritic rule FC015](http://acrmp.github.com/foodcritic/#FC015). +apache\_config +------------ + +Sets up configuration file for Apache from a template. The +template should be in the same cookbook where the definition is used. This is used by the `apache_conf` definition and is not often used directly. + +It will use `a2enconf` and `a2disconf` to control the symlinking of configuration files between `conf-available` and `conf-enabled`. + +Enable or disable an Apache config file in +`#{node['apache']['dir']}/conf-available` by calling `a2enmod` or +`a2dismod` to manage the symbolic link in +`#{node['apache']['dir']}/conf-enabled`. These config files should be created in your cookbook, and placed on the system using `apache_conf` + +### Parameters: + +* `name` - Name of the config enabled or disabled with the `a2enconf` or `a2disconf` scripts. +* `source` - The location of a template file. The default `name.erb`. +* `cookbook` - The cookbook in which the configuration template is located (if it is not located in the current cookbook). The default value is the current cookbook. +* `enable` - Default true, which uses `a2enconf` to enable the config. If false, the config will be disabled with `a2disconf`. + +### Examples: + +Enable the example config. + +`````` + apache_config 'example' do + enable true + end +`````` + +Disable a module: + +`````` + apache_config 'disabled_example' do + enable false + end +`````` + +See the recipes directory for many more examples of `apache_config`. + apache\_conf ------------ +Writes conf files to the `conf-available` folder, and passes enabled values to `apache_config`. + +This definition should generally be called over `apache_config`. + +### Parameters: + +* `name` - Name of the config placed and enabled or disabled with the `a2enconf` or `a2disconf` scripts. +* `enable` - Default true, which uses `a2enconf` to enable the config. If false, the config will be disabled with `a2disconf`. +* `conf_path` - path to put the config in if you need to override the default `conf-available`. + +### Examples: + +Place and enable the example conf: + +`````` + apache_conf 'example' do + enable true + end +`````` + +Place and disable (or never enable to begin with) the example conf: + +`````` + apache_conf 'example' do + enable false + end +`````` + +Place the example conf, which has a different path than the default (conf-*): + +`````` + apache_conf 'example' do + conf_path '/random/example/path' + enable false + end +`````` + +apache\_mod +------------ + Sets up configuration file for an Apache module from a template. The template should be in the same cookbook where the definition is used. This is used by the `apache_module` definition and is not often used @@ -405,7 +525,9 @@ __apache\_module__. Create `#{node['apache']['dir']}/mods-available/alias.conf`. - apache_conf "alias" +`````` + apache_mod "alias" +`````` apache\_module -------------- @@ -422,28 +544,34 @@ the definition is used. See __Examples__. * `name` - Name of the module enabled or disabled with the `a2enmod` or `a2dismod` scripts. * `identifier` - String to identify the module for the `LoadModule` directive. Not typically needed, defaults to `#{name}_module` * `enable` - Default true, which uses `a2enmod` to enable the module. If false, the module will be disabled with `a2dismod`. -* `conf` - Default false. Set to true if the module has a config file, which will use `apache_conf` for the file. +* `conf` - Default false. Set to true if the module has a config file, which will use `apache_mod` for the file. * `filename` - specify the full name of the file, e.g. ### Examples: Enable the ssl module, which also has a configuration template in `templates/default/mods/ssl.conf.erb`. +`````` apache_module "ssl" do conf true end +`````` Enable the php5 module, which has a different filename than the module default: +`````` apache_module "php5" do filename "libphp5.so" end +`````` Disable a module: +`````` apache_module "disabled_module" do enable false end +`````` See the recipes directory for many more examples of `apache_module`. @@ -500,6 +628,17 @@ a recipe, see __Examples__. ### Examples: +The recommended way to use the `web_app` definition is in a application specific cookbook named "my_app". +The following example would look for a template named 'web_app.conf.erb' in your cookbook containing +the apache httpd directives defining the `VirtualHost` that would serve up "my_app". + +`````` + web_app "my_app" do + template 'web_app.conf.erb' + server_name node['my_app']['hostname'] + end +`````` + All parameters are passed into the template. You can use whatever you like. The apache2 cookbook comes with a `web_app.conf.erb` template as an example. The following parameters are used in the template: @@ -514,11 +653,14 @@ an example. The following parameters are used in the template: To use the default web_app, for example: +`````` web_app "my_site" do server_name node['hostname'] server_aliases [node['fqdn'], "my-site.example.com"] docroot "/srv/www/my_site" + cookbook 'apache2' end +`````` The parameters specified will be used as: @@ -529,7 +671,7 @@ The parameters specified will be used as: In the template. When you write your own, the `@` is significant. For more information about Definitions and parameters, see the -[Chef Wiki](http://wiki.opscode.com/display/chef/Definitions) +[Chef Wiki](http://docs.chef.io/definitions.html) Usage ===== @@ -540,6 +682,7 @@ environment, you may have multiple roles that use different recipes from this cookbook. Adjust any attributes as desired. For example, to create a basic role for web servers that provide both HTTP and HTTPS: +`````` % cat roles/webserver.rb name "webserver" description "Systems that serve HTTP and HTTPS" @@ -552,6 +695,7 @@ create a basic role for web servers that provide both HTTP and HTTPS: "listen_ports" => ["80", "443"] } ) +`````` For examples of using the definitions in your own recipes, see their respective sections above. @@ -573,10 +717,15 @@ License and Authors * Author:: Sean OMeara * Author:: Seth Chisamore * Author:: Gilles Devaux +* Author:: Sander van Zoest +* Author:: Taylor Price * Copyright:: 2009-2012, Opscode, Inc * Copyright:: 2011, Atriso * Copyright:: 2011, CustomInk, LLC. +* Copyright:: 2013-2014, OneHealth Solutions, Inc. +* Copyright:: 2014, Viverae, Inc. +* Copyright:: 2015, Alexander van Zoest Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/chef/cookbooks/berks/apache2/attributes/default.rb b/chef/cookbooks/berks/apache2/attributes/default.rb index b5df554..1d84632 100644 --- a/chef/cookbooks/berks/apache2/attributes/default.rb +++ b/chef/cookbooks/berks/apache2/attributes/default.rb @@ -1,8 +1,9 @@ # # Cookbook Name:: apache2 -# Attributes:: apache +# Attributes:: default # # Copyright 2008-2013, Opscode, Inc. +# Copyright 2014, Viverae, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,13 +18,69 @@ # limitations under the License. # +default['apache']['mpm'] = + case node['platform_family'] + when 'debian' + case node['platform'] + when 'ubuntu' + if node['platform_version'].to_f >= 14.04 + 'event' + elsif node['platform_version'].to_f >= 12.04 + 'worker' + else + 'prefork' + end + when 'debian' + node['platform_version'].to_f >= 7.0 ? 'worker' : 'prefork' + when 'linuxmint' + node['platform_version'].to_i >= 17 ? 'event' : 'prefork' + else + 'prefork' + end + else + 'prefork' + end + +default['apache']['version'] = + case node['platform_family'] + when 'debian' + case node['platform'] + when 'ubuntu' + node['platform_version'].to_f >= 13.10 ? '2.4' : '2.2' + when 'linuxmint' + node['platform_version'].to_i >= 16 ? '2.4' : '2.2' + when 'debian', 'raspbian' + node['platform_version'].to_f >= 8.0 ? '2.4' : '2.2' + else + '2.4' + end + when 'rhel' + node['platform_version'].to_f >= 7.0 ? '2.4' : '2.2' + when 'fedora' + node['platform_version'].to_f >= 18 ? '2.4' : '2.2' + when 'suse' + case node['platform'] + when 'opensuse' + node['platform_version'].to_f >= 13.1 ? '2.4' : '2.2' + # FIXME: when "suse" for SLES + else + '2.4' + end + when 'freebsd' + node['platform_version'].to_f >= 10.0 ? '2.4' : '2.2' + else + '2.4' + end + default['apache']['root_group'] = 'root' +default['apache']['default_site_name'] = 'default' # Where the various parts of apache are case node['platform'] -when 'redhat', 'centos', 'scientific', 'fedora', 'suse', 'amazon', 'oracle' +when 'redhat', 'centos', 'scientific', 'fedora', 'amazon', 'oracle' default['apache']['package'] = 'httpd' default['apache']['perl_pkg'] = 'perl' + default['apache']['apachectl'] = '/usr/sbin/apachectl' default['apache']['dir'] = '/etc/httpd' default['apache']['log_dir'] = '/var/log/httpd' default['apache']['error_log'] = 'error.log' @@ -31,21 +88,49 @@ when 'redhat', 'centos', 'scientific', 'fedora', 'suse', 'amazon', 'oracle' default['apache']['user'] = 'apache' default['apache']['group'] = 'apache' default['apache']['binary'] = '/usr/sbin/httpd' + default['apache']['conf_dir'] = '/etc/httpd/conf' default['apache']['docroot_dir'] = '/var/www/html' default['apache']['cgibin_dir'] = '/var/www/cgi-bin' default['apache']['icondir'] = '/var/www/icons' default['apache']['cache_dir'] = '/var/cache/httpd' - default['apache']['pid_file'] = if node['platform_version'].to_f >= 6 - '/var/run/httpd/httpd.pid' - else - '/var/run/httpd.pid' - end + default['apache']['run_dir'] = '/var/run/httpd' + default['apache']['lock_dir'] = '/var/run/httpd' + if node['platform_version'].to_f >= 6 + default['apache']['pid_file'] = '/var/run/httpd/httpd.pid' + else + default['apache']['pid_file'] = '/var/run/httpd.pid' + end default['apache']['lib_dir'] = node['kernel']['machine'] =~ /^i[36]86$/ ? '/usr/lib/httpd' : '/usr/lib64/httpd' - default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules" - default['apache']['default_site_enabled'] = false + default['apache']['libexec_dir'] = "#{node['apache']['lib_dir']}/modules" +when 'suse', 'opensuse' + default['apache']['package'] = 'apache2' + default['apache']['perl_pkg'] = 'perl' + default['apache']['apachectl'] = '/usr/sbin/apache2ctl' + default['apache']['dir'] = '/etc/apache2' + default['apache']['log_dir'] = '/var/log/apache2' + default['apache']['error_log'] = 'error.log' + default['apache']['access_log'] = 'access.log' + default['apache']['user'] = 'wwwrun' + default['apache']['group'] = 'www' + default['apache']['binary'] = '/usr/sbin/httpd2' + default['apache']['conf_dir'] = '/etc/apache2' + default['apache']['docroot_dir'] = '/srv/www/htdocs' + default['apache']['cgibin_dir'] = '/srv/www/cgi-bin' + default['apache']['icondir'] = '/usr/share/apache2/icons' + default['apache']['cache_dir'] = '/var/cache/apache2' + default['apache']['run_dir'] = '/var/run/httpd' + default['apache']['lock_dir'] = '/var/run/httpd' + if node['platform_version'].to_f >= 6 + default['apache']['pid_file'] = '/var/run/httpd/httpd.pid' + else + default['apache']['pid_file'] = '/var/run/httpd.pid' + end + default['apache']['lib_dir'] = node['kernel']['machine'] =~ /^i[36]86$/ ? '/usr/lib/apache2' : '/usr/lib64/apache2' + default['apache']['libexec_dir'] = node['apache']['lib_dir'] when 'debian', 'ubuntu' default['apache']['package'] = 'apache2' default['apache']['perl_pkg'] = 'perl' + default['apache']['apachectl'] = '/usr/sbin/apache2ctl' default['apache']['dir'] = '/etc/apache2' default['apache']['log_dir'] = '/var/log/apache2' default['apache']['error_log'] = 'error.log' @@ -53,21 +138,27 @@ when 'debian', 'ubuntu' default['apache']['user'] = 'www-data' default['apache']['group'] = 'www-data' default['apache']['binary'] = '/usr/sbin/apache2' - default['apache']['docroot_dir'] = '/var/www' + default['apache']['conf_dir'] = '/etc/apache2' default['apache']['cgibin_dir'] = '/usr/lib/cgi-bin' default['apache']['icondir'] = '/usr/share/apache2/icons' default['apache']['cache_dir'] = '/var/cache/apache2' - default['apache']['pid_file'] = if node['platform'] == 'ubuntu' && node['platform_version'].to_f >= 13.10 - '/var/run/apache2/apache2.pid' - else - '/var/run/apache2.pid' - end + default['apache']['run_dir'] = '/var/run/apache2' + default['apache']['lock_dir'] = '/var/lock/apache2' + # this should use COOK-3917 to educate the initscript of the pid location + if node['apache']['version'] == '2.4' + default['apache']['pid_file'] = '/var/run/apache2/apache2.pid' + default['apache']['docroot_dir'] = '/var/www/html' + else + default['apache']['pid_file'] = '/var/run/apache2.pid' + default['apache']['docroot_dir'] = '/var/www' + end default['apache']['lib_dir'] = '/usr/lib/apache2' - default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules" - default['apache']['default_site_enabled'] = false + default['apache']['libexec_dir'] = "#{node['apache']['lib_dir']}/modules" + default['apache']['default_site_name'] = '000-default' when 'arch' default['apache']['package'] = 'apache' default['apache']['perl_pkg'] = 'perl' + # default['apache']['apachectl'] = '/usr/sbin/apachectl' default['apache']['dir'] = '/etc/httpd' default['apache']['log_dir'] = '/var/log/httpd' default['apache']['error_log'] = 'error.log' @@ -75,18 +166,43 @@ when 'arch' default['apache']['user'] = 'http' default['apache']['group'] = 'http' default['apache']['binary'] = '/usr/sbin/httpd' + default['apache']['conf_dir'] = '/etc/httpd' default['apache']['docroot_dir'] = '/srv/http' default['apache']['cgibin_dir'] = '/usr/share/httpd/cgi-bin' default['apache']['icondir'] = '/usr/share/httpd/icons' default['apache']['cache_dir'] = '/var/cache/httpd' + default['apache']['run_dir'] = '/var/run/httpd' + default['apache']['lock_dir'] = '/var/run/httpd' default['apache']['pid_file'] = '/var/run/httpd/httpd.pid' default['apache']['lib_dir'] = '/usr/lib/httpd' - default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules" - default['apache']['default_site_enabled'] = false + default['apache']['libexec_dir'] = "#{node['apache']['lib_dir']}/modules" when 'freebsd' - default['apache']['package'] = 'apache22' + if node['apache']['version'] == '2.4' + default['apache']['package'] = 'apache24' + default['apache']['dir'] = '/usr/local/etc/apache24' + default['apache']['conf_dir'] = '/usr/local/etc/apache24' + default['apache']['docroot_dir'] = '/usr/local/www/apache24/data' + default['apache']['cgibin_dir'] = '/usr/local/www/apache24/cgi-bin' + default['apache']['icondir'] = '/usr/local/www/apache24/icons' + default['apache']['cache_dir'] = '/var/cache/apache24' + default['apache']['run_dir'] = '/var/run' + default['apache']['lock_dir'] = '/var/run' + default['apache']['lib_dir'] = '/usr/local/libexec/apache24' + else + default['apache']['package'] = 'apache22' + default['apache']['dir'] = '/usr/local/etc/apache22' + default['apache']['conf_dir'] = '/usr/local/etc/apache22' + default['apache']['docroot_dir'] = '/usr/local/www/apache22/data' + default['apache']['cgibin_dir'] = '/usr/local/www/apache22/cgi-bin' + default['apache']['icondir'] = '/usr/local/www/apache22/icons' + default['apache']['cache_dir'] = '/var/cache/apache22' + default['apache']['run_dir'] = '/var/run' + default['apache']['lock_dir'] = '/var/run' + default['apache']['lib_dir'] = '/usr/local/libexec/apache22' + end default['apache']['perl_pkg'] = 'perl5' - default['apache']['dir'] = '/usr/local/etc/apache22' + default['apache']['apachectl'] = '/usr/local/sbin/apachectl' + default['apache']['pid_file'] = '/var/run/httpd.pid' default['apache']['log_dir'] = '/var/log' default['apache']['error_log'] = 'httpd-error.log' default['apache']['access_log'] = 'httpd-access.log' @@ -94,15 +210,10 @@ when 'freebsd' default['apache']['user'] = 'www' default['apache']['group'] = 'www' default['apache']['binary'] = '/usr/local/sbin/httpd' - default['apache']['docroot_dir'] = '/usr/local/www/apache22/data' - default['apache']['cgibin_dir'] = '/usr/local/www/apache22/cgi-bin' - default['apache']['icondir'] = '/usr/local/www/apache22/icons' - default['apache']['cache_dir'] = '/var/run/apache22' - default['apache']['pid_file'] = '/var/run/httpd.pid' - default['apache']['lib_dir'] = '/usr/local/libexec/apache22' - default['apache']['libexecdir'] = node['apache']['lib_dir'] - default['apache']['default_site_enabled'] = false + default['apache']['libexec_dir'] = node['apache']['lib_dir'] else + default['apache']['package'] = 'apache2' + default['apache']['perl_pkg'] = 'perl' default['apache']['dir'] = '/etc/apache2' default['apache']['log_dir'] = '/var/log/apache2' default['apache']['error_log'] = 'error.log' @@ -110,14 +221,16 @@ else default['apache']['user'] = 'www-data' default['apache']['group'] = 'www-data' default['apache']['binary'] = '/usr/sbin/apache2' + default['apache']['conf_dir'] = '/etc/apache2' default['apache']['docroot_dir'] = '/var/www' default['apache']['cgibin_dir'] = '/usr/lib/cgi-bin' default['apache']['icondir'] = '/usr/share/apache2/icons' default['apache']['cache_dir'] = '/var/cache/apache2' + default['apache']['run_dir'] = 'logs' + default['apache']['lock_dir'] = 'logs' default['apache']['pid_file'] = 'logs/httpd.pid' default['apache']['lib_dir'] = '/usr/lib/apache2' - default['apache']['libexecdir'] = "#{node['apache']['lib_dir']}/modules" - default['apache']['default_site_enabled'] = false + default['apache']['libexec_dir'] = "#{node['apache']['lib_dir']}/modules" end ### @@ -126,61 +239,85 @@ end ### # General settings -default['apache']['listen_addresses'] = %w[*] -default['apache']['listen_ports'] = %w[80] +default['apache']['service_name'] = default['apache']['package'] +default['apache']['listen_addresses'] = %w(*) +default['apache']['listen_ports'] = %w(80) default['apache']['contact'] = 'ops@example.com' default['apache']['timeout'] = 300 default['apache']['keepalive'] = 'On' default['apache']['keepaliverequests'] = 100 default['apache']['keepalivetimeout'] = 5 +default['apache']['locale'] = 'C' default['apache']['sysconfig_additional_params'] = {} +default['apache']['default_site_enabled'] = false # Security default['apache']['servertokens'] = 'Prod' default['apache']['serversignature'] = 'On' -default['apache']['traceenable'] = 'On' +default['apache']['traceenable'] = 'Off' # mod_auth_openids default['apache']['allowed_openids'] = [] # mod_status Allow list, space seprated list of allowed entries. -default['apache']['status_allow_list'] = 'localhost ip6-localhost' +default['apache']['status_allow_list'] = '127.0.0.1 ::1' # mod_status ExtendedStatus, set to 'true' to enable default['apache']['ext_status'] = false # mod_info Allow list, space seprated list of allowed entries. -default['apache']['info_allow_list'] = 'localhost ip6-localhost' +default['apache']['info_allow_list'] = '127.0.0.1 ::1' # Prefork Attributes default['apache']['prefork']['startservers'] = 16 default['apache']['prefork']['minspareservers'] = 16 default['apache']['prefork']['maxspareservers'] = 32 -default['apache']['prefork']['serverlimit'] = 400 -default['apache']['prefork']['maxclients'] = 400 -default['apache']['prefork']['maxrequestsperchild'] = 10_000 +default['apache']['prefork']['serverlimit'] = 256 +default['apache']['prefork']['maxrequestworkers'] = 256 +default['apache']['prefork']['maxconnectionsperchild'] = 10_000 # Worker Attributes default['apache']['worker']['startservers'] = 4 default['apache']['worker']['serverlimit'] = 16 -default['apache']['worker']['maxclients'] = 1024 default['apache']['worker']['minsparethreads'] = 64 default['apache']['worker']['maxsparethreads'] = 192 +default['apache']['worker']['threadlimit'] = 192 default['apache']['worker']['threadsperchild'] = 64 -default['apache']['worker']['maxrequestsperchild'] = 0 +default['apache']['worker']['maxrequestworkers'] = 1024 +default['apache']['worker']['maxconnectionsperchild'] = 0 + +# Event Attributes +default['apache']['event']['startservers'] = 4 +default['apache']['event']['serverlimit'] = 16 +default['apache']['event']['minsparethreads'] = 64 +default['apache']['event']['maxsparethreads'] = 192 +default['apache']['event']['threadlimit'] = 192 +default['apache']['event']['threadsperchild'] = 64 +default['apache']['event']['maxrequestworkers'] = 1024 +default['apache']['event']['maxconnectionsperchild'] = 0 # mod_proxy settings +default['apache']['proxy']['require'] = 'all denied' default['apache']['proxy']['order'] = 'deny,allow' default['apache']['proxy']['deny_from'] = 'all' default['apache']['proxy']['allow_from'] = 'none' # Default modules to enable via include_recipe +default['apache']['default_modules'] = %w( + status alias auth_basic authn_core authn_file authz_core authz_groupfile + authz_host authz_user autoindex dir env mime negotiation setenvif +) + +%w(log_config logio).each do |log_mod| + default['apache']['default_modules'] << log_mod if %w(rhel fedora suse arch freebsd).include?(node['platform_family']) +end -default['apache']['default_modules'] = %w[ - status alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex - dir env mime negotiation setenvif -] +if node['apache']['version'] == '2.4' + %w(unixd).each do |unix_mod| + default['apache']['default_modules'] << unix_mod if %w(rhel fedora suse arch freebsd).include?(node['platform_family']) + end -%w[log_config logio].each do |log_mod| - default['apache']['default_modules'] << log_mod if %w[rhel fedora suse arch freebsd].include?(node['platform_family']) + unless node['platform'] == 'amazon' + default['apache']['default_modules'] << 'systemd' if %w(rhel fedora).include?(node['platform_family']) + end end diff --git a/chef/cookbooks/berks/apache2/attributes/mod_auth_openid.rb b/chef/cookbooks/berks/apache2/attributes/mod_auth_openid.rb index 3aba0aa..bba4feb 100644 --- a/chef/cookbooks/berks/apache2/attributes/mod_auth_openid.rb +++ b/chef/cookbooks/berks/apache2/attributes/mod_auth_openid.rb @@ -17,7 +17,8 @@ # limitations under the License. # -default['apache']['mod_auth_openid']['ref'] = '95043901eab868400937642d9bc55d17e9dd069f' +default['apache']['mod_auth_openid']['ref'] = 'v0.8' +default['apache']['mod_auth_openid']['version'] = '0.8' default['apache']['mod_auth_openid']['source_url'] = "https://github.com/bmuller/mod_auth_openid/archive/#{node['apache']['mod_auth_openid']['ref']}.tar.gz" default['apache']['mod_auth_openid']['cache_dir'] = '/var/cache/mod_auth_openid' default['apache']['mod_auth_openid']['dblocation'] = "#{node['apache']['mod_auth_openid']['cache_dir']}/mod_auth_openid.db" diff --git a/chef/cookbooks/berks/apache2/attributes/mod_php5.rb b/chef/cookbooks/berks/apache2/attributes/mod_php5.rb new file mode 100644 index 0000000..f335a5e --- /dev/null +++ b/chef/cookbooks/berks/apache2/attributes/mod_php5.rb @@ -0,0 +1,19 @@ +# +# Cookbook Name:: apache2 +# Attributes:: mod_php5 +# +# Copyright 2014, Viverae, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +default['apache']['mod_php5']['install_method'] = 'package' diff --git a/chef/cookbooks/berks/apache2/attributes/mod_ssl.rb b/chef/cookbooks/berks/apache2/attributes/mod_ssl.rb index e71d3a6..d7cb950 100644 --- a/chef/cookbooks/berks/apache2/attributes/mod_ssl.rb +++ b/chef/cookbooks/berks/apache2/attributes/mod_ssl.rb @@ -3,6 +3,7 @@ # Attributes:: mod_ssl # # Copyright 2012-2013, Opscode, Inc. +# Copyright 2014, Viverae, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +18,34 @@ # limitations under the License. # -default['apache']['mod_ssl']['cipher_suite'] = 'RC4-SHA:HIGH:!ADH' +default['apache']['mod_ssl']['protocol'] = 'All -SSLv2 -SSLv3' +default['apache']['mod_ssl']['cipher_suite'] = 'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4!aNULL!eNULL!LOW!3DES!MD5!EXP!PSK!SRP!DSS' +default['apache']['mod_ssl']['honor_cipher_order'] = 'On' +default['apache']['mod_ssl']['insecure_renegotiation'] = 'Off' +default['apache']['mod_ssl']['strict_sni_vhost_check'] = 'Off' +default['apache']['mod_ssl']['session_cache'] = 'shmcb:/var/run/apache2/ssl_scache' +default['apache']['mod_ssl']['session_cache_timeout'] = 300 +default['apache']['mod_ssl']['compression'] = 'Off' +default['apache']['mod_ssl']['use_stapling'] = 'Off' +default['apache']['mod_ssl']['stapling_responder_timeout'] = 5 +default['apache']['mod_ssl']['stapling_return_responder_errors'] = 'Off' +default['apache']['mod_ssl']['stapling_cache'] = 'shmcb:/var/run/ocsp(128000)' +default['apache']['mod_ssl']['pass_phrase_dialog'] = 'builtin' +default['apache']['mod_ssl']['mutex'] = 'file:/var/run/apache2/ssl_mutex' +default['apache']['mod_ssl']['directives'] = {} + +case node['platform_family'] +when 'debian' + case node['platform'] + when 'ubuntu' + if node['apache']['version'] == '2.4' + default['apache']['mod_ssl']['pass_phrase_dialog'] = 'exec:/usr/share/apache2/ask-for-passphrase' + end + end +when 'freebsd' + default['apache']['mod_ssl']['session_cache'] = 'shmcb:/var/run/ssl_scache(512000)' + default['apache']['mod_ssl']['mutex'] = 'file:/var/run/ssl_mutex' +when 'rhel', 'fedora', 'suse' + default['apache']['mod_ssl']['session_cache'] = 'shmcb:/var/cache/mod_ssl/scache(512000)' + default['apache']['mod_ssl']['mutex'] = 'default' +end diff --git a/chef/cookbooks/berks/apache2/definitions/apache_conf.rb b/chef/cookbooks/berks/apache2/definitions/apache_conf.rb index 0782ff0..30a5de7 100644 --- a/chef/cookbooks/berks/apache2/definitions/apache_conf.rb +++ b/chef/cookbooks/berks/apache2/definitions/apache_conf.rb @@ -2,7 +2,7 @@ # Cookbook Name:: apache2 # Definition:: apache_conf # -# Copyright 2008-20013, Opscode, Inc. +# Copyright 2008-2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,10 +17,27 @@ # limitations under the License. # -define :apache_conf do - template "#{node['apache']['dir']}/mods-available/#{params[:name]}.conf" do - source "mods/#{params[:name]}.conf.erb" - mode '0644' - notifies :reload, 'service[apache2]' +define :apache_conf, :enable => true do + conf_name = "#{params[:name]}.conf" + params[:conf_path] = params[:conf_path] || "#{node['apache']['dir']}/conf-available" + + file "#{params[:conf_path]}/#{params[:name]}" do + action :delete + end + + template "#{params[:conf_path]}/#{conf_name}" do + source params[:source] || "#{conf_name}.erb" + cookbook params[:cookbook] if params[:cookbook] + owner 'root' + group node['apache']['root_group'] + backup false + mode '0644' + notifies :reload, 'service[apache2]', :delayed + end + + if params[:enable] + apache_config params[:name] do + enable true + end end end diff --git a/chef/cookbooks/berks/apache2/definitions/apache_config.rb b/chef/cookbooks/berks/apache2/definitions/apache_config.rb new file mode 100644 index 0000000..f779ab1 --- /dev/null +++ b/chef/cookbooks/berks/apache2/definitions/apache_config.rb @@ -0,0 +1,42 @@ +# +# Cookbook Name:: apache2 +# Definition:: apache_config +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :apache_config, :enable => true do + include_recipe 'apache2::default' + + conf_name = "#{params[:name]}.conf" + params[:conf_path] = params[:conf_path] || "#{node['apache']['dir']}/conf-available" + + if params[:enable] + execute "a2enconf #{conf_name}" do + command "/usr/sbin/a2enconf #{conf_name}" + notifies :reload, 'service[apache2]', :delayed + not_if do + ::File.symlink?("#{node['apache']['dir']}/conf-enabled/#{conf_name}") && + (::File.exist?(params[:conf_path]) ? ::File.symlink?("#{node['apache']['dir']}/conf-enabled/#{conf_name}") : true) + end + end + else + execute "a2disconf #{conf_name}" do + command "/usr/sbin/a2disconf #{conf_name}" + notifies :reload, 'service[apache2]', :delayed + only_if { ::File.symlink?("#{node['apache']['dir']}/conf-enabled/#{conf_name}") } + end + end +end diff --git a/chef/cookbooks/berks/apache2/definitions/apache_mod.rb b/chef/cookbooks/berks/apache2/definitions/apache_mod.rb new file mode 100644 index 0000000..06bcb2a --- /dev/null +++ b/chef/cookbooks/berks/apache2/definitions/apache_mod.rb @@ -0,0 +1,26 @@ +# +# Cookbook Name:: apache2 +# Definition:: apache_mod +# +# Copyright 2008-20013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :apache_mod do + template "#{node['apache']['dir']}/mods-available/#{params[:name]}.conf" do + source "mods/#{params[:name]}.conf.erb" + mode '0644' + notifies :reload, 'service[apache2]', :delayed + end +end diff --git a/chef/cookbooks/berks/apache2/definitions/apache_module.rb b/chef/cookbooks/berks/apache2/definitions/apache_module.rb index da903f4..c3c2756 100644 --- a/chef/cookbooks/berks/apache2/definitions/apache_module.rb +++ b/chef/cookbooks/berks/apache2/definitions/apache_module.rb @@ -17,35 +17,41 @@ # limitations under the License. # -define :apache_module, :enable => true, :conf => false do +define :apache_module, :enable => true, :conf => false, :restart => false do include_recipe 'apache2::default' params[:filename] = params[:filename] || "mod_#{params[:name]}.so" - params[:module_path] = params[:module_path] || "#{node['apache']['libexecdir']}/#{params[:filename]}" + params[:module_path] = params[:module_path] || "#{node['apache']['libexec_dir']}/#{params[:filename]}" params[:identifier] = params[:identifier] || "#{params[:name]}_module" - apache_conf params[:name] if params[:conf] + apache_mod params[:name] if params[:conf] - if platform_family?('rhel', 'fedora', 'arch', 'suse', 'freebsd') - file "#{node['apache']['dir']}/mods-available/#{params[:name]}.load" do - content "LoadModule #{params[:identifier]} #{params[:module_path]}\n" - mode '0644' - end + file "#{node['apache']['dir']}/mods-available/#{params[:name]}.load" do + content "LoadModule #{params[:identifier]} #{params[:module_path]}\n" + mode '0644' end if params[:enable] execute "a2enmod #{params[:name]}" do command "/usr/sbin/a2enmod #{params[:name]}" - notifies :reload, 'service[apache2]' + if params[:restart] + notifies :restart, 'service[apache2]', :delayed + else + notifies :reload, 'service[apache2]', :delayed + end not_if do ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.load") && - (::File.exists?("#{node['apache']['dir']}/mods-available/#{params[:name]}.conf") ? ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.conf") : true) + (::File.exist?("#{node['apache']['dir']}/mods-available/#{params[:name]}.conf") ? ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.conf") : true) end end else execute "a2dismod #{params[:name]}" do command "/usr/sbin/a2dismod #{params[:name]}" - notifies :reload, 'service[apache2]' + if params[:restart] + notifies :restart, 'service[apache2]', :delayed + else + notifies :reload, 'service[apache2]', :delayed + end only_if { ::File.symlink?("#{node['apache']['dir']}/mods-enabled/#{params[:name]}.load") } end end diff --git a/chef/cookbooks/berks/apache2/definitions/apache_site.rb b/chef/cookbooks/berks/apache2/definitions/apache_site.rb index 5b41cd3..4bd8cd7 100644 --- a/chef/cookbooks/berks/apache2/definitions/apache_site.rb +++ b/chef/cookbooks/berks/apache2/definitions/apache_site.rb @@ -19,24 +19,25 @@ define :apache_site, :enable => true do include_recipe 'apache2::default' + conf_name = "#{params[:name]}.conf" if params[:enable] - execute "a2ensite #{params[:name]}" do - command "/usr/sbin/a2ensite #{params[:name]}" - notifies :reload, 'service[apache2]' + execute "a2ensite #{conf_name}" do + command "/usr/sbin/a2ensite #{conf_name}" + notifies :reload, 'service[apache2]', :delayed not_if do - ::File.symlink?("#{node['apache']['dir']}/sites-enabled/#{params[:name]}") || - ::File.symlink?("#{node['apache']['dir']}/sites-enabled/000-#{params[:name]}") + ::File.symlink?("#{node['apache']['dir']}/sites-enabled/#{conf_name}") || + ::File.symlink?("#{node['apache']['dir']}/sites-enabled/000-#{conf_name}") end - only_if { ::File.exists?("#{node['apache']['dir']}/sites-available/#{params[:name]}") } + only_if { ::File.exist?("#{node['apache']['dir']}/sites-available/#{conf_name}") } end else - execute "a2dissite #{params[:name]}" do - command "/usr/sbin/a2dissite #{params[:name]}" - notifies :reload, 'service[apache2]' + execute "a2dissite #{conf_name}" do + command "/usr/sbin/a2dissite #{conf_name}" + notifies :reload, 'service[apache2]', :delayed only_if do - ::File.symlink?("#{node['apache']['dir']}/sites-enabled/#{params[:name]}") || - ::File.symlink?("#{node['apache']['dir']}/sites-enabled/000-#{params[:name]}") + ::File.symlink?("#{node['apache']['dir']}/sites-enabled/#{conf_name}") || + ::File.symlink?("#{node['apache']['dir']}/sites-enabled/000-#{conf_name}") end end end diff --git a/chef/cookbooks/berks/apache2/definitions/web_app.rb b/chef/cookbooks/berks/apache2/definitions/web_app.rb index 5ddd468..7914039 100644 --- a/chef/cookbooks/berks/apache2/definitions/web_app.rb +++ b/chef/cookbooks/berks/apache2/definitions/web_app.rb @@ -18,7 +18,6 @@ # define :web_app, :template => 'web_app.conf.erb', :local => false, :enable => true do - application_name = params[:name] include_recipe 'apache2::default' @@ -27,23 +26,23 @@ define :web_app, :template => 'web_app.conf.erb', :local => false, :enable => tr include_recipe 'apache2::mod_headers' template "#{node['apache']['dir']}/sites-available/#{application_name}.conf" do - source params[:template] - local params[:local] - owner 'root' - group node['apache']['root_group'] - mode '0644' + source params[:template] + local params[:local] + owner 'root' + group node['apache']['root_group'] + mode '0644' cookbook params[:cookbook] if params[:cookbook] variables( :application_name => application_name, :params => params ) - if ::File.exists?("#{node['apache']['dir']}/sites-enabled/#{application_name}.conf") - notifies :reload, 'service[apache2]' + if ::File.exist?("#{node['apache']['dir']}/sites-enabled/#{application_name}.conf") + notifies :reload, 'service[apache2]', :delayed end end site_enabled = params[:enable] - apache_site "#{params[:name]}.conf" do + apache_site params[:name] do enable site_enabled end end diff --git a/chef/cookbooks/berks/apache2/files/default/tests/minitest/default_test.rb b/chef/cookbooks/berks/apache2/files/default/tests/minitest/default_test.rb deleted file mode 100644 index 66df672..0000000 --- a/chef/cookbooks/berks/apache2/files/default/tests/minitest/default_test.rb +++ /dev/null @@ -1,78 +0,0 @@ -require File.expand_path('../support/helpers', __FILE__) - -describe 'apache2::default' do - include Helpers::Apache - - it 'installs apache' do - package(node['apache']['package']).must_be_installed - end - - it 'starts apache' do - apache_service.must_be_running - end - - it 'enables apache' do - apache_service.must_be_enabled - end - - it 'creates the conf.d directory' do - directory("#{node['apache']['dir']}/conf.d").must_exist.with(:mode, '755') - end - - it 'creates the logs directory' do - directory(node['apache']['log_dir']).must_exist - end - - it 'enables the default site unless it is disabled' do - skip unless node['apache']['default_site_enabled'] - file("#{node['apache']['dir']}/sites-enabled/000-default").must_exist - file("#{node['apache']['dir']}/sites-available/default").must_exist - end - - it 'ensures the debian-style apache module scripts are present' do - %w{a2ensite a2dissite a2enmod a2dismod}.each do |mod_script| - file("/usr/sbin/#{mod_script}").must_exist - end - end - - it 'reports server name only, not detailed version info' do - assert_match(/^ServerTokens #{Regexp.escape(node['apache']['servertokens'])} *$/, - File.read("#{node['apache']['dir']}/conf.d/security.conf")) - end - - it 'listens on port 80' do - apache_configured_ports.must_include(80) - end - - it 'only listens on port 443 when SSL is enabled' do - unless ran_recipe?('apache2::mod_ssl') - apache_configured_ports.wont_include(443) - end - end - - it 'reports server name only, not detailed version info' do - file("#{node['apache']['dir']}/conf.d/security.conf").must_match( - /^ServerTokens #{Regexp.escape(node['apache']['servertokens'])} *$/) - end - - it 'enables default_modules' do - node['apache']['default_modules'].each do |a2mod| - apache_enabled_modules.must_include "#{a2mod}_module" - end - end - - describe 'centos' do - it 'ensures no modules are loaded in conf.d' do - Dir["#{node['apache']['dir']}/conf.d/*.conf"].each do |f| - file(f).wont_include 'LoadModule' - end - end - end - - describe 'configuration' do - it { config.must_include '# Generated by Chef' } - it { config.must_include %Q{ServerRoot "#{node['apache']['dir']}"} } - it { config.must_include "Include #{node['apache']['dir']}/conf.d/*.conf" } - it { apache_config_parses? } - end -end diff --git a/chef/cookbooks/berks/apache2/files/default/tests/minitest/god_monitor_test.rb b/chef/cookbooks/berks/apache2/files/default/tests/minitest/god_monitor_test.rb deleted file mode 100644 index f2f972e..0000000 --- a/chef/cookbooks/berks/apache2/files/default/tests/minitest/god_monitor_test.rb +++ /dev/null @@ -1,34 +0,0 @@ -# -# Author:: Joshua Timberman -# Copyright:: Copyright (c) 2012, Opscode, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -require File.expand_path('../support/helpers', __FILE__) - -describe 'apache2::god_monitor' do - include Helpers::Apache - - it 'starts god service to supervise apache2' do - service('god').must_be_running - end - - it 'creates the god service template for apache' do - file('/etc/god/conf.d/apache2.god').must_exist - end - - it 'starts an apache2 service that works like a regular service' do - # to be implemented when COOK-744 is fixed - end -end diff --git a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_apreq2_test.rb b/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_apreq2_test.rb deleted file mode 100644 index 140ec16..0000000 --- a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_apreq2_test.rb +++ /dev/null @@ -1,19 +0,0 @@ -require File.expand_path('../support/helpers', __FILE__) - -describe 'apache2::mod_apreq2' do - include Helpers::Apache - - it 'enables apreq_module' do - apache_enabled_modules.must_include 'apreq_module' - end - - it 'symlinks the module on EL' do - skip unless %w[rhel fedora].include?(node['platform_family']) - libdir = node['kernel']['machine'] == 'x86_64' ? 'lib64' : 'lib' - link( - "/usr/#{libdir}/httpd/modules/mod_apreq.so" - ).must_exist.with( - :link_type, :symbolic).and(:to, "/usr/#{libdir}/httpd/modules/mod_apreq2.so" - ) - end -end diff --git a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_auth_cas_test.rb b/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_auth_cas_test.rb deleted file mode 100644 index 745c217..0000000 --- a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_auth_cas_test.rb +++ /dev/null @@ -1,10 +0,0 @@ -require File.expand_path('../support/helpers', __FILE__) - -describe 'apache2::mod_auth_cas' do - include Helpers::Apache - - it 'enables auth_cas_module' do - skip if %w[rhel fedora].include?