--- /dev/null
+# Class: apache
+#
+# This class installs Apache
+#
+# Parameters:
+#
+# Actions:
+# - Install Apache
+# - Manage Apache service
+#
+# Requires:
+#
+# Sample Usage:
+#
+class apache (
+ $apache_name = $::apache::params::apache_name,
+ $service_name = $::apache::params::service_name,
+ $default_mods = true,
+ $default_vhost = true,
+ $default_charset = undef,
+ $default_confd_files = true,
+ $default_ssl_vhost = false,
+ $default_ssl_cert = $::apache::params::default_ssl_cert,
+ $default_ssl_key = $::apache::params::default_ssl_key,
+ $default_ssl_chain = undef,
+ $default_ssl_ca = undef,
+ $default_ssl_crl_path = undef,
+ $default_ssl_crl = undef,
+ $default_ssl_crl_check = undef,
+ $default_type = 'none',
+ $ip = undef,
+ $service_enable = true,
+ $service_manage = true,
+ $service_ensure = 'running',
+ $service_restart = undef,
+ $purge_configs = true,
+ $purge_vhost_dir = undef,
+ $purge_vdir = false,
+ $serveradmin = 'root@localhost',
+ $sendfile = 'On',
+ $error_documents = false,
+ $timeout = '120',
+ $httpd_dir = $::apache::params::httpd_dir,
+ $server_root = $::apache::params::server_root,
+ $conf_dir = $::apache::params::conf_dir,
+ $confd_dir = $::apache::params::confd_dir,
+ $vhost_dir = $::apache::params::vhost_dir,
+ $vhost_enable_dir = $::apache::params::vhost_enable_dir,
+ $mod_dir = $::apache::params::mod_dir,
+ $mod_enable_dir = $::apache::params::mod_enable_dir,
+ $mpm_module = $::apache::params::mpm_module,
+ $lib_path = $::apache::params::lib_path,
+ $conf_template = $::apache::params::conf_template,
+ $servername = $::apache::params::servername,
+ $manage_user = true,
+ $manage_group = true,
+ $user = $::apache::params::user,
+ $group = $::apache::params::group,
+ $keepalive = $::apache::params::keepalive,
+ $keepalive_timeout = $::apache::params::keepalive_timeout,
+ $max_keepalive_requests = $::apache::params::max_keepalive_requests,
+ $logroot = $::apache::params::logroot,
+ $logroot_mode = $::apache::params::logroot_mode,
+ $log_level = $::apache::params::log_level,
+ $log_formats = {},
+ $ports_file = $::apache::params::ports_file,
+ $docroot = $::apache::params::docroot,
+ $apache_version = $::apache::version::default,
+ $server_tokens = 'OS',
+ $server_signature = 'On',
+ $trace_enable = 'On',
+ $allow_encoded_slashes = undef,
+ $package_ensure = 'installed',
+ $use_optional_includes = $::apache::params::use_optional_includes,
+) inherits ::apache::params {
+ validate_bool($default_vhost)
+ validate_bool($default_ssl_vhost)
+ validate_bool($default_confd_files)
+ # true/false is sufficient for both ensure and enable
+ validate_bool($service_enable)
+ validate_bool($service_manage)
+ validate_bool($use_optional_includes)
+
+ $valid_mpms_re = $apache_version ? {
+ '2.4' => '(event|itk|peruser|prefork|worker)',
+ default => '(event|itk|prefork|worker)'
+ }
+
+ if $mpm_module {
+ validate_re($mpm_module, $valid_mpms_re)
+ }
+
+ if $allow_encoded_slashes {
+ validate_re($allow_encoded_slashes, '(^on$|^off$|^nodecode$)', "${allow_encoded_slashes} is not permitted for allow_encoded_slashes. Allowed values are 'on', 'off' or 'nodecode'.")
+ }
+
+ # NOTE: on FreeBSD it's mpm module's responsibility to install httpd package.
+ # NOTE: the same strategy may be introduced for other OSes. For this, you
+ # should delete the 'if' block below and modify all MPM modules' manifests
+ # such that they include apache::package class (currently event.pp, itk.pp,
+ # peruser.pp, prefork.pp, worker.pp).
