This module provides a "standard library" of resources for developing Puppet\nModules. This modules will include the following additions to Puppet
\n\nThis module is officially curated and provided by Puppet Labs. The modules\nPuppet Labs writes and distributes will make heavy use of this standard\nlibrary.
\n\nTo report or research a bug with any part of this module, please go to\nhttp://projects.puppetlabs.com/projects/stdlib
\n\nThis module follows semver.org (v1.0.0) versioning guidelines. The standard\nlibrary module is released as part of Puppet\nEnterprise and as a result\nolder versions of Puppet Enterprise that Puppet Labs still supports will have\nbugfix maintenance branches periodically "merged up" into master. The current\nlist of integration branches are:
\n\nThe first Puppet Enterprise version including the stdlib module is Puppet\nEnterprise 1.2.
\n\nPuppet Versions | \n< 2.6 | \n2.6 | \n2.7 | \n3.x | \n
---|---|---|---|---|
stdlib 2.x | \nno | \nyes | \nyes | \nno | \n
stdlib 3.x | \nno | \nno | \nyes | \nyes | \n
stdlib 4.x | \nno | \nno | \nno | \nyes | \n
The stdlib module does not work with Puppet versions released prior to Puppet\n2.6.0.
\n\nAll stdlib releases in the 2.0 major version support Puppet 2.6 and Puppet 2.7.
\n\nThe 3.0 major release of stdlib drops support for Puppet 2.6. Stdlib 3.x\nsupports Puppet 2 and Puppet 3.
\n\nThe 4.0 major release of stdlib drops support for Puppet 2.7. Stdlib 4.x\nsupports Puppet 3. Notably, ruby 1.8.5 is no longer supported though ruby\n1.8.7, 1.9.3, and 2.0.0 are fully supported.
\n\nReturns the absolute value of a number, for example -34.56 becomes\n34.56. Takes a single integer and float value as an argument.
\n\nThis converts any object to an array containing that object. Empty argument\nlists are converted to an empty array. Arrays are left untouched. Hashes are\nconverted to arrays of alternating keys and values.
\n\nConverts a boolean to a number. Converts the values:\nfalse, f, 0, n, and no to 0\ntrue, t, 1, y, and yes to 1\n Requires a single boolean or string as an input.
\n\nCapitalizes the first letter of a string or array of strings.\nRequires either a single string or an array as an input.
\n\nRemoves the record separator from the end of a string or an array of\nstrings, for example hello\\n
becomes hello
.\nRequires a single string or array as an input.
Returns a new string with the last character removed. If the string ends\nwith \\r\\n
, both characters are removed. Applying chop to an empty\nstring returns an empty string. If you wish to merely remove record\nseparators then you should use the chomp
function.\nRequires a string or array of strings as input.
Appends the contents of array 2 onto array 1.
\n\nExample:
\n\nconcat(['1','2','3'],['4','5','6'])\n
\n\nWould result in:
\n\n['1','2','3','4','5','6']
\n\nTakes an array as first argument and an optional second argument.\nCount the number of elements in array that matches second argument.\nIf called with only an array it counts the number of elements that are not nil/undef.
\n\nTakes a resource reference and an optional hash of attributes.
\n\nReturns true if a resource with the specified attributes has already been added\nto the catalog, and false otherwise.
\n\nuser { 'dan':\n ensure => present,\n}\n\nif ! defined_with_params(User[dan], {'ensure' => 'present' }) {\n user { 'dan': ensure => present, }\n}\n
\n\nDeletes all instances of a given element from an array, substring from a\nstring, or key from a hash.
\n\nExamples:
\n\ndelete(['a','b','c','b'], 'b')\nWould return: ['a','c']\n\ndelete({'a'=>1,'b'=>2,'c'=>3}, 'b')\nWould return: {'a'=>1,'c'=>3}\n\ndelete('abracadabra', 'bra')\nWould return: 'acada'\n
\n\nDeletes a determined indexed value from an array.
\n\nExamples:
\n\ndelete_at(['a','b','c'], 1)\n
\n\nWould return: ['a','c']
\n\nReturns the dirname
of a path.
Examples:
\n\ndirname('/path/to/a/file.ext')\n
\n\nWould return: '/path/to/a'
\n\nConverts the case of a string or all strings in an array to lower case.
\n\nReturns true if the variable is empty.
\n\nTakes a list of packages and only installs them if they don't already exist.
\n\nTakes a resource type, title, and a list of attributes that describe a\nresource.
\n\nuser { 'dan':\n ensure => present,\n}\n
\n\nThis example only creates the resource if it does not already exist:
\n\nensure_resource('user, 'dan', {'ensure' => 'present' })\n
\n\nIf the resource already exists but does not match the specified parameters,\nthis function will attempt to recreate the resource leading to a duplicate\nresource definition error.
\n\nAn array of resources can also be passed in and each will be created with\nthe type and parameters specified if it doesn't already exist.
\n\nensure_resource('user', ['dan','alex'], {'ensure' => 'present'})\n
\n\nThis function flattens any deeply nested arrays and returns a single flat array\nas a result.
\n\nExamples:
\n\nflatten(['a', ['b', ['c']]])\n
\n\nWould return: ['a','b','c']
\n\nReturns the largest integer less or equal to the argument.\nTakes a single numeric value as an argument.
\n\nRotates an array a random number of times based on a nodes fqdn.
\n\nReturns the absolute path of the specified module for the current\nenvironment.
\n\nExample:\n $module_path = get_module_path('stdlib')
\n\nTakes a resource reference and name of the parameter and\nreturns value of resource's parameter.
\n\nExamples:
\n\ndefine example_resource($param) {\n}\n\nexample_resource { "example_resource_instance":\n param => "param_value"\n}\n\ngetparam(Example_resource["example_resource_instance"], "param")\n
\n\nWould return: param_value
\n\nLookup a variable in a remote namespace.
\n\nFor example:
\n\n$foo = getvar('site::data::foo')\n# Equivalent to $foo = $site::data::foo\n
\n\nThis is useful if the namespace itself is stored in a string:
\n\n$datalocation = 'site::data'\n$bar = getvar("${datalocation}::bar")\n# Equivalent to $bar = $site::data::bar\n
\n\nThis function searches through an array and returns any elements that match\nthe provided regular expression.
\n\nExamples:
\n\ngrep(['aaa','bbb','ccc','aaaddd'], 'aaa')\n
\n\nWould return:
\n\n['aaa','aaaddd']\n
\n\nReturns boolean based on kind and value:
\n\nhas_interface_with("macaddress", "x:x:x:x:x:x")\nhas_interface_with("ipaddress", "127.0.0.1") => true\netc.
\n\nIf no "kind" is given, then the presence of the interface is checked:\nhas_interface_with("lo") => true
\n\nReturns true if the client has the requested IP address on some interface.
\n\nThis function iterates through the 'interfaces' fact and checks the\n'ipaddress_IFACE' facts, performing a simple string comparison.
\n\nReturns true if the client has an IP address within the requested network.
\n\nThis function iterates through the 'interfaces' fact and checks the\n'network_IFACE' facts, performing a simple string comparision.
\n\nDetermine if a hash has a certain key value.
\n\nExample:
\n\n$my_hash = {'key_one' => 'value_one'}\nif has_key($my_hash, 'key_two') {\n notice('we will not reach here')\n}\nif has_key($my_hash, 'key_one') {\n notice('this will be printed')\n}\n
\n\nThis function converts an array into a hash.
\n\nExamples:
\n\nhash(['a',1,'b',2,'c',3])\n
\n\nWould return: {'a'=>1,'b'=>2,'c'=>3}
\n\nReturns true if the variable passed to this function is an array.
\n\nReturns true if the string passed to this function is a syntactically correct domain name.
\n\nReturns true if the variable passed to this function is a float.
\n\nThis function accepts a string as an argument, determines whether the\nPuppet runtime has access to a function by that name. It returns a\ntrue if the function exists, false if not.
\n\nReturns true if the variable passed to this function is a hash.
\n\nReturns true if the variable returned to this string is an integer.
\n\nReturns true if the string passed to this function is a valid IP address.
\n\nReturns true if the string passed to this function is a valid mac address.
\n\nReturns true if the variable passed to this function is a number.
\n\nReturns true if the variable passed to this function is a string.
\n\nThis function joins an array into a string using a seperator.
\n\nExamples:
\n\njoin(['a','b','c'], ",")\n
\n\nWould result in: "a,b,c"
\n\nThis function joins each key of a hash to that key's corresponding value with a\nseparator. Keys and values are cast to strings. The return value is an array in\nwhich each element is one joined key/value pair.
\n\nExamples:
\n\njoin_keys_to_values({'a'=>1,'b'=>2}, " is ")\n
\n\nWould result in: ["a is 1","b is 2"]
\n\nReturns the keys of a hash as an array.
\n\nLoad a YAML file containing an array, string, or hash, and return the data\nin the corresponding native data type.
\n\nFor example:
\n\n$myhash = loadyaml('/etc/puppet/data/myhash.yaml')\n
\n\nStrips leading spaces to the left of a string.
\n\nReturns the highest value of all arguments.\nRequires at least one argument.
\n\nThis function determines if a variable is a member of an array.
\n\nExamples:
\n\nmember(['a','b'], 'b')\n
\n\nWould return: true
\n\nmember(['a','b'], 'c')\n
\n\nWould return: false
\n\nMerges two or more hashes together and returns the resulting hash.
\n\nFor example:
\n\n$hash1 = {'one' => 1, 'two', => 2}\n$hash2 = {'two' => 'dos', 'three', => 'tres'}\n$merged_hash = merge($hash1, $hash2)\n# The resulting hash is equivalent to:\n# $merged_hash = {'one' => 1, 'two' => 'dos', 'three' => 'tres'}\n
\n\nWhen there is a duplicate key, the key in the rightmost hash will "win."
\n\nReturns the lowest value of all arguments.\nRequires at least one argument.
\n\nThis function converts a number or a string representation of a number into a\ntrue boolean. Zero or anything non-numeric becomes false. Numbers higher then 0\nbecome true.
\n\nThis function accepts JSON as a string and converts into the correct Puppet\nstructure.
\n\nThis function accepts YAML as a string and converts it into the correct\nPuppet structure.
\n\nThis function is similar to a coalesce function in SQL in that it will return\nthe first value in a list of values that is not undefined or an empty string\n(two things in Puppet that will return a boolean false value). Typically,\nthis function is used to check for a value in the Puppet Dashboard/Enterprise\nConsole, and failover to a default value like the following:
\n\n$real_jenkins_version = pick($::jenkins_version, '1.449')\n
\n\nThe value of $real_jenkins_version will first look for a top-scope variable\ncalled 'jenkins_version' (note that parameters set in the Puppet Dashboard/\nEnterprise Console are brought into Puppet as top-scope variables), and,\nfailing that, will use a default value of 1.449.
\n\nThis function applies a prefix to all elements in an array.
\n\nExamples:
\n\nprefix(['a','b','c'], 'p')\n
\n\nWill return: ['pa','pb','pc']
\n\nWhen given range in the form of (start, stop) it will extrapolate a range as\nan array.
\n\nExamples:
\n\nrange("0", "9")\n
\n\nWill return: [0,1,2,3,4,5,6,7,8,9]
\n\nrange("00", "09")\n
\n\nWill return: 0,1,2,3,4,5,6,7,8,9
\n\nrange("a", "c")\n
\n\nWill return: ["a","b","c"]
\n\nrange("host01", "host10")\n
\n\nWill return: ["host01", "host02", ..., "host09", "host10"]
\n\nThis function searches through an array and rejects all elements that match\nthe provided regular expression.
\n\nExamples:
\n\nreject(['aaa','bbb','ccc','aaaddd'], 'aaa')\n
\n\nWould return:
\n\n['bbb','ccc']\n
\n\nReverses the order of a string or array.
\n\nStrips leading spaces to the right of the string.
\n\nRandomizes the order of a string or array elements.
\n\nReturns the number of elements in a string or array.
\n\nSorts strings and arrays lexically.
\n\nReturns a new string where runs of the same character that occur in this set\nare replaced by a single character.
\n\nThis converts a string to a boolean. This attempt to convert strings that\ncontain things like: y, 1, t, true to 'true' and strings that contain things\nlike: 0, f, n, false, no to 'false'.
\n\nThis converts a string to a salted-SHA512 password hash (which is used for\nOS X versions >= 10.7). Given any simple string, you will get a hex version\nof a salted-SHA512 password hash that can be inserted into your Puppet\nmanifests as a valid password attribute.
\n\nThis function returns formatted time.
\n\nExamples:
\n\nTo return the time since epoch:
\n\nstrftime("%s")\n
\n\nTo return the date:
\n\nstrftime("%Y-%m-%d")\n
\n\nFormat meaning:
\n\n%a - The abbreviated weekday name (``Sun'')\n%A - The full weekday name (``Sunday'')\n%b - The abbreviated month name (``Jan'')\n%B - The full month name (``January'')\n%c - The preferred local date and time representation\n%C - Century (20 in 2009)\n%d - Day of the month (01..31)\n%D - Date (%m/%d/%y)\n%e - Day of the month, blank-padded ( 1..31)\n%F - Equivalent to %Y-%m-%d (the ISO 8601 date format)\n%h - Equivalent to %b\n%H - Hour of the day, 24-hour clock (00..23)\n%I - Hour of the day, 12-hour clock (01..12)\n%j - Day of the year (001..366)\n%k - hour, 24-hour clock, blank-padded ( 0..23)\n%l - hour, 12-hour clock, blank-padded ( 0..12)\n%L - Millisecond of the second (000..999)\n%m - Month of the year (01..12)\n%M - Minute of the hour (00..59)\n%n - Newline (\n
\n\n)\n %N - Fractional seconds digits, default is 9 digits (nanosecond)\n %3N millisecond (3 digits)\n %6N microsecond (6 digits)\n %9N nanosecond (9 digits)\n %p - Meridian indicator (AM'' or
PM'')\n %P - Meridian indicator (am'' or
pm'')\n %r - time, 12-hour (same as %I:%M:%S %p)\n %R - time, 24-hour (%H:%M)\n %s - Number of seconds since 1970-01-01 00:00:00 UTC.\n %S - Second of the minute (00..60)\n %t - Tab character ( )\n %T - time, 24-hour (%H:%M:%S)\n %u - Day of the week as a decimal, Monday being 1. (1..7)\n %U - Week number of the current year,\n starting with the first Sunday as the first\n day of the first week (00..53)\n %v - VMS date (%e-%b-%Y)\n %V - Week number of year according to ISO 8601 (01..53)\n %W - Week number of the current year,\n starting with the first Monday as the first\n day of the first week (00..53)\n %w - Day of the week (Sunday is 0, 0..6)\n %x - Preferred representation for the date alone, no time\n %X - Preferred representation for the time alone, no date\n %y - Year without a century (00..99)\n %Y - Year with century\n %z - Time zone as hour offset from UTC (e.g. +0900)\n %Z - Time zone name\n %% - Literal ``%'' character
This function removes leading and trailing whitespace from a string or from\nevery string inside an array.
\n\nExamples:
\n\nstrip(" aaa ")\n
\n\nWould result in: "aaa"
\n\nThis function applies a suffix to all elements in an array.
\n\nExamples:
\n\nsuffix(['a','b','c'], 'p')\n
\n\nWill return: ['ap','bp','cp']
\n\nThis function will swap the existing case of a string.
\n\nExamples:
\n\nswapcase("aBcD")\n
\n\nWould result in: "AbCd"
\n\nThis function will return the current time since epoch as an integer.
\n\nExamples:
\n\ntime()\n
\n\nWill return something like: 1311972653
\n\nConverts the argument into bytes, for example 4 kB becomes 4096.\nTakes a single string value as an argument.
\n\nReturns the type when passed a variable. Type can be one of:
\n\nboolean
Type: rvalue
This function will remove duplicates from strings and arrays.
\n\nExamples:
\n\nunique("aabbcc")\n
\n\nWill return:
\n\nabc\n
\n\nYou can also use this with arrays:
\n\nunique(["a","a","b","b","c","c"])\n
\n\nThis returns:
\n\n["a","b","c"]\n
\n\nConverts a string or an array of strings to uppercase.
\n\nExamples:
\n\nupcase("abcd")\n
\n\nWill return:
\n\nASDF\n
\n\nUrlencodes a string or array of strings.\nRequires either a single string or an array as an input.
\n\nValidate the string represents an absolute path in the filesystem. This function works\nfor windows and unix style paths.
\n\nThe following values will pass:
\n\n$my_path = "C:/Program Files (x86)/Puppet Labs/Puppet"\nvalidate_absolute_path($my_path)\n$my_path2 = "/var/lib/puppet"\nvalidate_absolute_path($my_path2)\n
\n\nThe following values will fail, causing compilation to abort:
\n\nvalidate_absolute_path(true)\nvalidate_absolute_path([ 'var/lib/puppet', '/var/foo' ])\nvalidate_absolute_path([ '/var/lib/puppet', 'var/foo' ])\n$undefined = undef\nvalidate_absolute_path($undefined)\n
\n\nValidate that all passed values are array data structures. Abort catalog\ncompilation if any value fails this check.
\n\nThe following values will pass:
\n\n$my_array = [ 'one', 'two' ]\nvalidate_array($my_array)\n
\n\nThe following values will fail, causing compilation to abort:
\n\nvalidate_array(true)\nvalidate_array('some_string')\n$undefined = undef\nvalidate_array($undefined)\n
\n\nPerform validation of a string using an Augeas lens\nThe first argument of this function should be a string to\ntest, and the second argument should be the name of the Augeas lens to use.\nIf Augeas fails to parse the string with the lens, the compilation will\nabort with a parse error.
\n\nA third argument can be specified, listing paths which should\nnot be found in the file. The $file
variable points to the location\nof the temporary file being tested in the Augeas tree.
For example, if you want to make sure your passwd content never contains\na user foo
, you could write:
validate_augeas($passwdcontent, 'Passwd.lns', ['$file/foo'])\n
\n\nOr if you wanted to ensure that no users used the '/bin/barsh' shell,\nyou could use:
\n\nvalidate_augeas($passwdcontent, 'Passwd.lns', ['$file/*[shell="/bin/barsh"]']\n
\n\nIf a fourth argument is specified, this will be the error message raised and\nseen by the user.
\n\nA helpful error message can be returned like this:
\n\nvalidate_augeas($sudoerscontent, 'Sudoers.lns', [], 'Failed to validate sudoers content with Augeas')\n
\n\nValidate that all passed values are either true or false. Abort catalog\ncompilation if any value fails this check.
\n\nThe following values will pass:
\n\n$iamtrue = true\nvalidate_bool(true)\nvalidate_bool(true, true, false, $iamtrue)\n
\n\nThe following values will fail, causing compilation to abort:
\n\n$some_array = [ true ]\nvalidate_bool("false")\nvalidate_bool("true")\nvalidate_bool($some_array)\n
\n\nPerform validation of a string with an external command.\nThe first argument of this function should be a string to\ntest, and the second argument should be a path to a test command\ntaking a file as last argument. If the command, launched against\na tempfile containing the passed string, returns a non-null value,\ncompilation will abort with a parse error.
\n\nIf a third argument is specified, this will be the error message raised and\nseen by the user.
\n\nA helpful error message can be returned like this:
\n\nExample:
\n\nvalidate_cmd($sudoerscontent, '/usr/sbin/visudo -c -f', 'Visudo failed to validate sudoers content')\n
\n\nValidate that all passed values are hash data structures. Abort catalog\ncompilation if any value fails this check.
\n\nThe following values will pass:
\n\n$my_hash = { 'one' => 'two' }\nvalidate_hash($my_hash)\n
\n\nThe following values will fail, causing compilation to abort:
\n\nvalidate_hash(true)\nvalidate_hash('some_string')\n$undefined = undef\nvalidate_hash($undefined)\n
\n\nPerform simple validation of a string against one or more regular\nexpressions. The first argument of this function should be a string to\ntest, and the second argument should be a stringified regular expression\n(without the // delimiters) or an array of regular expressions. If none\nof the regular expressions match the string passed in, compilation will\nabort with a parse error.
\n\nIf a third argument is specified, this will be the error message raised and\nseen by the user.
\n\nThe following strings will validate against the regular expressions:
\n\nvalidate_re('one', '^one$')\nvalidate_re('one', [ '^one', '^two' ])\n
\n\nThe following strings will fail to validate, causing compilation to abort:
\n\nvalidate_re('one', [ '^two', '^three' ])\n
\n\nA helpful error message can be returned like this:
\n\nvalidate_re($::puppetversion, '^2.7', 'The $puppetversion fact value does not match 2.7')\n
\n\nValidate that the first argument is a string (or an array of strings), and\nless/equal to than the length of the second argument. It fails if the first\nargument is not a string or array of strings, and if arg 2 is not convertable\nto a number.
\n\nThe following values will pass:
\n\nvalidate_slength("discombobulate",17)\n validate_slength(["discombobulate","moo"],17)
\n\nThe following valueis will not:
\n\nvalidate_slength("discombobulate",1)\n validate_slength(["discombobulate","thermometer"],5)
\n\nValidate that all passed values are string data structures. Abort catalog\ncompilation if any value fails this check.
\n\nThe following values will pass:
\n\n$my_string = "one two"\nvalidate_string($my_string, 'three')\n
\n\nThe following values will fail, causing compilation to abort:
\n\nvalidate_string(true)\nvalidate_string([ 'some', 'array' ])\n$undefined = undef\nvalidate_string($undefined)\n
\n\nWhen given a hash this function will return the values of that hash.
\n\nExamples:
\n\n$hash = {\n 'a' => 1,\n 'b' => 2,\n 'c' => 3,\n}\nvalues($hash)\n
\n\nThis example would return:
\n\n[1,2,3]\n
\n\nFinds value inside an array based on location.
\n\nThe first argument is the array you want to analyze, and the second element can\nbe a combination of:
\n\nExamples:
\n\nvalues_at(['a','b','c'], 2)\n
\n\nWould return ['c'].
\n\nvalues_at(['a','b','c'], ["0-1"])\n
\n\nWould return ['a','b'].
\n\nvalues_at(['a','b','c','d','e'], [0, "2-3"])\n
\n\nWould return ['a','c','d'].
\n\nTakes one element from first array and merges corresponding elements from second array. This generates a sequence of n-element arrays, where n is one more than the count of arguments.
\n\nExample:
\n\nzip(['1','2','3'],['4','5','6'])\n
\n\nWould result in:
\n\n["1", "4"], ["2", "5"], ["3", "6"]\n
\n\nThis page autogenerated on 2013-04-11 13:54:25 -0700
\n2013-05-06 - Jeff McCune <jeff@puppetlabs.com> - 4.1.0\n * (#20582) Restore facter_dot_d to stdlib for PE users (3b887c8)\n * (maint) Update Gemfile with GEM_FACTER_VERSION (f44d535)\n\n2013-05-06 - Alex Cline <acline@us.ibm.com> - 4.1.0\n * Terser method of string to array conversion courtesy of ethooz. (d38bce0)\n\n2013-05-06 - Alex Cline <acline@us.ibm.com> 4.1.0\n * Refactor ensure_resource expectations (b33cc24)\n\n2013-05-06 - Alex Cline <acline@us.ibm.com> 4.1.0\n * Changed str-to-array conversion and removed abbreviation. (de253db)\n\n2013-05-03 - Alex Cline <acline@us.ibm.com> 4.1.0\n * (#20548) Allow an array of resource titles to be passed into the ensure_resource function (e08734a)\n\n2013-05-02 - Raphaël Pinson <raphael.pinson@camptocamp.com> - 4.1.0\n * Add a dirname function (2ba9e47)\n\n2013-04-29 - Mark Smith-Guerrero <msmithgu@gmail.com> - 4.1.0\n * (maint) Fix a small typo in hash() description (928036a)\n\n2013-04-12 - Jeff McCune <jeff@puppetlabs.com> - 4.0.2\n * Update user information in gemspec to make the intent of the Gem clear.\n\n2013-04-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.1\n * Fix README function documentation (ab3e30c)\n\n2013-04-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * stdlib 4.0 drops support with Puppet 2.7\n * stdlib 4.0 preserves support with Puppet 3\n\n2013-04-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * Add ability to use puppet from git via bundler (9c5805f)\n\n2013-04-10 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * (maint) Make stdlib usable as a Ruby GEM (e81a45e)\n\n2013-04-10 - Erik Dalén <dalen@spotify.com> - 4.0.0\n * Add a count function (f28550e)\n\n2013-03-31 - Amos Shapira <ashapira@atlassian.com> - 4.0.0\n * (#19998) Implement any2array (7a2fb80)\n\n2013-03-29 - Steve Huff <shuff@vecna.org> - 4.0.0\n * (19864) num2bool match fix (8d217f0)\n\n2013-03-20 - Erik Dalén <dalen@spotify.com> - 4.0.0\n * Allow comparisons of Numeric and number as String (ff5dd5d)\n\n2013-03-26 - Richard Soderberg <rsoderberg@mozilla.com> - 4.0.0\n * add suffix function to accompany the prefix function (88a93ac)\n\n2013-03-19 - Kristof Willaert <kristof.willaert@gmail.com> - 4.0.0\n * Add floor function implementation and unit tests (0527341)\n\n2012-04-03 - Eric Shamow <eric@puppetlabs.com> - 4.0.0\n * (#13610) Add is_function_available to stdlib (961dcab)\n\n2012-12-17 - Justin Lambert <jlambert@eml.cc> - 4.0.0\n * str2bool should return a boolean if called with a boolean (5d5a4d4)\n\n2012-10-23 - Uwe Stuehler <ustuehler@team.mobile.de> - 4.0.0\n * Fix number of arguments check in flatten() (e80207b)\n\n2013-03-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * Add contributing document (96e19d0)\n\n2013-03-04 - Raphaël Pinson <raphael.pinson@camptocamp.com> - 4.0.0\n * Add missing documentation for validate_augeas and validate_cmd to README.markdown (a1510a1)\n\n2013-02-14 - Joshua Hoblitt <jhoblitt@cpan.org> - 4.0.0\n * (#19272) Add has_element() function (95cf3fe)\n\n2013-02-07 - Raphaël Pinson <raphael.pinson@camptocamp.com> - 4.0.0\n * validate_cmd(): Use Puppet::Util::Execution.execute when available (69248df)\n\n2012-12-06 - Raphaël Pinson <raphink@gmail.com> - 4.0.0\n * Add validate_augeas function (3a97c23)\n\n2012-12-06 - Raphaël Pinson <raphink@gmail.com> - 4.0.0\n * Add validate_cmd function (6902cc5)\n\n2013-01-14 - David Schmitt <david@dasz.at> - 4.0.0\n * Add geppetto project definition (b3fc0a3)\n\n2013-01-02 - Jaka Hudoklin <jakahudoklin@gmail.com> - 4.0.0\n * Add getparam function to get defined resource parameters (20e0e07)\n\n2013-01-05 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * (maint) Add Travis CI Support (d082046)\n\n2012-12-04 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * Clarify that stdlib 3 supports Puppet 3 (3a6085f)\n\n2012-11-30 - Erik Dalén <dalen@spotify.com> - 4.0.0\n * maint: style guideline fixes (7742e5f)\n\n2012-11-09 - James Fryman <james@frymanet.com> - 4.0.0\n * puppet-lint cleanup (88acc52)\n\n2012-11-06 - Joe Julian <me@joejulian.name> - 4.0.0\n * Add function, uriescape, to URI.escape strings. Redmine #17459 (fd52b8d)\n\n2012-09-18 - Chad Metcalf <chad@wibidata.com> - 3.2.0\n * Add an ensure_packages function. (8a8c09e)\n\n2012-11-23 - Erik Dalén <dalen@spotify.com> - 3.2.0\n * (#17797) min() and max() functions (9954133)\n\n2012-05-23 - Peter Meier <peter.meier@immerda.ch> - 3.2.0\n * (#14670) autorequire a file_line resource's path (dfcee63)\n\n2012-11-19 - Joshua Harlan Lifton <lifton@puppetlabs.com> - 3.2.0\n * Add join_keys_to_values function (ee0f2b3)\n\n2012-11-17 - Joshua Harlan Lifton <lifton@puppetlabs.com> - 3.2.0\n * Extend delete function for strings and hashes (7322e4d)\n\n2012-08-03 - Gary Larizza <gary@puppetlabs.com> - 3.2.0\n * Add the pick() function (ba6dd13)\n\n2012-03-20 - Wil Cooley <wcooley@pdx.edu> - 3.2.0\n * (#13974) Add predicate functions for interface facts (f819417)\n\n2012-11-06 - Joe Julian <me@joejulian.name> - 3.2.0\n * Add function, uriescape, to URI.escape strings. Redmine #17459 (70f4a0e)\n\n2012-10-25 - Jeff McCune <jeff@puppetlabs.com> - 3.1.1\n * (maint) Fix spec failures resulting from Facter API changes (97f836f)\n\n2012-10-23 - Matthaus Owens <matthaus@puppetlabs.com> - 3.1.0\n * Add PE facts to stdlib (cdf3b05)\n\n2012-08-16 - Jeff McCune <jeff@puppetlabs.com> - 3.0.1\n * Fix accidental removal of facts_dot_d.rb in 3.0.0 release\n\n2012-08-16 - Jeff McCune <jeff@puppetlabs.com> - 3.0.0\n * stdlib 3.0 drops support with Puppet 2.6\n * stdlib 3.0 preserves support with Puppet 2.7\n\n2012-08-07 - Dan Bode <dan@puppetlabs.com> - 3.0.0\n * Add function ensure_resource and defined_with_params (ba789de)\n\n2012-07-10 - Hailee Kenney <hailee@puppetlabs.com> - 3.0.0\n * (#2157) Remove facter_dot_d for compatibility with external facts (f92574f)\n\n2012-04-10 - Chris Price <chris@puppetlabs.com> - 3.0.0\n * (#13693) moving logic from local spec_helper to puppetlabs_spec_helper (85f96df)\n\n2012-10-25 - Jeff McCune <jeff@puppetlabs.com> - 2.5.1\n * (maint) Fix spec failures resulting from Facter API changes (97f836f)\n\n2012-10-23 - Matthaus Owens <matthaus@puppetlabs.com> - 2.5.0\n * Add PE facts to stdlib (cdf3b05)\n\n2012-08-15 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Explicitly load functions used by ensure_resource (9fc3063)\n\n2012-08-13 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Add better docs about duplicate resource failures (97d327a)\n\n2012-08-13 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Handle undef for parameter argument (4f8b133)\n\n2012-08-07 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Add function ensure_resource and defined_with_params (a0cb8cd)\n\n2012-08-20 - Jeff McCune <jeff@puppetlabs.com> - 2.5.0\n * Disable tests that fail on 2.6.x due to #15912 (c81496e)\n\n2012-08-20 - Jeff McCune <jeff@puppetlabs.com> - 2.5.0\n * (Maint) Fix mis-use of rvalue functions as statements (4492913)\n\n2012-08-20 - Jeff McCune <jeff@puppetlabs.com> - 2.5.0\n * Add .rspec file to repo root (88789e8)\n\n2012-06-07 - Chris Price <chris@puppetlabs.com> - 2.4.0\n * Add support for a 'match' parameter to file_line (a06c0d8)\n\n2012-08-07 - Erik Dalén <dalen@spotify.com> - 2.4.0\n * (#15872) Add to_bytes function (247b69c)\n\n2012-07-19 - Jeff McCune <jeff@puppetlabs.com> - 2.4.0\n * (Maint) use PuppetlabsSpec::PuppetInternals.scope (master) (deafe88)\n\n2012-07-10 - Hailee Kenney <hailee@puppetlabs.com> - 2.4.0\n * (#2157) Make facts_dot_d compatible with external facts (5fb0ddc)\n\n2012-03-16 - Steve Traylen <steve.traylen@cern.ch> - 2.4.0\n * (#13205) Rotate array/string randomley based on fqdn, fqdn_rotate() (fef247b)\n\n2012-05-22 - Peter Meier <peter.meier@immerda.ch> - 2.3.3\n * fix regression in #11017 properly (f0a62c7)\n\n2012-05-10 - Jeff McCune <jeff@puppetlabs.com> - 2.3.3\n * Fix spec tests using the new spec_helper (7d34333)\n\n2012-05-10 - Puppet Labs <support@puppetlabs.com> - 2.3.2\n * Make file_line default to ensure => present (1373e70)\n * Memoize file_line spec instance variables (20aacc5)\n * Fix spec tests using the new spec_helper (1ebfa5d)\n * (#13595) initialize_everything_for_tests couples modules Puppet ver (3222f35)\n * (#13439) Fix MRI 1.9 issue with spec_helper (15c5fd1)\n * (#13439) Fix test failures with Puppet 2.6.x (665610b)\n * (#13439) refactor spec helper for compatibility with both puppet 2.7 and master (82194ca)\n * (#13494) Specify the behavior of zero padded strings (61891bb)\n\n2012-03-29 Puppet Labs <support@puppetlabs.com> - 2.1.3\n* (#11607) Add Rakefile to enable spec testing\n* (#12377) Avoid infinite loop when retrying require json\n\n2012-03-13 Puppet Labs <support@puppetlabs.com> - 2.3.1\n* (#13091) Fix LoadError bug with puppet apply and puppet_vardir fact\n\n2012-03-12 Puppet Labs <support@puppetlabs.com> - 2.3.0\n* Add a large number of new Puppet functions\n* Backwards compatibility preserved with 2.2.x\n\n2011-12-30 Puppet Labs <support@puppetlabs.com> - 2.2.1\n* Documentation only release for the Forge\n\n2011-12-30 Puppet Labs <support@puppetlabs.com> - 2.1.2\n* Documentation only release for PE 2.0.x\n\n2011-11-08 Puppet Labs <support@puppetlabs.com> - 2.2.0\n* #10285 - Refactor json to use pson instead.\n* Maint - Add watchr autotest script\n* Maint - Make rspec tests work with Puppet 2.6.4\n* #9859 - Add root_home fact and tests\n\n2011-08-18 Puppet Labs <support@puppetlabs.com> - 2.1.1\n* Change facts.d paths to match Facter 2.0 paths.\n* /etc/facter/facts.d\n* /etc/puppetlabs/facter/facts.d\n\n2011-08-17 Puppet Labs <support@puppetlabs.com> - 2.1.0\n* Add R.I. Pienaar's facts.d custom facter fact\n* facts defined in /etc/facts.d and /etc/puppetlabs/facts.d are\n automatically loaded now.\n\n2011-08-04 Puppet Labs <support@puppetlabs.com> - 2.0.0\n* Rename whole_line to file_line\n* This is an API change and as such motivating a 2.0.0 release according to semver.org.\n\n2011-08-04 Puppet Labs <support@puppetlabs.com> - 1.1.0\n* Rename append_line to whole_line\n* This is an API change and as such motivating a 1.1.0 release.\n\n2011-08-04 Puppet Labs <support@puppetlabs.com> - 1.0.0\n* Initial stable release\n* Add validate_array and validate_string functions\n* Make merge() function work with Ruby 1.8.5\n* Add hash merging function\n* Add has_key function\n* Add loadyaml() function\n* Add append_line native\n\n2011-06-21 Jeff McCune <jeff@puppetlabs.com> - 0.1.7\n* Add validate_hash() and getvar() functions\n\n2011-06-15 Jeff McCune <jeff@puppetlabs.com> - 0.1.6\n* Add anchor resource type to provide containment for composite classes\n\n2011-06-03 Jeff McCune <jeff@puppetlabs.com> - 0.1.5\n* Add validate_bool() function to stdlib\n\n0.1.4 2011-05-26 Jeff McCune <jeff@puppetlabs.com>\n* Move most stages after main\n\n0.1.3 2011-05-25 Jeff McCune <jeff@puppetlabs.com>\n* Add validate_re() function\n\n0.1.2 2011-05-24 Jeff McCune <jeff@puppetlabs.com>\n* Update to add annotated tag\n\n0.1.1 2011-05-24 Jeff McCune <jeff@puppetlabs.com>\n* Add stdlib::stages class with a standard set of stages\n
Copyright (C) 2011 Puppet Labs Inc\n\nand some parts:\n\nCopyright (C) 2011 Krzysztof Wilczynski\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n
A Puppet module that can construct files from fragments.
\n\nPlease see the comments in the various .pp files for details\nas well as posts on my blog at http://www.devco.net/
\n\nReleased under the Apache 2.0 licence
\n\nIf you wanted a /etc/motd file that listed all the major modules\non the machine. And that would be maintained automatically even\nif you just remove the include lines for other modules you could\nuse code like below, a sample /etc/motd would be:
\n\n\nPuppet modules on this server:\n\n -- Apache\n -- MySQL\n\n\n
Local sysadmins can also append to the file by just editing /etc/motd.local\ntheir changes will be incorporated into the puppet managed motd.
