kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Initial Chef repository

Browse Source
This commit is contained in:
Greg Karékinian
2015-07-21 19:45:23 +02:00
parent 7e5401fc71
commit ee4079fa85
1151 changed files with 185163 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

532
cookbooks/apache2/templates/default/a2disconf.erb Normal file
View File

@@ -0,0 +1,532 @@
#!/usr/bin/perl -w
#
# a2enmod by Stefan Fritsch <sf@debian.org>
# Licensed under Apache License 2.0
#
# The coding style is "perltidy -pbp"
use strict;
use Cwd 'realpath';
use File::Spec;
use File::Basename;
use File::Path;
use Getopt::Long;
my $quiet;
my $force;
my $maintmode;
my $purge;
Getopt::Long::Configure('bundling');
GetOptions(
'quiet|q' => \$quiet,
'force|f' => \$force,
'maintmode|m' => \$maintmode,
'purge|p' => \$purge
) or exit 2;
my $basename = basename($0);
$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
or die "$basename call name unknown\n";
my $act = $1;
my $obj = $2;
my $dir_suffix = $3;
my $env_file = $ENV{APACHE_ENVVARS}
|| (
$ENV{APACHE_CONFDIR}
? "$ENV{APACHE_CONFDIR}/envvars"
: "<%= node['apache']['dir'] %>$dir_suffix/envvars"
);
$ENV{LANG} = 'C';
read_env_file($env_file);
$act .= 'able';
my ( $name, $dir, $sffx, $reload );
if ( $obj eq 'mod' ) {
$obj = 'module';
$dir = 'mods';
$sffx = '.load';
$reload = 'restart';
}
elsif ( $obj eq 'conf' ) {
$obj = 'conf';
$dir = 'conf';
$sffx = '.conf';
$reload = 'reload';
}
else {
$dir = 'sites';
$sffx = '.conf';
$reload = 'reload';
}
$name = ucfirst($obj);
my $confdir = $ENV{APACHE_CONFDIR} || "<%= node['apache']['dir'] %>$dir_suffix";
my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
|| "$confdir/$dir-available";
my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "<%= node['apache']['lib_dir'] %>";
$statedir .= "/$obj";
my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
my $request_reload = 0;
my $rc = 0;
if ( !scalar @ARGV ) {
my @choices = myglob('*');
print "Your choices are: @choices\n";
print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
my $input = <>;
@ARGV = split /\s+/, $input;
}
my @objs;
foreach my $arg (@ARGV) {
$arg =~ s/${sffx}$//;
my @glob = myglob($arg);
if ( !@glob ) {
error("No $obj found matching $arg!\n");
$rc = 1;
}
else {
push @objs, @glob;
}
}
foreach my $acton (@objs) {
doit($acton) or $rc = 1;
}
info(
"To activate the new configuration, you need to run:\n service apache2 $reload\n"
) if $request_reload;
exit($rc);
##############################################################################
sub myglob {
my $arg = shift;
my @glob = map {
s{^$choicedir/}{};
s{$sffx$}{};
$_
} glob("$choicedir/$arg$sffx");
return @glob;
}
sub doit {
my $acton = shift;
my ( $conftgt, $conflink );
if ( $obj eq 'module' ) {
if ( $acton eq 'cgi' && threaded() ) {
print
"Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
$acton = 'cgid';
}
$conftgt = "$availdir/$acton.conf";
if ( -e $conftgt ) {
$conflink = "$enabldir/$acton.conf";
}
}
my $tgt = "$availdir/$acton$sffx";
my $link = "$enabldir/$acton$sffx";
if ( !-e $tgt ) {
if ( -l $link && !-e $link ) {
if ( $act eq 'disable' ) {
info("removing dangling symlink $link\n");
unlink($link);
# force a .conf path. It may exist as dangling link, too
$conflink = "$enabldir/$acton.conf";
if ( -l $conflink && !-e $conflink ) {
info("removing dangling symlink $conflink\n");
unlink($conflink);
}
return 1;
}
else {
error("$link is a dangling symlink!\n");
}
}
if ( $purge ) {
switch_marker( $obj, $act, $acton );
# exit silently, we are purging anyway
return 1;
}
error("$name $acton does not exist!\n");
return 0;
}
# handle module dependencies
if ( $obj eq 'module' ) {
if ( $act eq 'enable' ) {
if ( $acton eq 'mpm_itk' ) {
warning( "MPM_ITK is a third party module that is not part "
. "of the official Apache HTTPD. It has seen less "
. "testing than the official MPM modules." );
}
my @depends = get_deps("$availdir/$acton.load");
do_deps( $acton, @depends ) or return 0;
my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
check_conflicts( $acton, @conflicts ) or return 0;
}
else {
my @depending;
foreach my $d ( glob("$enabldir/*.load") ) {
my @deps = get_deps($d);
if ( is_in( $acton, @deps ) ) {
$d =~ m,/([^/]+).load$,;
push @depending, $1;
}
}
if ( scalar @depending ) {
if ($force) {
do_deps( $acton, @depending ) or return 0;
}
else {
error(
"The following modules depend on $acton ",
"and need to be disabled first: @depending\n"
);
return 0;
}
}
}
}
elsif ( $act eq 'enable' ) {
my @depends = get_deps("$availdir/$acton$sffx");
warn_deps( $acton, @depends ) or return 0;
}
if ( $act eq 'enable' ) {
my $check = check_link( $tgt, $link );
if ( $check eq 'ok' ) {
if ($conflink) {
# handle .conf file
my $confcheck = check_link( $conftgt, $conflink );
if ( $confcheck eq 'ok' ) {
info("$name $acton already enabled\n");
return 1;
}
elsif ( $confcheck eq 'missing' ) {
print "Enabling config file $acton.conf.\n";
add_link( $conftgt, $conflink ) or return 0;
}
else {
error(
"Config file $acton.conf not properly enabled: $confcheck\n"
);
return 0;
}
}
else {
info("$name $acton already enabled\n");
return 1;
}
}
elsif ( $check eq 'missing' ) {
if ($conflink) {
# handle .conf file
my $confcheck = check_link( $conftgt, $conflink );
if ( $confcheck eq 'missing' ) {
add_link( $conftgt, $conflink ) or return 0;
}
elsif ( $confcheck ne 'ok' ) {
error(
"Config file $acton.conf not properly enabled: $confcheck\n"
);
return 0;
}
}
print "Enabling $obj $acton.\n";
if ( $acton eq 'ssl' ) {
info( "See /usr/share/doc/apache2/README.Debian.gz on "
. "how to configure SSL and create self-signed certificates.\n"
);
}
return add_link( $tgt, $link )
&& switch_marker( $obj, $act, $acton );
}
else {
error("$name $acton not properly enabled: $check\n");
return 0;
}
}
else {
if ( -e $link || -l $link ) {
remove_link($link);
if ( $conflink && -e $conflink ) {
remove_link($conflink);
}
switch_marker( $obj, $act, $acton );
print "$name $acton disabled.\n";
}
elsif ( $conflink && -e $conflink ) {
print "Disabling stale config file $acton.conf.\n";
remove_link($conflink);
}
else {
info("$name $acton already disabled\n");
if ( $purge ) {
switch_marker( $obj, $act, $acton );
}
return 1;
}
}
return 1;
}
sub get_deps {
my $file = shift;
my $type = shift || "Depends";
my $fd;
if ( !open( $fd, '<', $file ) ) {
error("Can't open $file: $!");
return;
}
my $line;
while ( defined( $line = <$fd> ) ) {
chomp $line;
if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
my $deps = $1;
return split( /[\n\s]+/, $deps );
}
# only check until the first non-empty non-comment line
last if ( $line !~ /^\s*(?:#.*)?$/ );
}
return;
}
sub do_deps {
my $acton = shift;
foreach my $d (@_) {
info("Considering dependency $d for $acton:\n");
if ( !doit($d) ) {
error("Could not $act dependency $d for $acton, aborting\n");
return 0;
}
}
return 1;
}
sub warn_deps {
my $acton = shift;
my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
foreach my $d (@_) {
info("Checking dependency $d for $acton:\n");
if ( !-e "$modsenabldir/$d.load" ) {
warning(
"Module $d is not enabled, but $acton depends on it, aborting\n"
);
return 0;
}
}
return 1;
}
sub check_conflicts {
my $acton = shift;
my $haderror = 0;
foreach my $d (@_) {
info("Considering conflict $d for $acton:\n");
my $tgt = "$availdir/$d$sffx";
my $link = "$enabldir/$d$sffx";
my $confcheck = check_link( $tgt, $link );
if ( $confcheck eq 'ok' ) {
error(
"Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
);
# Don't return immediately, there could be several conflicts
$haderror++;
}
}
if ($haderror) {
return 0;
}
return 1;
}
sub add_link {
my ( $tgt, $link ) = @_;
# create relative link
if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
die("Could not create $link: $!\n");
}
$request_reload = 1;
return 1;
}
sub check_link {
my ( $tgt, $link ) = @_;
if ( !-e $link ) {
if ( -l $link ) {
# points to nowhere
info("Removing dangling link $link");
unlink($link) or die "Could not remove $link\n";
}
return 'missing';
}
if ( -e $link && !-l $link ) {
return "$link is a real file, not touching it";
}
if ( realpath($link) ne realpath($tgt) ) {
return "$link exists but does not point to $tgt, not touching it";
}
return 'ok';
}
sub remove_link {
my ($link) = @_;
if ( -l $link ) {
unlink($link) or die "Could not remove $link: $!\n";
}
elsif ( -e $link ) {
error("$link is not a symbolic link, not deleting\n");
return 0;
}
$request_reload = 1;
return 1;
}
sub threaded {
my $result = "";
$result = qx{<%= node['apache']['apachectl'] %> -V | grep 'threaded'}
if -x '<%= node['apache']['apachectl'] %>';
if ( $? != 0 ) {
# config doesn't work
if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
{
return 0;
}
elsif (-e "$enabldir/mpm_worker.load"
|| -e "$enabldir/mpm_event.load" )
{
return 1;
}
else {
error("Can't determine enabled MPM");
# do what user requested
return 0;
}
}
if ( $result =~ / no/ ) {
return 0;
}
elsif ( $result =~ / yes/ ) {
return 1;
}
else {
die("Can't parse output from apache2ctl -V:\n$result\n");
}
}
sub info {
print @_ if !$quiet;
}
sub error {
print STDERR 'ERROR: ', @_;
}
sub warning {
print STDERR 'WARNING: ', @_;
}
sub is_in {
my $needle = shift;
foreach my $e (@_) {
return 1 if $needle eq $e;
}
return 0;
}
sub read_env_file {
my $file = shift;
-r $file or return;
my @lines = qx{env - sh -c '. $file && env'};
if ($?) {
die "Could not read $file\n";
}
foreach my $l (@lines) {
chomp $l;
$l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
$ENV{$1} = $2;
}
}
sub switch_marker {
die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
if @_ != 3;
my $which = shift;
my $what = shift;
my $name = shift;
my $mode = "admin";
$mode = "maint" if $maintmode;
#print("switch_marker $which $what $name\n");
# TODO: get rid of the magic string(s)
my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
my $state_marker = "$state_marker_dir/$name";
if ( !-d $state_marker_dir ) {
File::Path::mkpath("$state_marker_dir")
|| error(
"Failed to create marker directory: '$state_marker_dir'\n");
}
# XXX: swap find with perl alternative
my @markers = qx{find "$statedir" -type f -a -name "$name"};
chomp(@markers);
foreach (@markers) {
unless ( unlink $_ ) {
error("Failed to remove old marker '$_'!\n") && return 0;
}
}
unless ($purge) {
qx{touch "$state_marker"};
if ( $? != 0 ) {
error("Failed to create marker '$state_marker'!\n") && return 0;
}
return 1;
}
}
# vim: syntax=perl sw=4 sts=4 sr et

