From 1bd7fe8230f98cf79581263c3586d93d3d75f5d4 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 19 Jun 2017 14:32:14 +0100 Subject: [PATCH 01/20] added service control --- README.md | 4 +++- manifests/params.pp | 7 ++----- manifests/server/service.pp | 13 ++++++------- manifests/server/user.pp | 2 ++ 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index ff6c3e4..7c28142 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,8 @@ ### Features - +* install required binaries and dependencies +* manage user ### Repo Structure @@ -33,6 +34,7 @@ ### Dependencies All dependencies must be included in the catalogue. +* [cd_resources](https://gitlab.puppetsoft.com/12WW1160/cd_resources) ### Deployment diff --git a/manifests/params.pp b/manifests/params.pp index 1716679..129fd35 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -24,15 +24,12 @@ class cd_apache::params ( $pkg_ensure = 'latest', +$reqpackages = ['httpd24','httpd24-mod_ssl'], +$ae_service = 'httpd24-httpd', ) { # installation section -$reqpackages = $::operatingsystem ? { - /(?i-mx:centos|fedora|redhat)/ => ['httpd24','httpd24-mod_ssl'], - } - -$ae_service = 'httpd' # includes must be last diff --git a/manifests/server/service.pp b/manifests/server/service.pp index bca07a4..6da5b0c 100644 --- a/manifests/server/service.pp +++ b/manifests/server/service.pp @@ -27,11 +27,10 @@ class cd_apache::server::service ( require cd_apache::server::files -# service { $ae_service: -# ensure => running, -# hasstatus => true, -# hasrestart => true, -# enable => true, -# } - + service { $ae_service: + ensure => running, + hasstatus => true, + hasrestart => true, + enable => true, + } } diff --git a/manifests/server/user.pp b/manifests/server/user.pp index b3a3f7b..a61bc82 100644 --- a/manifests/server/user.pp +++ b/manifests/server/user.pp @@ -27,4 +27,6 @@ class cd_apache::server::user ( require cd_apache::server::install + + } From 972c9a059f082123d38624385f0c973ba66efde1 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 19 Jun 2017 14:42:52 +0100 Subject: [PATCH 02/20] changed package selection --- manifests/params.pp | 20 +++++++++++++++++--- manifests/server/user.pp | 6 ++++++ 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 129fd35..fd939d1 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -23,14 +23,28 @@ class cd_apache::params ( -$pkg_ensure = 'latest', -$reqpackages = ['httpd24','httpd24-mod_ssl'], -$ae_service = 'httpd24-httpd', +$pkg_ensure = 'latest', + +$ae_manage_user = false, + +$ae_user_name = 'apache', +$ae_user_uid = '48', +$ae_u_comment = 'Apache Service User', +$ae_u_groups = undef, +$ae_user_home = '/home/apache', +$ae_user_shell = '/bin/false', ) { # installation section +$reqpackages = $::operatingsystem ? { + /(?i-mx:centos|fedora|redhat)/ => ['httpd','mod_ssl'], + } + +# service +$ae_service = 'httpd', + # includes must be last include cd_apache::main::config diff --git a/manifests/server/user.pp b/manifests/server/user.pp index a61bc82..bde635c 100644 --- a/manifests/server/user.pp +++ b/manifests/server/user.pp @@ -27,6 +27,12 @@ class cd_apache::server::user ( require cd_apache::server::install + if $ae_manage_user == true { + + + + + } } From 67f81f9795d48aed1d65249a3a6ca1d9ebbeaa84 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 19 Jun 2017 14:45:41 +0100 Subject: [PATCH 03/20] changed package selection --- manifests/params.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index fd939d1..f08c612 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -43,7 +43,7 @@ $reqpackages = $::operatingsystem ? { } # service -$ae_service = 'httpd', +$ae_service = 'httpd' # includes must be last From 83b33bf7f5eccbdf4c0c90e0a7a53b0a36e42385 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 19 Jun 2017 14:50:10 +0100 Subject: [PATCH 04/20] added user management --- manifests/params.pp | 4 ++-- manifests/server/user.pp | 28 ++++++++++++++++++++++++---- 2 files changed, 26 insertions(+), 6 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index f08c612..a4519e9 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -29,9 +29,9 @@ $ae_manage_user = false, $ae_user_name = 'apache', $ae_user_uid = '48', -$ae_u_comment = 'Apache Service User', +$ae_u_comment = 'Apache', $ae_u_groups = undef, -$ae_user_home = '/home/apache', +$ae_user_home = '/opt/rh/httpd24/root/usr/share/httpd', $ae_user_shell = '/bin/false', ) { diff --git a/manifests/server/user.pp b/manifests/server/user.pp index bde635c..408b826 100644 --- a/manifests/server/user.pp +++ b/manifests/server/user.pp @@ -29,10 +29,30 @@ class cd_apache::server::user ( if $ae_manage_user == true { + group { $ae_user_name: + ensure => present, + name => $ae_user_name, + gid => $ae_user_uid, + allowdupe => false, + } - - - - + user { $ae_user_name: + ensure => present, + name => $ae_user_name, + allowdupe => false, + comment => $ae_u_comment, + uid => $ae_user_uid, + gid => $ae_user_name, + groups => $ae_u_groups, + managehome => true, + home => $ae_user_home, + shell => $ae_user_shell, + require => Group[$ae_user_name], + } } + + else { + # do nothing + } + } From 9f79e6b25b36463f2e1644e9f6c765c95c36bdb5 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 19 Jun 2017 15:33:27 +0100 Subject: [PATCH 05/20] added some directory control, testing --- README.md | 9 ++- manifests/params.pp | 24 +++++++ manifests/server/dirs.pp | 131 ++++++++++++++++++++++++++++++++++++++ manifests/server/files.pp | 1 + 4 files changed, 164 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7c28142..129d34b 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,8 @@ * [native Puppet deployment](#native-puppet-deployment) * [through Foreman](#through-foreman) * [Parameters](#parameters) + * [Mandatory Parameters](#mandatory-parameters) + * [Optional Parameters](#optional-parameters) * [SELINUX](#selinux) * [Known Problems](#known-problems) * [Support](#support) @@ -26,7 +28,7 @@ ### Features * install required binaries and dependencies -* manage user +* manage user settings (optional) ### Repo Structure @@ -56,6 +58,11 @@ See [more details about class deployment on Confdroid.com](https://confdroid.com ### Parameters The following parameters are editable via params.pp or through ENC (**__recommended__**). Values changed will take immediate effect at next puppet run. Services will be restarted where neccessary. +#### Mandatory Parameters + +#### Optional Parameters +* `$ae_manage_user` : Whether or not to manage the user settings. Important when accessing shared resources accross nodes. Defaults to `false`. + ### SELINUX All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored. diff --git a/manifests/params.pp b/manifests/params.pp index a4519e9..d2fc9b8 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -34,6 +34,11 @@ $ae_u_groups = undef, $ae_user_home = '/opt/rh/httpd24/root/usr/share/httpd', $ae_user_shell = '/bin/false', +# configuration files +$ae_manage_cfg = false, +$ae_manage_dirs = true, + + ) { # installation section @@ -45,6 +50,25 @@ $reqpackages = $::operatingsystem ? { # service $ae_service = 'httpd' +# directories +$ae_main_dir = '/etc/httpd' +$ae_conf_dir = "${ae_main_dir}/conf" +$ae_conf_d_dir = "${ae_main_dir}/conf.d" +$ae_conf_mods_d = "${ae_main_dir}/conf.modules.d" +$ae_var_logs_dir = '/var/log/httpd' +$ae_logs_dir = "${ae_main_dir}/logs" +$ae_logs_link = '../../var/log/httpd' +$ae_usr_lib_dir = '/usr/lib64/httpd', +$ae_usr_mods_dir = "${ae_usr_lib_dir}/modules" +$ae_mods_dir = "${ae_main_dir}/modules" +$ae_mods_link = '../../usr/lib64/httpd/modules', + + + + +# files + + # includes must be last include cd_apache::main::config diff --git a/manifests/server/dirs.pp b/manifests/server/dirs.pp index f16bf54..20f8895 100644 --- a/manifests/server/dirs.pp +++ b/manifests/server/dirs.pp @@ -28,4 +28,135 @@ class cd_apache::server::dirs ( require