updated apache2 cookbook to latest version

apache2/README.md

@@ -12,6 +12,45 @@ Debian-style Apache configuration uses scripts to manage modules and sites (vhos
 
 This cookbook ships with templates of these scripts for non Debian/Ubuntu platforms. The scripts are used in the __Definitions__ below.
 
+Changes/Roadmap
+===============
+
+### v1.0.8:
+
+* COOK-548 - directory resource doesn't have backup parameter
+
+### v1.0.6:
+
+* COOK-915 - update to `mod_auth_openid` version 0.6, see __Recipes/mod_auth_openid__ below.
+* COOK-548 - Add support for FreeBSD.
+
+### v1.0.4:
+
+* COOK-859 - don't hardcode module paths
+
+### v1.0.2
+
+* Tickets resolved in this release: COOK-788, COOK-782, COOK-780
+
+### v1.0.0
+
+* Red Hat family support is greatly improved, all recipes except `god_monitor` converge.
+* Recipe `mod_auth_openid` now works on RHEL family distros
+* Recipe `mod_php5` will now remove config from package on RHEL family so it doesn't conflict with the cookbook's.
+* Added `php5.conf.erb` template for `mod_php5` recipe.
+* Create the run state directory for `mod_fcgid` to prevent a startup error on RHEL version 6.
+* New attribute `node['apache']['lib_dir']` to handle lib vs lib64 on RHEL family distributions.
+* New attribute `node['apache']['group']`.
+* Scientific Linux support added.
+* Use a file resource instead of the generate-module-list executed perl script on RHEL family.
+* "default" site can now be disabled.
+* web_app now has an "enable" parameter.
+* Support for dav_fs apache module.
+* Tickets resolved in this release: COOK-754, COOK-753, COOK-665, COOK-624, COOK-579, COOK-519, COOK-518
+* Fix node references in template for a2dissite
+* Use proper user and group attributes on files and templates.
+* Replace the anemic README.rdoc with this new and improved superpowered README.md :).
+
 Requirements
 ============
 
@@ -75,6 +114,9 @@ These are general settings used in recipes and templates. Default values are not
 * `node['apache']['keepalive']` - Value for the KeepAlive directive. Default is On.
 * `node['apache']['keepaliverequests']` - Value for MaxKeepAliveRequests. Default is 100.
 * `node['apache']['keepalivetimeout']` - Value for the KeepAliveTimeout directive. Default is 5.
+* `node['apache']['default_modules']` - Array of module names. Can take "mod_FOO" or "FOO" as names, where FOO is the apache module, e.g. "`mod_status`" or "`status`".
+
+The modules listed in `default_modules` will be included as recipes in `recipe[apache::default]`.
 
 Prefork attributes
 ------------------
@@ -99,6 +141,17 @@ Worker attributes are used for tuning the Apache HTTPD worker MPM configuration.
 * `node['apache']['worker']['maxsparethreads]` - Maximum number of spare worker threads. Default 192.
 * `node['apache']['worker']['maxrequestsperchild']` - Maximum number of requests a child process will handle.
 
+mod\_auth\_openid attributes
+----------------------------
+
+The following attributes are in the `attributes/mod_auth_openid.rb` file. Like all Chef attributes files, they are loaded as well, but they're logistically unrelated to the others, being specific to the `mod_auth_openid` recipe.
+
+* `node['apache']['mod_auth_openid']['checksum']` - sha256sum of the tarball containing the source.
+* `node['apache']['mod_auth_openid']['version']` - version of the `mod_auth_openid` to download.
+* `node['apache']['mod_auth_openid']['cache_dir']` - the cache directory is where the sqlite3 database is stored. It is separate so it can be managed as a directory resource.
+* `node['apache']['mod_auth_openid']['dblocation']` - filename of the sqlite3 database used for directive `AuthOpenIDDBLocation`, stored in the `cache_dir` by default.
+* `node['apache']['mod_auth_openid']['configure_flags']` - optional array of configure flags passed to the `./configure` step in the compilation of the module.
+
 Recipes
 =======
 
@@ -111,20 +164,28 @@ On RHEL Family distributions, certain modules ship with a config file with the p
 default
 -------
 
-The default recipe does a number of things to set up Apache HTTPd.
+The default recipe does a number of things to set up Apache HTTPd. It also includes a number of modules based on the attribute `node['apache']['default_modules']` as recipes.
 
 mod\_auth\_openid
 -----------------
 
+**Changed via COOK-915**
+
 This recipe compiles the module from source. In addition to `build-essential`, some other packages are included for installation like the GNU C++ compiler and development headers.
 
