refactor(formula): align to template-formula & improve citags/v1.0.0
@@ -19,7 +19,8 @@ rules: | |||
ignore: | | |||
apache/files/Debian/ssl.conf.jinja | |||
apache/files/FreeBSD/mod_ssl.conf.jinja | |||
apache/files/tls-defaults.conf.jinja | |||
apache/files/ssl/tls-defaults.conf.jinja | |||
test/salt/pillar/modules.sls | |||
skip_list: | |||
# Using `salt-lint` for linting other files as well, such as Jinja macros/templates | |||
- 205 # Use ".sls" as a Salt State file extension |
@@ -72,35 +72,38 @@ jobs: | |||
## Define the rest of the matrix based on Kitchen testing | |||
# Make sure the instances listed below match up with | |||
# the `platforms` defined in `kitchen.yml` | |||
- env: INSTANCE=default-debian-10-master-py3 | |||
# - env: INSTANCE=default-ubuntu-1804-master-py3 | |||
# - env: INSTANCE=default-centos-8-master-py3 | |||
# - env: INSTANCE=default-fedora-31-master-py3 | |||
# - env: INSTANCE=default-opensuse-leap-151-master-py3 | |||
# - env: INSTANCE=default-amazonlinux-2-master-py3 | |||
# - env: INSTANCE=default-debian-10-2019-2-py3 | |||
# - env: INSTANCE=default-debian-9-2019-2-py3 | |||
- env: INSTANCE=default-ubuntu-1804-2019-2-py3 | |||
# - env: INSTANCE=default-centos-8-2019-2-py3 | |||
# - env: INSTANCE=default-fedora-31-2019-2-py3 | |||
# - env: INSTANCE=default-opensuse-leap-151-2019-2-py3 | |||
# - env: INSTANCE=default-centos-7-2019-2-py2 | |||
- env: INSTANCE=default-amazonlinux-2-2019-2-py3 | |||
# - env: INSTANCE=default-arch-base-latest-2019-2-py2 | |||
- env: INSTANCE=default-fedora-30-2018-3-py3 | |||
# - env: INSTANCE=default-debian-9-2018-3-py2 | |||
# - env: INSTANCE=default-ubuntu-1604-2018-3-py2 | |||
# - env: INSTANCE=default-centos-7-2018-3-py2 | |||
# - env: INSTANCE=default-opensuse-leap-151-2018-3-py2 | |||
# - env: INSTANCE=default-amazonlinux-1-2018-3-py2 | |||
# - env: INSTANCE=default-arch-base-latest-2018-3-py2 | |||
# - env: INSTANCE=default-debian-8-2017-7-py2 | |||
# - env: INSTANCE=default-ubuntu-1604-2017-7-py2 | |||
- env: INSTANCE=default-centos-6-2017-7-py2 | |||
# - env: INSTANCE=default-fedora-30-2017-7-py2 | |||
# - env: INSTANCE=default-opensuse-leap-151-2017-7-py2 | |||
# - env: INSTANCE=default-amazonlinux-1-2017-7-py2 | |||
# - env: INSTANCE=default-arch-base-latest-2017-7-py2 | |||
- env: INSTANCE=modules-debian-10-master-py3 | |||
# env: INSTANCE=modules-ubuntu-1804-master-py3 | |||
- env: INSTANCE=modules-centos-8-master-py3 | |||
- env: INSTANCE=modules-fedora-31-master-py3 | |||
- env: INSTANCE=modules-opensuse-leap-151-master-py3 | |||
# https://community.letsencrypt.org/t/localhost-crt-does-not-exist-or-is-empty/103979 | |||
- env: INSTANCE=default-amazonlinux-2-master-py3 | |||
# - env: INSTANCE=modules-debian-10-2019-2-py3 | |||
# - env: INSTANCE=modules-debian-9-2019-2-py3 | |||
- env: INSTANCE=modules-ubuntu-1804-2019-2-py3 | |||
# - env: INSTANCE=modules-centos-8-2019-2-py3 | |||
# - env: INSTANCE=modules-fedora-31-2019-2-py3 | |||
# - env: INSTANCE=suse-opensuse-leap-151-2019-2-py3 | |||
- env: INSTANCE=modules-centos-7-2019-2-py2 | |||
# env: INSTANCE=default-amazonlinux-2-2019-2-py3 | |||
# - env: INSTANCE=modules-arch-base-latest-2019-2-py2 | |||
# env: INSTANCE=modules-fedora-30-2018-3-py3 | |||
# - env: INSTANCE=modules-debian-9-2018-3-py2 | |||
# - env: INSTANCE=modules-ubuntu-1604-2018-3-py2 | |||
# - env: INSTANCE=modules-centos-7-2018-3-py2 | |||
# - env: INSTANCE=modules-opensuse-leap-151-2018-3-py2 | |||
# - env: INSTANCE=modules-amazonlinux-1-2018-3-py2 | |||
# - env: INSTANCE=modules-arch-base-latest-2018-3-py2 | |||
# - env: INSTANCE=modules-debian-8-2017-7-py2 | |||
# - env: INSTANCE=modules-ubuntu-1604-2017-7-py2 | |||
# env: INSTANCE=default-centos-6-2017-7-py2 | |||
# - env: INSTANCE=modules-fedora-30-2017-7-py2 | |||
# - env: INSTANCE=modules-opensuse-leap-151-2017-7-py2 | |||
# - env: INSTANCE=modules-amazonlinux-1-2017-7-py2 | |||
- env: INSTANCE=arch-arch-base-latest-2017-7-py2 | |||
## Define the release stage that runs `semantic-release` | |||
- stage: 'release' |
@@ -12,6 +12,9 @@ ignore: | | |||
node_modules/ | |||
test/**/states/**/*.sls | |||
.kitchen/ | |||
test/salt/pillar/modules.sls | |||
test/salt/pillar/default.sls | |||
pillar.example | |||
yaml-files: | |||
# Default settings |
@@ -0,0 +1 @@ | |||
config/certificates/ |
@@ -1,63 +0,0 @@ | |||
{% from "apache/map.jinja" import apache with context %} | |||
include: | |||
- apache | |||
{%- for site, confcert in salt['pillar.get']('apache:sites', {}).items() %} | |||
{% if confcert.SSLCertificateKeyFile is defined and confcert.SSLCertificateKeyFile_content is defined %} | |||
# Deploy {{ site }} key file | |||
apache_cert_config_{{ site }}_key_file: | |||
file.managed: | |||
- name: {{ confcert.SSLCertificateKeyFile }} | |||
- contents_pillar: apache:sites:{{ site }}:SSLCertificateKeyFile_content | |||
- makedirs: True | |||
- mode: 600 | |||
- user: root | |||
- group: root | |||
- watch_in: | |||
- module: apache-reload | |||
- require_in: | |||
- module: apache-restart | |||
- module: apache-reload | |||
- service: apache | |||
{% endif %} | |||
{% if confcert.SSLCertificateFile is defined and confcert.SSLCertificateFile_content is defined %} | |||
# Deploy {{ site }} cert file | |||
apache_cert_config_{{ site }}_cert_file: | |||
file.managed: | |||
- name: {{ confcert.SSLCertificateFile }} | |||
- contents_pillar: apache:sites:{{ site }}:SSLCertificateFile_content | |||
- makedirs: True | |||
- mode: 600 | |||
- user: root | |||
- group: root | |||
- watch_in: | |||
- module: apache-reload | |||
- require_in: | |||
- module: apache-restart | |||
- module: apache-reload | |||
- service: apache | |||
{% endif %} | |||
{% if confcert.SSLCertificateChainFile is defined and confcert.SSLCertificateChainFile_content is defined %} | |||
# Deploy {{ site }} bundle file | |||
apache_cert_config_{{ site }}_bundle_file: | |||
file.managed: | |||
- name: {{ confcert.SSLCertificateChainFile }} | |||
- contents_pillar: apache:sites:{{ site }}:SSLCertificateChainFile_content | |||
- makedirs: True | |||
- mode: 600 | |||
- user: root | |||
- group: root | |||
- watch_in: | |||
- module: apache-reload | |||
- require_in: | |||
- module: apache-restart | |||
- module: apache-reload | |||
- service: apache | |||
{% endif %} | |||
{%- endfor %} | |||
@@ -0,0 +1,7 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
include: | |||
- .service.clean | |||
- .config.clean | |||
- .package.clean |
@@ -1,140 +0,0 @@ | |||
{% from "apache/map.jinja" import apache with context %} | |||
include: | |||
- apache | |||
{{ apache.logdir }}: | |||
file.directory: | |||
- makedirs: True | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- module: apache-restart | |||
- require_in: | |||
- module: apache-restart | |||
- module: apache-reload | |||
- service: apache | |||
{{ apache.configfile }}: | |||
file.managed: | |||
- template: jinja | |||
- source: | |||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/apache-{{ apache.version }}.config.jinja | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- module: apache-restart | |||
- require_in: | |||
- module: apache-restart | |||
- module: apache-reload | |||
- service: apache | |||
- context: | |||
apache: {{ apache | json }} | |||
{{ apache.vhostdir }}: | |||
file.directory: | |||
- makedirs: True | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- module: apache-restart | |||
- require_in: | |||
- module: apache-restart | |||
- module: apache-reload | |||
- service: apache | |||
{% if grains['os_family']=="Debian" %} | |||
/etc/apache2/envvars: | |||
file.managed: | |||
- template: jinja | |||
- source: | |||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/envvars-{{ apache.version }}.jinja | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- module: apache-restart | |||
- require_in: | |||
- module: apache-restart | |||
- module: apache-reload | |||
- service: apache | |||
{{ apache.portsfile }}: | |||
file.managed: | |||
- template: jinja | |||
- source: | |||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/ports-{{ apache.version }}.conf.jinja | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- module: apache-restart | |||
- require_in: | |||
- module: apache-restart | |||
- module: apache-reload | |||
- service: apache | |||
- context: | |||
apache: {{ apache | json }} | |||
{% endif %} | |||
{% if grains['os_family']=="RedHat" %} | |||
{{ apache.confdir }}/welcome.conf: | |||
file.absent: | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- module: apache-restart | |||
- require_in: | |||
- module: apache-restart | |||
- module: apache-reload | |||
- service: apache | |||
{% endif %} | |||
{% if grains['os_family']=="Suse" or salt['grains.get']('os') == 'SUSE' %} | |||
/etc/apache2/global.conf: | |||
file.managed: | |||
- template: jinja | |||
- source: | |||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/global.config.jinja | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- module: apache-restart | |||
- require_in: | |||
- module: apache-restart | |||
- module: apache-reload | |||
- service: apache | |||
- context: | |||
apache: {{ apache | json }} | |||
{% endif %} | |||
{% if grains['os_family']=="FreeBSD" %} | |||
/usr/local/etc/{{ apache.service }}/envvars.d/by_salt.env: | |||
file.managed: | |||
- template: jinja | |||
- source: | |||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/envvars-{{ apache.version }}.jinja | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- module: apache-restart | |||
- require_in: | |||
- module: apache-restart | |||
- module: apache-reload | |||
- service: apache | |||
{{ apache.portsfile }}: | |||
file.managed: | |||
- template: jinja | |||
- source: | |||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/ports-{{ apache.version }}.conf.jinja | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- module: apache-restart | |||
- require_in: | |||
- module: apache-restart | |||
- module: apache-reload | |||
- service: apache | |||
- context: | |||
apache: {{ apache | json }} | |||
{% endif %} |
@@ -0,0 +1,52 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- {{ sls_service_running }} | |||
{%- for site, cert in salt['pillar.get']('apache:sites', {}).items() %} | |||
{%- if cert.SSLCertificateKeyFile is defined %} | |||
apache_cert_config_clean_{{ site }}_key_file: | |||
file.absent: | |||
- name: {{ cert.SSLCertificateKeyFile }} | |||
- watch_in: | |||
- module: apache-service-running-reload | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} | |||
{%- if cert.SSLCertificateFile is defined %} | |||
apache_cert_config_clean_{{ site }}_cert_file: | |||
file.absent: | |||
- name: {{ cert.SSLCertificateFile }} | |||
- watch_in: | |||
- module: apache-service-running-reload | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} | |||
{%- if cert.SSLCertificateChainFile is defined %} | |||
apache_cert_config_clean_{{ site }}_bundle_file: | |||
file.managed: | |||
- name: {{ cert.SSLCertificateChainFile }} | |||
- watch_in: | |||
- module: apache-service-running-reload | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} | |||
{%- endfor %} |
@@ -0,0 +1,5 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
include: | |||
- .install |
@@ -0,0 +1,67 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- {{ sls_service_running }} | |||
{%- for site, cert in salt['pillar.get']('apache:sites', {}).items() %} | |||
{%- if cert.SSLCertificateKeyFile is defined and cert.SSLCertificateKeyFile_content is defined %} | |||
apache_cert_config_install_{{ site }}_key_file: | |||
file.managed: | |||
- name: {{ cert.SSLCertificateKeyFile }} | |||
- contents_pillar: apache:sites:{{ site }}:SSLCertificateKeyFile_content | |||
- makedirs: True | |||
- mode: 600 | |||
- user: {{ apache.rootuser }} | |||
- group: {{ apache.rootgroup }} | |||
- watch_in: | |||
- module: apache-service-running-reload | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} | |||
{%- if cert.SSLCertificateFile is defined and cert.SSLCertificateFile_content is defined %} | |||
apache_cert_config_install_{{ site }}_cert_file: | |||
file.managed: | |||
- name: {{ cert.SSLCertificateFile }} | |||
- contents_pillar: apache:sites:{{ site }}:SSLCertificateFile_content | |||
- makedirs: True | |||
- mode: 600 | |||
- user: {{ apache.rootuser }} | |||
- group: {{ apache.rootgroup }} | |||
- watch_in: | |||
- module: apache-service-running-reload | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} | |||
{%- if cert.SSLCertificateChainFile is defined and cert.SSLCertificateChainFile_content is defined %} | |||
apache_cert_config_install_{{ site }}_bundle_file: | |||
file.managed: | |||
- name: {{ cert.SSLCertificateChainFile }} | |||
- contents_pillar: apache:sites:{{ site }}:SSLCertificateChainFile_content | |||
- makedirs: True | |||
- mode: 600 | |||
- user: {{ apache.rootuser }} | |||
- group: {{ apache.rootgroup }} | |||
- watch_in: | |||
- module: apache-service-running-reload | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} | |||
{%- endfor %} |
@@ -0,0 +1,26 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_clean = tplroot ~ '.service.clean' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- .modules.clean | |||
- {{ sls_service_clean }} | |||
apache-config-clean-file-absent: | |||
file.absent: | |||
- names: | |||
- {{ apache.config }} | |||
- {{ apache.logdir }} | |||
- {{ apache.vhostdir }} | |||
- /etc/apache2/envvars | |||
# apache.portsfile | |||
- /etc/apache2/global.conf | |||
- /etc/httpd/conf.modules.d | |||
- /etc/httpd/sites-enabled | |||
- /etc/httpd/var | |||
- {{ apache.confdir }}/server-status{{ apache.confext }} | |||
- require: | |||
- sls: {{ sls_service_clean }} |
@@ -0,0 +1,50 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_config_registersite = tplroot ~ '.config.register_site' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- if grains.os_family in ('Debian',) %} | |||
include: | |||
- {{ sls_package_install }} | |||
- {{ sls_service_running }} | |||
- {{ sls_config_registersite }} | |||
extend: | |||
apache-package-install-pkg-installed: | |||
pkg: | |||
- order: 175 | |||
apache-service-running: | |||
service: | |||
- order: 455 | |||
apache-service-running-reload: | |||
module: | |||
- order: 420 | |||
apache-service-running-restart: | |||
module: | |||
- order: 425 | |||
apache-config-debian-full-cmd-run: | |||
cmd.run: | |||
- name: a2dissite 000-default{{ apache.confext }} || true | |||
- onlyif: test -f /etc/apache2/sites-enabled/000-default{{ apache.confext }} | |||
- watch_in: | |||
- module: apache-service-running-reload | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
file.absent: | |||
- names: | |||
- /etc/apache2/sites-available/{{ apache.default_site }} | |||
- /etc/apache2/sites-available/{{ apache.default_site_ssl }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
{%- endif %} #END: os = debian |
@@ -0,0 +1,166 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
apache-config-file-directory-logdir: | |||
file.directory: | |||
- name: {{ apache.logdir }} | |||
- user: {{ apache.user }} | |||
- group: {{ apache.group }} | |||
- recurse: | |||
- user | |||
- group | |||
- makedirs: True | |||
- require: | |||
- sls: {{ sls_package_install }} | |||
- require_in: | |||
- service: apache-service-running | |||
apache-config-file-directory-vhostdir: | |||
file.directory: | |||
- name: {{ apache.vhostdir }} | |||
- makedirs: True | |||
- require: | |||
- sls: {{ sls_package_install }} | |||
- require_in: | |||
- service: apache-service-running | |||
apache-config-file-directory-moddir: | |||
file.directory: | |||
- name: {{ apache.moddir }} | |||
- makedirs: True | |||
- require: | |||
- sls: {{ sls_package_install }} | |||
- require_in: | |||
- service: apache-service-running | |||
{%- if apache.davlockdbdir %} | |||
apache-config-file-directory-davlockdbdir: | |||
file.directory: | |||
- name: {{ apache.davlockdbdir }} | |||
- makedirs: True | |||
- user: {{ apache.user }} | |||
- group: {{ apache.group }} | |||
- recurse: | |||
- user | |||
- group | |||
