Commit Graph

122 Commits

Author SHA1 Message Date
Clark Boylan c629d4779a Define params::ssl_path for vhost::proxy
The vhost::proxy vhost template file uses the ssl_path var.
Unfortuantely this isn't defined in params so we get errors like:

  Unknown variable: 'httpd::params::ssl_path'. at /etc/puppetlabs/code/modules/httpd/manifests/vhost/proxy.pp:37:15

Fix that by defining a value. Note this value should be correct for
debuntu, but is probably wrong for RHEL/CentOS.

Change-Id: Idbb1ac60a17d5506c4dd0d19eb10c1a45741c3b5
2020-03-05 09:14:29 -08:00
Clark Boylan 1609bb6a44 Fix leading :: on class includes to make linter happy
Why this needed to be a linter rule I do not know.

Change-Id: I27ba74c6060c9d2ad09b52bc38090ff9c1f83721
2020-03-05 09:14:07 -08:00
OpenDev Sysadmins 41618d1ffb OpenDev Migration Patch
This commit was bulk generated and pushed by the OpenDev sysadmins
as a part of the Git hosting and code review systems migration
detailed in these mailing list posts:

http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html

Attempts have been made to correct repository namespaces and
hostnames based on simple pattern matching, but it's possible some
were updated incorrectly or missed entirely. Please reach out to us
via the contact information listed at https://opendev.org/ with any
questions you may have.
2019-04-19 19:26:05 +00:00
Ian Wienand 95f4cc9888 Replace openstack.org git:// URLs with https://
This is a mechanically generated change to replace openstack.org
git:// URLs with https:// equivalents.

This is in aid of a planned future move of the git hosting
infrastructure to a self-hosted instance of gitea (https://gitea.io),
which does not support the git wire protocol at this stage.

This update should result in no functional change.

For more information see the thread at

 http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003825.html

Change-Id: I76d1d384fd6c0f3ef6e765fa83fe02a060985b79
2019-03-24 20:35:39 +00:00
Colleen Murphy 8158fd4cca Update Gemfile for Zuulv3
The logic in the Gemfile was relying on Zuulv2 variables to find out
whether the spec helper gem was already available on disk, and since
Zuulv3 has changed things it was failing to find it and downloading the
master version instead. This patch ensures the Gemfile looks for the gem
in the right place when running in CI.

Change-Id: I5a5c8613bf637f15d7a14481961991d242339d3c
2018-07-12 09:57:44 +02:00
Colleen Murphy e5996fd275 Add content parameter to httpd::vhost
Evaluating the template from the vhost defined type rather than the
module where it originates causes problems when dereferencing the
variables in the ERB file. If they are not accessed via the internal
scope object, they can't be found when using puppet 4. The scope object
is also useless when the variables are defined in a defined type and not
a class.

This patch adds a new parameter, $content, which overrides the $template
parameter. If provided, $content indicates the literal string content
for the vhost, as opposed to a reference to a template that needs to be
rendered. This can be used like this:

  $content = template('example/example.vhost.erb')
  httpd::vhost { 'vhostname':
    content => $content,
    priority => 50
  }

This way the template is evaluated when the template() function is
called and has access to variables in that scope.

Change-Id: Ibe3c609d92f3321f43f4794062a64b119b07a1d0
2018-05-28 15:04:15 -07:00
Zuul 9e47c78140 Merge "Add bindep.txt file" 2018-04-20 18:53:27 +00:00
Jeremy Stanley eec99fedb9 Allow access to docroot for proxy exclusions
In a httpd::vhost::proxy resource, if proxy exclusions and a docroot
are specified, we should allow clients to access contents of the
docroot.

Change-Id: If30b192b8f2c16375aa534131217a5aa2a9ff47d
2018-02-22 16:28:32 +00:00
Colleen Murphy efd4267ef4 Depend on helper gem for spec_helper_acceptance
Instead of keeping a local copy of spec_helper_acceptance.rb and
requiring updates to all modules for any change, we can move it into the
common helper gem and require it from there. This will make it easier to
create and review changes that affect all puppet modules. Also change
the Gemfile to look for the gem in the local workspace if running in a
zuul environment.

Change-Id: I8233333e7c35a3a1191c0f8d070f6de5dfb7b33d
2017-08-18 10:41:43 +02:00
Colleen Murphy 5f7b59c32c Stop testing mod-python in beaker
The python apache mod is deprecated and does not work with the wsgi mod.
The apache service dies if both mods are enabled. We can keep the mod
class but it is not worth keeping tests for it.

