example42 / puppet-apache Goto Github PK

listen.pp is always trying to create the port listening file under in /etc/apache2/conf.d.

On Ubuntu Precise the config files are under /etc/apache2/conf-available and with symlink in /etc/apache2/conf-enabled

Expected Behavior

that it doesn't error

Actual Behavior

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Evaluation Error: Resource type not found: SLES at /etc/puppetlabs/code/environments/master/modules/apache/manifests/init.pp:308:5 on node xxxx

Steps to Reproduce the Problem

Run module against puppet 4

Specifications

Please add this info:

Version of Puppet: and of the module

# puppet --version
4.5.1

Module version: v2.1.12
The relevant Puppet code and eventually Hiera data
Nebenbei: eventually ist nicht das deutsche eventuell. eventually heisst irgendwann. Besser: "optionally"

   ### Calculation of variables that dependes on arguments
   $vdir = $::operatingsystem ? {
     /(?i:Ubuntu|Debian|Mint)/ => "${apache::config_dir}/sites-available",
-    SLES                      => "${apache::config_dir}/vhosts.d",
+    'SLES'                    => "${apache::config_dir}/vhosts.d",
     default                   => "${apache::config_dir}/conf.d",
   }

When you clone the repository and run rake spec, you get the following errors:

  1) nagios Test Monitoring Tools Integration should generate monitor defines
     Failure/Error: content = catalogue.resource('monitor::process', 'nagios_process').send(:parameters)[:tool]
     Puppet::Error:
       Unknown function is_array at /Users/mhuffnagle/Source/puppet-nagios/spec/fixtures/modules/puppi/manifests/info.pp:28 on node rspec.example42.com
     # ./spec/classes/nagios_spec.rb:138:in `block (3 levels) in <top (required)>'

Adding https://github.com/puppetlabs/puppetlabs-stdlib to the fixtures file gets all of the tests to pass.

When setting the port for apache to listen on, it ignores the values in the /etc/httpd/conf/ports.conf

Meaning if you want to configure apache using puppet to not listen on 80 you can't.

In the listen.pp file it should ensure that the ports.conf file is updated to reflect the port settings or perhaps add a flag to tell it to "replace" or "append"

Or if I'm missing something let me know. For instance if the "port" value on the apache class is to be used or something like that.

Expected Behavior

Being able to add a DirectoryIndex directive in vhosts

Steps to solve the Problem

I've managed to slightly modify vhost.pp and vhost.conf.erb to be able to successfully add a DirectoryIndex directive.

Can I submit it as PR?

Thanks

Jeremy

Hi =)

I recently tried to create a vhost with a port-based configuration, and noticed that the template needs a "Listen [port]" before VirtualHost *[port] in order to make it work properly.

I'm using a separated template in my own module, but I think it could be a good addition to the default template since there's already a port option being used.

I could PR this if you want.

Hello,

As I mentioned on Twitter, I'm having 2 small issues while using this apache module for a Vagrant box, with Ubuntu 12.04 .
The apache version being installed is 2.4.6 .

First one is that when trying to override the default vhost conf file, following the readme instructions, it was creating a file named "000-default" on sites-enabled, not overriding the 000-default.conf file - which caused it to not change the doc root as expected (ofc).

I could fix this by adding priority => 000 on the vhost declaration.

The other bug annoyed me for quite a long time: I was getting a 403 forbidden error on the Vhost I just setup. Adding "AllowOverride All" and other options (to explicitly add the Directory block) didn't change anything. The log says:

[Fri Sep 20 12:00:00.312316 2013] [authz_core:error] [pid 17445] [client 192.168.33.1:57254] AH01630: client denied by server configuration: /vagrant/web/

Luckily(!), I had the same problem with my local environment (ubuntu 13.04) before, and after googling I found this: http://stackoverflow.com/questions/10351167/apache-client-denied-by-server-configuration

Looks like is something new from Apache, adding this line: Require all granted to the Directory block fixed the problem.

I think the default vhost template might need an update.

apache::htpasswd uses the name of the resource as the username to be added to the htpasswd file, and does not provide a way to override that username. That causes a problem when you want to have the same username defined in two different htpasswd files on the same node. If I try to create entries for user1 in both /etc/htpasswd1 and /etc/htpasswd2, I'll get a resource conflict.

A simple solution to this would be to add an additional parameter to apache::htpasswd called username that defaults to $name.

Hi,

I just found that the $process_users parameter is ignored. The only place it's used in is the process monitoring. Under Ubuntu the file /etc/apache2/envvars is used to define what user/group to run as.

root@puppet:/etc/apache2# grep www-data * -Rni
envvars:16:export APACHE_RUN_USER=www-data
envvars:17:export APACHE_RUN_GROUP=www-data

Think that in RHEL it's defined in /etc/sysconfig/httpd

No PR coming this time. Sorry ;)

Am I doing something wrong? Need to set a custom user for Apache and reading in the init.pp looks like I should do:

class { 'apache':
process_user => 'vagrant',
}

But I still see Apache running as www-data (default for Ubuntu).