\n\n\n# class to setup basic motd, include on all nodes\nclass motd {\n $motd = \"/etc/motd\"\n\n concat{$motd:\n owner => root,\n group => root,\n mode => 644\n }\n\n concat::fragment{\"motd_header\":\n target => $motd,\n content => \"\\nPuppet modules on this server:\\n\\n\",\n order => 01,\n }\n\n # local users on the machine can append to motd by just creating\n # /etc/motd.local\n concat::fragment{\"motd_local\":\n target => $motd,\n ensure => \"/etc/motd.local\",\n order => 15\n }\n}\n\n# used by other modules to register themselves in the motd\ndefine motd::register($content=\"\", $order=10) {\n if $content == \"\" {\n $body = $name\n } else {\n $body = $content\n }\n\n concat::fragment{\"motd_fragment_$name\":\n target => \"/etc/motd\",\n content => \" -- $body\\n\"\n }\n}\n\n# a sample apache module\nclass apache {\n include apache::install, apache::config, apache::service\n\n motd::register{\"Apache\": }\n}\n\n\n
Paul Elliot
\n\nChad Netzer
\n\nDavid Schmitt
\n\nPeter Meier
\n\nSharif Nassar
\n\nChristian G. Warden
\n\nReid Vandewiele
\n\n**Erik Dalén*
\n\nGildas Le Nadan
\n\nPaul Belanger
\n\nBranan Purvine-Riley
\n\nDustin J. Mitchell
\n\nAndreas Jaggi
\n\nJan Vansteenkiste
\n\nR.I.Pienaar / rip@devco.net / @ripienaar / http://devco.net
\nCHANGELOG:\n- 2010/02/19 - initial release\n- 2010/03/12 - add support for 0.24.8 and newer\n - make the location of sort configurable\n - add the ability to add shell comment based warnings to\n top of files\n - add the ablity to create empty files\n- 2010/04/05 - fix parsing of WARN and change code style to match rest\n of the code\n - Better and safer boolean handling for warn and force\n - Don't use hard coded paths in the shell script, set PATH\n top of the script\n - Use file{} to copy the result and make all fragments owned\n by root. This means we can chnage the ownership/group of the\n resulting file at any time.\n - You can specify ensure => "/some/other/file" in concat::fragment\n to include the contents of a symlink into the final file.\n- 2010/04/16 - Add more cleaning of the fragment name - removing / from the $name\n- 2010/05/22 - Improve documentation and show the use of ensure =>\n- 2010/07/14 - Add support for setting the filebucket behavior of files\n- 2010/10/04 - Make the warning message configurable\n- 2010/12/03 - Add flags to make concat work better on Solaris - thanks Jonathan Boyett\n- 2011/02/03 - Make the shell script more portable and add a config option for root group\n- 2011/06/21 - Make base dir root readable only for security\n- 2011/06/23 - Set base directory using a fact instead of hardcoding it\n- 2011/06/23 - Support operating as non privileged user\n- 2011/06/23 - Support dash instead of bash or sh\n- 2011/07/11 - Better solaris support\n- 2011/12/05 - Use fully qualified variables\n- 2011/12/13 - Improve Nexenta support\n- 2012/04/11 - Do not use any GNU specific extensions in the shell script\n- 2012/03/24 - Comply to community style guides\n- 2012/05/23 - Better errors when basedir isnt set\n- 2012/05/31 - Add spec tests\n- 2012/07/11 - Include concat::setup in concat improving UX\n- 2012/08/14 - Puppet Lint improvements\n- 2012/08/30 - The target path can be different from the $name\n- 2012/08/30 - More Puppet Lint cleanup\n- 2012/09/04 - RELEASE 0.2.0\n
Copyright 2012 R.I.Pienaar\n\n Licensed under the Apache License, Version 2.0 (the "License");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n\n
A Puppet module that can construct files from fragments.
\n\nPlease see the comments in the various .pp files for details\nas well as posts on my blog at http://www.devco.net/
\n\nReleased under the Apache 2.0 licence
\n\nIf you wanted a /etc/motd file that listed all the major modules\non the machine. And that would be maintained automatically even\nif you just remove the include lines for other modules you could\nuse code like below, a sample /etc/motd would be:
\n\n\nPuppet modules on this server:\n\n -- Apache\n -- MySQL\n\n\n
Local sysadmins can also append to the file by just editing /etc/motd.local\ntheir changes will be incorporated into the puppet managed motd.
\n\n\n# class to setup basic motd, include on all nodes\nclass motd {\n $motd = \"/etc/motd\"\n\n concat{$motd:\n owner => root,\n group => root,\n mode => '0644',\n }\n\n concat::fragment{\"motd_header\":\n target => $motd,\n content => \"\\nPuppet modules on this server:\\n\\n\",\n order => 01,\n }\n\n # local users on the machine can append to motd by just creating\n # /etc/motd.local\n concat::fragment{\"motd_local\":\n target => $motd,\n ensure => \"/etc/motd.local\",\n order => 15\n }\n}\n\n# used by other modules to register themselves in the motd\ndefine motd::register($content=\"\", $order=10) {\n if $content == \"\" {\n $body = $name\n } else {\n $body = $content\n }\n\n concat::fragment{\"motd_fragment_$name\":\n target => \"/etc/motd\",\n content => \" -- $body\\n\"\n }\n}\n\n# a sample apache module\nclass apache {\n include apache::install, apache::config, apache::service\n\n motd::register{\"Apache\": }\n}\n\n\n
Detailed documentation of the class options can be found in the\nmanifest files.
\n\nPaul Elliot
\n\nChad Netzer
\n\nDavid Schmitt
\n\nPeter Meier
\n\nSharif Nassar
\n\nChristian G. Warden
\n\nReid Vandewiele
\n\nErik Dalén
\n\nGildas Le Nadan
\n\nPaul Belanger
\n\nBranan Purvine-Riley
\n\nDustin J. Mitchell
\n\nAndreas Jaggi
\n\nJan Vansteenkiste
\n\npuppet-users@ mailing list.
\n2013-08-09 1.0.0\n\nSummary:\n\nMany new features and bugfixes in this release, and if you're a heavy concat\nuser you should test carefully before upgrading. The features should all be\nbackwards compatible but only light testing has been done from our side before\nthis release.\n\nFeatures:\n- New parameters in concat:\n - `replace`: specify if concat should replace existing files.\n - `ensure_newline`: controls if fragments should contain a newline at the end.\n- Improved README documentation.\n- Add rspec:system tests (rake spec:system to test concat)\n\nBugfixes\n- Gracefully handle \\n in a fragment resource name.\n- Adding more helpful message for 'pluginsync = true'\n- Allow passing `source` and `content` directly to file resource, rather than\ndefining resource defaults.\n- Added -r flag to read so that filenames with \\ will be read correctly.\n- sort always uses LANG=C.\n- Allow WARNMSG to contain/start with '#'.\n- Replace while-read pattern with for-do in order to support Solaris.\n\nCHANGELOG:\n- 2010/02/19 - initial release\n- 2010/03/12 - add support for 0.24.8 and newer\n - make the location of sort configurable\n - add the ability to add shell comment based warnings to\n top of files\n - add the ablity to create empty files\n- 2010/04/05 - fix parsing of WARN and change code style to match rest\n of the code\n - Better and safer boolean handling for warn and force\n - Don't use hard coded paths in the shell script, set PATH\n top of the script\n - Use file{} to copy the result and make all fragments owned\n by root. This means we can chnage the ownership/group of the\n resulting file at any time.\n - You can specify ensure => "/some/other/file" in concat::fragment\n to include the contents of a symlink into the final file.\n- 2010/04/16 - Add more cleaning of the fragment name - removing / from the $name\n- 2010/05/22 - Improve documentation and show the use of ensure =>\n- 2010/07/14 - Add support for setting the filebucket behavior of files\n- 2010/10/04 - Make the warning message configurable\n- 2010/12/03 - Add flags to make concat work better on Solaris - thanks Jonathan Boyett\n- 2011/02/03 - Make the shell script more portable and add a config option for root group\n- 2011/06/21 - Make base dir root readable only for security\n- 2011/06/23 - Set base directory using a fact instead of hardcoding it\n- 2011/06/23 - Support operating as non privileged user\n- 2011/06/23 - Support dash instead of bash or sh\n- 2011/07/11 - Better solaris support\n- 2011/12/05 - Use fully qualified variables\n- 2011/12/13 - Improve Nexenta support\n- 2012/04/11 - Do not use any GNU specific extensions in the shell script\n- 2012/03/24 - Comply to community style guides\n- 2012/05/23 - Better errors when basedir isnt set\n- 2012/05/31 - Add spec tests\n- 2012/07/11 - Include concat::setup in concat improving UX\n- 2012/08/14 - Puppet Lint improvements\n- 2012/08/30 - The target path can be different from the $name\n- 2012/08/30 - More Puppet Lint cleanup\n- 2012/09/04 - RELEASE 0.2.0\n- 2012/12/12 - Added (file) $replace parameter to concat\n
Copyright 2012 R.I.Pienaar\n\n Licensed under the Apache License, Version 2.0 (the "License");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n\n
The APT module provides a simple interface for managing APT source, key, and definitions with Puppet.
\n\nAPT automates obtaining and installing software packages on *nix systems.
\n\nWhat APT affects:
\n\nsources.list
file and sources.list.d
directory\n\npurge_sources_list
and purge_sources_list_d
parameters to 'true' will destroy any existing content that was not declared with Puppet. The default for these parameters is 'false'.To begin using the APT module with default parameters, declare the class
\n\nclass { 'apt': }\n
\n\nPuppet code that uses anything from the APT module requires that the core apt class be declared.
\n\nUsing the APT module consists predominantly in declaring classes that provide desired functionality and features.
\n\napt
provides a number of common resources and options that are shared by the various defined types in this module, so you MUST always include this class in your manifests.
The parameters for apt
are not required in general and are predominantly for development environment use-cases.
class { 'apt':\n always_apt_update => false,\n disable_keys => undef,\n proxy_host => false,\n proxy_port => '8080',\n purge_sources_list => false,\n purge_sources_list_d => false,\n purge_preferences_d => false,\n update_timeout => undef\n}\n
\n\nPuppet will manage your system's sources.list
file and sources.list.d
directory but will do its best to respect existing content.
If you declare your apt class with purge_sources_list
and purge_sources_list_d
set to 'true', Puppet will unapologetically purge any existing content it finds that wasn't declared with Puppet.
Installs the build depends of a specified package.
\n\napt::builddep { 'glusterfs-server': }\n
\n\nForces a package to be installed from a specific release. This class is particularly useful when using repositories, like Debian, that are unstable in Ubuntu.
\n\napt::force { 'glusterfs-server':\n release => 'unstable',\n version => '3.0.3',\n require => Apt::Source['debian_unstable'],\n}\n
\n\nAdds a key to the list of keys used by APT to authenticate packages.
\n\napt::key { 'puppetlabs':\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n\napt::key { 'jenkins':\n key => 'D50582E6',\n key_source => 'http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key',\n}\n
\n\nNote that use of key_source
requires wget to be installed and working.
Adds an apt pin for a certain release.
\n\napt::pin { 'karmic': priority => 700 }\napt::pin { 'karmic-updates': priority => 700 }\napt::pin { 'karmic-security': priority => 700 }\n
\n\nNote you can also specifying more complex pins using distribution properties.
\n\napt::pin { 'stable':\n priority => -10,\n originator => 'Debian',\n release_version => '3.0',\n component => 'main',\n label => 'Debian'\n}\n
\n\nAdds a ppa repository using add-apt-repository
.
apt::ppa { 'ppa:drizzle-developers/ppa': }\n
\n\nSets the default apt release. This class is particularly useful when using repositories, like Debian, that are unstable in Ubuntu.
\n\nclass { 'apt::release':\n release_id => 'precise',\n}\n
\n\nAdds an apt source to /etc/apt/sources.list.d/
.
apt::source { 'debian_unstable':\n location => 'http://debian.mirror.iweb.ca/debian/',\n release => 'unstable',\n repos => 'main contrib non-free',\n required_packages => 'debian-keyring debian-archive-keyring',\n key => '55BE302B',\n key_server => 'subkeys.pgp.net',\n pin => '-10',\n include_src => true\n}\n
\n\nIf you would like to configure your system so the source is the Puppet Labs APT repository
\n\napt::source { 'puppetlabs':\n location => 'http://apt.puppetlabs.com',\n repos => 'main',\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n
\n\nThe APT module is mostly a collection of defined resource types, which provide reusable logic that can be leveraged to manage APT. It does provide smoke tests for testing functionality on a target system, as well as spec tests for checking a compiled catalog against an expected set of resources.
\n\nThis test will set up a Puppet Labs apt repository. Start by creating a new smoke test in the apt module's test folder. Call it puppetlabs-apt.pp. Inside, declare a single resource representing the Puppet Labs APT source and gpg key
\n\napt::source { 'puppetlabs':\n location => 'http://apt.puppetlabs.com',\n repos => 'main',\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n
\n\nThis resource creates an apt source named puppetlabs and gives Puppet information about the repository's location and key used to sign its packages. Puppet leverages Facter to determine the appropriate release, but you can set it directly by adding the release type.
\n\nCheck your smoke test for syntax errors
\n\n$ puppet parser validate tests/puppetlabs-apt.pp\n
\n\nIf you receive no output from that command, it means nothing is wrong. Then apply the code
\n\n$ puppet apply --verbose tests/puppetlabs-apt.pp\nnotice: /Stage[main]//Apt::Source[puppetlabs]/File[puppetlabs.list]/ensure: defined content as '{md5}3be1da4923fb910f1102a233b77e982e'\ninfo: /Stage[main]//Apt::Source[puppetlabs]/File[puppetlabs.list]: Scheduling refresh of Exec[puppetlabs apt update]\nnotice: /Stage[main]//Apt::Source[puppetlabs]/Exec[puppetlabs apt update]: Triggered 'refresh' from 1 events>\n
\n\nThe above example used a smoke test to easily lay out a resource declaration and apply it on your system. In production, you may want to declare your APT sources inside the classes where they’re needed.
\n\nAdds the necessary components to get backports for Ubuntu and Debian. The release name defaults to $lsbdistcodename
. Setting this manually can cause undefined behavior (read: universe exploding).
This module should work across all versions of Debian/Ubuntu and support all major APT repository management features.
\n\nPuppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.
\n\nWe want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.
\n\nYou can read the complete module contribution guide on the Puppet Labs wiki.
\n\nA lot of great people have contributed to this module. A somewhat current list follows:
\n\n2013-10-08 1.4.0\n\nSummary:\n\nMinor bugfix and allow the timeout to be adjusted.\n\nFeatures:\n- Add an `updates_timeout` to apt::params\n\nFixes:\n- Ensure apt::ppa can readd a ppa removed by hand.\n\nSummary\n\n1.3.0\n=====\n\nSummary:\n\nThis major feature in this release is the new apt::unattended_upgrades class,\nallowing you to handle Ubuntu's unattended feature. This allows you to select\nspecific packages to automatically upgrade without any further user\ninvolvement.\n\nIn addition we extend our Wheezy support, add proxy support to apt:ppa and do\nvarious cleanups and tweaks.\n\nFeatures:\n- Add apt::unattended_upgrades support for Ubuntu.\n- Add wheezy backports support.\n- Use the geoDNS http.debian.net instead of the main debian ftp server.\n- Add `options` parameter to apt::ppa in order to pass options to apt-add-repository command.\n- Add proxy support for apt::ppa (uses proxy_host and proxy_port from apt).\n\nBugfixes:\n- Fix regsubst() calls to quote single letters (for future parser).\n- Fix lint warnings and other misc cleanup.\n\n1.2.0\n=====\n\nFeatures:\n- Add geppetto `.project` natures\n- Add GH auto-release\n- Add `apt::key::key_options` parameter\n- Add complex pin support using distribution properties for `apt::pin` via new properties:\n - `apt::pin::codename`\n - `apt::pin::release_version`\n - `apt::pin::component`\n - `apt::pin::originator`\n - `apt::pin::label`\n- Add source architecture support to `apt::source::architecture`\n\nBugfixes:\n- Use apt-get instead of aptitude in apt::force\n- Update default backports location\n- Add dependency for required packages before apt-get update\n\n\n1.1.1\n=====\n\nThis is a bug fix release that resolves a number of issues:\n\n* By changing template variable usage, we remove the deprecation warnings\n for Puppet 3.2.x\n* Fixed proxy file removal, when proxy absent\n\nSome documentation, style and whitespaces changes were also merged. This\nrelease also introduced proper rspec-puppet unit testing on Travis-CI to help\nreduce regression.\n\nThanks to all the community contributors below that made this patch possible.\n\n#### Detail Changes\n\n* fix minor comment type (Chris Rutter)\n* whitespace fixes (Michael Moll)\n* Update travis config file (William Van Hevelingen)\n* Build all branches on travis (William Van Hevelingen)\n* Standardize travis.yml on pattern introduced in stdlib (William Van Hevelingen)\n* Updated content to conform to README best practices template (Lauren Rother)\n* Fix apt::release example in readme (Brian Galey)\n* add @ to variables in template (Peter Hoeg)\n* Remove deprecation warnings for pin.pref.erb as well (Ken Barber)\n* Update travis.yml to latest versions of puppet (Ken Barber)\n* Fix proxy file removal (Scott Barber)\n* Add spec test for removing proxy configuration (Dean Reilly)\n* Fix apt::key listing longer than 8 chars (Benjamin Knofe)\n\n\n---------------------------------------\n\n1.1.0\n=====\n\nThis release includes Ubuntu 12.10 (Quantal) support for PPAs.\n\n---------------------------------------\n\n2012-05-25 Puppet Labs <info@puppetlabs.com> - 0.0.4\n * Fix ppa list filename when there is a period in the PPA name\n * Add .pref extension to apt preferences files\n * Allow preferences to be purged\n * Extend pin support\n\n2012-05-04 Puppet Labs <info@puppetlabs.com> - 0.0.3\n * only invoke apt-get update once\n * only install python-software-properties if a ppa is added\n * support 'ensure => absent' for all defined types\n * add apt::conf\n * add apt::backports\n * fixed Modulefile for module tool dependency resolution\n * configure proxy before doing apt-get update\n * use apt-get update instead of aptitude for apt::ppa\n * add support to pin release\n\n\n2012-03-26 Puppet Labs <info@puppetlabs.com> - 0.0.2\n41cedbb (#13261) Add real examples to smoke tests.\nd159a78 (#13261) Add key.pp smoke test\n7116c7a (#13261) Replace foo source with puppetlabs source\n1ead0bf Ignore pkg directory.\n9c13872 (#13289) Fix some more style violations\n0ea4ffa (#13289) Change test scaffolding to use a module & manifest dir fixture path\na758247 (#13289) Clean up style violations and fix corresponding tests\n99c3fd3 (#13289) Add puppet lint tests to Rakefile\n5148cbf (#13125) Apt keys should be case insensitive\nb9607a4 Convert apt::key to use anchors\n\n2012-03-07 Puppet Labs <info@puppetlabs.com> - 0.0.1\nd4fec56 Modify apt::source release parameter test\n1132a07 (#12917) Add contributors to README\n8cdaf85 (#12823) Add apt::key defined type and modify apt::source to use it\n7c0d10b (#12809) $release should use $lsbdistcodename and fall back to manual input\nbe2cc3e (#12522) Adjust spec test for splitting purge\n7dc60ae (#12522) Split purge option to spare sources.list\n9059c4e Fix source specs to test all key permutations\n8acb202 Add test for python-software-properties package\na4af11f Check if python-software-properties is defined before attempting to define it.\n1dcbf3d Add tests for required_packages change\nf3735d2 Allow duplicate $required_packages\n74c8371 (#12430) Add tests for changes to apt module\n97ebb2d Test two sources with the same key\n1160bcd (#12526) Add ability to reverse apt { disable_keys => true }\n2842d73 Add Modulefile to puppet-apt\nc657742 Allow the use of the same key in multiple sources\n8c27963 (#12522) Adding purge option to apt class\n997c9fd (#12529) Add unit test for apt proxy settings\n50f3cca (#12529) Add parameter to support setting a proxy for apt\nd522877 (#12094) Replace chained .with_* with a hash\n8cf1bd0 (#12094) Remove deprecated spec.opts file\n2d688f4 (#12094) Add rspec-puppet tests for apt\n0fb5f78 (#12094) Replace name with path in file resources\nf759bc0 (#11953) Apt::force passes $version to aptitude\nf71db53 (#11413) Add spec test for apt::force to verify changes to unless\n2f5d317 (#11413) Update dpkg query used by apt::force\ncf6caa1 (#10451) Add test coverage to apt::ppa\n0dd697d include_src parameter in example; Whitespace cleanup\nb662eb8 fix typos in "repositories"\n1be7457 Fix (#10451) - apt::ppa fails to "apt-get update" when new PPA source is added\n864302a Set the pin priority before adding the source (Fix #10449)\n1de4e0a Refactored as per mlitteken\n1af9a13 Added some crazy bash madness to check if the ppa is installed already. Otherwise the manifest tries to add it on every run!\n52ca73e (#8720) Replace Apt::Ppa with Apt::Builddep\n5c05fa0 added builddep command.\na11af50 added the ability to specify the content of a key\nc42db0f Fixes ppa test.\n77d2b0d reformatted whitespace to match recommended style of 2 space indentation.\n27ebdfc ignore swap files.\n377d58a added smoke tests for module.\n18f614b reformatted apt::ppa according to recommended style.\nd8a1e4e Created a params class to hold global data.\n636ae85 Added two params for apt class\n148fc73 Update LICENSE.\ned2d19e Support ability to add more than one PPA\n420d537 Add call to apt-update after add-apt-repository in apt::ppa\n945be77 Add package definition for python-software-properties\n71fc425 Abs paths for all commands\n9d51cd1 Adding LICENSE\n71796e3 Heading fix in README\n87777d8 Typo in README\nf848bac First commit\n
Copyright (c) 2011 Evolving Web Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the "Software"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n
Provides helpful definitions for dealing with Apt.
\n\nThe apt class provides a number of common resources and options which\nare shared by the various defined types in this module. This class\nshould always be included in your manifests if you are using the apt
\nmodule.
class { 'apt':\n always_apt_update => false,\n disable_keys => undef,\n proxy_host => false,\n proxy_port => '8080',\n purge_sources_list => false,\n purge_sources_list_d => false,\n purge_preferences_d => false\n}\n
\n\nInstall the build depends of a specified package.
\n\napt::builddep { "glusterfs-server": }\n
\n\nForce a package to be installed from a specific release. Useful when\nusing repositories like Debian unstable in Ubuntu.
\n\napt::force { "glusterfs-server":\n release => "unstable",\n version => '3.0.3',\n require => Apt::Source["debian_unstable"],\n}\n
\n\nAdd an apt pin for a certain release.
\n\napt::pin { "karmic": priority => 700 }\napt::pin { "karmic-updates": priority => 700 }\napt::pin { "karmic-security": priority => 700 }\n
\n\nAdd a ppa repository using add-apt-repository
. Somewhat experimental.
apt::ppa { "ppa:drizzle-developers/ppa": }\n
\n\nSet the default apt release. Useful when using repositories like\nDebian unstable in Ubuntu.
\n\napt::release { "karmic": }\n
\n\nAdd an apt source to /etc/apt/sources.list.d/
.
apt::source { "debian_unstable":\n location => "http://debian.mirror.iweb.ca/debian/",\n release => "unstable",\n repos => "main contrib non-free",\n required_packages => "debian-keyring debian-archive-keyring",\n key => "55BE302B",\n key_server => "subkeys.pgp.net",\n pin => "-10",\n include_src => true\n}\n
\n\nThis source will configure your system for the Puppet Labs APT\nrepository.
\n\napt::source { 'puppetlabs':\n location => 'http://apt.puppetlabs.com',\n repos => 'main',\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n
\n\nAdd a key to the list of keys used by apt to authenticate packages.
\n\napt::key { "puppetlabs":\n key => "4BD6EC30",\n key_server => "pgp.mit.edu",\n}\n\napt::key { "jenkins":\n key => "D50582E6",\n key_source => "http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key",\n}\n
\n\nNote that use of the "key_source" parameter requires wget to be\ninstalled and working.
\n\nA lot of great people have contributed to this module. A somewhat\ncurrent list follows.
\n\nBen Godfrey ben.godfrey@wonga.com\nBranan Purvine-Riley branan@puppetlabs.com\nChristian G. Warden cwarden@xerus.org
\nDan Bode bodepd@gmail.com dan@puppetlabs.com
\nGarrett Honeycutt github@garretthoneycutt.com
\nJeff Wallace jeff@evolvingweb.ca jeff@tjwallace.ca
\nKen Barber ken@bob.sh
\nMatthaus Litteken matthaus@puppetlabs.com mlitteken@gmail.com
\nMatthias Pigulla mp@webfactory.de
\nMonty Taylor mordred@inaugust.com
\nPeter Drake pdrake@allplayers.com
\nReid Vandewiele marut@cat.pdx.edu
\nRobert Navarro rnavarro@phiivo.com
\nRyan Coleman ryan@puppetlabs.com
\nScott McLeod scott.mcleod@theice.com
\nSpencer Krum spencer@puppetlabs.com
\nWilliam Van Hevelingen blkperl@cat.pdx.edu wvan13@gmail.com
\nZach Leslie zach@puppetlabs.com
2012-05-25 Puppet Labs <info@puppetlabs.com> - 0.0.4\n * Fix ppa list filename when there is a period in the PPA name\n * Add .pref extension to apt preferences files\n * Allow preferences to be purged\n * Extend pin support\n\n2012-05-04 Puppet Labs <info@puppetlabs.com> - 0.0.3\n * only invoke apt-get update once\n * only install python-software-properties if a ppa is added\n * support 'ensure => absent' for all defined types\n * add apt::conf\n * add apt::backports\n * fixed Modulefile for module tool dependency resolution\n * configure proxy before doing apt-get update\n * use apt-get update instead of aptitude for apt::ppa\n * add support to pin release\n\n\n2012-03-26 Puppet Labs <info@puppetlabs.com> - 0.0.2\n41cedbb (#13261) Add real examples to smoke tests.\nd159a78 (#13261) Add key.pp smoke test\n7116c7a (#13261) Replace foo source with puppetlabs source\n1ead0bf Ignore pkg directory.\n9c13872 (#13289) Fix some more style violations\n0ea4ffa (#13289) Change test scaffolding to use a module & manifest dir fixture path\na758247 (#13289) Clean up style violations and fix corresponding tests\n99c3fd3 (#13289) Add puppet lint tests to Rakefile\n5148cbf (#13125) Apt keys should be case insensitive\nb9607a4 Convert apt::key to use anchors\n\n2012-03-07 Puppet Labs <info@puppetlabs.com> - 0.0.1\nd4fec56 Modify apt::source release parameter test\n1132a07 (#12917) Add contributors to README\n8cdaf85 (#12823) Add apt::key defined type and modify apt::source to use it\n7c0d10b (#12809) $release should use $lsbdistcodename and fall back to manual input\nbe2cc3e (#12522) Adjust spec test for splitting purge\n7dc60ae (#12522) Split purge option to spare sources.list\n9059c4e Fix source specs to test all key permutations\n8acb202 Add test for python-software-properties package\na4af11f Check if python-software-properties is defined before attempting to define it.\n1dcbf3d Add tests for required_packages change\nf3735d2 Allow duplicate $required_packages\n74c8371 (#12430) Add tests for changes to apt module\n97ebb2d Test two sources with the same key\n1160bcd (#12526) Add ability to reverse apt { disable_keys => true }\n2842d73 Add Modulefile to puppet-apt\nc657742 Allow the use of the same key in multiple sources\n8c27963 (#12522) Adding purge option to apt class\n997c9fd (#12529) Add unit test for apt proxy settings\n50f3cca (#12529) Add parameter to support setting a proxy for apt\nd522877 (#12094) Replace chained .with_* with a hash\n8cf1bd0 (#12094) Remove deprecated spec.opts file\n2d688f4 (#12094) Add rspec-puppet tests for apt\n0fb5f78 (#12094) Replace name with path in file resources\nf759bc0 (#11953) Apt::force passes $version to aptitude\nf71db53 (#11413) Add spec test for apt::force to verify changes to unless\n2f5d317 (#11413) Update dpkg query used by apt::force\ncf6caa1 (#10451) Add test coverage to apt::ppa\n0dd697d include_src parameter in example; Whitespace cleanup\nb662eb8 fix typos in "repositories"\n1be7457 Fix (#10451) - apt::ppa fails to "apt-get update" when new PPA source is added\n864302a Set the pin priority before adding the source (Fix #10449)\n1de4e0a Refactored as per mlitteken\n1af9a13 Added some crazy bash madness to check if the ppa is installed already. Otherwise the manifest tries to add it on every run!\n52ca73e (#8720) Replace Apt::Ppa with Apt::Builddep\n5c05fa0 added builddep command.\na11af50 added the ability to specify the content of a key\nc42db0f Fixes ppa test.\n77d2b0d reformatted whitespace to match recommended style of 2 space indentation.\n27ebdfc ignore swap files.\n377d58a added smoke tests for module.\n18f614b reformatted apt::ppa according to recommended style.\nd8a1e4e Created a params class to hold global data.\n636ae85 Added two params for apt class\n148fc73 Update LICENSE.\ned2d19e Support ability to add more than one PPA\n420d537 Add call to apt-update after add-apt-repository in apt::ppa\n945be77 Add package definition for python-software-properties\n71fc425 Abs paths for all commands\n9d51cd1 Adding LICENSE\n71796e3 Heading fix in README\n87777d8 Typo in README\nf848bac First commit\n
Copyright (c) 2011 Evolving Web Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the "Software"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n
The Firewall module lets you manage firewall rules with Puppet.
\n\nPuppetLabs' Firewall introduces the resource firewall
, which is used to manage and configure firewall rules from within the Puppet DSL. This module offers support for iptables, ip6tables, and ebtables.
The module also introduces the resource firewallchain
, which allows you to manage chains or firewall lists. At the moment, only iptables and ip6tables chains are supported.
Firewall uses Ruby-based providers, so you must have pluginsync enabled.
\n\nTo begin, you need to provide some initial top-scope configuration to ensure your firewall configurations are ordered properly and you do not lock yourself out of your box or lose any configuration.
\n\nPersistence of rules between reboots is handled automatically, although there are known issues with ip6tables on older Debian/Ubuntu, as well as known issues with ebtables.
\n\nIn your site.pp
(or some similarly top-scope file), set up a metatype to purge unmanaged firewall resources. This will clear any existing rules and make sure that only rules defined in Puppet exist on the machine.
resources { "firewall":\n purge => true\n}\n
\n\nNext, set up the default parameters for all of the firewall rules you will be establishing later. These defaults will ensure that the pre and post classes (you will be setting up in just a moment) are run in the correct order to avoid locking you out of your box during the first puppet run.
\n\nFirewall {\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n}\n
\n\nYou also need to declare the my_fw::pre
& my_fw::post
classes so that dependencies are satisfied. This can be achieved using an External Node Classifier or the following
class { ['my_fw::pre', 'my_fw::post']: }\n
\n\nFinally, you should include the firewall
class to ensure the correct packages are installed.
class { 'firewall': }\n
\n\nNow to create the my_fw::pre
and my_fw::post
classes. Firewall acts on your running firewall, making immediate changes as the catalog executes. Defining default pre and post rules allows you provide global defaults for your hosts before and after any custom rules; it is also required to avoid locking yourself out of your own boxes when Puppet runs. This approach employs a whitelist setup, so you can define what rules you want and everything else is ignored rather than removed.
The pre
class should be located in my_fw/manifests/pre.pp
and should contain any default rules to be applied first.
class my_fw::pre {\n Firewall {\n require => undef,\n }\n\n # Default firewall rules\n firewall { '000 accept all icmp':\n proto => 'icmp',\n action => 'accept',\n }->\n firewall { '001 accept all to lo interface':\n proto => 'all',\n iniface => 'lo',\n action => 'accept',\n }->\n firewall { '002 accept related established rules':\n proto => 'all',\n state => ['RELATED', 'ESTABLISHED'],\n action => 'accept',\n }\n}\n
\n\nThe rules in pre
should allow basic networking (such as ICMP and TCP), as well as ensure that existing connections are not closed.
The post
class should be located in my_fw/manifests/post.pp
and include any default rules to be applied last.
class my_fw::post {\n firewall { '999 drop all':\n proto => 'all',\n action => 'drop',\n before => undef,\n }\n}\n
\n\nTo put it all together: the before
parameter in Firewall {}
ensures my_fw::post
is run before any other rules and the the require
parameter ensures my_fw::pre
is run after any other rules. So the run order is:
my_fw::pre
my_fw::post
Upgrade the module with the puppet module tool as normal:
\n\npuppet module upgrade puppetlabs/firewall\n
\n\nStart by upgrading the module using the puppet module tool:
\n\npuppet module upgrade puppetlabs/firewall\n
\n\nPreviously, you would have required the following in your site.pp
(or some other global location):
# Always persist firewall rules\nexec { 'persist-firewall':\n command => $operatingsystem ? {\n 'debian' => '/sbin/iptables-save > /etc/iptables/rules.v4',\n /(RedHat|CentOS)/ => '/sbin/iptables-save > /etc/sysconfig/iptables',\n },\n refreshonly => true,\n}\nFirewall {\n notify => Exec['persist-firewall'],\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n}\nFirewallchain {\n notify => Exec['persist-firewall'],\n}\nresources { "firewall":\n purge => true\n}\n
\n\nWith the latest version, we now have in-built persistence, so this is no longer needed. However, you will still need some basic setup to define pre & post rules.
\n\nresources { "firewall":\n purge => true\n}\nFirewall {\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n}\nclass { ['my_fw::pre', 'my_fw::post']: }\nclass { 'firewall': }\n
\n\nConsult the the documentation below for more details around the classes my_fw::pre
and my_fw::post
.
There are two kinds of firewall rules you can use with Firewall: default rules and application-specific rules. Default rules apply to general firewall settings, whereas application-specific rules manage firewall settings of a specific application, node, etc.
\n\nAll rules employ a numbering system in the resource's title that is used for ordering. When titling your rules, make sure you prefix the rule with a number.
\n\n 000 this runs first\n 999 this runs last\n
\n\nYou can place default rules in either my_fw::pre
or my_fw::post
, depending on when you would like them to run. Rules placed in the pre
class will run first, rules in the post
class, last.
Depending on the provider, the title of the rule can be stored using the comment feature of the underlying firewall subsystem. Values can match /^\\d+[[:alpha:][:digit:][:punct:][:space:]]+$/
.
Basic accept ICMP request example:
\n\nfirewall { "000 accept all icmp requests":\n proto => "icmp",\n action => "accept",\n}\n
\n\nDrop all:
\n\nfirewall { "999 drop all other requests":\n action => "drop",\n}\n
\n\nApplication-specific rules can live anywhere you declare the firewall resource. It is best to put your firewall rules close to the service that needs it, such as in the module that configures it.
\n\nYou should be able to add firewall rules to your application-specific classes so firewalling is performed at the same time when the class is invoked.
\n\nFor example, if you have an Apache module, you could declare the class as below
\n\nclass apache {\n firewall { '100 allow http and https access':\n port => [80, 443],\n proto => tcp,\n action => accept,\n }\n # ... the rest of your code ...\n}\n
\n\nWhen someone uses the class, firewalling is provided automatically.
\n\nclass { 'apache': }\n
\n\nYou can also apply firewall rules to specific nodes. Usually, you will want to put the firewall rule in another class and apply that class to a node. But you can apply a rule to a node.
\n\nnode 'foo.bar.com' {\n firewall { '111 open port 111':\n dport => 111\n }\n}\n
\n\nYou can also do more complex things with the firewall
resource. Here we are doing some NAT configuration.
firewall { '100 snat for network foo2':\n chain => 'POSTROUTING',\n jump => 'MASQUERADE',\n proto => 'all',\n outiface => "eth0",\n source => '10.1.2.0/24',\n table => 'nat',\n}\n
\n\nIn the below example, we are creating a new chain and forwarding any port 5000 access to it.
\n\nfirewall { '100 forward to MY_CHAIN':\n chain => 'INPUT',\n jump => 'MY_CHAIN',\n}\n# The namevar here is in the format chain_name:table:protocol\nfirewallchain { 'MY_CHAIN:filter:IPv4':\n ensure => present,\n}\nfirewall { '100 my rule':\n chain => 'MY_CHAIN',\n action => 'accept',\n proto => 'tcp',\n dport => 5000,\n}\n
\n\nYou can access the inline documentation:
\n\npuppet describe firewall\n
\n\nOr
\n\npuppet doc -r type\n(and search for firewall)\n
\n\nClasses:
\n\nTypes:
\n\nFacts:
\n\n\n\nThis class is provided to do the basic setup tasks required for using the firewall resources.
\n\nAt the moment this takes care of:
\n\nYou should include the class for nodes that need to use the resources in this module. For example
\n\nclass { 'firewall': }\n
\n\nensure
Indicates the state of iptables
on your system, allowing you to disable iptables
if desired.
Can either be running
or stopped
. Default to running
.
This type provides the capability to manage firewall rules within puppet.
\n\nFor more documentation on the type, access the 'Types' tab on the Puppet Labs Forge:
\n\nhttp://forge.puppetlabs.com/puppetlabs/firewall#types
\n\nThis type provides the capability to manage rule chains for firewalls.
\n\nFor more documentation on the type, access the 'Types' tab on the Puppet Labs Forge:
\n\nhttp://forge.puppetlabs.com/puppetlabs/firewall#types
\n\nThe module provides a Facter fact that can be used to determine what the default version of ip6tables is for your operating system/distribution.
\n\nThe module provides a Facter fact that can be used to determine what the default version of iptables is for your operating system/distribution.
\n\nRetrieves the version of iptables-persistent from your OS. This is a Debian/Ubuntu specific fact.
\n\nWhile we aim to support as low as Puppet 2.6.x (for now), we recommend installing the latest Puppet version from the Puppetlabs official repos.
\n\nPlease note, we only aim support for the following distributions and versions - that is, we actually do ongoing system tests on these platforms:
\n\nIf you want a new distribution supported feel free to raise a ticket and we'll consider it. If you want an older revision supported we'll also consider it, but don't get insulted if we reject it. Specifically, we will not consider Redhat 4.x support - its just too old.