532
cookbooks/apache2/templates/default/a2dismod.erb Normal file
View File

@@ -0,0 +1,532 @@
#!/usr/bin/perl -w
#
# a2enmod by Stefan Fritsch <sf@debian.org>
# Licensed under Apache License 2.0
#
# The coding style is "perltidy -pbp"
use strict;
use Cwd 'realpath';
use File::Spec;
use File::Basename;
use File::Path;
use Getopt::Long;
my $quiet;
my $force;
my $maintmode;
my $purge;
Getopt::Long::Configure('bundling');
GetOptions(
'quiet|q' => \$quiet,
'force|f' => \$force,
'maintmode|m' => \$maintmode,
'purge|p' => \$purge
) or exit 2;
my $basename = basename($0);
$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
or die "$basename call name unknown\n";
my $act = $1;
my $obj = $2;
my $dir_suffix = $3;
my $env_file = $ENV{APACHE_ENVVARS}
|| (
$ENV{APACHE_CONFDIR}
? "$ENV{APACHE_CONFDIR}/envvars"
: "<%= node['apache']['dir'] %>$dir_suffix/envvars"
);
$ENV{LANG} = 'C';
read_env_file($env_file);
$act .= 'able';
my ( $name, $dir, $sffx, $reload );
if ( $obj eq 'mod' ) {
$obj = 'module';
$dir = 'mods';
$sffx = '.load';
$reload = 'restart';
}
elsif ( $obj eq 'conf' ) {
$obj = 'conf';
$dir = 'conf';
$sffx = '.conf';
$reload = 'reload';
}
else {
$dir = 'sites';
$sffx = '.conf';
$reload = 'reload';
}
$name = ucfirst($obj);
my $confdir = $ENV{APACHE_CONFDIR} || "<%= node['apache']['dir'] %>$dir_suffix";
my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
|| "$confdir/$dir-available";
my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "<%= node['apache']['lib_dir'] %>";
$statedir .= "/$obj";
my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
my $request_reload = 0;
my $rc = 0;
if ( !scalar @ARGV ) {
my @choices = myglob('*');
print "Your choices are: @choices\n";
print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
my $input = <>;
@ARGV = split /\s+/, $input;
}
my @objs;
foreach my $arg (@ARGV) {
$arg =~ s/${sffx}$//;
my @glob = myglob($arg);
if ( !@glob ) {
error("No $obj found matching $arg!\n");
$rc = 1;
}
else {
push @objs, @glob;
}
}
foreach my $acton (@objs) {
doit($acton) or $rc = 1;
}
info(
"To activate the new configuration, you need to run:\n service apache2 $reload\n"
) if $request_reload;
exit($rc);
##############################################################################
sub myglob {
my $arg = shift;
my @glob = map {
s{^$choicedir/}{};
s{$sffx$}{};
$_
} glob("$choicedir/$arg$sffx");
return @glob;
}
sub doit {
my $acton = shift;
my ( $conftgt, $conflink );
if ( $obj eq 'module' ) {
if ( $acton eq 'cgi' && threaded() ) {
print
"Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
$acton = 'cgid';
}
$conftgt = "$availdir/$acton.conf";
if ( -e $conftgt ) {
$conflink = "$enabldir/$acton.conf";
}
}
my $tgt = "$availdir/$acton$sffx";
my $link = "$enabldir/$acton$sffx";
if ( !-e $tgt ) {
if ( -l $link && !-e $link ) {
if ( $act eq 'disable' ) {
info("removing dangling symlink $link\n");
unlink($link);
# force a .conf path. It may exist as dangling link, too
$conflink = "$enabldir/$acton.conf";
if ( -l $conflink && !-e $conflink ) {
info("removing dangling symlink $conflink\n");
unlink($conflink);
}
return 1;
}
else {
error("$link is a dangling symlink!\n");
}
}
if ( $purge ) {
switch_marker( $obj, $act, $acton );
# exit silently, we are purging anyway
return 1;
}
error("$name $acton does not exist!\n");
return 0;
}
# handle module dependencies
if ( $obj eq 'module' ) {
if ( $act eq 'enable' ) {
if ( $acton eq 'mpm_itk' ) {
warning( "MPM_ITK is a third party module that is not part "
. "of the official Apache HTTPD. It has seen less "
. "testing than the official MPM modules." );
}
my @depends = get_deps("$availdir/$acton.load");
do_deps( $acton, @depends ) or return 0;
my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
check_conflicts( $acton, @conflicts ) or return 0;
}
else {
my @depending;
foreach my $d ( glob("$enabldir/*.load") ) {
my @deps = get_deps($d);
if ( is_in( $acton, @deps ) ) {
$d =~ m,/([^/]+).load$,;
push @depending, $1;
}
}
if ( scalar @depending ) {
if ($force) {
do_deps( $acton, @depending ) or return 0;
}
else {
error(
"The following modules depend on $acton ",
"and need to be disabled first: @depending\n"
);
return 0;
}
}
}
}
elsif ( $act eq 'enable' ) {
my @depends = get_deps("$availdir/$acton$sffx");
warn_deps( $acton, @depends ) or return 0;
}
if ( $act eq 'enable' ) {
my $check = check_link( $tgt, $link );
if ( $check eq 'ok' ) {
if ($conflink) {
# handle .conf file
my $confcheck = check_link( $conftgt, $conflink );
if ( $confcheck eq 'ok' ) {
info("$name $acton already enabled\n");
return 1;
}
elsif ( $confcheck eq 'missing' ) {
print "Enabling config file $acton.conf.\n";
add_link( $conftgt, $conflink ) or return 0;
}
else {
error(
"Config file $acton.conf not properly enabled: $confcheck\n"
);
return 0;
}
}
else {
info("$name $acton already enabled\n");
return 1;
}
}
elsif ( $check eq 'missing' ) {
if ($conflink) {
# handle .conf file
my $confcheck = check_link( $conftgt, $conflink );
if ( $confcheck eq 'missing' ) {
add_link( $conftgt, $conflink ) or return 0;
}
elsif ( $confcheck ne 'ok' ) {
error(
"Config file $acton.conf not properly enabled: $confcheck\n"
);
return 0;
}
}
print "Enabling $obj $acton.\n";
if ( $acton eq 'ssl' ) {
info( "See /usr/share/doc/apache2/README.Debian.gz on "
. "how to configure SSL and create self-signed certificates.\n"
);
}
return add_link( $tgt, $link )
&& switch_marker( $obj, $act, $acton );
}
else {
error("$name $acton not properly enabled: $check\n");
return 0;
}
}
else {
if ( -e $link || -l $link ) {
remove_link($link);
if ( $conflink && -e $conflink ) {
remove_link($conflink);
}
switch_marker( $obj, $act, $acton );
print "$name $acton disabled.\n";
}
elsif ( $conflink && -e $conflink ) {
print "Disabling stale config file $acton.conf.\n";
remove_link($conflink);
}
else {
info("$name $acton already disabled\n");
if ( $purge ) {
switch_marker( $obj, $act, $acton );
}
return 1;
}
}
return 1;
}
sub get_deps {
my $file = shift;
my $type = shift || "Depends";
my $fd;
if ( !open( $fd, '<', $file ) ) {
error("Can't open $file: $!");
return;
}
my $line;
while ( defined( $line = <$fd> ) ) {
chomp $line;
if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
my $deps = $1;
return split( /[\n\s]+/, $deps );
}
# only check until the first non-empty non-comment line
last if ( $line !~ /^\s*(?:#.*)?$/ );
}
return;
}
sub do_deps {
my $acton = shift;
foreach my $d (@_) {
info("Considering dependency $d for $acton:\n");
if ( !doit($d) ) {
error("Could not $act dependency $d for $acton, aborting\n");
return 0;
}
}
return 1;
}
sub warn_deps {
my $acton = shift;
my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
foreach my $d (@_) {
info("Checking dependency $d for $acton:\n");
if ( !-e "$modsenabldir/$d.load" ) {
warning(
"Module $d is not enabled, but $acton depends on it, aborting\n"
);
return 0;
}
}
return 1;
}
sub check_conflicts {
my $acton = shift;
my $haderror = 0;
foreach my $d (@_) {
info("Considering conflict $d for $acton:\n");
my $tgt = "$availdir/$d$sffx";
my $link = "$enabldir/$d$sffx";
my $confcheck = check_link( $tgt, $link );
if ( $confcheck eq 'ok' ) {
error(
"Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
);
# Don't return immediately, there could be several conflicts
$haderror++;
}
}
if ($haderror) {
return 0;
}
return 1;
}
sub add_link {
my ( $tgt, $link ) = @_;
# create relative link
if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
die("Could not create $link: $!\n");
}
$request_reload = 1;
return 1;
}
sub check_link {
my ( $tgt, $link ) = @_;
if ( !-e $link ) {
if ( -l $link ) {
# points to nowhere
info("Removing dangling link $link");
unlink($link) or die "Could not remove $link\n";
}
return 'missing';
}
if ( -e $link && !-l $link ) {
return "$link is a real file, not touching it";
}
if ( realpath($link) ne realpath($tgt) ) {
return "$link exists but does not point to $tgt, not touching it";
}
return 'ok';
}
sub remove_link {
my ($link) = @_;
if ( -l $link ) {
unlink($link) or die "Could not remove $link: $!\n";
}
elsif ( -e $link ) {
error("$link is not a symbolic link, not deleting\n");
return 0;
}
$request_reload = 1;
return 1;
}
sub threaded {
my $result = "";
$result = qx{<%= node['apache']['apachectl'] %> -V | grep 'threaded'}
if -x '<%= node['apache']['apachectl'] %>';
if ( $? != 0 ) {
# config doesn't work
if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
{
return 0;
}
elsif (-e "$enabldir/mpm_worker.load"
|| -e "$enabldir/mpm_event.load" )
{
return 1;
}
else {
error("Can't determine enabled MPM");
# do what user requested
return 0;
}
}
if ( $result =~ / no/ ) {
return 0;
}
elsif ( $result =~ / yes/ ) {
return 1;
}
else {
die("Can't parse output from apache2ctl -V:\n$result\n");
}
}
sub info {
print @_ if !$quiet;
}
sub error {
print STDERR 'ERROR: ', @_;
}
sub warning {
print STDERR 'WARNING: ', @_;
}
sub is_in {
my $needle = shift;
foreach my $e (@_) {
return 1 if $needle eq $e;
}
return 0;
}
sub read_env_file {
my $file = shift;
-r $file or return;
my @lines = qx{env - sh -c '. $file && env'};
if ($?) {
die "Could not read $file\n";
}
foreach my $l (@lines) {
chomp $l;
$l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
$ENV{$1} = $2;
}
}
sub switch_marker {
die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
if @_ != 3;
my $which = shift;
my $what = shift;
my $name = shift;
my $mode = "admin";
$mode = "maint" if $maintmode;
#print("switch_marker $which $what $name\n");
# TODO: get rid of the magic string(s)
my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
my $state_marker = "$state_marker_dir/$name";
if ( !-d $state_marker_dir ) {
File::Path::mkpath("$state_marker_dir")
|| error(
"Failed to create marker directory: '$state_marker_dir'\n");
}
# XXX: swap find with perl alternative
my @markers = qx{find "$statedir" -type f -a -name "$name"};
chomp(@markers);
foreach (@markers) {
unless ( unlink $_ ) {
error("Failed to remove old marker '$_'!\n") && return 0;
}
}
unless ($purge) {
qx{touch "$state_marker"};
if ( $? != 0 ) {
error("Failed to create marker '$state_marker'!\n") && return 0;
}
return 1;
}
}
# vim: syntax=perl sw=4 sts=4 sr et

532
cookbooks/apache2/templates/default/a2dissite.erb Normal file
View File

@@ -0,0 +1,532 @@
#!/usr/bin/perl -w
#
# a2enmod by Stefan Fritsch <sf@debian.org>
# Licensed under Apache License 2.0
#
# The coding style is "perltidy -pbp"
use strict;
use Cwd 'realpath';
use File::Spec;
use File::Basename;
use File::Path;
use Getopt::Long;
my $quiet;
my $force;
my $maintmode;
my $purge;
Getopt::Long::Configure('bundling');
GetOptions(
'quiet|q' => \$quiet,
'force|f' => \$force,
'maintmode|m' => \$maintmode,
'purge|p' => \$purge
) or exit 2;
my $basename = basename($0);
$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
or die "$basename call name unknown\n";
my $act = $1;
my $obj = $2;
my $dir_suffix = $3;
my $env_file = $ENV{APACHE_ENVVARS}
|| (
$ENV{APACHE_CONFDIR}
? "$ENV{APACHE_CONFDIR}/envvars"
: "<%= node['apache']['dir'] %>$dir_suffix/envvars"
);
$ENV{LANG} = 'C';
read_env_file($env_file);
$act .= 'able';
my ( $name, $dir, $sffx, $reload );
if ( $obj eq 'mod' ) {
$obj = 'module';
$dir = 'mods';
$sffx = '.load';
$reload = 'restart';
}
elsif ( $obj eq 'conf' ) {
$obj = 'conf';
$dir = 'conf';
$sffx = '.conf';
$reload = 'reload';
}
else {
$dir = 'sites';
$sffx = '.conf';
$reload = 'reload';
}
$name = ucfirst($obj);
my $confdir = $ENV{APACHE_CONFDIR} || "<%= node['apache']['dir'] %>$dir_suffix";
my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
|| "$confdir/$dir-available";
my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "<%= node['apache']['lib_dir'] %>";
$statedir .= "/$obj";
my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
my $request_reload = 0;
my $rc = 0;
if ( !scalar @ARGV ) {
my @choices = myglob('*');
print "Your choices are: @choices\n";
print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
my $input = <>;
@ARGV = split /\s+/, $input;
}
my @objs;
foreach my $arg (@ARGV) {
$arg =~ s/${sffx}$//;
my @glob = myglob($arg);
if ( !@glob ) {
error("No $obj found matching $arg!\n");
$rc = 1;
}
else {
push @objs, @glob;
}
}
foreach my $acton (@objs) {
doit($acton) or $rc = 1;
}
info(
"To activate the new configuration, you need to run:\n service apache2 $reload\n"
) if $request_reload;
exit($rc);
##############################################################################
sub myglob {
my $arg = shift;
my @glob = map {
s{^$choicedir/}{};
s{$sffx$}{};
$_
} glob("$choicedir/$arg$sffx");
return @glob;
}
sub doit {
my $acton = shift;
my ( $conftgt, $conflink );
if ( $obj eq 'module' ) {
if ( $acton eq 'cgi' && threaded() ) {
print
"Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
$acton = 'cgid';
}
$conftgt = "$availdir/$acton.conf";
if ( -e $conftgt ) {
$conflink = "$enabldir/$acton.conf";
}
}
my $tgt = "$availdir/$acton$sffx";
my $link = "$enabldir/$acton$sffx";
if ( !-e $tgt ) {
if ( -l $link && !-e $link ) {
if ( $act eq 'disable' ) {
info("removing dangling symlink $link\n");
unlink($link);
# force a .conf path. It may exist as dangling link, too
$conflink = "$enabldir/$acton.conf";
if ( -l $conflink && !-e $conflink ) {
info("removing dangling symlink $conflink\n");
unlink($conflink);
}
return 1;
}
else {
error("$link is a dangling symlink!\n");
}
}
if ( $purge ) {
switch_marker( $obj, $act, $acton );
# exit silently, we are purging anyway
return 1;
}
error("$name $acton does not exist!\n");
return 0;
}
# handle module dependencies
if ( $obj eq 'module' ) {
if ( $act eq 'enable' ) {
if ( $acton eq 'mpm_itk' ) {
warning( "MPM_ITK is a third party module that is not part "
. "of the official Apache HTTPD. It has seen less "
. "testing than the official MPM modules." );
}
my @depends = get_deps("$availdir/$acton.load");
do_deps( $acton, @depends ) or return 0;
my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
check_conflicts( $acton, @conflicts ) or return 0;
}
else {
my @depending;
foreach my $d ( glob("$enabldir/*.load") ) {
my @deps = get_deps($d);
if ( is_in( $acton, @deps ) ) {
$d =~ m,/([^/]+).load$,;
push @depending, $1;
}
}
if ( scalar @depending ) {
if ($force) {
do_deps( $acton, @depending ) or return 0;
}
else {
error(
"The following modules depend on $acton ",
"and need to be disabled first: @depending\n"
);
return 0;
}
}
}
}
elsif ( $act eq 'enable' ) {
my @depends = get_deps("$availdir/$acton$sffx");
warn_deps( $acton, @depends ) or return 0;
}
if ( $act eq 'enable' ) {
my $check = check_link( $tgt, $link );
if ( $check eq 'ok' ) {
if ($conflink) {
# handle .conf file
my $confcheck = check_link( $conftgt, $conflink );
if ( $confcheck eq 'ok' ) {
info("$name $acton already enabled\n");
return 1;
}
elsif ( $confcheck eq 'missing' ) {
print "Enabling config file $acton.conf.\n";
add_link( $conftgt, $conflink ) or return 0;
}
else {
error(
"Config file $acton.conf not properly enabled: $confcheck\n"
);
return 0;
}
}
else {
info("$name $acton already enabled\n");
return 1;
}
}
elsif ( $check eq 'missing' ) {
if ($conflink) {
# handle .conf file
my $confcheck = check_link( $conftgt, $conflink );
if ( $confcheck eq 'missing' ) {
add_link( $conftgt, $conflink ) or return 0;
}
elsif ( $confcheck ne 'ok' ) {
error(
"Config file $acton.conf not properly enabled: $confcheck\n"
);
return 0;
}
}
print "Enabling $obj $acton.\n";
if ( $acton eq 'ssl' ) {
info( "See /usr/share/doc/apache2/README.Debian.gz on "
. "how to configure SSL and create self-signed certificates.\n"
);
}
return add_link( $tgt, $link )
&& switch_marker( $obj, $act, $acton );
}
else {
error("$name $acton not properly enabled: $check\n");
return 0;
}
}
else {
if ( -e $link || -l $link ) {
remove_link($link);
if ( $conflink && -e $conflink ) {
remove_link($conflink);
}
switch_marker( $obj, $act, $acton );
print "$name $acton disabled.\n";
}
elsif ( $conflink && -e $conflink ) {
print "Disabling stale config file $acton.conf.\n";
remove_link($conflink);
}
else {
info("$name $acton already disabled\n");
if ( $purge ) {
switch_marker( $obj, $act, $acton );
}
return 1;
}
}
return 1;
}
sub get_deps {
my $file = shift;
my $type = shift || "Depends";
my $fd;
if ( !open( $fd, '<', $file ) ) {
error("Can't open $file: $!");
return;
}
my $line;
while ( defined( $line = <$fd> ) ) {
chomp $line;
if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
my $deps = $1;
return split( /[\n\s]+/, $deps );
}
# only check until the first non-empty non-comment line
last if ( $line !~ /^\s*(?:#.*)?$/ );
}
return;
}
sub do_deps {
my $acton = shift;
foreach my $d (@_) {
info("Considering dependency $d for $acton:\n");
if ( !doit($d) ) {
error("Could not $act dependency $d for $acton, aborting\n");
return 0;
}
}
return 1;
}
sub warn_deps {
my $acton = shift;
my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
foreach my $d (@_) {
info("Checking dependency $d for $acton:\n");
if ( !-e "$modsenabldir/$d.load" ) {
warning(
"Module $d is not enabled, but $acton depends on it, aborting\n"
);
return 0;
}
}
return 1;
}
sub check_conflicts {
my $acton = shift;
my $haderror = 0;
foreach my $d (@_) {
info("Considering conflict $d for $acton:\n");
my $tgt = "$availdir/$d$sffx";
my $link = "$enabldir/$d$sffx";
my $confcheck = check_link( $tgt, $link );
if ( $confcheck eq 'ok' ) {
error(
"Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
);
# Don't return immediately, there could be several conflicts
$haderror++;
}
}
if ($haderror) {
return 0;
}
return 1;
}
sub add_link {
my ( $tgt, $link ) = @_;
# create relative link
if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
die("Could not create $link: $!\n");
}
$request_reload = 1;
return 1;
}
sub check_link {
my ( $tgt, $link ) = @_;
if ( !-e $link ) {
if ( -l $link ) {
# points to nowhere
info("Removing dangling link $link");
unlink($link) or die "Could not remove $link\n";
}
return 'missing';
}
if ( -e $link && !-l $link ) {
return "$link is a real file, not touching it";
}
if ( realpath($link) ne realpath($tgt) ) {
return "$link exists but does not point to $tgt, not touching it";
}
return 'ok';
}
sub remove_link {
my ($link) = @_;
if ( -l $link ) {
unlink($link) or die "Could not remove $link: $!\n";
}
elsif ( -e $link ) {
error("$link is not a symbolic link, not deleting\n");
return 0;
}
$request_reload = 1;
return 1;
}
sub threaded {
my $result = "";
$result = qx{<%= node['apache']['apachectl'] %> -V | grep 'threaded'}
if -x '<%= node['apache']['apachectl'] %>';
if ( $? != 0 ) {
# config doesn't work
if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
{
return 0;
}
elsif (-e "$enabldir/mpm_worker.load"
|| -e "$enabldir/mpm_event.load" )
{
return 1;
}
else {
error("Can't determine enabled MPM");
# do what user requested
return 0;
}
}
if ( $result =~ / no/ ) {
return 0;
}
elsif ( $result =~ / yes/ ) {
return 1;
}
else {
die("Can't parse output from apache2ctl -V:\n$result\n");
}
}
sub info {
print @_ if !$quiet;
}
sub error {
print STDERR 'ERROR: ', @_;
}
sub warning {
print STDERR 'WARNING: ', @_;
}
sub is_in {
my $needle = shift;
foreach my $e (@_) {
return 1 if $needle eq $e;
}
return 0;
}
sub read_env_file {
my $file = shift;
-r $file or return;
my @lines = qx{env - sh -c '. $file && env'};
if ($?) {
die "Could not read $file\n";
}
foreach my $l (@lines) {
chomp $l;
$l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
$ENV{$1} = $2;
}
}
sub switch_marker {
die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
if @_ != 3;
my $which = shift;
my $what = shift;
my $name = shift;
my $mode = "admin";
$mode = "maint" if $maintmode;
#print("switch_marker $which $what $name\n");
# TODO: get rid of the magic string(s)
my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
my $state_marker = "$state_marker_dir/$name";
if ( !-d $state_marker_dir ) {
File::Path::mkpath("$state_marker_dir")
|| error(
"Failed to create marker directory: '$state_marker_dir'\n");
}
# XXX: swap find with perl alternative
my @markers = qx{find "$statedir" -type f -a -name "$name"};
chomp(@markers);
foreach (@markers) {
unless ( unlink $_ ) {
error("Failed to remove old marker '$_'!\n") && return 0;
}
}
unless ($purge) {
qx{touch "$state_marker"};
if ( $? != 0 ) {
error("Failed to create marker '$state_marker'!\n") && return 0;
}
return 1;
}
}
# vim: syntax=perl sw=4 sts=4 sr et