+ if $::osfamily != 'FreeBSD' {
+ package { 'httpd':
+ ensure => $package_ensure,
+ name => $apache_name,
+ notify => Class['Apache::Service'],
+ }
+ }
+ validate_re($sendfile, [ '^[oO]n$' , '^[oO]ff$' ])
+
+ # declare the web server user and group
+ # Note: requiring the package means the package ought to create them and not puppet
+ validate_bool($manage_user)
+ if $manage_user {
+ user { $user:
+ ensure => present,
+ gid => $group,
+ require => Package['httpd'],
+ }
+ }
+ validate_bool($manage_group)
+ if $manage_group {
+ group { $group:
+ ensure => present,
+ require => Package['httpd']
+ }
+ }
+
+ validate_apache_log_level($log_level)
+
+ class { '::apache::service':
+ service_name => $service_name,
+ service_enable => $service_enable,
+ service_manage => $service_manage,
+ service_ensure => $service_ensure,
+ service_restart => $service_restart,
+ }
+
+ # Deprecated backwards-compatibility
+ if $purge_vdir {
+ warning('Class[\'apache\'] parameter purge_vdir is deprecated in favor of purge_configs')
+ $purge_confd = $purge_vdir
+ } else {
+ $purge_confd = $purge_configs
+ }
+
+ # Set purge vhostd appropriately
+ if $purge_vhost_dir == undef {
+ $purge_vhostd = $purge_confd
+ } else {
+ $purge_vhostd = $purge_vhost_dir
+ }
+
+ Exec {
+ path => '/bin:/sbin:/usr/bin:/usr/sbin',
+ }
+
+ exec { "mkdir ${confd_dir}":
+ creates => $confd_dir,
+ require => Package['httpd'],
+ }
+ file { $confd_dir:
+ ensure => directory,
+ recurse => true,
+ purge => $purge_confd,
+ notify => Class['Apache::Service'],
+ require => Package['httpd'],
+ }
+
+ if ! defined(File[$mod_dir]) {
+ exec { "mkdir ${mod_dir}":
+ creates => $mod_dir,
+ require => Package['httpd'],
+ }
+ # Don't purge available modules if an enable dir is used
+ $purge_mod_dir = $purge_configs and !$mod_enable_dir
+ file { $mod_dir:
+ ensure => directory,
+ recurse => true,
+ purge => $purge_mod_dir,
+ notify => Class['Apache::Service'],
+ require => Package['httpd'],
+ }
+ }
+
+ if $mod_enable_dir and ! defined(File[$mod_enable_dir]) {
+ $mod_load_dir = $mod_enable_dir
+ exec { "mkdir ${mod_enable_dir}":
+ creates => $mod_enable_dir,
+ require => Package['httpd'],
+ }
+ file { $mod_enable_dir:
+ ensure => directory,
+ recurse => true,
+ purge => $purge_configs,
+ notify => Class['Apache::Service'],
+ require => Package['httpd'],
+ }
+ } else {
+ $mod_load_dir = $mod_dir
+ }
+
+ if ! defined(File[$vhost_dir]) {
+ exec { "mkdir ${vhost_dir}":
+ creates => $vhost_dir,
+ require => Package['httpd'],
+ }
+ file { $vhost_dir:
+ ensure => directory,
+ recurse => true,
+ purge => $purge_vhostd,
+ notify => Class['Apache::Service'],
+ require => Package['httpd'],
+ }
+ }
+
+ if $vhost_enable_dir and ! defined(File[$vhost_enable_dir]) {
+ $vhost_load_dir = $vhost_enable_dir
+ exec { "mkdir ${vhost_load_dir}":
+ creates => $vhost_load_dir,
+ require => Package['httpd'],
+ }
+ file { $vhost_enable_dir:
+ ensure => directory,
+ recurse => true,
+ purge => $purge_vhostd,
+ notify => Class['Apache::Service'],
+ require => Package['httpd'],
+ }
+ } else {
+ $vhost_load_dir = $vhost_dir
+ }
+
+ concat { $ports_file:
+ owner => 'root',
+ group => $::apache::params::root_group,
+ mode => '0644',
+ notify => Class['Apache::Service'],
+ require => Package['httpd'],
+ }
+ concat::fragment { 'Apache ports header':
+ ensure => present,
+ target => $ports_file,
+ content => template('apache/ports_header.erb')