\n\nIf you really want to get support for your OS we suggest writing any patch fix yourself, and for continual system testing if you can provide a sufficient trusted Veewee template we could consider adding such an OS to our ongoing continuous integration tests.
\n\nAlso, as this is a 0.x release the API is still in flux and may change. Make sure\nyou read the release notes before upgrading.
\n\nBugs can be reported using Github Issues:
\n\nhttp://github.com/puppetlabs/puppetlabs-firewall/issues
\n\nPuppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.
\n\nWe want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.
\n\nYou can read the complete module contribution guide on the Puppet Labs wiki.
\n\nFor this particular module, please also read CONTRIBUTING.md before contributing.
\n\nCurrently we support:
\n\nBut plans are to support lots of other firewall implementations:
\n\nIf you have knowledge in these technologies, know how to code, and wish to contribute to this project, we would welcome the help.
\n\nMake sure you have:
\n\nInstall the necessary gems:
\n\nbundle install\n
\n\nAnd run the tests from the root of the source code:
\n\nrake test\n
\n\nIf you have a copy of Vagrant 1.1.0 you can also run the system tests:
\n\nRSPEC_SET=debian-606-x64 rake spec:system\nRSPEC_SET=centos-58-x64 rake spec:system\n
\n\nNote: system testing is fairly alpha at this point, your mileage may vary.
\n## puppetlabs-firewall changelog\n\nRelease notes for puppetlabs-firewall module.\n\n---------------------------------------\n\n#### 0.4.2 - 2013-09-10\n\nAnother attempt to fix the packaging issue. We think we understand exactly\nwhat is failing and this should work properly for the first time.\n\n---------------------------------------\n\n#### 0.4.1 - 2013-08-09\n\nBugfix release to fix a packaging issue that may have caused puppet module\ninstall commands to fail.\n\n---------------------------------------\n\n#### 0.4.0 - 2013-07-11\n\nThis release adds support for address type, src/dest ip ranges, and adds\nadditional testing and bugfixes.\n\n#### Features\n* Add `src_type` and `dst_type` attributes (Nick Stenning)\n* Add `src_range` and `dst_range` attributes (Lei Zhang)\n* Add SL and SLC operatingsystems as supported (Steve Traylen)\n\n#### Bugfixes\n* Fix parser for bursts other than 5 (Chris Rutter)\n* Fix parser for -f in --comment (Georg Koester)\n* Add doc headers to class files (Dan Carley)\n* Fix lint warnings/errors (Wolf Noble)\n\n---------------------------------------\n\n#### 0.3.1 - 2013/6/10\n\nThis minor release provides some bugfixes and additional tests.\n\n#### Changes\n\n* Update tests for rspec-system-puppet 2 (Ken Barber)\n* Update rspec-system tests for rspec-system-puppet 1.5 (Ken Barber)\n* Ensure all services have 'hasstatus => true' for Puppet 2.6 (Ken Barber)\n* Accept pre-existing rule with invalid name (Joe Julian)\n* Swap log_prefix and log_level order to match the way it's saved (Ken Barber)\n* Fix log test to replicate bug #182 (Ken Barber)\n* Split argments while maintaining quoted strings (Joe Julian)\n* Add more log param tests (Ken Barber)\n* Add extra tests for logging parameters (Ken Barber)\n* Clarify OS support (Ken Barber)\n\n---------------------------------------\n\n#### 0.3.0 - 2013/4/25\n\nThis release introduces support for Arch Linux and extends support for Fedora 15 and up. There are also lots of bugs fixed and improved testing to prevent regressions.\n\n##### Changes\n\n* Fix error reporting for insane hostnames (Tomas Doran)\n* Support systemd on Fedora 15 and up (Eduardo Gutierrez)\n* Move examples to docs (Ken Barber)\n* Add support for Arch Linux platform (Ingmar Steen)\n* Add match rule for fragments (Georg Koester)\n* Fix boolean rules being recognized as changed (Georg Koester)\n* Same rules now get deleted (Anastasis Andronidis)\n* Socket params test (Ken Barber)\n* Ensure parameter can disable firewall (Marc Tardif)\n\n---------------------------------------\n\n#### 0.2.1 - 2012/3/13\n\nThis maintenance release introduces the new README layout, and fixes a bug with iptables_persistent_version.\n\n##### Changes\n\n* (GH-139) Throw away STDERR from dpkg-query in Fact\n* Update README to be consistent with module documentation template\n* Fix failing spec tests due to dpkg change in iptables_persistent_version\n\n---------------------------------------\n\n#### 0.2.0 - 2012/3/3\n\nThis release introduces automatic persistence, removing the need for the previous manual dependency requirement for persistent the running rules to the OS persistence file.\n\nPreviously you would have required the following in your site.pp (or some other global location):\n\n # Always persist firewall rules\n exec { 'persist-firewall':\n command => $operatingsystem ? {\n 'debian' => '/sbin/iptables-save > /etc/iptables/rules.v4',\n /(RedHat|CentOS)/ => '/sbin/iptables-save > /etc/sysconfig/iptables',\n },\n refreshonly => true,\n }\n Firewall {\n notify => Exec['persist-firewall'],\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n }\n Firewallchain {\n notify => Exec['persist-firewall'],\n }\n resources { "firewall":\n purge => true\n }\n\nYou only need:\n\n class { 'firewall': }\n Firewall {\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n }\n\nTo install pre-requisites and to create dependencies on your pre & post rules. Consult the README for more information.\n\n##### Changes\n\n* Firewall class manifests (Dan Carley)\n* Firewall and firewallchain persistence (Dan Carley)\n* (GH-134) Autorequire iptables related packages (Dan Carley)\n* Typo in #persist_iptables OS normalisation (Dan Carley)\n* Tests for #persist_iptables (Dan Carley)\n* (GH-129) Replace errant return in autoreq block (Dan Carley)\n\n---------------------------------------\n\n#### 0.1.1 - 2012/2/28\n\nThis release primarily fixes changing parameters in 3.x\n\n##### Changes\n\n* (GH-128) Change method_missing usage to define_method for 3.x compatibility\n* Update travis.yml gem specifications to actually test 2.6\n* Change source in Gemfile to use a specific URL for Ruby 2.0.0 compatibility\n\n---------------------------------------\n\n#### 0.1.0 - 2012/2/24\n\nThis release is somewhat belated, so no summary as there are far too many changes this time around. Hopefully we won't fall this far behind again :-).\n\n##### Changes\n\n* Add support for MARK target and set-mark property (Johan Huysmans)\n* Fix broken call to super for ruby-1.9.2 in munge (Ken Barber)\n* simple fix of the error message for allowed values of the jump property (Daniel Black)\n* Adding OSPF(v3) protocol to puppetlabs-firewall (Arnoud Vermeer)\n* Display multi-value: port, sport, dport and state command seperated (Daniel Black)\n* Require jump=>LOG for log params (Daniel Black)\n* Reject and document icmp => "any" (Dan Carley)\n* add firewallchain type and iptables_chain provider (Daniel Black)\n* Various fixes for firewallchain resource (Ken Barber)\n* Modify firewallchain name to be chain:table:protocol (Ken Barber)\n* Fix allvalidchain iteration (Ken Barber)\n* Firewall autorequire Firewallchains (Dan Carley)\n* Tests and docstring for chain autorequire (Dan Carley)\n* Fix README so setup instructions actually work (Ken Barber)\n* Support vlan interfaces (interface containing ".") (Johan Huysmans)\n* Add tests for VLAN support for iniface/outiface (Ken Barber)\n* Add the table when deleting rules (Johan Huysmans)\n* Fix tests since we are now prefixing -t)\n* Changed 'jump' to 'action', commands to lower case (Jason Short)\n* Support interface names containing "+" (Simon Deziel)\n* Fix for when iptables-save spews out "FATAL" errors (Sharif Nassar)\n* Fix for incorrect limit command arguments for ip6tables provider (Michael Hsu)\n* Document Util::Firewall.host_to_ip (Dan Carley)\n* Nullify addresses with zero prefixlen (Dan Carley)\n* Add support for --tcp-flags (Thomas Vander Stichele)\n* Make tcp_flags support a feature (Ken Barber)\n* OUTPUT is a valid chain for the mangle table (Adam Gibbins)\n* Enable travis-ci support (Ken Barber)\n* Convert an existing test to CIDR (Dan Carley)\n* Normalise iptables-save to CIDR (Dan Carley)\n* be clearer about what distributions we support (Ken Barber)\n* add gre protocol to list of acceptable protocols (Jason Hancock)\n* Added pkttype property (Ashley Penney)\n* Fix mark to not repeat rules with iptables 1.4.1+ (Sharif Nassar)\n* Stub iptables_version for now so tests run on non-Linux hosts (Ken Barber)\n* Stub iptables facts for set_mark tests (Dan Carley)\n* Update formatting of README to meet Puppet Labs best practices (Will Hopper)\n* Support for ICMP6 type code resolutions (Dan Carley)\n* Insert order hash included chains from different tables (Ken Barber)\n* rspec 2.11 compatibility (Jonathan Boyett)\n* Add missing class declaration in README (sfozz)\n* array_matching is contraindicated (Sharif Nassar)\n* Convert port Fixnum into strings (Sharif Nassar)\n* Update test framework to the modern age (Ken Barber)\n* working with ip6tables support (wuwx)\n* Remove gemfile.lock and add to gitignore (William Van Hevelingen)\n* Update travis and gemfile to be like stdlib travis files (William Van Hevelingen)\n* Add support for -m socket option (Ken Barber)\n* Add support for single --sport and --dport parsing (Ken Barber)\n* Fix tests for Ruby 1.9.3 from 3e13bf3 (Dan Carley)\n* Mock Resolv.getaddress in #host_to_ip (Dan Carley)\n* Update docs for source and dest - they are not arrays (Ken Barber)\n\n---------------------------------------\n\n#### 0.0.4 - 2011/12/05\n\nThis release adds two new parameters, 'uid' and 'gid'. As a part of the owner module, these params allow you to specify a uid, username, gid, or group got a match:\n\n firewall { '497 match uid':\n port => '123',\n proto => 'mangle',\n chain => 'OUTPUT',\n action => 'drop'\n uid => '123'\n }\n\nThis release also adds value munging for the 'log_level', 'source', and 'destination' parameters. The 'source' and 'destination' now support hostnames:\n\n firewall { '498 accept from puppetlabs.com':\n port => '123',\n proto => 'tcp',\n source => 'puppetlabs.com',\n action => 'accept'\n }\n\n\nThe 'log_level' parameter now supports using log level names, such as 'warn', 'debug', and 'panic':\n\n firewall { '499 logging':\n port => '123',\n proto => 'udp',\n log_level => 'debug',\n action => 'drop'\n }\n\nAdditional changes include iptables and ip6tables version facts, general whitespace cleanup, and adding additional unit tests.\n\n##### Changes\n\n* (#10957) add iptables_version and ip6tables_version facts\n* (#11093) Improve log_level property so it converts names to numbers\n* (#10723) Munge hostnames and IPs to IPs with CIDR\n* (#10718) Add owner-match support\n* (#10997) Add fixtures for ipencap\n* (#11034) Whitespace cleanup\n* (#10690) add port property support to ip6tables\n\n---------------------------------------\n\n#### 0.0.3 - 2011/11/12\n\nThis release introduces a new parameter 'port' which allows you to set both\nsource and destination ports for a match:\n\n firewall { "500 allow NTP requests":\n port => "123",\n proto => "udp",\n action => "accept",\n }\n\nWe also have the limit parameter finally working:\n\n firewall { "500 limit HTTP requests":\n dport => 80,\n proto => tcp,\n limit => "60/sec",\n burst => 30,\n action => accept,\n }\n\nState ordering has been fixed now, and more characters are allowed in the\nnamevar:\n\n* Alphabetical\n* Numbers\n* Punctuation\n* Whitespace\n\n##### Changes\n\n* (#10693) Ensure -m limit is added for iptables when using 'limit' param\n* (#10690) Create new port property\n* (#10700) allow additional characters in comment string\n* (#9082) Sort iptables --state option values internally to keep it consistent across runs\n* (#10324) Remove extraneous whitespace from iptables rule line in spec tests\n\n---------------------------------------\n\n#### 0.0.2 - 2011/10/26\n\nThis is largely a maintanence and cleanup release, but includes the ability to\nspecify ranges of ports in the sport/dport parameter:\n\n firewall { "500 allow port range":\n dport => ["3000-3030","5000-5050"],\n sport => ["1024-65535"],\n action => "accept",\n }\n\n##### Changes\n\n* (#10295) Work around bug #4248 whereby the puppet/util paths are not being loaded correctly on the puppetmaster\n* (#10002) Change to dport and sport to handle ranges, and fix handling of name to name to port\n* (#10263) Fix tests on Puppet 2.6.x\n* (#10163) Cleanup some of the inline documentation and README file to align with general forge usage\n\n---------------------------------------\n\n#### 0.0.1 - 2011/10/18\n\nInitial release.\n\n##### Changes\n\n* (#9362) Create action property and perform transformation for accept, drop, reject value for iptables jump parameter\n* (#10088) Provide a customised version of CONTRIBUTING.md\n* (#10026) Re-arrange provider and type spec files to align with Puppet\n* (#10026) Add aliases for test,specs,tests to Rakefile and provide -T as default\n* (#9439) fix parsing and deleting existing rules\n* (#9583) Fix provider detection for gentoo and unsupported linuxes for the iptables provider\n* (#9576) Stub provider so it works properly outside of Linux\n* (#9576) Align spec framework with Puppet core\n* and lots of other earlier development tasks ...\n
Puppet Firewall Module - Puppet module for managing Firewalls\n\nCopyright (C) 2011-2013 Puppet Labs, Inc.\nCopyright (C) 2011 Jonathan Boyett\nCopyright (C) 2011 Media Temple, Inc.\n\nSome of the iptables code was taken from puppet-iptables which was:\n\nCopyright (C) 2011 Bob.sh Limited\nCopyright (C) 2008 Camptocamp Association\nCopyright (C) 2007 Dmitri Priimak\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n
This module provides a "standard library" of resources for developing Puppet\nModules. This modules will include the following additions to Puppet
\n\nThis module is officially curated and provided by Puppet Labs. The modules\nPuppet Labs writes and distributes will make heavy use of this standard\nlibrary.
\n\nTo report or research a bug with any part of this module, please go to\nhttp://projects.puppetlabs.com/projects/stdlib
\n\nThis module follows semver.org (v1.0.0) versioning guidelines. The standard\nlibrary module is released as part of Puppet\nEnterprise and as a result\nolder versions of Puppet Enterprise that Puppet Labs still supports will have\nbugfix maintenance branches periodically "merged up" into master. The current\nlist of integration branches are:
\n\nThe first Puppet Enterprise version including the stdlib module is Puppet\nEnterprise 1.2.
\n\nThe stdlib module does not work with Puppet versions released prior to Puppet\n2.6.0.
\n\nAll stdlib releases in the 2.0 major version support Puppet 2.6 and Puppet 2.7.
\n\nThe 3.0 major release of stdlib drops support for Puppet 2.6. Stdlib 3.x\nsupports Puppet 2.7.
\n\nReturns the absolute value of a number, for example -34.56 becomes 34.56. Takes\na single integer and float value as an argument.
\n\nConverts a boolean to a number. Converts the values:\nfalse, f, 0, n, and no to 0\ntrue, t, 1, y, and yes to 1\n Requires a single boolean or string as an input.
\n\nCapitalizes the first letter of a string or array of strings.\nRequires either a single string or an array as an input.
\n\nRemoves the record separator from the end of a string or an array of strings,\nfor example hello\\n
becomes hello
. Requires a single string or array as an\ninput.
Returns a new string with the last character removed. If the string ends\nwith \\r\\n
, both characters are removed. Applying chop to an empty\nstring returns an empty string. If you wish to merely remove record\nseparators then you should use the chomp
function.\nRequires a string or array of strings as input.
Takes a resource reference and an optional hash of attributes.
\n\nReturns true if a resource with the specified attributes has already been added\nto the catalog, and false otherwise.
\n\nuser { 'dan':\n ensure => present,\n}\n\nif ! defined_with_params(User[dan], {'ensure' => 'present' }) {\n user { 'dan': ensure => present, }\n}\n
\n\nDeletes a selected element from an array.
\n\nExamples:
\n\ndelete(['a','b','c'], 'b')\n
\n\nWould return: ['a','c']
\n\nDeletes a determined indexed value from an array.
\n\nExamples:
\n\ndelete_at(['a','b','c'], 1)\n
\n\nWould return: ['a','c']
\n\nConverts the case of a string or all strings in an array to lower case.
\n\nReturns true if the variable is empty.
\n\nTakes a resource type, title, and a list of attributes that describe a\nresource.
\n\nuser { 'dan':\n ensure => present,\n}\n
\n\nThis example only creates the resource if it does not already exist:
\n\nensure_resource('user, 'dan', {'ensure' => 'present' })\n
\n\nIf the resource already exists but does not match the specified parameters,\nthis function will attempt to recreate the resource leading to a duplicate\nresource definition error.
\n\nThis function flattens any deeply nested arrays and returns a single flat array\nas a result.
\n\nExamples:
\n\nflatten(['a', ['b', ['c']]])\n
\n\nWould return: ['a','b','c']
\n\nRotates an array a random number of times based on a nodes fqdn.
\n\nReturns the absolute path of the specified module for the current\nenvironment.
\n\nExample:\n $module_path = get_module_path('stdlib')
\n\nLookup a variable in a remote namespace.
\n\nFor example:
\n\n$foo = getvar('site::data::foo')\n# Equivalent to $foo = $site::data::foo\n
\n\nThis is useful if the namespace itself is stored in a string:
\n\n$datalocation = 'site::data'\n$bar = getvar("${datalocation}::bar")\n# Equivalent to $bar = $site::data::bar\n
\n\nThis function searches through an array and returns any elements that match\nthe provided regular expression.
\n\nExamples:
\n\ngrep(['aaa','bbb','ccc','aaaddd'], 'aaa')\n
\n\nWould return:
\n\n['aaa','aaaddd']\n
\n\nDetermine if a hash has a certain key value.
\n\nExample:
\n\n$my_hash = {'key_one' => 'value_one'}\nif has_key($my_hash, 'key_two') {\n notice('we will not reach here')\n}\nif has_key($my_hash, 'key_one') {\n notice('this will be printed')\n}\n
\n\nThis function converts and array into a hash.
\n\nExamples:
\n\nhash(['a',1,'b',2,'c',3])\n
\n\nWould return: {'a'=>1,'b'=>2,'c'=>3}
\n\nReturns true if the variable passed to this function is an array.
\n\nReturns true if the string passed to this function is a syntactically correct domain name.
\n\nReturns true if the variable passed to this function is a float.
\n\nReturns true if the variable passed to this function is a hash.
\n\nReturns true if the variable returned to this string is an integer.
\n\nReturns true if the string passed to this function is a valid IP address.
\n\nReturns true if the string passed to this function is a valid mac address.
\n\nReturns true if the variable passed to this function is a number.
\n\nReturns true if the variable passed to this function is a string.
\n\nThis function joins an array into a string using a seperator.
\n\nExamples:
\n\njoin(['a','b','c'], ",")\n
\n\nWould result in: "a,b,c"
\n\nReturns the keys of a hash as an array.
\n\nLoad a YAML file containing an array, string, or hash, and return the data\nin the corresponding native data type.
\n\nFor example:
\n\n$myhash = loadyaml('/etc/puppet/data/myhash.yaml')\n
\n\nStrips leading spaces to the left of a string.
\n\nThis function determines if a variable is a member of an array.
\n\nExamples:
\n\nmember(['a','b'], 'b')\n
\n\nWould return: true
\n\nmember(['a','b'], 'c')\n
\n\nWould return: false
\n\nMerges two or more hashes together and returns the resulting hash.
\n\nFor example:
\n\n$hash1 = {'one' => 1, 'two', => 2}\n$hash2 = {'two' => 'dos', 'three', => 'tres'}\n$merged_hash = merge($hash1, $hash2)\n# The resulting hash is equivalent to:\n# $merged_hash = {'one' => 1, 'two' => 'dos', 'three' => 'tres'}\n
\n\nWhen there is a duplicate key, the key in the rightmost hash will "win."
\n\nThis function converts a number into a true boolean. Zero becomes false. Numbers\nhigher then 0 become true.
\n\nThis function accepts JSON as a string and converts into the correct Puppet\nstructure.
\n\nThis function accepts YAML as a string and converts it into the correct\nPuppet structure.
\n\nThis function applies a prefix to all elements in an array.
\n\nExamles:
\n\nprefix(['a','b','c'], 'p')\n
\n\nWill return: ['pa','pb','pc']
\n\nWhen given range in the form of (start, stop) it will extrapolate a range as\nan array.
\n\nExamples:
\n\nrange("0", "9")\n
\n\nWill return: [0,1,2,3,4,5,6,7,8,9]
\n\nrange("00", "09")\n
\n\nWill return: 0,1,2,3,4,5,6,7,8,9
\n\nrange("a", "c")\n
\n\nWill return: ["a","b","c"]
\n\nrange("host01", "host10")\n
\n\nWill return: ["host01", "host02", ..., "host09", "host10"]
\n\nReverses the order of a string or array.
\n\nStrips leading spaces to the right of the string.
\n\nRandomizes the order of a string or array elements.
\n\nReturns the number of elements in a string or array.
\n\nSorts strings and arrays lexically.
\n\nReturns a new string where runs of the same character that occur in this set\nare replaced by a single character.
\n\nThis converts a string to a boolean. This attempt to convert strings that\ncontain things like: y, 1, t, true to 'true' and strings that contain things\nlike: 0, f, n, false, no to 'false'.
\n\nThis converts a string to a salted-SHA512 password hash (which is used for OS X\nversions >= 10.7). Given any simple string, you will get a hex version of a\nsalted-SHA512 password hash that can be inserted into your Puppet manifests as\na valid password attribute.
\n\nThis function returns formatted time.
\n\nExamples:
\n\nTo return the time since epoch:
\n\nstrftime("%s")\n
\n\nTo return the date:
\n\nstrftime("%Y-%m-%d")\n
\n\nFormat meaning:
\n\n%a - The abbreviated weekday name (``Sun'')\n%A - The full weekday name (``Sunday'')\n%b - The abbreviated month name (``Jan'')\n%B - The full month name (``January'')\n%c - The preferred local date and time representation\n%C - Century (20 in 2009)\n%d - Day of the month (01..31)\n%D - Date (%m/%d/%y)\n%e - Day of the month, blank-padded ( 1..31)\n%F - Equivalent to %Y-%m-%d (the ISO 8601 date format)\n%h - Equivalent to %b\n%H - Hour of the day, 24-hour clock (00..23)\n%I - Hour of the day, 12-hour clock (01..12)\n%j - Day of the year (001..366)\n%k - hour, 24-hour clock, blank-padded ( 0..23)\n%l - hour, 12-hour clock, blank-padded ( 0..12)\n%L - Millisecond of the second (000..999)\n%m - Month of the year (01..12)\n%M - Minute of the hour (00..59)\n%n - Newline (\n
\n\n)\n %N - Fractional seconds digits, default is 9 digits (nanosecond)\n %3N millisecond (3 digits)\n %6N microsecond (6 digits)\n %9N nanosecond (9 digits)\n %p - Meridian indicator (AM'' or
PM'')\n %P - Meridian indicator (am'' or
pm'')\n %r - time, 12-hour (same as %I:%M:%S %p)\n %R - time, 24-hour (%H:%M)\n %s - Number of seconds since 1970-01-01 00:00:00 UTC.\n %S - Second of the minute (00..60)\n %t - Tab character ( )\n %T - time, 24-hour (%H:%M:%S)\n %u - Day of the week as a decimal, Monday being 1. (1..7)\n %U - Week number of the current year,\n starting with the first Sunday as the first\n day of the first week (00..53)\n %v - VMS date (%e-%b-%Y)\n %V - Week number of year according to ISO 8601 (01..53)\n %W - Week number of the current year,\n starting with the first Monday as the first\n day of the first week (00..53)\n %w - Day of the week (Sunday is 0, 0..6)\n %x - Preferred representation for the date alone, no time\n %X - Preferred representation for the time alone, no date\n %y - Year without a century (00..99)\n %Y - Year with century\n %z - Time zone as hour offset from UTC (e.g. +0900)\n %Z - Time zone name\n %% - Literal ``%'' character
This function removes leading and trailing whitespace from a string or from\nevery string inside an array.
\n\nExamples:
\n\nstrip(" aaa ")\n
\n\nWould result in: "aaa"
\n\nThis function will swap the existing case of a string.
\n\nExamples:
\n\nswapcase("aBcD")\n
\n\nWould result in: "AbCd"
\n\nThis function will return the current time since epoch as an integer.
\n\nExamples:
\n\ntime()\n
\n\nWill return something like: 1311972653
\n\nConverts the argument into bytes, for example 4 kB becomes 4096.\nTakes a single string value as an argument.
\n\nReturns the type when passed a variable. Type can be one of:
\n\nboolean
Type: rvalue
This function will remove duplicates from strings and arrays.
\n\nExamples:
\n\nunique("aabbcc")\n
\n\nWill return:
\n\nabc\n
\n\nYou can also use this with arrays:
\n\nunique(["a","a","b","b","c","c"])\n
\n\nThis returns:
\n\n["a","b","c"]\n
\n\nConverts a string or an array of strings to uppercase.
\n\nExamples:
\n\nupcase("abcd")\n
\n\nWill return:
\n\nABCD\n
\n\nValidate the string represents an absolute path in the filesystem. This function works\nfor windows and unix style paths.
\n\nThe following values will pass:
\n\n$my_path = "C:/Program Files (x86)/Puppet Labs/Puppet"\nvalidate_absolute_path($my_path)\n$my_path2 = "/var/lib/puppet"\nvalidate_absolute_path($my_path2)\n
\n\nThe following values will fail, causing compilation to abort:
\n\nvalidate_absolute_path(true)\nvalidate_absolute_path([ 'var/lib/puppet', '/var/foo' ])\nvalidate_absolute_path([ '/var/lib/puppet', 'var/foo' ])\n$undefined = undef\nvalidate_absolute_path($undefined)\n
\n\nValidate that all passed values are array data structures. Abort catalog\ncompilation if any value fails this check.
\n\nThe following values will pass:
\n\n$my_array = [ 'one', 'two' ]\nvalidate_array($my_array)\n
\n\nThe following values will fail, causing compilation to abort:
\n\nvalidate_array(true)\nvalidate_array('some_string')\n$undefined = undef\nvalidate_array($undefined)\n
\n\nValidate that all passed values are either true or false. Abort catalog\ncompilation if any value fails this check.
\n\nThe following values will pass:
\n\n$iamtrue = true\nvalidate_bool(true)\nvalidate_bool(true, true, false, $iamtrue)\n
\n\nThe following values will fail, causing compilation to abort:
\n\n$some_array = [ true ]\nvalidate_bool("false")\nvalidate_bool("true")\nvalidate_bool($some_array)\n
\n\nValidate that all passed values are hash data structures. Abort catalog\ncompilation if any value fails this check.
\n\nThe following values will pass:
\n\n$my_hash = { 'one' => 'two' }\nvalidate_hash($my_hash)\n
\n\nThe following values will fail, causing compilation to abort:
\n\nvalidate_hash(true)\nvalidate_hash('some_string')\n$undefined = undef\nvalidate_hash($undefined)\n
\n\nPerform simple validation of a string against one or more regular\nexpressions. The first argument of this function should be a string to\ntest, and the second argument should be a stringified regular expression\n(without the // delimiters) or an array of regular expressions. If none\nof the regular expressions match the string passed in, compilation will\nabort with a parse error.
\n\nIf a third argument is specified, this will be the error message raised and\nseen by the user.
\n\nThe following strings will validate against the regular expressions:
\n\nvalidate_re('one', '^one$')\nvalidate_re('one', [ '^one', '^two' ])\n
\n\nThe following strings will fail to validate, causing compilation to abort:
\n\nvalidate_re('one', [ '^two', '^three' ])\n
\n\nA helpful error message can be returned like this:
\n\nvalidate_re($::puppetversion, '^2.7', 'The $puppetversion fact value does not match 2.7')\n
\n\nValidate that the first argument is a string (or an array of strings), and\nless/equal to than the length of the second argument. It fails if the first\nargument is not a string or array of strings, and if arg 2 is not convertable\nto a number.
\n\nThe following values will pass:
\n\nvalidate_slength("discombobulate",17)\n validate_slength(["discombobulate","moo"],17)
\n\nThe following valueis will not:
\n\nvalidate_slength("discombobulate",1)\n validate_slength(["discombobulate","thermometer"],5)
\n\nValidate that all passed values are string data structures. Abort catalog\ncompilation if any value fails this check.
\n\nThe following values will pass:
\n\n$my_string = "one two"\nvalidate_string($my_string, 'three')\n
\n\nThe following values will fail, causing compilation to abort:
\n\nvalidate_string(true)\nvalidate_string([ 'some', 'array' ])\n$undefined = undef\nvalidate_string($undefined)\n
\n\nWhen given a hash this function will return the values of that hash.
\n\nExamples:
\n\n$hash = {\n 'a' => 1,\n 'b' => 2,\n 'c' => 3,\n}\nvalues($hash)\n
\n\nThis example would return:
\n\n[1,2,3]\n
\n\nFinds value inside an array based on location.
\n\nThe first argument is the array you want to analyze, and the second element can\nbe a combination of:
\n\nExamples:
\n\nvalues_at(['a','b','c'], 2)\n
\n\nWould return ['c'].
\n\nvalues_at(['a','b','c'], ["0-1"])\n
\n\nWould return ['a','b'].
\n\nvalues_at(['a','b','c','d','e'], [0, "2-3"])\n
\n\nWould return ['a','c','d'].
\n\nTakes one element from first array and merges corresponding elements from second array. This generates a sequence of n-element arrays, where n is one more than the count of arguments.
\n\nExample:
\n\nzip(['1','2','3'],['4','5','6'])\n
\n\nWould result in:
\n\n["1", "4"], ["2", "5"], ["3", "6"]\n
\n\n2012-11-28 - Peter Meier <peter.meier@immerda.ch> - 3.2.0\n * Add reject() function (a79b2cd)\n\n2012-09-18 - Chad Metcalf <chad@wibidata.com> - 3.2.0\n * Add an ensure_packages function. (8a8c09e)\n\n2012-11-23 - Erik Dalén <dalen@spotify.com> - 3.2.0\n * (#17797) min() and max() functions (9954133)\n\n2012-05-23 - Peter Meier <peter.meier@immerda.ch> - 3.2.0\n * (#14670) autorequire a file_line resource's path (dfcee63)\n\n2012-11-19 - Joshua Harlan Lifton <lifton@puppetlabs.com> - 3.2.0\n * Add join_keys_to_values function (ee0f2b3)\n\n2012-11-17 - Joshua Harlan Lifton <lifton@puppetlabs.com> - 3.2.0\n * Extend delete function for strings and hashes (7322e4d)\n\n2012-08-03 - Gary Larizza <gary@puppetlabs.com> - 3.2.0\n * Add the pick() function (ba6dd13)\n\n2012-03-20 - Wil Cooley <wcooley@pdx.edu> - 3.2.0\n * (#13974) Add predicate functions for interface facts (f819417)\n\n2012-11-06 - Joe Julian <me@joejulian.name> - 3.2.0\n * Add function, uriescape, to URI.escape strings. Redmine #17459 (70f4a0e)\n\n2012-10-25 - Jeff McCune <jeff@puppetlabs.com> - 3.1.1\n * (maint) Fix spec failures resulting from Facter API changes (97f836f)\n\n2012-10-23 - Matthaus Owens <matthaus@puppetlabs.com> - 3.1.0\n * Add PE facts to stdlib (cdf3b05)\n\n2012-08-16 - Jeff McCune <jeff@puppetlabs.com> - 3.0.1\n * Fix accidental removal of facts_dot_d.rb in 3.0.0 release\n\n2012-08-16 - Jeff McCune <jeff@puppetlabs.com> - 3.0.0\n * stdlib 3.0 drops support with Puppet 2.6\n * stdlib 3.0 preserves support with Puppet 2.7\n\n2012-08-07 - Dan Bode <dan@puppetlabs.com> - 3.0.0\n * Add function ensure_resource and defined_with_params (ba789de)\n\n2012-07-10 - Hailee Kenney <hailee@puppetlabs.com> - 3.0.0\n * (#2157) Remove facter_dot_d for compatibility with external facts (f92574f)\n\n2012-04-10 - Chris Price <chris@puppetlabs.com> - 3.0.0\n * (#13693) moving logic from local spec_helper to puppetlabs_spec_helper (85f96df)\n\n2012-10-25 - Jeff McCune <jeff@puppetlabs.com> - 2.5.1\n * (maint) Fix spec failures resulting from Facter API changes (97f836f)\n\n2012-10-23 - Matthaus Owens <matthaus@puppetlabs.com> - 2.5.0\n * Add PE facts to stdlib (cdf3b05)\n\n2012-08-15 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Explicitly load functions used by ensure_resource (9fc3063)\n\n2012-08-13 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Add better docs about duplicate resource failures (97d327a)\n\n2012-08-13 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Handle undef for parameter argument (4f8b133)\n\n2012-08-07 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Add function ensure_resource and defined_with_params (a0cb8cd)\n\n2012-08-20 - Jeff McCune <jeff@puppetlabs.com> - 2.5.0\n * Disable tests that fail on 2.6.x due to #15912 (c81496e)\n\n2012-08-20 - Jeff McCune <jeff@puppetlabs.com> - 2.5.0\n * (Maint) Fix mis-use of rvalue functions as statements (4492913)\n\n2012-08-20 - Jeff McCune <jeff@puppetlabs.com> - 2.5.0\n * Add .rspec file to repo root (88789e8)\n\n2012-06-07 - Chris Price <chris@puppetlabs.com> - 2.4.0\n * Add support for a 'match' parameter to file_line (a06c0d8)\n\n2012-08-07 - Erik Dalén <dalen@spotify.com> - 2.4.0\n * (#15872) Add to_bytes function (247b69c)\n\n2012-07-19 - Jeff McCune <jeff@puppetlabs.com> - 2.4.0\n * (Maint) use PuppetlabsSpec::PuppetInternals.scope (master) (deafe88)\n\n2012-07-10 - Hailee Kenney <hailee@puppetlabs.com> - 2.4.0\n * (#2157) Make facts_dot_d compatible with external facts (5fb0ddc)\n\n2012-03-16 - Steve Traylen <steve.traylen@cern.ch> - 2.4.0\n * (#13205) Rotate array/string randomley based on fqdn, fqdn_rotate() (fef247b)\n\n2012-05-22 - Peter Meier <peter.meier@immerda.ch> - 2.3.3\n * fix regression in #11017 properly (f0a62c7)\n\n2012-05-10 - Jeff McCune <jeff@puppetlabs.com> - 2.3.3\n * Fix spec tests using the new spec_helper (7d34333)\n\n2012-05-10 - Puppet Labs <support@puppetlabs.com> - 2.3.2\n * Make file_line default to ensure => present (1373e70)\n * Memoize file_line spec instance variables (20aacc5)\n * Fix spec tests using the new spec_helper (1ebfa5d)\n * (#13595) initialize_everything_for_tests couples modules Puppet ver (3222f35)\n * (#13439) Fix MRI 1.9 issue with spec_helper (15c5fd1)\n * (#13439) Fix test failures with Puppet 2.6.x (665610b)\n * (#13439) refactor spec helper for compatibility with both puppet 2.7 and master (82194ca)\n * (#13494) Specify the behavior of zero padded strings (61891bb)\n\n2012-03-29 Puppet Labs <support@puppetlabs.com> - 2.1.3\n* (#11607) Add Rakefile to enable spec testing\n* (#12377) Avoid infinite loop when retrying require json\n\n2012-03-13 Puppet Labs <support@puppetlabs.com> - 2.3.1\n* (#13091) Fix LoadError bug with puppet apply and puppet_vardir fact\n\n2012-03-12 Puppet Labs <support@puppetlabs.com> - 2.3.0\n* Add a large number of new Puppet functions\n* Backwards compatibility preserved with 2.2.x\n\n2011-12-30 Puppet Labs <support@puppetlabs.com> - 2.2.1\n* Documentation only release for the Forge\n\n2011-12-30 Puppet Labs <support@puppetlabs.com> - 2.1.2\n* Documentation only release for PE 2.0.x\n\n2011-11-08 Puppet Labs <support@puppetlabs.com> - 2.2.0\n* #10285 - Refactor json to use pson instead.\n* Maint - Add watchr autotest script\n* Maint - Make rspec tests work with Puppet 2.6.4\n* #9859 - Add root_home fact and tests\n\n2011-08-18 Puppet Labs <support@puppetlabs.com> - 2.1.1\n* Change facts.d paths to match Facter 2.0 paths.\n* /etc/facter/facts.d\n* /etc/puppetlabs/facter/facts.d\n\n2011-08-17 Puppet Labs <support@puppetlabs.com> - 2.1.0\n* Add R.I. Pienaar's facts.d custom facter fact\n* facts defined in /etc/facts.d and /etc/puppetlabs/facts.d are\n automatically loaded now.\n\n2011-08-04 Puppet Labs <support@puppetlabs.com> - 2.0.0\n* Rename whole_line to file_line\n* This is an API change and as such motivating a 2.0.0 release according to semver.org.\n\n2011-08-04 Puppet Labs <support@puppetlabs.com> - 1.1.0\n* Rename append_line to whole_line\n* This is an API change and as such motivating a 1.1.0 release.\n\n2011-08-04 Puppet Labs <support@puppetlabs.com> - 1.0.0\n* Initial stable release\n* Add validate_array and validate_string functions\n* Make merge() function work with Ruby 1.8.5\n* Add hash merging function\n* Add has_key function\n* Add loadyaml() function\n* Add append_line native\n\n2011-06-21 Jeff McCune <jeff@puppetlabs.com> - 0.1.7\n* Add validate_hash() and getvar() functions\n\n2011-06-15 Jeff McCune <jeff@puppetlabs.com> - 0.1.6\n* Add anchor resource type to provide containment for composite classes\n\n2011-06-03 Jeff McCune <jeff@puppetlabs.com> - 0.1.5\n* Add validate_bool() function to stdlib\n\n0.1.4 2011-05-26 Jeff McCune <jeff@puppetlabs.com>\n* Move most stages after main\n\n0.1.3 2011-05-25 Jeff McCune <jeff@puppetlabs.com>\n* Add validate_re() function\n\n0.1.2 2011-05-24 Jeff McCune <jeff@puppetlabs.com>\n* Update to add annotated tag\n\n0.1.1 2011-05-24 Jeff McCune <jeff@puppetlabs.com>\n* Add stdlib::stages class with a standard set of stages\n
Copyright (C) 2011 Puppet Labs Inc\n\nand some parts:\n\nCopyright (C) 2011 Krzysztof Wilczynski\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n
The APT module provides a simple interface for managing APT source, key, and definitions with Puppet.