532
cookbooks/apache2/templates/default/a2enconf.erb Normal file
View File

@@ -0,0 +1,532 @@
#!/usr/bin/perl -w
#
# a2enmod by Stefan Fritsch <sf@debian.org>
# Licensed under Apache License 2.0
#
# The coding style is "perltidy -pbp"
use strict;
use Cwd 'realpath';
use File::Spec;
use File::Basename;
use File::Path;
use Getopt::Long;
my $quiet;
my $force;
my $maintmode;
my $purge;
Getopt::Long::Configure('bundling');
GetOptions(
'quiet|q' => \$quiet,
'force|f' => \$force,
'maintmode|m' => \$maintmode,
'purge|p' => \$purge
) or exit 2;
my $basename = basename($0);
$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
or die "$basename call name unknown\n";
my $act = $1;
my $obj = $2;
my $dir_suffix = $3;
my $env_file = $ENV{APACHE_ENVVARS}
|| (
$ENV{APACHE_CONFDIR}
? "$ENV{APACHE_CONFDIR}/envvars"
: "<%= node['apache']['dir'] %>$dir_suffix/envvars"
);
$ENV{LANG} = 'C';
read_env_file($env_file);
$act .= 'able';
my ( $name, $dir, $sffx, $reload );
if ( $obj eq 'mod' ) {
$obj = 'module';
$dir = 'mods';
$sffx = '.load';
$reload = 'restart';
}
elsif ( $obj eq 'conf' ) {
$obj = 'conf';
$dir = 'conf';
$sffx = '.conf';
$reload = 'reload';
}
else {
$dir = 'sites';
$sffx = '.conf';
$reload = 'reload';
}
$name = ucfirst($obj);
my $confdir = $ENV{APACHE_CONFDIR} || "<%= node['apache']['dir'] %>$dir_suffix";
my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
|| "$confdir/$dir-available";
my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "<%= node['apache']['lib_dir'] %>";
$statedir .= "/$obj";
my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
my $request_reload = 0;
my $rc = 0;
if ( !scalar @ARGV ) {
my @choices = myglob('*');
print "Your choices are: @choices\n";
print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
my $input = <>;
@ARGV = split /\s+/, $input;
}
my @objs;
foreach my $arg (@ARGV) {
$arg =~ s/${sffx}$//;
my @glob = myglob($arg);
if ( !@glob ) {
error("No $obj found matching $arg!\n");
$rc = 1;
}
else {
push @objs, @glob;
}
}
foreach my $acton (@objs) {
doit($acton) or $rc = 1;
}
info(
"To activate the new configuration, you need to run:\n service apache2 $reload\n"
) if $request_reload;
exit($rc);
##############################################################################
sub myglob {
my $arg = shift;
my @glob = map {
s{^$choicedir/}{};
s{$sffx$}{};
$_
} glob("$choicedir/$arg$sffx");
return @glob;
}
sub doit {
my $acton = shift;
my ( $conftgt, $conflink );
if ( $obj eq 'module' ) {
if ( $acton eq 'cgi' && threaded() ) {
print
"Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
$acton = 'cgid';
}
$conftgt = "$availdir/$acton.conf";
if ( -e $conftgt ) {
$conflink = "$enabldir/$acton.conf";
}
}
my $tgt = "$availdir/$acton$sffx";
my $link = "$enabldir/$acton$sffx";
if ( !-e $tgt ) {
if ( -l $link && !-e $link ) {
if ( $act eq 'disable' ) {
info("removing dangling symlink $link\n");
unlink($link);
# force a .conf path. It may exist as dangling link, too
$conflink = "$enabldir/$acton.conf";
if ( -l $conflink && !-e $conflink ) {
info("removing dangling symlink $conflink\n");
unlink($conflink);
}
return 1;
}
else {
error("$link is a dangling symlink!\n");
}
}
if ( $purge ) {
switch_marker( $obj, $act, $acton );
# exit silently, we are purging anyway
return 1;
}
error("$name $acton does not exist!\n");
return 0;
}
# handle module dependencies
if ( $obj eq 'module' ) {
if ( $act eq 'enable' ) {
if ( $acton eq 'mpm_itk' ) {
warning( "MPM_ITK is a third party module that is not part "
. "of the official Apache HTTPD. It has seen less "
. "testing than the official MPM modules." );
}
my @depends = get_deps("$availdir/$acton.load");
do_deps( $acton, @depends ) or return 0;
my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
check_conflicts( $acton, @conflicts ) or return 0;
}
else {
my @depending;
foreach my $d ( glob("$enabldir/*.load") ) {
my @deps = get_deps($d);
if ( is_in( $acton, @deps ) ) {
$d =~ m,/([^/]+).load$,;
push @depending, $1;
}
}
if ( scalar @depending ) {
if ($force) {
do_deps( $acton, @depending ) or return 0;
}
else {
error(
"The following modules depend on $acton ",
"and need to be disabled first: @depending\n"
);
return 0;
}
}
}
}
elsif ( $act eq 'enable' ) {
my @depends = get_deps("$availdir/$acton$sffx");
warn_deps( $acton, @depends ) or return 0;
}
if ( $act eq 'enable' ) {
my $check = check_link( $tgt, $link );
if ( $check eq 'ok' ) {
if ($conflink) {
# handle .conf file
my $confcheck = check_link( $conftgt, $conflink );
if ( $confcheck eq 'ok' ) {
info("$name $acton already enabled\n");
return 1;
}
elsif ( $confcheck eq 'missing' ) {
print "Enabling config file $acton.conf.\n";
add_link( $conftgt, $conflink ) or return 0;
}
else {
error(
"Config file $acton.conf not properly enabled: $confcheck\n"
);
return 0;
}
}
else {
info("$name $acton already enabled\n");
return 1;
}
}
elsif ( $check eq 'missing' ) {
if ($conflink) {
# handle .conf file
my $confcheck = check_link( $conftgt, $conflink );
if ( $confcheck eq 'missing' ) {
add_link( $conftgt, $conflink ) or return 0;
}
elsif ( $confcheck ne 'ok' ) {
error(
"Config file $acton.conf not properly enabled: $confcheck\n"
);
return 0;
}
}
print "Enabling $obj $acton.\n";
if ( $acton eq 'ssl' ) {
info( "See /usr/share/doc/apache2/README.Debian.gz on "
. "how to configure SSL and create self-signed certificates.\n"
);
}
return add_link( $tgt, $link )
&& switch_marker( $obj, $act, $acton );
}
else {
error("$name $acton not properly enabled: $check\n");
return 0;
}
}
else {
if ( -e $link || -l $link ) {
remove_link($link);
if ( $conflink && -e $conflink ) {
remove_link($conflink);
}
switch_marker( $obj, $act, $acton );
print "$name $acton disabled.\n";
}
elsif ( $conflink && -e $conflink ) {
print "Disabling stale config file $acton.conf.\n";
remove_link($conflink);
}
else {
info("$name $acton already disabled\n");
if ( $purge ) {
switch_marker( $obj, $act, $acton );
}
return 1;
}
}
return 1;
}
sub get_deps {
my $file = shift;
my $type = shift || "Depends";
my $fd;
if ( !open( $fd, '<', $file ) ) {
error("Can't open $file: $!");
return;
}
my $line;
while ( defined( $line = <$fd> ) ) {
chomp $line;
if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
my $deps = $1;
return split( /[\n\s]+/, $deps );
}
# only check until the first non-empty non-comment line
last if ( $line !~ /^\s*(?:#.*)?$/ );
}
return;
}
sub do_deps {
my $acton = shift;
foreach my $d (@_) {
info("Considering dependency $d for $acton:\n");
if ( !doit($d) ) {
error("Could not $act dependency $d for $acton, aborting\n");
return 0;
}
}
return 1;
}
sub warn_deps {
my $acton = shift;
my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
foreach my $d (@_) {
info("Checking dependency $d for $acton:\n");
if ( !-e "$modsenabldir/$d.load" ) {
warning(
"Module $d is not enabled, but $acton depends on it, aborting\n"
);
return 0;
}
}
return 1;
}
sub check_conflicts {
my $acton = shift;
my $haderror = 0;
foreach my $d (@_) {
info("Considering conflict $d for $acton:\n");
my $tgt = "$availdir/$d$sffx";
my $link = "$enabldir/$d$sffx";
my $confcheck = check_link( $tgt, $link );
if ( $confcheck eq 'ok' ) {
error(
"Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
);
# Don't return immediately, there could be several conflicts
$haderror++;
}
}
if ($haderror) {
return 0;
}
return 1;
}
sub add_link {
my ( $tgt, $link ) = @_;
# create relative link
if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
die("Could not create $link: $!\n");
}
$request_reload = 1;
return 1;
}
sub check_link {
my ( $tgt, $link ) = @_;
if ( !-e $link ) {
if ( -l $link ) {
# points to nowhere
info("Removing dangling link $link");
unlink($link) or die "Could not remove $link\n";
}
return 'missing';
}
if ( -e $link && !-l $link ) {
return "$link is a real file, not touching it";
}
if ( realpath($link) ne realpath($tgt) ) {
return "$link exists but does not point to $tgt, not touching it";
}
return 'ok';
}
sub remove_link {
my ($link) = @_;
if ( -l $link ) {
unlink($link) or die "Could not remove $link: $!\n";
}
elsif ( -e $link ) {
error("$link is not a symbolic link, not deleting\n");
return 0;
}
$request_reload = 1;
return 1;
}
sub threaded {
my $result = "";
$result = qx{<%= node['apache']['apachectl'] %> -V | grep 'threaded'}
if -x '<%= node['apache']['apachectl'] %>';
if ( $? != 0 ) {
# config doesn't work
if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
{
return 0;
}
elsif (-e "$enabldir/mpm_worker.load"
|| -e "$enabldir/mpm_event.load" )
{
return 1;
}
else {
error("Can't determine enabled MPM");
# do what user requested
return 0;
}
}
if ( $result =~ / no/ ) {
return 0;
}
elsif ( $result =~ / yes/ ) {
return 1;
}
else {
die("Can't parse output from apache2ctl -V:\n$result\n");
}
}
sub info {
print @_ if !$quiet;
}
sub error {
print STDERR 'ERROR: ', @_;
}
sub warning {
print STDERR 'WARNING: ', @_;
}
sub is_in {
my $needle = shift;
foreach my $e (@_) {
return 1 if $needle eq $e;
}
return 0;
}
sub read_env_file {
my $file = shift;
-r $file or return;
my @lines = qx{env - sh -c '. $file && env'};
if ($?) {
die "Could not read $file\n";
}
foreach my $l (@lines) {
chomp $l;
$l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
$ENV{$1} = $2;
}
}
sub switch_marker {
die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
if @_ != 3;
my $which = shift;
my $what = shift;
my $name = shift;
my $mode = "admin";
$mode = "maint" if $maintmode;
#print("switch_marker $which $what $name\n");
# TODO: get rid of the magic string(s)
my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
my $state_marker = "$state_marker_dir/$name";
if ( !-d $state_marker_dir ) {
File::Path::mkpath("$state_marker_dir")
|| error(
"Failed to create marker directory: '$state_marker_dir'\n");
}
# XXX: swap find with perl alternative
my @markers = qx{find "$statedir" -type f -a -name "$name"};
chomp(@markers);
foreach (@markers) {
unless ( unlink $_ ) {
error("Failed to remove old marker '$_'!\n") && return 0;
}
}
unless ($purge) {
qx{touch "$state_marker"};
if ( $? != 0 ) {
error("Failed to create marker '$state_marker'!\n") && return 0;
}
return 1;
}
}
# vim: syntax=perl sw=4 sts=4 sr et