cd_apache::server::user + if $ae_manage_dirs == true { + + # create main dir + + file { $ae_main_dir: + ensure => directory, + path => $ae_main_dir, + owner => 'root', + group => 'root', + mode => '0755', + selrange => s0, + selrole => object_r, + seltype => httpd_config_t, + seluser => system_u, + } + + # conf dir + + file { $ae_conf_dir: + ensure => directory, + path => $ae_conf_dir, + owner => 'root', + group => 'root', + mode => '0755', + selrange => s0, + selrole => object_r, + seltype => httpd_config_t, + seluser => system_u, + } + + # conf.d dir + + file { $ae_conf_d_dir: + ensure => directory, + path => $ae_conf_d_dir, + owner => 'root', + group => 'root', + mode => '0755', + selrange => s0, + selrole => object_r, + seltype => httpd_config_t, + seluser => system_u, + } + + # conf.modules.d + + file { $ae_conf_mods_d: + ensure => directory, + path => $ae_conf_mods_d, + owner => 'root', + group => 'root', + mode => '0755', + selrange => s0, + selrole => object_r, + seltype => httpd_config_t, + seluser => system_u, + } + + # /var/log/httpd + + file { $ae_var_logs_dir: + ensure => directory, + path => $ae_var_logs_dir, + owner => 'root', + group => 'root', + mode => '0700', + selrange => s0, + selrole => object_r, + seltype => httpd_log_t, + seluser => system_u, + } + + # logs dir link + + file { $ae_logs_dir: + ensure => link, + path => $ae_logs_dir, + target => $ae_logs_link, + owner => 'root', + group => 'root', + mode => '0777', + selrange => s0, + selrole => object_r, + seltype => httpd_log_t, + seluser => system_u, + } + + # /usr/lib/httpd + + file { $ae_usr_lib_dir: + ensure => directory, + path => $ae_usr_lib_dir, + owner => 'root', + group => 'root', + mode => '0700', + selrange => s0, + selrole => object_r, + seltype => httpd_modules_t, + seluser => system_u, + } + + # mods dir + + file { $ae_mods_dir: + ensure => directory, + path => $ae_mods_dir, + owner => 'root', + group => 'root', + mode => '0700', + selrange => s0, + selrole => object_r, + seltype => httpd_modules_t, + seluser => system_u, + } + + # logs dir link + + file { $ae_mods_dir: + ensure => link, + path => $ae_mods_dir, + target => $ae_mods_link, + owner => 'root', + group => 'root', + mode => '0777', + selrange => s0, + selrole => object_r, + seltype => httpd_modules_t, + seluser => system_u, + } + + } } diff --git a/manifests/server/files.pp b/manifests/server/files.pp index 938ef0e..0644fbc 100644 --- a/manifests/server/files.pp +++ b/manifests/server/files.pp @@ -28,4 +28,5 @@ class cd_apache::server::files ( require cd_apache::server::dirs + } From a441326bf8ef9e1403bae666d6777c63113d5866 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 19 Jun 2017 15:35:06 +0100 Subject: [PATCH 06/20] added some directory control, testing --- manifests/params.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index d2fc9b8..c7434d7 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -58,10 +58,10 @@ $ae_conf_mods_d = "${ae_main_dir}/conf.modules.d" $ae_var_logs_dir = '/var/log/httpd' $ae_logs_dir = "${ae_main_dir}/logs" $ae_logs_link = '../../var/log/httpd' -$ae_usr_lib_dir = '/usr/lib64/httpd', +$ae_usr_lib_dir = '/usr/lib64/httpd' $ae_usr_mods_dir = "${ae_usr_lib_dir}/modules" $ae_mods_dir = "${ae_main_dir}/modules" -$ae_mods_link = '../../usr/lib64/httpd/modules', +$ae_mods_link = '../../usr/lib64/httpd/modules' From c5be228aa7a091fac3ec46bf8f39f822a3e31c12 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 19 Jun 2017 15:38:44 +0100 Subject: [PATCH 07/20] added some directory control, testing --- manifests/server/dirs.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/server/dirs.pp b/manifests/server/dirs.pp index 20f8895..a41632f 100644 --- a/manifests/server/dirs.pp +++ b/manifests/server/dirs.pp @@ -145,10 +145,10 @@ class cd_apache::server::dirs ( # logs dir link - file { $ae_mods_dir: + file { $ae_mods_link: ensure => link, - path => $ae_mods_dir, - target => $ae_mods_link, + path => $ae_mods_link, + target => $ae_mods_dir, owner => 'root', group => 'root', mode => '0777', From 7db89790839718b9b400eb4887cdf6d4b685609a Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 19 Jun 2017 15:40:58 +0100 Subject: [PATCH 08/20] added some directory control, testing --- manifests/params.pp | 2 +- manifests/server/dirs.pp | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index c7434d7..f9828bb 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -61,7 +61,7 @@ $ae_logs_link = '../../var/log/httpd' $ae_usr_lib_dir = '/usr/lib64/httpd' $ae_usr_mods_dir = "${ae_usr_lib_dir}/modules" $ae_mods_dir = "${ae_main_dir}/modules" -$ae_mods_link = '../../usr/lib64/httpd/modules' + diff --git a/manifests/server/dirs.pp b/manifests/server/dirs.pp index a41632f..d0662bd 100644 --- a/manifests/server/dirs.pp +++ b/manifests/server/dirs.pp @@ -145,9 +145,9 @@ class cd_apache::server::dirs ( # logs dir link - file { $ae_mods_link: + file { $ae_usr_mods_dir: ensure => link, - path => $ae_mods_link, + path => $ae_usr_mods_dir, target => $ae_mods_dir, owner => 'root', group => 'root', From f544863d4dc69c52279b5338d7b6073e98391f99 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 19 Jun 2017 15:41:36 +0100 Subject: [PATCH 09/20] added some directory control, testing --- manifests/params.pp | 1 - manifests/server/dirs.pp | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index f9828bb..acfc743 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -57,7 +57,6 @@ $ae_conf_d_dir = "${ae_main_dir}/conf.d" $ae_conf_mods_d = "${ae_main_dir}/conf.modules.d" $ae_var_logs_dir = '/var/log/httpd' $ae_logs_dir = "${ae_main_dir}/logs" -$ae_logs_link = '../../var/log/httpd' $ae_usr_lib_dir = '/usr/lib64/httpd' $ae_usr_mods_dir = "${ae_usr_lib_dir}/modules" $ae_mods_dir = "${ae_main_dir}/modules" diff --git a/manifests/server/dirs.pp b/manifests/server/dirs.pp index d0662bd..9ddc674 100644 --- a/manifests/server/dirs.pp +++ b/manifests/server/dirs.pp @@ -105,7 +105,7 @@ class cd_apache::server::dirs ( file { $ae_logs_dir: ensure => link, path => $ae_logs_dir, - target => $ae_logs_link, + target => $ae_var_logs_dir, owner => 'root', group => 'root', mode => '0777', From 1716f1654b94fda3ffdc3b94938e1488ca5803b7 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 19 Jun 2017 15:47:05 +0100 Subject: [PATCH 10/20] fixed target --- manifests/server/dirs.pp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/manifests/server/dirs.pp b/manifests/server/dirs.pp index 9ddc674..8592773 100644 --- a/manifests/server/dirs.pp +++ b/manifests/server/dirs.pp @@ -122,7 +122,7 @@ class cd_apache::server::dirs ( path => $ae_usr_lib_dir, owner => 'root', group => 'root', - mode => '0700', + mode => '0755', selrange => s0, selrole => object_r, seltype => httpd_modules_t, @@ -131,12 +131,12 @@ class cd_apache::server::dirs ( # mods dir - file { $ae_mods_dir: + file { $ae_usr_mods_dir: ensure => directory, - path => $ae_mods_dir, + path => $ae_usr_mods_dir, owner => 'root', group => 'root', - mode => '0700', + mode => '0755', selrange => s0, selrole => object_r, seltype => httpd_modules_t, @@ -145,10 +145,10 @@ class cd_apache::server::dirs ( # logs dir link - file { $ae_usr_mods_dir: + file { $ae_mods_dir: ensure => link, - path => $ae_usr_mods_dir, - target => $ae_mods_dir, + path => $ae_mods_dir, + target => $ae_usr_mods_dir, owner => 'root', group => 'root', mode => '0777', From bbcb22214b0543e1769ca780b98ee18ca17e6933 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 19 Jun 2017 15:54:57 +0100 Subject: [PATCH 11/20] added more dirs --- manifests/params.pp | 1 + manifests/server/dirs.pp | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/manifests/params.pp b/manifests/params.pp index acfc743..1adf15d 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -60,6 +60,7 @@ $ae_logs_dir = "${ae_main_dir}/logs" $ae_usr_lib_dir = '/usr/lib64/httpd' $ae_usr_mods_dir = "${ae_usr_lib_dir}/modules" $ae_mods_dir = "${ae_main_dir}/modules" +$ae_run_dir = '/var/run/httpd' diff --git a/manifests/server/dirs.pp b/manifests/server/dirs.pp index 8592773..85259ee 100644 --- a/manifests/server/dirs.pp +++ b/manifests/server/dirs.pp @@ -158,5 +158,34 @@ class cd_apache::server::dirs ( seluser => system_u, } + # run dir + + file { $ae_run_dir: + ensure => directory, + path => $ae_run_dir, + owner => 'root', + group => 'root', + mode => '0710', + selrange => s0, + selrole => object_r, + seltype => httpd_var_run_t, + seluser => system_u, + } + + # run link + + file { $ae_run_link: + ensure => link, + path => $ae_run_link, + target => $ae_run_dir, + owner => 'root', + group => 'root', + mode => '0777', + selrange => s0, + selrole => object_r, + seltype => httpd_var_run_t, + seluser => system_u, + } + } } From e4d82e708ff6138c88f56ba6d6452feb19ef6151 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 19 Jun 2017 16:00:02 +0100 Subject: [PATCH 12/20] added more dirs --- manifests/params.