\n\nAPT automates obtaining and installing software packages on *nix systems.
\n\nWhat APT affects:
\n\nsources.list
file and sources.list.d
directory\n\npurge_sources_list
and purge_sources_list_d
parameters to 'true' will destroy any existing content that was not declared with Puppet. The default for these parameters is 'false'.To begin using the APT module with default parameters, declare the class
\n\nclass { 'apt': }\n
\n\nPuppet code that uses anything from the APT module requires that the core apt class be declared.
\n\nUsing the APT module consists predominantly in declaring classes that provide desired functionality and features.
\n\napt
provides a number of common resources and options that are shared by the various defined types in this module, so you MUST always include this class in your manifests.
The parameters for apt
are not required in general and are predominantly for development environment use-cases.
class { 'apt':\n always_apt_update => false,\n disable_keys => undef,\n proxy_host => false,\n proxy_port => '8080',\n purge_sources_list => false,\n purge_sources_list_d => false,\n purge_preferences_d => false\n}\n
\n\nPuppet will manage your system's sources.list
file and sources.list.d
directory but will do its best to respect existing content.
If you declare your apt class with purge_sources_list
and purge_sources_list_d
set to 'true', Puppet will unapologetically purge any existing content it finds that wasn't declared with Puppet.
Installs the build depends of a specified package.
\n\napt::builddep { 'glusterfs-server': }\n
\n\nForces a package to be installed from a specific release. This class is particularly useful when using repositories, like Debian, that are unstable in Ubuntu.
\n\napt::force { 'glusterfs-server':\n release => 'unstable',\n version => '3.0.3',\n require => Apt::Source['debian_unstable'],\n}\n
\n\nAdds a key to the list of keys used by APT to authenticate packages.
\n\napt::key { 'puppetlabs':\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n\napt::key { 'jenkins':\n key => 'D50582E6',\n key_source => 'http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key',\n}\n
\n\nNote that use of key_source
requires wget to be installed and working.
Adds an apt pin for a certain release.
\n\napt::pin { 'karmic': priority => 700 }\napt::pin { 'karmic-updates': priority => 700 }\napt::pin { 'karmic-security': priority => 700 }\n
\n\nNote you can also specifying more complex pins using distribution properties.
\n\napt::pin { 'stable':\n priority => -10,\n originator => 'Debian',\n release_version => '3.0',\n component => 'main',\n label => 'Debian'\n}\n
\n\nAdds a ppa repository using add-apt-repository
.
apt::ppa { 'ppa:drizzle-developers/ppa': }\n
\n\nSets the default apt release. This class is particularly useful when using repositories, like Debian, that are unstable in Ubuntu.
\n\nclass { 'apt::release':\n release_id => 'precise',\n}\n
\n\nAdds an apt source to /etc/apt/sources.list.d/
.
apt::source { 'debian_unstable':\n location => 'http://debian.mirror.iweb.ca/debian/',\n release => 'unstable',\n repos => 'main contrib non-free',\n required_packages => 'debian-keyring debian-archive-keyring',\n key => '55BE302B',\n key_server => 'subkeys.pgp.net',\n pin => '-10',\n include_src => true\n}\n
\n\nIf you would like to configure your system so the source is the Puppet Labs APT repository
\n\napt::source { 'puppetlabs':\n location => 'http://apt.puppetlabs.com',\n repos => 'main',\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n
\n\nThe APT module is mostly a collection of defined resource types, which provide reusable logic that can be leveraged to manage APT. It does provide smoke tests for testing functionality on a target system, as well as spec tests for checking a compiled catalog against an expected set of resources.
\n\nThis test will set up a Puppet Labs apt repository. Start by creating a new smoke test in the apt module's test folder. Call it puppetlabs-apt.pp. Inside, declare a single resource representing the Puppet Labs APT source and gpg key
\n\napt::source { 'puppetlabs':\n location => 'http://apt.puppetlabs.com',\n repos => 'main',\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n
\n\nThis resource creates an apt source named puppetlabs and gives Puppet information about the repository's location and key used to sign its packages. Puppet leverages Facter to determine the appropriate release, but you can set it directly by adding the release type.
\n\nCheck your smoke test for syntax errors
\n\n$ puppet parser validate tests/puppetlabs-apt.pp\n
\n\nIf you receive no output from that command, it means nothing is wrong. Then apply the code
\n\n$ puppet apply --verbose tests/puppetlabs-apt.pp\nnotice: /Stage[main]//Apt::Source[puppetlabs]/File[puppetlabs.list]/ensure: defined content as '{md5}3be1da4923fb910f1102a233b77e982e'\ninfo: /Stage[main]//Apt::Source[puppetlabs]/File[puppetlabs.list]: Scheduling refresh of Exec[puppetlabs apt update]\nnotice: /Stage[main]//Apt::Source[puppetlabs]/Exec[puppetlabs apt update]: Triggered 'refresh' from 1 events>\n
\n\nThe above example used a smoke test to easily lay out a resource declaration and apply it on your system. In production, you may want to declare your APT sources inside the classes where they’re needed.
\n\nAdds the necessary components to get backports for Ubuntu and Debian. The release name defaults to $lsbdistcodename
. Setting this manually can cause undefined behavior (read: universe exploding).
This module should work across all versions of Debian/Ubuntu and support all major APT repository management features.
\n\nPuppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.
\n\nWe want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.
\n\nYou can read the complete module contribution guide on the Puppet Labs wiki.
\n\nA lot of great people have contributed to this module. A somewhat current list follows:
\n\n## puppetlabs-apt changelog\n\nRelease notes for the puppetlabs-apt module.\n\n1.2.0\n=====\n\nFeatures:\n- Add geppetto `.project` natures\n- Add GH auto-release\n- Add `apt::key::key_options` parameter\n- Add complex pin support using distribution properties for `apt::pin` via new properties:\n - `apt::pin::codename`\n - `apt::pin::release_version`\n - `apt::pin::component`\n - `apt::pin::originator`\n - `apt::pin::label`\n- Add source architecture support to `apt::source::architecture`\n\nBugfixes:\n- Use apt-get instead of aptitude in apt::force\n- Update default backports location\n- Add dependency for required packages before apt-get update\n\n\n1.1.1\n=====\n\nThis is a bug fix release that resolves a number of issues:\n\n* By changing template variable usage, we remove the deprecation warnings\n for Puppet 3.2.x\n* Fixed proxy file removal, when proxy absent\n\nSome documentation, style and whitespaces changes were also merged. This\nrelease also introduced proper rspec-puppet unit testing on Travis-CI to help\nreduce regression.\n\nThanks to all the community contributors below that made this patch possible.\n\n#### Detail Changes\n\n* fix minor comment type (Chris Rutter)\n* whitespace fixes (Michael Moll)\n* Update travis config file (William Van Hevelingen)\n* Build all branches on travis (William Van Hevelingen)\n* Standardize travis.yml on pattern introduced in stdlib (William Van Hevelingen)\n* Updated content to conform to README best practices template (Lauren Rother)\n* Fix apt::release example in readme (Brian Galey)\n* add @ to variables in template (Peter Hoeg)\n* Remove deprecation warnings for pin.pref.erb as well (Ken Barber)\n* Update travis.yml to latest versions of puppet (Ken Barber)\n* Fix proxy file removal (Scott Barber)\n* Add spec test for removing proxy configuration (Dean Reilly)\n* Fix apt::key listing longer than 8 chars (Benjamin Knofe)\n\n\n---------------------------------------\n\n1.1.0\n=====\n\nThis release includes Ubuntu 12.10 (Quantal) support for PPAs.\n\n---------------------------------------\n\n2012-05-25 Puppet Labs <info@puppetlabs.com> - 0.0.4\n * Fix ppa list filename when there is a period in the PPA name\n * Add .pref extension to apt preferences files\n * Allow preferences to be purged\n * Extend pin support\n\n2012-05-04 Puppet Labs <info@puppetlabs.com> - 0.0.3\n * only invoke apt-get update once\n * only install python-software-properties if a ppa is added\n * support 'ensure => absent' for all defined types\n * add apt::conf\n * add apt::backports\n * fixed Modulefile for module tool dependency resolution\n * configure proxy before doing apt-get update\n * use apt-get update instead of aptitude for apt::ppa\n * add support to pin release\n\n\n2012-03-26 Puppet Labs <info@puppetlabs.com> - 0.0.2\n41cedbb (#13261) Add real examples to smoke tests.\nd159a78 (#13261) Add key.pp smoke test\n7116c7a (#13261) Replace foo source with puppetlabs source\n1ead0bf Ignore pkg directory.\n9c13872 (#13289) Fix some more style violations\n0ea4ffa (#13289) Change test scaffolding to use a module & manifest dir fixture path\na758247 (#13289) Clean up style violations and fix corresponding tests\n99c3fd3 (#13289) Add puppet lint tests to Rakefile\n5148cbf (#13125) Apt keys should be case insensitive\nb9607a4 Convert apt::key to use anchors\n\n2012-03-07 Puppet Labs <info@puppetlabs.com> - 0.0.1\nd4fec56 Modify apt::source release parameter test\n1132a07 (#12917) Add contributors to README\n8cdaf85 (#12823) Add apt::key defined type and modify apt::source to use it\n7c0d10b (#12809) $release should use $lsbdistcodename and fall back to manual input\nbe2cc3e (#12522) Adjust spec test for splitting purge\n7dc60ae (#12522) Split purge option to spare sources.list\n9059c4e Fix source specs to test all key permutations\n8acb202 Add test for python-software-properties package\na4af11f Check if python-software-properties is defined before attempting to define it.\n1dcbf3d Add tests for required_packages change\nf3735d2 Allow duplicate $required_packages\n74c8371 (#12430) Add tests for changes to apt module\n97ebb2d Test two sources with the same key\n1160bcd (#12526) Add ability to reverse apt { disable_keys => true }\n2842d73 Add Modulefile to puppet-apt\nc657742 Allow the use of the same key in multiple sources\n8c27963 (#12522) Adding purge option to apt class\n997c9fd (#12529) Add unit test for apt proxy settings\n50f3cca (#12529) Add parameter to support setting a proxy for apt\nd522877 (#12094) Replace chained .with_* with a hash\n8cf1bd0 (#12094) Remove deprecated spec.opts file\n2d688f4 (#12094) Add rspec-puppet tests for apt\n0fb5f78 (#12094) Replace name with path in file resources\nf759bc0 (#11953) Apt::force passes $version to aptitude\nf71db53 (#11413) Add spec test for apt::force to verify changes to unless\n2f5d317 (#11413) Update dpkg query used by apt::force\ncf6caa1 (#10451) Add test coverage to apt::ppa\n0dd697d include_src parameter in example; Whitespace cleanup\nb662eb8 fix typos in "repositories"\n1be7457 Fix (#10451) - apt::ppa fails to "apt-get update" when new PPA source is added\n864302a Set the pin priority before adding the source (Fix #10449)\n1de4e0a Refactored as per mlitteken\n1af9a13 Added some crazy bash madness to check if the ppa is installed already. Otherwise the manifest tries to add it on every run!\n52ca73e (#8720) Replace Apt::Ppa with Apt::Builddep\n5c05fa0 added builddep command.\na11af50 added the ability to specify the content of a key\nc42db0f Fixes ppa test.\n77d2b0d reformatted whitespace to match recommended style of 2 space indentation.\n27ebdfc ignore swap files.\n377d58a added smoke tests for module.\n18f614b reformatted apt::ppa according to recommended style.\nd8a1e4e Created a params class to hold global data.\n636ae85 Added two params for apt class\n148fc73 Update LICENSE.\ned2d19e Support ability to add more than one PPA\n420d537 Add call to apt-update after add-apt-repository in apt::ppa\n945be77 Add package definition for python-software-properties\n71fc425 Abs paths for all commands\n9d51cd1 Adding LICENSE\n71796e3 Heading fix in README\n87777d8 Typo in README\nf848bac First commit\n
Copyright (c) 2011 Evolving Web Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the "Software"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n
Simple module that can install git or gitosis
\n\nThis module installs the git revision control system on a target node. It does not manage a git server or any associated services; it simply ensures a bare minimum set of features (e.g. just a package) to use git.
\n\nThe specifics managed by the module may vary depending on the platform.
\n\nSimply include the git
class.
include git\n
\n\nThis module is known to work with the following operating system families:
\n\nPuppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.
\n\nWe want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.
\n\nYou can read the complete module contribution guide on the Puppet Labs wiki.
\nApache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n "License" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n "Licensor" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n "Legal Entity" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n "control" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n "You" (or "Your") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n "Source" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n "Object" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n "Work" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n "Derivative Works" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n "Contribution" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, "submitted"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as "Not a Contribution."\n\n "Contributor" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a "NOTICE" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets "[]"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same "printed page" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright [yyyy] [name of copyright owner]\n\n Licensed under the Apache License, Version 2.0 (the "License");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n
Apache is widely-used web server and this module will allow to configure\nvarious modules and setup virtual hosts with minimal effort.
\n\nTo install Apache
\n\nclass {'apache': }\n
\n\nTo install the Apache PHP module
\n\nclass {'apache::mod::php': }\n
\n\nYou can easily configure many parameters of a virtual host. A minimal\nexample is:
\n\napache::vhost { 'www.example.com':\n priority => '10',\n vhost_name => '192.0.2.1',\n port => '80',\n}\n
\n\nA slightly more complicated example, which moves the docroot and\nlogfile to an alternate location, might be:
\n\napache::vhost { 'www.example.com':\n priority => '10',\n vhost_name => '192.0.2.1',\n port => '80',\n docroot => '/home/www.example.com/docroot/',\n logroot => '/srv/www.example.com/logroot/',\n serveradmin => 'webmaster@example.com',\n serveraliases => ['example.com',],\n}\n
\n\nSome functionality is dependent on other modules:
\n\n\n\nSince Puppet cannot ensure that all parent directories exist you need to\nmanage these yourself. In the more advanced example above, you need to ensure \nthat /home/www.example.com
and /srv/www.example.com
directories exist.
Copyright (C) 2012 Puppet Labs Inc
\n\nPuppet Labs can be contacted at: info@puppetlabs.com
\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at
\n\nhttp://www.apache.org/licenses/LICENSE-2.0
\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.
\n2013-03-2 Release 0.6.0\n- update travis tests (add more supported versions)\n- add access log_parameter\n- make purging of vhost dir configurable\n\n2012-08-24 Release 0.4.0\nChanges:\n- `include apache` is now required when using apache::mod::*\n\nBugfixes:\n- Fix syntax for validate_re\n- Fix formatting in vhost template\n- Fix spec tests such that they pass\n\n2012-05-08 Puppet Labs <info@puppetlabs.com> - 0.0.4\ne62e362 Fix broken tests for ssl, vhost, vhost::*\n42c6363 Changes to match style guide and pass puppet-lint without error\n42bc8ba changed name => path for file resources in order to name namevar by it's name\n72e13de One end too much\n0739641 style guide fixes: 'true' <> true, $operatingsystem needs to be $::operatingsystem, etc.\n273f94d fix tests\na35ede5 (#13860) Make a2enmod/a2dismo commands optional\n98d774e (#13860) Autorequire Package['httpd']\n05fcec5 (#13073) Add missing puppet spec tests\n541afda (#6899) Remove virtual a2mod definition\n976cb69 (#13072) Move mod python and wsgi package names to params\n323915a (#13060) Add .gitignore to repo\nfdf40af (#13060) Remove pkg directory from source tree\nfd90015 Add LICENSE file and update the ModuleFile\nd3d0d23 Re-enable local php class\nd7516c7 Make management of firewalls configurable for vhosts\n60f83ba Explicitly lookup scope of apache_name in templates.\nf4d287f (#12581) Add explicit ordering for vdir directory\n88a2ac6 (#11706) puppetlabs-apache depends on puppetlabs-firewall\na776a8b (#11071) Fix to work with latest firewall module\n2b79e8b (#11070) Add support for Scientific Linux\n405b3e9 Fix for a2mod\n57b9048 Commit apache::vhost::redirect Manifest\n8862d01 Commit apache::vhost::proxy Manifest\nd5c1fd0 Commit apache::mod::wsgi Manifest\na825ac7 Commit apache::mod::python Manifest\nb77062f Commit Templates\n9a51b4a Vhost File Declarations\n6cf7312 Defaults for Parameters\n6a5b11a Ensure installed\nf672e46 a2mod fix\n8a56ee9 add pthon support to apache\n
Copyright (C) 2012 Puppet Labs Inc\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n
This module manages Ruby and Rubygems on Debian and Redhat based systems.
\n\nversion: (default installed)\nSet the version of Ruby to install
gems_version: (default installed)\nSet the version of Rubygems to be installed
rubygems_update: (default true)\nIf set to true, the module will ensure that the rubygems package is installed\nbut will use rubygems-update (same as gem update --system but versionable) to\nupdate Rubygems to the version defined in $gems_version. If set to false then\nthe rubygems package resource will be versioned from $gems_version
For a standard install using the latest Rubygems provided by rubygems-update on\nCentOS or Redhat use:
\n\nclass { 'ruby':\n gems_version => 'latest'\n}\n
\n\nOn Redhat this is equivilant to
\n\n$ yum install ruby rubygems\n$ gem update --system\n
\n\nTo install a specific version of ruby and rubygems but not use\nrubygems-update use:
\n\nclass { 'ruby':\n version => '1.8.7',\n gems_version => '1.8.24',\n rubygems_update => false\n}\n
\n\nOn Redhat this is equivilent to
\n\n$ yum install ruby-1.8.7 rubygems-1.8.24\n
\nCopyright (C) 2012 Puppet Labs Inc\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n
This type provides the capability to manage firewall rules within \npuppet.
\n\nCurrent support includes:
\n\nWarning! While this software is written in the best interest of quality it has\nnot been formally tested by our QA teams. Use at your own risk, but feel free\nto enjoy and perhaps improve it while you do.
\n\nPlease see the included Apache Software License for more legal details\nregarding warranty.
\n\nAlso as this is a 0.x release the API is still in flux and may change. Make sure\nyou read the release notes before upgrading.
\n\nIf you are intending to use this module it is recommended you obtain this from the\nforge and not Github:
\n\nhttp://forge.puppetlabs.com/puppetlabs/firewall\n
\n\nThe forge releases are vetted releases. Using code from Github means you are\naccessing a development version or early release of the code.
\n\nUsing the puppet-module gem, you can install it into your Puppet's \nmodule path. If you are not sure where your module path is try \nthis command:
\n\npuppet --configprint modulepath\n
\n\nFirstly change into that directory. For example:
\n\ncd /etc/puppet/modules\n
\n\nThen run the module tool:
\n\npuppet-module install puppetlabs-firewall\n
\n\nThis module uses both Ruby based providers so your Puppet configuration\n(ie. puppet.conf) must include the following items:
\n\n[agent]\npluginsync = true\n
\n\nThe module will not operate normally without these features enabled for the\nclient.
\n\nIf you are using environments or with certain versions of Puppet you may\nneed to run Puppet on the master first:
\n\npuppet agent -t --pluginsync --environment production\n
\n\nYou may also need to restart Apache, although this shouldn't always be the\ncase.
\n\nBasic accept ICMP request example:
\n\nfirewall { "000 accept all icmp requests":\n proto => "icmp",\n action => "accept",\n}\n
\n\nDrop all:
\n\nfirewall { "999 drop all other requests":\n action => "drop",\n}\n
\n\nSource NAT example (perfect for a virtualization host):
\n\nfirewall { '100 snat for network foo2':\n chain => 'POSTROUTING',\n jump => 'MASQUERADE',\n proto => 'all',\n outiface => "eth0",\n source => ['10.1.2.0/24'],\n table => 'nat',\n}\n
\n\nYou can make firewall rules persistent with the following iptables example:
\n\nexec { "persist-firewall":\n command => $operatingsystem ? {\n "debian" => "/sbin/iptables-save > /etc/iptables/rules.v4",\n /(RedHat|CentOS)/ => "/sbin/iptables-save > /etc/sysconfig/iptables",\n }\n refreshonly => true,\n}\nFirewall {\n notify => Exec["persist-firewall"]\n}\n
\n\nIf you wish to ensure any reject rules are executed last, try using stages.\nThe following example shows the creation of a class which is where your\nlast rules should run, this however should belong in a puppet module.
\n\nclass my_fw::drop {\n iptables { "999 drop all":\n action => "drop"\n }\n}\n\nstage { pre: before => Stage[main] }\nstage { post: require => Stage[main] }\n\nclass { "my_fw::drop": stage => "post" }\n
\n\nBy placing the 'my_fw::drop' class in the post stage it will always be inserted\nlast thereby avoiding locking you out before the accept rules are inserted.
\n\nMore documentation is available from the forge for each release:
\n\n<http://forge.puppetlabs.com/puppetlabs/firewall>\n
\n\nOr you can access the inline documentation:
\n\npuppet describe firewall\n
\n\nOr:
\n\npuppet doc -r type\n
\n\n(and search for firewall).
\n\nBugs can be reported in the Puppetlabs Redmine project:
\n\n<http://projects.puppetlabs.com/projects/modules/>\n
\n\nMake sure you read CONTRIBUTING.md before contributing.
\n\nCurrently we support:
\n\nBut plans are to support lots of other firewall implementations:
\n\nIf you have knowledge in these technology, know how to code and wish to contribute \nto this project we would welcome the help.
\n\nMake sure you have:
\n\nrake\n
\n\nInstall the necessary gems:
\n\ngem install rspec\n
\n\nAnd run the tests from the root of the source code:
\n\nrake test\n
\nPuppet Firewall Module - Puppet module for managing Firewalls\n\nCopyright (C) 2011 Puppet Labs, Inc.\nCopyright (C) 2011 Jonathan Boyett\n\nSome of the iptables code was taken from puppet-iptables which was:\n\nCopyright (C) 2011 Bob.sh Limited\nCopyright (C) 2008 Camptocamp Association\nCopyright (C) 2007 Dmitri Priimak\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n
Puppi One and Puppi module written by Alessandro Franceschi / al @ lab42.it
\n\nPuppi Gem by Celso Fernandez / Zertico
\n\nSource: http://www.example42.com
\n\nLicence: Apache 2
\n\nPuppi is a Puppet module and a CLI command.\nIt's data is entirely driven by Puppet code.\nIt can be used to standardize and automate the deployment of web applications\nor to provides quick and standard commands to query and check your system's resources
\n\nIts structure provides FULL flexibility on the actions required for virtually any kind of\napplication deployment and information gathering.
\n\nThe module provides:
\n\nOld-Gen and Next-Gen Puppi implementation
A set of scripts that can be used in chain to automate any kind of deployment
Puppet defines that make it easy to prepare a puppi set of commands for a project deployment
Puppet defines to populate the output of the different actions
Download Puppi from GitHub and place it in your modules directory:
\n\n git clone https://github.com/example42/puppi.git /etc/puppet/modules/puppi\n
\n\nTo use the Puppi "Original, old and widely tested" version, just declare or include the puppi class
\n\n class { 'puppi': }\n
\n\nTo test the Next-Gen version you can perform the following command. Please note that this module is\nnot stable yet:\n class { 'puppi':\n version => '2',\n }
\n\nIf you have resources conflicts, do not install automatically the Puppi dependencies (commands and packages)
\n\n class { 'puppi':\n install_dependencies => false,\n }\n
\n\nOnce Puppi is installed you can use it to:
\n\nEasily define in Puppet manifests Web Applications deploy procedures. For example:
\n\npuppi::project::war { "myapp":\n source => "http://repo.example42.com/deploy/prod/myapp.war",\n deploy_root => "/opt/tomcat/myapp/webapps",\n}\n
Integrate with your modules for puppi check, info and log
Enable Example42 modules integration
The Example42 modules provide (optional) Puppi integration.\nOnce enabled for each module you have puppi check, info and log commands.
\n\nTo eanble Puppi in OldGen Modules, set in the scope these variables:
\n\n $puppi = yes # Enables puppi integration.\n $monitor = yes # Enables automatic monitoring \n $monitor_tool = "puppi" # Sets puppi as monitoring tool\n
\n\nFor the NextGen modules set the same parameters via Hiera, at Top Scope or as class arguments:
\n\n class { 'openssh':\n puppi => yes, \n monitor => yes,\n monitor_tool => 'puppi', \n }\n
\n\n puppi <action> <project_name> [ -options ]\n
\n\nThe puppi command has these possibile actions:
\n\nFirst time initialization of the defined project (if available)\n puppi init
Deploy the specified project\n puppi deploy
Rollback to a previous deploy state\n puppi rollback
Run local checks on system and applications\n puppi check
\n\nTail system or application logs\n puppi log
\n\nShow system information (for all or only the specified topic)\n puppi info [topic]
\n\nShow things to do (or done) manually on the system (not done via Puppet)\n puppi todo
\n\nIn the deploy/rollback/init actions, puppi runs the commands in /etc/puppi/projects/$project/$action, logs their status and then run the commands in /etc/puppi/projects/$project/report to provide reporting, in whatever, pluggable, way.
\n\nYou can also provide some options:
\n\n-f : Force puppi commands execution also on CRITICAL errors
-i : Interactively ask confirmation for every command
-t : Test mode. Just show the commands that should be executed without doing anything
-d
-o "parameter=value parameter2=value2" : Set manual options to override defaults. The options must be in parameter=value syntax, separated by spaces and inside double quotes.
Some common puppi commnds when you log for an application deployment:
\n\n puppi check\n puppi log & # (More readable if done on another window)\n puppi deploy myapp\n puppi check\n puppi info myapp\n
\n\nThe set of commands needed for each of these actions are entirely managed with specific\nPuppet "basic defines":
\n\nCreate the main project structure. One or more different deployment projects can exist on a node.\n puppi::project
\n\nCreate a single command to be placed in the init sequence. It's not required for every project.\n puppi::initialize
\n\nCreate a single command to be placed in the deploy sequence. More than one is generally needed for each project.\n puppi::deploy
\n\nCreate a single command to be placed in the rollback sequence. More than one is generally needed for each project.\n puppi::rollback
\n\nCreate a single check (based on Nagios plugins) for a project or for the whole host (host wide checks are auto generated by Example42 monitor module)\n puppi::check
\n\nCreate a reporting command to be placed in the report sequence.\n puppi::report
\n\nCreate a log filename entry for a project or the whole hosts.\n puppi::log
\n\nCreate an info entry with the commands used to provide info on a topic\n puppi::info
\n\nRead details in the relevant READMEs
\n\nA link to the actual version of puppi enabled\n /usr/sbin/puppi
\n\nThe original puppi bash command.\n /usr/sbin/puppi.one
\n\nPuppi (one) main config file. Various puppi wide paths are defined here.\n /etc/puppi/puppi.conf
\n\nDirectory where by default all the host wide checks can be placed. If you use the Example42 monitor module and have "puppi" as $monitor_tool, this directory is automatically filled with Nagios plugins based checks.\n /etc/puppi/checks/ ($checksdir)
\n\nDirectory that containts projects subdirs, with the commands to be run for deploy, rollback and check actions. They are completely built (and purged) by the Puppet module.\n /etc/puppi/projects/ ($projectsdir)
\n\nThe general-use scripts directory, these are used by the above commands and may require one or more arguments.\n /etc/puppi/scripts/ ($scriptsdir)
\n\nThe general-use directory where files are placed which contain the log paths to be used by puppi log\n /etc/puppi/logs/ ($logssdir)
\n\nThe general-use directory where files are placed which contain the log paths to be used by puppi log\n /etc/puppi/info/ ($infodir)
\n\nWhere all data to rollback is placed.\n /var/lib/puppi/archive/ ($archivedir)
\n\nWhere logs and reports of the different commands are placed.\n /var/log/puppi/ ($logdir)
\n\nTemporary, scratchable, directory where Puppi places temporary files.\n /tmp/puppi/ ($workdir)
\n\nA runtime configuration file, which is used by all all the the scripts invoked by puppi to read and write dynamic variables at runtime. This is necessary to mantain "state" information that changes on every puppi run (such as the deploy datetime, used for backups).\n /tmp/puppi/$project/config
\n\nIt should be clear that with puppi you have full flexibility in the definition of a deployment \nprocedure, since the puppi command is basically a wrapper that executes arbitrary scripts with\na given sequence, in pure KISS logic.
\n\nThe advantanges though, are various:
\n\nYou have a common syntax to manage deploys and rollbacks on an host
In your Puppet manifests, you can set in simple, coherent and still flexible and customizable\ndefines all the elements, you need for your application deployments. \nThink about it: with just a Puppet define you build the whole deploy logic
Reporting for each deploy/rollback is built-in and extensible
Automatic checks can be built in the deploy procedure
You have a common, growing, set of general-use scripts for typical actions
You have quick and useful command to see what's happening on the system (puppi check, log, info)
There are different parts where you can customize the behaviour of puppi:
\n\nThe set of general-use scripts in /etc/puppi/scripts/ ( this directory is filled with the content\nof puppi/files/scripts/ ) can/should be enhanced. These can be arbitrary scripts in whatever\nlanguage. If you want to follow puppi's logic, though, consider that they should import the\ncommon and runtime configuration files and have an exit code logic similar to the one of\nNagios plugins: 0 is OK, 1 is WARNING, 2 is CRITICAL. Note that by default a script that \nexits with WARNING doesn't block the deploy procedure, on the other hand, if a script exits\nwith CRITICAL (exit 2) by default it blocks the procedure.\nTake a second, also, to explore the runtime config file created by the puppi command that\ncontains variables that can be set and used by the scripts invoked by puppi.
The custom project defines that describe deploy templates. These are placed in\npuppi/manifests/project/ and can request all the arguments you want to feed your scripts with.\nGenerally is a good idea to design a standard enough template that can be used for all the \ncases where the deployment procedure involves similar steps. Consider also that you can handle\nexceptions with variables (see the $loadbalancer_ip usage in puppi/manifests/project/maven.pp)
Puppi is self contained. It doesn't require other modules.\n(And is required by all Example42 modules).
\n\nFor correct functionality by default some extra packages are installed.\nIf you have conflicts with your existing modules, set the argument:\n install_dependencies => false
\nCopyright (C) 2013 Alessandro Franceschi / Lab42\n\nfor the relevant commits Copyright (C) by the respective authors.\n\nContact Lab42 at: info@lab42.it\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n
The NTP module installs, configures, and manages the ntp service.
\n\nThe NTP module handles running NTP across a range of operating systems and\ndistributions. Where possible we use the upstream ntp templates so that the\nresults closely match what you'd get if you modified the package default conf\nfiles.
\n\ninclude '::ntp' is enough to get you up and running. If you wish to pass in\nparameters like which servers to use then you can use:
\n\nclass { '::ntp':\n servers => [ 'ntp1.corp.com', 'ntp2.corp.com' ],\n}\n
\n\nAll interaction with the ntp module can do be done through the main ntp class.\nThis means you can simply toggle the options in the ntp class to get at the\nfull functionality.
\n\ninclude '::ntp'\n
\n\nclass { '::ntp':\n servers => [ 'ntp1.corp.com', 'ntp2.corp.com' ],\n}\n
\n\nclass { '::ntp':\n servers => [ 'ntp1.corp.com', 'ntp2.corp.com' ],\n restrict => 'restrict 127.0.0.1',\n}\n
\n\nclass { '::ntp':\n servers => [ 'ntp1.corp.com', 'ntp2.corp.com' ],\n restrict => 'restrict 127.0.0.1',\n manage_service => false,\n}\n
\n\nclass { '::ntp':\n servers => [ 'ntp1.corp.com', 'ntp2.corp.com' ],\n restrict => 'restrict 127.0.0.1',\n manage_service => false,\n config_template => 'different/module/custom.template.erb',\n}\n
\n\nThe following parameters are available in the ntp module
\n\nautoupdate
Deprecated: This parameter previously determined if the ntp module should be\nautomatically updated to the latest version available. Replaced by package_\nensure.
\n\nconfig
This sets the file to write ntp configuration into.
\n\nconfig_template
This determines which template puppet should use for the ntp configuration.
\n\ndriftfile
This sets the location of the driftfile for ntp.
\n\nkeys_controlkey
Which of the keys is used as the control key.
\n\nkeys_enable
Should the ntp keys functionality be enabled.
\n\nkeys_file
Location of the keys file.
\n\nkeys_requestkey
Which of the keys is used as the request key.
\n\npackage_ensure
This can be set to 'present' or 'latest' or a specific version to choose the\nntp package to be installed.
\n\npackage_name
This determines the name of the package to install.
\n\npanic
This determines if ntp should 'panic' in the event of a very large clock skew.\nWe set this to false if you're on a virtual machine by default as they don't\ndo a great job with keeping time.
\n\npreferred_servers
List of ntp servers to prefer. Will append prefer for any server in this list\nthat also appears in the servers list.
\n\nrestrict
This sets the restrict options in the ntp configuration.
\n\nservers
This selects the servers to use for ntp peers.
\n\nservice_enable
This determines if the service should be enabled at boot.
\n\nservice_ensure
This determines if the service should be running or not.
\n\nservice_manage
This selects if puppet should manage the service in the first place.
\n\nservice_name
This selects the name of the ntp service for puppet to manage.
\n\nThis module has been built on and tested against Puppet 2.7 and higher.
\n\nThe module has been tested on:
\n\nTesting on other platforms has been light and cannot be guaranteed.
\n\nPuppet Labs modules on the Puppet Forge are open projects, and community\ncontributions are essential for keeping them great. We can’t access the\nhuge number of platforms and myriad of hardware, software, and deployment\nconfigurations that Puppet is intended to serve.
\n\nWe want to keep it as easy as possible to contribute changes so that our\nmodules work in your environment. There are a few guidelines that we need\ncontributors to follow so that we can have a chance of keeping on top of things.
\n\nYou can read the complete module contribution guide on the Puppet Labs wiki.
\nApache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n "License" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n "Licensor" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n "Legal Entity" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n "control" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n "You" (or "Your") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n "Source" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n "Object" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n "Work" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n "Derivative Works" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n "Contribution" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, "submitted"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as "Not a Contribution."\n\n "Contributor" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a "NOTICE" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets "[]"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same "printed page" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright [2013] [Puppet Labs]\n\n Licensed under the Apache License, Version 2.0 (the "License");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n\n
This provides a single type, vcsrepo
.
This type can be used to describe:
\n\nThis module supports a wide range of VCS types, each represented by a\nseparate provider.
\n\nFor information on how to use this module with a specific VCS, see\nREADME.<VCS>.markdown
.
See LICENSE.
\nCopyright (C) 2010-2012 Puppet Labs Inc.\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nThis program and entire repository is free software; you can\nredistribute it and/or modify it under the terms of the GNU\nGeneral Public License as published by the Free Software\nFoundation; either version 2 of the License, or any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program; if not, write to the Free Software\nFoundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n
This module manages mysql on Linux (RedHat/Debian) distros. A native mysql provider implements database resource type to handle database, database user, and database permission.
\n\nPluginsync needs to be enabled for this module to function properly.\nRead more about pluginsync in our docs
\n\nThis module uses the fact osfamily which is supported by Facter 1.6.1+. If you do not have facter 1.6.1 in your environment, the following manifests will provide the same functionality in site.pp (before declaring any node):
\n\nif ! $::osfamily {\n case $::operatingsystem {\n 'RedHat', 'Fedora', 'CentOS', 'Scientific', 'SLC', 'Ascendos', 'CloudLinux', 'PSBM', 'OracleLinux', 'OVS', 'OEL': {\n $osfamily = 'RedHat'\n }\n 'ubuntu', 'debian': {\n $osfamily = 'Debian'\n }\n 'SLES', 'SLED', 'OpenSuSE', 'SuSE': {\n $osfamily = 'Suse'\n }\n 'Solaris', 'Nexenta': {\n $osfamily = 'Solaris'\n }\n default: {\n $osfamily = $::operatingsystem\n }\n }\n}\n
\n\nThis module depends on creates_resources function which is introduced in Puppet 2.7. Users on puppet 2.6 can use the following module which provides this functionality:
\n\nhttp://github.com/puppetlabs/puppetlabs-create_resources
\n\nThis module is based on work by David Schmitt. The following contributor have contributed patches to this module (beyond Puppet Labs):
\n\nInstalls the mysql-client package.