532
cookbooks/apache2/templates/default/a2enmod.erb Normal file
View File

@@ -0,0 +1,532 @@
#!/usr/bin/perl -w
#
# a2enmod by Stefan Fritsch <sf@debian.org>
# Licensed under Apache License 2.0
#
# The coding style is "perltidy -pbp"
use strict;
use Cwd 'realpath';
use File::Spec;
use File::Basename;
use File::Path;
use Getopt::Long;
my $quiet;
my $force;
my $maintmode;
my $purge;
Getopt::Long::Configure('bundling');
GetOptions(
'quiet|q' => \$quiet,
'force|f' => \$force,
'maintmode|m' => \$maintmode,
'purge|p' => \$purge
) or exit 2;
my $basename = basename($0);
$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
or die "$basename call name unknown\n";
my $act = $1;
my $obj = $2;
my $dir_suffix = $3;
my $env_file = $ENV{APACHE_ENVVARS}
|| (
$ENV{APACHE_CONFDIR}
? "$ENV{APACHE_CONFDIR}/envvars"
: "<%= node['apache']['dir'] %>$dir_suffix/envvars"
);
$ENV{LANG} = 'C';
read_env_file($env_file);
$act .= 'able';
my ( $name, $dir, $sffx, $reload );
if ( $obj eq 'mod' ) {
$obj = 'module';
$dir = 'mods';
$sffx = '.load';
$reload = 'restart';
}
elsif ( $obj eq 'conf' ) {
$obj = 'conf';
$dir = 'conf';
$sffx = '.conf';
$reload = 'reload';
}
else {
$dir = 'sites';
$sffx = '.conf';
$reload = 'reload';
}
$name = ucfirst($obj);
my $confdir = $ENV{APACHE_CONFDIR} || "<%= node['apache']['dir'] %>$dir_suffix";
my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
|| "$confdir/$dir-available";
my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "<%= node['apache']['lib_dir'] %>";
$statedir .= "/$obj";
my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
my $request_reload = 0;
my $rc = 0;
if ( !scalar @ARGV ) {
my @choices = myglob('*');
print "Your choices are: @choices\n";
print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
my $input = <>;
@ARGV = split /\s+/, $input;
}
my @objs;
foreach my $arg (@ARGV) {
$arg =~ s/${sffx}$//;
my @glob = myglob($arg);
if ( !@glob ) {
error("No $obj found matching $arg!\n");
$rc = 1;
}
else {
push @objs, @glob;
}
}
foreach my $acton (@objs) {
doit($acton) or $rc = 1;
}
info(
"To activate the new configuration, you need to run:\n service apache2 $reload\n"
) if $request_reload;
exit($rc);
##############################################################################
sub myglob {
my $arg = shift;
my @glob = map {
s{^$choicedir/}{};
s{$sffx$}{};
$_
} glob("$choicedir/$arg$sffx");
return @glob;
}
sub doit {
my $acton = shift;
my ( $conftgt, $conflink );
if ( $obj eq 'module' ) {
if ( $acton eq 'cgi' && threaded() ) {
print
"Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
$acton = 'cgid';
}
$conftgt = "$availdir/$acton.conf";
if ( -e $conftgt ) {
$conflink = "$enabldir/$acton.conf";
}
}
my $tgt = "$availdir/$acton$sffx";
my $link = "$enabldir/$acton$sffx";
if ( !-e $tgt ) {
if ( -l $link && !-e $link ) {
if ( $act eq 'disable' ) {
info("removing dangling symlink $link\n");
unlink($link);
# force a .conf path. It may exist as dangling link, too
$conflink = "$enabldir/$acton.conf";
if ( -l $conflink && !-e $conflink ) {
info("removing dangling symlink $conflink\n");
unlink($conflink);
}
return 1;
}
else {
error("$link is a dangling symlink!\n");
}
}
if ( $purge ) {
switch_marker( $obj, $act, $acton );
# exit silently, we are purging anyway
return 1;
}
error("$name $acton does not exist!\n");
return 0;
}
# handle module dependencies
if ( $obj eq 'module' ) {
if ( $act eq 'enable' ) {
if ( $acton eq 'mpm_itk' ) {
warning( "MPM_ITK is a third party module that is not part "
. "of the official Apache HTTPD. It has seen less "
. "testing than the official MPM modules." );
}
my @depends = get_deps("$availdir/$acton.load");
do_deps( $acton, @depends ) or return 0;
my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
check_conflicts( $acton, @conflicts ) or return 0;
}
else {
my @depending;
foreach my $d ( glob("$enabldir/*.load") ) {
my @deps = get_deps($d);
if ( is_in( $acton, @deps ) ) {
$d =~ m,/([^/]+).load$,;
push @depending, $1;
}
}
if ( scalar @depending ) {
if ($force) {
do_deps( $acton, @depending ) or return 0;
}
else {
error(
"The following modules depend on $acton ",
"and need to be disabled first: @depending\n"
);
return 0;
}
}
}
}
elsif ( $act eq 'enable' ) {
my @depends = get_deps("$availdir/$acton$sffx");
warn_deps( $acton, @depends ) or return 0;
}
if ( $act eq 'enable' ) {
my $check = check_link( $tgt, $link );
if ( $check eq 'ok' ) {
if ($conflink) {
# handle .conf file
my $confcheck = check_link( $conftgt, $conflink );
if ( $confcheck eq 'ok' ) {
info("$name $acton already enabled\n");
return 1;
}
elsif ( $confcheck eq 'missing' ) {
print "Enabling config file $acton.conf.\n";
add_link( $conftgt, $conflink ) or return 0;
}
else {
error(
"Config file $acton.conf not properly enabled: $confcheck\n"
);
return 0;
}
}
else {
info("$name $acton already enabled\n");
return 1;
}
}
elsif ( $check eq 'missing' ) {
if ($conflink) {
# handle .conf file
my $confcheck = check_link( $conftgt, $conflink );
if ( $confcheck eq 'missing' ) {
add_link( $conftgt, $conflink ) or return 0;
}
elsif ( $confcheck ne 'ok' ) {
error(
"Config file $acton.conf not properly enabled: $confcheck\n"
);
return 0;
}
}
print "Enabling $obj $acton.\n";
if ( $acton eq 'ssl' ) {
info( "See /usr/share/doc/apache2/README.Debian.gz on "
. "how to configure SSL and create self-signed certificates.\n"
);
}
return add_link( $tgt, $link )
&& switch_marker( $obj, $act, $acton );
}
else {
error("$name $acton not properly enabled: $check\n");
return 0;
}
}
else {
if ( -e $link || -l $link ) {
remove_link($link);
if ( $conflink && -e $conflink ) {
remove_link($conflink);
}
switch_marker( $obj, $act, $acton );
print "$name $acton disabled.\n";
}
elsif ( $conflink && -e $conflink ) {
print "Disabling stale config file $acton.conf.\n";
remove_link($conflink);
}
else {
info("$name $acton already disabled\n");
if ( $purge ) {
switch_marker( $obj, $act, $acton );
}
return 1;
}
}
return 1;
}
sub get_deps {
my $file = shift;
my $type = shift || "Depends";
my $fd;
if ( !open( $fd, '<', $file ) ) {
error("Can't open $file: $!");
return;
}
my $line;
while ( defined( $line = <$fd> ) ) {
chomp $line;
if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
my $deps = $1;
return split( /[\n\s]+/, $deps );
}
# only check until the first non-empty non-comment line
last if ( $line !~ /^\s*(?:#.*)?$/ );
}
return;
}
sub do_deps {
my $acton = shift;
foreach my $d (@_) {
info("Considering dependency $d for $acton:\n");
if ( !doit($d) ) {
error("Could not $act dependency $d for $acton, aborting\n");
return 0;
}
}
return 1;
}
sub warn_deps {
my $acton = shift;
my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
foreach my $d (@_) {
info("Checking dependency $d for $acton:\n");
if ( !-e "$modsenabldir/$d.load" ) {
warning(
"Module $d is not enabled, but $acton depends on it, aborting\n"
);
return 0;
}
}
return 1;
}
sub check_conflicts {
my $acton = shift;
my $haderror = 0;
foreach my $d (@_) {
info("Considering conflict $d for $acton:\n");
my $tgt = "$availdir/$d$sffx";
my $link = "$enabldir/$d$sffx";
my $confcheck = check_link( $tgt, $link );
if ( $confcheck eq 'ok' ) {
error(
"Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
);
# Don't return immediately, there could be several conflicts
$haderror++;
}
}
if ($haderror) {
return 0;
}
return 1;
}
sub add_link {
my ( $tgt, $link ) = @_;
# create relative link
if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
die("Could not create $link: $!\n");
}
$request_reload = 1;
return 1;
}
sub check_link {
my ( $tgt, $link ) = @_;
if ( !-e $link ) {
if ( -l $link ) {
# points to nowhere
info("Removing dangling link $link");
unlink($link) or die "Could not remove $link\n";
}
return 'missing';
}
if ( -e $link && !-l $link ) {
return "$link is a real file, not touching it";
}
if ( realpath($link) ne realpath($tgt) ) {
return "$link exists but does not point to $tgt, not touching it";
}
return 'ok';
}
sub remove_link {
my ($link) = @_;
if ( -l $link ) {
unlink($link) or die "Could not remove $link: $!\n";
}
elsif ( -e $link ) {
error("$link is not a symbolic link, not deleting\n");
return 0;
}
$request_reload = 1;
return 1;
}
sub threaded {
my $result = "";
$result = qx{<%= node['apache']['apachectl'] %> -V | grep 'threaded'}
if -x '<%= node['apache']['apachectl'] %>';
if ( $? != 0 ) {
# config doesn't work
if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
{
return 0;
}
elsif (-e "$enabldir/mpm_worker.load"
|| -e "$enabldir/mpm_event.load" )
{
return 1;
}
else {
error("Can't determine enabled MPM");
# do what user requested
return 0;
}
}
if ( $result =~ / no/ ) {
return 0;
}
elsif ( $result =~ / yes/ ) {
return 1;
}
else {
die("Can't parse output from apache2ctl -V:\n$result\n");
}
}
sub info {
print @_ if !$quiet;
}
sub error {
print STDERR 'ERROR: ', @_;
}
sub warning {
print STDERR 'WARNING: ', @_;
}
sub is_in {
my $needle = shift;
foreach my $e (@_) {
return 1 if $needle eq $e;
}
return 0;
}
sub read_env_file {
my $file = shift;
-r $file or return;
my @lines = qx{env - sh -c '. $file && env'};
if ($?) {
die "Could not read $file\n";
}
foreach my $l (@lines) {
chomp $l;
$l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
$ENV{$1} = $2;
}
}
sub switch_marker {
die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
if @_ != 3;
my $which = shift;
my $what = shift;
my $name = shift;
my $mode = "admin";
$mode = "maint" if $maintmode;
#print("switch_marker $which $what $name\n");
# TODO: get rid of the magic string(s)
my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
my $state_marker = "$state_marker_dir/$name";
if ( !-d $state_marker_dir ) {
File::Path::mkpath("$state_marker_dir")
|| error(
"Failed to create marker directory: '$state_marker_dir'\n");
}
# XXX: swap find with perl alternative
my @markers = qx{find "$statedir" -type f -a -name "$name"};
chomp(@markers);
foreach (@markers) {
unless ( unlink $_ ) {
error("Failed to remove old marker '$_'!\n") && return 0;
}
}
unless ($purge) {
qx{touch "$state_marker"};
if ( $? != 0 ) {
error("Failed to create marker '$state_marker'!\n") && return 0;
}
return 1;
}
}
# vim: syntax=perl sw=4 sts=4 sr et

