Permalink
Browse files

Merge branch 'master' into live

  • Loading branch information...
2 parents bf7f121 + 936cfdf commit 166497a290c35024d50d7bc24bd192b9270632fe cookbooks committed Feb 7, 2011
Showing with 3,260 additions and 0 deletions.
  1. +78 −0 README.rdoc
  2. +87 −0 attributes/default.rb
  3. +25 −0 definitions/apache_conf.rb
  4. +43 −0 definitions/apache_module.rb
  5. +40 −0 definitions/apache_site.rb
  6. +49 −0 definitions/web_app.rb
  7. +41 −0 files/default/apache2_module_conf_generate.pl
  8. +500 −0 metadata.json
  9. +197 −0 metadata.rb
  10. +210 −0 recipes/default.rb
  11. +33 −0 recipes/god_monitor.rb
  12. +22 −0 recipes/mod_alias.rb
  13. +20 −0 recipes/mod_auth_basic.rb
  14. +20 −0 recipes/mod_auth_digest.rb
  15. +83 −0 recipes/mod_auth_openid.rb
  16. +20 −0 recipes/mod_authn_file.rb
  17. +20 −0 recipes/mod_authnz_ldap.rb
  18. +20 −0 recipes/mod_authz_default.rb
  19. +20 −0 recipes/mod_authz_groupfile.rb
  20. +20 −0 recipes/mod_authz_host.rb
  21. +20 −0 recipes/mod_authz_user.rb
  22. +22 −0 recipes/mod_autoindex.rb
  23. +20 −0 recipes/mod_cgi.rb
  24. +20 −0 recipes/mod_dav.rb
  25. +22 −0 recipes/mod_dav_svn.rb
  26. +22 −0 recipes/mod_deflate.rb
  27. +22 −0 recipes/mod_dir.rb
  28. +20 −0 recipes/mod_env.rb
  29. +20 −0 recipes/mod_expires.rb
  30. +46 −0 recipes/mod_fcgid.rb
  31. +20 −0 recipes/mod_headers.rb
  32. +20 −0 recipes/mod_ldap.rb
  33. +24 −0 recipes/mod_log_config.rb
  34. +22 −0 recipes/mod_mime.rb
  35. +22 −0 recipes/mod_negotiation.rb
  36. +37 −0 recipes/mod_php5.rb
  37. +22 −0 recipes/mod_proxy.rb
  38. +20 −0 recipes/mod_proxy_ajp.rb
  39. +20 −0 recipes/mod_proxy_balancer.rb
  40. +20 −0 recipes/mod_proxy_connect.rb
  41. +20 −0 recipes/mod_proxy_http.rb
  42. +32 −0 recipes/mod_python.rb
  43. +20 −0 recipes/mod_rewrite.rb
  44. +22 −0 recipes/mod_setenvif.rb
  45. +42 −0 recipes/mod_ssl.rb
  46. +22 −0 recipes/mod_status.rb
  47. +27 −0 recipes/mod_wsgi.rb
  48. +22 −0 templates/default/a2dismod.erb
  49. +29 −0 templates/default/a2dissite.erb
  50. +37 −0 templates/default/a2enmod.erb
  51. +38 −0 templates/default/a2ensite.erb
  52. +232 −0 templates/default/apache2.conf.erb
  53. +19 −0 templates/default/apache2.god.erb
  54. +6 −0 templates/default/charset.erb
  55. +57 −0 templates/default/default-site.erb
  56. +12 −0 templates/default/mod_auth_openid.rb.erb
  57. +2 −0 templates/default/mods/README
  58. +24 −0 templates/default/mods/alias.conf.erb
  59. +6 −0 templates/default/mods/authopenid.load.erb
  60. +101 −0 templates/default/mods/autoindex.conf.erb
  61. +16 −0 templates/default/mods/deflate.conf.erb
  62. +5 −0 templates/default/mods/dir.conf.erb
  63. +10 −0 templates/default/mods/fcgid.conf.erb
  64. +196 −0 templates/default/mods/mime.conf.erb
  65. +18 −0 templates/default/mods/negotiation.conf.erb
  66. +19 −0 templates/default/mods/proxy.conf.erb
  67. +28 −0 templates/default/mods/setenvif.conf.erb
  68. +72 −0 templates/default/mods/ssl.conf.erb
  69. +16 −0 templates/default/mods/status.conf.erb
  70. +2 −0 templates/default/port_apache.erb
  71. +6 −0 templates/default/ports.conf.erb
  72. +50 −0 templates/default/security.erb
  73. +43 −0 templates/default/web_app.conf.erb
View
@@ -0,0 +1,78 @@
+= DESCRIPTION:
+
+Complete Debian/Ubuntu style Apache2 configuration.