(node['platform_family']) && node['platform_version'].to_f > 6.0 - apache_enabled_modules.must_include 'auth_cas_module' - end -end diff --git a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_auth_openid_test.rb b/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_auth_openid_test.rb deleted file mode 100644 index a1b8cd7..0000000 --- a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_auth_openid_test.rb +++ /dev/null @@ -1,36 +0,0 @@ -require File.expand_path('../support/helpers', __FILE__) -require 'pathname' - -describe 'apache2::mod_auth_openid' do - include Helpers::Apache - - it 'installs the opekele library' do - lib_dir = Pathname.new(node['apache']['lib_dir']).dirname.to_s - file("#{lib_dir}/libopkele.so").must_exist - end - - it 'does not add the module to httpd.conf' do - conffile = case node['platform'] - when 'debian', 'ubuntu' - 'apache2.conf' - when 'redhat', 'centos', 'scientific', 'fedora', 'arch', 'amazon' - 'conf/httpd.conf' - when 'freebsd' - 'httpd.conf' - end - httpd_config = File.read(File.join(node['apache']['dir'], conffile)) - refute_match(/^LoadModule authopenid_module /, httpd_config) - end - - it 'creates a cache directory for the module' do - directory(node['apache']['mod_auth_openid']['cache_dir']).must_exist.with(:owner, node['apache']['user']) - end - - it 'ensures the db file is writable by apache' do - file(node['apache']['mod_auth_openid']['dblocation']).must_exist.with(:owner, node['apache']['user']).and(:mode, '644') - end - - it 'enables authopenid_module' do - apache_enabled_modules.must_include 'authopenid_module' - end -end diff --git a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_cgi_test.rb b/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_cgi_test.rb deleted file mode 100644 index d14e764..0000000 --- a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_cgi_test.rb +++ /dev/null @@ -1,12 +0,0 @@ -require File.expand_path('../support/helpers', __FILE__) - -describe 'apache2::mod_cgi' do - include Helpers::Apache - - # the cgi module can be either cgi or cgid - it 'enables cgi or cgid_module' do - assert(apache_enabled_modules.include?('cgi_module') || - apache_enabled_modules.include?('cgid_module') - ) - end -end diff --git a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_dav_svn_test.rb b/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_dav_svn_test.rb deleted file mode 100644 index 25e0637..0000000 --- a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_dav_svn_test.rb +++ /dev/null @@ -1,13 +0,0 @@ -require File.expand_path('../support/helpers', __FILE__) - -describe 'apache2::mod_dav_svn' do - include Helpers::Apache - - it 'enables dav_svn_module' do - apache_enabled_modules.must_include('dav_svn_module') - end - - it 'enables dav_module' do - apache_enabled_modules.must_include('dav_module') - end -end diff --git a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_fastcgi.rb b/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_fastcgi.rb deleted file mode 100644 index 6dfb34c..0000000 --- a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_fastcgi.rb +++ /dev/null @@ -1,10 +0,0 @@ -require File.expand_path('../support/helpers', __FILE__) - -describe 'apache2::mod_fastcgi' do - include Helpers::Apache - - it 'enables fastcgi_module' do - skip if %w{rhel fedora}.include?(node['platform_family']) - apache_enabled_modules.must_include 'fastcgi_module' - end -end diff --git a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_include_test.rb b/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_include_test.rb deleted file mode 100644 index 3cc7a26..0000000 --- a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_include_test.rb +++ /dev/null @@ -1,14 +0,0 @@ -require File.expand_path('../support/helpers', __FILE__) - -describe 'apache2::mod_include' do - include Helpers::Apache - - it 'enables include_module' do - apache_enabled_modules.must_include 'include_module' - end - - it 'drops off the include module configuration' do - assert_match(/AddType text\/html .shtml/, File.read("#{node['apache']['dir']}/mods-enabled/include.conf")) - assert_match(/AddOutputFilter INCLUDES .shtml/, File.read("#{node['apache']['dir']}/mods-enabled/include.conf")) - end -end diff --git a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_perl_test.rb b/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_perl_test.rb deleted file mode 100644 index f403d97..0000000 --- a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_perl_test.rb +++ /dev/null @@ -1,17 +0,0 @@ -require File.expand_path('../support/helpers', __FILE__) - -describe 'apache2::mod_perl' do - include Helpers::Apache - - it 'enables perl_module' do - apache_enabled_modules.must_include('perl_module') - end - - it 'installs the apache request library' do - req_pkg = case node['platform'] - when 'debian', 'ubuntu' then 'libapache2-request-perl' - else 'perl-libapreq2' - end - package(req_pkg).must_be_installed - end -end diff --git a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_php5_test.rb b/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_php5_test.rb deleted file mode 100644 index 482cdcd..0000000 --- a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_php5_test.rb +++ /dev/null @@ -1,13 +0,0 @@ -require File.expand_path('../support/helpers', __FILE__) - -describe 'apache2::mod_php5' do - include Helpers::Apache - - it 'enables php5_module' do - apache_enabled_modules.must_include('php5_module') - end - - it 'deletes the packaged php config if any' do - file("#{node['apache']['dir']}/conf.d/php.conf").wont_exist - end -end diff --git a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_python_test.rb b/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_python_test.rb deleted file mode 100644 index 4ef119c..0000000 --- a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_python_test.rb +++ /dev/null @@ -1,9 +0,0 @@ -require File.expand_path('../support/helpers', __FILE__) - -describe 'apache2::mod_python' do - include Helpers::Apache - - it 'enables python_module' do - apache_enabled_modules.must_include('python_module') - end -end diff --git a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_ssl_test.rb b/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_ssl_test.rb deleted file mode 100644 index 5f5dfa0..0000000 --- a/chef/cookbooks/berks/apache2/files/default/tests/minitest/mod_ssl_test.rb +++ /dev/null @@ -1,29 +0,0 @@ -require File.expand_path('../support/helpers', __FILE__) - -describe 'apache2::mod_ssl' do - include Helpers::Apache - - it 'installs the mod_ssl package on RHEL distributions' do - skip unless %w[rhel fedora].include?(node['platform_family']) - package('mod_ssl').must_be_installed - end - - it 'enables ssl_module' do - apache_enabled_modules.must_include 'ssl_module' - end - - it 'does not store SSL config in conf.d' do - file("#{node['apache']['dir']}/conf.d/ssl.conf").wont_exist - end - - it 'is configured to listen on port 443' do - apache_configured_ports.must_include(443) - end - - it 'configures SSLCiphersuit from an attribute' do - assert_match( - /SSLCipherSuite #{Regexp.escape(node['apache']['mod_ssl']['cipher_suite'])}$/, - File.read("#{node['apache']['dir']}/mods-enabled/ssl.conf") - ) - end -end diff --git a/chef/cookbooks/berks/apache2/files/default/tests/minitest/support/helpers.rb b/chef/cookbooks/berks/apache2/files/default/tests/minitest/support/helpers.rb deleted file mode 100644 index 573497a..0000000 --- a/chef/cookbooks/berks/apache2/files/default/tests/minitest/support/helpers.rb +++ /dev/null @@ -1,65 +0,0 @@ -module Helpers - # MiniTest helpers - module Apache - require 'chef/mixin/shell_out' - include Chef::Mixin::ShellOut - include MiniTest::Chef::Assertions - include MiniTest::Chef::Context - include MiniTest::Chef::Resources - - def apache_config_parses? - acp = shell_out("#{node['apache']['binary']} -t") - acp.exitstatus == 0 - end - - def apache_configured_ports - port_config = File.read("#{node['apache']['dir']}/ports.conf") - port_config.scan(/^Listen (?:[^: ]+:)?([0-9]+)/).flatten.map { |p| p.to_i } - end - - def apache_enabled_modules - apache_modules = shell_out("#{node['apache']['binary']} -M") - apache_modules.send( - if node['platform_family'] == 'rhel' && node['platform_version'].to_f < 6.0 - :stderr - else - :stdout - end - ).split.select! { |i| i =~ /_module$/ } - end - - def apache_service - service( - case node['platform'] - when 'debian', 'ubuntu' then 'apache2' - when 'freebsd' then 'apache22' - else 'httpd' - end - ) - end - - def config - file( - case node['platform'] - when 'debian', 'ubuntu' then "#{node['apache']['dir']}/apache2.conf" - when 'freebsd' then "#{node['apache']['dir']}/httpd.conf" - else "#{node['apache']['dir']}/conf/httpd.conf" - end - ) - end - - def ran_recipe?(recipe) - if Chef::VERSION < '11.0' - seen_recipes = node.run_state[:seen_recipes] - recipes = seen_recipes.keys.each { |i| i } - else - recipes = run_context.loaded_recipes - end - if recipes.empty? && Chef::Config[:solo] - # If you have roles listed in your run list they are NOT expanded - recipes = node.run_list.map { |item| item.name if item.type == :recipe } - end - recipes.include?(recipe) - end - end -end diff --git a/chef/cookbooks/berks/apache2/metadata.json b/chef/cookbooks/berks/apache2/metadata.json index 3d07a0a..3ac1e25 100644 --- a/chef/cookbooks/berks/apache2/metadata.json +++ b/chef/cookbooks/berks/apache2/metadata.json @@ -1,26 +1,27 @@ { "name": "apache2", - "version": "1.10.4", + "version": "3.0.1", "description": "Installs and configures all aspects of apache2 using Debian style symlinks with helper definitions", - "long_description": "apache2 Cookbook\n================\n[![Build Status](https://secure.travis-ci.org/onehealth-cookbooks/apache2.png?branch=master)](http://travis-ci.org/onehealth-cookbooks/apache2)\n\nThis cookbook provides a complete Debian/Ubuntu style Apache HTTPD\nconfiguration. Non-Debian based distributions such as Red Hat/CentOS,\nArchLinux and others supported by this cookbook will have a\nconfiguration that mimics Debian/Ubuntu style as it is easier to\nmanage with Chef.\n\nDebian-style Apache configuration uses scripts to manage modules and\nsites (vhosts). The scripts are:\n\n* a2ensite\n* a2dissite\n* a2enmod\n* a2dismod\n\nThis cookbook ships with templates of these scripts for non\nDebian/Ubuntu platforms. The scripts are used in the __Definitions__\nbelow.\n\nRequirements\n============\n\n## Ohai and Chef:\n\n* Ohai: 0.6.12+\n* Chef: 0.10.10+\n\nAs of v1.2.0, this cookbook makes use of `node['platform_family']` to\nsimplify platform selection logic. This attribute was introduced in\nOhai v0.6.12. The recipe methods were introduced in Chef v0.10.10. If\nyou must run an older version of Chef or Ohai, use [version 1.1.16 of\nthis cookbook](http://community.opscode.com/cookbooks/apache2/versions/1_1_16/downloads).\n\n## Cookbooks:\n\nThis cookbook doesn't have direct dependencies on other cookbooks, as\nnone are needed for the default recipe or the general use cases.\n\nDepending on your OS configuration and security policy, you may need\nadditional recipes or cookbooks for this cookbook's recipes to\nconverge on the node. In particular, the following Operating System\nsettings may affect the behavior of this cookbook:\n\n* apt cache outdated\n* SELinux enabled\n* IPtables\n* Compile tools\n* 3rd party repositories\n\nOn Ubuntu/Debian, use Opscode's `apt` cookbook to ensure the package\ncache is updated so Chef can install packages, or consider putting\napt-get in your bootstrap process or\n[knife bootstrap template](http://wiki.opscode.com/display/chef/Knife+Bootstrap).\n\nOn RHEL, SELinux is enabled by default. The `selinux` cookbook\ncontains a `permissive` recipe that can be used to set SELinux to\n\"Permissive\" state. Otherwise, additional recipes need to be created\nby the user to address SELinux permissions.\n\nThe easiest but **certainly not ideal way** to deal with IPtables is\nto flush all rules. Opscode does provide an `iptables` cookbook but is\nmigrating from the approach used there to a more robust solution\nutilizing a general \"firewall\" LWRP that would have an \"iptables\"\nprovider. Alternately, you can use ufw, with Opscode's `ufw` and\n`firewall` cookbooks to set up rules. See those cookbooks' READMEs for\ndocumentation.\n\nBuild/compile tools may not be installed on the system by default.\nSome recipes (e.g., `apache2::mod_auth_openid`) build the module from\nsource. Use Opscode's `build-essential` cookbook to get essential\nbuild packages installed.\n\nOn ArchLinux, if you are using the `apache2::mod_auth_openid` recipe,\nyou also need the `pacman` cookbook for the `pacman_aur` LWRP. Put\n`recipe[pacman]` on the node's expanded run list (on the node or in a\nrole). This is not an explicit dependency because it is only required\nfor this single recipe and platform; the pacman default recipe\nperforms `pacman -Sy` to keep pacman's package cache updated.\n\nThe `apache2::god_monitor` recipe uses a definition from the `god`\ncookbook. Include `recipe[god]` in the node's expanded run list to\nensure that the cookbook is available to the node, and to set up `god`.\n\n## Platforms:\n\nThe following platforms and versions are tested and supported using\nOpscode's [test-kitchen](http://github.com/opscode/test-kitchen).\n\n* Ubuntu 10.04, 12.04\n* CentOS 5.8, 6.3\n\nThe following platform families are supported in the code, and are\nassumed to work based on the successful testing on Ubuntu and CentOS.\n\n* Debian\n* Red Hat (rhel)\n* Fedora\n* Amazon Linux\n\nThe following platforms are also supported in the code, have been\ntested manually but are not tested under test-kitchen.\n\n* SUSE/OpenSUSE\n* ArchLinux\n* FreeBSD\n\n### Notes for RHEL Family:\n\nOn Red Hat Enterprise Linux and derivatives, the EPEL repository may\nbe necessary to install packages used in certain recipes. The\n`apache2::default` recipe, however, does not require any additional\nrepositories. Opscode's `yum` cookbook contains a recipe to add the\nEPEL repository. See __Examples__ for more information.\n\n### Notes for FreeBSD:\n\nThe `apache2::mod_php5` recipe depends on the `freebsd` cookbook,\nwhich it uses to set the correct options for compiling the `php5` port\nfrom sources. You need to ensure the `freebsd` is in the expanded run\nlist, or this recipe will fail. We don't set an explicit dependency\nbecause we feel the `freebsd` cookbook is something users would want\non their nodes, and due to the generality of this cookbook we don't\nwant additional specific dependencies.\n\nTests\n=====\n\nThis cookbook in the\n[source repository](https://github.com/opscode-cookbooks/apache2)\ncontains minitest and cucumber tests. This is an initial proof of\nconcept that will be fleshed out with more supporting infrastructure\nat a future time.\n\nPlease see the CONTRIBUTING file for information on how to add tests\nfor your contributions.\n\nAttributes\n==========\n\nThis cookbook uses many attributes, broken up into a few different\nkinds.\n\nPlatform specific\n-----------------\n\nIn order to support the broadest number of platforms, several\nattributes are determined based on the node's platform. See the\nattributes/default.rb file for default values in the case statement at\nthe top of the file.\n\n* `node['apache']['package']` - Package name for Apache2\n* `node['apache']['perl_pkg']` - Package name for Perl\n* `node['apache']['dir']` - Location for the Apache configuration\n* `node['apache']['log_dir']` - Location for Apache logs\n* `node['apache']['error_log']` - Location for the default error log\n* `node['apache']['access_log']` - Location for the default access log\n* `node['apache']['user']` - User Apache runs as\n* `node['apache']['group']` - Group Apache runs as\n* `node['apache']['binary']` - Apache httpd server daemon\n* `node['apache']['docroot_dir']` - Location for docroot\n* `node['apache']['cgibin_dir']` - Location for cgi-bin\n* `node['apache']['icondir']` - Location for icons\n* `node['apache']['cache_dir']` - Location for cached files used by Apache itself or recipes\n* `node['apache']['pid_file']` - Location of the PID file for Apache httpd\n* `node['apache']['lib_dir']` - Location for shared libraries\n* `node['apache']['default_site_enabled']` - Default site enabled. Default is false.\n* `node['apache']['ext_status']` - if true, enables ExtendedStatus for `mod_status`\n\nGeneral settings\n----------------\n\nThese are general settings used in recipes and templates. Default\nvalues are noted.\n\n* `node['apache']['listen_addresses']` - Addresses that httpd should listen on. Default is any (\"*\").\n* `node['apache']['listen_ports']` - Ports that httpd should listen on. Default is port 80.\n* `node['apache']['contact']` - Value for ServerAdmin directive. Default \"ops@example.com\".\n* `node['apache']['timeout']` - Value for the Timeout directive. Default is 300.\n* `node['apache']['keepalive']` - Value for the KeepAlive directive. Default is On.\n* `node['apache']['keepaliverequests']` - Value for MaxKeepAliveRequests. Default is 100.\n* `node['apache']['keepalivetimeout']` - Value for the KeepAliveTimeout directive. Default is 5.\n* `node['apache']['sysconfig_additional_params']` - Additionals variables set in sysconfig file. Default is empty.\n* `node['apache']['default_modules']` - Array of module names. Can take \"mod_FOO\" or \"FOO\" as names, where FOO is the apache module, e.g. \"`mod_status`\" or \"`status`\".\n\nThe modules listed in `default_modules` will be included as recipes in `recipe[apache::default]`.\n\nPrefork attributes\n------------------\n\nPrefork attributes are used for tuning the Apache HTTPD prefork MPM\nconfiguration.\n\n* `node['apache']['prefork']['startservers']` - initial number of server processes to start. Default is 16.\n* `node['apache']['prefork']['minspareservers']` - minimum number of spare server processes. Default 16.\n* `node['apache']['prefork']['maxspareservers']` - maximum number of spare server processes. Default 32.\n* `node['apache']['prefork']['serverlimit']` - upper limit on configurable server processes. Default 400.\n* `node['apache']['prefork']['maxclients']` - Maximum number of simultaneous connections.\n* `node['apache']['prefork']['maxrequestsperchild']` - Maximum number of request a child process will handle. Default 10000.\n\nWorker attributes\n-----------------\n\nWorker attributes are used for tuning the Apache HTTPD worker MPM\nconfiguration.\n\n* `node['apache']['worker']['startservers']` - Initial number of server processes to start. Default 4\n* `node['apache']['worker']['serverlimit']` - upper limit on configurable server processes. Default 16.\n* `node['apache']['worker']['maxclients']` - Maximum number of simultaneous connections. Default 1024.\n* `node['apache']['worker']['minsparethreads']` - Minimum number of spare worker threads. Default 64\n* `node['apache']['worker']['maxsparethreads']` - Maximum number of spare worker threads. Default 192.\n* `node['apache']['worker']['maxrequestsperchild']` - Maximum number of requests a child process will handle.\n\nmod\\_auth\\_openid attributes\n----------------------------\n\nThe following attributes are in the `attributes/mod_auth_openid.rb`\nfile. Like all Chef attributes files, they are loaded as well, but\nthey're logistically unrelated to the others, being specific to the\n`mod_auth_openid` recipe.\n\n* `node['apache']['mod_auth_openid']['checksum']` - sha256sum of the tarball containing the source.\n* `node['apache']['mod_auth_openid']['ref']` - Any sha, tag, or branch found from https://github.com/bmuller/mod_auth_openid\n* `node['apache']['mod_auth_openid']['cache_dir']` - the cache directory is where the sqlite3 database is stored. It is separate so it can be managed as a directory resource.\n* `node['apache']['mod_auth_openid']['dblocation']` - filename of the sqlite3 database used for directive `AuthOpenIDDBLocation`, stored in the `cache_dir` by default.\n* `node['apache']['mod_auth_openid']['configure_flags']` - optional array of configure flags passed to the `./configure` step in the compilation of the module.\n\nmod\\_ssl attributes\n-------------------\n\n* `node['apache']['mod_ssl']['cipher_suite']` - sets the\n SSLCiphersuite value to the specified string. The default is\n considered \"sane\" but you may need to change it for your local\n security policy, e.g. if you have PCI-DSS requirements. Additional\n commentary on the\n [original pull request](https://github.com/opscode-cookbooks/apache2/pull/15#commitcomment-1605406).\n\nRecipes\n=======\n\nMost of the recipes in the cookbook are for enabling Apache modules.\nWhere additional configuration or behavior is used, it is documented\nbelow in more detail.\n\nThe following recipes merely enable the specified module: `mod_alias`,\n`mod_basic`, `mod_digest`, `mod_authn_file`, `mod_authnz_ldap`,\n`mod_authz_default`, `mod_authz_groupfile`, `mod_authz_host`,\n`mod_authz_user`, `mod_autoindex`, `mod_cgi`, `mod_dav_fs`,\n`mod_dav_svn`, `mod_deflate`, `mod_dir`, `mod_env`, `mod_expires`,\n`mod_headers`, `mod_ldap`, `mod_log_config`, `mod_mime`,\n`mod_negotiation`, `mod_proxy`, `mod_proxy_ajp`, `mod_proxy_balancer`,\n`mod_proxy_connect`, `mod_proxy_http`, `mod_python`, `mod_rewrite`,\n`mod_setenvif`, `mod_status`, `mod_wsgi`, `mod_xsendfile`.\n\nOn RHEL Family distributions, certain modules ship with a config file\nwith the package. The recipes here may delete those configuration\nfiles to ensure they don't conflict with the settings from the\ncookbook, which will use per-module configuration in\n`/etc/httpd/mods-enabled`.\n\ndefault\n-------\n\nThe default recipe does a number of things to set up Apache HTTPd. It\nalso includes a number of modules based on the attribute\n`node['apache']['default_modules']` as recipes.\n\nlogrotate\n---------\n\nLogrotate adds a logrotate entry for your apache2 logs. This recipe\nrequires the `logrotate` cookbook; ensure that `recipe[logrotate]` is\nin the node's expanded run list.\n\nmod\\_auth\\_cas\n--------------\n\nThis recipe installs the proper package and enables the `auth_cas`\nmodule. It can install from source or package. Package is the default,\nset the attribute `node['apache']['mod_auth_cas']['from_source']` to\ntrue to enable source installation. Modify the version to install by\nchanging the attribute\n`node['apache']['mod_auth_cas']['source_revision']`. It is a version\ntag by default, but could be master, or another tag, or branch.\n\nThe module configuration is written out with the `CASCookiePath` set,\notherwise an error loading the module may cause Apache to not start.\n\n**Note**: This recipe does not work on EL 6 platforms unless\nepel-testing repository is enabled (outside the scope of this\ncookbook), or the package version 1.0.8.1-3.el6 or higher is otherwise\navailable to the system due to this bug:\n\nhttps://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=708550\n\nmod\\_auth\\_openid\n-----------------\n\n**Changed via COOK-915**\n\nThis recipe compiles the module from source. In addition to\n`build-essential`, some other packages are included for installation\nlike the GNU C++ compiler and development headers.\n\nTo use the module in your own cookbooks to authenticate systems using\nOpenIDs, specify an array of OpenIDs that are allowed to authenticate\nwith the attribute `node['apache']['allowed_openids']`. Use the\nfollowing in a vhost to protect with OpenID authentication:\n\n AuthType OpenID require user <%= node['apache']['allowed_openids'].join(' ') %>\n AuthOpenIDDBLocation <%= node['apache']['mod_auth_openid']['dblocation'] %>\n\nChange the DBLocation with the attribute as required; this file is in\na different location than previous versions, see below. It should be a\nsane default for most platforms, though, see\n`attributes/mod_auth_openid.rb`.\n\n### Changes from COOK-915:\n\n* `AuthType OpenID` instead of `AuthOpenIDEnabled On`.\n* `require user` instead of `AuthOpenIDUserProgram`.\n* A bug(?) in `mod_auth_openid` causes it to segfault when attempting\n to update the database file if the containing directory is not\n writable by the HTTPD process owner (e.g., www-data), even if the\n file is writable. In order to not interfere with other settings from\n the default recipe in this cookbook, the db file is moved.\n\nmod\\_fastcgi\n------------\n\nInstall the fastcgi package and enable the module.\n\nOnly work on Debian/Ubuntu\n\nmod\\_fcgid\n----------\n\nInstalls the fcgi package and enables the module. Requires EPEL on\nRHEL family.\n\nOn RHEL family, this recipe will delete the fcgid.conf and on version\n6+, create the /var/run/httpd/mod_fcgid` directory, which prevents the\nemergency error:\n\n [emerg] (2)No such file or directory: mod_fcgid: Can't create shared memory for size XX bytes\n\nmod\\_php5\n--------\n\nSimply installs the appropriate package on Debian, Ubuntu and\nArchLinux.\n\nOn Red Hat family distributions including Fedora, the php.conf that\ncomes with the package is removed. On RHEL platforms less than v6, the\n`php53` package is used.\n\nmod\\_ssl\n--------\n\nBesides installing and enabling `mod_ssl`, this recipe will append\nport 443 to the `node['apache']['listen_ports']` attribute array and\nupdate the ports.conf.\n\ngod\\_monitor\n------------\n\nSets up a `god` monitor for Apache. External requirements are the\n`god` and `runit` cookbooks from Opscode. When using this recipe,\ninclude `recipe[god]` in the node's expanded run list to ensure the\nclient downloads it; `god` depends on runit so that will also be\ndownloaded.\n\n**Note** This recipe is not tested under test-kitchen yet and is\n pending fix in COOK-744.\n\nDefinitions\n===========\n\nThe cookbook provides a few definitions. At some point in the future\nthese definitions may be refactored into lightweight resources and\nproviders as suggested by\n[foodcritic rule FC015](http://acrmp.github.com/foodcritic/#FC015).\n\napache\\_conf\n------------\n\nSets up configuration file for an Apache module from a template. The\ntemplate should be in the same cookbook where the definition is used.\nThis is used by the `apache_module` definition and is not often used\ndirectly.\n\nThis will use a template resource to write the module's configuration\nfile in the `mods-available` under the Apache configuration directory\n(`node['apache']['dir']`). This is a platform-dependent location. See\n__apache\\_module__.\n\n### Parameters:\n\n* `name` - Name of the template. When used from the `apache_module`,\n it will use the same name as the module.\n\n### Examples:\n\nCreate `#{node['apache']['dir']}/mods-available/alias.conf`.\n\n apache_conf \"alias\"\n\napache\\_module\n--------------\n\nEnable or disable an Apache module in\n`#{node['apache']['dir']}/mods-available` by calling `a2enmod` or\n`a2dismod` to manage the symbolic link in\n`#{node['apache']['dir']}/mods-enabled`. If the module has a\nconfiguration file, a template should be created in the cookbook where\nthe definition is used. See __Examples__.\n\n### Parameters:\n\n* `name` - Name of the module enabled or disabled with the `a2enmod` or `a2dismod` scripts.\n* `identifier` - String to identify the module for the `LoadModule` directive. Not typically needed, defaults to `#{name}_module`\n* `enable` - Default true, which uses `a2enmod` to enable the module. If false, the module will be disabled with `a2dismod`.\n* `conf` - Default false. Set to true if the module has a config file, which will use `apache_conf` for the file.\n* `filename` - specify the full name of the file, e.g.\n\n### Examples:\n\nEnable the ssl module, which also has a configuration template in `templates/default/mods/ssl.conf.erb`.\n\n apache_module \"ssl\" do\n conf true\n end\n\nEnable the php5 module, which has a different filename than the module default:\n\n apache_module \"php5\" do\n filename \"libphp5.so\"\n end\n\nDisable a module:\n\n apache_module \"disabled_module\" do\n enable false\n end\n\nSee the recipes directory for many more examples of `apache_module`.\n\napache\\_site\n------------\n\nEnable or disable a VirtualHost in\n`#{node['apache']['dir']}/sites-available` by calling a2ensite or\na2dissite to manage the symbolic link in\n`#{node['apache']['dir']}/sites-enabled`.\n\nThe template for the site must be managed as a separate resource. To\ncombine the template with enabling a site, see `web_app`.\n\n### Parameters:\n\n* `name` - Name of the site.\n* `enable` - Default true, which uses `a2ensite` to enable the site. If false, the site will be disabled with `a2dissite`.\n\nweb\\_app\n--------\n\nManage a template resource for a VirtualHost site, and enable it with\n`apache_site`. This is commonly done for managing web applications\nsuch as Ruby on Rails, PHP or Django, and the default behavior\nreflects that. However it is flexible.\n\nThis definition includes some recipes to make sure the system is\nconfigured to have Apache and some sane default modules:\n\n* `apache2`\n* `apache2::mod_rewrite`\n* `apache2::mod_deflate`\n* `apache2::mod_headers`\n\nIt will then configure the template (see __Parameters__ and\n__Examples__ below), and enable or disable the site per the `enable`\nparameter.\n\n### Parameters:\n\nCurrent parameters used by the definition:\n\n* `name` - The name of the site. The template will be written to\n `#{node['apache']['dir']}/sites-available/#{params['name']}.conf`\n* `cookbook` - Optional. Cookbook where the source template is. If\n this is not defined, Chef will use the named template in the\n cookbook where the definition is used.\n* `template` - Default `web_app.conf.erb`, source template file.\n* `enable` - Default true. Passed to the `apache_site` definition.\n\nAdditional parameters can be defined when the definition is called in\na recipe, see __Examples__.\n\n### Examples:\n\nAll parameters are passed into the template. You can use whatever you\nlike. The apache2 cookbook comes with a `web_app.conf.erb` template as\nan example. The following parameters are used in the template:\n\n* `server_name` - ServerName directive.\n* `server_aliases` - ServerAlias directive. Must be an array of aliases.\n* `docroot` - DocumentRoot directive.\n* `application_name` - Used in RewriteLog directive. Will be set to the `name` parameter.\n* `directory_index` - Allow overriding the default DirectoryIndex setting, optional\n* `directory_options` - Override Options on the docroot, for example to add parameters like Includes or Indexes, optional.\n* `allow_override` - Modify the AllowOverride directive on the docroot to support apps that need .htaccess to modify configuration or require authentication.\n\nTo use the default web_app, for example:\n\n web_app \"my_site\" do\n server_name node['hostname']\n server_aliases [node['fqdn'], \"my-site.example.com\"]\n docroot \"/srv/www/my_site\"\n end\n\nThe parameters specified will be used as:\n\n* `@params[:server_name]`\n* `@params[:server_aliases]`\n* `@params[:docroot]`\n\nIn the template. When you write your own, the `@` is significant.\n\nFor more information about Definitions and parameters, see the\n[Chef Wiki](http://wiki.opscode.com/display/chef/Definitions)\n\nUsage\n=====\n\nUsing this cookbook is relatively straightforward. Add the desired\nrecipes to the run list of a node, or create a role. Depending on your\nenvironment, you may have multiple roles that use different recipes\nfrom this cookbook. Adjust any attributes as desired. For example, to\ncreate a basic role for web servers that provide both HTTP and HTTPS:\n\n % cat roles/webserver.rb\n name \"webserver\"\n description \"Systems that serve HTTP and HTTPS\"\n run_list(\n \"recipe[apache2]\",\n \"recipe[apache2::mod_ssl]\"\n )\n default_attributes(\n \"apache\" => {\n \"listen_ports\" => [\"80\", \"443\"]\n }\n )\n\nFor examples of using the definitions in your own recipes, see their\nrespective sections above.\n\nLicense and Authors\n===================\n\n* Author:: Adam Jacob \n* Author:: Joshua Timberman \n* Author:: Bryan McLellan \n* Author:: Dave Esposito \n* Author:: David Abdemoulaie \n* Author:: Edmund Haselwanter \n* Author:: Eric Rochester \n* Author:: Jim Browne \n* Author:: Matthew Kent \n* Author:: Nathen Harvey \n* Author:: Ringo De Smet \n* Author:: Sean OMeara \n* Author:: Seth Chisamore \n* Author:: Gilles Devaux \n\n* Copyright:: 2009-2012, Opscode, Inc\n* Copyright:: 2011, Atriso\n* Copyright:: 2011, CustomInk, LLC.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n", - "maintainer": "Opscode, Inc.", - "maintainer_email": "cookbooks@opscode.com", + "long_description": "apache2 Cookbook\n================\n[![Build Status](https://travis-ci.org/svanzoest/apache2-cookbook.svg?branch=master)](https://travis-ci.org/svanzoest/apache2-cookbook)\n[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/svanzoest/apache2-cookbook?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)\n\nThis cookbook provides a complete Debian/Ubuntu style Apache HTTPD\nconfiguration. Non-Debian based distributions such as Red Hat/CentOS,\nArchLinux and others supported by this cookbook will have a\nconfiguration that mimics Debian/Ubuntu style as it is easier to\nmanage with Chef.\n\nDebian-style Apache configuration uses scripts to manage modules and\nsites (vhosts). The scripts are:\n\n* a2ensite\n* a2dissite\n* a2enmod\n* a2dismod\n* a2enconf\n* a2disconf\n\nThis cookbook ships with templates of these scripts for non\nDebian/Ubuntu platforms. The scripts are used in the __Definitions__\nbelow.\n\nRequirements\n============\n\n## Ohai and Chef:\n\n* Ohai: 0.6.12+\n* Chef: 0.10.10+\n\nAs of v1.2.0, this cookbook makes use of `node['platform_family']` to\nsimplify platform selection logic. This attribute was introduced in\nOhai v0.6.12. The recipe methods were introduced in Chef v0.10.10. If\nyou must run an older version of Chef or Ohai, use [version 1.1.16 of\nthis cookbook](https://supermarket.chef.io/cookbooks/apache2/versions/1.1.16).\n\n## Cookbooks:\n\nThis cookbook doesn't have direct dependencies on other cookbooks, as\nnone are needed for the default recipe or the general use cases.\n\nDepending on your OS configuration and security policy, you may need\nadditional recipes or cookbooks for this cookbook's recipes to\nconverge on the node. In particular, the following Operating System\nsettings may affect the behavior of this cookbook:\n\n* apt cache outdated\n* SELinux enabled\n* IPtables\n* Compile tools\n* 3rd party repositories\n\nOn Ubuntu/Debian, use Opscode's `apt` cookbook to ensure the package\ncache is updated so Chef can install packages, or consider putting\napt-get in your bootstrap process or\n[knife bootstrap template](http://docs.chef.io/knife_bootstrap.html)\n\nOn RHEL, SELinux is enabled by default. The `selinux` cookbook\ncontains a `permissive` recipe that can be used to set SELinux to\n\"Permissive\" state. Otherwise, additional recipes need to be created\nby the user to address SELinux permissions.\n\nThe easiest but **certainly not ideal way** to deal with IPtables is\nto flush all rules. Opscode does provide an `iptables` cookbook but is\nmigrating from the approach used there to a more robust solution\nutilizing a general \"firewall\" LWRP that would have an \"iptables\"\nprovider. Alternately, you can use ufw, with Opscode's `ufw` and\n`firewall` cookbooks to set up rules. See those cookbooks' READMEs for\ndocumentation.\n\nBuild/compile tools may not be installed on the system by default.\nSome recipes (e.g., `apache2::mod_auth_openid`) build the module from\nsource. Use Opscode's `build-essential` cookbook to get essential\nbuild packages installed.\n\nOn ArchLinux, if you are using the `apache2::mod_auth_openid` recipe,\nyou also need the `pacman` cookbook for the `pacman_aur` LWRP. Put\n`recipe[pacman]` on the node's expanded run list (on the node or in a\nrole). This is not an explicit dependency because it is only required\nfor this single recipe and platform; the pacman default recipe\nperforms `pacman -Sy` to keep pacman's package cache updated.\n\nThe `apache2::god_monitor` recipe uses a definition from the `god`\ncookbook. Include `recipe[god]` in the node's expanded run list to\nensure that the cookbook is available to the node, and to set up `god`.\n\n## Platforms:\n\nThe following platforms and versions are tested and supported using\n[test-kitchen](http://kitchen.ci/)\n\n* Ubuntu 12.04, 14.04\n* Debian 7.6\n* CentOS 6.5, 7.0\n\nThe following platform families are supported in the code, and are\nassumed to work based on the successful testing on Ubuntu and CentOS.\n\n* Red Hat (rhel)\n* Fedora\n* Amazon Linux\n\nThe following platforms are also supported in the code, have been\ntested manually but are not tested under test-kitchen.\n\n* SUSE/OpenSUSE\n* ArchLinux\n* FreeBSD\n\n### Notes for RHEL Family:\n\nOn Red Hat Enterprise Linux and derivatives, the EPEL repository may\nbe necessary to install packages used in certain recipes. The\n`apache2::default` recipe, however, does not require any additional\nrepositories. Opscode's `yum-epel` cookbook can be used to add the\nEPEL repository. See __Examples__ for more information.\n\n### Notes for FreeBSD:\n\nVersion 2.0 has been had some basic testing against FreeBSD 10.0 using\nChef 11.14.2 which has support for pkgng (CHEF-4637).\n\nTests\n=====\n\nThis cookbook in the\n[source repository](https://github.com/svanzoest/apache2-cookbook/)\ncontains chefspec, serverspec and cucumber tests. This is an initial proof of\nconcept that will be fleshed out with more supporting infrastructure\nat a future time.\n\nPlease see the CONTRIBUTING file for information on how to add tests\nfor your contributions.\n\nAttributes\n==========\n\nThis cookbook uses many attributes, broken up into a few different\nkinds.\n\nPlatform specific\n-----------------\n\nIn order to support the broadest number of platforms, several\nattributes are determined based on the node's platform. See the\nattributes/default.rb file for default values in the case statement at\nthe top of the file.