diff --git a/README.md b/README.md index 5fc865d948..619fa33047 100755 --- a/README.md +++ b/README.md @@ -1128,6 +1128,13 @@ Limits the number of requests allowed per connection when the [`keepalive` param Default: '100'. +##### `hostname_lookups` + +This directive enables DNS lookups so that host names can be logged (and passed to CGIs/SSIs in REMOTE_HOST). Values:'On','Off','Double'. + +Default: 'Off'. +> **Note**: If enabled, it impacts performance significantly. + ##### `lib_path` Specifies the location where [Apache module][Apache modules] files are stored. diff --git a/manifests/init.pp b/manifests/init.pp index 159927a92a..22440378ef 100755 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -13,76 +13,77 @@ # Sample Usage: # class apache ( - $apache_name = $::apache::params::apache_name, - $service_name = $::apache::params::service_name, - $default_mods = true, - Boolean $default_vhost = true, - $default_charset = undef, - Boolean $default_confd_files = true, - Boolean $default_ssl_vhost = false, - $default_ssl_cert = $::apache::params::default_ssl_cert, - $default_ssl_key = $::apache::params::default_ssl_key, - $default_ssl_chain = undef, - $default_ssl_ca = undef, - $default_ssl_crl_path = undef, - $default_ssl_crl = undef, - $default_ssl_crl_check = undef, - $default_type = 'none', - $dev_packages = $::apache::params::dev_packages, - $ip = undef, - Boolean $service_enable = true, - Boolean $service_manage = true, - $service_ensure = 'running', - $service_restart = undef, - $purge_configs = true, - $purge_vhost_dir = undef, - $purge_vdir = false, - $serveradmin = 'root@localhost', - Enum['On', 'Off', 'on', 'off'] $sendfile = 'On', - $error_documents = false, - $timeout = '60', - $httpd_dir = $::apache::params::httpd_dir, - $server_root = $::apache::params::server_root, - $conf_dir = $::apache::params::conf_dir, - $confd_dir = $::apache::params::confd_dir, - $conf_enabled = $::apache::params::conf_enabled, - $vhost_dir = $::apache::params::vhost_dir, - $vhost_enable_dir = $::apache::params::vhost_enable_dir, - $mod_libs = $::apache::params::mod_libs, - $mod_packages = $::apache::params::mod_packages, - $vhost_include_pattern = $::apache::params::vhost_include_pattern, - $mod_dir = $::apache::params::mod_dir, - $mod_enable_dir = $::apache::params::mod_enable_dir, - $mpm_module = $::apache::params::mpm_module, - $lib_path = $::apache::params::lib_path, - $conf_template = $::apache::params::conf_template, - $servername = $::apache::params::servername, - $pidfile = $::apache::params::pidfile, - Optional[Stdlib::Absolutepath] $rewrite_lock = undef, - Boolean $manage_user = true, - Boolean $manage_group = true, - $user = $::apache::params::user, - $group = $::apache::params::group, - $http_protocol_options = $::apache::params::http_protocol_options, - $supplementary_groups = [], - $keepalive = $::apache::params::keepalive, - $keepalive_timeout = $::apache::params::keepalive_timeout, - $max_keepalive_requests = $::apache::params::max_keepalive_requests, - $limitreqfieldsize = '8190', - $limitreqfields = '100', - $logroot = $::apache::params::logroot, - $logroot_mode = $::apache::params::logroot_mode, - $log_level = $::apache::params::log_level, - $log_formats = {}, - $ssl_file = undef, - $ports_file = $::apache::params::ports_file, - $docroot = $::apache::params::docroot, - $apache_version = $::apache::version::default, - $server_tokens = 'Prod', - $server_signature = 'On', - $trace_enable = 'On', - Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes = undef, - $file_e_tag = undef, + $apache_name = $::apache::params::apache_name, + $service_name = $::apache::params::service_name, + $default_mods = true, + Boolean $default_vhost = true, + $default_charset = undef, + Boolean $default_confd_files = true, + Boolean $default_ssl_vhost = false, + $default_ssl_cert = $::apache::params::default_ssl_cert, + $default_ssl_key = $::apache::params::default_ssl_key, + $default_ssl_chain = undef, + $default_ssl_ca = undef, + $default_ssl_crl_path = undef, + $default_ssl_crl = undef, + $default_ssl_crl_check = undef, + $default_type = 'none', + $dev_packages = $::apache::params::dev_packages, + $ip = undef, + Boolean $service_enable = true, + Boolean $service_manage = true, + $service_ensure = 'running', + $service_restart = undef, + $purge_configs = true, + $purge_vhost_dir = undef, + $purge_vdir = false, + $serveradmin = 'root@localhost', + Enum['On', 'Off', 'on', 'off'] $sendfile = 'On', + $error_documents = false, + $timeout = '60', + $httpd_dir = $::apache::params::httpd_dir, + $server_root = $::apache::params::server_root, + $conf_dir = $::apache::params::conf_dir, + $confd_dir = $::apache::params::confd_dir, + Enum['Off', 'On', 'Double', 'off', 'on', 'double'] $hostname_lookups = $::apache::params::hostname_lookups, + $conf_enabled = $::apache::params::conf_enabled, + $vhost_dir = $::apache::params::vhost_dir, + $vhost_enable_dir = $::apache::params::vhost_enable_dir, + $mod_libs = $::apache::params::mod_libs, + $mod_packages = $::apache::params::mod_packages, + $vhost_include_pattern = $::apache::params::vhost_include_pattern, + $mod_dir = $::apache::params::mod_dir, + $mod_enable_dir = $::apache::params::mod_enable_dir, + $mpm_module = $::apache::params::mpm_module, + $lib_path = $::apache::params::lib_path, + $conf_template = $::apache::params::conf_template, + $servername = $::apache::params::servername, + $pidfile = $::apache::params::pidfile, + Optional[Stdlib::Absolutepath] $rewrite_lock = undef, + Boolean $manage_user = true, + Boolean $manage_group = true, + $user = $::apache::params::user, + $group = $::apache::params::group, + $http_protocol_options = $::apache::params::http_protocol_options, + $supplementary_groups = [], + $keepalive = $::apache::params::keepalive, + $keepalive_timeout = $::apache::params::keepalive_timeout, + $max_keepalive_requests = $::apache::params::max_keepalive_requests, + $limitreqfieldsize = '8190', + $limitreqfields = '100', + $logroot = $::apache::params::logroot, + $logroot_mode = $::apache::params::logroot_mode, + $log_level = $::apache::params::log_level, + $log_formats = {}, + $ssl_file = undef, + $ports_file = $::apache::params::ports_file, + $docroot = $::apache::params::docroot, + $apache_version = $::apache::version::default, + $server_tokens = 'Prod', + $server_signature = 'On', + $trace_enable = 'On', + Optional[Enum['on', 'off', 'nodecode']] $allow_encoded_slashes = undef, + $file_e_tag = undef, Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']] $use_canonical_name = undef, $package_ensure = 'installed', diff --git a/manifests/params.pp b/manifests/params.pp index 16d071a02d..3ea105454a 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -42,6 +42,9 @@ # Default mode for files $file_mode = '0644' + # The default value for host hame lookup + $hostname_lookups = 'Off' + # Default options for / directory $root_directory_options = ['FollowSymLinks'] diff --git a/spec/acceptance/apache_parameters_spec.rb b/spec/acceptance/apache_parameters_spec.rb index a979cdb87c..98c7dd2ee4 100755 --- a/spec/acceptance/apache_parameters_spec.rb +++ b/spec/acceptance/apache_parameters_spec.rb @@ -529,6 +529,44 @@ class { 'apache': end end + describe 'hostname_lookups' do + describe 'setup' do + it 'applies cleanly' do + pp = "class { 'apache': hostname_lookups => 'On' }" + apply_manifest(pp, catch_failures: true) + end + end + + describe file($conf_file) do + it { is_expected.to be_file } + it { is_expected.to contain 'HostnameLookups On' } + end + + describe 'setup' do + it 'applies cleanly' do + pp = "class { 'apache': hostname_lookups => 'Off' }" + apply_manifest(pp, catch_failures: true) + end + end + + describe file($conf_file) do + it { is_expected.to be_file } + it { is_expected.to contain 'HostnameLookups Off' } + end + + describe 'setup' do + it 'applies cleanly' do + pp = "class { 'apache': hostname_lookups => 'Double' }" + apply_manifest(pp, catch_failures: true) + end + end + + describe file($conf_file) do + it { is_expected.to be_file } + it { is_expected.to contain 'HostnameLookups Double' } + end + end + describe 'trace_enable' do pp = <<-MANIFEST class { 'apache': diff --git a/spec/classes/apache_spec.rb b/spec/classes/apache_spec.rb index ebac58cbfa..ad4f8dcc62 100644 --- a/spec/classes/apache_spec.rb +++ b/spec/classes/apache_spec.rb @@ -438,6 +438,7 @@ it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^AllowEncodedSlashes nodecode$} } end + describe 'Alternate confd/mod/vhosts directory when specifying default character set' do let :params do { @@ -628,6 +629,40 @@ it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^EnableSendfile Off\n} } end + describe 'hostname lookup with invalid value' do + let :params do + { hostname_lookups: 'foo' } + end + + it 'fails' do + expect { + catalogue + }.to raise_error(Puppet::Error, %r{Evaluation Error}) + end + end + describe 'hostname_lookups On' do + let :params do + { hostname_lookups: 'On' } + end + + it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^HostnameLookups On\n} } + end + describe 'hostname_lookups Off' do + let :params do + { hostname_lookups: 'Off' } + end + + it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^HostnameLookups Off\n} } + end + + describe 'hostname_lookups Double' do + let :params do + { hostname_lookups: 'Double' } + end + + it { is_expected.to contain_file('/etc/httpd/conf/httpd.conf').with_content %r{^HostnameLookups Double\n} } + end + context 'on Fedora 21' do let :facts do super().merge(operatingsystem: 'Fedora', diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb index 31d71b9d80..92796656f0 100644 --- a/spec/defines/vhost_spec.rb +++ b/spec/defines/vhost_spec.rb @@ -85,7 +85,6 @@ 'ssl_proxyengine' => true, 'ssl_proxy_cipher_suite' => 'HIGH', 'ssl_proxy_protocol' => 'TLSv1.2', - 'priority' => '30', 'default_vhost' => true, 'servername' => 'example.com', diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb index 2d5d55ac2f..5393cb8bbc 100755 --- a/templates/httpd.conf.erb +++ b/templates/httpd.conf.erb @@ -65,7 +65,7 @@ AddDefaultCharset <%= @default_charset %> <%- if scope.function_versioncmp([@apache_version, '2.4']) < 0 -%> DefaultType <%= @default_type %> <%- end -%> -HostnameLookups Off +HostnameLookups <%= @hostname_lookups %> <%- if /^[|\/]/.match(@error_log) || /^syslog:/.match(@error_log) -%> ErrorLog "<%= @error_log %>" <%- else -%>