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index 1adf15d..af08d1f 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -61,7 +61,7 @@ $ae_usr_lib_dir = '/usr/lib64/httpd' $ae_usr_mods_dir = "${ae_usr_lib_dir}/modules" $ae_mods_dir = "${ae_main_dir}/modules" $ae_run_dir = '/var/run/httpd' - +$ae_run_link = "${ae_main_dir}/run" From 21dbe645b54d37dd5b80dc72190dc43bd1b46011 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 19 Jun 2017 16:07:36 +0100 Subject: [PATCH 13/20] added more dirs --- manifests/params.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index af08d1f..54d3cc1 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -60,7 +60,7 @@ $ae_logs_dir = "${ae_main_dir}/logs" $ae_usr_lib_dir = '/usr/lib64/httpd' $ae_usr_mods_dir = "${ae_usr_lib_dir}/modules" $ae_mods_dir = "${ae_main_dir}/modules" -$ae_run_dir = '/var/run/httpd' +$ae_run_dir = '/run/httpd' $ae_run_link = "${ae_main_dir}/run" From c64c46b8962ea2ce8405878327e91c5fc602b569 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 19 Jun 2017 16:10:56 +0100 Subject: [PATCH 14/20] added more dirs --- manifests/server/dirs.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/server/dirs.pp b/manifests/server/dirs.pp index 85259ee..0b01b52 100644 --- a/manifests/server/dirs.pp +++ b/manifests/server/dirs.pp @@ -183,7 +183,7 @@ class cd_apache::server::dirs ( mode => '0777', selrange => s0, selrole => object_r, - seltype => httpd_var_run_t, + seltype => httpd_config_t, seluser => system_u, } From fb976134a14040f54e24adedbddfd7a9f1b93125 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 19 Jun 2017 16:12:54 +0100 Subject: [PATCH 15/20] changed group --- manifests/server/dirs.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/server/dirs.pp b/manifests/server/dirs.pp index 0b01b52..c65c677 100644 --- a/manifests/server/dirs.pp +++ b/manifests/server/dirs.pp @@ -164,7 +164,7 @@ class cd_apache::server::dirs ( ensure => directory, path => $ae_run_dir, owner => 'root', - group => 'root', + group => $ae_user_name, mode => '0710', selrange => s0, selrole => object_r, From 84fc5905c149f2b4fb389e277248a5872f80588b Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 19 Jun 2017 16:18:29 +0100 Subject: [PATCH 16/20] changed user home --- manifests/params.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index 54d3cc1..a36ee78 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -31,7 +31,7 @@ $ae_user_name = 'apache', $ae_user_uid = '48', $ae_u_comment = 'Apache', $ae_u_groups = undef, -$ae_user_home = '/opt/rh/httpd24/root/usr/share/httpd', +$ae_user_home = '/usr/share/httpd', $ae_user_shell = '/bin/false', # configuration files From 9b09518580e22b4e3118c927c10e6ac5af2b2786 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 19 Jun 2017 16:24:25 +0100 Subject: [PATCH 17/20] finished directories --- manifests/params.pp | 2 ++ manifests/server/dirs.pp | 27 +++++++++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/manifests/params.pp b/manifests/params.pp index a36ee78..5c7cda9 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -62,6 +62,8 @@ $ae_usr_mods_dir = "${ae_usr_lib_dir}/modules" $ae_mods_dir = "${ae_main_dir}/modules" $ae_run_dir = '/run/httpd' $ae_run_link = "${ae_main_dir}/run" +$ae_share_httpd = '/usr/share/httpd' +$ae_cache_httpd = '/var/cache/httpd' diff --git a/manifests/server/dirs.pp b/manifests/server/dirs.pp index c65c677..07afceb 100644 --- a/manifests/server/dirs.pp +++ b/manifests/server/dirs.pp @@ -187,5 +187,32 @@ class cd_apache::server::dirs ( seluser => system_u, } + # /usr/share/httpd dir + + file { $ae_share_httpd: + ensure => directory, + path => $ae_share_httpd, + owner => 'root', + group => 'root', + mode => '0755', + selrange => s0, + selrole => object_r, + seltype => usr_t, + seluser => system_u, + } + + # /var/cache/httpd + + file { $ae_cache_httpd: + ensure => directory, + path => $ae_cache_httpd, + owner => $ae_user_name, + group => $ae_user_name, + mode => '0700', + selrange => s0, + selrole => object_r, + seltype => httpd_cache_t, + seluser => system_u, + } } } From b0b9a0a692fba2ddfa2cab5daa11e7a48ded95c5 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 19 Jun 2017 17:06:32 +0100 Subject: [PATCH 18/20] started adding files --- manifests/params.pp | 10 +- manifests/server/files.pp | 49 +++++ templates/autoindex_conf.erb | 94 +++++++++ templates/httpd_conf.erb | 361 ++++++++++++++++++++++++++++++++ templates/magic.erb | 385 +++++++++++++++++++++++++++++++++++ templates/ssl_conf.erb | 218 ++++++++++++++++++++ templates/userdir.conf | 36 ++++ templates/welcome.conf | 22 ++ 8 files changed, 1172 insertions(+), 3 deletions(-) create mode 100644 templates/autoindex_conf.erb create mode 100644 templates/httpd_conf.erb create mode 100644 templates/magic.erb create mode 100644 templates/ssl_conf.erb create mode 100644 templates/userdir.conf create mode 100644 templates/welcome.conf diff --git a/manifests/params.pp b/manifests/params.pp index 5c7cda9..0fdaeab 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -66,10 +66,14 @@ $ae_share_httpd = '/usr/share/httpd' $ae_cache_httpd = '/var/cache/httpd' - - # files - +$ae_conf_file = "${ae_conf_dir}/httpd.conf" +$ae_conf_file_erb = 'cd_apache/httpd_conf.erb' +$ae_magic_file = "${ae_conf_dir}/magic" +$ae_magic_file_erb = 'cd_apache/magic.erb' +$ae_ssl_file = "${ae_conf_d_dir}/ssl.conf" +$ae_ssl_file_erb = 'cd_apache/ssl_conf.erb' +$ae_autoindex_file = "${ae_conf_d_dir}/autoindex.conf" # includes must be last diff --git a/manifests/server/files.pp b/manifests/server/files.pp index 0644fbc..fc22a7a 100644 --- a/manifests/server/files.pp +++ b/manifests/server/files.pp @@ -28,5 +28,54 @@ class cd_apache::server::files ( require cd_apache::server::dirs + if $ae_manage_cfg == true { + + # manage main config file + + file { $ae_conf_file: + ensure => file, + path => $ae_conf_file, + owner => 'root', + group => 'root', + mode => '0644', + selrange => s0, + selrole => object_r, + seltype => httpd_config_t, + seluser => system_u, + content => template($ae_conf_file_erb), + notify => Service['httpd'], + } + + # manage magic file + + file { $ae_magic_file: + ensure => file, + path => $ae_magic_file, + owner => 'root', + group => 'root', + mode => '0644', + selrange => s0, + selrole => object_r, + seltype => httpd_config_t, + seluser => system_u, + content => template($ae_magic_file_erb), + notify => Service['httpd'], + } + + # manage main ssl config file + + file { $ae_ssl_file: + ensure => file, + path => $ae_ssl_file, + owner => 'root', + group => 'root', + mode => '0644', + selrange => s0, + selrole => object_r, + seltype => httpd_config_t, + seluser => system_u, + content => template($ae_ssl_file_erb), + notify => Service['httpd'], + } } diff --git a/templates/autoindex_conf.erb