\n\n* `node['apache']['package']` - Package name for Apache2\n* `node['apache']['perl_pkg']` - Package name for Perl\n* `node['apache']['dir']` - Location for the Apache configuration\n* `node['apache']['log_dir']` - Location for Apache logs\n* `node['apache']['error_log']` - Location for the default error log\n* `node['apache']['access_log']` - Location for the default access log\n* `node['apache']['user']` - User Apache runs as\n* `node['apache']['group']` - Group Apache runs as\n* `node['apache']['binary']` - Apache httpd server daemon\n* `node['apache']['conf_dir']` - Location for the main config file (e.g apache2.conf or httpd.conf)\n* `node['apache']['docroot_dir']` - Location for docroot\n* `node['apache']['cgibin_dir']` - Location for cgi-bin\n* `node['apache']['icondir']` - Location for icons\n* `node['apache']['cache_dir']` - Location for cached files used by Apache itself or recipes\n* `node['apache']['pid_file']` - Location of the PID file for Apache httpd\n* `node['apache']['lib_dir']` - Location for shared libraries\n* `node['apache']['default_site_enabled']` - Default site enabled. Default is false.\n* `node['apache']['ext_status']` - if true, enables ExtendedStatus for `mod_status`\n* `node['apache']['locale'] - Locale to set in sysconfig or envvars and used for subprocesses and modules (like mod_dav and mod_wsgi). On debian systems Uses system-local if set to 'system', defaults to 'C'.\n\nGeneral settings\n----------------\n\nThese are general settings used in recipes and templates. Default\nvalues are noted.\n\n* `node['apache']['version']` - Specifing 2.4 triggers apache 2.4 support. If the platform is known during our test to install 2.4 by default, it will be set to 2.4 for you. Otherwise it falls back to 2.2. This value should be specified as a string.\n* `node['apache']['listen_addresses']` - Addresses that httpd should listen on. Default is any (\"*\").\n* `node['apache']['listen_ports']` - Ports that httpd should listen on. Default is port 80.\n* `node['apache']['contact']` - Value for ServerAdmin directive. Default \"ops@example.com\".\n* `node['apache']['timeout']` - Value for the Timeout directive. Default is 300.\n* `node['apache']['keepalive']` - Value for the KeepAlive directive. Default is On.\n* `node['apache']['keepaliverequests']` - Value for MaxKeepAliveRequests. Default is 100.\n* `node['apache']['keepalivetimeout']` - Value for the KeepAliveTimeout directive. Default is 5.\n* `node['apache']['sysconfig_additional_params']` - Additionals variables set in sysconfig file. Default is empty.\n* `node['apache']['default_modules']` - Array of module names. Can take \"mod_FOO\" or \"FOO\" as names, where FOO is the apache module, e.g. \"`mod_status`\" or \"`status`\".\n* `node['apache']['mpm']` - With apache.version 2.4, specifies what Multi-Processing Module to enable. Default is \"prefork\".\n\nThe modules listed in `default_modules` will be included as recipes in `recipe[apache::default]`.\n\nPrefork attributes\n------------------\n\nPrefork attributes are used for tuning the Apache HTTPD [prefork MPM](http://httpd.apache.org/docs/current/mod/prefork.html) configuration.\n\n* `node['apache']['prefork']['startservers']` - initial number of server processes to start. Default is 16.\n* `node['apache']['prefork']['minspareservers']` - minimum number of spare server processes. Default 16.\n* `node['apache']['prefork']['maxspareservers']` - maximum number of spare server processes. Default 32.\n* `node['apache']['prefork']['serverlimit']` - upper limit on configurable server processes. Default 400.\n* `node['apache']['prefork']['maxrequestworkers']` - Maximum number of connections that will be processed simultaneously\n* `node['apache']['prefork']['maxconnectionsperchild']` - Maximum number of request a child process will handle. Default 10000.\n\nWorker attributes\n-----------------\n\nWorker attributes are used for tuning the Apache HTTPD [worker MPM](http://httpd.apache.org/docs/current/mod/worker.html)\nconfiguration.\n\n* `node['apache']['worker']['startservers']` - Initial number of server processes to start. Default 4\n* `node['apache']['worker']['serverlimit']` - Upper limit on configurable server processes. Default 16.\n* `node['apache']['worker']['minsparethreads']` - Minimum number of spare worker threads. Default 64\n* `node['apache']['worker']['maxsparethreads']` - Maximum number of spare worker threads. Default 192.\n* `node['apache']['worker']['maxrequestworkers']` - Maximum number of simultaneous connections. Default 1024.\n* `node['apache']['worker']['maxconnectionsperchild']` - Limit on the number of connections that an individual child server will handle during its life.\n\nEvent attributes\n----------------\n\nEvent attributes are used for tuning the Apache HTTPD [event MPM](http://httpd.apache.org/docs/current/mod/event.html)\nconfiguration.\n\n* `node['apache']['event']['startservers']` - Initial number of child server processes created at startup. Default 4.\n* `node['apache']['event']['serverlimit']` - Upper limit on configurable number of processes. Default 16.\n* `node['apache']['event']['minsparethreads']` - Minimum number of spare worker threads. Default 64\n* `node['apache']['event']['maxsparethreads']` - Maximum number of spare worker threads. Default 192.\n* `node['apache']['event']['threadlimit']` - Upper limit on the configurable number of threads per child process. Default 192.\n* `node['apache']['event']['threadsperchild']` - Number of threads created by each child process. Default 64.\n* `node['apache']['event']['maxrequestworkers']` - Maximum number of connections that will be processed simultaneously.\n* `node['apache']['event']['maxconnectionsperchild']` - Limit on the number of connections that an individual child server will handle during its life.\n\nmod\\_auth\\_openid attributes\n----------------------------\n\nThe following attributes are in the `attributes/mod_auth_openid.rb`\nfile. Like all Chef attributes files, they are loaded as well, but\nthey're logistically unrelated to the others, being specific to the\n`mod_auth_openid` recipe.\n\n* `node['apache']['mod_auth_openid']['checksum']` - sha256sum of the tarball containing the source.\n* `node['apache']['mod_auth_openid']['ref']` - Any sha, tag, or branch found from https://github.com/bmuller/mod_auth_openid\n* `node['apache']['mod_auth_openid']['version']` - directory name version within the tarball\n* `node['apache']['mod_auth_openid']['cache_dir']` - the cache directory is where the sqlite3 database is stored. It is separate so it can be managed as a directory resource.\n* `node['apache']['mod_auth_openid']['dblocation']` - filename of the sqlite3 database used for directive `AuthOpenIDDBLocation`, stored in the `cache_dir` by default.\n* `node['apache']['mod_auth_openid']['configure_flags']` - optional array of configure flags passed to the `./configure` step in the compilation of the module.\n\nmod\\_ssl attributes\n-------------------\n\nFor general information on this attributes see http://httpd.apache.org/docs/current/mod/mod_ssl.html\n\n* `node['apache']['mod_ssl']['cipher_suite']` - sets the SSLCiphersuite value to the specified string. The default is\n considered \"sane\" but you may need to change it for your local security policy, e.g. if you have PCI-DSS requirements. Additional\n commentary on the\n [original pull request](https://github.com/svanzoest/apache2-cookbook/pull/15#commitcomment-1605406).\n* `node['apache']['mod_ssl']['honor_cipher_order']` - Option to prefer the server's cipher preference order. Default 'On'.\n* `node['apache']['mod_ssl']['insecure_renegotiation']` - Option to enable support for insecure renegotiation. Default 'Off'.\n* `node['apache']['mod_ssl']['strict_sni_vhost_check']` - Whether to allow non-SNI clients to access a name-based virtual host. Default 'Off'.\n* `node['apache']['mod_ssl']['session_cache']` - Configures the OCSP stapling cache. Default `shmcb:/var/run/apache2/ssl_scache`\n* `node['apache']['mod_ssl']['session_cache_timeout']` - Number of seconds before an SSL session expires in the Session Cache. Default 300.\n* `node['apache']['mod_ssl']['compression']` - \tEnable compression on the SSL level. Default 'Off'.\n* `node['apache']['mod_ssl']['use_stapling']` - Enable stapling of OCSP responses in the TLS handshake. Default 'Off'.\n* `node['apache']['mod_ssl']['stapling_responder_timeout']` - \tTimeout for OCSP stapling queries. Default 5\n* `node['apache']['mod_ssl']['stapling_return_responder_errors']` - Pass stapling related OCSP errors on to client. Default 'Off'\n* `node['apache']['mod_ssl']['stapling_cache']` - Configures the OCSP stapling cache. Default `shmcb:/var/run/ocsp(128000)`\n* `node['apache']['mod_ssl']['pass_phrase_dialog']` - Configures SSLPassPhraseDialog. Default `builtin`\n* `node['apache']['mod_ssl']['mutex']` - Configures SSLMutex. Default `file:/var/run/apache2/ssl_mutex`\n* `node['apache']['mod_ssl']['directives']` - Hash for add any custom directive.\n\nFor more information on these directives and how to best secure your site see\n- https://bettercrypto.org/\n- https://wiki.mozilla.org/Security/Server_Side_TLS\n- https://www.insecure.ws/linux/apache_ssl.html\n- https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/\n- https://istlsfastyet.com/\n- https://www.ssllabs.com/projects/best-practices/\n\nRecipes\n=======\n\nMost of the recipes in the cookbook are for enabling Apache modules.\nWhere additional configuration or behavior is used, it is documented\nbelow in more detail.\n\nThe following recipes merely enable the specified module: `mod_alias`,\n`mod_auth_basic`, `mod_auth_digest`, `mod_authn_file`, `mod_authnz_ldap`,\n`mod_authz_default`, `mod_authz_groupfile`, `mod_authz_host`,\n`mod_authz_user`, `mod_autoindex`, `mod_cgi`, `mod_dav_fs`,\n`mod_dav_svn`, `mod_deflate`, `mod_dir`, `mod_env`, `mod_expires`,\n`mod_headers`, `mod_ldap`, `mod_log_config`, `mod_mime`,\n`mod_negotiation`, `mod_proxy`, `mod_proxy_ajp`, `mod_proxy_balancer`,\n`mod_proxy_connect`, `mod_proxy_http`, `mod_python`, `mod_rewrite`,\n`mod_setenvif`, `mod_status`, `mod_wsgi`, `mod_xsendfile`.\n\nOn RHEL Family distributions, certain modules ship with a config file\nwith the package. The recipes here may delete those configuration\nfiles to ensure they don't conflict with the settings from the\ncookbook, which will use per-module configuration in\n`/etc/httpd/mods-enabled`.\n\ndefault\n-------\n\nThe default recipe does a number of things to set up Apache HTTPd. It\nalso includes a number of modules based on the attribute\n`node['apache']['default_modules']` as recipes.\n\nlogrotate\n---------\n\nLogrotate adds a logrotate entry for your apache2 logs. This recipe\nrequires the `logrotate` cookbook; ensure that `recipe[logrotate]` is\nin the node's expanded run list.\n\nmod\\_auth\\_cas\n--------------\n\nThis recipe installs the proper package and enables the `auth_cas`\nmodule. It can install from source or package. Package is the default,\nset the attribute `node['apache']['mod_auth_cas']['from_source']` to\ntrue to enable source installation. Modify the version to install by\nchanging the attribute\n`node['apache']['mod_auth_cas']['source_revision']`. It is a version\ntag by default, but could be master, or another tag, or branch.\n\nThe module configuration is written out with the `CASCookiePath` set,\notherwise an error loading the module may cause Apache to not start.\n\n**Note**: This recipe does not work on EL 6 platforms unless\nepel-testing repository is enabled (outside the scope of this\ncookbook), or the package version 1.0.8.1-3.el6 or higher is otherwise\navailable to the system due to this bug:\n\nhttps://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=708550\n\nmod\\_auth\\_openid\n-----------------\n\n**Changed via COOK-915**\n\nThis recipe compiles the module from source. In addition to\n`build-essential`, some other packages are included for installation\nlike the GNU C++ compiler and development headers.\n\nTo use the module in your own cookbooks to authenticate systems using\nOpenIDs, specify an array of OpenIDs that are allowed to authenticate\nwith the attribute `node['apache']['allowed_openids']`. Use the\nfollowing in a vhost to protect with OpenID authentication:\n\n AuthType OpenID require user <%= node['apache']['allowed_openids'].join(' ') %>\n AuthOpenIDDBLocation <%= node['apache']['mod_auth_openid']['dblocation'] %>\n\nChange the DBLocation with the attribute as required; this file is in\na different location than previous versions, see below. It should be a\nsane default for most platforms, though, see\n`attributes/mod_auth_openid.rb`.\n\n### Changes from COOK-915:\n\n* `AuthType OpenID` instead of `AuthOpenIDEnabled On`.\n* `require user` instead of `AuthOpenIDUserProgram`.\n* A bug(?) in `mod_auth_openid` causes it to segfault when attempting\n to update the database file if the containing directory is not\n writable by the HTTPD process owner (e.g., www-data), even if the\n file is writable. In order to not interfere with other settings from\n the default recipe in this cookbook, the db file is moved.\n\nmod\\_fastcgi\n------------\n\nInstall the fastcgi package and enable the module.\n\nOnly work on Debian/Ubuntu\n\nmod\\_fcgid\n----------\n\nInstalls the fcgi package and enables the module. Requires EPEL on\nRHEL family.\n\nOn RHEL family, this recipe will delete the fcgid.conf and on version\n6+, create the /var/run/httpd/mod_fcgid` directory, which prevents the\nemergency error:\n\n [emerg] (2)No such file or directory: mod_fcgid: Can't create shared memory for size XX bytes\n\nmod\\_php5\n--------\n\nSimply installs the appropriate package on Debian, Ubuntu and\nArchLinux.\n\nOn Red Hat family distributions including Fedora, the php.conf that\ncomes with the package is removed. On RHEL platforms less than v6, the\n`php53` package is used.\n\n* `node['apache']['mod_php5']['install_method']` - default `package` can be overridden to avoid package installs.\n\nmod\\_ssl\n--------\n\nBesides installing and enabling `mod_ssl`, this recipe will append\nport 443 to the `node['apache']['listen_ports']` attribute array and\nupdate the ports.conf.\n\ngod\\_monitor\n------------\n\nSets up a `god` monitor for Apache. External requirements are the\n`god` and `runit` cookbooks from Opscode. When using this recipe,\ninclude `recipe[god]` in the node's expanded run list to ensure the\nclient downloads it; `god` depends on runit so that will also be\ndownloaded.\n\n**Note** This recipe is not tested under test-kitchen yet and is\n pending fix in COOK-744.\n\nDefinitions\n===========\n\nThe cookbook provides a few definitions. At some point in the future\nthese definitions may be refactored into lightweight resources and\nproviders as suggested by\n[foodcritic rule FC015](http://acrmp.github.com/foodcritic/#FC015).\n\napache\\_config\n------------\n\nSets up configuration file for Apache from a template. The\ntemplate should be in the same cookbook where the definition is used. This is used by the `apache_conf` definition and is not often used directly.\n\nIt will use `a2enconf` and `a2disconf` to control the symlinking of configuration files between `conf-available` and `conf-enabled`.\n\nEnable or disable an Apache config file in\n`#{node['apache']['dir']}/conf-available` by calling `a2enmod` or\n`a2dismod` to manage the symbolic link in\n`#{node['apache']['dir']}/conf-enabled`. These config files should be created in your cookbook, and placed on the system using `apache_conf`\n\n### Parameters:\n\n* `name` - Name of the config enabled or disabled with the `a2enconf` or `a2disconf` scripts.\n* `source` - The location of a template file. The default `name.erb`.\n* `cookbook` - The cookbook in which the configuration template is located (if it is not located in the current cookbook). The default value is the current cookbook.\n* `enable` - Default true, which uses `a2enconf` to enable the config. If false, the config will be disabled with `a2disconf`.\n\n### Examples:\n\nEnable the example config.\n\n``````\n apache_config 'example' do\n enable true\n end\n``````\n\nDisable a module:\n\n``````\n apache_config 'disabled_example' do\n enable false\n end\n``````\n\nSee the recipes directory for many more examples of `apache_config`.\n\napache\\_conf\n------------\n\nWrites conf files to the `conf-available` folder, and passes enabled values to `apache_config`.\n\nThis definition should generally be called over `apache_config`.\n\n### Parameters:\n\n* `name` - Name of the config placed and enabled or disabled with the `a2enconf` or `a2disconf` scripts.\n* `enable` - Default true, which uses `a2enconf` to enable the config. If false, the config will be disabled with `a2disconf`.\n* `conf_path` - path to put the config in if you need to override the default `conf-available`.\n\n### Examples:\n\nPlace and enable the example conf:\n\n``````\n apache_conf 'example' do\n enable true\n end\n``````\n\nPlace and disable (or never enable to begin with) the example conf:\n\n``````\n apache_conf 'example' do\n enable false\n end\n``````\n\nPlace the example conf, which has a different path than the default (conf-*):\n\n``````\n apache_conf 'example' do\n conf_path '/random/example/path'\n enable false\n end\n``````\n\napache\\_mod\n------------\n\nSets up configuration file for an Apache module from a template. The\ntemplate should be in the same cookbook where the definition is used.\nThis is used by the `apache_module` definition and is not often used\ndirectly.\n\nThis will use a template resource to write the module's configuration\nfile in the `mods-available` under the Apache configuration directory\n(`node['apache']['dir']`). This is a platform-dependent location. See\n__apache\\_module__.\n\n### Parameters:\n\n* `name` - Name of the template. When used from the `apache_module`,\n it will use the same name as the module.\n\n### Examples:\n\nCreate `#{node['apache']['dir']}/mods-available/alias.conf`.\n\n``````\n apache_mod \"alias\"\n``````\n\napache\\_module\n--------------\n\nEnable or disable an Apache module in\n`#{node['apache']['dir']}/mods-available` by calling `a2enmod` or\n`a2dismod` to manage the symbolic link in\n`#{node['apache']['dir']}/mods-enabled`. If the module has a\nconfiguration file, a template should be created in the cookbook where\nthe definition is used. See __Examples__.\n\n### Parameters:\n\n* `name` - Name of the module enabled or disabled with the `a2enmod` or `a2dismod` scripts.\n* `identifier` - String to identify the module for the `LoadModule` directive. Not typically needed, defaults to `#{name}_module`\n* `enable` - Default true, which uses `a2enmod` to enable the module. If false, the module will be disabled with `a2dismod`.\n* `conf` - Default false. Set to true if the module has a config file, which will use `apache_mod` for the file.\n* `filename` - specify the full name of the file, e.g.\n\n### Examples:\n\nEnable the ssl module, which also has a configuration template in `templates/default/mods/ssl.conf.erb`.\n\n``````\n apache_module \"ssl\" do\n conf true\n end\n``````\n\nEnable the php5 module, which has a different filename than the module default:\n\n``````\n apache_module \"php5\" do\n filename \"libphp5.so\"\n end\n``````\n\nDisable a module:\n\n``````\n apache_module \"disabled_module\" do\n enable false\n end\n``````\n\nSee the recipes directory for many more examples of `apache_module`.\n\napache\\_site\n------------\n\nEnable or disable a VirtualHost in\n`#{node['apache']['dir']}/sites-available` by calling a2ensite or\na2dissite to manage the symbolic link in\n`#{node['apache']['dir']}/sites-enabled`.\n\nThe template for the site must be managed as a separate resource. To\ncombine the template with enabling a site, see `web_app`.\n\n### Parameters:\n\n* `name` - Name of the site.\n* `enable` - Default true, which uses `a2ensite` to enable the site. If false, the site will be disabled with `a2dissite`.\n\nweb\\_app\n--------\n\nManage a template resource for a VirtualHost site, and enable it with\n`apache_site`. This is commonly done for managing web applications\nsuch as Ruby on Rails, PHP or Django, and the default behavior\nreflects that. However it is flexible.\n\nThis definition includes some recipes to make sure the system is\nconfigured to have Apache and some sane default modules:\n\n* `apache2`\n* `apache2::mod_rewrite`\n* `apache2::mod_deflate`\n* `apache2::mod_headers`\n\nIt will then configure the template (see __Parameters__ and\n__Examples__ below), and enable or disable the site per the `enable`\nparameter.\n\n### Parameters:\n\nCurrent parameters used by the definition:\n\n* `name` - The name of the site. The template will be written to\n `#{node['apache']['dir']}/sites-available/#{params['name']}.conf`\n* `cookbook` - Optional. Cookbook where the source template is. If\n this is not defined, Chef will use the named template in the\n cookbook where the definition is used.\n* `template` - Default `web_app.conf.erb`, source template file.\n* `enable` - Default true. Passed to the `apache_site` definition.\n\nAdditional parameters can be defined when the definition is called in\na recipe, see __Examples__.\n\n### Examples:\n\nThe recommended way to use the `web_app` definition is in a application specific cookbook named \"my_app\".\nThe following example would look for a template named 'web_app.conf.erb' in your cookbook containing\nthe apache httpd directives defining the `VirtualHost` that would serve up \"my_app\".\n\n``````\n web_app \"my_app\" do\n template 'web_app.conf.erb'\n server_name node['my_app']['hostname']\n end\n``````\n\nAll parameters are passed into the template. You can use whatever you\nlike. The apache2 cookbook comes with a `web_app.conf.erb` template as\nan example. The following parameters are used in the template:\n\n* `server_name` - ServerName directive.\n* `server_aliases` - ServerAlias directive. Must be an array of aliases.\n* `docroot` - DocumentRoot directive.\n* `application_name` - Used in RewriteLog directive. Will be set to the `name` parameter.\n* `directory_index` - Allow overriding the default DirectoryIndex setting, optional\n* `directory_options` - Override Options on the docroot, for example to add parameters like Includes or Indexes, optional.\n* `allow_override` - Modify the AllowOverride directive on the docroot to support apps that need .htaccess to modify configuration or require authentication.\n\nTo use the default web_app, for example:\n\n``````\n web_app \"my_site\" do\n server_name node['hostname']\n server_aliases [node['fqdn'], \"my-site.example.com\"]\n docroot \"/srv/www/my_site\"\n cookbook 'apache2'\n end\n``````\n\nThe parameters specified will be used as:\n\n* `@params[:server_name]`\n* `@params[:server_aliases]`\n* `@params[:docroot]`\n\nIn the template. When you write your own, the `@` is significant.\n\nFor more information about Definitions and parameters, see the\n[Chef Wiki](http://docs.chef.io/definitions.html)\n\nUsage\n=====\n\nUsing this cookbook is relatively straightforward. Add the desired\nrecipes to the run list of a node, or create a role. Depending on your\nenvironment, you may have multiple roles that use different recipes\nfrom this cookbook. Adjust any attributes as desired. For example, to\ncreate a basic role for web servers that provide both HTTP and HTTPS:\n\n``````\n % cat roles/webserver.rb\n name \"webserver\"\n description \"Systems that serve HTTP and HTTPS\"\n run_list(\n \"recipe[apache2]\",\n \"recipe[apache2::mod_ssl]\"\n )\n default_attributes(\n \"apache\" => {\n \"listen_ports\" => [\"80\", \"443\"]\n }\n )\n``````\n\nFor examples of using the definitions in your own recipes, see their\nrespective sections above.\n\nLicense and Authors\n===================\n\n* Author:: Adam Jacob \n* Author:: Joshua Timberman \n* Author:: Bryan McLellan \n* Author:: Dave Esposito \n* Author:: David Abdemoulaie \n* Author:: Edmund Haselwanter \n* Author:: Eric Rochester \n* Author:: Jim Browne \n* Author:: Matthew Kent \n* Author:: Nathen Harvey \n* Author:: Ringo De Smet \n* Author:: Sean OMeara \n* Author:: Seth Chisamore \n* Author:: Gilles Devaux \n* Author:: Sander van Zoest \n* Author:: Taylor Price \n\n* Copyright:: 2009-2012, Opscode, Inc\n* Copyright:: 2011, Atriso\n* Copyright:: 2011, CustomInk, LLC.\n* Copyright:: 2013-2014, OneHealth Solutions, Inc.\n* Copyright:: 2014, Viverae, Inc.\n* Copyright:: 2015, Alexander van Zoest\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n", + "maintainer": "OneHealth Solutions, Inc.", + "maintainer_email": "cookbooks@onehealth.com", "license": "Apache 2.0", "platforms": { - "amazon": ">= 0.0.0", - "arch": ">= 0.0.0", - "centos": ">= 0.0.0", "debian": ">= 0.0.0", - "fedora": ">= 0.0.0", - "freebsd": ">= 0.0.0", + "ubuntu": ">= 0.0.0", "redhat": ">= 0.0.0", + "centos": ">= 0.0.0", + "fedora": ">= 0.0.0", + "amazon": ">= 0.0.0", "scientific": ">= 0.0.0", - "ubuntu": ">= 0.0.0" + "freebsd": ">= 0.0.0", + "suse": ">= 0.0.0", + "opensuse": ">= 0.0.0", + "arch": ">= 0.0.0" }, "dependencies": { "iptables": ">= 0.0.0", - "logrotate": ">= 0.0.0", - "pacman": ">= 0.0.0" + "logrotate": ">= 0.0.0" }, "recommendations": { }, @@ -33,290 +34,6 @@ "replacing": { }, "attributes": { - "apache": { - "display_name": "Apache Hash", - "description": "Hash of Apache attributes", - "type": "hash" - }, - "apache/dir": { - "display_name": "Apache Directory", - "description": "Location for Apache configuration", - "default": "/etc/apache2", - "recipes": [ - "apache2::default" - ] - }, - "apache/log_dir": { - "display_name": "Apache Log Directory", - "description": "Location for Apache logs", - "default": "/etc/apache2", - "recipes": [ - "apache2::default\", \"apache2::logrotate" - ] - }, - "apache/user": { - "display_name": "Apache User", - "description": "User Apache runs as", - "default": "www-data", - "recipes": [ - "apache2::default" - ] - }, - "apache/binary": { - "display_name": "Apache Binary", - "description": "Apache server daemon program", - "default": "/usr/sbin/apache2", - "recipes": [ - "apache2::default" - ] - }, - "apache/icondir": { - "display_name": "Apache Icondir", - "description": "Directory location for icons", - "default": "/usr/share/apache2/icons", - "recipes": [ - "apache2::default" - ] - }, - "apache/listen_addresses": { - "display_name": "Apache Listen Addresses", - "description": "Addresses that Apache should listen on", - "type": "array", - "default": [ - "*" - ], - "recipes": [ - "apache2::default" - ] - }, - "apache/listen_ports": { - "display_name": "Apache Listen Ports", - "description": "Ports that Apache should listen on", - "type": "array", - "default": [ - "80", - "443" - ], - "recipes": [ - "apache2::default" - ] - }, - "apache/contact": { - "display_name": "Apache Contact", - "description": "Email address of webmaster", - "default": "ops@example.com", - "recipes": [ - "apache2::default" - ] - }, - "apache/timeout": { - "display_name": "Apache Timeout", - "description": "Connection timeout value", - "default": "300", - "recipes": [ - "apache2::default" - ] - }, - "apache/keepalive": { - "display_name": "Apache Keepalive", - "description": "HTTP persistent connections", - "default": "On", - "recipes": [ - "apache2::default" - ] - }, - "apache/keepaliverequests": { - "display_name": "Apache Keepalive Requests", - "description": "Number of requests allowed on a persistent connection", - "default": "100", - "recipes": [ - "apache2::default" - ] - }, - "apache/keepalivetimeout": { - "display_name": "Apache Keepalive Timeout", - "description": "Time to wait for requests on persistent connection", - "default": "5", - "recipes": [ - "apache2::default" - ] - }, - "apache/servertokens": { - "display_name": "Apache Server Tokens", - "description": "Server response header", - "default": "Prod", - "recipes": [ - "apache2::default" - ] - }, - "apache/serversignature": { - "display_name": "Apache Server Signature", - "description": "Configure footer on server-generated documents", - "default": "On", - "recipes": [ - "apache2::default" - ] - }, - "apache/traceenable": { - "display_name": "Apache Trace Enable", - "description": "Determine behavior of TRACE requests", - "default": "On", - "recipes": [ - "apache2::default" - ] - }, - "apache/allowed_openids": { - "display_name": "Apache Allowed OpenIDs", - "description": "Array of OpenIDs allowed to authenticate", - "default": "", - "recipes": [ - "apache2::default" - ] - }, - "apache/prefork": { - "display_name": "Apache Prefork", - "description": "Hash of Apache prefork tuning attributes.", - "type": "hash", - "recipes": [ - "apache2::default" - ] - }, - "apache/prefork/startservers": { - "display_name": "Apache Prefork MPM StartServers", - "description": "Number of MPM servers to start", - "default": "16", - "recipes": [ - "apache2::default" - ] - }, - "apache/prefork/minspareservers": { - "display_name": "Apache Prefork MPM MinSpareServers", - "description": "Minimum number of spare server processes", - "default": "16", - "recipes": [ - "apache2::default" - ] - }, - "apache/prefork/maxspareservers": { - "display_name": "Apache Prefork MPM MaxSpareServers", - "description": "Maximum number of spare server processes", - "default": "32", - "recipes": [ - "apache2::default" - ] - }, - "apache/prefork/serverlimit": { - "display_name": "Apache Prefork MPM ServerLimit", - "description": "Upper limit on configurable server processes", - "default": "400", - "recipes": [ - "apache2::default" - ] - }, - "apache/prefork/maxclients": { - "display_name": "Apache Prefork MPM MaxClients", - "description": "Maximum number of simultaneous connections", - "default": "400", - "recipes": [ - "apache2::default" - ] - }, - "apache/prefork/maxrequestsperchild": { - "display_name": "Apache Prefork MPM MaxRequestsPerChild", - "description": "Maximum number of request a child process will handle", - "default": "10000", - "recipes": [ - "apache2::default" - ] - }, - "apache/worker": { - "display_name": "Apache Worker", - "description": "Hash of Apache prefork tuning attributes.", - "type": "hash", - "recipes": [ - "apache2::default" - ] - }, - "apache/worker/startservers": { - "display_name": "Apache Worker MPM StartServers", - "description": "Initial number of server processes to start", - "default": "4", - "recipes": [ - "apache2::default" - ] - }, - "apache/worker/maxclients": { - "display_name": "Apache Worker MPM MaxClients", - "description": "Maximum number of simultaneous connections", - "default": "1024", - "recipes": [ - "apache2::default" - ] - }, - "apache/worker/minsparethreads": { - "display_name": "Apache Worker MPM MinSpareThreads", - "description": "Minimum number of spare worker threads", - "default": "64", - "recipes": [ - "apache2::default" - ] - }, - "apache/worker/maxsparethreads": { - "display_name": "Apache Worker MPM MaxSpareThreads", - "description": "Maximum number of spare worker threads", - "default": "192", - "recipes": [ - "apache2::default" - ] - }, - "apache/worker/threadsperchild": { - "display_name": "Apache Worker MPM ThreadsPerChild", - "description": "Constant number of worker threads in each server process", - "default": "64", - "recipes": [ - "apache2::default" - ] - }, - "apache/worker/maxrequestsperchild": { - "display_name": "Apache Worker MPM MaxRequestsPerChild", - "description": "Maximum number of request a child process will handle", - "default": "0", - "recipes": [ - "apache2::default" - ] - }, - "apache/default_modules": { - "display_name": "Apache Default Modules", - "description": "Default modules to enable via recipes", - "type": "array", - "default": [ - "status", - "alias", - "auth_basic", - "authn_file", - "authz_default", - "authz_groupfile", - "authz_host", - "authz_user", - "autoindex", - "dir", - "env", - "mime", - "negotiation", - "setenvif" - ], - "recipes": [ - "apache2::default" - ] - }, - "apache/mod_ssl/cipher_suite": { - "display_name": "Apache mod_ssl Cipher Suite", - "description": "String of SSL ciphers to use for SSLCipherSuite", - "default": "RC4-SHA:HIGH:!ADH", - "recipes": [ - "apache2::default" - ] - } }, "groupings": { }, @@ -330,7 +47,7 @@ "apache2::mod_auth_openid": "Apache module \"authopenid\"", "apache2::mod_authn_file": "Apache module \"authn_file\"", "apache2::mod_authnz_ldap": "Apache module \"authnz_ldap\"", - "apache2::mod_authz_default": "Apache module \"authz_default\"", + "apache2::mod_authz_core": "Apache module \"authz_core\"", "apache2::mod_authz_groupfile": "Apache module \"authz_groupfile\"", "apache2::mod_authz_host": "Apache module \"authz_host\"", "apache2::mod_authz_user": "Apache module \"authz_user\"", diff --git a/chef/cookbooks/berks/apache2/recipes/default.rb b/chef/cookbooks/berks/apache2/recipes/default.rb index 732aa74..841ea12 100644 --- a/chef/cookbooks/berks/apache2/recipes/default.rb +++ b/chef/cookbooks/berks/apache2/recipes/default.rb @@ -21,54 +21,63 @@ package 'apache2' do package_name node['apache']['package'] end -if platform_family?('rhel', 'fedora', 'arch', 'suse', 'freebsd') - directory node['apache']['log_dir'] do +%w(sites-available sites-enabled mods-available mods-enabled conf-available conf-enabled).each do |dir| + directory "#{node['apache']['dir']}/#{dir}" do mode '0755' + owner 'root' + group node['apache']['root_group'] end +end - package node['apache']['perl_pkg'] - - cookbook_file '/usr/local/bin/apache2_module_conf_generate.pl' do - source 'apache2_module_conf_generate.pl' - mode '0755' - owner 'root' - group node['apache']['root_group'] +%w(default 000-default).each do |site| + link "#{node['apache']['dir']}/sites-enabled/#{site}" do + action :delete end - %w[sites-available sites-enabled mods-available mods-enabled].each do |dir| - directory "#{node['apache']['dir']}/#{dir}" do - mode '0755' - owner 'root' - group node['apache']['root_group'] - end + file "#{node['apache']['dir']}/sites-available/#{site}" do + action :delete + backup false end +end - execute 'generate-module-list' do - command "/usr/local/bin/apache2_module_conf_generate.pl #{node['apache']['lib_dir']} #{node['apache']['dir']}/mods-available" - action :nothing +directory "#{node['apache']['dir']}/conf.d" do + action :delete + recursive true +end + +directory node['apache']['log_dir'] do + mode '0755' +end + +# perl is needed for the a2* scripts +package node['apache']['perl_pkg'] + +%w(a2ensite a2dissite a2enmod a2dismod a2enconf a2disconf).each do |modscript| + link "/usr/sbin/#{modscript}" do + action :delete + only_if { ::File.symlink?("/usr/sbin/#{modscript}") } end - %w[a2ensite a2dissite a2enmod a2dismod].each do |modscript| - template "/usr/sbin/#{modscript}" do - source "#{modscript}.erb" - mode '0700' - owner 'root' - group node['apache']['root_group'] - end + template "/usr/sbin/#{modscript}" do + source "#{modscript}.erb" + mode '0700' + owner 'root' + group node['apache']['root_group'] + action :create end +end - # installed by default on centos/rhel, remove in favour of mods-enabled - %w[proxy_ajp auth_pam authz_ldap webalizer ssl welcome].each do |f| - file "#{node['apache']['dir']}/conf.d/#{f}.conf" do - action :delete - backup false - end +unless platform_family?('debian') + cookbook_file '/usr/local/bin/apache2_module_conf_generate.pl' do + source 'apache2_module_conf_generate.pl' + mode '0755' + owner 'root' + group node['apache']['root_group'] end - # installed by default on centos/rhel, remove in favour of mods-enabled - file "#{node['apache']['dir']}/conf.d/README" do - action :delete - backup false + execute 'generate-module-list' do + command "/usr/local/bin/apache2_module_conf_generate.pl #{node['apache']['lib_dir']} #{node['apache']['dir']}/mods-available" + action :nothing end # enable mod_deflate for consistency across distributions @@ -76,104 +85,103 @@ if platform_family?('rhel', 'fedora', 'arch', 'suse', 'freebsd') end if platform_family?('freebsd') - file "#{node['apache']['dir']}/Includes/no-accf.conf" do + + directory "#{node['apache']['dir']}/Includes" do action :delete - backup false + recursive true end - directory "#{node['apache']['dir']}/Includes" do + directory "#{node['apache']['dir']}/extra" do + action :delete + recursive true + end +end + +if platform_family?('suse') + + directory "#{node['apache']['dir']}/vhosts.d" do action :delete + recursive true end - %w[ - httpd-autoindex.conf httpd-dav.conf httpd-default.conf httpd-info.conf - httpd-languages.conf httpd-manual.conf httpd-mpm.conf - httpd-multilang-errordoc.conf httpd-ssl.conf httpd-userdir.conf - httpd-vhosts.conf - ].each do |f| - file "#{node['apache']['dir']}/extra/#{f}" do + %w(charset.conv default-vhost.conf default-server.conf default-vhost-ssl.conf errors.conf listen.conf mime.types mod_autoindex-defaults.conf mod_info.conf mod_log_config.conf mod_status.conf mod_userdir.conf mod_usertrack.conf uid.conf).each do |file| + file "#{node['apache']['dir']}/#{file}" do action :delete backup false end end - - directory "#{node['apache']['dir']}/extra" do - action :delete - end end -%W[ +%W( #{node['apache']['dir']}/ssl - #{node['apache']['dir']}/conf.d #{node['apache']['cache_dir']} -].each do |path| +).each do |path| directory path do - mode '0755' + mode '0755' owner 'root' group node['apache']['root_group'] end end +directory node['apache']['lock_dir'] do + mode '0755' + if node['platform_family'] == 'debian' && node['apache']['version'] == '2.2' + owner node['apache']['user'] + else + owner 'root' + end + group node['apache']['root_group'] +end + # Set the preferred execution binary - prefork or worker -template '/etc/sysconfig/httpd' do - source 'etc-sysconfig-httpd.erb' - owner 'root' - group node['apache']['root_group'] - mode '0644' - notifies :restart, 'service[apache2]' - only_if { platform_family?('rhel', 'fedora') } +template "/etc/sysconfig/#{node['apache']['package']}" do + source 'etc-sysconfig-httpd.erb' + owner 'root' + group node['apache']['root_group'] + mode '0644' + notifies :restart, 'service[apache2]', :delayed + only_if { platform_family?('rhel', 'fedora', 'suse') } end -template 'apache2.conf' do - case node['platform_family'] - when 'rhel', 'fedora', 'arch' - path "#{node['apache']['dir']}/conf/httpd.conf" - when 'debian' - path "#{node['apache']['dir']}/apache2.conf" - when 'freebsd' - path "#{node['apache']['dir']}/httpd.conf" - end - source 'apache2.conf.erb' - owner 'root' - group node['apache']['root_group'] - mode '0644' - notifies :reload, 'service[apache2]' +template "#{node['apache']['dir']}/envvars" do + source 'envvars.erb' + owner 'root' + group node['apache']['root_group'] + mode '0644' + notifies :reload, 'service[apache2]', :delayed + only_if { platform_family?