- require: | |||
- sls: {{ sls_package_install }} | |||
- require_in: | |||
- service: apache-service-running | |||
{%- endif %} | |||
{%- if 'sitesdir' in apache and apache.sitesdir %} | |||
apache-config-file-directory-sites-enabled: | |||
file.directory: | |||
- name: {{ apache.sitesdir }} | |||
- makedirs: True | |||
- require: | |||
- sls: {{ sls_package_install }} | |||
- require_in: | |||
- service: apache-service-running | |||
{%- endif %} | |||
{%- if grains.os_family in ('Debian',) and 'confdir' in apache and apache.confdir %} | |||
apache-config-file-directory-conf-enabled: | |||
file.directory: | |||
- name: {{ apache.confdir }} | |||
- makedirs: True | |||
- require: | |||
- sls: {{ sls_package_install }} | |||
- require_in: | |||
- service: apache-service-running | |||
{%- endif %} | |||
apache-config-file-managed: | |||
file.managed: | |||
- name: {{ apache.config }} | |||
- source: 'salt://apache/files/{{ grains.os_family }}/apache-{{ apache.version }}.config.jinja' | |||
- mode: 644 | |||
- user: {{ apache.rootuser }} | |||
{%- if grains.kernel != 'Windows' %} | |||
- group: {{ apache.rootgroup }} | |||
{%- endif %} | |||
- makedirs: True | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- require: | |||
- sls: {{ sls_package_install }} | |||
- context: | |||
apache: {{ apache | json }} | |||
{%- if grains.os_family in ('Debian', 'FreeBSD') %} | |||
apache-config-file-managed-{{ grains.os }}-env: | |||
file.managed: | |||
- name: /etc/apache2/envvars | |||
- source: 'salt://apache/files/{{ grains.os_family }}/envvars-{{ apache.version }}.jinja' | |||
- mode: 644 | |||
- user: {{ apache.rootuser }} | |||
- group: {{ apache.rootgroup }} | |||
- makedirs: True | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache | json }} | |||
- require_in: | |||
- file: apache-config-file-managed-{{ grains.os }}-ports | |||
apache-config-file-managed-{{ grains.os }}-ports: | |||
file.managed: | |||
- name: {{ apache.portsfile }} | |||
- source: salt://apache/files/{{ grains.os_family }}/ports-{{ apache.version }}.conf.jinja | |||
- mode: 644 | |||
- user: {{ apache.rootuser }} | |||
- group: {{ apache.rootgroup }} | |||
- makedirs: True | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache | json }} | |||
{%- elif grains.os_family == "RedHat" %} | |||
apache-config-file-absent-{{ grains.os }}: | |||
file.absent: | |||
- name: {{ apache.confdir }}/welcome.conf | |||
{%- elif grains.os_family == "Suse" %} | |||
apache-config-file-managed-{{ grains.os }}: | |||
file.managed: | |||
- name: /etc/apache2/global.conf | |||
- source: 'salt://apache/files/Suse/global.config.jinja' | |||
- mode: 644 | |||
- user: {{ apache.rootuser }} | |||
- group: {{ apache.rootgroup }} | |||
- makedirs: True | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache | json }} | |||
{%- else %} | |||
apache-config-file-managed-skip: | |||
test.show_notification: | |||
- text: | | |||
No configuration file to manage | |||
{%- endif %} | |||
- require: | |||
- sls: {{ sls_package_install }} | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- service: apache-service-running |
@@ -0,0 +1,48 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- from tplroot ~ "/libtofs.jinja" import files_switch with context %} | |||
{%- if grains.os_family == 'Suse' %} | |||
include: | |||
- {{ sls_package_install }} | |||
- {{ sls_service_running }} | |||
{%- for flag in salt['pillar.get']('apache:flags:enabled', []) %} | |||
apache-config-flags-{{ flag }}-cmd-a2en: | |||
cmd.run: | |||
- name: a2enflag {{ flag }} | |||
- unless: egrep "^APACHE_SERVER_FLAGS=" /etc/sysconfig/apache2 |grep {{ flag }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endfor %} | |||
{%- for flag in salt['pillar.get']('apache:flags:disabled', []) %} | |||
apache-config-flags-{{ flag }}-a2dis: | |||
cmd.run: | |||
- name: a2disflag -f {{ flag }} | |||
- onlyif: egrep "^APACHE_SERVER_FLAGS=" /etc/sysconfig/apache2 | grep {{ flag }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endfor %} | |||
{%- endif %} |
@@ -0,0 +1,15 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
include: | |||
- .file | |||
# .modules.clean # disable (exclude from init state) | |||
# .modules # enable by default (read pillars) | |||
- .debian_full | |||
- .flags | |||
- .logrotate | |||
- .manage_security | |||
- .no_default_vhost | |||
- .own_default_vhost | |||
- .register_site | |||
- .vhosts |
@@ -0,0 +1,31 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
apache-config-logrotate-file-managed: | |||
file.managed: | |||
- name: {{ apache.logrotatedir }} | |||
- makedirs: True | |||
- contents: | | |||
{{ apache.logdir }}/*.log { | |||
daily | |||
missingok | |||
rotate 14 | |||
compress | |||
delaycompress | |||
notifempty | |||
create 640 root adm | |||
sharedscripts | |||
postrotate | |||
if /etc/init.d/{{ apache.service }} status >/dev/null; then \ | |||
/etc/init.d/{{ apache.service }} reload >/dev/null; \ | |||
fi; | |||
endscript | |||
prerotate | |||
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ | |||
run-parts /etc/logrotate.d/httpd-prerotate; \ | |||
fi; \ | |||
endscript | |||
} |
@@ -0,0 +1,44 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- if grains.os_family in ('Debian', 'FreeBSD') %} | |||
include: | |||
- {{ sls_package_install }} | |||
- {{ sls_service_running }} | |||
apache-config-manage-security-{{ grains.os_family }}: | |||
file.managed: | |||
{%- if grains.os_family == "Debian" %} | |||
- onlyif: test -f /etc/apache2/conf-available/security.conf | |||
- name: /etc/apache2/conf-available/security.conf | |||
{%- elif grains.os_family == "FreeBSD" %} | |||
- name: {{ apache.confdir + '/security.conf' }} | |||
{%- endif %} | |||
- source: | |||
- salt://apache/files/{{ grains.os_family }}/security.conf.jinja | |||
- salt://apache/files/ssl/security.conf.jinja | |||
- mode: 644 | |||
- makedirs: True | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache | json }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,52 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_package_clean = tplroot ~ '.package.clean' %} | |||
{%- set sls_service_dead = tplroot ~ '.service.clean' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- {{ sls_service_dead }} | |||
{%- set existing_states = salt['cp.list_states']() %} | |||
{%- for module in salt['pillar.get']('apache:modules:disabled', []) %} | |||
apache-config-modules-{{ module }}-disable: | |||
{%- if grains['os_family']=="Debian" %} | |||
cmd.run: | |||
- name: a2dismod -f {{ module }} | |||
- onlyif: ls {{ apache.moddir }}/{{ module }}.load | |||
{%- elif grains.os_family in ('Redhat', 'Arch') %} | |||
cmd.run: | |||
- name: find /etc/httpd/ -name '*.conf' -type f -exec sed -i -e 's/\(^\s*LoadModule.{{ module }}_module\)/#\1/g' {} \; | |||
- onlyif: | |||
- test -d /etc/httpd | |||
- {{ grains.os_family in ('Arch',) and 'true' }} || (httpd -M 2> /dev/null |grep "[[:space:]]{{ module }}_module") | |||
file.absent: | |||
- name: /etc/httpd/conf.modules.d/*{{ module }}.conf | |||
{%- elif salt['grains.get']('os_family') == 'Suse' %} | |||
cmd.run: | |||
- name: a2dismod {{ module }} | |||
- onlyif: egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep {{ module }} | |||
{%- else %} | |||
test.show_notification: | |||
- text: | | |||
No {{ module }} module change | |||
{%- endif %} | |||
- order: 225 | |||
- require: | |||
- sls: {{ sls_service_dead }} | |||
- require_in: | |||
- pkg: apache-package-clean-pkg-removed | |||
{%- endfor %} |
@@ -0,0 +1,11 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
include: | |||
- .install | |||
- .mod_rewrite | |||
- .mod_proxy | |||
- .mod_headers | |||
{%- if 'osfinger' in grains and grains.osfinger not in ('Amazon Linux-2',) %} | |||
- .mod_geoip | |||
{%- endif %} |
@@ -0,0 +1,51 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_config_file = tplroot ~ '.config.file' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_config_file }} | |||
{% set existing_states = salt['cp.list_states']() %} | |||
{% for module in salt['pillar.get']('apache:modules:enabled', []) %} | |||
apache-config-modules-{{ module }}-enable: | |||
{% if grains['os_family']=="Debian" %} | |||
cmd.run: | |||
- name: a2enmod -f {{ module }} | |||
- onlyif: ls {{ apache.moddir }}/{{ module }}.load | |||
{% elif grains.os_family in ('RedHat', 'Arch') %} | |||
cmd.run: | |||
- name: find /etc/httpd/ -name '*.conf' -type f -exec sed -i -e 's/\(^#\)\(\s*LoadModule.{{ module }}_module\)/\2/g' {} \; | |||
- onlyif: {{ grains.os_family in ('Arch',) and 'true' }} || (httpd -M 2> /dev/null |grep "[[:space:]]{{ module }}_module") | |||
{% elif salt['grains.get']('os_family') == 'Suse' %} | |||
cmd.run: | |||
- name: a2enmod {{ module }} | |||
- onlyif: egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 |grep {{ module }} | |||
{% else %} | |||
test.show_notification: | |||
- text: | | |||
No {{ module }} module change | |||
{%- endif %} | |||
- order: 225 | |||
- require: | |||
- sls: {{ sls_config_file }} | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
{%- endfor %} |
@@ -0,0 +1,30 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
apache-config-modules-actions-cmd-run: | |||
cmd.run: | |||
- name: a2enmod actions | |||
- unless: | |||
- ls {{ apache.moddir }}/actions.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep actions | |||
- order: 255 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,33 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- if grains['os_family']=="FreeBSD" %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
apache-config-modules-cgi-cmd-run: | |||
file.managed: | |||
- name: {{ apache.modulesdir }}/040_mod_cgi.conf | |||
- source: salt://apache/files/FreeBSD/mod_cgi.conf.jinja | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- makedirs: True | |||
- context: | |||
apache: {{ apache|json }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
- mode: 644 | |||
{%- endif %} |
@@ -0,0 +1,49 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- if grains['os_family'] == "Debian" %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
apache-config-modules-dav_svn_pkg_installed: | |||
pkg.installed: | |||
- name: libapache2-mod-svn | |||
apache-config-modules-dav_svn_cmd-run-a2en: | |||
cmd.run: | |||
- name: a2enmod dav_svn | |||
- unless: ls {{ apache.moddir }}/dav_svn.load | |||
- order: 255 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- pkg: apache-config-modules-dav_svn_pkg_installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
apache-config-modules-dav_svn_cmd-run-a2en-authz: | |||
cmd.run: | |||
- name: a2enmod authz_svn | |||
- unless: ls {{ apache.moddir }}/authz_svn.load | |||
- order: 255 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- pkg: apache-config-modules-dav_svn_pkg_installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,49 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- if grains['os_family'] == "Debian" %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
- .mod_actions | |||
apache-config-modules-fastcgi-pkg: | |||
pkgrepo.managed: | |||
- name: "deb http://ftp.us.debian.org/debian {{ grains['oscodename'] }}" | |||
- file: /etc/apt/sources.list.d/non-free.list | |||
- onlyif: grep Debian /proc/version >/dev/null 2>&1 | |||
- comps: non-free | |||
pkg.installed: | |||
- name: {{ apache.mod_fastcgi }} | |||
- order: 180 | |||
- require: | |||
- pkgrepo: apache-config-modules-fastcgi-pkg | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
apache-config-modules-fastcgi_cmd-run: | |||
cmd.run: | |||
- name: a2enmod fastcgi | |||
- unless: ls {{ apache.moddir }}/fastcgi.load | |||
- order: 225 | |||
- require: | |||
- pkg: mod-fastcgi | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,35 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
apache-config-modules-fcgid-pkg: | |||
pkg.installed: | |||
- name: {{ apache.mod_fcgid }} | |||
- order: 180 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||
cmd.run: | |||
- name: a2enmod fcgid | |||
- order: 225 | |||
- unless: ls {{ apache.moddir }}/fcgid.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' fcgid' | |||
- require: | |||
- pkg: apache-config-modules-fcgid-pkg | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,87 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- if 'mod_geoip' in apache and 'finger' in grains and grains.osfinger not in ('Leap-42',) %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
apache-config-modules-geoip-pkg: | |||
pkg.installed: | |||
- pkgs: | |||
- {{ apache.mod_geoip }} | |||
- {{ apache.mod_geoip_database }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- if grains['os_family']=="RedHat" %} | |||
apache-config-modules-geoip-conf-file-managed: | |||
file.managed: | |||
- name: {{ apache.confdir }}/geoip.conf | |||
- user: {{ apache.rootuser }} | |||
- group: {{ apache.rootgroup }} | |||
- makedirs: True | |||
- mode: 644 | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache|json }} | |||
- source: | |||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/geoip.conf | |||
apache-config-modules-geoip-db-file-managed: | |||
file.managed: | |||
- name: /usr/share/GeoIP/GeoIP.dat | |||
- user: {{ apache.rootuser }} | |||
- group: {{ apache.rootgroup }} | |||
- makedirs: True | |||
- mode: 644 | |||
- source: | |||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/GeoIP.dat | |||
apache-config-modules-geoip-{{ grains.os_family }}-conf-file-managed: | |||
file.managed: | |||
- name: {{ apache.moddir }}/10-geoip.conf | |||
- makedirs: True | |||
- source: | |||
- salt://apache/files/RedHat/conf.modules.d/10-geoip.conf.jinja | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- elif grains['os_family'] in ('Suse', 'Debian',) %} | |||
apache-config-modules-geoip-cmd-run: | |||
cmd.run: | |||
- name: a2enmod geoip | |||
- unless: ls {{ apache.moddir }}/geoip.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep geoip | |||
- order: 255 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- pkg: apache-config-modules-geoip-pkg | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} | |||
{%- endif %} |
@@ -0,0 +1,29 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
apache-config-modules-headers-pkg: | |||
cmd.run: | |||
- name: a2enmod headers | |||
- unless: ls {{ apache.moddir }}/headers.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep headers | |||
- order: 255 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,29 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
apache-config-modules-logio-pkg: | |||
cmd.run: | |||
- name: a2enmod logio | |||
- unless: ls {{ apache.moddir }}/logio.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep logio | |||
- order: 255 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,84 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- set mpm_module = salt['pillar.get']('apache:mpm:module', 'mpm_prefork') %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||
apache-config-modules-mpm-pkg: | |||
cmd.run: | |||
- name: a2enmod {{ mpm_module }} | |||
- unless: ls {{ apache.moddir }}/{{ mpm_module }}.load | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
file.managed: | |||
- name: /etc/apache2/mods-available/{{ mpm_module }}.conf | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- makedirs: True | |||
- context: | |||
apache: {{ apache|json }} | |||
- source: | |||
- salt://apache/files/Debian/mpm/{{ mpm_module }}.conf.jinja | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
# Deactivate the other mpm modules as a previous step | |||
{%- for mod in ['mpm_prefork', 'mpm_worker', 'mpm_event'] if not mod == mpm_module %} | |||
apache-config-modules-mpm-{{ mod }}-cmd-run: | |||
cmd.run: | |||
- name: a2dismod {{ mod }} | |||
- onlyif: ls {{ apache.moddir }}/{{ mod }}.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' {{ mod }}' | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- require_in: | |||
- cmd: a2enmod {{ mpm_module }} | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endfor %} | |||
{%- elif grains['os_family']=="RedHat" %} | |||
