# Class: apache # # This class installs Apache # # Parameters: # # Actions: # - Install Apache # - Manage Apache service # # Requires: # # Sample Usage: # class apache ( $apache_name = $::apache::params::apache_name, $service_name = $::apache::params::service_name, $default_mods = true, $default_vhost = true, $default_charset = undef, $default_confd_files = true, $default_ssl_vhost = false, $default_ssl_cert = $::apache::params::default_ssl_cert, $default_ssl_key = $::apache::params::default_ssl_key, $default_ssl_chain = undef, $default_ssl_ca = undef, $default_ssl_crl_path = undef, $default_ssl_crl = undef, $default_ssl_crl_check = undef, $default_type = 'none', $ip = undef, $service_enable = true, $service_manage = true, $service_ensure = 'running', $service_restart = undef, $purge_configs = true, $purge_vhost_dir = undef, $purge_vdir = false, $serveradmin = 'root@localhost', $sendfile = 'On', $error_documents = false, $timeout = '120', $httpd_dir = $::apache::params::httpd_dir, $server_root = $::apache::params::server_root, $conf_dir = $::apache::params::conf_dir, $confd_dir = $::apache::params::confd_dir, $vhost_dir = $::apache::params::vhost_dir, $vhost_enable_dir = $::apache::params::vhost_enable_dir, $mod_dir = $::apache::params::mod_dir, $mod_enable_dir = $::apache::params::mod_enable_dir, $mpm_module = $::apache::params::mpm_module, $lib_path = $::apache::params::lib_path, $conf_template = $::apache::params::conf_template, $servername = $::apache::params::servername, $manage_user = true, $manage_group = true, $user = $::apache::params::user, $group = $::apache::params::group, $keepalive = $::apache::params::keepalive, $keepalive_timeout = $::apache::params::keepalive_timeout, $max_keepalive_requests = $::apache::params::max_keepalive_requests, $logroot = $::apache::params::logroot, $logroot_mode = $::apache::params::logroot_mode, $log_level = $::apache::params::log_level, $log_formats = {}, $ports_file = $::apache::params::ports_file, $docroot = $::apache::params::docroot, $apache_version = $::apache::version::default, $server_tokens = 'OS', $server_signature = 'On', $trace_enable = 'On', $allow_encoded_slashes = undef, $package_ensure = 'installed', $use_optional_includes = $::apache::params::use_optional_includes, ) inherits ::apache::params { validate_bool($default_vhost) validate_bool($default_ssl_vhost) validate_bool($default_confd_files) # true/false is sufficient for both ensure and enable validate_bool($service_enable) validate_bool($service_manage) validate_bool($use_optional_includes) $valid_mpms_re = $apache_version ? { '2.4' => '(event|itk|peruser|prefork|worker)', default => '(event|itk|prefork|worker)' } if $mpm_module { validate_re($mpm_module, $valid_mpms_re) } if $allow_encoded_slashes { validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.") } # NOTE: on FreeBSD it's mpm module's responsibility to install httpd package. # NOTE: the same strategy may be introduced for other OSes. For this, you # should delete the 'if' block below and modify all MPM modules' manifests # such that they include apache::package class (currently event.pp, itk.pp, # peruser.pp, prefork.pp, worker.pp). if $::osfamily != 'FreeBSD' { package { 'httpd': ensure => $package_ensure, name => $apache_name, notify => Class['Apache::Service'], } } validate_re($sendfile, [ '^[oO]n$' , '^[oO]ff$' ]) # declare the web server user and group # Note: requiring the package means the package ought to create them and not puppet validate_bool($manage_user) if $manage_user { user { $user: ensure => present, gid => $group, require => Package['httpd'], } } validate_bool($manage_group) if $manage_group { group { $group: ensure => present, require => Package['httpd'] } } validate_apache_log_level($log_level) class { '::apache::service': service_name => $service_name, service_enable => $service_enable, service_manage => $service_manage, service_ensure => $service_ensure, service_restart => $service_restart, } # Deprecated backwards-compatibility if $purge_vdir { warning('Class[\'apache\'] parameter purge_vdir is deprecated in favor of purge_configs') $purge_confd = $purge_vdir } else { $purge_confd = $purge_configs } # Set purge vhostd appropriately if $purge_vhost_dir == undef { $purge_vhostd = $purge_confd } else { $purge_vhostd = $purge_vhost_dir } Exec { path => '/bin:/sbin:/usr/bin:/usr/sbin', } exec { "mkdir ${confd_dir}": creates => $confd_dir, require => Package['httpd'], } file { $confd_dir: ensure => directory, recurse => true, purge => $purge_confd, notify => Class['Apache::Service'], require => Package['httpd'], } if ! defined(File[$mod_dir]) { exec { "mkdir ${mod_dir}": creates => $mod_dir, require => Package['httpd'], } # Don't purge available modules if an enable dir is used $purge_mod_dir = $purge_configs and !