('debian') } end -template 'apache2-conf-security' do - path "#{node['apache']['dir']}/conf.d/security.conf" - source 'security.erb' - owner 'root' - group node['apache']['root_group'] - mode '0644' - backup false - notifies :reload, 'service[apache2]' +template 'apache2.conf' do + if platform_family?('rhel', 'fedora', 'arch', 'freebsd') + path "#{node['apache']['conf_dir']}/httpd.conf" + elsif platform_family?('debian') + path "#{node['apache']['conf_dir']}/apache2.conf" + elsif platform_family?('suse') + path "#{node['apache']['conf_dir']}/httpd.conf" + end + action :create + source 'apache2.conf.erb' + owner 'root' + group node['apache']['root_group'] + mode '0644' + notifies :reload, 'service[apache2]', :delayed end -template 'apache2-conf-charset' do - path "#{node['apache']['dir']}/conf.d/charset.conf" - source 'charset.erb' - owner 'root' - group node['apache']['root_group'] - mode '0644' - backup false - notifies :reload, 'service[apache2]' +%w(security charset).each do |conf| + apache_conf conf do + enable true + end end -template "#{node['apache']['dir']}/ports.conf" do - source 'ports.conf.erb' - owner 'root' - group node['apache']['root_group'] - mode '0644' - notifies :reload, 'service[apache2]' +apache_conf 'ports' do + enable false + conf_path node['apache']['dir'] end -template "#{node['apache']['dir']}/sites-available/default" do - source 'default-site.erb' - owner 'root' - group node['apache']['root_group'] - mode '0644' - notifies :reload, 'service[apache2]' +if node['apache']['version'] == '2.4' && !platform_family?('freebsd') + # on freebsd the prefork mpm is staticly compiled in + include_recipe "apache2::mpm_#{node['apache']['mpm']}" end node['apache']['default_modules'].each do |mod| @@ -181,28 +189,27 @@ node['apache']['default_modules'].each do |mod| include_recipe "apache2::#{module_recipe_name}" end -apache_site 'default' do +web_app 'default' do + template 'default-site.conf.erb' + path "#{node['apache']['dir']}/sites-available/default.conf" + enable node['apache']['default_site_enabled'] +end + +apache_site node['apache']['default_site_name'] do enable node['apache']['default_site_enabled'] end service 'apache2' do + service_name node['apache']['service_name'] case node['platform_family'] - when 'rhel', 'fedora', 'suse' - service_name 'httpd' - # If restarted/reloaded too quickly httpd has a habit of failing. - # This may happen with multiple recipes notifying apache to restart - like - # during the initial bootstrap. - restart_command '/sbin/service httpd restart && sleep 1' - reload_command '/sbin/service httpd reload && sleep 1' + when 'rhel' + reload_command '/sbin/service httpd graceful' when 'debian' - service_name 'apache2' - restart_command '/usr/sbin/invoke-rc.d apache2 restart && sleep 1' - reload_command '/usr/sbin/invoke-rc.d apache2 reload && sleep 1' + provider Chef::Provider::Service::Debian when 'arch' service_name 'httpd' - when 'freebsd' - service_name 'apache22' end - supports [:restart, :reload, :status] + supports [:start, :restart, :reload, :status] action [:enable, :start] + only_if "#{node['apache']['binary']} -t", :environment => { 'APACHE_LOG_DIR' => node['apache']['log_dir'] }, :timeout => 10 end diff --git a/chef/cookbooks/berks/apache2/recipes/god_monitor.rb b/chef/cookbooks/berks/apache2/recipes/god_monitor.rb index f597b9c..a64b528 100644 --- a/chef/cookbooks/berks/apache2/recipes/god_monitor.rb +++ b/chef/cookbooks/berks/apache2/recipes/god_monitor.rb @@ -27,7 +27,7 @@ restart_command = apache_service.restart_command god_monitor 'apache2' do config 'apache2.god.erb' - start start_command || "/etc/init.d/#{apache_service.service_name} start" + start start_command || "/etc/init.d/#{apache_service.service_name} start" restart restart_command || "/etc/init.d/#{apache_service.service_name} restart" - stop stop_command || "/etc/init.d/#{apache_service.service_name} stop" + stop stop_command || "/etc/init.d/#{apache_service.service_name} stop" end diff --git a/chef/cookbooks/berks/apache2/recipes/iptables.rb b/chef/cookbooks/berks/apache2/recipes/iptables.rb index ae0bbb2..0bf928b 100644 --- a/chef/cookbooks/berks/apache2/recipes/iptables.rb +++ b/chef/cookbooks/berks/apache2/recipes/iptables.rb @@ -16,5 +16,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # +include_recipe 'iptables::default' iptables_rule 'port_apache' diff --git a/chef/cookbooks/berks/apache2/recipes/logrotate.rb b/chef/cookbooks/berks/apache2/recipes/logrotate.rb index 723241b..111136f 100644 --- a/chef/cookbooks/berks/apache2/recipes/logrotate.rb +++ b/chef/cookbooks/berks/apache2/recipes/logrotate.rb @@ -27,5 +27,5 @@ rescue Chef::Log.warn('The apache::logrotate recipe requires the logrotate cookbook. Install the cookbook with `knife cookbook site install logrotate`.') end logrotate_app apache_service.service_name do - path node['apache']['log_dir'] + path "#{node['apache']['log_dir']}/*.log" end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_access_compat.rb b/chef/cookbooks/berks/apache2/recipes/mod_access_compat.rb new file mode 100644 index 0000000..bfb6eed --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_access_compat.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_access_compat +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'access_compat' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_actions.rb b/chef/cookbooks/berks/apache2/recipes/mod_actions.rb index 2d9336e..31dbc1c 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_actions.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_actions.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: actions +# Recipe:: mod_actions # # Copyright 2008-2013, Opscode, Inc. # @@ -17,4 +17,6 @@ # limitations under the License. # -apache_module 'actions' +apache_module 'actions' do + conf true +end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_alias.rb b/chef/cookbooks/berks/apache2/recipes/mod_alias.rb index 4825f7f..142553b 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_alias.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_alias.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: alias +# Recipe:: mod_alias # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_allowmethods.rb b/chef/cookbooks/berks/apache2/recipes/mod_allowmethods.rb new file mode 100644 index 0000000..12f9fde --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_allowmethods.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_allowmethods +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'allowmethods' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_apreq2.rb b/chef/cookbooks/berks/apache2/recipes/mod_apreq2.rb index c08f7e2..b6902e1 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_apreq2.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_apreq2.rb @@ -24,6 +24,10 @@ include_recipe 'apache2::default' case node['platform_family'] when 'debian' package 'libapache2-mod-apreq2' +when 'suse' + package 'apache2-mod_apreq2' do + notifies :run, 'execute[generate-module-list]', :immediately + end when 'rhel', 'fedora' package 'libapreq2' do notifies :run, 'execute[generate-module-list]', :immediately @@ -32,14 +36,9 @@ when 'rhel', 'fedora' # seems that the apreq lib is weirdly broken or something - it needs to be # loaded as 'apreq', but on RHEL & derivitatives the file needs a symbolic # link to mod_apreq.so. - link '/usr/lib64/httpd/modules/mod_apreq.so' do - to '/usr/lib64/httpd/modules/mod_apreq2.so' - only_if 'test -f /usr/lib64/httpd/modules/mod_apreq2.so' - end - - link '/usr/lib/httpd/modules/mod_apreq.so' do - to '/usr/lib/httpd/modules/mod_apreq2.so' - only_if 'test -f /usr/lib/httpd/modules/mod_apreq2.so' + link "#{node['apache']['libexec_dir']}/mod_apreq.so" do + to "#{node['apache']['libexec_dir']}/mod_apreq2.so" + only_if "test -f #{node['apache']['libexec_dir']}/mod_apreq2.so" end end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_asis.rb b/chef/cookbooks/berks/apache2/recipes/mod_asis.rb new file mode 100644 index 0000000..e4950e0 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_asis.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_asis +# +# Copyright 2008-2009, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'asis' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_auth_basic.rb b/chef/cookbooks/berks/apache2/recipes/mod_auth_basic.rb index 65a2cc4..3c98060 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_auth_basic.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_auth_basic.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: auth_basic +# Recipe:: mod_auth_basic # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_auth_cas.rb b/chef/cookbooks/berks/apache2/recipes/mod_auth_cas.rb index 7743d0e..8b85dab 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_auth_cas.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_auth_cas.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: auth_basic +# Recipe:: mod_auth_cas # # Copyright 2013, Opscode, Inc. # @@ -22,28 +22,28 @@ include_recipe 'apache2::default' if node['apache']['mod_auth_cas']['from_source'] package 'httpd-devel' do package_name value_for_platform_family( - %w[rhel fedora suse] => 'httpd-devel', + %w(rhel fedora suse) => 'httpd-devel', 'debian' => 'apache2-dev' ) end git '/tmp/mod_auth_cas' do repository 'git://github.com/Jasig/mod_auth_cas.git' - revision node['apache']['mod_auth_cas']['source_revision'] - notifies :run, 'execute[compile mod_auth_cas]', :immediately + revision node['apache']['mod_auth_cas']['source_revision'] + notifies :run, 'execute[compile mod_auth_cas]', :immediately end execute 'compile mod_auth_cas' do command './configure && make && make install' - cwd '/tmp/mod_auth_cas' - not_if "test -f #{node['apache']['libexecdir']}/mod_auth_cas.so" + cwd '/tmp/mod_auth_cas' + not_if "test -f #{node['apache']['libexec_dir']}/mod_auth_cas.so" end template "#{node['apache']['dir']}/mods-available/auth_cas.load" do source 'mods/auth_cas.load.erb' - owner 'root' - group node['apache']['root_group'] - mode '0644' + owner 'root' + group node['apache']['root_group'] + mode '0644' end else case node['platform_family'] @@ -69,5 +69,5 @@ end directory "#{node['apache']['cache_dir']}/mod_auth_cas" do owner node['apache']['user'] group node['apache']['group'] - mode '0700' + mode '0700' end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_auth_digest.rb b/chef/cookbooks/berks/apache2/recipes/mod_auth_digest.rb index ba91def..cfd66e2 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_auth_digest.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_auth_digest.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: auth_digest +# Recipe:: mod_auth_digest # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_auth_form.rb b/chef/cookbooks/berks/apache2/recipes/mod_auth_form.rb new file mode 100644 index 0000000..b6bfc88 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_auth_form.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_auth_form +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'auth_form' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_auth_openid.rb b/chef/cookbooks/berks/apache2/recipes/mod_auth_openid.rb index 0faecfd..07dd7d0 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_auth_openid.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_auth_openid.rb @@ -18,10 +18,11 @@ # openid_dev_pkgs = value_for_platform_family( - 'debian' => %w[automake make g++ apache2-prefork-dev libopkele-dev libopkele3 libtool], - %w[rhel fedora] => %w[gcc-c++ httpd-devel curl-devel libtidy libtidy-devel sqlite-devel pcre-devel openssl-devel make libtool], - 'arch' => %w[libopkele], - 'freebsd' => %w[libopkele pcre sqlite3] + 'debian' => %w(automake make g++ apache2-prefork-dev libopkele-dev libopkele3 libtool), + 'suse' => %w(automake make g++ apache2-prefork-dev libopkele-dev libopkele3 libtool), + %w(rhel fedora) => %w(gcc-c++ httpd-devel curl-devel libtidy libtidy-devel sqlite-devel pcre-devel openssl-devel make libtool), + 'arch' => %w(libopkele), + 'freebsd' => %w(libopkele pcre sqlite3) ) make_cmd = value_for_platform_family( @@ -31,8 +32,6 @@ make_cmd = value_for_platform_family( case node['platform_family'] when 'arch' - include_recipe 'pacman::default' - package 'tidyhtml' pacman_aur openid_dev_pkgs.first do @@ -47,8 +46,8 @@ end case node['platform_family'] when 'rhel', 'fedora' remote_file "#{Chef::Config['file_cache_path']}/libopkele-2.0.4.tar.gz" do - source 'http://kin.klever.net/dist/libopkele-2.0.4.tar.gz' - mode '0644' + source 'http://kin.klever.net/dist/libopkele-2.0.4.tar.gz' + mode '0644' checksum '57a5bc753b7e80c5ece1e5968b2051b0ce7ed9ce4329d17122c61575a9ea7648' end @@ -65,19 +64,19 @@ when 'rhel', 'fedora' end end -version = node['apache']['mod_auth_openid']['ref'] +version = node['apache']['mod_auth_openid']['version'] configure_flags = node['apache']['mod_auth_openid']['configure_flags'] remote_file "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}.tar.gz" do source node['apache']['mod_auth_openid']['source_url'] - mode '0644' + mode '0644' action :create_if_missing end directory node['apache']['mod_auth_openid']['cache_dir'] do owner node['apache']['user'] group node['apache']['group'] - mode '0700' + mode '0700' end bash 'untar mod_auth_openid' do @@ -106,16 +105,16 @@ bash 'install-mod_auth_openid' do code <<-EOH #{make_cmd} install EOH - creates "#{node['apache']['libexecdir']}/mod_auth_openid.so" + creates "#{node['apache']['libexec_dir']}/mod_auth_openid.so" notifies :restart, 'service[apache2]' - not_if "test -f #{node['apache']['libexecdir']}/mod_auth_openid.so" + not_if "test -f #{node['apache']['libexec_dir']}/mod_auth_openid.so" end template "#{node['apache']['dir']}/mods-available/authopenid.load" do source 'mods/authopenid.load.erb' - owner 'root' - group node['apache']['root_group'] - mode '0644' + owner 'root' + group node['apache']['root_group'] + mode '0644' end apache_module 'authopenid' do diff --git a/chef/cookbooks/berks/apache2/recipes/mod_authn_anon.rb b/chef/cookbooks/berks/apache2/recipes/mod_authn_anon.rb new file mode 100644 index 0000000..21750f5 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_authn_anon.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_authn_anon +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'authn_anon' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_authn_core.rb b/chef/cookbooks/berks/apache2/recipes/mod_authn_core.rb new file mode 100644 index 0000000..8b4097b --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_authn_core.rb @@ -0,0 +1,23 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_authn_core +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +if node['apache']['version'] == '2.4' + apache_module 'authn_core' +else + Chef::Log.info('Ignoring apache2::mod_authn_core. not available until apache 2.4') +end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_authn_dbd.rb b/chef/cookbooks/berks/apache2/recipes/mod_authn_dbd.rb new file mode 100644 index 0000000..281c702 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_authn_dbd.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_authn_dbd +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'authn_dbd' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_authn_dbm.rb b/chef/cookbooks/berks/apache2/recipes/mod_authn_dbm.rb new file mode 100644 index 0000000..e4c30ff --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_authn_dbm.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_authn_dbm +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'authn_dbm' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_authn_file.rb b/chef/cookbooks/berks/apache2/recipes/mod_authn_file.rb index 88dbed6..253f086 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_authn_file.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_authn_file.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: authn_file +# Recipe:: mod_authn_file # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_authn_socache.rb b/chef/cookbooks/berks/apache2/recipes/mod_authn_socache.rb new file mode 100644 index 0000000..9f1c5fe --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_authn_socache.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_authn_socache +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'authn_socache' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_authnz_ldap.rb b/chef/cookbooks/berks/apache2/recipes/mod_authnz_ldap.rb index 2e93fe2..ac23231 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_authnz_ldap.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_authnz_ldap.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: authnz_ldap +# Recipe:: mod_authnz_ldap # # Copyright 2008-2013, Opscode, Inc. # @@ -17,4 +17,6 @@ # limitations under the License. # +include_recipe 'apache2::mod_ldap' + apache_module 'authnz_ldap' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_authz_core.rb b/chef/cookbooks/berks/apache2/recipes/mod_authz_core.rb new file mode 100644 index 0000000..af58f1a --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_authz_core.rb @@ -0,0 +1,24 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_authz_core +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +if node['apache']['version'] == '2.4' + apache_module 'authz_core' +else + apache_module 'authz_default' +end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_authz_dbd.rb b/chef/cookbooks/berks/apache2/recipes/mod_authz_dbd.rb new file mode 100644 index 0000000..290e5d9 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_authz_dbd.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_authz_dbd +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'authz_dbd' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_authz_dbm.rb b/chef/cookbooks/berks/apache2/recipes/mod_authz_dbm.rb new file mode 100644 index 0000000..0b3ee9b --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_authz_dbm.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_authz_dbm +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'authz_dbm' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_authz_default.rb b/chef/cookbooks/berks/apache2/recipes/mod_authz_default.rb index 2fe45f4..d9b4cca 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_authz_default.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_authz_default.rb @@ -1,8 +1,8 @@ # # Cookbook Name:: apache2 -# Recipe:: authz_default +# Recipe:: mod_authz_default # -# Copyright 2008-2013, Opscode, Inc. +# Copyright 2013, Opscode, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,5 +16,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # - -apache_module 'authz_default' +# +log 'apache2::mod_authz_default is deprecated in favor of apache2::mod_authz_core. Please adjust your cookbooks' +include_recipe 'apache2::mod_authz_core' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_authz_groupfile.rb b/chef/cookbooks/berks/apache2/recipes/mod_authz_groupfile.rb index a2cb7bb..513faa3 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_authz_groupfile.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_authz_groupfile.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: authz_groupfile +# Recipe:: mod_authz_groupfile # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_authz_host.rb b/chef/cookbooks/berks/apache2/recipes/mod_authz_host.rb index 08e0eff..12fbac2 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_authz_host.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_authz_host.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: authz_host +# Recipe:: mod_authz_host # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_authz_owner.rb b/chef/cookbooks/berks/apache2/recipes/mod_authz_owner.rb new file mode 100644 index 0000000..4123fc8 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_authz_owner.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_authz_owner +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'authz_owner' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_authz_user.rb b/chef/cookbooks/berks/apache2/recipes/mod_authz_user.rb index a54b798..29b23bc 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_authz_user.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_authz_user.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: authz_user +# Recipe:: mod_authz_user # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_autoindex.rb b/chef/cookbooks/berks/apache2/recipes/mod_autoindex.rb index 1ec58a6..5a689ae 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_autoindex.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_autoindex.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: autoindex +# Recipe:: mod_autoindex # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_buffer.rb b/chef/cookbooks/berks/apache2/recipes/mod_buffer.rb new file mode 100644 index 0000000..939f7d9 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_buffer.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_buffer +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'buffer' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_cache.rb b/chef/cookbooks/berks/apache2/recipes/mod_cache.rb new file mode 100644 index 0000000..9ce0cb9 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_cache.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_cache +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'cache' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_cache_disk.rb b/chef/cookbooks/berks/apache2/recipes/mod_cache_disk.rb new file mode 100644 index 0000000..a26d13e --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_cache_disk.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_cache_disk +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'cache_disk' do + conf true +end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_cache_socache.rb b/chef/cookbooks/berks/apache2/recipes/mod_cache_socache.rb new file mode 100644 index 0000000..110b0f8 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_cache_socache.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_cache_socache +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'cache_socache' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_cgi.rb b/chef/cookbooks/berks/apache2/recipes/mod_cgi.rb index c67aa74..3106573 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_cgi.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_cgi.rb @@ -1,8 +1,9 @@ # # Cookbook Name:: apache2 -# Recipe:: cgi +# Recipe:: mod_cgi # # Copyright 2008-2013, Opscode, Inc. +# Copyright 2014, Viverae, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +18,9 @@ # limitations under the License. # -apache_module 'cgi' +if node['apache']['mpm'] == 'prefork' + apache_module 'cgi' +else + Chef::Log.warn "apache::mod_cgi. Your MPM #{node['apache']['mpm']} seems to be threaded. Selecting cgid instead of cgi." + apache_module 'cgid' +end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_cgid.rb b/chef/cookbooks/berks/apache2/recipes/mod_cgid.rb new file mode 100644 index 0000000..103f169 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_cgid.rb @@ -0,0 +1,23 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_cgid +# +# Copyright 2013, OneHealth Solutions, Inc. +# Copyright 2014, Viverae, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'cgid' do + conf true +end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_charset_lite.rb b/chef/cookbooks/berks/apache2/recipes/mod_charset_lite.rb new file mode 100644 index 0000000..a1db83c --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_charset_lite.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_charset_lite +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'charset_lite' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_cloudflare.rb b/chef/cookbooks/berks/apache2/recipes/mod_cloudflare.rb index 87a23ef..5755a66 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_cloudflare.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_cloudflare.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: cloudflare +# Recipe:: mod_cloudflare # # Copyright 2008-2013, Opscode, Inc. # @@ -18,11 +18,11 @@ # apt_repository 'cloudflare' do - uri 'http://pkg.cloudflare.com' + uri 'http://pkg.cloudflare.com' distribution node['lsb']['codename'] - components ['main'] - key 'http://pkg.cloudflare.com/pubkey.gpg' - action :add + components ['main'] + key 'http://pkg.cloudflare.com/pubkey.gpg' + action :add end package 'libapache2-mod-cloudflare' do diff --git a/chef/cookbooks/berks/apache2/recipes/mod_data.rb b/chef/cookbooks/berks/apache2/recipes/mod_data.rb new file mode 100644 index 0000000..6ea7c47 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_data.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_data +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'data' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_dav.rb b/chef/cookbooks/berks/apache2/recipes/mod_dav.rb index 504c255..98f2b52 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_dav.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_dav.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: dav +# Recipe:: mod_dav # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_dav_fs.rb b/chef/cookbooks/berks/apache2/recipes/mod_dav_fs.rb index 939594b..cecd43d 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_dav_fs.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_dav_fs.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: dav_fs +# Recipe:: mod_dav_fs # # Copyright 2011-2013, Atriso # @@ -18,4 +18,6 @@ # include_recipe 'apache2::mod_dav' -apache_module 'dav_fs' +apache_module 'dav_fs' do + conf true +end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_dav_lock.rb b/chef/cookbooks/berks/apache2/recipes/mod_dav_lock.rb new file mode 100644 index 0000000..e73e708 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_dav_lock.rb @@ -0,0 +1,21 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_dav_lock +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe 'apache2::mod_dav' +apache_module 'dav_lock' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_dav_svn.rb b/chef/cookbooks/berks/apache2/recipes/mod_dav_svn.rb index bcd8b00..b7487f5 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_dav_svn.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_dav_svn.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: dav_svn +# Recipe:: mod_dav_svn # # Copyright 2008-2009, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_dbd.rb b/chef/cookbooks/berks/apache2/recipes/mod_dbd.rb new file mode 100644 index 0000000..c5f9f4a --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_dbd.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_dbd +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'dbd' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_deflate.rb b/chef/cookbooks/berks/apache2/recipes/mod_deflate.rb index c876086..f98556f 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_deflate.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_deflate.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: deflate +# Recipe:: mod_deflate # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_dialup.rb b/chef/cookbooks/berks/apache2/recipes/mod_dialup.rb new file mode 100644 index 0000000..75d271d --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_dialup.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_dialup +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'dialup' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_dir.rb b/chef/cookbooks/berks/apache2/recipes/mod_dir.rb index f2a33c8..5c46ec3 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_dir.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_dir.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: dir +# Recipe:: mod_dir # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_dump_io.rb b/chef/cookbooks/berks/apache2/recipes/mod_dump_io.rb new file mode 100644 index 0000000..46015e4 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_dump_io.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_dump_io +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'dumpio' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_echo.rb b/chef/cookbooks/berks/apache2/recipes/mod_echo.rb new file mode 100644 index 0000000..b8aeb21 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_echo.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_echo +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'echo' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_env.rb b/chef/cookbooks/berks/apache2/recipes/mod_env.rb index 10a8029..b94b00b 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_env.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_env.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: env +# Recipe:: mod_env # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_expires.rb b/chef/cookbooks/berks/apache2/recipes/mod_expires.rb index 52a637e..bf4382a 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_expires.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_expires.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: expires +# Recipe:: mod_expires # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_ext_filter.rb b/chef/cookbooks/berks/apache2/recipes/mod_ext_filter.rb new file mode 100644 index 0000000..c8b27bb --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_ext_filter.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_ext_filter +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'ext_filter' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_fastcgi.rb b/chef/cookbooks/berks/apache2/recipes/mod_fastcgi.rb index d53cbf0..ddc00ee 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_fastcgi.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_fastcgi.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: fastcgi +# Recipe:: mod_fastcgi # # Copyright 2008-2013, Opscode, Inc. # @@ -20,7 +20,7 @@ if platform_family?('debian') package 'libapache2-mod-fastcgi' elsif platform_family?('rhel') - %w[gcc make libtool httpd-devel apr-devel apr].each do |package| + %w(gcc make libtool httpd-devel apr-devel apr).each do |package| yum_package package do action :upgrade end @@ -29,15 +29,15 @@ elsif platform_family?('rhel') src_filepath = "#{Chef::Config['file_cache_path']}/fastcgi.tar.gz" remote_file 'download fastcgi source' do source node['apache']['mod_fastcgi']['download_url'] - path src_filepath + path src_filepath backup false end top_dir = node['apache']['lib_dir'] bash 'compile fastcgi source' do notifies :run, 'execute[generate-module-list]', :immediately - not_if "test -f #{node['apache']['dir']}/mods-available/fastcgi.conf" - cwd ::File.dirname(src_filepath) + not_if "test -f #{node['apache']['dir']}/mods-available/fastcgi.conf" + cwd ::File.dirname(src_filepath) code <<-EOH tar zxf #{::File.basename(src_filepath)} && cd mod_fastcgi-* && diff --git a/chef/cookbooks/berks/apache2/recipes/mod_fcgid.rb b/chef/cookbooks/berks/apache2/recipes/mod_fcgid.rb index dcb81a4..128cc70 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_fcgid.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_fcgid.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: fcgid +# Recipe:: mod_fcgid # # Copyright 2008-2013, Opscode, Inc. # @@ -30,6 +30,8 @@ elsif platform_family?('rhel', 'fedora') end directory '/var/run/httpd/mod_fcgid' do + owner node['apache']['user'] + group node['apache']['group'] recursive true only_if { node['platform_version'].to_i >= 6 } end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_file_cache.rb b/chef/cookbooks/berks/apache2/recipes/mod_file_cache.rb new file mode 100644 index 0000000..984554e --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_file_cache.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_file_cache +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'file_cache' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_filter.rb b/chef/cookbooks/berks/apache2/recipes/mod_filter.rb index cf1f00e..ec6c2fb 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_filter.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_filter.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: filter +# Recipe:: mod_filter # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_headers.rb b/chef/cookbooks/berks/apache2/recipes/mod_headers.rb index 8aa9850..1cc93b5 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_headers.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_headers.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: headers +# Recipe:: mod_headers # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_heartbeat.rb b/chef/cookbooks/berks/apache2/recipes/mod_heartbeat.rb new file mode 100644 index 0000000..1e7f8ca --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_heartbeat.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_heartbeat +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'heartbeat' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_heartmonitor.rb b/chef/cookbooks/berks/apache2/recipes/mod_heartmonitor.rb new file mode 100644 index 0000000..c017be2 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_heartmonitor.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_heartmonitor +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'heartmonitor' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_include.rb b/chef/cookbooks/berks/apache2/recipes/mod_include.rb index 237270c..dcc4187 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_include.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_include.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: include +# Recipe:: mod_include # # Copyright 2012-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_info.rb b/chef/cookbooks/berks/apache2/recipes/mod_info.rb index 093e59f..c9c6a13 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_info.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_info.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: info +# Recipe:: mod_info # # Copyright 2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_lbmethod_bybusyness.rb b/chef/cookbooks/berks/apache2/recipes/mod_lbmethod_bybusyness.rb new file mode 100644 index 0000000..ebb1b2f --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_lbmethod_bybusyness.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_lbmethod_bybusyness +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'lbmethod_bybusyness' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_lbmethod_byrequests.rb b/chef/cookbooks/berks/apache2/recipes/mod_lbmethod_byrequests.rb new file mode 100644 index 0000000..caa4778 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_lbmethod_byrequests.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_lbmethod_byrequests +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'lbmethod_byrequests' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_lbmethod_bytraffic.rb b/chef/cookbooks/berks/apache2/recipes/mod_lbmethod_bytraffic.rb new file mode 100644 index 0000000..0960078 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_lbmethod_bytraffic.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_lbmethod_bytraffic +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'lbmethod_bytraffic' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_lbmethod_heartbeat.rb b/chef/cookbooks/berks/apache2/recipes/mod_lbmethod_heartbeat.rb new file mode 100644 index 0000000..0d8064a --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_lbmethod_heartbeat.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_lbmethod_heartbeat +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'lbmethod_heartbeat' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_ldap.rb b/chef/cookbooks/berks/apache2/recipes/mod_ldap.rb index ec62466..2308066 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_ldap.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_ldap.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: ldap +# Recipe:: mod_ldap # # Copyright 2008-2013, Opscode, Inc. # @@ -17,4 +17,6 @@ # limitations under the License. # -apache_module 'ldap' +apache_module 'ldap' do + conf true +end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_log_config.rb b/chef/cookbooks/berks/apache2/recipes/mod_log_config.rb index 529c5f5..36df6c4 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_log_config.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_log_config.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: log_config +# Recipe:: mod_log_config # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_log_debug.rb b/chef/cookbooks/berks/apache2/recipes/mod_log_debug.rb new file mode 100644 index 0000000..17ee6c4 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_log_debug.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_log_debug +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'log_debug' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_log_forensic.rb b/chef/cookbooks/berks/apache2/recipes/mod_log_forensic.rb new file mode 100644 index 0000000..61370e2 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_log_forensic.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_log_forensic +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'log_forensic' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_logio.rb b/chef/cookbooks/berks/apache2/recipes/mod_logio.rb index efdf512..15f864c 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_logio.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_logio.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: logio +# Recipe:: mod_logio # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_lua.rb b/chef/cookbooks/berks/apache2/recipes/mod_lua.rb new file mode 100644 index 0000000..6065c79 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_lua.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_lua +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'lua' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_macro.rb b/chef/cookbooks/berks/apache2/recipes/mod_macro.rb new file mode 100644 index 0000000..88563c9 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_macro.