+
+= REQUIREMENTS:
+
+Debian or Ubuntu preferred.
+
+Red Hat, CentOS, Fedora and ArchLinux can be used but will be converted to a Debian/Ubuntu style Apache as it's far easier to manage with Chef.
+
+= ATTRIBUTES:
+
+The file attributes/apache.rb contains the following attribute types:
+
+* platform specific locations and settings.
+* general settings
+* prefork attributes
+* worker attributes
+
+General settings and prefork/worker attributes are tunable.
+
+= USAGE:
+
+Include the apache2 recipe to install Apache2 and get 'sane' default settings. Configuration is modularized through Apache vhost sites a la Debian style configuration.
+
+For Red Hat, CentOS and Fedora you should first disable selinux as it's not supported (yet), then remove the stock httpd and all it's dependencies prior to attempting to use this recipe. Many packages in these distributions drop conflicting configs into conf.d, all of which haven't been accounted for yet. Starting from scratch will also make it far easier to debug.
+
+== Defines:
+
+* +apache_module+: sets up an Apache module.
+* +apache_conf+: sets up a config file for an apache module.
+* +apache_site+: sets up a vhost site. The conf file must be available.
+* +web_app+: copies the template for a web app and enables it as a site via +apache_site+.
+
+== Web Apps:
+
+Various applications that can be set up with Apache as the front end, such as PHP, Django, Rails and others can use the web_app define to set up the template and the Apache site. The define is kind of dumb, so the template needs have the application implementation settings, since we don't know what your app is or what is needed from Apache.
+
+We only prototype one parameter for the +web_app+ define, "template". This is used to specify the name of the template to use in the current cookbook. When you use +web_app+, you can set up any parameters you want to use in your template. They will get passed to the template through the params hash. For example, the sample +web_app.conf.erb+ template in this cookbook makes use of these.
+
+* +docroot+
+* +server_name+
+* +server_aliases+
+
+These are available as +params[:docroot]+, +params[:server_name]+, +params[:server_aliases]+ prefixed with an @ within the template.
+
+If 'cookbook' and 'template' are not specified, the current cookbook's +templates/default/web_app.conf.erb+ will be used. If this template is not suitable for your application, copy it to your cookbook and customize as needed.
+
+== God Monitor:
+
+There's a new recipe, +apache2::god_monitor+. You will need to make sure to include the 'god' recipe before using the +apache2::god_monitor+ recipe in your cookbook.
+
+== OpenID Auth
+
+Installs the +mod_auth_openid+ module from source. Specify an array of OpenIDs that are allowed to authenticate with the attribute +apache[:allowed_openids]+. Use the following in a vhost to protect with OpenID authentication:
+
+ AuthOpenIDEnabled On
+ AuthOpenIDDBLocation /var/cache/apache2/mod_auth_openid.db
+ AuthOpenIDUserProgram /usr/local/bin/mod_auth_openid.rb
+
+Change the DBLocation as appropriate for your platform. You'll need to change the file in the recipe to match. The UserProgram is optional if you don't want to limit access by certain OpenIDs.