 To use the module in your own cookbooks to authenticate systems using OpenIDs, specify an array of OpenIDs that are allowed to authenticate with the attribute `node['apache']['allowed_openids']`. Use the following in a vhost to protect with OpenID authentication:
 
-    AuthOpenIDEnabled On
-    AuthOpenIDDBLocation /var/cache/apache2/mod_auth_openid.db
-    AuthOpenIDUserProgram /usr/local/bin/mod_auth_openid.rb
+    AuthType OpenID
+    require user <%= node['apache']['allowed_openids'].join(' ') %>
+    AuthOpenIDDBLocation <%= node['apache']['mod_auth_openid']['dblocation'] %>
+
+Change the DBLocation with the attribute as required; this file is in a different location than previous versions, see below. It should be a sane default for most platforms, though, see `attributes/mod_auth_openid.rb`.
+
+### Changes from COOK-915:
 
-Change the DBLocation as appropriate for your platform. You'll need to change the file in the recipe to match. The UserProgram is optional if you don't want to limit access by certain OpenIDs.
+* `AuthType OpenID` instead of `AuthOpenIDEnabled On`.
+* `require user` instead of `AuthOpenIDUserProgram`.
+* A bug(?) in `mod_auth_openid` causes it to segfault when attempting to update the database file if the containing directory is not writable by the HTTPD process owner (e.g., www-data), even if the file is writable. In order to not interfere with other settings from the default recipe in this cookbook, the db file is moved.
 
 mod\_fcgid
 ----------
@@ -292,28 +353,6 @@ Using this cookbook is relatively straightforward. Add the desired recipes to th
 
 For examples of using the definitions in your own recipes, see their respective sections above.
 
-Changes
-=======
-
-## v1.0.0
-
-* Red Hat family support is greatly improved, all recipes except `god_monitor` converge.
-* Recipe `mod_auth_openid` now works on RHEL family distros
-* Recipe `mod_php5` will now remove config from package on RHEL family so it doesn't conflict with the cookbook's.
-* Added `php5.conf.erb` template for `mod_php5` recipe.
-* Create the run state directory for `mod_fcgid` to prevent a startup error on RHEL version 6.
-* New attribute `node['apache']['lib_dir']` to handle lib vs lib64 on RHEL family distributions.
-* New attribute `node['apache']['group']`.
-* Scientific Linux support added.
-* Use a file resource instead of the generate-module-list executed perl script on RHEL family.
-* "default" site can now be disabled.
-* web_app now has an "enable" parameter.
-* Support for dav_fs apache module.
-* Tickets resolved in this release: COOK-754, COOK-753, COOK-665, COOK-624, COOK-579, COOK-519, COOK-518
-* Fix node references in template for a2dissite
-* Use proper user and group attributes on files and templates.
-* Replace the anemic README.rdoc with this new and improved superpowered README.md :).
-
 License and Authors
 ===================
 

apache2/attributes/default.rb

@@ -17,9 +17,12 @@
 # limitations under the License.
 #
 
+set[:apache][:root_group]  = "root"
+
 # Where the various parts of apache are
 case platform
 when "redhat","centos","scientific","fedora","suse"
+  set[:apache][:package] = "httpd"
   set[:apache][:dir]     = "/etc/httpd"
   set[:apache][:log_dir] = "/var/log/httpd"
   set[:apache][:user]    = "apache"
@@ -32,8 +35,9 @@
   else
     set[:apache][:pid_file] = "/var/run/httpd.pid"
   end
-  set[:apache][:lib_dir] = node[:kernel][:machine] == "i386" ? "/usr/lib/httpd" : "/usr/lib64/httpd"
+  set[:apache][:lib_dir] = node[:kernel][:machine] =~ /^i[36]86$/ ? "/usr/lib/httpd" : "/usr/lib64/httpd"
 when "debian","ubuntu"
+  set[:apache][:package] = "apache2"
   set[:apache][:dir]     = "/etc/apache2"
   set[:apache][:log_dir] = "/var/log/apache2"
   set[:apache][:user]    = "www-data"
@@ -44,6 +48,7 @@
   set[:apache][:pid_file]  = "/var/run/apache2.pid"
   set[:apache][:lib_dir] = "/usr/lib/apache2"
 when "arch"
+  set[:apache][:package] = "apache"
   set[:apache][:dir]     = "/etc/httpd"
   set[:apache][:log_dir] = "/var/log/httpd"
   set[:apache][:user]    = "http"
@@ -53,6 +58,18 @@
   set[:apache][:cache_dir] = "/var/cache/httpd"
   set[:apache][:pid_file]  = "/var/run/httpd/httpd.pid"
   set[:apache][:lib_dir] = "/usr/lib/httpd"
+when "freebsd"
+  set[:apache][:package] = "apache22"
+  set[:apache][:dir]     = "/usr/local/etc/apache22"
+  set[:apache][:log_dir] = "/var/log"
+  set[:apache][:root_group] = "wheel"
+  set[:apache][:user]    = "www"
+  set[:apache][:group]    = "www"
+  set[:apache][:binary]  = "/usr/local/sbin/httpd"
+  set[:apache][:icondir] = "/usr/local/www/apache22/icons"
+  set[:apache][:cache_dir] = "/var/run/apache22"
+  set[:apache][:pid_file]  = "/var/run/httpd.pid"
+  set[:apache][:lib_dir] = "/usr/local/libexec/apache22"
 else
   set[:apache][:dir]     = "/etc/apache2"
   set[:apache][:log_dir] = "/var/log/apache2"
@@ -101,3 +118,12 @@
 default[:apache][:worker][:maxsparethreads] = 192
 default[:apache][:worker][:threadsperchild] = 64
 default[:apache][:worker][:maxrequestsperchild] = 0
+
+# Default modules to enable via include_recipe
+
+default['apache']['default_modules'] = %w{
+  status alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex
+  dir env mime negotiation setenvif
+}
+
+default['apache']['default_modules'] << "log_config" if node.platform?("redhat", "centos", "scientific", "fedora", "suse", "arch", "freebsd")