b/templates/autoindex_conf.erb new file mode 100644 index 0000000..a85cf5d --- /dev/null +++ b/templates/autoindex_conf.erb @@ -0,0 +1,94 @@ +# +# Directives controlling the display of server-generated directory listings. +# +# Required modules: mod_authz_core, mod_authz_host, +# mod_autoindex, mod_alias +# +# To see the listing of a directory, the Options directive for the +# directory must include "Indexes", and the directory must not contain +# a file matching those listed in the DirectoryIndex directive. +# + +# +# IndexOptions: Controls the appearance of server-generated directory +# listings. +# +IndexOptions FancyIndexing HTMLTable VersionSort + +# We include the /icons/ alias for FancyIndexed directory listings. If +# you do not use FancyIndexing, you may comment this out. +# +Alias /icons/ "/usr/share/httpd/icons/" + + + Options Indexes MultiViews FollowSymlinks + AllowOverride None + Require all granted + + +# +# AddIcon* directives tell the server which icon to show for different +# files or filename extensions. These are only displayed for +# FancyIndexed directories. +# +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex +AddIcon /icons/bomb.gif /core +AddIcon /icons/bomb.gif */core.* + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +# +# DefaultIcon is which icon to show for files which do not have an icon +# explicitly set. +# +DefaultIcon /icons/unknown.gif + +# +# AddDescription allows you to place a short description after a file in +# server-generated indexes. These are only displayed for FancyIndexed +# directories. +# Format: AddDescription "description" filename +# +#AddDescription "GZIP compressed document" .gz +#AddDescription "tar archive" .tar +#AddDescription "GZIP compressed tar archive" .tgz + +# +# ReadmeName is the name of the README file the server will look for by +# default, and append to directory listings. +# +# HeaderName is the name of a file which should be prepended to +# directory indexes. +ReadmeName README.html +HeaderName HEADER.html + +# +# IndexIgnore is a set of filenames which directory indexing should ignore +# and not include in the listing. Shell-style wildcarding is permitted. +# +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + diff --git a/templates/httpd_conf.erb b/templates/httpd_conf.erb new file mode 100644 index 0000000..64cea83 --- /dev/null +++ b/templates/httpd_conf.erb @@ -0,0 +1,361 @@ +################################################################################ +##### httpd.conf generated by puppet - changes will be overwritten ##### +################################################################################ +##### full reference file is available under ##### +##### https://confdroid.com/2017/06/apache-httpd-conf-v-2-4/ ##### +################################################################################ + +# +# This is the main Apache HTTP server configuration file. It contains the +# configuration directives that give the server its instructions. +# See for detailed information. +# In particular, see +# +# for a discussion of each configuration directive. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so 'log/access_log' +# with ServerRoot set to '/www' will be interpreted by the +# server as '/www/log/access_log', where as '/log/access_log' will be +# interpreted as '/log/access_log'. + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# Do not add a slash at the end of the directory path. If you point +# ServerRoot at a non-local disk, be sure to specify a local disk on the +# Mutex directive, if file-based mutexes are used. If you wish to share the +# same ServerRoot for multiple httpd daemons, you will need to change at +# least PidFile. +# +ServerRoot "/etc/httpd" + +# +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the +# directive. +# +# Change this to Listen on specific IP addresses as shown below to +# prevent Apache from glomming onto all bound IP addresses. +# +#Listen 12.34.56.78:80 +Listen 80 + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +Include conf.modules.d/*.conf + +# +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run httpd as. +# It is usually good practice to create a dedicated user and group for +# running httpd, as with most system services. +# +User apache +Group apache + +# 'Main' server configuration +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# definition. These values also provide defaults for +# any containers you may define later in the file. +# +# All of these directives may appear inside containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# + +# +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@your-domain.com +# +ServerAdmin root@localhost + +# +# ServerName gives the name and port that the server uses to identify itself. +# This can often be determined automatically, but we recommend you specify +# it explicitly to prevent problems during startup. +# +# If your host doesn't have a registered DNS name, enter its IP address here. +# +#ServerName www.example.com:80 +ServerName <%= @fqdn %>:80 + +# +# Deny access to the entirety of your server's filesystem. You must +# explicitly permit access to web content directories in other +# blocks below. +# + + AllowOverride none + Require all denied + + +# +# Note that from this point forward you must specifically allow +# particular features to be enabled - so if something's not working as +# you might expect, make sure that you have specifically enabled it +# below. +# + +# +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot "/var/www/html" + +# +# Relax access to content within /var/www. +# + + AllowOverride None + # Allow open access: + Require all granted + + +# Further relax access to the default document root: + + # + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.4/mod/core.html#options + # for more information. + # + Options Indexes FollowSymLinks + + # + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # Options FileInfo AuthConfig Limit + # + AllowOverride None + + # + # Controls who can get stuff from this server. + # + Require all granted + + +# +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. +# + + DirectoryIndex index.html + + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + +# +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog "logs/error_log" + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + + + # + # The following directives define some format nicknames for use with + # a CustomLog directive (see below). + # + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%h %l %u %t \"%r\" %>s %b" common + + + # You need to enable mod_logio.c to use %I and %O + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + + + # + # The location and format of the access logfile (Common Logfile Format). + # If you do not define any access logfiles within a + # container, they will be logged here. Contrariwise, if you *do* + # define per- access logfiles, transactions will be + # logged therein and *not* in this file. + # + #CustomLog "logs/access_log" common + + # + # If you prefer a logfile with access, agent, and referer information + # (Combined Logfile Format) you can use the following directive. + # + CustomLog "logs/access_log" combined + + + + # + # Redirect: Allows you to tell clients about documents that used to + # exist in your server's namespace, but do not anymore. The client + # will make a new request for the document at its new location. + # Example: + # Redirect permanent /foo http://www.example.com/bar + + # + # Alias: Maps web paths into filesystem paths and is used to + # access content that does not live under the DocumentRoot. + # Example: + # Alias /webpath /full/filesystem/path + # + # If you include a trailing / on /webpath then the server will + # require it to be present in the URL. You will also