+
+= LICENSE & AUTHOR:
+
+Author:: Joshua Timberman (<joshua@opscode.com>)
+Copyright:: 2009, Opscode, Inc
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
View
@@ -0,0 +1,87 @@
+#
+# Cookbook Name:: apache2
+# Attributes:: apache
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Where the various parts of apache are
+case platform
+when "redhat","centos","fedora","suse"
+ set[:apache][:dir] = "/etc/httpd"
+ set[:apache][:log_dir] = "/var/log/httpd"
+ set[:apache][:user] = "apache"
+ set[:apache][:binary] = "/usr/sbin/httpd"
+ set[:apache][:icondir] = "/var/www/icons/"
+ set[:apache][:cache_dir] = "/var/cache/httpd"
+when "debian","ubuntu"
+ set[:apache][:dir] = "/etc/apache2"
+ set[:apache][:log_dir] = "/var/log/apache2"
+ set[:apache][:user] = "www-data"
+ set[:apache][:binary] = "/usr/sbin/apache2"
+ set[:apache][:icondir] = "/usr/share/apache2/icons"
+ set[:apache][:cache_dir] = "/var/cache/apache2"
+when "arch"
+ set[:apache][:dir] = "/etc/httpd"
+ set[:apache][:log_dir] = "/var/log/httpd"
+ set[:apache][:user] = "http"
+ set[:apache][:binary] = "/usr/sbin/httpd"
+ set[:apache][:icondir] = "/usr/share/httpd/icons"
+ set[:apache][:cache_dir] = "/var/cache/httpd"
+else
+ set[:apache][:dir] = "/etc/apache2"
+ set[:apache][:log_dir] = "/var/log/apache2"
+ set[:apache][:user] = "www-data"
+ set[:apache][:binary] = "/usr/sbin/apache2"
+ set[:apache][:icondir] = "/usr/share/apache2/icons"
+ set[:apache][:cache_dir] = "/var/cache/apache2"
+end
+
+###
+# These settings need the unless, since we want them to be tunable,
+# and we don't want to override the tunings.
+###
+
+# General settings
+default[:apache][:listen_ports] = [ "80","443" ]
+default[:apache][:contact] = "ops@example.com"
+default[:apache][:timeout] = 300
+default[:apache][:keepalive] = "On"
+default[:apache][:keepaliverequests] = 100
+default[:apache][:keepalivetimeout] = 5
+
+# Security
+default[:apache][:servertokens] = "Prod"
+default[:apache][:serversignature] = "On"
+default[:apache][:traceenable] = "On"
+
+# mod_auth_openids
+default[:apache][:allowed_openids] = Array.new
+
+# Prefork Attributes
+default[:apache][:prefork][:startservers] = 16
+default[:apache][:prefork][:minspareservers] = 16
+default[:apache][:prefork][:maxspareservers] = 32
+default[:apache][:prefork][:serverlimit] = 400
+default[:apache][:prefork][:maxclients] = 400
+default[:apache][:prefork][:maxrequestsperchild] = 10000
+
+# Worker Attributes
+default[:apache][:worker][:startservers] = 4
+default[:apache][:worker][:maxclients] = 1024
+default[:apache][:worker][:minsparethreads] = 64
+default[:apache][:worker][:maxsparethreads] = 192
+default[:apache][:worker][:threadsperchild] = 64
+default[:apache][:worker][:maxrequestsperchild] = 0
View
@@ -0,0 +1,25 @@
+#
+# Cookbook Name:: apache2
+# Definition:: apache_conf
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_conf do
+ template "#{node[:apache][:dir]}/mods-available/#{params[:name]}.conf" do
+ source "mods/#{params[:name]}.conf.erb"
+ notifies :restart, resources(:service => "apache2")
+ end
+end
@@ -0,0 +1,43 @@
+#
+# Cookbook Name:: apache2
+# Definition:: apache_module
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_module, :enable => true, :conf => false do
+ include_recipe "apache2"
+
+ if params[:conf]
+ apache_conf params[:name]
+ end
+
+ if params[:enable]
+ execute "a2enmod #{params[:name]}" do
+ command "/usr/sbin/a2enmod #{params[:name]}"
+ notifies :restart, resources(:service => "apache2")
+ not_if do (File.symlink?("#{node[:apache][:dir]}/mods-enabled/#{params[:name]}.load") and
+ ((File.exists?("#{node[:apache][:dir]}/mods-available/#{params[:name]}.conf"))?
