puppet_forge 2.3.2 → 3.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/workflows/ruby-rspec.yml +6 -6
- data/CHANGELOG.md +25 -0
- data/README.md +23 -4
- data/lib/puppet_forge.rb +1 -1
- data/lib/puppet_forge/connection.rb +5 -5
- data/lib/puppet_forge/v3/base.rb +1 -1
- data/lib/puppet_forge/version.rb +1 -1
- data/puppet_forge.gemspec +6 -6
- data/spec/fixtures/v3/modules.json +19 -19
- data/spec/fixtures/v3/modules/puppetlabs-apache.json +1 -1
- data/spec/fixtures/v3/modules__owner=puppetlabs.json +19 -19
- data/spec/fixtures/v3/modules__query=apache.json +6 -6
- data/spec/fixtures/v3/releases.json +14 -14
- data/spec/fixtures/v3/releases/puppetlabs-apache-0.1.1.json +2 -2
- data/spec/fixtures/v3/releases__module=puppetlabs-apache.json +14 -14
- data/spec/spec_helper.rb +1 -2
- data/spec/unit/forge/connection_spec.rb +36 -7
- data/spec/unit/forge/v3/metadata_spec.rb +0 -40
- metadata +12 -34
- data/lib/puppet_forge/middleware/symbolify_json.rb +0 -72
- data/spec/unit/forge/middleware/symbolify_json_spec.rb +0 -63
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: e92036b548aa46fca8fb793b61ea0440812fea1e9dcada78d402a39be216fdf9
|
|
4
|
+
data.tar.gz: e0a230adaf5703424981c755fd05a893520c16703904ac20d3b503ba75b48f1c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2a7ec0344a4f7a2f2d6ecc674a50bc0c9b95b08b44a26f52551bb97b4becfcc2f17d226bd18cbc5773370b53d9f9bac95df39e90d1eb3b6c95742b8e6ed42455
|
|
7
|
+
data.tar.gz: 71424aa172611723b89edb31fa249beba56d73cab50db3ae180bead75eb0486ff194be3131d5f452fd3353c227630804d8e4f0432d99bf9000e296b7a405cad5
|
|
@@ -3,10 +3,10 @@ name: ruby-rspec
|
|
|
3
3
|
on:
|
|
4
4
|
push:
|
|
5
5
|
branches:
|
|
6
|
-
-
|
|
6
|
+
- main
|
|
7
7
|
pull_request:
|
|
8
8
|
branches:
|
|
9
|
-
-
|
|
9
|
+
- main
|
|
10
10
|
|
|
11
11
|
jobs:
|
|
12
12
|
test:
|
|
@@ -14,14 +14,14 @@ jobs:
|
|
|
14
14
|
runs-on: ubuntu-latest
|
|
15
15
|
strategy:
|
|
16
16
|
matrix:
|
|
17
|
-
|
|
17
|
+
ruby: [2.7, 2.6, 2.5]
|
|
18
18
|
|
|
19
19
|
steps:
|
|
20
20
|
- uses: actions/checkout@v1
|
|
21
|
-
- name: Set up Ruby ${{ matrix.
|
|
22
|
-
uses:
|
|
21
|
+
- name: Set up Ruby ${{ matrix.ruby }}
|
|
22
|
+
uses: ruby/setup-ruby@v1
|
|
23
23
|
with:
|
|
24
|
-
ruby-version: ${{ matrix.
|
|
24
|
+
ruby-version: ${{ matrix.ruby }}
|
|
25
25
|
|
|
26
26
|
- name: Build and test with Rspec
|
|
27
27
|
run: |
|
data/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,31 @@
|
|
|
3
3
|
Starting with v2.0.0, all notable changes to this project will be documented in this file.
|
|
4
4
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
|
5
5
|
|
|
6
|
+
## v3.1.0 - 2021-08-20
|
|
7
|
+
|
|
8
|
+
### Changed
|
|
9
|
+
|
|
10
|
+
* Update `PuppetForge::Connection.authorization` so that it prepends the
|
|
11
|
+
required `Bearer ` string automatically to values that look like Forge API
|
|
12
|
+
keys. This won't affect values that already include `Bearer `.
|
|
13
|
+
|
|
14
|
+
## v3.0.0 - 2021-01-28
|
|
15
|
+
|
|
16
|
+
* Breaking: The `puppet_forge` gem now requires at least Ruby 2.4.0.
|
|
17
|
+
* Update `faraday` and `faraday_middleware` gem dependencies to 1.x series.
|
|
18
|
+
* Update optional `typhoeus` dependency to `>= 1.4` to maintain compatibility with `faraday`.
|
|
19
|
+
|
|
20
|
+
## v2.3.4 - 2020-03-31
|
|
21
|
+
|
|
22
|
+
* Update the forge API url to `forgeapi.puppet.com` (instead of using the older puppetlabs.com domain).
|
|
23
|
+
* Allow versions of the `faraday_middleware` dependency up to 0.15.
|
|
24
|
+
|
|
25
|
+
## v2.3.3 - 2020-02-20
|
|
26
|
+
|
|
27
|
+
### Changed
|
|
28
|
+
|
|
29
|
+
* Allow versions of faraday up to 0.18
|
|
30
|
+
|
|
6
31
|
## v2.3.2 - 2020-02-05
|
|
7
32
|
|
|
8
33
|
### Fixed
|
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Puppet Forge
|
|
2
2
|
|
|
3
|
-
Access and manipulate the [Puppet Forge API](https://forgeapi.
|
|
3
|
+
Access and manipulate the [Puppet Forge API](https://forgeapi.puppet.com)
|
|
4
4
|
from Ruby.
|
|
5
5
|
|
|
6
6
|
## Installation
|
|
@@ -81,13 +81,14 @@ resource model are documented on the [Resource Reference][resource_ref] page.
|
|
|
81
81
|
Each of the models uses ActiveRecord-like REST functionality to map over the Forge API endpoints.
|
|
82
82
|
Most simple ActiveRecord-style interactions function as intended.
|
|
83
83
|
|
|
84
|
-
Currently, only
|
|
84
|
+
Currently, only read-only actions are supported.
|
|
85
85
|
|
|
86
86
|
The methods find, where, and all immediately make one API request.
|
|
87
87
|
|
|
88
88
|
```ruby
|
|
89
89
|
# Find a Resource by Slug
|
|
90
|
-
PuppetForge::User.find('puppetlabs') # => #<
|
|
90
|
+
PuppetForge::User.find('puppetlabs') # => #<PuppetForge::V3::User(/v3/users/puppetlabs)>
|
|
91
|
+
PuppetForge::Module.find('puppetlabs-stdlib') # => #<PuppetForge::V3::Module(/v3/modules/puppetlabs-stdlib)>
|
|
91
92
|
|
|
92
93
|
# Find All Resources
|
|
93
94
|
PuppetForge::Module.all # See "Paginated Collections" below for important info about enumerating resource sets.
|
|
@@ -109,7 +110,7 @@ PuppetForge::Module.where(query: 'apache').all # This method is deprecated and n
|
|
|
109
110
|
All API Requests (whether via find, where, or all) will raise a Faraday::ResourceNotFound error if the request fails.
|
|
110
111
|
|
|
111
112
|
|
|
112
|
-
###
|
|
113
|
+
### Downloading and installing a module release
|
|
113
114
|
|
|
114
115
|
A release tarball can be downloaded and installed by following the steps below.
|
|
115
116
|
|
|
@@ -186,6 +187,24 @@ user.username # => "puppetlabs"
|
|
|
186
187
|
user.created_at # => "2010-05-19 05:46:26 -0700"
|
|
187
188
|
```
|
|
188
189
|
|
|
190
|
+
### Configuration
|
|
191
|
+
|
|
192
|
+
To overwrite the default of `https://forgeapi.puppet.com` and set a custom url for the Forge API:
|
|
193
|
+
|
|
194
|
+
```ruby
|
|
195
|
+
PuppetForge.host = "https://your-own-api.url/"
|
|
196
|
+
```
|
|
197
|
+
|
|
198
|
+
### Authorization
|
|
199
|
+
|
|
200
|
+
To authorize your requests with an API key from a Forge user account:
|
|
201
|
+
|
|
202
|
+
```ruby
|
|
203
|
+
PuppetForge::Connection.authorization = "<your-api-key-here>"
|
|
204
|
+
```
|
|
205
|
+
|
|
206
|
+
You can generate API keys on your user profile page once you've [logged into the Forge website](https://forge.puppet.com/login).
|
|
207
|
+
|
|
189
208
|
### i18n
|
|
190
209
|
|
|
191
210
|
When adding new error or log messages please follow the instructions for
|
data/lib/puppet_forge.rb
CHANGED
|
@@ -17,7 +17,7 @@ module PuppetForge
|
|
|
17
17
|
|
|
18
18
|
GettextSetup.initialize(File.absolute_path('../locales', File.dirname(__FILE__)))
|
|
19
19
|
|
|
20
|
-
DEFAULT_FORGE_HOST = 'https://forgeapi.
|
|
20
|
+
DEFAULT_FORGE_HOST = 'https://forgeapi.puppet.com/'
|
|
21
21
|
|
|
22
22
|
self.host = DEFAULT_FORGE_HOST
|
|
23
23
|
|
|
@@ -2,7 +2,6 @@ require 'puppet_forge/connection/connection_failure'
|
|
|
2
2
|
|
|
3
3
|
require 'faraday'
|
|
4
4
|
require 'faraday_middleware'
|
|
5
|
-
require 'puppet_forge/middleware/symbolify_json'
|
|
6
5
|
|
|
7
6
|
module PuppetForge
|
|
8
7
|
# Provide a common mixin for adding a HTTP connection to classes.
|
|
@@ -24,6 +23,8 @@ module PuppetForge
|
|
|
24
23
|
|
|
25
24
|
attr_writer :conn
|
|
26
25
|
|
|
26
|
+
AUTHORIZATION_TOKEN_REGEX = /^[a-f0-9]{64}$/
|
|
27
|
+
|
|
27
28
|
USER_AGENT = "#{PuppetForge.user_agent} PuppetForge.gem/#{PuppetForge::VERSION} Faraday/#{Faraday::VERSION} Ruby/#{RUBY_VERSION}-p#{RUBY_PATCHLEVEL} (#{RUBY_PLATFORM})".strip
|
|
28
29
|
|
|
29
30
|
def self.authorization=(token)
|
|
@@ -81,7 +82,7 @@ module PuppetForge
|
|
|
81
82
|
|
|
82
83
|
begin
|
|
83
84
|
# Use Typhoeus if available.
|
|
84
|
-
Gem::Specification.find_by_name('typhoeus', '~> 1.
|
|
85
|
+
Gem::Specification.find_by_name('typhoeus', '~> 1.4')
|
|
85
86
|
require 'typhoeus/adapters/faraday'
|
|
86
87
|
adapter = :typhoeus
|
|
87
88
|
rescue Gem::LoadError
|
|
@@ -102,7 +103,7 @@ module PuppetForge
|
|
|
102
103
|
options = { :headers => { :user_agent => USER_AGENT } }.merge(opts)
|
|
103
104
|
|
|
104
105
|
if token = PuppetForge::Connection.authorization
|
|
105
|
-
options[:headers][:authorization] = token
|
|
106
|
+
options[:headers][:authorization] = token =~ AUTHORIZATION_TOKEN_REGEX ? "Bearer #{token}" : token
|
|
106
107
|
end
|
|
107
108
|
|
|
108
109
|
if lang = PuppetForge::Connection.accept_language
|
|
@@ -114,8 +115,7 @@ module PuppetForge
|
|
|
114
115
|
end
|
|
115
116
|
|
|
116
117
|
Faraday.new(url, options) do |builder|
|
|
117
|
-
builder.
|
|
118
|
-
builder.response(:json, :content_type => /\bjson$/)
|
|
118
|
+
builder.response(:json, :content_type => /\bjson$/, :parser_options => { :symbolize_names => true })
|
|
119
119
|
builder.response(:raise_error)
|
|
120
120
|
builder.use(:connection_failure)
|
|
121
121
|
|
data/lib/puppet_forge/v3/base.rb
CHANGED
|
@@ -56,7 +56,7 @@ module PuppetForge
|
|
|
56
56
|
# @private
|
|
57
57
|
def request(resource, item = nil, params = {}, reset_connection = false, conn_opts = {})
|
|
58
58
|
conn(reset_connection, conn_opts) if reset_connection
|
|
59
|
-
unless conn.url_prefix =~ /^#{PuppetForge.host}/
|
|
59
|
+
unless conn.url_prefix.to_s =~ /^#{PuppetForge.host}/
|
|
60
60
|
conn.url_prefix = "#{PuppetForge.host}"
|
|
61
61
|
end
|
|
62
62
|
|
data/lib/puppet_forge/version.rb
CHANGED
data/puppet_forge.gemspec
CHANGED
|
@@ -18,13 +18,13 @@ Gem::Specification.new do |spec|
|
|
|
18
18
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
|
19
19
|
spec.require_paths = ["lib"]
|
|
20
20
|
|
|
21
|
-
spec.required_ruby_version = '>=
|
|
21
|
+
spec.required_ruby_version = '>= 2.4.0'
|
|
22
22
|
|
|
23
|
-
spec.add_runtime_dependency "faraday",
|
|
24
|
-
spec.add_runtime_dependency "faraday_middleware",
|
|
25
|
-
spec.add_dependency
|
|
26
|
-
spec.add_dependency
|
|
27
|
-
spec.add_dependency
|
|
23
|
+
spec.add_runtime_dependency "faraday", "~> 1.3"
|
|
24
|
+
spec.add_runtime_dependency "faraday_middleware", "~> 1.0"
|
|
25
|
+
spec.add_dependency "semantic_puppet", "~> 1.0"
|
|
26
|
+
spec.add_dependency "minitar"
|
|
27
|
+
spec.add_dependency "gettext-setup", "~> 0.11"
|
|
28
28
|
|
|
29
29
|
spec.add_development_dependency "rake"
|
|
30
30
|
spec.add_development_dependency "rspec", "~> 3.0"
|
|
@@ -313,8 +313,8 @@
|
|
|
313
313
|
"file_size": 67586,
|
|
314
314
|
"file_md5": "bbf919d7ee9d278d2facf39c25578bf8",
|
|
315
315
|
"downloads": 628084,
|
|
316
|
-
"readme": "<section class=\"markdown\"><h1>Puppet Labs Standard Library</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-stdlib\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-stdlib.png?branch=master\" alt=\"Build Status\"></a></p>\n\n<p>This module provides a "standard library" of resources for developing Puppet\nModules. This modules will include the following additions to Puppet</p>\n\n<ul>\n<li>Stages</li>\n<li>Facts</li>\n<li>Functions</li>\n<li>Defined resource types</li>\n<li>Types</li>\n<li>Providers</li>\n</ul>\n\n<p>This module is officially curated and provided by Puppet Labs. The modules\nPuppet Labs writes and distributes will make heavy use of this standard\nlibrary.</p>\n\n<p>To report or research a bug with any part of this module, please go to\n<a href=\"http://projects.puppetlabs.com/projects/stdlib\">http://projects.puppetlabs.com/projects/stdlib</a></p>\n\n<h1>Versions</h1>\n\n<p>This module follows semver.org (v1.0.0) versioning guidelines. The standard\nlibrary module is released as part of <a href=\"http://puppetlabs.com/puppet/puppet-enterprise/\">Puppet\nEnterprise</a> and as a result\nolder versions of Puppet Enterprise that Puppet Labs still supports will have\nbugfix maintenance branches periodically "merged up" into master. The current\nlist of integration branches are:</p>\n\n<ul>\n<li>v2.1.x (v2.1.1 released in PE 1)</li>\n<li>v2.2.x (Never released as part of PE, only to the Forge)</li>\n<li>v2.3.x (Released in PE 2)</li>\n<li>v3.0.x (Never released as part of PE, only to the Forge)</li>\n<li>v4.0.x (Drops support for Puppet 2.7)</li>\n<li>master (mainline development branch)</li>\n</ul>\n\n<p>The first Puppet Enterprise version including the stdlib module is Puppet\nEnterprise 1.2.</p>\n\n<h1>Compatibility</h1>\n\n<table><thead>\n<tr>\n<th align=\"left\">Puppet Versions</th>\n<th align=\"center\">< 2.6</th>\n<th align=\"center\">2.6</th>\n<th align=\"center\">2.7</th>\n<th align=\"center\">3.x</th>\n</tr>\n</thead><tbody>\n<tr>\n<td align=\"left\"><strong>stdlib 2.x</strong></td>\n<td align=\"center\">no</td>\n<td align=\"center\"><strong>yes</strong></td>\n<td align=\"center\"><strong>yes</strong></td>\n<td align=\"center\">no</td>\n</tr>\n<tr>\n<td align=\"left\"><strong>stdlib 3.x</strong></td>\n<td align=\"center\">no</td>\n<td align=\"center\">no</td>\n<td align=\"center\"><strong>yes</strong></td>\n<td align=\"center\"><strong>yes</strong></td>\n</tr>\n<tr>\n<td align=\"left\"><strong>stdlib 4.x</strong></td>\n<td align=\"center\">no</td>\n<td align=\"center\">no</td>\n<td align=\"center\">no</td>\n<td align=\"center\"><strong>yes</strong></td>\n</tr>\n</tbody></table>\n\n<p>The stdlib module does not work with Puppet versions released prior to Puppet\n2.6.0.</p>\n\n<h2>stdlib 2.x</h2>\n\n<p>All stdlib releases in the 2.0 major version support Puppet 2.6 and Puppet 2.7.</p>\n\n<h2>stdlib 3.x</h2>\n\n<p>The 3.0 major release of stdlib drops support for Puppet 2.6. Stdlib 3.x\nsupports Puppet 2 and Puppet 3.</p>\n\n<h2>stdlib 4.x</h2>\n\n<p>The 4.0 major release of stdlib drops support for Puppet 2.7. Stdlib 4.x\nsupports Puppet 3. Notably, ruby 1.8.5 is no longer supported though ruby\n1.8.7, 1.9.3, and 2.0.0 are fully supported.</p>\n\n<h1>Functions</h1>\n\n<h2>abs</h2>\n\n<p>Returns the absolute value of a number, for example -34.56 becomes\n34.56. Takes a single integer and float value as an argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>any2array</h2>\n\n<p>This converts any object to an array containing that object. Empty argument\nlists are converted to an empty array. Arrays are left untouched. Hashes are\nconverted to arrays of alternating keys and values.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>bool2num</h2>\n\n<p>Converts a boolean to a number. Converts the values:\nfalse, f, 0, n, and no to 0\ntrue, t, 1, y, and yes to 1\n Requires a single boolean or string as an input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>capitalize</h2>\n\n<p>Capitalizes the first letter of a string or array of strings.\nRequires either a single string or an array as an input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>chomp</h2>\n\n<p>Removes the record separator from the end of a string or an array of\nstrings, for example <code>hello\\n</code> becomes <code>hello</code>.\nRequires a single string or array as an input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>chop</h2>\n\n<p>Returns a new string with the last character removed. If the string ends\nwith <code>\\r\\n</code>, both characters are removed. Applying chop to an empty\nstring returns an empty string. If you wish to merely remove record\nseparators then you should use the <code>chomp</code> function.\nRequires a string or array of strings as input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>concat</h2>\n\n<p>Appends the contents of array 2 onto array 1.</p>\n\n<p><em>Example:</em></p>\n\n<pre><code>concat(['1','2','3'],['4','5','6'])\n</code></pre>\n\n<p>Would result in:</p>\n\n<p>['1','2','3','4','5','6']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>count</h2>\n\n<p>Takes an array as first argument and an optional second argument.\nCount the number of elements in array that matches second argument.\nIf called with only an array it counts the number of elements that are not nil/undef.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>defined_with_params</h2>\n\n<p>Takes a resource reference and an optional hash of attributes.</p>\n\n<p>Returns true if a resource with the specified attributes has already been added\nto the catalog, and false otherwise.</p>\n\n<pre><code>user { 'dan':\n ensure => present,\n}\n\nif ! defined_with_params(User[dan], {'ensure' => 'present' }) {\n user { 'dan': ensure => present, }\n}\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>delete</h2>\n\n<p>Deletes all instances of a given element from an array, substring from a\nstring, or key from a hash.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>delete(['a','b','c','b'], 'b')\nWould return: ['a','c']\n\ndelete({'a'=>1,'b'=>2,'c'=>3}, 'b')\nWould return: {'a'=>1,'c'=>3}\n\ndelete('abracadabra', 'bra')\nWould return: 'acada'\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>delete_at</h2>\n\n<p>Deletes a determined indexed value from an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>delete_at(['a','b','c'], 1)\n</code></pre>\n\n<p>Would return: ['a','c']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>dirname</h2>\n\n<p>Returns the <code>dirname</code> of a path.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>dirname('/path/to/a/file.ext')\n</code></pre>\n\n<p>Would return: '/path/to/a'</p>\n\n<h2>downcase</h2>\n\n<p>Converts the case of a string or all strings in an array to lower case.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>empty</h2>\n\n<p>Returns true if the variable is empty.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>ensure_packages</h2>\n\n<p>Takes a list of packages and only installs them if they don't already exist.</p>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>ensure_resource</h2>\n\n<p>Takes a resource type, title, and a list of attributes that describe a\nresource.</p>\n\n<pre><code>user { 'dan':\n ensure => present,\n}\n</code></pre>\n\n<p>This example only creates the resource if it does not already exist:</p>\n\n<pre><code>ensure_resource('user, 'dan', {'ensure' => 'present' })\n</code></pre>\n\n<p>If the resource already exists but does not match the specified parameters,\nthis function will attempt to recreate the resource leading to a duplicate\nresource definition error.</p>\n\n<p>An array of resources can also be passed in and each will be created with\nthe type and parameters specified if it doesn't already exist.</p>\n\n<pre><code>ensure_resource('user', ['dan','alex'], {'ensure' => 'present'})\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>flatten</h2>\n\n<p>This function flattens any deeply nested arrays and returns a single flat array\nas a result.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>flatten(['a', ['b', ['c']]])\n</code></pre>\n\n<p>Would return: ['a','b','c']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>floor</h2>\n\n<p>Returns the largest integer less or equal to the argument.\nTakes a single numeric value as an argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>fqdn_rotate</h2>\n\n<p>Rotates an array a random number of times based on a nodes fqdn.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>get_module_path</h2>\n\n<p>Returns the absolute path of the specified module for the current\nenvironment.</p>\n\n<p>Example:\n $module_path = get_module_path('stdlib')</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>getparam</h2>\n\n<p>Takes a resource reference and name of the parameter and\nreturns value of resource's parameter.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>define example_resource($param) {\n}\n\nexample_resource { "example_resource_instance":\n param => "param_value"\n}\n\ngetparam(Example_resource["example_resource_instance"], "param")\n</code></pre>\n\n<p>Would return: param_value</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>getvar</h2>\n\n<p>Lookup a variable in a remote namespace.</p>\n\n<p>For example:</p>\n\n<pre><code>$foo = getvar('site::data::foo')\n# Equivalent to $foo = $site::data::foo\n</code></pre>\n\n<p>This is useful if the namespace itself is stored in a string:</p>\n\n<pre><code>$datalocation = 'site::data'\n$bar = getvar("${datalocation}::bar")\n# Equivalent to $bar = $site::data::bar\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>grep</h2>\n\n<p>This function searches through an array and returns any elements that match\nthe provided regular expression.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>grep(['aaa','bbb','ccc','aaaddd'], 'aaa')\n</code></pre>\n\n<p>Would return:</p>\n\n<pre><code>['aaa','aaaddd']\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>has_interface_with</h2>\n\n<p>Returns boolean based on kind and value:</p>\n\n<ul>\n<li>macaddress</li>\n<li>netmask</li>\n<li>ipaddress</li>\n<li>network</li>\n</ul>\n\n<p>has_interface_with("macaddress", "x:x:x:x:x:x")\nhas_interface_with("ipaddress", "127.0.0.1") => true\netc.</p>\n\n<p>If no "kind" is given, then the presence of the interface is checked:\nhas_interface_with("lo") => true</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>has_ip_address</h2>\n\n<p>Returns true if the client has the requested IP address on some interface.</p>\n\n<p>This function iterates through the 'interfaces' fact and checks the\n'ipaddress_IFACE' facts, performing a simple string comparison.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>has_ip_network</h2>\n\n<p>Returns true if the client has an IP address within the requested network.</p>\n\n<p>This function iterates through the 'interfaces' fact and checks the\n'network_IFACE' facts, performing a simple string comparision.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>has_key</h2>\n\n<p>Determine if a hash has a certain key value.</p>\n\n<p>Example:</p>\n\n<pre><code>$my_hash = {'key_one' => 'value_one'}\nif has_key($my_hash, 'key_two') {\n notice('we will not reach here')\n}\nif has_key($my_hash, 'key_one') {\n notice('this will be printed')\n}\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>hash</h2>\n\n<p>This function converts an array into a hash.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>hash(['a',1,'b',2,'c',3])\n</code></pre>\n\n<p>Would return: {'a'=>1,'b'=>2,'c'=>3}</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_array</h2>\n\n<p>Returns true if the variable passed to this function is an array.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_domain_name</h2>\n\n<p>Returns true if the string passed to this function is a syntactically correct domain name.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_float</h2>\n\n<p>Returns true if the variable passed to this function is a float.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_function_available</h2>\n\n<p>This function accepts a string as an argument, determines whether the\nPuppet runtime has access to a function by that name. It returns a\ntrue if the function exists, false if not.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_hash</h2>\n\n<p>Returns true if the variable passed to this function is a hash.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_integer</h2>\n\n<p>Returns true if the variable returned to this string is an integer.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_ip_address</h2>\n\n<p>Returns true if the string passed to this function is a valid IP address.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_mac_address</h2>\n\n<p>Returns true if the string passed to this function is a valid mac address.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_numeric</h2>\n\n<p>Returns true if the variable passed to this function is a number.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_string</h2>\n\n<p>Returns true if the variable passed to this function is a string.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>join</h2>\n\n<p>This function joins an array into a string using a seperator.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>join(['a','b','c'], ",")\n</code></pre>\n\n<p>Would result in: "a,b,c"</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>join_keys_to_values</h2>\n\n<p>This function joins each key of a hash to that key's corresponding value with a\nseparator. Keys and values are cast to strings. The return value is an array in\nwhich each element is one joined key/value pair.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>join_keys_to_values({'a'=>1,'b'=>2}, " is ")\n</code></pre>\n\n<p>Would result in: ["a is 1","b is 2"]</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>keys</h2>\n\n<p>Returns the keys of a hash as an array.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>loadyaml</h2>\n\n<p>Load a YAML file containing an array, string, or hash, and return the data\nin the corresponding native data type.</p>\n\n<p>For example:</p>\n\n<pre><code>$myhash = loadyaml('/etc/puppet/data/myhash.yaml')\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>lstrip</h2>\n\n<p>Strips leading spaces to the left of a string.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>max</h2>\n\n<p>Returns the highest value of all arguments.\nRequires at least one argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>member</h2>\n\n<p>This function determines if a variable is a member of an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>member(['a','b'], 'b')\n</code></pre>\n\n<p>Would return: true</p>\n\n<pre><code>member(['a','b'], 'c')\n</code></pre>\n\n<p>Would return: false</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>merge</h2>\n\n<p>Merges two or more hashes together and returns the resulting hash.</p>\n\n<p>For example:</p>\n\n<pre><code>$hash1 = {'one' => 1, 'two', => 2}\n$hash2 = {'two' => 'dos', 'three', => 'tres'}\n$merged_hash = merge($hash1, $hash2)\n# The resulting hash is equivalent to:\n# $merged_hash = {'one' => 1, 'two' => 'dos', 'three' => 'tres'}\n</code></pre>\n\n<p>When there is a duplicate key, the key in the rightmost hash will "win."</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>min</h2>\n\n<p>Returns the lowest value of all arguments.\nRequires at least one argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>num2bool</h2>\n\n<p>This function converts a number or a string representation of a number into a\ntrue boolean. Zero or anything non-numeric becomes false. Numbers higher then 0\nbecome true.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>parsejson</h2>\n\n<p>This function accepts JSON as a string and converts into the correct Puppet\nstructure.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>parseyaml</h2>\n\n<p>This function accepts YAML as a string and converts it into the correct\nPuppet structure.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>pick</h2>\n\n<p>This function is similar to a coalesce function in SQL in that it will return\nthe first value in a list of values that is not undefined or an empty string\n(two things in Puppet that will return a boolean false value). Typically,\nthis function is used to check for a value in the Puppet Dashboard/Enterprise\nConsole, and failover to a default value like the following:</p>\n\n<pre><code>$real_jenkins_version = pick($::jenkins_version, '1.449')\n</code></pre>\n\n<p>The value of $real_jenkins_version will first look for a top-scope variable\ncalled 'jenkins_version' (note that parameters set in the Puppet Dashboard/\nEnterprise Console are brought into Puppet as top-scope variables), and,\nfailing that, will use a default value of 1.449.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>prefix</h2>\n\n<p>This function applies a prefix to all elements in an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>prefix(['a','b','c'], 'p')\n</code></pre>\n\n<p>Will return: ['pa','pb','pc']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>range</h2>\n\n<p>When given range in the form of (start, stop) it will extrapolate a range as\nan array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>range("0", "9")\n</code></pre>\n\n<p>Will return: [0,1,2,3,4,5,6,7,8,9]</p>\n\n<pre><code>range("00", "09")\n</code></pre>\n\n<p>Will return: <a href=\"Zero%20padded%20strings%20are%20converted%20to%0Aintegers%20automatically\">0,1,2,3,4,5,6,7,8,9</a></p>\n\n<pre><code>range("a", "c")\n</code></pre>\n\n<p>Will return: ["a","b","c"]</p>\n\n<pre><code>range("host01", "host10")\n</code></pre>\n\n<p>Will return: ["host01", "host02", ..., "host09", "host10"]</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>reject</h2>\n\n<p>This function searches through an array and rejects all elements that match\nthe provided regular expression.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>reject(['aaa','bbb','ccc','aaaddd'], 'aaa')\n</code></pre>\n\n<p>Would return:</p>\n\n<pre><code>['bbb','ccc']\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>reverse</h2>\n\n<p>Reverses the order of a string or array.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>rstrip</h2>\n\n<p>Strips leading spaces to the right of the string.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>shuffle</h2>\n\n<p>Randomizes the order of a string or array elements.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>size</h2>\n\n<p>Returns the number of elements in a string or array.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>sort</h2>\n\n<p>Sorts strings and arrays lexically.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>squeeze</h2>\n\n<p>Returns a new string where runs of the same character that occur in this set\nare replaced by a single character.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>str2bool</h2>\n\n<p>This converts a string to a boolean. This attempt to convert strings that\ncontain things like: y, 1, t, true to 'true' and strings that contain things\nlike: 0, f, n, false, no to 'false'.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>str2saltedsha512</h2>\n\n<p>This converts a string to a salted-SHA512 password hash (which is used for\nOS X versions >= 10.7). Given any simple string, you will get a hex version\nof a salted-SHA512 password hash that can be inserted into your Puppet\nmanifests as a valid password attribute.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>strftime</h2>\n\n<p>This function returns formatted time.</p>\n\n<p><em>Examples:</em></p>\n\n<p>To return the time since epoch:</p>\n\n<pre><code>strftime("%s")\n</code></pre>\n\n<p>To return the date:</p>\n\n<pre><code>strftime("%Y-%m-%d")\n</code></pre>\n\n<p><em>Format meaning:</em></p>\n\n<pre><code>%a - The abbreviated weekday name (``Sun'')\n%A - The full weekday name (``Sunday'')\n%b - The abbreviated month name (``Jan'')\n%B - The full month name (``January'')\n%c - The preferred local date and time representation\n%C - Century (20 in 2009)\n%d - Day of the month (01..31)\n%D - Date (%m/%d/%y)\n%e - Day of the month, blank-padded ( 1..31)\n%F - Equivalent to %Y-%m-%d (the ISO 8601 date format)\n%h - Equivalent to %b\n%H - Hour of the day, 24-hour clock (00..23)\n%I - Hour of the day, 12-hour clock (01..12)\n%j - Day of the year (001..366)\n%k - hour, 24-hour clock, blank-padded ( 0..23)\n%l - hour, 12-hour clock, blank-padded ( 0..12)\n%L - Millisecond of the second (000..999)\n%m - Month of the year (01..12)\n%M - Minute of the hour (00..59)\n%n - Newline (\n</code></pre>\n\n<p>)\n %N - Fractional seconds digits, default is 9 digits (nanosecond)\n %3N millisecond (3 digits)\n %6N microsecond (6 digits)\n %9N nanosecond (9 digits)\n %p - Meridian indicator (<code>AM'' or</code>PM'')\n %P - Meridian indicator (<code>am'' or</code>pm'')\n %r - time, 12-hour (same as %I:%M:%S %p)\n %R - time, 24-hour (%H:%M)\n %s - Number of seconds since 1970-01-01 00:00:00 UTC.\n %S - Second of the minute (00..60)\n %t - Tab character ( )\n %T - time, 24-hour (%H:%M:%S)\n %u - Day of the week as a decimal, Monday being 1. (1..7)\n %U - Week number of the current year,\n starting with the first Sunday as the first\n day of the first week (00..53)\n %v - VMS date (%e-%b-%Y)\n %V - Week number of year according to ISO 8601 (01..53)\n %W - Week number of the current year,\n starting with the first Monday as the first\n day of the first week (00..53)\n %w - Day of the week (Sunday is 0, 0..6)\n %x - Preferred representation for the date alone, no time\n %X - Preferred representation for the time alone, no date\n %y - Year without a century (00..99)\n %Y - Year with century\n %z - Time zone as hour offset from UTC (e.g. +0900)\n %Z - Time zone name\n %% - Literal ``%'' character</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>strip</h2>\n\n<p>This function removes leading and trailing whitespace from a string or from\nevery string inside an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>strip(" aaa ")\n</code></pre>\n\n<p>Would result in: "aaa"</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>suffix</h2>\n\n<p>This function applies a suffix to all elements in an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>suffix(['a','b','c'], 'p')\n</code></pre>\n\n<p>Will return: ['ap','bp','cp']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>swapcase</h2>\n\n<p>This function will swap the existing case of a string.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>swapcase("aBcD")\n</code></pre>\n\n<p>Would result in: "AbCd"</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>time</h2>\n\n<p>This function will return the current time since epoch as an integer.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>time()\n</code></pre>\n\n<p>Will return something like: 1311972653</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>to_bytes</h2>\n\n<p>Converts the argument into bytes, for example 4 kB becomes 4096.\nTakes a single string value as an argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>type</h2>\n\n<p>Returns the type when passed a variable. Type can be one of:</p>\n\n<ul>\n<li>string</li>\n<li>array</li>\n<li>hash</li>\n<li>float</li>\n<li>integer</li>\n<li><p>boolean</p></li>\n<li><p><em>Type</em>: rvalue</p></li>\n</ul>\n\n<h2>unique</h2>\n\n<p>This function will remove duplicates from strings and arrays.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>unique("aabbcc")\n</code></pre>\n\n<p>Will return:</p>\n\n<pre><code>abc\n</code></pre>\n\n<p>You can also use this with arrays:</p>\n\n<pre><code>unique(["a","a","b","b","c","c"])\n</code></pre>\n\n<p>This returns:</p>\n\n<pre><code>["a","b","c"]\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>upcase</h2>\n\n<p>Converts a string or an array of strings to uppercase.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>upcase("abcd")\n</code></pre>\n\n<p>Will return:</p>\n\n<pre><code>ASDF\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>uriescape</h2>\n\n<p>Urlencodes a string or array of strings.\nRequires either a single string or an array as an input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>validate_absolute_path</h2>\n\n<p>Validate the string represents an absolute path in the filesystem. This function works\nfor windows and unix style paths.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$my_path = "C:/Program Files (x86)/Puppet Labs/Puppet"\nvalidate_absolute_path($my_path)\n$my_path2 = "/var/lib/puppet"\nvalidate_absolute_path($my_path2)\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>validate_absolute_path(true)\nvalidate_absolute_path([ 'var/lib/puppet', '/var/foo' ])\nvalidate_absolute_path([ '/var/lib/puppet', 'var/foo' ])\n$undefined = undef\nvalidate_absolute_path($undefined)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_array</h2>\n\n<p>Validate that all passed values are array data structures. Abort catalog\ncompilation if any value fails this check.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$my_array = [ 'one', 'two' ]\nvalidate_array($my_array)\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>validate_array(true)\nvalidate_array('some_string')\n$undefined = undef\nvalidate_array($undefined)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_augeas</h2>\n\n<p>Perform validation of a string using an Augeas lens\nThe first argument of this function should be a string to\ntest, and the second argument should be the name of the Augeas lens to use.\nIf Augeas fails to parse the string with the lens, the compilation will\nabort with a parse error.</p>\n\n<p>A third argument can be specified, listing paths which should\nnot be found in the file. The <code>$file</code> variable points to the location\nof the temporary file being tested in the Augeas tree.</p>\n\n<p>For example, if you want to make sure your passwd content never contains\na user <code>foo</code>, you could write:</p>\n\n<pre><code>validate_augeas($passwdcontent, 'Passwd.lns', ['$file/foo'])\n</code></pre>\n\n<p>Or if you wanted to ensure that no users used the '/bin/barsh' shell,\nyou could use:</p>\n\n<pre><code>validate_augeas($passwdcontent, 'Passwd.lns', ['$file/*[shell="/bin/barsh"]']\n</code></pre>\n\n<p>If a fourth argument is specified, this will be the error message raised and\nseen by the user.</p>\n\n<p>A helpful error message can be returned like this:</p>\n\n<pre><code>validate_augeas($sudoerscontent, 'Sudoers.lns', [], 'Failed to validate sudoers content with Augeas')\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_bool</h2>\n\n<p>Validate that all passed values are either true or false. Abort catalog\ncompilation if any value fails this check.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$iamtrue = true\nvalidate_bool(true)\nvalidate_bool(true, true, false, $iamtrue)\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>$some_array = [ true ]\nvalidate_bool("false")\nvalidate_bool("true")\nvalidate_bool($some_array)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_cmd</h2>\n\n<p>Perform validation of a string with an external command.\nThe first argument of this function should be a string to\ntest, and the second argument should be a path to a test command\ntaking a file as last argument. If the command, launched against\na tempfile containing the passed string, returns a non-null value,\ncompilation will abort with a parse error.</p>\n\n<p>If a third argument is specified, this will be the error message raised and\nseen by the user.</p>\n\n<p>A helpful error message can be returned like this:</p>\n\n<p>Example:</p>\n\n<pre><code>validate_cmd($sudoerscontent, '/usr/sbin/visudo -c -f', 'Visudo failed to validate sudoers content')\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_hash</h2>\n\n<p>Validate that all passed values are hash data structures. Abort catalog\ncompilation if any value fails this check.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$my_hash = { 'one' => 'two' }\nvalidate_hash($my_hash)\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>validate_hash(true)\nvalidate_hash('some_string')\n$undefined = undef\nvalidate_hash($undefined)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_re</h2>\n\n<p>Perform simple validation of a string against one or more regular\nexpressions. The first argument of this function should be a string to\ntest, and the second argument should be a stringified regular expression\n(without the // delimiters) or an array of regular expressions. If none\nof the regular expressions match the string passed in, compilation will\nabort with a parse error.</p>\n\n<p>If a third argument is specified, this will be the error message raised and\nseen by the user.</p>\n\n<p>The following strings will validate against the regular expressions:</p>\n\n<pre><code>validate_re('one', '^one$')\nvalidate_re('one', [ '^one', '^two' ])\n</code></pre>\n\n<p>The following strings will fail to validate, causing compilation to abort:</p>\n\n<pre><code>validate_re('one', [ '^two', '^three' ])\n</code></pre>\n\n<p>A helpful error message can be returned like this:</p>\n\n<pre><code>validate_re($::puppetversion, '^2.7', 'The $puppetversion fact value does not match 2.7')\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_slength</h2>\n\n<p>Validate that the first argument is a string (or an array of strings), and\nless/equal to than the length of the second argument. It fails if the first\nargument is not a string or array of strings, and if arg 2 is not convertable\nto a number.</p>\n\n<p>The following values will pass:</p>\n\n<p>validate_slength("discombobulate",17)\n validate_slength(["discombobulate","moo"],17)</p>\n\n<p>The following valueis will not:</p>\n\n<p>validate_slength("discombobulate",1)\n validate_slength(["discombobulate","thermometer"],5)</p>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_string</h2>\n\n<p>Validate that all passed values are string data structures. Abort catalog\ncompilation if any value fails this check.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$my_string = "one two"\nvalidate_string($my_string, 'three')\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>validate_string(true)\nvalidate_string([ 'some', 'array' ])\n$undefined = undef\nvalidate_string($undefined)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>values</h2>\n\n<p>When given a hash this function will return the values of that hash.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>$hash = {\n 'a' => 1,\n 'b' => 2,\n 'c' => 3,\n}\nvalues($hash)\n</code></pre>\n\n<p>This example would return:</p>\n\n<pre><code>[1,2,3]\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>values_at</h2>\n\n<p>Finds value inside an array based on location.</p>\n\n<p>The first argument is the array you want to analyze, and the second element can\nbe a combination of:</p>\n\n<ul>\n<li>A single numeric index</li>\n<li>A range in the form of 'start-stop' (eg. 4-9)</li>\n<li>An array combining the above</li>\n</ul>\n\n<p><em>Examples</em>:</p>\n\n<pre><code>values_at(['a','b','c'], 2)\n</code></pre>\n\n<p>Would return ['c'].</p>\n\n<pre><code>values_at(['a','b','c'], ["0-1"])\n</code></pre>\n\n<p>Would return ['a','b'].</p>\n\n<pre><code>values_at(['a','b','c','d','e'], [0, "2-3"])\n</code></pre>\n\n<p>Would return ['a','c','d'].</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>zip</h2>\n\n<p>Takes one element from first array and merges corresponding elements from second array. This generates a sequence of n-element arrays, where n is one more than the count of arguments.</p>\n\n<p><em>Example:</em></p>\n\n<pre><code>zip(['1','2','3'],['4','5','6'])\n</code></pre>\n\n<p>Would result in:</p>\n\n<pre><code>["1", "4"], ["2", "5"], ["3", "6"]\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<p><em>This page autogenerated on 2013-04-11 13:54:25 -0700</em></p>\n</section>",
|
|
317
|
-
"changelog": "<section class=\"plaintext\"><pre>2013-05-06 - Jeff McCune <jeff@puppetlabs.com> - 4.1.0\n * (#20582) Restore facter_dot_d to stdlib for PE users (3b887c8)\n * (maint) Update Gemfile with GEM_FACTER_VERSION (f44d535)\n\n2013-05-06 - Alex Cline <acline@us.ibm.com> - 4.1.0\n * Terser method of string to array conversion courtesy of ethooz. (d38bce0)\n\n2013-05-06 - Alex Cline <acline@us.ibm.com> 4.1.0\n * Refactor ensure_resource expectations (b33cc24)\n\n2013-05-06 - Alex Cline <acline@us.ibm.com> 4.1.0\n * Changed str-to-array conversion and removed abbreviation. (de253db)\n\n2013-05-03 - Alex Cline <acline@us.ibm.com> 4.1.0\n * (#20548) Allow an array of resource titles to be passed into the ensure_resource function (e08734a)\n\n2013-05-02 - Raphaël Pinson <raphael.pinson@camptocamp.com> - 4.1.0\n * Add a dirname function (2ba9e47)\n\n2013-04-29 - Mark Smith-Guerrero <msmithgu@gmail.com> - 4.1.0\n * (maint) Fix a small typo in hash() description (928036a)\n\n2013-04-12 - Jeff McCune <jeff@puppetlabs.com> - 4.0.2\n * Update user information in gemspec to make the intent of the Gem clear.\n\n2013-04-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.1\n * Fix README function documentation (ab3e30c)\n\n2013-04-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * stdlib 4.0 drops support with Puppet 2.7\n * stdlib 4.0 preserves support with Puppet 3\n\n2013-04-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * Add ability to use puppet from git via bundler (9c5805f)\n\n2013-04-10 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * (maint) Make stdlib usable as a Ruby GEM (e81a45e)\n\n2013-04-10 - Erik Dalén <dalen@spotify.com> - 4.0.0\n * Add a count function (f28550e)\n\n2013-03-31 - Amos Shapira <ashapira@atlassian.com> - 4.0.0\n * (#19998) Implement any2array (7a2fb80)\n\n2013-03-29 - Steve Huff <shuff@vecna.org> - 4.0.0\n * (19864) num2bool match fix (8d217f0)\n\n2013-03-20 - Erik Dalén <dalen@spotify.com> - 4.0.0\n * Allow comparisons of Numeric and number as String (ff5dd5d)\n\n2013-03-26 - Richard Soderberg <rsoderberg@mozilla.com> - 4.0.0\n * add suffix function to accompany the prefix function (88a93ac)\n\n2013-03-19 - Kristof Willaert <kristof.willaert@gmail.com> - 4.0.0\n * Add floor function implementation and unit tests (0527341)\n\n2012-04-03 - Eric Shamow <eric@puppetlabs.com> - 4.0.0\n * (#13610) Add is_function_available to stdlib (961dcab)\n\n2012-12-17 - Justin Lambert <jlambert@eml.cc> - 4.0.0\n * str2bool should return a boolean if called with a boolean (5d5a4d4)\n\n2012-10-23 - Uwe Stuehler <ustuehler@team.mobile.de> - 4.0.0\n * Fix number of arguments check in flatten() (e80207b)\n\n2013-03-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * Add contributing document (96e19d0)\n\n2013-03-04 - Raphaël Pinson <raphael.pinson@camptocamp.com> - 4.0.0\n * Add missing documentation for validate_augeas and validate_cmd to README.markdown (a1510a1)\n\n2013-02-14 - Joshua Hoblitt <jhoblitt@cpan.org> - 4.0.0\n * (#19272) Add has_element() function (95cf3fe)\n\n2013-02-07 - Raphaël Pinson <raphael.pinson@camptocamp.com> - 4.0.0\n * validate_cmd(): Use Puppet::Util::Execution.execute when available (69248df)\n\n2012-12-06 - Raphaël Pinson <raphink@gmail.com> - 4.0.0\n * Add validate_augeas function (3a97c23)\n\n2012-12-06 - Raphaël Pinson <raphink@gmail.com> - 4.0.0\n * Add validate_cmd function (6902cc5)\n\n2013-01-14 - David Schmitt <david@dasz.at> - 4.0.0\n * Add geppetto project definition (b3fc0a3)\n\n2013-01-02 - Jaka Hudoklin <jakahudoklin@gmail.com> - 4.0.0\n * Add getparam function to get defined resource parameters (20e0e07)\n\n2013-01-05 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * (maint) Add Travis CI Support (d082046)\n\n2012-12-04 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * Clarify that stdlib 3 supports Puppet 3 (3a6085f)\n\n2012-11-30 - Erik Dalén <dalen@spotify.com> - 4.0.0\n * maint: style guideline fixes (7742e5f)\n\n2012-11-09 - James Fryman <james@frymanet.com> - 4.0.0\n * puppet-lint cleanup (88acc52)\n\n2012-11-06 - Joe Julian <me@joejulian.name> - 4.0.0\n * Add function, uriescape, to URI.escape strings. Redmine #17459 (fd52b8d)\n\n2012-09-18 - Chad Metcalf <chad@wibidata.com> - 3.2.0\n * Add an ensure_packages function. (8a8c09e)\n\n2012-11-23 - Erik Dalén <dalen@spotify.com> - 3.2.0\n * (#17797) min() and max() functions (9954133)\n\n2012-05-23 - Peter Meier <peter.meier@immerda.ch> - 3.2.0\n * (#14670) autorequire a file_line resource's path (dfcee63)\n\n2012-11-19 - Joshua Harlan Lifton <lifton@puppetlabs.com> - 3.2.0\n * Add join_keys_to_values function (ee0f2b3)\n\n2012-11-17 - Joshua Harlan Lifton <lifton@puppetlabs.com> - 3.2.0\n * Extend delete function for strings and hashes (7322e4d)\n\n2012-08-03 - Gary Larizza <gary@puppetlabs.com> - 3.2.0\n * Add the pick() function (ba6dd13)\n\n2012-03-20 - Wil Cooley <wcooley@pdx.edu> - 3.2.0\n * (#13974) Add predicate functions for interface facts (f819417)\n\n2012-11-06 - Joe Julian <me@joejulian.name> - 3.2.0\n * Add function, uriescape, to URI.escape strings. Redmine #17459 (70f4a0e)\n\n2012-10-25 - Jeff McCune <jeff@puppetlabs.com> - 3.1.1\n * (maint) Fix spec failures resulting from Facter API changes (97f836f)\n\n2012-10-23 - Matthaus Owens <matthaus@puppetlabs.com> - 3.1.0\n * Add PE facts to stdlib (cdf3b05)\n\n2012-08-16 - Jeff McCune <jeff@puppetlabs.com> - 3.0.1\n * Fix accidental removal of facts_dot_d.rb in 3.0.0 release\n\n2012-08-16 - Jeff McCune <jeff@puppetlabs.com> - 3.0.0\n * stdlib 3.0 drops support with Puppet 2.6\n * stdlib 3.0 preserves support with Puppet 2.7\n\n2012-08-07 - Dan Bode <dan@puppetlabs.com> - 3.0.0\n * Add function ensure_resource and defined_with_params (ba789de)\n\n2012-07-10 - Hailee Kenney <hailee@puppetlabs.com> - 3.0.0\n * (#2157) Remove facter_dot_d for compatibility with external facts (f92574f)\n\n2012-04-10 - Chris Price <chris@puppetlabs.com> - 3.0.0\n * (#13693) moving logic from local spec_helper to puppetlabs_spec_helper (85f96df)\n\n2012-10-25 - Jeff McCune <jeff@puppetlabs.com> - 2.5.1\n * (maint) Fix spec failures resulting from Facter API changes (97f836f)\n\n2012-10-23 - Matthaus Owens <matthaus@puppetlabs.com> - 2.5.0\n * Add PE facts to stdlib (cdf3b05)\n\n2012-08-15 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Explicitly load functions used by ensure_resource (9fc3063)\n\n2012-08-13 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Add better docs about duplicate resource failures (97d327a)\n\n2012-08-13 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Handle undef for parameter argument (4f8b133)\n\n2012-08-07 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Add function ensure_resource and defined_with_params (a0cb8cd)\n\n2012-08-20 - Jeff McCune <jeff@puppetlabs.com> - 2.5.0\n * Disable tests that fail on 2.6.x due to #15912 (c81496e)\n\n2012-08-20 - Jeff McCune <jeff@puppetlabs.com> - 2.5.0\n * (Maint) Fix mis-use of rvalue functions as statements (4492913)\n\n2012-08-20 - Jeff McCune <jeff@puppetlabs.com> - 2.5.0\n * Add .rspec file to repo root (88789e8)\n\n2012-06-07 - Chris Price <chris@puppetlabs.com> - 2.4.0\n * Add support for a 'match' parameter to file_line (a06c0d8)\n\n2012-08-07 - Erik Dalén <dalen@spotify.com> - 2.4.0\n * (#15872) Add to_bytes function (247b69c)\n\n2012-07-19 - Jeff McCune <jeff@puppetlabs.com> - 2.4.0\n * (Maint) use PuppetlabsSpec::PuppetInternals.scope (master) (deafe88)\n\n2012-07-10 - Hailee Kenney <hailee@puppetlabs.com> - 2.4.0\n * (#2157) Make facts_dot_d compatible with external facts (5fb0ddc)\n\n2012-03-16 - Steve Traylen <steve.traylen@cern.ch> - 2.4.0\n * (#13205) Rotate array/string randomley based on fqdn, fqdn_rotate() (fef247b)\n\n2012-05-22 - Peter Meier <peter.meier@immerda.ch> - 2.3.3\n * fix regression in #11017 properly (f0a62c7)\n\n2012-05-10 - Jeff McCune <jeff@puppetlabs.com> - 2.3.3\n * Fix spec tests using the new spec_helper (7d34333)\n\n2012-05-10 - Puppet Labs <support@puppetlabs.com> - 2.3.2\n * Make file_line default to ensure => present (1373e70)\n * Memoize file_line spec instance variables (20aacc5)\n * Fix spec tests using the new spec_helper (1ebfa5d)\n * (#13595) initialize_everything_for_tests couples modules Puppet ver (3222f35)\n * (#13439) Fix MRI 1.9 issue with spec_helper (15c5fd1)\n * (#13439) Fix test failures with Puppet 2.6.x (665610b)\n * (#13439) refactor spec helper for compatibility with both puppet 2.7 and master (82194ca)\n * (#13494) Specify the behavior of zero padded strings (61891bb)\n\n2012-03-29 Puppet Labs <support@puppetlabs.com> - 2.1.3\n* (#11607) Add Rakefile to enable spec testing\n* (#12377) Avoid infinite loop when retrying require json\n\n2012-03-13 Puppet Labs <support@puppetlabs.com> - 2.3.1\n* (#13091) Fix LoadError bug with puppet apply and puppet_vardir fact\n\n2012-03-12 Puppet Labs <support@puppetlabs.com> - 2.3.0\n* Add a large number of new Puppet functions\n* Backwards compatibility preserved with 2.2.x\n\n2011-12-30 Puppet Labs <support@puppetlabs.com> - 2.2.1\n* Documentation only release for the Forge\n\n2011-12-30 Puppet Labs <support@puppetlabs.com> - 2.1.2\n* Documentation only release for PE 2.0.x\n\n2011-11-08 Puppet Labs <support@puppetlabs.com> - 2.2.0\n* #10285 - Refactor json to use pson instead.\n* Maint - Add watchr autotest script\n* Maint - Make rspec tests work with Puppet 2.6.4\n* #9859 - Add root_home fact and tests\n\n2011-08-18 Puppet Labs <support@puppetlabs.com> - 2.1.1\n* Change facts.d paths to match Facter 2.0 paths.\n* /etc/facter/facts.d\n* /etc/puppetlabs/facter/facts.d\n\n2011-08-17 Puppet Labs <support@puppetlabs.com> - 2.1.0\n* Add R.I. Pienaar's facts.d custom facter fact\n* facts defined in /etc/facts.d and /etc/puppetlabs/facts.d are\n automatically loaded now.\n\n2011-08-04 Puppet Labs <support@puppetlabs.com> - 2.0.0\n* Rename whole_line to file_line\n* This is an API change and as such motivating a 2.0.0 release according to semver.org.\n\n2011-08-04 Puppet Labs <support@puppetlabs.com> - 1.1.0\n* Rename append_line to whole_line\n* This is an API change and as such motivating a 1.1.0 release.\n\n2011-08-04 Puppet Labs <support@puppetlabs.com> - 1.0.0\n* Initial stable release\n* Add validate_array and validate_string functions\n* Make merge() function work with Ruby 1.8.5\n* Add hash merging function\n* Add has_key function\n* Add loadyaml() function\n* Add append_line native\n\n2011-06-21 Jeff McCune <jeff@puppetlabs.com> - 0.1.7\n* Add validate_hash() and getvar() functions\n\n2011-06-15 Jeff McCune <jeff@puppetlabs.com> - 0.1.6\n* Add anchor resource type to provide containment for composite classes\n\n2011-06-03 Jeff McCune <jeff@puppetlabs.com> - 0.1.5\n* Add validate_bool() function to stdlib\n\n0.1.4 2011-05-26 Jeff McCune <jeff@puppetlabs.com>\n* Move most stages after main\n\n0.1.3 2011-05-25 Jeff McCune <jeff@puppetlabs.com>\n* Add validate_re() function\n\n0.1.2 2011-05-24 Jeff McCune <jeff@puppetlabs.com>\n* Update to add annotated tag\n\n0.1.1 2011-05-24 Jeff McCune <jeff@puppetlabs.com>\n* Add stdlib::stages class with a standard set of stages\n</pre></section>",
|
|
316
|
+
"readme": "<section class=\"markdown\"><h1>Puppet Labs Standard Library</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-stdlib\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-stdlib.png?branch=main\" alt=\"Build Status\"></a></p>\n\n<p>This module provides a "standard library" of resources for developing Puppet\nModules. This modules will include the following additions to Puppet</p>\n\n<ul>\n<li>Stages</li>\n<li>Facts</li>\n<li>Functions</li>\n<li>Defined resource types</li>\n<li>Types</li>\n<li>Providers</li>\n</ul>\n\n<p>This module is officially curated and provided by Puppet Labs. The modules\nPuppet Labs writes and distributes will make heavy use of this standard\nlibrary.</p>\n\n<p>To report or research a bug with any part of this module, please go to\n<a href=\"http://projects.puppetlabs.com/projects/stdlib\">http://projects.puppetlabs.com/projects/stdlib</a></p>\n\n<h1>Versions</h1>\n\n<p>This module follows semver.org (v1.0.0) versioning guidelines. The standard\nlibrary module is released as part of <a href=\"http://puppetlabs.com/puppet/puppet-enterprise/\">Puppet\nEnterprise</a> and as a result\nolder versions of Puppet Enterprise that Puppet Labs still supports will have\nbugfix maintenance branches periodically "merged up" into main. The current\nlist of integration branches are:</p>\n\n<ul>\n<li>v2.1.x (v2.1.1 released in PE 1)</li>\n<li>v2.2.x (Never released as part of PE, only to the Forge)</li>\n<li>v2.3.x (Released in PE 2)</li>\n<li>v3.0.x (Never released as part of PE, only to the Forge)</li>\n<li>v4.0.x (Drops support for Puppet 2.7)</li>\n<li>main (mainline development branch)</li>\n</ul>\n\n<p>The first Puppet Enterprise version including the stdlib module is Puppet\nEnterprise 1.2.</p>\n\n<h1>Compatibility</h1>\n\n<table><thead>\n<tr>\n<th align=\"left\">Puppet Versions</th>\n<th align=\"center\">< 2.6</th>\n<th align=\"center\">2.6</th>\n<th align=\"center\">2.7</th>\n<th align=\"center\">3.x</th>\n</tr>\n</thead><tbody>\n<tr>\n<td align=\"left\"><strong>stdlib 2.x</strong></td>\n<td align=\"center\">no</td>\n<td align=\"center\"><strong>yes</strong></td>\n<td align=\"center\"><strong>yes</strong></td>\n<td align=\"center\">no</td>\n</tr>\n<tr>\n<td align=\"left\"><strong>stdlib 3.x</strong></td>\n<td align=\"center\">no</td>\n<td align=\"center\">no</td>\n<td align=\"center\"><strong>yes</strong></td>\n<td align=\"center\"><strong>yes</strong></td>\n</tr>\n<tr>\n<td align=\"left\"><strong>stdlib 4.x</strong></td>\n<td align=\"center\">no</td>\n<td align=\"center\">no</td>\n<td align=\"center\">no</td>\n<td align=\"center\"><strong>yes</strong></td>\n</tr>\n</tbody></table>\n\n<p>The stdlib module does not work with Puppet versions released prior to Puppet\n2.6.0.</p>\n\n<h2>stdlib 2.x</h2>\n\n<p>All stdlib releases in the 2.0 major version support Puppet 2.6 and Puppet 2.7.</p>\n\n<h2>stdlib 3.x</h2>\n\n<p>The 3.0 major release of stdlib drops support for Puppet 2.6. Stdlib 3.x\nsupports Puppet 2 and Puppet 3.</p>\n\n<h2>stdlib 4.x</h2>\n\n<p>The 4.0 major release of stdlib drops support for Puppet 2.7. Stdlib 4.x\nsupports Puppet 3. Notably, ruby 1.8.5 is no longer supported though ruby\n1.8.7, 1.9.3, and 2.0.0 are fully supported.</p>\n\n<h1>Functions</h1>\n\n<h2>abs</h2>\n\n<p>Returns the absolute value of a number, for example -34.56 becomes\n34.56. Takes a single integer and float value as an argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>any2array</h2>\n\n<p>This converts any object to an array containing that object. Empty argument\nlists are converted to an empty array. Arrays are left untouched. Hashes are\nconverted to arrays of alternating keys and values.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>bool2num</h2>\n\n<p>Converts a boolean to a number. Converts the values:\nfalse, f, 0, n, and no to 0\ntrue, t, 1, y, and yes to 1\n Requires a single boolean or string as an input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>capitalize</h2>\n\n<p>Capitalizes the first letter of a string or array of strings.\nRequires either a single string or an array as an input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>chomp</h2>\n\n<p>Removes the record separator from the end of a string or an array of\nstrings, for example <code>hello\\n</code> becomes <code>hello</code>.\nRequires a single string or array as an input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>chop</h2>\n\n<p>Returns a new string with the last character removed. If the string ends\nwith <code>\\r\\n</code>, both characters are removed. Applying chop to an empty\nstring returns an empty string. If you wish to merely remove record\nseparators then you should use the <code>chomp</code> function.\nRequires a string or array of strings as input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>concat</h2>\n\n<p>Appends the contents of array 2 onto array 1.</p>\n\n<p><em>Example:</em></p>\n\n<pre><code>concat(['1','2','3'],['4','5','6'])\n</code></pre>\n\n<p>Would result in:</p>\n\n<p>['1','2','3','4','5','6']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>count</h2>\n\n<p>Takes an array as first argument and an optional second argument.\nCount the number of elements in array that matches second argument.\nIf called with only an array it counts the number of elements that are not nil/undef.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>defined_with_params</h2>\n\n<p>Takes a resource reference and an optional hash of attributes.</p>\n\n<p>Returns true if a resource with the specified attributes has already been added\nto the catalog, and false otherwise.</p>\n\n<pre><code>user { 'dan':\n ensure => present,\n}\n\nif ! defined_with_params(User[dan], {'ensure' => 'present' }) {\n user { 'dan': ensure => present, }\n}\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>delete</h2>\n\n<p>Deletes all instances of a given element from an array, substring from a\nstring, or key from a hash.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>delete(['a','b','c','b'], 'b')\nWould return: ['a','c']\n\ndelete({'a'=>1,'b'=>2,'c'=>3}, 'b')\nWould return: {'a'=>1,'c'=>3}\n\ndelete('abracadabra', 'bra')\nWould return: 'acada'\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>delete_at</h2>\n\n<p>Deletes a determined indexed value from an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>delete_at(['a','b','c'], 1)\n</code></pre>\n\n<p>Would return: ['a','c']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>dirname</h2>\n\n<p>Returns the <code>dirname</code> of a path.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>dirname('/path/to/a/file.ext')\n</code></pre>\n\n<p>Would return: '/path/to/a'</p>\n\n<h2>downcase</h2>\n\n<p>Converts the case of a string or all strings in an array to lower case.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>empty</h2>\n\n<p>Returns true if the variable is empty.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>ensure_packages</h2>\n\n<p>Takes a list of packages and only installs them if they don't already exist.</p>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>ensure_resource</h2>\n\n<p>Takes a resource type, title, and a list of attributes that describe a\nresource.</p>\n\n<pre><code>user { 'dan':\n ensure => present,\n}\n</code></pre>\n\n<p>This example only creates the resource if it does not already exist:</p>\n\n<pre><code>ensure_resource('user, 'dan', {'ensure' => 'present' })\n</code></pre>\n\n<p>If the resource already exists but does not match the specified parameters,\nthis function will attempt to recreate the resource leading to a duplicate\nresource definition error.</p>\n\n<p>An array of resources can also be passed in and each will be created with\nthe type and parameters specified if it doesn't already exist.</p>\n\n<pre><code>ensure_resource('user', ['dan','alex'], {'ensure' => 'present'})\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>flatten</h2>\n\n<p>This function flattens any deeply nested arrays and returns a single flat array\nas a result.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>flatten(['a', ['b', ['c']]])\n</code></pre>\n\n<p>Would return: ['a','b','c']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>floor</h2>\n\n<p>Returns the largest integer less or equal to the argument.\nTakes a single numeric value as an argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>fqdn_rotate</h2>\n\n<p>Rotates an array a random number of times based on a nodes fqdn.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>get_module_path</h2>\n\n<p>Returns the absolute path of the specified module for the current\nenvironment.</p>\n\n<p>Example:\n $module_path = get_module_path('stdlib')</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>getparam</h2>\n\n<p>Takes a resource reference and name of the parameter and\nreturns value of resource's parameter.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>define example_resource($param) {\n}\n\nexample_resource { "example_resource_instance":\n param => "param_value"\n}\n\ngetparam(Example_resource["example_resource_instance"], "param")\n</code></pre>\n\n<p>Would return: param_value</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>getvar</h2>\n\n<p>Lookup a variable in a remote namespace.</p>\n\n<p>For example:</p>\n\n<pre><code>$foo = getvar('site::data::foo')\n# Equivalent to $foo = $site::data::foo\n</code></pre>\n\n<p>This is useful if the namespace itself is stored in a string:</p>\n\n<pre><code>$datalocation = 'site::data'\n$bar = getvar("${datalocation}::bar")\n# Equivalent to $bar = $site::data::bar\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>grep</h2>\n\n<p>This function searches through an array and returns any elements that match\nthe provided regular expression.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>grep(['aaa','bbb','ccc','aaaddd'], 'aaa')\n</code></pre>\n\n<p>Would return:</p>\n\n<pre><code>['aaa','aaaddd']\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>has_interface_with</h2>\n\n<p>Returns boolean based on kind and value:</p>\n\n<ul>\n<li>macaddress</li>\n<li>netmask</li>\n<li>ipaddress</li>\n<li>network</li>\n</ul>\n\n<p>has_interface_with("macaddress", "x:x:x:x:x:x")\nhas_interface_with("ipaddress", "127.0.0.1") => true\netc.</p>\n\n<p>If no "kind" is given, then the presence of the interface is checked:\nhas_interface_with("lo") => true</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>has_ip_address</h2>\n\n<p>Returns true if the client has the requested IP address on some interface.</p>\n\n<p>This function iterates through the 'interfaces' fact and checks the\n'ipaddress_IFACE' facts, performing a simple string comparison.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>has_ip_network</h2>\n\n<p>Returns true if the client has an IP address within the requested network.</p>\n\n<p>This function iterates through the 'interfaces' fact and checks the\n'network_IFACE' facts, performing a simple string comparision.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>has_key</h2>\n\n<p>Determine if a hash has a certain key value.</p>\n\n<p>Example:</p>\n\n<pre><code>$my_hash = {'key_one' => 'value_one'}\nif has_key($my_hash, 'key_two') {\n notice('we will not reach here')\n}\nif has_key($my_hash, 'key_one') {\n notice('this will be printed')\n}\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>hash</h2>\n\n<p>This function converts an array into a hash.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>hash(['a',1,'b',2,'c',3])\n</code></pre>\n\n<p>Would return: {'a'=>1,'b'=>2,'c'=>3}</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_array</h2>\n\n<p>Returns true if the variable passed to this function is an array.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_domain_name</h2>\n\n<p>Returns true if the string passed to this function is a syntactically correct domain name.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_float</h2>\n\n<p>Returns true if the variable passed to this function is a float.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_function_available</h2>\n\n<p>This function accepts a string as an argument, determines whether the\nPuppet runtime has access to a function by that name. It returns a\ntrue if the function exists, false if not.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_hash</h2>\n\n<p>Returns true if the variable passed to this function is a hash.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_integer</h2>\n\n<p>Returns true if the variable returned to this string is an integer.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_ip_address</h2>\n\n<p>Returns true if the string passed to this function is a valid IP address.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_mac_address</h2>\n\n<p>Returns true if the string passed to this function is a valid mac address.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_numeric</h2>\n\n<p>Returns true if the variable passed to this function is a number.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_string</h2>\n\n<p>Returns true if the variable passed to this function is a string.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>join</h2>\n\n<p>This function joins an array into a string using a seperator.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>join(['a','b','c'], ",")\n</code></pre>\n\n<p>Would result in: "a,b,c"</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>join_keys_to_values</h2>\n\n<p>This function joins each key of a hash to that key's corresponding value with a\nseparator. Keys and values are cast to strings. The return value is an array in\nwhich each element is one joined key/value pair.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>join_keys_to_values({'a'=>1,'b'=>2}, " is ")\n</code></pre>\n\n<p>Would result in: ["a is 1","b is 2"]</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>keys</h2>\n\n<p>Returns the keys of a hash as an array.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>loadyaml</h2>\n\n<p>Load a YAML file containing an array, string, or hash, and return the data\nin the corresponding native data type.</p>\n\n<p>For example:</p>\n\n<pre><code>$myhash = loadyaml('/etc/puppet/data/myhash.yaml')\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>lstrip</h2>\n\n<p>Strips leading spaces to the left of a string.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>max</h2>\n\n<p>Returns the highest value of all arguments.\nRequires at least one argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>member</h2>\n\n<p>This function determines if a variable is a member of an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>member(['a','b'], 'b')\n</code></pre>\n\n<p>Would return: true</p>\n\n<pre><code>member(['a','b'], 'c')\n</code></pre>\n\n<p>Would return: false</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>merge</h2>\n\n<p>Merges two or more hashes together and returns the resulting hash.</p>\n\n<p>For example:</p>\n\n<pre><code>$hash1 = {'one' => 1, 'two', => 2}\n$hash2 = {'two' => 'dos', 'three', => 'tres'}\n$merged_hash = merge($hash1, $hash2)\n# The resulting hash is equivalent to:\n# $merged_hash = {'one' => 1, 'two' => 'dos', 'three' => 'tres'}\n</code></pre>\n\n<p>When there is a duplicate key, the key in the rightmost hash will "win."</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>min</h2>\n\n<p>Returns the lowest value of all arguments.\nRequires at least one argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>num2bool</h2>\n\n<p>This function converts a number or a string representation of a number into a\ntrue boolean. Zero or anything non-numeric becomes false. Numbers higher then 0\nbecome true.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>parsejson</h2>\n\n<p>This function accepts JSON as a string and converts into the correct Puppet\nstructure.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>parseyaml</h2>\n\n<p>This function accepts YAML as a string and converts it into the correct\nPuppet structure.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>pick</h2>\n\n<p>This function is similar to a coalesce function in SQL in that it will return\nthe first value in a list of values that is not undefined or an empty string\n(two things in Puppet that will return a boolean false value). Typically,\nthis function is used to check for a value in the Puppet Dashboard/Enterprise\nConsole, and failover to a default value like the following:</p>\n\n<pre><code>$real_jenkins_version = pick($::jenkins_version, '1.449')\n</code></pre>\n\n<p>The value of $real_jenkins_version will first look for a top-scope variable\ncalled 'jenkins_version' (note that parameters set in the Puppet Dashboard/\nEnterprise Console are brought into Puppet as top-scope variables), and,\nfailing that, will use a default value of 1.449.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>prefix</h2>\n\n<p>This function applies a prefix to all elements in an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>prefix(['a','b','c'], 'p')\n</code></pre>\n\n<p>Will return: ['pa','pb','pc']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>range</h2>\n\n<p>When given range in the form of (start, stop) it will extrapolate a range as\nan array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>range("0", "9")\n</code></pre>\n\n<p>Will return: [0,1,2,3,4,5,6,7,8,9]</p>\n\n<pre><code>range("00", "09")\n</code></pre>\n\n<p>Will return: <a href=\"Zero%20padded%20strings%20are%20converted%20to%0Aintegers%20automatically\">0,1,2,3,4,5,6,7,8,9</a></p>\n\n<pre><code>range("a", "c")\n</code></pre>\n\n<p>Will return: ["a","b","c"]</p>\n\n<pre><code>range("host01", "host10")\n</code></pre>\n\n<p>Will return: ["host01", "host02", ..., "host09", "host10"]</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>reject</h2>\n\n<p>This function searches through an array and rejects all elements that match\nthe provided regular expression.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>reject(['aaa','bbb','ccc','aaaddd'], 'aaa')\n</code></pre>\n\n<p>Would return:</p>\n\n<pre><code>['bbb','ccc']\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>reverse</h2>\n\n<p>Reverses the order of a string or array.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>rstrip</h2>\n\n<p>Strips leading spaces to the right of the string.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>shuffle</h2>\n\n<p>Randomizes the order of a string or array elements.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>size</h2>\n\n<p>Returns the number of elements in a string or array.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>sort</h2>\n\n<p>Sorts strings and arrays lexically.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>squeeze</h2>\n\n<p>Returns a new string where runs of the same character that occur in this set\nare replaced by a single character.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>str2bool</h2>\n\n<p>This converts a string to a boolean. This attempt to convert strings that\ncontain things like: y, 1, t, true to 'true' and strings that contain things\nlike: 0, f, n, false, no to 'false'.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>str2saltedsha512</h2>\n\n<p>This converts a string to a salted-SHA512 password hash (which is used for\nOS X versions >= 10.7). Given any simple string, you will get a hex version\nof a salted-SHA512 password hash that can be inserted into your Puppet\nmanifests as a valid password attribute.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>strftime</h2>\n\n<p>This function returns formatted time.</p>\n\n<p><em>Examples:</em></p>\n\n<p>To return the time since epoch:</p>\n\n<pre><code>strftime("%s")\n</code></pre>\n\n<p>To return the date:</p>\n\n<pre><code>strftime("%Y-%m-%d")\n</code></pre>\n\n<p><em>Format meaning:</em></p>\n\n<pre><code>%a - The abbreviated weekday name (``Sun'')\n%A - The full weekday name (``Sunday'')\n%b - The abbreviated month name (``Jan'')\n%B - The full month name (``January'')\n%c - The preferred local date and time representation\n%C - Century (20 in 2009)\n%d - Day of the month (01..31)\n%D - Date (%m/%d/%y)\n%e - Day of the month, blank-padded ( 1..31)\n%F - Equivalent to %Y-%m-%d (the ISO 8601 date format)\n%h - Equivalent to %b\n%H - Hour of the day, 24-hour clock (00..23)\n%I - Hour of the day, 12-hour clock (01..12)\n%j - Day of the year (001..366)\n%k - hour, 24-hour clock, blank-padded ( 0..23)\n%l - hour, 12-hour clock, blank-padded ( 0..12)\n%L - Millisecond of the second (000..999)\n%m - Month of the year (01..12)\n%M - Minute of the hour (00..59)\n%n - Newline (\n</code></pre>\n\n<p>)\n %N - Fractional seconds digits, default is 9 digits (nanosecond)\n %3N millisecond (3 digits)\n %6N microsecond (6 digits)\n %9N nanosecond (9 digits)\n %p - Meridian indicator (<code>AM'' or</code>PM'')\n %P - Meridian indicator (<code>am'' or</code>pm'')\n %r - time, 12-hour (same as %I:%M:%S %p)\n %R - time, 24-hour (%H:%M)\n %s - Number of seconds since 1970-01-01 00:00:00 UTC.\n %S - Second of the minute (00..60)\n %t - Tab character ( )\n %T - time, 24-hour (%H:%M:%S)\n %u - Day of the week as a decimal, Monday being 1. (1..7)\n %U - Week number of the current year,\n starting with the first Sunday as the first\n day of the first week (00..53)\n %v - VMS date (%e-%b-%Y)\n %V - Week number of year according to ISO 8601 (01..53)\n %W - Week number of the current year,\n starting with the first Monday as the first\n day of the first week (00..53)\n %w - Day of the week (Sunday is 0, 0..6)\n %x - Preferred representation for the date alone, no time\n %X - Preferred representation for the time alone, no date\n %y - Year without a century (00..99)\n %Y - Year with century\n %z - Time zone as hour offset from UTC (e.g. +0900)\n %Z - Time zone name\n %% - Literal ``%'' character</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>strip</h2>\n\n<p>This function removes leading and trailing whitespace from a string or from\nevery string inside an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>strip(" aaa ")\n</code></pre>\n\n<p>Would result in: "aaa"</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>suffix</h2>\n\n<p>This function applies a suffix to all elements in an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>suffix(['a','b','c'], 'p')\n</code></pre>\n\n<p>Will return: ['ap','bp','cp']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>swapcase</h2>\n\n<p>This function will swap the existing case of a string.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>swapcase("aBcD")\n</code></pre>\n\n<p>Would result in: "AbCd"</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>time</h2>\n\n<p>This function will return the current time since epoch as an integer.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>time()\n</code></pre>\n\n<p>Will return something like: 1311972653</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>to_bytes</h2>\n\n<p>Converts the argument into bytes, for example 4 kB becomes 4096.\nTakes a single string value as an argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>type</h2>\n\n<p>Returns the type when passed a variable. Type can be one of:</p>\n\n<ul>\n<li>string</li>\n<li>array</li>\n<li>hash</li>\n<li>float</li>\n<li>integer</li>\n<li><p>boolean</p></li>\n<li><p><em>Type</em>: rvalue</p></li>\n</ul>\n\n<h2>unique</h2>\n\n<p>This function will remove duplicates from strings and arrays.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>unique("aabbcc")\n</code></pre>\n\n<p>Will return:</p>\n\n<pre><code>abc\n</code></pre>\n\n<p>You can also use this with arrays:</p>\n\n<pre><code>unique(["a","a","b","b","c","c"])\n</code></pre>\n\n<p>This returns:</p>\n\n<pre><code>["a","b","c"]\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>upcase</h2>\n\n<p>Converts a string or an array of strings to uppercase.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>upcase("abcd")\n</code></pre>\n\n<p>Will return:</p>\n\n<pre><code>ASDF\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>uriescape</h2>\n\n<p>Urlencodes a string or array of strings.\nRequires either a single string or an array as an input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>validate_absolute_path</h2>\n\n<p>Validate the string represents an absolute path in the filesystem. This function works\nfor windows and unix style paths.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$my_path = "C:/Program Files (x86)/Puppet Labs/Puppet"\nvalidate_absolute_path($my_path)\n$my_path2 = "/var/lib/puppet"\nvalidate_absolute_path($my_path2)\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>validate_absolute_path(true)\nvalidate_absolute_path([ 'var/lib/puppet', '/var/foo' ])\nvalidate_absolute_path([ '/var/lib/puppet', 'var/foo' ])\n$undefined = undef\nvalidate_absolute_path($undefined)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_array</h2>\n\n<p>Validate that all passed values are array data structures. Abort catalog\ncompilation if any value fails this check.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$my_array = [ 'one', 'two' ]\nvalidate_array($my_array)\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>validate_array(true)\nvalidate_array('some_string')\n$undefined = undef\nvalidate_array($undefined)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_augeas</h2>\n\n<p>Perform validation of a string using an Augeas lens\nThe first argument of this function should be a string to\ntest, and the second argument should be the name of the Augeas lens to use.\nIf Augeas fails to parse the string with the lens, the compilation will\nabort with a parse error.</p>\n\n<p>A third argument can be specified, listing paths which should\nnot be found in the file. The <code>$file</code> variable points to the location\nof the temporary file being tested in the Augeas tree.</p>\n\n<p>For example, if you want to make sure your passwd content never contains\na user <code>foo</code>, you could write:</p>\n\n<pre><code>validate_augeas($passwdcontent, 'Passwd.lns', ['$file/foo'])\n</code></pre>\n\n<p>Or if you wanted to ensure that no users used the '/bin/barsh' shell,\nyou could use:</p>\n\n<pre><code>validate_augeas($passwdcontent, 'Passwd.lns', ['$file/*[shell="/bin/barsh"]']\n</code></pre>\n\n<p>If a fourth argument is specified, this will be the error message raised and\nseen by the user.</p>\n\n<p>A helpful error message can be returned like this:</p>\n\n<pre><code>validate_augeas($sudoerscontent, 'Sudoers.lns', [], 'Failed to validate sudoers content with Augeas')\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_bool</h2>\n\n<p>Validate that all passed values are either true or false. Abort catalog\ncompilation if any value fails this check.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$iamtrue = true\nvalidate_bool(true)\nvalidate_bool(true, true, false, $iamtrue)\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>$some_array = [ true ]\nvalidate_bool("false")\nvalidate_bool("true")\nvalidate_bool($some_array)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_cmd</h2>\n\n<p>Perform validation of a string with an external command.\nThe first argument of this function should be a string to\ntest, and the second argument should be a path to a test command\ntaking a file as last argument. If the command, launched against\na tempfile containing the passed string, returns a non-null value,\ncompilation will abort with a parse error.</p>\n\n<p>If a third argument is specified, this will be the error message raised and\nseen by the user.</p>\n\n<p>A helpful error message can be returned like this:</p>\n\n<p>Example:</p>\n\n<pre><code>validate_cmd($sudoerscontent, '/usr/sbin/visudo -c -f', 'Visudo failed to validate sudoers content')\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_hash</h2>\n\n<p>Validate that all passed values are hash data structures. Abort catalog\ncompilation if any value fails this check.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$my_hash = { 'one' => 'two' }\nvalidate_hash($my_hash)\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>validate_hash(true)\nvalidate_hash('some_string')\n$undefined = undef\nvalidate_hash($undefined)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_re</h2>\n\n<p>Perform simple validation of a string against one or more regular\nexpressions. The first argument of this function should be a string to\ntest, and the second argument should be a stringified regular expression\n(without the // delimiters) or an array of regular expressions. If none\nof the regular expressions match the string passed in, compilation will\nabort with a parse error.</p>\n\n<p>If a third argument is specified, this will be the error message raised and\nseen by the user.</p>\n\n<p>The following strings will validate against the regular expressions:</p>\n\n<pre><code>validate_re('one', '^one$')\nvalidate_re('one', [ '^one', '^two' ])\n</code></pre>\n\n<p>The following strings will fail to validate, causing compilation to abort:</p>\n\n<pre><code>validate_re('one', [ '^two', '^three' ])\n</code></pre>\n\n<p>A helpful error message can be returned like this:</p>\n\n<pre><code>validate_re($::puppetversion, '^2.7', 'The $puppetversion fact value does not match 2.7')\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_slength</h2>\n\n<p>Validate that the first argument is a string (or an array of strings), and\nless/equal to than the length of the second argument. It fails if the first\nargument is not a string or array of strings, and if arg 2 is not convertable\nto a number.</p>\n\n<p>The following values will pass:</p>\n\n<p>validate_slength("discombobulate",17)\n validate_slength(["discombobulate","moo"],17)</p>\n\n<p>The following valueis will not:</p>\n\n<p>validate_slength("discombobulate",1)\n validate_slength(["discombobulate","thermometer"],5)</p>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_string</h2>\n\n<p>Validate that all passed values are string data structures. Abort catalog\ncompilation if any value fails this check.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$my_string = "one two"\nvalidate_string($my_string, 'three')\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>validate_string(true)\nvalidate_string([ 'some', 'array' ])\n$undefined = undef\nvalidate_string($undefined)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>values</h2>\n\n<p>When given a hash this function will return the values of that hash.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>$hash = {\n 'a' => 1,\n 'b' => 2,\n 'c' => 3,\n}\nvalues($hash)\n</code></pre>\n\n<p>This example would return:</p>\n\n<pre><code>[1,2,3]\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>values_at</h2>\n\n<p>Finds value inside an array based on location.</p>\n\n<p>The first argument is the array you want to analyze, and the second element can\nbe a combination of:</p>\n\n<ul>\n<li>A single numeric index</li>\n<li>A range in the form of 'start-stop' (eg. 4-9)</li>\n<li>An array combining the above</li>\n</ul>\n\n<p><em>Examples</em>:</p>\n\n<pre><code>values_at(['a','b','c'], 2)\n</code></pre>\n\n<p>Would return ['c'].</p>\n\n<pre><code>values_at(['a','b','c'], ["0-1"])\n</code></pre>\n\n<p>Would return ['a','b'].</p>\n\n<pre><code>values_at(['a','b','c','d','e'], [0, "2-3"])\n</code></pre>\n\n<p>Would return ['a','c','d'].</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>zip</h2>\n\n<p>Takes one element from first array and merges corresponding elements from second array. This generates a sequence of n-element arrays, where n is one more than the count of arguments.</p>\n\n<p><em>Example:</em></p>\n\n<pre><code>zip(['1','2','3'],['4','5','6'])\n</code></pre>\n\n<p>Would result in:</p>\n\n<pre><code>["1", "4"], ["2", "5"], ["3", "6"]\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<p><em>This page autogenerated on 2013-04-11 13:54:25 -0700</em></p>\n</section>",