\n\nclass { 'mysql': }\n
\n\nInstalls mysql bindings for java.
\n\nclass { 'mysql::java': }\n
\n\nInstalls mysql bindings for python.
\n\nclass { 'mysql::python': }\n
\n\nInstalls mysql bindings for ruby.
\n\nclass { 'mysql::ruby': }\n
\n\nInstalls mysql-server packages, configures my.cnf and starts mysqld service:
\n\nclass { 'mysql::server':\n config_hash => { 'root_password' => 'foo' }\n}\n
\n\nDatabase login information stored in /root/.my.cnf
.
Creates a database with a user and assign some privileges.
\n\nmysql::db { 'mydb':\n user => 'myuser',\n password => 'mypass',\n host => 'localhost',\n grant => ['all'],\n}\n
\n\nInstalls a mysql backup script, cronjob, and priviledged backup user.
\n\nclass { 'mysql::backup':\n backupuser => 'myuser',\n backuppassword => 'mypassword',\n backupdir => '/tmp/backups',\n}\n
\n\nMySQL provider supports puppet resources command:
\n\n$ puppet resource database\ndatabase { 'information_schema':\n ensure => 'present',\n charset => 'utf8',\n}\ndatabase { 'mysql':\n ensure => 'present',\n charset => 'latin1',\n}\n
\n\nThe custom resources can be used in any other manifests:
\n\ndatabase { 'mydb':\n charset => 'latin1',\n}\n\ndatabase_user { 'bob@localhost':\n password_hash => mysql_password('foo')\n}\n\ndatabase_grant { 'user@localhost/database':\n privileges => ['all'] ,\n # Or specify individual privileges with columns from the mysql.db table:\n # privileges => ['Select_priv', 'Insert_priv', 'Update_priv', 'Delete_priv']\n}\n
\n\nA resource default can be specified to handle dependency:
\n\nDatabase {\n require => Class['mysql::server'],\n}\n
\n2013-01-11 - Version 0.6.1\n* Fix providers when /root/.my.cnf is absent\n\n2013-01-09 - Version 0.6.0\n* Add `mysql::server::config` define for specific config directives\n* Add `mysql::php` class for php support\n* Add `backupcompress` parameter to `mysql::backup`\n* Add `restart` parameter to `mysql::config`\n* Add `purge_conf_dir` parameter to `mysql::config`\n* Add `manage_service` parameter to `mysql::server`\n* Add syslog logging support via the `log_error` parameter\n* Add initial SuSE support\n* Fix remove non-localhost root user when fqdn != hostname\n* Fix dependency in `mysql::server::monitor`\n* Fix .my.cnf path for root user and root password\n* Fix ipv6 support for users\n* Fix / update various spec tests\n* Fix typos\n* Fix lint warnings\n\n2012-08-23 - Version 0.5.0\n* Add puppetlabs/stdlib as requirement\n* Add validation for mysql privs in provider\n* Add `pidfile` parameter to mysql::config\n* Add `ensure` parameter to mysql::db\n* Add Amazon linux support\n* Change `bind_address` parameter to be optional in my.cnf template\n* Fix quoting root passwords\n\n2012-07-24 - Version 0.4.0\n* Fix various bugs regarding database names\n* FreeBSD support\n* Allow specifying the storage engine\n* Add a backup class\n* Add a security class to purge default accounts\n\n2012-05-03 - Version 0.3.0\n* #14218 Query the database for available privileges\n* Add mysql::java class for java connector installation\n* Use correct error log location on different distros\n* Fix set_mysql_rootpw to properly depend on my.cnf\n\n2012-04-11 - Version 0.2.0\n\n2012-03-19 - William Van Hevelingen <blkperl@cat.pdx.edu>\n* (#13203) Add ssl support (f7e0ea5)\n\n2012-03-18 - Nan Liu <nan@puppetlabs.com>\n* Travis ci before script needs success exit code. (0ea463b)\n\n2012-03-18 - Nan Liu <nan@puppetlabs.com>\n* Fix Puppet 2.6 compilation issues. (9ebbbc4)\n\n2012-03-16 - Nan Liu <nan@puppetlabs.com>\n* Add travis.ci for testing multiple puppet versions. (33c72ef)\n\n2012-03-15 - William Van Hevelingen <blkperl@cat.pdx.edu>\n* (#13163) Datadir should be configurable (f353fc6)\n\n2012-03-16 - Nan Liu <nan@puppetlabs.com>\n* Document create_resources dependency. (558a59c)\n\n2012-03-16 - Nan Liu <nan@puppetlabs.com>\n* Fix spec test issues related to error message. (eff79b5)\n\n2012-03-16 - Nan Liu <nan@puppetlabs.com>\n* Fix mysql service on Ubuntu. (72da2c5)\n\n2012-03-16 - Dan Bode <dan@puppetlabs.com>\n* Add more spec test coverage (55e399d)\n\n2012-03-16 - Nan Liu <nan@puppetlabs.com>\n* (#11963) Fix spec test due to path changes. (1700349)\n\n2012-03-07 - François Charlier <fcharlier@ploup.net>\n* Add a test to check path for 'mysqld-restart' (b14c7d1)\n\n2012-03-07 - François Charlier <fcharlier@ploup.net>\n* Fix path for 'mysqld-restart' (1a9ae6b)\n\n2012-03-15 - Dan Bode <dan@puppetlabs.com>\n* Add rspec-puppet tests for mysql::config (907331a)\n\n2012-03-15 - Dan Bode <dan@puppetlabs.com>\n* Moved class dependency between sever and config to server (da62ad6)\n\n2012-03-14 - Dan Bode <dan@puppetlabs.com>\n* Notify mysql restart from set_mysql_rootpw exec (0832a2c)\n\n2012-03-15 - Nan Liu <nan@puppetlabs.com>\n* Add documentation related to osfamily fact. (8265d28)\n\n2012-03-14 - Dan Bode <dan@puppetlabs.com>\n* Mention osfamily value in failure message (e472d3b)\n\n2012-03-14 - Dan Bode <dan@puppetlabs.com>\n* Fix bug when querying for all database users (015490c)\n\n2012-02-09 - Nan Liu <nan@puppetlabs.com>\n* Major refactor of mysql module. (b1f90fd)\n\n2012-01-11 - Justin Ellison <justin.ellison@buckle.com>\n* Ruby and Python's MySQL libraries are named differently on different distros. (1e926b4)\n\n2012-01-11 - Justin Ellison <justin.ellison@buckle.com>\n* Per @ghoneycutt, we should fail explicitly and explain why. (09af083)\n\n2012-01-11 - Justin Ellison <justin.ellison@buckle.com>\n* Removing duplicate declaration (7513d03)\n\n2012-01-10 - Justin Ellison <justin.ellison@buckle.com>\n* Use socket value from params class instead of hardcoding. (663e97c)\n\n2012-01-10 - Justin Ellison <justin.ellison@buckle.com>\n* Instead of hardcoding the config file target, pull it from mysql::params (031a47d)\n\n2012-01-10 - Justin Ellison <justin.ellison@buckle.com>\n* Moved $socket to within the case to toggle between distros. Added a $config_file variable to allow per-distro config file destinations. (360eacd)\n\n2012-01-10 - Justin Ellison <justin.ellison@buckle.com>\n* Pretty sure this is a bug, 99% of Linux distros out there won't ever hit the default. (3462e6b)\n\n2012-02-09 - William Van Hevelingen <blkperl@cat.pdx.edu>\n* Changed the README to use markdown (3b7dfeb)\n\n2012-02-04 - Daniel Black <grooverdan@users.sourceforge.net>\n* (#12412) mysqltuner.pl update (b809e6f)\n\n2011-11-17 - Matthias Pigulla <mp@webfactory.de>\n* (#11363) Add two missing privileges to grant: event_priv, trigger_priv (d15c9d1)\n\n2011-12-20 - Jeff McCune <jeff@puppetlabs.com>\n* (minor) Fixup typos in Modulefile metadata (a0ed6a1)\n\n2011-12-19 - Carl Caum <carl@carlcaum.com>\n* Only notify Exec to import sql if sql is given (0783c74)\n\n2011-12-19 - Carl Caum <carl@carlcaum.com>\n* (#11508) Only load sql_scripts on DB creation (e3b9fd9)\n\n2011-12-13 - Justin Ellison <justin.ellison@buckle.com>\n* Require not needed due to implicit dependencies (3058feb)\n\n2011-12-13 - Justin Ellison <justin.ellison@buckle.com>\n* Bug #11375: puppetlabs-mysql fails on CentOS/RHEL (a557b8d)\n\n2011-06-03 - Dan Bode <dan@puppetlabs.com> - 0.0.1\n* initial commit\n
Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n "License" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n "Licensor" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n "Legal Entity" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n "control" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n "You" (or "Your") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n "Source" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n "Object" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n "Work" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n "Derivative Works" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n "Contribution" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, "submitted"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as "Not a Contribution."\n\n "Contributor" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a "NOTICE" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets "[]"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same "printed page" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright [yyyy] [name of copyright owner]\n\n Licensed under the Apache License, Version 2.0 (the "License");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n
The Apache module allows you to set up virtual hosts and manage web services with minimal effort.
\n\nApache is a widely-used web server, and this module provides a simplified way of creating configurations to manage your infrastructure. This includes the ability to configure and manage a range of different virtual host setups, as well as a streamlined way to install and configure Apache modules.
\n\nWhat Apache affects:
\n\nTo install Apache with the default parameters
\n\n class { 'apache': }\n
\n\nThe defaults are determined by your operating system (e.g. Debian systems have one set of defaults, RedHat systems have another). These defaults will work well in a testing environment, but are not suggested for production. To establish customized parameters
\n\n class { 'apache':\n default_mods => false,\n }\n
\n\nDeclaring the apache
class will create a default virtual host by setting up a vhost on port 80, listening on all interfaces and serving $apache::docroot
.
class { 'apache': }\n
\n\nTo configure a very basic, name-based virtual host
\n\n apache::vhost { 'first.example.com':\n port => '80',\n docroot => '/var/www/first',\n }\n
\n\nNote: The default priority is 15. If nothing matches this priority, the alphabetically first name-based vhost will be used. This is also true if you pass a higher priority and no names match anything else.
\n\nA slightly more complicated example, which moves the docroot owner/group
\n\n apache::vhost { 'second.example.com':\n port => '80',\n docroot => '/var/www/second',\n docroot_owner => 'third',\n docroot_group => 'third',\n }\n
\n\nTo set up a virtual host with SSL and default SSL certificates
\n\n apache::vhost { 'ssl.example.com':\n port => '443',\n docroot => '/var/www/ssl',\n ssl => true,\n }\n
\n\nTo set up a virtual host with SSL and specific SSL certificates
\n\n apache::vhost { 'fourth.example.com':\n port => '443',\n docroot => '/var/www/fourth',\n ssl => true,\n ssl_cert => '/etc/ssl/fourth.example.com.cert',\n ssl_key => '/etc/ssl/fourth.example.com.key',\n }\n
\n\nTo set up a virtual host with wildcard alias for subdomain mapped to same named directory\nhttp://examle.com.loc => /var/www/example.com
apache::vhost { 'subdomain.loc':\n vhost_name => '*',\n port => '80',\n virtual_docroot' => '/var/www/%-2+',\n docroot => '/var/www',\n serveraliases => ['*.loc',],\n }\n
\n\nTo set up a virtual host with suPHP
\n\n apache::vhost { 'suphp.example.com':\n port => '80',\n docroot => '/home/appuser/myphpapp',\n suphp_addhandler => 'x-httpd-php',\n suphp_engine => 'on',\n suphp_configpath => '/etc/php5/apache2',\n }\n
\n\nTo set up a virtual host with WSGI
\n\n apache::vhost { 'wsgi.example.com':\n port => '80',\n docroot => '/var/www/pythonapp',\n wsgi_daemon_process => 'wsgi',\n wsgi_daemon_process_options =>\n { processes => '2', threads => '15', display-name => '%{GROUP}' },\n wsgi_process_group => 'wsgi',\n wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' },\n }\n
\n\nTo see a list of all virtual host parameters, please go here. To see an extensive list of virtual host examples please look here.
\n\nThis module modifies Apache configuration files and directories and will purge any configuration not managed by Puppet. Configuration of Apache should be managed by Puppet, as non-puppet configuration files can cause unexpected failures.
\n\nIt is possible to temporarily disable full Puppet management by setting the purge_configs
parameter within the base apache
class to 'false'. This option should only be used as a temporary means of saving and relocating customized configurations.
apache
The Apache module's primary class, apache
, guides the basic setup of Apache on your system.
You may establish a default vhost in this class, the vhost
class, or both. You may add additional vhost configurations for specific virtual hosts using a declaration of the vhost
type.
Parameters within apache
:
default_mods
Sets up Apache with default settings based on your OS. Defaults to 'true', set to 'false' for customized configuration.
\n\ndefault_vhost
Sets up a default virtual host. Defaults to 'true', set to 'false' to set up customized virtual hosts.
\n\ndefault_ssl_vhost
Sets up a default SSL virtual host. Defaults to 'false'.
\n\n apache::vhost { 'default-ssl':\n port => 443,\n ssl => true,\n docroot => $docroot,\n scriptalias => $scriptalias,\n serveradmin => $serveradmin,\n access_log_file => "ssl_${access_log_file}",\n }\n
\n\nSSL vhosts only respond to HTTPS queries.
\n\ndefault_ssl_cert
The default SSL certification, which is automatically set based on your operating system (/etc/pki/tls/certs/localhost.crt
for RedHat, /etc/ssl/certs/ssl-cert-snakeoil.pem
for Debian). This default will work out of the box but must be updated with your specific certificate information before being used in production.
default_ssl_key
The default SSL key, which is automatically set based on your operating system (/etc/pki/tls/private/localhost.key
for RedHat, /etc/ssl/private/ssl-cert-snakeoil.key
for Debian). This default will work out of the box but must be updated with your specific certificate information before being used in production.
default_ssl_chain
The default SSL chain, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.
\n\ndefault_ssl_ca
The default certificate authority, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.
\n\ndefault_ssl_crl_path
The default certificate revocation list path, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.
\n\ndefault_ssl_crl
The default certificate revocation list to use, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.
\n\nservice_enable
Determines whether the 'httpd' service is enabled when the machine is booted, meaning Puppet will check the service status to start/stop it. Defaults to 'true', meaning the service is enabled/running.
\n\nserveradmin
Sets the server administrator. Defaults to 'root@localhost'.
\n\nservername
Sets the servername. Defaults to fqdn provided by facter.
\n\nsendfile
Makes Apache use the Linux kernel 'sendfile' to serve static files. Defaults to 'false'.
\n\nerror_documents
Enables custom error documents. Defaults to 'false'.
\n\nhttpd_dir
Changes the base location of the configuration directories used for the service. This is useful for specially repackaged HTTPD builds but may have unintended concequences when used in combination with the default distribution packages. Default is based on your OS.
\n\nconfd_dir
Changes the location of the configuration directory your custom configuration files are placed in. Default is based on your OS.
\n\nvhost_dir
Changes the location of the configuration directory your virtual host configuration files are placed in. Default is based on your OS.
\n\nmod_dir
Changes the location of the configuration directory your Apache modules configuration files are placed in. Default is based on your OS.
\n\nmpm_module
Configures which mpm module is loaded and configured for the httpd process by the apache::mod::prefork
, apache::mod::worker
and apache::mod::itk
classes. Must be set to false
to explicitly declare apache::mod::worker
, apache::mod::worker
or apache::mod::itk
classes with parameters. Valid values are worker
, prefork
, itk
(Debian), or the boolean false
. Defaults to prefork
on RedHat and worker
on Debian.
conf_template
Setting this allows you to override the template used for the main apache configuration file. This is a potentially risky thing to do as this module has been built around the concept of a minimal configuration file with most of the configuration coming in the form of conf.d/ entries. Defaults to 'apache/httpd.conf.erb'.
\n\nkeepalive
Setting this allows you to enable persistent connections.
\n\nkeepalive_timeout
Amount of time the server will wait for subsequent requests on a persistent connection. Defaults to '15'.
\n\nlogroot
Changes the location of the directory Apache log files are placed in. Defaut is based on your OS.
\n\nports_file
Changes the name of the file containing Apache ports configuration. Default is ${conf_dir}/ports.conf
.
apache::default_mods
Installs default Apache modules based on what OS you are running
\n\n class { 'apache::default_mods': }\n
\n\napache::mod
Used to enable arbitrary Apache httpd modules for which there is no specific apache::mod::[name]
class. The apache::mod
defined type will also install the required packages to enable the module, if any.
apache::mod { 'rewrite': }\n apache::mod { 'ldap': }\n
\n\napache::mod::[name]
There are many apache::mod::[name]
classes within this module that can be declared using include
:
alias
auth_basic
auth_kerb
autoindex
cache
cgi
cgid
dav
dav_fs
deflate
dir
*disk_cache
fcgid
info
ldap
mime
mime_magic
mpm_event
negotiation
passenger
*perl
php
(requires mpm_module
set to prefork
)prefork
*proxy
*proxy_html
proxy_http
python
reqtimeout
setenvif
ssl
* (see apache::mod::ssl below)status
suphp
userdir
*worker
*wsgi
(see apache::mod::wsgi below)xsendfile
Modules noted with a * indicate that the module has settings and, thus, a template that includes parameters. These parameters control the module's configuration. Most of the time, these parameters will not require any configuration or attention.
\n\nThe modules mentioned above, and other Apache modules that have templates, will cause template files to be dropped along with the mod install, and the module will not work without the template. Any mod without a template will install package but drop no files.
\n\napache::mod::ssl
Installs Apache SSL capabilities and utilizes ssl.conf.erb
template
class { 'apache::mod::ssl': }\n
\n\nTo use SSL with a virtual host, you must either set thedefault_ssl_vhost
parameter in apache
to 'true' or set the ssl
parameter in apache::vhost
to 'true'.
apache::mod::wsgi
class { 'apache::mod::wsgi':\n wsgi_socket_prefix => "\\${APACHE_RUN_DIR}WSGI",\n wsgi_python_home => '/path/to/virtenv',\n }\n
\n\napache::vhost
The Apache module allows a lot of flexibility in the set up and configuration of virtual hosts. This flexibility is due, in part, to vhost
's setup as a defined resource type, which allows it to be evaluated multiple times with different parameters.
The vhost
defined type allows you to have specialized configurations for virtual hosts that have requirements outside of the defaults. You can set up a default vhost within the base apache
class as well as set a customized vhost setup as default. Your customized vhost (priority 10) will be privileged over the base class vhost (15).
If you have a series of specific configurations and do not want a base apache
class default vhost, make sure to set the base class default host to 'false'.
class { 'apache':\n default_vhost => false,\n }\n
\n\nParameters within apache::vhost
:
The default values for each parameter will vary based on operating system and type of virtual host.
\n\naccess_log
Specifies whether *_access.log
directives should be configured. Valid values are 'true' and 'false'. Defaults to 'true'.
access_log_file
Points to the *_access.log
file. Defaults to 'undef'.
access_log_pipe
Specifies a pipe to send access log messages to. Defaults to 'undef'.
\n\naccess_log_syslog
Sends all access log messages to syslog. Defaults to 'undef'.
\n\naccess_log_format
Specifies either a LogFormat nickname or custom format string for access log. Defaults to 'undef'.
\n\nadd_listen
Determines whether the vhost creates a listen statement. The default value is 'true'.
\n\nSetting add_listen
to 'false' stops the vhost from creating a listen statement, and this is important when you combine vhosts that are not passed an ip
parameter with vhosts that are passed the ip
parameter.
aliases
Passes a list of hashes to the vhost to create Alias
statements as per the mod_alias
documentation. Each hash is expected to be of the form:
aliases => [ { alias => '/alias', path => '/path/to/directory' } ],\n
\n\nFor Alias
to work, each will need a corresponding <Directory /path/to/directory>
or <Location /path/to/directory>
block.
Note: If apache::mod::passenger
is loaded and PassengerHighPerformance true
is set, then Alias
may have issues honouring the PassengerEnabled off
statement. See this article for details.
block
Specifies the list of things Apache will block access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories. To add to this, please see the Development section.
\n\ncustom_fragment
Pass a string of custom configuration directives to be placed at the end of the vhost configuration.
\n\ndefault_vhost
Sets a given apache::vhost
as the default to serve requests that do not match any other apache::vhost
definitions. The default value is 'false'.
directories
Passes a list of hashes to the vhost to create <Directory /path/to/directory>...</Directory>
directive blocks as per the Apache core documentation. The path
key is required in these hashes. Usage will typically look like:
apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', <directive> => <value> },\n { path => '/path/to/another/directory', <directive> => <value> },\n ],\n }\n
\n\nNote: At least one directory should match docroot
parameter, once you start declaring directories apache::vhost
assumes that all required <Directory>
blocks will be declared.
Note: If not defined a single default <Directory>
block will be created that matches the docroot
parameter.
The directives will be embedded within the Directory
directive block, missing directives should be undefined and not be added, resulting in their default vaules in Apache. Currently this is the list of supported directives:
addhandlers
Sets AddHandler
directives as per the Apache Core documentation. Accepts a list of hashes of the form { handler => 'handler-name', extensions => ['extension']}
. Note that extensions
is a list of extenstions being handled by the handler.\nAn example:
apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory',\n addhandlers => [ { handler => 'cgi-script', extensions => ['.cgi']} ],\n } ],\n }\n
\n\nallow
Sets an Allow
directive as per the Apache Core documentation. An example:
apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', allow => 'from example.org' } ],\n }\n
\n\nallow_override
Sets the usage of .htaccess
files as per the Apache core documentation. Should accept in the form of a list or a string. An example:
apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', allow_override => ['AuthConfig', 'Indexes'] } ],\n }\n
\n\ndeny
Sets an Deny
directive as per the Apache Core documentation. An example:
apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', deny => 'from example.org' } ],\n }\n
\n\nheaders
Adds lines for Header
directives as per the Apache Header documentation. An example:
apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => {\n path => '/path/to/directory',\n headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',\n },\n }\n
\n\noptions
Lists the options for the given <Directory>
block
apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'] }],\n }\n
\n\norder
Sets the order of processing Allow
and Deny
statements as per Apache core documentation. An example:
apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', order => 'Allow, Deny' } ],\n }\n
\n\nauth_type
Sets the value for AuthType
as per the Apache AuthType\ndocumentation.
auth_name
Sets the value for AuthName
as per the Apache AuthName\ndocumentation.
auth_digest_algorithm
Sets the value for AuthDigestAlgorithm
as per the Apache\nAuthDigestAlgorithm\ndocumentation
auth_digest_domain
Sets the value for AuthDigestDomain
as per the Apache AuthDigestDomain\ndocumentation.
auth_digest_nonce_lifetime
Sets the value for AuthDigestNonceLifetime
as per the Apache\nAuthDigestNonceLifetime\ndocumentation
auth_digest_provider
Sets the value for AuthDigestProvider
as per the Apache AuthDigestProvider\ndocumentation.
auth_digest_qop
Sets the value for AuthDigestQop
as per the Apache AuthDigestQop\ndocumentation.
auth_digest_shmem_size
Sets the value for AuthAuthDigestShmemSize
as per the Apache AuthDigestShmemSize\ndocumentation.
auth_basic_authoritative
Sets the value for AuthBasicAuthoritative
as per the Apache\nAuthBasicAuthoritative\ndocumentation.
auth_basic_fake
Sets the value for AuthBasicFake
as per the Apache AuthBasicFake\ndocumentation.
auth_basic_provider
Sets the value for AuthBasicProvider
as per the Apache AuthBasicProvider\ndocumentation.
auth_user_file
Sets the value for AuthUserFile
as per the Apache AuthUserFile\ndocumentation.
auth_require
Sets the value for AuthName
as per the Apache Require\ndocumentation
passenger_enabled
Sets the value for the PassengerEnabled
directory to on
or off
as per the Passenger documentation.
apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', passenger_enabled => 'off' } ],\n }\n
\n\nNote: This directive requires apache::mod::passenger
to be active, Apache may not start with an unrecognised directive without it.
Note: Be aware that there is an issue using the PassengerEnabled
directive with the PassengerHighPerformance
directive.
custom_fragment
Pass a string of custom configuration directives to be placed at the end of the\ndirectory configuration.
\n\ndocroot
Provides the DocumentRoot directive, identifying the directory Apache serves files from.
\n\ndocroot_group
Sets group access to the docroot directory. Defaults to 'root'.
\n\ndocroot_owner
Sets individual user access to the docroot directory. Defaults to 'root'.
\n\nerror_log
Specifies whether *_error.log
directives should be configured. Defaults to 'true'.
error_log_file
Points to the *_error.log
file. Defaults to 'undef'.
error_log_pipe
Specifies a pipe to send error log messages to. Defaults to 'undef'.
\n\nerror_log_syslog
Sends all error log messages to syslog. Defaults to 'undef'.
\n\nensure
Specifies if the vhost file is present or absent.
\n\nip
The IP address the vhost listens on. Defaults to 'undef'.
\n\nip_based
Enables an IP-based vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'.
\n\nlogroot
Specifies the location of the virtual host's logfiles. Defaults to /var/log/<apache log location>/
.
no_proxy_uris
Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with proxy_dest
.
options
Lists the options for the given virtual host
\n\n apache::vhost { 'site.name.fdqn':\n …\n options => ['Indexes','FollowSymLinks','MultiViews'],\n }\n
\n\noverride
Sets the overrides for the given virtual host. Accepts an array of AllowOverride arguments.
\n\nport
Sets the port the host is configured on.
\n\npriority
Sets the relative load-order for Apache httpd VirtualHost configuration files. Defaults to '25'.
\n\nIf nothing matches the priority, the first name-based vhost will be used. Likewise, passing a higher priority will cause the alphabetically first name-based vhost to be used if no other names match.
\n\nNote: You should not need to use this parameter. However, if you do use it, be aware that the default_vhost
parameter for apache::vhost
passes a priority of '15'.
proxy_dest
Specifies the destination address of a proxypass configuration. Defaults to 'undef'.
\n\nproxy_pass
Specifies an array of path => uri for a proxypass configuration. Defaults to 'undef'.
\n\nExample:
\n\n$proxy_pass = [\n { 'path' => '/a', 'url' => 'http://backend-a/' },\n { 'path' => '/b', 'url' => 'http://backend-b/' },\n { 'path' => '/c', 'url' => 'http://backend-a/c' }\n]\n\napache::vhost { 'site.name.fdqn':\n …\n proxy_pass => $proxy_pass,\n}\n
\n\nrack_base_uris
Specifies the resource identifiers for a rack configuration. The file paths specified will be listed as rack application roots for passenger/rack in the _rack.erb
template. Defaults to 'undef'.
redirect_dest
Specifies the address to redirect to. Defaults to 'undef'.
\n\nredirect_source
Specifies the source items? that will redirect to the destination specified in redirect_dest
. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent.
apache::vhost { 'site.name.fdqn':\n …\n redirect_source => ['/images','/downloads'],\n redirect_dest => ['http://img.example.com/','http://downloads.example.com/'],\n }\n
\n\nredirect_status
Specifies the status to append to the redirect. Defaults to 'undef'.
\n\n apache::vhost { 'site.name.fdqn':\n …\n redirect_status => ['temp','permanent'],\n }\n
\n\nrequest_headers
Specifies additional request headers.
\n\n apache::vhost { 'site.name.fdqn':\n …\n request_headers => [\n 'append MirrorID "mirror 12"',\n 'unset MirrorID',\n ],\n }\n
\n\nrewrite_base
Limits the rewrite_rule
to the specified base URL. Defaults to 'undef'.
apache::vhost { 'site.name.fdqn':\n …\n rewrite_rule => '^index\\.html$ welcome.html',\n rewrite_base => '/blog/',\n }\n
\n\nThe above example would limit the index.html -> welcome.html rewrite to only something inside of http://example.com/blog/.
\n\nrewrite_cond
Rewrites a URL via rewrite_rule
based on the truth of specified conditions. For example
apache::vhost { 'site.name.fdqn':\n …\n rewrite_cond => '%{HTTP_USER_AGENT} ^MSIE',\n }\n
\n\nwill rewrite URLs only if the visitor is using IE. Defaults to 'undef'.
\n\nNote: At the moment, each vhost is limited to a single list of rewrite conditions. In the future, you will be able to specify multiple rewrite_cond
and rewrite_rules
per vhost, so that different conditions get different rewrites.
rewrite_rule
Creates URL rewrite rules. Defaults to 'undef'. This parameter allows you to specify, for example, that anyone trying to access index.html will be served welcome.html.
\n\n apache::vhost { 'site.name.fdqn':\n …\n rewrite_rule => '^index\\.html$ welcome.html',\n }\n
\n\nscriptalias
Defines a directory of CGI scripts to be aliased to the path '/cgi-bin'
\n\nserveradmin
Specifies the email address Apache will display when it renders one of its error pages.
\n\nserveraliases
Sets the server aliases of the site.
\n\nservername
Sets the primary name of the virtual host.
\n\nsetenv
Used by HTTPD to set environment variables for vhosts. Defaults to '[]'.
\n\nsetenvif
Used by HTTPD to conditionally set environment variables for vhosts. Defaults to '[]'.
\n\nssl
Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'.
\n\nssl_ca
Specifies the certificate authority.
\n\nssl_cert
Specifies the SSL certification.
\n\nssl_certs_dir
Specifies the location of the SSL certification directory. Defaults to /etc/ssl/certs
.
ssl_chain
Specifies the SSL chain.
\n\nssl_crl
Specifies the certificate revocation list to use.
\n\nssl_crl_path
Specifies the location of the certificate revocation list.
\n\nssl_key
Specifies the SSL key.
\n\nsslproxyengine
Specifies whether to use SSLProxyEngine
or not. Defaults to false
.
vhost_name
This parameter is for use with name-based virtual hosting. Defaults to '*'.
\n\nitk
Hash containing infos to configure itk as per the ITK documentation.
\n\nKeys could be:
\n\nUsage will typically look like:
\n\n apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n itk => {\n user => 'someuser',\n group => 'somegroup',\n },\n }\n
\n\nThe Apache module allows you to set up pretty much any configuration of virtual host you might desire. This section will address some common configurations. Please see the Tests section for even more examples.
\n\nConfigure a vhost with a server administrator
\n\n apache::vhost { 'third.example.com':\n port => '80',\n docroot => '/var/www/third',\n serveradmin => 'admin@example.com',\n }\n
\n\nSet up a vhost with aliased servers
\n\n apache::vhost { 'sixth.example.com':\n serveraliases => [\n 'sixth.example.org',\n 'sixth.example.net',\n ],\n port => '80',\n docroot => '/var/www/fifth',\n }\n
\n\nConfigure a vhost with a cgi-bin
\n\n apache::vhost { 'eleventh.example.com':\n port => '80',\n docroot => '/var/www/eleventh',\n scriptalias => '/usr/lib/cgi-bin',\n }\n
\n\nSet up a vhost with a rack configuration
\n\n apache::vhost { 'fifteenth.example.com':\n port => '80',\n docroot => '/var/www/fifteenth',\n rack_base_uris => ['/rackapp1', '/rackapp2'],\n }\n
\n\nSet up a mix of SSL and non-SSL vhosts at the same domain
\n\n #The non-ssl vhost\n apache::vhost { 'first.example.com non-ssl':\n servername => 'first.example.com',\n port => '80',\n docroot => '/var/www/first',\n }\n\n #The SSL vhost at the same domain\n apache::vhost { 'first.example.com ssl':\n servername => 'first.example.com',\n port => '443',\n docroot => '/var/www/first',\n ssl => true,\n }\n
\n\nConfigure a vhost to redirect non-SSL connections to SSL
\n\n apache::vhost { 'sixteenth.example.com non-ssl':\n servername => 'sixteenth.example.com',\n port => '80',\n docroot => '/var/www/sixteenth',\n redirect_status => 'permanent'\n redirect_dest => 'https://sixteenth.example.com/'\n }\n apache::vhost { 'sixteenth.example.com ssl':\n servername => 'sixteenth.example.com',\n port => '443',\n docroot => '/var/www/sixteenth',\n ssl => true,\n }\n
\n\nSet up IP-based vhosts on any listen port and have them respond to requests on specific IP addresses. In this example, we will set listening on ports 80 and 81. This is required because the example vhosts are not declared with a port parameter.
\n\n apache::listen { '80': }\n apache::listen { '81': }\n
\n\nThen we will set up the IP-based vhosts
\n\n apache::vhost { 'first.example.com':\n ip => '10.0.0.10',\n docroot => '/var/www/first',\n ip_based => true,\n }\n apache::vhost { 'second.example.com':\n ip => '10.0.0.11',\n docroot => '/var/www/second',\n ip_based => true,\n }\n
\n\nConfigure a mix of name-based and IP-based vhosts. First, we will add two IP-based vhosts on 10.0.0.10, one SSL and one non-SSL
\n\n apache::vhost { 'The first IP-based vhost, non-ssl':\n servername => 'first.example.com',\n ip => '10.0.0.10',\n port => '80',\n ip_based => true,\n docroot => '/var/www/first',\n }\n apache::vhost { 'The first IP-based vhost, ssl':\n servername => 'first.example.com',\n ip => '10.0.0.10',\n port => '443',\n ip_based => true,\n docroot => '/var/www/first-ssl',\n ssl => true,\n }\n
\n\nThen, we will add two name-based vhosts listening on 10.0.0.20
\n\n apache::vhost { 'second.example.com':\n ip => '10.0.0.20',\n port => '80',\n docroot => '/var/www/second',\n }\n apache::vhost { 'third.example.com':\n ip => '10.0.0.20',\n port => '80',\n docroot => '/var/www/third',\n }\n
\n\nIf you want to add two name-based vhosts so that they will answer on either 10.0.0.10 or 10.0.0.20, you MUST declare add_listen => 'false'
to disable the otherwise automatic 'Listen 80', as it will conflict with the preceding IP-based vhosts.
apache::vhost { 'fourth.example.com':\n port => '80',\n docroot => '/var/www/fourth',\n add_listen => false,\n }\n apache::vhost { 'fifth.example.com':\n port => '80',\n docroot => '/var/www/fifth',\n add_listen => false,\n }\n
\n\napache::dev
Installs Apache development libraries
\n\n class { 'apache::dev': }\n
\n\napache::listen
Controls which ports Apache binds to for listening based on the title:
\n\n apache::listen { '80': }\n apache::listen { '443': }\n
\n\nDeclaring this defined type will add all Listen
directives to the ports.conf
file in the Apache httpd configuration directory. apache::listen
titles should always take the form of: <port>
, <ipv4>:<port>
, or [<ipv6>]:<port>
Apache httpd requires that Listen
directives must be added for every port. The apache::vhost
defined type will automatically add Listen
directives unless the apache::vhost
is passed add_listen => false
.
apache::namevirtualhost
Enables named-based hosting of a virtual host
\n\n class { 'apache::namevirtualhost`: }\n
\n\nDeclaring this defined type will add all NameVirtualHost
directives to the ports.conf
file in the Apache https configuration directory. apache::namevirtualhost
titles should always take the form of: *
, *:<port>
, _default_:<port>
, <ip>
, or <ip>:<port>
.
apache::balancermember
Define members of a proxy_balancer set (mod_proxy_balancer). Very useful when using exported resources.
\n\nOn every app server you can export a balancermember like this:
\n\n @@apache::balancermember { "${::fqdn}-puppet00":\n balancer_cluster => 'puppet00',\n url => "ajp://${::fqdn}:8009"\n options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],\n }\n
\n\nAnd on the proxy itself you create the balancer cluster using the defined type apache::balancer:
\n\n apache::balancer { 'puppet00': }\n
\n\nIf you need to use ProxySet in the balncer config you can do as so:
\n\n apache::balancer { 'puppet01':\n proxy_set => {'stickysession' => 'JSESSIONID'},\n }\n
\n\nThe Apache module relies heavily on templates to enable the vhost
and apache::mod
defined types. These templates are built based on Facter facts around your operating system. Unless explicitly called out, most templates are not meant for configuration.
This has been tested on Ubuntu Precise, Debian Wheezy, and CentOS 5.8.
\n\nPuppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.
\n\nWe want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.
\n\nYou can read the complete module contribution guide on the Puppet Labs wiki.
\n\nThis project contains tests for both rspec-puppet and rspec-system to verify functionality. For in-depth information please see their respective documentation.
\n\nQuickstart:
\n\ngem install bundler\nbundle install\nbundle exec rake spec\nbundle exec rake spec:system\n
\n\nCopyright (C) 2012 Puppet Labs Inc
\n\nPuppet Labs can be contacted at: info@puppetlabs.com
\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at
\n\nhttp://www.apache.org/licenses/LICENSE-2.0
\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.
\nCopyright (C) 2012 Puppet Labs Inc\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n
This module provides resource types for use in managing INI-style configuration\nfiles. The main resource type is ini_setting
, which is used to manage an\nindividual setting in an INI file. Here's an example usage:
ini_setting { "sample setting":\n path => '/tmp/foo.ini',\n section => 'foo',\n setting => 'foosetting',\n value => 'FOO!',\n ensure => present,\n}\n
\n\nA supplementary resource type is ini_subsetting
, which is used to manage\nsettings that consist of several arguments such as
JAVA_ARGS="-Xmx192m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/pe-puppetdb/puppetdb-oom.hprof "\n\nini_subsetting {'sample subsetting':\n ensure => present,\n section => '',\n key_val_separator => '=',\n path => '/etc/default/pe-puppetdb',\n setting => 'JAVA_ARGS',\n subsetting => '-Xmx',\n value => '512m',\n}\n
\n\nThe ini_setting class can be overridden by child providers in order to implement the management of ini settings for a specific configuration file.