apache-config-modules-mpm-{{ grains.os_family }}-conf-file-managed: | |||
file.managed: | |||
- name: {{ apache.moddir }}/00-mpm.conf | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- makedirs: True | |||
- context: | |||
apache: {{ apache|json }} | |||
- source: | |||
- salt://apache/files/RedHat/conf.modules.d/00-{{ mpm_module }}.conf.jinja | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,68 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- set pagespeed_module = salt['pillar.get']('apache:pagespeed:module', 'pagespeed_prefork') %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||
apache-config-modules-pagespeed-pkg: | |||
pkg.installed: | |||
- name: {{ apache.mod_pagespeed }} | |||
- sources: | |||
- mod-pagespeed-stable: {{ apache.mod_pagespeed_source }} | |||
cmd.run: | |||
- name: a2enmod pagespeed | |||
- unless: ls {{ apache.moddir }}/pagespeed.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep pagespeed | |||
- order: 255 | |||
- require: | |||
- pkg: apache-config-modules-pagespeed-pkg | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- for dir in ['/var/cache/mod_pagespeed', '/var/log/pagespeed'] %} | |||
apache-config-modules-pagespeed-{{ dir }}-file-directory: | |||
file.directory | |||
- name: {{ dir }} | |||
- makedirs: true | |||
- user: {{ apache.user }} | |||
- group: {{ apache.group }} | |||
- require: | |||
- pkg: apache-config-modules-pagespeed-pkg | |||
- user: {{ apache.user }} | |||
- group: {{ apache.group }} | |||
{%- endfor %} | |||
# Here we hardcode a logrotate entry to take care of the logs | |||
apache-config-modules-pagespeed-logrotate-file-managed: | |||
file.managed: | |||
- name: /etc/logrotate.d/pagespeed | |||
- contents: | | |||
/var/log/pagespeed/*.log { | |||
weekly | |||
missingok | |||
rotate 52 | |||
compress | |||
delaycompress | |||
notifempty | |||
sharedscripts | |||
postrotate | |||
if /etc/init.d/apache2 status > /dev/null ; then \ | |||
/etc/init.d/apache2 reload > /dev/null; \ | |||
fi; | |||
endscript | |||
} | |||
{%- endif %} |
@@ -0,0 +1,60 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
apache-config-modules-perl-pkg: | |||
pkg.installed: | |||
- name: {{ apache.mod_perl2 }} | |||
- order: 180 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||
cmd.run: | |||
- name: a2enmod perl | |||
- unless: ls {{ apache.moddir }}/perl.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' perl' | |||
- order: 225 | |||
- require: | |||
- pkg: apache-config-modules-perl-pkg | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- elif grains['os_family']=="FreeBSD" %} | |||
file.managed: | |||
- name: {{ apache.modulesdir }}/260_mod_perl.conf | |||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_perl.conf.jinja | |||
- mode: 644 | |||
- makedirs: True | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache|json }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,84 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
apache-config-modules-php5-pkg: | |||
pkg.installed: | |||
- name: {{ apache.mod_php5 }} | |||
- order: 180 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||
cmd.run: | |||
- name: a2enmod php5 | |||
- unless: ls {{ apache.moddir }}/php5.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' php5' | |||
- order: 225 | |||
- require: | |||
- pkg: mod-php5 | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- if 'apache' in pillar and 'php-ini' in pillar['apache'] %} | |||
file.managed: | |||
- name: /etc/php5/apache2/php.ini | |||
- source: {{ pillar['apache']['php-ini'] }} | |||
- order: 225 | |||
- makedirs: True | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache|json }} | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- pkg: apache-config-modules-php5-pkg | |||
{%- endif %} | |||
{%- elif grains['os_family']=="FreeBSD" %} | |||
file.managed: | |||
- name: {{ apache.modulesdir }}/050_mod_php5.conf | |||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_php5.conf.jinja | |||
- mode: 644 | |||
- makedirs: True | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache|json }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- elif grains['os_family']=="Suse" %} | |||
file.replace: | |||
- name: /etc/sysconfig/apache2 | |||
- unless: grep '^APACHE_MODULES=.*php5' /etc/sysconfig/apache2 | |||
- pattern: '^APACHE_MODULES=(.*)"' | |||
- repl: 'APACHE_MODULES=\1 php5"' | |||
{%- endif %} |
@@ -0,0 +1,49 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||
apache-config-modules-proxy-pkg: | |||
cmd.run: | |||
- name: a2enmod proxy | |||
- unless: ls {{ apache.moddir }}/proxy.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' proxy' | |||
- order: 225 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- elif grains['os_family']=="FreeBSD" %} | |||
apache-config-modules-proxy-file-managed: | |||
file.managed: | |||
- name: {{ apache.modulesdir }}/040_mod_proxy.conf | |||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_proxy.conf.jinja | |||
- mode: 644 | |||
- makedirs: True | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache|json }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,51 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
- .mod_proxy | |||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||
apache-config-modules-proxy_ajp-pkg: | |||
cmd.run: | |||
- name: a2enmod proxy_ajp | |||
- unless: ls {{ apache.moddir }}/proxy_ajp.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep proxy_ajp | |||
- order: 225 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
# cmd: a2enmod proxy | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- elif grains['os_family']=="FreeBSD" %} | |||
apache-config-modules-proxy_ajp-file-managed: | |||
file.managed: | |||
- name: {{ apache.modulesdir }}/040_mod_proxy_ajp.conf | |||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_proxy_ajp.conf.jinja | |||
- mode: 644 | |||
- makedirs: True | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache|json }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,31 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
- .mod_proxy | |||
apache-config-modules-proxy_fcgi-pkg: | |||
cmd.run: | |||
- name: a2enmod proxy_fcgi | |||
- unless: ls {{ apache.moddir }}/proxy_fcgi.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep proxy_fcgi | |||
- order: 225 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
# cmd: a2enmod proxy | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,51 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
- .mod_proxy | |||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||
apache-config-modules-proxy_http-pkg: | |||
cmd.run: | |||
- name: a2enmod proxy_http | |||
- unless: ls {{ apache.moddir }}/proxy_http.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep proxy_http | |||
- order: 225 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
# cmd: a2enmod proxy | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- elif grains['os_family']=="FreeBSD" %} | |||
apache-config-modules-proxy_http-file-managed: | |||
file.managed: | |||
- name: {{ apache.modulesdir }}/040_mod_proxy_http.conf | |||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_proxy_http.conf.jinja | |||
- mode: 644 | |||
- makedirs: True | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache|json }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,80 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||
apache-config-modules-remoteip-cmd-run-mod-a2en: | |||
cmd.run: | |||
- name: a2enmod remoteip | |||
- unless: ls {{ apache.moddir }}/remoteip.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep remoteip | |||
- order: 255 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
apache-config-modules-remoteip-cmd-run-conf: | |||
cmd.run: | |||
- name: a2enconf remoteip | |||
- unless: ls /etc/apache2/conf-enabled/remoteip.conf | |||
- order: 255 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-reload | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
file.managed: | |||
- name: /etc/apache2/conf-available/remoteip.conf | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- makedirs: True | |||
- context: | |||
apache: {{ apache|json }} | |||
- source: | |||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/conf-available/remoteip.conf.jinja | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
- cmd: apache-config-modules-remoteip-cmd-run-conf | |||
{%- elif grains['os_family']=="RedHat" %} | |||
apache-config-modules-remoteip-file-managed-conf: | |||
file.managed: | |||
- name: /etc/httpd/conf.d/remoteip.conf | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- makedirs: True | |||
- context: | |||
apache: {{ apache|json }} | |||
- source: | |||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/conf.modules.d/remoteip.conf.jinja | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,49 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
{%- if grains['os_family'] in ('Debian', 'Suse') %} | |||
apache-config-modules-rewrite-cmd-run-mod: | |||
cmd.run: | |||
- name: a2enmod rewrite | |||
- unless: ls {{ apache.moddir }}/rewrite.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep rewrite | |||
- order: 225 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- elif grains['os_family']=="FreeBSD" %} | |||
apache-config-modules-rewrite-file-managed-conf: | |||
file.managed: | |||
- name: {{ apache.modulesdir }}/040_mod_rewrite.conf | |||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_rewrite.conf.jinja | |||
- mode: 644 | |||
- makedirs: True | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache|json }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,89 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
{%- if grains.os_family not in ('Arch',) %} | |||
apache-config-modules-security-pkg: | |||
pkg.installed: | |||
- name: {{ apache.mod_security.package }} | |||
- order: 180 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- if apache.mod_security.crs_install and 'crs_package' in apache.mod_security %} | |||
apache-config-modules-security-crs-pkg: | |||
pkg.installed: | |||
- name: {{ apache.mod_security.crs_package }} | |||
- order: 180 | |||
- require: | |||
- pkg: apache-config-modules-security-pkg | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} | |||
{%- if apache.mod_security.manage_config and 'config_file' in apache.mod_security %} | |||
apache-config-modules-security-main-config-file-managed: | |||
file.managed: | |||
- name: {{ apache.mod_security.config_file }} | |||
- order: 220 | |||
- makedirs: True | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache|json }} | |||
- source: | |||
- {{ 'salt://apache/files/' ~ salt['grains.get']('os_family') ~ '/modsecurity.conf.jinja' }} | |||
- context: {{ apache.mod_security|json }} | |||
- require: | |||
- pkg: apache-config-modules-security-pkg | |||
- watch_in: | |||
- module: apache-service-running-reload | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} | |||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||
apache-config-modules-security-cmd-run-a2en-security2: | |||
cmd.run: | |||
- name: a2enmod security2 | |||
- unless: ls {{ apache.moddir }}/security2.load && ls {{ apache.moddir }}/security2.conf | |||
- order: 225 | |||
{%- elif grains.os_family in ('Redhat',) %} | |||
apache-config-modules-security-file-directory-modsecurity: | |||
file.directory: | |||
- name: /etc/httpd/modsecurity.d | |||
{%- endif %} | |||
- require: | |||
- pkg: apache-config-modules-security-pkg | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -6,14 +6,14 @@ include: | |||
- apache.mod_security | |||
{%- for rule_name, rule_details in mod_security.get('rules', {}).items() %} | |||
{% set rule_set = rule_details.get('rule_set', '') %} | |||
{% set enabled = rule_details.get('enabled', False ) %} | |||
{%- set rule_set = rule_details.get('rule_set', '') %} | |||
{%- set enabled = rule_details.get('enabled', False ) %} | |||
{%- if enabled %} | |||
/etc/modsecurity/{{ rule_name }}: | |||
file.symlink: | |||
- target: /usr/share/modsecurity-crs/{{ rule_set }}/{{ rule_name }} | |||
- user: root | |||
- group: root | |||
- user: {{ apache.rootuser }} | |||
- group: {{ apache.rootgroup }} | |||
- mode: 755 | |||
{%- else %} | |||
/etc/modsecurity/{{ rule_name }}: | |||
@@ -24,17 +24,18 @@ include: | |||
{%- endfor %} | |||
{%- for custom_rule, custom_rule_details in mod_security.get('custom_rule_files', {}).items() %} | |||
{% set file = custom_rule_details.get('file', None) %} | |||
{% set path = custom_rule_details.get('path', None) %} | |||
{% set enabled = custom_rule_details.get('enabled', False ) %} | |||
{%- set file = custom_rule_details.get('file', None) %} | |||
{%- set path = custom_rule_details.get('path', None) %} | |||
{%- set enabled = custom_rule_details.get('enabled', False ) %} | |||
{%- if enabled %} | |||
/etc/modsecurity/{{ file }}: | |||
file.managed: | |||
- source: {{ path }} | |||
- user: root | |||
- group: root | |||
- user: {{ apache.rootuser }} | |||
- group: {{ apache.rootgroup }} | |||
- mode: 755 | |||
- makedirs: True | |||
{%- else %} | |||
/etc/modsecurity/{{ file }}: | |||
file.absent: | |||
@@ -42,4 +43,4 @@ include: | |||
{%- endif %} | |||
{%- endfor %} | |||
{% endif %} | |||
{%- endif %} |
@@ -0,0 +1,35 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- if grains['os_family']=="FreeBSD" %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
apache-config-modules-socache_shmcb-file-managed: | |||
file.managed: | |||
- name: {{ apache.modulesdir }}/009_mod_socache_shmcb.conf | |||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/generic_module.conf.jinja | |||
- mode: 644 | |||
- makedirs: True | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache|json }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
- context: | |||
module_name: socache_shmcb | |||
{%- endif %} |
@@ -0,0 +1,129 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
{%- if grains['os_family'] in ('Debian', 'Suse') %} | |||
apache-config-modules-ssl-cmd-run: | |||
cmd.run: | |||
- name: a2enmod ssl | |||
- unless: ls {{ apache.moddir }}/ssl.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' ssl' | |||
- order: 225 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
file.managed: | |||
- name: /etc/apache2/mods-available/ssl.conf | |||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/ssl.conf.jinja | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache|json }} | |||
- mode: 644 | |||
- makedirs: True | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
{%- elif grains['os_family']=="RedHat" %} | |||
apache-config-modules-ssl-pkg: | |||
pkg.installed: | |||
- name: {{ apache.pkg.mod_ssl }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
file.absent: | |||
- name: {{ apache.confdir }}/ssl.conf | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- elif grains['os_family']=="FreeBSD" %} | |||
- .mod_ssl | |||
apache-config-modules-ssl-file-managed: | |||
file.managed: | |||
- name: {{ apache.modulesdir }}/010_mod_ssl.conf | |||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_ssl.conf.jinja | |||
- mode: 644 | |||
- makedirs: True | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache|json }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} | |||
apache-config-modules-ssl-file-managed-tls-defaults: | |||
{%- if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %} | |||
file.managed: | |||
- name: {{ apache.confdir }}/tls-defaults.conf | |||
- source: salt://apache/files/ssl/tls-defaults.conf.jinja | |||
- mode: 644 | |||
- makedirs: True | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache|json }} | |||
{%- else %} | |||
file.absent: | |||
- name: {{ apache.confdir }}/tls-defaults.conf | |||
{%- endif %} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- if grains['os_family'] in ('Debian',) %} | |||
apache-config-modules-ssl-cmd-run-debian-tls-defaults: | |||
cmd.run: | |||
{%- if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %} | |||
- name: a2enconf tls-defaults | |||
- unless: test -L /etc/apache2/conf-enabled/tls-defaults.conf | |||