likely + # need to provide a section to allow access to + # the filesystem path. + + # + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the target directory are treated as applications and + # run by the server when requested rather than as documents sent to the + # client. The same rules about trailing "/" apply to ScriptAlias + # directives as to Alias. + # + ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" + + + +# +# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. +# + + AllowOverride None + Options None + Require all granted + + + + # + # TypesConfig points to the file containing the list of mappings from + # filename extension to MIME-type. + # + TypesConfig /etc/mime.types + + # + # AddType allows you to add to or override the MIME configuration + # file specified in TypesConfig for specific file types. + # + #AddType application/x-gzip .tgz + # + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + # + #AddEncoding x-compress .Z + #AddEncoding x-gzip .gz .tgz + # + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + # + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + # + # AddHandler allows you to map certain file extensions to "handlers": + # actions unrelated to filetype. These can be either built into the server + # or added with the Action directive (see below) + # + # To use CGI scripts outside of ScriptAliased directories: + # (You will also need to add "ExecCGI" to the "Options" directive.) + # + #AddHandler cgi-script .cgi + + # For type maps (negotiated resources): + #AddHandler type-map var + + # + # Filters allow you to process content before it is sent to the client. + # + # To parse .shtml files for server-side includes (SSI): + # (You will also need to add "Includes" to the "Options" directive.) + # + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + + +# +# Specify a default charset for all content served; this enables +# interpretation of all content as UTF-8 by default. To use the +# default browser choice (ISO-8859-1), or to allow the META tags +# in HTML content to override this choice, comment out this +# directive: +# +AddDefaultCharset UTF-8 + + + # + # The mod_mime_magic module allows the server to use various hints from the + # contents of the file itself to determine its type. The MIMEMagicFile + # directive tells the module where the hint definitions are located. + # + MIMEMagicFile conf/magic + + +# +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# EnableMMAP and EnableSendfile: On systems that support it, +# memory-mapping or the sendfile syscall may be used to deliver +# files. This usually improves server performance, but must +# be turned off when serving from networked-mounted +# filesystems or if support for these functions is otherwise +# broken on your system. +# Defaults if commented: EnableMMAP On, EnableSendfile Off +# +#EnableMMAP off +EnableSendfile on + +# Supplemental configuration +# +# Load config files in the "/etc/httpd/conf.d" directory, if any. +IncludeOptional conf.d/*.conf diff --git a/templates/magic.erb b/templates/magic.erb new file mode 100644 index 0000000..7c56119 --- /dev/null +++ b/templates/magic.erb @@ -0,0 +1,385 @@ +# Magic data for mod_mime_magic Apache module (originally for file(1) command) +# The module is described in /manual/mod/mod_mime_magic.html +# +# The format is 4-5 columns: +# Column #1: byte number to begin checking from, ">" indicates continuation +# Column #2: type of data to match +# Column #3: contents of data to match +# Column #4: MIME type of result +# Column #5: MIME encoding of result (optional) + +#------------------------------------------------------------------------------ +# Localstuff: file(1) magic for locally observed files +# Add any locally observed files here. + +#------------------------------------------------------------------------------ +# end local stuff +#------------------------------------------------------------------------------ + +#------------------------------------------------------------------------------ +# Java + +0 short 0xcafe +>2 short 0xbabe application/java + +#------------------------------------------------------------------------------ +# audio: file(1) magic for sound formats +# +# from Jan Nicolai Langfeldt , +# + +# Sun/NeXT audio data +0 string .snd +>12 belong 1 audio/basic +>12 belong 2 audio/basic +>12 belong 3 audio/basic +>12 belong 4 audio/basic +>12 belong 5 audio/basic +>12 belong 6 audio/basic +>12 belong 7 audio/basic + +>12 belong 23 audio/x-adpcm + +# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format +# that uses little-endian encoding and has a different magic number +# (0x0064732E in little-endian encoding). +0 lelong 0x0064732E +>12 lelong 1 audio/x-dec-basic +>12 lelong 2 audio/x-dec-basic +>12 lelong 3 audio/x-dec-basic +>12 lelong 4 audio/x-dec-basic +>12 lelong 5 audio/x-dec-basic +>12 lelong 6 audio/x-dec-basic +>12 lelong 7 audio/x-dec-basic +# compressed (G.721 ADPCM) +>12 lelong 23 audio/x-dec-adpcm + +# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" +# AIFF audio data +8 string AIFF audio/x-aiff +# AIFF-C audio data +8 string AIFC audio/x-aiff +# IFF/8SVX audio data +8 string 8SVX audio/x-aiff + +# Creative Labs AUDIO stuff +# Standard MIDI data +0 string MThd audio/unknown +#>9 byte >0 (format %d) +#>11 byte >1 using %d channels +# Creative Music (CMF) data +0 string CTMF audio/unknown +# SoundBlaster instrument data +0 string SBI audio/unknown +# Creative Labs voice data +0 string Creative\ Voice\ File audio/unknown +## is this next line right? it came this way... +#>19 byte 0x1A +#>23 byte >0 - version %d +#>22 byte >0 \b.%d + +# [GRR 950115: is this also Creative Labs? Guessing that first line +# should be string instead of unknown-endian long...] +#0 long 0x4e54524b MultiTrack sound data +#0 string NTRK MultiTrack sound data +#>4 long x - version %ld + +# Microsoft WAVE format (*.wav) +# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] +# Microsoft RIFF +0 string RIFF audio/unknown +# - WAVE format +>8 string WAVE audio/x-wav +# MPEG audio. +0 beshort&0xfff0 0xfff0 audio/mpeg +# C64 SID Music files, from Linus Walleij +0 string PSID audio/prs.sid + +#------------------------------------------------------------------------------ +# c-lang: file(1) magic for C programs or various scripts +# + +# XPM icons (Greg Roelofs, newt@uchicago.edu) +# ideally should go into "images", but entries below would tag XPM as C source +0 string /*\ XPM image/x-xbm 7bit + +# this first will upset you if you're a PL/1 shop... (are there any left?) +# in which case rm it; ascmagic will catch real C programs +# C or REXX program text +0 string /* text/plain +# C++ program text +0 string // text/plain + +#------------------------------------------------------------------------------ +# compress: file(1) magic for pure-compression formats (no archives) +# +# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. +# +# Formats for various forms of compressed data +# Formats for "compress" proper have been moved into "compress.c", +# because it tries to uncompress it to figure out what's inside. + +# standard unix compress +0 string \037\235 application/octet-stream x-compress + +# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) +0 string \037\213 application/octet-stream x-gzip + +# According to gzip.h, this is the correct byte order for packed data. +0 string \037\036 application/octet-stream +# +# This magic number is byte-order-independent. +# +0 short 017437 application/octet-stream + +# XXX - why *two* entries for "compacted data", one of which is +# byte-order independent, and one of which is byte-order dependent? +# +# compacted data +0 short 0x1fff application/octet-stream +0 string \377\037 application/octet-stream +# huf output +0 short 0145405 application/octet-stream + +# Squeeze and Crunch... +# These numbers were gleaned from the Unix versions of the programs to +# handle these formats. Note that I can only uncrunch, not crunch, and +# I didn't have a crunched file handy, so the crunch number is untested. +# Keith Waclena +#0 leshort 0x76FF squeezed data (CP/M, DOS) +#0 leshort 0x76FE crunched data (CP/M, DOS) + +# Freeze +#0 string \037\237 Frozen file 2.1 +#0 string \037\236 Frozen file 1.0 (or gzip 0.5) + +# lzh? +#0 string \037\240 LZH compressed data + +#------------------------------------------------------------------------------ +# frame: file(1) magic for FrameMaker files +# +# This stuff came on a FrameMaker demo tape, most of which is +# copyright, but this file is "published" as witness the following: +# +0 string \ +# and Anna Shergold +# +0 string \ +0 string \14 byte 12 (OS/2 1.x format) +#>14 byte 64 (OS/2 2.x format) +#>14 byte 40 (Windows 3.x format) +#0 string IC icon +#0 string PI pointer +#0 string CI color icon +#0 string CP color pointer +#0 string BA bitmap array + +0 string \x89PNG image/png +0 string FWS application/x-shockwave-flash +0 string CWS application/x-shockwave-flash + +#------------------------------------------------------------------------------ +# lisp: file(1) magic for lisp programs +# +# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) +0 string ;; text/plain 8bit +# Emacs 18 - this is always correct, but not very magical. +0 string \012( application/x-elc +# Emacs 19 +0 string ;ELC\023\000\000\000 application/x-elc + +#------------------------------------------------------------------------------ +# mail.news: file(1) magic for mail and news +# +# There are tests to ascmagic.c to cope with mail and news. +0 string Relay-Version: message/rfc822 7bit +0 string #!\ rnews message/rfc822 7bit +0 string N#!\ rnews message/rfc822 7bit +0 string Forward\ to message/rfc822 7bit +0 string Pipe\ to message/rfc822 7bit +0 string Return-Path: message/rfc822 7bit +0 string Path: message/news 8bit +0 string Xref: message/news 8bit +0 string From: message/rfc822 7bit +0 string Article message/news 8bit +#------------------------------------------------------------------------------ +# msword: file(1) magic for MS Word files +# +# Contributor claims: +# Reversed-engineered MS Word magic numbers +# + +0 string \376\067\0\043 application/msword +0 string \333\245-\0\0\0 application/msword + +# disable this one because it applies also to other +# Office/OLE documents for which msword is not correct. See PR#2608. +#0 string \320\317\021\340\241\261 application/msword + + + +#------------------------------------------------------------------------------ +# printer: file(1) magic for printer-formatted files +# + +# PostScript +0 string %! application/postscript +0 string \004%! application/postscript + +# Acrobat +# (due to clamen@cs.cmu.edu) +0 string %PDF- application/pdf + +#------------------------------------------------------------------------------ +# sc: file(1) magic for "sc" spreadsheet +# +38 string Spreadsheet application/x-sc + +#------------------------------------------------------------------------------ +# tex: file(1) magic for TeX files +# +# XXX - needs byte-endian stuff (big-endian and little-endian DVI?) +# +# From + +# Although we may know the offset of certain text fields in TeX DVI +# and font files, we can't use them reliably because they are not +# zero terminated. [but we do anyway, christos] +0 string \367\002 application/x-dvi +#0 string \367\203 TeX generic font data +#0 string \367\131 TeX packed font data +#0 string \367\312 TeX virtual font data +#0 string This\ is\ TeX, TeX transcript text +#0 string This\ is\ METAFONT, METAFONT transcript text + +# There is no way to detect TeX Font Metric (*.tfm) files without +# breaking them apart and reading the data. The following patterns +# match most *.tfm files generated by METAFONT or afm2tfm. +#2 string \000\021 TeX font metric data +#2 string \000\022 TeX font metric data +#>34 string >\0 (%s) + +# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) +#0 string \\input\ texinfo Texinfo source text +#0 string This\ is\ Info\ file GNU Info text + +# correct TeX magic for Linux (and maybe more) +# from Peter Tobias (tobias@server.et-inf.fho-emden.de) +# +0 leshort 0x02f7 application/x-dvi + +# RTF - Rich Text Format +0 string {\\rtf application/rtf + +#------------------------------------------------------------------------------ +# animation: file(1) magic for animation/movie formats +# +# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) +# MPEG file +0 string \000\000\001\263 video/mpeg +# +# The contributor claims: +# I couldn't find a real magic number for these, however, this +# -appears- to work. Note that it might catch other files, too, +# so BE CAREFUL! +# +# Note that title and author appear in the two 20-byte chunks +# at decimal offsets 2 and 22, respectively, but they are XOR'ed with +# 255 (hex FF)! DL format SUCKS BIG ROCKS. +# +# DL file version 1 , medium format (160x100, 4 images/screen) +0 byte 1 video/unknown +0 byte 2 video/unknown +# Quicktime video, from Linus Walleij +# from Apple quicktime file format documentation. +4 string moov video/quicktime +4 string mdat video/quicktime + diff --git a/templates/ssl_conf.erb b/templates/ssl_conf.erb new file mode 100644 index 0000000..5369289 --- /dev/null +++ b/templates/ssl_conf.erb @@ -0,0 +1,218 @@ +################################################################################ +##### ssl.conf generated by puppet - manual changed will be overwritten ##### +################################################################################ +# When we also provide SSL we have to listen to the +# the HTTPS port in addition. +# +Listen 443 https + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +SSLSessionCache shmcb:/run/httpd/sslcache(512000) +SSLSessionCacheTimeout 300 + +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the +# SSL library. The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect builtin +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + +# +# Use "SSLCryptoDevice" to enable any supported hardware +# accelerators. Use "openssl engine -v" to list supported +# engine names. NOTE: If you enable an accelerator and the +# server does not start, consult the error logs and ensure +# your accelerator is functioning properly. +# +SSLCryptoDevice builtin +#SSLCryptoDevice ubsec + +## +## SSL Virtual Host Context +## + + + +# General setup for the virtual host, inherited from global configuration +#DocumentRoot "/var/www/html" +#ServerName www.example.com:443 + +# Use separate log files for the SSL virtual host; note that LogLevel +# is not inherited from httpd.conf. +ErrorLog logs/ssl_error_log +TransferLog logs/ssl_access_log +LogLevel warn + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +SSLEngine on + +# SSL Protocol support: +# List the enable protocol levels with which clients will be able to +# connect. Disable SSLv2 access by default: +SSLProtocol all -SSLv2 + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA + +# Speed-optimized SSL Cipher configuration: +# If speed is your main concern (on busy HTTPS servers e.g.), +# you might want to force clients to specific, performance +# optimized ciphers. In this case, prepend those ciphers +# to the SSLCipherSuite list, and enable SSLHonorCipherOrder. +# Caveat: by giving precedence to RC4-SHA and AES128-SHA +# (as in the example below), most connections will no longer +# have perfect forward secrecy - if the server's key is +# compromised, captures of past or future traffic must be +# considered compromised, too. +#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 +#SSLHonorCipherOrder on + +# Server Certificate: +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that