\n\nIn order to implement this, you will need to specify your own Type (as shown below). This type needs to implement a namevar (name), and a property called value:
\n\nexample:
\n\n#my_module/lib/puppet/type/glance_api_config.rb\nPuppet::Type.newtype(:glance_api_config) do\n ensurable\n newparam(:name, :namevar => true) do\n desc 'Section/setting name to manage from glance-api.conf'\n # namevar should be of the form section/setting\n newvalues(/\\S+\\/\\S+/)\n end\n newproperty(:value) do\n desc 'The value of the setting to be defined.'\n munge do |v|\n v.to_s.strip\n end\n end\nend\n
\n\nThis type also must have a provider that utilizes the ini_setting provider as its parent:
\n\nexample:
\n\n# my_module/lib/puppet/provider/glance_api_config/ini_setting.rb\nPuppet::Type.type(:glance_api_config).provide(\n :ini_setting,\n # set ini_setting as the parent provider\n :parent => Puppet::Type.type(:ini_setting).provider(:ruby)\n) do\n # implement section as the first part of the namevar\n def section\n resource[:name].split('/', 2).first\n end\n def setting\n # implement setting as the second part of the namevar\n resource[:name].split('/', 2).last\n end\n # hard code the file path (this allows purging)\n def self.file_path\n '/etc/glance/glance-api.conf'\n end\nend\n
\n\nNow, the individual settings of the /etc/glance/glance-api.conf file can be managed as individual resources:
\n\nglance_api_config { 'HEADER/important_config':\n value => 'secret_value',\n}\n
\n\nProvided that self.file_path has been implemented, you can purge with the following puppet syntax:
\n\nresources { 'glance_api_config'\n purge => true,\n}\n
\n\nIf the above code is added, then the resulting configured file will only contain lines implemented as Puppet resources
\n\n2013-07-16 - Version 1.0.0\nFeatures:\n- Handle empty values.\n- Handle whitespace in settings names (aka: server role = something)\n- Add mechanism for allowing ini_setting subclasses to override the\nformation of the namevar during .instances, to allow for ini_setting\nderived types that manage flat ini-file-like files and still purge\nthem.\n\n2013-05-28 - Chris Price <chris@puppetlabs.com> - 0.10.3\n * Fix bug in subsetting handling for new settings (cbea5dc)\n\n2013-05-22 - Chris Price <chris@puppetlabs.com> - 0.10.2\n * Better handling of quotes for subsettings (1aa7e60)\n\n2013-05-21 - Chris Price <chris@puppetlabs.com> - 0.10.1\n * Change constants to class variables to avoid ruby warnings (6b19864)\n\n2013-04-10 - Erik Dalén <dalen@spotify.com> - 0.10.1\n * Style fixes (c4af8c3)\n\n2013-04-02 - Dan Bode <dan@puppetlabs.com> - 0.10.1\n * Add travisfile and Gemfile (c2052b3)\n\n2013-04-02 - Chris Price <chris@puppetlabs.com> - 0.10.1\n * Update README.markdown (ad38a08)\n\n2013-02-15 - Karel Brezina <karel.brezina@gmail.com> - 0.10.0\n * Added 'ini_subsetting' custom resource type (4351d8b)\n\n2013-03-11 - Dan Bode <dan@puppetlabs.com> - 0.10.0\n * guard against nil indentation values (5f71d7f)\n\n2013-01-07 - Dan Bode <dan@puppetlabs.com> - 0.10.0\n * Add purging support to ini file (2f22483)\n\n2013-02-05 - James Sweeny <james.sweeny@puppetlabs.com> - 0.10.0\n * Fix test to use correct key_val_parameter (b1aff63)\n\n2012-11-06 - Chris Price <chris@puppetlabs.com> - 0.10.0\n * Added license file w/Apache 2.0 license (5e1d203)\n\n2012-11-02 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Version 0.9.0 released\n\n2012-10-26 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Add detection for commented versions of settings (a45ab65)\n\n2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Refactor to clarify implementation of `save` (f0d443f)\n\n2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Add example for `ensure=absent` (e517148)\n\n2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Better handling of whitespace lines at ends of sections (845fa70)\n\n2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Respect indentation / spacing for existing sections and settings (c2c26de)\n\n2012-10-17 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Minor tweaks to handling of removing settings (cda30a6)\n\n2012-10-10 - Dan Bode <dan@puppetlabs.com> - 0.9.0\n * Add support for removing lines (1106d70)\n\n2012-10-02 - Dan Bode <dan@puppetlabs.com> - 0.9.0\n * Make value a property (cbc90d3)\n\n2012-10-02 - Dan Bode <dan@puppetlabs.com> - 0.9.0\n * Make ruby provider a better parent. (1564c47)\n\n2012-09-29 - Reid Vandewiele <reid@puppetlabs.com> - 0.9.0\n * Allow values with spaces to be parsed and set (3829e20)\n\n2012-09-24 - Chris Price <chris@pupppetlabs.com> - 0.0.3\n * Version 0.0.3 released\n\n2012-09-20 - Chris Price <chris@puppetlabs.com> - 0.0.3\n * Add validation for key_val_separator (e527908)\n\n2012-09-19 - Chris Price <chris@puppetlabs.com> - 0.0.3\n * Allow overriding separator string between key/val pairs (8d1fdc5)\n\n2012-08-20 - Chris Price <chris@pupppetlabs.com> - 0.0.2\n * Version 0.0.2 released\n\n2012-08-17 - Chris Price <chris@pupppetlabs.com> - 0.0.2\n * Add support for "global" section at beginning of file (c57dab4)\n
Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n "License" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n "Licensor" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n "Legal Entity" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n "control" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n "You" (or "Your") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n "Source" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n "Object" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n "Work" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n "Derivative Works" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n "Contribution" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, "submitted"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as "Not a Contribution."\n\n "Contributor" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a "NOTICE" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets "[]"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same "printed page" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright 2012 Chris Price\n\n Licensed under the Apache License, Version 2.0 (the "License");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n
Installs mongodb on Ubuntu/Debian from OS repo, or alternatively per 10gen installation documentation.
\n\nParameters:
\n\nBy default ubuntu is upstart and debian uses sysv.
\n\nExamples:
\n\nclass mongodb {\n init => 'sysv',\n}\n\nclass mongodb {\n enable_10gen => true,\n}\n
\n\n2012-07-13 Puppet Labs <info@puppetlabs.com> - 0.1.0\n* Add support for RHEL/CentOS\n* Change default mongodb install location to OS repo\n\n2012-05-29 Puppet Labs <info@puppetlabs.com> - 0.0.2\n* Fix Modulefile typo.\n* Remove repo pin.\n* Update spec tests and add travis support.\n\n2012-05-03 Puppet Labs <info@puppetlabs.com> - 0.0.1\n* Initial Release.\n
Copyright (C) 2012 Puppet Labs Inc\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n
This provides a HTTP Authentication type for Puppet that support Basic and Digest authentication.
\n\nCopyright - James Turnbull james@lovedthanlost.net
\n\nLicense: GPLv3
\n\nThanks to John Ferlito and JKur (https://github.com/jkur) for patches.
\n\nhttpauth { 'user':\n file => '/path/to/password/file',\n password => 'password',\n realm => 'realm',\n mechanism => basic,\n ensure => present,\n}\n
\nThe Apache module allows you to set up virtual hosts and manage web services with minimal effort.
\n\nApache is a widely-used web server, and this module provides a simplified way of creating configurations to manage your infrastructure. This includes the ability to configure and manage a range of different virtual host setups, as well as a streamlined way to install and configure Apache modules.
\n\nWhat Apache affects:
\n\n/etc/make.conf
on FreeBSDTo install Apache with the default parameters
\n\n class { 'apache': }\n
\n\nThe defaults are determined by your operating system (e.g. Debian systems have one set of defaults, RedHat systems have another). These defaults will work well in a testing environment, but are not suggested for production. To establish customized parameters
\n\n class { 'apache':\n default_mods => false,\n default_confd_files => false,\n }\n
\n\nDeclaring the apache
class will create a default virtual host by setting up a vhost on port 80, listening on all interfaces and serving $apache::docroot
.
class { 'apache': }\n
\n\nTo configure a very basic, name-based virtual host
\n\n apache::vhost { 'first.example.com':\n port => '80',\n docroot => '/var/www/first',\n }\n
\n\nNote: The default priority is 15. If nothing matches this priority, the alphabetically first name-based vhost will be used. This is also true if you pass a higher priority and no names match anything else.
\n\nA slightly more complicated example, which moves the docroot owner/group
\n\n apache::vhost { 'second.example.com':\n port => '80',\n docroot => '/var/www/second',\n docroot_owner => 'third',\n docroot_group => 'third',\n }\n
\n\nTo set up a virtual host with SSL and default SSL certificates
\n\n apache::vhost { 'ssl.example.com':\n port => '443',\n docroot => '/var/www/ssl',\n ssl => true,\n }\n
\n\nTo set up a virtual host with SSL and specific SSL certificates
\n\n apache::vhost { 'fourth.example.com':\n port => '443',\n docroot => '/var/www/fourth',\n ssl => true,\n ssl_cert => '/etc/ssl/fourth.example.com.cert',\n ssl_key => '/etc/ssl/fourth.example.com.key',\n }\n
\n\nTo set up a virtual host with IP address different than '*'
\n\n apache::vhost { 'subdomain.example.com':\n ip => '127.0.0.1',\n port => '80',\n docrout => '/var/www/subdomain',\n }\n
\n\nTo set up a virtual host with wildcard alias for subdomain mapped to same named directory\nhttp://examle.com.loc => /var/www/example.com
apache::vhost { 'subdomain.loc':\n vhost_name => '*',\n port => '80',\n virtual_docroot' => '/var/www/%-2+',\n docroot => '/var/www',\n serveraliases => ['*.loc',],\n }\n
\n\nTo set up a virtual host with suPHP
\n\n apache::vhost { 'suphp.example.com':\n port => '80',\n docroot => '/home/appuser/myphpapp',\n suphp_addhandler => 'x-httpd-php',\n suphp_engine => 'on',\n suphp_configpath => '/etc/php5/apache2',\n directories => { path => '/home/appuser/myphpapp',\n 'suphp' => { user => 'myappuser', group => 'myappgroup' },\n }\n }\n
\n\nTo set up a virtual host with WSGI
\n\n apache::vhost { 'wsgi.example.com':\n port => '80',\n docroot => '/var/www/pythonapp',\n wsgi_daemon_process => 'wsgi',\n wsgi_daemon_process_options =>\n { processes => '2', threads => '15', display-name => '%{GROUP}' },\n wsgi_process_group => 'wsgi',\n wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' },\n }\n
\n\nStarting 2.2.16, httpd supports FallbackResource which is a simple replace for common RewriteRules:
\n\n apache::vhost { 'wordpress.example.com':\n port => '80',\n docroot => '/var/www/wordpress',\n fallbackresource => '/index.php',\n }\n
\n\nPlease note that the disabled
argument to FallbackResource is only supported since 2.2.24.
To see a list of all virtual host parameters, please go here. To see an extensive list of virtual host examples please look here.
\n\nThis module modifies Apache configuration files and directories and will purge any configuration not managed by Puppet. Configuration of Apache should be managed by Puppet, as non-puppet configuration files can cause unexpected failures.
\n\nIt is possible to temporarily disable full Puppet management by setting the purge_configs
parameter within the base apache
class to 'false'. This option should only be used as a temporary means of saving and relocating customized configurations.
apache
The Apache module's primary class, apache
, guides the basic setup of Apache on your system.
You may establish a default vhost in this class, the vhost
class, or both. You may add additional vhost configurations for specific virtual hosts using a declaration of the vhost
type.
Parameters within apache
:
default_mods
Sets up Apache with default settings based on your OS. Defaults to 'true', set to 'false' for customized configuration.
\n\ndefault_vhost
Sets up a default virtual host. Defaults to 'true', set to 'false' to set up customized virtual hosts.
\n\ndefault_confd_files
Generates default set of include-able apache configuration files under ${apache::confd_dir}
directory. These configuration files correspond to what is usually installed with apache package on given platform.
default_ssl_vhost
Sets up a default SSL virtual host. Defaults to 'false'.
\n\n apache::vhost { 'default-ssl':\n port => 443,\n ssl => true,\n docroot => $docroot,\n scriptalias => $scriptalias,\n serveradmin => $serveradmin,\n access_log_file => "ssl_${access_log_file}",\n }\n
\n\nSSL vhosts only respond to HTTPS queries.
\n\ndefault_ssl_cert
The default SSL certification, which is automatically set based on your operating system (/etc/pki/tls/certs/localhost.crt
for RedHat, /etc/ssl/certs/ssl-cert-snakeoil.pem
for Debian, /usr/local/etc/apache22/server.crt
for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production.
default_ssl_key
The default SSL key, which is automatically set based on your operating system (/etc/pki/tls/private/localhost.key
for RedHat, /etc/ssl/private/ssl-cert-snakeoil.key
for Debian, /usr/local/etc/apache22/server.key
for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production.
default_ssl_chain
The default SSL chain, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.
\n\ndefault_ssl_ca
The default certificate authority, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.
\n\ndefault_ssl_crl_path
The default certificate revocation list path, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.
\n\ndefault_ssl_crl
The default certificate revocation list to use, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.
\n\nservice_name
Name of apache service to run. Defaults to: 'httpd'
on RedHat, 'apache2'
on Debian, and 'apache22'
on FreeBSD.
service_enable
Determines whether the 'httpd' service is enabled when the machine is booted. Defaults to 'true'.
\n\nservice_ensure
Determines whether the service should be running. Can be set to 'undef' which is useful when you want to let the service be managed by some other application like pacemaker. Defaults to 'running'.
\n\npurge_configs
Removes all other apache configs and vhosts, which is automatically set to true. Setting this to false is a stopgap measure to allow the apache module to coexist with existing or otherwise managed configuration. It is recommended that you move your configuration entirely to resources within this module.
\n\nserveradmin
Sets the server administrator. Defaults to 'root@localhost'.
\n\nservername
Sets the servername. Defaults to fqdn provided by facter.
\n\nserver_root
A value to be set as ServerRoot
in main configuration file (httpd.conf
). Defaults to /etc/httpd
on RedHat, /etc/apache2
on Debian and /usr/local
on FreeBSD.
sendfile
Makes Apache use the Linux kernel 'sendfile' to serve static files. Defaults to 'On'.
\n\nserver_root
A value to be set as ServerRoot
in main configuration file (httpd.conf
). Defaults to /etc/httpd
on RedHat and /etc/apache2
on Debian.
error_documents
Enables custom error documents. Defaults to 'false'.
\n\nhttpd_dir
Changes the base location of the configuration directories used for the service. This is useful for specially repackaged HTTPD builds but may have unintended consequences when used in combination with the default distribution packages. Default is based on your OS.
\n\nconfd_dir
Changes the location of the configuration directory your custom configuration files are placed in. Default is based on your OS.
\n\nvhost_dir
Changes the location of the configuration directory your virtual host configuration files are placed in. Default is based on your OS.
\n\nmod_dir
Changes the location of the configuration directory your Apache modules configuration files are placed in. Default is based on your OS.
\n\nmpm_module
Configures which mpm module is loaded and configured for the httpd process by the apache::mod::event
, apache::mod::itk
, apache::mod::peruser
, apache::mod::prefork
and apache::mod::worker
classes. Must be set to false
to explicitly declare apache::mod::event
, apache::mod::itk
, apache::mod::peruser
, apache::mod::prefork
or apache::mod::worker
classes with parameters. All possible values are event
, itk
, peruser
, prefork
, worker
(valid values depend on agent's OS), or the boolean false
. Defaults to prefork
on RedHat and FreeBSD and worker
on Debian. Note: on FreeBSD switching between different mpm modules is quite difficult (but possible). Before changing $mpm_module
one has to deinstall all packages that depend on currently installed apache
.
conf_template
Setting this allows you to override the template used for the main apache configuration file. This is a potentially risky thing to do as this module has been built around the concept of a minimal configuration file with most of the configuration coming in the form of conf.d/ entries. Defaults to 'apache/httpd.conf.erb'.
\n\nkeepalive
Setting this allows you to enable persistent connections.
\n\nkeepalive_timeout
Amount of time the server will wait for subsequent requests on a persistent connection. Defaults to '15'.
\n\nlogroot
Changes the location of the directory Apache log files are placed in. Defaut is based on your OS.
\n\nlog_level
Changes the verbosity level of the error log. Defaults to 'warn'. Valid values are emerg
, alert
, crit
, error
, warn
, notice
, info
or debug
.
ports_file
Changes the name of the file containing Apache ports configuration. Default is ${conf_dir}/ports.conf
.
server_tokens
Controls how much information Apache sends to the browser about itself and the operating system. See Apache documentation for 'ServerTokens'. Defaults to 'OS'.
\n\nserver_signature
Allows the configuration of a trailing footer line under server-generated documents. See Apache documentation for 'ServerSignature'. Defaults to 'On'.
\n\ntrace_enable
Controls, how TRACE requests per RFC 2616 are handled. See Apache documentation for 'TraceEnable'. Defaults to 'On'.
\n\nmanage_user
Setting this to false will avoid the user resource to be created by this module. This is useful when you already have a user created in another puppet module and that you want to used it to run apache. Without this, it would result in a duplicate resource error.
\n\nmanage_group
Setting this to false will avoid the group resource to be created by this module. This is useful when you already have a group created in another puppet module and that you want to used it for apache. Without this, it would result in a duplicate resource error.
\n\npackage_ensure
Allow control over the package ensure statement. This is useful if you want to make sure apache is always at the latest version or whether it is only installed.
\n\napache::default_mods
Installs default Apache modules based on what OS you are running
\n\n class { 'apache::default_mods': }\n
\n\napache::mod
Used to enable arbitrary Apache httpd modules for which there is no specific apache::mod::[name]
class. The apache::mod
defined type will also install the required packages to enable the module, if any.
apache::mod { 'rewrite': }\n apache::mod { 'ldap': }\n
\n\napache::mod::[name]
There are many apache::mod::[name]
classes within this module that can be declared using include
:
alias
auth_basic
auth_kerb
autoindex
cache
cgi
cgid
dav
dav_fs
dav_svn
deflate
dev
dir
*disk_cache
event
fastcgi
fcgid
headers
info
itk
ldap
mime
mime_magic
*mpm_event
negotiation
nss
*passenger
*perl
peruser
php
(requires mpm_module
set to prefork
)prefork
*proxy
*proxy_ajp
proxy_html
proxy_http
python
reqtimeout
rewrite
rpaf
*setenvif
ssl
* (see apache::mod::ssl below)status
*suphp
userdir
*vhost_alias
worker
*wsgi
(see apache::mod::wsgi below)xsendfile
Modules noted with a * indicate that the module has settings and, thus, a template that includes parameters. These parameters control the module's configuration. Most of the time, these parameters will not require any configuration or attention.
\n\nThe modules mentioned above, and other Apache modules that have templates, will cause template files to be dropped along with the mod install, and the module will not work without the template. Any mod without a template will install package but drop no files.
\n\napache::mod::ssl
Installs Apache SSL capabilities and utilizes ssl.conf.erb
template. These are the defaults:
class { 'apache::mod::ssl':\n ssl_compression => false,\n ssl_options => [ 'StdEnvVars' ],\n }\n
\n\nTo use SSL with a virtual host, you must either set thedefault_ssl_vhost
parameter in apache
to 'true' or set the ssl
parameter in apache::vhost
to 'true'.
apache::mod::wsgi
class { 'apache::mod::wsgi':\n wsgi_socket_prefix => "\\${APACHE_RUN_DIR}WSGI",\n wsgi_python_home => '/path/to/virtenv',\n wsgi_python_path => '/path/to/virtenv/site-packages',\n }\n
\n\napache::vhost
The Apache module allows a lot of flexibility in the set up and configuration of virtual hosts. This flexibility is due, in part, to vhost
's setup as a defined resource type, which allows it to be evaluated multiple times with different parameters.
The vhost
defined type allows you to have specialized configurations for virtual hosts that have requirements outside of the defaults. You can set up a default vhost within the base apache
class as well as set a customized vhost setup as default. Your customized vhost (priority 10) will be privileged over the base class vhost (15).
If you have a series of specific configurations and do not want a base apache
class default vhost, make sure to set the base class default host to 'false'.
class { 'apache':\n default_vhost => false,\n }\n
\n\nParameters within apache::vhost
:
The default values for each parameter will vary based on operating system and type of virtual host.
\n\naccess_log
Specifies whether *_access.log
directives should be configured. Valid values are 'true' and 'false'. Defaults to 'true'.
access_log_file
Points to the *_access.log
file. Defaults to 'undef'.
access_log_pipe
Specifies a pipe to send access log messages to. Defaults to 'undef'.
\n\naccess_log_syslog
Sends all access log messages to syslog. Defaults to 'undef'.
\n\naccess_log_format
Specifies either a LogFormat nickname or custom format string for access log. Defaults to 'undef'.
\n\nadd_listen
Determines whether the vhost creates a listen statement. The default value is 'true'.
\n\nSetting add_listen
to 'false' stops the vhost from creating a listen statement, and this is important when you combine vhosts that are not passed an ip
parameter with vhosts that are passed the ip
parameter.
aliases
Passes a list of hashes to the vhost to create Alias
or AliasMatch
statements as per the mod_alias
documentation. Each hash is expected to be of the form:
aliases => [\n { aliasmatch => '^/image/(.*)\\.jpg$', path => '/files/jpg.images/$1.jpg' }\n { alias => '/image', path => '/ftp/pub/image' },\n],\n
\n\nFor Alias
and AliasMatch
to work, each will need a corresponding <Directory /path/to/directory>
or <Location /path/to/directory>
block. The Alias
and AliasMatch
directives are created in the order specified in the aliases
paramter. As described in the mod_alias
documentation more specific Alias
or AliasMatch
directives should come before the more general ones to avoid shadowing.
Note: If apache::mod::passenger
is loaded and PassengerHighPerformance true
is set, then Alias
may have issues honouring the PassengerEnabled off
statement. See this article for details.
block
Specifies the list of things Apache will block access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories. To add to this, please see the Development section.
\n\ncustom_fragment
Pass a string of custom configuration directives to be placed at the end of the vhost configuration.
\n\ndefault_vhost
Sets a given apache::vhost
as the default to serve requests that do not match any other apache::vhost
definitions. The default value is 'false'.
directories
Passes a list of hashes to the vhost to create <Directory /path/to/directory>...</Directory>
directive blocks as per the Apache core documentation. The path
key is required in these hashes. An optional provider
defaults to directory
. Usage will typically look like:
apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', <directive> => <value> },\n { path => '/path/to/another/directory', <directive> => <value> },\n ],\n }\n
\n\nNote: At least one directory should match docroot
parameter, once you start declaring directories apache::vhost
assumes that all required <Directory>
blocks will be declared.
Note: If not defined a single default <Directory>
block will be created that matches the docroot
parameter.
provider
can be set to any of directory
, files
, or location
. If the pathspec starts with a ~
, httpd will interpret this as the equivalent of DirectoryMatch
, FilesMatch
, or LocationMatch
, respectively.
apache::vhost { 'files.example.net':\n docroot => '/var/www/files',\n directories => [\n { path => '~ (\\.swp|\\.bak|~)$', 'provider' => 'files', 'deny' => 'from all' },\n ],\n }\n
\n\nThe directives will be embedded within the Directory
(Files
, or Location
) directive block, missing directives should be undefined and not be added, resulting in their default vaules in Apache. Currently this is the list of supported directives:
addhandlers
Sets AddHandler
directives as per the Apache Core documentation. Accepts a list of hashes of the form { handler => 'handler-name', extensions => ['extension']}
. Note that extensions
is a list of extenstions being handled by the handler.\nAn example:
apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory',\n addhandlers => [ { handler => 'cgi-script', extensions => ['.cgi']} ],\n } ],\n }\n
\n\nallow
Sets an Allow
directive as per the Apache Core documentation. An example:
apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', allow => 'from example.org' } ],\n }\n
\n\nallow_override
Sets the usage of .htaccess
files as per the Apache core documentation. Should accept in the form of a list or a string. An example:
apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', allow_override => ['AuthConfig', 'Indexes'] } ],\n }\n
\n\ndeny
Sets an Deny
directive as per the Apache Core documentation. An example:
apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', deny => 'from example.org' } ],\n }\n
\n\nerror_documents
A list of hashes which can be used to override the ErrorDocument settings for this directory. Example:
\n\n apache::vhost { 'sample.example.net':\n directories => [ { path => '/srv/www'\n error_documents => [\n { 'error_code' => '503', 'document' => '/service-unavail' },\n ],\n }]\n }\n
\n\nheaders
Adds lines for Header
directives as per the Apache Header documentation. An example:
apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => {\n path => '/path/to/directory',\n headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',\n },\n }\n
\n\noptions
Lists the options for the given <Directory>
block
apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'] }],\n }\n
\n\nindex_options
Styles the list
\n\n apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'], index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'] }],\n }\n
\n\nindex_order_default
Sets the order of the list
\n\n apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', order => 'Allow,Deny', index_order_default => ['Descending', 'Date']}, ],\n }\n
\n\norder
Sets the order of processing Allow
and Deny
statements as per Apache core documentation. An example:
apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', order => 'Allow,Deny' } ],\n }\n
\n\nauth_type
Sets the value for AuthType
as per the Apache AuthType\ndocumentation.
auth_name
Sets the value for AuthName
as per the Apache AuthName\ndocumentation.
auth_digest_algorithm
Sets the value for AuthDigestAlgorithm
as per the Apache\nAuthDigestAlgorithm\ndocumentation
auth_digest_domain
Sets the value for AuthDigestDomain
as per the Apache AuthDigestDomain\ndocumentation.
auth_digest_nonce_lifetime
Sets the value for AuthDigestNonceLifetime
as per the Apache\nAuthDigestNonceLifetime\ndocumentation
auth_digest_provider
Sets the value for AuthDigestProvider
as per the Apache AuthDigestProvider\ndocumentation.
auth_digest_qop
Sets the value for AuthDigestQop
as per the Apache AuthDigestQop\ndocumentation.
auth_digest_shmem_size
Sets the value for AuthAuthDigestShmemSize
as per the Apache AuthDigestShmemSize\ndocumentation.
auth_basic_authoritative
Sets the value for AuthBasicAuthoritative
as per the Apache\nAuthBasicAuthoritative\ndocumentation.
auth_basic_fake
Sets the value for AuthBasicFake
as per the Apache AuthBasicFake\ndocumentation.
auth_basic_provider
Sets the value for AuthBasicProvider
as per the Apache AuthBasicProvider\ndocumentation.
auth_user_file
Sets the value for AuthUserFile
as per the Apache AuthUserFile\ndocumentation.
auth_require
Sets the value for AuthName
as per the Apache Require\ndocumentation
passenger_enabled
Sets the value for the PassengerEnabled
directory to on
or off
as per the Passenger documentation.
apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', passenger_enabled => 'off' } ],\n }\n
\n\nNote: This directive requires apache::mod::passenger
to be active, Apache may not start with an unrecognised directive without it.
Note: Be aware that there is an issue using the PassengerEnabled
directive with the PassengerHighPerformance
directive.
ssl_options
String or list of SSLOptions
for the given <Directory>
block. This overrides, or refines the SSLOptions
of the parent block (either vhost, or server).
apache::vhost { 'secure.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', ssl_options => '+ExportCertData' }\n { path => '/path/to/different/dir', ssl_options => [ '-StdEnvVars', '+ExportCertData'] },\n ],\n }\n
\n\nsuphp
An array containing two values: User and group for the suPHP_UserGroup setting.\nThis directive must be used with suphp_engine => on
in the vhost declaration. This directive only works in <Directory>
or <Location>
.
apache::vhost { 'secure.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', suphp => { user => 'myappuser', group => 'myappgroup' }\n ],\n }\n
\n\ncustom_fragment
Pass a string of custom configuration directives to be placed at the end of the\ndirectory configuration.
\n\ndirectoryindex
Set a DirectoryIndex directive, to set the list of resources to look for, when the client requests an index of the directory by specifying a / at the end of the directory name..
\n\ndocroot
Provides the DocumentRoot directive, identifying the directory Apache serves files from.
\n\ndocroot_group
Sets group access to the docroot directory. Defaults to 'root'.
\n\ndocroot_owner
Sets individual user access to the docroot directory. Defaults to 'root'.
\n\nerror_log
Specifies whether *_error.log
directives should be configured. Defaults to 'true'.
error_log_file
Points to the *_error.log
file. Defaults to 'undef'.
error_log_pipe
Specifies a pipe to send error log messages to. Defaults to 'undef'.
\n\nerror_log_syslog
Sends all error log messages to syslog. Defaults to 'undef'.
\n\nerror_documents
A list of hashes which can be used to override the ErrorDocument settings for this vhost. Defaults to []
. Example:
apache::vhost { 'sample.example.net':\n error_documents => [\n { 'error_code' => '503', 'document' => '/service-unavail' },\n { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' },\n ],\n }\n
\n\nensure
Specifies if the vhost file is present or absent.
\n\nfastcgi_server
Specifies the filename as an external FastCGI application. Defaults to 'undef'.
\n\nfastcgi_socket
Filename used to communicate with the web server. Defaults to 'undef'.
\n\nfastcgi_dir
Directory to enable for FastCGI. Defaults to 'undef'.
\n\nadditional_includes
Specifies paths to additional static vhost-specific Apache configuration files.\nThis option is useful when you need to implement a unique and/or custom\nconfiguration not supported by this module.
\n\nip
The IP address the vhost listens on. Defaults to 'undef'.
\n\nip_based
Enables an IP-based vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'.
\n\nlogroot
Specifies the location of the virtual host's logfiles. Defaults to /var/log/<apache log location>/
.
log_level
Specifies the verbosity level of the error log. Defaults to warn
for the global server configuration and can be overridden on a per-vhost basis using this parameter. Valid value for log_level
is one of emerg
, alert
, crit
, error
, warn
, notice
, info
or debug
.
no_proxy_uris
Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with proxy_dest
.
options
Lists the options for the given virtual host
\n\n apache::vhost { 'site.name.fdqn':\n …\n options => ['Indexes','FollowSymLinks','MultiViews'],\n }\n
\n\noverride
Sets the overrides for the given virtual host. Accepts an array of AllowOverride arguments.
\n\nport
Sets the port the host is configured on.
\n\npriority
Sets the relative load-order for Apache httpd VirtualHost configuration files. Defaults to '25'.
\n\nIf nothing matches the priority, the first name-based vhost will be used. Likewise, passing a higher priority will cause the alphabetically first name-based vhost to be used if no other names match.
\n\nNote: You should not need to use this parameter. However, if you do use it, be aware that the default_vhost
parameter for apache::vhost
passes a priority of '15'.
proxy_dest
Specifies the destination address of a proxypass configuration. Defaults to 'undef'.
\n\nproxy_pass
Specifies an array of path => uri for a proxypass configuration. Defaults to 'undef'.
\n\nExample:
\n\n$proxy_pass = [\n { 'path' => '/a', 'url' => 'http://backend-a/' },\n { 'path' => '/b', 'url' => 'http://backend-b/' },\n { 'path' => '/c', 'url' => 'http://backend-a/c' }\n]\n\napache::vhost { 'site.name.fdqn':\n …\n proxy_pass => $proxy_pass,\n}\n
\n\nrack_base_uris
Specifies the resource identifiers for a rack configuration. The file paths specified will be listed as rack application roots for passenger/rack in the _rack.erb
template. Defaults to 'undef'.
redirect_dest
Specifies the address to redirect to. Defaults to 'undef'.
\n\nredirect_source
Specifies the source items? that will redirect to the destination specified in redirect_dest
. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent.
apache::vhost { 'site.name.fdqn':\n …\n redirect_source => ['/images','/downloads'],\n redirect_dest => ['http://img.example.com/','http://downloads.example.com/'],\n }\n
\n\nredirect_status
Specifies the status to append to the redirect. Defaults to 'undef'.
\n\n apache::vhost { 'site.name.fdqn':\n …\n redirect_status => ['temp','permanent'],\n }\n
\n\nrequest_headers
Specifies additional request headers.
\n\n apache::vhost { 'site.name.fdqn':\n …\n request_headers => [\n 'append MirrorID "mirror 12"',\n 'unset MirrorID',\n ],\n }\n
\n\nrewrite_base
Limits the rewrite_rule
to the specified base URL. Defaults to 'undef'.
apache::vhost { 'site.name.fdqn':\n …\n rewrite_rule => '^index\\.html$ welcome.html',\n rewrite_base => '/blog/',\n }\n
\n\nThe above example would limit the index.html -> welcome.html rewrite to only something inside of http://example.com/blog/.
\n\nrewrite_cond
Rewrites a URL via rewrite_rule
based on the truth of specified conditions. For example
apache::vhost { 'site.name.fdqn':\n …\n rewrite_cond => '%{HTTP_USER_AGENT} ^MSIE',\n }\n
\n\nwill rewrite URLs only if the visitor is using IE. Defaults to 'undef'.
\n\nNote: At the moment, each vhost is limited to a single list of rewrite conditions. In the future, you will be able to specify multiple rewrite_cond
and rewrite_rules
per vhost, so that different conditions get different rewrites.
rewrite_rule
Creates URL rewrite rules. Defaults to 'undef'. This parameter allows you to specify, for example, that anyone trying to access index.html will be served welcome.html.
\n\n apache::vhost { 'site.name.fdqn':\n …\n rewrite_rule => '^index\\.html$ welcome.html',\n }\n
\n\nscriptalias
Defines a directory of CGI scripts to be aliased to the path '/cgi-bin'
\n\nscriptaliases
Passes a list of hashes to the vhost to create ScriptAlias
or ScriptAliasMatch
statements as per the mod_alias
documentation. Each hash is expected to be of the form:
scriptaliases => [\n {\n alias => '/myscript',\n path => '/usr/share/myscript',\n },\n {\n aliasmatch => '^/foo(.*)',\n path => '/usr/share/fooscripts$1',\n },\n {\n aliasmatch => '^/bar/(.*)',\n path => '/usr/share/bar/wrapper.sh/$1',\n },\n {\n alias => '/neatscript',\n path => '/usr/share/neatscript',\n },\n ]\n
\n\nThese directives are created in the order specified. As with Alias
and AliasMatch
directives the more specific aliases should come before the more general ones to avoid shadowing.
serveradmin
Specifies the email address Apache will display when it renders one of its error pages.
\n\nserveraliases
Sets the server aliases of the site.
\n\nservername
Sets the primary name of the virtual host.
\n\nsetenv
Used by HTTPD to set environment variables for vhosts. Defaults to '[]'.
\n\nsetenvif
Used by HTTPD to conditionally set environment variables for vhosts. Defaults to '[]'.
\n\nssl
Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'.
\n\nssl_ca
Specifies the certificate authority.
\n\nssl_cert
Specifies the SSL certification.
\n\nssl_protocol
Specifies the SSL Protocol (SSLProtocol).
\n\nssl_cipher
Specifies the SSLCipherSuite.
\n\nssl_honorcipherorder
Sets SSLHonorCipherOrder directive, used to prefer the server's cipher preference order
\n\nssl_certs_dir
Specifies the location of the SSL certification directory. Defaults to /etc/ssl/certs
on Debian and /etc/pki/tls/certs
on RedHat.
ssl_chain
Specifies the SSL chain.
\n\nssl_crl
Specifies the certificate revocation list to use.
\n\nssl_crl_path
Specifies the location of the certificate revocation list.
\n\nssl_key
Specifies the SSL key.
\n\nssl_verify_client
Sets SSLVerifyClient
directives as per the Apache Core documentation. Defaults to undef.\nAn example:
apache::vhost { 'sample.example.net':\n …\n ssl_verify_client => 'optional',\n }\n
\n\nssl_verify_depth
Sets SSLVerifyDepth
directives as per the Apache Core documentation. Defaults to undef.\nAn example:
apache::vhost { 'sample.example.net':\n …\n ssl_verify_depth => 1,\n }\n
\n\nssl_options
Sets SSLOptions
directives as per the Apache Core documentation. This is the global setting for the vhost and can be a string or an array. Defaults to undef. A single string example:
apache::vhost { 'sample.example.net':\n …\n ssl_options => '+ExportCertData',\n }\n
\n\nAn array of strings example:
\n\n apache::vhost { 'sample.example.net':\n …\n ssl_options => [ '+StrictRequire', '+ExportCertData' ],\n }\n
\n\nssl_proxyengine
Specifies whether to use SSLProxyEngine
or not. Defaults to false
.
vhost_name
This parameter is for use with name-based virtual hosting. Defaults to '*'.
\n\nitk
Hash containing infos to configure itk as per the ITK documentation.
\n\nKeys could be:
\n\nUsage will typically look like:
\n\n apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n itk => {\n user => 'someuser',\n group => 'somegroup',\n },\n }\n
\n\nThe Apache module allows you to set up pretty much any configuration of virtual host you might desire. This section will address some common configurations. Please see the Tests section for even more examples.