{%- else %} | |||
- name: a2disconf tls-defaults | |||
- onlyif: test -L /etc/apache2/conf-enabled/tls-defaults.conf | |||
{%- endif %} | |||
- order: 225 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- file: {{ apache.confdir }}/tls-defaults.conf | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,52 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- {{ sls_package_install }} | |||
apache-config-server-status: | |||
file.managed: | |||
- name: {{ apache.confdir }}/server-status{{ apache.confext }} | |||
- source: 'salt://apache/files/server-status.conf.jinja' | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- makedirs: True | |||
- context: | |||
apache: {{ apache|json }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- if grains['os_family'] == "Debian" %} | |||
apache-config-server-status-file-directory: | |||
file.directory: | |||
- name: /etc/apache2/conf-enabled | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
apache-config-server-status-cmd-run: | |||
cmd.run: | |||
- name: a2enconf server-status | |||
- unless: 'test -L /etc/apache2/conf-enabled/server-status.conf' | |||
- order: 225 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- file: apache-config-server-status | |||
- file: apache-config-server-status-file-directory | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,33 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- if grains['os_family']=="FreeBSD" %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
apache-config-modules-suexec-file-managed: | |||
file.managed: | |||
- name: {{ apache.modulesdir }}/040_mod_suexec.conf | |||
- source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_suexec.conf.jinja | |||
- mode: 644 | |||
- makedirs: True | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache|json }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,31 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
apache-config-modules-upload_progress-pkg: | |||
pkg.installed | |||
- name: {{ apache.mod_upload_progress }} | |||
cmd.run: | |||
- name: a2enmod upload_progress | |||
- unless: ls {{ apache.moddir }}/upload_progress.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep upload_progress | |||
- order: 255 | |||
- require: | |||
- pkg: apache-config-modules-upload_progress-pkg | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,29 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
apache-config-modules-vhost_alias-cmd-run: | |||
cmd.run: | |||
- name: a2enmod vhost_alias | |||
- unless: ls {{ apache.moddir }}/vhost_alias.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep vhost_alias | |||
- order: 225 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,40 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
apache-config-modules-wsgi-pkg: | |||
pkg.installed: | |||
- name: {{ apache.pkg.mod_wsgi }} | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- if 'conf_mod_wsgi' in apache %} | |||
file.uncomment: | |||
- name: {{ apache.conf_mod_wsgi }} | |||
- regex: LoadModule | |||
- onlyif: test -f {{ apache.conf_mod_wsgi }} | |||
- require: | |||
- pkg: apache-config-modules-wsgi-pkg | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,41 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- {{ sls_service_running }} | |||
- {{ sls_package_install }} | |||
apache-config-xsendfile-pkg: | |||
pkg.installed: | |||
- name: {{ apache.mod_xsendfile }} | |||
- order: 180 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- if grains['os_family'] in ('Suse', 'Debian',) %} | |||
cmd.run: | |||
- name: a2enmod xsendfile | |||
- order: 225 | |||
- unless: ls {{ apache.moddir }}/xsendfile.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep xsendfile | |||
- require: | |||
- pkg: apache-config-xsendfile-pkg | |||
- watch_in: | |||
- module: apache-service-running-restart | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1 @@ | |||
mod_status.sls |
@@ -0,0 +1,28 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- if grains.os_family == "Debian" %} | |||
include: | |||
- {{ sls_package_install }} | |||
- {{ sls_service_running }} | |||
apache-config-default-vhost: | |||
cmd.run: | |||
- name: a2dissite 000-default.conf || true | |||
- unless: test ! -f /etc/apache2/sites-enabled/000-default.conf | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-reload | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,32 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- if grains.os_family == "Debian" %} | |||
include: | |||
- {{ sls_package_install }} | |||
- {{ sls_service_running }} | |||
apache-config-own-default-vhost: | |||
file.managed: | |||
- name: {{ apache.vhostdir }}/000-default.conf | |||
- source: salt://apache/files/Debian/sites-available/000-default.conf | |||
- makedirs: True | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- context: | |||
apache: {{ apache|json }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-reload | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} |
@@ -0,0 +1,76 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- if grains.os_family == "Debian" %} | |||
include: | |||
- {{ sls_package_install }} | |||
- {{ sls_service_running }} | |||
apache-config-register-site-file-directory: | |||
file.directory: | |||
- name: {{ apache.sitesdir }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
{%- if 'apache' in pillar and 'register-site' in pillar['apache'] %} | |||
{%- for site in pillar['apache']['register-site'] %} | |||
{%- if 'name' in pillar['apache']['register-site'][site] and 'state' in pillar['apache']['register-site'][site] %} | |||
{%- if 'path' in pillar['apache']['register-site'][site] %} | |||
{%- if pillar['apache']['register-site'][site]['state'] == 'enabled' %} | |||
{%- set a2modid = "a2ensite " ~ pillar['apache']['register-site'][site]['name'] ~ apache.confext %} | |||
{%- else %} | |||
{%- set a2modid = "a2dissite " ~ pillar['apache']['register-site'][site]['name'] ~ apache.confext %} | |||
{%- endif %} | |||
apache-config-register-site-{{ a2modid }}: | |||
cmd.run: | |||
- name: {{ a2modid }} | |||
{%- if pillar['apache']['register-site'][site]['state'] == 'enabled' %} | |||
- unless: test -f /etc/apache2/sites-enabled/{{ pillar['apache']['register-site'][site]['name'] }}{{ apache.confext }} | |||
{%- else %} | |||
- onlyif: test -f /etc/apache2/sites-enabled/{{ pillar['apache']['register-site'][site]['name'] }}{{ apache.confext }} | |||
{%- endif %} | |||
- order: 230 | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- file: apache-config-register-site-file-managed | |||
- file: apache-config-register-site-file-directory | |||
- watch: | |||
- file: apache-config-register-site-file-managed | |||
apache-config-register-site-file-managed: | |||
file.managed: | |||
- name: /etc/apache2/sites-available/{{ pillar['apache']['register-site'][site]['name'] }}{{ apache.confext }} | |||
- source: {{ pillar['apache']['register-site'][site]['path'] }} | |||
- order: 225 | |||
- makedirs: True | |||
- user: {{ apache.rootuser }} | |||
- group: {{ apache.rootgroup }} | |||
- mode: 775 | |||
{%- if 'template' in pillar['apache']['register-site'][site] and 'defaults' in pillar['apache']['register-site'][site] %} | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- defaults: | |||
{%- for key, value in pillar['apache']['register-site'][site]['defaults'].items() %} | |||
{{ key }}: {{ value }} | |||
{%- endfor %} | |||
{%- endif %} | |||
- watch_in: | |||
- module: apache-service-running-reload | |||
- require_in: | |||
- module; apache-service-running-reload | |||
cmd.run: | |||
- name: echo dummy state to workaround requisite issue >/dev/null 2>&1 | |||
- require_in: | |||
- file: apache-config-register-site-file-managed | |||
{%- endif %} | |||
{%- endif %} | |||
{%- endfor %} | |||
{%- endif %} #END: apache-service-running-register-site | |||
{%- endif %} #END: grains['os_family'] == debian |
@@ -0,0 +1 @@ | |||
cleanup.sls |
@@ -0,0 +1,42 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
{%- if grains.os_family == 'Debian' %} | |||
include: | |||
- {{ sls_service_running }} | |||
{%- set dirpath = '/etc/apache2/sites-enabled' %} | |||
{# Add . and .. to make it easier to not clean those #} | |||
{%- set valid_sites = ['.', '..', ] %} | |||
{# Take sites from apache.vhosts.standard #} | |||
{%- for id, site in salt['pillar.get']('apache:sites', {}).items() %} | |||
{%- do valid_sites.append('{}{}'.format(id, apache.confext)) %} | |||
{%- endfor %} | |||
{# Take sites from apache.register_site #} | |||
{%- for id, site in salt['pillar.get']('apache:register-site', {}).items() %} | |||
{%- do valid_sites.append('{}{}'.format(site.name, apache.confext)) %} | |||
{%- endfor %} | |||
{%- if salt['file.directory_exists'](dirpath) %} | |||
{%- for filename in salt['file.readdir'](dirpath) %} | |||
{%- if filename not in valid_sites %} | |||
apache-config-vhosts-cleanup-{{ filename }}-cmd-run: | |||
cmd.run: | |||
- name: a2dissite {{ filename }} || true | |||
- onlyif: "test -L {{ dirpath }}/{{ filename }} || test -f {{ dirpath }}/{{ filename }}" | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
{%- endif %} | |||
{%- endfor %} | |||
{%- endif %} | |||
{%- endif %}{# Debian #} |
@@ -0,0 +1,5 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
include: | |||
- .standard |
@@ -2,7 +2,6 @@ | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
{# Define default values here so the template below can just focus on layout #} | |||
{% from "apache/map.jinja" import apache with context %} | |||
{% set sitename = site.get('ServerName', id) %} | |||
{% set vals = { | |||
'interfaces': site.get('interface', '*').split(), | |||
@@ -35,7 +34,7 @@ | |||
'Require': 'all granted', | |||
}, | |||
} %} | |||
<VirtualHost {%- for intf in vals.interfaces %} {{ intf }}:{{ vals.port }}{% endfor -%}> | |||
<VirtualHost {% for intf in vals.interfaces %} {{ intf }}:{{ vals.port }}{% endfor -%}> | |||
ServerName {{ vals.ServerName }} | |||
{% if site.get('ServerAlias') != False %}ServerAlias {{ vals.ServerAlias }}{% endif %} | |||
{% if site.get('ServerAdmin') != False %}ServerAdmin {{ vals.ServerAdmin }}{% endif %} | |||
@@ -73,8 +72,8 @@ | |||
ProxyPassReverse {{ proxyvals.ProxyPassReverseSource }} {{ proxyvals.ProxyPassReverseTarget }} | |||
{% endfor %} | |||
{%- for path, loc in site.get('Location', {}).items() %} | |||
{%- set lvals = { | |||
{% for path, loc in site.get('Location', {}).items() %} | |||
{% set lvals = { | |||
'Order': loc.get('Order', vals.Location.Order), | |||
'Allow': loc.get('Allow', vals.Location.Allow), | |||
'Require': loc.get('Require', vals.Location.Require), | |||
@@ -82,16 +81,16 @@ | |||
} %} | |||
<Location "{{ path }}"> | |||
{% if apache.version == '2.4' %} | |||
{%- if lvals.get('Require') != False %}Require {{ lvals.Require }}{% endif %} | |||
{% if lvals.get('Require') != False %}Require {{ lvals.Require }}{% endif %} | |||
{% else %} | |||
{%- if lvals.get('Order') != False %}Order {{ lvals.Order }}{% endif %} | |||
{%- if lvals.get('Allow') != False %}Allow {{ lvals.Allow }}{% endif %} | |||
{% if lvals.get('Order') != False %}Order {{ lvals.Order }}{% endif %} | |||
{% if lvals.get('Allow') != False %}Allow {{ lvals.Allow }}{% endif %} | |||
{% endif %} | |||
{%- if loc.get('Formula_Append') %} {{ loc.Formula_Append|indent(8) }} {% endif %} | |||
{% if loc.get('Formula_Append') %} {{ loc.Formula_Append|indent(8) }} {% endif %} | |||
</Location> | |||
{% endfor %} | |||
{%- for regpath, locmat in site.get('LocationMatch', {}).items() %} | |||
{%- set lmvals = { | |||
{% for regpath, locmat in site.get('LocationMatch', {}).items() %} | |||
{% set lmvals = { | |||
'Order': locmat.get('Order', vals.LocationMatch.Order), | |||
'Allow': locmat.get('Allow', vals.LocationMatch.Allow), | |||
'Require': locmat.get('Require', vals.LocationMatch.Require), | |||
@@ -99,32 +98,32 @@ | |||
} %} | |||
<LocationMatch "{{ regpath }}"> | |||
{% if apache.version == '2.4' %} | |||
{%- if lmvals.get('Require') != False %}Require {{ lmvals.Require }}{% endif %} | |||
{% if lmvals.get('Require') != False %}Require {{ lmvals.Require }}{% endif %} | |||
{% else %} | |||
{%- if lmvals.get('Order') != False %}Order {{ lmvals.Order }}{% endif %} | |||
{%- if lmvals.get('Allow') != False %}Allow {{ lmvals.Allow }}{% endif %} | |||
{% if lmvals.get('Order') != False %}Order {{ lmvals.Order }}{% endif %} | |||
{% if lmvals.get('Allow') != False %}Allow {{ lmvals.Allow }}{% endif %} | |||
{% endif %} | |||
{%- if locmat.get('Formula_Append') %} {{ locmat.Formula_Append|indent(8) }} {% endif %} | |||
{% if locmat.get('Formula_Append') %} {{ locmat.Formula_Append|indent(8) }} {% endif %} | |||
</LocationMatch> | |||
{% endfor %} | |||
{%- for proxypath, prox in site.get('Proxy_control', {}).items() %} | |||
{%- set proxvals = { | |||
{% for proxypath, prox in site.get('Proxy_control', {}).items() %} | |||
{% set proxvals = { | |||
'AllowAll': prox.get('AllowAll', vals.AllowAll), | |||
'AllowCountry': prox.get('AllowCountry', vals.AllowCountry), | |||
'AllowIP': prox.get('AllowIP', vals.AllowIP), | |||
} %} | |||
<Proxy "{{ proxypath }}"> | |||
{%- if proxvals.get('AllowAll') != False %} | |||
{% if proxvals.get('AllowAll') != False %} | |||
Require all granted | |||
{%- else %} | |||
{% else %} | |||
{% if proxvals.get('AllowCountry') != False %}{% set country_list = proxvals.get('AllowCountry', {}) %}GeoIPEnable On | |||
{% for every_country in country_list %}SetEnvIf GEOIP_COUNTRY_CODE {{ every_country }} AllowCountry | |||
{% endfor %}Require env AllowCountry {% endif %} | |||
{% if proxvals.get('AllowIP') is defined %} {% set ip_list = proxvals.get('AllowIP', {}) %} | |||
Require ip {% for every_ip in ip_list %}{{ every_ip }} {% endfor %} {% endif %} | |||
{%- endif %} | |||
{% endif %} | |||
</Proxy> | |||
{%- endfor %} | |||
{% endfor %} | |||
{% if site.get('Formula_Append') %} | |||
{{ site.Formula_Append|indent(4) }} | |||
{% endif %} |
@@ -2,7 +2,6 @@ | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
{# Define default values here so the template below can just focus on layout #} | |||
{%- from "apache/map.jinja" import apache with context %} | |||
{%- set sitename = site.get('ServerName', id) %} | |||
{%- set vals = { |
@@ -0,0 +1,80 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set sls_package_install = tplroot ~ '.package.install' %} | |||
{%- set sls_service_running = tplroot ~ '.service.running' %} | |||
{%- from tplroot ~ "/map.jinja" import apache with context %} | |||
include: | |||
- {{ sls_package_install }} | |||
- {{ sls_service_running }} | |||
{%- for id, site in salt['pillar.get']('apache:sites', {}).items() %} | |||
{%- set documentroot = site.get('DocumentRoot', '{0}/{1}'.format(apache.wwwdir, site.get('ServerName', id))) %} | |||
apache-config-vhosts-standard-{{ id }}: | |||
file.managed: | |||
- name: {{ apache.vhostdir }}/{{ id }}{{ apache.confext }} | |||
- source: {{ site.get('template_file', 'salt://apache/config/vhosts/standard.tmpl') }} | |||
- template: {{ apache.get('template_engine', 'jinja') }} | |||
- makedirs: True | |||
- context: | |||
apache: {{ apache|json }} | |||
id: {{ id|json }} | |||
site: {{ site|json }} | |||
map: {{ apache|json }} | |||
- require: | |||
- pkg: apache-package-install-pkg-installed | |||
- watch_in: | |||
- module: apache-service-running-reload | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- if site.get('DocumentRoot') != False %} | |||
apache-config-vhosts-standard-{{ id }}-docroot: | |||
file.directory: | |||
- name: {{ documentroot }} | |||
- makedirs: True | |||
- user: {{ site.get('DocumentRootUser', apache.get('document_root_user'))|json or apache.user }} | |||
- group: {{ site.get('DocumentRootGroup', apache.get('document_root_group'))|json or apache.group }} | |||
- allow_symlink: True | |||
{%- endif %} | |||
{%- if grains.os_family == 'Debian' %} | |||
{%- if site.get('enabled', True) %} | |||
apache-config-vhosts-standard-{{ id }}-cmd-run-a2en: | |||
cmd.run: | |||
- name: a2ensite {{ id }}{{ apache.confext }} | |||