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_macro +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'macro' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_mime.rb b/chef/cookbooks/berks/apache2/recipes/mod_mime.rb index 1727277..9618af7 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_mime.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_mime.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: mime +# Recipe:: mod_mime # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_mime_magic.rb b/chef/cookbooks/berks/apache2/recipes/mod_mime_magic.rb new file mode 100644 index 0000000..751d1dd --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_mime_magic.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_mime_magic +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'mime_magic' do + conf true +end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_negotiation.rb b/chef/cookbooks/berks/apache2/recipes/mod_negotiation.rb index 68a856c..3b0f29e 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_negotiation.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_negotiation.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: negotiation +# Recipe:: mod_negotiation # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_pagespeed.rb b/chef/cookbooks/berks/apache2/recipes/mod_pagespeed.rb index 13f39bd..f479d68 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_pagespeed.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_pagespeed.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: default +# Recipe:: mod_pagespeed # # Copyright 2013, ZOZI # @@ -33,5 +33,5 @@ if platform_family?('debian') conf true end else - Chef::Log.warn "apache::mod_pagespeed does not support #{node["platform_family"]} yet, and is not being installed" + Chef::Log.warn "apache::mod_pagespeed does not support #{node['platform_family']} yet, and is not being installed" end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_perl.rb b/chef/cookbooks/berks/apache2/recipes/mod_perl.rb index 23bad4a..77849ad 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_perl.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_perl.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: perl +# Recipe:: mod_perl # # adapted from the mod_python recipe by Jeremy Bingham # @@ -21,15 +21,28 @@ case node['platform_family'] when 'debian' - %w[libapache2-mod-perl2 libapache2-request-perl apache2-mpm-prefork].each do |pkg| + %w(libapache2-mod-perl2 libapache2-request-perl apache2-mpm-prefork).each do |pkg| package pkg end +when 'suse' + package 'apache2-mod_perl' do + notifies :run, 'execute[generate-module-list]', :immediately + end + + package 'perl-Apache2-Request' when 'rhel', 'fedora' package 'mod_perl' do notifies :run, 'execute[generate-module-list]', :immediately end package 'perl-libapreq2' +when 'freebsd' + if node['apache']['version'] == '2.4' + package 'ap24-mod_perl2' + else + package 'ap22-mod_perl2' + end + package 'p5-libapreq2' end file "#{node['apache']['dir']}/conf.d/perl.conf" do diff --git a/chef/cookbooks/berks/apache2/recipes/mod_php5.rb b/chef/cookbooks/berks/apache2/recipes/mod_php5.rb index d5dee6d..c4d8200 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_php5.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_php5.rb @@ -1,8 +1,10 @@ # # Cookbook Name:: apache2 -# Recipe:: php5 +# Recipe:: mod_php5 # # Copyright 2008-2013, Opscode, Inc. +# Copyright 2014, OneHealth Solutions, Inc. +# Copyright 2014, Viverae, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +19,12 @@ # limitations under the License. # +if node['apache']['mpm'] != 'prefork' + Chef::Log.warn('apache2::mod_php5 generally is expected to be run under a non-threaded MPM, such as prefork') + Chef::Log.warn('See http://php.net/manual/en/faq.installation.php#faq.installation.apache2') + Chef::Log.warn("Currently the apache2 cookbook is configured to use the '#{node['apache']['mpm']}' MPM") +end + case node['platform_family'] when 'debian' package 'libapache2-mod-php5' @@ -26,7 +34,6 @@ when 'arch' end when 'rhel' package 'which' - package 'php package' do if node['platform_version'].to_f < 6.0 package_name 'php53' @@ -37,23 +44,22 @@ when 'rhel' not_if 'which php' end when 'fedora' - package 'php package' do - package_name 'php' + package 'which' + package 'php' do notifies :run, 'execute[generate-module-list]', :immediately not_if 'which php' end -when 'freebsd' - freebsd_port_options 'php5' do - options 'APACHE' => true - action :create - end - - package 'php package' do - package_name 'php5' - source 'ports' +when 'suse' + package 'which' + package 'php' do notifies :run, 'execute[generate-module-list]', :immediately + not_if 'which php' end -end +when 'freebsd' + %w(php5 mod_php5 libxml2).each do |pkg| + package pkg + end +end unless node['apache']['mod_php5']['install_method'] == 'source' file "#{node['apache']['dir']}/conf.d/php.conf" do action :delete @@ -61,9 +67,6 @@ file "#{node['apache']['dir']}/conf.d/php.conf" do end apache_module 'php5' do - case node['platform_family'] - when 'rhel', 'fedora', 'freebsd' - conf true - filename 'libphp5.so' - end + conf true + filename 'libphp5.so' end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_proxy.rb b/chef/cookbooks/berks/apache2/recipes/mod_proxy.rb index 8cb5554..d6ca10a 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_proxy.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_proxy.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: proxy +# Recipe:: mod_proxy # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_proxy_ajp.rb b/chef/cookbooks/berks/apache2/recipes/mod_proxy_ajp.rb index 0d80bbe..6ccc7f2 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_proxy_ajp.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_proxy_ajp.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: proxy +# Recipe:: mod_proxy_ajp # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_proxy_balancer.rb b/chef/cookbooks/berks/apache2/recipes/mod_proxy_balancer.rb index 85646e7..c4deac4 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_proxy_balancer.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_proxy_balancer.rb @@ -1,8 +1,9 @@ # # Cookbook Name:: apache2 -# Recipe:: proxy +# Recipe:: mod_proxy_balancer # # Copyright 2008-2013, Opscode, Inc. +# Copyright 2014, OneHealth Solutions, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,4 +18,10 @@ # limitations under the License. # -apache_module 'proxy_balancer' +if !platform_family?('freebsd') && node['apache']['version'] == '2.4' + include_recipe 'apache2::mod_slotmem_shm' +end + +apache_module 'proxy_balancer' do + conf true +end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_proxy_connect.rb b/chef/cookbooks/berks/apache2/recipes/mod_proxy_connect.rb index bece099..e77c656 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_proxy_connect.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_proxy_connect.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: proxy +# Recipe:: mod_proxy_connect # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_proxy_express.rb b/chef/cookbooks/berks/apache2/recipes/mod_proxy_express.rb new file mode 100644 index 0000000..5f28763 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_proxy_express.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_proxy_express +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'proxy_express' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_proxy_fcgi.rb b/chef/cookbooks/berks/apache2/recipes/mod_proxy_fcgi.rb new file mode 100644 index 0000000..e265546 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_proxy_fcgi.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_proxy_fcgi +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'proxy_fcgi' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_proxy_fdpass.rb b/chef/cookbooks/berks/apache2/recipes/mod_proxy_fdpass.rb new file mode 100644 index 0000000..58d7bb3 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_proxy_fdpass.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_proxy_fdpass +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'proxy_fdpass' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_proxy_ftp.rb b/chef/cookbooks/berks/apache2/recipes/mod_proxy_ftp.rb new file mode 100644 index 0000000..9e3ca10 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_proxy_ftp.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_proxy_ftp +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'proxy_ftp' do + conf true +end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_proxy_html.rb b/chef/cookbooks/berks/apache2/recipes/mod_proxy_html.rb new file mode 100644 index 0000000..611d09f --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_proxy_html.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_proxy_html +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'proxy_html' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_proxy_http.rb b/chef/cookbooks/berks/apache2/recipes/mod_proxy_http.rb index 1d75d36..95cba08 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_proxy_http.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_proxy_http.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: proxy_http +# Recipe:: mod_proxy_http # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_proxy_scgi.rb b/chef/cookbooks/berks/apache2/recipes/mod_proxy_scgi.rb new file mode 100644 index 0000000..60a84ae --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_proxy_scgi.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_proxy_scgi +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'proxy_scgi' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_proxy_wstunnel.rb b/chef/cookbooks/berks/apache2/recipes/mod_proxy_wstunnel.rb new file mode 100644 index 0000000..8e9dcae --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_proxy_wstunnel.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_proxy_wstunnel +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'proxy_wstunnel' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_python.rb b/chef/cookbooks/berks/apache2/recipes/mod_python.rb index 5f50485..f42f466 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_python.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_python.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: python +# Recipe:: mod_python # # Copyright 2008-2013, Opscode, Inc. # @@ -20,10 +20,20 @@ case node['platform_family'] when 'debian' package 'libapache2-mod-python' +when 'suse' + package 'apache2-mod_python' do + notifies :run, 'execute[generate-module-list]', :immediately + end when 'rhel', 'fedora' package 'mod_python' do notifies :run, 'execute[generate-module-list]', :immediately end +when 'freebsd' + if node['apache']['version'] == '2.4' + package 'ap24-mod_python35' + else + package 'ap22-mod_python35' + end end file "#{node['apache']['dir']}/conf.d/python.conf" do diff --git a/chef/cookbooks/berks/apache2/recipes/mod_ratelimit.rb b/chef/cookbooks/berks/apache2/recipes/mod_ratelimit.rb new file mode 100644 index 0000000..d66111d --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_ratelimit.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_ratelimit +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'ratelimit' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_reflector.rb b/chef/cookbooks/berks/apache2/recipes/mod_reflector.rb new file mode 100644 index 0000000..3645e78 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_reflector.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_reflector +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'reflector' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_remoteip.rb b/chef/cookbooks/berks/apache2/recipes/mod_remoteip.rb new file mode 100644 index 0000000..fd6d313 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_remoteip.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_remoteip +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'remoteip' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_reqtimeout.rb b/chef/cookbooks/berks/apache2/recipes/mod_reqtimeout.rb new file mode 100644 index 0000000..29f4ee1 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_reqtimeout.rb @@ -0,0 +1,22 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_reqtimeout +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'reqtimeout' do + conf true +end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_request.rb b/chef/cookbooks/berks/apache2/recipes/mod_request.rb new file mode 100644 index 0000000..7a036e4 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_request.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_request +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'request' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_rewrite.rb b/chef/cookbooks/berks/apache2/recipes/mod_rewrite.rb index 651fadf..297f6c1 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_rewrite.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_rewrite.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: rewrite +# Recipe:: mod_rewrite # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_sed.rb b/chef/cookbooks/berks/apache2/recipes/mod_sed.rb new file mode 100644 index 0000000..ede8049 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_sed.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_sed +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'sed' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_session.rb b/chef/cookbooks/berks/apache2/recipes/mod_session.rb new file mode 100644 index 0000000..92093f5 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_session.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_session +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'session' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_session_cookie.rb b/chef/cookbooks/berks/apache2/recipes/mod_session_cookie.rb new file mode 100644 index 0000000..a416248 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_session_cookie.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_session_cookie +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'session_cookie' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_session_crypto.rb b/chef/cookbooks/berks/apache2/recipes/mod_session_crypto.rb new file mode 100644 index 0000000..002c551 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_session_crypto.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_session_crypto +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'session_crypto' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_session_dbd.rb b/chef/cookbooks/berks/apache2/recipes/mod_session_dbd.rb new file mode 100644 index 0000000..74a7e72 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_session_dbd.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_session_dbd +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'session_dbd' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_setenvif.rb b/chef/cookbooks/berks/apache2/recipes/mod_setenvif.rb index fab9819..27078ae 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_setenvif.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_setenvif.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: setenvif +# Recipe:: mod_setenvif # # Copyright 2008-2013, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_slotmem_plain.rb b/chef/cookbooks/berks/apache2/recipes/mod_slotmem_plain.rb new file mode 100644 index 0000000..acc1545 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_slotmem_plain.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_slotmem_plain +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'slotmem_plain' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_slotmem_shm.rb b/chef/cookbooks/berks/apache2/recipes/mod_slotmem_shm.rb new file mode 100644 index 0000000..d2c45eb --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_slotmem_shm.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_slotmem_shm +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'slotmem_shm' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_socache_dbm.rb b/chef/cookbooks/berks/apache2/recipes/mod_socache_dbm.rb new file mode 100644 index 0000000..37a6ff2 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_socache_dbm.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_socache_dbm +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'socache_dbm' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_socache_memcache.rb b/chef/cookbooks/berks/apache2/recipes/mod_socache_memcache.rb new file mode 100644 index 0000000..6c91060 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_socache_memcache.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_socache_memcache +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'socache_memcache' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_socache_shmcb.rb b/chef/cookbooks/berks/apache2/recipes/mod_socache_shmcb.rb new file mode 100644 index 0000000..eac6522 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_socache_shmcb.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_socache_shmcb +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'socache_shmcb' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_speling.rb b/chef/cookbooks/berks/apache2/recipes/mod_speling.rb new file mode 100644 index 0000000..0c76d04 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_speling.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_speling +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'speling' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_ssl.rb b/chef/cookbooks/berks/apache2/recipes/mod_ssl.rb index dc2cb69..419c39f 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_ssl.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_ssl.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: ssl +# Recipe:: mod_ssl # # Copyright 2008-2013, Opscode, Inc. # @@ -20,6 +20,8 @@ unless node['apache']['listen_ports'].include?('443') node.set['apache']['listen_ports'] = node['apache']['listen_ports'] + ['443'] end +include_recipe 'apache2::default' + if platform_family?('rhel', 'fedora', 'suse') package 'mod_ssl' do notifies :run, 'execute[generate-module-list]', :immediately @@ -32,12 +34,16 @@ if platform_family?('rhel', 'fedora', 'suse') end template 'ssl_ports.conf' do - path "#{node['apache']['dir']}/ports.conf" - source 'ports.conf.erb' - mode '0644' - notifies :restart, 'service[apache2]' + path "#{node['apache']['dir']}/ports.conf" + source 'ports.conf.erb' + mode '0644' + notifies :restart, 'service[apache2]', :delayed end apache_module 'ssl' do conf true end + +if node['apache']['version'] == '2.4' + include_recipe 'apache2::mod_socache_shmcb' +end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_status.rb b/chef/cookbooks/berks/apache2/recipes/mod_status.rb index 2f1cc2a..aced9cd 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_status.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_status.rb @@ -1,6 +1,6 @@ # # Cookbook Name:: apache2 -# Recipe:: status +# Recipe:: mod_status # # Copyright 2008-2012, Opscode, Inc. # diff --git a/chef/cookbooks/berks/apache2/recipes/mod_substitute.rb b/chef/cookbooks/berks/apache2/recipes/mod_substitute.rb new file mode 100644 index 0000000..393e3fc --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_substitute.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_substitute +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'substitute' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_suexec.rb b/chef/cookbooks/berks/apache2/recipes/mod_suexec.rb new file mode 100644 index 0000000..75172aa --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_suexec.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_suexec +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'suexec' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_systemd.rb b/chef/cookbooks/berks/apache2/recipes/mod_systemd.rb new file mode 100644 index 0000000..41a5895 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_systemd.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_systemd +# +# Copyright 2008-2013, Opscode, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'systemd' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_unique_id.rb b/chef/cookbooks/berks/apache2/recipes/mod_unique_id.rb new file mode 100644 index 0000000..cf3fbf4 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_unique_id.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_unique_id +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'unique_id' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_unixd.rb b/chef/cookbooks/berks/apache2/recipes/mod_unixd.rb new file mode 100644 index 0000000..d41654b --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_unixd.rb @@ -0,0 +1,25 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_unixd +# +# Copyright 2014, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# on platform_family debian this module is staticly linked into apache2 +if node['apache']['version'] == '2.4' && !platform_family?('debian') + apache_module 'unixd' +else + log 'Ignoring apache2::mod_unixd. Not available until apache 2.4' +end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_userdir.rb b/chef/cookbooks/berks/apache2/recipes/mod_userdir.rb index 8ad4f82..2ccdf58 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_userdir.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_userdir.rb @@ -17,4 +17,6 @@ # limitations under the License. # -apache_module 'userdir' +apache_module 'userdir' do + conf true +end diff --git a/chef/cookbooks/berks/apache2/recipes/mod_usertrack.rb b/chef/cookbooks/berks/apache2/recipes/mod_usertrack.rb new file mode 100644 index 0000000..6462ee3 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_usertrack.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_usertrack +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'usertrack' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_vhost_alias.rb b/chef/cookbooks/berks/apache2/recipes/mod_vhost_alias.rb new file mode 100644 index 0000000..a56ecab --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_vhost_alias.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_vhost_alias +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'vhost_alias' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_xml2enc.rb b/chef/cookbooks/berks/apache2/recipes/mod_xml2enc.rb new file mode 100644 index 0000000..76ab418 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mod_xml2enc.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mod_xml2enc +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module 'xml2enc' diff --git a/chef/cookbooks/berks/apache2/recipes/mod_xsendfile.rb b/chef/cookbooks/berks/apache2/recipes/mod_xsendfile.rb index 1ed99e8..8000984 100644 --- a/chef/cookbooks/berks/apache2/recipes/mod_xsendfile.rb +++ b/chef/cookbooks/berks/apache2/recipes/mod_xsendfile.rb @@ -18,6 +18,10 @@ # case node['platform_family'] +when 'suse' + package 'apache2-mod_xsendfile' do + notifies :run, 'execute[generate-module-list]', :immediately + end when 'debian' package 'libapache2-mod-xsendfile' when 'rhel', 'fedora' diff --git a/chef/cookbooks/berks/apache2/recipes/mpm_event.rb b/chef/cookbooks/berks/apache2/recipes/mpm_event.rb new file mode 100644 index 0000000..5019a09 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mpm_event.rb @@ -0,0 +1,27 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mpm_event +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module('mpm_itk') { enable false } +apache_module('mpm_prefork') { enable false } +apache_module('mpm_worker') { enable false } + +apache_module 'mpm_event' do + conf true + restart true +end diff --git a/chef/cookbooks/berks/apache2/recipes/mpm_prefork.rb b/chef/cookbooks/berks/apache2/recipes/mpm_prefork.rb new file mode 100644 index 0000000..69c2102 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mpm_prefork.rb @@ -0,0 +1,27 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mpm_prefork +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module('mpm_itk') { enable false } +apache_module('mpm_event') { enable false } +apache_module('mpm_worker') { enable false } + +apache_module 'mpm_prefork' do + conf true + restart true +end diff --git a/chef/cookbooks/berks/apache2/recipes/mpm_worker.rb b/chef/cookbooks/berks/apache2/recipes/mpm_worker.rb new file mode 100644 index 0000000..d04d7b5 --- /dev/null +++ b/chef/cookbooks/berks/apache2/recipes/mpm_worker.rb @@ -0,0 +1,27 @@ +# +# Cookbook Name:: apache2 +# Recipe:: mpm_worker +# +# Copyright 2013, OneHealth Solutions, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +apache_module('mpm_itk') { enable false } +apache_module('mpm_event') { enable false } +apache_module('mpm_prefork') { enable false } + +apache_module 'mpm_worker' do + conf true + restart true +end diff --git a/chef/cookbooks/berks/apache2/templates/default/a2disconf.erb b/chef/cookbooks/berks/apache2/templates/default/a2disconf.erb new file mode 100644 index 0000000..6c2c262 --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/a2disconf.erb @@ -0,0 +1,532 @@ +#!/usr/bin/perl -w +# +# a2enmod by Stefan Fritsch +# Licensed under Apache License 2.0 +# +# The coding style is "perltidy -pbp" + +use strict; +use Cwd 'realpath'; +use File::Spec; +use File::Basename; +use File::Path; +use Getopt::Long; + +my $quiet; +my $force; +my $maintmode; +my $purge; + +Getopt::Long::Configure('bundling'); +GetOptions( + 'quiet|q' => \$quiet, + 'force|f' => \$force, + 'maintmode|m' => \$maintmode, + 'purge|p' => \$purge +) or exit 2; + +my $basename = basename($0); +$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/ + or die "$basename call name unknown\n"; +my $act = $1; +my $obj = $2; +my $dir_suffix = $3; + +my $env_file = $ENV{APACHE_ENVVARS} + || ( + $ENV{APACHE_CONFDIR} + ? "$ENV{APACHE_CONFDIR}/envvars" + : "<%= node['apache']['dir'] %>$dir_suffix/envvars" + ); +$ENV{LANG} = 'C'; +read_env_file($env_file); + +$act .= 'able'; +my ( $name, $dir, $sffx, $reload ); +if ( $obj eq 'mod' ) { + $obj = 'module'; + $dir = 'mods'; + $sffx = '.load'; + $reload = 'restart'; +} +elsif ( $obj eq 'conf' ) { + $obj = 'conf'; + $dir = 'conf'; + $sffx = '.conf'; + $reload = 'reload'; +} +else { + $dir = 'sites'; + $sffx = '.conf'; + $reload = 'reload'; +} +$name = ucfirst($obj); + +my $confdir = $ENV{APACHE_CONFDIR} || "<%= node['apache']['dir'] %>$dir_suffix"; +my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") } + || "$confdir/$dir-available"; +my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled"; +my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "<%= node['apache']['lib_dir'] %>"; + +$statedir .= "/$obj"; + +my $choicedir = $act eq 'enable' ? $availdir : $enabldir; +my $linkdir = File::Spec->abs2rel( $availdir, $enabldir ); + +my $request_reload = 0; + +my $rc = 0; + +if ( !scalar @ARGV ) { + my @choices = myglob('*'); + print "Your choices are: @choices\n"; + print "Which ${obj}(s) do you want to $act (wildcards ok)?\n"; + my $input = <>; + @ARGV = split /\s+/, $input; + +} + +my @objs; +foreach my $arg (@ARGV) { + $arg =~ s/${sffx}$//; + my @glob = myglob($arg); + if ( !@glob ) { + error("No $obj found matching $arg!\n"); + $rc = 1; + } + else { + push @objs, @glob; + } +} + +foreach my $acton (@objs) { + doit($acton) or $rc = 1; +} + +info( + "To activate the new configuration, you need to run:\n service apache2 $reload\n" +) if $request_reload; + +exit($rc); + +############################################################################## + +sub myglob { + my $arg = shift; + + my @glob = map { + s{^$choicedir/}{}; + s{$sffx$}{}; + $_ + } glob("$choicedir/$arg$sffx"); + + return @glob; +} + +sub doit { + my $acton = shift; + + my ( $conftgt, $conflink ); + if ( $obj eq 'module' ) { + if ( $acton eq 'cgi' && threaded() ) { + print + "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n"; + $acton = 'cgid'; + } + + $conftgt = "$availdir/$acton.conf"; + if ( -e $conftgt ) { + $conflink = "$enabldir/$acton.conf"; + } + } + + my $tgt = "$availdir/$acton$sffx"; + my $link = "$enabldir/$acton$sffx"; + + if ( !-e $tgt ) { + if ( -l $link && !-e $link ) { + if ( $act eq 'disable' ) { + info("removing dangling symlink $link\n"); + unlink($link); + + # force a .conf path. It may exist as dangling link, too + $conflink = "$enabldir/$acton.conf"; + + if ( -l $conflink && !-e $conflink ) { + info("removing dangling symlink $conflink\n"); + unlink($conflink); + } + + return 1; + } + else { + error("$link is a dangling symlink!\n"); + } + } + + if ( $purge ) { + switch_marker( $obj, $act, $acton ); + # exit silently, we are purging anyway + return 1; + } + + error("$name $acton does not exist!\n"); + return 0; + } + + # handle module dependencies + if ( $obj eq 'module' ) { + if ( $act eq 'enable' ) { + if ( $acton eq 'mpm_itk' ) { + warning( "MPM_ITK is a third party module that is not part " + . "of the official Apache HTTPD. It has seen less " + . "testing than the official MPM modules." ); + } + my @depends = get_deps("$availdir/$acton.load"); + do_deps( $acton, @depends ) or return 0; + + my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" ); + check_conflicts( $acton, @conflicts ) or return 0; + } + else { + my @depending; + foreach my $d ( glob("$enabldir/*.load") ) { + my @deps = get_deps($d); + if ( is_in( $acton, @deps ) ) { + $d =~ m,/([^/]+).load$,; + push @depending, $1; + } + } + if ( scalar @depending ) { + if ($force) { + do_deps( $acton, @depending ) or return 0; + } + else { + error( + "The following modules depend on $acton ", + "and need to be disabled first: @depending\n" + ); + return 0; + } + } + } + } + elsif ( $act eq 'enable' ) { + my @depends = get_deps("$availdir/$acton$sffx"); + warn_deps( $acton, @depends ) or return 0; + } + + if ( $act eq 'enable' ) { + my $check = check_link( $tgt, $link ); + if ( $check eq 'ok' ) { + if ($conflink) { + + # handle .conf file + my $confcheck = check_link( $conftgt, $conflink ); + if ( $confcheck eq 'ok' ) { + info("$name $acton already enabled\n"); + return 1; + } + elsif ( $confcheck eq 'missing' ) { + print "Enabling config file $acton.conf.\n"; + add_link( $conftgt, $conflink ) or return 0; + } + else { + error( + "Config file $acton.conf not properly enabled: $confcheck\n" + ); + return 0; + } + } + else { + info("$name $acton already enabled\n"); + return 1; + } + } + elsif ( $check eq 'missing' ) { + if ($conflink) { + + # handle .conf file + my $confcheck = check_link( $conftgt, $conflink ); + if ( $confcheck eq 'missing' ) { + add_link( $conftgt, $conflink ) or return 0; + } + elsif ( $confcheck ne 'ok' ) { + error( + "Config file $acton.conf not properly enabled: $confcheck\n" + ); + return 0; + } + } + + print "Enabling $obj $acton.\n"; + if ( $acton eq 'ssl' ) { + info( "See /usr/share/doc/apache2/README.Debian.gz on " + . "how to configure SSL and create self-signed certificates.\n" + ); + } + return add_link( $tgt, $link ) + && switch_marker( $obj, $act, $acton ); + } + else { + error("$name $acton not properly enabled: $check\n"); + return 0; + } + } + else { + if ( -e $link || -l $link ) { + remove_link($link); + if ( $conflink && -e $conflink ) { + remove_link($conflink); + } + switch_marker( $obj, $act, $acton ); + print "$name $acton disabled.\n"; + } + elsif ( $conflink && -e $conflink ) { + print "Disabling stale config file $acton.conf.\n"; + remove_link($conflink); + } + else { + info("$name $acton already disabled\n"); + if ( $purge ) { + switch_marker( $obj, $act, $acton ); + } + return 1; + } + } + + return 1; +} + +sub get_deps { + my $file = shift; + my $type = shift || "Depends"; + + my $fd; + if ( !open( $fd, '<', $file ) ) { + error("Can't open $file: $!"); + return; + } + my $line; + while ( defined( $line = <$fd> ) ) { + chomp $line; + if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) { + my $deps = $1; + return split( /[\n\s]+/, $deps ); + } + + # only check until the first non-empty non-comment line + last if ( $line !~ /^\s*(?:#.*)?$/ ); + } + return; +} + +sub do_deps { + my $acton = shift; + foreach my $d (@_) { + info("Considering dependency $d for $acton:\n"); + if ( !doit($d) ) { + error("Could not $act dependency $d for $acton, aborting\n"); + return 0; + } + } + return 1; +} + +sub warn_deps { + my $acton = shift; + my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled"; + foreach my $d (@_) { + info("Checking dependency $d for $acton:\n"); + if ( !-e "$modsenabldir/$d.load" ) { + warning( + "Module $d is not enabled, but $acton depends on it, aborting\n" + ); + return 0; + } + } + return 1; +} + +sub check_conflicts { + my $acton = shift; + my $haderror = 0; + foreach my $d (@_) { + info("Considering conflict $d for $acton:\n"); + + my $tgt = "$availdir/$d$sffx"; + my $link = "$enabldir/$d$sffx"; + + my $confcheck = check_link( $tgt, $link ); + if ( $confcheck eq 'ok' ) { + error( + "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n" + ); + + # Don't return immediately, there could be several conflicts + $haderror++; + } + } + + if ($haderror) { + return 0; + } + + return 1; +} + +sub add_link { + my ( $tgt, $link ) = @_; + + # create relative link + if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) { + die("Could not create $link: $!\n"); + } + $request_reload = 1; + return 1; +} + +sub check_link { + my ( $tgt, $link ) = @_; + + if ( !-e $link ) { + if ( -l $link ) { + + # points to nowhere + info("Removing dangling link $link"); + unlink($link) or die "Could not remove $link\n"; + } + return 'missing'; + } + + if ( -e $link && !-l $link ) { + return "$link is a real file, not touching it"; + } + if ( realpath($link) ne realpath($tgt) ) { + return "$link exists but does not point to $tgt, not touching it"; + } + return 'ok'; +} + +sub remove_link { + my ($link) = @_; + + if ( -l $link ) { + unlink($link) or die "Could not remove $link: $!\n"; + } + elsif ( -e $link ) { + error("$link is not a symbolic link, not deleting\n"); + return 0; + } + $request_reload = 1; + return 1; +} + +sub threaded { + my $result = ""; + $result = qx{<%= node['apache']['apachectl'] %> -V | grep 'threaded'} + if -x '<%= node['apache']['apachectl'] %>'; + if ( $? != 0 ) { + + # config doesn't work + if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" ) + { + return 0; + } + elsif (-e "$enabldir/mpm_worker.load" + || -e "$enabldir/mpm_event.load" ) + { + return 1; + } + else { + error("Can't determine enabled MPM"); + + # do what user requested + return 0; + } + } + if ( $result =~ / no/ ) { + return 0; + } + elsif ( $result =~ / yes/ ) { + return 1; + } + else { + die("Can't parse output from apache2ctl -V:\n$result\n"); + } +} + +sub info { + print @_ if !$quiet; +} + +sub error { + print STDERR 'ERROR: ', @_; +} + +sub warning { + print STDERR 'WARNING: ', @_; +} + +sub is_in { + my $needle = shift; + foreach my $e (@_) { + return 1 if $needle eq $e; + } + return 0; +} + +sub read_env_file { + my $file = shift; + + -r $file or return; + my @lines = qx{env - sh -c '. $file && env'}; + if ($?) { + die "Could not read $file\n"; + } + + foreach my $l (@lines) { + chomp $l; + $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n"; + $ENV{$1} = $2; + } +} + +sub switch_marker { + die('usage: switch_marker([module|site|conf], [enable|disable], $name)') + if @_ != 3; + my $which = shift; + my $what = shift; + my $name = shift; + + my $mode = "admin"; + $mode = "maint" if $maintmode; + + #print("switch_marker $which $what $name\n"); + # TODO: get rid of the magic string(s) + my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode"; + my $state_marker = "$state_marker_dir/$name"; + if ( !-d $state_marker_dir ) { + File::Path::mkpath("$state_marker_dir") + || error( + "Failed to create marker directory: '$state_marker_dir'\n"); + } + + # XXX: swap find with perl alternative + my @markers = qx{find "$statedir" -type f -a -name "$name"}; + chomp(@markers); + foreach (@markers) { + unless ( unlink $_ ) { + error("Failed to remove old marker '$_'!\n") && return 0; + } + } + unless ($purge) { + qx{touch "$state_marker"}; + if ( $? != 0 ) { + error("Failed to create marker '$state_marker'!\n") && return 0; + } + return 1; + } +} + +# vim: syntax=perl sw=4 sts=4 sr et diff --git a/chef/cookbooks/berks/apache2/templates/default/a2dismod.erb b/chef/cookbooks/berks/apache2/templates/default/a2dismod.erb index e66a292..6c2c262 100644 --- a/chef/cookbooks/berks/apache2/templates/default/a2dismod.erb +++ b/chef/cookbooks/berks/apache2/templates/default/a2dismod.erb @@ -1,22 +1,532 @@ -#!/bin/sh -e - -SYSCONFDIR='<%= node['apache']['dir'] %>' - -if [ -z $1 ]; then - echo "Which module would you like to disable?" - echo -n "Your choices are: " - ls $SYSCONFDIR/mods-enabled/*.load | \ - sed -e "s,$SYSCONFDIR/mods-enabled/,,g" | sed -e 's/\.load$//g;' | xargs echo - echo -n "Module name? " - read MODNAME -else - MODNAME=$1 -fi - -if ! [ -e $SYSCONFDIR/mods-enabled/$MODNAME.load ]; then - echo "This module is already disabled, or does not exist!" - exit 1 -fi - -rm -f $SYSCONFDIR/mods-enabled/$MODNAME.* -echo "Module $MODNAME disabled; reload apache to fully disable." \ No newline at end of file +#!/usr/bin/perl -w +# +# a2enmod by Stefan Fritsch +# Licensed under Apache License 2.0 +# +# The coding style is "perltidy -pbp" + +use strict; +use Cwd 'realpath'; +use File::Spec; +use File::Basename; +use File::Path; +use Getopt::Long; + +my $quiet; +my $force; +my $maintmode; +my $purge; + +Getopt::Long::Configure('bundling'); +GetOptions( + 'quiet|q' => \$quiet, + 'force|f' => \$force, + 'maintmode|m' => \$maintmode, + 'purge|p' => \$purge +) or exit 2; + +my $basename = basename($0); +$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/ + or die "$basename call name unknown\n"; +my $act = $1; +my $obj = $2; +my $dir_suffix = $3; + +my $env_file = $ENV{APACHE_ENVVARS} + || ( + $ENV{APACHE_CONFDIR} + ? "$ENV{APACHE_CONFDIR}/envvars" + : "<%= node['apache']['dir'] %>$dir_suffix/envvars" + ); +$ENV{LANG} = 'C'; +read_env_file($env_file); + +$act .