|
|
317
|
+
"changelog": "<section class=\"plaintext\"><pre>2013-05-06 - Jeff McCune <jeff@puppetlabs.com> - 4.1.0\n * (#20582) Restore facter_dot_d to stdlib for PE users (3b887c8)\n * (maint) Update Gemfile with GEM_FACTER_VERSION (f44d535)\n\n2013-05-06 - Alex Cline <acline@us.ibm.com> - 4.1.0\n * Terser method of string to array conversion courtesy of ethooz. (d38bce0)\n\n2013-05-06 - Alex Cline <acline@us.ibm.com> 4.1.0\n * Refactor ensure_resource expectations (b33cc24)\n\n2013-05-06 - Alex Cline <acline@us.ibm.com> 4.1.0\n * Changed str-to-array conversion and removed abbreviation. (de253db)\n\n2013-05-03 - Alex Cline <acline@us.ibm.com> 4.1.0\n * (#20548) Allow an array of resource titles to be passed into the ensure_resource function (e08734a)\n\n2013-05-02 - Raphaël Pinson <raphael.pinson@camptocamp.com> - 4.1.0\n * Add a dirname function (2ba9e47)\n\n2013-04-29 - Mark Smith-Guerrero <msmithgu@gmail.com> - 4.1.0\n * (maint) Fix a small typo in hash() description (928036a)\n\n2013-04-12 - Jeff McCune <jeff@puppetlabs.com> - 4.0.2\n * Update user information in gemspec to make the intent of the Gem clear.\n\n2013-04-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.1\n * Fix README function documentation (ab3e30c)\n\n2013-04-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * stdlib 4.0 drops support with Puppet 2.7\n * stdlib 4.0 preserves support with Puppet 3\n\n2013-04-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * Add ability to use puppet from git via bundler (9c5805f)\n\n2013-04-10 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * (maint) Make stdlib usable as a Ruby GEM (e81a45e)\n\n2013-04-10 - Erik Dalén <dalen@spotify.com> - 4.0.0\n * Add a count function (f28550e)\n\n2013-03-31 - Amos Shapira <ashapira@atlassian.com> - 4.0.0\n * (#19998) Implement any2array (7a2fb80)\n\n2013-03-29 - Steve Huff <shuff@vecna.org> - 4.0.0\n * (19864) num2bool match fix (8d217f0)\n\n2013-03-20 - Erik Dalén <dalen@spotify.com> - 4.0.0\n * Allow comparisons of Numeric and number as String (ff5dd5d)\n\n2013-03-26 - Richard Soderberg <rsoderberg@mozilla.com> - 4.0.0\n * add suffix function to accompany the prefix function (88a93ac)\n\n2013-03-19 - Kristof Willaert <kristof.willaert@gmail.com> - 4.0.0\n * Add floor function implementation and unit tests (0527341)\n\n2012-04-03 - Eric Shamow <eric@puppetlabs.com> - 4.0.0\n * (#13610) Add is_function_available to stdlib (961dcab)\n\n2012-12-17 - Justin Lambert <jlambert@eml.cc> - 4.0.0\n * str2bool should return a boolean if called with a boolean (5d5a4d4)\n\n2012-10-23 - Uwe Stuehler <ustuehler@team.mobile.de> - 4.0.0\n * Fix number of arguments check in flatten() (e80207b)\n\n2013-03-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * Add contributing document (96e19d0)\n\n2013-03-04 - Raphaël Pinson <raphael.pinson@camptocamp.com> - 4.0.0\n * Add missing documentation for validate_augeas and validate_cmd to README.markdown (a1510a1)\n\n2013-02-14 - Joshua Hoblitt <jhoblitt@cpan.org> - 4.0.0\n * (#19272) Add has_element() function (95cf3fe)\n\n2013-02-07 - Raphaël Pinson <raphael.pinson@camptocamp.com> - 4.0.0\n * validate_cmd(): Use Puppet::Util::Execution.execute when available (69248df)\n\n2012-12-06 - Raphaël Pinson <raphink@gmail.com> - 4.0.0\n * Add validate_augeas function (3a97c23)\n\n2012-12-06 - Raphaël Pinson <raphink@gmail.com> - 4.0.0\n * Add validate_cmd function (6902cc5)\n\n2013-01-14 - David Schmitt <david@dasz.at> - 4.0.0\n * Add geppetto project definition (b3fc0a3)\n\n2013-01-02 - Jaka Hudoklin <jakahudoklin@gmail.com> - 4.0.0\n * Add getparam function to get defined resource parameters (20e0e07)\n\n2013-01-05 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * (maint) Add Travis CI Support (d082046)\n\n2012-12-04 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * Clarify that stdlib 3 supports Puppet 3 (3a6085f)\n\n2012-11-30 - Erik Dalén <dalen@spotify.com> - 4.0.0\n * maint: style guideline fixes (7742e5f)\n\n2012-11-09 - James Fryman <james@frymanet.com> - 4.0.0\n * puppet-lint cleanup (88acc52)\n\n2012-11-06 - Joe Julian <me@joejulian.name> - 4.0.0\n * Add function, uriescape, to URI.escape strings. Redmine #17459 (fd52b8d)\n\n2012-09-18 - Chad Metcalf <chad@wibidata.com> - 3.2.0\n * Add an ensure_packages function. (8a8c09e)\n\n2012-11-23 - Erik Dalén <dalen@spotify.com> - 3.2.0\n * (#17797) min() and max() functions (9954133)\n\n2012-05-23 - Peter Meier <peter.meier@immerda.ch> - 3.2.0\n * (#14670) autorequire a file_line resource's path (dfcee63)\n\n2012-11-19 - Joshua Harlan Lifton <lifton@puppetlabs.com> - 3.2.0\n * Add join_keys_to_values function (ee0f2b3)\n\n2012-11-17 - Joshua Harlan Lifton <lifton@puppetlabs.com> - 3.2.0\n * Extend delete function for strings and hashes (7322e4d)\n\n2012-08-03 - Gary Larizza <gary@puppetlabs.com> - 3.2.0\n * Add the pick() function (ba6dd13)\n\n2012-03-20 - Wil Cooley <wcooley@pdx.edu> - 3.2.0\n * (#13974) Add predicate functions for interface facts (f819417)\n\n2012-11-06 - Joe Julian <me@joejulian.name> - 3.2.0\n * Add function, uriescape, to URI.escape strings. Redmine #17459 (70f4a0e)\n\n2012-10-25 - Jeff McCune <jeff@puppetlabs.com> - 3.1.1\n * (maint) Fix spec failures resulting from Facter API changes (97f836f)\n\n2012-10-23 - Matthaus Owens <matthaus@puppetlabs.com> - 3.1.0\n * Add PE facts to stdlib (cdf3b05)\n\n2012-08-16 - Jeff McCune <jeff@puppetlabs.com> - 3.0.1\n * Fix accidental removal of facts_dot_d.rb in 3.0.0 release\n\n2012-08-16 - Jeff McCune <jeff@puppetlabs.com> - 3.0.0\n * stdlib 3.0 drops support with Puppet 2.6\n * stdlib 3.0 preserves support with Puppet 2.7\n\n2012-08-07 - Dan Bode <dan@puppetlabs.com> - 3.0.0\n * Add function ensure_resource and defined_with_params (ba789de)\n\n2012-07-10 - Hailee Kenney <hailee@puppetlabs.com> - 3.0.0\n * (#2157) Remove facter_dot_d for compatibility with external facts (f92574f)\n\n2012-04-10 - Chris Price <chris@puppetlabs.com> - 3.0.0\n * (#13693) moving logic from local spec_helper to puppetlabs_spec_helper (85f96df)\n\n2012-10-25 - Jeff McCune <jeff@puppetlabs.com> - 2.5.1\n * (maint) Fix spec failures resulting from Facter API changes (97f836f)\n\n2012-10-23 - Matthaus Owens <matthaus@puppetlabs.com> - 2.5.0\n * Add PE facts to stdlib (cdf3b05)\n\n2012-08-15 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Explicitly load functions used by ensure_resource (9fc3063)\n\n2012-08-13 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Add better docs about duplicate resource failures (97d327a)\n\n2012-08-13 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Handle undef for parameter argument (4f8b133)\n\n2012-08-07 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Add function ensure_resource and defined_with_params (a0cb8cd)\n\n2012-08-20 - Jeff McCune <jeff@puppetlabs.com> - 2.5.0\n * Disable tests that fail on 2.6.x due to #15912 (c81496e)\n\n2012-08-20 - Jeff McCune <jeff@puppetlabs.com> - 2.5.0\n * (Maint) Fix mis-use of rvalue functions as statements (4492913)\n\n2012-08-20 - Jeff McCune <jeff@puppetlabs.com> - 2.5.0\n * Add .rspec file to repo root (88789e8)\n\n2012-06-07 - Chris Price <chris@puppetlabs.com> - 2.4.0\n * Add support for a 'match' parameter to file_line (a06c0d8)\n\n2012-08-07 - Erik Dalén <dalen@spotify.com> - 2.4.0\n * (#15872) Add to_bytes function (247b69c)\n\n2012-07-19 - Jeff McCune <jeff@puppetlabs.com> - 2.4.0\n * (Maint) use PuppetlabsSpec::PuppetInternals.scope (main) (deafe88)\n\n2012-07-10 - Hailee Kenney <hailee@puppetlabs.com> - 2.4.0\n * (#2157) Make facts_dot_d compatible with external facts (5fb0ddc)\n\n2012-03-16 - Steve Traylen <steve.traylen@cern.ch> - 2.4.0\n * (#13205) Rotate array/string randomley based on fqdn, fqdn_rotate() (fef247b)\n\n2012-05-22 - Peter Meier <peter.meier@immerda.ch> - 2.3.3\n * fix regression in #11017 properly (f0a62c7)\n\n2012-05-10 - Jeff McCune <jeff@puppetlabs.com> - 2.3.3\n * Fix spec tests using the new spec_helper (7d34333)\n\n2012-05-10 - Puppet Labs <support@puppetlabs.com> - 2.3.2\n * Make file_line default to ensure => present (1373e70)\n * Memoize file_line spec instance variables (20aacc5)\n * Fix spec tests using the new spec_helper (1ebfa5d)\n * (#13595) initialize_everything_for_tests couples modules Puppet ver (3222f35)\n * (#13439) Fix MRI 1.9 issue with spec_helper (15c5fd1)\n * (#13439) Fix test failures with Puppet 2.6.x (665610b)\n * (#13439) refactor spec helper for compatibility with both puppet 2.7 and main (82194ca)\n * (#13494) Specify the behavior of zero padded strings (61891bb)\n\n2012-03-29 Puppet Labs <support@puppetlabs.com> - 2.1.3\n* (#11607) Add Rakefile to enable spec testing\n* (#12377) Avoid infinite loop when retrying require json\n\n2012-03-13 Puppet Labs <support@puppetlabs.com> - 2.3.1\n* (#13091) Fix LoadError bug with puppet apply and puppet_vardir fact\n\n2012-03-12 Puppet Labs <support@puppetlabs.com> - 2.3.0\n* Add a large number of new Puppet functions\n* Backwards compatibility preserved with 2.2.x\n\n2011-12-30 Puppet Labs <support@puppetlabs.com> - 2.2.1\n* Documentation only release for the Forge\n\n2011-12-30 Puppet Labs <support@puppetlabs.com> - 2.1.2\n* Documentation only release for PE 2.0.x\n\n2011-11-08 Puppet Labs <support@puppetlabs.com> - 2.2.0\n* #10285 - Refactor json to use pson instead.\n* Maint - Add watchr autotest script\n* Maint - Make rspec tests work with Puppet 2.6.4\n* #9859 - Add root_home fact and tests\n\n2011-08-18 Puppet Labs <support@puppetlabs.com> - 2.1.1\n* Change facts.d paths to match Facter 2.0 paths.\n* /etc/facter/facts.d\n* /etc/puppetlabs/facter/facts.d\n\n2011-08-17 Puppet Labs <support@puppetlabs.com> - 2.1.0\n* Add R.I. Pienaar's facts.d custom facter fact\n* facts defined in /etc/facts.d and /etc/puppetlabs/facts.d are\n automatically loaded now.\n\n2011-08-04 Puppet Labs <support@puppetlabs.com> - 2.0.0\n* Rename whole_line to file_line\n* This is an API change and as such motivating a 2.0.0 release according to semver.org.\n\n2011-08-04 Puppet Labs <support@puppetlabs.com> - 1.1.0\n* Rename append_line to whole_line\n* This is an API change and as such motivating a 1.1.0 release.\n\n2011-08-04 Puppet Labs <support@puppetlabs.com> - 1.0.0\n* Initial stable release\n* Add validate_array and validate_string functions\n* Make merge() function work with Ruby 1.8.5\n* Add hash merging function\n* Add has_key function\n* Add loadyaml() function\n* Add append_line native\n\n2011-06-21 Jeff McCune <jeff@puppetlabs.com> - 0.1.7\n* Add validate_hash() and getvar() functions\n\n2011-06-15 Jeff McCune <jeff@puppetlabs.com> - 0.1.6\n* Add anchor resource type to provide containment for composite classes\n\n2011-06-03 Jeff McCune <jeff@puppetlabs.com> - 0.1.5\n* Add validate_bool() function to stdlib\n\n0.1.4 2011-05-26 Jeff McCune <jeff@puppetlabs.com>\n* Move most stages after main\n\n0.1.3 2011-05-25 Jeff McCune <jeff@puppetlabs.com>\n* Add validate_re() function\n\n0.1.2 2011-05-24 Jeff McCune <jeff@puppetlabs.com>\n* Update to add annotated tag\n\n0.1.1 2011-05-24 Jeff McCune <jeff@puppetlabs.com>\n* Add stdlib::stages class with a standard set of stages\n</pre></section>",
|
|
318
318
|
"license": "<section class=\"plaintext\"><pre>Copyright (C) 2011 Puppet Labs Inc\n\nand some parts:\n\nCopyright (C) 2011 Krzysztof Wilczynski\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n</pre></section>",
|
|
319
319
|
"created_at": "2013-05-13 08:31:19 -0700",
|
|
320
320
|
"updated_at": "2013-05-13 08:31:19 -0700",
|
|
@@ -558,7 +558,7 @@
|
|
|
558
558
|
"file_size": 27238,
|
|
559
559
|
"file_md5": "c483d6e375387d5e1fe780ee51ee512c",
|
|
560
560
|
"downloads": 61047,
|
|
561
|
-
"readme": "<section class=\"markdown\"><h1>apt</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-apt\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-apt.png?branch=master\" alt=\"Build Status\"></a></p>\n\n<h2>Description</h2>\n\n<h1>Provides helpful definitions for dealing with Apt.</h1>\n\n<h2>Overview</h2>\n\n<p>The APT module provides a simple interface for managing APT source, key, and definitions with Puppet. </p>\n\n<h2>Module Description</h2>\n\n<p>APT automates obtaining and installing software packages on *nix systems. </p>\n\n<h2>Setup</h2>\n\n<p><strong>What APT affects:</strong></p>\n\n<ul>\n<li>package/service/configuration files for APT </li>\n<li>your system's <code>sources.list</code> file and <code>sources.list.d</code> directory\n\n<ul>\n<li>NOTE: Setting the <code>purge_sources_list</code> and <code>purge_sources_list_d</code> parameters to 'true' will destroy any existing content that was not declared with Puppet. The default for these parameters is 'false'.</li>\n</ul></li>\n<li>system repositories</li>\n<li>authentication keys</li>\n<li>wget (optional)</li>\n</ul>\n\n<h3>Beginning with APT</h3>\n\n<p>To begin using the APT module with default parameters, declare the class</p>\n\n<pre><code>class { 'apt': }\n</code></pre>\n\n<p>Puppet code that uses anything from the APT module requires that the core apt class be declared. </p>\n\n<h2>Usage</h2>\n\n<p>Using the APT module consists predominantly in declaring classes that provide desired functionality and features. </p>\n\n<h3>apt</h3>\n\n<p><code>apt</code> provides a number of common resources and options that are shared by the various defined types in this module, so you MUST always include this class in your manifests.</p>\n\n<p>The parameters for <code>apt</code> are not required in general and are predominantly for development environment use-cases.</p>\n\n<pre><code>class { 'apt':\n always_apt_update => false,\n disable_keys => undef,\n proxy_host => false,\n proxy_port => '8080',\n purge_sources_list => false,\n purge_sources_list_d => false,\n purge_preferences_d => false,\n update_timeout => undef\n}\n</code></pre>\n\n<p>Puppet will manage your system's <code>sources.list</code> file and <code>sources.list.d</code> directory but will do its best to respect existing content. </p>\n\n<p>If you declare your apt class with <code>purge_sources_list</code> and <code>purge_sources_list_d</code> set to 'true', Puppet will unapologetically purge any existing content it finds that wasn't declared with Puppet. </p>\n\n<h3>apt::builddep</h3>\n\n<p>Installs the build depends of a specified package.</p>\n\n<pre><code>apt::builddep { 'glusterfs-server': }\n</code></pre>\n\n<h3>apt::force</h3>\n\n<p>Forces a package to be installed from a specific release. This class is particularly useful when using repositories, like Debian, that are unstable in Ubuntu.</p>\n\n<pre><code>apt::force { 'glusterfs-server':\n release => 'unstable',\n version => '3.0.3',\n require => Apt::Source['debian_unstable'],\n}\n</code></pre>\n\n<h3>apt::key</h3>\n\n<p>Adds a key to the list of keys used by APT to authenticate packages.</p>\n\n<pre><code>apt::key { 'puppetlabs':\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n\napt::key { 'jenkins':\n key => 'D50582E6',\n key_source => 'http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key',\n}\n</code></pre>\n\n<p>Note that use of <code>key_source</code> requires wget to be installed and working.</p>\n\n<h3>apt::pin</h3>\n\n<p>Adds an apt pin for a certain release.</p>\n\n<pre><code>apt::pin { 'karmic': priority => 700 }\napt::pin { 'karmic-updates': priority => 700 }\napt::pin { 'karmic-security': priority => 700 }\n</code></pre>\n\n<p>Note you can also specifying more complex pins using distribution properties.</p>\n\n<pre><code>apt::pin { 'stable':\n priority => -10,\n originator => 'Debian',\n release_version => '3.0',\n component => 'main',\n label => 'Debian'\n}\n</code></pre>\n\n<h3>apt::ppa</h3>\n\n<p>Adds a ppa repository using <code>add-apt-repository</code>.</p>\n\n<pre><code>apt::ppa { 'ppa:drizzle-developers/ppa': }\n</code></pre>\n\n<h3>apt::release</h3>\n\n<p>Sets the default apt release. This class is particularly useful when using repositories, like Debian, that are unstable in Ubuntu.</p>\n\n<pre><code>class { 'apt::release':\n release_id => 'precise',\n}\n</code></pre>\n\n<h3>apt::source</h3>\n\n<p>Adds an apt source to <code>/etc/apt/sources.list.d/</code>.</p>\n\n<pre><code>apt::source { 'debian_unstable':\n location => 'http://debian.mirror.iweb.ca/debian/',\n release => 'unstable',\n repos => 'main contrib non-free',\n required_packages => 'debian-keyring debian-archive-keyring',\n key => '55BE302B',\n key_server => 'subkeys.pgp.net',\n pin => '-10',\n include_src => true\n}\n</code></pre>\n\n<p>If you would like to configure your system so the source is the Puppet Labs APT repository</p>\n\n<pre><code>apt::source { 'puppetlabs':\n location => 'http://apt.puppetlabs.com',\n repos => 'main',\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n</code></pre>\n\n<h3>Testing</h3>\n\n<p>The APT module is mostly a collection of defined resource types, which provide reusable logic that can be leveraged to manage APT. It does provide smoke tests for testing functionality on a target system, as well as spec tests for checking a compiled catalog against an expected set of resources.</p>\n\n<h4>Example Test</h4>\n\n<p>This test will set up a Puppet Labs apt repository. Start by creating a new smoke test in the apt module's test folder. Call it puppetlabs-apt.pp. Inside, declare a single resource representing the Puppet Labs APT source and gpg key</p>\n\n<pre><code>apt::source { 'puppetlabs':\n location => 'http://apt.puppetlabs.com',\n repos => 'main',\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n</code></pre>\n\n<p>This resource creates an apt source named puppetlabs and gives Puppet information about the repository's location and key used to sign its packages. Puppet leverages Facter to determine the appropriate release, but you can set it directly by adding the release type.</p>\n\n<p>Check your smoke test for syntax errors</p>\n\n<pre><code>$ puppet parser validate tests/puppetlabs-apt.pp\n</code></pre>\n\n<p>If you receive no output from that command, it means nothing is wrong. Then apply the code</p>\n\n<pre><code>$ puppet apply --verbose tests/puppetlabs-apt.pp\nnotice: /Stage[main]//Apt::Source[puppetlabs]/File[puppetlabs.list]/ensure: defined content as '{md5}3be1da4923fb910f1102a233b77e982e'\ninfo: /Stage[main]//Apt::Source[puppetlabs]/File[puppetlabs.list]: Scheduling refresh of Exec[puppetlabs apt update]\nnotice: /Stage[main]//Apt::Source[puppetlabs]/Exec[puppetlabs apt update]: Triggered 'refresh' from 1 events>\n</code></pre>\n\n<p>The above example used a smoke test to easily lay out a resource declaration and apply it on your system. In production, you may want to declare your APT sources inside the classes where they’re needed. </p>\n\n<h2>Implementation</h2>\n\n<h3>apt::backports</h3>\n\n<p>Adds the necessary components to get backports for Ubuntu and Debian. The release name defaults to <code>$lsbdistcodename</code>. Setting this manually can cause undefined behavior (read: universe exploding).</p>\n\n<h2>Limitations</h2>\n\n<p>This module should work across all versions of Debian/Ubuntu and support all major APT repository management features. </p>\n\n<h2>Development</h2>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n\n<h2>Contributors</h2>\n\n<p>A lot of great people have contributed to this module. A somewhat current list follows:</p>\n\n<ul>\n<li>Ben Godfrey <a href=\"mailto:ben.godfrey@wonga.com\">ben.godfrey@wonga.com</a></li>\n<li>Branan Purvine-Riley <a href=\"mailto:branan@puppetlabs.com\">branan@puppetlabs.com</a></li>\n<li>Christian G. Warden <a href=\"mailto:cwarden@xerus.org\">cwarden@xerus.org</a><br></li>\n<li>Dan Bode <a href=\"mailto:bodepd@gmail.com\">bodepd@gmail.com</a> <a href=\"mailto:dan@puppetlabs.com\">dan@puppetlabs.com</a><br></li>\n<li>Garrett Honeycutt <a href=\"mailto:github@garretthoneycutt.com\">github@garretthoneycutt.com</a><br></li>\n<li>Jeff Wallace <a href=\"mailto:jeff@evolvingweb.ca\">jeff@evolvingweb.ca</a> <a href=\"mailto:jeff@tjwallace.ca\">jeff@tjwallace.ca</a><br></li>\n<li>Ken Barber <a href=\"mailto:ken@bob.sh\">ken@bob.sh</a><br></li>\n<li>Matthaus Litteken <a href=\"mailto:matthaus@puppetlabs.com\">matthaus@puppetlabs.com</a> <a href=\"mailto:mlitteken@gmail.com\">mlitteken@gmail.com</a><br></li>\n<li>Matthias Pigulla <a href=\"mailto:mp@webfactory.de\">mp@webfactory.de</a><br></li>\n<li>Monty Taylor <a href=\"mailto:mordred@inaugust.com\">mordred@inaugust.com</a><br></li>\n<li>Peter Drake <a href=\"mailto:pdrake@allplayers.com\">pdrake@allplayers.com</a><br></li>\n<li>Reid Vandewiele <a href=\"mailto:marut@cat.pdx.edu\">marut@cat.pdx.edu</a><br></li>\n<li>Robert Navarro <a href=\"mailto:rnavarro@phiivo.com\">rnavarro@phiivo.com</a><br></li>\n<li>Ryan Coleman <a href=\"mailto:ryan@puppetlabs.com\">ryan@puppetlabs.com</a><br></li>\n<li>Scott McLeod <a href=\"mailto:scott.mcleod@theice.com\">scott.mcleod@theice.com</a><br></li>\n<li>Spencer Krum <a href=\"mailto:spencer@puppetlabs.com\">spencer@puppetlabs.com</a><br></li>\n<li>William Van Hevelingen <a href=\"mailto:blkperl@cat.pdx.edu\">blkperl@cat.pdx.edu</a> <a href=\"mailto:wvan13@gmail.com\">wvan13@gmail.com</a><br></li>\n<li>Zach Leslie <a href=\"mailto:zach@puppetlabs.com\">zach@puppetlabs.com</a><br></li>\n</ul>\n</section>",
|
|
561
|
+
"readme": "<section class=\"markdown\"><h1>apt</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-apt\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-apt.png?branch=main\" alt=\"Build Status\"></a></p>\n\n<h2>Description</h2>\n\n<h1>Provides helpful definitions for dealing with Apt.</h1>\n\n<h2>Overview</h2>\n\n<p>The APT module provides a simple interface for managing APT source, key, and definitions with Puppet. </p>\n\n<h2>Module Description</h2>\n\n<p>APT automates obtaining and installing software packages on *nix systems. </p>\n\n<h2>Setup</h2>\n\n<p><strong>What APT affects:</strong></p>\n\n<ul>\n<li>package/service/configuration files for APT </li>\n<li>your system's <code>sources.list</code> file and <code>sources.list.d</code> directory\n\n<ul>\n<li>NOTE: Setting the <code>purge_sources_list</code> and <code>purge_sources_list_d</code> parameters to 'true' will destroy any existing content that was not declared with Puppet. The default for these parameters is 'false'.</li>\n</ul></li>\n<li>system repositories</li>\n<li>authentication keys</li>\n<li>wget (optional)</li>\n</ul>\n\n<h3>Beginning with APT</h3>\n\n<p>To begin using the APT module with default parameters, declare the class</p>\n\n<pre><code>class { 'apt': }\n</code></pre>\n\n<p>Puppet code that uses anything from the APT module requires that the core apt class be declared. </p>\n\n<h2>Usage</h2>\n\n<p>Using the APT module consists predominantly in declaring classes that provide desired functionality and features. </p>\n\n<h3>apt</h3>\n\n<p><code>apt</code> provides a number of common resources and options that are shared by the various defined types in this module, so you MUST always include this class in your manifests.</p>\n\n<p>The parameters for <code>apt</code> are not required in general and are predominantly for development environment use-cases.</p>\n\n<pre><code>class { 'apt':\n always_apt_update => false,\n disable_keys => undef,\n proxy_host => false,\n proxy_port => '8080',\n purge_sources_list => false,\n purge_sources_list_d => false,\n purge_preferences_d => false,\n update_timeout => undef\n}\n</code></pre>\n\n<p>Puppet will manage your system's <code>sources.list</code> file and <code>sources.list.d</code> directory but will do its best to respect existing content. </p>\n\n<p>If you declare your apt class with <code>purge_sources_list</code> and <code>purge_sources_list_d</code> set to 'true', Puppet will unapologetically purge any existing content it finds that wasn't declared with Puppet. </p>\n\n<h3>apt::builddep</h3>\n\n<p>Installs the build depends of a specified package.</p>\n\n<pre><code>apt::builddep { 'glusterfs-server': }\n</code></pre>\n\n<h3>apt::force</h3>\n\n<p>Forces a package to be installed from a specific release. This class is particularly useful when using repositories, like Debian, that are unstable in Ubuntu.</p>\n\n<pre><code>apt::force { 'glusterfs-server':\n release => 'unstable',\n version => '3.0.3',\n require => Apt::Source['debian_unstable'],\n}\n</code></pre>\n\n<h3>apt::key</h3>\n\n<p>Adds a key to the list of keys used by APT to authenticate packages.</p>\n\n<pre><code>apt::key { 'puppetlabs':\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n\napt::key { 'jenkins':\n key => 'D50582E6',\n key_source => 'http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key',\n}\n</code></pre>\n\n<p>Note that use of <code>key_source</code> requires wget to be installed and working.</p>\n\n<h3>apt::pin</h3>\n\n<p>Adds an apt pin for a certain release.</p>\n\n<pre><code>apt::pin { 'karmic': priority => 700 }\napt::pin { 'karmic-updates': priority => 700 }\napt::pin { 'karmic-security': priority => 700 }\n</code></pre>\n\n<p>Note you can also specifying more complex pins using distribution properties.</p>\n\n<pre><code>apt::pin { 'stable':\n priority => -10,\n originator => 'Debian',\n release_version => '3.0',\n component => 'main',\n label => 'Debian'\n}\n</code></pre>\n\n<h3>apt::ppa</h3>\n\n<p>Adds a ppa repository using <code>add-apt-repository</code>.</p>\n\n<pre><code>apt::ppa { 'ppa:drizzle-developers/ppa': }\n</code></pre>\n\n<h3>apt::release</h3>\n\n<p>Sets the default apt release. This class is particularly useful when using repositories, like Debian, that are unstable in Ubuntu.</p>\n\n<pre><code>class { 'apt::release':\n release_id => 'precise',\n}\n</code></pre>\n\n<h3>apt::source</h3>\n\n<p>Adds an apt source to <code>/etc/apt/sources.list.d/</code>.</p>\n\n<pre><code>apt::source { 'debian_unstable':\n location => 'http://debian.mirror.iweb.ca/debian/',\n release => 'unstable',\n repos => 'main contrib non-free',\n required_packages => 'debian-keyring debian-archive-keyring',\n key => '55BE302B',\n key_server => 'subkeys.pgp.net',\n pin => '-10',\n include_src => true\n}\n</code></pre>\n\n<p>If you would like to configure your system so the source is the Puppet Labs APT repository</p>\n\n<pre><code>apt::source { 'puppetlabs':\n location => 'http://apt.puppetlabs.com',\n repos => 'main',\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n</code></pre>\n\n<h3>Testing</h3>\n\n<p>The APT module is mostly a collection of defined resource types, which provide reusable logic that can be leveraged to manage APT. It does provide smoke tests for testing functionality on a target system, as well as spec tests for checking a compiled catalog against an expected set of resources.</p>\n\n<h4>Example Test</h4>\n\n<p>This test will set up a Puppet Labs apt repository. Start by creating a new smoke test in the apt module's test folder. Call it puppetlabs-apt.pp. Inside, declare a single resource representing the Puppet Labs APT source and gpg key</p>\n\n<pre><code>apt::source { 'puppetlabs':\n location => 'http://apt.puppetlabs.com',\n repos => 'main',\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n</code></pre>\n\n<p>This resource creates an apt source named puppetlabs and gives Puppet information about the repository's location and key used to sign its packages. Puppet leverages Facter to determine the appropriate release, but you can set it directly by adding the release type.</p>\n\n<p>Check your smoke test for syntax errors</p>\n\n<pre><code>$ puppet parser validate tests/puppetlabs-apt.pp\n</code></pre>\n\n<p>If you receive no output from that command, it means nothing is wrong. Then apply the code</p>\n\n<pre><code>$ puppet apply --verbose tests/puppetlabs-apt.pp\nnotice: /Stage[main]//Apt::Source[puppetlabs]/File[puppetlabs.list]/ensure: defined content as '{md5}3be1da4923fb910f1102a233b77e982e'\ninfo: /Stage[main]//Apt::Source[puppetlabs]/File[puppetlabs.list]: Scheduling refresh of Exec[puppetlabs apt update]\nnotice: /Stage[main]//Apt::Source[puppetlabs]/Exec[puppetlabs apt update]: Triggered 'refresh' from 1 events>\n</code></pre>\n\n<p>The above example used a smoke test to easily lay out a resource declaration and apply it on your system. In production, you may want to declare your APT sources inside the classes where they’re needed. </p>\n\n<h2>Implementation</h2>\n\n<h3>apt::backports</h3>\n\n<p>Adds the necessary components to get backports for Ubuntu and Debian. The release name defaults to <code>$lsbdistcodename</code>. Setting this manually can cause undefined behavior (read: universe exploding).</p>\n\n<h2>Limitations</h2>\n\n<p>This module should work across all versions of Debian/Ubuntu and support all major APT repository management features. </p>\n\n<h2>Development</h2>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n\n<h2>Contributors</h2>\n\n<p>A lot of great people have contributed to this module. A somewhat current list follows:</p>\n\n<ul>\n<li>Ben Godfrey <a href=\"mailto:ben.godfrey@wonga.com\">ben.godfrey@wonga.com</a></li>\n<li>Branan Purvine-Riley <a href=\"mailto:branan@puppetlabs.com\">branan@puppetlabs.com</a></li>\n<li>Christian G. Warden <a href=\"mailto:cwarden@xerus.org\">cwarden@xerus.org</a><br></li>\n<li>Dan Bode <a href=\"mailto:bodepd@gmail.com\">bodepd@gmail.com</a> <a href=\"mailto:dan@puppetlabs.com\">dan@puppetlabs.com</a><br></li>\n<li>Garrett Honeycutt <a href=\"mailto:github@garretthoneycutt.com\">github@garretthoneycutt.com</a><br></li>\n<li>Jeff Wallace <a href=\"mailto:jeff@evolvingweb.ca\">jeff@evolvingweb.ca</a> <a href=\"mailto:jeff@tjwallace.ca\">jeff@tjwallace.ca</a><br></li>\n<li>Ken Barber <a href=\"mailto:ken@bob.sh\">ken@bob.sh</a><br></li>\n<li>Matthaus Litteken <a href=\"mailto:matthaus@puppetlabs.com\">matthaus@puppetlabs.com</a> <a href=\"mailto:mlitteken@gmail.com\">mlitteken@gmail.com</a><br></li>\n<li>Matthias Pigulla <a href=\"mailto:mp@webfactory.de\">mp@webfactory.de</a><br></li>\n<li>Monty Taylor <a href=\"mailto:mordred@inaugust.com\">mordred@inaugust.com</a><br></li>\n<li>Peter Drake <a href=\"mailto:pdrake@allplayers.com\">pdrake@allplayers.com</a><br></li>\n<li>Reid Vandewiele <a href=\"mailto:marut@cat.pdx.edu\">marut@cat.pdx.edu</a><br></li>\n<li>Robert Navarro <a href=\"mailto:rnavarro@phiivo.com\">rnavarro@phiivo.com</a><br></li>\n<li>Ryan Coleman <a href=\"mailto:ryan@puppetlabs.com\">ryan@puppetlabs.com</a><br></li>\n<li>Scott McLeod <a href=\"mailto:scott.mcleod@theice.com\">scott.mcleod@theice.com</a><br></li>\n<li>Spencer Krum <a href=\"mailto:spencer@puppetlabs.com\">spencer@puppetlabs.com</a><br></li>\n<li>William Van Hevelingen <a href=\"mailto:blkperl@cat.pdx.edu\">blkperl@cat.pdx.edu</a> <a href=\"mailto:wvan13@gmail.com\">wvan13@gmail.com</a><br></li>\n<li>Zach Leslie <a href=\"mailto:zach@puppetlabs.com\">zach@puppetlabs.com</a><br></li>\n</ul>\n</section>",
|
|
562
562
|
"changelog": "<section class=\"plaintext\"><pre>2013-10-08 1.4.0\n\nSummary:\n\nMinor bugfix and allow the timeout to be adjusted.\n\nFeatures:\n- Add an `updates_timeout` to apt::params\n\nFixes:\n- Ensure apt::ppa can readd a ppa removed by hand.\n\nSummary\n\n1.3.0\n=====\n\nSummary:\n\nThis major feature in this release is the new apt::unattended_upgrades class,\nallowing you to handle Ubuntu's unattended feature. This allows you to select\nspecific packages to automatically upgrade without any further user\ninvolvement.\n\nIn addition we extend our Wheezy support, add proxy support to apt:ppa and do\nvarious cleanups and tweaks.\n\nFeatures:\n- Add apt::unattended_upgrades support for Ubuntu.\n- Add wheezy backports support.\n- Use the geoDNS http.debian.net instead of the main debian ftp server.\n- Add `options` parameter to apt::ppa in order to pass options to apt-add-repository command.\n- Add proxy support for apt::ppa (uses proxy_host and proxy_port from apt).\n\nBugfixes:\n- Fix regsubst() calls to quote single letters (for future parser).\n- Fix lint warnings and other misc cleanup.\n\n1.2.0\n=====\n\nFeatures:\n- Add geppetto `.project` natures\n- Add GH auto-release\n- Add `apt::key::key_options` parameter\n- Add complex pin support using distribution properties for `apt::pin` via new properties:\n - `apt::pin::codename`\n - `apt::pin::release_version`\n - `apt::pin::component`\n - `apt::pin::originator`\n - `apt::pin::label`\n- Add source architecture support to `apt::source::architecture`\n\nBugfixes:\n- Use apt-get instead of aptitude in apt::force\n- Update default backports location\n- Add dependency for required packages before apt-get update\n\n\n1.1.1\n=====\n\nThis is a bug fix release that resolves a number of issues:\n\n* By changing template variable usage, we remove the deprecation warnings\n for Puppet 3.2.x\n* Fixed proxy file removal, when proxy absent\n\nSome documentation, style and whitespaces changes were also merged. This\nrelease also introduced proper rspec-puppet unit testing on Travis-CI to help\nreduce regression.\n\nThanks to all the community contributors below that made this patch possible.\n\n#### Detail Changes\n\n* fix minor comment type (Chris Rutter)\n* whitespace fixes (Michael Moll)\n* Update travis config file (William Van Hevelingen)\n* Build all branches on travis (William Van Hevelingen)\n* Standardize travis.yml on pattern introduced in stdlib (William Van Hevelingen)\n* Updated content to conform to README best practices template (Lauren Rother)\n* Fix apt::release example in readme (Brian Galey)\n* add @ to variables in template (Peter Hoeg)\n* Remove deprecation warnings for pin.pref.erb as well (Ken Barber)\n* Update travis.yml to latest versions of puppet (Ken Barber)\n* Fix proxy file removal (Scott Barber)\n* Add spec test for removing proxy configuration (Dean Reilly)\n* Fix apt::key listing longer than 8 chars (Benjamin Knofe)\n\n\n---------------------------------------\n\n1.1.0\n=====\n\nThis release includes Ubuntu 12.10 (Quantal) support for PPAs.\n\n---------------------------------------\n\n2012-05-25 Puppet Labs <info@puppetlabs.com> - 0.0.4\n * Fix ppa list filename when there is a period in the PPA name\n * Add .pref extension to apt preferences files\n * Allow preferences to be purged\n * Extend pin support\n\n2012-05-04 Puppet Labs <info@puppetlabs.com> - 0.0.3\n * only invoke apt-get update once\n * only install python-software-properties if a ppa is added\n * support 'ensure => absent' for all defined types\n * add apt::conf\n * add apt::backports\n * fixed Modulefile for module tool dependency resolution\n * configure proxy before doing apt-get update\n * use apt-get update instead of aptitude for apt::ppa\n * add support to pin release\n\n\n2012-03-26 Puppet Labs <info@puppetlabs.com> - 0.0.2\n41cedbb (#13261) Add real examples to smoke tests.\nd159a78 (#13261) Add key.pp smoke test\n7116c7a (#13261) Replace foo source with puppetlabs source\n1ead0bf Ignore pkg directory.\n9c13872 (#13289) Fix some more style violations\n0ea4ffa (#13289) Change test scaffolding to use a module & manifest dir fixture path\na758247 (#13289) Clean up style violations and fix corresponding tests\n99c3fd3 (#13289) Add puppet lint tests to Rakefile\n5148cbf (#13125) Apt keys should be case insensitive\nb9607a4 Convert apt::key to use anchors\n\n2012-03-07 Puppet Labs <info@puppetlabs.com> - 0.0.1\nd4fec56 Modify apt::source release parameter test\n1132a07 (#12917) Add contributors to README\n8cdaf85 (#12823) Add apt::key defined type and modify apt::source to use it\n7c0d10b (#12809) $release should use $lsbdistcodename and fall back to manual input\nbe2cc3e (#12522) Adjust spec test for splitting purge\n7dc60ae (#12522) Split purge option to spare sources.list\n9059c4e Fix source specs to test all key permutations\n8acb202 Add test for python-software-properties package\na4af11f Check if python-software-properties is defined before attempting to define it.\n1dcbf3d Add tests for required_packages change\nf3735d2 Allow duplicate $required_packages\n74c8371 (#12430) Add tests for changes to apt module\n97ebb2d Test two sources with the same key\n1160bcd (#12526) Add ability to reverse apt { disable_keys => true }\n2842d73 Add Modulefile to puppet-apt\nc657742 Allow the use of the same key in multiple sources\n8c27963 (#12522) Adding purge option to apt class\n997c9fd (#12529) Add unit test for apt proxy settings\n50f3cca (#12529) Add parameter to support setting a proxy for apt\nd522877 (#12094) Replace chained .with_* with a hash\n8cf1bd0 (#12094) Remove deprecated spec.opts file\n2d688f4 (#12094) Add rspec-puppet tests for apt\n0fb5f78 (#12094) Replace name with path in file resources\nf759bc0 (#11953) Apt::force passes $version to aptitude\nf71db53 (#11413) Add spec test for apt::force to verify changes to unless\n2f5d317 (#11413) Update dpkg query used by apt::force\ncf6caa1 (#10451) Add test coverage to apt::ppa\n0dd697d include_src parameter in example; Whitespace cleanup\nb662eb8 fix typos in "repositories"\n1be7457 Fix (#10451) - apt::ppa fails to "apt-get update" when new PPA source is added\n864302a Set the pin priority before adding the source (Fix #10449)\n1de4e0a Refactored as per mlitteken\n1af9a13 Added some crazy bash madness to check if the ppa is installed already. Otherwise the manifest tries to add it on every run!\n52ca73e (#8720) Replace Apt::Ppa with Apt::Builddep\n5c05fa0 added builddep command.\na11af50 added the ability to specify the content of a key\nc42db0f Fixes ppa test.\n77d2b0d reformatted whitespace to match recommended style of 2 space indentation.\n27ebdfc ignore swap files.\n377d58a added smoke tests for module.\n18f614b reformatted apt::ppa according to recommended style.\nd8a1e4e Created a params class to hold global data.\n636ae85 Added two params for apt class\n148fc73 Update LICENSE.\ned2d19e Support ability to add more than one PPA\n420d537 Add call to apt-update after add-apt-repository in apt::ppa\n945be77 Add package definition for python-software-properties\n71fc425 Abs paths for all commands\n9d51cd1 Adding LICENSE\n71796e3 Heading fix in README\n87777d8 Typo in README\nf848bac First commit\n</pre></section>",
|
|
563
563
|
"license": "<section class=\"plaintext\"><pre>Copyright (c) 2011 Evolving Web Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the "Software"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n</pre></section>",
|
|
564
564
|
"created_at": "2013-10-15 11:06:03 -0700",
|
|
@@ -903,8 +903,8 @@
|
|
|
903
903
|
"file_size": 51834,
|
|
904
904
|
"file_md5": "7862ef0aa64d9a4b87152ef27302c9e4",
|
|
905
905
|
"downloads": 53034,
|
|
906
|
-
"readme": "<section class=\"markdown\"><h1>firewall</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-firewall\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-firewall.png?branch=master\" alt=\"Build Status\"></a></p>\n\n<h4>Table of Contents</h4>\n\n<ol>\n<li><a href=\"#overview\">Overview - What is the Firewall module?</a></li>\n<li><a href=\"#module-description\">Module Description - What does the module do?</a></li>\n<li><a href=\"#setup\">Setup - The basics of getting started with Firewall</a>\n\n<ul>\n<li><a href=\"#what-firewall-affects\">What Firewall affects</a></li>\n<li><a href=\"#setup-requirements\">Setup Requirements</a></li>\n<li><a href=\"#beginning-with-firewall\">Beginning with Firewall</a></li>\n<li><a href=\"#upgrading\">Upgrading</a></li>\n</ul></li>\n<li><a href=\"#usage\">Usage - Configuration and customization options</a>\n\n<ul>\n<li><a href=\"#default-rules\">Default rules - Setting up general configurations for all firewalls</a></li>\n<li><a href=\"#application-specific-rules\">Application-specific rules - Options for configuring and managing firewalls across applications</a></li>\n<li><a href=\"#other-rules\">Other Rules</a></li>\n</ul></li>\n<li><a href=\"#reference\">Reference - An under-the-hood peek at what the module is doing</a></li>\n<li><a href=\"#limitations\">Limitations - OS compatibility, etc.</a></li>\n<li><a href=\"#development\">Development - Guide for contributing to the module</a>\n\n<ul>\n<li><a href=\"#tests\">Tests - Testing your configuration</a></li>\n</ul></li>\n</ol>\n\n<h2>Overview</h2>\n\n<p>The Firewall module lets you manage firewall rules with Puppet.</p>\n\n<h2>Module Description</h2>\n\n<p>PuppetLabs' Firewall introduces the resource <code>firewall</code>, which is used to manage and configure firewall rules from within the Puppet DSL. This module offers support for iptables, ip6tables, and ebtables.</p>\n\n<p>The module also introduces the resource <code>firewallchain</code>, which allows you to manage chains or firewall lists. At the moment, only iptables and ip6tables chains are supported.</p>\n\n<h2>Setup</h2>\n\n<h3>What Firewall affects:</h3>\n\n<ul>\n<li>every node running a firewall</li>\n<li>system's firewall settings</li>\n<li>connection settings for managed nodes</li>\n<li>unmanaged resources (get purged)</li>\n<li>site.pp</li>\n</ul>\n\n<h3>Setup Requirements</h3>\n\n<p>Firewall uses Ruby-based providers, so you must have <a href=\"http://docs.puppetlabs.com/guides/plugins_in_modules.html#enabling-pluginsync\">pluginsync enabled</a>.</p>\n\n<h3>Beginning with Firewall</h3>\n\n<p>To begin, you need to provide some initial top-scope configuration to ensure your firewall configurations are ordered properly and you do not lock yourself out of your box or lose any configuration.</p>\n\n<p>Persistence of rules between reboots is handled automatically, although there are known issues with ip6tables on older Debian/Ubuntu, as well as known issues with ebtables.</p>\n\n<p>In your <code>site.pp</code> (or some similarly top-scope file), set up a metatype to purge unmanaged firewall resources. This will clear any existing rules and make sure that only rules defined in Puppet exist on the machine.</p>\n\n<pre><code>resources { "firewall":\n purge => true\n}\n</code></pre>\n\n<p>Next, set up the default parameters for all of the firewall rules you will be establishing later. These defaults will ensure that the pre and post classes (you will be setting up in just a moment) are run in the correct order to avoid locking you out of your box during the first puppet run.</p>\n\n<pre><code>Firewall {\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n}\n</code></pre>\n\n<p>You also need to declare the <code>my_fw::pre</code> & <code>my_fw::post</code> classes so that dependencies are satisfied. This can be achieved using an External Node Classifier or the following</p>\n\n<pre><code>class { ['my_fw::pre', 'my_fw::post']: }\n</code></pre>\n\n<p>Finally, you should include the <code>firewall</code> class to ensure the correct packages are installed.</p>\n\n<pre><code>class { 'firewall': }\n</code></pre>\n\n<p>Now to create the <code>my_fw::pre</code> and <code>my_fw::post</code> classes. Firewall acts on your running firewall, making immediate changes as the catalog executes. Defining default pre and post rules allows you provide global defaults for your hosts before and after any custom rules; it is also required to avoid locking yourself out of your own boxes when Puppet runs. This approach employs a whitelist setup, so you can define what rules you want and everything else is ignored rather than removed.</p>\n\n<p>The <code>pre</code> class should be located in <code>my_fw/manifests/pre.pp</code> and should contain any default rules to be applied first.</p>\n\n<pre><code>class my_fw::pre {\n Firewall {\n require => undef,\n }\n\n # Default firewall rules\n firewall { '000 accept all icmp':\n proto => 'icmp',\n action => 'accept',\n }->\n firewall { '001 accept all to lo interface':\n proto => 'all',\n iniface => 'lo',\n action => 'accept',\n }->\n firewall { '002 accept related established rules':\n proto => 'all',\n state => ['RELATED', 'ESTABLISHED'],\n action => 'accept',\n }\n}\n</code></pre>\n\n<p>The rules in <code>pre</code> should allow basic networking (such as ICMP and TCP), as well as ensure that existing connections are not closed.</p>\n\n<p>The <code>post</code> class should be located in <code>my_fw/manifests/post.pp</code> and include any default rules to be applied last.</p>\n\n<pre><code>class my_fw::post {\n firewall { '999 drop all':\n proto => 'all',\n action => 'drop',\n before => undef,\n }\n}\n</code></pre>\n\n<p>To put it all together: the <code>before</code> parameter in <code>Firewall {}</code> ensures <code>my_fw::post</code> is run before any other rules and the the <code>require</code> parameter ensures <code>my_fw::pre</code> is run after any other rules. So the run order is:</p>\n\n<ul>\n<li>run the rules in <code>my_fw::pre</code></li>\n<li>run your rules (defined in code)</li>\n<li>run the rules in <code>my_fw::post</code></li>\n</ul>\n\n<h3>Upgrading</h3>\n\n<h4>Upgrading from version 0.2.0 and newer</h4>\n\n<p>Upgrade the module with the puppet module tool as normal:</p>\n\n<pre><code>puppet module upgrade puppetlabs/firewall\n</code></pre>\n\n<h4>Upgrading from version 0.1.1 and older</h4>\n\n<p>Start by upgrading the module using the puppet module tool:</p>\n\n<pre><code>puppet module upgrade puppetlabs/firewall\n</code></pre>\n\n<p>Previously, you would have required the following in your <code>site.pp</code> (or some other global location):</p>\n\n<pre><code># Always persist firewall rules\nexec { 'persist-firewall':\n command => $operatingsystem ? {\n 'debian' => '/sbin/iptables-save > /etc/iptables/rules.v4',\n /(RedHat|CentOS)/ => '/sbin/iptables-save > /etc/sysconfig/iptables',\n },\n refreshonly => true,\n}\nFirewall {\n notify => Exec['persist-firewall'],\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n}\nFirewallchain {\n notify => Exec['persist-firewall'],\n}\nresources { "firewall":\n purge => true\n}\n</code></pre>\n\n<p>With the latest version, we now have in-built persistence, so this is no longer needed. However, you will still need some basic setup to define pre & post rules.</p>\n\n<pre><code>resources { "firewall":\n purge => true\n}\nFirewall {\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n}\nclass { ['my_fw::pre', 'my_fw::post']: }\nclass { 'firewall': }\n</code></pre>\n\n<p>Consult the the documentation below for more details around the classes <code>my_fw::pre</code> and <code>my_fw::post</code>.</p>\n\n<h2>Usage</h2>\n\n<p>There are two kinds of firewall rules you can use with Firewall: default rules and application-specific rules. Default rules apply to general firewall settings, whereas application-specific rules manage firewall settings of a specific application, node, etc.</p>\n\n<p>All rules employ a numbering system in the resource's title that is used for ordering. When titling your rules, make sure you prefix the rule with a number.</p>\n\n<pre><code> 000 this runs first\n 999 this runs last\n</code></pre>\n\n<h3>Default rules</h3>\n\n<p>You can place default rules in either <code>my_fw::pre</code> or <code>my_fw::post</code>, depending on when you would like them to run. Rules placed in the <code>pre</code> class will run first, rules in the <code>post</code> class, last.</p>\n\n<p>Depending on the provider, the title of the rule can be stored using the comment feature of the underlying firewall subsystem. Values can match <code>/^\\d+[[:alpha:][:digit:][:punct:][:space:]]+$/</code>.</p>\n\n<h4>Examples of default rules</h4>\n\n<p>Basic accept ICMP request example:</p>\n\n<pre><code>firewall { "000 accept all icmp requests":\n proto => "icmp",\n action => "accept",\n}\n</code></pre>\n\n<p>Drop all:</p>\n\n<pre><code>firewall { "999 drop all other requests":\n action => "drop",\n}\n</code></pre>\n\n<h3>Application-specific rules</h3>\n\n<p>Application-specific rules can live anywhere you declare the firewall resource. It is best to put your firewall rules close to the service that needs it, such as in the module that configures it.</p>\n\n<p>You should be able to add firewall rules to your application-specific classes so firewalling is performed at the same time when the class is invoked.</p>\n\n<p>For example, if you have an Apache module, you could declare the class as below</p>\n\n<pre><code>class apache {\n firewall { '100 allow http and https access':\n port => [80, 443],\n proto => tcp,\n action => accept,\n }\n # ... the rest of your code ...\n}\n</code></pre>\n\n<p>When someone uses the class, firewalling is provided automatically.</p>\n\n<pre><code>class { 'apache': }\n</code></pre>\n\n<h3>Other rules</h3>\n\n<p>You can also apply firewall rules to specific nodes. Usually, you will want to put the firewall rule in another class and apply that class to a node. But you can apply a rule to a node.</p>\n\n<pre><code>node 'foo.bar.com' {\n firewall { '111 open port 111':\n dport => 111\n }\n}\n</code></pre>\n\n<p>You can also do more complex things with the <code>firewall</code> resource. Here we are doing some NAT configuration.</p>\n\n<pre><code>firewall { '100 snat for network foo2':\n chain => 'POSTROUTING',\n jump => 'MASQUERADE',\n proto => 'all',\n outiface => "eth0",\n source => '10.1.2.0/24',\n table => 'nat',\n}\n</code></pre>\n\n<p>In the below example, we are creating a new chain and forwarding any port 5000 access to it.</p>\n\n<pre><code>firewall { '100 forward to MY_CHAIN':\n chain => 'INPUT',\n jump => 'MY_CHAIN',\n}\n# The namevar here is in the format chain_name:table:protocol\nfirewallchain { 'MY_CHAIN:filter:IPv4':\n ensure => present,\n}\nfirewall { '100 my rule':\n chain => 'MY_CHAIN',\n action => 'accept',\n proto => 'tcp',\n dport => 5000,\n}\n</code></pre>\n\n<h3>Additional Information</h3>\n\n<p>You can access the inline documentation:</p>\n\n<pre><code>puppet describe firewall\n</code></pre>\n\n<p>Or</p>\n\n<pre><code>puppet doc -r type\n(and search for firewall)\n</code></pre>\n\n<h2>Reference</h2>\n\n<p>Classes:</p>\n\n<ul>\n<li><a href=\"#class-firewall\">firewall</a></li>\n</ul>\n\n<p>Types:</p>\n\n<ul>\n<li><a href=\"#type-firewall\">firewall</a></li>\n<li><a href=\"#type-firewallchain\">firewallchain</a></li>\n</ul>\n\n<p>Facts:</p>\n\n<ul>\n<li><a href=\"#fact-ip6tablesversion\">ip6tables_version</a></li>\n<li><a href=\"#fact-iptablesversion\">iptables_version</a></li>\n<li><a href=\"#fact-iptablespersistentversion\">iptables_persistent_version</a></li>\n</ul>\n\n<h3>Class: firewall</h3>\n\n<p>This class is provided to do the basic setup tasks required for using the firewall resources.</p>\n\n<p>At the moment this takes care of:</p>\n\n<ul>\n<li>iptables-persistent package installation</li>\n</ul>\n\n<p>You should include the class for nodes that need to use the resources in this module. For example</p>\n\n<pre><code>class { 'firewall': }\n</code></pre>\n\n<h4><code>ensure</code></h4>\n\n<p>Indicates the state of <code>iptables</code> on your system, allowing you to disable <code>iptables</code> if desired.</p>\n\n<p>Can either be <code>running</code> or <code>stopped</code>. Default to <code>running</code>.</p>\n\n<h3>Type: firewall</h3>\n\n<p>This type provides the capability to manage firewall rules within puppet.</p>\n\n<p>For more documentation on the type, access the 'Types' tab on the Puppet Labs Forge:</p>\n\n<p><a href=\"http://forge.puppetlabs.com/puppetlabs/firewall#types\">http://forge.puppetlabs.com/puppetlabs/firewall#types</a></p>\n\n<h3>Type:: firewallchain</h3>\n\n<p>This type provides the capability to manage rule chains for firewalls.</p>\n\n<p>For more documentation on the type, access the 'Types' tab on the Puppet Labs Forge:</p>\n\n<p><a href=\"http://forge.puppetlabs.com/puppetlabs/firewall#types\">http://forge.puppetlabs.com/puppetlabs/firewall#types</a></p>\n\n<h3>Fact: ip6tables_version</h3>\n\n<p>The module provides a Facter fact that can be used to determine what the default version of ip6tables is for your operating system/distribution.</p>\n\n<h3>Fact: iptables_version</h3>\n\n<p>The module provides a Facter fact that can be used to determine what the default version of iptables is for your operating system/distribution.</p>\n\n<h3>Fact: iptables_persistent_version</h3>\n\n<p>Retrieves the version of iptables-persistent from your OS. This is a Debian/Ubuntu specific fact.</p>\n\n<h2>Limitations</h2>\n\n<p>While we aim to support as low as Puppet 2.6.x (for now), we recommend installing the latest Puppet version from the Puppetlabs official repos.</p>\n\n<p>Please note, we only aim support for the following distributions and versions - that is, we actually do ongoing system tests on these platforms:</p>\n\n<ul>\n<li>Redhat 5.9 and 6.4</li>\n<li>Debian 6.0 and 7.0</li>\n<li>Ubuntu 10.04 and 12.04</li>\n</ul>\n\n<p>If you want a new distribution supported feel free to raise a ticket and we'll consider it. If you want an older revision supported we'll also consider it, but don't get insulted if we reject it. Specifically, we will not consider Redhat 4.x support - its just too old.</p>\n\n<p>If you really want to get support for your OS we suggest writing any patch fix yourself, and for continual system testing if you can provide a sufficient trusted Veewee template we could consider adding such an OS to our ongoing continuous integration tests.</p>\n\n<p>Also, as this is a 0.x release the API is still in flux and may change. Make sure\nyou read the release notes before upgrading.</p>\n\n<p>Bugs can be reported using Github Issues:</p>\n\n<p><a href=\"http://github.com/puppetlabs/puppetlabs-firewall/issues\">http://github.com/puppetlabs/puppetlabs-firewall/issues</a></p>\n\n<h2>Development</h2>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n\n<p>For this particular module, please also read CONTRIBUTING.md before contributing.</p>\n\n<p>Currently we support:</p>\n\n<ul>\n<li>iptables</li>\n<li>ip6tables</li>\n<li>ebtables (chains only)</li>\n</ul>\n\n<p>But plans are to support lots of other firewall implementations:</p>\n\n<ul>\n<li>FreeBSD (ipf)</li>\n<li>Mac OS X (ipfw)</li>\n<li>OpenBSD (pf)</li>\n<li>Cisco (ASA and basic access lists)</li>\n</ul>\n\n<p>If you have knowledge in these technologies, know how to code, and wish to contribute to this project, we would welcome the help.</p>\n\n<h3>Testing</h3>\n\n<p>Make sure you have:</p>\n\n<ul>\n<li>rake</li>\n<li>bundler</li>\n</ul>\n\n<p>Install the necessary gems:</p>\n\n<pre><code>bundle install\n</code></pre>\n\n<p>And run the tests from the root of the source code:</p>\n\n<pre><code>rake test\n</code></pre>\n\n<p>If you have a copy of Vagrant 1.1.0 you can also run the system tests:</p>\n\n<pre><code>RSPEC_SET=debian-606-x64 rake spec:system\nRSPEC_SET=centos-58-x64 rake spec:system\n</code></pre>\n\n<p><em>Note:</em> system testing is fairly alpha at this point, your mileage may vary.</p>\n</section>",
|
|
907
|
-
"changelog": "<section class=\"plaintext\"><pre>## puppetlabs-firewall changelog\n\nRelease notes for puppetlabs-firewall module.\n\n---------------------------------------\n\n#### 0.4.2 - 2013-09-10\n\nAnother attempt to fix the packaging issue. We think we understand exactly\nwhat is failing and this should work properly for the first time.\n\n---------------------------------------\n\n#### 0.4.1 - 2013-08-09\n\nBugfix release to fix a packaging issue that may have caused puppet module\ninstall commands to fail.\n\n---------------------------------------\n\n#### 0.4.0 - 2013-07-11\n\nThis release adds support for address type, src/dest ip ranges, and adds\nadditional testing and bugfixes.\n\n#### Features\n* Add `src_type` and `dst_type` attributes (Nick Stenning)\n* Add `src_range` and `dst_range` attributes (Lei Zhang)\n* Add SL and SLC operatingsystems as supported (Steve Traylen)\n\n#### Bugfixes\n* Fix parser for bursts other than 5 (Chris Rutter)\n* Fix parser for -f in --comment (Georg Koester)\n* Add doc headers to class files (Dan Carley)\n* Fix lint warnings/errors (Wolf Noble)\n\n---------------------------------------\n\n#### 0.3.1 - 2013/6/10\n\nThis minor release provides some bugfixes and additional tests.\n\n#### Changes\n\n* Update tests for rspec-system-puppet 2 (Ken Barber)\n* Update rspec-system tests for rspec-system-puppet 1.5 (Ken Barber)\n* Ensure all services have 'hasstatus => true' for Puppet 2.6 (Ken Barber)\n* Accept pre-existing rule with invalid name (Joe Julian)\n* Swap log_prefix and log_level order to match the way it's saved (Ken Barber)\n* Fix log test to replicate bug #182 (Ken Barber)\n* Split argments while maintaining quoted strings (Joe Julian)\n* Add more log param tests (Ken Barber)\n* Add extra tests for logging parameters (Ken Barber)\n* Clarify OS support (Ken Barber)\n\n---------------------------------------\n\n#### 0.3.0 - 2013/4/25\n\nThis release introduces support for Arch Linux and extends support for Fedora 15 and up. There are also lots of bugs fixed and improved testing to prevent regressions.\n\n##### Changes\n\n* Fix error reporting for insane hostnames (Tomas Doran)\n* Support systemd on Fedora 15 and up (Eduardo Gutierrez)\n* Move examples to docs (Ken Barber)\n* Add support for Arch Linux platform (Ingmar Steen)\n* Add match rule for fragments (Georg Koester)\n* Fix boolean rules being recognized as changed (Georg Koester)\n* Same rules now get deleted (Anastasis Andronidis)\n* Socket params test (Ken Barber)\n* Ensure parameter can disable firewall (Marc Tardif)\n\n---------------------------------------\n\n#### 0.2.1 - 2012/3/13\n\nThis maintenance release introduces the new README layout, and fixes a bug with iptables_persistent_version.\n\n##### Changes\n\n* (GH-139) Throw away STDERR from dpkg-query in Fact\n* Update README to be consistent with module documentation template\n* Fix failing spec tests due to dpkg change in iptables_persistent_version\n\n---------------------------------------\n\n#### 0.2.0 - 2012/3/3\n\nThis release introduces automatic persistence, removing the need for the previous manual dependency requirement for persistent the running rules to the OS persistence file.\n\nPreviously you would have required the following in your site.pp (or some other global location):\n\n # Always persist firewall rules\n exec { 'persist-firewall':\n command => $operatingsystem ? {\n 'debian' => '/sbin/iptables-save > /etc/iptables/rules.v4',\n /(RedHat|CentOS)/ => '/sbin/iptables-save > /etc/sysconfig/iptables',\n },\n refreshonly => true,\n }\n Firewall {\n notify => Exec['persist-firewall'],\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n }\n Firewallchain {\n notify => Exec['persist-firewall'],\n }\n resources { "firewall":\n purge => true\n }\n\nYou only need:\n\n class { 'firewall': }\n Firewall {\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n }\n\nTo install pre-requisites and to create dependencies on your pre & post rules. Consult the README for more information.\n\n##### Changes\n\n* Firewall class manifests (Dan Carley)\n* Firewall and firewallchain persistence (Dan Carley)\n* (GH-134) Autorequire iptables related packages (Dan Carley)\n* Typo in #persist_iptables OS normalisation (Dan Carley)\n* Tests for #persist_iptables (Dan Carley)\n* (GH-129) Replace errant return in autoreq block (Dan Carley)\n\n---------------------------------------\n\n#### 0.1.1 - 2012/2/28\n\nThis release primarily fixes changing parameters in 3.x\n\n##### Changes\n\n* (GH-128) Change method_missing usage to define_method for 3.x compatibility\n* Update travis.yml gem specifications to actually test 2.6\n* Change source in Gemfile to use a specific URL for Ruby 2.0.0 compatibility\n\n---------------------------------------\n\n#### 0.1.0 - 2012/2/24\n\nThis release is somewhat belated, so no summary as there are far too many changes this time around. Hopefully we won't fall this far behind again :-).\n\n##### Changes\n\n* Add support for MARK target and set-mark property (Johan Huysmans)\n* Fix broken call to super for ruby-1.9.2 in munge (Ken Barber)\n* simple fix of the error message for allowed values of the jump property (Daniel Black)\n* Adding OSPF(v3) protocol to puppetlabs-firewall (Arnoud Vermeer)\n* Display multi-value: port, sport, dport and state command seperated (Daniel Black)\n* Require jump=>LOG for log params (Daniel Black)\n* Reject and document icmp => "any" (Dan Carley)\n* add firewallchain type and iptables_chain provider (Daniel Black)\n* Various fixes for firewallchain resource (Ken Barber)\n* Modify firewallchain name to be chain:table:protocol (Ken Barber)\n* Fix allvalidchain iteration (Ken Barber)\n* Firewall autorequire Firewallchains (Dan Carley)\n* Tests and docstring for chain autorequire (Dan Carley)\n* Fix README so setup instructions actually work (Ken Barber)\n* Support vlan interfaces (interface containing ".") (Johan Huysmans)\n* Add tests for VLAN support for iniface/outiface (Ken Barber)\n* Add the table when deleting rules (Johan Huysmans)\n* Fix tests since we are now prefixing -t)\n* Changed 'jump' to 'action', commands to lower case (Jason Short)\n* Support interface names containing "+" (Simon Deziel)\n* Fix for when iptables-save spews out "FATAL" errors (Sharif Nassar)\n* Fix for incorrect limit command arguments for ip6tables provider (Michael Hsu)\n* Document Util::Firewall.host_to_ip (Dan Carley)\n* Nullify addresses with zero prefixlen (Dan Carley)\n* Add support for --tcp-flags (Thomas Vander Stichele)\n* Make tcp_flags support a feature (Ken Barber)\n* OUTPUT is a valid chain for the mangle table (Adam Gibbins)\n* Enable travis-ci support (Ken Barber)\n* Convert an existing test to CIDR (Dan Carley)\n* Normalise iptables-save to CIDR (Dan Carley)\n* be clearer about what distributions we support (Ken Barber)\n* add gre protocol to list of acceptable protocols (Jason Hancock)\n* Added pkttype property (Ashley Penney)\n* Fix mark to not repeat rules with iptables 1.4.1+ (Sharif Nassar)\n* Stub iptables_version for now so tests run on non-Linux hosts (Ken Barber)\n* Stub iptables facts for set_mark tests (Dan Carley)\n* Update formatting of README to meet Puppet Labs best practices (Will Hopper)\n* Support for ICMP6 type code resolutions (Dan Carley)\n* Insert order hash included chains from different tables (Ken Barber)\n* rspec 2.11 compatibility (Jonathan Boyett)\n* Add missing class declaration in README (sfozz)\n* array_matching is contraindicated (Sharif Nassar)\n* Convert port Fixnum into strings (Sharif Nassar)\n* Update test framework to the modern age (Ken Barber)\n* working with ip6tables support (wuwx)\n* Remove gemfile.lock and add to gitignore (William Van Hevelingen)\n* Update travis and gemfile to be like stdlib travis files (William Van Hevelingen)\n* Add support for -m socket option (Ken Barber)\n* Add support for single --sport and --dport parsing (Ken Barber)\n* Fix tests for Ruby 1.9.3 from 3e13bf3 (Dan Carley)\n* Mock Resolv.getaddress in #host_to_ip (Dan Carley)\n* Update docs for source and dest - they are not arrays (Ken Barber)\n\n---------------------------------------\n\n#### 0.0.4 - 2011/12/05\n\nThis release adds two new parameters, 'uid' and 'gid'. As a part of the owner module, these params allow you to specify a uid, username, gid, or group got a match:\n\n firewall { '497 match uid':\n port => '123',\n proto => 'mangle',\n chain => 'OUTPUT',\n action => 'drop'\n uid => '123'\n }\n\nThis release also adds value munging for the 'log_level', 'source', and 'destination' parameters. The 'source' and 'destination' now support hostnames:\n\n firewall { '498 accept from puppetlabs.com':\n port => '123',\n proto => 'tcp',\n source => 'puppetlabs.com',\n action => 'accept'\n }\n\n\nThe 'log_level' parameter now supports using log level names, such as 'warn', 'debug', and 'panic':\n\n firewall { '499 logging':\n port => '123',\n proto => 'udp',\n log_level => 'debug',\n action => 'drop'\n }\n\nAdditional changes include iptables and ip6tables version facts, general whitespace cleanup, and adding additional unit tests.\n\n##### Changes\n\n* (#10957) add iptables_version and ip6tables_version facts\n* (#11093) Improve log_level property so it converts names to numbers\n* (#10723) Munge hostnames and IPs to IPs with CIDR\n* (#10718) Add owner-match support\n* (#10997) Add fixtures for ipencap\n* (#11034) Whitespace cleanup\n* (#10690) add port property support to ip6tables\n\n---------------------------------------\n\n#### 0.0.3 - 2011/11/12\n\nThis release introduces a new parameter 'port' which allows you to set both\nsource and destination ports for a match:\n\n firewall { "500 allow NTP requests":\n port => "123",\n proto => "udp",\n action => "accept",\n }\n\nWe also have the limit parameter finally working:\n\n firewall { "500 limit HTTP requests":\n dport => 80,\n proto => tcp,\n limit => "60/sec",\n burst => 30,\n action => accept,\n }\n\nState ordering has been fixed now, and more characters are allowed in the\nnamevar:\n\n* Alphabetical\n* Numbers\n* Punctuation\n* Whitespace\n\n##### Changes\n\n* (#10693) Ensure -m limit is added for iptables when using 'limit' param\n* (#10690) Create new port property\n* (#10700) allow additional characters in comment string\n* (#9082) Sort iptables --state option values internally to keep it consistent across runs\n* (#10324) Remove extraneous whitespace from iptables rule line in spec tests\n\n---------------------------------------\n\n#### 0.0.2 - 2011/10/26\n\nThis is largely a maintanence and cleanup release, but includes the ability to\nspecify ranges of ports in the sport/dport parameter:\n\n firewall { "500 allow port range":\n dport => ["3000-3030","5000-5050"],\n sport => ["1024-65535"],\n action => "accept",\n }\n\n##### Changes\n\n* (#10295) Work around bug #4248 whereby the puppet/util paths are not being loaded correctly on the puppetmaster\n* (#10002) Change to dport and sport to handle ranges, and fix handling of name to name to port\n* (#10263) Fix tests on Puppet 2.6.x\n* (#10163) Cleanup some of the inline documentation and README file to align with general forge usage\n\n---------------------------------------\n\n#### 0.0.1 - 2011/10/18\n\nInitial release.\n\n##### Changes\n\n* (#9362) Create action property and perform transformation for accept, drop, reject value for iptables jump parameter\n* (#10088) Provide a customised version of CONTRIBUTING.md\n* (#10026) Re-arrange provider and type spec files to align with Puppet\n* (#10026) Add aliases for test,specs,tests to Rakefile and provide -T as default\n* (#9439) fix parsing and deleting existing rules\n* (#9583) Fix provider detection for gentoo and unsupported linuxes for the iptables provider\n* (#9576) Stub provider so it works properly outside of Linux\n* (#9576) Align spec framework with Puppet core\n* and lots of other earlier development tasks ...\n</pre></section>",