\n\nConfigure a vhost with a server administrator
\n\n apache::vhost { 'third.example.com':\n port => '80',\n docroot => '/var/www/third',\n serveradmin => 'admin@example.com',\n }\n
\n\nSet up a vhost with aliased servers
\n\n apache::vhost { 'sixth.example.com':\n serveraliases => [\n 'sixth.example.org',\n 'sixth.example.net',\n ],\n port => '80',\n docroot => '/var/www/fifth',\n }\n
\n\nConfigure a vhost with a cgi-bin
\n\n apache::vhost { 'eleventh.example.com':\n port => '80',\n docroot => '/var/www/eleventh',\n scriptalias => '/usr/lib/cgi-bin',\n }\n
\n\nSet up a vhost with a rack configuration
\n\n apache::vhost { 'fifteenth.example.com':\n port => '80',\n docroot => '/var/www/fifteenth',\n rack_base_uris => ['/rackapp1', '/rackapp2'],\n }\n
\n\nSet up a mix of SSL and non-SSL vhosts at the same domain
\n\n #The non-ssl vhost\n apache::vhost { 'first.example.com non-ssl':\n servername => 'first.example.com',\n port => '80',\n docroot => '/var/www/first',\n }\n\n #The SSL vhost at the same domain\n apache::vhost { 'first.example.com ssl':\n servername => 'first.example.com',\n port => '443',\n docroot => '/var/www/first',\n ssl => true,\n }\n
\n\nConfigure a vhost to redirect non-SSL connections to SSL
\n\n apache::vhost { 'sixteenth.example.com non-ssl':\n servername => 'sixteenth.example.com',\n port => '80',\n docroot => '/var/www/sixteenth',\n redirect_status => 'permanent'\n redirect_dest => 'https://sixteenth.example.com/'\n }\n apache::vhost { 'sixteenth.example.com ssl':\n servername => 'sixteenth.example.com',\n port => '443',\n docroot => '/var/www/sixteenth',\n ssl => true,\n }\n
\n\nSet up IP-based vhosts on any listen port and have them respond to requests on specific IP addresses. In this example, we will set listening on ports 80 and 81. This is required because the example vhosts are not declared with a port parameter.
\n\n apache::listen { '80': }\n apache::listen { '81': }\n
\n\nThen we will set up the IP-based vhosts
\n\n apache::vhost { 'first.example.com':\n ip => '10.0.0.10',\n docroot => '/var/www/first',\n ip_based => true,\n }\n apache::vhost { 'second.example.com':\n ip => '10.0.0.11',\n docroot => '/var/www/second',\n ip_based => true,\n }\n
\n\nConfigure a mix of name-based and IP-based vhosts. First, we will add two IP-based vhosts on 10.0.0.10, one SSL and one non-SSL
\n\n apache::vhost { 'The first IP-based vhost, non-ssl':\n servername => 'first.example.com',\n ip => '10.0.0.10',\n port => '80',\n ip_based => true,\n docroot => '/var/www/first',\n }\n apache::vhost { 'The first IP-based vhost, ssl':\n servername => 'first.example.com',\n ip => '10.0.0.10',\n port => '443',\n ip_based => true,\n docroot => '/var/www/first-ssl',\n ssl => true,\n }\n
\n\nThen, we will add two name-based vhosts listening on 10.0.0.20
\n\n apache::vhost { 'second.example.com':\n ip => '10.0.0.20',\n port => '80',\n docroot => '/var/www/second',\n }\n apache::vhost { 'third.example.com':\n ip => '10.0.0.20',\n port => '80',\n docroot => '/var/www/third',\n }\n
\n\nIf you want to add two name-based vhosts so that they will answer on either 10.0.0.10 or 10.0.0.20, you MUST declare add_listen => 'false'
to disable the otherwise automatic 'Listen 80', as it will conflict with the preceding IP-based vhosts.
apache::vhost { 'fourth.example.com':\n port => '80',\n docroot => '/var/www/fourth',\n add_listen => false,\n }\n apache::vhost { 'fifth.example.com':\n port => '80',\n docroot => '/var/www/fifth',\n add_listen => false,\n }\n
\n\napache::dev
Installs Apache development libraries
\n\n class { 'apache::dev': }\n
\n\nOn FreeBSD you're required to define apache::package
or apache
class before apache::dev
.
apache::listen
Controls which ports Apache binds to for listening based on the title:
\n\n apache::listen { '80': }\n apache::listen { '443': }\n
\n\nDeclaring this defined type will add all Listen
directives to the ports.conf
file in the Apache httpd configuration directory. apache::listen
titles should always take the form of: <port>
, <ipv4>:<port>
, or [<ipv6>]:<port>
Apache httpd requires that Listen
directives must be added for every port. The apache::vhost
defined type will automatically add Listen
directives unless the apache::vhost
is passed add_listen => false
.
apache::namevirtualhost
Enables named-based hosting of a virtual host
\n\n class { 'apache::namevirtualhost`: }\n
\n\nDeclaring this defined type will add all NameVirtualHost
directives to the ports.conf
file in the Apache https configuration directory. apache::namevirtualhost
titles should always take the form of: *
, *:<port>
, _default_:<port>
, <ip>
, or <ip>:<port>
.
apache::balancermember
Define members of a proxy_balancer set (mod_proxy_balancer). Very useful when using exported resources.
\n\nOn every app server you can export a balancermember like this:
\n\n @@apache::balancermember { "${::fqdn}-puppet00":\n balancer_cluster => 'puppet00',\n url => "ajp://${::fqdn}:8009"\n options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],\n }\n
\n\nAnd on the proxy itself you create the balancer cluster using the defined type apache::balancer:
\n\n apache::balancer { 'puppet00': }\n
\n\nIf you need to use ProxySet in the balncer config you can do as so:
\n\n apache::balancer { 'puppet01':\n proxy_set => {'stickysession' => 'JSESSIONID'},\n }\n
\n\nThe Apache module relies heavily on templates to enable the vhost
and apache::mod
defined types. These templates are built based on Facter facts around your operating system. Unless explicitly called out, most templates are not meant for configuration.
This has been tested on Ubuntu Precise, Debian Wheezy, CentOS 5.8, and FreeBSD 9.1.
\n\nPuppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.
\n\nWe want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.
\n\nYou can read the complete module contribution guide on the Puppet Labs wiki.
\n\nThis project contains tests for both rspec-puppet and rspec-system to verify functionality. For in-depth information please see their respective documentation.
\n\nQuickstart:
\n\ngem install bundler\nbundle install\nbundle exec rake spec\nbundle exec rake spec:system\n
\n\nCopyright (C) 2012 Puppet Labs Inc
\n\nPuppet Labs can be contacted at: info@puppetlabs.com
\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at
\n\nhttp://www.apache.org/licenses/LICENSE-2.0
\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.
\nThis release adds FreeBSD osfamily support and various other improvements to some mods.
\n\nThis release adds more parameters to the base apache class and apache defined\nresource to make the module more flexible. It also adds or enhances SuPHP,\nWSGI, and Passenger mod support, and support for the ITK mpm module.
\n\nrewrite_base
apache::vhost
parameter; did not work anyway.a2mod
in favor of the apache::mod::*
classes and apache::mod
\ndefined resource.apache
class\n\nhttpd_dir
parameter to change the location of the configuration\nfiles.logroot
parameter to change the logrootports_file
parameter to changes the ports.conf
file locationkeepalive
parameter to enable persistent connectionskeepalive_timeout
parameter to change the timeoutdefault_mods
to be able to take an array of mods to enable.apache::vhost
\n\nwsgi_daemon_process
, wsgi_daemon_process_options
,\nwsgi_process_group
, and wsgi_script_aliases
parameters for per-vhost\nWSGI configuration.access_log_syslog
parameter to enable syslogging.error_log_syslog
parameter to enable syslogging of errors.directories
hash parameter. Please see README for documentation.sslproxyengine
parameter to enable SSLProxyEnginesuphp_addhandler
, suphp_engine
, and suphp_configpath
for\nconfiguring SuPHP.custom_fragment
parameter to allow for arbitrary apache\nconfiguration injection. (Feature pull requests are prefered over using\nthis, but it is available in a pinch.)apache::mod::suphp
class for configuring SuPHP.apache::mod::itk
class for configuring ITK mpm module.apache::mod::wsgi
class for global WSGI configuration with\nwsgi_socket_prefix
and wsgi_python_home
parameters.apache::mod::passenger
usage.\nAdded passenger_high_performance
, passenger_pool_idle_time
,\npassenger_max_requests
, passenger_stat_throttle_rate
, rack_autodetect
,\nand rails_autodetect
parameters.apache::service
class for\ndependency chaining of Class['apache'] -> <resource> ~>\nClass['apache::service']
apache::mod::proxy_balancer
class for apache::balancer
a2mod
$::hostname
if there is no $::fqdn
/etc/ssl/certs
the default ssl certs directory for RedHat non-5.php
the default php package for RedHat non-5.aliases
able to take a single alias hash instead of requiring an\narray.apache::mpm_module
detection for worker/preforkapache::mod::cgi
and apache::mod::cgid
detection for\nworker/preforkservername
parameter to apache
classproxy_set
parameter to apache::balancer
defineapache::balancer
clustersapache::mod::*
to notify the service on config changeapache::vhost
has many abilities -- see README.md for detailsapache::mod::*
classes provide httpd mod-loading capabilitiesapache
base class is much more configurableinclude apache
is now required when using apache::mod::*
Fix spec tests such that they pass
\n\n2012-05-08 Puppet Labs info@puppetlabs.com - 0.0.4\ne62e362 Fix broken tests for ssl, vhost, vhost::*\n42c6363 Changes to match style guide and pass puppet-lint without error\n42bc8ba changed name => path for file resources in order to name namevar by it's name\n72e13de One end too much\n0739641 style guide fixes: 'true' <> true, $operatingsystem needs to be $::operatingsystem, etc.\n273f94d fix tests\na35ede5 (#13860) Make a2enmod/a2dismo commands optional\n98d774e (#13860) Autorequire Package['httpd']\n05fcec5 (#13073) Add missing puppet spec tests\n541afda (#6899) Remove virtual a2mod definition\n976cb69 (#13072) Move mod python and wsgi package names to params\n323915a (#13060) Add .gitignore to repo\nfdf40af (#13060) Remove pkg directory from source tree\nfd90015 Add LICENSE file and update the ModuleFile\nd3d0d23 Re-enable local php class\nd7516c7 Make management of firewalls configurable for vhosts\n60f83ba Explicitly lookup scope of apache_name in templates.\nf4d287f (#12581) Add explicit ordering for vdir directory\n88a2ac6 (#11706) puppetlabs-apache depends on puppetlabs-firewall\na776a8b (#11071) Fix to work with latest firewall module\n2b79e8b (#11070) Add support for Scientific Linux\n405b3e9 Fix for a2mod\n57b9048 Commit apache::vhost::redirect Manifest\n8862d01 Commit apache::vhost::proxy Manifest\nd5c1fd0 Commit apache::mod::wsgi Manifest\na825ac7 Commit apache::mod::python Manifest\nb77062f Commit Templates\n9a51b4a Vhost File Declarations\n6cf7312 Defaults for Parameters\n6a5b11a Ensure installed\nf672e46 a2mod fix\n8a56ee9 add pthon support to apache
Copyright (C) 2012 Puppet Labs Inc\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n
This is a Puppet apache module from the second generation of Example42 Puppet Modules.
\n\nMade by Alessandro Franceschi / Lab42
\n\nOfficial site: http://www.example42.com
\n\nOfficial git repository: http://github.com/example42/puppet-apache
\n\nReleased under the terms of Apache 2 License.
\n\nThis module requires functions provided by the Example42 Puppi module.
\n\nFor detailed info about the logic and usage patterns of Example42 modules read README.usage on Example42 main modules set.
\n\nInstall apache with a custom httpd.conf template and some virtual hosts
\n\n class { 'apache':\n template => 'example42/apache/httpd.conf.erb',\n }\n\n apache::vhost { 'mysite':\n docroot => '/path/to/docroot',\n template => 'example42/apache/vhost/mysite.com.erb',\n }\n
Install mod ssl
\n\ninclude apache::ssl\n
Manage basic auth users (Here user joe is created with the $crypt_password on the defined htpasswd_file
\n\napache::htpasswd { 'joe':\n crypt_password => 'B5dPQYYjf.jjA',\n htpasswd_file => '/etc/httpd/users.passwd',\n}\n
Manage custom configuration files (created in conf.d, source or content can be defined)
\n\napache::dotconf { 'trac':\n content => 'template("site/trac/apache.conf.erb")'\n}\n
Add other listening ports (a relevant NameVirtualHost directive is automatically created)
\n\napache::listen { '8080': }\n
Add other listening ports without creating a relevant NameVirtualHost directive
\n\napache::listen { '8080':\n $namevirtualhost = false,\n}\n
Add an apache module and manage its configuraton
\n\napache::module { 'proxy':\n templatefile => 'site/apache/module/proxy.conf.erb',\n}\n
Install mod passenger
\n\ninclude apache::passenger\n
Install apache with default settings
\n\nclass { "apache": }\n
Disable apache service.
\n\nclass { "apache":\n disable => true\n}\n
Disable apache service at boot time, but don't stop if is running.
\n\nclass { "apache":\n disableboot => true\n}\n
Remove apache package
\n\nclass { "apache":\n absent => true\n}\n
Enable auditing without making changes on existing apache configuration files
\n\nclass { "apache":\n audit_only => true\n}\n
Install apache with a specific version
\n\nclass { "apache":\n version => '2.2.22'\n}\n
Simple way to manage default apache configuration
\n\napache::vhost { 'default':\n docroot => '/var/www/document_root',\n server_name => false,\n priority => '',\n template => 'apache/virtualhost/vhost.conf.erb',\n}\n
Using a source file to create the vhost
\n\napache::vhost { 'default':\n source => 'puppet:///files/web/default.conf'\n template => '',\n}\n
Use custom sources for main config file
\n\nclass { "apache":\n source => [ "puppet:///modules/lab42/apache/apache.conf-${hostname}" , "puppet:///modules/lab42/apache/apache.conf" ],\n}\n
Use custom source directory for the whole configuration dir
\n\nclass { "apache":\n source_dir => "puppet:///modules/lab42/apache/conf/",\n source_dir_purge => false, # Set to true to purge any existing file not present in $source_dir\n}\n
Use custom template for main config file
\n\nclass { "apache":\n template => "example42/apache/apache.conf.erb", \n}\n
Define custom options that can be used in a custom template without the\nneed to add parameters to the apache class
\n\nclass { "apache":\n template => "example42/apache/apache.conf.erb", \n options => {\n 'LogLevel' => 'INFO',\n 'UsePAM' => 'yes',\n },\n}\n
Automaticallly include a custom subclass
\n\nclass { "apache:"\n my_class => 'apache::example42',\n}\n
Activate puppi (recommended, but disabled by default)\nNote that this option requires the usage of Example42 puppi module
\n\nclass { "apache": \n puppi => true,\n}\n
Activate puppi and use a custom puppi_helper template (to be provided separately with\na puppi::helper define ) to customize the output of puppi commands
\n\nclass { "apache":\n puppi => true,\n puppi_helper => "myhelper", \n}\n
Activate automatic monitoring (recommended, but disabled by default)\nThis option requires the usage of Example42 monitor and relevant monitor tools modules
\n\nclass { "apache":\n monitor => true,\n monitor_tool => [ "nagios" , "monit" , "munin" ],\n}\n
Activate automatic firewalling \nThis option requires the usage of Example42 firewall and relevant firewall tools modules
\n\nclass { "apache": \n firewall => true,\n firewall_tool => "iptables",\n firewall_src => "10.42.0.0/24",\n firewall_dst => "$ipaddress_eth0",\n}\n
Copyright (C) 2013 Alessandro Franceschi / Lab42\n\nfor the relevant commits Copyright (C) by the respective authors.\n\nContact Lab42 at: info@lab42.it\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n
apache\n\nReleased 20100625 - Garrett Honeycutt - GPLv2\n\nManages apache servers, remote restarts, and mod_ssl, mod_php, mod_python, mod_perl\n\nYou can also easily setup a web server by only specifying the apache config file, such as\n\napache::vhost { "mediawiki":\n source => "puppet:///modules/mediawiki/mediawiki.conf",\n}\n\n# Definition: apache::vhost\n#\n# setup a vhost\n#\n# Parameters: \n# $ensure - defaults to 'present'\n# $content - quoted content or a template\n# $source - file to grab with the VirtualHost information\n#\n# Actions:\n# sets up a vhost\n#\n# Requires:\n# $content our $source must be set\n#\n# Sample Usage:\n# in the mediawiki module you could setup the web portion with the following\n# code, where the mediawiki.conf file contains the <VirtualHost> statements\n#\n# apache::vhost { "mediawiki":\n# source => "puppet:///modules/mediawiki/mediawiki.conf",\n# } # apache::vhost\n\n# Definition: apache::module\n#\n# setup an apache module - this is used primarily by apache\n# subclasses, such as apache::php, apache::perl, etc\n# \n# Parameters: \n# $ensure - default to 'present'\n# $content - quoted content or a template\n# $source - file to grab with the VirtualHost information\n#\n# Actions:\n# sets up an apache module\n# \n# Requires:\n# $content our $source must be set\n# \n# Sample Usage: \n# this would install the php.conf which includes the LoadModule,\n# AddHandler, AddType and related info that apache needs\n#\n# apache::module{"php": \n# source => "puppet:///modules/apache/php.conf", \n# } # apache::module\n\n\n# Definition: apache::ssl::set_cert\n#\n# install certificate\n#\n# Parameters: \n# $certfile - public cert\n# $certkey - private key\n# $ip - ip address to use, uses $ipaddress from facter by default\n# $port - port to use, uses 443 by default\n# $cachain - cachain file\n# $revokefile - revoke file\n#\n# Actions:\n# installs certs\n#\n# Requires:\n# $certfile must be set\n# $certkey must be set\n#\n# Sample Usage:\n# # *.yoursite.com\n# @set_cert { "staryoursite":\n# certfile => "/etc/pki/tls/certs/yoursite_cert.pem",\n# certkey => "/etc/pki/tls/private/yoursite_key.pem",\n# } # @set_cert\n
1.0.0 - initial release\n1.0.1 - added documentation\n
Installs and configures Apache HTTP server.
\n\nPart of the Foreman installer: http://github.com/theforeman/foreman-installer
\n\nSee http://theforeman.org or at #theforeman irc channel on freenode
\n\nCopyright (c) 2010-2013 Ohad Levy and their respective owners
\n\nExcept where specified in provided modules, this program and entire\nrepository is free software: you can redistribute it and/or modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation, either version 3 of the License, or\nany later version.
\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\nGNU General Public License for more details.\nYou should have received a copy of the GNU General Public License\nalong with this program. If not, see http://www.gnu.org/licenses/.
\nGNU GENERAL PUBLIC LICENSE\n Version 3, 29 June 2007\n\n Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>\n Everyone is permitted to copy and distribute verbatim copies\n of this license document, but changing it is not allowed.\n\n Preamble\n\n The GNU General Public License is a free, copyleft license for\nsoftware and other kinds of works.\n\n The licenses for most software and other practical works are designed\nto take away your freedom to share and change the works. By contrast,\nthe GNU General Public License is intended to guarantee your freedom to\nshare and change all versions of a program--to make sure it remains free\nsoftware for all its users. We, the Free Software Foundation, use the\nGNU General Public License for most of our software; it applies also to\nany other work released this way by its authors. You can apply it to\nyour programs, too.\n\n When we speak of free software, we are referring to freedom, not\nprice. Our General Public Licenses are designed to make sure that you\nhave the freedom to distribute copies of free software (and charge for\nthem if you wish), that you receive source code or can get it if you\nwant it, that you can change the software or use pieces of it in new\nfree programs, and that you know you can do these things.\n\n To protect your rights, we need to prevent others from denying you\nthese rights or asking you to surrender the rights. Therefore, you have\ncertain responsibilities if you distribute copies of the software, or if\nyou modify it: responsibilities to respect the freedom of others.\n\n For example, if you distribute copies of such a program, whether\ngratis or for a fee, you must pass on to the recipients the same\nfreedoms that you received. You must make sure that they, too, receive\nor can get the source code. And you must show them these terms so they\nknow their rights.\n\n Developers that use the GNU GPL protect your rights with two steps:\n(1) assert copyright on the software, and (2) offer you this License\ngiving you legal permission to copy, distribute and/or modify it.\n\n For the developers' and authors' protection, the GPL clearly explains\nthat there is no warranty for this free software. For both users' and\nauthors' sake, the GPL requires that modified versions be marked as\nchanged, so that their problems will not be attributed erroneously to\nauthors of previous versions.\n\n Some devices are designed to deny users access to install or run\nmodified versions of the software inside them, although the manufacturer\ncan do so. This is fundamentally incompatible with the aim of\nprotecting users' freedom to change the software. The systematic\npattern of such abuse occurs in the area of products for individuals to\nuse, which is precisely where it is most unacceptable. Therefore, we\nhave designed this version of the GPL to prohibit the practice for those\nproducts. If such problems arise substantially in other domains, we\nstand ready to extend this provision to those domains in future versions\nof the GPL, as needed to protect the freedom of users.\n\n Finally, every program is threatened constantly by software patents.\nStates should not allow patents to restrict development and use of\nsoftware on general-purpose computers, but in those that do, we wish to\navoid the special danger that patents applied to a free program could\nmake it effectively proprietary. To prevent this, the GPL assures that\npatents cannot be used to render the program non-free.\n\n The precise terms and conditions for copying, distribution and\nmodification follow.\n\n TERMS AND CONDITIONS\n\n 0. Definitions.\n\n "This License" refers to version 3 of the GNU General Public License.\n\n "Copyright" also means copyright-like laws that apply to other kinds of\nworks, such as semiconductor masks.\n\n "The Program" refers to any copyrightable work licensed under this\nLicense. Each licensee is addressed as "you". "Licensees" and\n"recipients" may be individuals or organizations.\n\n To "modify" a work means to copy from or adapt all or part of the work\nin a fashion requiring copyright permission, other than the making of an\nexact copy. The resulting work is called a "modified version" of the\nearlier work or a work "based on" the earlier work.\n\n A "covered work" means either the unmodified Program or a work based\non the Program.\n\n To "propagate" a work means to do anything with it that, without\npermission, would make you directly or secondarily liable for\ninfringement under applicable copyright law, except executing it on a\ncomputer or modifying a private copy. Propagation includes copying,\ndistribution (with or without modification), making available to the\npublic, and in some countries other activities as well.\n\n To "convey" a work means any kind of propagation that enables other\nparties to make or receive copies. Mere interaction with a user through\na computer network, with no transfer of a copy, is not conveying.\n\n An interactive user interface displays "Appropriate Legal Notices"\nto the extent that it includes a convenient and prominently visible\nfeature that (1) displays an appropriate copyright notice, and (2)\ntells the user that there is no warranty for the work (except to the\nextent that warranties are provided), that licensees may convey the\nwork under this License, and how to view a copy of this License. If\nthe interface presents a list of user commands or options, such as a\nmenu, a prominent item in the list meets this criterion.\n\n 1. Source Code.\n\n The "source code" for a work means the preferred form of the work\nfor making modifications to it. "Object code" means any non-source\nform of a work.\n\n A "Standard Interface" means an interface that either is an official\nstandard defined by a recognized standards body, or, in the case of\ninterfaces specified for a particular programming language, one that\nis widely used among developers working in that language.\n\n The "System Libraries" of an executable work include anything, other\nthan the work as a whole, that (a) is included in the normal form of\npackaging a Major Component, but which is not part of that Major\nComponent, and (b) serves only to enable use of the work with that\nMajor Component, or to implement a Standard Interface for which an\nimplementation is available to the public in source code form. A\n"Major Component", in this context, means a major essential component\n(kernel, window system, and so on) of the specific operating system\n(if any) on which the executable work runs, or a compiler used to\nproduce the work, or an object code interpreter used to run it.\n\n The "Corresponding Source" for a work in object code form means all\nthe source code needed to generate, install, and (for an executable\nwork) run the object code and to modify the work, including scripts to\ncontrol those activities. However, it does not include the work's\nSystem Libraries, or general-purpose tools or generally available free\nprograms which are used unmodified in performing those activities but\nwhich are not part of the work. For example, Corresponding Source\nincludes interface definition files associated with source files for\nthe work, and the source code for shared libraries and dynamically\nlinked subprograms that the work is specifically designed to require,\nsuch as by intimate data communication or control flow between those\nsubprograms and other parts of the work.\n\n The Corresponding Source need not include anything that users\ncan regenerate automatically from other parts of the Corresponding\nSource.\n\n The Corresponding Source for a work in source code form is that\nsame work.\n\n 2. Basic Permissions.\n\n All rights granted under this License are granted for the term of\ncopyright on the Program, and are irrevocable provided the stated\nconditions are met. This License explicitly affirms your unlimited\npermission to run the unmodified Program. The output from running a\ncovered work is covered by this License only if the output, given its\ncontent, constitutes a covered work. This License acknowledges your\nrights of fair use or other equivalent, as provided by copyright law.\n\n You may make, run and propagate covered works that you do not\nconvey, without conditions so long as your license otherwise remains\nin force. You may convey covered works to others for the sole purpose\nof having them make modifications exclusively for you, or provide you\nwith facilities for running those works, provided that you comply with\nthe terms of this License in conveying all material for which you do\nnot control copyright. Those thus making or running the covered works\nfor you must do so exclusively on your behalf, under your direction\nand control, on terms that prohibit them from making any copies of\nyour copyrighted material outside their relationship with you.\n\n Conveying under any other circumstances is permitted solely under\nthe conditions stated below. Sublicensing is not allowed; section 10\nmakes it unnecessary.\n\n 3. Protecting Users' Legal Rights From Anti-Circumvention Law.\n\n No covered work shall be deemed part of an effective technological\nmeasure under any applicable law fulfilling obligations under article\n11 of the WIPO copyright treaty adopted on 20 December 1996, or\nsimilar laws prohibiting or restricting circumvention of such\nmeasures.\n\n When you convey a covered work, you waive any legal power to forbid\ncircumvention of technological measures to the extent such circumvention\nis effected by exercising rights under this License with respect to\nthe covered work, and you disclaim any intention to limit operation or\nmodification of the work as a means of enforcing, against the work's\nusers, your or third parties' legal rights to forbid circumvention of\ntechnological measures.\n\n 4. Conveying Verbatim Copies.\n\n You may convey verbatim copies of the Program's source code as you\nreceive it, in any medium, provided that you conspicuously and\nappropriately publish on each copy an appropriate copyright notice;\nkeep intact all notices stating that this License and any\nnon-permissive terms added in accord with section 7 apply to the code;\nkeep intact all notices of the absence of any warranty; and give all\nrecipients a copy of this License along with the Program.\n\n You may charge any price or no price for each copy that you convey,\nand you may offer support or warranty protection for a fee.\n\n 5. Conveying Modified Source Versions.\n\n You may convey a work based on the Program, or the modifications to\nproduce it from the Program, in the form of source code under the\nterms of section 4, provided that you also meet all of these conditions:\n\n a) The work must carry prominent notices stating that you modified\n it, and giving a relevant date.\n\n b) The work must carry prominent notices stating that it is\n released under this License and any conditions added under section\n 7. This requirement modifies the requirement in section 4 to\n "keep intact all notices".\n\n c) You must license the entire work, as a whole, under this\n License to anyone who comes into possession of a copy. This\n License will therefore apply, along with any applicable section 7\n additional terms, to the whole of the work, and all its parts,\n regardless of how they are packaged. This License gives no\n permission to license the work in any other way, but it does not\n invalidate such permission if you have separately received it.\n\n d) If the work has interactive user interfaces, each must display\n Appropriate Legal Notices; however, if the Program has interactive\n interfaces that do not display Appropriate Legal Notices, your\n work need not make them do so.\n\n A compilation of a covered work with other separate and independent\nworks, which are not by their nature extensions of the covered work,\nand which are not combined with it such as to form a larger program,\nin or on a volume of a storage or distribution medium, is called an\n"aggregate" if the compilation and its resulting copyright are not\nused to limit the access or legal rights of the compilation's users\nbeyond what the individual works permit. Inclusion of a covered work\nin an aggregate does not cause this License to apply to the other\nparts of the aggregate.\n\n 6. Conveying Non-Source Forms.\n\n You may convey a covered work in object code form under the terms\nof sections 4 and 5, provided that you also convey the\nmachine-readable Corresponding Source under the terms of this License,\nin one of these ways:\n\n a) Convey the object code in, or embodied in, a physical product\n (including a physical distribution medium), accompanied by the\n Corresponding Source fixed on a durable physical medium\n customarily used for software interchange.\n\n b) Convey the object code in, or embodied in, a physical product\n (including a physical distribution medium), accompanied by a\n written offer, valid for at least three years and valid for as\n long as you offer spare parts or customer support for that product\n model, to give anyone who possesses the object code either (1) a\n copy of the Corresponding Source for all the software in the\n product that is covered by this License, on a durable physical\n medium customarily used for software interchange, for a price no\n more than your reasonable cost of physically performing this\n conveying of source, or (2) access to copy the\n Corresponding Source from a network server at no charge.\n\n c) Convey individual copies of the object code with a copy of the\n written offer to provide the Corresponding Source. This\n alternative is allowed only occasionally and noncommercially, and\n only if you received the object code with such an offer, in accord\n with subsection 6b.\n\n d) Convey the object code by offering access from a designated\n place (gratis or for a charge), and offer equivalent access to the\n Corresponding Source in the same way through the same place at no\n further charge. You need not require recipients to copy the\n Corresponding Source along with the object code. If the place to\n copy the object code is a network server, the Corresponding Source\n may be on a different server (operated by you or a third party)\n that supports equivalent copying facilities, provided you maintain\n clear directions next to the object code saying where to find the\n Corresponding Source. Regardless of what server hosts the\n Corresponding Source, you remain obligated to ensure that it is\n available for as long as needed to satisfy these requirements.\n\n e) Convey the object code using peer-to-peer transmission, provided\n you inform other peers where the object code and Corresponding\n Source of the work are being offered to the general public at no\n charge under subsection 6d.\n\n A separable portion of the object code, whose source code is excluded\nfrom the Corresponding Source as a System Library, need not be\nincluded in conveying the object code work.\n\n A "User Product" is either (1) a "consumer product", which means any\ntangible personal property which is normally used for personal, family,\nor household purposes, or (2) anything designed or sold for incorporation\ninto a dwelling. In determining whether a product is a consumer product,\ndoubtful cases shall be resolved in favor of coverage. For a particular\nproduct received by a particular user, "normally used" refers to a\ntypical or common use of that class of product, regardless of the status\nof the particular user or of the way in which the particular user\nactually uses, or expects or is expected to use, the product. A product\nis a consumer product regardless of whether the product has substantial\ncommercial, industrial or non-consumer uses, unless such uses represent\nthe only significant mode of use of the product.\n\n "Installation Information" for a User Product means any methods,\nprocedures, authorization keys, or other information required to install\nand execute modified versions of a covered work in that User Product from\na modified version of its Corresponding Source. The information must\nsuffice to ensure that the continued functioning of the modified object\ncode is in no case prevented or interfered with solely because\nmodification has been made.\n\n If you convey an object code work under this section in, or with, or\nspecifically for use in, a User Product, and the conveying occurs as\npart of a transaction in which the right of possession and use of the\nUser Product is transferred to the recipient in perpetuity or for a\nfixed term (regardless of how the transaction is characterized), the\nCorresponding Source conveyed under this section must be accompanied\nby the Installation Information. But this requirement does not apply\nif neither you nor any third party retains the ability to install\nmodified object code on the User Product (for example, the work has\nbeen installed in ROM).\n\n The requirement to provide Installation Information does not include a\nrequirement to continue to provide support service, warranty, or updates\nfor a work that has been modified or installed by the recipient, or for\nthe User Product in which it has been modified or installed. Access to a\nnetwork may be denied when the modification itself materially and\nadversely affects the operation of the network or violates the rules and\nprotocols for communication across the network.\n\n Corresponding Source conveyed, and Installation Information provided,\nin accord with this section must be in a format that is publicly\ndocumented (and with an implementation available to the public in\nsource code form), and must require no special password or key for\nunpacking, reading or copying.\n\n 7. Additional Terms.\n\n "Additional permissions" are terms that supplement the terms of this\nLicense by making exceptions from one or more of its conditions.\nAdditional permissions that are applicable to the entire Program shall\nbe treated as though they were included in this License, to the extent\nthat they are valid under applicable law. If additional permissions\napply only to part of the Program, that part may be used separately\nunder those permissions, but the entire Program remains governed by\nthis License without regard to the additional permissions.\n\n When you convey a copy of a covered work, you may at your option\nremove any additional permissions from that copy, or from any part of\nit. (Additional permissions may be written to require their own\nremoval in certain cases when you modify the work.) You may place\nadditional permissions on material, added by you to a covered work,\nfor which you have or can give appropriate copyright permission.\n\n Notwithstanding any other provision of this License, for material you\nadd to a covered work, you may (if authorized by the copyright holders of\nthat material) supplement the terms of this License with terms:\n\n a) Disclaiming warranty or limiting liability differently from the\n terms of sections 15 and 16 of this License; or\n\n b) Requiring preservation of specified reasonable legal notices or\n author attributions in that material or in the Appropriate Legal\n Notices displayed by works containing it; or\n\n c) Prohibiting misrepresentation of the origin of that material, or\n requiring that modified versions of such material be marked in\n reasonable ways as different from the original version; or\n\n d) Limiting the use for publicity purposes of names of licensors or\n authors of the material; or\n\n e) Declining to grant rights under trademark law for use of some\n trade names, trademarks, or service marks; or\n\n f) Requiring indemnification of licensors and authors of that\n material by anyone who conveys the material (or modified versions of\n it) with contractual assumptions of liability to the recipient, for\n any liability that these contractual assumptions directly impose on\n those licensors and authors.\n\n All other non-permissive additional terms are considered "further\nrestrictions" within the meaning of section 10. If the Program as you\nreceived it, or any part of it, contains a notice stating that it is\ngoverned by this License along with a term that is a further\nrestriction, you may remove that term. If a license document contains\na further restriction but permits relicensing or conveying under this\nLicense, you may add to a covered work material governed by the terms\nof that license document, provided that the further restriction does\nnot survive such relicensing or conveying.\n\n If you add terms to a covered work in accord with this section, you\nmust place, in the relevant source files, a statement of the\nadditional terms that apply to those files, or a notice indicating\nwhere to find the applicable terms.\n\n Additional terms, permissive or non-permissive, may be stated in the\nform of a separately written license, or stated as exceptions;\nthe above requirements apply either way.\n\n 8. Termination.\n\n You may not propagate or modify a covered work except as expressly\nprovided under this License. Any attempt otherwise to propagate or\nmodify it is void, and will automatically terminate your rights under\nthis License (including any patent licenses granted under the third\nparagraph of section 11).\n\n However, if you cease all violation of this License, then your\nlicense from a particular copyright holder is reinstated (a)\nprovisionally, unless and until the copyright holder explicitly and\nfinally terminates your license, and (b) permanently, if the copyright\nholder fails to notify you of the violation by some reasonable means\nprior to 60 days after the cessation.\n\n Moreover, your license from a particular copyright holder is\nreinstated permanently if the copyright holder notifies you of the\nviolation by some reasonable means, this is the first time you have\nreceived notice of violation of this License (for any work) from that\ncopyright holder, and you cure the violation prior to 30 days after\nyour receipt of the notice.\n\n Termination of your rights under this section does not terminate the\nlicenses of parties who have received copies or rights from you under\nthis License. If your rights have been terminated and not permanently\nreinstated, you do not qualify to receive new licenses for the same\nmaterial under section 10.\n\n 9. Acceptance Not Required for Having Copies.\n\n You are not required to accept this License in order to receive or\nrun a copy of the Program. Ancillary propagation of a covered work\noccurring solely as a consequence of using peer-to-peer transmission\nto receive a copy likewise does not require acceptance. However,\nnothing other than this License grants you permission to propagate or\nmodify any covered work. These actions infringe copyright if you do\nnot accept this License. Therefore, by modifying or propagating a\ncovered work, you indicate your acceptance of this License to do so.\n\n 10. Automatic Licensing of Downstream Recipients.\n\n Each time you convey a covered work, the recipient automatically\nreceives a license from the original licensors, to run, modify and\npropagate that work, subject to this License. You are not responsible\nfor enforcing compliance by third parties with this License.\n\n An "entity transaction" is a transaction transferring control of an\norganization, or substantially all assets of one, or subdividing an\norganization, or merging organizations. If propagation of a covered\nwork results from an entity transaction, each party to that\ntransaction who receives a copy of the work also receives whatever\nlicenses to the work the party's predecessor in interest had or could\ngive under the previous paragraph, plus a right to possession of the\nCorresponding Source of the work from the predecessor in interest, if\nthe predecessor has it or can get it with reasonable efforts.\n\n You may not impose any further restrictions on the exercise of the\nrights granted or affirmed under this License. For example, you may\nnot impose a license fee, royalty, or other charge for exercise of\nrights granted under this License, and you may not initiate litigation\n(including a cross-claim or counterclaim in a lawsuit) alleging that\nany patent claim is infringed by making, using, selling, offering for\nsale, or importing the Program or any portion of it.\n\n 11. Patents.\n\n A "contributor" is a copyright holder who authorizes use under this\nLicense of the Program or a work on which the Program is based. The\nwork thus licensed is called the contributor's "contributor version".\n\n A contributor's "essential patent claims" are all patent claims\nowned or controlled by the contributor, whether already acquired or\nhereafter acquired, that would be infringed by some manner, permitted\nby this License, of making, using, or selling its contributor version,\nbut do not include claims that would be infringed only as a\nconsequence of further modification of the contributor version. For\npurposes of this definition, "control" includes the right to grant\npatent sublicenses in a manner consistent with the requirements of\nthis License.\n\n Each contributor grants you a non-exclusive, worldwide, royalty-free\npatent license under the contributor's essential patent claims, to\nmake, use, sell, offer for sale, import and otherwise run, modify and\npropagate the contents of its contributor version.\n\n In the following three paragraphs, a "patent license" is any express\nagreement or commitment, however denominated, not to enforce a patent\n(such as an express permission to practice a patent or covenant not to\nsue for patent infringement). To "grant" such a patent license to a\nparty means to make such an agreement or commitment not to enforce a\npatent against the party.\n\n If you convey a covered work, knowingly relying on a patent license,\nand the Corresponding Source of the work is not available for anyone\nto copy, free of charge and under the terms of this License, through a\npublicly available network server or other readily accessible means,\nthen you must either (1) cause the Corresponding Source to be so\navailable, or (2) arrange to deprive yourself of the benefit of the\npatent license for this particular work, or (3) arrange, in a manner\nconsistent with the requirements of this License, to extend the patent\nlicense to downstream recipients. "Knowingly relying" means you have\nactual knowledge that, but for the patent license, your conveying the\ncovered work in a country, or your recipient's use of the covered work\nin a country, would infringe one or more identifiable patents in that\ncountry that you have reason to believe are valid.\n\n If, pursuant to or in connection with a single transaction or\narrangement, you convey, or propagate by procuring conveyance of, a\ncovered work, and grant a patent license to some of the parties\nreceiving the covered work authorizing them to use, propagate, modify\nor convey a specific copy of the covered work, then the patent license\nyou grant is automatically extended to all recipients of the covered\nwork and works based on it.\n\n A patent license is "discriminatory" if it does not include within\nthe scope of its coverage, prohibits the exercise of, or is\nconditioned on the non-exercise of one or more of the rights that are\nspecifically granted under this License. You may not convey a covered\nwork if you are a party to an arrangement with a third party that is\nin the business of distributing software, under which you make payment\nto the third party based on the extent of your activity of conveying\nthe work, and under which the third party grants, to any of the\nparties who would receive the covered work from you, a discriminatory\npatent license (a) in connection with copies of the covered work\nconveyed by you (or copies made from those copies), or (b) primarily\nfor and in connection with specific products or compilations that\ncontain the covered work, unless you entered into that arrangement,\nor that patent license was granted, prior to 28 March 2007.\n\n Nothing in this License shall be construed as excluding or limiting\nany implied license or other defenses to infringement that may\notherwise be available to you under applicable patent law.\n\n 12. No Surrender of Others' Freedom.\n\n If conditions are imposed on you (whether by court order, agreement or\notherwise) that contradict the conditions of this License, they do not\nexcuse you from the conditions of this License. If you cannot convey a\ncovered work so as to satisfy simultaneously your obligations under this\nLicense and any other pertinent obligations, then as a consequence you may\nnot convey it at all. For example, if you agree to terms that obligate you\nto collect a royalty for further conveying from those to whom you convey\nthe Program, the only way you could satisfy both those terms and this\nLicense would be to refrain entirely from conveying the Program.\n\n 13. Use with the GNU Affero General Public License.\n\n Notwithstanding any other provision of this License, you have\npermission to link or combine any covered work with a work licensed\nunder version 3 of the GNU Affero General Public License into a single\ncombined work, and to convey the resulting work. The terms of this\nLicense will continue to apply to the part which is the covered work,\nbut the special requirements of the GNU Affero General Public License,\nsection 13, concerning interaction through a network will apply to the\ncombination as such.\n\n 14. Revised Versions of this License.\n\n The Free Software Foundation may publish revised and/or new versions of\nthe GNU General Public License from time to time. Such new versions will\nbe similar in spirit to the present version, but may differ in detail to\naddress new problems or concerns.\n\n Each version is given a distinguishing version number. If the\nProgram specifies that a certain numbered version of the GNU General\nPublic License "or any later version" applies to it, you have the\noption of following the terms and conditions either of that numbered\nversion or of any later version published by the Free Software\nFoundation. If the Program does not specify a version number of the\nGNU General Public License, you may choose any version ever published\nby the Free Software Foundation.\n\n If the Program specifies that a proxy can decide which future\nversions of the GNU General Public License can be used, that proxy's\npublic statement of acceptance of a version permanently authorizes you\nto choose that version for the Program.\n\n Later license versions may give you additional or different\npermissions. However, no additional obligations are imposed on any\nauthor or copyright holder as a result of your choosing to follow a\nlater version.\n\n 15. Disclaimer of Warranty.\n\n THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY\nAPPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT\nHOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY\nOF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,\nTHE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\nPURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM\nIS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF\nALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n 16. Limitation of Liability.\n\n IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING\nWILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS\nTHE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY\nGENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE\nUSE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF\nDATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD\nPARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),\nEVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF\nSUCH DAMAGES.\n\n 17. Interpretation of Sections 15 and 16.\n\n If the disclaimer of warranty and limitation of liability provided\nabove cannot be given local legal effect according to their terms,\nreviewing courts shall apply local law that most closely approximates\nan absolute waiver of all civil liability in connection with the\nProgram, unless a warranty or assumption of liability accompanies a\ncopy of the Program in return for a fee.\n\n END OF TERMS AND CONDITIONS\n
See the module documentation on top of apache::params and apache::vhost for\nmore information on how to use this module. Each class should be pretty well\ndocumented.