a kill -HUP will prompt again. A new +# certificate can be generated using the genkey(1) command. +SSLCertificateFile /etc/pki/tls/certs/localhost.crt + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. Keep in mind that if +# you've both a RSA and a DSA private key you can configure +# both in parallel (to also allow the use of DSA ciphers, etc.) +SSLCertificateKeyFile /etc/pki/tls/private/localhost.key + +# Server Certificate Chain: +# Point SSLCertificateChainFile at a file containing the +# concatenation of PEM encoded CA certificates which form the +# certificate chain for the server certificate. Alternatively +# the referenced file can be the same as SSLCertificateFile +# when the CA certificates are directly appended to the server +# certificate for convinience. +#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt + +# Certificate Authority (CA): +# Set the CA certificate verification path where to find CA +# certificates for client authentication or alternatively one +# huge file containing all of them (file must be PEM encoded) +#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt + +# Client Authentication (Type): +# Client certificate verification type and depth. Types are +# none, optional, require and optional_no_ca. Depth is a +# number which specifies how deeply to verify the certificate +# issuer chain before deciding the certificate is not valid. +#SSLVerifyClient require +#SSLVerifyDepth 10 + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_ssl documentation +# for more details. +# +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +# + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + +# SSL Protocol Adjustments: +# The safe and default but still SSL/TLS standard compliant shutdown +# approach is that mod_ssl sends the close notify alert but doesn't wait for +# the close notify alert from client. When you need a different shutdown +# approach you can use one of the following variables: +# o ssl-unclean-shutdown: +# This forces an unclean shutdown when the connection is closed, i.e. no +# SSL close notify alert is send or allowed to received. This violates +# the SSL/TLS standard but is needed for some brain-dead browsers. Use +# this when you receive I/O errors because of the standard approach where +# mod_ssl sends the close notify alert. +# o ssl-accurate-shutdown: +# This forces an accurate shutdown when the connection is closed, i.e. a +# SSL close notify alert is send and mod_ssl waits for the close notify +# alert of the client. This is 100% SSL/TLS standard compliant, but in +# practice often causes hanging connections with brain-dead browsers. Use +# this only for browsers where you know that their SSL implementation +# works correctly. +# Notice: Most problems of broken clients are also related to the HTTP +# keep-alive facility, so you usually additionally want to disable +# keep-alive for those clients, too. Use variable "nokeepalive" for this. +# Similarly, one has to force some clients to use HTTP/1.0 to workaround +# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and +# "force-response-1.0" for this. +BrowserMatch "MSIE [2-5]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +CustomLog logs/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + diff --git a/templates/userdir.conf b/templates/userdir.conf new file mode 100644 index 0000000..b5d7a49 --- /dev/null +++ b/templates/userdir.conf @@ -0,0 +1,36 @@ +# +# UserDir: The name of the directory that is appended onto a user's home +# directory if a ~user request is received. +# +# The path to the end user account 'public_html' directory must be +# accessible to the webserver userid. This usually means that ~userid +# must have permissions of 711, ~userid/public_html must have permissions +# of 755, and documents contained therein must be world-readable. +# Otherwise, the client will only receive a "403 Forbidden" message. +# + + # + # UserDir is disabled by default since it can confirm the presence + # of a username on the system (depending on home directory + # permissions). + # + UserDir disabled + + # + # To enable requests to /~user/ to serve the user's public_html + # directory, remove the "UserDir disabled" line above, and uncomment + # the following line instead: + # + #UserDir public_html + + +# +# Control access to UserDir directories. The following is an example +# for a site where these directories are restricted to read-only. +# + + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + Require method GET POST OPTIONS + + diff --git a/templates/welcome.conf b/templates/welcome.conf new file mode 100644 index 0000000..c1b6c11 --- /dev/null +++ b/templates/welcome.conf @@ -0,0 +1,22 @@ +# +# This configuration file enables the default "Welcome" page if there +# is no default index page present for the root URL. To disable the +# Welcome page, comment out all the lines below. +# +# NOTE: if this file is removed, it will be restored on upgrades. +# + + Options -Indexes + ErrorDocument 403 /.noindex.html + + + + AllowOverride None + Require all granted + + +Alias /.noindex.html /usr/share/httpd/noindex/index.html +Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css +Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css +Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif +Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png From b2ad14d45611d8b808cebcf4fedd3d83fe3f2500 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Tue, 20 Jun 2017 10:18:30 +0100 Subject: [PATCH 19/20] added all file controls --- manifests/params.pp | 5 ++- manifests/server/files.pp | 39 +++++++++++++++++++- templates/autoindex_conf.erb | 11 ++++-- templates/magic.erb | 26 ++++++++----- templates/ssl_conf.erb | 4 ++ templates/{userdir.conf => userdir_conf.erb} | 10 ++++- 6 files changed, 77 insertions(+), 18 deletions(-) rename templates/{userdir.conf => userdir_conf.erb} (71%) diff --git a/manifests/params.pp b/manifests/params.pp index 0fdaeab..86cc938 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -37,7 +37,7 @@ $ae_user_shell = '/bin/false', # configuration files $ae_manage_cfg = false, $ae_manage_dirs = true, - +$ae_allow_user_dirs = false, ) { @@ -74,6 +74,9 @@ $ae_magic_file_erb = 'cd_apache/magic.erb' $ae_ssl_file = "${ae_conf_d_dir}/ssl.conf" $ae_ssl_file_erb = 'cd_apache/ssl_conf.erb' $ae_autoindex_file = "${ae_conf_d_dir}/autoindex.conf" +$ae_autoindex_erb = 'cd_apache/autoindex_conf.erb' +$ae_userdir_file = "${ae_conf_d_dir}/userdir.conf" +$ae_userdir_erb = 'cd_apache/userdir_conf.erb' # includes must be last diff --git a/manifests/server/files.pp b/manifests/server/files.pp index fc22a7a..0741bba 100644 --- a/manifests/server/files.pp +++ b/manifests/server/files.pp @@ -48,7 +48,7 @@ class cd_apache::server::files ( # manage magic file - file { $ae_magic_file: + file { $ae_magic_file: ensure => file, path => $ae_magic_file, owner => 'root', @@ -64,7 +64,7 @@ class cd_apache::server::files ( # manage main ssl config file - file { $ae_ssl_file: + file { $ae_ssl_file: ensure => file, path => $ae_ssl_file, owner => 'root', @@ -78,4 +78,39 @@ class cd_apache::server::files ( notify => Service['httpd'], } + # manage autoindex.conf + + file { $ae_autoindex_file: + ensure => file, + path => $ae_autoindex_file, + owner => 'root', + group => 'root', + mode => '0644', + selrange => s0, + selrole => object_r, + seltype => httpd_config_t, + seluser => system_u, + content => template($ae_autoindex_erb), + notify => Service['httpd'], + } + + if $ae_allow_user_dirs == true { + + # manage userdir.conf + + file { $ae_userdir_file: + ensure => file, + path => $ae_userdir_file, + owner => 'root', + group => 'root', + mode => '0644', + selrange => s0, + selrole => object_r, + seltype => httpd_config_t, + seluser => system_u, + content => template($ae_userdir_erb), + notify => Service['httpd'], + } + } + } } diff --git a/templates/autoindex_conf.erb b/templates/autoindex_conf.erb index a85cf5d..cf90141 100644 --- a/templates/autoindex_conf.erb +++ b/templates/autoindex_conf.erb @@ -1,4 +1,10 @@ -# +################################################################################ +## autoindex.conf generated by puppet - manual changed will be overwritten ## +################################################################################ +########## full reference file is available under ########### +##### https://confdroid.com/2017/06/apache-autoindex-conf-v-2-4/ ##### +################################################################################ + # Directives controlling the display of server-generated directory listings. # # Required modules: mod_authz_core, mod_authz_host, @@ -82,7 +88,7 @@ DefaultIcon /icons/unknown.gif # default, and append to directory listings. # # HeaderName is the name of a file which should be prepended to -# directory indexes. +# directory indexes. ReadmeName README.html HeaderName HEADER.html @@ -91,4 +97,3 @@ HeaderName HEADER.html # and not include in the listing. Shell-style wildcarding is permitted. # IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - diff --git a/templates/magic.erb b/templates/magic.erb index 7c56119..f06e39b 100644 --- a/templates/magic.erb +++ b/templates/magic.erb @@ -1,3 +1,10 @@ +################################################################################ +## magic file generated by puppet - manual changed will be overwritten ## +################################################################################ +########## full reference file is available under ########### +########## https://confdroid.com/2017/06/apache-magic-v-2-4/ ########### +################################################################################ + # Magic data for mod_mime_magic Apache module (originally for file(1) command) # The module is described in /manual/mod/mod_mime_magic.html # @@ -43,7 +50,7 @@ # DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format # that uses little-endian encoding and has a different magic number # (0x0064732E in little-endian encoding). -0 lelong 0x0064732E +0 lelong 0x0064732E >12 lelong 1 audio/x-dec-basic >12 lelong 2 audio/x-dec-basic >12 lelong 3 audio/x-dec-basic @@ -56,23 +63,23 @@ # Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" # AIFF audio data -8 string AIFF audio/x-aiff +8 string AIFF audio/x-aiff # AIFF-C audio data -8 string AIFC audio/x-aiff +8 string AIFC audio/x-aiff # IFF/8SVX audio data -8 string 8SVX audio/x-aiff +8 string 8SVX audio/x-aiff # Creative Labs AUDIO stuff # Standard MIDI data -0 string MThd audio/unknown +0 string MThd audio/unknown #>9 byte >0 (format %d) #>11 byte >1 using %d channels # Creative Music (CMF) data -0 string CTMF audio/unknown +0 string CTMF audio/unknown # SoundBlaster instrument data -0 string SBI audio/unknown +0 string SBI audio/unknown # Creative Labs voice data -0 string Creative\ Voice\ File audio/unknown +0 string Creative\ Voice\ File audio/unknown ## is this next line right? it came this way... #>19 byte 0x1A #>23 byte >0 - version %d @@ -337,7 +344,7 @@ #0 string \367\203 TeX generic font data #0 string \367\131 TeX packed font data #0 string \367\312 TeX virtual font data -#0 string This\ is\ TeX, TeX transcript text +#0 string This\ is\ TeX, TeX transcript text #0 string This\ is\ METAFONT, METAFONT transcript text # There is no way to detect TeX Font Metric (*.tfm) files without @@ -382,4 +389,3 @@ # from Apple quicktime file format documentation. 4 string moov video/quicktime 4 string mdat video/quicktime - diff --git a/templates/ssl_conf.erb b/templates/ssl_conf.erb index 5369289..f9182e0 100644 --- a/templates/ssl_conf.erb +++ b/templates/ssl_conf.erb @@ -1,6 +1,10 @@ ################################################################################ ##### ssl.conf generated by puppet - manual changed will be overwritten ##### ################################################################################ +########## full reference file is available under ########### +########## https://confdroid.com/2017/06/apache-ssl-conf-v-2-4/ ########### +################################################################################ + # When we also provide SSL we have to listen to the # the HTTPS port in addition. # diff --git a/templates/userdir.conf b/templates/userdir_conf.erb similarity index 71% rename from templates/userdir.conf rename to templates/userdir_conf.erb index b5d7a49..7335b91 100644 --- a/templates/userdir.conf +++ b/templates/userdir_conf.erb @@ -1,3 +1,10 @@ +################################################################################ +## userdir.conf generated by puppet - manual changed will be overwritten ## +################################################################################ +########## full reference file is available under ########### +##### https://confdroid.com/2017/06/apache-userdir-conf-v-2-4/ ########### +################################################################################ + # # UserDir: The name of the directory that is appended onto a user's home # directory if a ~user request is received. @@ -20,7 +27,7 @@ # To enable requests to /~user/ to serve the user's public_html # directory, remove the "UserDir disabled" line above, and uncomment # the following line instead: - # + # #UserDir public_html @@ -33,4 +40,3 @@ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Require method GET POST OPTIONS - From c223872b293c10a33d9b784d623fa4b08427e3cb Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Tue, 20 Jun 2017 10:24:58 +0100 Subject: [PATCH 20/20] finished initial release --- CHANGELOG.md | 1 + README.md | 32 ++++++++++++++++++++++++++++++-- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ba3be97..7cf9e1e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,4 @@ ### Changelog +* 0.0.0.2: initial release * 0.0.0.1: initial commit diff --git a/README.md b/README.md index 129d34b..19e0660 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ |Repo Name| version | Build Status| |---|---|---|---| -|`cd_apache`| 0.0.0.1 | [![Build Status](https://jenkins.puppetsoft.com/buildStatus/icon?job=cd_apache)](https://jenkins.puppetsoft.com/job/cd_apache/)| +|`cd_apache`| 0.0.0.2 | [![Build Status](https://jenkins.puppetsoft.com/buildStatus/icon?job=cd_apache)](https://jenkins.puppetsoft.com/job/cd_apache/)| ### Synopsis @@ -32,6 +32,31 @@ ### Repo Structure +``` +. +|-- lib +|-- manifests +| |-- main +| | `-- config.pp +| |-- server +| | |-- config.pp +| | |-- dirs.pp +| | |-- files.pp +| | |-- install.pp +| | |-- service.pp +| | `-- user.pp +| |-- init.pp +| `-- params.pp +|-- templates +| |-- autoindex_conf.erb +| |-- httpd_conf.erb +| |-- magic.erb +| |-- ssl_conf.erb +| |-- userdir_conf.erb +| `-- welcome.conf +|-- CHANGELOG.md +`-- README.md +``` ### Dependencies All dependencies must be included in the catalogue. @@ -61,7 +86,10 @@ The following parameters are editable via params.pp or through ENC (**__recommen #### Mandatory Parameters #### Optional Parameters -* `$ae_manage_user` : Whether or not to manage the user settings. Important when accessing shared resources accross nodes. Defaults to `false`. +* `$ae_manage_user` : Whether or not to manage the user settings. Important when accessing shared resources accross nodes. Defaults to `false`. +* `$ae_manage_cfg` : Whether or not to manage the apache configuration. Defaults to `false` as this module is meant to be used through profiles or roles or other modules. +* `$ae_manage_dirs` : Whether or not to manage the directory structure. Defaults to `true`. +* `$ae_allow_user_dirs` : Whether or not to allow presenting content from end user home directories. Defaults to `false`. ### SELINUX