|
|
906
|
+
"readme": "<section class=\"markdown\"><h1>firewall</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-firewall\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-firewall.png?branch=main\" alt=\"Build Status\"></a></p>\n\n<h4>Table of Contents</h4>\n\n<ol>\n<li><a href=\"#overview\">Overview - What is the Firewall module?</a></li>\n<li><a href=\"#module-description\">Module Description - What does the module do?</a></li>\n<li><a href=\"#setup\">Setup - The basics of getting started with Firewall</a>\n\n<ul>\n<li><a href=\"#what-firewall-affects\">What Firewall affects</a></li>\n<li><a href=\"#setup-requirements\">Setup Requirements</a></li>\n<li><a href=\"#beginning-with-firewall\">Beginning with Firewall</a></li>\n<li><a href=\"#upgrading\">Upgrading</a></li>\n</ul></li>\n<li><a href=\"#usage\">Usage - Configuration and customization options</a>\n\n<ul>\n<li><a href=\"#default-rules\">Default rules - Setting up general configurations for all firewalls</a></li>\n<li><a href=\"#application-specific-rules\">Application-specific rules - Options for configuring and managing firewalls across applications</a></li>\n<li><a href=\"#other-rules\">Other Rules</a></li>\n</ul></li>\n<li><a href=\"#reference\">Reference - An under-the-hood peek at what the module is doing</a></li>\n<li><a href=\"#limitations\">Limitations - OS compatibility, etc.</a></li>\n<li><a href=\"#development\">Development - Guide for contributing to the module</a>\n\n<ul>\n<li><a href=\"#tests\">Tests - Testing your configuration</a></li>\n</ul></li>\n</ol>\n\n<h2>Overview</h2>\n\n<p>The Firewall module lets you manage firewall rules with Puppet.</p>\n\n<h2>Module Description</h2>\n\n<p>PuppetLabs' Firewall introduces the resource <code>firewall</code>, which is used to manage and configure firewall rules from within the Puppet DSL. This module offers support for iptables, ip6tables, and ebtables.</p>\n\n<p>The module also introduces the resource <code>firewallchain</code>, which allows you to manage chains or firewall lists. At the moment, only iptables and ip6tables chains are supported.</p>\n\n<h2>Setup</h2>\n\n<h3>What Firewall affects:</h3>\n\n<ul>\n<li>every node running a firewall</li>\n<li>system's firewall settings</li>\n<li>connection settings for managed nodes</li>\n<li>unmanaged resources (get purged)</li>\n<li>site.pp</li>\n</ul>\n\n<h3>Setup Requirements</h3>\n\n<p>Firewall uses Ruby-based providers, so you must have <a href=\"http://docs.puppetlabs.com/guides/plugins_in_modules.html#enabling-pluginsync\">pluginsync enabled</a>.</p>\n\n<h3>Beginning with Firewall</h3>\n\n<p>To begin, you need to provide some initial top-scope configuration to ensure your firewall configurations are ordered properly and you do not lock yourself out of your box or lose any configuration.</p>\n\n<p>Persistence of rules between reboots is handled automatically, although there are known issues with ip6tables on older Debian/Ubuntu, as well as known issues with ebtables.</p>\n\n<p>In your <code>site.pp</code> (or some similarly top-scope file), set up a metatype to purge unmanaged firewall resources. This will clear any existing rules and make sure that only rules defined in Puppet exist on the machine.</p>\n\n<pre><code>resources { "firewall":\n purge => true\n}\n</code></pre>\n\n<p>Next, set up the default parameters for all of the firewall rules you will be establishing later. These defaults will ensure that the pre and post classes (you will be setting up in just a moment) are run in the correct order to avoid locking you out of your box during the first puppet run.</p>\n\n<pre><code>Firewall {\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n}\n</code></pre>\n\n<p>You also need to declare the <code>my_fw::pre</code> & <code>my_fw::post</code> classes so that dependencies are satisfied. This can be achieved using an External Node Classifier or the following</p>\n\n<pre><code>class { ['my_fw::pre', 'my_fw::post']: }\n</code></pre>\n\n<p>Finally, you should include the <code>firewall</code> class to ensure the correct packages are installed.</p>\n\n<pre><code>class { 'firewall': }\n</code></pre>\n\n<p>Now to create the <code>my_fw::pre</code> and <code>my_fw::post</code> classes. Firewall acts on your running firewall, making immediate changes as the catalog executes. Defining default pre and post rules allows you provide global defaults for your hosts before and after any custom rules; it is also required to avoid locking yourself out of your own boxes when Puppet runs. This approach employs a allowlist setup, so you can define what rules you want and everything else is ignored rather than removed.</p>\n\n<p>The <code>pre</code> class should be located in <code>my_fw/manifests/pre.pp</code> and should contain any default rules to be applied first.</p>\n\n<pre><code>class my_fw::pre {\n Firewall {\n require => undef,\n }\n\n # Default firewall rules\n firewall { '000 accept all icmp':\n proto => 'icmp',\n action => 'accept',\n }->\n firewall { '001 accept all to lo interface':\n proto => 'all',\n iniface => 'lo',\n action => 'accept',\n }->\n firewall { '002 accept related established rules':\n proto => 'all',\n state => ['RELATED', 'ESTABLISHED'],\n action => 'accept',\n }\n}\n</code></pre>\n\n<p>The rules in <code>pre</code> should allow basic networking (such as ICMP and TCP), as well as ensure that existing connections are not closed.</p>\n\n<p>The <code>post</code> class should be located in <code>my_fw/manifests/post.pp</code> and include any default rules to be applied last.</p>\n\n<pre><code>class my_fw::post {\n firewall { '999 drop all':\n proto => 'all',\n action => 'drop',\n before => undef,\n }\n}\n</code></pre>\n\n<p>To put it all together: the <code>before</code> parameter in <code>Firewall {}</code> ensures <code>my_fw::post</code> is run before any other rules and the the <code>require</code> parameter ensures <code>my_fw::pre</code> is run after any other rules. So the run order is:</p>\n\n<ul>\n<li>run the rules in <code>my_fw::pre</code></li>\n<li>run your rules (defined in code)</li>\n<li>run the rules in <code>my_fw::post</code></li>\n</ul>\n\n<h3>Upgrading</h3>\n\n<h4>Upgrading from version 0.2.0 and newer</h4>\n\n<p>Upgrade the module with the puppet module tool as normal:</p>\n\n<pre><code>puppet module upgrade puppetlabs/firewall\n</code></pre>\n\n<h4>Upgrading from version 0.1.1 and older</h4>\n\n<p>Start by upgrading the module using the puppet module tool:</p>\n\n<pre><code>puppet module upgrade puppetlabs/firewall\n</code></pre>\n\n<p>Previously, you would have required the following in your <code>site.pp</code> (or some other global location):</p>\n\n<pre><code># Always persist firewall rules\nexec { 'persist-firewall':\n command => $operatingsystem ? {\n 'debian' => '/sbin/iptables-save > /etc/iptables/rules.v4',\n /(RedHat|CentOS)/ => '/sbin/iptables-save > /etc/sysconfig/iptables',\n },\n refreshonly => true,\n}\nFirewall {\n notify => Exec['persist-firewall'],\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n}\nFirewallchain {\n notify => Exec['persist-firewall'],\n}\nresources { "firewall":\n purge => true\n}\n</code></pre>\n\n<p>With the latest version, we now have in-built persistence, so this is no longer needed. However, you will still need some basic setup to define pre & post rules.</p>\n\n<pre><code>resources { "firewall":\n purge => true\n}\nFirewall {\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n}\nclass { ['my_fw::pre', 'my_fw::post']: }\nclass { 'firewall': }\n</code></pre>\n\n<p>Consult the the documentation below for more details around the classes <code>my_fw::pre</code> and <code>my_fw::post</code>.</p>\n\n<h2>Usage</h2>\n\n<p>There are two kinds of firewall rules you can use with Firewall: default rules and application-specific rules. Default rules apply to general firewall settings, whereas application-specific rules manage firewall settings of a specific application, node, etc.</p>\n\n<p>All rules employ a numbering system in the resource's title that is used for ordering. When titling your rules, make sure you prefix the rule with a number.</p>\n\n<pre><code> 000 this runs first\n 999 this runs last\n</code></pre>\n\n<h3>Default rules</h3>\n\n<p>You can place default rules in either <code>my_fw::pre</code> or <code>my_fw::post</code>, depending on when you would like them to run. Rules placed in the <code>pre</code> class will run first, rules in the <code>post</code> class, last.</p>\n\n<p>Depending on the provider, the title of the rule can be stored using the comment feature of the underlying firewall subsystem. Values can match <code>/^\\d+[[:alpha:][:digit:][:punct:][:space:]]+$/</code>.</p>\n\n<h4>Examples of default rules</h4>\n\n<p>Basic accept ICMP request example:</p>\n\n<pre><code>firewall { "000 accept all icmp requests":\n proto => "icmp",\n action => "accept",\n}\n</code></pre>\n\n<p>Drop all:</p>\n\n<pre><code>firewall { "999 drop all other requests":\n action => "drop",\n}\n</code></pre>\n\n<h3>Application-specific rules</h3>\n\n<p>Application-specific rules can live anywhere you declare the firewall resource. It is best to put your firewall rules close to the service that needs it, such as in the module that configures it.</p>\n\n<p>You should be able to add firewall rules to your application-specific classes so firewalling is performed at the same time when the class is invoked.</p>\n\n<p>For example, if you have an Apache module, you could declare the class as below</p>\n\n<pre><code>class apache {\n firewall { '100 allow http and https access':\n port => [80, 443],\n proto => tcp,\n action => accept,\n }\n # ... the rest of your code ...\n}\n</code></pre>\n\n<p>When someone uses the class, firewalling is provided automatically.</p>\n\n<pre><code>class { 'apache': }\n</code></pre>\n\n<h3>Other rules</h3>\n\n<p>You can also apply firewall rules to specific nodes. Usually, you will want to put the firewall rule in another class and apply that class to a node. But you can apply a rule to a node.</p>\n\n<pre><code>node 'foo.bar.com' {\n firewall { '111 open port 111':\n dport => 111\n }\n}\n</code></pre>\n\n<p>You can also do more complex things with the <code>firewall</code> resource. Here we are doing some NAT configuration.</p>\n\n<pre><code>firewall { '100 snat for network foo2':\n chain => 'POSTROUTING',\n jump => 'MASQUERADE',\n proto => 'all',\n outiface => "eth0",\n source => '10.1.2.0/24',\n table => 'nat',\n}\n</code></pre>\n\n<p>In the below example, we are creating a new chain and forwarding any port 5000 access to it.</p>\n\n<pre><code>firewall { '100 forward to MY_CHAIN':\n chain => 'INPUT',\n jump => 'MY_CHAIN',\n}\n# The namevar here is in the format chain_name:table:protocol\nfirewallchain { 'MY_CHAIN:filter:IPv4':\n ensure => present,\n}\nfirewall { '100 my rule':\n chain => 'MY_CHAIN',\n action => 'accept',\n proto => 'tcp',\n dport => 5000,\n}\n</code></pre>\n\n<h3>Additional Information</h3>\n\n<p>You can access the inline documentation:</p>\n\n<pre><code>puppet describe firewall\n</code></pre>\n\n<p>Or</p>\n\n<pre><code>puppet doc -r type\n(and search for firewall)\n</code></pre>\n\n<h2>Reference</h2>\n\n<p>Classes:</p>\n\n<ul>\n<li><a href=\"#class-firewall\">firewall</a></li>\n</ul>\n\n<p>Types:</p>\n\n<ul>\n<li><a href=\"#type-firewall\">firewall</a></li>\n<li><a href=\"#type-firewallchain\">firewallchain</a></li>\n</ul>\n\n<p>Facts:</p>\n\n<ul>\n<li><a href=\"#fact-ip6tablesversion\">ip6tables_version</a></li>\n<li><a href=\"#fact-iptablesversion\">iptables_version</a></li>\n<li><a href=\"#fact-iptablespersistentversion\">iptables_persistent_version</a></li>\n</ul>\n\n<h3>Class: firewall</h3>\n\n<p>This class is provided to do the basic setup tasks required for using the firewall resources.</p>\n\n<p>At the moment this takes care of:</p>\n\n<ul>\n<li>iptables-persistent package installation</li>\n</ul>\n\n<p>You should include the class for nodes that need to use the resources in this module. For example</p>\n\n<pre><code>class { 'firewall': }\n</code></pre>\n\n<h4><code>ensure</code></h4>\n\n<p>Indicates the state of <code>iptables</code> on your system, allowing you to disable <code>iptables</code> if desired.</p>\n\n<p>Can either be <code>running</code> or <code>stopped</code>. Default to <code>running</code>.</p>\n\n<h3>Type: firewall</h3>\n\n<p>This type provides the capability to manage firewall rules within puppet.</p>\n\n<p>For more documentation on the type, access the 'Types' tab on the Puppet Labs Forge:</p>\n\n<p><a href=\"http://forge.puppetlabs.com/puppetlabs/firewall#types\">http://forge.puppetlabs.com/puppetlabs/firewall#types</a></p>\n\n<h3>Type:: firewallchain</h3>\n\n<p>This type provides the capability to manage rule chains for firewalls.</p>\n\n<p>For more documentation on the type, access the 'Types' tab on the Puppet Labs Forge:</p>\n\n<p><a href=\"http://forge.puppetlabs.com/puppetlabs/firewall#types\">http://forge.puppetlabs.com/puppetlabs/firewall#types</a></p>\n\n<h3>Fact: ip6tables_version</h3>\n\n<p>The module provides a Facter fact that can be used to determine what the default version of ip6tables is for your operating system/distribution.</p>\n\n<h3>Fact: iptables_version</h3>\n\n<p>The module provides a Facter fact that can be used to determine what the default version of iptables is for your operating system/distribution.</p>\n\n<h3>Fact: iptables_persistent_version</h3>\n\n<p>Retrieves the version of iptables-persistent from your OS. This is a Debian/Ubuntu specific fact.</p>\n\n<h2>Limitations</h2>\n\n<p>While we aim to support as low as Puppet 2.6.x (for now), we recommend installing the latest Puppet version from the Puppetlabs official repos.</p>\n\n<p>Please note, we only aim support for the following distributions and versions - that is, we actually do ongoing system tests on these platforms:</p>\n\n<ul>\n<li>Redhat 5.9 and 6.4</li>\n<li>Debian 6.0 and 7.0</li>\n<li>Ubuntu 10.04 and 12.04</li>\n</ul>\n\n<p>If you want a new distribution supported feel free to raise a ticket and we'll consider it. If you want an older revision supported we'll also consider it, but don't get insulted if we reject it. Specifically, we will not consider Redhat 4.x support - its just too old.</p>\n\n<p>If you really want to get support for your OS we suggest writing any patch fix yourself, and for continual system testing if you can provide a sufficient trusted Veewee template we could consider adding such an OS to our ongoing continuous integration tests.</p>\n\n<p>Also, as this is a 0.x release the API is still in flux and may change. Make sure\nyou read the release notes before upgrading.</p>\n\n<p>Bugs can be reported using Github Issues:</p>\n\n<p><a href=\"http://github.com/puppetlabs/puppetlabs-firewall/issues\">http://github.com/puppetlabs/puppetlabs-firewall/issues</a></p>\n\n<h2>Development</h2>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n\n<p>For this particular module, please also read CONTRIBUTING.md before contributing.</p>\n\n<p>Currently we support:</p>\n\n<ul>\n<li>iptables</li>\n<li>ip6tables</li>\n<li>ebtables (chains only)</li>\n</ul>\n\n<p>But plans are to support lots of other firewall implementations:</p>\n\n<ul>\n<li>FreeBSD (ipf)</li>\n<li>Mac OS X (ipfw)</li>\n<li>OpenBSD (pf)</li>\n<li>Cisco (ASA and basic access lists)</li>\n</ul>\n\n<p>If you have knowledge in these technologies, know how to code, and wish to contribute to this project, we would welcome the help.</p>\n\n<h3>Testing</h3>\n\n<p>Make sure you have:</p>\n\n<ul>\n<li>rake</li>\n<li>bundler</li>\n</ul>\n\n<p>Install the necessary gems:</p>\n\n<pre><code>bundle install\n</code></pre>\n\n<p>And run the tests from the root of the source code:</p>\n\n<pre><code>rake test\n</code></pre>\n\n<p>If you have a copy of Vagrant 1.1.0 you can also run the system tests:</p>\n\n<pre><code>RSPEC_SET=debian-606-x64 rake spec:system\nRSPEC_SET=centos-58-x64 rake spec:system\n</code></pre>\n\n<p><em>Note:</em> system testing is fairly alpha at this point, your mileage may vary.</p>\n</section>",
|
|
907
|
+
"changelog": "<section class=\"plaintext\"><pre>## puppetlabs-firewall changelog\n\nRelease notes for puppetlabs-firewall module.\n\n---------------------------------------\n\n#### 0.4.2 - 2013-09-10\n\nAnother attempt to fix the packaging issue. We think we understand exactly\nwhat is failing and this should work properly for the first time.\n\n---------------------------------------\n\n#### 0.4.1 - 2013-08-09\n\nBugfix release to fix a packaging issue that may have caused puppet module\ninstall commands to fail.\n\n---------------------------------------\n\n#### 0.4.0 - 2013-07-11\n\nThis release adds support for address type, src/dest ip ranges, and adds\nadditional testing and bugfixes.\n\n#### Features\n* Add `src_type` and `dst_type` attributes (Nick Stenning)\n* Add `src_range` and `dst_range` attributes (Lei Zhang)\n* Add SL and SLC operatingsystems as supported (Steve Traylen)\n\n#### Bugfixes\n* Fix parser for bursts other than 5 (Chris Rutter)\n* Fix parser for -f in --comment (Georg Koester)\n* Add doc headers to class files (Dan Carley)\n* Fix lint warnings/errors (Wolf Noble)\n\n---------------------------------------\n\n#### 0.3.1 - 2013/6/10\n\nThis minor release provides some bugfixes and additional tests.\n\n#### Changes\n\n* Update tests for rspec-system-puppet 2 (Ken Barber)\n* Update rspec-system tests for rspec-system-puppet 1.5 (Ken Barber)\n* Ensure all services have 'hasstatus => true' for Puppet 2.6 (Ken Barber)\n* Accept pre-existing rule with invalid name (Joe Julian)\n* Swap log_prefix and log_level order to match the way it's saved (Ken Barber)\n* Fix log test to replicate bug #182 (Ken Barber)\n* Split argments while maintaining quoted strings (Joe Julian)\n* Add more log param tests (Ken Barber)\n* Add extra tests for logging parameters (Ken Barber)\n* Clarify OS support (Ken Barber)\n\n---------------------------------------\n\n#### 0.3.0 - 2013/4/25\n\nThis release introduces support for Arch Linux and extends support for Fedora 15 and up. There are also lots of bugs fixed and improved testing to prevent regressions.\n\n##### Changes\n\n* Fix error reporting for insane hostnames (Tomas Doran)\n* Support systemd on Fedora 15 and up (Eduardo Gutierrez)\n* Move examples to docs (Ken Barber)\n* Add support for Arch Linux platform (Ingmar Steen)\n* Add match rule for fragments (Georg Koester)\n* Fix boolean rules being recognized as changed (Georg Koester)\n* Same rules now get deleted (Anastasis Andronidis)\n* Socket params test (Ken Barber)\n* Ensure parameter can disable firewall (Marc Tardif)\n\n---------------------------------------\n\n#### 0.2.1 - 2012/3/13\n\nThis maintenance release introduces the new README layout, and fixes a bug with iptables_persistent_version.\n\n##### Changes\n\n* (GH-139) Throw away STDERR from dpkg-query in Fact\n* Update README to be consistent with module documentation template\n* Fix failing spec tests due to dpkg change in iptables_persistent_version\n\n---------------------------------------\n\n#### 0.2.0 - 2012/3/3\n\nThis release introduces automatic persistence, removing the need for the previous manual dependency requirement for persistent the running rules to the OS persistence file.\n\nPreviously you would have required the following in your site.pp (or some other global location):\n\n # Always persist firewall rules\n exec { 'persist-firewall':\n command => $operatingsystem ? {\n 'debian' => '/sbin/iptables-save > /etc/iptables/rules.v4',\n /(RedHat|CentOS)/ => '/sbin/iptables-save > /etc/sysconfig/iptables',\n },\n refreshonly => true,\n }\n Firewall {\n notify => Exec['persist-firewall'],\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n }\n Firewallchain {\n notify => Exec['persist-firewall'],\n }\n resources { "firewall":\n purge => true\n }\n\nYou only need:\n\n class { 'firewall': }\n Firewall {\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n }\n\nTo install pre-requisites and to create dependencies on your pre & post rules. Consult the README for more information.\n\n##### Changes\n\n* Firewall class manifests (Dan Carley)\n* Firewall and firewallchain persistence (Dan Carley)\n* (GH-134) Autorequire iptables related packages (Dan Carley)\n* Typo in #persist_iptables OS normalisation (Dan Carley)\n* Tests for #persist_iptables (Dan Carley)\n* (GH-129) Replace errant return in autoreq block (Dan Carley)\n\n---------------------------------------\n\n#### 0.1.1 - 2012/2/28\n\nThis release primarily fixes changing parameters in 3.x\n\n##### Changes\n\n* (GH-128) Change method_missing usage to define_method for 3.x compatibility\n* Update travis.yml gem specifications to actually test 2.6\n* Change source in Gemfile to use a specific URL for Ruby 2.0.0 compatibility\n\n---------------------------------------\n\n#### 0.1.0 - 2012/2/24\n\nThis release is somewhat belated, so no summary as there are far too many changes this time around. Hopefully we won't fall this far behind again :-).\n\n##### Changes\n\n* Add support for MARK target and set-mark property (Johan Huysmans)\n* Fix broken call to super for ruby-1.9.2 in munge (Ken Barber)\n* simple fix of the error message for allowed values of the jump property (Daniel Black)\n* Adding OSPF(v3) protocol to puppetlabs-firewall (Arnoud Vermeer)\n* Display multi-value: port, sport, dport and state command seperated (Daniel Black)\n* Require jump=>LOG for log params (Daniel Black)\n* Reject and document icmp => "any" (Dan Carley)\n* add firewallchain type and iptables_chain provider (Daniel Black)\n* Various fixes for firewallchain resource (Ken Barber)\n* Modify firewallchain name to be chain:table:protocol (Ken Barber)\n* Fix allvalidchain iteration (Ken Barber)\n* Firewall autorequire Firewallchains (Dan Carley)\n* Tests and docstring for chain autorequire (Dan Carley)\n* Fix README so setup instructions actually work (Ken Barber)\n* Support vlan interfaces (interface containing ".") (Johan Huysmans)\n* Add tests for VLAN support for iniface/outiface (Ken Barber)\n* Add the table when deleting rules (Johan Huysmans)\n* Fix tests since we are now prefixing -t)\n* Changed 'jump' to 'action', commands to lower case (Jason Short)\n* Support interface names containing "+" (Simon Deziel)\n* Fix for when iptables-save spews out "FATAL" errors (Sharif Nassar)\n* Fix for incorrect limit command arguments for ip6tables provider (Michael Hsu)\n* Document Util::Firewall.host_to_ip (Dan Carley)\n* Nullify addresses with zero prefixlen (Dan Carley)\n* Add support for --tcp-flags (Thomas Vander Stichele)\n* Make tcp_flags support a feature (Ken Barber)\n* OUTPUT is a valid chain for the mangle table (Adam Gibbins)\n* Enable travis-ci support (Ken Barber)\n* Convert an existing test to CIDR (Dan Carley)\n* Normalise iptables-save to CIDR (Dan Carley)\n* be clearer about what distributions we support (Ken Barber)\n* add gre protocol to list of acceptable protocols (Jason Hancock)\n* Added pkttype property (Ashley Penney)\n* Fix mark to not repeat rules with iptables 1.4.1+ (Sharif Nassar)\n* Stub iptables_version for now so tests run on non-Linux hosts (Ken Barber)\n* Stub iptables facts for set_mark tests (Dan Carley)\n* Update formatting of README to meet Puppet Labs best practices (Will Hopper)\n* Support for ICMP6 type code resolutions (Dan Carley)\n* Insert order hash included chains from different tables (Ken Barber)\n* rspec 2.11 compatibility (Jonathan Boyett)\n* Add missing class declaration in README (sfozz)\n* array_matching is contraindicated (Sharif Nassar)\n* Convert port Fixnum into strings (Sharif Nassar)\n* Update test framework to the modern age (Ken Barber)\n* working with ip6tables support (wuwx)\n* Remove gemfile.lock and add to gitignore (William Van Hevelingen)\n* Update travis and gemfile to be like stdlib travis files (William Van Hevelingen)\n* Add support for -m socket option (Ken Barber)\n* Add support for single --sport and --dport parsing (Ken Barber)\n* Fix tests for Ruby 1.9.3 from 3e13bf3 (Dan Carley)\n* Mock Resolv.getaddress in #host_to_ip (Dan Carley)\n* Update docs for source and dest - they are not arrays (Ken Barber)\n\n---------------------------------------\n\n#### 0.0.4 - 2011/12/05\n\nThis release adds two new parameters, 'uid' and 'gid'. As a part of the owner module, these params allow you to specify a uid, username, gid, or group got a match:\n\n firewall { '497 match uid':\n port => '123',\n proto => 'mangle',\n chain => 'OUTPUT',\n action => 'drop'\n uid => '123'\n }\n\nThis release also adds value munging for the 'log_level', 'source', and 'destination' parameters. The 'source' and 'destination' now support hostnames:\n\n firewall { '498 accept from puppetlabs.com':\n port => '123',\n proto => 'tcp',\n source => 'puppetlabs.com',\n action => 'accept'\n }\n\n\nThe 'log_level' parameter now supports using log level names, such as 'warn', 'debug', and 'panic':\n\n firewall { '499 logging':\n port => '123',\n proto => 'udp',\n log_level => 'debug',\n action => 'drop'\n }\n\nAdditional changes include iptables and ip6tables version facts, general whitespace cleanup, and adding additional unit tests.\n\n##### Changes\n\n* (#10957) add iptables_version and ip6tables_version facts\n* (#11093) Improve log_level property so it converts names to numbers\n* (#10723) Munge hostnames and IPs to IPs with CIDR\n* (#10718) Add owner-match support\n* (#10997) Add fixtures for ipencap\n* (#11034) Whitespace cleanup\n* (#10690) add port property support to ip6tables\n\n---------------------------------------\n\n#### 0.0.3 - 2011/11/12\n\nThis release introduces a new parameter 'port' which allows you to set both\nsource and destination ports for a match:\n\n firewall { "500 allow NTP requests":\n port => "123",\n proto => "udp",\n action => "accept",\n }\n\nWe also have the limit parameter finally working:\n\n firewall { "500 limit HTTP requests":\n dport => 80,\n proto => tcp,\n limit => "60/sec",\n burst => 30,\n action => accept,\n }\n\nState ordering has been fixed now, and more characters are allowed in the\nnamevar:\n\n* Alphabetical\n* Numbers\n* Punctuation\n* Whitespace\n\n##### Changes\n\n* (#10693) Ensure -m limit is added for iptables when using 'limit' param\n* (#10690) Create new port property\n* (#10700) allow additional characters in comment string\n* (#9082) Sort iptables --state option values internally to keep it consistent across runs\n* (#10324) Remove extraneous whitespace from iptables rule line in spec tests\n\n---------------------------------------\n\n#### 0.0.2 - 2011/10/26\n\nThis is largely a maintanence and cleanup release, but includes the ability to\nspecify ranges of ports in the sport/dport parameter:\n\n firewall { "500 allow port range":\n dport => ["3000-3030","5000-5050"],\n sport => ["1024-65535"],\n action => "accept",\n }\n\n##### Changes\n\n* (#10295) Work around bug #4248 whereby the puppet/util paths are not being loaded correctly on the primary Puppet server\n* (#10002) Change to dport and sport to handle ranges, and fix handling of name to name to port\n* (#10263) Fix tests on Puppet 2.6.x\n* (#10163) Cleanup some of the inline documentation and README file to align with general forge usage\n\n---------------------------------------\n\n#### 0.0.1 - 2011/10/18\n\nInitial release.\n\n##### Changes\n\n* (#9362) Create action property and perform transformation for accept, drop, reject value for iptables jump parameter\n* (#10088) Provide a customised version of CONTRIBUTING.md\n* (#10026) Re-arrange provider and type spec files to align with Puppet\n* (#10026) Add aliases for test,specs,tests to Rakefile and provide -T as default\n* (#9439) fix parsing and deleting existing rules\n* (#9583) Fix provider detection for gentoo and unsupported linuxes for the iptables provider\n* (#9576) Stub provider so it works properly outside of Linux\n* (#9576) Align spec framework with Puppet core\n* and lots of other earlier development tasks ...\n</pre></section>",
|
|
908
908
|
"license": "<section class=\"plaintext\"><pre>Puppet Firewall Module - Puppet module for managing Firewalls\n\nCopyright (C) 2011-2013 Puppet Labs, Inc.\nCopyright (C) 2011 Jonathan Boyett\nCopyright (C) 2011 Media Temple, Inc.\n\nSome of the iptables code was taken from puppet-iptables which was:\n\nCopyright (C) 2011 Bob.sh Limited\nCopyright (C) 2008 Camptocamp Association\nCopyright (C) 2007 Dmitri Priimak\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n</pre></section>",
|
|
909
909
|
"created_at": "2013-09-10 13:27:07 -0700",
|
|
910
910
|
"updated_at": "2013-09-10 13:27:07 -0700",
|
|
@@ -1277,7 +1277,7 @@
|
|
|
1277
1277
|
"file_size": 85004,
|
|
1278
1278
|
"file_md5": "4036f35903264c9b6e3289455cfee225",
|
|
1279
1279
|
"downloads": 6389,
|
|
1280
|
-
"readme": "<section class=\"markdown\"><h1>apache</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-apache\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-apache.png?branch=master\" alt=\"Build Status\"></a></p>\n\n<h4>Table of Contents</h4>\n\n<ol>\n<li><a href=\"#overview\">Overview - What is the Apache module?</a></li>\n<li><a href=\"#module-description\">Module Description - What does the module do?</a></li>\n<li><a href=\"#setup\">Setup - The basics of getting started with Apache</a>\n\n<ul>\n<li><a href=\"#beginning-with-apache\">Beginning with Apache - Installation</a></li>\n<li><a href=\"#configure-a-virtual-host\">Configure a Virtual Host - Basic options for getting started</a></li>\n</ul></li>\n<li><a href=\"#usage\">Usage - The classes, defined types, and their parameters available for configuration</a>\n\n<ul>\n<li><a href=\"#classes-and-defined-types\">Classes and Defined Types</a>\n\n<ul>\n<li><a href=\"#class-apache\">Class: apache</a></li>\n<li><a href=\"#classes-apachemodname\">Classes: apache::mod::*</a></li>\n<li><a href=\"#defined-type-apachevhost\">Defined Type: apache::vhost</a></li>\n</ul></li>\n<li><a href=\"#virtual-host-examples\">Virtual Host Examples - Demonstrations of some configuration options</a></li>\n</ul></li>\n<li><a href=\"#implementation\">Implementation - An under-the-hood peek at what the module is doing</a>\n\n<ul>\n<li><a href=\"#classes-and-defined-types\">Classes and Defined Types</a></li>\n<li><a href=\"#templates\">Templates</a></li>\n</ul></li>\n<li><a href=\"#limitations\">Limitations - OS compatibility, etc.</a></li>\n<li><a href=\"#development\">Development - Guide for contributing to the module</a></li>\n<li><a href=\"#release-notes\">Release Notes - Notes on the most recent updates to the module</a></li>\n</ol>\n\n<h2>Overview</h2>\n\n<p>The Apache module allows you to set up virtual hosts and manage web services with minimal effort.</p>\n\n<h2>Module Description</h2>\n\n<p>Apache is a widely-used web server, and this module provides a simplified way of creating configurations to manage your infrastructure. This includes the ability to configure and manage a range of different virtual host setups, as well as a streamlined way to install and configure Apache modules.</p>\n\n<h2>Setup</h2>\n\n<p><strong>What Apache affects:</strong></p>\n\n<ul>\n<li>configuration files and directories (created and written to)\n\n<ul>\n<li><strong>NOTE</strong>: Configurations that are <em>not</em> managed by Puppet will be purged.</li>\n</ul></li>\n<li>package/service/configuration files for Apache</li>\n<li>Apache modules</li>\n<li>virtual hosts</li>\n<li>listened-to ports</li>\n<li><code>/etc/make.conf</code> on FreeBSD</li>\n</ul>\n\n<h3>Beginning with Apache</h3>\n\n<p>To install Apache with the default parameters</p>\n\n<pre lang=\"puppet\"><code> class { 'apache': }\n</code></pre>\n\n<p>The defaults are determined by your operating system (e.g. Debian systems have one set of defaults, RedHat systems have another). These defaults will work well in a testing environment, but are not suggested for production. To establish customized parameters</p>\n\n<pre lang=\"puppet\"><code> class { 'apache':\n default_mods => false,\n default_confd_files => false,\n }\n</code></pre>\n\n<h3>Configure a virtual host</h3>\n\n<p>Declaring the <code>apache</code> class will create a default virtual host by setting up a vhost on port 80, listening on all interfaces and serving <code>$apache::docroot</code>.</p>\n\n<pre lang=\"puppet\"><code> class { 'apache': }\n</code></pre>\n\n<p>To configure a very basic, name-based virtual host</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'first.example.com':\n port => '80',\n docroot => '/var/www/first',\n }\n</code></pre>\n\n<p><em>Note:</em> The default priority is 15. If nothing matches this priority, the alphabetically first name-based vhost will be used. This is also true if you pass a higher priority and no names match anything else.</p>\n\n<p>A slightly more complicated example, which moves the docroot owner/group</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'second.example.com':\n port => '80',\n docroot => '/var/www/second',\n docroot_owner => 'third',\n docroot_group => 'third',\n }\n</code></pre>\n\n<p>To set up a virtual host with SSL and default SSL certificates</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'ssl.example.com':\n port => '443',\n docroot => '/var/www/ssl',\n ssl => true,\n }\n</code></pre>\n\n<p>To set up a virtual host with SSL and specific SSL certificates</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'fourth.example.com':\n port => '443',\n docroot => '/var/www/fourth',\n ssl => true,\n ssl_cert => '/etc/ssl/fourth.example.com.cert',\n ssl_key => '/etc/ssl/fourth.example.com.key',\n }\n</code></pre>\n\n<p>To set up a virtual host with IP address different than '*'</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'subdomain.example.com':\n ip => '127.0.0.1',\n port => '80',\n docrout => '/var/www/subdomain',\n }\n</code></pre>\n\n<p>To set up a virtual host with wildcard alias for subdomain mapped to same named directory\n<code>http://examle.com.loc => /var/www/example.com</code></p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'subdomain.loc':\n vhost_name => '*',\n port => '80',\n virtual_docroot' => '/var/www/%-2+',\n docroot => '/var/www',\n serveraliases => ['*.loc',],\n }\n</code></pre>\n\n<p>To set up a virtual host with suPHP</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'suphp.example.com':\n port => '80',\n docroot => '/home/appuser/myphpapp',\n suphp_addhandler => 'x-httpd-php',\n suphp_engine => 'on',\n suphp_configpath => '/etc/php5/apache2',\n directories => { path => '/home/appuser/myphpapp',\n 'suphp' => { user => 'myappuser', group => 'myappgroup' },\n }\n }\n</code></pre>\n\n<p>To set up a virtual host with WSGI</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'wsgi.example.com':\n port => '80',\n docroot => '/var/www/pythonapp',\n wsgi_daemon_process => 'wsgi',\n wsgi_daemon_process_options =>\n { processes => '2', threads => '15', display-name => '%{GROUP}' },\n wsgi_process_group => 'wsgi',\n wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' },\n }\n</code></pre>\n\n<p>Starting 2.2.16, httpd supports <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_dir.html#fallbackresource\">FallbackResource</a> which is a simple replace for common RewriteRules:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'wordpress.example.com':\n port => '80',\n docroot => '/var/www/wordpress',\n fallbackresource => '/index.php',\n }\n</code></pre>\n\n<p>Please note that the <code>disabled</code> argument to FallbackResource is only supported since 2.2.24.</p>\n\n<p>To see a list of all virtual host parameters, <a href=\"#defined-type-apachevhost\">please go here</a>. To see an extensive list of virtual host examples <a href=\"#virtual-host-examples\">please look here</a>.</p>\n\n<h2>Usage</h2>\n\n<h3>Classes and Defined Types</h3>\n\n<p>This module modifies Apache configuration files and directories and will purge any configuration not managed by Puppet. Configuration of Apache should be managed by Puppet, as non-puppet configuration files can cause unexpected failures.</p>\n\n<p>It is possible to temporarily disable full Puppet management by setting the <code>purge_configs</code> parameter within the base <code>apache</code> class to 'false'. This option should only be used as a temporary means of saving and relocating customized configurations.</p>\n\n<h4>Class: <code>apache</code></h4>\n\n<p>The Apache module's primary class, <code>apache</code>, guides the basic setup of Apache on your system.</p>\n\n<p>You may establish a default vhost in this class, the <code>vhost</code> class, or both. You may add additional vhost configurations for specific virtual hosts using a declaration of the <code>vhost</code> type.</p>\n\n<p><strong>Parameters within <code>apache</code>:</strong></p>\n\n<h5><code>default_mods</code></h5>\n\n<p>Sets up Apache with default settings based on your OS. Defaults to 'true', set to 'false' for customized configuration.</p>\n\n<h5><code>default_vhost</code></h5>\n\n<p>Sets up a default virtual host. Defaults to 'true', set to 'false' to set up <a href=\"#configure-a-virtual-host\">customized virtual hosts</a>.</p>\n\n<h5><code>default_confd_files</code></h5>\n\n<p>Generates default set of include-able apache configuration files under <code>${apache::confd_dir}</code> directory. These configuration files correspond to what is usually installed with apache package on given platform.</p>\n\n<h5><code>default_ssl_vhost</code></h5>\n\n<p>Sets up a default SSL virtual host. Defaults to 'false'.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'default-ssl':\n port => 443,\n ssl => true,\n docroot => $docroot,\n scriptalias => $scriptalias,\n serveradmin => $serveradmin,\n access_log_file => "ssl_${access_log_file}",\n }\n</code></pre>\n\n<p>SSL vhosts only respond to HTTPS queries.</p>\n\n<h5><code>default_ssl_cert</code></h5>\n\n<p>The default SSL certification, which is automatically set based on your operating system (<code>/etc/pki/tls/certs/localhost.crt</code> for RedHat, <code>/etc/ssl/certs/ssl-cert-snakeoil.pem</code> for Debian, <code>/usr/local/etc/apache22/server.crt</code> for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_key</code></h5>\n\n<p>The default SSL key, which is automatically set based on your operating system (<code>/etc/pki/tls/private/localhost.key</code> for RedHat, <code>/etc/ssl/private/ssl-cert-snakeoil.key</code> for Debian, <code>/usr/local/etc/apache22/server.key</code> for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_chain</code></h5>\n\n<p>The default SSL chain, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_ca</code></h5>\n\n<p>The default certificate authority, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_crl_path</code></h5>\n\n<p>The default certificate revocation list path, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_crl</code></h5>\n\n<p>The default certificate revocation list to use, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>service_name</code></h5>\n\n<p>Name of apache service to run. Defaults to: <code>'httpd'</code> on RedHat, <code>'apache2'</code> on Debian, and <code>'apache22'</code> on FreeBSD.</p>\n\n<h5><code>service_enable</code></h5>\n\n<p>Determines whether the 'httpd' service is enabled when the machine is booted. Defaults to 'true'.</p>\n\n<h5><code>service_ensure</code></h5>\n\n<p>Determines whether the service should be running. Can be set to 'undef' which is useful when you want to let the service be managed by some other application like pacemaker. Defaults to 'running'.</p>\n\n<h5><code>purge_configs</code></h5>\n\n<p>Removes all other apache configs and vhosts, which is automatically set to true. Setting this to false is a stopgap measure to allow the apache module to coexist with existing or otherwise managed configuration. It is recommended that you move your configuration entirely to resources within this module.</p>\n\n<h5><code>serveradmin</code></h5>\n\n<p>Sets the server administrator. Defaults to 'root@localhost'.</p>\n\n<h5><code>servername</code></h5>\n\n<p>Sets the servername. Defaults to fqdn provided by facter.</p>\n\n<h5><code>server_root</code></h5>\n\n<p>A value to be set as <code>ServerRoot</code> in main configuration file (<code>httpd.conf</code>). Defaults to <code>/etc/httpd</code> on RedHat, <code>/etc/apache2</code> on Debian and <code>/usr/local</code> on FreeBSD.</p>\n\n<h5><code>sendfile</code></h5>\n\n<p>Makes Apache use the Linux kernel 'sendfile' to serve static files. Defaults to 'On'.</p>\n\n<h5><code>server_root</code></h5>\n\n<p>A value to be set as <code>ServerRoot</code> in main configuration file (<code>httpd.conf</code>). Defaults to <code>/etc/httpd</code> on RedHat and <code>/etc/apache2</code> on Debian.</p>\n\n<h5><code>error_documents</code></h5>\n\n<p>Enables custom error documents. Defaults to 'false'.</p>\n\n<h5><code>httpd_dir</code></h5>\n\n<p>Changes the base location of the configuration directories used for the service. This is useful for specially repackaged HTTPD builds but may have unintended consequences when used in combination with the default distribution packages. Default is based on your OS.</p>\n\n<h5><code>confd_dir</code></h5>\n\n<p>Changes the location of the configuration directory your custom configuration files are placed in. Default is based on your OS.</p>\n\n<h5><code>vhost_dir</code></h5>\n\n<p>Changes the location of the configuration directory your virtual host configuration files are placed in. Default is based on your OS.</p>\n\n<h5><code>mod_dir</code></h5>\n\n<p>Changes the location of the configuration directory your Apache modules configuration files are placed in. Default is based on your OS.</p>\n\n<h5><code>mpm_module</code></h5>\n\n<p>Configures which mpm module is loaded and configured for the httpd process by the <code>apache::mod::event</code>, <code>apache::mod::itk</code>, <code>apache::mod::peruser</code>, <code>apache::mod::prefork</code> and <code>apache::mod::worker</code> classes. Must be set to <code>false</code> to explicitly declare <code>apache::mod::event</code>, <code>apache::mod::itk</code>, <code>apache::mod::peruser</code>, <code>apache::mod::prefork</code> or <code>apache::mod::worker</code> classes with parameters. All possible values are <code>event</code>, <code>itk</code>, <code>peruser</code>, <code>prefork</code>, <code>worker</code> (valid values depend on agent's OS), or the boolean <code>false</code>. Defaults to <code>prefork</code> on RedHat and FreeBSD and <code>worker</code> on Debian. Note: on FreeBSD switching between different mpm modules is quite difficult (but possible). Before changing <code>$mpm_module</code> one has to deinstall all packages that depend on currently installed <code>apache</code>.</p>\n\n<h5><code>conf_template</code></h5>\n\n<p>Setting this allows you to override the template used for the main apache configuration file. This is a potentially risky thing to do as this module has been built around the concept of a minimal configuration file with most of the configuration coming in the form of conf.d/ entries. Defaults to 'apache/httpd.conf.erb'.</p>\n\n<h5><code>keepalive</code></h5>\n\n<p>Setting this allows you to enable persistent connections.</p>\n\n<h5><code>keepalive_timeout</code></h5>\n\n<p>Amount of time the server will wait for subsequent requests on a persistent connection. Defaults to '15'.</p>\n\n<h5><code>logroot</code></h5>\n\n<p>Changes the location of the directory Apache log files are placed in. Defaut is based on your OS.</p>\n\n<h5><code>log_level</code></h5>\n\n<p>Changes the verbosity level of the error log. Defaults to 'warn'. Valid values are <code>emerg</code>, <code>alert</code>, <code>crit</code>, <code>error</code>, <code>warn</code>, <code>notice</code>, <code>info</code> or <code>debug</code>.</p>\n\n<h5><code>ports_file</code></h5>\n\n<p>Changes the name of the file containing Apache ports configuration. Default is <code>${conf_dir}/ports.conf</code>.</p>\n\n<h5><code>server_tokens</code></h5>\n\n<p>Controls how much information Apache sends to the browser about itself and the operating system. See Apache documentation for 'ServerTokens'. Defaults to 'OS'.</p>\n\n<h5><code>server_signature</code></h5>\n\n<p>Allows the configuration of a trailing footer line under server-generated documents. See Apache documentation for 'ServerSignature'. Defaults to 'On'.</p>\n\n<h5><code>trace_enable</code></h5>\n\n<p>Controls, how TRACE requests per RFC 2616 are handled. See Apache documentation for 'TraceEnable'. Defaults to 'On'.</p>\n\n<h5><code>manage_user</code></h5>\n\n<p>Setting this to false will avoid the user resource to be created by this module. This is useful when you already have a user created in another puppet module and that you want to used it to run apache. Without this, it would result in a duplicate resource error.</p>\n\n<h5><code>manage_group</code></h5>\n\n<p>Setting this to false will avoid the group resource to be created by this module. This is useful when you already have a group created in another puppet module and that you want to used it for apache. Without this, it would result in a duplicate resource error.</p>\n\n<h5><code>package_ensure</code></h5>\n\n<p>Allow control over the package ensure statement. This is useful if you want to make sure apache is always at the latest version or whether it is only installed.</p>\n\n<h4>Class: <code>apache::default_mods</code></h4>\n\n<p>Installs default Apache modules based on what OS you are running</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::default_mods': }\n</code></pre>\n\n<h4>Defined Type: <code>apache::mod</code></h4>\n\n<p>Used to enable arbitrary Apache httpd modules for which there is no specific <code>apache::mod::[name]</code> class. The <code>apache::mod</code> defined type will also install the required packages to enable the module, if any.</p>\n\n<pre lang=\"puppet\"><code> apache::mod { 'rewrite': }\n apache::mod { 'ldap': }\n</code></pre>\n\n<h4>Classes: <code>apache::mod::[name]</code></h4>\n\n<p>There are many <code>apache::mod::[name]</code> classes within this module that can be declared using <code>include</code>:</p>\n\n<ul>\n<li><code>alias</code></li>\n<li><code>auth_basic</code></li>\n<li><code>auth_kerb</code></li>\n<li><code>autoindex</code></li>\n<li><code>cache</code></li>\n<li><code>cgi</code></li>\n<li><code>cgid</code></li>\n<li><code>dav</code></li>\n<li><code>dav_fs</code></li>\n<li><code>dav_svn</code></li>\n<li><code>deflate</code></li>\n<li><code>dev</code></li>\n<li><code>dir</code>*</li>\n<li><code>disk_cache</code></li>\n<li><code>event</code></li>\n<li><code>fastcgi</code></li>\n<li><code>fcgid</code></li>\n<li><code>headers</code></li>\n<li><code>info</code></li>\n<li><code>itk</code></li>\n<li><code>ldap</code></li>\n<li><code>mime</code></li>\n<li><code>mime_magic</code>*</li>\n<li><code>mpm_event</code></li>\n<li><code>negotiation</code></li>\n<li><code>nss</code>*</li>\n<li><code>passenger</code>*</li>\n<li><code>perl</code></li>\n<li><code>peruser</code></li>\n<li><code>php</code> (requires <a href=\"#mpm_module\"><code>mpm_module</code></a> set to <code>prefork</code>)</li>\n<li><code>prefork</code>*</li>\n<li><code>proxy</code>*</li>\n<li><code>proxy_ajp</code></li>\n<li><code>proxy_html</code></li>\n<li><code>proxy_http</code></li>\n<li><code>python</code></li>\n<li><code>reqtimeout</code></li>\n<li><code>rewrite</code></li>\n<li><code>rpaf</code>*</li>\n<li><code>setenvif</code></li>\n<li><code>ssl</code>* (see <a href=\"#class-apachemodssl\">apache::mod::ssl</a> below)</li>\n<li><code>status</code>*</li>\n<li><code>suphp</code></li>\n<li><code>userdir</code>*</li>\n<li><code>vhost_alias</code></li>\n<li><code>worker</code>*</li>\n<li><code>wsgi</code> (see <a href=\"#class-apachemodwsgi\">apache::mod::wsgi</a> below)</li>\n<li><code>xsendfile</code></li>\n</ul>\n\n<p>Modules noted with a * indicate that the module has settings and, thus, a template that includes parameters. These parameters control the module's configuration. Most of the time, these parameters will not require any configuration or attention.</p>\n\n<p>The modules mentioned above, and other Apache modules that have templates, will cause template files to be dropped along with the mod install, and the module will not work without the template. Any mod without a template will install package but drop no files.</p>\n\n<h4>Class: <code>apache::mod::ssl</code></h4>\n\n<p>Installs Apache SSL capabilities and utilizes <code>ssl.conf.erb</code> template. These are the defaults:</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::mod::ssl':\n ssl_compression => false,\n ssl_options => [ 'StdEnvVars' ],\n }\n</code></pre>\n\n<p>To <em>use</em> SSL with a virtual host, you must either set the<code>default_ssl_vhost</code> parameter in <code>apache</code> to 'true' or set the <code>ssl</code> parameter in <code>apache::vhost</code> to 'true'.</p>\n\n<h4>Class: <code>apache::mod::wsgi</code></h4>\n\n<pre lang=\"puppet\"><code> class { 'apache::mod::wsgi':\n wsgi_socket_prefix => "\\${APACHE_RUN_DIR}WSGI",\n wsgi_python_home => '/path/to/virtenv',\n wsgi_python_path => '/path/to/virtenv/site-packages',\n }\n</code></pre>\n\n<h4>Defined Type: <code>apache::vhost</code></h4>\n\n<p>The Apache module allows a lot of flexibility in the set up and configuration of virtual hosts. This flexibility is due, in part, to <code>vhost</code>'s setup as a defined resource type, which allows it to be evaluated multiple times with different parameters.</p>\n\n<p>The <code>vhost</code> defined type allows you to have specialized configurations for virtual hosts that have requirements outside of the defaults. You can set up a default vhost within the base <code>apache</code> class as well as set a customized vhost setup as default. Your customized vhost (priority 10) will be privileged over the base class vhost (15).</p>\n\n<p>If you have a series of specific configurations and do not want a base <code>apache</code> class default vhost, make sure to set the base class default host to 'false'.</p>\n\n<pre lang=\"puppet\"><code> class { 'apache':\n default_vhost => false,\n }\n</code></pre>\n\n<p><strong>Parameters within <code>apache::vhost</code>:</strong></p>\n\n<p>The default values for each parameter will vary based on operating system and type of virtual host.</p>\n\n<h5><code>access_log</code></h5>\n\n<p>Specifies whether <code>*_access.log</code> directives should be configured. Valid values are 'true' and 'false'. Defaults to 'true'.</p>\n\n<h5><code>access_log_file</code></h5>\n\n<p>Points to the <code>*_access.log</code> file. Defaults to 'undef'.</p>\n\n<h5><code>access_log_pipe</code></h5>\n\n<p>Specifies a pipe to send access log messages to. Defaults to 'undef'.</p>\n\n<h5><code>access_log_syslog</code></h5>\n\n<p>Sends all access log messages to syslog. Defaults to 'undef'.</p>\n\n<h5><code>access_log_format</code></h5>\n\n<p>Specifies either a LogFormat nickname or custom format string for access log. Defaults to 'undef'.</p>\n\n<h5><code>add_listen</code></h5>\n\n<p>Determines whether the vhost creates a listen statement. The default value is 'true'.</p>\n\n<p>Setting <code>add_listen</code> to 'false' stops the vhost from creating a listen statement, and this is important when you combine vhosts that are not passed an <code>ip</code> parameter with vhosts that <em>are</em> passed the <code>ip</code> parameter.</p>\n\n<h5><code>aliases</code></h5>\n\n<p>Passes a list of hashes to the vhost to create <code>Alias</code> or <code>AliasMatch</code> statements as per the <a href=\"http://httpd.apache.org/docs/current/mod/mod_alias.html\"><code>mod_alias</code> documentation</a>. Each hash is expected to be of the form:</p>\n\n<pre><code>aliases => [\n { aliasmatch => '^/image/(.*)\\.jpg$', path => '/files/jpg.images/$1.jpg' }\n { alias => '/image', path => '/ftp/pub/image' },\n],\n</code></pre>\n\n<p>For <code>Alias</code> and <code>AliasMatch</code> to work, each will need a corresponding <code><Directory /path/to/directory></code> or <code><Location /path/to/directory></code> block. The <code>Alias</code> and <code>AliasMatch</code> directives are created in the order specified in the <code>aliases</code> paramter. As described in the <a href=\"http://httpd.apache.org/docs/current/mod/mod_alias.html\"><code>mod_alias</code> documentation</a> more specific <code>Alias</code> or <code>AliasMatch</code> directives should come before the more general ones to avoid shadowing.</p>\n\n<p><strong>Note:</strong> If <code>apache::mod::passenger</code> is loaded and <code>PassengerHighPerformance true</code> is set, then <code>Alias</code> may have issues honouring the <code>PassengerEnabled off</code> statement. See <a href=\"http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html\">this article</a> for details.</p>\n\n<h5><code>block</code></h5>\n\n<p>Specifies the list of things Apache will block access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories. To add to this, please see the <a href=\"#development\">Development</a> section.</p>\n\n<h5><code>custom_fragment</code></h5>\n\n<p>Pass a string of custom configuration directives to be placed at the end of the vhost configuration.</p>\n\n<h5><code>default_vhost</code></h5>\n\n<p>Sets a given <code>apache::vhost</code> as the default to serve requests that do not match any other <code>apache::vhost</code> definitions. The default value is 'false'.</p>\n\n<h5><code>directories</code></h5>\n\n<p>Passes a list of hashes to the vhost to create <code><Directory /path/to/directory>...</Directory></code> directive blocks as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/core.html#directory\">Apache core documentation</a>. The <code>path</code> key is required in these hashes. An optional <code>provider</code> defaults to <code>directory</code>. Usage will typically look like:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', <directive> => <value> },\n { path => '/path/to/another/directory', <directive> => <value> },\n ],\n }\n</code></pre>\n\n<p><em>Note:</em> At least one directory should match <code>docroot</code> parameter, once you start declaring directories <code>apache::vhost</code> assumes that all required <code><Directory></code> blocks will be declared.</p>\n\n<p><em>Note:</em> If not defined a single default <code><Directory></code> block will be created that matches the <code>docroot</code> parameter.</p>\n\n<p><code>provider</code> can be set to any of <code>directory</code>, <code>files</code>, or <code>location</code>. If the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#files\">pathspec starts with a <code>~</code></a>, httpd will interpret this as the equivalent of <code>DirectoryMatch</code>, <code>FilesMatch</code>, or <code>LocationMatch</code>, respectively.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'files.example.net':\n docroot => '/var/www/files',\n directories => [\n { path => '~ (\\.swp|\\.bak|~)$', 'provider' => 'files', 'deny' => 'from all' },\n ],\n }\n</code></pre>\n\n<p>The directives will be embedded within the <code>Directory</code> (<code>Files</code>, or <code>Location</code>) directive block, missing directives should be undefined and not be added, resulting in their default vaules in Apache. Currently this is the list of supported directives:</p>\n\n<h6><code>addhandlers</code></h6>\n\n<p>Sets <code>AddHandler</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_mime.html#addhandler\">Apache Core documentation</a>. Accepts a list of hashes of the form <code>{ handler => 'handler-name', extensions => ['extension']}</code>. Note that <code>extensions</code> is a list of extenstions being handled by the handler.\nAn example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory',\n addhandlers => [ { handler => 'cgi-script', extensions => ['.cgi']} ],\n } ],\n }\n</code></pre>\n\n<h6><code>allow</code></h6>\n\n<p>Sets an <code>Allow</code> directive as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow\">Apache Core documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', allow => 'from example.org' } ],\n }\n</code></pre>\n\n<h6><code>allow_override</code></h6>\n\n<p>Sets the usage of <code>.htaccess</code> files as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride\">Apache core documentation</a>. Should accept in the form of a list or a string. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', allow_override => ['AuthConfig', 'Indexes'] } ],\n }\n</code></pre>\n\n<h6><code>deny</code></h6>\n\n<p>Sets an <code>Deny</code> directive as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny\">Apache Core documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', deny => 'from example.org' } ],\n }\n</code></pre>\n\n<h6><code>error_documents</code></h6>\n\n<p>A list of hashes which can be used to override the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#errordocument\">ErrorDocument</a> settings for this directory. Example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n directories => [ { path => '/srv/www'\n error_documents => [\n { 'error_code' => '503', 'document' => '/service-unavail' },\n ],\n }]\n }\n</code></pre>\n\n<h6><code>headers</code></h6>\n\n<p>Adds lines for <code>Header</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header\">Apache Header documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => {\n path => '/path/to/directory',\n headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',\n },\n }\n</code></pre>\n\n<h6><code>options</code></h6>\n\n<p>Lists the options for the given <code><Directory></code> block</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'] }],\n }\n</code></pre>\n\n<h6><code>index_options</code></h6>\n\n<p>Styles the list</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'], index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'] }],\n }\n</code></pre>\n\n<h6><code>index_order_default</code></h6>\n\n<p>Sets the order of the list </p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', order => 'Allow,Deny', index_order_default => ['Descending', 'Date']}, ],\n }\n</code></pre>\n\n<h6><code>order</code></h6>\n\n<p>Sets the order of processing <code>Allow</code> and <code>Deny</code> statements as per <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order\">Apache core documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', order => 'Allow,Deny' } ],\n }\n</code></pre>\n\n<h6><code>auth_type</code></h6>\n\n<p>Sets the value for <code>AuthType</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#authtype\">Apache AuthType\ndocumentation</a>.</p>\n\n<h6><code>auth_name</code></h6>\n\n<p>Sets the value for <code>AuthName</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#authname\">Apache AuthName\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_algorithm</code></h6>\n\n<p>Sets the value for <code>AuthDigestAlgorithm</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestalgorithm\">Apache\nAuthDigestAlgorithm\ndocumentation</a></p>\n\n<h6><code>auth_digest_domain</code></h6>\n\n<p>Sets the value for <code>AuthDigestDomain</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestdomain\">Apache AuthDigestDomain\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_nonce_lifetime</code></h6>\n\n<p>Sets the value for <code>AuthDigestNonceLifetime</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestnoncelifetime\">Apache\nAuthDigestNonceLifetime\ndocumentation</a></p>\n\n<h6><code>auth_digest_provider</code></h6>\n\n<p>Sets the value for <code>AuthDigestProvider</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestprovider\">Apache AuthDigestProvider\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_qop</code></h6>\n\n<p>Sets the value for <code>AuthDigestQop</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestqop\">Apache AuthDigestQop\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_shmem_size</code></h6>\n\n<p>Sets the value for <code>AuthAuthDigestShmemSize</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestshmemsize\">Apache AuthDigestShmemSize\ndocumentation</a>.</p>\n\n<h6><code>auth_basic_authoritative</code></h6>\n\n<p>Sets the value for <code>AuthBasicAuthoritative</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicauthoritative\">Apache\nAuthBasicAuthoritative\ndocumentation</a>.</p>\n\n<h6><code>auth_basic_fake</code></h6>\n\n<p>Sets the value for <code>AuthBasicFake</code> as per the <a href=\"https://httpd.apache.org/docs/trunk/mod/mod_auth_basic.html#authbasicfake\">Apache AuthBasicFake\ndocumentation</a>.</p>\n\n<h6><code>auth_basic_provider</code></h6>\n\n<p>Sets the value for <code>AuthBasicProvider</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicprovider\">Apache AuthBasicProvider\ndocumentation</a>.</p>\n\n<h6><code>auth_user_file</code></h6>\n\n<p>Sets the value for <code>AuthUserFile</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_authn_file.html#authuserfile\">Apache AuthUserFile\ndocumentation</a>.</p>\n\n<h6><code>auth_require</code></h6>\n\n<p>Sets the value for <code>AuthName</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#require\">Apache Require\ndocumentation</a></p>\n\n<h6><code>passenger_enabled</code></h6>\n\n<p>Sets the value for the <code>PassengerEnabled</code> directory to <code>on</code> or <code>off</code> as per the <a href=\"http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled\">Passenger documentation</a>.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', passenger_enabled => 'off' } ],\n }\n</code></pre>\n\n<p><strong>Note:</strong> This directive requires <code>apache::mod::passenger</code> to be active, Apache may not start with an unrecognised directive without it.</p>\n\n<p><strong>Note:</strong> Be aware that there is an <a href=\"http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html\">issue</a> using the <code>PassengerEnabled</code> directive with the <code>PassengerHighPerformance</code> directive.</p>\n\n<h6><code>ssl_options</code></h6>\n\n<p>String or list of <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions\"><code>SSLOptions</code></a> for the given <code><Directory></code> block. This overrides, or refines the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions\"><code>SSLOptions</code></a> of the parent block (either vhost, or server).</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'secure.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', ssl_options => '+ExportCertData' }\n { path => '/path/to/different/dir', ssl_options => [ '-StdEnvVars', '+ExportCertData'] },\n ],\n }\n</code></pre>\n\n<h6><code>suphp</code></h6>\n\n<p>An array containing two values: User and group for the <a href=\"http://www.suphp.org/DocumentationView.html?file=apache/CONFIG\">suPHP_UserGroup</a> setting.\nThis directive must be used with <code>suphp_engine => on</code> in the vhost declaration. This directive only works in <code><Directory></code> or <code><Location></code>.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'secure.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', suphp => { user => 'myappuser', group => 'myappgroup' }\n ],\n }\n</code></pre>\n\n<h6><code>custom_fragment</code></h6>\n\n<p>Pass a string of custom configuration directives to be placed at the end of the\ndirectory configuration.</p>\n\n<h5><code>directoryindex</code></h5>\n\n<p>Set a DirectoryIndex directive, to set the list of resources to look for, when the client requests an index of the directory by specifying a / at the end of the directory name..</p>\n\n<h5><code>docroot</code></h5>\n\n<p>Provides the DocumentRoot directive, identifying the directory Apache serves files from.</p>\n\n<h5><code>docroot_group</code></h5>\n\n<p>Sets group access to the docroot directory. Defaults to 'root'.</p>\n\n<h5><code>docroot_owner</code></h5>\n\n<p>Sets individual user access to the docroot directory. Defaults to 'root'.</p>\n\n<h5><code>error_log</code></h5>\n\n<p>Specifies whether <code>*_error.log</code> directives should be configured. Defaults to 'true'.</p>\n\n<h5><code>error_log_file</code></h5>\n\n<p>Points to the <code>*_error.log</code> file. Defaults to 'undef'.</p>\n\n<h5><code>error_log_pipe</code></h5>\n\n<p>Specifies a pipe to send error log messages to. Defaults to 'undef'.</p>\n\n<h5><code>error_log_syslog</code></h5>\n\n<p>Sends all error log messages to syslog. Defaults to 'undef'.</p>\n\n<h5><code>error_documents</code></h5>\n\n<p>A list of hashes which can be used to override the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#errordocument\">ErrorDocument</a> settings for this vhost. Defaults to <code>[]</code>. Example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n error_documents => [\n { 'error_code' => '503', 'document' => '/service-unavail' },\n { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' },\n ],\n }\n</code></pre>\n\n<h5><code>ensure</code></h5>\n\n<p>Specifies if the vhost file is present or absent.</p>\n\n<h5><code>fastcgi_server</code></h5>\n\n<p>Specifies the filename as an external FastCGI application. Defaults to 'undef'.</p>\n\n<h5><code>fastcgi_socket</code></h5>\n\n<p>Filename used to communicate with the web server. Defaults to 'undef'.</p>\n\n<h5><code>fastcgi_dir</code></h5>\n\n<p>Directory to enable for FastCGI. Defaults to 'undef'.</p>\n\n<h5><code>additional_includes</code></h5>\n\n<p>Specifies paths to additional static vhost-specific Apache configuration files.\nThis option is useful when you need to implement a unique and/or custom\nconfiguration not supported by this module.</p>\n\n<h5><code>ip</code></h5>\n\n<p>The IP address the vhost listens on. Defaults to 'undef'.</p>\n\n<h5><code>ip_based</code></h5>\n\n<p>Enables an IP-based vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'.</p>\n\n<h5><code>logroot</code></h5>\n\n<p>Specifies the location of the virtual host's logfiles. Defaults to <code>/var/log/<apache log location>/</code>.</p>\n\n<h5><code>log_level</code></h5>\n\n<p>Specifies the verbosity level of the error log. Defaults to <code>warn</code> for the global server configuration and can be overridden on a per-vhost basis using this parameter. Valid value for <code>log_level</code> is one of <code>emerg</code>, <code>alert</code>, <code>crit</code>, <code>error</code>, <code>warn</code>, <code>notice</code>, <code>info</code> or <code>debug</code>.</p>\n\n<h5><code>no_proxy_uris</code></h5>\n\n<p>Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with <code>proxy_dest</code>.</p>\n\n<h5><code>options</code></h5>\n\n<p>Lists the options for the given virtual host</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n options => ['Indexes','FollowSymLinks','MultiViews'],\n }\n</code></pre>\n\n<h5><code>override</code></h5>\n\n<p>Sets the overrides for the given virtual host. Accepts an array of AllowOverride arguments.</p>\n\n<h5><code>port</code></h5>\n\n<p>Sets the port the host is configured on.</p>\n\n<h5><code>priority</code></h5>\n\n<p>Sets the relative load-order for Apache httpd VirtualHost configuration files. Defaults to '25'.</p>\n\n<p>If nothing matches the priority, the first name-based vhost will be used. Likewise, passing a higher priority will cause the alphabetically first name-based vhost to be used if no other names match.</p>\n\n<p><em>Note</em>: You should not need to use this parameter. However, if you do use it, be aware that the <code>default_vhost</code> parameter for <code>apache::vhost</code> passes a priority of '15'.</p>\n\n<h5><code>proxy_dest</code></h5>\n\n<p>Specifies the destination address of a proxypass configuration. Defaults to 'undef'.</p>\n\n<h5><code>proxy_pass</code></h5>\n\n<p>Specifies an array of path => uri for a proxypass configuration. Defaults to 'undef'.</p>\n\n<p>Example:</p>\n\n<pre lang=\"puppet\"><code>$proxy_pass = [\n { 'path' => '/a', 'url' => 'http://backend-a/' },\n { 'path' => '/b', 'url' => 'http://backend-b/' },\n { 'path' => '/c', 'url' => 'http://backend-a/c' }\n]\n\napache::vhost { 'site.name.fdqn':\n …\n proxy_pass => $proxy_pass,\n}\n</code></pre>\n\n<h5><code>rack_base_uris</code></h5>\n\n<p>Specifies the resource identifiers for a rack configuration. The file paths specified will be listed as rack application roots for passenger/rack in the <code>_rack.erb</code> template. Defaults to 'undef'.</p>\n\n<h5><code>redirect_dest</code></h5>\n\n<p>Specifies the address to redirect to. Defaults to 'undef'.</p>\n\n<h5><code>redirect_source</code></h5>\n\n<p>Specifies the source items? that will redirect to the destination specified in <code>redirect_dest</code>. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n redirect_source => ['/images','/downloads'],\n redirect_dest => ['http://img.example.com/','http://downloads.example.com/'],\n }\n</code></pre>\n\n<h5><code>redirect_status</code></h5>\n\n<p>Specifies the status to append to the redirect. Defaults to 'undef'.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n redirect_status => ['temp','permanent'],\n }\n</code></pre>\n\n<h5><code>request_headers</code></h5>\n\n<p>Specifies additional request headers.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n request_headers => [\n 'append MirrorID "mirror 12"',\n 'unset MirrorID',\n ],\n }\n</code></pre>\n\n<h5><code>rewrite_base</code></h5>\n\n<p>Limits the <code>rewrite_rule</code> to the specified base URL. Defaults to 'undef'.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n rewrite_rule => '^index\\.html$ welcome.html',\n rewrite_base => '/blog/',\n }\n</code></pre>\n\n<p>The above example would limit the index.html -> welcome.html rewrite to only something inside of <a href=\"http://example.com/blog/\">http://example.com/blog/</a>.</p>\n\n<h5><code>rewrite_cond</code></h5>\n\n<p>Rewrites a URL via <code>rewrite_rule</code> based on the truth of specified conditions. For example</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n rewrite_cond => '%{HTTP_USER_AGENT} ^MSIE',\n }\n</code></pre>\n\n<p>will rewrite URLs only if the visitor is using IE. Defaults to 'undef'.</p>\n\n<p><em>Note</em>: At the moment, each vhost is limited to a single list of rewrite conditions. In the future, you will be able to specify multiple <code>rewrite_cond</code> and <code>rewrite_rules</code> per vhost, so that different conditions get different rewrites.</p>\n\n<h5><code>rewrite_rule</code></h5>\n\n<p>Creates URL rewrite rules. Defaults to 'undef'. This parameter allows you to specify, for example, that anyone trying to access index.html will be served welcome.html.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n rewrite_rule => '^index\\.html$ welcome.html',\n }\n</code></pre>\n\n<h5><code>scriptalias</code></h5>\n\n<p>Defines a directory of CGI scripts to be aliased to the path '/cgi-bin'</p>\n\n<h5><code>scriptaliases</code></h5>\n\n<p>Passes a list of hashes to the vhost to create <code>ScriptAlias</code> or <code>ScriptAliasMatch</code> statements as per the <a href=\"http://httpd.apache.org/docs/current/mod/mod_alias.html\"><code>mod_alias</code> documentation</a>. Each hash is expected to be of the form:</p>\n\n<pre lang=\"puppet\"><code> scriptaliases => [\n {\n alias => '/myscript',\n path => '/usr/share/myscript',\n },\n {\n aliasmatch => '^/foo(.*)',\n path => '/usr/share/fooscripts$1',\n },\n {\n aliasmatch => '^/bar/(.*)',\n path => '/usr/share/bar/wrapper.sh/$1',\n },\n {\n alias => '/neatscript',\n path => '/usr/share/neatscript',\n },\n ]\n</code></pre>\n\n<p>These directives are created in the order specified. As with <code>Alias</code> and <code>AliasMatch</code> directives the more specific aliases should come before the more general ones to avoid shadowing.</p>\n\n<h5><code>serveradmin</code></h5>\n\n<p>Specifies the email address Apache will display when it renders one of its error pages.</p>\n\n<h5><code>serveraliases</code></h5>\n\n<p>Sets the server aliases of the site.</p>\n\n<h5><code>servername</code></h5>\n\n<p>Sets the primary name of the virtual host.</p>\n\n<h5><code>setenv</code></h5>\n\n<p>Used by HTTPD to set environment variables for vhosts. Defaults to '[]'.</p>\n\n<h5><code>setenvif</code></h5>\n\n<p>Used by HTTPD to conditionally set environment variables for vhosts. Defaults to '[]'.