update apache cookbook

apache2/.gitignore

@@ -1 +1,3 @@
 test/kitchen/.kitchen/
+
+Gemfile.lock

apache2/CHANGELOG.md

@@ -1,3 +1,32 @@
+## v1.6.0:
+
+* [COOK-2372] - apache2 mpm_worker: add ServerLimit attribute (default
+  to 16)
+
+## v1.5.0:
+
+**NOTE** The `mod_auth_openid` attributes are changed. The upstream
+  maintainer deprecated the older release versions, and the source
+  repository has releases available at specific SHA1SUM references.
+  The new attribute, `node['apache']['mod_auth_openid']['ref']` is
+  used to set this.
+
+* [COOK-2198] - `apache::mod_auth_openid` compiles from source, but
+  does not install make on debian/ubuntu
+* [COOK-2224] - version conflict between cucumber and other gems
+* [COOK-2248] - `apache2::mod_php5` uses `not_if` "which php" without
+  ensuring package 'which' is installed
+* [COOK-2269] - Set allow list for mod_status incase external monitor scripts need
+* [COOK-2276] - cookbook apache2 documentation regarding listening
+  ports doesn't match default attributes
+* [COOK-2296] - `mod_auth_openid` doesn't have tags/releases for the
+  version I need for features and fixes
+* [COOK-2323] - Add Oracle linux support
+
+## v1.4.2:
+
+* [COOK-1721] - fix logrotate recipe
+
 ## v1.4.0:
 
 * [COOK-1456] - iptables enhancements

apache2/Gemfile

@@ -1,10 +1,10 @@
 source :rubygems
 
-gem 'cucumber', '~> 1.1.8'
+gem 'cucumber', '~> 1.2.0'
 gem 'httparty', '~> 0.8.3'
 gem 'minitest', '~> 3.0.0'
 gem 'nokogiri', '~> 1.5.0'
 
 group :kitchen  do
-  gem 'test-kitchen'
+  gem 'test-kitchen', '< 1.0'
 end

apache2/README.md

@@ -168,7 +168,7 @@ General settings
 These are general settings used in recipes and templates. Default
 values are noted.
 
-* `node['apache']['listen_ports']` - Ports that httpd should listen on. Default is an array of ports 80 and 443.
+* `node['apache']['listen_ports']` - Ports that httpd should listen on. Default is port 80.
 * `node['apache']['contact']` - Value for ServerAdmin directive. Default "ops@example.com".
 * `node['apache']['timeout']` - Value for the Timeout directive. Default is 300.
 * `node['apache']['keepalive']` - Value for the KeepAlive directive. Default is On.
@@ -198,6 +198,7 @@ Worker attributes are used for tuning the Apache HTTPD worker MPM
 configuration.
 
 * `node['apache']['worker']['startservers']` - Initial number of server processes to start. Default 4
+* `node['apache']['worker']['serverlimit']` - upper limit on configurable server processes. Default 16.
 * `node['apache']['worker']['maxclients']` - Maximum number of simultaneous connections. Default 1024.
 * `node['apache']['worker']['minsparethreads']` - Minimum number of spare worker threads. Default 64
 * `node['apache']['worker']['maxsparethreads']` - Maximum number of spare worker threads. Default 192.
@@ -212,7 +213,7 @@ they're logistically unrelated to the others, being specific to the
 `mod_auth_openid` recipe.
 
 * `node['apache']['mod_auth_openid']['checksum']` - sha256sum of the tarball containing the source.
-* `node['apache']['mod_auth_openid']['version']` - version of the `mod_auth_openid` to download.
+* `node['apache']['mod_auth_openid']['ref']` - Any sha, tag, or branch found from https://github.com/bmuller/mod_auth_openid
 * `node['apache']['mod_auth_openid']['cache_dir']` - the cache directory is where the sqlite3 database is stored. It is separate so it can be managed as a directory resource.
 * `node['apache']['mod_auth_openid']['dblocation']` - filename of the sqlite3 database used for directive `AuthOpenIDDBLocation`, stored in the `cache_dir` by default.
 * `node['apache']['mod_auth_openid']['configure_flags']` - optional array of configure flags passed to the `./configure` step in the compilation of the module.

apache2/attributes/default.rb

@@ -21,7 +21,7 @@
 
 # Where the various parts of apache are
 case platform
-when "redhat", "centos", "scientific", "fedora", "suse", "amazon"
+when "redhat", "centos", "scientific", "fedora", "suse", "amazon", "oracle"
   default['apache']['package'] = "httpd"
   default['apache']['dir']     = "/etc/httpd"
   default['apache']['log_dir'] = "/var/log/httpd"
@@ -118,6 +118,9 @@
 # mod_auth_openids
 default['apache']['allowed_openids'] = Array.new
 
+# mod_status Allow list, space seprated list of allowed entries.  
+default['apache']['status_allow_list'] = "localhost ip6-localhost"
+
 # mod_status ExtendedStatus, set to 'true' to enable
 default['apache']['ext_status'] = false
 