- unless: test -f /etc/apache2/sites-enabled/{{ id }}{{ apache.confext }} | |||
- require: | |||
- file: apache-config-vhosts-standard-{{ id }} | |||
- watch_in: | |||
- module: apache-service-running-reload | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- else %} | |||
apache-config-vhosts-standard-{{ id }}-cmd-run-a2dis: | |||
cmd.run: | |||
- name: a2dissite {{ id }}{{ apache.confext }}: | |||
- onlyif: test -f /etc/apache2/sites-enabled/{{ id }}{{ apache.confext }} | |||
- require: | |||
- file: apache-config-vhosts-standard-{{ id }} | |||
- watch_in: | |||
- module: apache-service-running-reload | |||
- require_in: | |||
- module: apache-service-running-restart | |||
- module: apache-service-running-reload | |||
- service: apache-service-running | |||
{%- endif %} | |||
{%- endif %} {# Debian #} | |||
{%- endfor %} |
@@ -2,9 +2,9 @@ | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
{# Define default values here so the template below can just focus on layout #} | |||
{%- set sitename = site.get('ServerName', id) -%} | |||
{% set sitename = site.get('ServerName', id) -%} | |||
{%- set vals = { | |||
{% set vals = { | |||
'interfaces': site.get('interface', '*').split(), | |||
'port': site.get('port', '80'), | |||
@@ -74,16 +74,16 @@ | |||
{{ site.Rewrite }} | |||
{% endif %} | |||
{%- for loc, path in site.get('Alias', {}).items() %} | |||
{% for loc, path in site.get('Alias', {}).items() %} | |||
Alias {{ loc }} {{ path }} | |||
{%- endfor %} | |||
{% endfor %} | |||
{%- for loc, path in site.get('ScriptAlias', {}).items() %} | |||
{% for loc, path in site.get('ScriptAlias', {}).items() %} | |||
ScriptAlias {{ loc }} {{ path }} | |||
{%- endfor %} | |||
{% endfor %} | |||
{%- for path, dir in site.get('Directory', {}).items() -%} | |||
{%- set dvals = { | |||
{% for path, dir in site.get('Directory', {}).items() -%} | |||
{% set dvals = { | |||
'Options': dir.get('Options', vals.Directory.Options), | |||
'Order': dir.get('Order', vals.Directory.Order), | |||
'Allow': dir.get('Allow', vals.Directory.Allow), | |||
@@ -92,7 +92,7 @@ | |||
'Dav': dir.get('Dav', False), | |||
} %} | |||
{%- if path == 'default' %}{% set path = vals.Directory_default %}{% endif %} | |||
{% if path == 'default' %}{% set path = vals.Directory_default %}{% endif %} | |||
<Directory "{{ path }}"> | |||
{% if dvals.get('Options') != False %}Options {{ dvals.Options }}{% endif %} | |||
@@ -100,6 +100,7 @@ | |||
{% if dvals.get('Require') != False %}Require {{ dvals.Require }}{% endif %} | |||
{% else %} | |||
{% if dvals.get('Order') != False %}Order {{ dvals.Order }}{% endif %} | |||
{% if dvals.get('Allow') != False %}Allow {{ dvals.Allow }}{% endif %} | |||
{% endif %} | |||
{% if dvals.get('AllowOverride') != False %}AllowOverride {{ dvals.AllowOverride }}{% endif %} | |||
@@ -109,10 +110,10 @@ | |||
{{ dir.Formula_Append|indent(8) }} | |||
{% endif %} | |||
</Directory> | |||
{%- endfor %} | |||
{% endfor %} | |||
{%- for path, loc in site.get('Location', {}).items() %} | |||
{%- set lvals = { | |||
{% for path, loc in site.get('Location', {}).items() %} | |||
{% set lvals = { | |||
'Order': loc.get('Order', vals.Location.Order), | |||
'Allow': loc.get('Allow', vals.Location.Allow), | |||
'Require': loc.get('Require', vals.Location.Require), | |||
@@ -121,20 +122,20 @@ | |||
<Location "{{ path }}"> | |||
{% if map.version == '2.4' %} | |||
{%- if lvals.get('Require') != False %}Require {{ lvals.Require }}{% endif %} | |||
{% if lvals.get('Require') != False %}Require {{ lvals.Require }}{% endif %} | |||
{% else %} | |||
{%- if lvals.get('Order') != False %}Order {{ lvals.Order }}{% endif %} | |||
{%- if lvals.get('Allow') != False %}Allow {{ lvals.Allow }}{% endif %} | |||
{% if lvals.get('Order') != False %}Order {{ lvals.Order }}{% endif %} | |||
{% if lvals.get('Allow') != False %}Allow {{ lvals.Allow }}{% endif %} | |||
{% endif %} | |||
{%- if lvals.get('Dav') != False %}Dav On{% endif %} | |||
{% if lvals.get('Dav') != False %}Dav On{% endif %} | |||
{%- if loc.get('Formula_Append') %} | |||
{% if loc.get('Formula_Append') %} | |||
{{ loc.Formula_Append|indent(8) }} | |||
{% endif %} | |||
</Location> | |||
{% endfor %} | |||
{%- if site.get('Formula_Append') %} | |||
{% if site.get('Formula_Append') %} | |||
{{ site.Formula_Append|indent(4) }} | |||
{% endif %} | |||
</VirtualHost> |
@@ -1,44 +0,0 @@ | |||
{% from "apache/map.jinja" import apache with context %} | |||
{% if grains['os_family']=="Debian" %} | |||
include: | |||
- apache | |||
- apache.register_site | |||
extend: | |||
apache: | |||
pkg: | |||
- order: 175 | |||
service: | |||
- order: 455 | |||
apache-reload: | |||
module: | |||
- order: 420 | |||
apache-restart: | |||
module: | |||
- order: 425 | |||
a2dissite 000-default{{ apache.confext }}: | |||
cmd.run: | |||
- onlyif: test -f /etc/apache2/sites-enabled/000-default{{ apache.confext }} | |||
- watch_in: | |||
- module: apache-reload | |||
- require_in: | |||
- module: apache-restart | |||
- module: apache-reload | |||
- service: apache | |||
- require: | |||
- pkg: apache | |||
/etc/apache2/sites-available/{{ apache.default_site }}: | |||
file.absent: | |||
- require: | |||
- pkg: apache | |||
/etc/apache2/sites-available/{{ apache.default_site_ssl }}: | |||
file.absent: | |||
- require: | |||
- pkg: apache | |||
{% endif %} #END: os = debian |
@@ -2,10 +2,53 @@ | |||
# vim: ft=yaml | |||
--- | |||
apache: | |||
lookup: {} | |||
pkg: | |||
name: apache2 | |||
mod_ssl: mod_ssl | |||
mod_wsgi: mod_wsgi | |||
deps: [] | |||
rootuser: root | |||
rootgroup: root | |||
template_engine: jinja | |||
config: '/etc/apache' | |||
service: | |||
name: apache | |||
user: www-data | |||
group: www-data | |||
vhostdir: /etc/apache2/sites-available | |||
confdir: /etc/apache2/conf.d | |||
davlockdbdir: null | |||
logdir: /var/log/apache2 | |||
wwwdir: /srv/apache2 | |||
document_root_user: null # Do not enforce group | |||
document_root_group: null # Do not enforce group | |||
manage_service_states: true | |||
service_state: running | |||
service_enable: true | |||
flags: {} | |||
global: {} | |||
modules: {} | |||
mod_remoteip: {} | |||
mod_security: | |||
crs_install: false | |||
manage_config: false | |||
manage_config: false # use software defaults | |||
mod_ssl: | |||
manage_tls_defaults: false # use software defaults | |||
# Just here for testing | |||
added_in_defaults: defaults_value | |||
winner: defaults | |||
retry_option: | |||
# https://docs.saltstack.com/en/latest/ref/states/requisites.html#retrying-states | |||
attempts: 2 | |||
until: true | |||
interval: 10 | |||
splay: 10 |
@@ -0,0 +1,611 @@ | |||
# | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
# This is the main Apache HTTP server configuration file. It contains the | |||
# configuration directives that give the server its instructions. | |||
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information. | |||
# In particular, see | |||
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html> | |||
# for a discussion of each configuration directive. | |||
# | |||
# Do NOT simply read the instructions in here without understanding | |||
# what they do. They're here only as hints or reminders. If you are unsure | |||
# consult the online docs. You have been warned. | |||
# | |||
# Configuration and logfile names: If the filenames you specify for many | |||
# of the server's control files begin with "/" (or "drive:/" for Win32), the | |||
# server will use that explicit path. If the filenames do *not* begin | |||
# with "/", the value of ServerRoot is prepended -- so "logs/access_log" | |||
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the | |||
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" | |||
# will be interpreted as '/logs/access_log'. | |||
# | |||
# ServerRoot: The top of the directory tree under which the server's | |||
# configuration, error, and log files are kept. | |||
# | |||
# Do not add a slash at the end of the directory path. If you point | |||
# ServerRoot at a non-local disk, be sure to specify a local disk on the | |||
# Mutex directive, if file-based mutexes are used. If you wish to share the | |||
# same ServerRoot for multiple httpd daemons, you will need to change at | |||
# least PidFile. | |||
# | |||
ServerRoot "{{ apache.get('serverroot', '/etc/httpd') }}" | |||
# | |||
# Mutex: Allows you to set the mutex mechanism and mutex file directory | |||
# for individual mutexes, or change the global defaults | |||
# | |||
# Uncomment and change the directory if mutexes are file-based and the default | |||
# mutex file directory is not on a local disk or is not appropriate for some | |||
# other reason. | |||
# | |||
# Mutex default:/run/httpd | |||
# | |||
# Listen: Allows you to bind Apache to specific IP addresses and/or | |||
# ports, instead of the default. See also the <VirtualHost> | |||
# directive. | |||
# | |||
# Change this to Listen on specific IP addresses as shown below to | |||
# prevent Apache from glomming onto all bound IP addresses. | |||
# | |||
#Listen 12.34.56.78:80 | |||
{% if salt['pillar.get']('apache:sites') is mapping %} | |||
{%- set listen_directives = [] %} | |||
{%- for id, site in salt['pillar.get']('apache:sites').items() %} | |||
{%- set interfaces = site.get('interface', '*').split() %} | |||
{%- set port = site.get('port', 80) %} | |||
{%- for interface in interfaces %} | |||
{%- if not site.get('exclude_listen_directive', False) and not port == '*' %} | |||
{%- set listen_directive = interface ~ ':' ~ port %} | |||
{%- if listen_directive not in listen_directives %} | |||
{%- do listen_directives.append(listen_directive) %} | |||
{%- endif %} | |||
{%- endif %} | |||
{%- endfor %} | |||
{%- endfor %} | |||
{%- for listen in listen_directives %} | |||
Listen {{ listen }} | |||
{%- endfor %} | |||
{%- else %} | |||
Listen 80 | |||
<IfModule mod_ssl.c> | |||
Listen 443 | |||
</IfModule> | |||
{%- endif %} | |||
# | |||
# Dynamic Shared Object (DSO) Support | |||
# | |||
# To be able to use the functionality of a module which was built as a DSO you | |||
# have to place corresponding `LoadModule' lines at this location so the | |||
# directives contained in it are actually available _before_ they are used. | |||
# Statically compiled modules (those listed by `httpd -l') do not need | |||
# to be loaded here. | |||
# | |||
# Example: | |||
# LoadModule foo_module modules/mod_foo.so | |||
# | |||
LoadModule mpm_event_module modules/mod_mpm_event.so | |||
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so | |||
#LoadModule mpm_worker_module modules/mod_mpm_worker.so | |||
LoadModule authn_file_module modules/mod_authn_file.so | |||
#LoadModule authn_dbm_module modules/mod_authn_dbm.so | |||
#LoadModule authn_anon_module modules/mod_authn_anon.so | |||
#LoadModule authn_dbd_module modules/mod_authn_dbd.so | |||
#LoadModule authn_socache_module modules/mod_authn_socache.so | |||
LoadModule authn_core_module modules/mod_authn_core.so | |||
LoadModule authz_host_module modules/mod_authz_host.so | |||
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so | |||
LoadModule authz_user_module modules/mod_authz_user.so | |||
#LoadModule authz_dbm_module modules/mod_authz_dbm.so | |||
#LoadModule authz_owner_module modules/mod_authz_owner.so | |||
#LoadModule authz_dbd_module modules/mod_authz_dbd.so | |||
LoadModule authz_core_module modules/mod_authz_core.so | |||
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so | |||
#LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so | |||
LoadModule access_compat_module modules/mod_access_compat.so | |||
LoadModule auth_basic_module modules/mod_auth_basic.so | |||
#LoadModule auth_form_module modules/mod_auth_form.so | |||
#LoadModule auth_digest_module modules/mod_auth_digest.so | |||
#LoadModule allowmethods_module modules/mod_allowmethods.so | |||
#LoadModule file_cache_module modules/mod_file_cache.so | |||
#LoadModule cache_module modules/mod_cache.so | |||
#LoadModule cache_disk_module modules/mod_cache_disk.so | |||
#LoadModule cache_socache_module modules/mod_cache_socache.so | |||
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so | |||
#LoadModule socache_dbm_module modules/mod_socache_dbm.so | |||
#LoadModule socache_memcache_module modules/mod_socache_memcache.so | |||
#LoadModule socache_redis_module modules/mod_socache_redis.so | |||
#LoadModule watchdog_module modules/mod_watchdog.so | |||
#LoadModule macro_module modules/mod_macro.so | |||
#LoadModule dbd_module modules/mod_dbd.so | |||
#LoadModule dumpio_module modules/mod_dumpio.so | |||
#LoadModule echo_module modules/mod_echo.so | |||
#LoadModule buffer_module modules/mod_buffer.so | |||
#LoadModule data_module modules/mod_data.so | |||
#LoadModule ratelimit_module modules/mod_ratelimit.so | |||
LoadModule reqtimeout_module modules/mod_reqtimeout.so | |||
#LoadModule ext_filter_module modules/mod_ext_filter.so | |||
#LoadModule request_module modules/mod_request.so | |||
LoadModule include_module modules/mod_include.so | |||
LoadModule filter_module modules/mod_filter.so | |||
#LoadModule reflector_module modules/mod_reflector.so | |||
#LoadModule substitute_module modules/mod_substitute.so | |||
#LoadModule sed_module modules/mod_sed.so | |||
#LoadModule charset_lite_module modules/mod_charset_lite.so | |||
#LoadModule deflate_module modules/mod_deflate.so | |||
#LoadModule xml2enc_module modules/mod_xml2enc.so | |||
#LoadModule proxy_html_module modules/mod_proxy_html.so | |||
#LoadModule brotli_module modules/mod_brotli.so | |||
LoadModule mime_module modules/mod_mime.so | |||
#LoadModule ldap_module modules/mod_ldap.so | |||
LoadModule log_config_module modules/mod_log_config.so | |||
#LoadModule log_debug_module modules/mod_log_debug.so | |||
#LoadModule log_forensic_module modules/mod_log_forensic.so | |||
#LoadModule logio_module modules/mod_logio.so | |||
#LoadModule lua_module modules/mod_lua.so | |||
LoadModule env_module modules/mod_env.so | |||
#LoadModule mime_magic_module modules/mod_mime_magic.so | |||
#LoadModule cern_meta_module modules/mod_cern_meta.so | |||
#LoadModule expires_module modules/mod_expires.so | |||
LoadModule headers_module modules/mod_headers.so | |||
#LoadModule ident_module modules/mod_ident.so | |||
#LoadModule usertrack_module modules/mod_usertrack.so | |||
#LoadModule unique_id_module modules/mod_unique_id.so | |||
LoadModule setenvif_module modules/mod_setenvif.so | |||
LoadModule version_module modules/mod_version.so | |||
#LoadModule remoteip_module modules/mod_remoteip.so | |||
#LoadModule proxy_module modules/mod_proxy.so | |||
#LoadModule proxy_connect_module modules/mod_proxy_connect.so | |||
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so | |||
#LoadModule proxy_http_module modules/mod_proxy_http.so | |||
#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so | |||
#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so | |||
#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so | |||
#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so | |||
#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so | |||
#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so | |||
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so | |||
#LoadModule proxy_express_module modules/mod_proxy_express.so | |||
#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so | |||
#LoadModule session_module modules/mod_session.so | |||
#LoadModule session_cookie_module modules/mod_session_cookie.so | |||
#LoadModule session_crypto_module modules/mod_session_crypto.so | |||
#LoadModule session_dbd_module modules/mod_session_dbd.so | |||
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so | |||
#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so | |||
#LoadModule ssl_module modules/mod_ssl.so | |||
#LoadModule dialup_module modules/mod_dialup.so | |||
#LoadModule http2_module modules/mod_http2.so | |||
#LoadModule proxy_http2_module modules/mod_proxy_http2.so | |||
#LoadModule md_module modules/mod_md.so | |||
#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so | |||