</p>\n\n<h5><code>ssl</code></h5>\n\n<p>Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'.</p>\n\n<h5><code>ssl_ca</code></h5>\n\n<p>Specifies the certificate authority.</p>\n\n<h5><code>ssl_cert</code></h5>\n\n<p>Specifies the SSL certification.</p>\n\n<h5><code>ssl_protocol</code></h5>\n\n<p>Specifies the SSL Protocol (SSLProtocol).</p>\n\n<h5><code>ssl_cipher</code></h5>\n\n<p>Specifies the SSLCipherSuite.</p>\n\n<h5><code>ssl_honorcipherorder</code></h5>\n\n<p>Sets SSLHonorCipherOrder directive, used to prefer the server's cipher preference order</p>\n\n<h5><code>ssl_certs_dir</code></h5>\n\n<p>Specifies the location of the SSL certification directory. Defaults to <code>/etc/ssl/certs</code> on Debian and <code>/etc/pki/tls/certs</code> on RedHat.</p>\n\n<h5><code>ssl_chain</code></h5>\n\n<p>Specifies the SSL chain.</p>\n\n<h5><code>ssl_crl</code></h5>\n\n<p>Specifies the certificate revocation list to use.</p>\n\n<h5><code>ssl_crl_path</code></h5>\n\n<p>Specifies the location of the certificate revocation list.</p>\n\n<h5><code>ssl_key</code></h5>\n\n<p>Specifies the SSL key.</p>\n\n<h5><code>ssl_verify_client</code></h5>\n\n<p>Sets <code>SSLVerifyClient</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyclient\">Apache Core documentation</a>. Defaults to undef.\nAn example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_verify_client => 'optional',\n }\n</code></pre>\n\n<h5><code>ssl_verify_depth</code></h5>\n\n<p>Sets <code>SSLVerifyDepth</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifydepth\">Apache Core documentation</a>. Defaults to undef.\nAn example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_verify_depth => 1,\n }\n</code></pre>\n\n<h5><code>ssl_options</code></h5>\n\n<p>Sets <code>SSLOptions</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions\">Apache Core documentation</a>. This is the global setting for the vhost and can be a string or an array. Defaults to undef. A single string example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_options => '+ExportCertData',\n }\n</code></pre>\n\n<p>An array of strings example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_options => [ '+StrictRequire', '+ExportCertData' ],\n }\n</code></pre>\n\n<h5><code>ssl_proxyengine</code></h5>\n\n<p>Specifies whether to use <code>SSLProxyEngine</code> or not. Defaults to <code>false</code>.</p>\n\n<h5><code>vhost_name</code></h5>\n\n<p>This parameter is for use with name-based virtual hosting. Defaults to '*'.</p>\n\n<h5><code>itk</code></h5>\n\n<p>Hash containing infos to configure itk as per the <a href=\"http://mpm-itk.sesse.net/\">ITK documentation</a>.</p>\n\n<p>Keys could be:</p>\n\n<ul>\n<li>user + group</li>\n<li>assignuseridexpr</li>\n<li>assigngroupidexpr</li>\n<li>maxclientvhost</li>\n<li>nice</li>\n<li>limituidrange (Linux 3.5.0 or newer)</li>\n<li>limitgidrange (Linux 3.5.0 or newer)</li>\n</ul>\n\n<p>Usage will typically look like:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n itk => {\n user => 'someuser',\n group => 'somegroup',\n },\n }\n</code></pre>\n\n<h3>Virtual Host Examples</h3>\n\n<p>The Apache module allows you to set up pretty much any configuration of virtual host you might desire. This section will address some common configurations. Please see the <a href=\"https://github.com/puppetlabs/puppetlabs-apache/tree/master/tests\">Tests section</a> for even more examples.</p>\n\n<p>Configure a vhost with a server administrator</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'third.example.com':\n port => '80',\n docroot => '/var/www/third',\n serveradmin => 'admin@example.com',\n }\n</code></pre>\n\n<hr>\n\n<p>Set up a vhost with aliased servers</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sixth.example.com':\n serveraliases => [\n 'sixth.example.org',\n 'sixth.example.net',\n ],\n port => '80',\n docroot => '/var/www/fifth',\n }\n</code></pre>\n\n<hr>\n\n<p>Configure a vhost with a cgi-bin</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'eleventh.example.com':\n port => '80',\n docroot => '/var/www/eleventh',\n scriptalias => '/usr/lib/cgi-bin',\n }\n</code></pre>\n\n<hr>\n\n<p>Set up a vhost with a rack configuration</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'fifteenth.example.com':\n port => '80',\n docroot => '/var/www/fifteenth',\n rack_base_uris => ['/rackapp1', '/rackapp2'],\n }\n</code></pre>\n\n<hr>\n\n<p>Set up a mix of SSL and non-SSL vhosts at the same domain</p>\n\n<pre lang=\"puppet\"><code> #The non-ssl vhost\n apache::vhost { 'first.example.com non-ssl':\n servername => 'first.example.com',\n port => '80',\n docroot => '/var/www/first',\n }\n\n #The SSL vhost at the same domain\n apache::vhost { 'first.example.com ssl':\n servername => 'first.example.com',\n port => '443',\n docroot => '/var/www/first',\n ssl => true,\n }\n</code></pre>\n\n<hr>\n\n<p>Configure a vhost to redirect non-SSL connections to SSL</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sixteenth.example.com non-ssl':\n servername => 'sixteenth.example.com',\n port => '80',\n docroot => '/var/www/sixteenth',\n redirect_status => 'permanent'\n redirect_dest => 'https://sixteenth.example.com/'\n }\n apache::vhost { 'sixteenth.example.com ssl':\n servername => 'sixteenth.example.com',\n port => '443',\n docroot => '/var/www/sixteenth',\n ssl => true,\n }\n</code></pre>\n\n<hr>\n\n<p>Set up IP-based vhosts on any listen port and have them respond to requests on specific IP addresses. In this example, we will set listening on ports 80 and 81. This is required because the example vhosts are not declared with a port parameter.</p>\n\n<pre lang=\"puppet\"><code> apache::listen { '80': }\n apache::listen { '81': }\n</code></pre>\n\n<p>Then we will set up the IP-based vhosts</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'first.example.com':\n ip => '10.0.0.10',\n docroot => '/var/www/first',\n ip_based => true,\n }\n apache::vhost { 'second.example.com':\n ip => '10.0.0.11',\n docroot => '/var/www/second',\n ip_based => true,\n }\n</code></pre>\n\n<hr>\n\n<p>Configure a mix of name-based and IP-based vhosts. First, we will add two IP-based vhosts on 10.0.0.10, one SSL and one non-SSL</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'The first IP-based vhost, non-ssl':\n servername => 'first.example.com',\n ip => '10.0.0.10',\n port => '80',\n ip_based => true,\n docroot => '/var/www/first',\n }\n apache::vhost { 'The first IP-based vhost, ssl':\n servername => 'first.example.com',\n ip => '10.0.0.10',\n port => '443',\n ip_based => true,\n docroot => '/var/www/first-ssl',\n ssl => true,\n }\n</code></pre>\n\n<p>Then, we will add two name-based vhosts listening on 10.0.0.20</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'second.example.com':\n ip => '10.0.0.20',\n port => '80',\n docroot => '/var/www/second',\n }\n apache::vhost { 'third.example.com':\n ip => '10.0.0.20',\n port => '80',\n docroot => '/var/www/third',\n }\n</code></pre>\n\n<p>If you want to add two name-based vhosts so that they will answer on either 10.0.0.10 or 10.0.0.20, you <strong>MUST</strong> declare <code>add_listen => 'false'</code> to disable the otherwise automatic 'Listen 80', as it will conflict with the preceding IP-based vhosts.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'fourth.example.com':\n port => '80',\n docroot => '/var/www/fourth',\n add_listen => false,\n }\n apache::vhost { 'fifth.example.com':\n port => '80',\n docroot => '/var/www/fifth',\n add_listen => false,\n }\n</code></pre>\n\n<h2>Implementation</h2>\n\n<h3>Classes and Defined Types</h3>\n\n<h4>Class: <code>apache::dev</code></h4>\n\n<p>Installs Apache development libraries</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::dev': }\n</code></pre>\n\n<p>On FreeBSD you're required to define <code>apache::package</code> or <code>apache</code> class before <code>apache::dev</code>.</p>\n\n<h4>Defined Type: <code>apache::listen</code></h4>\n\n<p>Controls which ports Apache binds to for listening based on the title:</p>\n\n<pre lang=\"puppet\"><code> apache::listen { '80': }\n apache::listen { '443': }\n</code></pre>\n\n<p>Declaring this defined type will add all <code>Listen</code> directives to the <code>ports.conf</code> file in the Apache httpd configuration directory. <code>apache::listen</code> titles should always take the form of: <code><port></code>, <code><ipv4>:<port></code>, or <code>[<ipv6>]:<port></code></p>\n\n<p>Apache httpd requires that <code>Listen</code> directives must be added for every port. The <code>apache::vhost</code> defined type will automatically add <code>Listen</code> directives unless the <code>apache::vhost</code> is passed <code>add_listen => false</code>.</p>\n\n<h4>Defined Type: <code>apache::namevirtualhost</code></h4>\n\n<p>Enables named-based hosting of a virtual host</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::namevirtualhost`: }\n</code></pre>\n\n<p>Declaring this defined type will add all <code>NameVirtualHost</code> directives to the <code>ports.conf</code> file in the Apache https configuration directory. <code>apache::namevirtualhost</code> titles should always take the form of: <code>*</code>, <code>*:<port></code>, <code>_default_:<port></code>, <code><ip></code>, or <code><ip>:<port></code>.</p>\n\n<h4>Defined Type: <code>apache::balancermember</code></h4>\n\n<p>Define members of a proxy_balancer set (mod_proxy_balancer). Very useful when using exported resources.</p>\n\n<p>On every app server you can export a balancermember like this:</p>\n\n<pre lang=\"puppet\"><code> @@apache::balancermember { "${::fqdn}-puppet00":\n balancer_cluster => 'puppet00',\n url => "ajp://${::fqdn}:8009"\n options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],\n }\n</code></pre>\n\n<p>And on the proxy itself you create the balancer cluster using the defined type apache::balancer:</p>\n\n<pre lang=\"puppet\"><code> apache::balancer { 'puppet00': }\n</code></pre>\n\n<p>If you need to use ProxySet in the balncer config you can do as so:</p>\n\n<pre lang=\"puppet\"><code> apache::balancer { 'puppet01':\n proxy_set => {'stickysession' => 'JSESSIONID'},\n }\n</code></pre>\n\n<h3>Templates</h3>\n\n<p>The Apache module relies heavily on templates to enable the <code>vhost</code> and <code>apache::mod</code> defined types. These templates are built based on Facter facts around your operating system. Unless explicitly called out, most templates are not meant for configuration.</p>\n\n<h2>Limitations</h2>\n\n<p>This has been tested on Ubuntu Precise, Debian Wheezy, CentOS 5.8, and FreeBSD 9.1.</p>\n\n<h2>Development</h2>\n\n<h3>Overview</h3>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n\n<h3>Running tests</h3>\n\n<p>This project contains tests for both <a href=\"http://rspec-puppet.com/\">rspec-puppet</a> and <a href=\"https://github.com/puppetlabs/rspec-system\">rspec-system</a> to verify functionality. For in-depth information please see their respective documentation.</p>\n\n<p>Quickstart:</p>\n\n<pre><code>gem install bundler\nbundle install\nbundle exec rake spec\nbundle exec rake spec:system\n</code></pre>\n\n<h2>Copyright and License</h2>\n\n<p>Copyright (C) 2012 <a href=\"https://www.puppetlabs.com/\">Puppet Labs</a> Inc</p>\n\n<p>Puppet Labs can be contacted at: <a href=\"mailto:info@puppetlabs.com\">info@puppetlabs.com</a></p>\n\n<p>Licensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at</p>\n\n<p><a href=\"http://www.apache.org/licenses/LICENSE-2.0\">http://www.apache.org/licenses/LICENSE-2.0</a></p>\n\n<p>Unless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.</p>\n</section>",
|
|
1280
|
+
"readme": "<section class=\"markdown\"><h1>apache</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-apache\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-apache.png?branch=main\" alt=\"Build Status\"></a></p>\n\n<h4>Table of Contents</h4>\n\n<ol>\n<li><a href=\"#overview\">Overview - What is the Apache module?</a></li>\n<li><a href=\"#module-description\">Module Description - What does the module do?</a></li>\n<li><a href=\"#setup\">Setup - The basics of getting started with Apache</a>\n\n<ul>\n<li><a href=\"#beginning-with-apache\">Beginning with Apache - Installation</a></li>\n<li><a href=\"#configure-a-virtual-host\">Configure a Virtual Host - Basic options for getting started</a></li>\n</ul></li>\n<li><a href=\"#usage\">Usage - The classes, defined types, and their parameters available for configuration</a>\n\n<ul>\n<li><a href=\"#classes-and-defined-types\">Classes and Defined Types</a>\n\n<ul>\n<li><a href=\"#class-apache\">Class: apache</a></li>\n<li><a href=\"#classes-apachemodname\">Classes: apache::mod::*</a></li>\n<li><a href=\"#defined-type-apachevhost\">Defined Type: apache::vhost</a></li>\n</ul></li>\n<li><a href=\"#virtual-host-examples\">Virtual Host Examples - Demonstrations of some configuration options</a></li>\n</ul></li>\n<li><a href=\"#implementation\">Implementation - An under-the-hood peek at what the module is doing</a>\n\n<ul>\n<li><a href=\"#classes-and-defined-types\">Classes and Defined Types</a></li>\n<li><a href=\"#templates\">Templates</a></li>\n</ul></li>\n<li><a href=\"#limitations\">Limitations - OS compatibility, etc.</a></li>\n<li><a href=\"#development\">Development - Guide for contributing to the module</a></li>\n<li><a href=\"#release-notes\">Release Notes - Notes on the most recent updates to the module</a></li>\n</ol>\n\n<h2>Overview</h2>\n\n<p>The Apache module allows you to set up virtual hosts and manage web services with minimal effort.</p>\n\n<h2>Module Description</h2>\n\n<p>Apache is a widely-used web server, and this module provides a simplified way of creating configurations to manage your infrastructure. This includes the ability to configure and manage a range of different virtual host setups, as well as a streamlined way to install and configure Apache modules.</p>\n\n<h2>Setup</h2>\n\n<p><strong>What Apache affects:</strong></p>\n\n<ul>\n<li>configuration files and directories (created and written to)\n\n<ul>\n<li><strong>NOTE</strong>: Configurations that are <em>not</em> managed by Puppet will be purged.</li>\n</ul></li>\n<li>package/service/configuration files for Apache</li>\n<li>Apache modules</li>\n<li>virtual hosts</li>\n<li>listened-to ports</li>\n<li><code>/etc/make.conf</code> on FreeBSD</li>\n</ul>\n\n<h3>Beginning with Apache</h3>\n\n<p>To install Apache with the default parameters</p>\n\n<pre lang=\"puppet\"><code> class { 'apache': }\n</code></pre>\n\n<p>The defaults are determined by your operating system (e.g. Debian systems have one set of defaults, RedHat systems have another). These defaults will work well in a testing environment, but are not suggested for production. To establish customized parameters</p>\n\n<pre lang=\"puppet\"><code> class { 'apache':\n default_mods => false,\n default_confd_files => false,\n }\n</code></pre>\n\n<h3>Configure a virtual host</h3>\n\n<p>Declaring the <code>apache</code> class will create a default virtual host by setting up a vhost on port 80, listening on all interfaces and serving <code>$apache::docroot</code>.</p>\n\n<pre lang=\"puppet\"><code> class { 'apache': }\n</code></pre>\n\n<p>To configure a very basic, name-based virtual host</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'first.example.com':\n port => '80',\n docroot => '/var/www/first',\n }\n</code></pre>\n\n<p><em>Note:</em> The default priority is 15. If nothing matches this priority, the alphabetically first name-based vhost will be used. This is also true if you pass a higher priority and no names match anything else.</p>\n\n<p>A slightly more complicated example, which moves the docroot owner/group</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'second.example.com':\n port => '80',\n docroot => '/var/www/second',\n docroot_owner => 'third',\n docroot_group => 'third',\n }\n</code></pre>\n\n<p>To set up a virtual host with SSL and default SSL certificates</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'ssl.example.com':\n port => '443',\n docroot => '/var/www/ssl',\n ssl => true,\n }\n</code></pre>\n\n<p>To set up a virtual host with SSL and specific SSL certificates</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'fourth.example.com':\n port => '443',\n docroot => '/var/www/fourth',\n ssl => true,\n ssl_cert => '/etc/ssl/fourth.example.com.cert',\n ssl_key => '/etc/ssl/fourth.example.com.key',\n }\n</code></pre>\n\n<p>To set up a virtual host with IP address different than '*'</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'subdomain.example.com':\n ip => '127.0.0.1',\n port => '80',\n docrout => '/var/www/subdomain',\n }\n</code></pre>\n\n<p>To set up a virtual host with wildcard alias for subdomain mapped to same named directory\n<code>http://examle.com.loc => /var/www/example.com</code></p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'subdomain.loc':\n vhost_name => '*',\n port => '80',\n virtual_docroot' => '/var/www/%-2+',\n docroot => '/var/www',\n serveraliases => ['*.loc',],\n }\n</code></pre>\n\n<p>To set up a virtual host with suPHP</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'suphp.example.com':\n port => '80',\n docroot => '/home/appuser/myphpapp',\n suphp_addhandler => 'x-httpd-php',\n suphp_engine => 'on',\n suphp_configpath => '/etc/php5/apache2',\n directories => { path => '/home/appuser/myphpapp',\n 'suphp' => { user => 'myappuser', group => 'myappgroup' },\n }\n }\n</code></pre>\n\n<p>To set up a virtual host with WSGI</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'wsgi.example.com':\n port => '80',\n docroot => '/var/www/pythonapp',\n wsgi_daemon_process => 'wsgi',\n wsgi_daemon_process_options =>\n { processes => '2', threads => '15', display-name => '%{GROUP}' },\n wsgi_process_group => 'wsgi',\n wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' },\n }\n</code></pre>\n\n<p>Starting 2.2.16, httpd supports <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_dir.html#fallbackresource\">FallbackResource</a> which is a simple replace for common RewriteRules:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'wordpress.example.com':\n port => '80',\n docroot => '/var/www/wordpress',\n fallbackresource => '/index.php',\n }\n</code></pre>\n\n<p>Please note that the <code>disabled</code> argument to FallbackResource is only supported since 2.2.24.</p>\n\n<p>To see a list of all virtual host parameters, <a href=\"#defined-type-apachevhost\">please go here</a>. To see an extensive list of virtual host examples <a href=\"#virtual-host-examples\">please look here</a>.</p>\n\n<h2>Usage</h2>\n\n<h3>Classes and Defined Types</h3>\n\n<p>This module modifies Apache configuration files and directories and will purge any configuration not managed by Puppet. Configuration of Apache should be managed by Puppet, as non-puppet configuration files can cause unexpected failures.</p>\n\n<p>It is possible to temporarily disable full Puppet management by setting the <code>purge_configs</code> parameter within the base <code>apache</code> class to 'false'. This option should only be used as a temporary means of saving and relocating customized configurations.</p>\n\n<h4>Class: <code>apache</code></h4>\n\n<p>The Apache module's primary class, <code>apache</code>, guides the basic setup of Apache on your system.</p>\n\n<p>You may establish a default vhost in this class, the <code>vhost</code> class, or both. You may add additional vhost configurations for specific virtual hosts using a declaration of the <code>vhost</code> type.</p>\n\n<p><strong>Parameters within <code>apache</code>:</strong></p>\n\n<h5><code>default_mods</code></h5>\n\n<p>Sets up Apache with default settings based on your OS. Defaults to 'true', set to 'false' for customized configuration.</p>\n\n<h5><code>default_vhost</code></h5>\n\n<p>Sets up a default virtual host. Defaults to 'true', set to 'false' to set up <a href=\"#configure-a-virtual-host\">customized virtual hosts</a>.</p>\n\n<h5><code>default_confd_files</code></h5>\n\n<p>Generates default set of include-able apache configuration files under <code>${apache::confd_dir}</code> directory. These configuration files correspond to what is usually installed with apache package on given platform.</p>\n\n<h5><code>default_ssl_vhost</code></h5>\n\n<p>Sets up a default SSL virtual host. Defaults to 'false'.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'default-ssl':\n port => 443,\n ssl => true,\n docroot => $docroot,\n scriptalias => $scriptalias,\n serveradmin => $serveradmin,\n access_log_file => "ssl_${access_log_file}",\n }\n</code></pre>\n\n<p>SSL vhosts only respond to HTTPS queries.</p>\n\n<h5><code>default_ssl_cert</code></h5>\n\n<p>The default SSL certification, which is automatically set based on your operating system (<code>/etc/pki/tls/certs/localhost.crt</code> for RedHat, <code>/etc/ssl/certs/ssl-cert-snakeoil.pem</code> for Debian, <code>/usr/local/etc/apache22/server.crt</code> for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_key</code></h5>\n\n<p>The default SSL key, which is automatically set based on your operating system (<code>/etc/pki/tls/private/localhost.key</code> for RedHat, <code>/etc/ssl/private/ssl-cert-snakeoil.key</code> for Debian, <code>/usr/local/etc/apache22/server.key</code> for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_chain</code></h5>\n\n<p>The default SSL chain, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_ca</code></h5>\n\n<p>The default certificate authority, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_crl_path</code></h5>\n\n<p>The default certificate revocation list path, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_crl</code></h5>\n\n<p>The default certificate revocation list to use, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>service_name</code></h5>\n\n<p>Name of apache service to run. Defaults to: <code>'httpd'</code> on RedHat, <code>'apache2'</code> on Debian, and <code>'apache22'</code> on FreeBSD.</p>\n\n<h5><code>service_enable</code></h5>\n\n<p>Determines whether the 'httpd' service is enabled when the machine is booted. Defaults to 'true'.</p>\n\n<h5><code>service_ensure</code></h5>\n\n<p>Determines whether the service should be running. Can be set to 'undef' which is useful when you want to let the service be managed by some other application like pacemaker. Defaults to 'running'.</p>\n\n<h5><code>purge_configs</code></h5>\n\n<p>Removes all other apache configs and vhosts, which is automatically set to true. Setting this to false is a stopgap measure to allow the apache module to coexist with existing or otherwise managed configuration. It is recommended that you move your configuration entirely to resources within this module.</p>\n\n<h5><code>serveradmin</code></h5>\n\n<p>Sets the server administrator. Defaults to 'root@localhost'.</p>\n\n<h5><code>servername</code></h5>\n\n<p>Sets the servername. Defaults to fqdn provided by facter.</p>\n\n<h5><code>server_root</code></h5>\n\n<p>A value to be set as <code>ServerRoot</code> in main configuration file (<code>httpd.conf</code>). Defaults to <code>/etc/httpd</code> on RedHat, <code>/etc/apache2</code> on Debian and <code>/usr/local</code> on FreeBSD.</p>\n\n<h5><code>sendfile</code></h5>\n\n<p>Makes Apache use the Linux kernel 'sendfile' to serve static files. Defaults to 'On'.</p>\n\n<h5><code>server_root</code></h5>\n\n<p>A value to be set as <code>ServerRoot</code> in main configuration file (<code>httpd.conf</code>). Defaults to <code>/etc/httpd</code> on RedHat and <code>/etc/apache2</code> on Debian.</p>\n\n<h5><code>error_documents</code></h5>\n\n<p>Enables custom error documents. Defaults to 'false'.</p>\n\n<h5><code>httpd_dir</code></h5>\n\n<p>Changes the base location of the configuration directories used for the service. This is useful for specially repackaged HTTPD builds but may have unintended consequences when used in combination with the default distribution packages. Default is based on your OS.</p>\n\n<h5><code>confd_dir</code></h5>\n\n<p>Changes the location of the configuration directory your custom configuration files are placed in. Default is based on your OS.</p>\n\n<h5><code>vhost_dir</code></h5>\n\n<p>Changes the location of the configuration directory your virtual host configuration files are placed in. Default is based on your OS.</p>\n\n<h5><code>mod_dir</code></h5>\n\n<p>Changes the location of the configuration directory your Apache modules configuration files are placed in. Default is based on your OS.</p>\n\n<h5><code>mpm_module</code></h5>\n\n<p>Configures which mpm module is loaded and configured for the httpd process by the <code>apache::mod::event</code>, <code>apache::mod::itk</code>, <code>apache::mod::peruser</code>, <code>apache::mod::prefork</code> and <code>apache::mod::worker</code> classes. Must be set to <code>false</code> to explicitly declare <code>apache::mod::event</code>, <code>apache::mod::itk</code>, <code>apache::mod::peruser</code>, <code>apache::mod::prefork</code> or <code>apache::mod::worker</code> classes with parameters. All possible values are <code>event</code>, <code>itk</code>, <code>peruser</code>, <code>prefork</code>, <code>worker</code> (valid values depend on agent's OS), or the boolean <code>false</code>. Defaults to <code>prefork</code> on RedHat and FreeBSD and <code>worker</code> on Debian. Note: on FreeBSD switching between different mpm modules is quite difficult (but possible). Before changing <code>$mpm_module</code> one has to deinstall all packages that depend on currently installed <code>apache</code>.</p>\n\n<h5><code>conf_template</code></h5>\n\n<p>Setting this allows you to override the template used for the main apache configuration file. This is a potentially risky thing to do as this module has been built around the concept of a minimal configuration file with most of the configuration coming in the form of conf.d/ entries. Defaults to 'apache/httpd.conf.erb'.</p>\n\n<h5><code>keepalive</code></h5>\n\n<p>Setting this allows you to enable persistent connections.</p>\n\n<h5><code>keepalive_timeout</code></h5>\n\n<p>Amount of time the server will wait for subsequent requests on a persistent connection. Defaults to '15'.</p>\n\n<h5><code>logroot</code></h5>\n\n<p>Changes the location of the directory Apache log files are placed in. Defaut is based on your OS.</p>\n\n<h5><code>log_level</code></h5>\n\n<p>Changes the verbosity level of the error log. Defaults to 'warn'. Valid values are <code>emerg</code>, <code>alert</code>, <code>crit</code>, <code>error</code>, <code>warn</code>, <code>notice</code>, <code>info</code> or <code>debug</code>.</p>\n\n<h5><code>ports_file</code></h5>\n\n<p>Changes the name of the file containing Apache ports configuration. Default is <code>${conf_dir}/ports.conf</code>.</p>\n\n<h5><code>server_tokens</code></h5>\n\n<p>Controls how much information Apache sends to the browser about itself and the operating system. See Apache documentation for 'ServerTokens'. Defaults to 'OS'.</p>\n\n<h5><code>server_signature</code></h5>\n\n<p>Allows the configuration of a trailing footer line under server-generated documents. See Apache documentation for 'ServerSignature'. Defaults to 'On'.</p>\n\n<h5><code>trace_enable</code></h5>\n\n<p>Controls, how TRACE requests per RFC 2616 are handled. See Apache documentation for 'TraceEnable'. Defaults to 'On'.</p>\n\n<h5><code>manage_user</code></h5>\n\n<p>Setting this to false will avoid the user resource to be created by this module. This is useful when you already have a user created in another puppet module and that you want to used it to run apache. Without this, it would result in a duplicate resource error.</p>\n\n<h5><code>manage_group</code></h5>\n\n<p>Setting this to false will avoid the group resource to be created by this module. This is useful when you already have a group created in another puppet module and that you want to used it for apache. Without this, it would result in a duplicate resource error.</p>\n\n<h5><code>package_ensure</code></h5>\n\n<p>Allow control over the package ensure statement. This is useful if you want to make sure apache is always at the latest version or whether it is only installed.</p>\n\n<h4>Class: <code>apache::default_mods</code></h4>\n\n<p>Installs default Apache modules based on what OS you are running</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::default_mods': }\n</code></pre>\n\n<h4>Defined Type: <code>apache::mod</code></h4>\n\n<p>Used to enable arbitrary Apache httpd modules for which there is no specific <code>apache::mod::[name]</code> class. The <code>apache::mod</code> defined type will also install the required packages to enable the module, if any.</p>\n\n<pre lang=\"puppet\"><code> apache::mod { 'rewrite': }\n apache::mod { 'ldap': }\n</code></pre>\n\n<h4>Classes: <code>apache::mod::[name]</code></h4>\n\n<p>There are many <code>apache::mod::[name]</code> classes within this module that can be declared using <code>include</code>:</p>\n\n<ul>\n<li><code>alias</code></li>\n<li><code>auth_basic</code></li>\n<li><code>auth_kerb</code></li>\n<li><code>autoindex</code></li>\n<li><code>cache</code></li>\n<li><code>cgi</code></li>\n<li><code>cgid</code></li>\n<li><code>dav</code></li>\n<li><code>dav_fs</code></li>\n<li><code>dav_svn</code></li>\n<li><code>deflate</code></li>\n<li><code>dev</code></li>\n<li><code>dir</code>*</li>\n<li><code>disk_cache</code></li>\n<li><code>event</code></li>\n<li><code>fastcgi</code></li>\n<li><code>fcgid</code></li>\n<li><code>headers</code></li>\n<li><code>info</code></li>\n<li><code>itk</code></li>\n<li><code>ldap</code></li>\n<li><code>mime</code></li>\n<li><code>mime_magic</code>*</li>\n<li><code>mpm_event</code></li>\n<li><code>negotiation</code></li>\n<li><code>nss</code>*</li>\n<li><code>passenger</code>*</li>\n<li><code>perl</code></li>\n<li><code>peruser</code></li>\n<li><code>php</code> (requires <a href=\"#mpm_module\"><code>mpm_module</code></a> set to <code>prefork</code>)</li>\n<li><code>prefork</code>*</li>\n<li><code>proxy</code>*</li>\n<li><code>proxy_ajp</code></li>\n<li><code>proxy_html</code></li>\n<li><code>proxy_http</code></li>\n<li><code>python</code></li>\n<li><code>reqtimeout</code></li>\n<li><code>rewrite</code></li>\n<li><code>rpaf</code>*</li>\n<li><code>setenvif</code></li>\n<li><code>ssl</code>* (see <a href=\"#class-apachemodssl\">apache::mod::ssl</a> below)</li>\n<li><code>status</code>*</li>\n<li><code>suphp</code></li>\n<li><code>userdir</code>*</li>\n<li><code>vhost_alias</code></li>\n<li><code>worker</code>*</li>\n<li><code>wsgi</code> (see <a href=\"#class-apachemodwsgi\">apache::mod::wsgi</a> below)</li>\n<li><code>xsendfile</code></li>\n</ul>\n\n<p>Modules noted with a * indicate that the module has settings and, thus, a template that includes parameters. These parameters control the module's configuration. Most of the time, these parameters will not require any configuration or attention.</p>\n\n<p>The modules mentioned above, and other Apache modules that have templates, will cause template files to be dropped along with the mod install, and the module will not work without the template. Any mod without a template will install package but drop no files.</p>\n\n<h4>Class: <code>apache::mod::ssl</code></h4>\n\n<p>Installs Apache SSL capabilities and utilizes <code>ssl.conf.erb</code> template. These are the defaults:</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::mod::ssl':\n ssl_compression => false,\n ssl_options => [ 'StdEnvVars' ],\n }\n</code></pre>\n\n<p>To <em>use</em> SSL with a virtual host, you must either set the<code>default_ssl_vhost</code> parameter in <code>apache</code> to 'true' or set the <code>ssl</code> parameter in <code>apache::vhost</code> to 'true'.</p>\n\n<h4>Class: <code>apache::mod::wsgi</code></h4>\n\n<pre lang=\"puppet\"><code> class { 'apache::mod::wsgi':\n wsgi_socket_prefix => "\\${APACHE_RUN_DIR}WSGI",\n wsgi_python_home => '/path/to/virtenv',\n wsgi_python_path => '/path/to/virtenv/site-packages',\n }\n</code></pre>\n\n<h4>Defined Type: <code>apache::vhost</code></h4>\n\n<p>The Apache module allows a lot of flexibility in the set up and configuration of virtual hosts. This flexibility is due, in part, to <code>vhost</code>'s setup as a defined resource type, which allows it to be evaluated multiple times with different parameters.</p>\n\n<p>The <code>vhost</code> defined type allows you to have specialized configurations for virtual hosts that have requirements outside of the defaults. You can set up a default vhost within the base <code>apache</code> class as well as set a customized vhost setup as default. Your customized vhost (priority 10) will be privileged over the base class vhost (15).</p>\n\n<p>If you have a series of specific configurations and do not want a base <code>apache</code> class default vhost, make sure to set the base class default host to 'false'.</p>\n\n<pre lang=\"puppet\"><code> class { 'apache':\n default_vhost => false,\n }\n</code></pre>\n\n<p><strong>Parameters within <code>apache::vhost</code>:</strong></p>\n\n<p>The default values for each parameter will vary based on operating system and type of virtual host.</p>\n\n<h5><code>access_log</code></h5>\n\n<p>Specifies whether <code>*_access.log</code> directives should be configured. Valid values are 'true' and 'false'. Defaults to 'true'.</p>\n\n<h5><code>access_log_file</code></h5>\n\n<p>Points to the <code>*_access.log</code> file. Defaults to 'undef'.</p>\n\n<h5><code>access_log_pipe</code></h5>\n\n<p>Specifies a pipe to send access log messages to. Defaults to 'undef'.</p>\n\n<h5><code>access_log_syslog</code></h5>\n\n<p>Sends all access log messages to syslog. Defaults to 'undef'.</p>\n\n<h5><code>access_log_format</code></h5>\n\n<p>Specifies either a LogFormat nickname or custom format string for access log. Defaults to 'undef'.</p>\n\n<h5><code>add_listen</code></h5>\n\n<p>Determines whether the vhost creates a listen statement. The default value is 'true'.</p>\n\n<p>Setting <code>add_listen</code> to 'false' stops the vhost from creating a listen statement, and this is important when you combine vhosts that are not passed an <code>ip</code> parameter with vhosts that <em>are</em> passed the <code>ip</code> parameter.</p>\n\n<h5><code>aliases</code></h5>\n\n<p>Passes a list of hashes to the vhost to create <code>Alias</code> or <code>AliasMatch</code> statements as per the <a href=\"http://httpd.apache.org/docs/current/mod/mod_alias.html\"><code>mod_alias</code> documentation</a>. Each hash is expected to be of the form:</p>\n\n<pre><code>aliases => [\n { aliasmatch => '^/image/(.*)\\.jpg$', path => '/files/jpg.images/$1.jpg' }\n { alias => '/image', path => '/ftp/pub/image' },\n],\n</code></pre>\n\n<p>For <code>Alias</code> and <code>AliasMatch</code> to work, each will need a corresponding <code><Directory /path/to/directory></code> or <code><Location /path/to/directory></code> block. The <code>Alias</code> and <code>AliasMatch</code> directives are created in the order specified in the <code>aliases</code> paramter. As described in the <a href=\"http://httpd.apache.org/docs/current/mod/mod_alias.html\"><code>mod_alias</code> documentation</a> more specific <code>Alias</code> or <code>AliasMatch</code> directives should come before the more general ones to avoid shadowing.</p>\n\n<p><strong>Note:</strong> If <code>apache::mod::passenger</code> is loaded and <code>PassengerHighPerformance true</code> is set, then <code>Alias</code> may have issues honouring the <code>PassengerEnabled off</code> statement. See <a href=\"http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html\">this article</a> for details.</p>\n\n<h5><code>block</code></h5>\n\n<p>Specifies the list of things Apache will block access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories. To add to this, please see the <a href=\"#development\">Development</a> section.</p>\n\n<h5><code>custom_fragment</code></h5>\n\n<p>Pass a string of custom configuration directives to be placed at the end of the vhost configuration.</p>\n\n<h5><code>default_vhost</code></h5>\n\n<p>Sets a given <code>apache::vhost</code> as the default to serve requests that do not match any other <code>apache::vhost</code> definitions. The default value is 'false'.</p>\n\n<h5><code>directories</code></h5>\n\n<p>Passes a list of hashes to the vhost to create <code><Directory /path/to/directory>...</Directory></code> directive blocks as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/core.html#directory\">Apache core documentation</a>. The <code>path</code> key is required in these hashes. An optional <code>provider</code> defaults to <code>directory</code>. Usage will typically look like:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', <directive> => <value> },\n { path => '/path/to/another/directory', <directive> => <value> },\n ],\n }\n</code></pre>\n\n<p><em>Note:</em> At least one directory should match <code>docroot</code> parameter, once you start declaring directories <code>apache::vhost</code> assumes that all required <code><Directory></code> blocks will be declared.</p>\n\n<p><em>Note:</em> If not defined a single default <code><Directory></code> block will be created that matches the <code>docroot</code> parameter.</p>\n\n<p><code>provider</code> can be set to any of <code>directory</code>, <code>files</code>, or <code>location</code>. If the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#files\">pathspec starts with a <code>~</code></a>, httpd will interpret this as the equivalent of <code>DirectoryMatch</code>, <code>FilesMatch</code>, or <code>LocationMatch</code>, respectively.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'files.example.net':\n docroot => '/var/www/files',\n directories => [\n { path => '~ (\\.swp|\\.bak|~)$', 'provider' => 'files', 'deny' => 'from all' },\n ],\n }\n</code></pre>\n\n<p>The directives will be embedded within the <code>Directory</code> (<code>Files</code>, or <code>Location</code>) directive block, missing directives should be undefined and not be added, resulting in their default vaules in Apache. Currently this is the list of supported directives:</p>\n\n<h6><code>addhandlers</code></h6>\n\n<p>Sets <code>AddHandler</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_mime.html#addhandler\">Apache Core documentation</a>. Accepts a list of hashes of the form <code>{ handler => 'handler-name', extensions => ['extension']}</code>. Note that <code>extensions</code> is a list of extenstions being handled by the handler.\nAn example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory',\n addhandlers => [ { handler => 'cgi-script', extensions => ['.cgi']} ],\n } ],\n }\n</code></pre>\n\n<h6><code>allow</code></h6>\n\n<p>Sets an <code>Allow</code> directive as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow\">Apache Core documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', allow => 'from example.org' } ],\n }\n</code></pre>\n\n<h6><code>allow_override</code></h6>\n\n<p>Sets the usage of <code>.htaccess</code> files as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride\">Apache core documentation</a>. Should accept in the form of a list or a string. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', allow_override => ['AuthConfig', 'Indexes'] } ],\n }\n</code></pre>\n\n<h6><code>deny</code></h6>\n\n<p>Sets an <code>Deny</code> directive as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny\">Apache Core documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', deny => 'from example.org' } ],\n }\n</code></pre>\n\n<h6><code>error_documents</code></h6>\n\n<p>A list of hashes which can be used to override the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#errordocument\">ErrorDocument</a> settings for this directory. Example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n directories => [ { path => '/srv/www'\n error_documents => [\n { 'error_code' => '503', 'document' => '/service-unavail' },\n ],\n }]\n }\n</code></pre>\n\n<h6><code>headers</code></h6>\n\n<p>Adds lines for <code>Header</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header\">Apache Header documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => {\n path => '/path/to/directory',\n headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',\n },\n }\n</code></pre>\n\n<h6><code>options</code></h6>\n\n<p>Lists the options for the given <code><Directory></code> block</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'] }],\n }\n</code></pre>\n\n<h6><code>index_options</code></h6>\n\n<p>Styles the list</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'], index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'] }],\n }\n</code></pre>\n\n<h6><code>index_order_default</code></h6>\n\n<p>Sets the order of the list </p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', order => 'Allow,Deny', index_order_default => ['Descending', 'Date']}, ],\n }\n</code></pre>\n\n<h6><code>order</code></h6>\n\n<p>Sets the order of processing <code>Allow</code> and <code>Deny</code> statements as per <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order\">Apache core documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', order => 'Allow,Deny' } ],\n }\n</code></pre>\n\n<h6><code>auth_type</code></h6>\n\n<p>Sets the value for <code>AuthType</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#authtype\">Apache AuthType\ndocumentation</a>.</p>\n\n<h6><code>auth_name</code></h6>\n\n<p>Sets the value for <code>AuthName</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#authname\">Apache AuthName\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_algorithm</code></h6>\n\n<p>Sets the value for <code>AuthDigestAlgorithm</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestalgorithm\">Apache\nAuthDigestAlgorithm\ndocumentation</a></p>\n\n<h6><code>auth_digest_domain</code></h6>\n\n<p>Sets the value for <code>AuthDigestDomain</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestdomain\">Apache AuthDigestDomain\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_nonce_lifetime</code></h6>\n\n<p>Sets the value for <code>AuthDigestNonceLifetime</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestnoncelifetime\">Apache\nAuthDigestNonceLifetime\ndocumentation</a></p>\n\n<h6><code>auth_digest_provider</code></h6>\n\n<p>Sets the value for <code>AuthDigestProvider</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestprovider\">Apache AuthDigestProvider\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_qop</code></h6>\n\n<p>Sets the value for <code>AuthDigestQop</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestqop\">Apache AuthDigestQop\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_shmem_size</code></h6>\n\n<p>Sets the value for <code>AuthAuthDigestShmemSize</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestshmemsize\">Apache AuthDigestShmemSize\ndocumentation</a>.</p>\n\n<h6><code>auth_basic_authoritative</code></h6>\n\n<p>Sets the value for <code>AuthBasicAuthoritative</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicauthoritative\">Apache\nAuthBasicAuthoritative\ndocumentation</a>.</p>\n\n<h6><code>auth_basic_fake</code></h6>\n\n<p>Sets the value for <code>AuthBasicFake</code> as per the <a href=\"https://httpd.apache.org/docs/trunk/mod/mod_auth_basic.html#authbasicfake\">Apache AuthBasicFake\ndocumentation</a>.</p>\n\n<h6><code>auth_basic_provider</code></h6>\n\n<p>Sets the value for <code>AuthBasicProvider</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicprovider\">Apache AuthBasicProvider\ndocumentation</a>.</p>\n\n<h6><code>auth_user_file</code></h6>\n\n<p>Sets the value for <code>AuthUserFile</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_authn_file.html#authuserfile\">Apache AuthUserFile\ndocumentation</a>.</p>\n\n<h6><code>auth_require</code></h6>\n\n<p>Sets the value for <code>AuthName</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#require\">Apache Require\ndocumentation</a></p>\n\n<h6><code>passenger_enabled</code></h6>\n\n<p>Sets the value for the <code>PassengerEnabled</code> directory to <code>on</code> or <code>off</code> as per the <a href=\"http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled\">Passenger documentation</a>.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', passenger_enabled => 'off' } ],\n }\n</code></pre>\n\n<p><strong>Note:</strong> This directive requires <code>apache::mod::passenger</code> to be active, Apache may not start with an unrecognised directive without it.</p>\n\n<p><strong>Note:</strong> Be aware that there is an <a href=\"http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html\">issue</a> using the <code>PassengerEnabled</code> directive with the <code>PassengerHighPerformance</code> directive.</p>\n\n<h6><code>ssl_options</code></h6>\n\n<p>String or list of <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions\"><code>SSLOptions</code></a> for the given <code><Directory></code> block. This overrides, or refines the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions\"><code>SSLOptions</code></a> of the parent block (either vhost, or server).</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'secure.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', ssl_options => '+ExportCertData' }\n { path => '/path/to/different/dir', ssl_options => [ '-StdEnvVars', '+ExportCertData'] },\n ],\n }\n</code></pre>\n\n<h6><code>suphp</code></h6>\n\n<p>An array containing two values: User and group for the <a href=\"http://www.suphp.org/DocumentationView.html?file=apache/CONFIG\">suPHP_UserGroup</a> setting.\nThis directive must be used with <code>suphp_engine => on</code> in the vhost declaration. This directive only works in <code><Directory></code> or <code><Location></code>.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'secure.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', suphp => { user => 'myappuser', group => 'myappgroup' }\n ],\n }\n</code></pre>\n\n<h6><code>custom_fragment</code></h6>\n\n<p>Pass a string of custom configuration directives to be placed at the end of the\ndirectory configuration.</p>\n\n<h5><code>directoryindex</code></h5>\n\n<p>Set a DirectoryIndex directive, to set the list of resources to look for, when the client requests an index of the directory by specifying a / at the end of the directory name..</p>\n\n<h5><code>docroot</code></h5>\n\n<p>Provides the DocumentRoot directive, identifying the directory Apache serves files from.</p>\n\n<h5><code>docroot_group</code></h5>\n\n<p>Sets group access to the docroot directory. Defaults to 'root'.</p>\n\n<h5><code>docroot_owner</code></h5>\n\n<p>Sets individual user access to the docroot directory. Defaults to 'root'.</p>\n\n<h5><code>error_log</code></h5>\n\n<p>Specifies whether <code>*_error.log</code> directives should be configured. Defaults to 'true'.</p>\n\n<h5><code>error_log_file</code></h5>\n\n<p>Points to the <code>*_error.log</code> file. Defaults to 'undef'.</p>\n\n<h5><code>error_log_pipe</code></h5>\n\n<p>Specifies a pipe to send error log messages to. Defaults to 'undef'.</p>\n\n<h5><code>error_log_syslog</code></h5>\n\n<p>Sends all error log messages to syslog. Defaults to 'undef'.</p>\n\n<h5><code>error_documents</code></h5>\n\n<p>A list of hashes which can be used to override the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#errordocument\">ErrorDocument</a> settings for this vhost. Defaults to <code>[]</code>. Example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n error_documents => [\n { 'error_code' => '503', 'document' => '/service-unavail' },\n { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' },\n ],\n }\n</code></pre>\n\n<h5><code>ensure</code></h5>\n\n<p>Specifies if the vhost file is present or absent.</p>\n\n<h5><code>fastcgi_server</code></h5>\n\n<p>Specifies the filename as an external FastCGI application. Defaults to 'undef'.</p>\n\n<h5><code>fastcgi_socket</code></h5>\n\n<p>Filename used to communicate with the web server. Defaults to 'undef'.</p>\n\n<h5><code>fastcgi_dir</code></h5>\n\n<p>Directory to enable for FastCGI. Defaults to 'undef'.</p>\n\n<h5><code>additional_includes</code></h5>\n\n<p>Specifies paths to additional static vhost-specific Apache configuration files.\nThis option is useful when you need to implement a unique and/or custom\nconfiguration not supported by this module.</p>\n\n<h5><code>ip</code></h5>\n\n<p>The IP address the vhost listens on. Defaults to 'undef'.</p>\n\n<h5><code>ip_based</code></h5>\n\n<p>Enables an IP-based vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'.</p>\n\n<h5><code>logroot</code></h5>\n\n<p>Specifies the location of the virtual host's logfiles. Defaults to <code>/var/log/<apache log location>/</code>.</p>\n\n<h5><code>log_level</code></h5>\n\n<p>Specifies the verbosity level of the error log. Defaults to <code>warn</code> for the global server configuration and can be overridden on a per-vhost basis using this parameter. Valid value for <code>log_level</code> is one of <code>emerg</code>, <code>alert</code>, <code>crit</code>, <code>error</code>, <code>warn</code>, <code>notice</code>, <code>info</code> or <code>debug</code>.</p>\n\n<h5><code>no_proxy_uris</code></h5>\n\n<p>Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with <code>proxy_dest</code>.</p>\n\n<h5><code>options</code></h5>\n\n<p>Lists the options for the given virtual host</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n options => ['Indexes','FollowSymLinks','MultiViews'],\n }\n</code></pre>\n\n<h5><code>override</code></h5>\n\n<p>Sets the overrides for the given virtual host. Accepts an array of AllowOverride arguments.</p>\n\n<h5><code>port</code></h5>\n\n<p>Sets the port the host is configured on.</p>\n\n<h5><code>priority</code></h5>\n\n<p>Sets the relative load-order for Apache httpd VirtualHost configuration files. Defaults to '25'.</p>\n\n<p>If nothing matches the priority, the first name-based vhost will be used. Likewise, passing a higher priority will cause the alphabetically first name-based vhost to be used if no other names match.</p>\n\n<p><em>Note</em>: You should not need to use this parameter. However, if you do use it, be aware that the <code>default_vhost</code> parameter for <code>apache::vhost</code> passes a priority of '15'.</p>\n\n<h5><code>proxy_dest</code></h5>\n\n<p>Specifies the destination address of a proxypass configuration. Defaults to 'undef'.</p>\n\n<h5><code>proxy_pass</code></h5>\n\n<p>Specifies an array of path => uri for a proxypass configuration. Defaults to 'undef'.</p>\n\n<p>Example:</p>\n\n<pre lang=\"puppet\"><code>$proxy_pass = [\n { 'path' => '/a', 'url' => 'http://backend-a/' },\n { 'path' => '/b', 'url' => 'http://backend-b/' },\n { 'path' => '/c', 'url' => 'http://backend-a/c' }\n]\n\napache::vhost { 'site.name.fdqn':\n …\n proxy_pass => $proxy_pass,\n}\n</code></pre>\n\n<h5><code>rack_base_uris</code></h5>\n\n<p>Specifies the resource identifiers for a rack configuration. The file paths specified will be listed as rack application roots for passenger/rack in the <code>_rack.erb</code> template. Defaults to 'undef'.</p>\n\n<h5><code>redirect_dest</code></h5>\n\n<p>Specifies the address to redirect to. Defaults to 'undef'.</p>\n\n<h5><code>redirect_source</code></h5>\n\n<p>Specifies the source items? that will redirect to the destination specified in <code>redirect_dest</code>. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n redirect_source => ['/images','/downloads'],\n redirect_dest => ['http://img.example.com/','http://downloads.example.com/'],\n }\n</code></pre>\n\n<h5><code>redirect_status</code></h5>\n\n<p>Specifies the status to append to the redirect. Defaults to 'undef'.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n redirect_status => ['temp','permanent'],\n }\n</code></pre>\n\n<h5><code>request_headers</code></h5>\n\n<p>Specifies additional request headers.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n request_headers => [\n 'append MirrorID "mirror 12"',\n 'unset MirrorID',\n ],\n }\n</code></pre>\n\n<h5><code>rewrite_base</code></h5>\n\n<p>Limits the <code>rewrite_rule</code> to the specified base URL. Defaults to 'undef'.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n rewrite_rule => '^index\\.html$ welcome.html',\n rewrite_base => '/blog/',\n }\n</code></pre>\n\n<p>The above example would limit the index.html -> welcome.html rewrite to only something inside of <a href=\"http://example.com/blog/\">http://example.com/blog/</a>.</p>\n\n<h5><code>rewrite_cond</code></h5>\n\n<p>Rewrites a URL via <code>rewrite_rule</code> based on the truth of specified conditions. For example</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n rewrite_cond => '%{HTTP_USER_AGENT} ^MSIE',\n }\n</code></pre>\n\n<p>will rewrite URLs only if the visitor is using IE. Defaults to 'undef'.</p>\n\n<p><em>Note</em>: At the moment, each vhost is limited to a single list of rewrite conditions. In the future, you will be able to specify multiple <code>rewrite_cond</code> and <code>rewrite_rules</code> per vhost, so that different conditions get different rewrites.</p>\n\n<h5><code>rewrite_rule</code></h5>\n\n<p>Creates URL rewrite rules. Defaults to 'undef'. This parameter allows you to specify, for example, that anyone trying to access index.html will be served welcome.html.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n rewrite_rule => '^index\\.html$ welcome.html',\n }\n</code></pre>\n\n<h5><code>scriptalias</code></h5>\n\n<p>Defines a directory of CGI scripts to be aliased to the path '/cgi-bin'</p>\n\n<h5><code>scriptaliases</code></h5>\n\n<p>Passes a list of hashes to the vhost to create <code>ScriptAlias</code> or <code>ScriptAliasMatch</code> statements as per the <a href=\"http://httpd.apache.org/docs/current/mod/mod_alias.html\"><code>mod_alias</code> documentation</a>. Each hash is expected to be of the form:</p>\n\n<pre lang=\"puppet\"><code> scriptaliases => [\n {\n alias => '/myscript',\n path => '/usr/share/myscript',\n },\n {\n aliasmatch => '^/foo(.*)',\n path => '/usr/share/fooscripts$1',\n },\n {\n aliasmatch => '^/bar/(.*)',\n path => '/usr/share/bar/wrapper.sh/$1',\n },\n {\n alias => '/neatscript',\n path => '/usr/share/neatscript',\n },\n ]\n</code></pre>\n\n<p>These directives are created in the order specified. As with <code>Alias</code> and <code>AliasMatch</code> directives the more specific aliases should come before the more general ones to avoid shadowing.</p>\n\n<h5><code>serveradmin</code></h5>\n\n<p>Specifies the email address Apache will display when it renders one of its error pages.</p>\n\n<h5><code>serveraliases</code></h5>\n\n<p>Sets the server aliases of the site.</p>\n\n<h5><code>servername</code></h5>\n\n<p>Sets the primary name of the virtual host.</p>\n\n<h5><code>setenv</code></h5>\n\n<p>Used by HTTPD to set environment variables for vhosts. Defaults to '[]'.</p>\n\n<h5><code>setenvif</code></h5>\n\n<p>Used by HTTPD to conditionally set environment variables for vhosts. Defaults to '[]'.</p>\n\n<h5><code>ssl</code></h5>\n\n<p>Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'.</p>\n\n<h5><code>ssl_ca</code></h5>\n\n<p>Specifies the certificate authority.</p>\n\n<h5><code>ssl_cert</code></h5>\n\n<p>Specifies the SSL certification.</p>\n\n<h5><code>ssl_protocol</code></h5>\n\n<p>Specifies the SSL Protocol (SSLProtocol).</p>\n\n<h5><code>ssl_cipher</code></h5>\n\n<p>Specifies the SSLCipherSuite.</p>\n\n<h5><code>ssl_honorcipherorder</code></h5>\n\n<p>Sets SSLHonorCipherOrder directive, used to prefer the server's cipher preference order</p>\n\n<h5><code>ssl_certs_dir</code></h5>\n\n<p>Specifies the location of the SSL certification directory. Defaults to <code>/etc/ssl/certs</code> on Debian and <code>/etc/pki/tls/certs</code> on RedHat.</p>\n\n<h5><code>ssl_chain</code></h5>\n\n<p>Specifies the SSL chain.</p>\n\n<h5><code>ssl_crl</code></h5>\n\n<p>Specifies the certificate revocation list to use.</p>\n\n<h5><code>ssl_crl_path</code></h5>\n\n<p>Specifies the location of the certificate revocation list.</p>\n\n<h5><code>ssl_key</code></h5>\n\n<p>Specifies the SSL key.</p>\n\n<h5><code>ssl_verify_client</code></h5>\n\n<p>Sets <code>SSLVerifyClient</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyclient\">Apache Core documentation</a>. Defaults to undef.\nAn example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_verify_client => 'optional',\n }\n</code></pre>\n\n<h5><code>ssl_verify_depth</code></h5>\n\n<p>Sets <code>SSLVerifyDepth</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifydepth\">Apache Core documentation</a>. Defaults to undef.\nAn example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_verify_depth => 1,\n }\n</code></pre>\n\n<h5><code>ssl_options</code></h5>\n\n<p>Sets <code>SSLOptions</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions\">Apache Core documentation</a>. This is the global setting for the vhost and can be a string or an array. Defaults to undef. A single string example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_options => '+ExportCertData',\n }\n</code></pre>\n\n<p>An array of strings example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_options => [ '+StrictRequire', '+ExportCertData' ],\n }\n</code></pre>\n\n<h5><code>ssl_proxyengine</code></h5>\n\n<p>Specifies whether to use <code>SSLProxyEngine</code> or not. Defaults to <code>false</code>.</p>\n\n<h5><code>vhost_name</code></h5>\n\n<p>This parameter is for use with name-based virtual hosting. Defaults to '*'.</p>\n\n<h5><code>itk</code></h5>\n\n<p>Hash containing infos to configure itk as per the <a href=\"http://mpm-itk.sesse.net/\">ITK documentation</a>.</p>\n\n<p>Keys could be:</p>\n\n<ul>\n<li>user + group</li>\n<li>assignuseridexpr</li>\n<li>assigngroupidexpr</li>\n<li>maxclientvhost</li>\n<li>nice</li>\n<li>limituidrange (Linux 3.5.0 or newer)</li>\n<li>limitgidrange (Linux 3.5.0 or newer)</li>\n</ul>\n\n<p>Usage will typically look like:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n itk => {\n user => 'someuser',\n group => 'somegroup',\n },\n }\n</code></pre>\n\n<h3>Virtual Host Examples</h3>\n\n<p>The Apache module allows you to set up pretty much any configuration of virtual host you might desire. This section will address some common configurations. Please see the <a href=\"https://github.com/puppetlabs/puppetlabs-apache/tree/main/tests\">Tests section</a> for even more examples.</p>\n\n<p>Configure a vhost with a server administrator</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'third.example.com':\n port => '80',\n docroot => '/var/www/third',\n serveradmin => 'admin@example.com',\n }\n</code></pre>\n\n<hr>\n\n<p>Set up a vhost with aliased servers</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sixth.example.com':\n serveraliases => [\n 'sixth.example.org',\n 'sixth.example.net',\n ],\n port => '80',\n docroot => '/var/www/fifth',\n }\n</code></pre>\n\n<hr>\n\n<p>Configure a vhost with a cgi-bin</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'eleventh.example.com':\n port => '80',\n docroot => '/var/www/eleventh',\n scriptalias => '/usr/lib/cgi-bin',\n }\n</code></pre>\n\n<hr>\n\n<p>Set up a vhost with a rack configuration</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'fifteenth.example.com':\n port => '80',\n docroot => '/var/www/fifteenth',\n rack_base_uris => ['/rackapp1', '/rackapp2'],\n }\n</code></pre>\n\n<hr>\n\n<p>Set up a mix of SSL and non-SSL vhosts at the same domain</p>\n\n<pre lang=\"puppet\"><code> #The non-ssl vhost\n apache::vhost { 'first.example.com non-ssl':\n servername => 'first.example.com',\n port => '80',\n docroot => '/var/www/first',\n }\n\n #The SSL vhost at the same domain\n apache::vhost { 'first.example.com ssl':\n servername => 'first.example.com',\n port => '443',\n docroot => '/var/www/first',\n ssl => true,\n }\n</code></pre>\n\n<hr>\n\n<p>Configure a vhost to redirect non-SSL connections to SSL</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sixteenth.example.com non-ssl':\n servername => 'sixteenth.example.com',\n port => '80',\n docroot => '/var/www/sixteenth',\n redirect_status => 'permanent'\n redirect_dest => 'https://sixteenth.example.com/'\n }\n apache::vhost { 'sixteenth.example.com ssl':\n servername => 'sixteenth.example.com',\n port => '443',\n docroot => '/var/www/sixteenth',\n ssl => true,\n }\n</code></pre>\n\n<hr>\n\n<p>Set up IP-based vhosts on any listen port and have them respond to requests on specific IP addresses. In this example, we will set listening on ports 80 and 81. This is required because the example vhosts are not declared with a port parameter.</p>\n\n<pre lang=\"puppet\"><code> apache::listen { '80': }\n apache::listen { '81': }\n</code></pre>\n\n<p>Then we will set up the IP-based vhosts</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'first.example.com':\n ip => '10.0.0.10',\n docroot => '/var/www/first',\n ip_based => true,\n }\n apache::vhost { 'second.example.com':\n ip => '10.0.0.11',\n docroot => '/var/www/second',\n ip_based => true,\n }\n</code></pre>\n\n<hr>\n\n<p>Configure a mix of name-based and IP-based vhosts. First, we will add two IP-based vhosts on 10.0.0.10, one SSL and one non-SSL</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'The first IP-based vhost, non-ssl':\n servername => 'first.example.com',\n ip => '10.0.0.10',\n port => '80',\n ip_based => true,\n docroot => '/var/www/first',\n }\n apache::vhost { 'The first IP-based vhost, ssl':\n servername => 'first.example.com',\n ip => '10.0.0.10',\n port => '443',\n ip_based => true,\n docroot => '/var/www/first-ssl',\n ssl => true,\n }\n</code></pre>\n\n<p>Then, we will add two name-based vhosts listening on 10.0.0.20</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'second.example.com':\n ip => '10.0.0.20',\n port => '80',\n docroot => '/var/www/second',\n }\n apache::vhost { 'third.example.com':\n ip => '10.0.0.20',\n port => '80',\n docroot => '/var/www/third',\n }\n</code></pre>\n\n<p>If you want to add two name-based vhosts so that they will answer on either 10.0.0.10 or 10.0.0.20, you <strong>MUST</strong> declare <code>add_listen => 'false'</code> to disable the otherwise automatic 'Listen 80', as it will conflict with the preceding IP-based vhosts.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'fourth.example.com':\n port => '80',\n docroot => '/var/www/fourth',\n add_listen => false,\n }\n apache::vhost { 'fifth.example.com':\n port => '80',\n docroot => '/var/www/fifth',\n add_listen => false,\n }\n</code></pre>\n\n<h2>Implementation</h2>\n\n<h3>Classes and Defined Types</h3>\n\n<h4>Class: <code>apache::dev</code></h4>\n\n<p>Installs Apache development libraries</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::dev': }\n</code></pre>\n\n<p>On FreeBSD you're required to define <code>apache::package</code> or <code>apache</code> class before <code>apache::dev</code>.</p>\n\n<h4>Defined Type: <code>apache::listen</code></h4>\n\n<p>Controls which ports Apache binds to for listening based on the title:</p>\n\n<pre lang=\"puppet\"><code> apache::listen { '80': }\n apache::listen { '443': }\n</code></pre>\n\n<p>Declaring this defined type will add all <code>Listen</code> directives to the <code>ports.conf</code> file in the Apache httpd configuration directory. <code>apache::listen</code> titles should always take the form of: <code><port></code>, <code><ipv4>:<port></code>, or <code>[<ipv6>]:<port></code></p>\n\n<p>Apache httpd requires that <code>Listen</code> directives must be added for every port. The <code>apache::vhost</code> defined type will automatically add <code>Listen</code> directives unless the <code>apache::vhost</code> is passed <code>add_listen => false</code>.</p>\n\n<h4>Defined Type: <code>apache::namevirtualhost</code></h4>\n\n<p>Enables named-based hosting of a virtual host</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::namevirtualhost`: }\n</code></pre>\n\n<p>Declaring this defined type will add all <code>NameVirtualHost</code> directives to the <code>ports.conf</code> file in the Apache https configuration directory. <code>apache::namevirtualhost</code> titles should always take the form of: <code>*</code>, <code>*:<port></code>, <code>_default_:<port></code>, <code><ip></code>, or <code><ip>:<port></code>.</p>\n\n<h4>Defined Type: <code>apache::balancermember</code></h4>\n\n<p>Define members of a proxy_balancer set (mod_proxy_balancer). Very useful when using exported resources.</p>\n\n<p>On every app server you can export a balancermember like this:</p>\n\n<pre lang=\"puppet\"><code> @@apache::balancermember { "${::fqdn}-puppet00":\n balancer_cluster => 'puppet00',\n url => "ajp://${::fqdn}:8009"\n options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],\n }\n</code></pre>\n\n<p>And on the proxy itself you create the balancer cluster using the defined type apache::balancer:</p>\n\n<pre lang=\"puppet\"><code> apache::balancer { 'puppet00': }\n</code></pre>\n\n<p>If you need to use ProxySet in the balncer config you can do as so:</p>\n\n<pre lang=\"puppet\"><code> apache::balancer { 'puppet01':\n proxy_set => {'stickysession' => 'JSESSIONID'},\n }\n</code></pre>\n\n<h3>Templates</h3>\n\n<p>The Apache module relies heavily on templates to enable the <code>vhost</code> and <code>apache::mod</code> defined types. These templates are built based on Facter facts around your operating system. Unless explicitly called out, most templates are not meant for configuration.</p>\n\n<h2>Limitations</h2>\n\n<p>This has been tested on Ubuntu Precise, Debian Wheezy, CentOS 5.8, and FreeBSD 9.1.</p>\n\n<h2>Development</h2>\n\n<h3>Overview</h3>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n\n<h3>Running tests</h3>\n\n<p>This project contains tests for both <a href=\"http://rspec-puppet.com/\">rspec-puppet</a> and <a href=\"https://github.com/puppetlabs/rspec-system\">rspec-system</a> to verify functionality. For in-depth information please see their respective documentation.</p>\n\n<p>Quickstart:</p>\n\n<pre><code>gem install bundler\nbundle install\nbundle exec rake spec\nbundle exec rake spec:system\n</code></pre>\n\n<h2>Copyright and License</h2>\n\n<p>Copyright (C) 2012 <a href=\"https://www.puppetlabs.com/\">Puppet Labs</a> Inc</p>\n\n<p>Puppet Labs can be contacted at: <a href=\"mailto:info@puppetlabs.com\">info@puppetlabs.com</a></p>\n\n<p>Licensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at</p>\n\n<p><a href=\"http://www.apache.org/licenses/LICENSE-2.0\">http://www.apache.org/licenses/LICENSE-2.0</a></p>\n\n<p>Unless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.</p>\n</section>",
|
|
1281
1281
|
"changelog": "<section class=\"markdown\"><h2>2013-12-05 Release 0.10.0</h2>\n\n<h3>Summary:</h3>\n\n<p>This release adds FreeBSD osfamily support and various other improvements to some mods.</p>\n\n<h3>Features:</h3>\n\n<ul>\n<li>Add suPHP_UserGroup directive to directory context</li>\n<li>Add support for ScriptAliasMatch directives</li>\n<li>Set SSLOptions StdEnvVars in server context</li>\n<li>No implicit <Directory> entry for ScriptAlias path</li>\n<li>Add support for overriding ErrorDocument</li>\n<li>Add support for AliasMatch directives</li>\n<li>Disable default "allow from all" in vhost-directories</li>\n<li>Add WSGIPythonPath as an optional parameter to mod_wsgi. </li>\n<li>Add mod_rpaf support</li>\n<li>Add directives: IndexOptions, IndexOrderDefault</li>\n<li>Add ability to include additional external configurations in vhost</li>\n<li>need to use the provider variable not the provider key value from the directory hash for matches</li>\n<li>Support for FreeBSD and few other features</li>\n<li>Add new params to apache::mod::mime class</li>\n<li>Allow apache::mod to specify module id and path</li>\n<li>added $server_root parameter</li>\n<li>Add Allow and ExtendedStatus support to mod_status</li>\n<li>Expand vhost/_directories.pp directive support</li>\n<li>Add initial support for nss module (no directives in vhost template yet)</li>\n<li>added peruser and event mpms</li>\n<li>added $service_name parameter</li>\n<li>add parameter for TraceEnable</li>\n<li>Make LogLevel configurable for server and vhost</li>\n<li>Add documentation about $ip</li>\n<li>Add ability to pass ip (instead of wildcard) in default vhost files</li>\n</ul>\n\n<h3>Bugfixes:</h3>\n\n<ul>\n<li>Don't listen on port or set NameVirtualHost for non-existent vhost</li>\n<li>only apply Directory defaults when provider is a directory</li>\n<li>Working mod_authnz_ldap support on Debian/Ubuntu</li>\n</ul>\n\n<h2>2013-09-06 Release 0.9.0</h2>\n\n<h3>Summary:</h3>\n\n<p>This release adds more parameters to the base apache class and apache defined\nresource to make the module more flexible. It also adds or enhances SuPHP,\nWSGI, and Passenger mod support, and support for the ITK mpm module.</p>\n\n<h3>Backwards-incompatible Changes:</h3>\n\n<ul>\n<li>Remove many default mods that are not normally needed.</li>\n<li>Remove <code>rewrite_base</code> <code>apache::vhost</code> parameter; did not work anyway.</li>\n<li>Specify dependencies on stdlib >=2.4.0 (this was already the case, but\nmaking explicit)</li>\n<li>Deprecate <code>a2mod</code> in favor of the <code>apache::mod::*</code> classes and <code>apache::mod</code>\ndefined resource.</li>\n</ul>\n\n<h3>Features:</h3>\n\n<ul>\n<li><code>apache</code> class\n\n<ul>\n<li>Add <code>httpd_dir</code> parameter to change the location of the configuration\nfiles.</li>\n<li>Add <code>logroot</code> parameter to change the logroot</li>\n<li>Add <code>ports_file</code> parameter to changes the <code>ports.conf</code> file location</li>\n<li>Add <code>keepalive</code> parameter to enable persistent connections</li>\n<li>Add <code>keepalive_timeout</code> parameter to change the timeout</li>\n<li>Update <code>default_mods</code> to be able to take an array of mods to enable.</li>\n</ul></li>\n<li><code>apache::vhost</code>\n\n<ul>\n<li>Add <code>wsgi_daemon_process</code>, <code>wsgi_daemon_process_options</code>,\n<code>wsgi_process_group</code>, and <code>wsgi_script_aliases</code> parameters for per-vhost\nWSGI configuration.</li>\n<li>Add <code>access_log_syslog</code> parameter to enable syslogging.</li>\n<li>Add <code>error_log_syslog</code> parameter to enable syslogging of errors.</li>\n<li>Add <code>directories</code> hash parameter. Please see README for documentation.</li>\n<li>Add <code>sslproxyengine</code> parameter to enable SSLProxyEngine</li>\n<li>Add <code>suphp_addhandler</code>, <code>suphp_engine</code>, and <code>suphp_configpath</code> for\nconfiguring SuPHP.</li>\n<li>Add <code>custom_fragment</code> parameter to allow for arbitrary apache\nconfiguration injection. (Feature pull requests are prefered over using\nthis, but it is available in a pinch.)</li>\n</ul></li>\n<li>Add <code>apache::mod::suphp</code> class for configuring SuPHP.</li>\n<li>Add <code>apache::mod::itk</code> class for configuring ITK mpm module.</li>\n<li>Update <code>apache::mod::wsgi</code> class for global WSGI configuration with\n<code>wsgi_socket_prefix</code> and <code>wsgi_python_home</code> parameters.</li>\n<li>Add README.passenger.md to document the <code>apache::mod::passenger</code> usage.\nAdded <code>passenger_high_performance</code>, <code>passenger_pool_idle_time</code>,\n<code>passenger_max_requests</code>, <code>passenger_stat_throttle_rate</code>, <code>rack_autodetect</code>,\nand <code>rails_autodetect</code> parameters.</li>\n<li>Separate the httpd service resource into a new <code>apache::service</code> class for\ndependency chaining of <code>Class['apache'] -> <resource> ~>\nClass['apache::service']</code></li>\n<li>Added <code>apache::mod::proxy_balancer</code> class for <code>apache::balancer</code></li>\n</ul>\n\n<h3>Bugfixes:</h3>\n\n<ul>\n<li>Change dependency to puppetlabs-concat</li>\n<li>Fix ruby 1.9 bug for <code>a2mod</code></li>\n<li>Change servername to be <code>$::hostname</code> if there is no <code>$::fqdn</code></li>\n<li>Make <code>/etc/ssl/certs</code> the default ssl certs directory for RedHat non-5.</li>\n<li>Make <code>php</code> the default php package for RedHat non-5.</li>\n<li>Made <code>aliases</code> able to take a single alias hash instead of requiring an\narray.</li>\n</ul>\n\n<h2>2013-07-26 Release 0.8.1</h2>\n\n<h3>Bugfixes:</h3>\n\n<ul>\n<li>Update <code>apache::mpm_module</code> detection for worker/prefork</li>\n<li>Update <code>apache::mod::cgi</code> and <code>apache::mod::cgid</code> detection for\nworker/prefork</li>\n</ul>\n\n<h2>2013-07-16 Release 0.8.0</h2>\n\n<h3>Features:</h3>\n\n<ul>\n<li>Add <code>servername</code> parameter to <code>apache</code> class</li>\n<li>Add <code>proxy_set</code> parameter to <code>apache::balancer</code> define</li>\n</ul>\n\n<h3>Bugfixes:</h3>\n\n<ul>\n<li>Fix ordering for multiple <code>apache::balancer</code> clusters</li>\n<li>Fix symlinking for sites-available on Debian-based OSs</li>\n<li>Fix dependency ordering for recursive confdir management</li>\n<li>Fix <code>apache::mod::*</code> to notify the service on config change</li>\n<li>Documentation updates</li>\n</ul>\n\n<h2>2013-07-09 Release 0.7.0</h2>\n\n<h3>Changes:</h3>\n\n<ul>\n<li>Essentially rewrite the module -- too many to list</li>\n<li><code>apache::vhost</code> has many abilities -- see README.md for details</li>\n<li><code>apache::mod::*</code> classes provide httpd mod-loading capabilities</li>\n<li><code>apache</code> base class is much more configurable</li>\n</ul>\n\n<h3>Bugfixes:</h3>\n\n<ul>\n<li>Many. And many more to come</li>\n</ul>\n\n<h2>2013-03-2 Release 0.6.0</h2>\n\n<ul>\n<li>update travis tests (add more supported versions)</li>\n<li>add access log_parameter</li>\n<li>make purging of vhost dir configurable</li>\n</ul>\n\n<h2>2012-08-24 Release 0.4.0</h2>\n\n<h3>Changes:</h3>\n\n<ul>\n<li><code>include apache</code> is now required when using <code>apache::mod::*</code></li>\n</ul>\n\n<h3>Bugfixes:</h3>\n\n<ul>\n<li>Fix syntax for validate_re</li>\n<li>Fix formatting in vhost template</li>\n<li><p>Fix spec tests such that they pass</p>\n\n<p>2012-05-08 Puppet Labs <a href=\"mailto:info@puppetlabs.com\">info@puppetlabs.com</a> - 0.0.4\ne62e362 Fix broken tests for ssl, vhost, vhost::*\n42c6363 Changes to match style guide and pass puppet-lint without error\n42bc8ba changed name => path for file resources in order to name namevar by it's name\n72e13de One end too much\n0739641 style guide fixes: 'true' <> true, $operatingsystem needs to be $::operatingsystem, etc.\n273f94d fix tests\na35ede5 (#13860) Make a2enmod/a2dismo commands optional\n98d774e (#13860) Autorequire Package['httpd']\n05fcec5 (#13073) Add missing puppet spec tests\n541afda (#6899) Remove virtual a2mod definition\n976cb69 (#13072) Move mod python and wsgi package names to params\n323915a (#13060) Add .gitignore to repo\nfdf40af (#13060) Remove pkg directory from source tree\nfd90015 Add LICENSE file and update the ModuleFile\nd3d0d23 Re-enable local php class\nd7516c7 Make management of firewalls configurable for vhosts\n60f83ba Explicitly lookup scope of apache_name in templates.\nf4d287f (#12581) Add explicit ordering for vdir directory\n88a2ac6 (#11706) puppetlabs-apache depends on puppetlabs-firewall\na776a8b (#11071) Fix to work with latest firewall module\n2b79e8b (#11070) Add support for Scientific Linux\n405b3e9 Fix for a2mod\n57b9048 Commit apache::vhost::redirect Manifest\n8862d01 Commit apache::vhost::proxy Manifest\nd5c1fd0 Commit apache::mod::wsgi Manifest\na825ac7 Commit apache::mod::python Manifest\nb77062f Commit Templates\n9a51b4a Vhost File Declarations\n6cf7312 Defaults for Parameters\n6a5b11a Ensure installed\nf672e46 a2mod fix\n8a56ee9 add pthon support to apache</p></li>\n</ul>\n</section>",