@@ -131,6 +134,7 @@
 
 # Worker Attributes
 default['apache']['worker']['startservers'] = 4
+default['apache']['worker']['serverlimit'] = 16
 default['apache']['worker']['maxclients'] = 1024
 default['apache']['worker']['minsparethreads'] = 64
 default['apache']['worker']['maxsparethreads'] = 192

apache2/attributes/mod_auth_openid.rb

@@ -16,8 +16,8 @@
 # limitations under the License.
 #
 
-default['apache']['mod_auth_openid']['checksum'] = "79e7ca52511d1230"
-default['apache']['mod_auth_openid']['version']  = "0.6"
+default['apache']['mod_auth_openid']['ref']  = "95043901eab868400937642d9bc55d17e9dd069f"
+default['apache']['mod_auth_openid']['source_url'] = "https://github.com/bmuller/mod_auth_openid/archive/#{node['apache']['mod_auth_openid']['ref']}.tar.gz"
 default['apache']['mod_auth_openid']['cache_dir']  = "/var/cache/mod_auth_openid"
 default['apache']['mod_auth_openid']['dblocation'] = "#{node['apache']['mod_auth_openid']['cache_dir']}/mod_auth_openid.db"
 

apache2/metadata.rb

@@ -4,7 +4,7 @@
 license           "Apache 2.0"
 description       "Installs and configures all aspects of apache2 using Debian style symlinks with helper definitions"
 long_description  IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version           "1.4.0"
+version           "1.6.1"
 recipe            "apache2", "Main Apache configuration"
 recipe            "apache2::logrotate", "Rotate apache2 logs. Requires logrotate cookbook"
 recipe            "apache2::mod_alias", "Apache module 'alias' with config file"

apache2/recipes/logrotate.rb

@@ -26,4 +26,6 @@
 rescue
   Chef::Log.warn("The apache::logrotate recipe requires the logrotate cookbook. Install the cookbook with `knife cookbook site install logrotate`.")
 end
-logrotate_app apache_service.service_name
+logrotate_app apache_service.service_name do
+  path node['apache']['log_dir']
+end

apache2/recipes/mod_auth_openid.rb

@@ -18,7 +18,7 @@
 #
 
 openid_dev_pkgs = value_for_platform_family(
-  ["debian"] => %w{g++ apache2-prefork-dev libopkele-dev libopkele3},
+  ["debian"] => %w{automake make g++ apache2-prefork-dev libopkele-dev libopkele3 libtool},
   ["rhel", "fedora"] => %w{gcc-c++ httpd-devel curl-devel libtidy libtidy-devel sqlite-devel pcre-devel openssl-devel make},
   "arch" => ["libopkele"],
   "freebsd" => %w{libopkele pcre sqlite3}
@@ -51,6 +51,7 @@
   remote_file "#{Chef::Config['file_cache_path']}/libopkele-2.0.4.tar.gz" do
     source "http://kin.klever.net/dist/libopkele-2.0.4.tar.gz"
     mode 00644
+    checksum "57a5bc753b7e80c5ece1e5968b2051b0ce7ed9ce4329d17122c61575a9ea7648"
   end
 
   bash "install libopkele" do
@@ -66,30 +67,32 @@
   end
 end
 
-_checksum = node['apache']['mod_auth_openid']['checksum']
-version = node['apache']['mod_auth_openid']['version']
+version = node['apache']['mod_auth_openid']['ref']
 configure_flags = node['apache']['mod_auth_openid']['configure_flags']
 
 remote_file "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}.tar.gz" do
-  if Chef::Version.new(version) >= Chef::Version.new(0.7)
-    source "https://github.com/downloads/bmuller/mod_auth_openid/mod_auth_openid-#{version}.tar.gz"
-  else
-    source "http://butterfat.net/releases/mod_auth_openid/mod_auth_openid-#{version}.tar.gz"
-  end
+  source node['apache']['mod_auth_openid']['source_url']
   mode 00644
-  checksum _checksum
+  action :create_if_missing
 end
 
 file "mod_auth_openid_dblocation" do
   path node['apache']['mod_auth_openid']['dblocation']
   action :nothing
 end
 
-bash "install mod_auth_openid" do
+bash "untar mod_auth_openid" do
   cwd Chef::Config['file_cache_path']
   code <<-EOH
   tar zxvf mod_auth_openid-#{version}.tar.gz
-  cd mod_auth_openid-#{version} && ./configure #{configure_flags.join(' ')}
+  EOH
+end
+
+bash "compile mod_auth_openid" do
+  cwd "#{Chef::Config['file_cache_path']}/mod_auth_openid-#{version}"
+  code <<-EOH
+  ./autogen.sh
+  ./configure #{configure_flags.join(' ')}
   perl -pi -e "s/-i -a -n 'authopenid'/-i -n 'authopenid'/g" Makefile
   #{make_cmd} && #{make_cmd} install
   EOH

apache2/recipes/mod_php5.rb

@@ -30,6 +30,7 @@
 
 when "rhel"
 
+  package "which"
   package "php package" do
     if node['platform_version'].to_f < 6.0
       package_name "php53"

apache2/templates/default/apache2.conf.erb

@@ -74,6 +74,7 @@ KeepAliveTimeout <%= node['apache']['keepalivetimeout'] %>
 # MaxRequestsPerChild: maximum number of requests a server process serves
 <IfModule mpm_worker_module>
     StartServers          <%= node['apache']['worker']['startservers'] %>
+    ServerLimit           <%= node['apache']['worker']['serverlimit'] %>
     MaxClients            <%= node['apache']['worker']['maxclients'] %>
     MinSpareThreads       <%= node['apache']['worker']['minsparethreads'] %>
     MaxSpareThreads       <%= node['apache']['worker']['maxsparethreads'] %>

apache2/templates/default/mods/status.conf.erb

@@ -9,7 +9,7 @@
     SetHandler server-status
     Order deny,allow
     Deny from all
-    Allow from localhost ip6-localhost
+    Allow from <%=node['apache']['status_allow_list']%>
 #    Allow from .example.com
 </Location>
 #