Hi,

I tryed today the instructions from http://www.example42.com/?q=How_to_Setup_a_PuppetMaster on a fresh Ubuntu 12.04.1 LTS. I got the following err:

err: /Stage[main]/Apache::Ssl/Package[apache-modssl]/ensure: change from purged to present failed: Execution of '/usr/bin/apt-get -q -y -o DPkg::Options::=--force-confold install libapache-mod-ssl' returned 100: Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package libapache-mod-ssl

As I know, the ssl mod is allready included in the default apache2 package. To support my old brain ... on http://wiki.ubuntuusers.de/Apache and http://wiki.ubuntuusers.de/Apache/SSL there are no additional packages named.

Best regards

Hi folks,

example42-apache does exactly what we need it do--give us a barebones, RHEL-default Apache installation. We now need to tweak our SSL parameters. While we could use a separate Puppet module, keeping it all in the family, as it were, is more appealing.

In particular, my organization needs parameters to set:

• SSLProtocol
• SSLCipherSuite
• SSLCertificateFile
• SSLCertificateKeyFile
• SSLCertificateChainFile
• SSLHonorCipherSuite

Obviously, there's so many Apache config parameters out there, but these would be a good place to start. Is this something you'd be willing to include, either in apache::ssl or apache::vhost ? I've forked the repository, and am currently working on a patch for this limited set of parameters.

Hi Allessandro,

i guess we have the same problem on debian 8 as on ubuntu
12),

• apache does have conf-enable with symlinking instead of conf.d now.

As far as i have seen in your apache modules,
this makes problems in:

apache::dotconf
apache/manifests/init.pp

Best,

Jochen

If I understand things correctly, this commit (22304f7) may have broken the htpasswd manifest. From what I can see the -p switch to htpasswd means do not encrypt the password, i.e. pass whatever is given to the command as the password straight through to the .htpasswd file. Thus if the crypt_password paramater is set this should have the -p flag set to avoid encrypting the already encrypted password before adding it to the .htpasswd file. The clear_password is actually the plaintext password which should not have the -p flag set so that it is encrypted before it is added to the .htpasswd file.

If the intention behind the commit is to allow saving of plaintext passwords to the .htpasswd file then surely that should be dealt with a separate flag. Although I'm not sure that it's even possible or desirable to have the .htpasswd file contain plaintext passwords!

But please correct me if I'm wrong!

I've seen this module integrates the possibility to use SSL with apache, but how's this achieved? How can I specify the SSL parameters for my vhost? where do i put my certificates?

Thanks.

Once the PR #63 was merged, a new version should be tagged.

remove the default site in debian

file { "/etc/apache2/sites-enabled/000-default": ensure => absent }

This would be a great/easy option to be able to add.

I've been trying to figure out why the apache::redhat class is included on centos/redhat systems. It defines an empty file which sets named hosts to work on port 80. In our case, we're deploying apache behind a proxy so we only want to listen on 8080. This file doesn't necessarily hurt anything but it add config when none is required.

https://github.com/example42/puppet-apache/blob/master/manifests/vhost.pp#L240

Which then loads this file

https://github.com/example42/puppet-apache/blob/master/templates/00-NameVirtualHost.conf.erb

I'd suggest just removing that line of code or that class altogether as it doesn't really do anything or respect config (i.e. port settings)

If I use this repository, I have an error : "Unknow function params_lookup".

I must get puppi to have params_lookup function.

I'm embarrassed to use an entire deposit just to use a function.

Something like this (based on vhost-ssl.template)

# File Managed by Puppet

<IfDefine SSL>
<IfDefine !NOSSL>

<VirtualHost <%= @ip_addr %>:<%= @port %>>
    ServerAdmin <%= @server_admin_email ||= 'webmaster@localhost' %>
<% if @server_name_value != false -%>
    ServerName <%= @server_name_value %>
<% end -%>

    DocumentRoot <%= @real_docroot %>

    ErrorLog  <%= scope.lookupvar('apache::log_dir') %>/<%= @name %>-error_log
    CustomLog <%= scope.lookupvar('apache::log_dir') %>/<%= @name %>-access_log common

    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH
    SSLCertificateFile <%= scope.lookupvar('apache::log_dir') %>/ssl.crt/server.crt
    SSLCertificateKeyFile <%= scope.lookupvar('apache::log_dir') %>/ssl.key/server.key
</VirtualHost>

</IfDefine>
</IfDefine>

I can't find any way, how to manage default apache configuration like document_root, includes etc. by this module.