532
cookbooks/apache2/templates/default/a2ensite.erb Normal file
View File

@@ -0,0 +1,532 @@
#!/usr/bin/perl -w
#
# a2enmod by Stefan Fritsch <sf@debian.org>
# Licensed under Apache License 2.0
#
# The coding style is "perltidy -pbp"
use strict;
use Cwd 'realpath';
use File::Spec;
use File::Basename;
use File::Path;
use Getopt::Long;
my $quiet;
my $force;
my $maintmode;
my $purge;
Getopt::Long::Configure('bundling');
GetOptions(
'quiet|q' => \$quiet,
'force|f' => \$force,
'maintmode|m' => \$maintmode,
'purge|p' => \$purge
) or exit 2;
my $basename = basename($0);
$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
or die "$basename call name unknown\n";
my $act = $1;
my $obj = $2;
my $dir_suffix = $3;
my $env_file = $ENV{APACHE_ENVVARS}
|| (
$ENV{APACHE_CONFDIR}
? "$ENV{APACHE_CONFDIR}/envvars"
: "<%= node['apache']['dir'] %>$dir_suffix/envvars"
);
$ENV{LANG} = 'C';
read_env_file($env_file);
$act .= 'able';
my ( $name, $dir, $sffx, $reload );
if ( $obj eq 'mod' ) {
$obj = 'module';
$dir = 'mods';
$sffx = '.load';
$reload = 'restart';
}
elsif ( $obj eq 'conf' ) {
$obj = 'conf';
$dir = 'conf';
$sffx = '.conf';
$reload = 'reload';
}
else {
$dir = 'sites';
$sffx = '.conf';
$reload = 'reload';
}
$name = ucfirst($obj);
my $confdir = $ENV{APACHE_CONFDIR} || "<%= node['apache']['dir'] %>$dir_suffix";
my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
|| "$confdir/$dir-available";
my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "<%= node['apache']['lib_dir'] %>";
$statedir .= "/$obj";
my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
my $request_reload = 0;
my $rc = 0;
if ( !scalar @ARGV ) {
my @choices = myglob('*');
print "Your choices are: @choices\n";
print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
my $input = <>;
@ARGV = split /\s+/, $input;
}
my @objs;
foreach my $arg (@ARGV) {
$arg =~ s/${sffx}$//;
my @glob = myglob($arg);
if ( !@glob ) {
error("No $obj found matching $arg!\n");
$rc = 1;
}
else {
push @objs, @glob;
}
}
foreach my $acton (@objs) {
doit($acton) or $rc = 1;
}
info(
"To activate the new configuration, you need to run:\n service apache2 $reload\n"
) if $request_reload;
exit($rc);
##############################################################################
sub myglob {
my $arg = shift;
my @glob = map {
s{^$choicedir/}{};
s{$sffx$}{};
$_
} glob("$choicedir/$arg$sffx");
return @glob;
}
sub doit {
my $acton = shift;
my ( $conftgt, $conflink );
if ( $obj eq 'module' ) {
if ( $acton eq 'cgi' && threaded() ) {
print
"Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
$acton = 'cgid';
}
$conftgt = "$availdir/$acton.conf";
if ( -e $conftgt ) {
$conflink = "$enabldir/$acton.conf";
}
}
my $tgt = "$availdir/$acton$sffx";
my $link = "$enabldir/$acton$sffx";
if ( !-e $tgt ) {
if ( -l $link && !-e $link ) {
if ( $act eq 'disable' ) {
info("removing dangling symlink $link\n");
unlink($link);
# force a .conf path. It may exist as dangling link, too
$conflink = "$enabldir/$acton.conf";
if ( -l $conflink && !-e $conflink ) {
info("removing dangling symlink $conflink\n");
unlink($conflink);
}
return 1;
}
else {
error("$link is a dangling symlink!\n");
}
}
if ( $purge ) {
switch_marker( $obj, $act, $acton );
# exit silently, we are purging anyway
return 1;
}
error("$name $acton does not exist!\n");
return 0;
}
# handle module dependencies
if ( $obj eq 'module' ) {
if ( $act eq 'enable' ) {
if ( $acton eq 'mpm_itk' ) {
warning( "MPM_ITK is a third party module that is not part "
. "of the official Apache HTTPD. It has seen less "
. "testing than the official MPM modules." );
}
my @depends = get_deps("$availdir/$acton.load");
do_deps( $acton, @depends ) or return 0;
my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
check_conflicts( $acton, @conflicts ) or return 0;
}
else {
my @depending;
foreach my $d ( glob("$enabldir/*.load") ) {
my @deps = get_deps($d);
if ( is_in( $acton, @deps ) ) {
$d =~ m,/([^/]+).load$,;
push @depending, $1;
}
}
if ( scalar @depending ) {
if ($force) {
do_deps( $acton, @depending ) or return 0;
}
else {
error(
"The following modules depend on $acton ",
"and need to be disabled first: @depending\n"
);
return 0;
}
}
}
}
elsif ( $act eq 'enable' ) {
my @depends = get_deps("$availdir/$acton$sffx");
warn_deps( $acton, @depends ) or return 0;
}
if ( $act eq 'enable' ) {
my $check = check_link( $tgt, $link );
if ( $check eq 'ok' ) {
if ($conflink) {
# handle .conf file
my $confcheck = check_link( $conftgt, $conflink );
if ( $confcheck eq 'ok' ) {
info("$name $acton already enabled\n");
return 1;
}
elsif ( $confcheck eq 'missing' ) {
print "Enabling config file $acton.conf.\n";
add_link( $conftgt, $conflink ) or return 0;
}
else {
error(
"Config file $acton.conf not properly enabled: $confcheck\n"
);
return 0;
}
}
else {
info("$name $acton already enabled\n");
return 1;
}
}
elsif ( $check eq 'missing' ) {
if ($conflink) {
# handle .conf file
my $confcheck = check_link( $conftgt, $conflink );
if ( $confcheck eq 'missing' ) {
add_link( $conftgt, $conflink ) or return 0;
}
elsif ( $confcheck ne 'ok' ) {
error(
"Config file $acton.conf not properly enabled: $confcheck\n"
);
return 0;
}
}
print "Enabling $obj $acton.\n";
if ( $acton eq 'ssl' ) {
info( "See /usr/share/doc/apache2/README.Debian.gz on "
. "how to configure SSL and create self-signed certificates.\n"
);
}
return add_link( $tgt, $link )
&& switch_marker( $obj, $act, $acton );
}
else {
error("$name $acton not properly enabled: $check\n");
return 0;
}
}
else {
if ( -e $link || -l $link ) {
remove_link($link);
if ( $conflink && -e $conflink ) {
remove_link($conflink);
}
switch_marker( $obj, $act, $acton );
print "$name $acton disabled.\n";
}
elsif ( $conflink && -e $conflink ) {
print "Disabling stale config file $acton.conf.\n";
remove_link($conflink);
}
else {
info("$name $acton already disabled\n");
if ( $purge ) {
switch_marker( $obj, $act, $acton );
}
return 1;
}
}
return 1;
}
sub get_deps {
my $file = shift;
my $type = shift || "Depends";
my $fd;
if ( !open( $fd, '<', $file ) ) {
error("Can't open $file: $!");
return;
}
my $line;
while ( defined( $line = <$fd> ) ) {
chomp $line;
if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
my $deps = $1;
return split( /[\n\s]+/, $deps );
}
# only check until the first non-empty non-comment line
last if ( $line !~ /^\s*(?:#.*)?$/ );
}
return;
}
sub do_deps {
my $acton = shift;
foreach my $d (@_) {
info("Considering dependency $d for $acton:\n");
if ( !doit($d) ) {
error("Could not $act dependency $d for $acton, aborting\n");
return 0;
}
}
return 1;
}
sub warn_deps {
my $acton = shift;
my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
foreach my $d (@_) {
info("Checking dependency $d for $acton:\n");
if ( !-e "$modsenabldir/$d.load" ) {
warning(
"Module $d is not enabled, but $acton depends on it, aborting\n"
);
return 0;
}
}
return 1;
}
sub check_conflicts {
my $acton = shift;
my $haderror = 0;
foreach my $d (@_) {
info("Considering conflict $d for $acton:\n");
my $tgt = "$availdir/$d$sffx";
my $link = "$enabldir/$d$sffx";
my $confcheck = check_link( $tgt, $link );
if ( $confcheck eq 'ok' ) {
error(
"Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
);
# Don't return immediately, there could be several conflicts
$haderror++;
}
}
if ($haderror) {
return 0;
}
return 1;
}
sub add_link {
my ( $tgt, $link ) = @_;
# create relative link
if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
die("Could not create $link: $!\n");
}
$request_reload = 1;
return 1;
}
sub check_link {
my ( $tgt, $link ) = @_;
if ( !-e $link ) {
if ( -l $link ) {
# points to nowhere
info("Removing dangling link $link");
unlink($link) or die "Could not remove $link\n";
}
return 'missing';
}
if ( -e $link && !-l $link ) {
return "$link is a real file, not touching it";
}
if ( realpath($link) ne realpath($tgt) ) {
return "$link exists but does not point to $tgt, not touching it";
}
return 'ok';
}
sub remove_link {
my ($link) = @_;
if ( -l $link ) {
unlink($link) or die "Could not remove $link: $!\n";
}
elsif ( -e $link ) {
error("$link is not a symbolic link, not deleting\n");
return 0;
}
$request_reload = 1;
return 1;
}
sub threaded {
my $result = "";
$result = qx{<%= node['apache']['apachectl'] %> -V | grep 'threaded'}
if -x '<%= node['apache']['apachectl'] %>';
if ( $? != 0 ) {
# config doesn't work
if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
{
return 0;
}
elsif (-e "$enabldir/mpm_worker.load"
|| -e "$enabldir/mpm_event.load" )
{
return 1;
}
else {
error("Can't determine enabled MPM");
# do what user requested
return 0;
}
}
if ( $result =~ / no/ ) {
return 0;
}
elsif ( $result =~ / yes/ ) {
return 1;
}
else {
die("Can't parse output from apache2ctl -V:\n$result\n");
}
}
sub info {
print @_ if !$quiet;
}
sub error {
print STDERR 'ERROR: ', @_;
}
sub warning {
print STDERR 'WARNING: ', @_;
}
sub is_in {
my $needle = shift;
foreach my $e (@_) {
return 1 if $needle eq $e;
}
return 0;
}
sub read_env_file {
my $file = shift;
-r $file or return;
my @lines = qx{env - sh -c '. $file && env'};
if ($?) {
die "Could not read $file\n";
}
foreach my $l (@lines) {
chomp $l;
$l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
$ENV{$1} = $2;
}
}
sub switch_marker {
die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
if @_ != 3;
my $which = shift;
my $what = shift;
my $name = shift;
my $mode = "admin";
$mode = "maint" if $maintmode;
#print("switch_marker $which $what $name\n");
# TODO: get rid of the magic string(s)
my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
my $state_marker = "$state_marker_dir/$name";
if ( !-d $state_marker_dir ) {
File::Path::mkpath("$state_marker_dir")
|| error(
"Failed to create marker directory: '$state_marker_dir'\n");
}
# XXX: swap find with perl alternative
my @markers = qx{find "$statedir" -type f -a -name "$name"};
chomp(@markers);
foreach (@markers) {
unless ( unlink $_ ) {
error("Failed to remove old marker '$_'!\n") && return 0;
}
}
unless ($purge) {
qx{touch "$state_marker"};
if ( $? != 0 ) {
error("Failed to create marker '$state_marker'!\n") && return 0;
}
return 1;
}
}
# vim: syntax=perl sw=4 sts=4 sr et

260
cookbooks/apache2/templates/default/apache2.conf.erb Normal file
View File

@@ -0,0 +1,260 @@
#
# Generated by Chef
#
# Based on the Ubuntu apache2.conf
ServerRoot "<%= node['apache']['dir'] %>"
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
<% if node['apache']['version'] == '2.2' -%>
LockFile <%= node['apache']['lock_dir'] %>/accept.lock
<% elsif node['apache']['version'] == '2.4' -%>
Mutex file:<%= node['apache']['lock_dir'] %> default
<% end -%>
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
PidFile <%= node['apache']['pid_file'] %>
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout <%= node['apache']['timeout'] %>
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive <%= node['apache']['keepalive'] %>
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests <%= node['apache']['keepaliverequests'] %>
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout <%= node['apache']['keepalivetimeout'] %>
#<IfModule unixd_module>
User <%= node['apache']['user'] %>
Group <%= node['apache']['group'] %>
#</IfModule>
<% if node['apache']['version'] == '2.4' -%>
# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and <%= node['apache']['docroot_dir'] %>.
# If your system is serving content from a sub-directory in /srv you must allow
# access in conf-enabled, or in any related virtual host. e.g.
#
# <Directory /srv/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
# </Directory>
#
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory <%= node['apache']['docroot_dir'] %>>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<% end -%>
#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName <%= node['apache']['access_file_name'] %>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<% access_file_name_prefix = node['apache']['access_file_name'][0..2] if !node['apache']['access_file_name'].empty?
if access_file_name_prefix != '.ht'
file_name_prefix = '(' + access_file_name_prefix + '|.ht)'
else
file_name_prefix = '.ht'
end
%>
<Files ~ "^<%= file_name_prefix %>">
<% if node['apache']['version'] == '2.2' -%>
Order allow,deny
Deny from all
<% elsif node['apache']['version'] == '2.4' -%>
Require all denied
<% end -%>
</Files>
<% if node['apache']['version'] == '2.2' -%>
#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value. If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain
<% end -%>
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
<% if node['apache']['error_log'] =~ /^syslog:/ || node['apache']['error_log'] =~ /^\|/ %>
ErrorLog <%= node['apache']['error_log'] %>
<% else %>
ErrorLog <%= node['apache']['log_dir'] %>/<%= node['apache']['error_log'] %>
<% end %>
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
# COOK-1021: Dummy LoadModule directive to aid module installations
#LoadModule dummy_module modules/mod_dummy.so
# Include module configuration:
<% if node['apache']['version'] == '2.2' -%>
Include <%= node['apache']['dir'] %>/mods-enabled/*.load
Include <%= node['apache']['dir'] %>/mods-enabled/*.conf
<% elsif node['apache']['version'] == '2.4' -%>
IncludeOptional <%= node['apache']['dir'] %>/mods-enabled/*.load
IncludeOptional <%= node['apache']['dir'] %>/mods-enabled/*.conf
<% end -%>
<% if %w[freebsd].include?(node['platform_family']) -%>
<IfDefine NOHTTPACCEPT>
AcceptFilter http none
AcceptFilter https none
</IfDefine>
<% end %>
# Include ports listing
Include <%= node['apache']['dir'] %>/ports.conf
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
#
<% if node['apache']['version'] == '2.2' -%>
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# Putting this all together, we can internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
# our collection of by-error message multi-language collections. We use
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_<error>.html.var files by adding the line:
#
# Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
# even on a per-VirtualHost basis. The default include files will display
# your Apache version number and your ServerAdmin email address regardless
# of the setting of ServerSignature.
#
# The internationalized error documents require mod_alias, mod_include
# and mod_negotiation. To activate them, uncomment the following 30 lines.
# Alias /error/ "/usr/share/apache2/error/"
#
# <Directory "/usr/share/apache2/error">
# AllowOverride None
# Options IncludesNoExec
# AddOutputFilter Includes html
# AddHandler type-map var
# Order allow,deny
# Allow from all
# LanguagePriority en cs de es fr it nl sv pt-br ro
# ForceLanguagePriority Prefer Fallback
# </Directory>
#
# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
# ErrorDocument 410 /error/HTTP_GONE.html.var
# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
<% end -%>
<% if node['apache']['version'] == '2.4' -%>
# Include generic snippets of statements
IncludeOptional <%= node['apache']['dir'] %>/conf-enabled/*.conf
# Include the virtual host configurations:
IncludeOptional <%= node['apache']['dir'] %>/sites-enabled/*.conf
<% else -%>
# Include generic snippets of statements
Include <%= node['apache']['dir'] %>/conf-enabled/*.conf
# Include the virtual host configurations:
Include <%= node['apache']['dir'] %>/sites-enabled/*.conf
<% end -%>

6
cookbooks/apache2/templates/default/charset.conf.erb Normal file
View File

@@ -0,0 +1,6 @@
# Read the documentation before enabling AddDefaultCharset.
# In general, it is only a good idea if you know that all your files
# have this encoding. It will override any encoding given in the files
# in meta http-equiv or xml encoding tags.
#AddDefaultCharset UTF-8

71
cookbooks/apache2/templates/default/default-site.conf.erb Normal file
View File