#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so | |||
#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so | |||
#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so | |||
LoadModule unixd_module modules/mod_unixd.so | |||
#LoadModule heartbeat_module modules/mod_heartbeat.so | |||
#LoadModule heartmonitor_module modules/mod_heartmonitor.so | |||
#LoadModule dav_module modules/mod_dav.so | |||
LoadModule status_module modules/mod_status.so | |||
LoadModule autoindex_module modules/mod_autoindex.so | |||
#LoadModule asis_module modules/mod_asis.so | |||
#LoadModule info_module modules/mod_info.so | |||
#LoadModule suexec_module modules/mod_suexec.so | |||
<IfModule !mpm_prefork_module> | |||
#LoadModule cgid_module modules/mod_cgid.so | |||
</IfModule> | |||
<IfModule mpm_prefork_module> | |||
#LoadModule cgi_module modules/mod_cgi.so | |||
</IfModule> | |||
#LoadModule dav_fs_module modules/mod_dav_fs.so | |||
#LoadModule dav_lock_module modules/mod_dav_lock.so | |||
#LoadModule vhost_alias_module modules/mod_vhost_alias.so | |||
LoadModule negotiation_module modules/mod_negotiation.so | |||
LoadModule dir_module modules/mod_dir.so | |||
#LoadModule imagemap_module modules/mod_imagemap.so | |||
#LoadModule actions_module modules/mod_actions.so | |||
#LoadModule speling_module modules/mod_speling.so | |||
LoadModule userdir_module modules/mod_userdir.so | |||
LoadModule alias_module modules/mod_alias.so | |||
#LoadModule rewrite_module modules/mod_rewrite.so | |||
<IfModule unixd_module> | |||
# | |||
# If you wish httpd to run as a different user or group, you must run | |||
# httpd as root initially and it will switch. | |||
# | |||
# User/Group: The name (or #number) of the user/group to run httpd as. | |||
# It is usually good practice to create a dedicated user and group for | |||
# running httpd, as with most system services. | |||
# | |||
User {{ apache.user or 'http' }} | |||
Group {{ apache.group or 'http' }} | |||
</IfModule> | |||
# 'Main' server configuration | |||
# | |||
# The directives in this section set up the values used by the 'main' | |||
# server, which responds to any requests that aren't handled by a | |||
# <VirtualHost> definition. These values also provide defaults for | |||
# any <VirtualHost> containers you may define later in the file. | |||
# | |||
# All of these directives may appear inside <VirtualHost> containers, | |||
# in which case these default settings will be overridden for the | |||
# virtual host being defined. | |||
# | |||
# | |||
# ServerAdmin: Your address, where problems with the server should be | |||
# e-mailed. This address appears on some server-generated pages, such | |||
# as error documents. e.g. admin@your-domain.com | |||
# | |||
ServerAdmin you@example.com | |||
# | |||
# ServerName gives the name and port that the server uses to identify itself. | |||
# This can often be determined automatically, but we recommend you specify | |||
# it explicitly to prevent problems during startup. | |||
# | |||
# If your host doesn't have a registered DNS name, enter its IP address here. | |||
# | |||
#ServerName www.example.com:80 | |||
# | |||
# Deny access to the entirety of your server's filesystem. You must | |||
# explicitly permit access to web content directories in other | |||
# <Directory> blocks below. | |||
# | |||
<Directory /> | |||
AllowOverride none | |||
Require all denied | |||
</Directory> | |||
# | |||
# Note that from this point forward you must specifically allow | |||
# particular features to be enabled - so if something's not working as | |||
# you might expect, make sure that you have specifically enabled it | |||
# below. | |||
# | |||
# | |||
# DocumentRoot: The directory out of which you will serve your | |||
# documents. By default, all requests are taken from this directory, but | |||
# symbolic links and aliases may be used to point to other locations. | |||
# | |||
DocumentRoot "{{ apache.get('docroot', apache.wwwdir or '/srv/http') }}" | |||
# | |||
# Relax access to content within {{ apache.wwwdir }}. | |||
# | |||
<Directory "{{ apache.wwwdir }}"> | |||
AllowOverride None | |||
# Allow open access: | |||
Require all granted | |||
</Directory> | |||
# Further relax access to the default document root: | |||
<Directory "{{ apache.get('docroot', apache.wwwdir + '/srv/http') }}"> | |||
# | |||
# Possible values for the Options directive are "None", "All", | |||
# or any combination of: | |||
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews | |||
# | |||
# Note that "MultiViews" must be named *explicitly* --- "Options All" | |||
# doesn't give it to you. | |||
# | |||
# The Options directive is both complicated and important. Please see | |||
# http://httpd.apache.org/docs/2.4/mod/core.html#options | |||
# for more information. | |||
# | |||
Options Indexes FollowSymLinks | |||
# | |||
# AllowOverride controls what directives may be placed in .htaccess files. | |||
# It can be "All", "None", or any combination of the keywords: | |||
# AllowOverride FileInfo AuthConfig Limit | |||
# | |||
AllowOverride None | |||
# | |||
# Controls who can get stuff from this server. | |||
# | |||
Require all granted | |||
</Directory> | |||
# | |||
# DirectoryIndex: sets the file that Apache will serve if a directory | |||
# is requested. | |||
# | |||
<IfModule dir_module> | |||
DirectoryIndex index.html | |||
</IfModule> | |||
# | |||
# The following lines prevent .htaccess and .htpasswd files from being | |||
# viewed by Web clients. | |||
# | |||
<Files ".ht*"> | |||
Require all denied | |||
</Files> | |||
# | |||
# ErrorLog: The location of the error log file. | |||
# If you do not specify an ErrorLog directive within a <VirtualHost> | |||
# container, error messages relating to that virtual host will be | |||
# logged here. If you *do* define an error logfile for a <VirtualHost> | |||
# container, that host's errors will be logged there and not here. | |||
# | |||
ErrorLog "{{ apache.logdir }}/error_log" | |||
# | |||
# LogLevel: Control the number of messages logged to the error_log. | |||
# Possible values include: debug, info, notice, warn, error, crit, | |||
# alert, emerg. | |||
# | |||
LogLevel warn | |||
<IfModule log_config_module> | |||
# | |||
# The following directives define some format nicknames for use with | |||
# a CustomLog directive (see below). | |||
# | |||
{%- for log_format in salt['pillar.get']('apache:log_formats', []) %} | |||
LogFormat {{ log_format }} | |||
{%- endfor %} | |||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined | |||
LogFormat "%h %l %u %t \"%r\" %>s %b" common | |||
<IfModule logio_module> | |||
# You need to enable mod_logio.c to use %I and %O | |||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio | |||
</IfModule> | |||
# | |||
# The location and format of the access logfile (Common Logfile Format). | |||
# If you do not define any access logfiles within a <VirtualHost> | |||
# container, they will be logged here. Contrariwise, if you *do* | |||
# define per-<VirtualHost> access logfiles, transactions will be | |||
# logged therein and *not* in this file. | |||
# | |||
#CustomLog "/var/log/httpd/access_log" common | |||
# | |||
# If you prefer a logfile with access, agent, and referer information | |||
# (Combined Logfile Format) you can use the following directive. | |||
# | |||
#CustomLog "/var/log/httpd/access_log" combined | |||
CustomLog "{{ apache.logdir }}/access_log" combined | |||
</IfModule> | |||
<IfModule alias_module> | |||
# | |||
# Redirect: Allows you to tell clients about documents that used to | |||
# exist in your server's namespace, but do not anymore. The client | |||
# will make a new request for the document at its new location. | |||
# Example: | |||
# Redirect permanent /foo http://www.example.com/bar | |||
# | |||
# Alias: Maps web paths into filesystem paths and is used to | |||
# access content that does not live under the DocumentRoot. | |||
# Example: | |||
# Alias /webpath /full/filesystem/path | |||
# | |||
# If you include a trailing / on /webpath then the server will | |||
# require it to be present in the URL. You will also likely | |||
# need to provide a <Directory> section to allow access to | |||
# the filesystem path. | |||
# | |||
# ScriptAlias: This controls which directories contain server scripts. | |||
# ScriptAliases are essentially the same as Aliases, except that | |||
# documents in the target directory are treated as applications and | |||
# run by the server when requested rather than as documents sent to the | |||
# client. The same rules about trailing "/" apply to ScriptAlias | |||
# directives as to Alias. | |||
# | |||
ScriptAlias /cgi-bin/ "{{ apache.wwwdir }}/cgi-bin/" | |||
</IfModule> | |||
<IfModule cgid_module> | |||
# | |||
# ScriptSock: On threaded servers, designate the path to the UNIX | |||
# socket used to communicate with the CGI daemon of mod_cgid. | |||
# | |||
#Scriptsock cgisock | |||
</IfModule> | |||
# | |||
# "/srv/http/cgi-bin" should be changed to whatever your ScriptAliased | |||
# CGI directory exists, if you have that configured. | |||
# | |||
<Directory "{{ apache.wwwdir }}/cgi-bin/"> | |||
AllowOverride None | |||
Options None | |||
Require all granted | |||
</Directory> | |||
<IfModule headers_module> | |||
# | |||
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied | |||
# backend servers which have lingering "httpoxy" defects. | |||
# 'Proxy' request header is undefined by the IETF, not listed by IANA | |||
# | |||
RequestHeader unset Proxy early | |||
</IfModule> | |||
<IfModule mime_module> | |||
# | |||
# TypesConfig points to the file containing the list of mappings from | |||
# filename extension to MIME-type. | |||
# | |||
TypesConfig conf/mime.types | |||
# | |||
# AddType allows you to add to or override the MIME configuration | |||
# file specified in TypesConfig for specific file types. | |||
# | |||
#AddType application/x-gzip .tgz | |||
# | |||
# AddEncoding allows you to have certain browsers uncompress | |||
# information on the fly. Note: Not all browsers support this. | |||
# | |||
#AddEncoding x-compress .Z | |||
#AddEncoding x-gzip .gz .tgz | |||
# | |||
# If the AddEncoding directives above are commented-out, then you | |||
# probably should define those extensions to indicate media types: | |||
# | |||
AddType application/x-compress .Z | |||
AddType application/x-gzip .gz .tgz | |||
# | |||
# AddHandler allows you to map certain file extensions to "handlers": | |||
# actions unrelated to filetype. These can be either built into the server | |||
# or added with the Action directive (see below) | |||
# | |||
# To use CGI scripts outside of ScriptAliased directories: | |||
# (You will also need to add "ExecCGI" to the "Options" directive.) | |||
# | |||
#AddHandler cgi-script .cgi | |||
# For type maps (negotiated resources): | |||
#AddHandler type-map var | |||
# | |||
# Filters allow you to process content before it is sent to the client. | |||
# | |||
# To parse .shtml files for server-side includes (SSI): | |||
# (You will also need to add "Includes" to the "Options" directive.) | |||
# | |||
#AddType text/html .shtml | |||
#AddOutputFilter INCLUDES .shtml | |||
</IfModule> | |||
# | |||
# Specify a default charset for all content served; this enables | |||
# interpretation of all content as UTF-8 by default. To use the | |||
# default browser choice (ISO-8859-1), or to allow the META tags | |||
# in HTML content to override this choice, comment out this | |||
# directive: | |||
# | |||
{%- if apache.get('default_charset', False) is none %} | |||
# AddDefaultCharset UTF-8 | |||
{%- else %} | |||
AddDefaultCharset {{ apache.get('default_charset', 'UTF-8') }} | |||
{%- endif %} | |||
# | |||
# The mod_mime_magic module allows the server to use various hints from the | |||
# contents of the file itself to determine its type. The MIMEMagicFile | |||
# directive tells the module where the hint definitions are located. | |||
# | |||
#MIMEMagicFile conf/magic | |||
# | |||
# Customizable error responses come in three flavors: | |||
# 1) plain text 2) local redirects 3) external redirects | |||
# | |||
# Some examples: | |||
#ErrorDocument 500 "The server made a boo boo." | |||
#ErrorDocument 404 /missing.html | |||
#ErrorDocument 404 "/cgi-bin/missing_handler.pl" | |||
#ErrorDocument 402 http://www.example.com/subscription_info.html | |||
# | |||
# | |||
# MaxRanges: Maximum number of Ranges in a request before | |||
# returning the entire resource, or one of the special | |||
# values 'default', 'none' or 'unlimited'. | |||
# Default setting is to accept 200 Ranges. | |||
#MaxRanges unlimited | |||
# | |||
# EnableMMAP and EnableSendfile: On systems that support it, | |||
# memory-mapping or the sendfile syscall may be used to deliver | |||
# files. This usually improves server performance, but must | |||
# be turned off when serving from networked-mounted | |||
# filesystems or if support for these functions is otherwise | |||
# broken on your system. | |||
# Defaults: EnableMMAP On, EnableSendfile Off | |||
# | |||
#EnableMMAP off | |||
#EnableSendfile on | |||
{%- for directive, dvalue in salt['pillar.get']('apache:global', {}).items() %} | |||
{{ directive }} {{ dvalue }} | |||
{%- endfor %} | |||
# Supplemental configuration | |||
# | |||
# The configuration files in the conf/extra/ directory can be | |||
# included to add extra features or to modify the default configuration of | |||
# the server, or you may simply copy their contents here and change as | |||
# necessary. | |||
# Load config files in the "/etc/httpd/conf.d" directory, if any. | |||
IncludeOptional {{ apache.confdir }}/*.conf | |||
{% if apache.vhostdir != apache.confdir %} | |||
IncludeOptional {{ apache.vhostdir }}/*.conf | |||
{% endif %} | |||
# Server-pool management (MPM specific) | |||
Include conf/extra/httpd-mpm.conf | |||
# Multi-language error messages | |||
Include conf/extra/httpd-multilang-errordoc.conf | |||
# Fancy directory listings | |||
Include conf/extra/httpd-autoindex.conf | |||
# Language settings | |||
Include conf/extra/httpd-languages.conf | |||
# User home directories | |||
Include conf/extra/httpd-userdir.conf | |||
# Real-time info on requests and configuration | |||
#Include conf/extra/httpd-info.conf | |||
# Virtual hosts | |||
#Include conf/extra/httpd-vhosts.conf | |||
# Local access to the Apache HTTP Server Manual | |||
#Include conf/extra/httpd-manual.conf | |||
# Distributed authoring and versioning (WebDAV) | |||
<IfModule mod_dav.c> | |||
Include conf/extra/httpd-dav.conf | |||
</IfModule> | |||
# Various default settings | |||
Include conf/extra/httpd-default.conf | |||
# Configure mod_proxy_html to understand HTML4/XHTML1 | |||
<IfModule proxy_html_module> | |||
Include conf/extra/proxy-html.conf | |||
</IfModule> | |||
# Secure (SSL/TLS) connections | |||
#Include conf/extra/httpd-ssl.conf | |||
# | |||
# Note: The following must must be present to support | |||
# starting without SSL on platforms with no /dev/random equivalent | |||
# but a statically compiled-in mod_ssl. | |||
# | |||
<IfModule ssl_module> | |||
SSLRandomSeed startup builtin | |||
SSLRandomSeed connect builtin | |||
</IfModule> | |||
@@ -1,3 +1,6 @@ | |||
# | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
# Based upon the NCSA server configuration files originally by Rob McCool. | |||
# |
@@ -1,7 +1,6 @@ | |||
# | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
{% from "apache/map.jinja" import apache with context -%} | |||
# envvars - default environment variables for apache2ctl | |||
@@ -1,7 +1,6 @@ | |||
# | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
{% from "apache/map.jinja" import apache with context -%} | |||
# envvars - default environment variables for apache2ctl | |||
@@ -10,7 +10,7 @@ | |||
{%- set sec_pcre_match_limit_recursion = modsec.get('sec_pcre_match_limit_recursion', 1000 ) -%} | |||
{%- set sec_debug_log_level = modsec.get('sec_debug_log_level', 0 ) -%} | |||