I got this error when use this module from forge.puppetlabs.com

Unable to find module 'example42-concat' on https://forgeapi.puppetlabs.com

A none exists module is listed in https://forge.puppetlabs.com/example42/apache/dependencies.

Hi,

I have some questions:

• Why is there a vhost and a virtualhost class?
• What is the difference?
• Should I use vhost or virtualhost?
• Should we delete one of them?

Thank you for your awesome work.

Best Regards
Thomas

Nagios check_proc only checks for the first 15 characters of a service name.

For more information, look here: http://bangbangsoundslikemachinery.blogspot.com/2011/09/nagios-plugin-checkprocs-incorrectly.html

In Ubuntu 12.04 apache2 looks like:

/bin/ps axwo 'stat uid pid ppid vsz rss pcpu comm args'|grep apache2
Ss 0 2039 1 46016 12780 0.0 /usr/sbin/apach /usr/sbin/apache2 -k start
S 33 15718 2039 47024 8920 0.4 /usr/sbin/apach /usr/sbin/apache2 -k start
S 33 15737 2039 46336 8228 0.6 /usr/sbin/apach /usr/sbin/apache2 -k start

Result: '/usr/sbin/apach' != 'apache2'

Replacing the service name 'apache2' for nagios with 'apach' would solve the problem, but changing this name in $apache::service would cause problems with other monitoring, like munin

Hey,

I have a WordPress site which runs and works fine when using a named vhost, as follows:

apache::vhost { 'sitename.dev':
  server_name   => 'sitename.dev',
  docroot       => '/var/www/',
  port          => '80',
  priority      => '1',
}

However, I'd like others on my local network to be able to view the site too. I've Vagrant set up to forward port 80 to 6001, and visiting my host IP (http://192.168.2.14:6001/) works great, however any other pages lead to a 404 as the .htaccess file is not picked up. I guess this is because there is no vhost set up for it. I'd like too not require to set up the IP/port of the vhost each time, as it will change per project/machine I use leading to a big list of vhosts in my set-up, it could become quite messy.

Is it possible to to set the docroot for any IP(+port) and have the .htaccess enabled?

I'm new to Vagrant and Puppet so this is probably more of an incorrect set-up rather than an issue, however I've been trying to get this to work and can't quite figure it out.

Any help appreciated,
Cheers!

Am I right in saying that to do this I'd need a custom template like

class { 'apache':
   template => 'example42/apache/httpd.conf.erb',
 }

Unsure where that template should go or even an example of one?

Hi

If the there is a need to replace an existing vhost conf file with another one, the old remains and the new is created.

It could delete existing files and create new files.

Regards

Hi,

I encounter a problem with the apache module to the latest version of Ubuntu.
I thinks it's broken because /etc/apache2/conf.d no longer exists.

Error: Could not set 'present' on ensure: No such file or directory - /etc/apache2/conf.d/0000_listen_8080.conf20140704-32326-fzozgv.lock at 40:/etc/puppet/modules/apache/manifests/listen.pp
Error: Could not set 'present' on ensure: No such file or directory - /etc/apache2/conf.d/0000_listen_8080.conf20140704-32326-fzozgv.lock at 40:/etc/puppet/modules/apache/manifests/listen.pp
Wrapped exception:
No such file or directory - /etc/apache2/conf.d/0000_listen_8080.conf20140704-32326-fzozgv.lock
Error: /Stage[main]/Azoy::Middleware-web/Apache::Listen[8080]/File[Apache_Listen_8080.conf]/ensure: change from absent to present failed: Could not set 'present' on ensure: No such file or directory - /etc/apache2/conf.d/0000_listen_8080.conf20140704-32326-fzozgv.lock at 40:/etc/puppet/modules/apache/manifests/listen.pp

/etc/apache2> ls -l <11:31:30
total 80
-rw-r--r-- 1 root root 7115 janv. 7 14:23 apache2.conf
drwxr-xr-x 2 root root 4096 juil. 3 17:15 conf-available
drwxr-xr-x 2 root root 4096 juil. 3 17:15 conf-enabled
-rw-r--r-- 1 root root 1782 janv. 3 15:48 envvars
-rw-r--r-- 1 root root 31063 janv. 3 15:48 magic
drwxr-xr-x 2 root root 12288 juil. 3 17:15 mods-available
drwxr-xr-x 2 root root 4096 juil. 3 17:15 mods-enabled
-rw-r--r-- 1 root root 320 janv. 7 14:23 ports.conf
drwxr-xr-x 2 root root 4096 juil. 4 11:27 sites-available
drwxr-xr-x 2 root root 4096 juil. 4 11:27 sites-enabled

apache/manifests/init.pp:

$vdir = $::operatingsystem ? {
    /(?i:Ubuntu|Debian|Mint)/ => "${apache::config_dir}/sites-available",
    SLES                      => "${apache::config_dir}/vhosts.d",
    default                   => "${apache::config_dir}/conf.d",
}