Append vhost includes

[jza34]

Hi, I try to add an include statements to the puppetboard vhost with no luck.
Is there a way to do it?

My last attempt, based on your code digging is:

  class { 'puppetboard::apache::vhost':
    vhost_name => $::fqdn,
    port       => 9080,
    custom_apache_parameters => {
      additional_includes +> ['/etc/httpd/10-auth_openidc.conf']
    }
  }

My wish is to add this include "/etc/httpd/10-auth_openidc.conf" in the Vhost definition created by the module right before closing the Virtualhost definition

You notice I use the (+>) instead of (=>) but with error:

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Syntax error at '+>' (file: /etc/puppetlabs/code/environments/production/modules/webreport/manifests/init.pp, line: 65, column: 27

And with (=>) instead I get this error:

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: The attribute 'additional_includes' has already been set (file: /etc/puppetlabs/code/environments/production/modules/puppetboard/manifests/apache/vhost.pp, line: 144, column: 3)

I hope you can help me to do this :)
Thank you

[SiteDesignUSA]

Same here. I've tried in the past to set this up but to no avail. All I (and you) want to do is add some configs to apache conf. Just some way to amend the virtualhost.

Back in 2014, nibalizer said in #19 (comment) that "I don't think its in scope for us to pass in a ton of apache options. The module can set up a basic puppetboard for you if you like, and if you don't like to do that, include everything but the Apache section. And roll your own apache configuration."

I've tried "rolling my own" and tried just copying out the apache conf file to set up and puppetboard goes to the docroot but its without a index page and just show the directory content. It's a mess.

Back in 2019 I tried this and got some feedback (a year after I asked). The reason I know is I just stumbled upon my question again now that I'm trying to get this working again.

vchepkov gave me code (and I'm going to try) which uses erb file.

THe link is #243 (comment)

b4ldr gave me code too (which I will also try) and documentation link that uses variable, heredoc idea.

#243 (comment)

[smortex]

"amending" is an anti-pattern in Puppet, and custom_apache_parameters is rather limited. If you have "advanced" requirements, do not use this built-in VHost and provide your own in your puppetboard profile. I also think the module should probably not ship with such a VHost or insist on the fact it is only a starter/example you will not use in a real world scenario.

Here is my profile for reference (it use passenger to serve the application and rely on puppet PKI to grant access to the dashboard):

class profile::puppetboard (
  String[1] $hostname = 'puppetboard.example.com',
) {
  include profile::apache
  include profile::python

  $puppetboard_path = '/srv/puppetboard/puppetboard/'

  class { 'puppetboard':
    revision       => 'v3.3.0',
    puppetdb_port  => 8079,
    offline_mode   => true,
    extra_settings => {
      'DAILY_REPORTS_CHART_DAYS' => 14,
      'GRAPH_FACTS'              => [
        'aio_agent_version',
        'apache_version',
        'apt_has_updates',
        'apt_reboot_required',
        'architecture',
        'augeasversion',
        'bios_vendor',
        'bios_version',
        'boardmanufacturer',
        'clientversion',
        'collectd_version',
        'customer',
        'docker_client_version',
        'docker_server_version',
        'domain',
        'facterversion',
        'freebsd_reboot_required',
        'hardwareisa',
        'hardwaremodel',
        'is_pe',
        'is_virtual',
        'kernel',
        'kernelmajversion',
        'kernelrelease',
        'kernelversion',
        'lsbcodename',
        'lsbdistcodename',
        'lsbdistid',
        'lsbdistrelease',
        'lsbmajdistrelease',
        'manufacturer',
        'netmask',
        'operatingsystem',
        'operatingsystemmajrelease',
        'operatingsystemrelease',
        'osfamily',
        'package_provider',
        'physicalprocessorcount',
        'pip_version',
        'pkg_has_updates',
        'pkg_has_vulnerabilities',
        'processorcount',
        'puppetversion',
        'python2_version',
        'python3_version',
        'python_version',
        'rubyplatform',
        'rubyversion',
        'selinux',
        'service_provider',
        'syslog_ng_version',
        'systemd',
        'systemd_version',
        'timezone',
        'type',
        'virtual',
        'virtualbox_version',
        'virtualenv_version',
        'zfs_version',
        'zpool_version',
      ],
      'INVENTORY_FACTS'          => "[('Hostname', 'fqdn'), ('Customer', 'customer'), ('Role', 'role'), ('OS', 'lsbdistdescription'), ('Kernel Version', 'kernelrelease'), ('Puppet Version', 'puppetversion')]",
    },
  }

  dehydrated::certificate { $hostname:
  }

  apache::vhost { $hostname:
    port                   => 443,
    docroot                => "${puppetboard_path}/public",
    aliases                => [
      {
        alias => '/static',
        path  => "${puppetboard_path}/puppetboard/static",
      },
    ],
    manage_docroot         => false,
    setenv                 => [
      "PUPPETBOARD_SETTINGS ${puppetboard_path}/settings.py",
    ],
    ssl                    => true,
    ssl_ca                 => "${settings::ssldir}/certs/ca.pem",
    ssl_crl                => "${settings::ssldir}/crl.pem",
    ssl_verify_client      => 'require',
    passenger_app_root     => $puppetboard_path,
    passenger_app_type     => 'wsgi',
    passenger_startup_file => 'wsgi.py',
    passenger_python       => '/srv/puppetboard/virtenv-puppetboard/bin/python',
    passenger_user         => 'puppetboard',
    *                      => dehydrated::apache::vhost_attributes($hostname),
  }

  Class['puppetboard'] ~> Class['apache::service']
}

[SiteDesignUSA]

@smortex

"amending" is an anti-pattern in Puppet, and custom_apache_parameters is rather limited. If you have "advanced" requirements, do not use this built-in VHost and provide your own in your puppetboard profile. I also think the module should probably not ship with such a VHost or insist on the fact it is only a starter/example you will not use in a real world scenario.

Yes. I'm not that quick and sharp as others on this so I struggle. All I want to do is get rid of the preconfigured "Require all granted" in the puppetboard/templates/apache/conf.erb:12: file. I then can just make my own directory section, but with the hard code, I can't get basic auth or any security working.

I just need to add:

$directory_frag = @(CONFIG)
Options Indexes FollowSymLinks MultiViews
AllowOverride None
AuthBasicProvider file
AuthName "Restricted Content"
AuthType Basic
AuthUserFile "/home/puppetboard/.htpasswd/.pass"
Require valid-user
| CONFIG

  class { 'puppetboard::apache::vhost':
    vhost_name               => "$tj_vhost_name",
    port                     => $tj_vhost_port,
    ssl                      => true,
    ssl_cert                 => "$tj_ssl_cert_path",
    ssl_key                  => "$tj_ssl_key_path",
    custom_apache_parameters => {
      directories => [{
        provider        => 'directory',
        path            => '/srv/puppetboard/puppetboard',
        custom_fragment => $directory_frag,
      }, ],
    },
  }

and somehow get rid of the preconfigured "Require all granted"

[SiteDesignUSA]

@smortex
I should also mention that I (and I'm sure others) are very grateful to your help and config. There is so much to know.

The other problem with this is I don't know python and there is some sort of "magic" that allows puppetboard to work correctly if I use his "out of the box" setup. If I try to use puppet apache to emulate the .conf file, it just lists files in "/srv/puppetboard/puppetboard" instead of serving Puppetboard. If I let class { 'puppetboard::apache::vhost': remain, do a puppet agent -t and then paste in the correct config, it works.

Soooo, right now I'm looking at some sort of post hook to just overwrite the %!@## apache .conf file.

I guess that's hacking! Pieces of code everywhere.