# | |||
# This file is managed/autogenerated by salt. | |||
# This file is managed by Salt! Do not edit by hand! | |||
# Modify the salt pillar that generates this file instead | |||
# | |||
# -- Rule engine initialization ---------------------------------------------- |
@@ -1,7 +1,6 @@ | |||
# | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
{%- from "apache/map.jinja" import apache with context -%} | |||
{% if salt['pillar.get']('apache:sites') is mapping %} | |||
{%- set listen_directives = [] %} |
@@ -1,7 +1,6 @@ | |||
# | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
{%- from "apache/map.jinja" import apache with context -%} | |||
{% if salt['pillar.get']('apache:sites') is mapping %} | |||
{%- set listen_directives = [] %} |
@@ -1,7 +1,6 @@ | |||
# | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
{%- from "apache/map.jinja" import apache with context -%} | |||
# envvars - default environment variables for apache2ctl | |||
@@ -1,5 +1,3 @@ | |||
{% from "apache/map.jinja" import apache with context %} | |||
<IfModule !mpm_prefork_module> | |||
LoadModule cgid_module libexec/{{ apache.service }}/mod_cgid.so | |||
</IfModule> |
@@ -1,3 +1 @@ | |||
{% from "apache/map.jinja" import apache with context %} | |||
LoadModule perl_module libexec/{{ apache.service }}/mod_perl.so |
@@ -1,5 +1,3 @@ | |||
{% from "apache/map.jinja" import apache with context %} | |||
LoadModule php5_module /usr/local/libexec/{{ apache.service }}/libphp5.so | |||
DirectoryIndex index.html index.php |
@@ -1,3 +1 @@ | |||
{% from "apache/map.jinja" import apache with context %} | |||
LoadModule proxy_module libexec/{{ apache.service }}/mod_proxy.so |
@@ -1,3 +1 @@ | |||
{% from "apache/map.jinja" import apache with context %} | |||
LoadModule proxy_http_module libexec/{{ apache.service }}/mod_proxy_http.so |
@@ -1,3 +1 @@ | |||
{% from "apache/map.jinja" import apache with context %} | |||
LoadModule rewrite_module libexec/{{ apache.service }}/mod_rewrite.so |
@@ -1,3 +1 @@ | |||
{% from "apache/map.jinja" import apache with context %} | |||
LoadModule suexec_module libexec/{{ apache.service }}/mod_suexec.so |
@@ -1,7 +1,6 @@ | |||
# | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
{%- from "apache/map.jinja" import apache with context -%} | |||
{% if salt['pillar.get']('apache:sites') is mapping %} | |||
{%- set listen_directives = [] %} |
@@ -1,4 +1,7 @@ | |||
# | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
# This is the main Apache HTTP server configuration file. It contains the | |||
# configuration directives that give the server its instructions. | |||
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information. |
@@ -1,7 +1,6 @@ | |||
# | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
{% from "apache/map.jinja" import apache with context %} | |||
# | |||
# This is the main Apache HTTP server configuration file. It contains the | |||
# configuration directives that give the server its instructions. |
@@ -0,0 +1,9 @@ | |||
# | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
# | |||
# This file configures all the logging modules: | |||
LoadModule log_config_module modules/mod_log_config.so | |||
LoadModule log_debug_module modules/mod_log_debug.so | |||
LoadModule log_forensic_module modules/mod_log_forensic.so | |||
LoadModule logio_module modules/mod_logio.so |
@@ -1,4 +1,6 @@ | |||
# managed by saltstack | |||
# | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
{% set mpm_module = 'mpm_prefork' -%} | |||
{% set mpm_param = salt['pillar.get']('apache:mod_mpm_prefork', {}) -%} |
@@ -0,0 +1,5 @@ | |||
# | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
LoadModule geoip_module /usr/lib64/httpd/modules/mod_geoip.so |
@@ -1,4 +1,6 @@ | |||
# managed by saltstack | |||
# | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
RemoteIPHeader {{ salt['pillar.get']('apache:mod_remoteip:RemoteIPHeader', 'X-Forwarded-For') }} | |||
{%- for trusted_proxy in salt['pillar.get']('apache:mod_remoteip:RemoteIPTrustedProxy', []) %} |
@@ -10,7 +10,7 @@ | |||
{%- set sec_pcre_match_limit_recursion = modsec.get('sec_pcre_match_limit_recursion', 1000 ) -%} | |||
{%- set sec_debug_log_level = modsec.get('sec_debug_log_level', 0 ) -%} | |||
# | |||
# This file is managed/autogenerated by salt. | |||
# This file is managed by Salt! Do not edit by hand! | |||
# Modify the salt pillar that generates this file instead | |||
# | |||
@@ -21,8 +21,13 @@ LoadModule security2_module modules/mod_security2.so | |||
</IfModule> | |||
<IfModule mod_security2.c> | |||
# ModSecurity Core Rules Set configuration | |||
Include modsecurity.d/*.conf | |||
Include modsecurity.d/activated_rules/*.conf | |||
{%- if 'osfinger' in grains and grains.osfinger in ('Red Hat Enterprise Linux Server-6', 'CentOS-6') %} | |||
Include modsecurity.d/*.conf | |||
Include modsecurity.d/activated_rules/*.conf | |||
{%- else %} | |||
IncludeOptional modsecurity.d/*.conf | |||
IncludeOptional modsecurity.d/activated_rules/*.conf | |||
{%- endif %} | |||
# Default recommended configuration | |||
SecRuleEngine {{ sec_rule_engine }} |
@@ -1,4 +1,7 @@ | |||
## | |||
# | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
## SSL Global Context | |||
## | |||
## All SSL configuration in this context applies both to |
@@ -0,0 +1,235 @@ | |||
# | |||
# This file is managed by Salt! Do not edit by hand | |||
# | |||
# | |||
# /etc/apache2/httpd.conf | |||
# | |||
# This is the main Apache server configuration file. It contains the | |||
# configuration directives that give the server its instructions. | |||
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information about | |||
# the directives. | |||
# Based upon the default apache configuration file that ships with apache, | |||
# which is based upon the NCSA server configuration files originally by Rob | |||
# McCool. This file was knocked together by Peter Poeml <poeml+apache@suse.de>. | |||
# If possible, avoid changes to this file. It does mainly contain Include | |||
# statements and global settings that can/should be overridden in the | |||
# configuration of your virtual hosts. | |||
# Quickstart guide: | |||
# http://en.opensuse.org/SDB:Apache_installation | |||
# Overview of include files, chronologically: | |||
# | |||
# httpd.conf | |||
# | | |||
# |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under | |||
# |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...) | |||
# |-- loadmodule.conf . . . . . . . . . . . [*] load these modules | |||
# |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on | |||
# |-- mod_log_config.conf . . . . . . . . . define logging formats | |||
# |-- global.conf . . . . . . . . . . . . . [*] server-wide general settings | |||
# |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring) | |||
# |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info | |||
# |-- mod_reqtimeout.conf . . . . . . . . . set timeout and minimum data rate for receiving requests | |||
# |-- mod_cgid-timeout.conf . . . . . . . . set CGIDScriptTimeout if mod_cgid is loaded/active | |||
# |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking | |||
# |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings | |||
# |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration | |||
# |-- errors.conf . . . . . . . . . . . . . customize error responses | |||
# |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts | |||
# | | |||
# |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests | |||
# | |--mod_userdir.conf . . . . . . . . enable UserDir (if mod_userdir is loaded) | |||
# | `--conf.d/apache2-manual?conf . . . add the docs ('?' = if installed) | |||
# | | |||
# `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here | |||
# `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included) | |||
# | |||
# | |||
# Files marked [*] are NOT read when server is started via systemd service. When server | |||
# is started via service, defaults from /etc/sysconfig/apache2 are taken into account. | |||
# | |||
# Filesystem layout: | |||
# | |||
# /etc/apache2/ | |||
# |-- charset.conv . . . . . . . . . . . . for mod_auth_ldap | |||
# |-- conf.d/ | |||
# | |-- apache2-manual.conf . . . . . . . conf that comes with apache2-doc | |||
# | |-- mod_php4.conf . . . . . . . . . . (example) conf that comes with apache2-mod_php4 | |||
# | `-- ... . . . . . . . . . . . . . . . other configuration added by packages | |||
# |-- default-server.conf | |||
# |-- errors.conf | |||
# |-- httpd.conf . . . . . . . . . . . . . top level configuration file | |||
# |-- listen.conf | |||
# |-- magic | |||
# |-- mime.types -> ../mime.types | |||
# |-- mod_autoindex-defaults.conf | |||
# |-- mod_info.conf | |||
# |-- mod_log_config.conf | |||
# |-- mod_mime-defaults.conf | |||
# |-- mod_perl-startup.pl | |||
# |-- mod_status.conf | |||
# |-- mod_userdir.conf | |||
# |-- mod_usertrack.conf | |||
# |-- server-tuning.conf | |||
# |-- ssl-global.conf | |||
# |-- ssl.crl/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Revocation Lists (CRL) | |||
# |-- ssl.crt/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificates | |||
# |-- ssl.csr/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Signing Requests | |||
# |-- ssl.key/ . . . . . . . . . . . . . . PEM-encoded RSA Private Keys | |||
# |-- ssl.prm/ . . . . . . . . . . . . . . public DSA Parameter Files | |||
# |-- global.conf | |||
# |-- loadmodule.conf | |||
# |-- uid.conf | |||
# `-- vhosts.d/ . . . . . . . . . . . . . . put your virtual host configuration (*.conf) here | |||
# |-- vhost-ssl.template | |||
# `-- vhost.template | |||
### Global Environment ###################################################### | |||
# | |||
# The directives in this section affect the overall operation of Apache, | |||
# such as the number of concurrent requests. | |||
# run under this user/group id | |||
Include /etc/apache2/uid.conf | |||
# - how many server processes to start (server pool regulation) | |||
# - usage of KeepAlive | |||
Include /etc/apache2/server-tuning.conf | |||
# ErrorLog: The location of the error log file. | |||
# If you do not specify an ErrorLog directive within a <VirtualHost> | |||
# container, error messages relating to that virtual host will be | |||
# logged here. If you *do* define an error logfile for a <VirtualHost> | |||
# container, that host's errors will be logged there and not here. | |||
ErrorLog /var/log/apache2/error_log | |||
# generated from default value of APACHE_MODULES in /etc/sysconfig/apache2 | |||
<IfDefine !SYSCONFIG> | |||
Include /etc/apache2/loadmodule.conf | |||
</IfDefine> | |||
# IP addresses / ports to listen on | |||
Include /etc/apache2/listen.conf | |||
# predefined logging formats | |||
Include /etc/apache2/mod_log_config.conf | |||
# generated from default values of global settings in /etc/sysconfig/apache2 | |||
<IfDefine !SYSCONFIG> | |||
Include /etc/apache2/global.conf | |||
</IfDefine> | |||
# optional mod_status, mod_info | |||
Include /etc/apache2/mod_status.conf | |||
Include /etc/apache2/mod_info.conf | |||
# mod_reqtimeout protects the server from the so-called "slowloris" | |||
# attack: The server is not swamped with requests in fast succession, | |||
# but with slowly transmitted request headers and body, thereby filling up | |||
# the request slots until the server runs out of them. | |||
# mod_reqtimeout is lightweight and should deliver good results | |||
# with the configured default values. You shouldn't notice it at all. | |||
Include /etc/apache2/mod_reqtimeout.conf | |||
# Fix for CVE-2014-0231 introduces new configuration parameter | |||
# CGIDScriptTimeout. This directive and its effect prevent request | |||
# workers to be eaten until starvation if cgi programs do not send | |||
# output back to the server within the timout set by CGIDScriptTimeout. | |||
Include /etc/apache2/mod_cgid-timeout.conf | |||
# optional cookie-based user tracking | |||
# read the documentation before using it!! | |||
Include /etc/apache2/mod_usertrack.conf | |||
# configuration of server-generated directory listings | |||
Include /etc/apache2/mod_autoindex-defaults.conf | |||
# associate MIME types with filename extensions | |||
TypesConfig /etc/apache2/mime.types | |||
Include /etc/apache2/mod_mime-defaults.conf | |||
# set up (customizable) error responses | |||
Include /etc/apache2/errors.conf | |||
# global (server-wide) SSL configuration, that is not specific to | |||
# any virtual host | |||
Include /etc/apache2/ssl-global.conf | |||
{% if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) -%} | |||
Include /etc/apache24/conf.d/tls-defaults.conf | |||
{%- endif %} | |||
# forbid access to the entire filesystem by default | |||
<Directory /> | |||
Options None | |||
AllowOverride None | |||
<IfModule !mod_access_compat.c> | |||
Require all denied | |||
</IfModule> | |||
<IfModule mod_access_compat.c> | |||
Order deny,allow | |||
Deny from all | |||
</IfModule> | |||
</Directory> | |||
# use .htaccess files for overriding, | |||
AccessFileName .htaccess | |||
# and never show them | |||
<Files ~ "^\.ht"> | |||
<IfModule !mod_access_compat.c> | |||
Require all denied | |||
</IfModule> | |||
<IfModule mod_access_compat.c> | |||
Order allow,deny | |||
Deny from all | |||
</IfModule> | |||
</Files> | |||
# List of resources to look for when the client requests a directory | |||
DirectoryIndex index.html index.html.var | |||
### 'Main' server configuration ############################################# | |||
# | |||
# The directives in this section set up the values used by the 'main' | |||
# server, which responds to any requests that aren't handled by a | |||
# <VirtualHost> definition. These values also provide defaults for | |||
# any <VirtualHost> containers you may define later in the file. | |||
# | |||
# All of these directives may appear inside <VirtualHost> containers, | |||
# in which case these default settings will be overridden for the | |||
# virtual host being defined. | |||
# | |||
Include /etc/apache2/default-server.conf | |||
### Virtual server configuration ############################################ | |||
# | |||
# VirtualHost: If you want to maintain multiple domains/hostnames on your | |||
# machine you can setup VirtualHost containers for them. Most configurations | |||
# use only name-based virtual hosts so the server doesn't need to worry about | |||
# IP addresses. This is indicated by the asterisks in the directives below. | |||
# | |||
# Please see the documentation at | |||
# <URL:http://httpd.apache.org/docs/2.4/vhosts/> | |||
# for further details before you try to setup virtual hosts. | |||
# | |||
# You may use the command line option '-S' to verify your virtual host | |||
# configuration. | |||
# | |||
IncludeOptional /etc/apache2/vhosts.d/*.conf | |||
# Note: instead of adding your own configuration here, consider | |||
# adding it in your own file (/etc/apache2/httpd.conf.local) | |||
# putting its name into APACHE_CONF_INCLUDE_FILES in | |||
# /etc/sysconfig/apache2 -- this will make system updates | |||
# easier :) |
@@ -1,4 +1,7 @@ | |||
# | |||
# This file is managed by Salt! Do not edit by hand! | |||
# | |||
# /etc/apache2/httpd.conf | |||
# | |||
# This is the main Apache server configuration file. It contains the |
@@ -0,0 +1,72 @@ | |||
{%- set apache = pillar.get('apache', {}) %} | |||
{%- set modsec = apache.get('mod_security', {}) %} | |||
{%- set sec_rule_engine = modsec.get('sec_rule_engine', 'DetectionOnly' ) -%} | |||
{%- set sec_request_body_access = modsec.get('sec_request_body_access', 'On' ) -%} | |||
{%- set sec_request_body_limit = modsec.get('sec_request_body_limit', 13107200 ) -%} | |||
{%- set sec_request_body_no_files_limit = modsec.get('sec_request_body_no_files_limit', 131072 ) -%} | |||
{%- set sec_request_body_in_memory_limit = modsec.get('sec_request_body_in_memory_limit', 131072 ) -%} | |||
{%- set sec_request_body_limit_action = modsec.get('sec_request_body_limit_action', 'Reject' ) -%} | |||
{%- set sec_pcre_match_limit = modsec.get('sec_pcre_match_limit', 1000 ) -%} | |||