@@ -0,0 +1,71 @@
<VirtualHost *:<%= node['apache']['default_site_port'] %>>
ServerAdmin <%= node['apache']['contact'] %>
DocumentRoot <%= node['apache']['docroot_dir'] %>/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory <%= node['apache']['docroot_dir'] %>/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
<% if node['apache']['version'] == '2.4' -%>
Require all granted
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
#RedirectMatch ^/$ /apache2-default/
<% elsif node['apache']['version'] == '2.2' -%>
Order allow,deny
Allow from all
<% end -%>
</Directory>
ScriptAlias /cgi-bin/ <%= node['apache']['cgibin_dir'] %>/
<Directory "<%= node['apache']['cgibin_dir'] %>">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
<% if node['apache']['version'] == '2.4' -%>
Require all granted
<% elsif node['apache']['version'] == '2.2' -%>
Order allow,deny
Allow from all
<% end -%>
</Directory>
ErrorLog <%= node['apache']['log_dir'] %>/<%= node['apache']['error_log'] %>
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog <%= node['apache']['log_dir'] %>/<%= node['apache']['access_log'] %> combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
<% if node['apache']['version'] == '2.2' -%>
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
<% elsif node['apache']['version'] == '2.4' -%>
Require ip 127.0.0.0/255.0.0.0
Require ip ::1/128
<% end -%>
</Directory>
<% if %w{ rhel fedora }.include?(node['platform_family']) -%>
#
# This configuration file enables the default "Welcome"
# page if there is no default index page present for
# the root URL. To disable the Welcome page, comment
# out all the lines below.
#
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /error/noindex.html
</LocationMatch>
<% end -%>
</VirtualHost>

43
cookbooks/apache2/templates/default/envvars.erb Normal file
View File

@@ -0,0 +1,43 @@
# envvars - default environment variables for apache2ctl
# this won't be correct after changing uid
unset HOME
# Since there is no sane way to get the parsed apache2 config in scripts, some
# settings are defined via environment variables and then used in apache2ctl,
# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
export APACHE_RUN_USER=<%= node['apache']['user'] %>
export APACHE_RUN_GROUP=<%= node['apache']['group'] %>
# temporary state file location. This might be changed to /run in Wheezy+1
export APACHE_PID_FILE=<%= node['apache']['pid_file'] %>
export APACHE_RUN_DIR=<%= node['apache']['run_dir'] %>
export APACHE_LOCK_DIR=<%= node['apache']['lock_dir'] %>
export APACHE_LOG_DIR=<%= node['apache']['log_dir'] %>
## The locale used by some modules like mod_dav
<%- if node['apache']['locale'] != 'system' %>
export LANG=<%= node['apache']['locale'] %>
export LC_ALL=<%= node['apache']['locale'] %>
<%- else %>
## Uncomment the following line to use the system default locale instead:
. /etc/default/locale
export LANG
<%- end %>
## The command to get the status for 'apache2ctl status'.
## Some packages providing 'www-browser' need '--dump' instead of '-dump'.
#export APACHE_LYNX='www-browser -dump'
## If you need a higher file descriptor limit, uncomment and adjust the
## following line (default is 8192):
#APACHE_ULIMIT_MAX_FILES='ulimit -n 65536'
## If you would like to pass arguments to the web server, add them below
## to the APACHE_ARGUMENTS environment.
#export APACHE_ARGUMENTS=''
## Enable the debug mode for maintainer scripts.
## This will produce a verbose output on package installations of web server modules and web application
## installations which interact with Apache
#export APACHE2_MAINTSCRIPT_DEBUG=1

35
cookbooks/apache2/templates/default/etc-sysconfig-httpd.erb Normal file
View File

@@ -0,0 +1,35 @@
# This file is managed by Chef. Changes will be overwritten.
#
# The default processing model (MPM) is the process-based
# 'prefork' model. A thread-based model, 'worker', is also
# available, but does not work with some modules (such as PHP).
# The service must be stopped before changing this variable.
#
HTTPD=<%= node['apache']['binary'] %>
#
# To pass additional options (for instance, -D definitions) to the
# httpd binary at startup, set OPTIONS here.
#
#OPTIONS=
#
# By default, the httpd process is started in the C locale; to
# change the locale in which the server runs, the HTTPD_LANG
# variable can be set.
#
HTTPD_LANG=<%= node['apache']['locale'] %>
#
# By default, the httpd process will create the file
# /var/run/httpd/httpd.pid in which it records its process
# identification number when it starts. If an alternate location is
# specified in httpd.conf (via the PidFile directive), the new
# location needs to be reported in the PIDFILE.
#
PIDFILE=<%= node['apache']['pid_file'] %>
<% node['apache']['sysconfig_additional_params'].each do |k,v| %>
<%= "#{k}=#{v}" %>
<% end %>

2
cookbooks/apache2/templates/default/mods/README Normal file
View File

@@ -0,0 +1,2 @@
These configs are taken from a Debian apache2.2-common 2.2.11-3 install. They
work on CentOS 5.3 with a few conditions using erb.

9
cookbooks/apache2/templates/default/mods/actions.conf.erb Normal file
View File

@@ -0,0 +1,9 @@
<IfModule actions_module>
#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#
</IfModule>

27
cookbooks/apache2/templates/default/mods/alias.conf.erb Normal file
View File

@@ -0,0 +1,27 @@
<IfModule alias_module>
#
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/". If the fakename is slash-terminated, then the
# realname must also be slash terminated, and if the fakename omits the
# trailing slash, the realname must also omit it.
#
# We include the /icons/ alias for FancyIndexed directory listings. If
# you do not use FancyIndexing, you may comment this out.
#
Alias /icons/ "<%= node['apache']['icondir'] %>/"
<Directory "<%= node['apache']['icondir'] %>">
Options Indexes MultiViews
AllowOverride None
<% if node['apache']['version'] == "2.4" -%>
Require all granted
<% else -%>
Order allow,deny
Allow from all
<% end -%>
</Directory>
</IfModule>

1
cookbooks/apache2/templates/default/mods/auth_cas.conf.erb Normal file
View File

@@ -0,0 +1 @@
CASCookiePath <%= node['apache']['cache_dir'] %>/mod_auth_cas/

1
cookbooks/apache2/templates/default/mods/auth_cas.load.erb Normal file
View File

@@ -0,0 +1 @@
LoadModule auth_cas_module <%= node['apache']['libexec_dir'] %>/mod_auth_cas.so

1
cookbooks/apache2/templates/default/mods/authopenid.load.erb Normal file
View File

@@ -0,0 +1 @@
LoadModule authopenid_module <%= node['apache']['libexec_dir'] %>/mod_auth_openid.so

100
cookbooks/apache2/templates/default/mods/autoindex.conf.erb Normal file
View File

@@ -0,0 +1,100 @@
<IfModule mod_autoindex.c>
#
# Directives controlling the display of server-generated directory listings.
#
#
# IndexOptions: Controls the appearance of server-generated directory
# listings.
# Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames.
#
IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
#
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions. These are only displayed for
# FancyIndexed directories.
#
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
# It's a suffix rule, so simply matching "core" matches "score" as well !
AddIcon /icons/bomb.gif /core
AddIcon (SND,/icons/sound2.gif) .ogg
AddIcon (VID,/icons/movie.gif) .ogm
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
# Default icons for OpenDocument format
AddIcon /icons/odf6odt-20x22.png .odt
AddIcon /icons/odf6ods-20x22.png .ods
AddIcon /icons/odf6odp-20x22.png .odp
AddIcon /icons/odf6odg-20x22.png .odg
AddIcon /icons/odf6odc-20x22.png .odc
AddIcon /icons/odf6odf-20x22.png .odf
AddIcon /icons/odf6odb-20x22.png .odb
AddIcon /icons/odf6odi-20x22.png .odi
AddIcon /icons/odf6odm-20x22.png .odm
AddIcon /icons/odf6ott-20x22.png .ott
AddIcon /icons/odf6ots-20x22.png .ots
AddIcon /icons/odf6otp-20x22.png .otp
AddIcon /icons/odf6otg-20x22.png .otg
AddIcon /icons/odf6otc-20x22.png .otc
AddIcon /icons/odf6otf-20x22.png .otf
AddIcon /icons/odf6oti-20x22.png .oti
AddIcon /icons/odf6oth-20x22.png .oth
#
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
#
DefaultIcon /icons/unknown.gif
#
# AddDescription allows you to place a short description after a file in
# server-generated indexes. These are only displayed for FancyIndexed
# directories.
# Format: AddDescription "description" filename
#
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
#
# ReadmeName is the name of the README file the server will look for by
# default, and append to directory listings.
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.
ReadmeName README.html
HeaderName HEADER.html
#
# IndexIgnore is a set of filenames which directory indexing should ignore
# and not include in the listing. Shell-style wildcarding is permitted.
#
IndexIgnore .??* *~ *# RCS CVS *,v *,t
</IfModule>

23
cookbooks/apache2/templates/default/mods/cache_disk.conf.erb Normal file
View File

@@ -0,0 +1,23 @@
<IfModule mod_cache_disk.c>
# cache cleaning is done by htcacheclean, which can be configured in
# /etc/default/apache2
#
# For further information, see the comments in that file,
# /usr/share/doc/apache2/README.Debian, and the htcacheclean(8)
# man page.
# This path must be the same as the one in /etc/default/apache2
CacheRoot /var/cache/apache2/mod_cache_disk
# This will also cache local documents. It usually makes more sense to
# put this into the configuration for just one virtual host.
CacheEnable disk /
# The result of CacheDirLevels * CacheDirLength must not be higher than
# 20. Moreover, pay attention on file system limits. Some file systems
# do not support more than a certain number of inodes and
# subdirectories (e.g. 32000 for ext3)
CacheDirLevels 2
CacheDirLength 1
</IfModule>

3
cookbooks/apache2/templates/default/mods/cgid.conf.erb Normal file
View File

@@ -0,0 +1,3 @@
# Socket for cgid communication
#
ScriptSock <%= node['apache']['run_dir'] %>/cgisock

1
cookbooks/apache2/templates/default/mods/dav_fs.conf.erb Normal file
View File

@@ -0,0 +1 @@
DAVLockDB <%= node['apache']['lock_dir'] %>/DAVLock

18
cookbooks/apache2/templates/default/mods/deflate.conf.erb Normal file
View File

@@ -0,0 +1,18 @@
<IfModule mod_deflate.c>
<IfModule mod_filter.c>
# these are known to be safe with MSIE 6
AddOutputFilterByType DEFLATE text/html text/plain text/xml
# everything else may cause problems with MSIE 6
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE application/atom_xml
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE application/x-httpd-eruby
</IfModule>
</IfModule>

3
cookbooks/apache2/templates/default/mods/dir.conf.erb Normal file
View File

@@ -0,0 +1,3 @@
<IfModule mod_dir.c>
DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
</IfModule>

5
cookbooks/apache2/templates/default/mods/fastcgi.conf.erb Normal file
View File

@@ -0,0 +1,5 @@
<IfModule mod_fastcgi.c>
AddHandler fastcgi-script .fcgi
#FastCgiWrapper /usr/lib/apache2/suexec
FastCgiIpcDir <%= "#{node['apache']['lib_dir']}/fastcgi" %>
</IfModule>

10
cookbooks/apache2/templates/default/mods/fcgid.conf.erb Normal file
View File

@@ -0,0 +1,10 @@
<IfModule mod_fcgid.c>
AddHandler fcgid-script .fcgi
IPCConnectTimeout 20
</IfModule>
<% if %w[rhel fedora].include?(node['platform_family']) -%>
# Sane place to put sockets and shared memory file
SocketPath run/mod_fcgid
SharememPath run/mod_fcgid/fcgid_shm
<% end -%>

4
cookbooks/apache2/templates/default/mods/include.conf.erb Normal file
View File

@@ -0,0 +1,4 @@
<IfModule mod_include.c>
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>

4
cookbooks/apache2/templates/default/mods/include.erb Normal file
View File

@@ -0,0 +1,4 @@
<IfModule mod_include.c>
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>

19
cookbooks/apache2/templates/default/mods/info.conf.erb Normal file
View File

@@ -0,0 +1,19 @@
<IfModule mod_info.c>
#
# Allow server info reports generated by mod_info,
# with the URL of http://servername/server-info
# Uncomment and change the ".example.com" to allow
# access from other hosts.
#
<Location /server-info>
SetHandler server-info
<% if node['apache']['version'] == '2.4' -%>
Require local
Require ip <%= node['apache']['info_allow_list'] %>
<% else -%>
Order deny,allow
Deny from all
Allow from <%= node['apache']['info_allow_list'] %>
<% end -%>
</Location>
</IfModule>

4
cookbooks/apache2/templates/default/mods/ldap.conf.erb Normal file
View File

@@ -0,0 +1,4 @@
<Location /ldap-status>
SetHandler ldap-status
Require local
</Location>

199
cookbooks/apache2/templates/default/mods/mime.conf.erb Normal file
View File

@@ -0,0 +1,199 @@
<IfModule mod_mime.c>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
<% case node['platform_family'] -%>
<% when 'arch' -%>
TypesConfig <%= node['apache']['dir'] %>/conf/mime.types
<% when 'freebsd' -%>
TypesConfig <%= node['apache']['dir'] %>/mime.types
<% else -%>
TypesConfig /etc/mime.types
<% end -%>
#
# AddType allows you to add to or override the MIME configuration
# file mime.types for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
# Despite the name similarity, the following Add* directives have
# nothing to do with the FancyIndexing customization directives above.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#AddEncoding x-bzip2 .bz2
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-bzip2 .bz2
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
#
# DefaultLanguage and AddLanguage allows you to specify the language of
# a document. You can then use content negotiation to give a browser a
# file in a language the user can understand.
#
# Specify a default language. This means that all data
# going out without a specific language tag (see below) will
# be marked with this one. You probably do NOT want to set
# this unless you are sure it is correct for all cases.
#
# * It is generally better to not mark a page as
# * being a certain language than marking it with the wrong
# * language!
#
# DefaultLanguage nl
#
# Note 1: The suffix does not have to be the same as the language
# keyword --- those with documents in Polish (whose net-standard
# language code is pl) may wish to use "AddLanguage pl .po" to
# avoid the ambiguity with the common suffix for perl scripts.
#
# Note 2: The example entries below illustrate that in some cases
# the two character 'Language' abbreviation is not identical to
# the two character 'Country' code for its country,
# E.g. 'Danmark/dk' versus 'Danish/da'.
#
# Note 3: In the case of 'ltz' we violate the RFC by using a three char
# specifier. There is 'work in progress' to fix this and get
# the reference data for rfc1766 cleaned up.
#
# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
# Norwegian (no) - Polish (pl) - Portugese (pt)
# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
#
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
# See README.Debian for Spanish
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
# See README.Debian for Turkish
AddLanguage tr .tr
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
#
# Commonly used filename extensions to character sets. You probably
# want to avoid clashes with the language extensions, unless you
# are good at carefully testing your setup after each change.
# See http://www.iana.org/assignments/character-sets for the
# official list of charset names and their respective RFCs.
#
AddCharset us-ascii .ascii .us-ascii
AddCharset ISO-8859-1 .iso8859-1 .latin1
AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
AddCharset ISO-8859-3 .iso8859-3 .latin3
AddCharset ISO-8859-4 .iso8859-4 .latin4
AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
AddCharset ISO-8859-7 .iso8859-7 .grk .greek
AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
AddCharset ISO-8859-10 .iso8859-10 .latin6
AddCharset ISO-8859-13 .iso8859-13
AddCharset ISO-8859-14 .iso8859-14 .latin8
AddCharset ISO-8859-15 .iso8859-15 .latin9
AddCharset ISO-8859-16 .iso8859-16 .latin10
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5 .Big5 .big5 .b5
AddCharset cn-Big5 .cn-big5
# For russian, more than one charset is used (depends on client, mostly):
AddCharset WINDOWS-1251 .cp-1251 .win-1251
AddCharset CP866 .cp866
AddCharset KOI8 .koi8
AddCharset KOI8-E .koi8-e
AddCharset KOI8-r .koi8-r .koi8-ru
AddCharset KOI8-U .koi8-u
AddCharset KOI8-ru .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-7 .utf7
AddCharset UTF-8 .utf8
AddCharset UTF-16 .utf16
AddCharset UTF-16BE .utf16be
AddCharset UTF-16LE .utf16le
AddCharset UTF-32 .utf32
AddCharset UTF-32BE .utf32be
AddCharset UTF-32LE .utf32le
AddCharset euc-cn .euc-cn
AddCharset euc-gb .euc-gb
AddCharset euc-jp .euc-jp
AddCharset euc-kr .euc-kr
#Not sure how euc-tw got in - IANA doesn't list it???
AddCharset EUC-TW .euc-tw
AddCharset gb2312 .gb2312 .gb
AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
AddCharset shift_jis .shift_jis .sjis
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
#
# For files that include their own HTTP headers:
#
#AddHandler send-as-is asis
#
# For server-parsed imagemap files:
#
#AddHandler imap-file map
#
# For type maps (negotiated resources):
# (This is enabled by default to allow the Apache "It Worked" page
# to be distributed in multiple languages.)
#
AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>