+ (File.symlink?("#{node[:apache][:dir]}/mods-enabled/#{params[:name]}.conf")):(true)))
+ end
+ end
+ else
+ execute "a2dismod #{params[:name]}" do
+ command "/usr/sbin/a2dismod #{params[:name]}"
+ notifies :restart, resources(:service => "apache2")
+ only_if do ::File.symlink?("#{node[:apache][:dir]}/mods-enabled/#{params[:name]}.load") end
+ end
+ end
+end
View
@@ -0,0 +1,40 @@
+#
+# Cookbook Name:: apache2
+# Definition:: apache_site
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_site, :enable => true do
+ include_recipe "apache2"
+
+ if params[:enable]
+ execute "a2ensite #{params[:name]}" do
+ command "/usr/sbin/a2ensite #{params[:name]}"
+ notifies :restart, resources(:service => "apache2")
+ not_if do
+ ::File.symlink?("#{node[:apache][:dir]}/sites-enabled/#{params[:name]}") or
+ ::File.symlink?("#{node[:apache][:dir]}/sites-enabled/000-#{params[:name]}")
+ end
+ only_if do ::File.exists?("#{node[:apache][:dir]}/sites-available/#{params[:name]}") end
+ end
+ else
+ execute "a2dissite #{params[:name]}" do
+ command "/usr/sbin/a2dissite #{params[:name]}"
+ notifies :restart, resources(:service => "apache2")
+ only_if do ::File.symlink?("#{node[:apache][:dir]}/sites-enabled/#{params[:name]}") end
+ end
+ end
+end
View
@@ -0,0 +1,49 @@
+#
+# Cookbook Name:: apache2
+# Definition:: web_app
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :web_app, :template => "web_app.conf.erb" do
+
+ application_name = params[:name]
+
+ include_recipe "apache2"
+ include_recipe "apache2::mod_rewrite"
+ include_recipe "apache2::mod_deflate"
+ include_recipe "apache2::mod_headers"
+
+ template "#{node[:apache][:dir]}/sites-available/#{application_name}.conf" do
+ source params[:template]
+ owner "root"
+ group "root"
+ mode 0644
+ if params[:cookbook]
+ cookbook params[:cookbook]
+ end
+ variables(
+ :application_name => application_name,
+ :params => params
+ )
+ if ::File.exists?("#{node[:apache][:dir]}/sites-enabled/#{application_name}.conf")
+ notifies :reload, resources(:service => "apache2"), :delayed
+ end
+ end
+
+ apache_site "#{params[:name]}.conf" do
+ enable enable_setting
+ end
+end
@@ -0,0 +1,41 @@
+#!/usr/bin/perl
+
+=begin
+
+Generates Ubuntu style module.load files.
+
+./apache2_module_conf_generate.pl /usr/lib64/httpd/modules /etc/httpd/mods-available
+
+ARGV[0] is the apache modules directory, ARGV[1] is where you want 'em.
+
+=cut
+
+use File::Find;
+
+use strict;
+use warnings;
+
+die "Must have '/path/to/modules' and '/path/to/modules.load'"
+ unless $ARGV[0] && $ARGV[1];
+
+find(
+ {
+ wanted => sub {
+ return 1 if $File::Find::name !~ /\.so$/;
+ my $modfile = $_;
+ $modfile =~ /(lib|mod_)(.+)\.so$/;
+ my $modname = $2;
+ my $filename = "$ARGV[1]/$modname.load";
+ unless ( -f $filename ) {
+ open( FILE, ">", $filename ) or die "Cannot open $filename";
+ print FILE "LoadModule " . $modname . "_module $File::Find::name\n";
+ close(FILE);
+ }
+ },
+ follow => 1,
+ },
+ $ARGV[0]
+);
+
+exit 0;
+
Oops, something went wrong.

0 comments on commit 166497a

Please sign in to comment.