= 'able'; +my ( $name, $dir, $sffx, $reload ); +if ( $obj eq 'mod' ) { + $obj = 'module'; + $dir = 'mods'; + $sffx = '.load'; + $reload = 'restart'; +} +elsif ( $obj eq 'conf' ) { + $obj = 'conf'; + $dir = 'conf'; + $sffx = '.conf'; + $reload = 'reload'; +} +else { + $dir = 'sites'; + $sffx = '.conf'; + $reload = 'reload'; +} +$name = ucfirst($obj); + +my $confdir = $ENV{APACHE_CONFDIR} || "<%= node['apache']['dir'] %>$dir_suffix"; +my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") } + || "$confdir/$dir-available"; +my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled"; +my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "<%= node['apache']['lib_dir'] %>"; + +$statedir .= "/$obj"; + +my $choicedir = $act eq 'enable' ? $availdir : $enabldir; +my $linkdir = File::Spec->abs2rel( $availdir, $enabldir ); + +my $request_reload = 0; + +my $rc = 0; + +if ( !scalar @ARGV ) { + my @choices = myglob('*'); + print "Your choices are: @choices\n"; + print "Which ${obj}(s) do you want to $act (wildcards ok)?\n"; + my $input = <>; + @ARGV = split /\s+/, $input; + +} + +my @objs; +foreach my $arg (@ARGV) { + $arg =~ s/${sffx}$//; + my @glob = myglob($arg); + if ( !@glob ) { + error("No $obj found matching $arg!\n"); + $rc = 1; + } + else { + push @objs, @glob; + } +} + +foreach my $acton (@objs) { + doit($acton) or $rc = 1; +} + +info( + "To activate the new configuration, you need to run:\n service apache2 $reload\n" +) if $request_reload; + +exit($rc); + +############################################################################## + +sub myglob { + my $arg = shift; + + my @glob = map { + s{^$choicedir/}{}; + s{$sffx$}{}; + $_ + } glob("$choicedir/$arg$sffx"); + + return @glob; +} + +sub doit { + my $acton = shift; + + my ( $conftgt, $conflink ); + if ( $obj eq 'module' ) { + if ( $acton eq 'cgi' && threaded() ) { + print + "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n"; + $acton = 'cgid'; + } + + $conftgt = "$availdir/$acton.conf"; + if ( -e $conftgt ) { + $conflink = "$enabldir/$acton.conf"; + } + } + + my $tgt = "$availdir/$acton$sffx"; + my $link = "$enabldir/$acton$sffx"; + + if ( !-e $tgt ) { + if ( -l $link && !-e $link ) { + if ( $act eq 'disable' ) { + info("removing dangling symlink $link\n"); + unlink($link); + + # force a .conf path. It may exist as dangling link, too + $conflink = "$enabldir/$acton.conf"; + + if ( -l $conflink && !-e $conflink ) { + info("removing dangling symlink $conflink\n"); + unlink($conflink); + } + + return 1; + } + else { + error("$link is a dangling symlink!\n"); + } + } + + if ( $purge ) { + switch_marker( $obj, $act, $acton ); + # exit silently, we are purging anyway + return 1; + } + + error("$name $acton does not exist!\n"); + return 0; + } + + # handle module dependencies + if ( $obj eq 'module' ) { + if ( $act eq 'enable' ) { + if ( $acton eq 'mpm_itk' ) { + warning( "MPM_ITK is a third party module that is not part " + . "of the official Apache HTTPD. It has seen less " + . "testing than the official MPM modules." ); + } + my @depends = get_deps("$availdir/$acton.load"); + do_deps( $acton, @depends ) or return 0; + + my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" ); + check_conflicts( $acton, @conflicts ) or return 0; + } + else { + my @depending; + foreach my $d ( glob("$enabldir/*.load") ) { + my @deps = get_deps($d); + if ( is_in( $acton, @deps ) ) { + $d =~ m,/([^/]+).load$,; + push @depending, $1; + } + } + if ( scalar @depending ) { + if ($force) { + do_deps( $acton, @depending ) or return 0; + } + else { + error( + "The following modules depend on $acton ", + "and need to be disabled first: @depending\n" + ); + return 0; + } + } + } + } + elsif ( $act eq 'enable' ) { + my @depends = get_deps("$availdir/$acton$sffx"); + warn_deps( $acton, @depends ) or return 0; + } + + if ( $act eq 'enable' ) { + my $check = check_link( $tgt, $link ); + if ( $check eq 'ok' ) { + if ($conflink) { + + # handle .conf file + my $confcheck = check_link( $conftgt, $conflink ); + if ( $confcheck eq 'ok' ) { + info("$name $acton already enabled\n"); + return 1; + } + elsif ( $confcheck eq 'missing' ) { + print "Enabling config file $acton.conf.\n"; + add_link( $conftgt, $conflink ) or return 0; + } + else { + error( + "Config file $acton.conf not properly enabled: $confcheck\n" + ); + return 0; + } + } + else { + info("$name $acton already enabled\n"); + return 1; + } + } + elsif ( $check eq 'missing' ) { + if ($conflink) { + + # handle .conf file + my $confcheck = check_link( $conftgt, $conflink ); + if ( $confcheck eq 'missing' ) { + add_link( $conftgt, $conflink ) or return 0; + } + elsif ( $confcheck ne 'ok' ) { + error( + "Config file $acton.conf not properly enabled: $confcheck\n" + ); + return 0; + } + } + + print "Enabling $obj $acton.\n"; + if ( $acton eq 'ssl' ) { + info( "See /usr/share/doc/apache2/README.Debian.gz on " + . "how to configure SSL and create self-signed certificates.\n" + ); + } + return add_link( $tgt, $link ) + && switch_marker( $obj, $act, $acton ); + } + else { + error("$name $acton not properly enabled: $check\n"); + return 0; + } + } + else { + if ( -e $link || -l $link ) { + remove_link($link); + if ( $conflink && -e $conflink ) { + remove_link($conflink); + } + switch_marker( $obj, $act, $acton ); + print "$name $acton disabled.\n"; + } + elsif ( $conflink && -e $conflink ) { + print "Disabling stale config file $acton.conf.\n"; + remove_link($conflink); + } + else { + info("$name $acton already disabled\n"); + if ( $purge ) { + switch_marker( $obj, $act, $acton ); + } + return 1; + } + } + + return 1; +} + +sub get_deps { + my $file = shift; + my $type = shift || "Depends"; + + my $fd; + if ( !open( $fd, '<', $file ) ) { + error("Can't open $file: $!"); + return; + } + my $line; + while ( defined( $line = <$fd> ) ) { + chomp $line; + if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) { + my $deps = $1; + return split( /[\n\s]+/, $deps ); + } + + # only check until the first non-empty non-comment line + last if ( $line !~ /^\s*(?:#.*)?$/ ); + } + return; +} + +sub do_deps { + my $acton = shift; + foreach my $d (@_) { + info("Considering dependency $d for $acton:\n"); + if ( !doit($d) ) { + error("Could not $act dependency $d for $acton, aborting\n"); + return 0; + } + } + return 1; +} + +sub warn_deps { + my $acton = shift; + my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled"; + foreach my $d (@_) { + info("Checking dependency $d for $acton:\n"); + if ( !-e "$modsenabldir/$d.load" ) { + warning( + "Module $d is not enabled, but $acton depends on it, aborting\n" + ); + return 0; + } + } + return 1; +} + +sub check_conflicts { + my $acton = shift; + my $haderror = 0; + foreach my $d (@_) { + info("Considering conflict $d for $acton:\n"); + + my $tgt = "$availdir/$d$sffx"; + my $link = "$enabldir/$d$sffx"; + + my $confcheck = check_link( $tgt, $link ); + if ( $confcheck eq 'ok' ) { + error( + "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n" + ); + + # Don't return immediately, there could be several conflicts + $haderror++; + } + } + + if ($haderror) { + return 0; + } + + return 1; +} + +sub add_link { + my ( $tgt, $link ) = @_; + + # create relative link + if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) { + die("Could not create $link: $!\n"); + } + $request_reload = 1; + return 1; +} + +sub check_link { + my ( $tgt, $link ) = @_; + + if ( !-e $link ) { + if ( -l $link ) { + + # points to nowhere + info("Removing dangling link $link"); + unlink($link) or die "Could not remove $link\n"; + } + return 'missing'; + } + + if ( -e $link && !-l $link ) { + return "$link is a real file, not touching it"; + } + if ( realpath($link) ne realpath($tgt) ) { + return "$link exists but does not point to $tgt, not touching it"; + } + return 'ok'; +} + +sub remove_link { + my ($link) = @_; + + if ( -l $link ) { + unlink($link) or die "Could not remove $link: $!\n"; + } + elsif ( -e $link ) { + error("$link is not a symbolic link, not deleting\n"); + return 0; + } + $request_reload = 1; + return 1; +} + +sub threaded { + my $result = ""; + $result = qx{<%= node['apache']['apachectl'] %> -V | grep 'threaded'} + if -x '<%= node['apache']['apachectl'] %>'; + if ( $? != 0 ) { + + # config doesn't work + if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" ) + { + return 0; + } + elsif (-e "$enabldir/mpm_worker.load" + || -e "$enabldir/mpm_event.load" ) + { + return 1; + } + else { + error("Can't determine enabled MPM"); + + # do what user requested + return 0; + } + } + if ( $result =~ / no/ ) { + return 0; + } + elsif ( $result =~ / yes/ ) { + return 1; + } + else { + die("Can't parse output from apache2ctl -V:\n$result\n"); + } +} + +sub info { + print @_ if !$quiet; +} + +sub error { + print STDERR 'ERROR: ', @_; +} + +sub warning { + print STDERR 'WARNING: ', @_; +} + +sub is_in { + my $needle = shift; + foreach my $e (@_) { + return 1 if $needle eq $e; + } + return 0; +} + +sub read_env_file { + my $file = shift; + + -r $file or return; + my @lines = qx{env - sh -c '. $file && env'}; + if ($?) { + die "Could not read $file\n"; + } + + foreach my $l (@lines) { + chomp $l; + $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n"; + $ENV{$1} = $2; + } +} + +sub switch_marker { + die('usage: switch_marker([module|site|conf], [enable|disable], $name)') + if @_ != 3; + my $which = shift; + my $what = shift; + my $name = shift; + + my $mode = "admin"; + $mode = "maint" if $maintmode; + + #print("switch_marker $which $what $name\n"); + # TODO: get rid of the magic string(s) + my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode"; + my $state_marker = "$state_marker_dir/$name"; + if ( !-d $state_marker_dir ) { + File::Path::mkpath("$state_marker_dir") + || error( + "Failed to create marker directory: '$state_marker_dir'\n"); + } + + # XXX: swap find with perl alternative + my @markers = qx{find "$statedir" -type f -a -name "$name"}; + chomp(@markers); + foreach (@markers) { + unless ( unlink $_ ) { + error("Failed to remove old marker '$_'!\n") && return 0; + } + } + unless ($purge) { + qx{touch "$state_marker"}; + if ( $? != 0 ) { + error("Failed to create marker '$state_marker'!\n") && return 0; + } + return 1; + } +} + +# vim: syntax=perl sw=4 sts=4 sr et diff --git a/chef/cookbooks/berks/apache2/templates/default/a2dissite.erb b/chef/cookbooks/berks/apache2/templates/default/a2dissite.erb index 9e074c5..6c2c262 100644 --- a/chef/cookbooks/berks/apache2/templates/default/a2dissite.erb +++ b/chef/cookbooks/berks/apache2/templates/default/a2dissite.erb @@ -1,29 +1,532 @@ -#!/bin/sh -e - -SYSCONFDIR='<%= node['apache']['dir'] %>' - -if [ -z $1 ]; then - echo "Which site would you like to disable?" - echo -n "Your choices are: " - ls $SYSCONFDIR/sites-enabled/* | \ - sed -e "s,$SYSCONFDIR/sites-enabled/,,g" | xargs echo - echo -n "Site name? " - read SITENAME -else - SITENAME=$1 -fi - -if [ $SITENAME = "default" ]; then - PRIORITY="000" -fi - -if ! [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \ - -e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then - echo "This site is already disabled, or does not exist!" - exit 1 -fi - -if ! rm $SYSCONFDIR/sites-enabled/$SITENAME 2>/dev/null; then - rm -f $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" -fi -echo "Site $SITENAME disabled; reload apache to disable." +#!/usr/bin/perl -w +# +# a2enmod by Stefan Fritsch +# Licensed under Apache License 2.0 +# +# The coding style is "perltidy -pbp" + +use strict; +use Cwd 'realpath'; +use File::Spec; +use File::Basename; +use File::Path; +use Getopt::Long; + +my $quiet; +my $force; +my $maintmode; +my $purge; + +Getopt::Long::Configure('bundling'); +GetOptions( + 'quiet|q' => \$quiet, + 'force|f' => \$force, + 'maintmode|m' => \$maintmode, + 'purge|p' => \$purge +) or exit 2; + +my $basename = basename($0); +$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/ + or die "$basename call name unknown\n"; +my $act = $1; +my $obj = $2; +my $dir_suffix = $3; + +my $env_file = $ENV{APACHE_ENVVARS} + || ( + $ENV{APACHE_CONFDIR} + ? "$ENV{APACHE_CONFDIR}/envvars" + : "<%= node['apache']['dir'] %>$dir_suffix/envvars" + ); +$ENV{LANG} = 'C'; +read_env_file($env_file); + +$act .= 'able'; +my ( $name, $dir, $sffx, $reload ); +if ( $obj eq 'mod' ) { + $obj = 'module'; + $dir = 'mods'; + $sffx = '.load'; + $reload = 'restart'; +} +elsif ( $obj eq 'conf' ) { + $obj = 'conf'; + $dir = 'conf'; + $sffx = '.conf'; + $reload = 'reload'; +} +else { + $dir = 'sites'; + $sffx = '.conf'; + $reload = 'reload'; +} +$name = ucfirst($obj); + +my $confdir = $ENV{APACHE_CONFDIR} || "<%= node['apache']['dir'] %>$dir_suffix"; +my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") } + || "$confdir/$dir-available"; +my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled"; +my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "<%= node['apache']['lib_dir'] %>"; + +$statedir .= "/$obj"; + +my $choicedir = $act eq 'enable' ? $availdir : $enabldir; +my $linkdir = File::Spec->abs2rel( $availdir, $enabldir ); + +my $request_reload = 0; + +my $rc = 0; + +if ( !scalar @ARGV ) { + my @choices = myglob('*'); + print "Your choices are: @choices\n"; + print "Which ${obj}(s) do you want to $act (wildcards ok)?\n"; + my $input = <>; + @ARGV = split /\s+/, $input; + +} + +my @objs; +foreach my $arg (@ARGV) { + $arg =~ s/${sffx}$//; + my @glob = myglob($arg); + if ( !@glob ) { + error("No $obj found matching $arg!\n"); + $rc = 1; + } + else { + push @objs, @glob; + } +} + +foreach my $acton (@objs) { + doit($acton) or $rc = 1; +} + +info( + "To activate the new configuration, you need to run:\n service apache2 $reload\n" +) if $request_reload; + +exit($rc); + +############################################################################## + +sub myglob { + my $arg = shift; + + my @glob = map { + s{^$choicedir/}{}; + s{$sffx$}{}; + $_ + } glob("$choicedir/$arg$sffx"); + + return @glob; +} + +sub doit { + my $acton = shift; + + my ( $conftgt, $conflink ); + if ( $obj eq 'module' ) { + if ( $acton eq 'cgi' && threaded() ) { + print + "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n"; + $acton = 'cgid'; + } + + $conftgt = "$availdir/$acton.conf"; + if ( -e $conftgt ) { + $conflink = "$enabldir/$acton.conf"; + } + } + + my $tgt = "$availdir/$acton$sffx"; + my $link = "$enabldir/$acton$sffx"; + + if ( !-e $tgt ) { + if ( -l $link && !-e $link ) { + if ( $act eq 'disable' ) { + info("removing dangling symlink $link\n"); + unlink($link); + + # force a .conf path. It may exist as dangling link, too + $conflink = "$enabldir/$acton.conf"; + + if ( -l $conflink && !-e $conflink ) { + info("removing dangling symlink $conflink\n"); + unlink($conflink); + } + + return 1; + } + else { + error("$link is a dangling symlink!\n"); + } + } + + if ( $purge ) { + switch_marker( $obj, $act, $acton ); + # exit silently, we are purging anyway + return 1; + } + + error("$name $acton does not exist!\n"); + return 0; + } + + # handle module dependencies + if ( $obj eq 'module' ) { + if ( $act eq 'enable' ) { + if ( $acton eq 'mpm_itk' ) { + warning( "MPM_ITK is a third party module that is not part " + . "of the official Apache HTTPD. It has seen less " + . "testing than the official MPM modules." ); + } + my @depends = get_deps("$availdir/$acton.load"); + do_deps( $acton, @depends ) or return 0; + + my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" ); + check_conflicts( $acton, @conflicts ) or return 0; + } + else { + my @depending; + foreach my $d ( glob("$enabldir/*.load") ) { + my @deps = get_deps($d); + if ( is_in( $acton, @deps ) ) { + $d =~ m,/([^/]+).load$,; + push @depending, $1; + } + } + if ( scalar @depending ) { + if ($force) { + do_deps( $acton, @depending ) or return 0; + } + else { + error( + "The following modules depend on $acton ", + "and need to be disabled first: @depending\n" + ); + return 0; + } + } + } + } + elsif ( $act eq 'enable' ) { + my @depends = get_deps("$availdir/$acton$sffx"); + warn_deps( $acton, @depends ) or return 0; + } + + if ( $act eq 'enable' ) { + my $check = check_link( $tgt, $link ); + if ( $check eq 'ok' ) { + if ($conflink) { + + # handle .conf file + my $confcheck = check_link( $conftgt, $conflink ); + if ( $confcheck eq 'ok' ) { + info("$name $acton already enabled\n"); + return 1; + } + elsif ( $confcheck eq 'missing' ) { + print "Enabling config file $acton.conf.\n"; + add_link( $conftgt, $conflink ) or return 0; + } + else { + error( + "Config file $acton.conf not properly enabled: $confcheck\n" + ); + return 0; + } + } + else { + info("$name $acton already enabled\n"); + return 1; + } + } + elsif ( $check eq 'missing' ) { + if ($conflink) { + + # handle .conf file + my $confcheck = check_link( $conftgt, $conflink ); + if ( $confcheck eq 'missing' ) { + add_link( $conftgt, $conflink ) or return 0; + } + elsif ( $confcheck ne 'ok' ) { + error( + "Config file $acton.conf not properly enabled: $confcheck\n" + ); + return 0; + } + } + + print "Enabling $obj $acton.\n"; + if ( $acton eq 'ssl' ) { + info( "See /usr/share/doc/apache2/README.Debian.gz on " + . "how to configure SSL and create self-signed certificates.\n" + ); + } + return add_link( $tgt, $link ) + && switch_marker( $obj, $act, $acton ); + } + else { + error("$name $acton not properly enabled: $check\n"); + return 0; + } + } + else { + if ( -e $link || -l $link ) { + remove_link($link); + if ( $conflink && -e $conflink ) { + remove_link($conflink); + } + switch_marker( $obj, $act, $acton ); + print "$name $acton disabled.\n"; + } + elsif ( $conflink && -e $conflink ) { + print "Disabling stale config file $acton.conf.\n"; + remove_link($conflink); + } + else { + info("$name $acton already disabled\n"); + if ( $purge ) { + switch_marker( $obj, $act, $acton ); + } + return 1; + } + } + + return 1; +} + +sub get_deps { + my $file = shift; + my $type = shift || "Depends"; + + my $fd; + if ( !open( $fd, '<', $file ) ) { + error("Can't open $file: $!"); + return; + } + my $line; + while ( defined( $line = <$fd> ) ) { + chomp $line; + if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) { + my $deps = $1; + return split( /[\n\s]+/, $deps ); + } + + # only check until the first non-empty non-comment line + last if ( $line !~ /^\s*(?:#.*)?$/ ); + } + return; +} + +sub do_deps { + my $acton = shift; + foreach my $d (@_) { + info("Considering dependency $d for $acton:\n"); + if ( !doit($d) ) { + error("Could not $act dependency $d for $acton, aborting\n"); + return 0; + } + } + return 1; +} + +sub warn_deps { + my $acton = shift; + my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled"; + foreach my $d (@_) { + info("Checking dependency $d for $acton:\n"); + if ( !-e "$modsenabldir/$d.load" ) { + warning( + "Module $d is not enabled, but $acton depends on it, aborting\n" + ); + return 0; + } + } + return 1; +} + +sub check_conflicts { + my $acton = shift; + my $haderror = 0; + foreach my $d (@_) { + info("Considering conflict $d for $acton:\n"); + + my $tgt = "$availdir/$d$sffx"; + my $link = "$enabldir/$d$sffx"; + + my $confcheck = check_link( $tgt, $link ); + if ( $confcheck eq 'ok' ) { + error( + "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n" + ); + + # Don't return immediately, there could be several conflicts + $haderror++; + } + } + + if ($haderror) { + return 0; + } + + return 1; +} + +sub add_link { + my ( $tgt, $link ) = @_; + + # create relative link + if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) { + die("Could not create $link: $!\n"); + } + $request_reload = 1; + return 1; +} + +sub check_link { + my ( $tgt, $link ) = @_; + + if ( !-e $link ) { + if ( -l $link ) { + + # points to nowhere + info("Removing dangling link $link"); + unlink($link) or die "Could not remove $link\n"; + } + return 'missing'; + } + + if ( -e $link && !-l $link ) { + return "$link is a real file, not touching it"; + } + if ( realpath($link) ne realpath($tgt) ) { + return "$link exists but does not point to $tgt, not touching it"; + } + return 'ok'; +} + +sub remove_link { + my ($link) = @_; + + if ( -l $link ) { + unlink($link) or die "Could not remove $link: $!\n"; + } + elsif ( -e $link ) { + error("$link is not a symbolic link, not deleting\n"); + return 0; + } + $request_reload = 1; + return 1; +} + +sub threaded { + my $result = ""; + $result = qx{<%= node['apache']['apachectl'] %> -V | grep 'threaded'} + if -x '<%= node['apache']['apachectl'] %>'; + if ( $? != 0 ) { + + # config doesn't work + if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" ) + { + return 0; + } + elsif (-e "$enabldir/mpm_worker.load" + || -e "$enabldir/mpm_event.load" ) + { + return 1; + } + else { + error("Can't determine enabled MPM"); + + # do what user requested + return 0; + } + } + if ( $result =~ / no/ ) { + return 0; + } + elsif ( $result =~ / yes/ ) { + return 1; + } + else { + die("Can't parse output from apache2ctl -V:\n$result\n"); + } +} + +sub info { + print @_ if !$quiet; +} + +sub error { + print STDERR 'ERROR: ', @_; +} + +sub warning { + print STDERR 'WARNING: ', @_; +} + +sub is_in { + my $needle = shift; + foreach my $e (@_) { + return 1 if $needle eq $e; + } + return 0; +} + +sub read_env_file { + my $file = shift; + + -r $file or return; + my @lines = qx{env - sh -c '. $file && env'}; + if ($?) { + die "Could not read $file\n"; + } + + foreach my $l (@lines) { + chomp $l; + $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n"; + $ENV{$1} = $2; + } +} + +sub switch_marker { + die('usage: switch_marker([module|site|conf], [enable|disable], $name)') + if @_ != 3; + my $which = shift; + my $what = shift; + my $name = shift; + + my $mode = "admin"; + $mode = "maint" if $maintmode; + + #print("switch_marker $which $what $name\n"); + # TODO: get rid of the magic string(s) + my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode"; + my $state_marker = "$state_marker_dir/$name"; + if ( !-d $state_marker_dir ) { + File::Path::mkpath("$state_marker_dir") + || error( + "Failed to create marker directory: '$state_marker_dir'\n"); + } + + # XXX: swap find with perl alternative + my @markers = qx{find "$statedir" -type f -a -name "$name"}; + chomp(@markers); + foreach (@markers) { + unless ( unlink $_ ) { + error("Failed to remove old marker '$_'!\n") && return 0; + } + } + unless ($purge) { + qx{touch "$state_marker"}; + if ( $? != 0 ) { + error("Failed to create marker '$state_marker'!\n") && return 0; + } + return 1; + } +} + +# vim: syntax=perl sw=4 sts=4 sr et diff --git a/chef/cookbooks/berks/apache2/templates/default/a2enconf.erb b/chef/cookbooks/berks/apache2/templates/default/a2enconf.erb new file mode 100644 index 0000000..6c2c262 --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/a2enconf.erb @@ -0,0 +1,532 @@ +#!/usr/bin/perl -w +# +# a2enmod by Stefan Fritsch +# Licensed under Apache License 2.0 +# +# The coding style is "perltidy -pbp" + +use strict; +use Cwd 'realpath'; +use File::Spec; +use File::Basename; +use File::Path; +use Getopt::Long; + +my $quiet; +my $force; +my $maintmode; +my $purge; + +Getopt::Long::Configure('bundling'); +GetOptions( + 'quiet|q' => \$quiet, + 'force|f' => \$force, + 'maintmode|m' => \$maintmode, + 'purge|p' => \$purge +) or exit 2; + +my $basename = basename($0); +$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/ + or die "$basename call name unknown\n"; +my $act = $1; +my $obj = $2; +my $dir_suffix = $3; + +my $env_file = $ENV{APACHE_ENVVARS} + || ( + $ENV{APACHE_CONFDIR} + ? "$ENV{APACHE_CONFDIR}/envvars" + : "<%= node['apache']['dir'] %>$dir_suffix/envvars" + ); +$ENV{LANG} = 'C'; +read_env_file($env_file); + +$act .= 'able'; +my ( $name, $dir, $sffx, $reload ); +if ( $obj eq 'mod' ) { + $obj = 'module'; + $dir = 'mods'; + $sffx = '.load'; + $reload = 'restart'; +} +elsif ( $obj eq 'conf' ) { + $obj = 'conf'; + $dir = 'conf'; + $sffx = '.conf'; + $reload = 'reload'; +} +else { + $dir = 'sites'; + $sffx = '.conf'; + $reload = 'reload'; +} +$name = ucfirst($obj); + +my $confdir = $ENV{APACHE_CONFDIR} || "<%= node['apache']['dir'] %>$dir_suffix"; +my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") } + || "$confdir/$dir-available"; +my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled"; +my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "<%= node['apache']['lib_dir'] %>"; + +$statedir .= "/$obj"; + +my $choicedir = $act eq 'enable' ? $availdir : $enabldir; +my $linkdir = File::Spec->abs2rel( $availdir, $enabldir ); + +my $request_reload = 0; + +my $rc = 0; + +if ( !scalar @ARGV ) { + my @choices = myglob('*'); + print "Your choices are: @choices\n"; + print "Which ${obj}(s) do you want to $act (wildcards ok)?\n"; + my $input = <>; + @ARGV = split /\s+/, $input; + +} + +my @objs; +foreach my $arg (@ARGV) { + $arg =~ s/${sffx}$//; + my @glob = myglob($arg); + if ( !@glob ) { + error("No $obj found matching $arg!\n"); + $rc = 1; + } + else { + push @objs, @glob; + } +} + +foreach my $acton (@objs) { + doit($acton) or $rc = 1; +} + +info( + "To activate the new configuration, you need to run:\n service apache2 $reload\n" +) if $request_reload; + +exit($rc); + +############################################################################## + +sub myglob { + my $arg = shift; + + my @glob = map { + s{^$choicedir/}{}; + s{$sffx$}{}; + $_ + } glob("$choicedir/$arg$sffx"); + + return @glob; +} + +sub doit { + my $acton = shift; + + my ( $conftgt, $conflink ); + if ( $obj eq 'module' ) { + if ( $acton eq 'cgi' && threaded() ) { + print + "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n"; + $acton = 'cgid'; + } + + $conftgt = "$availdir/$acton.conf"; + if ( -e $conftgt ) { + $conflink = "$enabldir/$acton.conf"; + } + } + + my $tgt = "$availdir/$acton$sffx"; + my $link = "$enabldir/$acton$sffx"; + + if ( !-e $tgt ) { + if ( -l $link && !-e $link ) { + if ( $act eq 'disable' ) { + info("removing dangling symlink $link\n"); + unlink($link); + + # force a .conf path. It may exist as dangling link, too + $conflink = "$enabldir/$acton.conf"; + + if ( -l $conflink && !-e $conflink ) { + info("removing dangling symlink $conflink\n"); + unlink($conflink); + } + + return 1; + } + else { + error("$link is a dangling symlink!\n"); + } + } + + if ( $purge ) { + switch_marker( $obj, $act, $acton ); + # exit silently, we are purging anyway + return 1; + } + + error("$name $acton does not exist!\n"); + return 0; + } + + # handle module dependencies + if ( $obj eq 'module' ) { + if ( $act eq 'enable' ) { + if ( $acton eq 'mpm_itk' ) { + warning( "MPM_ITK is a third party module that is not part " + . "of the official Apache HTTPD. It has seen less " + . "testing than the official MPM modules." ); + } + my @depends = get_deps("$availdir/$acton.load"); + do_deps( $acton, @depends ) or return 0; + + my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" ); + check_conflicts( $acton, @conflicts ) or return 0; + } + else { + my @depending; + foreach my $d ( glob("$enabldir/*.load") ) { + my @deps = get_deps($d); + if ( is_in( $acton, @deps ) ) { + $d =~ m,/([^/]+).load$,; + push @depending, $1; + } + } + if ( scalar @depending ) { + if ($force) { + do_deps( $acton, @depending ) or return 0; + } + else { + error( + "The following modules depend on $acton ", + "and need to be disabled first: @depending\n" + ); + return 0; + } + } + } + } + elsif ( $act eq 'enable' ) { + my @depends = get_deps("$availdir/$acton$sffx"); + warn_deps( $acton, @depends ) or return 0; + } + + if ( $act eq 'enable' ) { + my $check = check_link( $tgt, $link ); + if ( $check eq 'ok' ) { + if ($conflink) { + + # handle .conf file + my $confcheck = check_link( $conftgt, $conflink ); + if ( $confcheck eq 'ok' ) { + info("$name $acton already enabled\n"); + return 1; + } + elsif ( $confcheck eq 'missing' ) { + print "Enabling config file $acton.conf.\n"; + add_link( $conftgt, $conflink ) or return 0; + } + else { + error( + "Config file $acton.conf not properly enabled: $confcheck\n" + ); + return 0; + } + } + else { + info("$name $acton already enabled\n"); + return 1; + } + } + elsif ( $check eq 'missing' ) { + if ($conflink) { + + # handle .conf file + my $confcheck = check_link( $conftgt, $conflink ); + if ( $confcheck eq 'missing' ) { + add_link( $conftgt, $conflink ) or return 0; + } + elsif ( $confcheck ne 'ok' ) { + error( + "Config file $acton.conf not properly enabled: $confcheck\n" + ); + return 0; + } + } + + print "Enabling $obj $acton.\n"; + if ( $acton eq 'ssl' ) { + info( "See /usr/share/doc/apache2/README.Debian.gz on " + . "how to configure SSL and create self-signed certificates.\n" + ); + } + return add_link( $tgt, $link ) + && switch_marker( $obj, $act, $acton ); + } + else { + error("$name $acton not properly enabled: $check\n"); + return 0; + } + } + else { + if ( -e $link || -l $link ) { + remove_link($link); + if ( $conflink && -e $conflink ) { + remove_link($conflink); + } + switch_marker( $obj, $act, $acton ); + print "$name $acton disabled.\n"; + } + elsif ( $conflink && -e $conflink ) { + print "Disabling stale config file $acton.conf.\n"; + remove_link($conflink); + } + else { + info("$name $acton already disabled\n"); + if ( $purge ) { + switch_marker( $obj, $act, $acton ); + } + return 1; + } + } + + return 1; +} + +sub get_deps { + my $file = shift; + my $type = shift || "Depends"; + + my $fd; + if ( !open( $fd, '<', $file ) ) { + error("Can't open $file: $!"); + return; + } + my $line; + while ( defined( $line = <$fd> ) ) { + chomp $line; + if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) { + my $deps = $1; + return split( /[\n\s]+/, $deps ); + } + + # only check until the first non-empty non-comment line + last if ( $line !~ /^\s*(?:#.*)?$/ ); + } + return; +} + +sub do_deps { + my $acton = shift; + foreach my $d (@_) { + info("Considering dependency $d for $acton:\n"); + if ( !doit($d) ) { + error("Could not $act dependency $d for $acton, aborting\n"); + return 0; + } + } + return 1; +} + +sub warn_deps { + my $acton = shift; + my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled"; + foreach my $d (@_) { + info("Checking dependency $d for $acton:\n"); + if ( !-e "$modsenabldir/$d.load" ) { + warning( + "Module $d is not enabled, but $acton depends on it, aborting\n" + ); + return 0; + } + } + return 1; +} + +sub check_conflicts { + my $acton = shift; + my $haderror = 0; + foreach my $d (@_) { + info("Considering conflict $d for $acton:\n"); + + my $tgt = "$availdir/$d$sffx"; + my $link = "$enabldir/$d$sffx"; + + my $confcheck = check_link( $tgt, $link ); + if ( $confcheck eq 'ok' ) { + error( + "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n" + ); + + # Don't return immediately, there could be several conflicts + $haderror++; + } + } + + if ($haderror) { + return 0; + } + + return 1; +} + +sub add_link { + my ( $tgt, $link ) = @_; + + # create relative link + if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) { + die("Could not create $link: $!\n"); + } + $request_reload = 1; + return 1; +} + +sub check_link { + my ( $tgt, $link ) = @_; + + if ( !-e $link ) { + if ( -l $link ) { + + # points to nowhere + info("Removing dangling link $link"); + unlink($link) or die "Could not remove $link\n"; + } + return 'missing'; + } + + if ( -e $link && !-l $link ) { + return "$link is a real file, not touching it"; + } + if ( realpath($link) ne realpath($tgt) ) { + return "$link exists but does not point to $tgt, not touching it"; + } + return 'ok'; +} + +sub remove_link { + my ($link) = @_; + + if ( -l $link ) { + unlink($link) or die "Could not remove $link: $!\n"; + } + elsif ( -e $link ) { + error("$link is not a symbolic link, not deleting\n"); + return 0; + } + $request_reload = 1; + return 1; +} + +sub threaded { + my $result = ""; + $result = qx{<%= node['apache']['apachectl'] %> -V | grep 'threaded'} + if -x '<%= node['apache']['apachectl'] %>'; + if ( $? != 0 ) { + + # config doesn't work + if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" ) + { + return 0; + } + elsif (-e "$enabldir/mpm_worker.load" + || -e "$enabldir/mpm_event.load" ) + { + return 1; + } + else { + error("Can't determine enabled MPM"); + + # do what user requested + return 0; + } + } + if ( $result =~ / no/ ) { + return 0; + } + elsif ( $result =~ / yes/ ) { + return 1; + } + else { + die("Can't parse output from apache2ctl -V:\n$result\n"); + } +} + +sub info { + print @_ if !$quiet; +} + +sub error { + print STDERR 'ERROR: ', @_; +} + +sub warning { + print STDERR 'WARNING: ', @_; +} + +sub is_in { + my $needle = shift; + foreach my $e (@_) { + return 1 if $needle eq $e; + } + return 0; +} + +sub read_env_file { + my $file = shift; + + -r $file or return; + my @lines = qx{env - sh -c '. $file && env'}; + if ($?) { + die "Could not read $file\n"; + } + + foreach my $l (@lines) { + chomp $l; + $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n"; + $ENV{$1} = $2; + } +} + +sub switch_marker { + die('usage: switch_marker([module|site|conf], [enable|disable], $name)') + if @_ != 3; + my $which = shift; + my $what = shift; + my $name = shift; + + my $mode = "admin"; + $mode = "maint" if $maintmode; + + #print("switch_marker $which $what $name\n"); + # TODO: get rid of the magic string(s) + my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode"; + my $state_marker = "$state_marker_dir/$name"; + if ( !-d $state_marker_dir ) { + File::Path::mkpath("$state_marker_dir") + || error( + "Failed to create marker directory: '$state_marker_dir'\n"); + } + + # XXX: swap find with perl alternative + my @markers = qx{find "$statedir" -type f -a -name "$name"}; + chomp(@markers); + foreach (@markers) { + unless ( unlink $_ ) { + error("Failed to remove old marker '$_'!\n") && return 0; + } + } + unless ($purge) { + qx{touch "$state_marker"}; + if ( $? != 0 ) { + error("Failed to create marker '$state_marker'!\n") && return 0; + } + return 1; + } +} + +# vim: syntax=perl sw=4 sts=4 sr et diff --git a/chef/cookbooks/berks/apache2/templates/default/a2enmod.erb b/chef/cookbooks/berks/apache2/templates/default/a2enmod.erb index 9766e80..6c2c262 100644 --- a/chef/cookbooks/berks/apache2/templates/default/a2enmod.erb +++ b/chef/cookbooks/berks/apache2/templates/default/a2enmod.erb @@ -1,37 +1,532 @@ -#!/bin/sh -e - -SYSCONFDIR='<%= node['apache']['dir'] %>' - -if [ -z $1 ]; then - echo "Which module would you like to enable?" - echo -n "Your choices are: " - ls $SYSCONFDIR/mods-available/*.load | \ - sed -e "s,$SYSCONFDIR/mods-available/,,g" | sed -e 's/\.load$//g;' | xargs echo - echo -n "Module name? " - read MODNAME -else - MODNAME=$1 -fi - -#figure out if we're on a prefork or threaded mpm -if [ -x <%= node['apache']['binary'] %> ]; then - PREFORK=`<%= node['apache']['binary'] %> -l | grep prefork || true` -fi - -if [ -e $SYSCONFDIR/mods-enabled/$MODNAME.load -a -e $SYSCONFDIR/mods-enabled/$MODNAME.conf ]; then - echo "This module is already enabled!" - exit 0 -fi - -if ! [ -e $SYSCONFDIR/mods-available/$MODNAME.load ]; then - echo "This module does not exist!" - exit 1 -fi - -for i in conf load; do - if [ -e $SYSCONFDIR/mods-available/$MODNAME.$i -a ! -e $SYSCONFDIR/mods-enabled/$MODNAME.$i ]; then - ln -sf $SYSCONFDIR/mods-available/$MODNAME.$i $SYSCONFDIR/mods-enabled/$MODNAME.$i; - fi -done - -echo "Module $MODNAME installed; reload apache to enable." +#!/usr/bin/perl -w +# +# a2enmod by Stefan Fritsch +# Licensed under Apache License 2.0 +# +# The coding style is "perltidy -pbp" + +use strict; +use Cwd 'realpath'; +use File::Spec; +use File::Basename; +use File::Path; +use Getopt::Long; + +my $quiet; +my $force; +my $maintmode; +my $purge; + +Getopt::Long::Configure('bundling'); +GetOptions( + 'quiet|q' => \$quiet, + 'force|f' => \$force, + 'maintmode|m' => \$maintmode, + 'purge|p' => \$purge +) or exit 2; + +my $basename = basename($0); +$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/ + or die "$basename call name unknown\n"; +my $act = $1; +my $obj = $2; +my $dir_suffix = $3; + +my $env_file = $ENV{APACHE_ENVVARS} + || ( + $ENV{APACHE_CONFDIR} + ? "$ENV{APACHE_CONFDIR}/envvars" + : "<%= node['apache']['dir'] %>$dir_suffix/envvars" + ); +$ENV{LANG} = 'C'; +read_env_file($env_file); + +$act .= 'able'; +my ( $name, $dir, $sffx, $reload ); +if ( $obj eq 'mod' ) { + $obj = 'module'; + $dir = 'mods'; + $sffx = '.load'; + $reload = 'restart'; +} +elsif ( $obj eq 'conf' ) { + $obj = 'conf'; + $dir = 'conf'; + $sffx = '.conf'; + $reload = 'reload'; +} +else { + $dir = 'sites'; + $sffx = '.conf'; + $reload = 'reload'; +} +$name = ucfirst($obj); + +my $confdir = $ENV{APACHE_CONFDIR} || "<%= node['apache']['dir'] %>$dir_suffix"; +my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") } + || "$confdir/$dir-available"; +my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled"; +my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "<%= node['apache']['lib_dir'] %>"; + +$statedir .= "/$obj"; + +my $choicedir = $act eq 'enable' ? $availdir : $enabldir; +my $linkdir = File::Spec->abs2rel( $availdir, $enabldir ); + +my $request_reload = 0; + +my $rc = 0; + +if ( !scalar @ARGV ) { + my @choices = myglob('*'); + print "Your choices are: @choices\n"; + print "Which ${obj}(s) do you want to $act (wildcards ok)?\n"; + my $input = <>; + @ARGV = split /\s+/, $input; + +} + +my @objs; +foreach my $arg (@ARGV) { + $arg =~ s/${sffx}$//; + my @glob = myglob($arg); + if ( !@glob ) { + error("No $obj found matching $arg!\n"); + $rc = 1; + } + else { + push @objs, @glob; + } +} + +foreach my $acton (@objs) { + doit($acton) or $rc = 1; +} + +info( + "To activate the new configuration, you need to run:\n service apache2 $reload\n" +) if $request_reload; + +exit($rc); + +############################################################################## + +sub myglob { + my $arg = shift; + + my @glob = map { + s{^$choicedir/}{}; + s{$sffx$}{}; + $_ + } glob("$choicedir/$arg$sffx"); + + return @glob; +} + +sub doit { + my $acton = shift; + + my ( $conftgt, $conflink ); + if ( $obj eq 'module' ) { + if ( $acton eq 'cgi' && threaded() ) { + print + "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n"; + $acton = 'cgid'; + } + + $conftgt = "$availdir/$acton.conf"; + if ( -e $conftgt ) { + $conflink = "$enabldir/$acton.conf"; + } + } + + my $tgt = "$availdir/$acton$sffx"; + my $link = "$enabldir/$acton$sffx"; + + if ( !-e $tgt ) { + if ( -l $link && !-e $link ) { + if ( $act eq 'disable' ) { + info("removing dangling symlink $link\n"); + unlink($link); + + # force a .conf path. It may exist as dangling link, too + $conflink = "$enabldir/$acton.conf"; + + if ( -l $conflink && !-e $conflink ) { + info("removing dangling symlink $conflink\n"); + unlink($conflink); + } + + return 1; + } + else { + error("$link is a dangling symlink!