Change-Id: Ie411ee5c6e9324371eaabe0a6f1761c912a79600
2017-06-11 19:57:04 +02:00
Colleen Murphy 6325c13cf7 Remove unnecessary beaker tests
It is not necessary to check every file and package in the puppet
functional tests. It can be assumed that if puppet finished corretly
then it was also able to successfully find and install packages and
apply configs. We leave the service checks, however, because it is
possible for services to die due to misconfiguration after puppet starts
them.

Change-Id: I97682cb9d956803c3ab1be42fe44c0437c3d5f02
2017-06-11 19:56:51 +02:00
Colleen Murphy 17543eceaf Parameterize the php mod package name
Change-Id: If61473b394605fa2599f53716792dd5568ad24c5
2017-06-11 19:53:48 +02:00
Colleen Murphy d4f6905da6 Update beaker setup for xenial
Add a xenial nodeset and update the spec helper to install puppet 3 from
the Ubuntu repos instead of from puppetlabs.

Change-Id: I5d48236074dcb4e5d0fbd3466355d4224250e393
2017-06-11 19:52:02 +02:00
Colleen Murphy 9314b24380 Update Gemfile
Use the common spec helper gem instead of managing every gem
individually. This will keep the linter gems up to date and unbreak the
linter job.

Change-Id: I0034055dd172c23366ab5ba37b5b5174647e4f81
2017-06-11 19:50:30 +02:00
Paul Belanger cdc9456202
Add bindep.txt file
Bindep is a tool for checking the presence of binary packages needed
to use an application / library. It started life as a way to make it
easier to set up a development environment for OpenStack projects.

Change-Id: I6b353492e35f71bce66ea648d5f6f83e3d887587
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-05-01 21:09:37 -04:00
Yolanda Robla Mota 8fa18ba136 Fix selinux problems on vhost
When running on CentOS, that problem still persists: when trying
to access files under a vhost, apache was failing with
Access denied because search permissions are missing.

So running chcon on the docroot for each vhost

Please note that this change was reverted before. That was caused
by puppet-cgit sending a dummy location "MEANINGLESS ARGUMENT"
to docroot argument of vhost. To avoid that failure, execute only
the chcon call if docroot exists and is a directory.

Change-Id: I4ab7d4cc6d2115bd8f980be7f14a6a4557ffeb87
2016-07-22 08:57:46 +02:00
Paul Belanger fba135de66 Revert "Fix selinux problems on vhost"
We are reverting as this breaks our gitXX.o.o servers, which are centos-7. EG:

  (/Stage[main]/Cgit/Httpd::Vhost[git.openstack.org]/Exec[update_context_MEANINGLESS ARGUMENT]/returns) chcon: cannot access ‘MEANINGLESS’: No such file or directory

This reverts commit 10844f7c9e.

Change-Id: I06435e6203bd8770bc6a817d3f0b33a05d84bdf6
2016-07-20 23:24:41 +00:00
Yolanda Robla 10844f7c9e Fix selinux problems on vhost
When running on CentOS, two problems appeared:
- when using proxy, apache was failing with an error 500,
fixed by enabling httpd_can_network_connect

- when trying to access files under a vhost, apache was
failing with Access denied because search permissions
are missing. So running chcon on the docroot for each vhost

Change-Id: I87c4c0e51f05eab8f5c8e094c2c54504e60b97af
2016-06-26 09:53:35 +02:00
Spencer Krum 3f1c21aecb Pin google-api-client; sanitize Gemfile
Change-Id: Icf2aa6e7b44a0219e03cb9786726e0f6f9262a97
2016-04-14 15:19:35 -07:00
Andrey Nikitin 080f4bab6a Order of the classes parameters is refactored
Order and intendation of those parameters are changed
to follow Puppet Style Guide recommendation [0].
Moreover, it will allow to an user to find much faster
a variable in a list of variables.

[0]. https://docs.puppetlabs.com/guides/style_guide.html

Change-Id: If2443cbc57671784cfcb31bbe0ada0c09f78c996
2016-03-21 12:44:49 +03:00
Monty Taylor aec75a659f Add SSL Procotol and Cipher config to default vhost
Infra doesn't really use this template, but in case someone else does,
update the protocol to only use TLS and update the cipher list to the
list of strong ciphers.

Change-Id: Ibd8a0e65800e022ab8bc52f6af63c3c85e84419d
2016-03-01 08:04:00 -06:00
Jenkins 3d6423ebdf Merge "Fixes vhost and vhost::proxy on Precise." 2015-11-03 17:16:51 +00:00
Jenkins f98e71bf65 Merge "Enable SNI on Ubuntu 12.04 LTS" 2015-10-21 19:43:32 +00:00
Jeremy Stanley ebdc05976f Enable SNI on Ubuntu 12.04 LTS
Enable Server Name Indication (SNI) on Ubuntu 12.04 LTS which runs
Apache 2.2. This allows running multiple HTTPS sites from one IP
address/TCP port when SubjectAltNames are specified in the
certificate, but MSIE on WinXP does not support this extension and
so will cease working for HTTPS sites managed by this module. Note
that this behavior is already implicit on Apache 2.4 based platforms
(such as Ubuntu 14.04 LTS).