$mod_enable_dir file { $mod_dir: ensure => directory, recurse => true, purge => $purge_mod_dir, notify => Class['Apache::Service'], require => Package['httpd'], } } if $mod_enable_dir and ! defined(File[$mod_enable_dir]) { $mod_load_dir = $mod_enable_dir exec { "mkdir ${mod_enable_dir}": creates => $mod_enable_dir, require => Package['httpd'], } file { $mod_enable_dir: ensure => directory, recurse => true, purge => $purge_configs, notify => Class['Apache::Service'], require => Package['httpd'], } } else { $mod_load_dir = $mod_dir } if ! defined(File[$vhost_dir]) { exec { "mkdir ${vhost_dir}": creates => $vhost_dir, require => Package['httpd'], } file { $vhost_dir: ensure => directory, recurse => true, purge => $purge_vhostd, notify => Class['Apache::Service'], require => Package['httpd'], } } if $vhost_enable_dir and ! defined(File[$vhost_enable_dir]) { $vhost_load_dir = $vhost_enable_dir exec { "mkdir ${vhost_load_dir}": creates => $vhost_load_dir, require => Package['httpd'], } file { $vhost_enable_dir: ensure => directory, recurse => true, purge => $purge_vhostd, notify => Class['Apache::Service'], require => Package['httpd'], } } else { $vhost_load_dir = $vhost_dir } concat { $ports_file: owner => 'root', group => $::apache::params::root_group, mode => '0644', notify => Class['Apache::Service'], require => Package['httpd'], } concat::fragment { 'Apache ports header': ensure => present, target => $ports_file, content => template('apache/ports_header.erb') } if $::apache::conf_dir and $::apache::params::conf_file { case $::osfamily { 'debian': { $pidfile = "\${APACHE_PID_FILE}" $error_log = 'error.log' $scriptalias = '/usr/lib/cgi-bin' $access_log_file = 'access.log' } 'redhat': { $pidfile = 'run/httpd.pid' $error_log = 'error_log' $scriptalias = '/var/www/cgi-bin' $access_log_file = 'access_log' } 'freebsd': { $pidfile = '/var/run/httpd.pid' $error_log = 'httpd-error.log' $scriptalias = '/usr/local/www/apache24/cgi-bin' $access_log_file = 'httpd-access.log' } 'gentoo': { $pidfile = '/run/apache2.pid' $error_log = 'error.log' $error_documents_path = '/usr/share/apache2/error' $scriptalias = '/var/www/localhost/cgi-bin' $access_log_file = 'access.log' ::portage::makeconf { 'apache2_modules': content => $default_mods, } file { [ '/etc/apache2/modules.d/.keep_www-servers_apache-2', '/etc/apache2/vhosts.d/.keep_www-servers_apache-2' ]: ensure => absent, require => Package['httpd'], } } 'Suse': { $pidfile = '/var/run/httpd2.pid' $error_log = 'error.log' $scriptalias = '/usr/lib/cgi-bin' $access_log_file = 'access.log' } default: { fail("Unsupported osfamily ${::osfamily}") } } $apxs_workaround = $::osfamily ? { 'freebsd' => true, default => false } # Template uses: # - $pidfile # - $user # - $group # - $logroot # - $error_log # - $sendfile # - $mod_dir # - $ports_file # - $confd_dir # - $vhost_dir # - $error_documents # - $error_documents_path # - $apxs_workaround # - $keepalive # - $keepalive_timeout # - $max_keepalive_requests # - $server_root # - $server_tokens # - $server_signature # - $trace_enable file { "${::apache::conf_dir}/${::apache::params::conf_file}": ensure => file, content => template($conf_template), notify => Class['Apache::Service'], require => Package['httpd'], } # preserve back-wards compatibility to the times when default_mods was # only a boolean value. Now it can be an array (too) if is_array($default_mods) { class { '::apache::default_mods': all => false, mods => $default_mods, } } else { class { '::apache::default_mods': all => $default_mods, } } class { '::apache::default_confd_files': all => $default_confd_files } if $mpm_module { class { "::apache::mod::${mpm_module}": } } $default_vhost_ensure = $default_vhost ? { true => 'present', false => 'absent' } $default_ssl_vhost_ensure = $default_ssl_vhost ? { true => 'present', false => 'absent' } ::apache::vhost { 'default': ensure => $default_vhost_ensure, port => 80, docroot => $docroot, scriptalias => $scriptalias, serveradmin => $serveradmin, access_log_file => $access_log_file, priority => '15', ip => $ip, logroot_mode => $logroot_mode, manage_docroot => $default_vhost, } $ssl_access_log_file = $::osfamily ? { 'freebsd' => $access_log_file, default => "ssl_${access_log_file}", } ::apache::vhost { 'default-ssl': ensure => $default_ssl_vhost_ensure, port => 443, ssl => true, docroot => $docroot, scriptalias => $scriptalias, serveradmin => $serveradmin, access_log_file => $ssl_access_log_file, priority => '15', ip => $ip, logroot_mode => $logroot_mode, manage_docroot => $default_ssl_vhost, } } }