{%- set sec_pcre_match_limit_recursion = modsec.get('sec_pcre_match_limit_recursion', 1000 ) -%} | |||
{%- set sec_debug_log_level = modsec.get('sec_debug_log_level', 0 ) -%} | |||
# | |||
# This file is managed by Salt! Do not edit by hand! | |||
# Modify the salt pillar that generates this file instead | |||
# | |||
LoadModule security2_module modules/mod_security2.so | |||
<IfModule mod_security2.c> | |||
# ModSecurity Core Rules Set configuration | |||
IncludeOptional modsecurity.d/*.conf | |||
IncludeOptional modsecurity.d/activated_rules/*.conf | |||
# Default recommended configuration | |||
SecRuleEngine {{ sec_rule_engine }} | |||
SecRequestBodyAccess {{ sec_request_body_access }} | |||
SecRule REQUEST_HEADERS:Content-Type "text/xml" \ | |||
"id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" | |||
SecRequestBodyLimit {{ sec_request_body_limit }} | |||
SecRequestBodyNoFilesLimit {{ sec_request_body_no_files_limit }} | |||
SecRequestBodyInMemoryLimit {{ sec_request_body_in_memory_limit }} | |||
SecRequestBodyLimitAction {{ sec_request_body_limit_action }} | |||
SecRule REQBODY_ERROR "!@eq 0" \ | |||
"id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" | |||
SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ | |||
"id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \ | |||
failed strict validation: \ | |||
PE %{REQBODY_PROCESSOR_ERROR}, \ | |||
BQ %{MULTIPART_BOUNDARY_QUOTED}, \ | |||
BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ | |||
DB %{MULTIPART_DATA_BEFORE}, \ | |||
DA %{MULTIPART_DATA_AFTER}, \ | |||
HF %{MULTIPART_HEADER_FOLDING}, \ | |||
LF %{MULTIPART_LF_LINE}, \ | |||
SM %{MULTIPART_MISSING_SEMICOLON}, \ | |||
IQ %{MULTIPART_INVALID_QUOTING}, \ | |||
IP %{MULTIPART_INVALID_PART}, \ | |||
IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ | |||
FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" | |||
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ | |||
"id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" | |||
SecPcreMatchLimit {{ sec_pcre_match_limit }} | |||
SecPcreMatchLimitRecursion {{ sec_pcre_match_limit_recursion }} | |||
SecRule TX:/^MSC_/ "!@streq 0" \ | |||
"id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" | |||
SecResponseBodyAccess Off | |||
SecDebugLog /var/log/apache2/modsec_debug.log | |||
SecDebugLogLevel {{ sec_debug_log_level }} | |||
SecAuditEngine RelevantOnly | |||
SecAuditLogRelevantStatus "^(?:5|4(?!04))" | |||
SecAuditLogParts ABIJDEFHZ | |||
SecAuditLogType Serial | |||
SecAuditLog /var/log/apache2/modsec_audit.log | |||
SecArgumentSeparator & | |||
SecCookieFormat 0 | |||
SecTmpDir /var/lib/mod_security | |||
SecDataDir /var/lib/mod_security | |||
</IfModule> |
@@ -0,0 +1,2 @@ | |||
<VirtualHost *:8088> | |||
</VirtualHost> |
@@ -1,36 +0,0 @@ | |||
{% from "apache/map.jinja" import apache with context %} | |||
{% if salt['grains.get']('os_family') == 'Suse' or salt['grains.get']('os') == 'SUSE' %} | |||
include: | |||
- apache | |||
{% for flag in salt['pillar.get']('apache:flags:enabled', []) %} | |||
a2enflag {{ flag }}: | |||
cmd.run: | |||
- unless: egrep "^APACHE_SERVER_FLAGS=" /etc/sysconfig/apache2 | grep {{ flag }} | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- module: apache-restart | |||
- require_in: | |||
- module: apache-restart | |||
- module: apache-reload | |||
- service: apache | |||
{% endfor %} | |||
{% for module in salt['pillar.get']('apache:flags:disabled', []) %} | |||
a2disflag -f {{ flag }}: | |||
cmd.run: | |||
- onlyif: egrep "^APACHE_SERVER_FLAGS=" /etc/sysconfig/apache2 | grep {{ flag }} | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- module: apache-restart | |||
- require_in: | |||
- module: apache-restart | |||
- module: apache-reload | |||
- service: apache | |||
{% endfor %} | |||
{% endif %} |
@@ -1,57 +1,7 @@ | |||
{% from "apache/map.jinja" import apache with context %} | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=sls | |||
apache: | |||
pkg.installed: | |||
- name: {{ apache.server }} | |||
group.present: | |||
- name: {{ apache.group }} | |||
- system: True | |||
user.present: | |||
- name: {{ apache.user }} | |||
- gid: {{ apache.group }} | |||
- system: True | |||
{# By default run apache service states (unless pillar is false) #} | |||
{% if salt['pillar.get']('apache:manage_service_states', True) %} | |||
service.{{ apache.service_state }}: | |||
- name: {{ apache.service }} | |||
{% if apache.service_state in [ 'running', 'dead' ] %} | |||
- enable: True | |||
{% endif %} | |||
# The following states are inert by default and can be used by other states to | |||
# trigger a restart or reload as needed. | |||
apache-reload: | |||
module.wait: | |||
{% if apache.service_state in ['running'] %} | |||
- name: service.reload | |||
- m_name: {{ apache.service }} | |||
{% else %} | |||
- name: cmd.run | |||
- cmd: {{ apache.custom_reload_command|default('apachectl graceful') }} | |||
- python_shell: True | |||
{% endif %} | |||
apache-restart: | |||
module.wait: | |||
{% if apache.service_state in ['running'] %} | |||
- name: service.restart | |||
- m_name: {{ apache.service }} | |||
{% else %} | |||
- name: cmd.run | |||
- cmd: {{ apache.custom_reload_command|default('apachectl graceful') }} | |||
- python_shell: True | |||
{% endif %} | |||
{% else %} | |||
apache-reload: | |||
test.show_notification: | |||
- name: Skipping reload per user request | |||
- text: Pillar manage_service_states is False | |||
apache-restart: | |||
test.show_notification: | |||
- name: Skipping restart per user request | |||
- text: Pillar manage_service_states is False | |||
{% endif %} | |||
include: | |||
- .package | |||
- .config | |||
- .service |
@@ -0,0 +1,16 @@ | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=jinja | |||
{#- Get the relevant values from the `opts` dict #} | |||
{%- set opts_cli = opts.get('__cli', '') %} | |||
{%- set opts_masteropts_cli = opts | traverse('__master_opts__:__cli', '') %} | |||
{#- Determine the type of salt command being run #} | |||
{%- if opts_cli == 'salt-minion' %} | |||
{%- set cli = 'minion' %} | |||
{%- elif opts_cli == 'salt-call' %} | |||
{%- set cli = 'ssh' if opts_masteropts_cli in ('salt-ssh', 'salt-master') else 'local' %} | |||
{%- else %} | |||
{%- set cli = 'unknown' %} | |||
{%- endif %} | |||
{%- do salt['log.debug']('[libsaltcli] the salt command type has been identified to be: ' ~ cli) %} |
@@ -0,0 +1,112 @@ | |||
{%- macro files_switch(source_files, | |||
lookup=None, | |||
default_files_switch=['id', 'os_family'], | |||
indent_width=6, | |||
use_subpath=False) %} | |||
{#- | |||
Returns a valid value for the "source" parameter of a "file.managed" | |||
state function. This makes easier the usage of the Template Override and | |||
Files Switch (TOFS) pattern. | |||
Params: | |||
* source_files: ordered list of files to look for | |||
* lookup: key under '<tplroot>:tofs:source_files' to prepend to the | |||
list of source files | |||
* default_files_switch: if there's no config (e.g. pillar) | |||
'<tplroot>:tofs:files_switch' this is the ordered list of grains to | |||
use as selector switch of the directories under | |||
"<path_prefix>/files" | |||
* indent_width: indentation of the result value to conform to YAML | |||
* use_subpath: defaults to `False` but if set, lookup the source file | |||
recursively from the current state directory up to `tplroot` | |||
Example (based on a `tplroot` of `xxx`): | |||
If we have a state: | |||
Deploy configuration: | |||
file.managed: | |||
- name: /etc/yyy/zzz.conf | |||
- source: {{ files_switch(['/etc/yyy/zzz.conf', '/etc/yyy/zzz.conf.jinja'], | |||
lookup='Deploy configuration' | |||
) }} | |||
- template: jinja | |||
In a minion with id=theminion and os_family=RedHat, it's going to be | |||
rendered as: | |||
Deploy configuration: | |||
file.managed: | |||
- name: /etc/yyy/zzz.conf | |||
- source: | |||
- salt://xxx/files/theminion/etc/yyy/zzz.conf | |||
- salt://xxx/files/theminion/etc/yyy/zzz.conf.jinja | |||
- salt://xxx/files/RedHat/etc/yyy/zzz.conf | |||
- salt://xxx/files/RedHat/etc/yyy/zzz.conf.jinja | |||
- salt://xxx/files/default/etc/yyy/zzz.conf | |||
- salt://xxx/files/default/etc/yyy/zzz.conf.jinja | |||
- template: jinja | |||
#} | |||
{#- Get the `tplroot` from `tpldir` #} | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- set path_prefix = salt['config.get'](tplroot ~ ':tofs:path_prefix', tplroot) %} | |||
{%- set files_dir = salt['config.get'](tplroot ~ ':tofs:dirs:files', 'files') %} | |||
{%- set files_switch_list = salt['config.get']( | |||
tplroot ~ ':tofs:files_switch', | |||
default_files_switch | |||
) %} | |||
{#- Lookup source_files (v2), files (v1), or fallback to an empty list #} | |||
{%- set src_files = salt['config.get']( | |||
tplroot ~ ':tofs:source_files:' ~ lookup, | |||
salt['config.get'](tplroot ~ ':tofs:files:' ~ lookup, []) | |||
) %} | |||
{#- Append the default source_files #} | |||
{%- set src_files = src_files + source_files %} | |||
{#- Only add to [''] when supporting older TOFS implementations #} | |||
{%- set path_prefix_exts = [''] %} | |||
{%- if use_subpath and tplroot != tpldir %} | |||
{#- Walk directory tree to find {{ files_dir }} #} | |||
{%- set subpath_parts = tpldir.lstrip(tplroot).lstrip('/').split('/') %} | |||
{%- for path in subpath_parts %} | |||
{%- set subpath = subpath_parts[0:loop.index] | join('/') %} | |||
{%- do path_prefix_exts.append('/' ~ subpath) %} | |||
{%- endfor %} | |||
{%- endif %} | |||
{%- for path_prefix_ext in path_prefix_exts|reverse %} | |||
{%- set path_prefix_inc_ext = path_prefix ~ path_prefix_ext %} | |||
{#- For older TOFS implementation, use `files_switch` from the config #} | |||
{#- Use the default, new method otherwise #} | |||
{%- set fsl = salt['config.get']( | |||
tplroot ~ path_prefix_ext|replace('/', ':') ~ ':files_switch', | |||
files_switch_list | |||
) %} | |||
{#- Append an empty value to evaluate as `default` in the loop below #} | |||
{%- if '' not in fsl %} | |||
{%- set fsl = fsl + [''] %} | |||
{%- endif %} | |||
{%- for fs in fsl %} | |||
{%- for src_file in src_files %} | |||
{%- if fs %} | |||
{%- set fs_dirs = salt['config.get'](fs, fs) %} | |||
{%- else %} | |||
{%- set fs_dirs = salt['config.get'](tplroot ~ ':tofs:dirs:default', 'default') %} | |||
{%- endif %} | |||
{#- Force the `config.get` lookup result as a list where necessary #} | |||
{#- since we need to also handle grains that are lists #} | |||
{%- if fs_dirs is string %} | |||
{%- set fs_dirs = [fs_dirs] %} | |||
{%- endif %} | |||
{%- for fs_dir in fs_dirs %} | |||
{%- set url = [ | |||
'- salt:/', | |||
path_prefix_inc_ext.strip('/'), | |||
files_dir.strip('/'), | |||
fs_dir.strip('/'), | |||
src_file.strip('/'), | |||
] | select | join('/') %} | |||
{{ url | indent(indent_width, true) }} | |||
{%- endfor %} | |||
{%- endfor %} | |||
{%- endfor %} | |||
{%- endfor %} | |||
{%- endmacro %} |
@@ -1,26 +0,0 @@ | |||
{% from "apache/map.jinja" import apache with context %} | |||
{{ apache.logrotatedir }}: | |||
file: | |||
- managed | |||
- contents: | | |||
{{ apache.logdir }}/*.log { | |||
daily | |||
missingok | |||
rotate 14 | |||
compress | |||
delaycompress | |||
notifempty | |||
create 640 root adm | |||
sharedscripts | |||
postrotate | |||
if /etc/init.d/{{ apache.service }} status > /dev/null ; then \ | |||
/etc/init.d/{{ apache.service }} reload > /dev/null; \ | |||
fi; | |||
endscript | |||
prerotate | |||
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ | |||
run-parts /etc/logrotate.d/httpd-prerotate; \ | |||
fi; \ | |||
endscript | |||
} |
@@ -1,31 +0,0 @@ | |||
{% from "apache/map.jinja" import apache with context %} | |||
{%- macro security_config(name) %} | |||
{{ name }}: | |||
file.managed: | |||
- source: | |||
- salt://apache/files/{{ salt['grains.get']('os_family') }}/security.conf.jinja | |||
- salt://apache/files/security.conf.jinja | |||
- mode: 644 | |||
- template: jinja | |||
- require: | |||
- pkg: apache | |||
- watch_in: | |||
- module: apache-restart | |||
- require_in: | |||
- module: apache-restart | |||
- module: apache-reload | |||
- service: apache | |||
{%- endmacro %} | |||
include: | |||
- apache | |||
{% if grains['os_family']=="Debian" %} | |||
{{ security_config('/etc/apache2/conf-available/security.conf') }} | |||
- onlyif: test -f '/etc/apache2/conf-available/security.conf' | |||
{% elif grains['os_family']=="FreeBSD" %} | |||
{{ security_config(apache.confdir+'/security.conf') }} | |||
{% endif %} |
@@ -1,23 +1,79 @@ | |||
{#- vi: set ft=jinja: #} | |||
# -*- coding: utf-8 -*- | |||
# vim: ft=jinja | |||
{%- import_yaml "apache/defaults.yaml" as default_settings %} | |||
{%- import_yaml "apache/osfamilymap.yaml" as osfamilymap %} | |||
{%- import_yaml "apache/oscodenamemap.yaml" as oscodenamemap %} | |||
{%- import_yaml "apache/osfingermap.yaml" as osfingermap %} | |||
{%- import_yaml "apache/modsecurity.yaml" as modsec %} | |||
{%- set tplroot = tpldir.split('/')[0] %} | |||
{%- import_yaml tplroot ~ "/defaults.yaml" as default_settings %} | |||
{%- import_yaml tplroot ~ "/osarchmap.yaml" as osarchmap %} | |||
{%- import_yaml tplroot ~ "/osfamilymap.yaml" as osfamilymap %} | |||
{%- import_yaml tplroot ~ "/osmap.yaml" as osmap %} | |||
{%- import_yaml tplroot ~ "/osfingermap.yaml" as osfingermap %} | |||
{%- import_yaml tplroot ~ "/oscodenamemap.yaml" as oscodename %} | |||
{%- import_yaml tplroot ~ "/modsecurity.yaml" as modsec %} | |||
{%- set defaults = salt['grains.filter_by'](default_settings, | |||
default='apache', | |||
merge=salt['grains.filter_by'](modsec, grain='os_family', | |||
merge=salt['grains.filter_by'](osfamilymap, grain='os_family', | |||
merge=salt['grains.filter_by'](oscodenamemap, grain='oscodename', | |||
merge=salt['grains.filter_by'](osfingermap, grain='osfinger', | |||
merge=salt['pillar.get']('apache:lookup', default={}) | |||
{#- Retrieve the config dict only once #} | |||
{%- set _config = salt['config.get'](tplroot, default={}) %} | |||
{%- set defaults = salt['grains.filter_by']( | |||
default_settings, | |||
default=tplroot, | |||
merge=salt['grains.filter_by']( | |||
osarchmap, | |||
grain='osarch', | |||
merge=salt['grains.filter_by']( | |||
osfamilymap, | |||
grain='os_family', | |||
merge=salt['grains.filter_by']( | |||
osmap, | |||
grain='os', | |||
merge=salt['grains.filter_by']( | |||
oscodename, | |||
grain='oscodename', | |||
merge=salt['grains.filter_by']( | |||
osfingermap, | |||
grain='osfinger', | |||
merge=salt['grains.filter_by']( | |||
modsec, | |||
grain='os_family', | |||
merge=salt['grains.filter_by']( | |||
_config, | |||
default='lookup' | |||
) | |||
) | |||
) | |||
) | |||
) | |||
) | |||
) | |||
) | |||
) %} | |||
%} | |||
{%- set config = salt['grains.filter_by']( | |||
{'defaults': defaults}, | |||
default='defaults', | |||
merge=_config | |||
) | |||
%} | |||
{%- set apache = config %} | |||
{#- Post-processing for specific non-YAML customisations #} | |||
{%- if grains.os_family == 'MacOS' %} | |||
{%- set rootuser = salt['cmd.run']("stat -f '%Su' /dev/console") %} | |||
{%- set rootgroup = salt['cmd.run']("stat -f '%Sg' /dev/console") %} | |||
{%- do apache.update({'rootuser': rootgroup}) %} | |||
{%- do apache.update({'rootgroup': rootgroup}) %} | |||
{%- elif grains.os_family == 'Windows' %} | |||
{%- set rootuser = salt['cmd.run']("id -un") %} | |||
{%- do apache.update({'rootuser': rootuser}) %} | |||
{%- endif %} | |||
{#- Merge the apache pillar #} | |||
{%- set apache = salt['pillar.get']('apache', default=defaults, merge=True) %} | |||
{# legacy pillar support #} | |||
{%- if 'server' in apache.lookup and apache.lookup.server is string %} | |||
{%- do apache.pkg.update({'name': apache.server}) %} | |||
{%- endif %} | |||
{%- if 'service' in apache.lookup and apache.lookup.service is string %} | |||
{%- do apache.service.update({'name': apache.service}) %} | |||
{%- endif %} | |||
{%- if 'configfile' in apache and apache.configfile is string %} | |||
{%- do apache.update({'config': apache.configfile}) %} | |||
{%- endif %} |