|
|
1282
1282
|
"license": "<section class=\"plaintext\"><pre>Copyright (C) 2012 Puppet Labs Inc\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n</pre></section>",
|
|
1283
1283
|
"created_at": "2013-12-05 15:29:14 -0800",
|
|
@@ -1941,7 +1941,7 @@
|
|
|
1941
1941
|
"file_size": 11866,
|
|
1942
1942
|
"file_md5": "b46fed82226a08b37428769f4fa6e534",
|
|
1943
1943
|
"downloads": 66264,
|
|
1944
|
-
"readme": "<section class=\"markdown\"><h1>What is it?</h1>\n\n<p>A Puppet module that can construct files from fragments.</p>\n\n<p>Please see the comments in the various .pp files for details\nas well as posts on my blog at <a href=\"http://www.devco.net/\">http://www.devco.net/</a></p>\n\n<p>Released under the Apache 2.0 licence</p>\n\n<h2>Usage:</h2>\n\n<p>If you wanted a /etc/motd file that listed all the major modules\non the machine. And that would be maintained automatically even\nif you just remove the include lines for other modules you could\nuse code like below, a sample /etc/motd would be:</p>\n\n<pre>\nPuppet modules on this server:\n\n -- Apache\n -- MySQL\n</pre>\n\n<p>Local sysadmins can also append to the file by just editing /etc/motd.local\ntheir changes will be incorporated into the puppet managed motd.</p>\n\n<pre>\n# class to setup basic motd, include on all nodes\nclass motd {\n $motd = \"/etc/motd\"\n\n concat{$motd:\n owner => root,\n group => root,\n mode => '0644',\n }\n\n concat::fragment{\"motd_header\":\n target => $motd,\n content => \"\\nPuppet modules on this server:\\n\\n\",\n order => 01,\n }\n\n # local users on the machine can append to motd by just creating\n # /etc/motd.local\n concat::fragment{\"motd_local\":\n target => $motd,\n ensure => \"/etc/motd.local\",\n order => 15\n }\n}\n\n# used by other modules to register themselves in the motd\ndefine motd::register($content=\"\", $order=10) {\n if $content == \"\" {\n $body = $name\n } else {\n $body = $content\n }\n\n concat::fragment{\"motd_fragment_$name\":\n target => \"/etc/motd\",\n content => \" -- $body\\n\"\n }\n}\n\n# a sample apache module\nclass apache {\n include apache::install, apache::config, apache::service\n\n motd::register{\"Apache\": }\n}\n</pre>\n\n<p>Detailed documentation of the class options can be found in the\nmanifest files.</p>\n\n<h2>Known Issues:</h2>\n\n<ul>\n<li>Since puppet-concat now relies on a fact for the concat directory,\nyou will need to set up pluginsync = true on the [
|
|
1944
|
+
"readme": "<section class=\"markdown\"><h1>What is it?</h1>\n\n<p>A Puppet module that can construct files from fragments.</p>\n\n<p>Please see the comments in the various .pp files for details\nas well as posts on my blog at <a href=\"http://www.devco.net/\">http://www.devco.net/</a></p>\n\n<p>Released under the Apache 2.0 licence</p>\n\n<h2>Usage:</h2>\n\n<p>If you wanted a /etc/motd file that listed all the major modules\non the machine. And that would be maintained automatically even\nif you just remove the include lines for other modules you could\nuse code like below, a sample /etc/motd would be:</p>\n\n<pre>\nPuppet modules on this server:\n\n -- Apache\n -- MySQL\n</pre>\n\n<p>Local sysadmins can also append to the file by just editing /etc/motd.local\ntheir changes will be incorporated into the puppet managed motd.</p>\n\n<pre>\n# class to setup basic motd, include on all nodes\nclass motd {\n $motd = \"/etc/motd\"\n\n concat{$motd:\n owner => root,\n group => root,\n mode => '0644',\n }\n\n concat::fragment{\"motd_header\":\n target => $motd,\n content => \"\\nPuppet modules on this server:\\n\\n\",\n order => 01,\n }\n\n # local users on the machine can append to motd by just creating\n # /etc/motd.local\n concat::fragment{\"motd_local\":\n target => $motd,\n ensure => \"/etc/motd.local\",\n order => 15\n }\n}\n\n# used by other modules to register themselves in the motd\ndefine motd::register($content=\"\", $order=10) {\n if $content == \"\" {\n $body = $name\n } else {\n $body = $content\n }\n\n concat::fragment{\"motd_fragment_$name\":\n target => \"/etc/motd\",\n content => \" -- $body\\n\"\n }\n}\n\n# a sample apache module\nclass apache {\n include apache::install, apache::config, apache::service\n\n motd::register{\"Apache\": }\n}\n</pre>\n\n<p>Detailed documentation of the class options can be found in the\nmanifest files.</p>\n\n<h2>Known Issues:</h2>\n\n<ul>\n<li>Since puppet-concat now relies on a fact for the concat directory,\nyou will need to set up pluginsync = true on the [main] section of your\nnode's '/etc/puppet/puppet.conf' for at least the first run.\nYou have this issue if puppet fails to run on the client and you have\na message similar to\n"err: Failed to apply catalog: Parameter path failed: File\npaths must be fully qualified, not 'undef' at [...]/concat/manifests/setup.pp:44".</li>\n</ul>\n\n<h2>Contributors:</h2>\n\n<p><strong>Paul Elliot</strong></p>\n\n<ul>\n<li>Provided 0.24.8 support, shell warnings and empty file creation support.</li>\n</ul>\n\n<p><strong>Chad Netzer</strong></p>\n\n<ul>\n<li>Various patches to improve safety of file operations</li>\n<li>Symlink support</li>\n</ul>\n\n<p><strong>David Schmitt</strong></p>\n\n<ul>\n<li>Patch to remove hard coded paths relying on OS path</li>\n<li>Patch to use file{} to copy the resulting file to the final destination. This means Puppet client will show diffs and that hopefully we can change file ownerships now</li>\n</ul>\n\n<p><strong>Peter Meier</strong></p>\n\n<ul>\n<li>Basedir as a fact</li>\n<li>Unprivileged user support</li>\n</ul>\n\n<p><strong>Sharif Nassar</strong></p>\n\n<ul>\n<li>Solaris/Nexenta support</li>\n<li>Better error reporting</li>\n</ul>\n\n<p><strong>Christian G. Warden</strong></p>\n\n<ul>\n<li>Style improvements</li>\n</ul>\n\n<p><strong>Reid Vandewiele</strong></p>\n\n<ul>\n<li>Support non GNU systems by default</li>\n</ul>\n\n<p><strong>Erik Dalén</strong></p>\n\n<ul>\n<li>Style improvements</li>\n</ul>\n\n<p><strong>Gildas Le Nadan</strong></p>\n\n<ul>\n<li>Documentation improvements</li>\n</ul>\n\n<p><strong>Paul Belanger</strong></p>\n\n<ul>\n<li>Testing improvements and Travis support</li>\n</ul>\n\n<p><strong>Branan Purvine-Riley</strong></p>\n\n<ul>\n<li>Support Puppet Module Tool better</li>\n</ul>\n\n<p><strong>Dustin J. Mitchell</strong></p>\n\n<ul>\n<li>Always include setup when using the concat define</li>\n</ul>\n\n<p><strong>Andreas Jaggi</strong></p>\n\n<ul>\n<li>Puppet Lint support</li>\n</ul>\n\n<p><strong>Jan Vansteenkiste</strong></p>\n\n<ul>\n<li>Configurable paths</li>\n</ul>\n\n<h2>Contact:</h2>\n\n<p>puppet-users@ mailing list.</p>\n</section>",
|
|
1945
1945
|
"changelog": "<section class=\"plaintext\"><pre>2013-08-09 1.0.0\n\nSummary:\n\nMany new features and bugfixes in this release, and if you're a heavy concat\nuser you should test carefully before upgrading. The features should all be\nbackwards compatible but only light testing has been done from our side before\nthis release.\n\nFeatures:\n- New parameters in concat:\n - `replace`: specify if concat should replace existing files.\n - `ensure_newline`: controls if fragments should contain a newline at the end.\n- Improved README documentation.\n- Add rspec:system tests (rake spec:system to test concat)\n\nBugfixes\n- Gracefully handle \\n in a fragment resource name.\n- Adding more helpful message for 'pluginsync = true'\n- Allow passing `source` and `content` directly to file resource, rather than\ndefining resource defaults.\n- Added -r flag to read so that filenames with \\ will be read correctly.\n- sort always uses LANG=C.\n- Allow WARNMSG to contain/start with '#'.\n- Replace while-read pattern with for-do in order to support Solaris.\n\nCHANGELOG:\n- 2010/02/19 - initial release\n- 2010/03/12 - add support for 0.24.8 and newer\n - make the location of sort configurable\n - add the ability to add shell comment based warnings to\n top of files\n - add the ablity to create empty files\n- 2010/04/05 - fix parsing of WARN and change code style to match rest\n of the code\n - Better and safer boolean handling for warn and force\n - Don't use hard coded paths in the shell script, set PATH\n top of the script\n - Use file{} to copy the result and make all fragments owned\n by root. This means we can chnage the ownership/group of the\n resulting file at any time.\n - You can specify ensure => "/some/other/file" in concat::fragment\n to include the contents of a symlink into the final file.\n- 2010/04/16 - Add more cleaning of the fragment name - removing / from the $name\n- 2010/05/22 - Improve documentation and show the use of ensure =>\n- 2010/07/14 - Add support for setting the filebucket behavior of files\n- 2010/10/04 - Make the warning message configurable\n- 2010/12/03 - Add flags to make concat work better on Solaris - thanks Jonathan Boyett\n- 2011/02/03 - Make the shell script more portable and add a config option for root group\n- 2011/06/21 - Make base dir root readable only for security\n- 2011/06/23 - Set base directory using a fact instead of hardcoding it\n- 2011/06/23 - Support operating as non privileged user\n- 2011/06/23 - Support dash instead of bash or sh\n- 2011/07/11 - Better solaris support\n- 2011/12/05 - Use fully qualified variables\n- 2011/12/13 - Improve Nexenta support\n- 2012/04/11 - Do not use any GNU specific extensions in the shell script\n- 2012/03/24 - Comply to community style guides\n- 2012/05/23 - Better errors when basedir isnt set\n- 2012/05/31 - Add spec tests\n- 2012/07/11 - Include concat::setup in concat improving UX\n- 2012/08/14 - Puppet Lint improvements\n- 2012/08/30 - The target path can be different from the $name\n- 2012/08/30 - More Puppet Lint cleanup\n- 2012/09/04 - RELEASE 0.2.0\n- 2012/12/12 - Added (file) $replace parameter to concat\n</pre></section>",
|
|
1946
1946
|
"license": "<section class=\"plaintext\"><pre> Copyright 2012 R.I.Pienaar\n\n Licensed under the Apache License, Version 2.0 (the "License");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n\n</pre></section>",
|
|
1947
1947
|
"created_at": "2013-08-14 15:59:00 -0700",
|
|
@@ -2888,8 +2888,8 @@
|
|
|
2888
2888
|
"file_size": 19438,
|
|
2889
2889
|
"file_md5": "b254b09335ffd1ce073965499350e2d2",
|
|
2890
2890
|
"downloads": 9136,
|
|
2891
|
-
"readme": "<section class=\"markdown\"><h1>vcsrepo</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-vcsrepo\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-vcsrepo.png?branch=
|
|
2892
|
-
"changelog": "<section class=\"plaintext\"><pre>2013-11-13 - Version 0.2.0\n\nSummary:\n\nThis release mainly focuses on a number of bugfixes, which should\nsignificantly improve the reliability of Git and SVN. Thanks to\nour many contributors for all of these fixes!\n\nFeatures:\n- Git:\n - Add autorequire for Package['git']\n- HG:\n - Allow user and identity properties.\n- Bzr:\n - "ensure => latest" support.\n- SVN:\n - Added configuration parameter.\n - Add support for
|
|
2891
|
+
"readme": "<section class=\"markdown\"><h1>vcsrepo</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-vcsrepo\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-vcsrepo.png?branch=main\" alt=\"Build Status\"></a></p>\n\n<h2>Purpose</h2>\n\n<p>This provides a single type, <code>vcsrepo</code>.</p>\n\n<p>This type can be used to describe:</p>\n\n<ul>\n<li>A working copy checked out from a (remote or local) source, at an\narbitrary revision</li>\n<li>A "blank" working copy not associated with a source (when it makes\nsense for the VCS being used)</li>\n<li>A "blank" central repository (when the distinction makes sense for the VCS\nbeing used)</li>\n</ul>\n\n<h2>Supported Version Control Systems</h2>\n\n<p>This module supports a wide range of VCS types, each represented by a\nseparate provider.</p>\n\n<p>For information on how to use this module with a specific VCS, see\n<code>README.<VCS>.markdown</code>.</p>\n\n<h2>License</h2>\n\n<p>See LICENSE.</p>\n</section>",
|
|
2892
|
+
"changelog": "<section class=\"plaintext\"><pre>2013-11-13 - Version 0.2.0\n\nSummary:\n\nThis release mainly focuses on a number of bugfixes, which should\nsignificantly improve the reliability of Git and SVN. Thanks to\nour many contributors for all of these fixes!\n\nFeatures:\n- Git:\n - Add autorequire for Package['git']\n- HG:\n - Allow user and identity properties.\n- Bzr:\n - "ensure => latest" support.\n- SVN:\n - Added configuration parameter.\n - Add support for main svn repositories.\n- CVS:\n - Allow for setting the CVS_RSH environment variable.\n\nFixes:\n- Handle Puppet::Util[::Execution].withenv for 2.x and 3.x properly.\n- Change path_empty? to not do full directory listing.\n- Overhaul spec tests to work with rspec2.\n- Git:\n - Improve Git SSH usage documentation.\n - Add ssh session timeouts to prevent network issues from blocking runs.\n - Fix git provider checkout of a remote ref on an existing repo.\n - Allow unlimited submodules (thanks to --recursive).\n - Use git checkout --force instead of short -f everywhere.\n - Update git provider to handle checking out into an existing (empty) dir.\n- SVN:\n - Handle force property. for svn.\n - Adds support for changing upstream repo url.\n - Check that the URL of the WC matches the URL from the manifest.\n - Changed from using "update" to "switch".\n - Handle revision update without source switch.\n - Fix svn provider to look for '^Revision:' instead of '^Last Changed Rev:'.\n- CVS:\n - Documented the "module" attribute.\n</pre></section>",
|
|
2893
2893
|
"license": "<section class=\"plaintext\"><pre>Copyright (C) 2010-2012 Puppet Labs Inc.\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nThis program and entire repository is free software; you can\nredistribute it and/or modify it under the terms of the GNU\nGeneral Public License as published by the Free Software\nFoundation; either version 2 of the License, or any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program; if not, write to the Free Software\nFoundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n</pre></section>",
|
|
2894
2894
|
"created_at": "2013-11-13 10:21:58 -0800",
|
|
2895
2895
|
"updated_at": "2013-11-13 10:21:58 -0800",
|
|
@@ -3195,7 +3195,7 @@
|
|
|
3195
3195
|
"summary": "PuppetDB resource types",
|
|
3196
3196
|
"source": "git://github.com/puppetlabs/puppetlabs-puppetdb.git",
|
|
3197
3197
|
"checksums": {
|
|
3198
|
-
"manifests/
|
|
3198
|
+
"manifests/main/report_processor.pp": "0bcf515ce1547166fb2aaeeea03d2108",
|
|
3199
3199
|
"manifests/init.pp": "cdd9f0d32115802878d06abf920bd9ed",
|
|
3200
3200
|
"manifests/database/postgresql.pp": "d7944858425f6cacb54ae8a46423bbd0",
|
|
3201
3201
|
"lib/puppet/type/puppetdb_conn_validator.rb": "aa4846110f363047a8988f261378ec0e",
|
|
@@ -3203,17 +3203,17 @@
|
|
|
3203
3203
|
"manifests/server/jetty_ini.pp": "4207efbf3ce27c57921368ebe46f3701",
|
|
3204
3204
|
"manifests/params.pp": "abbcec237f977061315f58fb3b4cc763",
|
|
3205
3205
|
"NOTICE": "dd0cc848426aa3648e668269e7a04252",
|
|
3206
|
-
"manifests/
|
|
3206
|
+
"manifests/main/routes.pp": "b3c370dd0e1e18e8db0b30be8aa10056",
|
|
3207
3207
|
"lib/puppet/util/puppetdb_validator.rb": "87dfd3cde4a06f898d88b9fda35c7dce",
|
|
3208
3208
|
"CHANGELOG": "8d3b060589d25d936d06d61b891302da",
|
|
3209
3209
|
"manifests/server/database_ini.pp": "bf8f6a936cdea3ec4c56bf3aefd8a8fa",
|
|
3210
|
-
"manifests/
|
|
3210
|
+
"manifests/main/puppetdb_conf.pp": "a757975b360c74103cfea1417004b61a",
|
|
3211
3211
|
"manifests/server/firewall.pp": "c09a3c3b65e47353d1fcc98514faaead",
|
|
3212
3212
|
"manifests/server.pp": "ddccf98a84a0f4a889375cf7a7963867",
|
|
3213
3213
|
"Modulefile": "d420eeddd4072b84f5dd08880b606136",
|
|
3214
3214
|
"manifests/server/validate_db.pp": "163c5a161b79839c1827cf3ba1f06d2c",
|
|
3215
|
-
"manifests/
|
|
3216
|
-
"manifests/
|
|
3215
|
+
"manifests/main/storeconfigs.pp": "7bb67d0559564a44bfb6740f967a3bc2",
|
|
3216
|
+
"manifests/main/config.pp": "6b4509b30fa1d66a6c37799844907f70",
|
|
3217
3217
|
"lib/puppet/provider/puppetdb_conn_validator/puppet_https.rb": "17c55730cd42c64fe959f12a87a96085",
|
|
3218
3218
|
"lib/puppet/parser/functions/puppetdb_create_subsetting_resource_hash.rb": "61b6f5ebc352e9bff5a914a43a14dc22",
|
|
3219
3219
|
"README.md": "0b168fe59aa1f041c44eb7755bc22112",
|
|
@@ -3252,8 +3252,8 @@
|
|
|
3252
3252
|
"file_size": 24498,
|
|
3253
3253
|
"file_md5": "a65924f70c75ee6d48be49b9f1ee5e03",
|
|
3254
3254
|
"downloads": 6887,
|
|
3255
|
-
"readme": "<section class=\"markdown\"><h1>puppetdb</h1>\n\n<h4>Table of Contents</h4>\n\n<ol>\n<li><a href=\"#overview\">Overview - What is the PuppetDB module?</a></li>\n<li><a href=\"#module-description\">Module Description - What does the module do?</a></li>\n<li><a href=\"#setup\">Setup - The basics of getting started with PuppetDB module</a></li>\n<li><a href=\"#upgrading\">Upgrading - Guide for upgrading from older revisions of this module</a></li>\n<li><a href=\"#usage\">Usage - The classes and parameters available for configuration</a></li>\n<li><a href=\"#implementation\">Implementation - An under-the-hood peek at what the module is doing</a></li>\n<li><a href=\"#limitations\">Limitations - OS compatibility, etc.</a></li>\n<li><a href=\"#development\">Development - Guide for contributing to the module</a></li>\n<li><a href=\"#release-notes\">Release Notes - Notes on the most recent updates to the module</a></li>\n</ol>\n\n<h2>Overview</h2>\n\n<p>By guiding puppetdb setup and configuration with a puppet master, the PuppetDB module provides fast, streamlined access to data on puppetized infrastructure.</p>\n\n<h2>Module Description</h2>\n\n<p>The PuppetDB module provides a quick way to get started using PuppetDB, an open source inventory resource service that manages storage and retrieval of platform-generated data. The module will install PostgreSQL and PuppetDB if you don't have them, as well as set up the connection to puppet master. The module will also provide a dashboard you can use to view the current state of your system.</p>\n\n<p>For more information about PuppetDB <a href=\"http://docs.puppetlabs.com/puppetdb/\">please see the official PuppetDB documentation.</a></p>\n\n<h2>Setup</h2>\n\n<p><strong>What PuppetDB affects:</strong></p>\n\n<ul>\n<li>package/service/configuration files for PuppetDB</li>\n<li>package/service/configuration files for PostgreSQL (optional, but set as default)</li>\n<li>puppet master's runtime (via plugins)</li>\n<li>puppet master's configuration\n\n<ul>\n<li><strong>note</strong>: Using the <code>puppetdb::master::config</code> class will cause your routes.yaml file to be overwritten entirely (see <strong>Usage</strong> below for options and more information )</li>\n</ul></li>\n<li>system firewall (optional)</li>\n<li>listened-to ports</li>\n</ul>\n\n<p><strong>Introductory Questions</strong></p>\n\n<p>To begin using PuppetDB, you’ll have to make a few decisions:</p>\n\n<ul>\n<li>Which database back-end should I use?\n\n<ul>\n<li>PostgreSQL (default) or our embedded database</li>\n<li>Embedded database</li>\n<li><strong>note:</strong> We suggest using the embedded database only for experimental environments rather than production, as it does not scale well and can cause difficulty in migrating to PostgreSQL.</li>\n</ul></li>\n<li>Should I run the database on the same node that I run PuppetDB on?</li>\n<li>Should I run PuppetDB on the same node that I run my master on?</li>\n</ul>\n\n<p>The answers to those questions will be largely dependent on your answers to questions about your Puppet environment:</p>\n\n<ul>\n<li>How many nodes are you managing?</li>\n<li>What kind of hardware are you running on?</li>\n<li>Is your current load approaching the limits of your hardware?</li>\n</ul>\n\n<p>Depending on your answers to all of the questions above, you will likely fall under one of these set-up options:</p>\n\n<ol>\n<li><a href=\"#single-node-setup\">Single Node (Testing and Development)</a></li>\n<li><a href=\"#multiple-node-setup\">Multiple Node (Recommended)</a></li>\n</ol>\n\n<h3>Single Node Setup</h3>\n\n<p>This approach assumes you will use our default database (PostgreSQL) and run everything (PostgreSQL, PuppetDB, puppet master) all on the same node. This setup will be great for a testing or experimental environment. In this case, your manifest will look like:</p>\n\n<pre><code>node puppetmaster {\n # Configure puppetdb and its underlying database\n class { 'puppetdb': }\n # Configure the puppet master to use puppetdb\n class { 'puppetdb::master::config': }\n}\n</code></pre>\n\n<p>You can provide some parameters for these classes if you’d like more control, but that is literally all that it will take to get you up and running with the default configuration.</p>\n\n<h3>Multiple Node Setup</h3>\n\n<p>This approach is for those who prefer not to install PuppetDB on the same node as the puppet master. Your environment will be easier to scale if you are able to dedicate hardware to the individual system components. You may even choose to run the puppetdb server on a different node from the PostgreSQL database that it uses to store its data. So let’s have a look at what a manifest for that scenario might look like:</p>\n\n<p><strong>This is an example of a very basic 3-node setup for PuppetDB.</strong></p>\n\n<p>This node is our puppet master:</p>\n\n<pre><code>node puppet {\n # Here we configure the puppet master to use PuppetDB,\n # and tell it that the hostname is ‘puppetdb’\n class { 'puppetdb::master::config':\n puppetdb_server => 'puppetdb',\n }\n}\n</code></pre>\n\n<p>This node is our postgres server:</p>\n\n<pre><code>node puppetdb-postgres {\n # Here we install and configure postgres and the puppetdb\n # database instance, and tell postgres that it should\n # listen for connections to the hostname ‘puppetdb-postgres’\n class { 'puppetdb::database::postgresql':\n listen_addresses => 'puppetdb-postgres',\n }\n}\n</code></pre>\n\n<p>This node is our main puppetdb server:</p>\n\n<pre><code>node puppetdb {\n # Here we install and configure PuppetDB, and tell it where to\n # find the postgres database.\n class { 'puppetdb::server':\n database_host => 'puppetdb-postgres',\n }\n}\n</code></pre>\n\n<p>This should be all it takes to get a 3-node, distributed installation of PuppetDB up and running. Note that, if you prefer, you could easily move two of these classes to a single node and end up with a 2-node setup instead.</p>\n\n<h3>Beginning with PuppetDB</h3>\n\n<p>Whether you choose a single node development setup or a multi-node setup, a basic setup of PuppetDB will cause: PostgreSQL to install on the node if it’s not already there; PuppetDB postgres database instance and user account to be created; the postgres connection to be validated and, if successful, PuppetDB to be installed and configured; PuppetDB connection to be validated and, if successful, the puppet master config files to be modified to use PuppetDB; and the puppet master to be restarted so that it will pick up the config changes.</p>\n\n<p>If your logging level is set to INFO or finer, you should start seeing PuppetDB-related log messages appear in both your puppet master log and your puppetdb log as subsequent agent runs occur.</p>\n\n<p>If you’d prefer to use PuppetDB’s embedded database rather than PostgreSQL, have a look at the database parameter on the puppetdb class:</p>\n\n<pre><code>class { 'puppetdb':\n database => 'embedded',\n}\n</code></pre>\n\n<p>The embedded database can be useful for testing and very small production environments, but it is not recommended for production environments since it consumes a great deal of memory as your number of nodes increase.</p>\n\n<h3>Cross-node Dependencies</h3>\n\n<p>It is worth noting that there are some cross-node dependencies, which means that the first time you add the module's configurations to your manifests, you may see a few failed puppet runs on the affected nodes.</p>\n\n<p>PuppetDB handles cross-node dependencies by taking a sort of “eventual consistency” approach. There’s nothing that the module can do to control the order in which your nodes check in, but the module can check to verify that the services it depends on are up and running before it makes configuration changes--so that’s what it does.</p>\n\n<p>When your puppet master node checks in, it will validate the connectivity to the puppetdb server before it applies its changes to the puppet master config files. If it can’t connect to puppetdb, then the puppet run will fail and the previous config files will be left intact. This prevents your master from getting into a broken state where all incoming puppet runs fail because the master is configured to use a puppetdb server that doesn’t exist yet. The same strategy is used to handle the dependency between the puppetdb server and the postgres server.</p>\n\n<p>Hence the failed puppet runs. These failures should be limited to 1 failed run on the puppetdb node, and up to 2 failed runs on the puppet master node. After that, all of the dependencies should be satisfied and your puppet runs should start to succeed again.</p>\n\n<p>You can also manually trigger puppet runs on the nodes in the correct order (Postgres, PuppetDB, puppet master), which will avoid any failed runs.</p>\n\n<h2>Upgrading</h2>\n\n<h3>Upgrading from 2.x to version 3.x</h3>\n\n<p>For this release a major dependency has changed. The module <code>pupppetlabs/postgresql</code> must now be version 3.x. Upgrading the module should upgrade the <code>puppetlabs/postgresql</code> module for you, but if another module has a fixed dependency that module will have to be fixed before you can continue.</p>\n\n<p>Some other changes include:</p>\n\n<ul>\n<li>The parameter <code>manage_redhat_firewall</code> for the class <code>puppetdb</code> has now been removed completely in favor of <code>open_postgres_port</code> and <code>open_ssl_listen_port</code>.</li>\n<li>The parameter <code>manage_redhat_firewall</code> for the class <code>puppetdb::database::postgresql</code>, has now been renamed to <code>manage_firewall</code>.</li>\n<li>The parameter <code>manage_redhat_firewall</code> for the class <code>puppetdb::server</code> has now been removed completely in favor of <code>open_listen_port</code> and <code>open_ssl_listen_port</code>.</li>\n<li>The internal class: <code>puppetdb::database::postgresql_db</code> has been removed. If you were using this, it is now defunct.</li>\n<li>The class <code>puppetdb::server::firewall</code> has been marked as private, do not use it directly.</li>\n<li>The class <code>puppetdb::server::jetty_ini</code> and <code>puppetdb::server::database_ini</code> have been marked as private, do not use it directly.</li>\n</ul>\n\n<h3>Upgrading from 1.x to version 2.x</h3>\n\n<p>A major dependency has been changed, so now when you upgrade to 2.0 the dependency <code>cprice404/inifile</code> has been replaced with <code>puppetlabs/inifile</code>. This may interfer with other modules as they may depend on the old <code>cprice404/inifile</code> instead, so upgrading should be done with caution. Check that your other modules use the newer <code>puppetlabs/inifile</code> module as interoperation with the old <code>cprice404/inifile</code> module will no longer be supported by this module.</p>\n\n<p>Depending on how you install your modules, changing the dependency may require manual intervention. Double check your modules contains the newer <code>puppetlabs/inifile</code> after installing this latest module.</p>\n\n<p>Otherwise, all existing parameters from 1.x should still work correctly.</p>\n\n<h2>Usage</h2>\n\n<p>PuppetDB supports a large number of configuration options for both configuring the puppetdb service and connecting that service to the puppet master.</p>\n\n<h3>puppetdb</h3>\n\n<p>The <code>puppetdb</code> class is intended as a high-level abstraction (sort of an 'all-in-one' class) to help simplify the process of getting your puppetdb server up and running. It wraps the slightly-lower-level classes <code>puppetdb::server</code> and <code>puppetdb::database::*</code>, and it'll get you up and running with everything you need (including database setup and management) on the server side. For maximum configurability, you may choose not to use this class. You may prefer to use the <code>puppetdb::server</code> class directly, or manage your puppetdb setup on your own.</p>\n\n<p>You must declare the class to use it:</p>\n\n<pre><code>class { 'puppetdb': }\n</code></pre>\n\n<p><strong>Parameters within <code>puppetdb</code>:</strong></p>\n\n<h4><code>listen_address</code></h4>\n\n<p>The address that the web server should bind to for HTTP requests (defaults to <code>localhost</code>.'0.0.0.0' = all).</p>\n\n<h4><code>listen_port</code></h4>\n\n<p>The port on which the puppetdb web server should accept HTTP requests (defaults to '8080').</p>\n\n<h4><code>open_listen_port</code></h4>\n\n<p>If true, open the http_listen_port on the firewall (defaults to false).</p>\n\n<h4><code>ssl_listen_address</code></h4>\n\n<p>The address that the web server should bind to for HTTPS requests (defaults to <code>$::clientcert</code>). Set to '0.0.0.0' to listen on all addresses.</p>\n\n<h4><code>ssl_listen_port</code></h4>\n\n<p>The port on which the puppetdb web server should accept HTTPS requests (defaults to '8081').</p>\n\n<h4><code>disable_ssl</code></h4>\n\n<p>If true, the puppetdb web server will only serve HTTP and not HTTPS requests (defaults to false).</p>\n\n<h4><code>open_ssl_listen_port</code></h4>\n\n<p>If true, open the ssl_listen_port on the firewall (defaults to true).</p>\n\n<h4><code>database</code></h4>\n\n<p>Which database backend to use; legal values are <code>postgres</code> (default) or <code>embedded</code>. The <code>embedded</code> db can be used for very small installations or for testing, but is not recommended for use in production environments. For more info, see the <a href=\"http://docs.puppetlabs.com/puppetdb/\">puppetdb docs</a>.</p>\n\n<h4><code>database_port</code></h4>\n\n<p>The port that the database server listens on (defaults to <code>5432</code>; ignored for <code>embedded</code> db).</p>\n\n<h4><code>database_username</code></h4>\n\n<p>The name of the database user to connect as (defaults to <code>puppetdb</code>; ignored for <code>embedded</code> db).</p>\n\n<h4><code>database_password</code></h4>\n\n<p>The password for the database user (defaults to <code>puppetdb</code>; ignored for <code>embedded</code> db).</p>\n\n<h4><code>database_name</code></h4>\n\n<p>The name of the database instance to connect to (defaults to <code>puppetdb</code>; ignored for <code>embedded</code> db).</p>\n\n<h4><code>database_ssl</code></h4>\n\n<p>If true, puppetdb will use SSL to connect to the postgres database (defaults to false; ignored for <code>embedded</code> db).\nSetting up proper trust- and keystores has to be managed outside of the puppetdb module.</p>\n\n<h4><code>node_ttl</code></h4>\n\n<p>The length of time a node can go without receiving any new data before it's automatically deactivated. (defaults to '0', which disables auto-deactivation). This option is supported in PuppetDB >= 1.1.0.</p>\n\n<h4><code>node_purge_ttl</code></h4>\n\n<p>The length of time a node can be deactivated before it's deleted from the database. (defaults to '0', which disables purging). This option is supported in PuppetDB >= 1.2.0.</p>\n\n<h4><code>report_ttl</code></h4>\n\n<p>The length of time reports should be stored before being deleted. (defaults to '7d', which is a 7-day period). This option is supported in PuppetDB >= 1.1.0.</p>\n\n<h4><code>gc_interval</code></h4>\n\n<p>This controls how often, in minutes, to compact the database. The compaction process reclaims space and deletes unnecessary rows. If not supplied, the default is every 60 minutes. This option is supported in PuppetDB >= 0.9.</p>\n\n<h4><code>log_slow_statements</code></h4>\n\n<p>This sets the number of seconds before an SQL query is considered "slow." Slow SQL queries are logged as warnings, to assist in debugging and tuning. Note PuppetDB does not interrupt slow queries; it simply reports them after they complete.</p>\n\n<p>The default value is 10 seconds. A value of 0 will disable logging of slow queries. This option is supported in PuppetDB >= 1.1.</p>\n\n<h4><code>conn_max_age</code></h4>\n\n<p>The maximum time (in minutes), for a pooled connection to remain unused before it is closed off.</p>\n\n<p>If not supplied, we default to 60 minutes. This option is supported in PuppetDB >= 1.1.</p>\n\n<h4><code>conn_keep_alive</code></h4>\n\n<p>This sets the time (in minutes), for a connection to remain idle before sending a test query to the DB. This is useful to prevent a DB from timing out connections on its end.</p>\n\n<p>If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.1.</p>\n\n<h4><code>conn_lifetime</code></h4>\n\n<p>The maximum time (in minutes) a pooled connection should remain open. Any connections older than this setting will be closed off. Connections currently in use will not be affected until they are returned to the pool.</p>\n\n<p>If not supplied, we won't terminate connections based on their age alone. This option is supported in PuppetDB >= 1.4.</p>\n\n<h4><code>puppetdb_package</code></h4>\n\n<p>The puppetdb package name in the package manager.</p>\n\n<h4><code>puppetdb_version</code></h4>\n\n<p>The version of the <code>puppetdb</code> package that should be installed. You may specify an explicit version number, 'present', or 'latest' (defaults to 'present').</p>\n\n<h4><code>puppetdb_service</code></h4>\n\n<p>The name of the puppetdb service.</p>\n\n<h4><code>puppetdb_service_status</code></h4>\n\n<p>Sets whether the service should be running or stopped. When set to stopped the service doesn't start on boot either. Valid values are 'true', 'running', 'false', and 'stopped'.</p>\n\n<h4><code>confdir</code></h4>\n\n<p>The puppetdb configuration directory (defaults to <code>/etc/puppetdb/conf.d</code>).</p>\n\n<h4><code>java_args</code></h4>\n\n<p>Java VM options used for overriding default Java VM options specified in PuppetDB package (defaults to <code>{}</code>). See <a href=\"http://docs.puppetlabs.com/puppetdb/1.1/configure.html\">PuppetDB Configuration</a> to get more details about the current defaults.</p>\n\n<p>Example: to set <code>-Xmx512m -Xms256m</code> options use <code>{ '-Xmx' => '512m', '-Xms' => '256m' }</code></p>\n\n<h3>puppetdb:server</h3>\n\n<p>The <code>puppetdb::server</code> class manages the puppetdb server independently of the underlying database that it depends on. It will manage the puppetdb package, service, config files, etc., but will still allow you to manage the database (e.g. postgresql) however you see fit.</p>\n\n<pre><code>class { 'puppetdb::server':\n database_host => 'puppetdb-postgres',\n}\n</code></pre>\n\n<p><strong>Parameters within <code>puppetdb::server</code>:</strong></p>\n\n<p>Uses the same parameters as <code>puppetdb</code>, with one addition:</p>\n\n<h4><code>database_host</code></h4>\n\n<p>The hostname or IP address of the database server (defaults to <code>localhost</code>; ignored for <code>embedded</code> db).</p>\n\n<h3>puppetdb::master::config</h3>\n\n<p>The <code>puppetdb::master::config</code> class directs your puppet master to use PuppetDB, which means that this class should be used on your puppet master node. It’ll verify that it can successfully communicate with your puppetdb server, and then configure your master to use PuppetDB.</p>\n\n<p>Using this class involves allowing the module to manipulate your puppet configuration files; in particular: puppet.conf and routes.yaml. The puppet.conf changes are supplemental and should not affect any of your existing settings, but the routes.yaml file will be overwritten entirely. If you have an existing routes.yaml file, you will want to take care to use the manage_routes parameter of this class to prevent the module from managing that file, and you’ll need to manage it yourself.</p>\n\n<pre><code>class { 'puppetdb::master::config':\n puppetdb_server => 'my.host.name',\n puppetdb_port => 8081,\n}\n</code></pre>\n\n<p><strong>Parameters within <code>puppetdb::master::config</code>:</strong></p>\n\n<h4><code>puppetdb_server</code></h4>\n\n<p>The dns name or ip of the puppetdb server (defaults to the certname of the current node).</p>\n\n<h4><code>puppetdb_port</code></h4>\n\n<p>The port that the puppetdb server is running on (defaults to 8081).</p>\n\n<h4><code>puppetdb_soft_write_failure</code></h4>\n\n<p>Boolean to fail in a soft-manner if PuppetDB is not accessable for command submission (defaults to false).</p>\n\n<h4><code>manage_routes</code></h4>\n\n<p>If true, the module will overwrite the puppet master's routes file to configure it to use PuppetDB (defaults to true).</p>\n\n<h4><code>manage_storeconfigs</code></h4>\n\n<p>If true, the module will manage the puppet master's storeconfig settings (defaults to true).</p>\n\n<h4><code>manage_report_processor</code></h4>\n\n<p>If true, the module will manage the 'reports' field in the puppet.conf file to enable or disable the puppetdb report processor. Defaults to 'false'.</p>\n\n<h4><code>manage_config</code></h4>\n\n<p>If true, the module will store values from puppetdb_server and puppetdb_port parameters in the puppetdb configuration file.\nIf false, an existing puppetdb configuration file will be used to retrieve server and port values.</p>\n\n<h4><code>strict_validation</code></h4>\n\n<p>If true, the module will fail if puppetdb is not reachable, otherwise it will preconfigure puppetdb without checking.</p>\n\n<h4><code>enable_reports</code></h4>\n\n<p>Ignored unless <code>manage_report_processor</code> is <code>true</code>, in which case this setting will determine whether or not the puppetdb report processor is enabled (<code>true</code>) or disabled (<code>false</code>) in the puppet.conf file.</p>\n\n<h4><code>puppet_confdir</code></h4>\n\n<p>Puppet's config directory (defaults to <code>/etc/puppet</code>).</p>\n\n<h4><code>puppet_conf</code></h4>\n\n<p>Puppet's config file (defaults to <code>/etc/puppet/puppet.conf</code>).</p>\n\n<h4><code>puppetdb_version</code></h4>\n\n<p>The version of the <code>puppetdb</code> package that should be installed. You may specify an explicit version number, 'present', or 'latest' (defaults to 'present').</p>\n\n<h4><code>terminus_package</code></h4>\n\n<p>Name of the package to use that represents the PuppetDB terminus code.</p>\n\n<h4><code>puppet_service_name</code></h4>\n\n<p>Name of the service that represents Puppet. You can change this to <code>apache2</code> or <code>httpd</code> depending on your operating system, if you plan on having Puppet run using Apache/Passenger for example.</p>\n\n<h4><code>puppetdb_startup_timeout</code></h4>\n\n<p>The maximum amount of time that the module should wait for PuppetDB to start up. This is most important during the initial install of PuppetDB (defaults to 15 seconds).</p>\n\n<h4><code>restart_puppet</code></h4>\n\n<p>If true, the module will restart the puppet master when PuppetDB configuration files are changed by the module. The default is 'true'. If set to 'false', you must restart the service manually in order to pick up changes to the config files (other than <code>puppet.conf</code>).</p>\n\n<h3>puppetdb::database::postgresql</h3>\n\n<p>The <code>puppetdb::database::postgresql</code> class manages a postgresql server for use by PuppetDB. It can manage the postgresql packages and service, as well as creating and managing the puppetdb database and database user accounts.</p>\n\n<pre><code>class { 'puppetdb::database::postgresql':\n listen_addresses => 'my.postgres.host.name',\n}\n</code></pre>\n\n<h4><code>listen_addresses</code></h4>\n\n<p>The <code>listen_address</code> is a comma-separated list of hostnames or IP addresses on which the postgres server should listen for incoming connections. This defaults to <code>localhost</code>. This parameter maps directly to postgresql's <code>listen_addresses</code> config option; use a <code>*</code> to allow connections on any accessible address.</p>\n\n<h4><code>manage_firewall</code></h4>\n\n<p>If set to <code>true</code> this will enable open the local firewall for PostgreSQL protocol access. Defaults to <code>false</code>.</p>\n\n<h4><code>database_name</code></h4>\n\n<p>Sets the name of the database. Defaults to <code>puppetdb</code>.</p>\n\n<h4><code>database_username</code></h4>\n\n<p>Creates a user for access the database. Defaults to <code>puppetdb</code>.</p>\n\n<h4><code>database_password</code></h4>\n\n<p>Sets the password for the database user above. Defaults to <code>puppetdb</code>.</p>\n\n<h2>Implementation</h2>\n\n<h3>Resource overview</h3>\n\n<p>In addition to the classes and variables mentioned above, PuppetDB includes:</p>\n\n<p><strong>puppetdb::master::routes</strong></p>\n\n<p>Configures the puppet master to use PuppetDB as the facts terminus. <em>WARNING</em>: the current implementation simply overwrites your routes.yaml file; if you have an existing routes.yaml file that you are using for other purposes, you should <em>not</em> use this.</p>\n\n<pre><code>class { 'puppetdb::master::routes':\n puppet_confdir => '/etc/puppet'\n}\n</code></pre>\n\n<p><strong>puppetdb::master::storeconfigs</strong></p>\n\n<p>Configures the puppet master to enable storeconfigs and to use PuppetDB as the storeconfigs backend.</p>\n\n<pre><code>class { 'puppetdb::master::storeconfigs':\n puppet_conf => '/etc/puppet/puppet.conf'\n}\n</code></pre>\n\n<p><strong>puppetdb::server::validate_db</strong></p>\n\n<p>Validates that a successful database connection can be established between the node on which this resource is run and the specified puppetdb database instance (host/port/user/password/database name).</p>\n\n<pre><code>puppetdb::server::validate_db { 'validate my puppetdb database connection':\n database_host => 'my.postgres.host',\n database_username => 'mydbuser',\n database_password => 'mydbpassword',\n database_name => 'mydbname',\n}\n</code></pre>\n\n<h3>Custom Types</h3>\n\n<p><strong>puppetdb_conn_validator</strong></p>\n\n<p>Verifies that a connection can be successfully established between a node and the puppetdb server. Its primary use is as a precondition to prevent configuration changes from being applied if the puppetdb server cannot be reached, but it could potentially be used for other purposes such as monitoring.</p>\n\n<h2>Limitations</h2>\n\n<p>Currently, PuppetDB is compatible with:</p>\n\n<pre><code>Puppet Version: 2.7+\n</code></pre>\n\n<p>Platforms:</p>\n\n<ul>\n<li>RHEL6</li>\n<li>Debian6</li>\n<li>Ubuntu 10.04</li>\n<li>Archlinux</li>\n</ul>\n\n<h2>Development</h2>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n</section>",
|
|
3256
|
-
"changelog": "<section class=\"plaintext\"><pre>## puppetlabs-puppetdb changelog\n\nRelease notes for the puppetlabs-puppetdb module.\n\n------------------------------------------\n\n#### 3.0.0 - 2013/10/27\n\nThis major release changes the main dependency for the postgresql module from\nversion 2.5.x to 3.x. Since the postgresql module is not backwards compatible,\nthis release is also not backwards compatible. As a consequence we have taken\nsome steps to deprecate some of the older functionality:\n\n* The parameter manage_redhat_firewall for the class puppetdb has now been removed completely in favor of open_postgres_port and open_ssl_listen_port.\n* The parameter manage_redhat_firewall for the class puppetdb::database::postgresql, has now been renamed to manage_firewall.\n* The parameter manage_redhat_firewall for the class puppetdb::server has now been removed completely in favor of open_listen_port and open_ssl_listen_port.\n* The internal class: puppetdb::database::postgresql_db has been removed. If you were using this, it is now defunct.\n* The class puppetdb::server::firewall has been marked as private, do not use it directly.\n* The class puppetdb::server::jetty_ini and puppetdb::server::database_ini have been marked as private, do not use it directly.\n\nAll of this is documented in the upgrade portion of the README.\n\nAdditionally some features have been included in this release as well:\n\n* soft_write_failure can now be enabled in your puppetdb.conf with this\n module to handle failing silently when your PuppetDB is not available\n during writes.\n* There is a new switch to enable SSL connectivity to PostgreSQL. While this\n functionality is only in its infancy this is a good start.\n\nDetailed Changes:\n\n* FM-103: Add metadata.json to all modules. (Ashley Penney)\n* Add soft_write_failure to puppetdb.conf (Garrett Honeycutt)\n* Add switch to configure database SSL connection (Stefan Dietrich)\n* (GH-91) Update to use rspec-system-puppet 2.x (Ken Barber)\n* (GH-93) Switch to using puppetlabs-postgresql 3.x (Ken Barber)\n* Fix copyright and project notice (Ken Barber)\n* Adjust memory for PuppetDB tests to avoid OOM killer (Ken Barber)\n* Ensure ntpdate executes early during testing (Ken Barber)\n\n------------------------------------------\n\n#### 2.0.0 - 2013/10/04\n\nThis major release changes the main dependency for the inifile module from\nthe deprecated `cprice404/inifile` to `puppetlabs/inifile` to remove\ndeprecation warnings and to move onto the latest and greatest implementation\nof that code.\n\nIts a major release, because it may affect other dependencies since modules\ncannot have overlapping second part dependencies (that is inifile cannot be from\ntwo different locations).\n\nIt also adds the parameter `puppetdb_service_status` to the class `puppetdb` to\nallow users to specify whether the module manages the puppetdb service for you.\n\nThe `database_password` parameter is now optional, and initial Arch Linux\nsupport has been added.\n\nDetailed Changes:\n\n* (GH-73) Switch to puppetlabs/inifile from cprice/inifile (Ken Barber)\n* Make database_password an optional parameter (Nick Lewis)\n* add archlinux support (Niels Abspoel)\n* Added puppetdb service control (Akos Hencz)\n\n------------------------------------------\n\n#### 1.6.0 - 2013/08/07\n\nThis minor feature release provides extra parameters for new configuration\nitems available in PuppetDB 1.4, and also provides some older parameters\nthat were missed previously:\n\n* gc_interval\n* log_slow_statements\n* conn_max_age\n* conn_keep_alive\n* conn_lifetime\n\nConsult the README.md file, or the PuppetDB documentation for more details.\n\n------------------------------------------\n\n#### 1.5.0 - 2013/07/18\n\nThis minor feature release provides the following new functionality:\n\n* The module is now capable of managing PuppetDB on SUSE systems\n for which PuppetDB packages are available\n* The ruby code for validating the PuppetDB connection now\n supports validating on a non-SSL HTTP port.\n\n------------------------------------------\n\n#### 1.4.0 - 2013/05/13\n\nThis feature release provides support for managing the puppetdb report\nprocessor on your master.\n\nTo enable the report processor, you can do something like this:\n\n class { 'puppetdb::master::config':\n manage_report_processor => true,\n enable_reports => true\n }\n\nThis will add the 'puppetdb' report processor to the list of `reports`\ninside your master's `puppet.conf` file.\n\n------------------------------------------\n\n#### 1.3.0 - 2013/05/13\n\nThis feature release provides us with a few new features for the PuppetDB\nmodule.\n\nYou can now disable SSL when using the `puppetdb` class by using the new\nparameter `disable_ssl`:\n\n class { 'puppetdb':\n disable_ssl => true,\n }\n\nThis will remove the SSL settings from your `jetty.ini` configuration file\ndisabling any SSL communication. This is useful when you want to offload SSL\nto another web server, such as Apache or Nginx.\n\nWe have now added an option `java_args` for passing in Java options to\nPuppetDB. The format is a hash that is passed in when declaring the use of the\n`puppetdb` class:\n\n class { 'puppetdb':\n java_args => {\n '-Xmx' => '512m',\n '-Xms' => '256m',\n }\n }\n\nAlso, the default `report-ttl` was set to `14d` in PuppetDB to align it with an\nupcoming PE release, so we've also reflected that default here now.\n\nAnd finally we've fixed the issue whereby the options `report_ttl`, `node_ttl`,\n`node_purge_ttl` and `gc_interval` were not making the correct changes. On top\nof that you can now set these values to zero in the module, and the correct\ntime modifier (`s`, `m`, `h` etc.) will automatically get applied for you.\n\nBehind the scenes we've also added system and unit testing, which was\npreviously non-existent. This should help us reduce regression going forward.\n\nThanks to all the contributing developers in the list below that made this\nrelease possible :-).\n\n#### Changes\n\n* Allows for 0 _ttl's without time signifier and enables tests (Garrett Honeycutt)\n* Add option to disable SSL in Jetty, including tests and documentation (Christian Berg)\n* Cleaned up ghoneycutt's code a tad (Ken Barber)\n* the new settings report_ttl, node_ttl and node_purge_ttl were added but they are not working, this fixes it (fsalum)\n* Also fix gc_interval (Ken Barber)\n* Support for remote puppetdb (Filip Hrbek)\n* Added support for Java VM options (Karel Brezina)\n* Add initial rspec-system tests and scaffolding (Ken Barber)\n\n------------------------------------------\n\n#### 1.2.1 - 2013/04/08\n\nThis is a minor bugfix that solves the PuppetDB startup exception:\n\n java.lang.AssertionError: Assert failed: (string? s)\n\nThis was due to the default `node-ttl` and `node-purge-ttl` settings not having a time suffix by default. These settings required 's', 'm', 'd' etc. to be suffixed, even if they are zero.\n\n#### Changes\n\n* (Ken Barber) Add 's' suffix to period settings to avoid exceptions in PuppetDB\n\n------------------------------------------\n\n#### 1.2.0 - 2013/04/05\n\nThis release is primarily about providing full configuration file support in the module for PuppetDB 1.2.0. (The alignment of version is a coincidence I assure you :-).\n\nThis feature release adds the following new configuration parameters to the main `puppetdb` class:\n\n* node_ttl\n* node_purge_ttl (available in >=1.2.0)\n* report_ttl\n\nConsult the README for futher details about these new configurable items.\n\n##### Changes\n\n* (Nick Lewis) Add params and ini settings for node/purge/report ttls and document them\n\n------------------------------------------\n\n1.1.5\n=====\n\n2013-02-13 - Karel Brezina\n * Fix database creation so database_username, database_password and\n database_name are correctly passed during database creation.\n\n2013-01-29 - Lauren Rother\n * Change README to conform to new style and various other README improvements\n\n2013-01-17 - Chris Price\n * Improve documentation in init.pp\n\n------------------------------------------\n\n1.1.4\n=====\n\nThis is a bugfix release, mostly around fixing backward-compatibility for the\ndeprecated `manage_redhat_firewall` parameter. It wasn't actually entirely\nbackwards-compatible in the 1.1.3 release.\n\n2013-01-17 - Chris Price <chris@puppetlabs.com>\n * Fix backward compatibility of `manage_redhat_firewall` parameter (de20b44)\n\n2013-01-16 - Chris Price <chris@puppetlabs.com>\n * Fix deprecation warnings around manage_redhat_firewall (448f8bc)\n\n------------------------------------------\n\n1.1.3\n=====\n\nThis is mostly a maintenance release, to update the module dependencies to newer\nversions in preparation for some new features. This release does include some nice\nadditions around the ability to set the listen address for the HTTP port on Jetty\nand manage the firewall for that port. Thanks very much to Drew Blessing for those\nsubmissions!\n\n2013-01-15 - Chris Price <chris@puppetlabs.com>\n * Update Modulefile for 1.1.3 release (updates dependencies\n on postgres and inifile modules to the latest versions) (76bfd9e)\n\n2012-12-19 - Garrett Honeycutt <garrett@puppetlabs.com>\n * (#18228) updates README for style (fd2e990)\n\n2012-11-29 - Drew Blessing <Drew.Blessing@Buckle.com>\n * 17594 - Fixes suggested by cprice-puppet (0cf9632)\n\n2012-11-14 - Drew Blessing <Drew.Blessing@Buckle.com>\n * Adjust examples in tests to include new port params (0afc276)\n\n2012-11-13 - Drew Blessing <Drew.Blessing@Buckle.com>\n * 17594 - PuppetDB - Add ability to set standard host listen address and open firewall\n\n------------------------------------------\n\n1.1.2\n=====\n\n2012-10-26 - Chris Price <chris@puppetlabs.com> (1.1.2)\n * 1.1.2 release\n\n2012-10-26 - Chris Price <chris@puppetlabs.com>\n * Add some more missing `inherit`s for `puppetdb::params` (a72cc7c)\n\n2012-10-26 - Chris Price <chris@puppetlabs.com> (1.1.2)\n * 1.1.1 release\n\n2012-10-26 - Chris Price <chris@puppetlabs.com> (1.1.1)\n * Add missing `inherit` for `puppetdb::params` (ea9b379)\n\n2012-10-24 - Chris Price <chris@puppetlabs.com>\n * 1.1.0 release\n\n2012-10-24 - Chris Price <chris@puppetlabs.com> (1.1.0)\n * Update postgres dependency to puppetlabs/postgresql (bea79b4)\n\n2012-10-17 - Reid Vandewiele <reid@puppetlabs.com> (1.1.0)\n * Fix embedded db setup in Puppet Enterprise (bf0ab45)\n\n2012-10-17 - Chris Price <chris@puppetlabs.com> (1.1.0)\n * Update manifests/master/config.pp (b119a30)\n\n2012-10-16 - Chris Price <chris@puppetlabs.com> (1.1.0)\n * Make puppetdb startup timeout configurable (783b595)\n\n2012-10-01 - Hunter Haugen <h.haugen@gmail.com> (1.1.0)\n * Add condition to detect PE installations and provide different parameters (63f1c52)\n\n2012-10-01 - Hunter Haugen <h.haugen@gmail.com> (1.1.0)\n * Add example manifest code for pe puppet master (a598edc)\n\n2012-10-01 - Chris Price <chris@puppetlabs.com> (1.1.0)\n * Update comments and docs w/rt PE params (b5df5d9)\n\n2012-10-01 - Hunter Haugen <h.haugen@gmail.com> (1.1.0)\n * Adding pe_puppetdb tests class (850e039)\n\n2012-09-28 - Hunter Haugen <h.haugen@gmail.com> (1.1.0)\n * Add parameters to enable usage of enterprise versions of PuppetDB (df6f7cc)\n\n2012-09-23 - Chris Price <chris@puppetlabs.com>\n * 1.0.3 release\n\n2012-09-23 - Chris Price <chris@puppetlabs.com>\n * Add a parameter for restarting puppet master (179b337)\n\n2012-09-21 - Chris Price <chris@puppetlabs.com>\n * 1.0.2 release\n\n2012-09-21 - Chris Price <chris@puppetlabs.com>\n * Pass 'manage_redhat_firewall' param through to postgres (f21740b)\n\n2012-09-20 - Chris Price <chris@puppetlabs.com>\n * 1.0.1 release\n\n2012-09-20 - Garrett Honeycutt <garrett@puppetlabs.com>\n * complies with style guide (1aab5d9)\n\n2012-09-19 - Chris Price <chris@puppetlabs.com>\n * Fix invalid subname in database.ini (be683b7)\n\n2011-09-18 Chris Price <chris@puppetlabs.com> - 1.0.0\n* Initial 1.0.0 release\n</pre></section>",
|
|
3255
|
+
"readme": "<section class=\"markdown\"><h1>puppetdb</h1>\n\n<h4>Table of Contents</h4>\n\n<ol>\n<li><a href=\"#overview\">Overview - What is the PuppetDB module?</a></li>\n<li><a href=\"#module-description\">Module Description - What does the module do?</a></li>\n<li><a href=\"#setup\">Setup - The basics of getting started with PuppetDB module</a></li>\n<li><a href=\"#upgrading\">Upgrading - Guide for upgrading from older revisions of this module</a></li>\n<li><a href=\"#usage\">Usage - The classes and parameters available for configuration</a></li>\n<li><a href=\"#implementation\">Implementation - An under-the-hood peek at what the module is doing</a></li>\n<li><a href=\"#limitations\">Limitations - OS compatibility, etc.</a></li>\n<li><a href=\"#development\">Development - Guide for contributing to the module</a></li>\n<li><a href=\"#release-notes\">Release Notes - Notes on the most recent updates to the module</a></li>\n</ol>\n\n<h2>Overview</h2>\n\n<p>By guiding puppetdb setup and configuration with a primary Puppet server, the PuppetDB module provides fast, streamlined access to data on puppetized infrastructure.</p>\n\n<h2>Module Description</h2>\n\n<p>The PuppetDB module provides a quick way to get started using PuppetDB, an open source inventory resource service that manages storage and retrieval of platform-generated data. The module will install PostgreSQL and PuppetDB if you don't have them, as well as set up the connection to primary Puppet server. The module will also provide a dashboard you can use to view the current state of your system.</p>\n\n<p>For more information about PuppetDB <a href=\"http://docs.puppetlabs.com/puppetdb/\">please see the official PuppetDB documentation.</a></p>\n\n<h2>Setup</h2>\n\n<p><strong>What PuppetDB affects:</strong></p>\n\n<ul>\n<li>package/service/configuration files for PuppetDB</li>\n<li>package/service/configuration files for PostgreSQL (optional, but set as default)</li>\n<li>primary Puppet server's runtime (via plugins)</li>\n<li>primary Puppet server's configuration\n\n<ul>\n<li><strong>note</strong>: Using the <code>puppetdb::config</code> class will cause your routes.yaml file to be overwritten entirely (see <strong>Usage</strong> below for options and more information )</li>\n</ul></li>\n<li>system firewall (optional)</li>\n<li>listened-to ports</li>\n</ul>\n\n<p><strong>Introductory Questions</strong></p>\n\n<p>To begin using PuppetDB, you’ll have to make a few decisions:</p>\n\n<ul>\n<li>Which database back-end should I use?\n\n<ul>\n<li>PostgreSQL (default) or our embedded database</li>\n<li>Embedded database</li>\n<li><strong>note:</strong> We suggest using the embedded database only for experimental environments rather than production, as it does not scale well and can cause difficulty in migrating to PostgreSQL.</li>\n</ul></li>\n<li>Should I run the database on the same node that I run PuppetDB on?</li>\n<li>Should I run PuppetDB on the same node that I run my primary Puppet server on?</li>\n</ul>\n\n<p>The answers to those questions will be largely dependent on your answers to questions about your Puppet environment:</p>\n\n<ul>\n<li>How many nodes are you managing?</li>\n<li>What kind of hardware are you running on?</li>\n<li>Is your current load approaching the limits of your hardware?</li>\n</ul>\n\n<p>Depending on your answers to all of the questions above, you will likely fall under one of these set-up options:</p>\n\n<ol>\n<li><a href=\"#single-node-setup\">Single Node (Testing and Development)</a></li>\n<li><a href=\"#multiple-node-setup\">Multiple Node (Recommended)</a></li>\n</ol>\n\n<h3>Single Node Setup</h3>\n\n<p>This approach assumes you will use our default database (PostgreSQL) and run everything (PostgreSQL, PuppetDB, primary Puppet server) all on the same node. This setup will be great for a testing or experimental environment. In this case, your manifest will look like:</p>\n\n<pre><code>node primary Puppet server {\n # Configure puppetdb and its underlying database\n class { 'puppetdb': }\n # Configure the primary Puppet server to use puppetdb\n class { 'puppetdb::config': }\n}\n</code></pre>\n\n<p>You can provide some parameters for these classes if you’d like more control, but that is literally all that it will take to get you up and running with the default configuration.</p>\n\n<h3>Multiple Node Setup</h3>\n\n<p>This approach is for those who prefer not to install PuppetDB on the same node as the primary Puppet server. Your environment will be easier to scale if you are able to dedicate hardware to the individual system components. You may even choose to run the puppetdb server on a different node from the PostgreSQL database that it uses to store its data. So let’s have a look at what a manifest for that scenario might look like:</p>\n\n<p><strong>This is an example of a very basic 3-node setup for PuppetDB.</strong></p>\n\n<p>This node is our primary Puppet server:</p>\n\n<pre><code>node puppet {\n # Here we configure the primary Puppet server to use PuppetDB,\n # and tell it that the hostname is ‘puppetdb’\n class { 'puppetdb::config':\n puppetdb_server => 'puppetdb',\n }\n}\n</code></pre>\n\n<p>This node is our postgres server:</p>\n\n<pre><code>node puppetdb-postgres {\n # Here we install and configure postgres and the puppetdb\n # database instance, and tell postgres that it should\n # listen for connections to the hostname ‘puppetdb-postgres’\n class { 'puppetdb::database::postgresql':\n listen_addresses => 'puppetdb-postgres',\n }\n}\n</code></pre>\n\n<p>This node is our main puppetdb server:</p>\n\n<pre><code>node puppetdb {\n # Here we install and configure PuppetDB, and tell it where to\n # find the postgres database.\n class { 'puppetdb::server':\n database_host => 'puppetdb-postgres',\n }\n}\n</code></pre>\n\n<p>This should be all it takes to get a 3-node, distributed installation of PuppetDB up and running. Note that, if you prefer, you could easily move two of these classes to a single node and end up with a 2-node setup instead.</p>\n\n<h3>Beginning with PuppetDB</h3>\n\n<p>Whether you choose a single node development setup or a multi-node setup, a basic setup of PuppetDB will cause: PostgreSQL to install on the node if it’s not already there; PuppetDB postgres database instance and user account to be created; the postgres connection to be validated and, if successful, PuppetDB to be installed and configured; PuppetDB connection to be validated and, if successful, the primary Puppet server config files to be modified to use PuppetDB; and the primary Puppet server to be restarted so that it will pick up the config changes.</p>\n\n<p>If your logging level is set to INFO or finer, you should start seeing PuppetDB-related log messages appear in both your primary Puppet server log and your puppetdb log as subsequent agent runs occur.</p>\n\n<p>If you’d prefer to use PuppetDB’s embedded database rather than PostgreSQL, have a look at the database parameter on the puppetdb class:</p>\n\n<pre><code>class { 'puppetdb':\n database => 'embedded',\n}\n</code></pre>\n\n<p>The embedded database can be useful for testing and very small production environments, but it is not recommended for production environments since it consumes a great deal of memory as your number of nodes increase.</p>\n\n<h3>Cross-node Dependencies</h3>\n\n<p>It is worth noting that there are some cross-node dependencies, which means that the first time you add the module's configurations to your manifests, you may see a few failed puppet runs on the affected nodes.</p>\n\n<p>PuppetDB handles cross-node dependencies by taking a sort of “eventual consistency” approach. There’s nothing that the module can do to control the order in which your nodes check in, but the module can check to verify that the services it depends on are up and running before it makes configuration changes--so that’s what it does.</p>\n\n<p>When your primary Puppet server node checks in, it will validate the connectivity to the puppetdb server before it applies its changes to the primary Puppet server config files. If it can’t connect to puppetdb, then the puppet run will fail and the previous config files will be left intact. This prevents your primary Puppet server from getting into a broken state where all incoming puppet runs fail because the primary Puppet server is configured to use a puppetdb server that doesn’t exist yet. The same strategy is used to handle the dependency between the puppetdb server and the postgres server.</p>\n\n<p>Hence the failed puppet runs. These failures should be limited to 1 failed run on the puppetdb node, and up to 2 failed runs on the primary Puppet server node. After that, all of the dependencies should be satisfied and your puppet runs should start to succeed again.</p>\n\n<p>You can also manually trigger puppet runs on the nodes in the correct order (Postgres, PuppetDB, primary Puppet server), which will avoid any failed runs.</p>\n\n<h2>Upgrading</h2>\n\n<h3>Upgrading from 2.x to version 3.x</h3>\n\n<p>For this release a major dependency has changed. The module <code>pupppetlabs/postgresql</code> must now be version 3.x. Upgrading the module should upgrade the <code>puppetlabs/postgresql</code> module for you, but if another module has a fixed dependency that module will have to be fixed before you can continue.</p>\n\n<p>Some other changes include:</p>\n\n<ul>\n<li>The parameter <code>manage_redhat_firewall</code> for the class <code>puppetdb</code> has now been removed completely in favor of <code>open_postgres_port</code> and <code>open_ssl_listen_port</code>.</li>\n<li>The parameter <code>manage_redhat_firewall</code> for the class <code>puppetdb::database::postgresql</code>, has now been renamed to <code>manage_firewall</code>.</li>\n<li>The parameter <code>manage_redhat_firewall</code> for the class <code>puppetdb::server</code> has now been removed completely in favor of <code>open_listen_port</code> and <code>open_ssl_listen_port</code>.</li>\n<li>The internal class: <code>puppetdb::database::postgresql_db</code> has been removed. If you were using this, it is now defunct.</li>\n<li>The class <code>puppetdb::server::firewall</code> has been marked as private, do not use it directly.</li>\n<li>The class <code>puppetdb::server::jetty_ini</code> and <code>puppetdb::server::database_ini</code> have been marked as private, do not use it directly.</li>\n</ul>\n\n<h3>Upgrading from 1.x to version 2.x</h3>\n\n<p>A major dependency has been changed, so now when you upgrade to 2.0 the dependency <code>cprice404/inifile</code> has been replaced with <code>puppetlabs/inifile</code>. This may interfer with other modules as they may depend on the old <code>cprice404/inifile</code> instead, so upgrading should be done with caution. Check that your other modules use the newer <code>puppetlabs/inifile</code> module as interoperation with the old <code>cprice404/inifile</code> module will no longer be supported by this module.</p>\n\n<p>Depending on how you install your modules, changing the dependency may require manual intervention. Double check your modules contains the newer <code>puppetlabs/inifile</code> after installing this latest module.</p>\n\n<p>Otherwise, all existing parameters from 1.x should still work correctly.</p>\n\n<h2>Usage</h2>\n\n<p>PuppetDB supports a large number of configuration options for both configuring the puppetdb service and connecting that service to the primary Puppet server.</p>\n\n<h3>puppetdb</h3>\n\n<p>The <code>puppetdb</code> class is intended as a high-level abstraction (sort of an 'all-in-one' class) to help simplify the process of getting your puppetdb server up and running. It wraps the slightly-lower-level classes <code>puppetdb::server</code> and <code>puppetdb::database::*</code>, and it'll get you up and running with everything you need (including database setup and management) on the server side. For maximum configurability, you may choose not to use this class. You may prefer to use the <code>puppetdb::server</code> class directly, or manage your puppetdb setup on your own.</p>\n\n<p>You must declare the class to use it:</p>\n\n<pre><code>class { 'puppetdb': }\n</code></pre>\n\n<p><strong>Parameters within <code>puppetdb</code>:</strong></p>\n\n<h4><code>listen_address</code></h4>\n\n<p>The address that the web server should bind to for HTTP requests (defaults to <code>localhost</code>.'0.0.0.0' = all).</p>\n\n<h4><code>listen_port</code></h4>\n\n<p>The port on which the puppetdb web server should accept HTTP requests (defaults to '8080').</p>\n\n<h4><code>open_listen_port</code></h4>\n\n<p>If true, open the http_listen_port on the firewall (defaults to false).</p>\n\n<h4><code>ssl_listen_address</code></h4>\n\n<p>The address that the web server should bind to for HTTPS requests (defaults to <code>$::clientcert</code>). Set to '0.0.0.0' to listen on all addresses.</p>\n\n<h4><code>ssl_listen_port</code></h4>\n\n<p>The port on which the puppetdb web server should accept HTTPS requests (defaults to '8081').</p>\n\n<h4><code>disable_ssl</code></h4>\n\n<p>If true, the puppetdb web server will only serve HTTP and not HTTPS requests (defaults to false).</p>\n\n<h4><code>open_ssl_listen_port</code></h4>\n\n<p>If true, open the ssl_listen_port on the firewall (defaults to true).</p>\n\n<h4><code>database</code></h4>\n\n<p>Which database backend to use; legal values are <code>postgres</code> (default) or <code>embedded</code>. The <code>embedded</code> db can be used for very small installations or for testing, but is not recommended for use in production environments. For more info, see the <a href=\"http://docs.puppetlabs.com/puppetdb/\">puppetdb docs</a>.</p>\n\n<h4><code>database_port</code></h4>\n\n<p>The port that the database server listens on (defaults to <code>5432</code>; ignored for <code>embedded</code> db).</p>\n\n<h4><code>database_username</code></h4>\n\n<p>The name of the database user to connect as (defaults to <code>puppetdb</code>; ignored for <code>embedded</code> db).</p>\n\n<h4><code>database_password</code></h4>\n\n<p>The password for the database user (defaults to <code>puppetdb</code>; ignored for <code>embedded</code> db).</p>\n\n<h4><code>database_name</code></h4>\n\n<p>The name of the database instance to connect to (defaults to <code>puppetdb</code>; ignored for <code>embedded</code> db).</p>\n\n<h4><code>database_ssl</code></h4>\n\n<p>If true, puppetdb will use SSL to connect to the postgres database (defaults to false; ignored for <code>embedded</code> db).\nSetting up proper trust- and keystores has to be managed outside of the puppetdb module.</p>\n\n<h4><code>node_ttl</code></h4>\n\n<p>The length of time a node can go without receiving any new data before it's automatically deactivated. (defaults to '0', which disables auto-deactivation). This option is supported in PuppetDB >= 1.1.0.</p>\n\n<h4><code>node_purge_ttl</code></h4>\n\n<p>The length of time a node can be deactivated before it's deleted from the database. (defaults to '0', which disables purging). This option is supported in PuppetDB >= 1.2.0.</p>\n\n<h4><code>report_ttl</code></h4>\n\n<p>The length of time reports should be stored before being deleted. (defaults to '7d', which is a 7-day period). This option is supported in PuppetDB >= 1.1.0.</p>\n\n<h4><code>gc_interval</code></h4>\n\n<p>This controls how often, in minutes, to compact the database. The compaction process reclaims space and deletes unnecessary rows. If not supplied, the default is every 60 minutes. This option is supported in PuppetDB >= 0.9.</p>\n\n<h4><code>log_slow_statements</code></h4>\n\n<p>This sets the number of seconds before an SQL query is considered "slow." Slow SQL queries are logged as warnings, to assist in debugging and tuning. Note PuppetDB does not interrupt slow queries; it simply reports them after they complete.</p>\n\n<p>The default value is 10 seconds. A value of 0 will disable logging of slow queries. This option is supported in PuppetDB >= 1.1.</p>\n\n<h4><code>conn_max_age</code></h4>\n\n<p>The maximum time (in minutes), for a pooled connection to remain unused before it is closed off.</p>\n\n<p>If not supplied, we default to 60 minutes. This option is supported in PuppetDB >= 1.1.</p>\n\n<h4><code>conn_keep_alive</code></h4>\n\n<p>This sets the time (in minutes), for a connection to remain idle before sending a test query to the DB. This is useful to prevent a DB from timing out connections on its end.</p>\n\n<p>If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.1.</p>\n\n<h4><code>conn_lifetime</code></h4>\n\n<p>The maximum time (in minutes) a pooled connection should remain open. Any connections older than this setting will be closed off. Connections currently in use will not be affected until they are returned to the pool.</p>\n\n<p>If not supplied, we won't terminate connections based on their age alone. This option is supported in PuppetDB >= 1.4.</p>\n\n<h4><code>puppetdb_package</code></h4>\n\n<p>The puppetdb package name in the package manager.</p>\n\n<h4><code>puppetdb_version</code></h4>\n\n<p>The version of the <code>puppetdb</code> package that should be installed. You may specify an explicit version number, 'present', or 'latest' (defaults to 'present').</p>\n\n<h4><code>puppetdb_service</code></h4>\n\n<p>The name of the puppetdb service.</p>\n\n<h4><code>puppetdb_service_status</code></h4>\n\n<p>Sets whether the service should be running or stopped. When set to stopped the service doesn't start on boot either. Valid values are 'true', 'running', 'false', and 'stopped'.</p>\n\n<h4><code>confdir</code></h4>\n\n<p>The puppetdb configuration directory (defaults to <code>/etc/puppetdb/conf.d</code>).</p>\n\n<h4><code>java_args</code></h4>\n\n<p>Java VM options used for overriding default Java VM options specified in PuppetDB package (defaults to <code>{}</code>). See <a href=\"http://docs.puppetlabs.com/puppetdb/1.1/configure.html\">PuppetDB Configuration</a> to get more details about the current defaults.</p>\n\n<p>Example: to set <code>-Xmx512m -Xms256m</code> options use <code>{ '-Xmx' => '512m', '-Xms' => '256m' }</code></p>\n\n<h3>puppetdb:server</h3>\n\n<p>The <code>puppetdb::server</code> class manages the puppetdb server independently of the underlying database that it depends on. It will manage the puppetdb package, service, config files, etc., but will still allow you to manage the database (e.g. postgresql) however you see fit.</p>\n\n<pre><code>class { 'puppetdb::server':\n database_host => 'puppetdb-postgres',\n}\n</code></pre>\n\n<p><strong>Parameters within <code>puppetdb::server</code>:</strong></p>\n\n<p>Uses the same parameters as <code>puppetdb</code>, with one addition:</p>\n\n<h4><code>database_host</code></h4>\n\n<p>The hostname or IP address of the database server (defaults to <code>localhost</code>; ignored for <code>embedded</code> db).</p>\n\n<h3>puppetdb::config</h3>\n\n<p>The <code>puppetdb::config</code> class directs your primary Puppet server to use PuppetDB, which means that this class should be used on your primary Puppet server node. It’ll verify that it can successfully communicate with your puppetdb server, and then configure your primary Puppet server to use PuppetDB.</p>\n\n<p>Using this class involves allowing the module to manipulate your puppet configuration files; in particular: puppet.conf and routes.yaml. The puppet.conf changes are supplemental and should not affect any of your existing settings, but the routes.yaml file will be overwritten entirely. If you have an existing routes.yaml file, you will want to take care to use the manage_routes parameter of this class to prevent the module from managing that file, and you’ll need to manage it yourself.</p>\n\n<pre><code>class { 'puppetdb::config':\n puppetdb_server => 'my.host.name',\n puppetdb_port => 8081,\n}\n</code></pre>\n\n<p><strong>Parameters within <code>puppetdb::config</code>:</strong></p>\n\n<h4><code>puppetdb_server</code></h4>\n\n<p>The dns name or ip of the puppetdb server (defaults to the certname of the current node).</p>\n\n<h4><code>puppetdb_port</code></h4>\n\n<p>The port that the puppetdb server is running on (defaults to 8081).</p>\n\n<h4><code>puppetdb_soft_write_failure</code></h4>\n\n<p>Boolean to fail in a soft-manner if PuppetDB is not accessable for command submission (defaults to false).</p>\n\n<h4><code>manage_routes</code></h4>\n\n<p>If true, the module will overwrite the primary Puppet server's routes file to configure it to use PuppetDB (defaults to true).</p>\n\n<h4><code>manage_storeconfigs</code></h4>\n\n<p>If true, the module will manage the primary Puppet server's storeconfig settings (defaults to true).</p>\n\n<h4><code>manage_report_processor</code></h4>\n\n<p>If true, the module will manage the 'reports' field in the puppet.conf file to enable or disable the puppetdb report processor. Defaults to 'false'.</p>\n\n<h4><code>manage_config</code></h4>\n\n<p>If true, the module will store values from puppetdb_server and puppetdb_port parameters in the puppetdb configuration file.\nIf false, an existing puppetdb configuration file will be used to retrieve server and port values.</p>\n\n<h4><code>strict_validation</code></h4>\n\n<p>If true, the module will fail if puppetdb is not reachable, otherwise it will preconfigure puppetdb without checking.</p>\n\n<h4><code>enable_reports</code></h4>\n\n<p>Ignored unless <code>manage_report_processor</code> is <code>true</code>, in which case this setting will determine whether or not the puppetdb report processor is enabled (<code>true</code>) or disabled (<code>false</code>) in the puppet.conf file.</p>\n\n<h4><code>puppet_confdir</code></h4>\n\n<p>Puppet's config directory (defaults to <code>/etc/puppet</code>).</p>\n\n<h4><code>puppet_conf</code></h4>\n\n<p>Puppet's config file (defaults to <code>/etc/puppet/puppet.conf</code>).</p>\n\n<h4><code>puppetdb_version</code></h4>\n\n<p>The version of the <code>puppetdb</code> package that should be installed. You may specify an explicit version number, 'present', or 'latest' (defaults to 'present').</p>\n\n<h4><code>terminus_package</code></h4>\n\n<p>Name of the package to use that represents the PuppetDB terminus code.</p>\n\n<h4><code>puppet_service_name</code></h4>\n\n<p>Name of the service that represents Puppet. You can change this to <code>apache2</code> or <code>httpd</code> depending on your operating system, if you plan on having Puppet run using Apache/Passenger for example.</p>\n\n<h4><code>puppetdb_startup_timeout</code></h4>\n\n<p>The maximum amount of time that the module should wait for PuppetDB to start up. This is most important during the initial install of PuppetDB (defaults to 15 seconds).</p>\n\n<h4><code>restart_puppet</code></h4>\n\n<p>If true, the module will restart the primary Puppet server when PuppetDB configuration files are changed by the module. The default is 'true'. If set to 'false', you must restart the service manually in order to pick up changes to the config files (other than <code>puppet.conf</code>).</p>\n\n<h3>puppetdb::database::postgresql</h3>\n\n<p>The <code>puppetdb::database::postgresql</code> class manages a postgresql server for use by PuppetDB. It can manage the postgresql packages and service, as well as creating and managing the puppetdb database and database user accounts.</p>\n\n<pre><code>class { 'puppetdb::database::postgresql':\n listen_addresses => 'my.postgres.host.name',\n}\n</code></pre>\n\n<h4><code>listen_addresses</code></h4>\n\n<p>The <code>listen_address</code> is a comma-separated list of hostnames or IP addresses on which the postgres server should listen for incoming connections. This defaults to <code>localhost</code>. This parameter maps directly to postgresql's <code>listen_addresses</code> config option; use a <code>*</code> to allow connections on any accessible address.</p>\n\n<h4><code>manage_firewall</code></h4>\n\n<p>If set to <code>true</code> this will enable open the local firewall for PostgreSQL protocol access. Defaults to <code>false</code>.</p>\n\n<h4><code>database_name</code></h4>\n\n<p>Sets the name of the database. Defaults to <code>puppetdb</code>.</p>\n\n<h4><code>database_username</code></h4>\n\n<p>Creates a user for access the database. Defaults to <code>puppetdb</code>.</p>\n\n<h4><code>database_password</code></h4>\n\n<p>Sets the password for the database user above. Defaults to <code>puppetdb</code>.</p>\n\n<h2>Implementation</h2>\n\n<h3>Resource overview</h3>\n\n<p>In addition to the classes and variables mentioned above, PuppetDB includes:</p>\n\n<p><strong>puppetdb::routes</strong></p>\n\n<p>Configures the primary Puppet server to use PuppetDB as the facts terminus. <em>WARNING</em>: the current implementation simply overwrites your routes.yaml file; if you have an existing routes.yaml file that you are using for other purposes, you should <em>not</em> use this.</p>\n\n<pre><code>class { 'puppetdb::routes':\n puppet_confdir => '/etc/puppet'\n}\n</code></pre>\n\n<p><strong>puppetdb::storeconfigs</strong></p>\n\n<p>Configures the primary Puppet server to enable storeconfigs and to use PuppetDB as the storeconfigs backend.</p>\n\n<pre><code>class { 'puppetdb::storeconfigs':\n puppet_conf => '/etc/puppet/puppet.conf'\n}\n</code></pre>\n\n<p><strong>puppetdb::server::validate_db</strong></p>\n\n<p>Validates that a successful database connection can be established between the node on which this resource is run and the specified puppetdb database instance (host/port/user/password/database name).</p>\n\n<pre><code>puppetdb::server::validate_db { 'validate my puppetdb database connection':\n database_host => 'my.postgres.host',\n database_username => 'mydbuser',\n database_password => 'mydbpassword',\n database_name => 'mydbname',\n}\n</code></pre>\n\n<h3>Custom Types</h3>\n\n<p><strong>puppetdb_conn_validator</strong></p>\n\n<p>Verifies that a connection can be successfully established between a node and the puppetdb server. Its primary use is as a precondition to prevent configuration changes from being applied if the puppetdb server cannot be reached, but it could potentially be used for other purposes such as monitoring.</p>\n\n<h2>Limitations</h2>\n\n<p>Currently, PuppetDB is compatible with:</p>\n\n<pre><code>Puppet Version: 2.7+\n</code></pre>\n\n<p>Platforms:</p>\n\n<ul>\n<li>RHEL6</li>\n<li>Debian6</li>\n<li>Ubuntu 10.04</li>\n<li>Archlinux</li>\n</ul>\n\n<h2>Development</h2>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n</section>",
