diff --git a/apache/manifests/init.pp b/apache/manifests/init.pp index c717983..b913123 100644 --- a/apache/manifests/init.pp +++ b/apache/manifests/init.pp @@ -34,6 +34,11 @@ class apache::common { } package { "httpd": + name => $operatingsystem ? { + debian => "apache2", + ubuntu => "apache2", + default => "httpd", + }, ensure => installed, } @@ -73,15 +78,21 @@ class apache::common { class apache::server inherits apache::common { if ! $httpd_user { - $httpd_user = "apache" + $httpd_user = $operatingsystem ? { + debian => "www-data", + ubuntu => "www-data", + default => "apache", + } } if ! $httpd_group { - $httpd_group = "apache" + $httpd_group = $operatingsystem ? { + debian => "www-data", + ubuntu => "www-data", + default => "apache", + } } - file { [ "/etc/httpd/conf.http.d", - "/etc/httpd/site.http.d", - "/srv/www/http", + file { [ "/srv/www/http", "/srv/www/http/${fqdn}", "/srv/www/log/http", "/srv/www/log/http/${fqdn}", ]: @@ -90,31 +101,66 @@ class apache::server inherits apache::common { owner => root, group => root, require => Package["httpd"], - before => File["/etc/httpd/conf/httpd.conf"], + before => $operatingsystem ? { + debian => File["/etc/apache2/apache2.conf"], + ubuntu => File["/etc/apache2/apache2.conf"], + default => File["/etc/httpd/conf/httpd.conf"], + }, } - File["/etc/httpd/conf.http.d", "/etc/httpd/site.http.d"] { - purge => true, - force => true, - recurse => true, - source => "puppet:///custom/empty", - } - - file { "/etc/httpd/conf/httpd.conf": - ensure => present, - content => template("apache/httpd.conf.erb"), - mode => 0644, - owner => root, - group => root, - require => Package["httpd"], - notify => Service["httpd"], - } - - service { "httpd": - ensure => running, - enable => true, - require => [ Package["httpd"], - File["/etc/httpd/conf/httpd.conf"], ], + case $operatingsystem { + debian,ubuntu: { + file { "/etc/apache2/envvars": + ensure => present, + content => template("apache/apache2.envvars.erb"), + mode => 0644, + owner => root, + group => root, + require => Package["httpd"], + notify => Service["apache2"], + } + file { "/etc/apache2/apache2.conf": + ensure => present, + content => template("apache/apache2.conf.erb"), + mode => 0644, + owner => root, + group => root, + require => File["/etc/apache2/envvars"], + notify => Service["apache2"], + } + service { "apache2": + ensure => running, + enable => true, + require => File["/etc/apache2/apache2.conf"], + } + } + default: { + file { [ "/etc/httpd/conf.http.d", "/etc/httpd/site.http.d" ]: + ensure => directory, + mode => 0644, + owner => root, + group => root, + purge => true, + force => true, + recurse => true, + source => "puppet:///custom/empty", + require => Package["httpd"], + before => File["/etc/httpd/conf/httpd.conf"], + } + file { "/etc/httpd/conf/httpd.conf": + ensure => present, + content => template("apache/httpd.conf.erb"), + mode => 0644, + owner => root, + group => root, + notify => Service["httpd"], + } + service { "httpd": + ensure => running, + enable => true, + require => File["/etc/httpd/conf/httpd.conf"], + } + } } } @@ -442,72 +488,143 @@ define apache::sslsite($root="", $config="", $ssl_cert="", $ssl_key="", $ssl_cha # define apache::configfile($source="", $content="", $http=true, $https=true) { - if defined(Service["httpd"]) { - file { "/etc/httpd/conf.http.d/${name}": - ensure => $http ? { - true => present, - default => absent, - }, - mode => 0644, - owner => root, - group => root, - notify => Service["httpd"], - } - if $source { - File["/etc/httpd/conf.http.d/${name}"] { - source => $source, + case $operatingsystem { + debian,ubuntu: { + file { "/etc/apache2/conf.d/${name}": + mode => 0644, + owner => root, + group => root, + notify => Service["apache2"], + require => Package["httpd"], + } + if $source { + File["/etc/apache2/conf.d/${name}"] { + source => $source, + } + } + if $content { + File["/etc/apache2/conf.d/${name}"] { + content => $content, + } } } - if $content { - File["/etc/httpd/conf.http.d/${name}"] { - content => $content, + default: { + if defined(Service["httpd"]) { + file { "/etc/httpd/conf.http.d/${name}": + ensure => $http ? { + true => present, + default => absent, + }, + mode => 0644, + owner => root, + group => root, + notify => Service["httpd"], + } + if $source { + File["/etc/httpd/conf.http.d/${name}"] { + source => $source, + } + } + if $content { + File["/etc/httpd/conf.http.d/${name}"] { + content => $content, + } + } + if ! $source and ! $content { + File["/etc/httpd/conf.http.d/${name}"] { + source => "/etc/httpd/conf.d/${name}", + } + } + if $require { + File["/etc/httpd/conf.http.d/${name}"] { + require => $require, + } + } } - } - if ! $source and ! $content { - File["/etc/httpd/conf.http.d/${name}"] { - source => "/etc/httpd/conf.d/${name}", - } - } - if $require { - File["/etc/httpd/conf.http.d/${name}"] { - require => $require, + + if defined(Service["httpsd"]) { + file { "/etc/httpd/conf.https.d/${name}": + ensure => $https ? { + true => present, + default => absent, + }, + mode => 0644, + owner => root, + group => root, + notify => Service["httpsd"], + } + if $source { + File["/etc/httpd/conf.https.d/${name}"] { + source => $source, + } + } + if $content { + File["/etc/httpd/conf.https.d/${name}"] { + content => $content, + } + } + if ! $source and ! $content { + File["/etc/httpd/conf.https.d/${name}"] { + source => "/etc/httpd/conf.d/${name}", + } + } + if $require { + File["/etc/httpd/conf.https.d/${name}"] { + require => $require, + } + } } } } - if defined(Service["httpsd"]) { - file { "/etc/httpd/conf.https.d/${name}": - ensure => $https ? { - true => present, - default => absent, - }, +} + + +# Enable module on Debian/Ubuntu Apache. +# +# === Parameters +# +# $name: +# Module name. +# $source: +# Source for optional module configuration. +# $content: +# Content for optional module configuration. +# See also $source. +# $require: +# Dependencies for the module file. +# +define apache::a2enmod($source="", $content="") { + + exec { "a2enmod-${name}": + path => "/bin:/usr/bin:/sbin:/usr/sbin", + command => "a2enmod ${name}", + unless => "test -h /etc/apache2/mods-enabled/${name}.load", + notify => Service["apache2"], + require => Package["httpd"], + } + + if $source or $content { + file { "/etc/apache2/mods-available/${name}.conf": mode => 0644, owner => root, group => root, - notify => Service["httpsd"], + notify => Service["apache2"], + before => Exec["a2enmod-${name}"], } if $source { - File["/etc/httpd/conf.https.d/${name}"] { + File["/etc/apache2/mods-available/${name}.conf"] { source => $source, } } if $content { - File["/etc/httpd/conf.https.d/${name}"] { + File["/etc/apache2/mods-available/${name}.conf"] { content => $content, } } - if ! $source and ! $content { - File["/etc/httpd/conf.https.d/${name}"] { - source => "/etc/httpd/conf.d/${name}", - } - } - if $require { - File["/etc/httpd/conf.https.d/${name}"] { - require => $require, - } - } } + } diff --git a/apache/templates/apache2.conf.erb b/apache/templates/apache2.conf.erb new file mode 100644 index 0000000..9d8d2e7 --- /dev/null +++ b/apache/templates/apache2.conf.erb @@ -0,0 +1,236 @@ +# +# Based upon the NCSA server configuration files originally by Rob McCool. +# +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See http://httpd.apache.org/docs/2.2/ for detailed information about +# the directives. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# The configuration directives are grouped into three basic sections: +# 1. Directives that control the operation of the Apache server process as a +# whole (the 'global environment'). +# 2. Directives that define the parameters of the 'main' or 'default' server, +# which responds to requests that aren't handled by a virtual host. +# These directives also provide default values for the settings +# of all virtual hosts. +# 3. Settings for virtual hosts, which allow Web requests to be sent to +# different IP addresses or hostnames and have them handled by the +# same Apache server process. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "/var/log/apache2/foo.log" +# with ServerRoot set to "" will be interpreted by the +# server as "//var/log/apache2/foo.log". +# + +### Section 1: Global Environment +# +# The directives in this section affect the overall operation of Apache, +# such as the number of concurrent requests it can handle or where it +# can find its configuration files. +# + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the LockFile documentation (available +# at ); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +ServerRoot "/etc/apache2" + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +# +# +LockFile /var/lock/apache2/accept.lock +# +# + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# This needs to be set in /etc/apache2/envvars +# +PidFile ${APACHE_PID_FILE} + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 15 + +## +## Server-Pool Size Regulation (MPM specific) +## + +# prefork MPM +# StartServers: number of server processes to start +# MinSpareServers: minimum number of server processes which are kept spare +# MaxSpareServers: maximum number of server processes which are kept spare +# MaxClients: maximum number of server processes allowed to start +# MaxRequestsPerChild: maximum number of requests a server process serves + + StartServers 5 + MinSpareServers 5 + MaxSpareServers 10 + MaxClients 150 + MaxRequestsPerChild 0 + + +# worker MPM +# StartServers: initial number of server processes to start +# MaxClients: maximum number of simultaneous client connections +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestsPerChild: maximum number of requests a server process serves + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 150 + MaxRequestsPerChild 0 + + +# event MPM +# StartServers: initial number of server processes to start +# MaxClients: maximum number of simultaneous client connections +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestsPerChild: maximum number of requests a server process serves + + StartServers 2 + MaxClients 150 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxRequestsPerChild 0 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} + +# +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# + +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Order allow,deny + Deny from all + Satisfy all + + +# +# DefaultType is the default MIME type the server will use for a document +# if it cannot otherwise determine one, such as from filename extensions. +# If your server contains mostly text or HTML documents, "text/plain" is +# a good value. If most of your content is binary, such as applications +# or images, you may want to use "application/octet-stream" instead to +# keep browsers from trying to display binary files as though they are +# text. +# +DefaultType text/plain + + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog /srv/www/log/http/<%= fqdn %>/error_log + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + +# Include module configuration: +Include /etc/apache2/mods-enabled/*.load +Include /etc/apache2/mods-enabled/*.conf + +# Include all the user configurations: +Include /etc/apache2/httpd.conf + +# Include ports listing +Include /etc/apache2/ports.conf + +# +# The following directives define some format nicknames for use with +# a CustomLog directive (see below). +# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i +# +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# +# Define an access log for VirtualHosts that don't define their own logfile +CustomLog /srv/www/log/http/<%= fqdn %>/access_log combined + + +# Include of directories ignores editors' and dpkg's backup files, +# see README.Debian for details. + +# Include generic snippets of statements +Include /etc/apache2/conf.d/ + +# Include the virtual host configurations: +Include /etc/apache2/sites-enabled/ diff --git a/apache/templates/apache2.envvars.erb b/apache/templates/apache2.envvars.erb new file mode 100644 index 0000000..1ab5bc3 --- /dev/null +++ b/apache/templates/apache2.envvars.erb @@ -0,0 +1,19 @@ +# envvars - default environment variables for apache2ctl + +# Since there is no sane way to get the parsed apache2 config in scripts, some +# settings are defined via environment variables and then used in apache2ctl, +# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc. +export APACHE_RUN_USER=<%= httpd_user %> +export APACHE_RUN_GROUP=<%= httpd_group %> +export APACHE_PID_FILE=/var/run/apache2.pid + +## The locale used by some modules like mod_dav +export LANG=C +## Uncomment the following line to use the system default locale instead: +#. /etc/default/locale + +export LANG + +## The command to get the status for 'apache2ctl status'. +## Some packages providing 'www-browser' need '--dump' instead of '-dump'. +#export APACHE_LYNX='www-browser -dump'