3
cookbooks/apache2/templates/default/mods/mime_magic.conf.erb Normal file
View File

@@ -0,0 +1,3 @@
<IfModule mod_mime_magic.c>
MIMEMagicFile <%= node['apache']['dir'] %>/magic
</IfModule>

32
cookbooks/apache2/templates/default/mods/mpm_event.conf.erb Normal file
View File

@@ -0,0 +1,32 @@
# event MPM
<IfModule mpm_event_module>
<% if node['apache']['version'] == '2.4' -%>
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestWorkers: maximum number of worker threads
# MaxConnectionsPerChild: maximum number of requests a server process serves
StartServers <%= node['apache']['event']['startservers'] %>
MinSpareThreads <%= node['apache']['event']['minsparethreads'] %>
MaxSpareThreads <%= node['apache']['event']['maxsparethreads'] %>
ThreadsPerChild <%= node['apache']['event']['threadsperchild'] %>
MaxRequestWorkers <%= node['apache']['event']['maxrequestworkers'] %>
MaxConnectionsPerChild <%= node['apache']['event']['maxconnectionsperchild'] %>
ThreadLimit <%= node['apache']['event']['threadlimit'] %>
ServerLimit <%= node['apache']['event']['serverlimit'] %>
<% else -%>
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
StartServers <%= node['apache']['event']['startservers'] %>
MinSpareThreads <%= node['apache']['event']['minsparethreads'] %>
MaxSpareThreads <%= node['apache']['event']['maxsparethreads'] %>
MaxClients <%= node['apache']['event']['maxrequestworkers'] %>
MaxRequestsPerChild <%= node['apache']['event']['maxconnectionsperchild'] %>
ThreadLimit <%= node['apache']['event']['threadlimit'] %>
ServerLimit <%= node['apache']['event']['serverlimit'] %>
<% end -%>
</IfModule>

27
cookbooks/apache2/templates/default/mods/mpm_prefork.conf.erb Normal file
View File

@@ -0,0 +1,27 @@
# prefork MPM
<IfModule mpm_prefork_module>
<% if node['apache']['version'] == '2.4' -%>
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxRequestWorkers: maximum number of server processes allowed to start
# MaxConnectionsPerChild: maximum number of requests a server process serves
StartServers <%= node['apache']['prefork']['startservers'] %>
MinSpareServers <%= node['apache']['prefork']['minspareservers'] %>
MaxSpareServers <%= node['apache']['prefork']['maxspareservers'] %>
MaxRequestWorkers <%= node['apache']['prefork']['maxrequestworkers'] %>
MaxConnectionsPerChild <%= node['apache']['prefork']['maxconnectionsperchild'] %>
<% else -%>
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
StartServers <%= node['apache']['prefork']['startservers'] %>
MinSpareServers <%= node['apache']['prefork']['minspareservers'] %>
MaxSpareServers <%= node['apache']['prefork']['maxspareservers'] %>
ServerLimit <%= node['apache']['prefork']['serverlimit'] %>
MaxClients <%= node['apache']['prefork']['maxrequestworkers'] %>
MaxRequestsPerChild <%= node['apache']['prefork']['maxconnectionsperchild'] %>
<% end -%>
</IfModule>

20
cookbooks/apache2/templates/default/mods/mpm_worker.conf.erb Normal file
View File

@@ -0,0 +1,20 @@
# worker MPM
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
# graceful restart. ThreadLimit can only be changed by stopping
# and starting Apache.
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestWorkers: maximum number of threads
# MaxConnectionsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
StartServers <%= node['apache']['worker']['startservers'] %>
MinSpareThreads <%= node['apache']['worker']['minsparethreads'] %>
MaxSpareThreads <%= node['apache']['worker']['maxsparethreads'] %>
ThreadsPerChild <%= node['apache']['worker']['threadsperchild'] %>
MaxRequestWorkers <%= node['apache']['worker']['maxrequestworkers'] %>
MaxConnectionsPerChild <%= node['apache']['worker']['maxconnectionsperchild'] %>
ThreadLimit <%= node['apache']['worker']['threadlimit'] %>
ServerLimit <%= node['apache']['worker']['serverlimit'] %>
</IfModule>

17
cookbooks/apache2/templates/default/mods/negotiation.conf.erb Normal file
View File

@@ -0,0 +1,17 @@
<IfModule mod_negotiation.c>
#
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
#
# Just list the languages in decreasing order of preference. We have
# more or less alphabetized them here. You probably want to change this.
#
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
#
# ForceLanguagePriority allows you to serve a result page rather than
# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
# [in case no accepted languages matched the available variants]
#
ForceLanguagePriority Prefer Fallback
</IfModule>

293
cookbooks/apache2/templates/default/mods/pagespeed.conf.erb Normal file
View File

@@ -0,0 +1,293 @@
<IfModule pagespeed_module>
# Turn on mod_pagespeed. To completely disable mod_pagespeed, you
# can set this to "off".
ModPagespeed on
# We want VHosts to inherit global configuration.
# If this is not included, they'll be independent (except for inherently
# global options), at least for backwards compatibility.
ModPagespeedInheritVHostConfig on
# Direct Apache to send all HTML output to the mod_pagespeed
# output handler.
AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html
# If you want mod_pagespeed process XHTML as well, please uncomment this
# line.
# AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER application/xhtml+xml
# The ModPagespeedFileCachePath directory must exist and be writable
# by the apache user (as specified by the User directive).
ModPagespeedFileCachePath "/var/cache/mod_pagespeed/"
# Override the mod_pagespeed 'rewrite level'. The default level
# "CoreFilters" uses a set of rewrite filters that are generally
# safe for most web pages. Most sites should not need to change
# this value and can instead fine-tune the configuration using the
# ModPagespeedDisableFilters and ModPagespeedEnableFilters
# directives, below. Valid values for ModPagespeedRewriteLevel are
# PassThrough, CoreFilters and TestingCoreFilters.
#
# ModPagespeedRewriteLevel PassThrough
# Explicitly disables specific filters. This is useful in
# conjuction with ModPagespeedRewriteLevel. For instance, if one
# of the filters in the CoreFilters needs to be disabled for a
# site, that filter can be added to
# ModPagespeedDisableFilters. This directive contains a
# comma-separated list of filter names, and can be repeated.
#
# ModPagespeedDisableFilters rewrite_images
# Explicitly enables specific filters. This is useful in
# conjuction with ModPagespeedRewriteLevel. For instance, filters
# not included in the CoreFilters may be enabled using this
# directive. This directive contains a comma-separated list of
# filter names, and can be repeated.
#
# ModPagespeedEnableFilters rewrite_javascript,rewrite_css
# ModPagespeedEnableFilters collapse_whitespace,elide_attributes
# ModPagespeedDomain
# authorizes rewriting of JS, CSS, and Image files found in this
# domain. By default only resources with the same origin as the
# HTML file are rewritten. For example:
#
# ModPagespeedDomain cdn.myhost.com
#
# This will allow resources found on http://cdn.myhost.com to be
# rewritten in addition to those in the same domain as the HTML.
#
# Wildcards (* and ?) are allowed in the domain specification. Be
# careful when using them as if you rewrite domains that do not
# send you traffic, then the site receiving the traffic will not
# know how to serve the rewritten content.
# Other defaults (cache sizes and thresholds):
#
# ModPagespeedFileCacheSizeKb 102400
# ModPagespeedFileCacheCleanIntervalMs 3600000
# ModPagespeedLRUCacheKbPerProcess 1024
# ModPagespeedLRUCacheByteLimit 16384
# ModPagespeedCssFlattenMaxBytes 2048
# ModPagespeedCssInlineMaxBytes 2048
# ModPagespeedCssImageInlineMaxBytes 2048
# ModPagespeedImageInlineMaxBytes 2048
# ModPagespeedJsInlineMaxBytes 2048
# ModPagespeedCssOutlineMinBytes 3000
# ModPagespeedJsOutlineMinBytes 3000
# Limit the number of inodes in the file cache. Set to 0 for no limit.
# The default value if this paramater is not specified is 0 (no limit).
ModPagespeedFileCacheInodeLimit 500000
# Bound the number of images that can be rewritten at any one time; this
# avoids overloading the CPU. Set this to 0 to remove the bound.
#
# ModPagespeedImageMaxRewritesAtOnce 8
# You can also customize the number of threads per Apache process
# mod_pagespeed will use to do resource optimization. Plain
# "rewrite threads" are used to do short, latency-sensitive work,
# while "expensive rewrite threads" are used for actual optimization
# work that's more computationally expensive. If you live these unset,
# or use values <= 0 the defaults will be used, which is 1 for both
# values when using non-threaded MPMs (e.g. prefork) and 4 for both
# on threaded MPMs (e.g. worker and event). These settings can only
# be changed globally, and not per virtual host.
#
# ModPagespeedNumRewriteThreads 4
# ModPagespeedNumExpensiveRewriteThreads 4
# Settings for image optimization:
#
# Jpeg recompression quality (0 to 100, -1 strips metadata):
# ModPagespeedJpegRecompressionQuality -1
#
# Percent of original image size below which optimized images are retained:
# ModPagespeedImageLimitOptimizedPercent 100
#
# Percent of original image area below which image resizing will be
# attempted:
# ModPagespeedImageLimitResizeAreaPercent 100
# When Apache is set up as a browser proxy, mod_pagespeed can record
# web-sites as they are requested, so that an image of the web is built up
# in the directory of the proxy administrator's choosing. When ReadOnly is
# on, only files already present in the SlurpDirectory are served by the
# proxy.
#
# ModPagespeedSlurpDirectory ...
# ModPagespeedSlurpReadOnly on
# The maximum URL size is generally limited to about 2k characters
# due to IE: See http://support.microsoft.com/kb/208427/EN-US.
# Apache servers by default impose a further limitation of about
# 250 characters per URL segment (text between slashes).
# mod_pagespeed circumvents this limitation, but if you employ
# proxy servers in your path you may need to re-impose it by
# overriding the setting here. The default setting is 1024
# characters.
#
# ModPagespeedMaxSegmentLength 250
# Uncomment this if you want to prevent mod_pagespeed from combining files
# (e.g. CSS files) across paths
#
# ModPagespeedCombineAcrossPaths off
# Renaming JavaScript URLs can sometimes break them. With this
# option enabled, mod_pagespeed uses a simple heuristic to decide
# not to rename JavaScript that it thinks is introspective.
#
# You can turn this off to let mod_pagespeed rename all JS files.
ModPagespeedAvoidRenamingIntrospectiveJavascript on
# Certain common JavaScript libraries are available from Google, which acts
# as a CDN and allows you to benefit from browser caching if a new visitor
# to your site previously visited another site that makes use of the same
# libraries as you do. Enable the following filter to turn on this feature.
#
# ModPagespeedEnableFilters canonicalize_javascript_libraries
# The following lines configure libraries that are recognized by
# canonicalize_javascript_libraries. These will have no effect unless you
# enable this filter (generally by uncommenting the last line in the
# previous stanza). It simply provides a sensible default configuration
# when the filter is switched on.
# The format is:
# ModPagespeedLibrary bytes md5 canonical_url
# Where bytes and md5 are with respect to the *minified* JS; use
# js_minify --print_size_and_hash to obtain this data.
# Note that we can register multiple hashes for the same canonical url;
# we do this if there are versions available that have already been minified
# with more sophisticated tools.
ModPagespeedLibrary 105527 ltVVzzYxo0 //ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js
ModPagespeedLibrary 92501 J8KF47pYOq //ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js
ModPagespeedLibrary 141547 GKjMUuF4PK //ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js
ModPagespeedLibrary 43 1o978_K0_L http://www.modpagespeed.com/rewrite_javascript.js
# Explicitly tell mod_pagespeed to load some resources from disk.
# This will speed up load time and update frequency.
#
# This should only be used for static resources which do not need
# specific headers set or other processing by Apache.
#
# Both URL and filesystem path should specify directories and
# filesystem path must be absolute (for now).
#
# ModPagespeedLoadFromFile "http://example.com/static/" "/var/www/static/"
# Enables server-side instrumentation and statistics. If this rewriter is
# enabled, then each rewritten HTML page will have instrumentation javacript
# added that sends latency beacons to /mod_pagespeed_beacon. These
# statistics can be accessed at /mod_pagespeed_statistics. You must also
# enable the mod_pagespeed_statistics and mod_pagespeed_beacon handlers
# below.
#
# ModPagespeedEnableFilters add_instrumentation
# The add_instrumentation filter sends a beacon after the page onload
# handler is called. The user might navigate to a new URL before this. If
# you enable the following directive, the beacon is sent as part of an
# onbeforeunload handler, for pages where navigation happens before the
# onload event.
#
# ModPagespeedReportUnloadTime on
# Uncomment the following line so that ModPagespeed will not cache or
# rewrite resources with Vary: in the header, e.g. Vary: User-Agent.
# ModPagespeedRespectVary on
# This handles the client-side instrumentation callbacks which are injected
# by the add_instrumentation filter.
# You can use a different location by adding the ModPagespeedBeaconUrl
# directive; see the documentation on add_instrumentation.
<Location /mod_pagespeed_beacon>
SetHandler mod_pagespeed_beacon
</Location>
# Uncomment the following line if you want to disable statistics entirely.
#
# ModPagespeedStatistics off
# This page lets you view statistics about the mod_pagespeed module.
<Location /mod_pagespeed_statistics>
Order allow,deny
# You may insert other "Allow from" lines to add hosts you want to
# allow to look at generated statistics. Another possibility is
# to comment out the "Order" and "Allow" options from the config
# file, to allow any client that can reach your server to examine
# statistics. This might be appropriate in an experimental setup or
# if the Apache server is protected by a reverse proxy that will
# filter URLs in some fashion.
Allow from localhost
Allow from 127.0.0.1
SetHandler mod_pagespeed_statistics
</Location>
# Uncomment the following line if you want to enable statistics logging.
# ModPagespeedStatistics is required to be enabled.
#
# ModPagespeedStatisticsLogging on
#
# The base filename to use to store logged statistics.
# Required if logging is enabled.
#
# ModPagespeedStatisticsLoggingFile "@@MOD_PAGESPEED_STATS_LOG@@"
#
# The interval at which statistics will be logged, in milliseconds.
# Optional; default is 3000.
#
# ModPagespeedStatisticsLoggingIntervalMs 3000
# If both of the below are set, the console will use offline copies of the
# files needed for the Google Chart Tools API rather than connecting to the
# Internet to obtain them. This is experimental, as the only supported
# loading mechanism for the Chart Tools API requires an Internet connexion.
#
# Where to find an offline copy of the CSS file required for the Google
# Chart Tools API. At the time of writing, the Google Chart Tools API CSS
# file can be found at:
# https://ajax.googleapis.com/ajax/static/modules/gviz/1.0/core/tooltip.css
#
# ModPagespeedStatisticsLoggingChartsCSS http://example.com/charts.css
#
# Where to find an offline copy of the JS file required for the Google
# Chart Tools API. At the time of writing, the Google Chart Tools API JS
# file can be found at:
# https://www.google.com/uds/api/visualization/1.0/d7d36793f7a886b687850d2813583db9/format+en,default,corechart.I.js
#
# ModPagespeedStatisticsLoggingChartsJS http://example.com/charts.js
# This page lets you view a graphical console displaying statistics about
# the mod_pagespeed module.
<Location /mod_pagespeed_console>
Order allow,deny
# This can be configured similarly to mod_pagespeed_statistics above.
Allow from localhost
Allow from 127.0.0.1
SetHandler mod_pagespeed_console
</Location>
# Page /mod_pagespeed_message lets you view the latest messages from
# mod_pagespeed, regardless of log-level in your httpd.conf
# ModPagespeedMessageBufferSize is the maximum number of bytes you would
# like to dump to your /mod_pagespeed_message page at one time,
# its default value is 100k bytes.
# Set it to 0 if you want to disable this feature.
ModPagespeedMessageBufferSize 100000
<Location /mod_pagespeed_message>
Allow from localhost
Allow from 127.0.0.1
SetHandler mod_pagespeed_message
</Location>
<Location /mod_pagespeed_referer_statistics>
Allow from localhost
Allow from 127.0.0.1
SetHandler mod_pagespeed_referer_statistics
</Location>
</IfModule>