\n"); + } + } + + if ( $purge ) { + switch_marker( $obj, $act, $acton ); + # exit silently, we are purging anyway + return 1; + } + + error("$name $acton does not exist!\n"); + return 0; + } + + # handle module dependencies + if ( $obj eq 'module' ) { + if ( $act eq 'enable' ) { + if ( $acton eq 'mpm_itk' ) { + warning( "MPM_ITK is a third party module that is not part " + . "of the official Apache HTTPD. It has seen less " + . "testing than the official MPM modules." ); + } + my @depends = get_deps("$availdir/$acton.load"); + do_deps( $acton, @depends ) or return 0; + + my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" ); + check_conflicts( $acton, @conflicts ) or return 0; + } + else { + my @depending; + foreach my $d ( glob("$enabldir/*.load") ) { + my @deps = get_deps($d); + if ( is_in( $acton, @deps ) ) { + $d =~ m,/([^/]+).load$,; + push @depending, $1; + } + } + if ( scalar @depending ) { + if ($force) { + do_deps( $acton, @depending ) or return 0; + } + else { + error( + "The following modules depend on $acton ", + "and need to be disabled first: @depending\n" + ); + return 0; + } + } + } + } + elsif ( $act eq 'enable' ) { + my @depends = get_deps("$availdir/$acton$sffx"); + warn_deps( $acton, @depends ) or return 0; + } + + if ( $act eq 'enable' ) { + my $check = check_link( $tgt, $link ); + if ( $check eq 'ok' ) { + if ($conflink) { + + # handle .conf file + my $confcheck = check_link( $conftgt, $conflink ); + if ( $confcheck eq 'ok' ) { + info("$name $acton already enabled\n"); + return 1; + } + elsif ( $confcheck eq 'missing' ) { + print "Enabling config file $acton.conf.\n"; + add_link( $conftgt, $conflink ) or return 0; + } + else { + error( + "Config file $acton.conf not properly enabled: $confcheck\n" + ); + return 0; + } + } + else { + info("$name $acton already enabled\n"); + return 1; + } + } + elsif ( $check eq 'missing' ) { + if ($conflink) { + + # handle .conf file + my $confcheck = check_link( $conftgt, $conflink ); + if ( $confcheck eq 'missing' ) { + add_link( $conftgt, $conflink ) or return 0; + } + elsif ( $confcheck ne 'ok' ) { + error( + "Config file $acton.conf not properly enabled: $confcheck\n" + ); + return 0; + } + } + + print "Enabling $obj $acton.\n"; + if ( $acton eq 'ssl' ) { + info( "See /usr/share/doc/apache2/README.Debian.gz on " + . "how to configure SSL and create self-signed certificates.\n" + ); + } + return add_link( $tgt, $link ) + && switch_marker( $obj, $act, $acton ); + } + else { + error("$name $acton not properly enabled: $check\n"); + return 0; + } + } + else { + if ( -e $link || -l $link ) { + remove_link($link); + if ( $conflink && -e $conflink ) { + remove_link($conflink); + } + switch_marker( $obj, $act, $acton ); + print "$name $acton disabled.\n"; + } + elsif ( $conflink && -e $conflink ) { + print "Disabling stale config file $acton.conf.\n"; + remove_link($conflink); + } + else { + info("$name $acton already disabled\n"); + if ( $purge ) { + switch_marker( $obj, $act, $acton ); + } + return 1; + } + } + + return 1; +} + +sub get_deps { + my $file = shift; + my $type = shift || "Depends"; + + my $fd; + if ( !open( $fd, '<', $file ) ) { + error("Can't open $file: $!"); + return; + } + my $line; + while ( defined( $line = <$fd> ) ) { + chomp $line; + if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) { + my $deps = $1; + return split( /[\n\s]+/, $deps ); + } + + # only check until the first non-empty non-comment line + last if ( $line !~ /^\s*(?:#.*)?$/ ); + } + return; +} + +sub do_deps { + my $acton = shift; + foreach my $d (@_) { + info("Considering dependency $d for $acton:\n"); + if ( !doit($d) ) { + error("Could not $act dependency $d for $acton, aborting\n"); + return 0; + } + } + return 1; +} + +sub warn_deps { + my $acton = shift; + my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled"; + foreach my $d (@_) { + info("Checking dependency $d for $acton:\n"); + if ( !-e "$modsenabldir/$d.load" ) { + warning( + "Module $d is not enabled, but $acton depends on it, aborting\n" + ); + return 0; + } + } + return 1; +} + +sub check_conflicts { + my $acton = shift; + my $haderror = 0; + foreach my $d (@_) { + info("Considering conflict $d for $acton:\n"); + + my $tgt = "$availdir/$d$sffx"; + my $link = "$enabldir/$d$sffx"; + + my $confcheck = check_link( $tgt, $link ); + if ( $confcheck eq 'ok' ) { + error( + "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n" + ); + + # Don't return immediately, there could be several conflicts + $haderror++; + } + } + + if ($haderror) { + return 0; + } + + return 1; +} + +sub add_link { + my ( $tgt, $link ) = @_; + + # create relative link + if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) { + die("Could not create $link: $!\n"); + } + $request_reload = 1; + return 1; +} + +sub check_link { + my ( $tgt, $link ) = @_; + + if ( !-e $link ) { + if ( -l $link ) { + + # points to nowhere + info("Removing dangling link $link"); + unlink($link) or die "Could not remove $link\n"; + } + return 'missing'; + } + + if ( -e $link && !-l $link ) { + return "$link is a real file, not touching it"; + } + if ( realpath($link) ne realpath($tgt) ) { + return "$link exists but does not point to $tgt, not touching it"; + } + return 'ok'; +} + +sub remove_link { + my ($link) = @_; + + if ( -l $link ) { + unlink($link) or die "Could not remove $link: $!\n"; + } + elsif ( -e $link ) { + error("$link is not a symbolic link, not deleting\n"); + return 0; + } + $request_reload = 1; + return 1; +} + +sub threaded { + my $result = ""; + $result = qx{<%= node['apache']['apachectl'] %> -V | grep 'threaded'} + if -x '<%= node['apache']['apachectl'] %>'; + if ( $? != 0 ) { + + # config doesn't work + if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" ) + { + return 0; + } + elsif (-e "$enabldir/mpm_worker.load" + || -e "$enabldir/mpm_event.load" ) + { + return 1; + } + else { + error("Can't determine enabled MPM"); + + # do what user requested + return 0; + } + } + if ( $result =~ / no/ ) { + return 0; + } + elsif ( $result =~ / yes/ ) { + return 1; + } + else { + die("Can't parse output from apache2ctl -V:\n$result\n"); + } +} + +sub info { + print @_ if !$quiet; +} + +sub error { + print STDERR 'ERROR: ', @_; +} + +sub warning { + print STDERR 'WARNING: ', @_; +} + +sub is_in { + my $needle = shift; + foreach my $e (@_) { + return 1 if $needle eq $e; + } + return 0; +} + +sub read_env_file { + my $file = shift; + + -r $file or return; + my @lines = qx{env - sh -c '. $file && env'}; + if ($?) { + die "Could not read $file\n"; + } + + foreach my $l (@lines) { + chomp $l; + $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n"; + $ENV{$1} = $2; + } +} + +sub switch_marker { + die('usage: switch_marker([module|site|conf], [enable|disable], $name)') + if @_ != 3; + my $which = shift; + my $what = shift; + my $name = shift; + + my $mode = "admin"; + $mode = "maint" if $maintmode; + + #print("switch_marker $which $what $name\n"); + # TODO: get rid of the magic string(s) + my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode"; + my $state_marker = "$state_marker_dir/$name"; + if ( !-d $state_marker_dir ) { + File::Path::mkpath("$state_marker_dir") + || error( + "Failed to create marker directory: '$state_marker_dir'\n"); + } + + # XXX: swap find with perl alternative + my @markers = qx{find "$statedir" -type f -a -name "$name"}; + chomp(@markers); + foreach (@markers) { + unless ( unlink $_ ) { + error("Failed to remove old marker '$_'!\n") && return 0; + } + } + unless ($purge) { + qx{touch "$state_marker"}; + if ( $? != 0 ) { + error("Failed to create marker '$state_marker'!\n") && return 0; + } + return 1; + } +} + +# vim: syntax=perl sw=4 sts=4 sr et diff --git a/chef/cookbooks/berks/apache2/templates/default/a2ensite.erb b/chef/cookbooks/berks/apache2/templates/default/a2ensite.erb index 3a7c628..6c2c262 100644 --- a/chef/cookbooks/berks/apache2/templates/default/a2ensite.erb +++ b/chef/cookbooks/berks/apache2/templates/default/a2ensite.erb @@ -1,38 +1,532 @@ -#!/bin/sh -e - -SYSCONFDIR='<%= node['apache']['dir'] %>' - -if [ -z $1 ]; then - echo "Which site would you like to enable?" - echo -n "Your choices are: " - ls $SYSCONFDIR/sites-available/* | \ - sed -e "s,$SYSCONFDIR/sites-available/,,g" | xargs echo - echo -n "Site name? " - read SITENAME -else - SITENAME=$1 -fi - -if [ $SITENAME = "default" ]; then - PRIORITY="000" -fi - -if [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \ - -e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then - echo "This site is already enabled!" - exit 0 -fi - -if ! [ -e $SYSCONFDIR/sites-available/$SITENAME ]; then - echo "This site does not exist!" - exit 1 -fi - -if [ $SITENAME = "default" ]; then - ln -sf $SYSCONFDIR/sites-available/$SITENAME \ - $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" -else - ln -sf $SYSCONFDIR/sites-available/$SITENAME $SYSCONFDIR/sites-enabled/$SITENAME -fi - -echo "Site $SITENAME installed; reload apache to enable." \ No newline at end of file +#!/usr/bin/perl -w +# +# a2enmod by Stefan Fritsch +# Licensed under Apache License 2.0 +# +# The coding style is "perltidy -pbp" + +use strict; +use Cwd 'realpath'; +use File::Spec; +use File::Basename; +use File::Path; +use Getopt::Long; + +my $quiet; +my $force; +my $maintmode; +my $purge; + +Getopt::Long::Configure('bundling'); +GetOptions( + 'quiet|q' => \$quiet, + 'force|f' => \$force, + 'maintmode|m' => \$maintmode, + 'purge|p' => \$purge +) or exit 2; + +my $basename = basename($0); +$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/ + or die "$basename call name unknown\n"; +my $act = $1; +my $obj = $2; +my $dir_suffix = $3; + +my $env_file = $ENV{APACHE_ENVVARS} + || ( + $ENV{APACHE_CONFDIR} + ? "$ENV{APACHE_CONFDIR}/envvars" + : "<%= node['apache']['dir'] %>$dir_suffix/envvars" + ); +$ENV{LANG} = 'C'; +read_env_file($env_file); + +$act .= 'able'; +my ( $name, $dir, $sffx, $reload ); +if ( $obj eq 'mod' ) { + $obj = 'module'; + $dir = 'mods'; + $sffx = '.load'; + $reload = 'restart'; +} +elsif ( $obj eq 'conf' ) { + $obj = 'conf'; + $dir = 'conf'; + $sffx = '.conf'; + $reload = 'reload'; +} +else { + $dir = 'sites'; + $sffx = '.conf'; + $reload = 'reload'; +} +$name = ucfirst($obj); + +my $confdir = $ENV{APACHE_CONFDIR} || "<%= node['apache']['dir'] %>$dir_suffix"; +my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") } + || "$confdir/$dir-available"; +my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled"; +my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "<%= node['apache']['lib_dir'] %>"; + +$statedir .= "/$obj"; + +my $choicedir = $act eq 'enable' ? $availdir : $enabldir; +my $linkdir = File::Spec->abs2rel( $availdir, $enabldir ); + +my $request_reload = 0; + +my $rc = 0; + +if ( !scalar @ARGV ) { + my @choices = myglob('*'); + print "Your choices are: @choices\n"; + print "Which ${obj}(s) do you want to $act (wildcards ok)?\n"; + my $input = <>; + @ARGV = split /\s+/, $input; + +} + +my @objs; +foreach my $arg (@ARGV) { + $arg =~ s/${sffx}$//; + my @glob = myglob($arg); + if ( !@glob ) { + error("No $obj found matching $arg!\n"); + $rc = 1; + } + else { + push @objs, @glob; + } +} + +foreach my $acton (@objs) { + doit($acton) or $rc = 1; +} + +info( + "To activate the new configuration, you need to run:\n service apache2 $reload\n" +) if $request_reload; + +exit($rc); + +############################################################################## + +sub myglob { + my $arg = shift; + + my @glob = map { + s{^$choicedir/}{}; + s{$sffx$}{}; + $_ + } glob("$choicedir/$arg$sffx"); + + return @glob; +} + +sub doit { + my $acton = shift; + + my ( $conftgt, $conflink ); + if ( $obj eq 'module' ) { + if ( $acton eq 'cgi' && threaded() ) { + print + "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n"; + $acton = 'cgid'; + } + + $conftgt = "$availdir/$acton.conf"; + if ( -e $conftgt ) { + $conflink = "$enabldir/$acton.conf"; + } + } + + my $tgt = "$availdir/$acton$sffx"; + my $link = "$enabldir/$acton$sffx"; + + if ( !-e $tgt ) { + if ( -l $link && !-e $link ) { + if ( $act eq 'disable' ) { + info("removing dangling symlink $link\n"); + unlink($link); + + # force a .conf path. It may exist as dangling link, too + $conflink = "$enabldir/$acton.conf"; + + if ( -l $conflink && !-e $conflink ) { + info("removing dangling symlink $conflink\n"); + unlink($conflink); + } + + return 1; + } + else { + error("$link is a dangling symlink!\n"); + } + } + + if ( $purge ) { + switch_marker( $obj, $act, $acton ); + # exit silently, we are purging anyway + return 1; + } + + error("$name $acton does not exist!\n"); + return 0; + } + + # handle module dependencies + if ( $obj eq 'module' ) { + if ( $act eq 'enable' ) { + if ( $acton eq 'mpm_itk' ) { + warning( "MPM_ITK is a third party module that is not part " + . "of the official Apache HTTPD. It has seen less " + . "testing than the official MPM modules." ); + } + my @depends = get_deps("$availdir/$acton.load"); + do_deps( $acton, @depends ) or return 0; + + my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" ); + check_conflicts( $acton, @conflicts ) or return 0; + } + else { + my @depending; + foreach my $d ( glob("$enabldir/*.load") ) { + my @deps = get_deps($d); + if ( is_in( $acton, @deps ) ) { + $d =~ m,/([^/]+).load$,; + push @depending, $1; + } + } + if ( scalar @depending ) { + if ($force) { + do_deps( $acton, @depending ) or return 0; + } + else { + error( + "The following modules depend on $acton ", + "and need to be disabled first: @depending\n" + ); + return 0; + } + } + } + } + elsif ( $act eq 'enable' ) { + my @depends = get_deps("$availdir/$acton$sffx"); + warn_deps( $acton, @depends ) or return 0; + } + + if ( $act eq 'enable' ) { + my $check = check_link( $tgt, $link ); + if ( $check eq 'ok' ) { + if ($conflink) { + + # handle .conf file + my $confcheck = check_link( $conftgt, $conflink ); + if ( $confcheck eq 'ok' ) { + info("$name $acton already enabled\n"); + return 1; + } + elsif ( $confcheck eq 'missing' ) { + print "Enabling config file $acton.conf.\n"; + add_link( $conftgt, $conflink ) or return 0; + } + else { + error( + "Config file $acton.conf not properly enabled: $confcheck\n" + ); + return 0; + } + } + else { + info("$name $acton already enabled\n"); + return 1; + } + } + elsif ( $check eq 'missing' ) { + if ($conflink) { + + # handle .conf file + my $confcheck = check_link( $conftgt, $conflink ); + if ( $confcheck eq 'missing' ) { + add_link( $conftgt, $conflink ) or return 0; + } + elsif ( $confcheck ne 'ok' ) { + error( + "Config file $acton.conf not properly enabled: $confcheck\n" + ); + return 0; + } + } + + print "Enabling $obj $acton.\n"; + if ( $acton eq 'ssl' ) { + info( "See /usr/share/doc/apache2/README.Debian.gz on " + . "how to configure SSL and create self-signed certificates.\n" + ); + } + return add_link( $tgt, $link ) + && switch_marker( $obj, $act, $acton ); + } + else { + error("$name $acton not properly enabled: $check\n"); + return 0; + } + } + else { + if ( -e $link || -l $link ) { + remove_link($link); + if ( $conflink && -e $conflink ) { + remove_link($conflink); + } + switch_marker( $obj, $act, $acton ); + print "$name $acton disabled.\n"; + } + elsif ( $conflink && -e $conflink ) { + print "Disabling stale config file $acton.conf.\n"; + remove_link($conflink); + } + else { + info("$name $acton already disabled\n"); + if ( $purge ) { + switch_marker( $obj, $act, $acton ); + } + return 1; + } + } + + return 1; +} + +sub get_deps { + my $file = shift; + my $type = shift || "Depends"; + + my $fd; + if ( !open( $fd, '<', $file ) ) { + error("Can't open $file: $!"); + return; + } + my $line; + while ( defined( $line = <$fd> ) ) { + chomp $line; + if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) { + my $deps = $1; + return split( /[\n\s]+/, $deps ); + } + + # only check until the first non-empty non-comment line + last if ( $line !~ /^\s*(?:#.*)?$/ ); + } + return; +} + +sub do_deps { + my $acton = shift; + foreach my $d (@_) { + info("Considering dependency $d for $acton:\n"); + if ( !doit($d) ) { + error("Could not $act dependency $d for $acton, aborting\n"); + return 0; + } + } + return 1; +} + +sub warn_deps { + my $acton = shift; + my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled"; + foreach my $d (@_) { + info("Checking dependency $d for $acton:\n"); + if ( !-e "$modsenabldir/$d.load" ) { + warning( + "Module $d is not enabled, but $acton depends on it, aborting\n" + ); + return 0; + } + } + return 1; +} + +sub check_conflicts { + my $acton = shift; + my $haderror = 0; + foreach my $d (@_) { + info("Considering conflict $d for $acton:\n"); + + my $tgt = "$availdir/$d$sffx"; + my $link = "$enabldir/$d$sffx"; + + my $confcheck = check_link( $tgt, $link ); + if ( $confcheck eq 'ok' ) { + error( + "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n" + ); + + # Don't return immediately, there could be several conflicts + $haderror++; + } + } + + if ($haderror) { + return 0; + } + + return 1; +} + +sub add_link { + my ( $tgt, $link ) = @_; + + # create relative link + if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) { + die("Could not create $link: $!\n"); + } + $request_reload = 1; + return 1; +} + +sub check_link { + my ( $tgt, $link ) = @_; + + if ( !-e $link ) { + if ( -l $link ) { + + # points to nowhere + info("Removing dangling link $link"); + unlink($link) or die "Could not remove $link\n"; + } + return 'missing'; + } + + if ( -e $link && !-l $link ) { + return "$link is a real file, not touching it"; + } + if ( realpath($link) ne realpath($tgt) ) { + return "$link exists but does not point to $tgt, not touching it"; + } + return 'ok'; +} + +sub remove_link { + my ($link) = @_; + + if ( -l $link ) { + unlink($link) or die "Could not remove $link: $!\n"; + } + elsif ( -e $link ) { + error("$link is not a symbolic link, not deleting\n"); + return 0; + } + $request_reload = 1; + return 1; +} + +sub threaded { + my $result = ""; + $result = qx{<%= node['apache']['apachectl'] %> -V | grep 'threaded'} + if -x '<%= node['apache']['apachectl'] %>'; + if ( $? != 0 ) { + + # config doesn't work + if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" ) + { + return 0; + } + elsif (-e "$enabldir/mpm_worker.load" + || -e "$enabldir/mpm_event.load" ) + { + return 1; + } + else { + error("Can't determine enabled MPM"); + + # do what user requested + return 0; + } + } + if ( $result =~ / no/ ) { + return 0; + } + elsif ( $result =~ / yes/ ) { + return 1; + } + else { + die("Can't parse output from apache2ctl -V:\n$result\n"); + } +} + +sub info { + print @_ if !$quiet; +} + +sub error { + print STDERR 'ERROR: ', @_; +} + +sub warning { + print STDERR 'WARNING: ', @_; +} + +sub is_in { + my $needle = shift; + foreach my $e (@_) { + return 1 if $needle eq $e; + } + return 0; +} + +sub read_env_file { + my $file = shift; + + -r $file or return; + my @lines = qx{env - sh -c '. $file && env'}; + if ($?) { + die "Could not read $file\n"; + } + + foreach my $l (@lines) { + chomp $l; + $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n"; + $ENV{$1} = $2; + } +} + +sub switch_marker { + die('usage: switch_marker([module|site|conf], [enable|disable], $name)') + if @_ != 3; + my $which = shift; + my $what = shift; + my $name = shift; + + my $mode = "admin"; + $mode = "maint" if $maintmode; + + #print("switch_marker $which $what $name\n"); + # TODO: get rid of the magic string(s) + my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode"; + my $state_marker = "$state_marker_dir/$name"; + if ( !-d $state_marker_dir ) { + File::Path::mkpath("$state_marker_dir") + || error( + "Failed to create marker directory: '$state_marker_dir'\n"); + } + + # XXX: swap find with perl alternative + my @markers = qx{find "$statedir" -type f -a -name "$name"}; + chomp(@markers); + foreach (@markers) { + unless ( unlink $_ ) { + error("Failed to remove old marker '$_'!\n") && return 0; + } + } + unless ($purge) { + qx{touch "$state_marker"}; + if ( $? != 0 ) { + error("Failed to create marker '$state_marker'!\n") && return 0; + } + return 1; + } +} + +# vim: syntax=perl sw=4 sts=4 sr et diff --git a/chef/cookbooks/berks/apache2/templates/default/apache2.conf.erb b/chef/cookbooks/berks/apache2/templates/default/apache2.conf.erb index 5bc6d3c..e22a7ac 100644 --- a/chef/cookbooks/berks/apache2/templates/default/apache2.conf.erb +++ b/chef/cookbooks/berks/apache2/templates/default/apache2.conf.erb @@ -8,12 +8,10 @@ ServerRoot "<%= node['apache']['dir'] %>" # # The accept serialization lock file MUST BE STORED ON A LOCAL DISK. # -<% if %w[debian].include?(node['platform_family']) -%> -LockFile /var/lock/apache2/accept.lock -<% elsif %w[freebsd].include?(node['platform_family']) -%> -LockFile /var/log/accept.lock -<% else %> -LockFile logs/accept.lock +<% if node['apache']['version'] == '2.2' -%> +LockFile <%= node['apache']['lock_dir'] %>/accept.lock +<% elsif node['apache']['version'] == '2.4' -%> +Mutex file:<%= node['apache']['lock_dir'] %> default <% end -%> # @@ -46,44 +44,40 @@ MaxKeepAliveRequests <%= node['apache']['keepaliverequests'] %> # KeepAliveTimeout <%= node['apache']['keepalivetimeout'] %> -## -## Server-Pool Size Regulation (MPM specific) -## - -# prefork MPM -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves - - StartServers <%= node['apache']['prefork']['startservers'] %> - MinSpareServers <%= node['apache']['prefork']['minspareservers'] %> - MaxSpareServers <%= node['apache']['prefork']['maxspareservers'] %> - ServerLimit <%= node['apache']['prefork']['serverlimit'] %> - MaxClients <%= node['apache']['prefork']['maxclients'] %> - MaxRequestsPerChild <%= node['apache']['prefork']['maxrequestsperchild'] %> - - -# worker MPM -# StartServers: initial number of server processes to start -# MaxClients: maximum number of simultaneous client connections -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadsPerChild: constant number of worker threads in each server process -# MaxRequestsPerChild: maximum number of requests a server process serves - - StartServers <%= node['apache']['worker']['startservers'] %> - ServerLimit <%= node['apache']['worker']['serverlimit'] %> - MaxClients <%= node['apache']['worker']['maxclients'] %> - MinSpareThreads <%= node['apache']['worker']['minsparethreads'] %> - MaxSpareThreads <%= node['apache']['worker']['maxsparethreads'] %> - ThreadsPerChild <%= node['apache']['worker']['threadsperchild'] %> - MaxRequestsPerChild <%= node['apache']['worker']['maxrequestsperchild'] %> - - +# User <%= node['apache']['user'] %> Group <%= node['apache']['group'] %> +# + +<% if node['apache']['version'] == '2.4' -%> +# Sets the default security model of the Apache2 HTTPD server. It does +# not allow access to the root filesystem outside of /usr/share and node['apache']['docroot_dir']. +# If your system is serving content from a sub-directory in /srv you must allow +# access in conf-enabled, or in any related virtual host. e.g. +# +# +# Options Indexes FollowSymLinks +# AllowOverride None +# Require all granted +# +# + + Options FollowSymLinks + AllowOverride None + Require all denied + + + + AllowOverride None + Require all granted + + +> + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + +<% end -%> # # AccessFileName: The name of the file to look for in each directory @@ -98,10 +92,15 @@ AccessFileName .htaccess # viewed by Web clients. # + <% if node['apache']['version'] == '2.2' -%> Order allow,deny Deny from all + <% elsif node['apache']['version'] == '2.4' -%> + Require all denied + <% end -%> +<% if node['apache']['version'] == '2.2' -%> # # DefaultType is the default MIME type the server will use for a document # if it cannot otherwise determine one, such as from filename extensions. @@ -112,7 +111,7 @@ AccessFileName .htaccess # text. # DefaultType text/plain - +<% end -%> # # HostnameLookups: Log the names of clients or just their IP addresses @@ -130,7 +129,11 @@ HostnameLookups Off # logged here. If you *do* define an error logfile for a # container, that host's errors will be logged there and not here. # +<% if node['apache']['error_log'] =~ /^syslog:/ %> +ErrorLog <%= node['apache']['error_log'] %> +<% else %> ErrorLog <%= node['apache']['log_dir'] %>/<%= node['apache']['error_log'] %> +<% end %> # # LogLevel: Control the number of messages logged to the error_log. @@ -143,8 +146,13 @@ LogLevel warn #LoadModule dummy_module modules/mod_dummy.so # Include module configuration: +<% if node['apache']['version'] == '2.2' -%> Include <%= node['apache']['dir'] %>/mods-enabled/*.load Include <%= node['apache']['dir'] %>/mods-enabled/*.conf +<% elsif node['apache']['version'] == '2.4' -%> +IncludeOptional <%= node['apache']['dir'] %>/mods-enabled/*.load +IncludeOptional <%= node['apache']['dir'] %>/mods-enabled/*.conf +<% end -%> <% if %w[freebsd].include?(node['platform_family']) -%> @@ -156,6 +164,37 @@ Include <%= node['apache']['dir'] %>/mods-enabled/*.conf # Include ports listing Include <%= node['apache']['dir'] %>/ports.conf +<% if node['apache']['version'] == '2.4' -%> +# Sets the default security model of the Apache2 HTTPD server. It does +# not allow access to the root filesystem outside of /usr/share and /var/www. +# The former is used by web applications packaged in Debian, +# the latter may be used for local directories served by the web server. If +# your system is serving content from a sub-directory in /srv you must allow +# access here, or in any related virtual host. + + Options FollowSymLinks + AllowOverride None + Require all denied + + + + AllowOverride None + Require all granted + + +> + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + +# +# Options Indexes FollowSymLinks +# AllowOverride None +# Require all granted +# +<% end -%> + # # The following directives define some format nicknames for use with # a CustomLog directive (see below). @@ -166,7 +205,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent # - +<% if node['apache']['version'] == '2.2' -%> # Customizable error responses come in three flavors: # 1) plain text 2) local redirects 3) external redirects # @@ -228,11 +267,18 @@ LogFormat "%{User-agent}i" agent # ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var # ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var # ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var +<% end -%> +<% if node['apache']['version'] == '2.4' -%> +# Include generic snippets of statements +IncludeOptional <%= node['apache']['dir'] %>/conf-enabled/*.conf - +# Include the virtual host configurations: +IncludeOptional <%= node['apache']['dir'] %>/sites-enabled/*.conf +<% else -%> # Include generic snippets of statements -Include <%= node['apache']['dir'] %>/conf.d/*.conf +Include <%= node['apache']['dir'] %>/conf-enabled/*.conf # Include the virtual host configurations: -Include <%= node['apache']['dir'] %>/sites-enabled/ +Include <%= node['apache']['dir'] %>/sites-enabled/*.conf +<% end -%> diff --git a/chef/cookbooks/berks/apache2/templates/default/apache2.god.erb b/chef/cookbooks/berks/apache2/templates/default/apache2.god.erb index 86947f5..d32ff25 100644 --- a/chef/cookbooks/berks/apache2/templates/default/apache2.god.erb +++ b/chef/cookbooks/berks/apache2/templates/default/apache2.god.erb @@ -6,7 +6,7 @@ God.watch do |w| w.restart = "<%= @params[:restart] %>" w.start_grace = 10.seconds w.restart_grace = 10.seconds - w.pid_file = "/var/run/apache2.pid" + w.pid_file = "<%= node['apache']['pid_file'] %>" w.behavior(:clean_pid_file) w.start_if do |start| diff --git a/chef/cookbooks/berks/apache2/templates/default/charset.conf.erb b/chef/cookbooks/berks/apache2/templates/default/charset.conf.erb new file mode 100644 index 0000000..40d7198 --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/charset.conf.erb @@ -0,0 +1,6 @@ +# Read the documentation before enabling AddDefaultCharset. +# In general, it is only a good idea if you know that all your files +# have this encoding. It will override any encoding given in the files +# in meta http-equiv or xml encoding tags. + +#AddDefaultCharset UTF-8 diff --git a/chef/cookbooks/berks/apache2/templates/default/charset.erb b/chef/cookbooks/berks/apache2/templates/default/charset.erb deleted file mode 100644 index 40d7198..0000000 --- a/chef/cookbooks/berks/apache2/templates/default/charset.erb +++ /dev/null @@ -1,6 +0,0 @@ -# Read the documentation before enabling AddDefaultCharset. -# In general, it is only a good idea if you know that all your files -# have this encoding. It will override any encoding given in the files -# in meta http-equiv or xml encoding tags. - -#AddDefaultCharset UTF-8 diff --git a/chef/cookbooks/berks/apache2/templates/default/default-site.conf.erb b/chef/cookbooks/berks/apache2/templates/default/default-site.conf.erb new file mode 100644 index 0000000..02568d3 --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/default-site.conf.erb @@ -0,0 +1,71 @@ + + ServerAdmin <%= node['apache']['contact'] %> + + DocumentRoot <%= node['apache']['docroot_dir'] %>/ + + Options FollowSymLinks + AllowOverride None + + + /> + Options Indexes FollowSymLinks MultiViews + AllowOverride None + <% if node['apache']['version'] == '2.4' -%> + Require all granted + # This directive allows us to have apache2's default start page + # in /apache2-default/, but still have / go to the right place + #RedirectMatch ^/$ /apache2-default/ + <% elsif node['apache']['version'] == '2.2' -%> + Order allow,deny + Allow from all + <% end -%> + + + ScriptAlias /cgi-bin/ <%= node['apache']['cgibin_dir'] %>/ + "> + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + <% if node['apache']['version'] == '2.4' -%> + Require all granted + <% elsif node['apache']['version'] == '2.2' -%> + Order allow,deny + Allow from all + <% end -%> + + + ErrorLog <%= node['apache']['log_dir'] %>/<%= node['apache']['error_log'] %> + + # Possible values include: debug, info, notice, warn, error, crit, + # alert, emerg. + LogLevel warn + + CustomLog <%= node['apache']['log_dir'] %>/<%= node['apache']['access_log'] %> combined + ServerSignature On + + Alias /doc/ "/usr/share/doc/" + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + <% if node['apache']['version'] == '2.2' -%> + Order deny,allow + Deny from all + Allow from 127.0.0.0/255.0.0.0 ::1/128 + <% elsif node['apache']['version'] == '2.4' -%> + Require ip 127.0.0.0/255.0.0.0 + Require ip ::1/128 + <% end -%> + + + <% if %w{ rhel fedora }.include?(node['platform_family']) -%> + # + # This configuration file enables the default "Welcome" + # page if there is no default index page present for + # the root URL. To disable the Welcome page, comment + # out all the lines below. + # + + Options -Indexes + ErrorDocument 403 /error/noindex.html + + <% end -%> + diff --git a/chef/cookbooks/berks/apache2/templates/default/default-site.erb b/chef/cookbooks/berks/apache2/templates/default/default-site.erb deleted file mode 100644 index b134437..0000000 --- a/chef/cookbooks/berks/apache2/templates/default/default-site.erb +++ /dev/null @@ -1,55 +0,0 @@ - - ServerAdmin <%= node['apache']['contact'] %> - - DocumentRoot <%= node['apache']['docroot_dir'] %>/ - - Options FollowSymLinks - AllowOverride None - - - /> - Options Indexes FollowSymLinks MultiViews - AllowOverride None - Order allow,deny - Allow from all - - - ScriptAlias /cgi-bin/ <%= node['apache']['cgibin_dir'] %>/ - "> - AllowOverride None - Options ExecCGI -MultiViews +SymLinksIfOwnerMatch - Order allow,deny - Allow from all - - - ErrorLog <%= node['apache']['log_dir'] %>/<%= node['apache']['error_log'] %> - - # Possible values include: debug, info, notice, warn, error, crit, - # alert, emerg. - LogLevel warn - - CustomLog <%= node['apache']['log_dir'] %>/<%= node['apache']['access_log'] %> combined - ServerSignature On - - Alias /doc/ "/usr/share/doc/" - - Options Indexes MultiViews FollowSymLinks - AllowOverride None - Order deny,allow - Deny from all - Allow from 127.0.0.0/255.0.0.0 ::1/128 - - - <% if %w[rhel fedora].include?(node['platform_family']) -%> - # - # This configuration file enables the default "Welcome" - # page if there is no default index page present for - # the root URL. To disable the Welcome page, comment - # out all the lines below. - # - - Options -Indexes - ErrorDocument 403 /error/noindex.html - - <% end -%> - diff --git a/chef/cookbooks/berks/apache2/templates/default/envvars.erb b/chef/cookbooks/berks/apache2/templates/default/envvars.erb new file mode 100644 index 0000000..35120dc --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/envvars.erb @@ -0,0 +1,44 @@ +# envvars - default environment variables for apache2ctl + +# this won't be correct after changing uid +unset HOME + +# Since there is no sane way to get the parsed apache2 config in scripts, some +# settings are defined via environment variables and then used in apache2ctl, +# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc. +export APACHE_RUN_USER=<%= node['apache']['user'] %> +export APACHE_RUN_GROUP=<%= node['apache']['group'] %> +# temporary state file location. This might be changed to /run in Wheezy+1 +export APACHE_PID_FILE=<%= node['apache']['pid_file'] %> +export APACHE_RUN_DIR=<%= node['apache']['run_dir'] %> +export APACHE_LOCK_DIR=<%= node['apache']['lock_dir'] %> +# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2. +export APACHE_LOG_DIR=<%= node['apache']['log_dir'] %> + +## The locale used by some modules like mod_dav +<%- if node['apache']['locale'] != 'system' %> +export LANG=<%= node['apache']['locale'] %> +export LC_ALL=<%= node['apache']['locale'] %> +<%- else %> +## Uncomment the following line to use the system default locale instead: +. /etc/default/locale +export LANG +<%- end %> + + +## The command to get the status for 'apache2ctl status'. +## Some packages providing 'www-browser' need '--dump' instead of '-dump'. +#export APACHE_LYNX='www-browser -dump' + +## If you need a higher file descriptor limit, uncomment and adjust the +## following line (default is 8192): +#APACHE_ULIMIT_MAX_FILES='ulimit -n 65536' + +## If you would like to pass arguments to the web server, add them below +## to the APACHE_ARGUMENTS environment. +#export APACHE_ARGUMENTS='' + +## Enable the debug mode for maintainer scripts. +## This will produce a verbose output on package installations of web server modules and web application +## installations which interact with Apache +#export APACHE2_MAINTSCRIPT_DEBUG=1 diff --git a/chef/cookbooks/berks/apache2/templates/default/etc-sysconfig-httpd.erb b/chef/cookbooks/berks/apache2/templates/default/etc-sysconfig-httpd.erb index faa27a8..71ae7cf 100644 --- a/chef/cookbooks/berks/apache2/templates/default/etc-sysconfig-httpd.erb +++ b/chef/cookbooks/berks/apache2/templates/default/etc-sysconfig-httpd.erb @@ -1,4 +1,4 @@ -# This file managed by Chef. Changes will be overwritten. +# This file is managed by Chef. Changes will be overwritten. # # The default processing model (MPM) is the process-based @@ -19,7 +19,7 @@ HTTPD=<%= node['apache']['binary'] %> # change the locale in which the server runs, the HTTPD_LANG # variable can be set. # -#HTTPD_LANG=C +HTTPD_LANG=<%= node['apache']['locale'] %> # # By default, the httpd process will create the file diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/actions.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/actions.conf.erb new file mode 100644 index 0000000..147a645 --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/mods/actions.conf.erb @@ -0,0 +1,9 @@ + + # + # Action lets you define media types that will execute a script whenever + # a matching file is called. This eliminates the need for repeated URL + # pathnames for oft-used CGI file processors. + # Format: Action media/type /cgi-script/location + # Format: Action handler-name /cgi-script/location + # + diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/alias.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/alias.conf.erb index 8d8c2ec..80bef61 100644 --- a/chef/cookbooks/berks/apache2/templates/default/mods/alias.conf.erb +++ b/chef/cookbooks/berks/apache2/templates/default/mods/alias.conf.erb @@ -17,7 +17,11 @@ "> Options Indexes MultiViews AllowOverride None +<% if node['apache']['version'] == "2.4" -%> + Require all granted +<% else -%> Order allow,deny Allow from all +<% end -%> diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/auth_cas.load.erb b/chef/cookbooks/berks/apache2/templates/default/mods/auth_cas.load.erb index 0e3a002..5dc31a5 100644 --- a/chef/cookbooks/berks/apache2/templates/default/mods/auth_cas.load.erb +++ b/chef/cookbooks/berks/apache2/templates/default/mods/auth_cas.load.erb @@ -1 +1 @@ -LoadModule auth_cas_module <%= node['apache']['libexecdir'] %>/mod_auth_cas.so +LoadModule auth_cas_module <%= node['apache']['libexec_dir'] %>/mod_auth_cas.so diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/authopenid.load.erb b/chef/cookbooks/berks/apache2/templates/default/mods/authopenid.load.erb index d226ecf..7042a7e 100644 --- a/chef/cookbooks/berks/apache2/templates/default/mods/authopenid.load.erb +++ b/chef/cookbooks/berks/apache2/templates/default/mods/authopenid.load.erb @@ -1 +1 @@ -LoadModule authopenid_module <%= node['apache']['libexecdir'] %>/mod_auth_openid.so +LoadModule authopenid_module <%= node['apache']['libexec_dir'] %>/mod_auth_openid.so diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/cache_disk.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/cache_disk.conf.erb new file mode 100644 index 0000000..87117b4 --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/mods/cache_disk.conf.erb @@ -0,0 +1,23 @@ + + # cache cleaning is done by htcacheclean, which can be configured in + # /etc/default/apache2 + # + # For further information, see the comments in that file, + # /usr/share/doc/apache2/README.Debian, and the htcacheclean(8) + # man page. + + # This path must be the same as the one in /etc/default/apache2 + CacheRoot /var/cache/apache2/mod_cache_disk + + # This will also cache local documents. It usually makes more sense to + # put this into the configuration for just one virtual host. + CacheEnable disk / + + + # The result of CacheDirLevels * CacheDirLength must not be higher than + # 20. Moreover, pay attention on file system limits. Some file systems + # do not support more than a certain number of inodes and + # subdirectories (e.g. 32000 for ext3) + CacheDirLevels 2 + CacheDirLength 1 + diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/cgid.