|
|
3256
|
+
"changelog": "<section class=\"plaintext\"><pre>## puppetlabs-puppetdb changelog\n\nRelease notes for the puppetlabs-puppetdb module.\n\n------------------------------------------\n\n#### 3.0.0 - 2013/10/27\n\nThis major release changes the main dependency for the postgresql module from\nversion 2.5.x to 3.x. Since the postgresql module is not backwards compatible,\nthis release is also not backwards compatible. As a consequence we have taken\nsome steps to deprecate some of the older functionality:\n\n* The parameter manage_redhat_firewall for the class puppetdb has now been removed completely in favor of open_postgres_port and open_ssl_listen_port.\n* The parameter manage_redhat_firewall for the class puppetdb::database::postgresql, has now been renamed to manage_firewall.\n* The parameter manage_redhat_firewall for the class puppetdb::server has now been removed completely in favor of open_listen_port and open_ssl_listen_port.\n* The internal class: puppetdb::database::postgresql_db has been removed. If you were using this, it is now defunct.\n* The class puppetdb::server::firewall has been marked as private, do not use it directly.\n* The class puppetdb::server::jetty_ini and puppetdb::server::database_ini have been marked as private, do not use it directly.\n\nAll of this is documented in the upgrade portion of the README.\n\nAdditionally some features have been included in this release as well:\n\n* soft_write_failure can now be enabled in your puppetdb.conf with this\n module to handle failing silently when your PuppetDB is not available\n during writes.\n* There is a new switch to enable SSL connectivity to PostgreSQL. While this\n functionality is only in its infancy this is a good start.\n\nDetailed Changes:\n\n* FM-103: Add metadata.json to all modules. (Ashley Penney)\n* Add soft_write_failure to puppetdb.conf (Garrett Honeycutt)\n* Add switch to configure database SSL connection (Stefan Dietrich)\n* (GH-91) Update to use rspec-system-puppet 2.x (Ken Barber)\n* (GH-93) Switch to using puppetlabs-postgresql 3.x (Ken Barber)\n* Fix copyright and project notice (Ken Barber)\n* Adjust memory for PuppetDB tests to avoid OOM killer (Ken Barber)\n* Ensure ntpdate executes early during testing (Ken Barber)\n\n------------------------------------------\n\n#### 2.0.0 - 2013/10/04\n\nThis major release changes the main dependency for the inifile module from\nthe deprecated `cprice404/inifile` to `puppetlabs/inifile` to remove\ndeprecation warnings and to move onto the latest and greatest implementation\nof that code.\n\nIts a major release, because it may affect other dependencies since modules\ncannot have overlapping second part dependencies (that is inifile cannot be from\ntwo different locations).\n\nIt also adds the parameter `puppetdb_service_status` to the class `puppetdb` to\nallow users to specify whether the module manages the puppetdb service for you.\n\nThe `database_password` parameter is now optional, and initial Arch Linux\nsupport has been added.\n\nDetailed Changes:\n\n* (GH-73) Switch to puppetlabs/inifile from cprice/inifile (Ken Barber)\n* Make database_password an optional parameter (Nick Lewis)\n* add archlinux support (Niels Abspoel)\n* Added puppetdb service control (Akos Hencz)\n\n------------------------------------------\n\n#### 1.6.0 - 2013/08/07\n\nThis minor feature release provides extra parameters for new configuration\nitems available in PuppetDB 1.4, and also provides some older parameters\nthat were missed previously:\n\n* gc_interval\n* log_slow_statements\n* conn_max_age\n* conn_keep_alive\n* conn_lifetime\n\nConsult the README.md file, or the PuppetDB documentation for more details.\n\n------------------------------------------\n\n#### 1.5.0 - 2013/07/18\n\nThis minor feature release provides the following new functionality:\n\n* The module is now capable of managing PuppetDB on SUSE systems\n for which PuppetDB packages are available\n* The ruby code for validating the PuppetDB connection now\n supports validating on a non-SSL HTTP port.\n\n------------------------------------------\n\n#### 1.4.0 - 2013/05/13\n\nThis feature release provides support for managing the puppetdb report\nprocessor on your primary Puppet server.\n\nTo enable the report processor, you can do something like this:\n\n class { 'puppetdb::config':\n manage_report_processor => true,\n enable_reports => true\n }\n\nThis will add the 'puppetdb' report processor to the list of `reports`\ninside your primary Puppet server's `puppet.conf` file.\n\n------------------------------------------\n\n#### 1.3.0 - 2013/05/13\n\nThis feature release provides us with a few new features for the PuppetDB\nmodule.\n\nYou can now disable SSL when using the `puppetdb` class by using the new\nparameter `disable_ssl`:\n\n class { 'puppetdb':\n disable_ssl => true,\n }\n\nThis will remove the SSL settings from your `jetty.ini` configuration file\ndisabling any SSL communication. This is useful when you want to offload SSL\nto another web server, such as Apache or Nginx.\n\nWe have now added an option `java_args` for passing in Java options to\nPuppetDB. The format is a hash that is passed in when declaring the use of the\n`puppetdb` class:\n\n class { 'puppetdb':\n java_args => {\n '-Xmx' => '512m',\n '-Xms' => '256m',\n }\n }\n\nAlso, the default `report-ttl` was set to `14d` in PuppetDB to align it with an\nupcoming PE release, so we've also reflected that default here now.\n\nAnd finally we've fixed the issue whereby the options `report_ttl`, `node_ttl`,\n`node_purge_ttl` and `gc_interval` were not making the correct changes. On top\nof that you can now set these values to zero in the module, and the correct\ntime modifier (`s`, `m`, `h` etc.) will automatically get applied for you.\n\nBehind the scenes we've also added system and unit testing, which was\npreviously non-existent. This should help us reduce regression going forward.\n\nThanks to all the contributing developers in the list below that made this\nrelease possible :-).\n\n#### Changes\n\n* Allows for 0 _ttl's without time signifier and enables tests (Garrett Honeycutt)\n* Add option to disable SSL in Jetty, including tests and documentation (Christian Berg)\n* Cleaned up ghoneycutt's code a tad (Ken Barber)\n* the new settings report_ttl, node_ttl and node_purge_ttl were added but they are not working, this fixes it (fsalum)\n* Also fix gc_interval (Ken Barber)\n* Support for remote puppetdb (Filip Hrbek)\n* Added support for Java VM options (Karel Brezina)\n* Add initial rspec-system tests and scaffolding (Ken Barber)\n\n------------------------------------------\n\n#### 1.2.1 - 2013/04/08\n\nThis is a minor bugfix that solves the PuppetDB startup exception:\n\n java.lang.AssertionError: Assert failed: (string? s)\n\nThis was due to the default `node-ttl` and `node-purge-ttl` settings not having a time suffix by default. These settings required 's', 'm', 'd' etc. to be suffixed, even if they are zero.\n\n#### Changes\n\n* (Ken Barber) Add 's' suffix to period settings to avoid exceptions in PuppetDB\n\n------------------------------------------\n\n#### 1.2.0 - 2013/04/05\n\nThis release is primarily about providing full configuration file support in the module for PuppetDB 1.2.0. (The alignment of version is a coincidence I assure you :-).\n\nThis feature release adds the following new configuration parameters to the main `puppetdb` class:\n\n* node_ttl\n* node_purge_ttl (available in >=1.2.0)\n* report_ttl\n\nConsult the README for futher details about these new configurable items.\n\n##### Changes\n\n* (Nick Lewis) Add params and ini settings for node/purge/report ttls and document them\n\n------------------------------------------\n\n1.1.5\n=====\n\n2013-02-13 - Karel Brezina\n * Fix database creation so database_username, database_password and\n database_name are correctly passed during database creation.\n\n2013-01-29 - Lauren Rother\n * Change README to conform to new style and various other README improvements\n\n2013-01-17 - Chris Price\n * Improve documentation in init.pp\n\n------------------------------------------\n\n1.1.4\n=====\n\nThis is a bugfix release, mostly around fixing backward-compatibility for the\ndeprecated `manage_redhat_firewall` parameter. It wasn't actually entirely\nbackwards-compatible in the 1.1.3 release.\n\n2013-01-17 - Chris Price <chris@puppetlabs.com>\n * Fix backward compatibility of `manage_redhat_firewall` parameter (de20b44)\n\n2013-01-16 - Chris Price <chris@puppetlabs.com>\n * Fix deprecation warnings around manage_redhat_firewall (448f8bc)\n\n------------------------------------------\n\n1.1.3\n=====\n\nThis is mostly a maintenance release, to update the module dependencies to newer\nversions in preparation for some new features. This release does include some nice\nadditions around the ability to set the listen address for the HTTP port on Jetty\nand manage the firewall for that port. Thanks very much to Drew Blessing for those\nsubmissions!\n\n2013-01-15 - Chris Price <chris@puppetlabs.com>\n * Update Modulefile for 1.1.3 release (updates dependencies\n on postgres and inifile modules to the latest versions) (76bfd9e)\n\n2012-12-19 - Garrett Honeycutt <garrett@puppetlabs.com>\n * (#18228) updates README for style (fd2e990)\n\n2012-11-29 - Drew Blessing <Drew.Blessing@Buckle.com>\n * 17594 - Fixes suggested by cprice-puppet (0cf9632)\n\n2012-11-14 - Drew Blessing <Drew.Blessing@Buckle.com>\n * Adjust examples in tests to include new port params (0afc276)\n\n2012-11-13 - Drew Blessing <Drew.Blessing@Buckle.com>\n * 17594 - PuppetDB - Add ability to set standard host listen address and open firewall\n\n------------------------------------------\n\n1.1.2\n=====\n\n2012-10-26 - Chris Price <chris@puppetlabs.com> (1.1.2)\n * 1.1.2 release\n\n2012-10-26 - Chris Price <chris@puppetlabs.com>\n * Add some more missing `inherit`s for `puppetdb::params` (a72cc7c)\n\n2012-10-26 - Chris Price <chris@puppetlabs.com> (1.1.2)\n * 1.1.1 release\n\n2012-10-26 - Chris Price <chris@puppetlabs.com> (1.1.1)\n * Add missing `inherit` for `puppetdb::params` (ea9b379)\n\n2012-10-24 - Chris Price <chris@puppetlabs.com>\n * 1.1.0 release\n\n2012-10-24 - Chris Price <chris@puppetlabs.com> (1.1.0)\n * Update postgres dependency to puppetlabs/postgresql (bea79b4)\n\n2012-10-17 - Reid Vandewiele <reid@puppetlabs.com> (1.1.0)\n * Fix embedded db setup in Puppet Enterprise (bf0ab45)\n\n2012-10-17 - Chris Price <chris@puppetlabs.com> (1.1.0)\n * Update manifests/main/config.pp (b119a30)\n\n2012-10-16 - Chris Price <chris@puppetlabs.com> (1.1.0)\n * Make puppetdb startup timeout configurable (783b595)\n\n2012-10-01 - Hunter Haugen <h.haugen@gmail.com> (1.1.0)\n * Add condition to detect PE installations and provide different parameters (63f1c52)\n\n2012-10-01 - Hunter Haugen <h.haugen@gmail.com> (1.1.0)\n * Add example manifest code for pe primary Puppet server (a598edc)\n\n2012-10-01 - Chris Price <chris@puppetlabs.com> (1.1.0)\n * Update comments and docs w/rt PE params (b5df5d9)\n\n2012-10-01 - Hunter Haugen <h.haugen@gmail.com> (1.1.0)\n * Adding pe_puppetdb tests class (850e039)\n\n2012-09-28 - Hunter Haugen <h.haugen@gmail.com> (1.1.0)\n * Add parameters to enable usage of enterprise versions of PuppetDB (df6f7cc)\n\n2012-09-23 - Chris Price <chris@puppetlabs.com>\n * 1.0.3 release\n\n2012-09-23 - Chris Price <chris@puppetlabs.com>\n * Add a parameter for restarting primary Puppet server (179b337)\n\n2012-09-21 - Chris Price <chris@puppetlabs.com>\n * 1.0.2 release\n\n2012-09-21 - Chris Price <chris@puppetlabs.com>\n * Pass 'manage_redhat_firewall' param through to postgres (f21740b)\n\n2012-09-20 - Chris Price <chris@puppetlabs.com>\n * 1.0.1 release\n\n2012-09-20 - Garrett Honeycutt <garrett@puppetlabs.com>\n * complies with style guide (1aab5d9)\n\n2012-09-19 - Chris Price <chris@puppetlabs.com>\n * Fix invalid subname in database.ini (be683b7)\n\n2011-09-18 Chris Price <chris@puppetlabs.com> - 1.0.0\n* Initial 1.0.0 release\n</pre></section>",
|
|
3257
3257
|
"license": "<section class=\"plaintext\"><pre>\n Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n "License" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n "Licensor" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n "Legal Entity" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n "control" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n "You" (or "Your") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n "Source" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n "Object" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n "Work" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n "Derivative Works" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n "Contribution" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, "submitted"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as "Not a Contribution."\n\n "Contributor" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a "NOTICE" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets "[]"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same "printed page" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright [yyyy] [name of copyright owner]\n\n Licensed under the Apache License, Version 2.0 (the "License");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n</pre></section>",
|
|
3258
3258
|
"created_at": "2013-10-29 13:14:09 -0700",
|
|
3259
3259
|
"updated_at": "2013-10-29 13:14:09 -0700",
|
|
@@ -3498,7 +3498,7 @@
|
|
|
3498
3498
|
"file_size": 18274,
|
|
3499
3499
|
"file_md5": "6bc620a4e1043a1888596a6826c7a862",
|
|
3500
3500
|
"downloads": 9442,
|
|
3501
|
-
"readme": "<section class=\"markdown\"><p><a href=\"https://travis-ci.org/cprice-puppet/puppetlabs-inifile\"><img src=\"https://travis-ci.org/cprice-puppet/puppetlabs-inifile.png?branch=
|
|
3501
|
+
"readme": "<section class=\"markdown\"><p><a href=\"https://travis-ci.org/cprice-puppet/puppetlabs-inifile\"><img src=\"https://travis-ci.org/cprice-puppet/puppetlabs-inifile.png?branch=main\" alt=\"Build Status\"></a></p>\n\n<h1>NOTE: this module has been moved to the <a href=\"https://github.com/puppetlabs/puppetlabs-inifile\">Puppet Labs</a> namespace.</h1>\n\n<hr>\n\n<h1>INI-file module</h1>\n\n<p>This module provides resource types for use in managing INI-style configuration\nfiles. The main resource type is <code>ini_setting</code>, which is used to manage an\nindividual setting in an INI file. Here's an example usage:</p>\n\n<pre><code>ini_setting { "sample setting":\n path => '/tmp/foo.ini',\n section => 'foo',\n setting => 'foosetting',\n value => 'FOO!',\n ensure => present,\n}\n</code></pre>\n\n<p>A supplementary resource type is <code>ini_subsetting</code>, which is used to manage\nsettings that consist of several arguments such as</p>\n\n<pre><code>JAVA_ARGS="-Xmx192m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/pe-puppetdb/puppetdb-oom.hprof "\n\nini_subsetting {'sample subsetting':\n ensure => present,\n section => '',\n key_val_separator => '=',\n path => '/etc/default/pe-puppetdb',\n setting => 'JAVA_ARGS',\n subsetting => '-Xmx',\n value => '512m',\n}\n</code></pre>\n\n<h2>implementing child providers:</h2>\n\n<p>The ini_setting class can be overridden by child providers in order to implement the management of ini settings for a specific configuration file.</p>\n\n<p>In order to implement this, you will need to specify your own Type (as shown below). This type needs to implement a namevar (name), and a property called value:</p>\n\n<p>example:</p>\n\n<pre><code>#my_module/lib/puppet/type/glance_api_config.rb\nPuppet::Type.newtype(:glance_api_config) do\n ensurable\n newparam(:name, :namevar => true) do\n desc 'Section/setting name to manage from glance-api.conf'\n # namevar should be of the form section/setting\n newvalues(/\\S+\\/\\S+/)\n end\n newproperty(:value) do\n desc 'The value of the setting to be defined.'\n munge do |v|\n v.to_s.strip\n end\n end\nend\n</code></pre>\n\n<p>This type also must have a provider that utilizes the ini_setting provider as its parent:</p>\n\n<p>example:</p>\n\n<pre><code># my_module/lib/puppet/provider/glance_api_config/ini_setting.rb\nPuppet::Type.type(:glance_api_config).provide(\n :ini_setting,\n # set ini_setting as the parent provider\n :parent => Puppet::Type.type(:ini_setting).provider(:ruby)\n) do\n # implement section as the first part of the namevar\n def section\n resource[:name].split('/', 2).first\n end\n def setting\n # implement setting as the second part of the namevar\n resource[:name].split('/', 2).last\n end\n # hard code the file path (this allows purging)\n def self.file_path\n '/etc/glance/glance-api.conf'\n end\nend\n</code></pre>\n\n<p>Now, the individual settings of the /etc/glance/glance-api.conf file can be managed as individual resources:</p>\n\n<pre><code>glance_api_config { 'HEADER/important_config':\n value => 'secret_value',\n}\n</code></pre>\n\n<p>Provided that self.file_path has been implemented, you can purge with the following puppet syntax:</p>\n\n<pre><code>resources { 'glance_api_config'\n purge => true,\n}\n</code></pre>\n\n<p>If the above code is added, then the resulting configured file will only contain lines implemented as Puppet resources</p>\n\n<h2>A few noteworthy features:</h2>\n\n<ul>\n<li>The module tries <em>hard</em> not to manipulate your file any more than it needs to.\nIn most cases, it should leave the original whitespace, comments, ordering,\netc. perfectly intact.</li>\n<li>Supports comments starting with either '#' or ';'.</li>\n<li>Will add missing sections if they don't exist.</li>\n<li>Supports a "global" section (settings that go at the beginning of the file,\nbefore any named sections) by specifying a section name of "".</li>\n</ul>\n</section>",
|
|
3502
3502
|
"changelog": "<section class=\"plaintext\"><pre>2013-05-28 - Chris Price <chris@puppetlabs.com> - 0.10.3\n * Fix bug in subsetting handling for new settings (cbea5dc)\n\n2013-05-22 - Chris Price <chris@puppetlabs.com> - 0.10.2\n * Better handling of quotes for subsettings (1aa7e60)\n\n2013-05-21 - Chris Price <chris@puppetlabs.com> - 0.10.1\n * Change constants to class variables to avoid ruby warnings (6b19864)\n\n2013-04-10 - Erik Dalén <dalen@spotify.com> - 0.10.1\n * Style fixes (c4af8c3)\n\n2013-04-02 - Dan Bode <dan@puppetlabs.com> - 0.10.1\n * Add travisfile and Gemfile (c2052b3)\n\n2013-04-02 - Chris Price <chris@puppetlabs.com> - 0.10.1\n * Update README.markdown (ad38a08)\n\n2013-02-15 - Karel Brezina <karel.brezina@gmail.com> - 0.10.0\n * Added 'ini_subsetting' custom resource type (4351d8b)\n\n2013-03-11 - Dan Bode <dan@puppetlabs.com> - 0.10.0\n * guard against nil indentation values (5f71d7f)\n\n2013-01-07 - Dan Bode <dan@puppetlabs.com> - 0.10.0\n * Add purging support to ini file (2f22483)\n\n2013-02-05 - James Sweeny <james.sweeny@puppetlabs.com> - 0.10.0\n * Fix test to use correct key_val_parameter (b1aff63)\n\n2012-11-06 - Chris Price <chris@puppetlabs.com> - 0.10.0\n * Added license file w/Apache 2.0 license (5e1d203)\n\n2012-11-02 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Version 0.9.0 released\n\n2012-10-26 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Add detection for commented versions of settings (a45ab65)\n\n2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Refactor to clarify implementation of `save` (f0d443f)\n\n2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Add example for `ensure=absent` (e517148)\n\n2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Better handling of whitespace lines at ends of sections (845fa70)\n\n2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Respect indentation / spacing for existing sections and settings (c2c26de)\n\n2012-10-17 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Minor tweaks to handling of removing settings (cda30a6)\n\n2012-10-10 - Dan Bode <dan@puppetlabs.com> - 0.9.0\n * Add support for removing lines (1106d70)\n\n2012-10-02 - Dan Bode <dan@puppetlabs.com> - 0.9.0\n * Make value a property (cbc90d3)\n\n2012-10-02 - Dan Bode <dan@puppetlabs.com> - 0.9.0\n * Make ruby provider a better parent. (1564c47)\n\n2012-09-29 - Reid Vandewiele <reid@puppetlabs.com> - 0.9.0\n * Allow values with spaces to be parsed and set (3829e20)\n\n2012-09-24 - Chris Price <chris@pupppetlabs.com> - 0.0.3\n * Version 0.0.3 released\n\n2012-09-20 - Chris Price <chris@puppetlabs.com> - 0.0.3\n * Add validation for key_val_separator (e527908)\n\n2012-09-19 - Chris Price <chris@puppetlabs.com> - 0.0.3\n * Allow overriding separator string between key/val pairs (8d1fdc5)\n\n2012-08-20 - Chris Price <chris@pupppetlabs.com> - 0.0.2\n * Version 0.0.2 released\n\n2012-08-17 - Chris Price <chris@pupppetlabs.com> - 0.0.2\n * Add support for "global" section at beginning of file (c57dab4)\n</pre></section>",
|
|
3503
3503
|
"license": "<section class=\"plaintext\"><pre> Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n "License" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n "Licensor" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n "Legal Entity" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n "control" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n "You" (or "Your") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n "Source" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n "Object" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n "Work" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n "Derivative Works" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n "Contribution" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, "submitted"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as "Not a Contribution."\n\n "Contributor" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a "NOTICE" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets "[]"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same "printed page" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright 2012 Chris Price\n\n Licensed under the Apache License, Version 2.0 (the "License");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n</pre></section>",
|
|
3504
3504
|
"created_at": "2013-07-24 17:17:16 -0700",
|
|
@@ -4153,7 +4153,7 @@
|
|
|
4153
4153
|
"file_size": 14873,
|
|
4154
4154
|
"file_md5": "ec56c205fb566e93a5845476d7cd2966",
|
|
4155
4155
|
"downloads": 542,
|
|
4156
|
-
"readme": "<section class=\"markdown\"><h1>mongodb puppet module</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-mongodb\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-mongodb.png?branch=master\" alt=\"Build Status\"></a></p>\n\n<h4>Table of Contents</h4>\n\n<ol>\n<li><a href=\"#overview\">Overview</a></li>\n<li><a href=\"#module-description\">Module Description - What does the module do?</a></li>\n<li><a href=\"#setup\">Setup - The basics of getting started with mongodb</a></li>\n<li><a href=\"#usage\">Usage - Configuration options and additional functionality</a></li>\n<li><a href=\"#reference\">Reference - An under-the-hood peek at what the module is doing and how</a></li>\n<li><a href=\"#limitations\">Limitations - OS compatibility, etc.</a></li>\n<li><a href=\"#development\">Development - Guide for contributing to the module</a></li>\n</ol>\n\n<h2>Overview</h2>\n\n<p>Installs MongoDB on RHEL/Ubuntu/Debian from OS repo, or alternatively from\n10gen repository <a href=\"http://www.mongodb.org/display/DOCS/Ubuntu+and+Debian+packages\">installation documentation</a>.</p>\n\n<h3>Deprecation Warning</h3>\n\n<p>This release is a major refactoring of the module which means that the API may\nhave changed in backwards incompatible ways. If your project depends on the old API, \nplease pin your dependencies to 0.3 version to ensure your environments don't break.</p>\n\n<p>The current module design is undergoing review for potential 1.0 release. We welcome\nany feedback with regard to the APIs and patterns used in this release.</p>\n\n<h2>Module Description</h2>\n\n<p>The MongoDB module manages mongod server installation and configuration of the mongod daemon. For the time being it supports only a single\nMongoDB server instance, without sharding and limited replica set \nfunctionality (you can define the replica set parameter in the config file, however\nrs.initiate() has to be done manually).</p>\n\n<h2>Setup</h2>\n\n<h3>What MongoDB affects</h3>\n\n<ul>\n<li>MongoDB package.</li>\n<li>MongoDB configuration files.</li>\n<li>MongoDB service.</li>\n<li>10gen/mongodb apt/yum repository.</li>\n</ul>\n\n<h3>Beginning with MongoDB</h3>\n\n<p>If you just want a server installation with the default options you can run\n<code>include '::mongodb:server'</code>. If you need to customize configuration\noptions you need to do the following:</p>\n\n<pre lang=\"puppet\"><code>class {'::mongodb::server':\n port => 27018,\n verbose => true,\n}\n</code></pre>\n\n<p>Although most distro comes with a prepacked MongoDB server we recommend to\nuse the 10gen/MongoDB software repository, because most of the current OS\npackages are outdated and not appropriate for a production environment.\nTo install MongoDB from 10gen repository:</p>\n\n<pre lang=\"puppet\"><code>class {'::mongodb::globals':\n manage_package_repo => true,\n}->\nclass {'::mongodb::server': }\n</code></pre>\n\n<h2>Usage</h2>\n\n<p>Most of the interaction for the server is done via <code>mongodb::server</code>. For\nmore options please have a look at <a href=\"#class-mongodbserver\">monogbd::server</a>.\nAlso in this version we introduced <code>mongodb::globals</code>, which is meant more\nfor future implementation, where you can configure the main settings for\nthis module in a global way, to be used by other classes and defined resources. \nOn its own it does nothing.</p>\n\n<h2>Reference</h2>\n\n<h3>Classes</h3>\n\n<h4>Public classes</h4>\n\n<ul>\n<li><code>mongodb::server</code>: Installs and configure MongoDB</li>\n<li><code>mongodb::globals</code>: Configure main settings on a global way</li>\n</ul>\n\n<h4>Private classes</h4>\n\n<ul>\n<li><code>mongodb::repo</code>: Manage 10gen/MongoDB software repository</li>\n<li><code>mongodb::repo::apt</code>: Manage Debian/Ubuntu apt 10gen/MongoDB repository</li>\n<li><code>mongodb::repo::yum</code>: Manage Redhat/CentOS apt 10gen/MongoDB repository</li>\n<li><code>mongodb::server::config</code>: Configures MongoDB configuration files</li>\n<li><code>mongodb::server::install</code>: Install MongoDB software packages</li>\n<li><code>mongodb::server::service</code>: Manages service</li>\n</ul>\n\n<h4>Class: mongodb::globals</h4>\n\n<p><em>Note:</em> most server specific defaults should be overridden in the <code>mongodb::server</code>\nclass. This class should only be used if you are using a non-standard OS or\nif you are changing elements such as <code>version</code> or <code>manage_package_repo</code> that\ncan only be changed here.</p>\n\n<p>This class allows you to configure the main settings for this module in a\nglobal way, to be used by the other classes and defined resources. On its\nown it does nothing.</p>\n\n<h5><code>server_package_name</code></h5>\n\n<p>This setting can be used to override the default MongoDB server package\nname. If not specified, the module will use whatever package name is the\ndefault for your OS distro.</p>\n\n<h5><code>service_name</code></h5>\n\n<p>This setting can be used to override the default MongoDB service name. If not\nspecified, the module will use whatever service name is the default for your OS distro.</p>\n\n<h5><code>service_provider</code></h5>\n\n<p>This setting can be used to override the default MongoDB service provider. If\nnot specified, the module will use whatever service provider is the default for\nyour OS distro.</p>\n\n<h5><code>service_status</code></h5>\n\n<p>This setting can be used to override the default status check command for\nyour MongoDB service. If not specified, the module will use whatever service\nname is the default for your OS distro.</p>\n\n<h5><code>user</code></h5>\n\n<p>This setting can be used to override the default MongoDB user and owner of the\nservice and related files in the file system. If not specified, the module will\nuse the default for your OS distro.</p>\n\n<h5><code>group</code></h5>\n\n<p>This setting can be used to override the default MongoDB user group to be used\nfor related files in the file system. If not specified, the module will use\nthe default for your OS distro.</p>\n\n<h5><code>bind_ip</code></h5>\n\n<p>This setting can be used to configure MonogDB process to bind to and listen\nfor connections from applications on this address. If not specified, the\nmodule will use the default for your OS distro.\n<em>Note:</em> This value should be passed an an array.</p>\n\n<h5><code>version</code></h5>\n\n<p>The version of MonogDB to install/manage. This is a simple way of providing\na specific version such as '2.2' or '2.4' for example. If not specified,\nthe module will use the default for your OS distro.</p>\n\n<h4>Class: mongodb::server</h4>\n\n<p>Most of the parameters manipulates the mongod.conf file. </p>\n\n<p>For more details about configuration parameters consult the <a href=\"http://docs.mongodb.org/manual/reference/configuration-options/\">MongoDB Configuration File Options</a>.</p>\n\n<h5><code>ensure</code></h5>\n\n<p>enable or disable the service</p>\n\n<h5><code>config</code></h5>\n\n<p>Path of the config file. If not specified, the module will use the default\nfor your OS distro.</p>\n\n<h5><code>dbpath</code></h5>\n\n<p>Set this value to designate a directory for the mongod instance to store\nit's data. If not specified, the module will use the default for your OS distro.</p>\n\n<h5><code>pidfilepath</code></h5>\n\n<p>Specify a file location to hold the PID or process ID of the mongod process.\nIf not specified, the module will use the default for your OS distro.</p>\n\n<h5><code>logpath</code></h5>\n\n<p>Specify the path to a file name for the log file that will hold all diagnostic\nlogging information. Unless specified, mongod will output all log information\nto the standard output.</p>\n\n<h5><code>bind_ip</code></h5>\n\n<p>Set this option to configure the mongod or mongos process to bind to and listen\nfor connections from applications on this address. If not specified, the module\nwill use the default for your OS distro. Example: bind_ip=['127.0.0.1', '192.168.0.3']\n<em>Note</em>: bind_ip accept array as a value. </p>\n\n<h5><code>logappend</code></h5>\n\n<p>Set to true to add new entries to the end of the logfile rather than overwriting\nthe content of the log when the process restarts. Default: True</p>\n\n<h5><code>fork</code></h5>\n\n<p>Set to true to enable database authentication for users connecting from remote\nhosts. If not specified, the module will use the default for your OS distro.</p>\n\n<h5><code>port</code></h5>\n\n<p>Specifies a TCP port for the server instance to listen for client connections. \nDefault: 27017</p>\n\n<h5><code>journal</code></h5>\n\n<p>Set to true to enable operation journaling to ensure write durability and\ndata consistency. Default: on 64-bit systems true and on 32-bit systems false</p>\n\n<h5><code>nojournal</code></h5>\n\n<p>Set nojournal = true to disable durability journaling. By default, mongod\nenables journaling in 64-bit versions after v2.0. \nDefault: on 64-bit systems false and on 32-bit systems true</p>\n\n<p><em>Note</em>: You must use journal to enable journaling on 32-bit systems.</p>\n\n<h5><code>smallfiles</code></h5>\n\n<p>Set to true to modify MongoDB to use a smaller default data file size. \nSpecifically, smallfiles reduces the initial size for data files and\nlimits them to 512 megabytes. Default: false</p>\n\n<h5><code>cpu</code></h5>\n\n<p>Set to true to force mongod to report every four seconds CPU utilization\nand the amount of time that the processor waits for I/O operations to\ncomplete (i.e. I/O wait.) Default: false</p>\n\n<h5><code>auth</code></h5>\n\n<p>Set to true to enable database authentication for users connecting from\nremote hosts. If no users exist, the localhost interface will continue\nto have access to the database until you create the first user. \nDefault: false</p>\n\n<h5><code>noauth</code></h5>\n\n<p>Disable authentication. Currently the default. Exists for future compatibility\n and clarity.</p>\n\n<h5><code>verbose</code></h5>\n\n<p>Increases the amount of internal reporting returned on standard output or in\nthe log file generated by <code>logpath</code>. Default: false</p>\n\n<h5><code>verbositylevel</code></h5>\n\n<p>MongoDB has the following levels of verbosity: v, vv, vvv, vvvv and vvvvv.\nDefault: None</p>\n\n<h5><code>objcheck</code></h5>\n\n<p>Forces the mongod to validate all requests from clients upon receipt to ensure\nthat clients never insert invalid documents into the database. \nDefault: on v2.4 default to true and on earlier version to false</p>\n\n<h5><code>quota</code></h5>\n\n<p>Set to true to enable a maximum limit for the number data files each database\ncan have. The default quota is 8 data files, when quota is true. Default: false</p>\n\n<h5><code>quotafiles</code></h5>\n\n<p>Modify limit on the number of data files per database. This option requires the\n<code>quota</code> setting. Default: 8</p>\n\n<h5><code>diaglog</code></h5>\n\n<p>Creates a very verbose diagnostic log for troubleshooting and recording various\nerrors. Valid values: 0, 1, 2, 3 and 7. \nFor more information please refer to <a href=\"http://docs.mongodb.org/manual/reference/configuration-options/\">MongoDB Configuration File Options</a>.</p>\n\n<h5><code>directoryperdb</code></h5>\n\n<p>Set to true to modify the storage pattern of the data directory to store each\ndatabase’s files in a distinct folder. Default: false</p>\n\n<h5><code>profile</code></h5>\n\n<p>Modify this value to changes the level of database profiling, which inserts\ninformation about operation performance into output of mongod or the\nlog file if specified by <code>logpath</code>.</p>\n\n<h5><code>maxconns</code></h5>\n\n<p>Specifies a value to set the maximum number of simultaneous connections\nthat MongoDB will accept. Default: depends on system (i.e. ulimit and file descriptor)\nlimits. Unless set, MongoDB will not limit its own connections.</p>\n\n<h5><code>oplog_size</code></h5>\n\n<p>Specifies a maximum size in megabytes for the replication operation log \n(e.g. oplog.) mongod creates an oplog based on the maximum amount of space\navailable. For 64-bit systems, the oplog is typically 5% of available disk space.</p>\n\n<h5><code>nohints</code></h5>\n\n<p>Ignore query hints. Default: None</p>\n\n<h5><code>nohttpinterface</code></h5>\n\n<p>Set to true to disable the HTTP interface. This command will override the rest\nand disable the HTTP interface if you specify both. Default: false</p>\n\n<h5><code>noscripting</code></h5>\n\n<p>Set noscripting = true to disable the scripting engine. Default: false</p>\n\n<h5><code>notablescan</code></h5>\n\n<p>Set notablescan = true to forbid operations that require a table scan. Default: false</p>\n\n<h5><code>noprealloc</code></h5>\n\n<p>Set noprealloc = true to disable the preallocation of data files. This will shorten\nthe start up time in some cases, but can cause significant performance penalties\nduring normal operations. Default: false</p>\n\n<h5><code>nssize</code></h5>\n\n<p>Use this setting to control the default size for all newly created namespace f\niles (i.e .ns). Default: 16</p>\n\n<h5><code>mms_token</code></h5>\n\n<p>MMS token for mms monitoring. Default: None</p>\n\n<h5><code>mms_name</code></h5>\n\n<p>MMS identifier for mms monitoring. Default: None</p>\n\n<h5><code>mms_interval</code></h5>\n\n<p>MMS interval for mms monitoring. Default: None</p>\n\n<h5><code>replset</code></h5>\n\n<p>Use this setting to configure replication with replica sets. Specify a replica\nset name as an argument to this set. All hosts must have the same set name.</p>\n\n<h5><code>rest</code></h5>\n\n<p>Set to true to enable a simple REST interface. Default: false</p>\n\n<h5><code>slowms</code></h5>\n\n<p>Sets the threshold for mongod to consider a query “slow” for the database profiler. \nDefault: 100 ms</p>\n\n<h5><code>keyfile</code></h5>\n\n<p>Specify the path to a key file to store authentication information. This option \nis only useful for the connection between replica set members. Default: None</p>\n\n<h5><code>master</code></h5>\n\n<p>Set to true to configure the current instance to act as master instance in a\nreplication configuration. Default: False <em>Note</em>: deprecated – use replica sets</p>\n\n<h5><code>slave</code></h5>\n\n<p>Set to true to configure the current instance to act as slave instance in a\nreplication configuration. Default: false\n<em>Note</em>: deprecated – use replica sets</p>\n\n<h5><code>only</code></h5>\n\n<p>Used with the slave option, only specifies only a single database to\nreplicate. Default: <> \n<em>Note</em>: deprecated – use replica sets</p>\n\n<h5><code>source</code></h5>\n\n<p>Used with the slave setting to specify the master instance from which\nthis slave instance will replicate. Default: <> \n<em>Note</em>: deprecated – use replica sets</p>\n\n<h2>Limitation</h2>\n\n<p>This module has been tested on:</p>\n\n<ul>\n<li>Debian 7.* (Wheezy)</li>\n<li>Debian 6.* (squeeze)</li>\n<li>Ubuntu 12.04.2 (precise)</li>\n<li>Ubuntu 10.04.4 LTS (lucid)</li>\n<li>RHEL 5/6</li>\n<li>CentOS 5/6</li>\n</ul>\n\n<p>For a for list of tested OS please have a look at the <a href=\"https://github.com/puppetlabs/puppetlabs-mongodb/blob/master/.nodeset.yml\">.nodeset.xml</a> definition.</p>\n\n<h2>Development</h2>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community\ncontributions are essential for keeping them great. We can’t access the\nhuge number of platforms and myriad of hardware, software, and deployment\nconfigurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our\nmodules work in your environment. There are a few guidelines that we need\ncontributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n\n<h3>Testing</h3>\n\n<p>There are two types of tests distributed with this module. Unit tests with\nrspec-puppet and system tests using rspec-system.</p>\n\n<p>unit tests should be run under Bundler with the gem versions as specified\nin the Gemfile. To install the necessary gems:</p>\n\n<pre><code>bundle install --path=vendor\n</code></pre>\n\n<p>Test setup and teardown is handled with rake tasks, so the\nsupported way of running tests is with </p>\n\n<pre><code>bundle exec rake spec\n</code></pre>\n\n<p>For system test you will also need to install vagrant > 1.3.x and virtualbox > 4.2.10.\nTo run the system tests</p>\n\n<pre><code>bundle exec rake spec:system\n</code></pre>\n\n<p>To run the tests on different operating systems, see the sets available in <a href=\"https://github.com/puppetlabs/puppetlabs-mongodb/blob/master/.nodeset.yml\">.nodeset.xml</a>\nand run the specific set with the following syntax:</p>\n\n<pre><code>RSPEC_SET=ubuntu-server-12042-x64 bundle exec rake spec:system\n</code></pre>\n\n<h3>Authors</h3>\n\n<p>We would like to thank everyone who has contributed issues and pull requests to this modules.\nA complete list of contributors can be found on the \n<a href=\"https://github.com/puppetlabs/puppetlabs-mongodb/graphs/contributors\">GitHub Contributor Graph</a>\nfor the <a href=\"https://github.com/puppetlabs/puppetlabs-mongodb\">puppetlabs-mongodb module</a>.</p>\n</section>",
|
|
4156
|
+
"readme": "<section class=\"markdown\"><h1>mongodb puppet module</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-mongodb\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-mongodb.png?branch=main\" alt=\"Build Status\"></a></p>\n\n<h4>Table of Contents</h4>\n\n<ol>\n<li><a href=\"#overview\">Overview</a></li>\n<li><a href=\"#module-description\">Module Description - What does the module do?</a></li>\n<li><a href=\"#setup\">Setup - The basics of getting started with mongodb</a></li>\n<li><a href=\"#usage\">Usage - Configuration options and additional functionality</a></li>\n<li><a href=\"#reference\">Reference - An under-the-hood peek at what the module is doing and how</a></li>\n<li><a href=\"#limitations\">Limitations - OS compatibility, etc.</a></li>\n<li><a href=\"#development\">Development - Guide for contributing to the module</a></li>\n</ol>\n\n<h2>Overview</h2>\n\n<p>Installs MongoDB on RHEL/Ubuntu/Debian from OS repo, or alternatively from\n10gen repository <a href=\"http://www.mongodb.org/display/DOCS/Ubuntu+and+Debian+packages\">installation documentation</a>.</p>\n\n<h3>Deprecation Warning</h3>\n\n<p>This release is a major refactoring of the module which means that the API may\nhave changed in backwards incompatible ways. If your project depends on the old API, \nplease pin your dependencies to 0.3 version to ensure your environments don't break.</p>\n\n<p>The current module design is undergoing review for potential 1.0 release. We welcome\nany feedback with regard to the APIs and patterns used in this release.</p>\n\n<h2>Module Description</h2>\n\n<p>The MongoDB module manages mongod server installation and configuration of the mongod daemon. For the time being it supports only a single\nMongoDB server instance, without sharding and limited replica set \nfunctionality (you can define the replica set parameter in the config file, however\nrs.initiate() has to be done manually).</p>\n\n<h2>Setup</h2>\n\n<h3>What MongoDB affects</h3>\n\n<ul>\n<li>MongoDB package.</li>\n<li>MongoDB configuration files.</li>\n<li>MongoDB service.</li>\n<li>10gen/mongodb apt/yum repository.</li>\n</ul>\n\n<h3>Beginning with MongoDB</h3>\n\n<p>If you just want a server installation with the default options you can run\n<code>include '::mongodb:server'</code>. If you need to customize configuration\noptions you need to do the following:</p>\n\n<pre lang=\"puppet\"><code>class {'::mongodb::server':\n port => 27018,\n verbose => true,\n}\n</code></pre>\n\n<p>Although most distro comes with a prepacked MongoDB server we recommend to\nuse the 10gen/MongoDB software repository, because most of the current OS\npackages are outdated and not appropriate for a production environment.\nTo install MongoDB from 10gen repository:</p>\n\n<pre lang=\"puppet\"><code>class {'::mongodb::globals':\n manage_package_repo => true,\n}->\nclass {'::mongodb::server': }\n</code></pre>\n\n<h2>Usage</h2>\n\n<p>Most of the interaction for the server is done via <code>mongodb::server</code>. For\nmore options please have a look at <a href=\"#class-mongodbserver\">monogbd::server</a>.\nAlso in this version we introduced <code>mongodb::globals</code>, which is meant more\nfor future implementation, where you can configure the main settings for\nthis module in a global way, to be used by other classes and defined resources. \nOn its own it does nothing.</p>\n\n<h2>Reference</h2>\n\n<h3>Classes</h3>\n\n<h4>Public classes</h4>\n\n<ul>\n<li><code>mongodb::server</code>: Installs and configure MongoDB</li>\n<li><code>mongodb::globals</code>: Configure main settings on a global way</li>\n</ul>\n\n<h4>Private classes</h4>\n\n<ul>\n<li><code>mongodb::repo</code>: Manage 10gen/MongoDB software repository</li>\n<li><code>mongodb::repo::apt</code>: Manage Debian/Ubuntu apt 10gen/MongoDB repository</li>\n<li><code>mongodb::repo::yum</code>: Manage Redhat/CentOS apt 10gen/MongoDB repository</li>\n<li><code>mongodb::server::config</code>: Configures MongoDB configuration files</li>\n<li><code>mongodb::server::install</code>: Install MongoDB software packages</li>\n<li><code>mongodb::server::service</code>: Manages service</li>\n</ul>\n\n<h4>Class: mongodb::globals</h4>\n\n<p><em>Note:</em> most server specific defaults should be overridden in the <code>mongodb::server</code>\nclass. This class should only be used if you are using a non-standard OS or\nif you are changing elements such as <code>version</code> or <code>manage_package_repo</code> that\ncan only be changed here.</p>\n\n<p>This class allows you to configure the main settings for this module in a\nglobal way, to be used by the other classes and defined resources. On its\nown it does nothing.</p>\n\n<h5><code>server_package_name</code></h5>\n\n<p>This setting can be used to override the default MongoDB server package\nname. If not specified, the module will use whatever package name is the\ndefault for your OS distro.</p>\n\n<h5><code>service_name</code></h5>\n\n<p>This setting can be used to override the default MongoDB service name. If not\nspecified, the module will use whatever service name is the default for your OS distro.</p>\n\n<h5><code>service_provider</code></h5>\n\n<p>This setting can be used to override the default MongoDB service provider. If\nnot specified, the module will use whatever service provider is the default for\nyour OS distro.</p>\n\n<h5><code>service_status</code></h5>\n\n<p>This setting can be used to override the default status check command for\nyour MongoDB service. If not specified, the module will use whatever service\nname is the default for your OS distro.</p>\n\n<h5><code>user</code></h5>\n\n<p>This setting can be used to override the default MongoDB user and owner of the\nservice and related files in the file system. If not specified, the module will\nuse the default for your OS distro.</p>\n\n<h5><code>group</code></h5>\n\n<p>This setting can be used to override the default MongoDB user group to be used\nfor related files in the file system. If not specified, the module will use\nthe default for your OS distro.</p>\n\n<h5><code>bind_ip</code></h5>\n\n<p>This setting can be used to configure MonogDB process to bind to and listen\nfor connections from applications on this address. If not specified, the\nmodule will use the default for your OS distro.\n<em>Note:</em> This value should be passed an an array.</p>\n\n<h5><code>version</code></h5>\n\n<p>The version of MonogDB to install/manage. This is a simple way of providing\na specific version such as '2.2' or '2.4' for example. If not specified,\nthe module will use the default for your OS distro.</p>\n\n<h4>Class: mongodb::server</h4>\n\n<p>Most of the parameters manipulates the mongod.conf file. </p>\n\n<p>For more details about configuration parameters consult the <a href=\"http://docs.mongodb.org/manual/reference/configuration-options/\">MongoDB Configuration File Options</a>.</p>\n\n<h5><code>ensure</code></h5>\n\n<p>enable or disable the service</p>\n\n<h5><code>config</code></h5>\n\n<p>Path of the config file. If not specified, the module will use the default\nfor your OS distro.</p>\n\n<h5><code>dbpath</code></h5>\n\n<p>Set this value to designate a directory for the mongod instance to store\nit's data. If not specified, the module will use the default for your OS distro.</p>\n\n<h5><code>pidfilepath</code></h5>\n\n<p>Specify a file location to hold the PID or process ID of the mongod process.\nIf not specified, the module will use the default for your OS distro.</p>\n\n<h5><code>logpath</code></h5>\n\n<p>Specify the path to a file name for the log file that will hold all diagnostic\nlogging information. Unless specified, mongod will output all log information\nto the standard output.</p>\n\n<h5><code>bind_ip</code></h5>\n\n<p>Set this option to configure the mongod or mongos process to bind to and listen\nfor connections from applications on this address. If not specified, the module\nwill use the default for your OS distro. Example: bind_ip=['127.0.0.1', '192.168.0.3']\n<em>Note</em>: bind_ip accept array as a value. </p>\n\n<h5><code>logappend</code></h5>\n\n<p>Set to true to add new entries to the end of the logfile rather than overwriting\nthe content of the log when the process restarts. Default: True</p>\n\n<h5><code>fork</code></h5>\n\n<p>Set to true to enable database authentication for users connecting from remote\nhosts. If not specified, the module will use the default for your OS distro.</p>\n\n<h5><code>port</code></h5>\n\n<p>Specifies a TCP port for the server instance to listen for client connections. \nDefault: 27017</p>\n\n<h5><code>journal</code></h5>\n\n<p>Set to true to enable operation journaling to ensure write durability and\ndata consistency. Default: on 64-bit systems true and on 32-bit systems false</p>\n\n<h5><code>nojournal</code></h5>\n\n<p>Set nojournal = true to disable durability journaling. By default, mongod\nenables journaling in 64-bit versions after v2.0. \nDefault: on 64-bit systems false and on 32-bit systems true</p>\n\n<p><em>Note</em>: You must use journal to enable journaling on 32-bit systems.</p>\n\n<h5><code>smallfiles</code></h5>\n\n<p>Set to true to modify MongoDB to use a smaller default data file size. \nSpecifically, smallfiles reduces the initial size for data files and\nlimits them to 512 megabytes. Default: false</p>\n\n<h5><code>cpu</code></h5>\n\n<p>Set to true to force mongod to report every four seconds CPU utilization\nand the amount of time that the processor waits for I/O operations to\ncomplete (i.e. I/O wait.) Default: false</p>\n\n<h5><code>auth</code></h5>\n\n<p>Set to true to enable database authentication for users connecting from\nremote hosts. If no users exist, the localhost interface will continue\nto have access to the database until you create the first user. \nDefault: false</p>\n\n<h5><code>noauth</code></h5>\n\n<p>Disable authentication. Currently the default. Exists for future compatibility\n and clarity.</p>\n\n<h5><code>verbose</code></h5>\n\n<p>Increases the amount of internal reporting returned on standard output or in\nthe log file generated by <code>logpath</code>. Default: false</p>\n\n<h5><code>verbositylevel</code></h5>\n\n<p>MongoDB has the following levels of verbosity: v, vv, vvv, vvvv and vvvvv.\nDefault: None</p>\n\n<h5><code>objcheck</code></h5>\n\n<p>Forces the mongod to validate all requests from clients upon receipt to ensure\nthat clients never insert invalid documents into the database. \nDefault: on v2.4 default to true and on earlier version to false</p>\n\n<h5><code>quota</code></h5>\n\n<p>Set to true to enable a maximum limit for the number data files each database\ncan have. The default quota is 8 data files, when quota is true. Default: false</p>\n\n<h5><code>quotafiles</code></h5>\n\n<p>Modify limit on the number of data files per database. This option requires the\n<code>quota</code> setting. Default: 8</p>\n\n<h5><code>diaglog</code></h5>\n\n<p>Creates a very verbose diagnostic log for troubleshooting and recording various\nerrors. Valid values: 0, 1, 2, 3 and 7. \nFor more information please refer to <a href=\"http://docs.mongodb.org/manual/reference/configuration-options/\">MongoDB Configuration File Options</a>.</p>\n\n<h5><code>directoryperdb</code></h5>\n\n<p>Set to true to modify the storage pattern of the data directory to store each\ndatabase’s files in a distinct folder. Default: false</p>\n\n<h5><code>profile</code></h5>\n\n<p>Modify this value to changes the level of database profiling, which inserts\ninformation about operation performance into output of mongod or the\nlog file if specified by <code>logpath</code>.</p>\n\n<h5><code>maxconns</code></h5>\n\n<p>Specifies a value to set the maximum number of simultaneous connections\nthat MongoDB will accept. Default: depends on system (i.e. ulimit and file descriptor)\nlimits. Unless set, MongoDB will not limit its own connections.</p>\n\n<h5><code>oplog_size</code></h5>\n\n<p>Specifies a maximum size in megabytes for the replication operation log \n(e.g. oplog.) mongod creates an oplog based on the maximum amount of space\navailable. For 64-bit systems, the oplog is typically 5% of available disk space.</p>\n\n<h5><code>nohints</code></h5>\n\n<p>Ignore query hints. Default: None</p>\n\n<h5><code>nohttpinterface</code></h5>\n\n<p>Set to true to disable the HTTP interface. This command will override the rest\nand disable the HTTP interface if you specify both. Default: false</p>\n\n<h5><code>noscripting</code></h5>\n\n<p>Set noscripting = true to disable the scripting engine. Default: false</p>\n\n<h5><code>notablescan</code></h5>\n\n<p>Set notablescan = true to forbid operations that require a table scan. Default: false</p>\n\n<h5><code>noprealloc</code></h5>\n\n<p>Set noprealloc = true to disable the preallocation of data files. This will shorten\nthe start up time in some cases, but can cause significant performance penalties\nduring normal operations. Default: false</p>\n\n<h5><code>nssize</code></h5>\n\n<p>Use this setting to control the default size for all newly created namespace f\niles (i.e .ns). Default: 16</p>\n\n<h5><code>mms_token</code></h5>\n\n<p>MMS token for mms monitoring. Default: None</p>\n\n<h5><code>mms_name</code></h5>\n\n<p>MMS identifier for mms monitoring. Default: None</p>\n\n<h5><code>mms_interval</code></h5>\n\n<p>MMS interval for mms monitoring. Default: None</p>\n\n<h5><code>replset</code></h5>\n\n<p>Use this setting to configure replication with replica sets. Specify a replica\nset name as an argument to this set. All hosts must have the same set name.</p>\n\n<h5><code>rest</code></h5>\n\n<p>Set to true to enable a simple REST interface. Default: false</p>\n\n<h5><code>slowms</code></h5>\n\n<p>Sets the threshold for mongod to consider a query “slow” for the database profiler. \nDefault: 100 ms</p>\n\n<h5><code>keyfile</code></h5>\n\n<p>Specify the path to a key file to store authentication information. This option \nis only useful for the connection between replica set members. Default: None</p>\n\n<h5><code>primary Puppet server</code></h5>\n\n<p>Set to true to configure the current instance to act as primary Puppet server instance in a\nreplication configuration. Default: False <em>Note</em>: deprecated – use replica sets</p>\n\n<h5><code>replica</code></h5>\n\n<p>Set to true to configure the current instance to act as replica instance in a\nreplication configuration. Default: false\n<em>Note</em>: deprecated – use replica sets</p>\n\n<h5><code>only</code></h5>\n\n<p>Used with the replica option, only specifies only a single database to\nreplicate. Default: <> \n<em>Note</em>: deprecated – use replica sets</p>\n\n<h5><code>source</code></h5>\n\n<p>Used with the replica setting to specify the primary Puppet server instance from which\nthis replica instance will replicate. Default: <> \n<em>Note</em>: deprecated – use replica sets</p>\n\n<h2>Limitation</h2>\n\n<p>This module has been tested on:</p>\n\n<ul>\n<li>Debian 7.* (Wheezy)</li>\n<li>Debian 6.* (squeeze)</li>\n<li>Ubuntu 12.04.2 (precise)</li>\n<li>Ubuntu 10.04.4 LTS (lucid)</li>\n<li>RHEL 5/6</li>\n<li>CentOS 5/6</li>\n</ul>\n\n<p>For a for list of tested OS please have a look at the <a href=\"https://github.com/puppetlabs/puppetlabs-mongodb/blob/main/.nodeset.yml\">.nodeset.xml</a> definition.</p>\n\n<h2>Development</h2>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community\ncontributions are essential for keeping them great. We can’t access the\nhuge number of platforms and myriad of hardware, software, and deployment\nconfigurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our\nmodules work in your environment. There are a few guidelines that we need\ncontributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n\n<h3>Testing</h3>\n\n<p>There are two types of tests distributed with this module. Unit tests with\nrspec-puppet and system tests using rspec-system.</p>\n\n<p>unit tests should be run under Bundler with the gem versions as specified\nin the Gemfile. To install the necessary gems:</p>\n\n<pre><code>bundle install --path=vendor\n</code></pre>\n\n<p>Test setup and teardown is handled with rake tasks, so the\nsupported way of running tests is with </p>\n\n<pre><code>bundle exec rake spec\n</code></pre>\n\n<p>For system test you will also need to install vagrant > 1.3.x and virtualbox > 4.2.10.\nTo run the system tests</p>\n\n<pre><code>bundle exec rake spec:system\n</code></pre>\n\n<p>To run the tests on different operating systems, see the sets available in <a href=\"https://github.com/puppetlabs/puppetlabs-mongodb/blob/main/.nodeset.yml\">.nodeset.xml</a>\nand run the specific set with the following syntax:</p>\n\n<pre><code>RSPEC_SET=ubuntu-server-12042-x64 bundle exec rake spec:system\n</code></pre>\n\n<h3>Authors</h3>\n\n<p>We would like to thank everyone who has contributed issues and pull requests to this modules.\nA complete list of contributors can be found on the \n<a href=\"https://github.com/puppetlabs/puppetlabs-mongodb/graphs/contributors\">GitHub Contributor Graph</a>\nfor the <a href=\"https://github.com/puppetlabs/puppetlabs-mongodb\">puppetlabs-mongodb module</a>.</p>\n</section>",
|
|
4157
4157
|
"changelog": "<section class=\"plaintext\"><pre>2013-10-31 - Version 0.3.0\n\nSummary:\n\nAdds a number of parameters and fixes some platform\nspecific bugs in module deployment.\n\n2013-09-25 - Version 0.2.0\n\nSummary:\n\nThis release fixes a duplicate parameter.\n\nFixes:\n- Fix a duplicated parameter.\n\n2012-07-13 Puppet Labs <info@puppetlabs.com> - 0.1.0\n* Add support for RHEL/CentOS\n* Change default mongodb install location to OS repo\n\n2012-05-29 Puppet Labs <info@puppetlabs.com> - 0.0.2\n* Fix Modulefile typo.\n* Remove repo pin.\n* Update spec tests and add travis support.\n\n2012-05-03 Puppet Labs <info@puppetlabs.com> - 0.0.1\n* Initial Release.\n</pre></section>",
|
|
4158
4158
|
"license": "<section class=\"plaintext\"><pre>Copyright (C) 2012 Puppet Labs Inc\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n</pre></section>",
|
|
4159
4159
|
"created_at": "2013-12-18 11:21:51 -0800",
|
|
@@ -4194,4 +4194,4 @@
|
|
|
4194
4194
|
"issues_url": "https://tickets.puppetlabs.com"
|
|
4195
4195
|
}
|
|
4196
4196
|
]
|
|
4197
|
-
}
|
|
4197
|
+
}
|
|
@@ -311,7 +311,7 @@
|
|
|
311
311
|
"file_size": 85004,
|
|
312
312
|
"file_md5": "4036f35903264c9b6e3289455cfee225",
|
|
313
313
|
"downloads": 6389,
|
|
314
|
-