Change-Id: I05c8e335f68d9461d8d81a3d12343d1920a738d4
2015-10-21 15:35:33 +00:00
Bruno Tavares d8e4764ac8 Fixes vhost and vhost::proxy on Precise.
We recently introduced on bf7ce40e2f the
use of mod_version. The module is enabled and installed by default on
Ubuntu Trusty 14.04, CentOS 6 and CentOS 7.

On Ubuntu Precise 12.04 the module comes installed, but not enabled by
default. This is needed to maintain compatibility with downstream pool
of servers.

Change-Id: I01a8a12b959e3cbecd0355562db0393404ae54bf
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
2015-10-20 18:07:41 -02:00
Jenkins d2bd645ab6 Merge "Grant access for vhosts on Apache >= 2.4" 2015-10-20 08:38:58 +00:00
Jenkins 945f4f3862 Merge "Fix proxy and redirect configuration file names." 2015-10-20 08:36:32 +00:00
Danilo Ramalho bf7ce40e2f Grant access for vhosts on Apache >= 2.4
Apache's configuration for access control has changed on 2.4. To allow
access to served directories we need to include the new directive
"Require grant all".

We scoped the configuration to only be applied on Apache 2.4. More
information can be viewed on the Apache's upgrade document[1].

The tests were changed to ensure that the configuration is working
without any extra override, as the extra test vhost is on a custom
directory that requires the template to grant access to it.

[1] http://httpd.apache.org/docs/trunk/upgrading.html

Change-Id: I898ca049c5b3592cb70ad8c22eba8d4c681f3b22
Co-Authored-By: Bruno Tavares <btavare@thoughtworks.com>
2015-10-19 17:48:54 +00:00
Bruno Tavares faf9d932ba Fix proxy and redirect configuration file names.
While working on puppet-lodgeit acceptance tests we found that the
configuration file that `httpd::mod::proxy` creates was not being picked
up by Apache because it was missing the prefix `.conf`. This transition
is required to configure httpd modules correctly on Apache >= 2.4

To prevent Apache from loading two the same configuration twice, we
remove the file without extension, so this change does not affect
running systems.

This change has fixes for `httpd::mod::proxy` and `httpd::mod::redirect`
as they have the same issue. We added tests as well to increase the
confidence on the fix.

The acceptance will be fixed on the follow-up patch, as the redirect
grants are broken for 2.4 as well.

Change-Id: I82241038d687316f91f18209fe8323c12422e2f8
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
2015-10-19 15:43:51 -02:00
Jeremy Stanley 0dcb175c42 Clean up doubled backslashes in logrotate config
According to
https://docs.puppetlabs.com/puppet/3.8/reference/lang_datatypes.html
there is no way to end a single-quoted string with a literal
backslash, so fold this content into the preceding double-quoted
string in an effort to satisfy the linter as well.

Change-Id: Ic639cd2fc1c7953cbf4311ce7c958f9bdb61e31b
2015-10-14 13:29:17 +00:00
Clint Adams a827227079 Allow specification of DocumentRoot when reverse-proxying partially
If any locations are being excluded from reverse-proxying, we need
to be able to specify a DocumentRoot to serve up un-proxied files.

Change-Id: I1c5fe6f73b5983886578975e89c5e4148b506795
2015-10-06 15:57:14 -04:00
Jenkins 2a142ac027 Merge "Allow specification of locations to not be proxied" 2015-10-06 07:27:48 +00:00
Clint Adams c39fde20ed Allow specification of locations to not be proxied
A user of httpd::vhost::proxy may wish to exclude certain URLs from
being proxied.  This change allows the template to be populated with
such exclusions.

Change-Id: I55a86d3c703a667daf55cb75cf559eb23a556219
2015-10-02 12:15:43 -04:00
Bruno Tavares edb7660f9b Add note of support on Python mods for CentOS 7.
CentOS 7 has offically deprecated mod_python in favor of mod_wsgi and
the package is not available anymore. This change add a note on the
module about the offically supported way to run python applications on
CentOS 7.

Change-Id: I9bf2e0dde6575f50db6ce12abf896b5890b42419
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
2015-09-28 14:50:03 -03:00
Glauco Oliveira 9c22e17cef Add acceptance tests for puppet-httpd
Add acceptance tests for puppet-httpd module so that once the module is
applied we check if files were created, packages were installed and
services were started.