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/cgid.conf.erb new file mode 100644 index 0000000..355236c --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/mods/cgid.conf.erb @@ -0,0 +1,3 @@ +# Socket for cgid communication +# +ScriptSock <%= node['apache']['run_dir'] %>/cgisock diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/dav_fs.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/dav_fs.conf.erb new file mode 100644 index 0000000..609b2f4 --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/mods/dav_fs.conf.erb @@ -0,0 +1 @@ +DAVLockDB <%= node['apache']['lock_dir'] %>/DAVLock diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/deflate.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/deflate.conf.erb index 4a312b2..7dd016a 100644 --- a/chef/cookbooks/berks/apache2/templates/default/mods/deflate.conf.erb +++ b/chef/cookbooks/berks/apache2/templates/default/mods/deflate.conf.erb @@ -1,16 +1,18 @@ - AddOutputFilterByType DEFLATE text/html - AddOutputFilterByType DEFLATE text/css - AddOutputFilterByType DEFLATE text/plain - AddOutputFilterByType DEFLATE text/xml - AddOutputFilterByType DEFLATE application/xhtml+xml - AddOutputFilterByType DEFLATE application/xml - AddOutputFilterByType DEFLATE image/svg+xml - AddOutputFilterByType DEFLATE application/rss+xml - AddOutputFilterByType DEFLATE application/atom_xml - AddOutputFilterByType DEFLATE application/javascript - AddOutputFilterByType DEFLATE application/x-javascript - AddOutputFilterByType DEFLATE application/x-httpd-php - AddOutputFilterByType DEFLATE application/x-httpd-fastphp - AddOutputFilterByType DEFLATE application/x-httpd-eruby + + # these are known to be safe with MSIE 6 + AddOutputFilterByType DEFLATE text/html text/plain text/xml + + # everything else may cause problems with MSIE 6 + AddOutputFilterByType DEFLATE text/css + AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript + AddOutputFilterByType DEFLATE application/rss+xml + AddOutputFilterByType DEFLATE application/xml + AddOutputFilterByType DEFLATE application/xhtml+xml + AddOutputFilterByType DEFLATE image/svg+xml + AddOutputFilterByType DEFLATE application/atom_xml + AddOutputFilterByType DEFLATE application/x-httpd-php + AddOutputFilterByType DEFLATE application/x-httpd-fastphp + AddOutputFilterByType DEFLATE application/x-httpd-eruby + diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/info.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/info.conf.erb index 1d0e7ea..a735ae5 100644 --- a/chef/cookbooks/berks/apache2/templates/default/mods/info.conf.erb +++ b/chef/cookbooks/berks/apache2/templates/default/mods/info.conf.erb @@ -7,8 +7,13 @@ # SetHandler server-info +<% if node['apache']['version'] == '2.4' -%> + Require local + Require ip <%= node['apache']['info_allow_list'] %> +<% else -%> Order deny,allow Deny from all Allow from <%= node['apache']['info_allow_list'] %> +<% end -%> diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/ldap.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/ldap.conf.erb new file mode 100644 index 0000000..6333d06 --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/mods/ldap.conf.erb @@ -0,0 +1,4 @@ + + SetHandler ldap-status + Require local + diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/mime_magic.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/mime_magic.conf.erb new file mode 100644 index 0000000..bb31b1a --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/mods/mime_magic.conf.erb @@ -0,0 +1,3 @@ + + MIMEMagicFile <%= node['apache']['dir'] %>/magic + diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/mpm_event.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/mpm_event.conf.erb new file mode 100644 index 0000000..5b85c96 --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/mods/mpm_event.conf.erb @@ -0,0 +1,32 @@ +# event MPM + + <% if node['apache']['version'] == '2.4' -%> + # StartServers: initial number of server processes to start + # MinSpareThreads: minimum number of worker threads which are kept spare + # MaxSpareThreads: maximum number of worker threads which are kept spare + # ThreadsPerChild: constant number of worker threads in each server process + # MaxRequestWorkers: maximum number of worker threads + # MaxConnectionsPerChild: maximum number of requests a server process serves + StartServers <%= node['apache']['event']['startservers'] %> + MinSpareThreads <%= node['apache']['event']['minsparethreads'] %> + MaxSpareThreads <%= node['apache']['event']['maxsparethreads'] %> + ThreadsPerChild <%= node['apache']['event']['threadsperchild'] %> + MaxRequestWorkers <%= node['apache']['event']['maxrequestworkers'] %> + MaxConnectionsPerChild <%= node['apache']['event']['maxconnectionsperchild'] %> + ThreadLimit <%= node['apache']['event']['threadlimit'] %> + ServerLimit <%= node['apache']['event']['serverlimit'] %> + <% else -%> + # StartServers: number of server processes to start + # MinSpareServers: minimum number of server processes which are kept spare + # MaxSpareServers: maximum number of server processes which are kept spare + # MaxClients: maximum number of server processes allowed to start + # MaxRequestsPerChild: maximum number of requests a server process serves + StartServers <%= node['apache']['event']['startservers'] %> + MinSpareThreads <%= node['apache']['event']['minsparethreads'] %> + MaxSpareThreads <%= node['apache']['event']['maxsparethreads'] %> + MaxClients <%= node['apache']['event']['maxrequestworkers'] %> + MaxRequestsPerChild <%= node['apache']['event']['maxconnectionsperchild'] %> + ThreadLimit <%= node['apache']['event']['threadlimit'] %> + ServerLimit <%= node['apache']['event']['serverlimit'] %> + <% end -%> + diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/mpm_prefork.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/mpm_prefork.conf.erb new file mode 100644 index 0000000..62b5503 --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/mods/mpm_prefork.conf.erb @@ -0,0 +1,27 @@ +# prefork MPM + + <% if node['apache']['version'] == '2.4' -%> + # StartServers: number of server processes to start + # MinSpareServers: minimum number of server processes which are kept spare + # MaxSpareServers: maximum number of server processes which are kept spare + # MaxRequestWorkers: maximum number of server processes allowed to start + # MaxConnectionsPerChild: maximum number of requests a server process serves + StartServers <%= node['apache']['prefork']['startservers'] %> + MinSpareServers <%= node['apache']['prefork']['minspareservers'] %> + MaxSpareServers <%= node['apache']['prefork']['maxspareservers'] %> + MaxRequestWorkers <%= node['apache']['prefork']['maxrequestworkers'] %> + MaxConnectionsPerChild <%= node['apache']['prefork']['maxconnectionsperchild'] %> + <% else -%> + # StartServers: number of server processes to start + # MinSpareServers: minimum number of server processes which are kept spare + # MaxSpareServers: maximum number of server processes which are kept spare + # MaxClients: maximum number of server processes allowed to start + # MaxRequestsPerChild: maximum number of requests a server process serves + StartServers <%= node['apache']['prefork']['startservers'] %> + MinSpareServers <%= node['apache']['prefork']['minspareservers'] %> + MaxSpareServers <%= node['apache']['prefork']['maxspareservers'] %> + ServerLimit <%= node['apache']['prefork']['serverlimit'] %> + MaxClients <%= node['apache']['prefork']['maxrequestworkers'] %> + MaxRequestsPerChild <%= node['apache']['prefork']['maxconnectionsperchild'] %> + <% end -%> + diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/mpm_worker.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/mpm_worker.conf.erb new file mode 100644 index 0000000..d3eb5a6 --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/mods/mpm_worker.conf.erb @@ -0,0 +1,20 @@ +# worker MPM +# StartServers: initial number of server processes to start +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a +# graceful restart. ThreadLimit can only be changed by stopping +# and starting Apache. +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestWorkers: maximum number of threads +# MaxConnectionsPerChild: maximum number of requests a server process serves + + StartServers <%= node['apache']['worker']['startservers'] %> + MinSpareThreads <%= node['apache']['worker']['minsparethreads'] %> + MaxSpareThreads <%= node['apache']['worker']['maxsparethreads'] %> + ThreadsPerChild <%= node['apache']['worker']['threadsperchild'] %> + MaxRequestWorkers <%= node['apache']['worker']['maxrequestworkers'] %> + MaxConnectionsPerChild <%= node['apache']['worker']['maxconnectionsperchild'] %> + ThreadLimit <%= node['apache']['worker']['threadlimit'] %> + ServerLimit <%= node['apache']['worker']['serverlimit'] %> + diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/php5.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/php5.conf.erb index 5d2f911..b11f1b2 100644 --- a/chef/cookbooks/berks/apache2/templates/default/mods/php5.conf.erb +++ b/chef/cookbooks/berks/apache2/templates/default/mods/php5.conf.erb @@ -1,16 +1,37 @@ - - SetHandler application/x-httpd-php - - - SetHandler application/x-httpd-php-source - - # To re-enable php in user directories comment the following lines - # (from to .) Do NOT set it to On as it - # prevents .htaccess files from disabling it. - - - php_admin_value engine Off - - + + SetHandler application/x-httpd-php + + + SetHandler application/x-httpd-php-source + # Deny access to raw php sources by default + # To re-enable it's recommended to enable access to the files + # only in specific virtual host or directory +<% if node['apache']['version'] == '2.4' -%> + Require all denied +<% else -%> + Order Deny,Allow + Deny from all +<% end -%> + + # Deny access to files without filename (e.g. '.php') + +<% if node['apache']['version'] == '2.4' -%> + Require all denied +<% else -%> + Order Deny,Allow + Deny from all +<% end -%> + + + # Running PHP scripts in user directories is disabled by default + # + # To re-enable PHP in user directories comment the following lines + # (from to .) Do NOT set it to On as it + # prevents .htaccess files from disabling it. + + + php_admin_value engine Off + + diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/proxy.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/proxy.conf.erb index 553a3ca..4cb64af 100644 --- a/chef/cookbooks/berks/apache2/templates/default/mods/proxy.conf.erb +++ b/chef/cookbooks/berks/apache2/templates/default/mods/proxy.conf.erb @@ -6,9 +6,13 @@ AddDefaultCharset off + <% if node['apache']['version'] == "2.4" -%> + Require <%= node['apache']['proxy']['require'] %> + <% else -%> Order <%= node['apache']['proxy']['order'] %> Deny from <%= node['apache']['proxy']['deny_from'] %> Allow from <%= node['apache']['proxy']['allow_from'] %> + <% end -%> # Enable/disable the handling of HTTP/1.1 "Via:" headers. diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/proxy_balancer.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/proxy_balancer.conf.erb new file mode 100644 index 0000000..4131537 --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/mods/proxy_balancer.conf.erb @@ -0,0 +1,18 @@ + + # Balancer manager enables dynamic update of balancer members + # (needs mod_status). Uncomment to enable. + # + # + # + # SetHandler balancer-manager +<% if node['apache']['version'] == '2.4' -%> + # Require local +<% else -%> + # Order deny,allow + # Deny from all + # Allow from 127.0.0.1 ::1 + # Satisfy all +<% end -%> + # + # + diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/proxy_ftp.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/proxy_ftp.conf.erb new file mode 100644 index 0000000..548124b --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/mods/proxy_ftp.conf.erb @@ -0,0 +1,4 @@ + + # Define the character set for proxied FTP listings. Default is ISO-8859-1 + ProxyFtpDirCharset UTF-8 + diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/reqtimeout.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/reqtimeout.conf.erb new file mode 100644 index 0000000..b64e9cf --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/mods/reqtimeout.conf.erb @@ -0,0 +1,22 @@ + + # mod_reqtimeout limits the time waiting on the client to prevent an + # attacker from causing a denial of service by opening many connections + # but not sending requests. This file tries to give a sensible default + # configuration, but it may be necessary to tune the timeout values to + # the actual situation. Note that it is also possible to configure + # mod_reqtimeout per virtual host. + + # Wait max 20 seconds for the first byte of the request line+headers + # From then, require a minimum data rate of 500 bytes/s, but don't + # wait longer than 40 seconds in total. + # Note: Lower timeouts may make sense on non-ssl virtual hosts but can + # cause problem with ssl enabled virtual hosts: This timeout includes + # the time a browser may need to fetch the CRL for the certificate. If + # the CRL server is not reachable, it may take more than 10 seconds + # until the browser gives up. + RequestReadTimeout header=20-40,minrate=500 + + # Wait max 10 seconds for the first byte of the request body (if any) + # From then, require a minimum data rate of 500 bytes/s + RequestReadTimeout body=10,minrate=500 + diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/setenvif.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/setenvif.conf.erb index 832fb1b..24b5fd9 100644 --- a/chef/cookbooks/berks/apache2/templates/default/mods/setenvif.conf.erb +++ b/chef/cookbooks/berks/apache2/templates/default/mods/setenvif.conf.erb @@ -21,6 +21,8 @@ BrowserMatch "^WebDrive" redirect-carefully BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully BrowserMatch "^gnome-vfs/1.0" redirect-carefully + BrowserMatch "^gvfs/1" redirect-carefully BrowserMatch "^XML Spy" redirect-carefully BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully + BrowserMatch " Konqueror/4" redirect-carefully diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/ssl.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/ssl.conf.erb index 6154b64..b722ebf 100644 --- a/chef/cookbooks/berks/apache2/templates/default/mods/ssl.conf.erb +++ b/chef/cookbooks/berks/apache2/templates/default/mods/ssl.conf.erb @@ -33,44 +33,74 @@ # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. - SSLPassPhraseDialog builtin + SSLPassPhraseDialog <%= node['apache']['mod_ssl']['pass_phrase_dialog'] %> # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). - #SSLSessionCache dbm:/var/run/apache2/ssl_scache - <% if %w[rhel fedora suse].include?(node['platform_family']) -%> - SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) - <% elsif %w[freebsd].include?(node['platform_family']) -%> - SSLSessionCache shmcb:/var/run/ssl_scache(512000) - <% else -%> - SSLSessionCache shmcb:/var/run/apache2/ssl_scache - <% end -%> - SSLSessionCacheTimeout 300 + SSLSessionCache <%= node['apache']['mod_ssl']['session_cache'] %> + SSLSessionCacheTimeout <%= node['apache']['mod_ssl']['session_cache_timeout'] %> +<% if node['apache']['version'] != '2.4' -%> # Semaphore: # Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization. - <% if %w[rhel fedora suse].include?(node['platform_family']) -%> - SSLMutex default - <% elsif %w[freebsd].include?(node['platform_family']) -%> - SSLMutex file:/var/run/ssl_mutex - <% else -%> - SSLMutex file:/var/run/apache2/ssl_mutex - <% end -%> + SSLMutex <%= node['apache']['mod_ssl']['mutex'] %> +<% end -%> - SSLHonorCipherOrder On # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. # enable only secure ciphers: SSLCipherSuite <%= node['apache']['mod_ssl']['cipher_suite'] %> - # Use this instead if you want to allow cipher upgrades via SGC facility. - # In this case you also have to use something like - # SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 - # see http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html.en#upgradeenc - #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - # enable only secure protocols: SSLv3 and TLSv1, but not SSLv2 - SSLProtocol all -SSLv2 + # Speed-optimized SSL Cipher configuration: + # If speed is your main concern (on busy HTTPS servers e.g.), + # you might want to force clients to specific, performance + # optimized ciphers. In this case, prepend those ciphers + # to the SSLCipherSuite list, and enable SSLHonorCipherOrder. + # Caveat: by giving precedence to RC4-SHA and AES128-SHA + # (as in the example below), most connections will no longer + # have perfect forward secrecy - if the server's key is + # compromised, captures of past or future traffic must be + # considered compromised, too. + #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 + SSLHonorCipherOrder <%= node['apache']['mod_ssl']['honor_cipher_order'] %> + + # The protocols to enable. + # Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2 + # SSL v2 is no longer supported + SSLProtocol <%= node['apache']['mod_ssl']['protocol'] %> + + # Allow insecure renegotiation with clients which do not yet support the + # secure renegotiation protocol. Default: Off + SSLInsecureRenegotiation <%= node['apache']['mod_ssl']['insecure_renegotiation'] %> + + # Whether to forbid non-SNI clients to access name based virtual hosts. + # Default: Off + SSLStrictSNIVHostCheck <%= node['apache']['mod_ssl']['strict_sni_vhost_check'] %> + +<% if node['apache']['version'] == '2.4' -%> + # Enable compression on the SSL level + # Enabling compression causes security issues in most setups (the so called CRIME attack). + # Default: Off + SSLCompression <%= node['apache']['mod_ssl']['compression'] %> + + # OCSP Stapling, only in httpd 2.3.3 and later + # This option enables OCSP stapling, as defined by the "Certificate Status Request" TLS + # extension specified in RFC 6066. If enabled (and requested by the client), mod_ssl will + # include an OCSP response for its own certificate in the TLS handshake. + # Configuring an SSLStaplingCache is a prerequisite for enabling OCSP stapling. + # Default: Off + <% if node['apache']['mod_ssl']['use_stapling'] == 'On' -%> + SSLUseStapling <%= node['apache']['mod_ssl']['use_stapling'] %> + SSLStaplingResponderTimeout <%= node['apache']['mod_ssl']['stapling_responder_timeout'] %> + SSLStaplingReturnResponderErrors <%= node['apache']['mod_ssl']['stapling_return_responder_errors'] %> + SSLStaplingCache <%= node['apache']['mod_ssl']['stapling_cache'] %> + <% end -%> +<% end -%> + + <% node['apache']['mod_ssl']['directives'].sort_by { |key, val| key }.each do |directive, value| -%> + <%= directive %> <%= value %> + <% end -%> diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/status.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/status.conf.erb index a279f9c..be79e4e 100644 --- a/chef/cookbooks/berks/apache2/templates/default/mods/status.conf.erb +++ b/chef/cookbooks/berks/apache2/templates/default/mods/status.conf.erb @@ -7,9 +7,14 @@ # SetHandler server-status +<% if node['apache']['version'] == '2.4' -%> + Require local + Require ip <%=node['apache']['status_allow_list']%> +<% else -%> Order deny,allow Deny from all Allow from <%= node['apache']['status_allow_list'] %> + <% end -%> # @@ -22,4 +27,16 @@ <% else -%> ExtendedStatus Off <% end -%> + +<% if node['apache']['version'] == '2.4' -%> + # Determine if mod_status displays the first 63 characters of a request or + # the last 63, assuming the request itself is greater than 63 chars. + # Default: Off + #SeeRequestTail On + + + # Show Proxy LoadBalancer status in mod_status + ProxyStatus On + +<% end -%> diff --git a/chef/cookbooks/berks/apache2/templates/default/mods/userdir.conf.erb b/chef/cookbooks/berks/apache2/templates/default/mods/userdir.conf.erb new file mode 100644 index 0000000..5c5c25d --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/mods/userdir.conf.erb @@ -0,0 +1,17 @@ +<% if node['apache']['version'] == '2.4' -%> + + UserDir public_html + UserDir disabled root + + + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + + Require all granted + + + Require all denied + + + +<% end -%> diff --git a/chef/cookbooks/berks/apache2/templates/default/ports.conf.erb b/chef/cookbooks/berks/apache2/templates/default/ports.conf.erb index dcbefc4..d3a2ca2 100644 --- a/chef/cookbooks/berks/apache2/templates/default/ports.conf.erb +++ b/chef/cookbooks/berks/apache2/templates/default/ports.conf.erb @@ -5,5 +5,7 @@ <% node['apache']['listen_addresses'].uniq.each do |address| -%> Listen <%= address.length > 0 ? "#{address}:" : '' %><%= port %> <% end -%> +<% if node['apache']['version'] != "2.4" -%> NameVirtualHost *:<%= port %> <% end -%> +<% end -%> diff --git a/chef/cookbooks/berks/apache2/templates/default/security.conf.erb b/chef/cookbooks/berks/apache2/templates/default/security.conf.erb new file mode 100644 index 0000000..c0a2d45 --- /dev/null +++ b/chef/cookbooks/berks/apache2/templates/default/security.conf.erb @@ -0,0 +1,45 @@ +# +# Disable access to the entire file system except for the directories that +# are explicitly allowed later. +# +# This currently breaks the configurations that come with some web application +# Debian packages. It will be made the default for the release after lenny. +# +# +# AllowOverride None +# Order Deny,Allow +# Deny from all +# + +# Changing the following options will not really affect the security of the +# server, but might make attacks slightly more difficult in some cases. + +# +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minimal | Minor | Major | Prod +# where Full conveys the most information, and Prod the least. +# +ServerTokens <%= node['apache']['servertokens'] %> + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +# +ServerSignature <%= node['apache']['serversignature'] %> + +# +# Allow TRACE method +# +# Set to "extended" to also reflect the request body (only for testing and +# diagnostic purposes). +# +# Set to one of: On | Off | extended +# +TraceEnable <%= node['apache']['traceenable'] %> diff --git a/chef/cookbooks/berks/apache2/templates/default/security.erb b/chef/cookbooks/berks/apache2/templates/default/security.erb deleted file mode 100644 index d26e172..0000000 --- a/chef/cookbooks/berks/apache2/templates/default/security.erb +++ /dev/null @@ -1,46 +0,0 @@ -# -# Disable access to the entire file system except for the directories that -# are explicitly allowed later. -# -# This currently breaks the configurations that come with some web application -# Debian packages. It will be made the default for the release after lenny. -# -# -# AllowOverride None -# Order Deny,Allow -# Deny from all -# - -# Changing the following options will not really affect the security of the -# server, but might make attacks slightly more difficult in some cases. - -# -# ServerTokens -# This directive configures what you return as the Server HTTP response -# Header. The default is 'Full' which sends information about the OS-Type -# and compiled in modules. -# Set to one of: Full | OS | Minimal | Minor | Major | Prod -# where Full conveys the most information, and Prod the least. -# -ServerTokens <%= node['apache']['servertokens'] %> - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature <%= node['apache']['serversignature'] %> - -# -# Allow TRACE method -# -# Set to "extended" to also reflect the request body (only for testing and -# diagnostic purposes). -# -# Set to one of: On | Off | extended -# -TraceEnable <%= node['apache']['traceenable'] %> - diff --git a/chef/cookbooks/berks/apache2/templates/default/web_app.conf.erb b/chef/cookbooks/berks/apache2/templates/default/web_app.conf.erb index 5999d1e..d3e8b71 100644 --- a/chef/cookbooks/berks/apache2/templates/default/web_app.conf.erb +++ b/chef/cookbooks/berks/apache2/templates/default/web_app.conf.erb @@ -1,14 +1,19 @@ > ServerName <%= @params[:server_name] %> - ServerAlias <% @params[:server_aliases].each do |a| %><%= a %> <% end %> + <% if @params[:server_aliases] -%> + ServerAlias <%= @params[:server_aliases].join " " %> + <% end -%> DocumentRoot <%= @params[:docroot] %> - RewriteEngine On > Options <%= [@params[:directory_options] || "FollowSymLinks" ].flatten.join " " %> AllowOverride <%= [@params[:allow_override] || "None" ].flatten.join " " %> + <% if node['apache']['version'] == '2.4' -%> + Require all granted + <% else -%> Order allow,deny Allow from all + <% end -%> @@ -19,12 +24,25 @@ SetHandler server-status + <% if node['apache']['version'] == '2.4' -%> + Require local + <% else -%> Order Deny,Allow Deny from all Allow from 127.0.0.1 + <% end -%> + + RewriteEngine On + <%- if node['apache']['version'] == '2.4' -%> + LogLevel info rewrite:trace1 + <%- else -%> LogLevel info + RewriteLog <%= node['apache']['log_dir'] %>/<%= @application_name %>-rewrite.log + RewriteLogLevel 0 + <%- end -%> + ErrorLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-error.log CustomLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-access.log combined @@ -32,10 +50,6 @@ DirectoryIndex <%= [@params[:directory_index]].flatten.join " " %> <% end -%> - RewriteEngine On - RewriteLog <%= node['apache']['log_dir'] %>/<%= @application_name %>-rewrite.log - RewriteLogLevel 0 - # Canonical host, <%= @params[:server_name] %> RewriteCond %{HTTP_HOST} !^<%= @params[:server_name] %> [NC] RewriteCond %{HTTP_HOST} !^$ @@ -43,5 +57,5 @@ RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f RewriteCond %{SCRIPT_FILENAME} !maintenance.html - RewriteRule ^.*$ /system/maintenance.html [L] + RewriteRule ^.*$ /system/maintenance.html [L,R=503] diff --git a/chef/cookbooks/berks/logrotate/.gitignore b/chef/cookbooks/berks/logrotate/.gitignore new file mode 100644 index 0000000..1e25d19 --- /dev/null +++ b/chef/cookbooks/berks/logrotate/.gitignore @@ -0,0 +1,26 @@ +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ +*.tmp +*.bk +*.bkup +.kitchen.local.yml +Berksfile.lock +Gemfile.lock + +.bundle/ +.cache/ +.kitchen/ +.vagrant/ +.vagrant.d/ +bin/ +tmp/ +vendor/ + +# RVM +.ruby-version +.ruby-gemset +.rvmrc \ No newline at end of file diff --git a/chef/cookbooks/berks/logrotate/.kitchen.yml b/chef/cookbooks/berks/logrotate/.kitchen.yml new file mode 100644 index 0000000..f5f5406 --- /dev/null +++ b/chef/cookbooks/berks/logrotate/.kitchen.yml @@ -0,0 +1,20 @@ +driver_plugin: vagrant +driver_config: + require_chef_omnibus: true + +platforms: + - name: ubuntu-12.04 + run_list: + - recipe[apt::default] + - name: centos-6.4 + +suites: + - name: default + run_list: + - recipe[logrotate::default] + - name: definition + run_list: + - recipe[fake::definition] + - name: global + run_list: + - recipe[logrotate::global] diff --git a/chef/cookbooks/berks/logrotate/.rubocop.yml b/chef/cookbooks/berks/logrotate/.rubocop.yml new file mode 100644 index 0000000..e11136d --- /dev/null +++ b/chef/cookbooks/berks/logrotate/.rubocop.yml @@ -0,0 +1,14 @@ +AllCops: + Excludes: + - vendor/** + +AlignParameters: + Enabled: false +Encoding: + Enabled: false +HashSyntax: + Enabled: false +LineLength: + Enabled: false +MethodLength: + Max: 30 diff --git a/chef/cookbooks/berks/logrotate/.travis.yml b/chef/cookbooks/berks/logrotate/.travis.yml new file mode 100644 index 0000000..67836a1 --- /dev/null +++ b/chef/cookbooks/berks/logrotate/.travis.yml @@ -0,0 +1,9 @@ +rvm: + - 1.9.3 + - 2.0.0 +before_script: + - bundle exec berks install +script: + - bundle exec foodcritic -f any . --tags ~FC015 + - bundle exec rspec --color --format progress + - bundle exec rubocop diff --git a/chef/cookbooks/berks/pacman/.gitignore b/chef/cookbooks/berks/pacman/.gitignore new file mode 100644 index 0000000..54e2457 --- /dev/null +++ b/chef/cookbooks/berks/pacman/.gitignore @@ -0,0 +1 @@ +metadata.json diff --git a/chef/cookbooks/berks/pacman/.travis.yml b/chef/cookbooks/berks/pacman/.travis.yml new file mode 100644 index 0000000..be547a6 --- /dev/null +++ b/chef/cookbooks/berks/pacman/.travis.yml @@ -0,0 +1,8 @@ +rvm: + - 1.9.3 + - 2.0.0 +#before_script: +# - bundle exec berks install +script: + - bundle exec foodcritic -f any . --tags ~FC048 + - bundle exec rspec --color --format progress diff --git a/chef/cookbooks/berks/php/CHANGELOG.md b/chef/cookbooks/berks/php/CHANGELOG.md index f5f58d6..ece8dcb 100644 --- a/chef/cookbooks/berks/php/CHANGELOG.md +++ b/chef/cookbooks/berks/php/CHANGELOG.md @@ -2,6 +2,10 @@ php Cookbook CHANGELOG ====================== This file is used to list changes made in each version of the php cookbook. +v1.5.0 (2014-10-06) +------------------- +- Adding package_options attribute, utilizing in package resource + v1.4.6 (2014-03-19) ------------------- - [COOK-4436] - Test this cookbook, not yum. Also test Fedora 20. diff --git a/chef/cookbooks/berks/php/attributes/default.rb b/chef/cookbooks/berks/php/attributes/default.rb index bdf4711..2c67f7d 100644 --- a/chef/cookbooks/berks/php/attributes/default.rb +++ b/chef/cookbooks/berks/php/attributes/default.rb @@ -68,6 +68,7 @@ when 'windows' ext_php_pgsql ext_php_soap ext_php_sockets ext_php_sqlite3 ext_php_tidy ext_php_xmlrpc } + default['php']['package_options'] = "" # Use this to customise your yum or apt command default['php']['pear'] = 'pear.bat' default['php']['pecl'] = 'pecl.bat' else diff --git a/chef/cookbooks/berks/php/metadata.json b/chef/cookbooks/berks/php/metadata.json index 880290d..63fbf2f 100644 --- a/chef/cookbooks/berks/php/metadata.json +++ b/chef/cookbooks/berks/php/metadata.json @@ -1,6 +1,6 @@ { "name": "php", - "version": "1.4.6", + "version": "1.5.0", "description": "Installs and maintains php and php modules", "long_description": "", "maintainer": "Opscode, Inc.", diff --git a/chef/cookbooks/berks/php/recipes/package.rb b/chef/cookbooks/berks/php/recipes/package.rb index 79dca13..890c83b 100644 --- a/chef/cookbooks/berks/php/recipes/package.rb +++ b/chef/cookbooks/berks/php/recipes/package.rb @@ -58,6 +58,7 @@ else node['php']['packages'].each do |pkg| package pkg do action :install + options node['php']['package_options'] end end end diff --git a/chef/cookbooks/berks/postgresql/.gitignore b/chef/cookbooks/berks/postgresql/.gitignore new file mode 100644 index 0000000..cf347b0 --- /dev/null +++ b/chef/cookbooks/berks/postgresql/.gitignore @@ -0,0 +1,15 @@ +.vagrant +Berksfile.lock +Gemfile.lock +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ +.bundle +.cache +.kitchen +bin +.kitchen.local.yml +.kitchen/ diff --git a/chef/cookbooks/berks/postgresql/.kitchen.yml b/chef/cookbooks/berks/postgresql/.kitchen.yml new file mode 100644 index 0000000..a81595a --- /dev/null +++ b/chef/cookbooks/berks/postgresql/.kitchen.yml @@ -0,0 +1,128 @@ +--- +driver_plugin: vagrant + +platforms: +- name: ubuntu-12.04 + run_list: + - recipe[apt] + +- name: ubuntu-10.04 + run_list: + - recipe[apt] + +- name: debian-7.4 + run_list: + - recipe[apt] + +- name: centos-6.4 + +- name: centos-5.10 + +suites: +- name: default + run_list: + - recipe[minitest-handler] + - recipe[postgresql] + attributes: {} + +- name: contrib + run_list: + - recipe[postgresql::contrib] + attributes: + postgresql: + password: + postgres: "iloverandompasswordsbutthiswilldo" + +- name: apt-pgdg-client + run_list: + - recipe[minitest-handler] + - recipe[postgresql] + excludes: ["centos-5.10", "centos-6.4"] + attributes: + postgresql: + enable_pgdg_apt: true + version: "9.3" + +- name: yum-pgdg-client + run_list: + - recipe[minitest-handler] + - recipe[postgresql] + excludes: ["ubuntu-10.04", "ubuntu-12.04", "debian-7.4"] + attributes: + postgresql: + enable_pgdg_yum: true + version: "9.3" + client: + packages: ["postgresql93"] + +- name: ruby + run_list: + - recipe[postgresql::ruby] + - recipe[minitest-handler] + attributes: {} + +- name: server + run_list: + - recipe[postgresql::ruby] + - recipe[minitest-handler] + - recipe[postgresql::server] + attributes: + postgresql: + password: + postgres: "iloverandompasswordsbutthiswilldo" + +- name: apt-pgdg-server + run_list: + - recipe[minitest-handler] + - recipe[postgresql::ruby] + - recipe[postgresql::server] + excludes: ["centos-5.10", "centos-6.4"] + attributes: + postgresql: + enable_pgdg_apt: true + version: "9.3" + password: + postgres: "iloverandompasswordsbutthiswilldo" + config: + ssl_cert_file: "/etc/ssl/certs/ssl-cert-snakeoil.pem" + ssl_key_file: "/etc/ssl/private/ssl-cert-snakeoil.key" + +- name: yum-pgdg-server + run_list: + - recipe[minitest-handler] + - recipe[postgresql::ruby] + - recipe[postgresql::server] + excludes: ["ubuntu-10.04", "ubuntu-12.04", "debian-7.4"] + attributes: + postgresql: + enable_pgdg_yum: true + version: "9.3" + server: + packages: ["postgresql93-server"] + service_name: "postgresql-9.3" + password: + postgres: "iloverandompasswordsbutthiswilldo" + +- name: apt-pgdg-client-ruby + run_list: + - recipe[minitest-handler] + - recipe[postgresql] + - recipe[postgresql::ruby] + excludes: ["centos-5.10", "centos-6.4"] + attributes: + postgresql: + enable_pgdg_apt: true + version: "9.3" + +- name: yum-pgdg-client-ruby + run_list: + - recipe[minitest-handler] + - recipe[postgresql] + - recipe[postgresql::ruby] + excludes: ["ubuntu-10.04", "ubuntu-12.04", "debian-7.4"] + attributes: + postgresql: + enable_pgdg_yum: true + version: "9.3" + client: + packages: ["postgresql93", "postgresql93-devel"] diff --git a/chef/cookbooks/core/vdd/recipes/apache.rb b/chef/cookbooks/core/vdd/recipes/apache.rb index d84a66c..9bcedd4 100644 --- a/chef/cookbooks/core/vdd/recipes/apache.rb +++ b/chef/cookbooks/core/vdd/recipes/apache.rb @@ -23,7 +23,7 @@ group "www-data" do end -file "/var/www/index.html" do +file File.join(File.dirname(node['apache']['docroot_dir']), 'index.html') do action :delete end @@ -47,7 +47,6 @@ modules = [ "setenvif", "auth_basic", "authn_file", - "authz_default", "authz_groupfile", "authz_user" ] @@ -62,7 +61,7 @@ modules.each do |mod| end end -template "/etc/apache2/conf.d/vdd_apache.conf" do +template "/etc/apache2/conf-enabled/vdd_apache.conf" do source "vdd_apache.conf.erb" mode "0644" notifies :restart, "service[apache2]", :delayed diff --git a/chef/cookbooks/core/vdd/recipes/php.rb b/chef/cookbooks/core/vdd/recipes/php.rb index e68290d..f87ddd9 100644 --- a/chef/cookbooks/core/vdd/recipes/php.rb +++ b/chef/cookbooks/core/vdd/recipes/php.rb @@ -1,12 +1,8 @@ -apt_repository "php54" do - uri "http://ppa.launchpad.net/ondrej/php5-oldstable/ubuntu" - distribution node['lsb']['codename'] - components ["main"] - keyserver "keyserver.ubuntu.com" - key "E5267A6C" -end - +# @todo Hack until https://github.com/opscode-cookbooks/php/pull/111 is +# included. +node.override['php']['ext_conf_dir'] = "/etc/php5/mods-available" include_recipe 'php' + include_recipe "apache2::mod_php5" pkgs = [ diff --git a/chef/cookbooks/core/vdd/recipes/phpmyadmin.rb b/chef/cookbooks/core/vdd/recipes/phpmyadmin.rb index 523b10d..e889860 100644 --- a/chef/cookbooks/core/vdd/recipes/phpmyadmin.rb +++ b/chef/cookbooks/core/vdd/recipes/phpmyadmin.rb @@ -8,6 +8,14 @@ bash "debconf" do code "debconf-set-selections #{deb_conf_file}" end +bash "enable_apache_module_authz_user" do + user "root" + code <<-EOH + a2enmod authz_user + EOH + not_if { File.exists?("/etc/apache2/mods-enabled/authz_user") } +end + package "phpmyadmin" do action :install end diff --git a/chef/cookbooks/core/vdd/recipes/uploadprogress.rb b/chef/cookbooks/core/vdd/recipes/uploadprogress.rb index 9823746..1cb6376 100644 --- a/chef/cookbooks/core/vdd/recipes/uploadprogress.rb +++ b/chef/cookbooks/core/vdd/recipes/uploadprogress.rb @@ -1,3 +1,10 @@ php_pear "uploadprogress" do action :install end + +# @todo Hack until https://github.com/opscode-cookbooks/php/pull/111 is +# included. +execute '/usr/sbin/php5enmod uploadprogress' do + action :run + notifies :restart, "service[apache2]", :delayed +end diff --git a/chef/cookbooks/core/vdd/recipes/vdd_help.rb b/chef/cookbooks/core/vdd/recipes/vdd_help.rb index c841ab3..26c7770 100644 --- a/chef/cookbooks/core/vdd/recipes/vdd_help.rb +++ b/chef/cookbooks/core/vdd/recipes/vdd_help.rb @@ -8,8 +8,7 @@ node["vm"]["synced_folders"].each do |folder| end end - -template "/var/www/index.html" do +template File.join(node['apache']['docroot_dir'], 'index.html') do source "vdd_help.html.erb" if nfs == 0 owner "vagrant" @@ -21,9 +20,11 @@ template "/var/www/index.html" do ) end +phpinfo_loc = File.join(node['apache']['docroot_dir'], 'phpinfo.php') + bash "phpinfo" do code <<-EOH - echo " /var/www/phpinfo.php + echo " #{phpinfo_loc} EOH - not_if { File.exists?("/var/www/phpinfo.php") } + not_if { File.exists?(phpinfo_loc) } end diff --git a/chef/cookbooks/core/vdd/recipes/xdebug.rb b/chef/cookbooks/core/vdd/recipes/xdebug.rb index 5376928..9d55812 100644 --- a/chef/cookbooks/core/vdd/recipes/xdebug.rb +++ b/chef/cookbooks/core/vdd/recipes/xdebug.rb @@ -2,14 +2,19 @@ php_pear "xdebug" do action :install end -file "/etc/php5/conf.d/xdebug.ini" do +file File.join(node['php']['ext_conf_dir'], 'xdebug.ini') do action :delete notifies :restart, "service[apache2]", :delayed - only_if { File.exists?("/etc/php5/conf.d/xdebug.ini") } + only_if { File.exists?File.join(node['php']['ext_conf_dir'], 'xdebug.ini') } end -template "/etc/php5/conf.d/vdd_xdebug.ini" do +template File.join(node['php']['ext_conf_dir'], 'vdd_xdebug.ini') do source "vdd_xdebug.ini.erb" mode "0644" notifies :restart, "service[apache2]", :delayed end + +execute '/usr/sbin/php5enmod vdd_xdebug' do + action :run + notifies :restart, "service[apache2]", :delayed +end diff --git a/chef/cookbooks/core/vdd/templates/default/localhost.conf.erb b/chef/cookbooks/core/vdd/templates/default/localhost.conf.erb index 1204a6c..a8ce85b 100644 --- a/chef/cookbooks/core/vdd/templates/default/localhost.conf.erb +++ b/chef/cookbooks/core/vdd/templates/default/localhost.conf.erb @@ -1,11 +1,15 @@ - DocumentRoot /var/www + DocumentRoot /var/www/html ServerName localhost RewriteEngine On ErrorLog /var/log/apache2/error.log LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On + + AllowOverride All + Require all granted + <% @node["vdd"]["sites"].each do |index, site| %> @@ -20,6 +24,10 @@ LogLevel warn CustomLog /var/log/apache2/<%= index %>.access.log combined ServerSignature On + > + AllowOverride All + Require all granted + - <% end %> -<%- end -%> + <%- end -%> +<% end %>