apache2/attributes/mod_auth_openid.rb

@@ -0,0 +1,23 @@
+# 
+# Author:: Joshua Timberman <joshua@opscode.com>
+# Copyright:: Copyright (c) 2011, Opscode, Inc.
+# License:: Apache License, Version 2.0
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#    http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# 
+
+default['apache']['mod_auth_openid']['checksum'] = "79e7ca52511d1230"
+default['apache']['mod_auth_openid']['version']  = "0.6"
+default['apache']['mod_auth_openid']['cache_dir']  = "/var/cache/mod_auth_openid"
+default['apache']['mod_auth_openid']['dblocation'] = "#{node['apache']['mod_auth_openid']['cache_dir']}/mod_auth_openid.db"
+default['apache']['mod_auth_openid']['configure_flags'] = []

apache2/definitions/apache_module.rb

@@ -21,14 +21,15 @@
   include_recipe "apache2"
 
   params[:filename] = params[:filename] || "mod_#{params[:name]}.so"
+  params[:module_path] = params[:module_path] || "#{node['apache']['lib_dir']}/modules/#{params[:filename]}"
 
   if params[:conf]
     apache_conf params[:name]
   end
 
   if platform?("redhat", "centos", "scientific", "fedora", "arch", "suse" )
     file "#{node['apache']['dir']}/mods-available/#{params[:name]}.load" do
-      content "LoadModule #{params[:name]}_module #{node['apache']['lib_dir']}/modules/#{params[:filename]}\n"
+      content "LoadModule #{params[:name]}_module #{params[:module_path]}\n"
       mode 0644
     end
   end

apache2/definitions/web_app.rb

@@ -29,7 +29,7 @@
   template "#{node[:apache][:dir]}/sites-available/#{application_name}.conf" do
     source params[:template]
     owner "root"
-    group "root"
+    group node[:apache][:root_group]
     mode 0644
     if params[:cookbook]
       cookbook params[:cookbook]

apache2/metadata.rb

@@ -3,7 +3,7 @@
 license           "Apache 2.0"
 description       "Installs and configures all aspects of apache2 using Debian style symlinks with helper definitions"
 long_description  IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version           "1.0.0"
+version           "1.0.8"
 recipe            "apache2", "Main Apache configuration"
 recipe            "apache2::mod_alias", "Apache module 'alias' with config file"
 recipe            "apache2::mod_auth_basic", "Apache module 'auth_basic'"
@@ -42,7 +42,7 @@
 recipe            "apache2::mod_status", "Apache module 'status' with config file"
 recipe            "apache2::mod_xsendfile", "Apache module 'xsendfile'"
 
-%w{redhat centos scientific fedora debian ubuntu arch }.each do |os|
+%w{redhat centos scientific fedora debian ubuntu arch freebsd}.each do |os|
   supports os
 end
 
@@ -196,3 +196,8 @@
   :display_name => "Apache Worker MPM MaxRequestsPerChild",
   :description => "Maximum number of request a child process will handle",
   :default => "0"
+
+attribute "apache/default_modules",
+  :display_name => "Apache Default Modules",
+  :description => "Default modules to enable via recipes",
+  :default => "status alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex dir env mime negotiation setenvif"