37
cookbooks/apache2/templates/default/mods/php5.conf.erb Normal file
View File

@@ -0,0 +1,37 @@
<IfModule mod_php5.c>
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch ".+\.phps$">
SetHandler application/x-httpd-php-source
# Deny access to raw php sources by default
# To re-enable it's recommended to enable access to the files
# only in specific virtual host or directory
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order Deny,Allow
Deny from all
<% end -%>
</FilesMatch>
# Deny access to files without filename (e.g. '.php')
<FilesMatch "^\.ph(p[345]?|t|tml|ps)$">
<% if node['apache']['version'] == '2.4' -%>
Require all denied
<% else -%>
Order Deny,Allow
Deny from all
<% end -%>
</FilesMatch>
# Running PHP scripts in user directories is disabled by default
#
# To re-enable PHP in user directories comment the following lines
# (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
# prevents .htaccess files from disabling it.
<IfModule mod_userdir.c>
<Directory /home/*/public_html>
php_admin_value engine Off
</Directory>
</IfModule>
</IfModule>

23
cookbooks/apache2/templates/default/mods/proxy.conf.erb Normal file
View File

@@ -0,0 +1,23 @@
<IfModule mod_proxy.c>
#turning ProxyRequests on and allowing proxying from all may allow
#spammers to use your proxy to send email.
ProxyRequests Off
<Proxy *>
AddDefaultCharset off
<% if node['apache']['version'] == "2.4" -%>
Require <%= node['apache']['proxy']['require'] %>
<% else -%>
Order <%= node['apache']['proxy']['order'] %>
Deny from <%= node['apache']['proxy']['deny_from'] %>
Allow from <%= node['apache']['proxy']['allow_from'] %>
<% end -%>
</Proxy>
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
ProxyVia On
</IfModule>

18
cookbooks/apache2/templates/default/mods/proxy_balancer.conf.erb Normal file
View File

@@ -0,0 +1,18 @@
<IfModule mod_proxy_balancer.c>
# Balancer manager enables dynamic update of balancer members
# (needs mod_status). Uncomment to enable.
#
#<IfModule mod_status.c>
# <Location /balancer-manager>
# SetHandler balancer-manager
<% if node['apache']['version'] == '2.4' -%>
# Require local
<% else -%>
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1 ::1
# Satisfy all
<% end -%>
# </Location>
#</IfModule>
</IfModule>

4
cookbooks/apache2/templates/default/mods/proxy_ftp.conf.erb Normal file
View File

@@ -0,0 +1,4 @@
<IfModule mod_proxy_ftp.c>
# Define the character set for proxied FTP listings. Default is ISO-8859-1
ProxyFtpDirCharset UTF-8
</IfModule>

22
cookbooks/apache2/templates/default/mods/reqtimeout.conf.erb Normal file
View File

@@ -0,0 +1,22 @@
<IfModule reqtimeout_module>
# mod_reqtimeout limits the time waiting on the client to prevent an
# attacker from causing a denial of service by opening many connections
# but not sending requests. This file tries to give a sensible default
# configuration, but it may be necessary to tune the timeout values to
# the actual situation. Note that it is also possible to configure
# mod_reqtimeout per virtual host.
# Wait max 20 seconds for the first byte of the request line+headers
# From then, require a minimum data rate of 500 bytes/s, but don't
# wait longer than 40 seconds in total.
# Note: Lower timeouts may make sense on non-ssl virtual hosts but can
# cause problem with ssl enabled virtual hosts: This timeout includes
# the time a browser may need to fetch the CRL for the certificate. If
# the CRL server is not reachable, it may take more than 10 seconds
# until the browser gives up.
RequestReadTimeout header=20-40,minrate=500
# Wait max 10 seconds for the first byte of the request body (if any)
# From then, require a minimum data rate of 500 bytes/s
RequestReadTimeout body=10,minrate=500
</IfModule>

28
cookbooks/apache2/templates/default/mods/setenvif.conf.erb Normal file
View File

@@ -0,0 +1,28 @@
<IfModule mod_setenvif.c>
#
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
#
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^gvfs/1" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
BrowserMatch " Konqueror/4" redirect-carefully
</IfModule>

108
cookbooks/apache2/templates/default/mods/ssl.conf.erb Normal file
View File

@@ -0,0 +1,108 @@
<IfModule mod_ssl.c>
#
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog <%= node['apache']['mod_ssl']['pass_phrase_dialog'] %>
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache <%= node['apache']['mod_ssl']['session_cache'] %>
SSLSessionCacheTimeout <%= node['apache']['mod_ssl']['session_cache_timeout'] %>
<% if node['apache']['version'] != '2.4' -%>
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex <%= node['apache']['mod_ssl']['mutex'] %>
<% end -%>
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
# enable only secure ciphers:
SSLCipherSuite <%= node['apache']['mod_ssl']['cipher_suite'] %>
# Speed-optimized SSL Cipher configuration:
# If speed is your main concern (on busy HTTPS servers e.g.),
# you might want to force clients to specific, performance
# optimized ciphers. In this case, prepend those ciphers
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
# Caveat: by giving precedence to RC4-SHA and AES128-SHA
# (as in the example below), most connections will no longer
# have perfect forward secrecy - if the server's key is
# compromised, captures of past or future traffic must be
# considered compromised, too.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
SSLHonorCipherOrder <%= node['apache']['mod_ssl']['honor_cipher_order'] %>
# The protocols to enable.
# Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
# SSL v2 is no longer supported
SSLProtocol <%= node['apache']['mod_ssl']['protocol'] %>
# Allow insecure renegotiation with clients which do not yet support the
# secure renegotiation protocol. Default: Off
SSLInsecureRenegotiation <%= node['apache']['mod_ssl']['insecure_renegotiation'] %>
<% unless node['apache']['mod_ssl']['strict_sni_vhost_check'] == "Off"%>
# Whether to forbid non-SNI clients to access name based virtual hosts.
# Default: Off
SSLStrictSNIVHostCheck <%= node['apache']['mod_ssl']['strict_sni_vhost_check'] %>
<% end %>
<% if node['apache']['version'] == '2.4' -%>
# Enable compression on the SSL level
# Enabling compression causes security issues in most setups (the so called CRIME attack).
# Default: Off
SSLCompression <%= node['apache']['mod_ssl']['compression'] %>
# OCSP Stapling, only in httpd 2.3.3 and later
# This option enables OCSP stapling, as defined by the "Certificate Status Request" TLS
# extension specified in RFC 6066. If enabled (and requested by the client), mod_ssl will
# include an OCSP response for its own certificate in the TLS handshake.
# Configuring an SSLStaplingCache is a prerequisite for enabling OCSP stapling.
# Default: Off
<% if node['apache']['mod_ssl']['use_stapling'] == 'On' -%>
SSLUseStapling <%= node['apache']['mod_ssl']['use_stapling'] %>
SSLStaplingResponderTimeout <%= node['apache']['mod_ssl']['stapling_responder_timeout'] %>
SSLStaplingReturnResponderErrors <%= node['apache']['mod_ssl']['stapling_return_responder_errors'] %>
SSLStaplingCache <%= node['apache']['mod_ssl']['stapling_cache'] %>
<% end -%>
<% end -%>
<% node['apache']['mod_ssl']['directives'].sort_by { |key, val| key }.each do |directive, value| -%>
<%= directive %> <%= value %>
<% end -%>
</IfModule>

42
cookbooks/apache2/templates/default/mods/status.conf.erb Normal file
View File

@@ -0,0 +1,42 @@
<IfModule mod_status.c>
#
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
# Uncomment and change the ".example.com" to allow
# access from other hosts.
#
<Location /server-status>
SetHandler server-status
<% if node['apache']['version'] == '2.4' -%>
Require local
Require ip <%=node['apache']['status_allow_list']%>
<% else -%>
Order deny,allow
Deny from all
Allow from <%= node['apache']['status_allow_list'] %>
<% end -%>
</Location>
#
# ExtendedStatus controls whether Apache will generate "full" status
# information (ExtendedStatus On) or just basic information (ExtendedStatus
# Off) when the "server-status" handler is called. The default is Off.
#
<% if node['apache']['ext_status'] -%>
ExtendedStatus On
<% else -%>
ExtendedStatus Off
<% end -%>
<% if node['apache']['version'] == '2.4' -%>
# Determine if mod_status displays the first 63 characters of a request or
# the last 63, assuming the request itself is greater than 63 chars.
# Default: Off
#SeeRequestTail On
<IfModule mod_proxy.c>
# Show Proxy LoadBalancer status in mod_status
ProxyStatus On
</IfModule>
<% end -%>
</IfModule>

17
cookbooks/apache2/templates/default/mods/userdir.conf.erb Normal file
View File

@@ -0,0 +1,17 @@
<% if node['apache']['version'] == '2.4' -%>
<IfModule mod_userdir.c>
UserDir public_html
UserDir disabled root
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Require all granted
</Limit>
<LimitExcept GET POST OPTIONS>
Require all denied
</LimitExcept>
</Directory>
</IfModule>
<% end -%>

3
cookbooks/apache2/templates/default/port_apache.erb Normal file
View File

@@ -0,0 +1,3 @@
<% node['apache']['listen_ports'].each do |port| -%>
-A FWR -p tcp -m tcp --dport <%= port %> -j ACCEPT
<% end %>

11
cookbooks/apache2/templates/default/ports.conf.erb Normal file
View File

@@ -0,0 +1,11 @@
# This file was generated by Chef for <%= node['fqdn'] %>.
# Do NOT modify this file by hand!
<% node['apache']['listen_ports'].map(&:to_i).uniq.each do |port| -%>
<% node['apache']['listen_addresses'].uniq.each do |address| -%>
Listen <%= address.length > 0 ? "#{address}:" : '' %><%= port %>
<% end -%>
<% if node['apache']['version'] != "2.4" -%>
NameVirtualHost *:<%= port %>
<% end -%>
<% end -%>

45
cookbooks/apache2/templates/default/security.conf.erb Normal file
View File

@@ -0,0 +1,45 @@
#
# Disable access to the entire file system except for the directories that
# are explicitly allowed later.
#
# This currently breaks the configurations that come with some web application
# Debian packages. It will be made the default for the release after lenny.
#
#<Directory />
# AllowOverride None
# Order Deny,Allow
# Deny from all
#</Directory>
# Changing the following options will not really affect the security of the
# server, but might make attacks slightly more difficult in some cases.
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens <%= node['apache']['servertokens'] %>
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature <%= node['apache']['serversignature'] %>
#
# Allow TRACE method
#
# Set to "extended" to also reflect the request body (only for testing and
# diagnostic purposes).
#
# Set to one of: On | Off | extended
#
TraceEnable <%= node['apache']['traceenable'] %>

61
cookbooks/apache2/templates/default/web_app.conf.erb Normal file
View File

@@ -0,0 +1,61 @@
<VirtualHost *:<%= @params[:server_port] || node['apache']['listen_ports'].first %>>
ServerName <%= @params[:server_name] %>
<% if @params[:server_aliases] -%>
ServerAlias <%= @params[:server_aliases].join " " %>
<% end -%>
DocumentRoot <%= @params[:docroot] %>
<Directory <%= @params[:docroot] %>>
Options <%= [@params[:directory_options] || "FollowSymLinks" ].flatten.join " " %>
AllowOverride <%= [@params[:allow_override] || "None" ].flatten.join " " %>
<% if node['apache']['version'] == '2.4' -%>
Require all granted
<% else -%>
Order allow,deny
Allow from all
<% end -%>
</Directory>
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Location /server-status>
SetHandler server-status
<% if node['apache']['version'] == '2.4' -%>
Require local
<% else -%>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
<% end -%>
</Location>
RewriteEngine On
<%- if node['apache']['version'] == '2.4' -%>
LogLevel info rewrite:trace1
<%- else -%>
LogLevel info
RewriteLog <%= node['apache']['log_dir'] %>/<%= @application_name %>-rewrite.log
RewriteLogLevel 0
<%- end -%>
ErrorLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-error.log
CustomLog <%= node['apache']['log_dir'] %>/<%= @params[:name] %>-access.log combined
<% if @params[:directory_index] -%>
DirectoryIndex <%= [@params[:directory_index]].flatten.join " " %>
<% end -%>
# Canonical host, <%= @params[:server_name] %>
RewriteCond %{HTTP_HOST} !^<%= @params[:server_name] %> [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*)$ http://<%= @params[:server_name] %>/$1 [L,R=301]
RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
RewriteCond %{SCRIPT_FILENAME} !maintenance.html
RewriteRule ^.*$ /system/maintenance.html [L,R=503]
</VirtualHost>