+ }
+
+ if $::apache::conf_dir and $::apache::params::conf_file {
+ case $::osfamily {
+ 'debian': {
+ $pidfile = "\${APACHE_PID_FILE}"
+ $error_log = 'error.log'
+ $scriptalias = '/usr/lib/cgi-bin'
+ $access_log_file = 'access.log'
+ }
+ 'redhat': {
+ $pidfile = 'run/httpd.pid'
+ $error_log = 'error_log'
+ $scriptalias = '/var/www/cgi-bin'
+ $access_log_file = 'access_log'
+ }
+ 'freebsd': {
+ $pidfile = '/var/run/httpd.pid'
+ $error_log = 'httpd-error.log'
+ $scriptalias = '/usr/local/www/apache24/cgi-bin'
+ $access_log_file = 'httpd-access.log'
+ } 'gentoo': {
+ $pidfile = '/run/apache2.pid'
+ $error_log = 'error.log'
+ $error_documents_path = '/usr/share/apache2/error'
+ $scriptalias = '/var/www/localhost/cgi-bin'
+ $access_log_file = 'access.log'
+
+ ::portage::makeconf { 'apache2_modules':
+ content => $default_mods,
+ }
+ file { [
+ '/etc/apache2/modules.d/.keep_www-servers_apache-2',
+ '/etc/apache2/vhosts.d/.keep_www-servers_apache-2'
+ ]:
+ ensure => absent,
+ require => Package['httpd'],
+ }
+ }
+ 'Suse': {
+ $pidfile = '/var/run/httpd2.pid'
+ $error_log = 'error.log'
+ $scriptalias = '/usr/lib/cgi-bin'
+ $access_log_file = 'access.log'
+ }
+ default: {
+ fail("Unsupported osfamily ${::osfamily}")
+ }
+ }
+
+ $apxs_workaround = $::osfamily ? {
+ 'freebsd' => true,
+ default => false
+ }
+
+ # Template uses:
+ # - $pidfile
+ # - $user
+ # - $group
+ # - $logroot
+ # - $error_log
+ # - $sendfile
+ # - $mod_dir
+ # - $ports_file
+ # - $confd_dir
+ # - $vhost_dir
+ # - $error_documents
+ # - $error_documents_path
+ # - $apxs_workaround
+ # - $keepalive
+ # - $keepalive_timeout
+ # - $max_keepalive_requests
+ # - $server_root
+ # - $server_tokens
+ # - $server_signature
+ # - $trace_enable
+ file { "${::apache::conf_dir}/${::apache::params::conf_file}":
+ ensure => file,
+ content => template($conf_template),
+ notify => Class['Apache::Service'],
+ require => Package['httpd'],
+ }
+
+ # preserve back-wards compatibility to the times when default_mods was
+ # only a boolean value. Now it can be an array (too)
+ if is_array($default_mods) {
+ class { '::apache::default_mods':
+ all => false,
+ mods => $default_mods,
+ }
+ } else {
+ class { '::apache::default_mods':
+ all => $default_mods,
+ }
+ }
+ class { '::apache::default_confd_files':
+ all => $default_confd_files
+ }
+ if $mpm_module {
+ class { "::apache::mod::${mpm_module}": }
+ }
+
+ $default_vhost_ensure = $default_vhost ? {
+ true => 'present',
+ false => 'absent'
+ }
+ $default_ssl_vhost_ensure = $default_ssl_vhost ? {
+ true => 'present',
+ false => 'absent'
+ }
+
+ ::apache::vhost { 'default':
+ ensure => $default_vhost_ensure,
+ port => 80,
+ docroot => $docroot,
+ scriptalias => $scriptalias,
+ serveradmin => $serveradmin,
+ access_log_file => $access_log_file,
+ priority => '15',
+ ip => $ip,
+ logroot_mode => $logroot_mode,
+ manage_docroot => $default_vhost,
+ }
+ $ssl_access_log_file = $::osfamily ? {
+ 'freebsd' => $access_log_file,
+ default => "ssl_${access_log_file}",
+ }
+ ::apache::vhost { 'default-ssl':
+ ensure => $default_ssl_vhost_ensure,
+ port => 443,
+ ssl => true,
+ docroot => $docroot,
+ scriptalias => $scriptalias,
+ serveradmin => $serveradmin,
+ access_log_file => $ssl_access_log_file,
+ priority => '15',
+ ip => $ip,
+ logroot_mode => $logroot_mode,
+ manage_docroot => $default_ssl_vhost,
+ }
+ }
+}