\n\nYou can find online (generated) documentation here:\nhttp://jenkins.vstone.eu/job/puppet-apache/Puppet_Docs/
\n\n\n # We do not want puppet to restart the service.\n class {'apache::params':\n notify_service => false,\n }\n\n # Basic apache setup.\n class {'apache': }\n\n # So we will be using php.\n class {'apache::mod::php': }\n\n # We will have some ssl vhosts.\n apache::listen {'443':}\n apache::namevhost {'443': }\n\n # Vhost example with the 2 rewrite rules.\n apache::vhost {'myvhost.example.com':\n mods => {\n 'rewrite' => [\n { rewrite_cond => 'foo', rewrite_rule => 'bar', },\n { rewrite_cond => 'fooo', rewrite_rule => 'baaar', },\n ],\n }\n }\n\n\n
\n\nYou can find up-to-date packages in squeeze-backports.
\n\nIf you are upgrading from a version earlier than 0.9, you no longer have to\nspecify apache::listen{'80': }
and apache::namevhost{'80':}
. These 2 are\nnow created by default. You can disable this behaviour by specifying
class {'apache':\n defaults => false,\n}\n
\n\nYou MUST define the apache::params class before importing apache if you want\nto use anything besides the default parameter settings. This is due to the\nparsing of the manifests. When you import apache, the apache::params module\nwill be included because most things require apache::params.
\n\nIf you run into bugs or would like to request a new feature (pull requests\nare also welcome... if you dare touch the code), please use the repository\nlocated here: https://github.com/vStone/puppet-apache/
\n\n## 0.13.1\n\nUpdated a lot of documentation.\n
\n Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n "License" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n "Licensor" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n "Legal Entity" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n "control" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n "You" (or "Your") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n "Source" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n "Object" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n "Work" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n "Derivative Works" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n "Contribution" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, "submitted"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as "Not a Contribution."\n\n "Contributor" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a "NOTICE" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets "[]"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same "printed page" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright [yyyy] [name of copyright owner]\n\n Licensed under the Apache License, Version 2.0 (the "License");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n
Overview\n========\n\nThis module manages apache2 on Debian/etch. There are defines to handle sites\nand modules the Debian Way.\n\nSee also the wiki page at http://reductivelabs.com/trac/puppet/wiki/Recipes/DebianApache2Recipe\nwhich was originally written by Tim Stoop <tim.stoop@gmail.com>\n\nVariables\n=========\n\nThe primary port (default: 80) can be configured by setting $apache2_port in\nthe node scope.\n\nSetting $apache2_ssl to "enabled", causes the SSL module to be installed and \nconfigured. Additionally apache2 is configured to listen on 443 or\n$apache2_ssl_port and use puppet's certificate.\n\n\nClasses\n=======\n\nThe main class, apache2, installs apache2 with the default MPM. \n\nThe apache2::no_default_site variant additionally removes Debian's default site\nconfiguration.\n\n\nTypes\n=====\n\nThis module provides types for site and module management.\n\n\tapache2::site (\n\t\t$ensure = {*present*, absent, "filename"},\n\t\t$require_package = {*apache2*, packagename},\n\t\t$content,\n\t\t$source,\n\t)\n\nThis type manages the /etc/apache2/sites-available file and enables or disables\nthe /etc/apache2/sites-enabled/$name symlink by calling a2ensite or a2dissite\nas neccessary.\n\t\n\n\n\n\tapache2::module (\n\t\t$ensure = {*present*, absent},\n\t\t$require = {*apache2*, packagename}\n\t)\n\nThis type enables or disables the /etc/apache2/mods-enabled/$name symlink by\ncalling a2enmod or a2dismod as neccessary.\n\t\n\n\n\nMonitoring\n==========\n\nThe class installs a nagios service check for the primary port. Additionally\na NameVirtualHost for $hostname is configured where the server-status is\navailable for access from $ipaddress. This is used by the munin plugins\napache_accesses, apache_processes and apache_volume.\n\n\n\nTODO\n====\n\nThe site type should manage the sites-available file too, by providing\ncontent/source parameters.\n\nWith the recent changes to "require" stacking, the site's and module's require\nparameter is obsolete.\n
apache\n\nThis is the apache module.\n
A puppet module that installs apache with mod_evasive and mod_security \n(optional). This module has been written and tested on CentOS 6 and is \nprimarily used for configuring apache as a proxy for Tomcat via AJP and other\nservices via TCP, but it also has support for mod_passenger, mod_python, and\nmod_wsgi as well.
\n\nDisabling mod_security by vhost, rule, or IP are provided. JSON logging for\nvhosts allowing easy import into logstash is available.
\n\nSupport for SSL certificates, password files, or any other sensitive \ninformation may be installed installed to a limted access directory through\napache::securefile.
\n\nMonitoring by sensu is provided, but\nadditional monitoring solutions can easily be added.
\n\nGeneric apache install
\n\n\n class { 'apache': }\n\n\n
Adding a NameVirtualHost on port 80:
\n\n\n apache::namevhost { '80': }\n\n\n
Generic config files:
\n\n\n apache::cfgfile { 'myapp':\n content => template('mymodule/apache.cfg'),\n filename => 'myapp.cfg',\n }\n\n\n
Tomcat AJP proxy with http -> https redirect:
\n\n\n apache::vhost { 'example-http':\n port => 80,\n serverName => $::fqdn,\n serverAlias => [ 'example.com' ],\n redirectToHTTPS => true,\n logstash => true,\n }\n\n apache::vhost { 'example-https':\n serverName => $::fqdn,\n serverAlias => [ 'example.com' ],\n proxy => true,\n proxyTomcat => true,\n port => 443,\n rewrite_to_https => true,\n modSecOverrides => true,\n modSecRemoveById => [ '11111' ],\n logstash => true,\n }\n\n\n
TCP proxy:
\n\n\n apache::vhost { 'newservice':\n port => 80,\n serverName => $::fqdn,\n serverAlias => [ 'newservice.example.com' ],\n proxy => true,\n proxyThin => true,\n thinPort => 3000,\n thinNumServers => 3,\n modSecOverrides => true,\n modSecRemoveById => [ '970901', '960015' ],\n logstash => true,\n }\n\n\n
Static content:
\n\n\n apache::vhost { 'example.com':\n serverName => $::fqdn,\n serverAlias => ['www.example.com', 'example.com'],\n docroot => '/var/www/html/example',\n modSecOverrides => true,\n modSecRemoveById => [ '970901', '960015' ];\n }\n\n\n
Only tested on CentOS 6
\n\nTODO:
\n\n[ ] Make mod_evasive optional\n[ ] Make mod_status optional and configurable\n[ ] Allow disabling mod_security by file\n[ ] Improve documentation, complex module
\n\nLicense:
\n\nReleased under the Apache 2.0 licence
\n\nv2.0.0:\n Initial public release\n
Copyright 2013 EvenUp Inc\n\n Licensed under the Apache License, Version 2.0 (the "License");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n\n
This module manages apache, with emphasis on setting up virtual hosts and\nmanaging ssl.
\n\n # configure the global apache\n class { 'apache':\n ensure => running,\n enable => true,\n server_admin => 'webmaster@example.com',\n }\n\n # setup a vhost for www.example.com, mark it as the default vhost and\n # add a few aliases.\n apache::vhost { 'www.example.com':\n is_default => true,\n server_name => 'www.example.com',\n server_alias => [ 'www-2.example.com',\n 'blog.example.com' ],\n ssl => false,\n }\n\n # if server_name is not specified, the $namevar is used. So in this case\n # server_name = 'www2.example.com'. This one has ssl setup using a\n # self-signed cert (since not intermedaite cert is provided).\n apache::vhost { 'www2.example.com':\n ssl => true,\n ssl_key_file => '/etc/pki/tls/private/private.key',\n ssl_crt_file => '/etc/pki/tls/certs/public.crt',\n }\n\n # another ssl example, this time with an intermediate cert being provided\n apache::vhost { 'www3.example.com:\n ssl => true,\n ssl_key_file => '/etc/pki/tls/private/private.key',\n ssl_crt_file => '/etc/pki/tls/certs/public.crt',\n ssl_int_file => '/etc/pki/tls/certs/intermediate.crt',\n }\n
\n\nSee LICENSE file
\n\nCopyright © 2013 The Regents of the University of California
\n\nAaron Russo arusso@berkeley.edu
\n\nPlease log tickets and issues at the\nProjects site
\n2013-10-07 Aaron Russo <arusso@berkeley.edu> - 0.0.5\n* Issue#9: Allow override of Ssl::Cert dependencies\n\n2013-10-03 Aaron Russo <arusso@berkeley.edu> - 0.0.4\n* Issue#6: Ability to enable/disable include files\n* Issue#8: Implemented unused document_root parameter in vhosts\n\n2013-09-19 Aaron Russo <arusso@berkeley.edu> - 0.0.3\n* Issue#1: adding NameVirtualHost lines\n* Issue#2: replaced priority parameter with is_default\n* Issue#3: removed version parameter from apache class\n* Issue#4: removed params_lookup function for default param values\n\n2013-06-02 Aaron Russo <arusso@berkeley.edu> - 0.0.2\n* updating docs for acct rename\n\n2013-05-28 Aaron Russo <arusso@berkeley.edu> - 0.0.1\n* Initial Release\n
The MIT License (MIT)\n\nCopyright (c) 2013 The Regents of the University of California\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the "Software"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n
This puppet module provisions a single simple Apache vhost in both HTTP and HTTPS modes, enabling pretty URLs and custom base file paths.
\n\nThis puppet module provisions a single simple Apache vhost in both HTTP and HTTPS modes. The provisioned vhost has in-built rewrite rules to point HTTP traffic to the HTTPS site, or to follow the same rules as the HTTPS component. The "default" rewrite rules point all unfound locations to the index.php in the stated path.
\n\nWhat simple_apache_vhost affects:
\n\nTo install simple_apache_vhost with all the default options
\n\nclass { 'simple_apache_vhost': }\n
\n\nThe defaults are determined by your operating system. Currently the only set \nof default options which have been configured are for the Debian/Ubuntu \nsystem, but migration should be very straightforward.
\n\nTo install simple_apache_vhost with non-standard ports and a provisioned \nSSL/TLS certificate
\n\nclass { 'simple_apache_vhost':\n http_port => '1234',\n https_port => '12345',\n ssl_key => '/tmp/ssl/key1',\n ssl_pem => '/tmp/ssl/pem1'\n}\n
\n\nIf you've got a web application (such as Zend or similar) and want to move your\nnormal web path to /var/www/public, you can do this by setting the base_path
\nvalue. You can also prevent auto-forwarding of traffic from the HTTP service to\nthe HTTPS service by changing the redirect_to_ssl
to false.
class { 'simple_apache_vhost':\n base_path => "/var/www/public",\n redirect_to_ssl => false\n}\n
\n\nCopyright (C) 2013 Jon Spriggs
\n\nJon can be contacted at: jon@sprig.gs
\n\nLicensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
\n\nhttp://www.apache.org/licenses/LICENSE-2.0
\n\nUnless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
\n\nPlease raise issues, changes and pull requests at https://github.com/JonTheNiceGuy/JonTheNiceGuy-simple_apache_vhost
\n\nCurrently this code only supports Debian and Ubuntu.
\n\nThis release note refers to the last release only. For previous notes, please see the commit log
\n\nInstall the Apache HTTP daemon and manage its main configuration as well as\nadditional configuration snippets.
\n\nThe module is very Red Hat Enterprise Linux focused, as the defaults try to\nchange everything in ways which are typical for RHEL.
\n\napache_httpd
: Main definition for the server and its main configuration.apache_httpd::file
: Definition to manage additional configuration files.The main apache_httpd
isn't a class in order to be able to set global\ndefaults for its parameters, which is only possible with definitions. The\n$name
can be either prefork
or worker
.
This module disables TRACE and TRACK methods by default, which is best practice\n(using rewrite rules, so only when it is enabled).
\n\nThe apache::service::
prefixed classes aren't meant to be used standalone,\nand are included as needed by the main class.
Sripped down instance running as the git user for the cgit cgi :
\n\napache_httpd { 'worker':\n modules => [ 'mime', 'setenvif', 'alias', 'proxy', 'cgi' ],\n keepalive => 'On',\n user => 'git',\n group => 'git',\n}\n
\n\nComplete instance with https, a typical module list ready for php and the\noriginal Red Hat welcome page disabled :
\n\napache_httpd { 'prefork':\n ssl => true,\n modules => [\n 'auth_basic',\n 'authn_file',\n 'authz_host',\n 'authz_user',\n 'mime',\n 'negotiation',\n 'dir',\n 'alias',\n 'rewrite',\n 'proxy',\n ],\n welcome => false,\n}\n
\n\nExample entry for site.pp
to change some of the defaults globally :
Apache_httpd {\n extendedstatus => 'On',\n serveradmin => 'root@example.com',\n serversignature => 'Off',\n}\n
\n\nConfiguration snippets can be added from anywhere in your manifest, based on\nfiles or templates, and will automatically reload httpd when changed :
\n\napache_httpd::file { 'www.example.com.conf':\n source => 'puppet:///modules/mymodule/httpd.d/www.example.com.conf',\n}\napache_httpd::file { 'global-alias.conf':\n content => 'Alias /whatever /var/www/whatever',\n}\napache_httpd::file { 'myvhosts.conf':\n content => template('mymodule/httpd.d/myvhosts.conf.erb'),\n}\n
\n\nNote that when adding or removing modules, a reload might not be sufficient,\nin which case you will have to perform a full restart by other means.
\n2013-10-01 - 0.4.2\n* Add global servername parameter.\n\n2013-04-19 - 0.4.1\n* Use @varname syntax in templates to silence puppet 3.2 warnings.\n\n2013-03-08 - 0.4.0\n* Split module out to its own repo.\n* Update README and switch to markdown.\n* Cosmetic cleanups.\n\n2012-04-26 - 0.3.2\n* Fix logrotate file, the PID path was wrong for most systems (thomasvs).\n* Make sure the default logrotate file is identical to the original RHEL6 one.\n\n2012-04-20 - 0.3.1\n* Support multiple listens and setting namevirtualhosts (Jared Curtis).\n\n2012-03-07 - 0.3.0\n* Rename from apache-httpd to apache_httpd to conform with puppetlabs docs.\n* Update tests to cover more cases.\n* Include LICENSE since the module will be distributed individually.\n* Update included documentation details.\n\n
Copyright (C) 2011-2013 Matthias Saou\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n\n
This type enables and disables Apache sites for Debian and Ubuntu.
\n\nLicense: GPLv3
\n\na2site { "site_name":\n ensure => present,\n}\n
\nThis program and entire repository is free software; you can\nredistribute it and/or modify it under the terms of the GNU\nGeneral Public License as published by the Free Software\nFoundation; either version 2 of the License, or any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program; if not, write to the Free Software\nFoundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n
wp_apache_nfs\n\nThis is the wp_apache_nfs module.\n\nLicense\n-------\n\nGPLv2\n\nContact\n-------\ncontribATikoula.com\n\nSupport\n-------\n\nOur GitHub : https://github.com/ikoula/cloudstack\n\n
This type loads and unloads Apache modules for SUSE (SLES 11 tested)
\n\nLicense: GPLv3
\n\na2mod { "module":\n ensure => present,\n}\n
\nThis program and entire repository is free software; you can\nredistribute it and/or modify it under the terms of the GNU\nGeneral Public License as published by the Free Software\nFoundation; either version 2 of the License, or any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program; if not, write to the Free Software\nFoundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n
This provides a HTTP Authentication type for Puppet that support Basic and Digest authentication.
\n\nCopyright - James Turnbull james@lovedthanlost.net
\n\nLicense: GPLv3
\n\nThanks to John Ferlito and JKur (https://github.com/jkur) for patches.
\n\nhttpauth { 'user':\n file => '/path/to/password/file',\n password => 'password',\n realm => 'realm',\n mechanism => basic,\n ensure => present,\n}\n
\nThe Passenger module allows easy configuration and management of Phusion Passenger.
\n\nThe Passenger module lets you run Rails or Rack inside Apache with ease. Utilizing Passenger, an application server for Ruby (Rack) and Python (WSGI) apps, the Passenger module enables quick configuration of Passenger for Apache.
\n\nWhat Passenger affects:
\n\nInstall and begin managing Passenger on a node by declaring the class in your node definition:
\n\nnode default {\n class {'passenger': }\n}\n
\n\nThis will establish Passenger on your node with sane default values. However, you can manually set the parameter values:
\n\nnode default {\n class {'passenger':\n passenger_version => '2.2.11',\n passenger_provider => 'gem',\n passenger_package => 'passenger',\n gem_path => '/var/lib/gems/1.8/gems',\n gem_binary_path => '/var/lib/gems/1.8/bin',\n passenger_root => '/var/lib/gems/1.8/gems/passenger-2.2.11'\n mod_passenger_location => '/var/lib/gems/1.8/gems/passenger-2.2.11/ext/apache2/mod_passenger.so',\n }\n}\n
\n\nThe passenger
class has a set of configurable parameters that allow you to control aspects of Passenger's installation.
Parameters within passenger
passenger_version
The Version of Passenger to be installed
\n\ngem_path
The path to rubygems on your system
\n\ngem_binary_path
Path to Rubygems binaries on your system
\n\nmod_passenger_location
Path to Passenger's mod_passenger.so file
\n\npassenger_provider
The package provider to use for the system
\n\npassenger_package
The name of the Passenger package
\n\nThis module operates by compiling Ruby gems on the system being managed.
\n\nThis module was developed and tested against RHEL and Debian based systems (Centos, Fedora, Redhat, Debian, Ubuntu). This module may require you to specify default parameter values to accommodate other distributions.
\n\nPuppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.
\n\nWe want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.
\n\nYou can read the complete module contribution guide on the Puppet Labs wiki.
\n\n0.0.4 Release
\n\n* 2013-11-20 0.2.0\n\nSummary:\n\nThis release refactors the module fairly expensively, and adds Passenger 4\nsupport.\n\nFeatures:\n- Parameters in `passenger` class:\n - `package_name`: Name of the passenger package.\n - `package_ensure`: Ensure state of the passenger package.\n - `package_provider`: Provider to use to install passenger.\n - `passenger_root`: Root directory for passenger.\n\n\n* 2013-07-31 0.1.0\n\nSummary:\n\nSeveral changes over the last year to improve compatibility against\nmodern distributions, improvements to make things more robust and\nsome fixes for Puppet 3.\n\nFeatures:\n- Parameters in `passenger` class:\n - `passenger_ruby`: Allows you to customize what ruby binary is used.\n\nBugfixes:\n- Ubuntu compatibility fixes.\n- Debian 6+ compatibility fixes.\n- Fixes against newer puppetlabs-apache.\n- Properly qualify variables.\n- Restart apache if passenger configuration changes.\n- Don't try to load unless compilation stage was successful.\n
Copyright (C) 2012 Puppet Labs Inc\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n
This module provides alternative providers for core Puppet types such as\nhost
and mailalias
using the Augeas configuration library. It also adds\nsome of its own types for new functionality.
The advantage of using Augeas over the default Puppet parsedfile
\nimplementations is that Augeas will go to great lengths to preserve file\nformatting and comments, while also failing safely when needed.
These providers will hide all of the Augeas commands etc., you don't need to\nknow anything about Augeas to make use of it.
\n\nIf you want to make changes to config files in your own way, you should use\nthe augeas
type directly. For more information about Augeas, see the\nweb site or the\nPuppet/Augeas\nwiki page.
The following builtin types have an Augeas-based provider implemented:
\n\nhost
mailalias
The following other types have a provider implemented:
\n\nmounttab
from puppetlabs-mount_providersThe module adds the following new types:
\n\napache_setenv
for updating SetEnv entries in Apache HTTP Server configskernel_parameter
for adding kernel parameters to GRUB Legacy or GRUB 2 configsnrpe_command
for setting command entries in Nagios NRPE's nrpe.cfg
pg_hba
for PostgreSQL's pg_hba.conf
entriespuppet_auth
for authentication rules in Puppet's auth.conf
shellvar
for shell variables in /etc/sysconfig
or /etc/default
etc.sshd_config
for setting configuration entries in OpenSSH's sshd_config
sshd_config_subsystem
for setting subsystem entries in OpenSSH's sshd_config
sysctl
for entries inside Linux's sysctl.confsyslog
for entries inside syslog.confLots of examples are provided in the accompanying documentation (see\ndocs/examples.html
) and are also published on the web site.\nIf this is a git checkout, you will need to run make
in docs/ to generate the\nHTML pages.
Type documentation can be generated with puppet doc -r type
or viewed on the\nPuppet Forge page.
For builtin types and mounttab, the default provider will automatically become\nthe augeas
provider once the module is installed. This can be changed back\nto parsed
where necessary.
Ensure both Augeas and ruby-augeas 0.3.0+ bindings are installed and working as\nnormal.
\n\nSee Puppet/Augeas pre-requisites.
\n\nOn Puppet 2.7.14+, the module can be installed easily (documentation):
\n\npuppet module install domcleal/augeasproviders\n
\n\nYou may see an error similar to this on Puppet 2.x (#13858):
\n\nError 400 on SERVER: Puppet::Parser::AST::Resource failed with error ArgumentError: Invalid resource type `kernel_parameter` at ...\n
\n\nEnsure the module is present in your puppetmaster's own environment (it doesn't\nhave to use it) and that the master has pluginsync enabled. Run the agent on\nthe puppetmaster to cause the custom types to be synced to its local libdir\n(puppet master --configprint libdir
) and then restart the puppetmaster so it\nloads them.
The following builtin types have Augeas-based providers planned:
\n\n\n\nOther ideas for new types are:
\n\n/etc/system
typesPlease file any issues or suggestions on GitHub.
\n# Changelog\n\n## 1.0.2\n* no change, re-release for bad tarball checksum\n\n## 1.0.1\n* sysctl: fix quoting issue when applying settings, fixes #53 (Jeremy Kitchen)\n* sysctl: fix apply=>false, was always running, fixes #56 (Trey Dockendorf)\n* all: use augeas/lenses/ from Puppet's pluginsync libdir (Craig Dunn)\n* sshd: create array entries before Match groups\n\n## 1.0.0\n* devel: AugeasProviders::Provider has gained a large number of helper methods\n for writing providers\n* all: providers completely refactored to use AugeasProviders::Provider helpers\n* sysctl: ignore whitespace inside values during comparisons, fixes #50\n* shellvar: fix require to work for puppet apply/specs\n\n## 0.7.0\n* pg_hba: new type for managing PostgreSQL pg_hba.conf entries\n* shellvar: add support for array values\n* sysctl: add 'apply' parameter to change live kernel value (default: true)\n* sysctl: add 'val' parameter alias for duritong/puppet-sysctl compatibility\n* mailalias: fix quoting of pipe recipients, fixes #41\n* devel: test Ruby 2.0\n\n## 0.6.1\n* syslog: add rsyslog provider variant, requires Augeas 1.0.0\n* all: fix ruby-augeas 0.3.0 compatibility on Ruby 1.9\n* all: don't throw error when target file doesn't already exist\n* kernel_parameter/grub: ensure partially present parameters will be removed\n\n## 0.6.0\n* apache_setenv: new type for managing Apache HTTP SetEnv config options (Endre\n Karlson)\n* puppet_auth: new type for managing Puppet's auth.conf file\n* shellvar: new type for managing /etc/{default,sysconfig}\n* kernel_parameter: use EFI GRUB legacy config if present\n* devel: replaced librarian-puppet with puppetlabs_spec_helper's .fixtures.yml\n* devel: use augparse --notypecheck for improved speed\n\n## 0.5.3\n* sshd_config: reinstate separate name parameter\n* docs: add sshd_config multiple keys example, fixes #27\n\n## 0.5.2\n* sshd_config, sysctl: create entries after commented out entry\n* host, mailalias: implement prefetch for performance\n* sshd_config: remove separate name parameter, only use key as namevar\n* docs: remove symlinks from docs/, fixes #25, improve README, rename LICENSE\n* devel: improve idempotence logging\n* devel: update to Augeas 1.0.0, test Puppet 3.1\n\n## 0.5.1\n* all: fix library loading issue with `puppet apply`\n\n## 0.5.0\n* kernel_parameter: new type for managing kernel arguments in GRUB Legacy and\n GRUB 2 configs\n* docs: documentation index, existing articles and numerous examples for all\n providers added\n* docs: URLs changed to GitHub hercules-team organisation\n* devel: files existence stubbed out in tests\n* devel: Augeas submodule changed to point to GitHub\n* devel: specs compatibility with 2.7.20 fixed\n\n## 0.4.0\n* nrpe_command: new type for managing NRPE settings (Christian Kaenzig)\n* syslog: new type for managing (r)syslog destinations (Raphaël Pinson)\n\n## 0.3.1\n* all: fix missing require causing load errors\n* sshd_config: store multiple values for a setting as multiple entries, e.g.\n multiple ListenAddress lines (issue #13)\n* docs: minor fixes\n* devel: test Puppet 3.0\n\n## 0.3.0\n* sysctl: new type for managing sysctl.conf entries\n* mounttab: add Solaris /etc/vfstab support\n* mounttab: fix options property idempotency\n* mounttab: fix key=value options in fstab instances\n* host: fix comment and host_aliases properties idempotency\n* all: log /augeas//error output when unable to save\n* packaging: hard mount_providers dependency removed\n* devel: augparse used to test providers against expected tree\n* devel: augeas submodule included for testing against latest lenses\n\n## 0.2.0\n* mounttab: new provider for mounttab type in puppetlabs-mount_providers\n (supports fstab only, no vfstab), mount_providers now a dependency\n* devel: librarian-puppet used to install Puppet module dependencies\n\n## 0.1.1\n* host: fix host_aliases param support pre-2.7\n* sshd_config: find Match groups in instances/ralsh\n* sshd_config: support arrays for ((Allow|Deny)(Groups|Users))|AcceptEnv|MACs\n* sshd_config_subsystem: new type and provider (Raphaël Pinson)\n* devel: use Travis CI, specify deps via Gemfile + bundler\n* specs: fixes for 0.25 and 2.6 series\n\n## 0.1.0\n* host: fix pre-2.7 compatibility when without comment property\n* sshd_config: new type and provider (Raphaël Pinson)\n* all: fix provider confine to enable use in same run as ruby-augeas install\n (Puppet #14822)\n* devel: refactor common augopen code into utility class\n* specs: fix both Ruby 1.8 and mocha 0.12 compatibility\n\n## 0.0.4\n* host: fix handling of multiple host_aliases\n* host: fix handling of empty comment string, now removes comment\n* host: fix missing ensure and comment parameters in puppet resource, only\n return aliases if present\n* mailalias: fix missing ensure parameter in puppet resource\n* specs: added comprehensive test harness for both providers\n\n## 0.0.3\n* all: add instances methods to enable `puppet resource`\n\n## 0.0.2\n* mailalias: new provider added for builtin mailalias type\n\n## 0.0.1\n* host: new provider added for builtin host type\n
augeasproviders: alternative Augeas-based providers for Puppet\n\nCopyright (c) 2012 Dominic Cleal\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\nhttp://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n
A Puppet recipe for Apache Maven, to download artifacts from a Maven repository
\n\nUses Apache Maven command line to download the artifacts.
\n\nTo build the module for installing in your Puppet master:
\n\ngem install puppet-module\ngit clone git://github.com/maestrodev/puppet-maven.git\ncd puppet-maven\npuppet module build\npuppet module install pkg/maestrodev-maven-1.0.1.tar.gz\n
\n\nOf course, you can also clone the repository straight into /etc/puppet/modules/maven
as well.
If you are developing the module, it can be built using rake
:
gem install bundler\nbundle\nrake spec\nrake spec:system\n
\n\n maven { "/tmp/myfile":\n id => "groupId:artifactId:version:packaging:classifier",\n repos => ["id::layout::http://repo.acme.com","http://repo2.acme.com"],\n }\n
\n\nor
\n\n maven { "/tmp/myfile":\n groupid => "org.apache.maven",\n artifactid => "maven-core",\n version => "3.0.5",\n packaging => "jar",\n classifier => "sources",\n repos => ["id::layout::http://repo.acme.com","http://repo2.acme.com"],\n }\n
\n\nensure
may be one of two values:
present
(the default) -- the specified maven artifact is downloaded when no file exists\nat path
(or name
if no path is specified.) This is probably makes\nsense when the specified maven artifact refers to a released (non-SNAPSHOT)\nartifact.latest
-- if value of version is RELEASE
, LATEST
, or a SNAPSHOT the repository\nis queried for an updated artifact. If an updated artifact is found the file\nat path
is replaced.Values set in maven_opts
will be prepended to any existing\nMAVEN_OPTS
value. This ensures that those already specified will win over\nthose added in mavenrc
.
If you would prefer these options to win, instead use:
\n\n maven_opts => "",\n mavenrc_additions => 'MAVEN_OPTS="$MAVEN_OPTS -Xmx1024m"\n
\n\n $central = {\n id => "myrepo",\n username => "myuser",\n password => "mypassword",\n url => "http://repo.acme.com",\n mirrorof => "external:*", # if you want to use the repo as a mirror, see maven::settings below\n }\n\n $proxy = {\n active => true, #Defaults to true\n protocol => 'http', #Defaults to 'http'\n host => 'http://proxy.acme.com',\n username => 'myuser', #Optional if proxy does not require\n password => 'mypassword', #Optional if proxy does not require\n nonProxyHosts => 'www.acme.com', #Optional, provides exceptions to the proxy\n }\n\n # Install Maven\n class { "maven::maven":\n version => "3.0.5", # version to install\n # you can get Maven tarball from a Maven repository instead than from Apache servers, optionally with a user/password\n repo => {\n #url => "http://repo.maven.apache.org/maven2",\n #username => "",\n #password => "",\n }\n } ->\n\n # Setup a .mavenrc file for the specified user\n maven::environment { 'maven-env' : \n user => 'root',\n # anything to add to MAVEN_OPTS in ~/.mavenrc\n maven_opts => '-Xmx1384m', # anything to add to MAVEN_OPTS in ~/.mavenrc\n maven_path_additions => "", # anything to add to the PATH in ~/.mavenrc\n\n } ->\n\n # Create a settings.xml with the repo credentials\n maven::settings { 'maven-user-settings' :\n mirrors => [$central], # mirrors entry in settings.xml, uses id, url, mirrorof from the hash passed\n servers => [$central], # servers entry in settings.xml, uses id, username, password from the hash passed\n proxies => [$proxy], # proxies entry in settings.xml, active, protocol, host, username, password, nonProxyHosts\n user => 'maven',\n }\n\n # defaults for all maven{} declarations\n Maven {\n user => "maven", # you can make puppet run Maven as a specific user instead of root, useful to share Maven settings and local repository\n group => "maven", # you can make puppet run Maven as a specific group\n repos => "http://repo.maven.apache.org/maven2"\n }\n
\n\n maven { "/tmp/maven-core-3.0.5.jar":\n id => "org.apache.maven:maven-core:3.0.5:jar",\n repos => ["central::default::http://repo.maven.apache.org/maven2","http://mirrors.ibiblio.org/pub/mirrors/maven2"],\n }\n\n maven { "/tmp/maven-core-3.0.5-sources.jar":\n groupid => "org.apache.maven",\n artifactid => "maven-core",\n version => "3.0.5",\n classifier => "sources",\n }\n
\n\nInitially there was an Apache Buildr version, but it required to have Buildr installed before running Puppet and you would need to enable pluginsync\nin both master and clients.
\n\n Copyright 2011-2012 MaestroDev\n\n Licensed under the Apache License, Version 2.0 (the "License");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n
\n\nCarlos Sanchez csanchez@maestrodev.com\nMaestroDev\n2010-03-01
\n\n Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n "License" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n "Licensor" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n "Legal Entity" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n "control" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n "You" (or "Your") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n "Source" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n "Object" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n "Work" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n "Derivative Works" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n "Contribution" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, "submitted"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as "Not a Contribution."\n\n "Contributor" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a "NOTICE" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets "[]"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same "printed page" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright [yyyy] [name of copyright owner]\n\n Licensed under the Apache License, Version 2.0 (the "License");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n