Change-Id: I3e1430f2937bd2bc5ea789c626784af7d5d85959
Co-Authored-By: Bruno Tavares <btavare@thoughtworks.com>
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
2015-09-28 14:50:03 -03:00
Bruno Tavares c180eeac3f Use httpd::mod when adding Apache modules.
Replace usage of httpd_mod with the httpd::mod wrapper to allow classes
to be applied as well on RedHat systems and have the httpd service
ordering fixed.

Change-Id: If790efd7b465e77c2eca7710f79e563d69ee3783
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
2015-09-28 14:50:03 -03:00
Bruno Tavares a6f2016567 Fix httpd::python.
While writing acceptance tests for puppet-httpd we noticed that the
manifest of httpd::python is not working on Ubuntu Trusty.

The httpd::python manifest was using a non-declared
$apache::params::mod_python_package instead of
$httpd::params::mod_python_package

Change-Id: I4db9298aba7da90a017527b2fb29dcd17af28efc
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>
2015-09-28 14:50:03 -03:00
Andy James 69310a65cb Changed to match 'python_package' to 'mod_python package'
Matches the parameter name set in params.pp

Change-Id: Ib95acfbb5dd510ad6c1cb13cda8741a0ace149d2
2015-09-28 14:50:03 -03:00
Bruno Tavares 84c5d2bf6a Fix httpd::dev.
While writing acceptance tests for puppet-httpd we noticed that the
manifest of httpd::dev was not working on Ubuntu Trusty.

That is because httpd::dev was trying to install multiple package using
the wrong syntax. Also, the one of the modules for Ubuntu was wrong and
we updated to keep applying.

Co-Authored-By: Bruno Tavares <btavare@thoughtworks.com>
Co-Authored-By: Danilo Ramalho <dramalho@thoughtworks.com>

Change-Id: Ibe1e107417b4670902f74b8c2fedc0d9d927ce9b
2015-09-28 14:50:03 -03:00
Jenkins d3261cdc81 Merge "Create a httpd::mod defined type" 2015-09-28 17:31:07 +00:00
Spencer Krum 5b0ebdf555 Create a httpd::mod defined type
This allows for before => Service['httpd'] on every resource without
being explicit.

Co-Authored-By: Bruno Tavares <btavare@thoughtworks.com>
Co-Authored-By: Glauco Oliveira <gvinici@thoughtworks.com>

Change-Id: I0e991a7a63317e608cc6ef35b58dc79b518ba863
2015-09-25 12:21:31 -07:00
Jenkins f0d478b4f9 Merge "Add logrotate class to Apache" 2015-09-22 19:17:49 +00:00
James E. Blair 77cae247c9 Add "Satisfy any" to default vhost template
This is needed for Apache 2.4, and is compatible with 2.2.

Change-Id: I5c8243c0031e295b5d88a21ac05f7a467beefa33
2015-09-17 14:25:42 -07:00
Spencer Krum 2016285e71 Fix target path for regular git clone during tests
Use same target directory for zuul-cloner and
the regular git command.

Change-Id: Ia93972eb910cbff202820151a0407d36b3317dc4
Co-Authored-By: Fabien Boucher <fabien.boucher@enovance.com>
2015-08-19 16:36:20 -07:00
Yolanda Robla 208feadbcd Add logrotate class to Apache
Adding this subclass to httpd configuration, to allow
modules using this manifest to setup log rotation for
apache on demand.
Please note that apache is installing a logrotate file by
default here, but naming that on same way will overwrite it,
and allow our desired log rotation.

Depends-On: I7451ecc550b50b85c55784ef598f6b45412117fc
Change-Id: I3ef60fd9386795007e5b55264cc6e91fa0b67c68
2015-08-15 09:13:17 +02:00
Spencer Krum 95e9f04e20 Add vim swp files to gitignore
Change-Id: I6787886ee37b8860ad0b8931e012bd488f95fd07
2015-08-12 21:27:43 -07:00
Jenkins d2e06d732b Merge "Add Gemfile and puppet 4 checks" 2015-08-11 05:07:50 +00:00
Jenkins 85469bb95e Merge "Add puppetlabs-firewall dependency to metadata" 2015-08-09 04:20:00 +00:00
Jenkins 0b6f95fe3f Merge "Fix $httpd::vhost::proxy::servername parameter" 2015-08-09 03:00:03 +00:00
Emma Barber fafa13ca43 Add puppetlabs-firewall dependency to metadata
$configure_firewall defaults to true, however the related firewall
dependency is missing from the module metadata. The lower bound
used here reflects that of puppetlabs-apache v0.0.4, the upper bound is
the current release.

Change-Id: Ic628fcacf11a65786241047f58839544e3d1fc52
2015-08-07 18:41:07 -07:00