"readme": "<section class=\"markdown\"><h1>apache</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-apache\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-apache.png?branch=master\" alt=\"Build Status\"></a></p>\n\n<h4>Table of Contents</h4>\n\n<ol>\n<li><a href=\"#overview\">Overview - What is the Apache module?</a></li>\n<li><a href=\"#module-description\">Module Description - What does the module do?</a></li>\n<li><a href=\"#setup\">Setup - The basics of getting started with Apache</a>\n\n<ul>\n<li><a href=\"#beginning-with-apache\">Beginning with Apache - Installation</a></li>\n<li><a href=\"#configure-a-virtual-host\">Configure a Virtual Host - Basic options for getting started</a></li>\n</ul></li>\n<li><a href=\"#usage\">Usage - The classes, defined types, and their parameters available for configuration</a>\n\n<ul>\n<li><a href=\"#classes-and-defined-types\">Classes and Defined Types</a>\n\n<ul>\n<li><a href=\"#class-apache\">Class: apache</a></li>\n<li><a href=\"#classes-apachemodname\">Classes: apache::mod::*</a></li>\n<li><a href=\"#defined-type-apachevhost\">Defined Type: apache::vhost</a></li>\n</ul></li>\n<li><a href=\"#virtual-host-examples\">Virtual Host Examples - Demonstrations of some configuration options</a></li>\n</ul></li>\n<li><a href=\"#implementation\">Implementation - An under-the-hood peek at what the module is doing</a>\n\n<ul>\n<li><a href=\"#classes-and-defined-types\">Classes and Defined Types</a></li>\n<li><a href=\"#templates\">Templates</a></li>\n</ul></li>\n<li><a href=\"#limitations\">Limitations - OS compatibility, etc.</a></li>\n<li><a href=\"#development\">Development - Guide for contributing to the module</a></li>\n<li><a href=\"#release-notes\">Release Notes - Notes on the most recent updates to the module</a></li>\n</ol>\n\n<h2>Overview</h2>\n\n<p>The Apache module allows you to set up virtual hosts and manage web services with minimal effort.</p>\n\n<h2>Module Description</h2>\n\n<p>Apache is a widely-used web server, and this module provides a simplified way of creating configurations to manage your infrastructure. This includes the ability to configure and manage a range of different virtual host setups, as well as a streamlined way to install and configure Apache modules.</p>\n\n<h2>Setup</h2>\n\n<p><strong>What Apache affects:</strong></p>\n\n<ul>\n<li>configuration files and directories (created and written to)\n\n<ul>\n<li><strong>NOTE</strong>: Configurations that are <em>not</em> managed by Puppet will be purged.</li>\n</ul></li>\n<li>package/service/configuration files for Apache</li>\n<li>Apache modules</li>\n<li>virtual hosts</li>\n<li>listened-to ports</li>\n<li><code>/etc/make.conf</code> on FreeBSD</li>\n</ul>\n\n<h3>Beginning with Apache</h3>\n\n<p>To install Apache with the default parameters</p>\n\n<pre lang=\"puppet\"><code> class { 'apache': }\n</code></pre>\n\n<p>The defaults are determined by your operating system (e.g. Debian systems have one set of defaults, RedHat systems have another). These defaults will work well in a testing environment, but are not suggested for production. To establish customized parameters</p>\n\n<pre lang=\"puppet\"><code> class { 'apache':\n default_mods => false,\n default_confd_files => false,\n }\n</code></pre>\n\n<h3>Configure a virtual host</h3>\n\n<p>Declaring the <code>apache</code> class will create a default virtual host by setting up a vhost on port 80, listening on all interfaces and serving <code>$apache::docroot</code>.</p>\n\n<pre lang=\"puppet\"><code> class { 'apache': }\n</code></pre>\n\n<p>To configure a very basic, name-based virtual host</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'first.example.com':\n port => '80',\n docroot => '/var/www/first',\n }\n</code></pre>\n\n<p><em>Note:</em> The default priority is 15. If nothing matches this priority, the alphabetically first name-based vhost will be used. This is also true if you pass a higher priority and no names match anything else.</p>\n\n<p>A slightly more complicated example, which moves the docroot owner/group</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'second.example.com':\n port => '80',\n docroot => '/var/www/second',\n docroot_owner => 'third',\n docroot_group => 'third',\n }\n</code></pre>\n\n<p>To set up a virtual host with SSL and default SSL certificates</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'ssl.example.com':\n port => '443',\n docroot => '/var/www/ssl',\n ssl => true,\n }\n</code></pre>\n\n<p>To set up a virtual host with SSL and specific SSL certificates</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'fourth.example.com':\n port => '443',\n docroot => '/var/www/fourth',\n ssl => true,\n ssl_cert => '/etc/ssl/fourth.example.com.cert',\n ssl_key => '/etc/ssl/fourth.example.com.key',\n }\n</code></pre>\n\n<p>To set up a virtual host with IP address different than '*'</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'subdomain.example.com':\n ip => '127.0.0.1',\n port => '80',\n docrout => '/var/www/subdomain',\n }\n</code></pre>\n\n<p>To set up a virtual host with wildcard alias for subdomain mapped to same named directory\n<code>http://examle.com.loc => /var/www/example.com</code></p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'subdomain.loc':\n vhost_name => '*',\n port => '80',\n virtual_docroot' => '/var/www/%-2+',\n docroot => '/var/www',\n serveraliases => ['*.loc',],\n }\n</code></pre>\n\n<p>To set up a virtual host with suPHP</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'suphp.example.com':\n port => '80',\n docroot => '/home/appuser/myphpapp',\n suphp_addhandler => 'x-httpd-php',\n suphp_engine => 'on',\n suphp_configpath => '/etc/php5/apache2',\n directories => { path => '/home/appuser/myphpapp',\n 'suphp' => { user => 'myappuser', group => 'myappgroup' },\n }\n }\n</code></pre>\n\n<p>To set up a virtual host with WSGI</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'wsgi.example.com':\n port => '80',\n docroot => '/var/www/pythonapp',\n wsgi_daemon_process => 'wsgi',\n wsgi_daemon_process_options =>\n { processes => '2', threads => '15', display-name => '%{GROUP}' },\n wsgi_process_group => 'wsgi',\n wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' },\n }\n</code></pre>\n\n<p>Starting 2.2.16, httpd supports <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_dir.html#fallbackresource\">FallbackResource</a> which is a simple replace for common RewriteRules:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'wordpress.example.com':\n port => '80',\n docroot => '/var/www/wordpress',\n fallbackresource => '/index.php',\n }\n</code></pre>\n\n<p>Please note that the <code>disabled</code> argument to FallbackResource is only supported since 2.2.24.</p>\n\n<p>To see a list of all virtual host parameters, <a href=\"#defined-type-apachevhost\">please go here</a>. To see an extensive list of virtual host examples <a href=\"#virtual-host-examples\">please look here</a>.</p>\n\n<h2>Usage</h2>\n\n<h3>Classes and Defined Types</h3>\n\n<p>This module modifies Apache configuration files and directories and will purge any configuration not managed by Puppet. Configuration of Apache should be managed by Puppet, as non-puppet configuration files can cause unexpected failures.</p>\n\n<p>It is possible to temporarily disable full Puppet management by setting the <code>purge_configs</code> parameter within the base <code>apache</code> class to 'false'. This option should only be used as a temporary means of saving and relocating customized configurations.</p>\n\n<h4>Class: <code>apache</code></h4>\n\n<p>The Apache module's primary class, <code>apache</code>, guides the basic setup of Apache on your system.</p>\n\n<p>You may establish a default vhost in this class, the <code>vhost</code> class, or both. You may add additional vhost configurations for specific virtual hosts using a declaration of the <code>vhost</code> type.</p>\n\n<p><strong>Parameters within <code>apache</code>:</strong></p>\n\n<h5><code>default_mods</code></h5>\n\n<p>Sets up Apache with default settings based on your OS. Defaults to 'true', set to 'false' for customized configuration.</p>\n\n<h5><code>default_vhost</code></h5>\n\n<p>Sets up a default virtual host. Defaults to 'true', set to 'false' to set up <a href=\"#configure-a-virtual-host\">customized virtual hosts</a>.</p>\n\n<h5><code>default_confd_files</code></h5>\n\n<p>Generates default set of include-able apache configuration files under <code>${apache::confd_dir}</code> directory. These configuration files correspond to what is usually installed with apache package on given platform.</p>\n\n<h5><code>default_ssl_vhost</code></h5>\n\n<p>Sets up a default SSL virtual host. Defaults to 'false'.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'default-ssl':\n port => 443,\n ssl => true,\n docroot => $docroot,\n scriptalias => $scriptalias,\n serveradmin => $serveradmin,\n access_log_file => "ssl_${access_log_file}",\n }\n</code></pre>\n\n<p>SSL vhosts only respond to HTTPS queries.</p>\n\n<h5><code>default_ssl_cert</code></h5>\n\n<p>The default SSL certification, which is automatically set based on your operating system (<code>/etc/pki/tls/certs/localhost.crt</code> for RedHat, <code>/etc/ssl/certs/ssl-cert-snakeoil.pem</code> for Debian, <code>/usr/local/etc/apache22/server.crt</code> for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_key</code></h5>\n\n<p>The default SSL key, which is automatically set based on your operating system (<code>/etc/pki/tls/private/localhost.key</code> for RedHat, <code>/etc/ssl/private/ssl-cert-snakeoil.key</code> for Debian, <code>/usr/local/etc/apache22/server.key</code> for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_chain</code></h5>\n\n<p>The default SSL chain, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_ca</code></h5>\n\n<p>The default certificate authority, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_crl_path</code></h5>\n\n<p>The default certificate revocation list path, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_crl</code></h5>\n\n<p>The default certificate revocation list to use, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>service_name</code></h5>\n\n<p>Name of apache service to run. Defaults to: <code>'httpd'</code> on RedHat, <code>'apache2'</code> on Debian, and <code>'apache22'</code> on FreeBSD.</p>\n\n<h5><code>service_enable</code></h5>\n\n<p>Determines whether the 'httpd' service is enabled when the machine is booted. Defaults to 'true'.</p>\n\n<h5><code>service_ensure</code></h5>\n\n<p>Determines whether the service should be running. Can be set to 'undef' which is useful when you want to let the service be managed by some other application like pacemaker. Defaults to 'running'.</p>\n\n<h5><code>purge_configs</code></h5>\n\n<p>Removes all other apache configs and vhosts, which is automatically set to true. Setting this to false is a stopgap measure to allow the apache module to coexist with existing or otherwise managed configuration. It is recommended that you move your configuration entirely to resources within this module.</p>\n\n<h5><code>serveradmin</code></h5>\n\n<p>Sets the server administrator. Defaults to 'root@localhost'.</p>\n\n<h5><code>servername</code></h5>\n\n<p>Sets the servername. Defaults to fqdn provided by facter.</p>\n\n<h5><code>server_root</code></h5>\n\n<p>A value to be set as <code>ServerRoot</code> in main configuration file (<code>httpd.conf</code>). Defaults to <code>/etc/httpd</code> on RedHat, <code>/etc/apache2</code> on Debian and <code>/usr/local</code> on FreeBSD.</p>\n\n<h5><code>sendfile</code></h5>\n\n<p>Makes Apache use the Linux kernel 'sendfile' to serve static files. Defaults to 'On'.</p>\n\n<h5><code>server_root</code></h5>\n\n<p>A value to be set as <code>ServerRoot</code> in main configuration file (<code>httpd.conf</code>). Defaults to <code>/etc/httpd</code> on RedHat and <code>/etc/apache2</code> on Debian.</p>\n\n<h5><code>error_documents</code></h5>\n\n<p>Enables custom error documents. Defaults to 'false'.</p>\n\n<h5><code>httpd_dir</code></h5>\n\n<p>Changes the base location of the configuration directories used for the service. This is useful for specially repackaged HTTPD builds but may have unintended consequences when used in combination with the default distribution packages. Default is based on your OS.</p>\n\n<h5><code>confd_dir</code></h5>\n\n<p>Changes the location of the configuration directory your custom configuration files are placed in. Default is based on your OS.</p>\n\n<h5><code>vhost_dir</code></h5>\n\n<p>Changes the location of the configuration directory your virtual host configuration files are placed in. Default is based on your OS.</p>\n\n<h5><code>mod_dir</code></h5>\n\n<p>Changes the location of the configuration directory your Apache modules configuration files are placed in. Default is based on your OS.</p>\n\n<h5><code>mpm_module</code></h5>\n\n<p>Configures which mpm module is loaded and configured for the httpd process by the <code>apache::mod::event</code>, <code>apache::mod::itk</code>, <code>apache::mod::peruser</code>, <code>apache::mod::prefork</code> and <code>apache::mod::worker</code> classes. Must be set to <code>false</code> to explicitly declare <code>apache::mod::event</code>, <code>apache::mod::itk</code>, <code>apache::mod::peruser</code>, <code>apache::mod::prefork</code> or <code>apache::mod::worker</code> classes with parameters. All possible values are <code>event</code>, <code>itk</code>, <code>peruser</code>, <code>prefork</code>, <code>worker</code> (valid values depend on agent's OS), or the boolean <code>false</code>. Defaults to <code>prefork</code> on RedHat and FreeBSD and <code>worker</code> on Debian. Note: on FreeBSD switching between different mpm modules is quite difficult (but possible). Before changing <code>$mpm_module</code> one has to deinstall all packages that depend on currently installed <code>apache</code>.</p>\n\n<h5><code>conf_template</code></h5>\n\n<p>Setting this allows you to override the template used for the main apache configuration file. This is a potentially risky thing to do as this module has been built around the concept of a minimal configuration file with most of the configuration coming in the form of conf.d/ entries. Defaults to 'apache/httpd.conf.erb'.</p>\n\n<h5><code>keepalive</code></h5>\n\n<p>Setting this allows you to enable persistent connections.</p>\n\n<h5><code>keepalive_timeout</code></h5>\n\n<p>Amount of time the server will wait for subsequent requests on a persistent connection. Defaults to '15'.</p>\n\n<h5><code>logroot</code></h5>\n\n<p>Changes the location of the directory Apache log files are placed in. Defaut is based on your OS.</p>\n\n<h5><code>log_level</code></h5>\n\n<p>Changes the verbosity level of the error log. Defaults to 'warn'. Valid values are <code>emerg</code>, <code>alert</code>, <code>crit</code>, <code>error</code>, <code>warn</code>, <code>notice</code>, <code>info</code> or <code>debug</code>.</p>\n\n<h5><code>ports_file</code></h5>\n\n<p>Changes the name of the file containing Apache ports configuration. Default is <code>${conf_dir}/ports.conf</code>.</p>\n\n<h5><code>server_tokens</code></h5>\n\n<p>Controls how much information Apache sends to the browser about itself and the operating system. See Apache documentation for 'ServerTokens'. Defaults to 'OS'.</p>\n\n<h5><code>server_signature</code></h5>\n\n<p>Allows the configuration of a trailing footer line under server-generated documents. See Apache documentation for 'ServerSignature'. Defaults to 'On'.</p>\n\n<h5><code>trace_enable</code></h5>\n\n<p>Controls, how TRACE requests per RFC 2616 are handled. See Apache documentation for 'TraceEnable'. Defaults to 'On'.</p>\n\n<h5><code>manage_user</code></h5>\n\n<p>Setting this to false will avoid the user resource to be created by this module. This is useful when you already have a user created in another puppet module and that you want to used it to run apache. Without this, it would result in a duplicate resource error.</p>\n\n<h5><code>manage_group</code></h5>\n\n<p>Setting this to false will avoid the group resource to be created by this module. This is useful when you already have a group created in another puppet module and that you want to used it for apache. Without this, it would result in a duplicate resource error.</p>\n\n<h5><code>package_ensure</code></h5>\n\n<p>Allow control over the package ensure statement. This is useful if you want to make sure apache is always at the latest version or whether it is only installed.</p>\n\n<h4>Class: <code>apache::default_mods</code></h4>\n\n<p>Installs default Apache modules based on what OS you are running</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::default_mods': }\n</code></pre>\n\n<h4>Defined Type: <code>apache::mod</code></h4>\n\n<p>Used to enable arbitrary Apache httpd modules for which there is no specific <code>apache::mod::[name]</code> class. The <code>apache::mod</code> defined type will also install the required packages to enable the module, if any.</p>\n\n<pre lang=\"puppet\"><code> apache::mod { 'rewrite': }\n apache::mod { 'ldap': }\n</code></pre>\n\n<h4>Classes: <code>apache::mod::[name]</code></h4>\n\n<p>There are many <code>apache::mod::[name]</code> classes within this module that can be declared using <code>include</code>:</p>\n\n<ul>\n<li><code>alias</code></li>\n<li><code>auth_basic</code></li>\n<li><code>auth_kerb</code></li>\n<li><code>autoindex</code></li>\n<li><code>cache</code></li>\n<li><code>cgi</code></li>\n<li><code>cgid</code></li>\n<li><code>dav</code></li>\n<li><code>dav_fs</code></li>\n<li><code>dav_svn</code></li>\n<li><code>deflate</code></li>\n<li><code>dev</code></li>\n<li><code>dir</code>*</li>\n<li><code>disk_cache</code></li>\n<li><code>event</code></li>\n<li><code>fastcgi</code></li>\n<li><code>fcgid</code></li>\n<li><code>headers</code></li>\n<li><code>info</code></li>\n<li><code>itk</code></li>\n<li><code>ldap</code></li>\n<li><code>mime</code></li>\n<li><code>mime_magic</code>*</li>\n<li><code>mpm_event</code></li>\n<li><code>negotiation</code></li>\n<li><code>nss</code>*</li>\n<li><code>passenger</code>*</li>\n<li><code>perl</code></li>\n<li><code>peruser</code></li>\n<li><code>php</code> (requires <a href=\"#mpm_module\"><code>mpm_module</code></a> set to <code>prefork</code>)</li>\n<li><code>prefork</code>*</li>\n<li><code>proxy</code>*</li>\n<li><code>proxy_ajp</code></li>\n<li><code>proxy_html</code></li>\n<li><code>proxy_http</code></li>\n<li><code>python</code></li>\n<li><code>reqtimeout</code></li>\n<li><code>rewrite</code></li>\n<li><code>rpaf</code>*</li>\n<li><code>setenvif</code></li>\n<li><code>ssl</code>* (see <a href=\"#class-apachemodssl\">apache::mod::ssl</a> below)</li>\n<li><code>status</code>*</li>\n<li><code>suphp</code></li>\n<li><code>userdir</code>*</li>\n<li><code>vhost_alias</code></li>\n<li><code>worker</code>*</li>\n<li><code>wsgi</code> (see <a href=\"#class-apachemodwsgi\">apache::mod::wsgi</a> below)</li>\n<li><code>xsendfile</code></li>\n</ul>\n\n<p>Modules noted with a * indicate that the module has settings and, thus, a template that includes parameters. These parameters control the module's configuration. Most of the time, these parameters will not require any configuration or attention.</p>\n\n<p>The modules mentioned above, and other Apache modules that have templates, will cause template files to be dropped along with the mod install, and the module will not work without the template. Any mod without a template will install package but drop no files.</p>\n\n<h4>Class: <code>apache::mod::ssl</code></h4>\n\n<p>Installs Apache SSL capabilities and utilizes <code>ssl.conf.erb</code> template. These are the defaults:</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::mod::ssl':\n ssl_compression => false,\n ssl_options => [ 'StdEnvVars' ],\n }\n</code></pre>\n\n<p>To <em>use</em> SSL with a virtual host, you must either set the<code>default_ssl_vhost</code> parameter in <code>apache</code> to 'true' or set the <code>ssl</code> parameter in <code>apache::vhost</code> to 'true'.</p>\n\n<h4>Class: <code>apache::mod::wsgi</code></h4>\n\n<pre lang=\"puppet\"><code> class { 'apache::mod::wsgi':\n wsgi_socket_prefix => "\\${APACHE_RUN_DIR}WSGI",\n wsgi_python_home => '/path/to/virtenv',\n wsgi_python_path => '/path/to/virtenv/site-packages',\n }\n</code></pre>\n\n<h4>Defined Type: <code>apache::vhost</code></h4>\n\n<p>The Apache module allows a lot of flexibility in the set up and configuration of virtual hosts. This flexibility is due, in part, to <code>vhost</code>'s setup as a defined resource type, which allows it to be evaluated multiple times with different parameters.</p>\n\n<p>The <code>vhost</code> defined type allows you to have specialized configurations for virtual hosts that have requirements outside of the defaults. You can set up a default vhost within the base <code>apache</code> class as well as set a customized vhost setup as default. Your customized vhost (priority 10) will be privileged over the base class vhost (15).</p>\n\n<p>If you have a series of specific configurations and do not want a base <code>apache</code> class default vhost, make sure to set the base class default host to 'false'.</p>\n\n<pre lang=\"puppet\"><code> class { 'apache':\n default_vhost => false,\n }\n</code></pre>\n\n<p><strong>Parameters within <code>apache::vhost</code>:</strong></p>\n\n<p>The default values for each parameter will vary based on operating system and type of virtual host.</p>\n\n<h5><code>access_log</code></h5>\n\n<p>Specifies whether <code>*_access.log</code> directives should be configured. Valid values are 'true' and 'false'. Defaults to 'true'.</p>\n\n<h5><code>access_log_file</code></h5>\n\n<p>Points to the <code>*_access.log</code> file. Defaults to 'undef'.</p>\n\n<h5><code>access_log_pipe</code></h5>\n\n<p>Specifies a pipe to send access log messages to. Defaults to 'undef'.</p>\n\n<h5><code>access_log_syslog</code></h5>\n\n<p>Sends all access log messages to syslog. Defaults to 'undef'.</p>\n\n<h5><code>access_log_format</code></h5>\n\n<p>Specifies either a LogFormat nickname or custom format string for access log. Defaults to 'undef'.</p>\n\n<h5><code>add_listen</code></h5>\n\n<p>Determines whether the vhost creates a listen statement. The default value is 'true'.</p>\n\n<p>Setting <code>add_listen</code> to 'false' stops the vhost from creating a listen statement, and this is important when you combine vhosts that are not passed an <code>ip</code> parameter with vhosts that <em>are</em> passed the <code>ip</code> parameter.</p>\n\n<h5><code>aliases</code></h5>\n\n<p>Passes a list of hashes to the vhost to create <code>Alias</code> or <code>AliasMatch</code> statements as per the <a href=\"http://httpd.apache.org/docs/current/mod/mod_alias.html\"><code>mod_alias</code> documentation</a>. Each hash is expected to be of the form:</p>\n\n<pre><code>aliases => [\n { aliasmatch => '^/image/(.*)\\.jpg$', path => '/files/jpg.images/$1.jpg' }\n { alias => '/image', path => '/ftp/pub/image' },\n],\n</code></pre>\n\n<p>For <code>Alias</code> and <code>AliasMatch</code> to work, each will need a corresponding <code><Directory /path/to/directory></code> or <code><Location /path/to/directory></code> block. The <code>Alias</code> and <code>AliasMatch</code> directives are created in the order specified in the <code>aliases</code> paramter. As described in the <a href=\"http://httpd.apache.org/docs/current/mod/mod_alias.html\"><code>mod_alias</code> documentation</a> more specific <code>Alias</code> or <code>AliasMatch</code> directives should come before the more general ones to avoid shadowing.</p>\n\n<p><strong>Note:</strong> If <code>apache::mod::passenger</code> is loaded and <code>PassengerHighPerformance true</code> is set, then <code>Alias</code> may have issues honouring the <code>PassengerEnabled off</code> statement. See <a href=\"http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html\">this article</a> for details.</p>\n\n<h5><code>block</code></h5>\n\n<p>Specifies the list of things Apache will block access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories. To add to this, please see the <a href=\"#development\">Development</a> section.</p>\n\n<h5><code>custom_fragment</code></h5>\n\n<p>Pass a string of custom configuration directives to be placed at the end of the vhost configuration.</p>\n\n<h5><code>default_vhost</code></h5>\n\n<p>Sets a given <code>apache::vhost</code> as the default to serve requests that do not match any other <code>apache::vhost</code> definitions. The default value is 'false'.</p>\n\n<h5><code>directories</code></h5>\n\n<p>Passes a list of hashes to the vhost to create <code><Directory /path/to/directory>...</Directory></code> directive blocks as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/core.html#directory\">Apache core documentation</a>. The <code>path</code> key is required in these hashes. An optional <code>provider</code> defaults to <code>directory</code>. Usage will typically look like:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', <directive> => <value> },\n { path => '/path/to/another/directory', <directive> => <value> },\n ],\n }\n</code></pre>\n\n<p><em>Note:</em> At least one directory should match <code>docroot</code> parameter, once you start declaring directories <code>apache::vhost</code> assumes that all required <code><Directory></code> blocks will be declared.</p>\n\n<p><em>Note:</em> If not defined a single default <code><Directory></code> block will be created that matches the <code>docroot</code> parameter.</p>\n\n<p><code>provider</code> can be set to any of <code>directory</code>, <code>files</code>, or <code>location</code>. If the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#files\">pathspec starts with a <code>~</code></a>, httpd will interpret this as the equivalent of <code>DirectoryMatch</code>, <code>FilesMatch</code>, or <code>LocationMatch</code>, respectively.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'files.example.net':\n docroot => '/var/www/files',\n directories => [\n { path => '~ (\\.swp|\\.bak|~)$', 'provider' => 'files', 'deny' => 'from all' },\n ],\n }\n</code></pre>\n\n<p>The directives will be embedded within the <code>Directory</code> (<code>Files</code>, or <code>Location</code>) directive block, missing directives should be undefined and not be added, resulting in their default vaules in Apache. Currently this is the list of supported directives:</p>\n\n<h6><code>addhandlers</code></h6>\n\n<p>Sets <code>AddHandler</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_mime.html#addhandler\">Apache Core documentation</a>. Accepts a list of hashes of the form <code>{ handler => 'handler-name', extensions => ['extension']}</code>. Note that <code>extensions</code> is a list of extenstions being handled by the handler.\nAn example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory',\n addhandlers => [ { handler => 'cgi-script', extensions => ['.cgi']} ],\n } ],\n }\n</code></pre>\n\n<h6><code>allow</code></h6>\n\n<p>Sets an <code>Allow</code> directive as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow\">Apache Core documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', allow => 'from example.org' } ],\n }\n</code></pre>\n\n<h6><code>allow_override</code></h6>\n\n<p>Sets the usage of <code>.htaccess</code> files as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride\">Apache core documentation</a>. Should accept in the form of a list or a string. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', allow_override => ['AuthConfig', 'Indexes'] } ],\n }\n</code></pre>\n\n<h6><code>deny</code></h6>\n\n<p>Sets an <code>Deny</code> directive as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny\">Apache Core documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', deny => 'from example.org' } ],\n }\n</code></pre>\n\n<h6><code>error_documents</code></h6>\n\n<p>A list of hashes which can be used to override the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#errordocument\">ErrorDocument</a> settings for this directory. Example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n directories => [ { path => '/srv/www'\n error_documents => [\n { 'error_code' => '503', 'document' => '/service-unavail' },\n ],\n }]\n }\n</code></pre>\n\n<h6><code>headers</code></h6>\n\n<p>Adds lines for <code>Header</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header\">Apache Header documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => {\n path => '/path/to/directory',\n headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',\n },\n }\n</code></pre>\n\n<h6><code>options</code></h6>\n\n<p>Lists the options for the given <code><Directory></code> block</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'] }],\n }\n</code></pre>\n\n<h6><code>index_options</code></h6>\n\n<p>Styles the list</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'], index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'] }],\n }\n</code></pre>\n\n<h6><code>index_order_default</code></h6>\n\n<p>Sets the order of the list </p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', order => 'Allow,Deny', index_order_default => ['Descending', 'Date']}, ],\n }\n</code></pre>\n\n<h6><code>order</code></h6>\n\n<p>Sets the order of processing <code>Allow</code> and <code>Deny</code> statements as per <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order\">Apache core documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', order => 'Allow,Deny' } ],\n }\n</code></pre>\n\n<h6><code>auth_type</code></h6>\n\n<p>Sets the value for <code>AuthType</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#authtype\">Apache AuthType\ndocumentation</a>.</p>\n\n<h6><code>auth_name</code></h6>\n\n<p>Sets the value for <code>AuthName</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#authname\">Apache AuthName\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_algorithm</code></h6>\n\n<p>Sets the value for <code>AuthDigestAlgorithm</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestalgorithm\">Apache\nAuthDigestAlgorithm\ndocumentation</a></p>\n\n<h6><code>auth_digest_domain</code></h6>\n\n<p>Sets the value for <code>AuthDigestDomain</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestdomain\">Apache AuthDigestDomain\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_nonce_lifetime</code></h6>\n\n<p>Sets the value for <code>AuthDigestNonceLifetime</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestnoncelifetime\">Apache\nAuthDigestNonceLifetime\ndocumentation</a></p>\n\n<h6><code>auth_digest_provider</code></h6>\n\n<p>Sets the value for <code>AuthDigestProvider</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestprovider\">Apache AuthDigestProvider\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_qop</code></h6>\n\n<p>Sets the value for <code>AuthDigestQop</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestqop\">Apache AuthDigestQop\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_shmem_size</code></h6>\n\n<p>Sets the value for <code>AuthAuthDigestShmemSize</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestshmemsize\">Apache AuthDigestShmemSize\ndocumentation</a>.</p>\n\n<h6><code>auth_basic_authoritative</code></h6>\n\n<p>Sets the value for <code>AuthBasicAuthoritative</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicauthoritative\">Apache\nAuthBasicAuthoritative\ndocumentation</a>.</p>\n\n<h6><code>auth_basic_fake</code></h6>\n\n<p>Sets the value for <code>AuthBasicFake</code> as per the <a href=\"https://httpd.apache.org/docs/trunk/mod/mod_auth_basic.html#authbasicfake\">Apache AuthBasicFake\ndocumentation</a>.</p>\n\n<h6><code>auth_basic_provider</code></h6>\n\n<p>Sets the value for <code>AuthBasicProvider</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicprovider\">Apache AuthBasicProvider\ndocumentation</a>.</p>\n\n<h6><code>auth_user_file</code></h6>\n\n<p>Sets the value for <code>AuthUserFile</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_authn_file.html#authuserfile\">Apache AuthUserFile\ndocumentation</a>.</p>\n\n<h6><code>auth_require</code></h6>\n\n<p>Sets the value for <code>AuthName</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#require\">Apache Require\ndocumentation</a></p>\n\n<h6><code>passenger_enabled</code></h6>\n\n<p>Sets the value for the <code>PassengerEnabled</code> directory to <code>on</code> or <code>off</code> as per the <a href=\"http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled\">Passenger documentation</a>.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', passenger_enabled => 'off' } ],\n }\n</code></pre>\n\n<p><strong>Note:</strong> This directive requires <code>apache::mod::passenger</code> to be active, Apache may not start with an unrecognised directive without it.</p>\n\n<p><strong>Note:</strong> Be aware that there is an <a href=\"http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html\">issue</a> using the <code>PassengerEnabled</code> directive with the <code>PassengerHighPerformance</code> directive.</p>\n\n<h6><code>ssl_options</code></h6>\n\n<p>String or list of <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions\"><code>SSLOptions</code></a> for the given <code><Directory></code> block. This overrides, or refines the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions\"><code>SSLOptions</code></a> of the parent block (either vhost, or server).</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'secure.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', ssl_options => '+ExportCertData' }\n { path => '/path/to/different/dir', ssl_options => [ '-StdEnvVars', '+ExportCertData'] },\n ],\n }\n</code></pre>\n\n<h6><code>suphp</code></h6>\n\n<p>An array containing two values: User and group for the <a href=\"http://www.suphp.org/DocumentationView.html?file=apache/CONFIG\">suPHP_UserGroup</a> setting.\nThis directive must be used with <code>suphp_engine => on</code> in the vhost declaration. This directive only works in <code><Directory></code> or <code><Location></code>.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'secure.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', suphp => { user => 'myappuser', group => 'myappgroup' }\n ],\n }\n</code></pre>\n\n<h6><code>custom_fragment</code></h6>\n\n<p>Pass a string of custom configuration directives to be placed at the end of the\ndirectory configuration.</p>\n\n<h5><code>directoryindex</code></h5>\n\n<p>Set a DirectoryIndex directive, to set the list of resources to look for, when the client requests an index of the directory by specifying a / at the end of the directory name..</p>\n\n<h5><code>docroot</code></h5>\n\n<p>Provides the DocumentRoot directive, identifying the directory Apache serves files from.</p>\n\n<h5><code>docroot_group</code></h5>\n\n<p>Sets group access to the docroot directory. Defaults to 'root'.</p>\n\n<h5><code>docroot_owner</code></h5>\n\n<p>Sets individual user access to the docroot directory. Defaults to 'root'.</p>\n\n<h5><code>error_log</code></h5>\n\n<p>Specifies whether <code>*_error.log</code> directives should be configured. Defaults to 'true'.</p>\n\n<h5><code>error_log_file</code></h5>\n\n<p>Points to the <code>*_error.log</code> file. Defaults to 'undef'.</p>\n\n<h5><code>error_log_pipe</code></h5>\n\n<p>Specifies a pipe to send error log messages to. Defaults to 'undef'.</p>\n\n<h5><code>error_log_syslog</code></h5>\n\n<p>Sends all error log messages to syslog. Defaults to 'undef'.</p>\n\n<h5><code>error_documents</code></h5>\n\n<p>A list of hashes which can be used to override the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#errordocument\">ErrorDocument</a> settings for this vhost. Defaults to <code>[]</code>. Example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n error_documents => [\n { 'error_code' => '503', 'document' => '/service-unavail' },\n { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' },\n ],\n }\n</code></pre>\n\n<h5><code>ensure</code></h5>\n\n<p>Specifies if the vhost file is present or absent.</p>\n\n<h5><code>fastcgi_server</code></h5>\n\n<p>Specifies the filename as an external FastCGI application. Defaults to 'undef'.</p>\n\n<h5><code>fastcgi_socket</code></h5>\n\n<p>Filename used to communicate with the web server. Defaults to 'undef'.</p>\n\n<h5><code>fastcgi_dir</code></h5>\n\n<p>Directory to enable for FastCGI. Defaults to 'undef'.</p>\n\n<h5><code>additional_includes</code></h5>\n\n<p>Specifies paths to additional static vhost-specific Apache configuration files.\nThis option is useful when you need to implement a unique and/or custom\nconfiguration not supported by this module.</p>\n\n<h5><code>ip</code></h5>\n\n<p>The IP address the vhost listens on. Defaults to 'undef'.</p>\n\n<h5><code>ip_based</code></h5>\n\n<p>Enables an IP-based vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'.</p>\n\n<h5><code>logroot</code></h5>\n\n<p>Specifies the location of the virtual host's logfiles. Defaults to <code>/var/log/<apache log location>/</code>.</p>\n\n<h5><code>log_level</code></h5>\n\n<p>Specifies the verbosity level of the error log. Defaults to <code>warn</code> for the global server configuration and can be overridden on a per-vhost basis using this parameter. Valid value for <code>log_level</code> is one of <code>emerg</code>, <code>alert</code>, <code>crit</code>, <code>error</code>, <code>warn</code>, <code>notice</code>, <code>info</code> or <code>debug</code>.</p>\n\n<h5><code>no_proxy_uris</code></h5>\n\n<p>Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with <code>proxy_dest</code>.</p>\n\n<h5><code>options</code></h5>\n\n<p>Lists the options for the given virtual host</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n options => ['Indexes','FollowSymLinks','MultiViews'],\n }\n</code></pre>\n\n<h5><code>override</code></h5>\n\n<p>Sets the overrides for the given virtual host. Accepts an array of AllowOverride arguments.</p>\n\n<h5><code>port</code></h5>\n\n<p>Sets the port the host is configured on.</p>\n\n<h5><code>priority</code></h5>\n\n<p>Sets the relative load-order for Apache httpd VirtualHost configuration files. Defaults to '25'.</p>\n\n<p>If nothing matches the priority, the first name-based vhost will be used. Likewise, passing a higher priority will cause the alphabetically first name-based vhost to be used if no other names match.</p>\n\n<p><em>Note</em>: You should not need to use this parameter. However, if you do use it, be aware that the <code>default_vhost</code> parameter for <code>apache::vhost</code> passes a priority of '15'.</p>\n\n<h5><code>proxy_dest</code></h5>\n\n<p>Specifies the destination address of a proxypass configuration. Defaults to 'undef'.</p>\n\n<h5><code>proxy_pass</code></h5>\n\n<p>Specifies an array of path => uri for a proxypass configuration. Defaults to 'undef'.</p>\n\n<p>Example:</p>\n\n<pre lang=\"puppet\"><code>$proxy_pass = [\n { 'path' => '/a', 'url' => 'http://backend-a/' },\n { 'path' => '/b', 'url' => 'http://backend-b/' },\n { 'path' => '/c', 'url' => 'http://backend-a/c' }\n]\n\napache::vhost { 'site.name.fdqn':\n …\n proxy_pass => $proxy_pass,\n}\n</code></pre>\n\n<h5><code>rack_base_uris</code></h5>\n\n<p>Specifies the resource identifiers for a rack configuration. The file paths specified will be listed as rack application roots for passenger/rack in the <code>_rack.erb</code> template. Defaults to 'undef'.</p>\n\n<h5><code>redirect_dest</code></h5>\n\n<p>Specifies the address to redirect to. Defaults to 'undef'.</p>\n\n<h5><code>redirect_source</code></h5>\n\n<p>Specifies the source items? that will redirect to the destination specified in <code>redirect_dest</code>. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n redirect_source => ['/images','/downloads'],\n redirect_dest => ['http://img.example.com/','http://downloads.example.com/'],\n }\n</code></pre>\n\n<h5><code>redirect_status</code></h5>\n\n<p>Specifies the status to append to the redirect. Defaults to 'undef'.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n redirect_status => ['temp','permanent'],\n }\n</code></pre>\n\n<h5><code>request_headers</code></h5>\n\n<p>Specifies additional request headers.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n request_headers => [\n 'append MirrorID "mirror 12"',\n 'unset MirrorID',\n ],\n }\n</code></pre>\n\n<h5><code>rewrite_base</code></h5>\n\n<p>Limits the <code>rewrite_rule</code> to the specified base URL. Defaults to 'undef'.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n rewrite_rule => '^index\\.html$ welcome.html',\n rewrite_base => '/blog/',\n }\n</code></pre>\n\n<p>The above example would limit the index.html -> welcome.html rewrite to only something inside of <a href=\"http://example.com/blog/\">http://example.com/blog/</a>.</p>\n\n<h5><code>rewrite_cond</code></h5>\n\n<p>Rewrites a URL via <code>rewrite_rule</code> based on the truth of specified conditions. For example</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n rewrite_cond => '%{HTTP_USER_AGENT} ^MSIE',\n }\n</code></pre>\n\n<p>will rewrite URLs only if the visitor is using IE. Defaults to 'undef'.</p>\n\n<p><em>Note</em>: At the moment, each vhost is limited to a single list of rewrite conditions. In the future, you will be able to specify multiple <code>rewrite_cond</code> and <code>rewrite_rules</code> per vhost, so that different conditions get different rewrites.</p>\n\n<h5><code>rewrite_rule</code></h5>\n\n<p>Creates URL rewrite rules. Defaults to 'undef'. This parameter allows you to specify, for example, that anyone trying to access index.html will be served welcome.html.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n rewrite_rule => '^index\\.html$ welcome.html',\n }\n</code></pre>\n\n<h5><code>scriptalias</code></h5>\n\n<p>Defines a directory of CGI scripts to be aliased to the path '/cgi-bin'</p>\n\n<h5><code>scriptaliases</code></h5>\n\n<p>Passes a list of hashes to the vhost to create <code>ScriptAlias</code> or <code>ScriptAliasMatch</code> statements as per the <a href=\"http://httpd.apache.org/docs/current/mod/mod_alias.html\"><code>mod_alias</code> documentation</a>. Each hash is expected to be of the form:</p>\n\n<pre lang=\"puppet\"><code> scriptaliases => [\n {\n alias => '/myscript',\n path => '/usr/share/myscript',\n },\n {\n aliasmatch => '^/foo(.*)',\n path => '/usr/share/fooscripts$1',\n },\n {\n aliasmatch => '^/bar/(.*)',\n path => '/usr/share/bar/wrapper.sh/$1',\n },\n {\n alias => '/neatscript',\n path => '/usr/share/neatscript',\n },\n ]\n</code></pre>\n\n<p>These directives are created in the order specified. As with <code>Alias</code> and <code>AliasMatch</code> directives the more specific aliases should come before the more general ones to avoid shadowing.</p>\n\n<h5><code>serveradmin</code></h5>\n\n<p>Specifies the email address Apache will display when it renders one of its error pages.</p>\n\n<h5><code>serveraliases</code></h5>\n\n<p>Sets the server aliases of the site.</p>\n\n<h5><code>servername</code></h5>\n\n<p>Sets the primary name of the virtual host.</p>\n\n<h5><code>setenv</code></h5>\n\n<p>Used by HTTPD to set environment variables for vhosts. Defaults to '[]'.</p>\n\n<h5><code>setenvif</code></h5>\n\n<p>Used by HTTPD to conditionally set environment variables for vhosts. Defaults to '[]'.</p>\n\n<h5><code>ssl</code></h5>\n\n<p>Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'.</p>\n\n<h5><code>ssl_ca</code></h5>\n\n<p>Specifies the certificate authority.</p>\n\n<h5><code>ssl_cert</code></h5>\n\n<p>Specifies the SSL certification.</p>\n\n<h5><code>ssl_protocol</code></h5>\n\n<p>Specifies the SSL Protocol (SSLProtocol).</p>\n\n<h5><code>ssl_cipher</code></h5>\n\n<p>Specifies the SSLCipherSuite.</p>\n\n<h5><code>ssl_honorcipherorder</code></h5>\n\n<p>Sets SSLHonorCipherOrder directive, used to prefer the server's cipher preference order</p>\n\n<h5><code>ssl_certs_dir</code></h5>\n\n<p>Specifies the location of the SSL certification directory. Defaults to <code>/etc/ssl/certs</code> on Debian and <code>/etc/pki/tls/certs</code> on RedHat.</p>\n\n<h5><code>ssl_chain</code></h5>\n\n<p>Specifies the SSL chain.</p>\n\n<h5><code>ssl_crl</code></h5>\n\n<p>Specifies the certificate revocation list to use.</p>\n\n<h5><code>ssl_crl_path</code></h5>\n\n<p>Specifies the location of the certificate revocation list.</p>\n\n<h5><code>ssl_key</code></h5>\n\n<p>Specifies the SSL key.</p>\n\n<h5><code>ssl_verify_client</code></h5>\n\n<p>Sets <code>SSLVerifyClient</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyclient\">Apache Core documentation</a>. Defaults to undef.\nAn example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_verify_client => 'optional',\n }\n</code></pre>\n\n<h5><code>ssl_verify_depth</code></h5>\n\n<p>Sets <code>SSLVerifyDepth</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifydepth\">Apache Core documentation</a>. Defaults to undef.\nAn example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_verify_depth => 1,\n }\n</code></pre>\n\n<h5><code>ssl_options</code></h5>\n\n<p>Sets <code>SSLOptions</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions\">Apache Core documentation</a>. This is the global setting for the vhost and can be a string or an array. Defaults to undef. A single string example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_options => '+ExportCertData',\n }\n</code></pre>\n\n<p>An array of strings example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_options => [ '+StrictRequire', '+ExportCertData' ],\n }\n</code></pre>\n\n<h5><code>ssl_proxyengine</code></h5>\n\n<p>Specifies whether to use <code>SSLProxyEngine</code> or not. Defaults to <code>false</code>.</p>\n\n<h5><code>vhost_name</code></h5>\n\n<p>This parameter is for use with name-based virtual hosting. Defaults to '*'.</p>\n\n<h5><code>itk</code></h5>\n\n<p>Hash containing infos to configure itk as per the <a href=\"http://mpm-itk.sesse.net/\">ITK documentation</a>.</p>\n\n<p>Keys could be:</p>\n\n<ul>\n<li>user + group</li>\n<li>assignuseridexpr</li>\n<li>assigngroupidexpr</li>\n<li>maxclientvhost</li>\n<li>nice</li>\n<li>limituidrange (Linux 3.5.0 or newer)</li>\n<li>limitgidrange (Linux 3.5.0 or newer)</li>\n</ul>\n\n<p>Usage will typically look like:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n itk => {\n user => 'someuser',\n group => 'somegroup',\n },\n }\n</code></pre>\n\n<h3>Virtual Host Examples</h3>\n\n<p>The Apache module allows you to set up pretty much any configuration of virtual host you might desire. This section will address some common configurations. Please see the <a href=\"https://github.com/puppetlabs/puppetlabs-apache/tree/master/tests\">Tests section</a> for even more examples.</p>\n\n<p>Configure a vhost with a server administrator</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'third.example.com':\n port => '80',\n docroot => '/var/www/third',\n serveradmin => 'admin@example.com',\n }\n</code></pre>\n\n<hr>\n\n<p>Set up a vhost with aliased servers</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sixth.example.com':\n serveraliases => [\n 'sixth.example.org',\n 'sixth.example.net',\n ],\n port => '80',\n docroot => '/var/www/fifth',\n }\n</code></pre>\n\n<hr>\n\n<p>Configure a vhost with a cgi-bin</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'eleventh.example.com':\n port => '80',\n docroot => '/var/www/eleventh',\n scriptalias => '/usr/lib/cgi-bin',\n }\n</code></pre>\n\n<hr>\n\n<p>Set up a vhost with a rack configuration</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'fifteenth.example.com':\n port => '80',\n docroot => '/var/www/fifteenth',\n rack_base_uris => ['/rackapp1', '/rackapp2'],\n }\n</code></pre>\n\n<hr>\n\n<p>Set up a mix of SSL and non-SSL vhosts at the same domain</p>\n\n<pre lang=\"puppet\"><code> #The non-ssl vhost\n apache::vhost { 'first.example.com non-ssl':\n servername => 'first.example.com',\n port => '80',\n docroot => '/var/www/first',\n }\n\n #The SSL vhost at the same domain\n apache::vhost { 'first.example.com ssl':\n servername => 'first.example.com',\n port => '443',\n docroot => '/var/www/first',\n ssl => true,\n }\n</code></pre>\n\n<hr>\n\n<p>Configure a vhost to redirect non-SSL connections to SSL</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sixteenth.example.com non-ssl':\n servername => 'sixteenth.example.com',\n port => '80',\n docroot => '/var/www/sixteenth',\n redirect_status => 'permanent'\n redirect_dest => 'https://sixteenth.example.com/'\n }\n apache::vhost { 'sixteenth.example.com ssl':\n servername => 'sixteenth.example.com',\n port => '443',\n docroot => '/var/www/sixteenth',\n ssl => true,\n }\n</code></pre>\n\n<hr>\n\n<p>Set up IP-based vhosts on any listen port and have them respond to requests on specific IP addresses. In this example, we will set listening on ports 80 and 81. This is required because the example vhosts are not declared with a port parameter.</p>\n\n<pre lang=\"puppet\"><code> apache::listen { '80': }\n apache::listen { '81': }\n</code></pre>\n\n<p>Then we will set up the IP-based vhosts</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'first.example.com':\n ip => '10.0.0.10',\n docroot => '/var/www/first',\n ip_based => true,\n }\n apache::vhost { 'second.example.com':\n ip => '10.0.0.11',\n docroot => '/var/www/second',\n ip_based => true,\n }\n</code></pre>\n\n<hr>\n\n<p>Configure a mix of name-based and IP-based vhosts. First, we will add two IP-based vhosts on 10.0.0.10, one SSL and one non-SSL</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'The first IP-based vhost, non-ssl':\n servername => 'first.example.com',\n ip => '10.0.0.10',\n port => '80',\n ip_based => true,\n docroot => '/var/www/first',\n }\n apache::vhost { 'The first IP-based vhost, ssl':\n servername => 'first.example.com',\n ip => '10.0.0.10',\n port => '443',\n ip_based => true,\n docroot => '/var/www/first-ssl',\n ssl => true,\n }\n</code></pre>\n\n<p>Then, we will add two name-based vhosts listening on 10.0.0.20</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'second.example.com':\n ip => '10.0.0.20',\n port => '80',\n docroot => '/var/www/second',\n }\n apache::vhost { 'third.example.com':\n ip => '10.0.0.20',\n port => '80',\n docroot => '/var/www/third',\n }\n</code></pre>\n\n<p>If you want to add two name-based vhosts so that they will answer on either 10.0.0.10 or 10.0.0.20, you <strong>MUST</strong> declare <code>add_listen => 'false'</code> to disable the otherwise automatic 'Listen 80', as it will conflict with the preceding IP-based vhosts.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'fourth.example.com':\n port => '80',\n docroot => '/var/www/fourth',\n add_listen => false,\n }\n apache::vhost { 'fifth.example.com':\n port => '80',\n docroot => '/var/www/fifth',\n add_listen => false,\n }\n</code></pre>\n\n<h2>Implementation</h2>\n\n<h3>Classes and Defined Types</h3>\n\n<h4>Class: <code>apache::dev</code></h4>\n\n<p>Installs Apache development libraries</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::dev': }\n</code></pre>\n\n<p>On FreeBSD you're required to define <code>apache::package</code> or <code>apache</code> class before <code>apache::dev</code>.</p>\n\n<h4>Defined Type: <code>apache::listen</code></h4>\n\n<p>Controls which ports Apache binds to for listening based on the title:</p>\n\n<pre lang=\"puppet\"><code> apache::listen { '80': }\n apache::listen { '443': }\n</code></pre>\n\n<p>Declaring this defined type will add all <code>Listen</code> directives to the <code>ports.conf</code> file in the Apache httpd configuration directory. <code>apache::listen</code> titles should always take the form of: <code><port></code>, <code><ipv4>:<port></code>, or <code>[<ipv6>]:<port></code></p>\n\n<p>Apache httpd requires that <code>Listen</code> directives must be added for every port. The <code>apache::vhost</code> defined type will automatically add <code>Listen</code> directives unless the <code>apache::vhost</code> is passed <code>add_listen => false</code>.</p>\n\n<h4>Defined Type: <code>apache::namevirtualhost</code></h4>\n\n<p>Enables named-based hosting of a virtual host</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::namevirtualhost`: }\n</code></pre>\n\n<p>Declaring this defined type will add all <code>NameVirtualHost</code> directives to the <code>ports.conf</code> file in the Apache https configuration directory. <code>apache::namevirtualhost</code> titles should always take the form of: <code>*</code>, <code>*:<port></code>, <code>_default_:<port></code>, <code><ip></code>, or <code><ip>:<port></code>.</p>\n\n<h4>Defined Type: <code>apache::balancermember</code></h4>\n\n<p>Define members of a proxy_balancer set (mod_proxy_balancer). Very useful when using exported resources.</p>\n\n<p>On every app server you can export a balancermember like this:</p>\n\n<pre lang=\"puppet\"><code> @@apache::balancermember { "${::fqdn}-puppet00":\n balancer_cluster => 'puppet00',\n url => "ajp://${::fqdn}:8009"\n options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],\n }\n</code></pre>\n\n<p>And on the proxy itself you create the balancer cluster using the defined type apache::balancer:</p>\n\n<pre lang=\"puppet\"><code> apache::balancer { 'puppet00': }\n</code></pre>\n\n<p>If you need to use ProxySet in the balncer config you can do as so:</p>\n\n<pre lang=\"puppet\"><code> apache::balancer { 'puppet01':\n proxy_set => {'stickysession' => 'JSESSIONID'},\n }\n</code></pre>\n\n<h3>Templates</h3>\n\n<p>The Apache module relies heavily on templates to enable the <code>vhost</code> and <code>apache::mod</code> defined types. These templates are built based on Facter facts around your operating system. Unless explicitly called out, most templates are not meant for configuration.</p>\n\n<h2>Limitations</h2>\n\n<p>This has been tested on Ubuntu Precise, Debian Wheezy, CentOS 5.8, and FreeBSD 9.1.</p>\n\n<h2>Development</h2>\n\n<h3>Overview</h3>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n\n<h3>Running tests</h3>\n\n<p>This project contains tests for both <a href=\"http://rspec-puppet.com/\">rspec-puppet</a> and <a href=\"https://github.com/puppetlabs/rspec-system\">rspec-system</a> to verify functionality. For in-depth information please see their respective documentation.</p>\n\n<p>Quickstart:</p>\n\n<pre><code>gem install bundler\nbundle install\nbundle exec rake spec\nbundle exec rake spec:system\n</code></pre>\n\n<h2>Copyright and License</h2>\n\n<p>Copyright (C) 2012 <a href=\"https://www.puppetlabs.com/\">Puppet Labs</a> Inc</p>\n\n<p>Puppet Labs can be contacted at: <a href=\"mailto:info@puppetlabs.com\">info@puppetlabs.com</a></p>\n\n<p>Licensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at</p>\n\n<p><a href=\"http://www.apache.org/licenses/LICENSE-2.0\">http://www.apache.org/licenses/LICENSE-2.0</a></p>\n\n<p>Unless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.</p>\n</section>",
|
|
314
|
+
"readme": "<section class=\"markdown\"><h1>apache</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-apache\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-apache.png?branch=main\" alt=\"Build Status\"></a></p>\n\n<h4>Table of Contents</h4>\n\n<ol>\n<li><a href=\"#overview\">Overview - What is the Apache module?</a></li>\n<li><a href=\"#module-description\">Module Description - What does the module do?</a></li>\n<li><a href=\"#setup\">Setup - The basics of getting started with Apache</a>\n\n<ul>\n<li><a href=\"#beginning-with-apache\">Beginning with Apache - Installation</a></li>\n<li><a href=\"#configure-a-virtual-host\">Configure a Virtual Host - Basic options for getting started</a></li>\n</ul></li>\n<li><a href=\"#usage\">Usage - The classes, defined types, and their parameters available for configuration</a>\n\n<ul>\n<li><a href=\"#classes-and-defined-types\">Classes and Defined Types</a>\n\n<ul>\n<li><a href=\"#class-apache\">Class: apache</a></li>\n<li><a href=\"#classes-apachemodname\">Classes: apache::mod::*</a></li>\n<li><a href=\"#defined-type-apachevhost\">Defined Type: apache::vhost</a></li>\n</ul></li>\n<li><a href=\"#virtual-host-examples\">Virtual Host Examples - Demonstrations of some configuration options</a></li>\n</ul></li>\n<li><a href=\"#implementation\">Implementation - An under-the-hood peek at what the module is doing</a>\n\n<ul>\n<li><a href=\"#classes-and-defined-types\">Classes and Defined Types</a></li>\n<li><a href=\"#templates\">Templates</a></li>\n</ul></li>\n<li><a href=\"#limitations\">Limitations - OS compatibility, etc.</a></li>\n<li><a href=\"#development\">Development - Guide for contributing to the module</a></li>\n<li><a href=\"#release-notes\">Release Notes - Notes on the most recent updates to the module</a></li>\n</ol>\n\n<h2>Overview</h2>\n\n<p>The Apache module allows you to set up virtual hosts and manage web services with minimal effort.</p>\n\n<h2>Module Description</h2>\n\n<p>Apache is a widely-used web server, and this module provides a simplified way of creating configurations to manage your infrastructure. This includes the ability to configure and manage a range of different virtual host setups, as well as a streamlined way to install and configure Apache modules.</p>\n\n<h2>Setup</h2>\n\n<p><strong>What Apache affects:</strong></p>\n\n<ul>\n<li>configuration files and directories (created and written to)\n\n<ul>\n<li><strong>NOTE</strong>: Configurations that are <em>not</em> managed by Puppet will be purged.</li>\n</ul></li>\n<li>package/service/configuration files for Apache</li>\n<li>Apache modules</li>\n<li>virtual hosts</li>\n<li>listened-to ports</li>\n<li><code>/etc/make.conf</code> on FreeBSD</li>\n</ul>\n\n<h3>Beginning with Apache</h3>\n\n<p>To install Apache with the default parameters</p>\n\n<pre lang=\"puppet\"><code> class { 'apache': }\n</code></pre>\n\n<p>The defaults are determined by your operating system (e.g. Debian systems have one set of defaults, RedHat systems have another). These defaults will work well in a testing environment, but are not suggested for production. To establish customized parameters</p>\n\n<pre lang=\"puppet\"><code> class { 'apache':\n default_mods => false,\n default_confd_files => false,\n }\n</code></pre>\n\n<h3>Configure a virtual host</h3>\n\n<p>Declaring the <code>apache</code> class will create a default virtual host by setting up a vhost on port 80, listening on all interfaces and serving <code>$apache::docroot</code>.</p>\n\n<pre lang=\"puppet\"><code> class { 'apache': }\n</code></pre>\n\n<p>To configure a very basic, name-based virtual host</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'first.example.com':\n port => '80',\n docroot => '/var/www/first',\n }\n</code></pre>\n\n<p><em>Note:</em> The default priority is 15. If nothing matches this priority, the alphabetically first name-based vhost will be used. This is also true if you pass a higher priority and no names match anything else.</p>\n\n<p>A slightly more complicated example, which moves the docroot owner/group</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'second.example.com':\n port => '80',\n docroot => '/var/www/second',\n docroot_owner => 'third',\n docroot_group => 'third',\n }\n</code></pre>\n\n<p>To set up a virtual host with SSL and default SSL certificates</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'ssl.example.com':\n port => '443',\n docroot => '/var/www/ssl',\n ssl => true,\n }\n</code></pre>\n\n<p>To set up a virtual host with SSL and specific SSL certificates</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'fourth.example.com':\n port => '443',\n docroot => '/var/www/fourth',\n ssl => true,\n ssl_cert => '/etc/ssl/fourth.example.com.cert',\n ssl_key => '/etc/ssl/fourth.example.com.key',\n }\n</code></pre>\n\n<p>To set up a virtual host with IP address different than '*'</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'subdomain.example.com':\n ip => '127.0.0.1',\n port => '80',\n docrout => '/var/www/subdomain',\n }\n</code></pre>\n\n<p>To set up a virtual host with wildcard alias for subdomain mapped to same named directory\n<code>http://examle.com.loc => /var/www/example.com</code></p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'subdomain.loc':\n vhost_name => '*',\n port => '80',\n virtual_docroot' => '/var/www/%-2+',\n docroot => '/var/www',\n serveraliases => ['*.loc',],\n }\n</code></pre>\n\n<p>To set up a virtual host with suPHP</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'suphp.example.com':\n port => '80',\n docroot => '/home/appuser/myphpapp',\n suphp_addhandler => 'x-httpd-php',\n suphp_engine => 'on',\n suphp_configpath => '/etc/php5/apache2',\n directories => { path => '/home/appuser/myphpapp',\n 'suphp' => { user => 'myappuser', group => 'myappgroup' },\n }\n }\n</code></pre>\n\n<p>To set up a virtual host with WSGI</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'wsgi.example.com':\n port => '80',\n docroot => '/var/www/pythonapp',\n wsgi_daemon_process => 'wsgi',\n wsgi_daemon_process_options =>\n { processes => '2', threads => '15', display-name => '%{GROUP}' },\n wsgi_process_group => 'wsgi',\n wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' },\n }\n</code></pre>\n\n<p>Starting 2.2.16, httpd supports <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_dir.html#fallbackresource\">FallbackResource</a> which is a simple replace for common RewriteRules:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'wordpress.example.com':\n port => '80',\n docroot => '/var/www/wordpress',\n fallbackresource => '/index.php',\n }\n</code></pre>\n\n<p>Please note that the <code>disabled</code> argument to FallbackResource is only supported since 2.2.24.</p>\n\n<p>To see a list of all virtual host parameters, <a href=\"#defined-type-apachevhost\">please go here</a>. To see an extensive list of virtual host examples <a href=\"#virtual-host-examples\">please look here</a>.</p>\n\n<h2>Usage</h2>\n\n<h3>Classes and Defined Types</h3>\n\n<p>This module modifies Apache configuration files and directories and will purge any configuration not managed by Puppet. Configuration of Apache should be managed by Puppet, as non-puppet configuration files can cause unexpected failures.</p>\n\n<p>It is possible to temporarily disable full Puppet management by setting the <code>purge_configs</code> parameter within the base <code>apache</code> class to 'false'. This option should only be used as a temporary means of saving and relocating customized configurations.</p>\n\n<h4>Class: <code>apache</code></h4>\n\n<p>The Apache module's primary class, <code>apache</code>, guides the basic setup of Apache on your system.</p>\n\n<p>You may establish a default vhost in this class, the <code>vhost</code> class, or both. You may add additional vhost configurations for specific virtual hosts using a declaration of the <code>vhost</code> type.</p>\n\n<p><strong>Parameters within <code>apache</code>:</strong></p>\n\n<h5><code>default_mods</code></h5>\n\n<p>Sets up Apache with default settings based on your OS. Defaults to 'true', set to 'false' for customized configuration.</p>\n\n<h5><code>default_vhost</code></h5>\n\n<p>Sets up a default virtual host. Defaults to 'true', set to 'false' to set up <a href=\"#configure-a-virtual-host\">customized virtual hosts</a>.</p>\n\n<h5><code>default_confd_files</code></h5>\n\n<p>Generates default set of include-able apache configuration files under <code>${apache::confd_dir}</code> directory. These configuration files correspond to what is usually installed with apache package on given platform.</p>\n\n<h5><code>default_ssl_vhost</code></h5>\n\n<p>Sets up a default SSL virtual host. Defaults to 'false'.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'default-ssl':\n port => 443,\n ssl => true,\n docroot => $docroot,\n scriptalias => $scriptalias,\n serveradmin => $serveradmin,\n access_log_file => "ssl_${access_log_file}",\n }\n</code></pre>\n\n<p>SSL vhosts only respond to HTTPS queries.</p>\n\n<h5><code>default_ssl_cert</code></h5>\n\n<p>The default SSL certification, which is automatically set based on your operating system (<code>/etc/pki/tls/certs/localhost.crt</code> for RedHat, <code>/etc/ssl/certs/ssl-cert-snakeoil.pem</code> for Debian, <code>/usr/local/etc/apache22/server.crt</code> for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_key</code></h5>\n\n<p>The default SSL key, which is automatically set based on your operating system (<code>/etc/pki/tls/private/localhost.key</code> for RedHat, <code>/etc/ssl/private/ssl-cert-snakeoil.key</code> for Debian, <code>/usr/local/etc/apache22/server.key</code> for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_chain</code></h5>\n\n<p>The default SSL chain, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_ca</code></h5>\n\n<p>The default certificate authority, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_crl_path</code></h5>\n\n<p>The default certificate revocation list path, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_crl</code></h5>\n\n<p>The default certificate revocation list to use, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>service_name</code></h5>\n\n<p>Name of apache service to run. Defaults to: <code>'httpd'</code> on RedHat, <code>'apache2'</code> on Debian, and <code>'apache22'</code> on FreeBSD.</p>\n\n<h5><code>service_enable</code></h5>\n\n<p>Determines whether the 'httpd' service is enabled when the machine is booted. Defaults to 'true'.</p>\n\n<h5><code>service_ensure</code></h5>\n\n<p>Determines whether the service should be running. Can be set to 'undef' which is useful when you want to let the service be managed by some other application like pacemaker. Defaults to 'running'.</p>\n\n<h5><code>purge_configs</code></h5>\n\n<p>Removes all other apache configs and vhosts, which is automatically set to true. Setting this to false is a stopgap measure to allow the apache module to coexist with existing or otherwise managed configuration. It is recommended that you move your configuration entirely to resources within this module.</p>\n\n<h5><code>serveradmin</code></h5>\n\n<p>Sets the server administrator. Defaults to 'root@localhost'.</p>\n\n<h5><code>servername</code></h5>\n\n<p>Sets the servername. Defaults to fqdn provided by facter.</p>\n\n<h5><code>server_root</code></h5>\n\n<p>A value to be set as <code>ServerRoot</code> in main configuration file (<code>httpd.conf</code>). Defaults to <code>/etc/httpd</code> on RedHat, <code>/etc/apache2</code> on Debian and <code>/usr/local</code> on FreeBSD.</p>\n\n<h5><code>sendfile</code></h5>\n\n<p>Makes Apache use the Linux kernel 'sendfile' to serve static files. Defaults to 'On'.</p>\n\n<h5><code>server_root</code></h5>\n\n<p>A value to be set as <code>ServerRoot</code> in main configuration file (<code>httpd.conf</code>). Defaults to <code>/etc/httpd</code> on RedHat and <code>/etc/apache2</code> on Debian.</p>\n\n<h5><code>error_documents</code></h5>\n\n<p>Enables custom error documents. Defaults to 'false'.</p>\n\n<h5><code>httpd_dir</code></h5>\n\n<p>Changes the base location of the configuration directories used for the service. This is useful for specially repackaged HTTPD builds but may have unintended consequences when used in combination with the default distribution packages. Default is based on your OS.</p>\n\n<h5><code>confd_dir</code></h5>\n\n<p>Changes the location of the configuration directory your custom configuration files are placed in. Default is based on your OS.</p>\n\n<h5><code>vhost_dir</code></h5>\n\n<p>Changes the location of the configuration directory your virtual host configuration files are placed in. Default is based on your OS.</p>\n\n<h5><code>mod_dir</code></h5>\n\n<p>Changes the location of the configuration directory your Apache modules configuration files are placed in. Default is based on your OS.</p>\n\n<h5><code>mpm_module</code></h5>\n\n<p>Configures which mpm module is loaded and configured for the httpd process by the <code>apache::mod::event</code>, <code>apache::mod::itk</code>, <code>apache::mod::peruser</code>, <code>apache::mod::prefork</code> and <code>apache::mod::worker</code> classes. Must be set to <code>false</code> to explicitly declare <code>apache::mod::event</code>, <code>apache::mod::itk</code>, <code>apache::mod::peruser</code>, <code>apache::mod::prefork</code> or <code>apache::mod::worker</code> classes with parameters. All possible values are <code>event</code>, <code>itk</code>, <code>peruser</code>, <code>prefork</code>, <code>worker</code> (valid values depend on agent's OS), or the boolean <code>false</code>. Defaults to <code>prefork</code> on RedHat and FreeBSD and <code>worker</code> on Debian. Note: on FreeBSD switching between different mpm modules is quite difficult (but possible). Before changing <code>$mpm_module</code> one has to deinstall all packages that depend on currently installed <code>apache</code>.</p>\n\n<h5><code>conf_template</code></h5>\n\n<p>Setting this allows you to override the template used for the main apache configuration file. This is a potentially risky thing to do as this module has been built around the concept of a minimal configuration file with most of the configuration coming in the form of conf.d/ entries. Defaults to 'apache/httpd.conf.erb'.</p>\n\n<h5><code>keepalive</code></h5>\n\n<p>Setting this allows you to enable persistent connections.</p>\n\n<h5><code>keepalive_timeout</code></h5>\n\n<p>Amount of time the server will wait for subsequent requests on a persistent connection. Defaults to '15'.</p>\n\n<h5><code>logroot</code></h5>\n\n<p>Changes the location of the directory Apache log files are placed in. Defaut is based on your OS.</p>\n\n<h5><code>log_level</code></h5>\n\n<p>Changes the verbosity level of the error log. Defaults to 'warn'. Valid values are <code>emerg</code>, <code>alert</code>, <code>crit</code>, <code>error</code>, <code>warn</code>, <code>notice</code>, <code>info</code> or <code>debug</code>.</p>\n\n<h5><code>ports_file</code></h5>\n\n<p>Changes the name of the file containing Apache ports configuration. Default is <code>${conf_dir}/ports.conf</code>.</p>\n\n<h5><code>server_tokens</code></h5>\n\n<p>Controls how much information Apache sends to the browser about itself and the operating system. See Apache documentation for 'ServerTokens'. Defaults to 'OS'.</p>\n\n<h5><code>server_signature</code></h5>\n\n<p>Allows the configuration of a trailing footer line under server-generated documents. See Apache documentation for 'ServerSignature'. Defaults to 'On'.</p>\n\n<h5><code>trace_enable</code></h5>\n\n<p>Controls, how TRACE requests per RFC 2616 are handled. See Apache documentation for 'TraceEnable'. Defaults to 'On'.</p>\n\n<h5><code>manage_user</code></h5>\n\n<p>Setting this to false will avoid the user resource to be created by this module. This is useful when you already have a user created in another puppet module and that you want to used it to run apache. Without this, it would result in a duplicate resource error.</p>\n\n<h5><code>manage_group</code></h5>\n\n<p>Setting this to false will avoid the group resource to be created by this module. This is useful when you already have a group created in another puppet module and that you want to used it for apache. Without this, it would result in a duplicate resource error.</p>\n\n<h5><code>package_ensure</code></h5>\n\n<p>Allow control over the package ensure statement. This is useful if you want to make sure apache is always at the latest version or whether it is only installed.</p>\n\n<h4>Class: <code>apache::default_mods</code></h4>\n\n<p>Installs default Apache modules based on what OS you are running</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::default_mods': }\n</code></pre>\n\n<h4>Defined Type: <code>apache::mod</code></h4>\n\n<p>Used to enable arbitrary Apache httpd modules for which there is no specific <code>apache::mod::[name]</code> class. The <code>apache::mod</code> defined type will also install the required packages to enable the module, if any.</p>\n\n<pre lang=\"puppet\"><code> apache::mod { 'rewrite': }\n apache::mod { 'ldap': }\n</code></pre>\n\n<h4>Classes: <code>apache::mod::[name]</code></h4>\n\n<p>There are many <code>apache::mod::[name]</code> classes within this module that can be declared using <code>include</code>:</p>\n\n<ul>\n<li><code>alias</code></li>\n<li><code>auth_basic</code></li>\n<li><code>auth_kerb</code></li>\n<li><code>autoindex</code></li>\n<li><code>cache</code></li>\n<li><code>cgi</code></li>\n<li><code>cgid</code></li>\n<li><code>dav</code></li>\n<li><code>dav_fs</code></li>\n<li><code>dav_svn</code></li>\n<li><code>deflate</code></li>\n<li><code>dev</code></li>\n<li><code>dir</code>*</li>\n<li><code>disk_cache</code></li>\n<li><code>event</code></li>\n<li><code>fastcgi</code></li>\n<li><code>fcgid</code></li>\n<li><code>headers</code></li>\n<li><code>info</code></li>\n<li><code>itk</code></li>\n<li><code>ldap</code></li>\n<li><code>mime</code></li>\n<li><code>mime_magic</code>*</li>\n<li><code>mpm_event</code></li>\n<li><code>negotiation</code></li>\n<li><code>nss</code>*</li>\n<li><code>passenger</code>*</li>\n<li><code>perl</code></li>\n<li><code>peruser</code></li>\n<li><code>php</code> (requires <a href=\"#mpm_module\"><code>mpm_module</code></a> set to <code>prefork</code>)</li>\n<li><code>prefork</code>*</li>\n<li><code>proxy</code>*</li>\n<li><code>proxy_ajp</code></li>\n<li><code>proxy_html</code></li>\n<li><code>proxy_http</code></li>\n<li><code>python</code></li>\n<li><code>reqtimeout</code></li>\n<li><code>rewrite</code></li>\n<li><code>rpaf</code>*</li>\n<li><code>setenvif</code></li>\n<li><code>ssl</code>* (see <a href=\"#class-apachemodssl\">apache::mod::ssl</a> below)</li>\n<li><code>status</code>*</li>\n<li><code>suphp</code></li>\n<li><code>userdir</code>*</li>\n<li><code>vhost_alias</code></li>\n<li><code>worker</code>*</li>\n<li><code>wsgi</code> (see <a href=\"#class-apachemodwsgi\">apache::mod::wsgi</a> below)</li>\n<li><code>xsendfile</code></li>\n</ul>\n\n<p>Modules noted with a * indicate that the module has settings and, thus, a template that includes parameters. These parameters control the module's configuration. Most of the time, these parameters will not require any configuration or attention.</p>\n\n<p>The modules mentioned above, and other Apache modules that have templates, will cause template files to be dropped along with the mod install, and the module will not work without the template. Any mod without a template will install package but drop no files.</p>\n\n<h4>Class: <code>apache::mod::ssl</code></h4>\n\n<p>Installs Apache SSL capabilities and utilizes <code>ssl.conf.erb</code> template. These are the defaults:</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::mod::ssl':\n ssl_compression => false,\n ssl_options => [ 'StdEnvVars' ],\n }\n</code></pre>\n\n<p>To <em>use</em> SSL with a virtual host, you must either set the<code>default_ssl_vhost</code> parameter in <code>apache</code> to 'true' or set the <code>ssl</code> parameter in <code>apache::vhost</code> to 'true'.</p>\n\n<h4>Class: <code>apache::mod::wsgi</code></h4>\n\n<pre lang=\"puppet\"><code> class { 'apache::mod::wsgi':\n wsgi_socket_prefix => "\\${APACHE_RUN_DIR}WSGI",\n wsgi_python_home => '/path/to/virtenv',\n wsgi_python_path => '/path/to/virtenv/site-packages',\n }\n</code></pre>\n\n<h4>Defined Type: <code>apache::vhost</code></h4>\n\n<p>The Apache module allows a lot of flexibility in the set up and configuration of virtual hosts. This flexibility is due, in part, to <code>vhost</code>'s setup as a defined resource type, which allows it to be evaluated multiple times with different parameters.</p>\n\n<p>The <code>vhost</code> defined type allows you to have specialized configurations for virtual hosts that have requirements outside of the defaults. You can set up a default vhost within the base <code>apache</code> class as well as set a customized vhost setup as default. Your customized vhost (priority 10) will be privileged over the base class vhost (15).</p>\n\n<p>If you have a series of specific configurations and do not want a base <code>apache</code> class default vhost, make sure to set the base class default host to 'false'.</p>\n\n<pre lang=\"puppet\"><code> class { 'apache':\n default_vhost => false,\n }\n</code></pre>\n\n<p><strong>Parameters within <code>apache::vhost</code>:</strong></p>\n\n<p>The default values for each parameter will vary based on operating system and type of virtual host.</p>\n\n<h5><code>access_log</code></h5>\n\n<p>Specifies whether <code>*_access.log</code> directives should be configured. Valid values are 'true' and 'false'. Defaults to 'true'.</p>\n\n<h5><code>access_log_file</code></h5>\n\n<p>Points to the <code>*_access.log</code> file. Defaults to 'undef'.</p>\n\n<h5><code>access_log_pipe</code></h5>\n\n<p>Specifies a pipe to send access log messages to. Defaults to 'undef'.</p>\n\n<h5><code>access_log_syslog</code></h5>\n\n<p>Sends all access log messages to syslog. Defaults to 'undef'.</p>\n\n<h5><code>access_log_format</code></h5>\n\n<p>Specifies either a LogFormat nickname or custom format string for access log. Defaults to 'undef'.</p>\n\n<h5><code>add_listen</code></h5>\n\n<p>Determines whether the vhost creates a listen statement. The default value is 'true'.</p>\n\n<p>Setting <code>add_listen</code> to 'false' stops the vhost from creating a listen statement, and this is important when you combine vhosts that are not passed an <code>ip</code> parameter with vhosts that <em>are</em> passed the <code>ip</code> parameter.</p>\n\n<h5><code>aliases</code></h5>\n\n<p>Passes a list of hashes to the vhost to create <code>Alias</code> or <code>AliasMatch</code> statements as per the <a href=\"http://httpd.apache.org/docs/current/mod/mod_alias.html\"><code>mod_alias</code> documentation</a>. Each hash is expected to be of the form:</p>\n\n<pre><code>aliases => [\n { aliasmatch => '^/image/(.*)\\.jpg$', path => '/files/jpg.images/$1.jpg' }\n { alias => '/image', path => '/ftp/pub/image' },\n],\n</code></pre>\n\n<p>For <code>Alias</code> and <code>AliasMatch</code> to work, each will need a corresponding <code><Directory /path/to/directory></code> or <code><Location /path/to/directory></code> block. The <code>Alias</code> and <code>AliasMatch</code> directives are created in the order specified in the <code>aliases</code> paramter. As described in the <a href=\"http://httpd.apache.org/docs/current/mod/mod_alias.html\"><code>mod_alias</code> documentation</a> more specific <code>Alias</code> or <code>AliasMatch</code> directives should come before the more general ones to avoid shadowing.</p>\n\n<p><strong>Note:</strong> If <code>apache::mod::passenger</code> is loaded and <code>PassengerHighPerformance true</code> is set, then <code>Alias</code> may have issues honouring the <code>PassengerEnabled off</code> statement. See <a href=\"http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html\">this article</a> for details.</p>\n\n<h5><code>block</code></h5>\n\n<p>Specifies the list of things Apache will block access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories. To add to this, please see the <a href=\"#development\">Development</a> section.</p>\n\n<h5><code>custom_fragment</code></h5>\n\n<p>Pass a string of custom configuration directives to be placed at the end of the vhost configuration.</p>\n\n<h5><code>default_vhost</code></h5>\n\n<p>Sets a given <code>apache::vhost</code> as the default to serve requests that do not match any other <code>apache::vhost</code> definitions. The default value is 'false'.</p>\n\n<h5><code>directories</code></h5>\n\n<p>Passes a list of hashes to the vhost to create <code><Directory /path/to/directory>...</Directory></code> directive blocks as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/core.html#directory\">Apache core documentation</a>. The <code>path</code> key is required in these hashes. An optional <code>provider</code> defaults to <code>directory</code>. Usage will typically look like:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', <directive> => <value> },\n { path => '/path/to/another/directory', <directive> => <value> },\n ],\n }\n</code></pre>\n\n<p><em>Note:</em> At least one directory should match <code>docroot</code> parameter, once you start declaring directories <code>apache::vhost</code> assumes that all required <code><Directory></code> blocks will be declared.</p>\n\n<p><em>Note:</em> If not defined a single default <code><Directory></code> block will be created that matches the <code>docroot</code> parameter.</p>\n\n<p><code>provider</code> can be set to any of <code>directory</code>, <code>files</code>, or <code>location</code>. If the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#files\">pathspec starts with a <code>~</code></a>, httpd will interpret this as the equivalent of <code>DirectoryMatch</code>, <code>FilesMatch</code>, or <code>LocationMatch</code>, respectively.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'files.example.net':\n docroot => '/var/www/files',\n directories => [\n { path => '~ (\\.swp|\\.bak|~)$', 'provider' => 'files', 'deny' => 'from all' },\n ],\n }\n</code></pre>\n\n<p>The directives will be embedded within the <code>Directory</code> (<code>Files</code>, or <code>Location</code>) directive block, missing directives should be undefined and not be added, resulting in their default vaules in Apache. Currently this is the list of supported directives:</p>\n\n<h6><code>addhandlers</code></h6>\n\n<p>Sets <code>AddHandler</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_mime.html#addhandler\">Apache Core documentation</a>. Accepts a list of hashes of the form <code>{ handler => 'handler-name', extensions => ['extension']}</code>. Note that <code>extensions</code> is a list of extenstions being handled by the handler.\nAn example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory',\n addhandlers => [ { handler => 'cgi-script', extensions => ['.cgi']} ],\n } ],\n }\n</code></pre>\n\n<h6><code>allow</code></h6>\n\n<p>Sets an <code>Allow</code> directive as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow\">Apache Core documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', allow => 'from example.org' } ],\n }\n</code></pre>\n\n<h6><code>allow_override</code></h6>\n\n<p>Sets the usage of <code>.htaccess</code> files as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride\">Apache core documentation</a>. Should accept in the form of a list or a string. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', allow_override => ['AuthConfig', 'Indexes'] } ],\n }\n</code></pre>\n\n<h6><code>deny</code></h6>\n\n<p>Sets an <code>Deny</code> directive as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny\">Apache Core documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', deny => 'from example.org' } ],\n }\n</code></pre>\n\n<h6><code>error_documents</code></h6>\n\n<p>A list of hashes which can be used to override the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#errordocument\">ErrorDocument</a> settings for this directory. Example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n directories => [ { path => '/srv/www'\n error_documents => [\n { 'error_code' => '503', 'document' => '/service-unavail' },\n ],\n }]\n }\n</code></pre>\n\n<h6><code>headers</code></h6>\n\n<p>Adds lines for <code>Header</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header\">Apache Header documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => {\n path => '/path/to/directory',\n headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',\n },\n }\n</code></pre>\n\n<h6><code>options</code></h6>\n\n<p>Lists the options for the given <code><Directory></code> block</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'] }],\n }\n</code></pre>\n\n<h6><code>index_options</code></h6>\n\n<p>Styles the list</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'], index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'] }],\n }\n</code></pre>\n\n<h6><code>index_order_default</code></h6>\n\n<p>Sets the order of the list </p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', order => 'Allow,Deny', index_order_default => ['Descending', 'Date']}, ],\n }\n</code></pre>\n\n<h6><code>order</code></h6>\n\n<p>Sets the order of processing <code>Allow</code> and <code>Deny</code> statements as per <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order\">Apache core documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', order => 'Allow,Deny' } ],\n }\n</code></pre>\n\n<h6><code>auth_type</code></h6>\n\n<p>Sets the value for <code>AuthType</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#authtype\">Apache AuthType\ndocumentation</a>.</p>\n\n<h6><code>auth_name</code></h6>\n\n<p>Sets the value for <code>AuthName</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#authname\">Apache AuthName\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_algorithm</code></h6>\n\n<p>Sets the value for <code>AuthDigestAlgorithm</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestalgorithm\">Apache\nAuthDigestAlgorithm\ndocumentation</a></p>\n\n<h6><code>auth_digest_domain</code></h6>\n\n<p>Sets the value for <code>AuthDigestDomain</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestdomain\">Apache AuthDigestDomain\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_nonce_lifetime</code></h6>\n\n<p>Sets the value for <code>AuthDigestNonceLifetime</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestnoncelifetime\">Apache\nAuthDigestNonceLifetime\ndocumentation</a></p>\n\n<h6><code>auth_digest_provider</code></h6>\n\n<p>Sets the value for <code>AuthDigestProvider</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestprovider\">Apache AuthDigestProvider\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_qop</code></h6>\n\n<p>Sets the value for <code>AuthDigestQop</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestqop\">Apache AuthDigestQop\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_shmem_size</code></h6>\n\n<p>Sets the value for <code>AuthAuthDigestShmemSize</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestshmemsize\">Apache AuthDigestShmemSize\ndocumentation</a>.</p>\n\n<h6><code>auth_basic_authoritative</code></h6>\n\n<p>Sets the value for <code>AuthBasicAuthoritative</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicauthoritative\">Apache\nAuthBasicAuthoritative\ndocumentation</a>.</p>\n\n<h6><code>auth_basic_fake</code></h6>\n\n<p>Sets the value for <code>AuthBasicFake</code> as per the <a href=\"https://httpd.apache.org/docs/trunk/mod/mod_auth_basic.html#authbasicfake\">Apache AuthBasicFake\ndocumentation</a>.</p>\n\n<h6><code>auth_basic_provider</code></h6>\n\n<p>Sets the value for <code>AuthBasicProvider</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicprovider\">Apache AuthBasicProvider\ndocumentation</a>.</p>\n\n<h6><code>auth_user_file</code></h6>\n\n<p>Sets the value for <code>AuthUserFile</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_authn_file.html#authuserfile\">Apache AuthUserFile\ndocumentation</a>.</p>\n\n<h6><code>auth_require</code></h6>\n\n<p>Sets the value for <code>AuthName</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#require\">Apache Require\ndocumentation</a></p>\n\n<h6><code>passenger_enabled</code></h6>\n\n<p>Sets the value for the <code>PassengerEnabled</code> directory to <code>on</code> or <code>off</code> as per the <a href=\"http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled\">Passenger documentation</a>.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', passenger_enabled => 'off' } ],\n }\n</code></pre>\n\n<p><strong>Note:</strong> This directive requires <code>apache::mod::passenger</code> to be active, Apache may not start with an unrecognised directive without it.</p>\n\n<p><strong>Note:</strong> Be aware that there is an <a href=\"http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html\">issue</a> using the <code>PassengerEnabled</code> directive with the <code>PassengerHighPerformance</code> directive.</p>\n\n<h6><code>ssl_options</code></h6>\n\n<p>String or list of <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions\"><code>SSLOptions</code></a> for the given <code><Directory></code> block. This overrides, or refines the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions\"><code>SSLOptions</code></a> of the parent block (either vhost, or server).</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'secure.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', ssl_options => '+ExportCertData' }\n { path => '/path/to/different/dir', ssl_options => [ '-StdEnvVars', '+ExportCertData'] },\n ],\n }\n</code></pre>\n\n<h6><code>suphp</code></h6>\n\n<p>An array containing two values: User and group for the <a href=\"http://www.suphp.org/DocumentationView.html?file=apache/CONFIG\">suPHP_UserGroup</a> setting.\nThis directive must be used with <code>suphp_engine => on</code> in the vhost declaration. This directive only works in <code><Directory></code> or <code><Location></code>.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'secure.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', suphp => { user => 'myappuser', group => 'myappgroup' }\n ],\n }\n</code></pre>\n\n<h6><code>custom_fragment</code></h6>\n\n<p>Pass a string of custom configuration directives to be placed at the end of the\ndirectory configuration.</p>\n\n<h5><code>directoryindex</code></h5>\n\n<p>Set a DirectoryIndex directive, to set the list of resources to look for, when the client requests an index of the directory by specifying a / at the end of the directory name..</p>\n\n<h5><code>docroot</code></h5>\n\n<p>Provides the DocumentRoot directive, identifying the directory Apache serves files from.</p>\n\n<h5><code>docroot_group</code></h5>\n\n<p>Sets group access to the docroot directory. Defaults to 'root'.</p>\n\n<h5><code>docroot_owner</code></h5>\n\n<p>Sets individual user access to the docroot directory. Defaults to 'root'.</p>\n\n<h5><code>error_log</code></h5>\n\n<p>Specifies whether <code>*_error.log</code> directives should be configured. Defaults to 'true'.</p>\n\n<h5><code>error_log_file</code></h5>\n\n<p>Points to the <code>*_error.log</code> file. Defaults to 'undef'.</p>\n\n<h5><code>error_log_pipe</code></h5>\n\n<p>Specifies a pipe to send error log messages to. Defaults to 'undef'.</p>\n\n<h5><code>error_log_syslog</code></h5>\n\n<p>Sends all error log messages to syslog. Defaults to 'undef'.</p>\n\n<h5><code>error_documents</code></h5>\n\n<p>A list of hashes which can be used to override the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#errordocument\">ErrorDocument</a> settings for this vhost. Defaults to <code>[]</code>. Example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n error_documents => [\n { 'error_code' => '503', 'document' => '/service-unavail' },\n { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' },\n ],\n }\n</code></pre>\n\n<h5><code>ensure</code></h5>\n\n<p>Specifies if the vhost file is present or absent.</p>\n\n<h5><code>fastcgi_server</code></h5>\n\n<p>Specifies the filename as an external FastCGI application. Defaults to 'undef'.</p>\n\n<h5><code>fastcgi_socket</code></h5>\n\n<p>Filename used to communicate with the web server. Defaults to 'undef'.</p>\n\n<h5><code>fastcgi_dir</code></h5>\n\n<p>Directory to enable for FastCGI. Defaults to 'undef'.</p>\n\n<h5><code>additional_includes</code></h5>\n\n<p>Specifies paths to additional static vhost-specific Apache configuration files.\nThis option is useful when you need to implement a unique and/or custom\nconfiguration not supported by this module.</p>\n\n<h5><code>ip</code></h5>\n\n<p>The IP address the vhost listens on. Defaults to 'undef'.</p>\n\n<h5><code>ip_based</code></h5>\n\n<p>Enables an IP-based vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'.</p>\n\n<h5><code>logroot</code></h5>\n\n<p>Specifies the location of the virtual host's logfiles. Defaults to <code>/var/log/<apache log location>/</code>.</p>\n\n<h5><code>log_level</code></h5>\n\n<p>Specifies the verbosity level of the error log. Defaults to <code>warn</code> for the global server configuration and can be overridden on a per-vhost basis using this parameter. Valid value for <code>log_level</code> is one of <code>emerg</code>, <code>alert</code>, <code>crit</code>, <code>error</code>, <code>warn</code>, <code>notice</code>, <code>info</code> or <code>debug</code>.</p>\n\n<h5><code>no_proxy_uris</code></h5>\n\n<p>Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with <code>proxy_dest</code>.</p>\n\n<h5><code>options</code></h5>\n\n<p>Lists the options for the given virtual host</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n options => ['Indexes','FollowSymLinks','MultiViews'],\n }\n</code></pre>\n\n<h5><code>override</code></h5>\n\n<p>Sets the overrides for the given virtual host. Accepts an array of AllowOverride arguments.</p>\n\n<h5><code>port</code></h5>\n\n<p>Sets the port the host is configured on.</p>\n\n<h5><code>priority</code></h5>\n\n<p>Sets the relative load-order for Apache httpd VirtualHost configuration files. Defaults to '25'.</p>\n\n<p>If nothing matches the priority, the first name-based vhost will be used. Likewise, passing a higher priority will cause the alphabetically first name-based vhost to be used if no other names match.</p>\n\n<p><em>Note</em>: You should not need to use this parameter. However, if you do use it, be aware that the <code>default_vhost</code> parameter for <code>apache::vhost</code> passes a priority of '15'.</p>\n\n<h5><code>proxy_dest</code></h5>\n\n<p>Specifies the destination address of a proxypass configuration. Defaults to 'undef'.</p>\n\n<h5><code>proxy_pass</code></h5>\n\n<p>Specifies an array of path => uri for a proxypass configuration. Defaults to 'undef'.</p>\n\n<p>Example:</p>\n\n<pre lang=\"puppet\"><code>$proxy_pass = [\n { 'path' => '/a', 'url' => 'http://backend-a/' },\n { 'path' => '/b', 'url' => 'http://backend-b/' },\n { 'path' => '/c', 'url' => 'http://backend-a/c' }\n]\n\napache::vhost { 'site.name.fdqn':\n …\n proxy_pass => $proxy_pass,\n}\n</code></pre>\n\n<h5><code>rack_base_uris</code></h5>\n\n<p>Specifies the resource identifiers for a rack configuration. The file paths specified will be listed as rack application roots for passenger/rack in the <code>_rack.erb</code> template. Defaults to 'undef'.</p>\n\n<h5><code>redirect_dest</code></h5>\n\n<p>Specifies the address to redirect to. Defaults to 'undef'.</p>\n\n<h5><code>redirect_source</code></h5>\n\n<p>Specifies the source items? that will redirect to the destination specified in <code>redirect_dest</code>. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n redirect_source => ['/images','/downloads'],\n redirect_dest => ['http://img.example.com/','http://downloads.example.com/'],\n }\n</code></pre>\n\n<h5><code>redirect_status</code></h5>\n\n<p>Specifies the status to append to the redirect. Defaults to 'undef'.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n redirect_status => ['temp','permanent'],\n }\n</code></pre>\n\n<h5><code>request_headers</code></h5>\n\n<p>Specifies additional request headers.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n request_headers => [\n 'append MirrorID "mirror 12"',\n 'unset MirrorID',\n ],\n }\n</code></pre>\n\n<h5><code>rewrite_base</code></h5>\n\n<p>Limits the <code>rewrite_rule</code> to the specified base URL. Defaults to 'undef'.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n rewrite_rule => '^index\\.html$ welcome.html',\n rewrite_base => '/blog/',\n }\n</code></pre>\n\n<p>The above example would limit the index.html -> welcome.html rewrite to only something inside of <a href=\"http://example.com/blog/\">http://example.com/blog/</a>.</p>\n\n<h5><code>rewrite_cond</code></h5>\n\n<p>Rewrites a URL via <code>rewrite_rule</code> based on the truth of specified conditions. For example</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n rewrite_cond => '%{HTTP_USER_AGENT} ^MSIE',\n }\n</code></pre>\n\n<p>will rewrite URLs only if the visitor is using IE. Defaults to 'undef'.</p>\n\n<p><em>Note</em>: At the moment, each vhost is limited to a single list of rewrite conditions. In the future, you will be able to specify multiple <code>rewrite_cond</code> and <code>rewrite_rules</code> per vhost, so that different conditions get different rewrites.</p>\n\n<h5><code>rewrite_rule</code></h5>\n\n<p>Creates URL rewrite rules. Defaults to 'undef'. This parameter allows you to specify, for example, that anyone trying to access index.html will be served welcome.html.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n rewrite_rule => '^index\\.html$ welcome.html',\n }\n</code></pre>\n\n<h5><code>scriptalias</code></h5>\n\n<p>Defines a directory of CGI scripts to be aliased to the path '/cgi-bin'</p>\n\n<h5><code>scriptaliases</code></h5>\n\n<p>Passes a list of hashes to the vhost to create <code>ScriptAlias</code> or <code>ScriptAliasMatch</code> statements as per the <a href=\"http://httpd.apache.org/docs/current/mod/mod_alias.html\"><code>mod_alias</code> documentation</a>. Each hash is expected to be of the form:</p>\n\n<pre lang=\"puppet\"><code> scriptaliases => [\n {\n alias => '/myscript',\n path => '/usr/share/myscript',\n },\n {\n aliasmatch => '^/foo(.*)',\n path => '/usr/share/fooscripts$1',\n },\n {\n aliasmatch => '^/bar/(.*)',\n path => '/usr/share/bar/wrapper.sh/$1',\n },\n {\n alias => '/neatscript',\n path => '/usr/share/neatscript',\n },\n ]\n</code></pre>\n\n<p>These directives are created in the order specified. As with <code>Alias</code> and <code>AliasMatch</code> directives the more specific aliases should come before the more general ones to avoid shadowing.</p>\n\n<h5><code>serveradmin</code></h5>\n\n<p>Specifies the email address Apache will display when it renders one of its error pages.</p>\n\n<h5><code>serveraliases</code></h5>\n\n<p>Sets the server aliases of the site.</p>\n\n<h5><code>servername</code></h5>\n\n<p>Sets the primary name of the virtual host.</p>\n\n<h5><code>setenv</code></h5>\n\n<p>Used by HTTPD to set environment variables for vhosts. Defaults to '[]'.</p>\n\n<h5><code>setenvif</code></h5>\n\n<p>Used by HTTPD to conditionally set environment variables for vhosts. Defaults to '[]'.</p>\n\n<h5><code>ssl</code></h5>\n\n<p>Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'.</p>\n\n<h5><code>ssl_ca</code></h5>\n\n<p>Specifies the certificate authority.</p>\n\n<h5><code>ssl_cert</code></h5>\n\n<p>Specifies the SSL certification.</p>\n\n<h5><code>ssl_protocol</code></h5>\n\n<p>Specifies the SSL Protocol (SSLProtocol).</p>\n\n<h5><code>ssl_cipher</code></h5>\n\n<p>Specifies the SSLCipherSuite.</p>\n\n<h5><code>ssl_honorcipherorder</code></h5>\n\n<p>Sets SSLHonorCipherOrder directive, used to prefer the server's cipher preference order</p>\n\n<h5><code>ssl_certs_dir</code></h5>\n\n<p>Specifies the location of the SSL certification directory. Defaults to <code>/etc/ssl/certs</code> on Debian and <code>/etc/pki/tls/certs</code> on RedHat.</p>\n\n<h5><code>ssl_chain</code></h5>\n\n<p>Specifies the SSL chain.</p>\n\n<h5><code>ssl_crl</code></h5>\n\n<p>Specifies the certificate revocation list to use.</p>\n\n<h5><code>ssl_crl_path</code></h5>\n\n<p>Specifies the location of the certificate revocation list.</p>\n\n<h5><code>ssl_key</code></h5>\n\n<p>Specifies the SSL key.</p>\n\n<h5><code>ssl_verify_client</code></h5>\n\n<p>Sets <code>SSLVerifyClient</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyclient\">Apache Core documentation</a>. Defaults to undef.\nAn example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_verify_client => 'optional',\n }\n</code></pre>\n\n<h5><code>ssl_verify_depth</code></h5>\n\n<p>Sets <code>SSLVerifyDepth</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifydepth\">Apache Core documentation</a>. Defaults to undef.\nAn example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_verify_depth => 1,\n }\n</code></pre>\n\n<h5><code>ssl_options</code></h5>\n\n<p>Sets <code>SSLOptions</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions\">Apache Core documentation</a>. This is the global setting for the vhost and can be a string or an array. Defaults to undef. A single string example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_options => '+ExportCertData',\n }\n</code></pre>\n\n<p>An array of strings example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_options => [ '+StrictRequire', '+ExportCertData' ],\n }\n</code></pre>\n\n<h5><code>ssl_proxyengine</code></h5>\n\n<p>Specifies whether to use <code>SSLProxyEngine</code> or not. Defaults to <code>false</code>.</p>\n\n<h5><code>vhost_name</code></h5>\n\n<p>This parameter is for use with name-based virtual hosting. Defaults to '*'.</p>\n\n<h5><code>itk</code></h5>\n\n<p>Hash containing infos to configure itk as per the <a href=\"http://mpm-itk.sesse.net/\">ITK documentation</a>.</p>\n\n<p>Keys could be:</p>\n\n<ul>\n<li>user + group</li>\n<li>assignuseridexpr</li>\n<li>assigngroupidexpr</li>\n<li>maxclientvhost</li>\n<li>nice</li>\n<li>limituidrange (Linux 3.5.0 or newer)</li>\n<li>limitgidrange (Linux 3.5.0 or newer)</li>\n</ul>\n\n<p>Usage will typically look like:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n itk => {\n user => 'someuser',\n group => 'somegroup',\n },\n }\n</code></pre>\n\n<h3>Virtual Host Examples</h3>\n\n<p>The Apache module allows you to set up pretty much any configuration of virtual host you might desire. This section will address some common configurations. Please see the <a href=\"https://github.com/puppetlabs/puppetlabs-apache/tree/main/tests\">Tests section</a> for even more examples.</p>\n\n<p>Configure a vhost with a server administrator</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'third.example.com':\n port => '80',\n docroot => '/var/www/third',\n serveradmin => 'admin@example.com',\n }\n</code></pre>\n\n<hr>\n\n<p>Set up a vhost with aliased servers</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sixth.example.com':\n serveraliases => [\n 'sixth.example.org',\n 'sixth.example.net',\n ],\n port => '80',\n docroot => '/var/www/fifth',\n }\n</code></pre>\n\n<hr>\n\n<p>Configure a vhost with a cgi-bin</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'eleventh.example.com':\n port => '80',\n docroot => '/var/www/eleventh',\n scriptalias => '/usr/lib/cgi-bin',\n }\n</code></pre>\n\n<hr>\n\n<p>Set up a vhost with a rack configuration</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'fifteenth.example.com':\n port => '80',\n docroot => '/var/www/fifteenth',\n rack_base_uris => ['/rackapp1', '/rackapp2'],\n }\n</code></pre>\n\n<hr>\n\n<p>Set up a mix of SSL and non-SSL vhosts at the same domain</p>\n\n<pre lang=\"puppet\"><code> #The non-ssl vhost\n apache::vhost { 'first.example.com non-ssl':\n servername => 'first.example.com',\n port => '80',\n docroot => '/var/www/first',\n }\n\n #The SSL vhost at the same domain\n apache::vhost { 'first.example.com ssl':\n servername => 'first.example.com',\n port => '443',\n docroot => '/var/www/first',\n ssl => true,\n }\n</code></pre>\n\n<hr>\n\n<p>Configure a vhost to redirect non-SSL connections to SSL</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sixteenth.example.com non-ssl':\n servername => 'sixteenth.example.com',\n port => '80',\n docroot => '/var/www/sixteenth',\n redirect_status => 'permanent'\n redirect_dest => 'https://sixteenth.example.com/'\n }\n apache::vhost { 'sixteenth.example.com ssl':\n servername => 'sixteenth.example.com',\n port => '443',\n docroot => '/var/www/sixteenth',\n ssl => true,\n }\n</code></pre>\n\n<hr>\n\n<p>Set up IP-based vhosts on any listen port and have them respond to requests on specific IP addresses. In this example, we will set listening on ports 80 and 81. This is required because the example vhosts are not declared with a port parameter.</p>\n\n<pre lang=\"puppet\"><code> apache::listen { '80': }\n apache::listen { '81': }\n</code></pre>\n\n<p>Then we will set up the IP-based vhosts</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'first.example.com':\n ip => '10.0.0.10',\n docroot => '/var/www/first',\n ip_based => true,\n }\n apache::vhost { 'second.example.com':\n ip => '10.0.0.11',\n docroot => '/var/www/second',\n ip_based => true,\n }\n</code></pre>\n\n<hr>\n\n<p>Configure a mix of name-based and IP-based vhosts. First, we will add two IP-based vhosts on 10.0.0.10, one SSL and one non-SSL</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'The first IP-based vhost, non-ssl':\n servername => 'first.example.com',\n ip => '10.0.0.10',\n port => '80',\n ip_based => true,\n docroot => '/var/www/first',\n }\n apache::vhost { 'The first IP-based vhost, ssl':\n servername => 'first.example.com',\n ip => '10.0.0.10',\n port => '443',\n ip_based => true,\n docroot => '/var/www/first-ssl',\n ssl => true,\n }\n</code></pre>\n\n<p>Then, we will add two name-based vhosts listening on 10.0.0.20</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'second.example.com':\n ip => '10.0.0.20',\n port => '80',\n docroot => '/var/www/second',\n }\n apache::vhost { 'third.example.com':\n ip => '10.0.0.20',\n port => '80',\n docroot => '/var/www/third',\n }\n</code></pre>\n\n<p>If you want to add two name-based vhosts so that they will answer on either 10.0.0.10 or 10.0.0.20, you <strong>MUST</strong> declare <code>add_listen => 'false'</code> to disable the otherwise automatic 'Listen 80', as it will conflict with the preceding IP-based vhosts.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'fourth.example.com':\n port => '80',\n docroot => '/var/www/fourth',\n add_listen => false,\n }\n apache::vhost { 'fifth.example.com':\n port => '80',\n docroot => '/var/www/fifth',\n add_listen => false,\n }\n</code></pre>\n\n<h2>Implementation</h2>\n\n<h3>Classes and Defined Types</h3>\n\n<h4>Class: <code>apache::dev</code></h4>\n\n<p>Installs Apache development libraries</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::dev': }\n</code></pre>\n\n<p>On FreeBSD you're required to define <code>apache::package</code> or <code>apache</code> class before <code>apache::dev</code>.</p>\n\n<h4>Defined Type: <code>apache::listen</code></h4>\n\n<p>Controls which ports Apache binds to for listening based on the title:</p>\n\n<pre lang=\"puppet\"><code> apache::listen { '80': }\n apache::listen { '443': }\n</code></pre>\n\n<p>Declaring this defined type will add all <code>Listen</code> directives to the <code>ports.conf</code> file in the Apache httpd configuration directory. <code>apache::listen</code> titles should always take the form of: <code><port></code>, <code><ipv4>:<port></code>, or <code>[<ipv6>]:<port></code></p>\n\n<p>Apache httpd requires that <code>Listen</code> directives must be added for every port. The <code>apache::vhost</code> defined type will automatically add <code>Listen</code> directives unless the <code>apache::vhost</code> is passed <code>add_listen => false</code>.</p>\n\n<h4>Defined Type: <code>apache::namevirtualhost</code></h4>\n\n<p>Enables named-based hosting of a virtual host</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::namevirtualhost`: }\n</code></pre>\n\n<p>Declaring this defined type will add all <code>NameVirtualHost</code> directives to the <code>ports.conf</code> file in the Apache https configuration directory. <code>apache::namevirtualhost</code> titles should always take the form of: <code>*</code>, <code>*:<port></code>, <code>_default_:<port></code>, <code><ip></code>, or <code><ip>:<port></code>.</p>\n\n<h4>Defined Type: <code>apache::balancermember</code></h4>\n\n<p>Define members of a proxy_balancer set (mod_proxy_balancer). Very useful when using exported resources.</p>\n\n<p>On every app server you can export a balancermember like this:</p>\n\n<pre lang=\"puppet\"><code> @@apache::balancermember { "${::fqdn}-puppet00":\n balancer_cluster => 'puppet00',\n url => "ajp://${::fqdn}:8009"\n options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],\n }\n</code></pre>\n\n<p>And on the proxy itself you create the balancer cluster using the defined type apache::balancer:</p>\n\n<pre lang=\"puppet\"><code> apache::balancer { 'puppet00': }\n</code></pre>\n\n<p>If you need to use ProxySet in the balncer config you can do as so:</p>\n\n<pre lang=\"puppet\"><code> apache::balancer { 'puppet01':\n proxy_set => {'stickysession' => 'JSESSIONID'},\n }\n</code></pre>\n\n<h3>Templates</h3>\n\n<p>The Apache module relies heavily on templates to enable the <code>vhost</code> and <code>apache::mod</code> defined types. These templates are built based on Facter facts around your operating system. Unless explicitly called out, most templates are not meant for configuration.</p>\n\n<h2>Limitations</h2>\n\n<p>This has been tested on Ubuntu Precise, Debian Wheezy, CentOS 5.8, and FreeBSD 9.1.</p>\n\n<h2>Development</h2>\n\n<h3>Overview</h3>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n\n<h3>Running tests</h3>\n\n<p>This project contains tests for both <a href=\"http://rspec-puppet.com/\">rspec-puppet</a> and <a href=\"https://github.com/puppetlabs/rspec-system\">rspec-system</a> to verify functionality. For in-depth information please see their respective documentation.</p>\n\n<p>Quickstart:</p>\n\n<pre><code>gem install bundler\nbundle install\nbundle exec rake spec\nbundle exec rake spec:system\n</code></pre>\n\n<h2>Copyright and License</h2>\n\n<p>Copyright (C) 2012 <a href=\"https://www.puppetlabs.com/\">Puppet Labs</a> Inc</p>\n\n<p>Puppet Labs can be contacted at: <a href=\"mailto:info@puppetlabs.com\">info@puppetlabs.com</a></p>\n\n<p>Licensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at</p>\n\n<p><a href=\"http://www.apache.org/licenses/LICENSE-2.0\">http://www.apache.org/licenses/LICENSE-2.0</a></p>\n\n<p>Unless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.</p>\n</section>",
|
|
315
315
|
"changelog": "<section class=\"markdown\"><h2>2013-12-05 Release 0.10.0</h2>\n\n<h3>Summary:</h3>\n\n<p>This release adds FreeBSD osfamily support and various other improvements to some mods.</p>\n\n<h3>Features:</h3>\n\n<ul>\n<li>Add suPHP_UserGroup directive to directory context</li>\n<li>Add support for ScriptAliasMatch directives</li>\n<li>Set SSLOptions StdEnvVars in server context</li>\n<li>No implicit <Directory> entry for ScriptAlias path</li>\n<li>Add support for overriding ErrorDocument</li>\n<li>Add support for AliasMatch directives</li>\n<li>Disable default "allow from all" in vhost-directories</li>\n<li>Add WSGIPythonPath as an optional parameter to mod_wsgi. </li>\n<li>Add mod_rpaf support</li>\n<li>Add directives: IndexOptions, IndexOrderDefault</li>\n<li>Add ability to include additional external configurations in vhost</li>\n<li>need to use the provider variable not the provider key value from the directory hash for matches</li>\n<li>Support for FreeBSD and few other features</li>\n<li>Add new params to apache::mod::mime class</li>\n<li>Allow apache::mod to specify module id and path</li>\n<li>added $server_root parameter</li>\n<li>Add Allow and ExtendedStatus support to mod_status</li>\n<li>Expand vhost/_directories.pp directive support</li>\n<li>Add initial support for nss module (no directives in vhost template yet)</li>\n<li>added peruser and event mpms</li>\n<li>added $service_name parameter</li>\n<li>add parameter for TraceEnable</li>\n<li>Make LogLevel configurable for server and vhost</li>\n<li>Add documentation about $ip</li>\n<li>Add ability to pass ip (instead of wildcard) in default vhost files</li>\n</ul>\n\n<h3>Bugfixes:</h3>\n\n<ul>\n<li>Don't listen on port or set NameVirtualHost for non-existent vhost</li>\n<li>only apply Directory defaults when provider is a directory</li>\n<li>Working mod_authnz_ldap support on Debian/Ubuntu</li>\n</ul>\n\n<h2>2013-09-06 Release 0.9.0</h2>\n\n<h3>Summary:</h3>\n\n<p>This release adds more parameters to the base apache class and apache defined\nresource to make the module more flexible. It also adds or enhances SuPHP,\nWSGI, and Passenger mod support, and support for the ITK mpm module.</p>\n\n<h3>Backwards-incompatible Changes:</h3>\n\n<ul>\n<li>Remove many default mods that are not normally needed.</li>\n<li>Remove <code>rewrite_base</code> <code>apache::vhost</code> parameter; did not work anyway.</li>\n<li>Specify dependencies on stdlib >=2.4.0 (this was already the case, but\nmaking explicit)</li>\n<li>Deprecate <code>a2mod</code> in favor of the <code>apache::mod::*</code> classes and <code>apache::mod</code>\ndefined resource.</li>\n</ul>\n\n<h3>Features:</h3>\n\n<ul>\n<li><code>apache</code> class\n\n<ul>\n<li>Add <code>httpd_dir</code> parameter to change the location of the configuration\nfiles.</li>\n<li>Add <code>logroot</code> parameter to change the logroot</li>\n<li>Add <code>ports_file</code> parameter to changes the <code>ports.conf</code> file location</li>\n<li>Add <code>keepalive</code> parameter to enable persistent connections</li>\n<li>Add <code>keepalive_timeout</code> parameter to change the timeout</li>\n<li>Update <code>default_mods</code> to be able to take an array of mods to enable.</li>\n</ul></li>\n<li><code>apache::vhost</code>\n\n<ul>\n<li>Add <code>wsgi_daemon_process</code>, <code>wsgi_daemon_process_options</code>,\n<code>wsgi_process_group</code>, and <code>wsgi_script_aliases</code> parameters for per-vhost\nWSGI configuration.</li>\n<li>Add <code>access_log_syslog</code> parameter to enable syslogging.</li>\n<li>Add <code>error_log_syslog</code> parameter to enable syslogging of errors.</li>\n<li>Add <code>directories</code> hash parameter. Please see README for documentation.</li>\n<li>Add <code>sslproxyengine</code> parameter to enable SSLProxyEngine</li>\n<li>Add <code>suphp_addhandler</code>, <code>suphp_engine</code>, and <code>suphp_configpath</code> for\nconfiguring SuPHP.</li>\n<li>Add <code>custom_fragment</code> parameter to allow for arbitrary apache\nconfiguration injection. (Feature pull requests are prefered over using\nthis, but it is available in a pinch.)</li>\n</ul></li>\n<li>Add <code>apache::mod::suphp</code> class for configuring SuPHP.</li>\n<li>Add <code>apache::mod::itk</code> class for configuring ITK mpm module.</li>\n<li>Update <code>apache::mod::wsgi</code> class for global WSGI configuration with\n<code>wsgi_socket_prefix</code> and <code>wsgi_python_home</code> parameters.</li>\n<li>Add README.passenger.md to document the <code>apache::mod::passenger</code> usage.\nAdded <code>passenger_high_performance</code>, <code>passenger_pool_idle_time</code>,\n<code>passenger_max_requests</code>, <code>passenger_stat_throttle_rate</code>, <code>rack_autodetect</code>,\nand <code>rails_autodetect</code> parameters.</li>\n<li>Separate the httpd service resource into a new <code>apache::service</code> class for\ndependency chaining of <code>Class['apache'] -> <resource> ~>\nClass['apache::service']</code></li>\n<li>Added <code>apache::mod::proxy_balancer</code> class for <code>apache::balancer</code></li>\n</ul>\n\n<h3>Bugfixes:</h3>\n\n<ul>\n<li>Change dependency to puppetlabs-concat</li>\n<li>Fix ruby 1.9 bug for <code>a2mod</code></li>\n<li>Change servername to be <code>$::hostname</code> if there is no <code>$::fqdn</code></li>\n<li>Make <code>/etc/ssl/certs</code> the default ssl certs directory for RedHat non-5.</li>\n<li>Make <code>php</code> the default php package for RedHat non-5.</li>\n<li>Made <code>aliases</code> able to take a single alias hash instead of requiring an\narray.</li>\n</ul>\n\n<h2>2013-07-26 Release 0.8.1</h2>\n\n<h3>Bugfixes:</h3>\n\n<ul>\n<li>Update <code>apache::mpm_module</code> detection for worker/prefork</li>\n<li>Update <code>apache::mod::cgi</code> and <code>apache::mod::cgid</code> detection for\nworker/prefork</li>\n</ul>\n\n<h2>2013-07-16 Release 0.8.0</h2>\n\n<h3>Features:</h3>\n\n<ul>\n<li>Add <code>servername</code> parameter to <code>apache</code> class</li>\n<li>Add <code>proxy_set</code> parameter to <code>apache::balancer</code> define</li>\n</ul>\n\n<h3>Bugfixes:</h3>\n\n<ul>\n<li>Fix ordering for multiple <code>apache::balancer</code> clusters</li>\n<li>Fix symlinking for sites-available on Debian-based OSs</li>\n<li>Fix dependency ordering for recursive confdir management</li>\n<li>Fix <code>apache::mod::*</code> to notify the service on config change</li>\n<li>Documentation updates</li>\n</ul>\n\n<h2>2013-07-09 Release 0.7.0</h2>\n\n<h3>Changes:</h3>\n\n<ul>\n<li>Essentially rewrite the module -- too many to list</li>\n<li><code>apache::vhost</code> has many abilities -- see README.md for details</li>\n<li><code>apache::mod::*</code> classes provide httpd mod-loading capabilities</li>\n<li><code>apache</code> base class is much more configurable</li>\n</ul>\n\n<h3>Bugfixes:</h3>\n\n<ul>\n<li>Many. And many more to come</li>\n</ul>\n\n<h2>2013-03-2 Release 0.6.0</h2>\n\n<ul>\n<li>update travis tests (add more supported versions)</li>\n<li>add access log_parameter</li>\n<li>make purging of vhost dir configurable</li>\n</ul>\n\n<h2>2012-08-24 Release 0.4.0</h2>\n\n<h3>Changes:</h3>\n\n<ul>\n<li><code>include apache</code> is now required when using <code>apache::mod::*</code></li>\n</ul>\n\n<h3>Bugfixes:</h3>\n\n<ul>\n<li>Fix syntax for validate_re</li>\n<li>Fix formatting in vhost template</li>\n<li><p>Fix spec tests such that they pass</p>\n\n<p>2012-05-08 Puppet Labs <a href=\"mailto:info@puppetlabs.com\">info@puppetlabs.com</a> - 0.0.4\ne62e362 Fix broken tests for ssl, vhost, vhost::*\n42c6363 Changes to match style guide and pass puppet-lint without error\n42bc8ba changed name => path for file resources in order to name namevar by it's name\n72e13de One end too much\n0739641 style guide fixes: 'true' <> true, $operatingsystem needs to be $::operatingsystem, etc.\n273f94d fix tests\na35ede5 (#13860) Make a2enmod/a2dismo commands optional\n98d774e (#13860) Autorequire Package['httpd']\n05fcec5 (#13073) Add missing puppet spec tests\n541afda (#6899) Remove virtual a2mod definition\n976cb69 (#13072) Move mod python and wsgi package names to params\n323915a (#13060) Add .gitignore to repo\nfdf40af (#13060) Remove pkg directory from source tree\nfd90015 Add LICENSE file and update the ModuleFile\nd3d0d23 Re-enable local php class\nd7516c7 Make management of firewalls configurable for vhosts\n60f83ba Explicitly lookup scope of apache_name in templates.\nf4d287f (#12581) Add explicit ordering for vdir directory\n88a2ac6 (#11706) puppetlabs-apache depends on puppetlabs-firewall\na776a8b (#11071) Fix to work with latest firewall module\n2b79e8b (#11070) Add support for Scientific Linux\n405b3e9 Fix for a2mod\n57b9048 Commit apache::vhost::redirect Manifest\n8862d01 Commit apache::vhost::proxy Manifest\nd5c1fd0 Commit apache::mod::wsgi Manifest\na825ac7 Commit apache::mod::python Manifest\nb77062f Commit Templates\n9a51b4a Vhost File Declarations\n6cf7312 Defaults for Parameters\n6a5b11a Ensure installed\nf672e46 a2mod fix\n8a56ee9 add pthon support to apache</p></li>\n</ul>\n</section>",
|
|
316
316
|
"license": "<section class=\"plaintext\"><pre>Copyright (C) 2012 Puppet Labs Inc\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n</pre></section>",
|
|
317
317
|
"created_at": "2013-12-05 15:29:14 -0800",
|
|
@@ -313,8 +313,8 @@
|
|
|
313
313
|
"file_size": 67586,
|
|
314
314
|
"file_md5": "bbf919d7ee9d278d2facf39c25578bf8",
|
|
315
315
|
"downloads": 628084,
|
|
316
|
-
"readme": "<section class=\"markdown\"><h1>Puppet Labs Standard Library</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-stdlib\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-stdlib.png?branch=master\" alt=\"Build Status\"></a></p>\n\n<p>This module provides a "standard library" of resources for developing Puppet\nModules. This modules will include the following additions to Puppet</p>\n\n<ul>\n<li>Stages</li>\n<li>Facts</li>\n<li>Functions</li>\n<li>Defined resource types</li>\n<li>Types</li>\n<li>Providers</li>\n</ul>\n\n<p>This module is officially curated and provided by Puppet Labs. The modules\nPuppet Labs writes and distributes will make heavy use of this standard\nlibrary.</p>\n\n<p>To report or research a bug with any part of this module, please go to\n<a href=\"http://projects.puppetlabs.com/projects/stdlib\">http://projects.puppetlabs.com/projects/stdlib</a></p>\n\n<h1>Versions</h1>\n\n<p>This module follows semver.org (v1.0.0) versioning guidelines. The standard\nlibrary module is released as part of <a href=\"http://puppetlabs.com/puppet/puppet-enterprise/\">Puppet\nEnterprise</a> and as a result\nolder versions of Puppet Enterprise that Puppet Labs still supports will have\nbugfix maintenance branches periodically "merged up" into master. The current\nlist of integration branches are:</p>\n\n<ul>\n<li>v2.1.x (v2.1.1 released in PE 1)</li>\n<li>v2.2.x (Never released as part of PE, only to the Forge)</li>\n<li>v2.3.x (Released in PE 2)</li>\n<li>v3.0.x (Never released as part of PE, only to the Forge)</li>\n<li>v4.0.x (Drops support for Puppet 2.7)</li>\n<li>master (mainline development branch)</li>\n</ul>\n\n<p>The first Puppet Enterprise version including the stdlib module is Puppet\nEnterprise 1.2.</p>\n\n<h1>Compatibility</h1>\n\n<table><thead>\n<tr>\n<th align=\"left\">Puppet Versions</th>\n<th align=\"center\">< 2.6</th>\n<th align=\"center\">2.6</th>\n<th align=\"center\">2.7</th>\n<th align=\"center\">3.x</th>\n</tr>\n</thead><tbody>\n<tr>\n<td align=\"left\"><strong>stdlib 2.x</strong></td>\n<td align=\"center\">no</td>\n<td align=\"center\"><strong>yes</strong></td>\n<td align=\"center\"><strong>yes</strong></td>\n<td align=\"center\">no</td>\n</tr>\n<tr>\n<td align=\"left\"><strong>stdlib 3.x</strong></td>\n<td align=\"center\">no</td>\n<td align=\"center\">no</td>\n<td align=\"center\"><strong>yes</strong></td>\n<td align=\"center\"><strong>yes</strong></td>\n</tr>\n<tr>\n<td align=\"left\"><strong>stdlib 4.x</strong></td>\n<td align=\"center\">no</td>\n<td align=\"center\">no</td>\n<td align=\"center\">no</td>\n<td align=\"center\"><strong>yes</strong></td>\n</tr>\n</tbody></table>\n\n<p>The stdlib module does not work with Puppet versions released prior to Puppet\n2.6.0.</p>\n\n<h2>stdlib 2.x</h2>\n\n<p>All stdlib releases in the 2.0 major version support Puppet 2.6 and Puppet 2.7.</p>\n\n<h2>stdlib 3.x</h2>\n\n<p>The 3.0 major release of stdlib drops support for Puppet 2.6. Stdlib 3.x\nsupports Puppet 2 and Puppet 3.</p>\n\n<h2>stdlib 4.x</h2>\n\n<p>The 4.0 major release of stdlib drops support for Puppet 2.7. Stdlib 4.x\nsupports Puppet 3. Notably, ruby 1.8.5 is no longer supported though ruby\n1.8.7, 1.9.3, and 2.0.0 are fully supported.</p>\n\n<h1>Functions</h1>\n\n<h2>abs</h2>\n\n<p>Returns the absolute value of a number, for example -34.56 becomes\n34.56. Takes a single integer and float value as an argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>any2array</h2>\n\n<p>This converts any object to an array containing that object. Empty argument\nlists are converted to an empty array. Arrays are left untouched. Hashes are\nconverted to arrays of alternating keys and values.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>bool2num</h2>\n\n<p>Converts a boolean to a number. Converts the values:\nfalse, f, 0, n, and no to 0\ntrue, t, 1, y, and yes to 1\n Requires a single boolean or string as an input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>capitalize</h2>\n\n<p>Capitalizes the first letter of a string or array of strings.\nRequires either a single string or an array as an input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>chomp</h2>\n\n<p>Removes the record separator from the end of a string or an array of\nstrings, for example <code>hello\\n</code> becomes <code>hello</code>.\nRequires a single string or array as an input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>chop</h2>\n\n<p>Returns a new string with the last character removed. If the string ends\nwith <code>\\r\\n</code>, both characters are removed. Applying chop to an empty\nstring returns an empty string. If you wish to merely remove record\nseparators then you should use the <code>chomp</code> function.\nRequires a string or array of strings as input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>concat</h2>\n\n<p>Appends the contents of array 2 onto array 1.</p>\n\n<p><em>Example:</em></p>\n\n<pre><code>concat(['1','2','3'],['4','5','6'])\n</code></pre>\n\n<p>Would result in:</p>\n\n<p>['1','2','3','4','5','6']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>count</h2>\n\n<p>Takes an array as first argument and an optional second argument.\nCount the number of elements in array that matches second argument.\nIf called with only an array it counts the number of elements that are not nil/undef.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>defined_with_params</h2>\n\n<p>Takes a resource reference and an optional hash of attributes.</p>\n\n<p>Returns true if a resource with the specified attributes has already been added\nto the catalog, and false otherwise.</p>\n\n<pre><code>user { 'dan':\n ensure => present,\n}\n\nif ! defined_with_params(User[dan], {'ensure' => 'present' }) {\n user { 'dan': ensure => present, }\n}\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>delete</h2>\n\n<p>Deletes all instances of a given element from an array, substring from a\nstring, or key from a hash.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>delete(['a','b','c','b'], 'b')\nWould return: ['a','c']\n\ndelete({'a'=>1,'b'=>2,'c'=>3}, 'b')\nWould return: {'a'=>1,'c'=>3}\n\ndelete('abracadabra', 'bra')\nWould return: 'acada'\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>delete_at</h2>\n\n<p>Deletes a determined indexed value from an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>delete_at(['a','b','c'], 1)\n</code></pre>\n\n<p>Would return: ['a','c']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>dirname</h2>\n\n<p>Returns the <code>dirname</code> of a path.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>dirname('/path/to/a/file.ext')\n</code></pre>\n\n<p>Would return: '/path/to/a'</p>\n\n<h2>downcase</h2>\n\n<p>Converts the case of a string or all strings in an array to lower case.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>empty</h2>\n\n<p>Returns true if the variable is empty.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>ensure_packages</h2>\n\n<p>Takes a list of packages and only installs them if they don't already exist.</p>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>ensure_resource</h2>\n\n<p>Takes a resource type, title, and a list of attributes that describe a\nresource.</p>\n\n<pre><code>user { 'dan':\n ensure => present,\n}\n</code></pre>\n\n<p>This example only creates the resource if it does not already exist:</p>\n\n<pre><code>ensure_resource('user, 'dan', {'ensure' => 'present' })\n</code></pre>\n\n<p>If the resource already exists but does not match the specified parameters,\nthis function will attempt to recreate the resource leading to a duplicate\nresource definition error.</p>\n\n<p>An array of resources can also be passed in and each will be created with\nthe type and parameters specified if it doesn't already exist.</p>\n\n<pre><code>ensure_resource('user', ['dan','alex'], {'ensure' => 'present'})\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>flatten</h2>\n\n<p>This function flattens any deeply nested arrays and returns a single flat array\nas a result.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>flatten(['a', ['b', ['c']]])\n</code></pre>\n\n<p>Would return: ['a','b','c']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>floor</h2>\n\n<p>Returns the largest integer less or equal to the argument.\nTakes a single numeric value as an argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>fqdn_rotate</h2>\n\n<p>Rotates an array a random number of times based on a nodes fqdn.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>get_module_path</h2>\n\n<p>Returns the absolute path of the specified module for the current\nenvironment.</p>\n\n<p>Example:\n $module_path = get_module_path('stdlib')</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>getparam</h2>\n\n<p>Takes a resource reference and name of the parameter and\nreturns value of resource's parameter.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>define example_resource($param) {\n}\n\nexample_resource { "example_resource_instance":\n param => "param_value"\n}\n\ngetparam(Example_resource["example_resource_instance"], "param")\n</code></pre>\n\n<p>Would return: param_value</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>getvar</h2>\n\n<p>Lookup a variable in a remote namespace.</p>\n\n<p>For example:</p>\n\n<pre><code>$foo = getvar('site::data::foo')\n# Equivalent to $foo = $site::data::foo\n</code></pre>\n\n<p>This is useful if the namespace itself is stored in a string:</p>\n\n<pre><code>$datalocation = 'site::data'\n$bar = getvar("${datalocation}::bar")\n# Equivalent to $bar = $site::data::bar\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>grep</h2>\n\n<p>This function searches through an array and returns any elements that match\nthe provided regular expression.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>grep(['aaa','bbb','ccc','aaaddd'], 'aaa')\n</code></pre>\n\n<p>Would return:</p>\n\n<pre><code>['aaa','aaaddd']\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>has_interface_with</h2>\n\n<p>Returns boolean based on kind and value:</p>\n\n<ul>\n<li>macaddress</li>\n<li>netmask</li>\n<li>ipaddress</li>\n<li>network</li>\n</ul>\n\n<p>has_interface_with("macaddress", "x:x:x:x:x:x")\nhas_interface_with("ipaddress", "127.0.0.1") => true\netc.</p>\n\n<p>If no "kind" is given, then the presence of the interface is checked:\nhas_interface_with("lo") => true</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>has_ip_address</h2>\n\n<p>Returns true if the client has the requested IP address on some interface.</p>\n\n<p>This function iterates through the 'interfaces' fact and checks the\n'ipaddress_IFACE' facts, performing a simple string comparison.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>has_ip_network</h2>\n\n<p>Returns true if the client has an IP address within the requested network.</p>\n\n<p>This function iterates through the 'interfaces' fact and checks the\n'network_IFACE' facts, performing a simple string comparision.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>has_key</h2>\n\n<p>Determine if a hash has a certain key value.</p>\n\n<p>Example:</p>\n\n<pre><code>$my_hash = {'key_one' => 'value_one'}\nif has_key($my_hash, 'key_two') {\n notice('we will not reach here')\n}\nif has_key($my_hash, 'key_one') {\n notice('this will be printed')\n}\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>hash</h2>\n\n<p>This function converts an array into a hash.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>hash(['a',1,'b',2,'c',3])\n</code></pre>\n\n<p>Would return: {'a'=>1,'b'=>2,'c'=>3}</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_array</h2>\n\n<p>Returns true if the variable passed to this function is an array.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_domain_name</h2>\n\n<p>Returns true if the string passed to this function is a syntactically correct domain name.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_float</h2>\n\n<p>Returns true if the variable passed to this function is a float.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_function_available</h2>\n\n<p>This function accepts a string as an argument, determines whether the\nPuppet runtime has access to a function by that name. It returns a\ntrue if the function exists, false if not.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_hash</h2>\n\n<p>Returns true if the variable passed to this function is a hash.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_integer</h2>\n\n<p>Returns true if the variable returned to this string is an integer.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_ip_address</h2>\n\n<p>Returns true if the string passed to this function is a valid IP address.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_mac_address</h2>\n\n<p>Returns true if the string passed to this function is a valid mac address.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_numeric</h2>\n\n<p>Returns true if the variable passed to this function is a number.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_string</h2>\n\n<p>Returns true if the variable passed to this function is a string.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>join</h2>\n\n<p>This function joins an array into a string using a seperator.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>join(['a','b','c'], ",")\n</code></pre>\n\n<p>Would result in: "a,b,c"</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>join_keys_to_values</h2>\n\n<p>This function joins each key of a hash to that key's corresponding value with a\nseparator. Keys and values are cast to strings. The return value is an array in\nwhich each element is one joined key/value pair.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>join_keys_to_values({'a'=>1,'b'=>2}, " is ")\n</code></pre>\n\n<p>Would result in: ["a is 1","b is 2"]</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>keys</h2>\n\n<p>Returns the keys of a hash as an array.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>loadyaml</h2>\n\n<p>Load a YAML file containing an array, string, or hash, and return the data\nin the corresponding native data type.</p>\n\n<p>For example:</p>\n\n<pre><code>$myhash = loadyaml('/etc/puppet/data/myhash.yaml')\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>lstrip</h2>\n\n<p>Strips leading spaces to the left of a string.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>max</h2>\n\n<p>Returns the highest value of all arguments.\nRequires at least one argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>member</h2>\n\n<p>This function determines if a variable is a member of an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>member(['a','b'], 'b')\n</code></pre>\n\n<p>Would return: true</p>\n\n<pre><code>member(['a','b'], 'c')\n</code></pre>\n\n<p>Would return: false</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>merge</h2>\n\n<p>Merges two or more hashes together and returns the resulting hash.</p>\n\n<p>For example:</p>\n\n<pre><code>$hash1 = {'one' => 1, 'two', => 2}\n$hash2 = {'two' => 'dos', 'three', => 'tres'}\n$merged_hash = merge($hash1, $hash2)\n# The resulting hash is equivalent to:\n# $merged_hash = {'one' => 1, 'two' => 'dos', 'three' => 'tres'}\n</code></pre>\n\n<p>When there is a duplicate key, the key in the rightmost hash will "win."</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>min</h2>\n\n<p>Returns the lowest value of all arguments.\nRequires at least one argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>num2bool</h2>\n\n<p>This function converts a number or a string representation of a number into a\ntrue boolean. Zero or anything non-numeric becomes false. Numbers higher then 0\nbecome true.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>parsejson</h2>\n\n<p>This function accepts JSON as a string and converts into the correct Puppet\nstructure.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>parseyaml</h2>\n\n<p>This function accepts YAML as a string and converts it into the correct\nPuppet structure.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>pick</h2>\n\n<p>This function is similar to a coalesce function in SQL in that it will return\nthe first value in a list of values that is not undefined or an empty string\n(two things in Puppet that will return a boolean false value). Typically,\nthis function is used to check for a value in the Puppet Dashboard/Enterprise\nConsole, and failover to a default value like the following:</p>\n\n<pre><code>$real_jenkins_version = pick($::jenkins_version, '1.449')\n</code></pre>\n\n<p>The value of $real_jenkins_version will first look for a top-scope variable\ncalled 'jenkins_version' (note that parameters set in the Puppet Dashboard/\nEnterprise Console are brought into Puppet as top-scope variables), and,\nfailing that, will use a default value of 1.449.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>prefix</h2>\n\n<p>This function applies a prefix to all elements in an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>prefix(['a','b','c'], 'p')\n</code></pre>\n\n<p>Will return: ['pa','pb','pc']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>range</h2>\n\n<p>When given range in the form of (start, stop) it will extrapolate a range as\nan array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>range("0", "9")\n</code></pre>\n\n<p>Will return: [0,1,2,3,4,5,6,7,8,9]</p>\n\n<pre><code>range("00", "09")\n</code></pre>\n\n<p>Will return: <a href=\"Zero%20padded%20strings%20are%20converted%20to%0Aintegers%20automatically\">0,1,2,3,4,5,6,7,8,9</a></p>\n\n<pre><code>range("a", "c")\n</code></pre>\n\n<p>Will return: ["a","b","c"]</p>\n\n<pre><code>range("host01", "host10")\n</code></pre>\n\n<p>Will return: ["host01", "host02", ..., "host09", "host10"]</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>reject</h2>\n\n<p>This function searches through an array and rejects all elements that match\nthe provided regular expression.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>reject(['aaa','bbb','ccc','aaaddd'], 'aaa')\n</code></pre>\n\n<p>Would return:</p>\n\n<pre><code>['bbb','ccc']\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>reverse</h2>\n\n<p>Reverses the order of a string or array.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>rstrip</h2>\n\n<p>Strips leading spaces to the right of the string.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>shuffle</h2>\n\n<p>Randomizes the order of a string or array elements.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>size</h2>\n\n<p>Returns the number of elements in a string or array.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>sort</h2>\n\n<p>Sorts strings and arrays lexically.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>squeeze</h2>\n\n<p>Returns a new string where runs of the same character that occur in this set\nare replaced by a single character.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>str2bool</h2>\n\n<p>This converts a string to a boolean. This attempt to convert strings that\ncontain things like: y, 1, t, true to 'true' and strings that contain things\nlike: 0, f, n, false, no to 'false'.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>str2saltedsha512</h2>\n\n<p>This converts a string to a salted-SHA512 password hash (which is used for\nOS X versions >= 10.7). Given any simple string, you will get a hex version\nof a salted-SHA512 password hash that can be inserted into your Puppet\nmanifests as a valid password attribute.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>strftime</h2>\n\n<p>This function returns formatted time.</p>\n\n<p><em>Examples:</em></p>\n\n<p>To return the time since epoch:</p>\n\n<pre><code>strftime("%s")\n</code></pre>\n\n<p>To return the date:</p>\n\n<pre><code>strftime("%Y-%m-%d")\n</code></pre>\n\n<p><em>Format meaning:</em></p>\n\n<pre><code>%a - The abbreviated weekday name (``Sun'')\n%A - The full weekday name (``Sunday'')\n%b - The abbreviated month name (``Jan'')\n%B - The full month name (``January'')\n%c - The preferred local date and time representation\n%C - Century (20 in 2009)\n%d - Day of the month (01..31)\n%D - Date (%m/%d/%y)\n%e - Day of the month, blank-padded ( 1..31)\n%F - Equivalent to %Y-%m-%d (the ISO 8601 date format)\n%h - Equivalent to %b\n%H - Hour of the day, 24-hour clock (00..23)\n%I - Hour of the day, 12-hour clock (01..12)\n%j - Day of the year (001..366)\n%k - hour, 24-hour clock, blank-padded ( 0..23)\n%l - hour, 12-hour clock, blank-padded ( 0..12)\n%L - Millisecond of the second (000..999)\n%m - Month of the year (01..12)\n%M - Minute of the hour (00..59)\n%n - Newline (\n</code></pre>\n\n<p>)\n %N - Fractional seconds digits, default is 9 digits (nanosecond)\n %3N millisecond (3 digits)\n %6N microsecond (6 digits)\n %9N nanosecond (9 digits)\n %p - Meridian indicator (<code>AM'' or</code>PM'')\n %P - Meridian indicator (<code>am'' or</code>pm'')\n %r - time, 12-hour (same as %I:%M:%S %p)\n %R - time, 24-hour (%H:%M)\n %s - Number of seconds since 1970-01-01 00:00:00 UTC.\n %S - Second of the minute (00..60)\n %t - Tab character ( )\n %T - time, 24-hour (%H:%M:%S)\n %u - Day of the week as a decimal, Monday being 1. (1..7)\n %U - Week number of the current year,\n starting with the first Sunday as the first\n day of the first week (00..53)\n %v - VMS date (%e-%b-%Y)\n %V - Week number of year according to ISO 8601 (01..53)\n %W - Week number of the current year,\n starting with the first Monday as the first\n day of the first week (00..53)\n %w - Day of the week (Sunday is 0, 0..6)\n %x - Preferred representation for the date alone, no time\n %X - Preferred representation for the time alone, no date\n %y - Year without a century (00..99)\n %Y - Year with century\n %z - Time zone as hour offset from UTC (e.g. +0900)\n %Z - Time zone name\n %% - Literal ``%'' character</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>strip</h2>\n\n<p>This function removes leading and trailing whitespace from a string or from\nevery string inside an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>strip(" aaa ")\n</code></pre>\n\n<p>Would result in: "aaa"</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>suffix</h2>\n\n<p>This function applies a suffix to all elements in an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>suffix(['a','b','c'], 'p')\n</code></pre>\n\n<p>Will return: ['ap','bp','cp']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>swapcase</h2>\n\n<p>This function will swap the existing case of a string.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>swapcase("aBcD")\n</code></pre>\n\n<p>Would result in: "AbCd"</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>time</h2>\n\n<p>This function will return the current time since epoch as an integer.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>time()\n</code></pre>\n\n<p>Will return something like: 1311972653</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>to_bytes</h2>\n\n<p>Converts the argument into bytes, for example 4 kB becomes 4096.\nTakes a single string value as an argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>type</h2>\n\n<p>Returns the type when passed a variable. Type can be one of:</p>\n\n<ul>\n<li>string</li>\n<li>array</li>\n<li>hash</li>\n<li>float</li>\n<li>integer</li>\n<li><p>boolean</p></li>\n<li><p><em>Type</em>: rvalue</p></li>\n</ul>\n\n<h2>unique</h2>\n\n<p>This function will remove duplicates from strings and arrays.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>unique("aabbcc")\n</code></pre>\n\n<p>Will return:</p>\n\n<pre><code>abc\n</code></pre>\n\n<p>You can also use this with arrays:</p>\n\n<pre><code>unique(["a","a","b","b","c","c"])\n</code></pre>\n\n<p>This returns:</p>\n\n<pre><code>["a","b","c"]\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>upcase</h2>\n\n<p>Converts a string or an array of strings to uppercase.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>upcase("abcd")\n</code></pre>\n\n<p>Will return:</p>\n\n<pre><code>ASDF\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>uriescape</h2>\n\n<p>Urlencodes a string or array of strings.\nRequires either a single string or an array as an input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>validate_absolute_path</h2>\n\n<p>Validate the string represents an absolute path in the filesystem. This function works\nfor windows and unix style paths.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$my_path = "C:/Program Files (x86)/Puppet Labs/Puppet"\nvalidate_absolute_path($my_path)\n$my_path2 = "/var/lib/puppet"\nvalidate_absolute_path($my_path2)\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>validate_absolute_path(true)\nvalidate_absolute_path([ 'var/lib/puppet', '/var/foo' ])\nvalidate_absolute_path([ '/var/lib/puppet', 'var/foo' ])\n$undefined = undef\nvalidate_absolute_path($undefined)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_array</h2>\n\n<p>Validate that all passed values are array data structures. Abort catalog\ncompilation if any value fails this check.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$my_array = [ 'one', 'two' ]\nvalidate_array($my_array)\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>validate_array(true)\nvalidate_array('some_string')\n$undefined = undef\nvalidate_array($undefined)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_augeas</h2>\n\n<p>Perform validation of a string using an Augeas lens\nThe first argument of this function should be a string to\ntest, and the second argument should be the name of the Augeas lens to use.\nIf Augeas fails to parse the string with the lens, the compilation will\nabort with a parse error.</p>\n\n<p>A third argument can be specified, listing paths which should\nnot be found in the file. The <code>$file</code> variable points to the location\nof the temporary file being tested in the Augeas tree.</p>\n\n<p>For example, if you want to make sure your passwd content never contains\na user <code>foo</code>, you could write:</p>\n\n<pre><code>validate_augeas($passwdcontent, 'Passwd.lns', ['$file/foo'])\n</code></pre>\n\n<p>Or if you wanted to ensure that no users used the '/bin/barsh' shell,\nyou could use:</p>\n\n<pre><code>validate_augeas($passwdcontent, 'Passwd.lns', ['$file/*[shell="/bin/barsh"]']\n</code></pre>\n\n<p>If a fourth argument is specified, this will be the error message raised and\nseen by the user.</p>\n\n<p>A helpful error message can be returned like this:</p>\n\n<pre><code>validate_augeas($sudoerscontent, 'Sudoers.lns', [], 'Failed to validate sudoers content with Augeas')\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_bool</h2>\n\n<p>Validate that all passed values are either true or false. Abort catalog\ncompilation if any value fails this check.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$iamtrue = true\nvalidate_bool(true)\nvalidate_bool(true, true, false, $iamtrue)\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>$some_array = [ true ]\nvalidate_bool("false")\nvalidate_bool("true")\nvalidate_bool($some_array)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_cmd</h2>\n\n<p>Perform validation of a string with an external command.\nThe first argument of this function should be a string to\ntest, and the second argument should be a path to a test command\ntaking a file as last argument. If the command, launched against\na tempfile containing the passed string, returns a non-null value,\ncompilation will abort with a parse error.</p>\n\n<p>If a third argument is specified, this will be the error message raised and\nseen by the user.</p>\n\n<p>A helpful error message can be returned like this:</p>\n\n<p>Example:</p>\n\n<pre><code>validate_cmd($sudoerscontent, '/usr/sbin/visudo -c -f', 'Visudo failed to validate sudoers content')\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_hash</h2>\n\n<p>Validate that all passed values are hash data structures. Abort catalog\ncompilation if any value fails this check.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$my_hash = { 'one' => 'two' }\nvalidate_hash($my_hash)\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>validate_hash(true)\nvalidate_hash('some_string')\n$undefined = undef\nvalidate_hash($undefined)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_re</h2>\n\n<p>Perform simple validation of a string against one or more regular\nexpressions. The first argument of this function should be a string to\ntest, and the second argument should be a stringified regular expression\n(without the // delimiters) or an array of regular expressions. If none\nof the regular expressions match the string passed in, compilation will\nabort with a parse error.</p>\n\n<p>If a third argument is specified, this will be the error message raised and\nseen by the user.</p>\n\n<p>The following strings will validate against the regular expressions:</p>\n\n<pre><code>validate_re('one', '^one$')\nvalidate_re('one', [ '^one', '^two' ])\n</code></pre>\n\n<p>The following strings will fail to validate, causing compilation to abort:</p>\n\n<pre><code>validate_re('one', [ '^two', '^three' ])\n</code></pre>\n\n<p>A helpful error message can be returned like this:</p>\n\n<pre><code>validate_re($::puppetversion, '^2.7', 'The $puppetversion fact value does not match 2.7')\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_slength</h2>\n\n<p>Validate that the first argument is a string (or an array of strings), and\nless/equal to than the length of the second argument. It fails if the first\nargument is not a string or array of strings, and if arg 2 is not convertable\nto a number.</p>\n\n<p>The following values will pass:</p>\n\n<p>validate_slength("discombobulate",17)\n validate_slength(["discombobulate","moo"],17)</p>\n\n<p>The following valueis will not:</p>\n\n<p>validate_slength("discombobulate",1)\n validate_slength(["discombobulate","thermometer"],5)</p>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_string</h2>\n\n<p>Validate that all passed values are string data structures. Abort catalog\ncompilation if any value fails this check.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$my_string = "one two"\nvalidate_string($my_string, 'three')\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>validate_string(true)\nvalidate_string([ 'some', 'array' ])\n$undefined = undef\nvalidate_string($undefined)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>values</h2>\n\n<p>When given a hash this function will return the values of that hash.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>$hash = {\n 'a' => 1,\n 'b' => 2,\n 'c' => 3,\n}\nvalues($hash)\n</code></pre>\n\n<p>This example would return:</p>\n\n<pre><code>[1,2,3]\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>values_at</h2>\n\n<p>Finds value inside an array based on location.</p>\n\n<p>The first argument is the array you want to analyze, and the second element can\nbe a combination of:</p>\n\n<ul>\n<li>A single numeric index</li>\n<li>A range in the form of 'start-stop' (eg. 4-9)</li>\n<li>An array combining the above</li>\n</ul>\n\n<p><em>Examples</em>:</p>\n\n<pre><code>values_at(['a','b','c'], 2)\n</code></pre>\n\n<p>Would return ['c'].</p>\n\n<pre><code>values_at(['a','b','c'], ["0-1"])\n</code></pre>\n\n<p>Would return ['a','b'].</p>\n\n<pre><code>values_at(['a','b','c','d','e'], [0, "2-3"])\n</code></pre>\n\n<p>Would return ['a','c','d'].</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>zip</h2>\n\n<p>Takes one element from first array and merges corresponding elements from second array. This generates a sequence of n-element arrays, where n is one more than the count of arguments.</p>\n\n<p><em>Example:</em></p>\n\n<pre><code>zip(['1','2','3'],['4','5','6'])\n</code></pre>\n\n<p>Would result in:</p>\n\n<pre><code>["1", "4"], ["2", "5"], ["3", "6"]\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<p><em>This page autogenerated on 2013-04-11 13:54:25 -0700</em></p>\n</section>",
|
|
317
|
-
"changelog": "<section class=\"plaintext\"><pre>2013-05-06 - Jeff McCune <jeff@puppetlabs.com> - 4.1.0\n * (#20582) Restore facter_dot_d to stdlib for PE users (3b887c8)\n * (maint) Update Gemfile with GEM_FACTER_VERSION (f44d535)\n\n2013-05-06 - Alex Cline <acline@us.ibm.com> - 4.1.0\n * Terser method of string to array conversion courtesy of ethooz. (d38bce0)\n\n2013-05-06 - Alex Cline <acline@us.ibm.com> 4.1.0\n * Refactor ensure_resource expectations (b33cc24)\n\n2013-05-06 - Alex Cline <acline@us.ibm.com> 4.1.0\n * Changed str-to-array conversion and removed abbreviation. (de253db)\n\n2013-05-03 - Alex Cline <acline@us.ibm.com> 4.1.0\n * (#20548) Allow an array of resource titles to be passed into the ensure_resource function (e08734a)\n\n2013-05-02 - Raphaël Pinson <raphael.pinson@camptocamp.com> - 4.1.0\n * Add a dirname function (2ba9e47)\n\n2013-04-29 - Mark Smith-Guerrero <msmithgu@gmail.com> - 4.1.0\n * (maint) Fix a small typo in hash() description (928036a)\n\n2013-04-12 - Jeff McCune <jeff@puppetlabs.com> - 4.0.2\n * Update user information in gemspec to make the intent of the Gem clear.\n\n2013-04-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.1\n * Fix README function documentation (ab3e30c)\n\n2013-04-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * stdlib 4.0 drops support with Puppet 2.7\n * stdlib 4.0 preserves support with Puppet 3\n\n2013-04-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * Add ability to use puppet from git via bundler (9c5805f)\n\n2013-04-10 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * (maint) Make stdlib usable as a Ruby GEM (e81a45e)\n\n2013-04-10 - Erik Dalén <dalen@spotify.com> - 4.0.0\n * Add a count function (f28550e)\n\n2013-03-31 - Amos Shapira <ashapira@atlassian.com> - 4.0.0\n * (#19998) Implement any2array (7a2fb80)\n\n2013-03-29 - Steve Huff <shuff@vecna.org> - 4.0.0\n * (19864) num2bool match fix (8d217f0)\n\n2013-03-20 - Erik Dalén <dalen@spotify.com> - 4.0.0\n * Allow comparisons of Numeric and number as String (ff5dd5d)\n\n2013-03-26 - Richard Soderberg <rsoderberg@mozilla.com> - 4.0.0\n * add suffix function to accompany the prefix function (88a93ac)\n\n2013-03-19 - Kristof Willaert <kristof.willaert@gmail.com> - 4.0.0\n * Add floor function implementation and unit tests (0527341)\n\n2012-04-03 - Eric Shamow <eric@puppetlabs.com> - 4.0.0\n * (#13610) Add is_function_available to stdlib (961dcab)\n\n2012-12-17 - Justin Lambert <jlambert@eml.cc> - 4.0.0\n * str2bool should return a boolean if called with a boolean (5d5a4d4)\n\n2012-10-23 - Uwe Stuehler <ustuehler@team.mobile.de> - 4.0.0\n * Fix number of arguments check in flatten() (e80207b)\n\n2013-03-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * Add contributing document (96e19d0)\n\n2013-03-04 - Raphaël Pinson <raphael.pinson@camptocamp.com> - 4.0.0\n * Add missing documentation for validate_augeas and validate_cmd to README.markdown (a1510a1)\n\n2013-02-14 - Joshua Hoblitt <jhoblitt@cpan.org> - 4.0.0\n * (#19272) Add has_element() function (95cf3fe)\n\n2013-02-07 - Raphaël Pinson <raphael.pinson@camptocamp.com> - 4.0.0\n * validate_cmd(): Use Puppet::Util::Execution.execute when available (69248df)\n\n2012-12-06 - Raphaël Pinson <raphink@gmail.com> - 4.0.0\n * Add validate_augeas function (3a97c23)\n\n2012-12-06 - Raphaël Pinson <raphink@gmail.com> - 4.0.0\n * Add validate_cmd function (6902cc5)\n\n2013-01-14 - David Schmitt <david@dasz.at> - 4.0.0\n * Add geppetto project definition (b3fc0a3)\n\n2013-01-02 - Jaka Hudoklin <jakahudoklin@gmail.com> - 4.0.0\n * Add getparam function to get defined resource parameters (20e0e07)\n\n2013-01-05 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * (maint) Add Travis CI Support (d082046)\n\n2012-12-04 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * Clarify that stdlib 3 supports Puppet 3 (3a6085f)\n\n2012-11-30 - Erik Dalén <dalen@spotify.com> - 4.0.0\n * maint: style guideline fixes (7742e5f)\n\n2012-11-09 - James Fryman <james@frymanet.com> - 4.0.0\n * puppet-lint cleanup (88acc52)\n\n2012-11-06 - Joe Julian <me@joejulian.name> - 4.0.0\n * Add function, uriescape, to URI.escape strings. Redmine #17459 (fd52b8d)\n\n2012-09-18 - Chad Metcalf <chad@wibidata.com> - 3.2.0\n * Add an ensure_packages function. (8a8c09e)\n\n2012-11-23 - Erik Dalén <dalen@spotify.com> - 3.2.0\n * (#17797) min() and max() functions (9954133)\n\n2012-05-23 - Peter Meier <peter.meier@immerda.ch> - 3.2.0\n * (#14670) autorequire a file_line resource's path (dfcee63)\n\n2012-11-19 - Joshua Harlan Lifton <lifton@puppetlabs.com> - 3.2.0\n * Add join_keys_to_values function (ee0f2b3)\n\n2012-11-17 - Joshua Harlan Lifton <lifton@puppetlabs.com> - 3.2.0\n * Extend delete function for strings and hashes (7322e4d)\n\n2012-08-03 - Gary Larizza <gary@puppetlabs.com> - 3.2.0\n * Add the pick() function (ba6dd13)\n\n2012-03-20 - Wil Cooley <wcooley@pdx.edu> - 3.2.0\n * (#13974) Add predicate functions for interface facts (f819417)\n\n2012-11-06 - Joe Julian <me@joejulian.name> - 3.2.0\n * Add function, uriescape, to URI.escape strings. Redmine #17459 (70f4a0e)\n\n2012-10-25 - Jeff McCune <jeff@puppetlabs.com> - 3.1.1\n * (maint) Fix spec failures resulting from Facter API changes (97f836f)\n\n2012-10-23 - Matthaus Owens <matthaus@puppetlabs.com> - 3.1.0\n * Add PE facts to stdlib (cdf3b05)\n\n2012-08-16 - Jeff McCune <jeff@puppetlabs.com> - 3.0.1\n * Fix accidental removal of facts_dot_d.rb in 3.0.0 release\n\n2012-08-16 - Jeff McCune <jeff@puppetlabs.com> - 3.0.0\n * stdlib 3.0 drops support with Puppet 2.6\n * stdlib 3.0 preserves support with Puppet 2.7\n\n2012-08-07 - Dan Bode <dan@puppetlabs.com> - 3.0.0\n * Add function ensure_resource and defined_with_params (ba789de)\n\n2012-07-10 - Hailee Kenney <hailee@puppetlabs.com> - 3.0.0\n * (#2157) Remove facter_dot_d for compatibility with external facts (f92574f)\n\n2012-04-10 - Chris Price <chris@puppetlabs.com> - 3.0.0\n * (#13693) moving logic from local spec_helper to puppetlabs_spec_helper (85f96df)\n\n2012-10-25 - Jeff McCune <jeff@puppetlabs.com> - 2.5.1\n * (maint) Fix spec failures resulting from Facter API changes (97f836f)\n\n2012-10-23 - Matthaus Owens <matthaus@puppetlabs.com> - 2.5.0\n * Add PE facts to stdlib (cdf3b05)\n\n2012-08-15 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Explicitly load functions used by ensure_resource (9fc3063)\n\n2012-08-13 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Add better docs about duplicate resource failures (97d327a)\n\n2012-08-13 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Handle undef for parameter argument (4f8b133)\n\n2012-08-07 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Add function ensure_resource and defined_with_params (a0cb8cd)\n\n2012-08-20 - Jeff McCune <jeff@puppetlabs.com> - 2.5.0\n * Disable tests that fail on 2.6.x due to #15912 (c81496e)\n\n2012-08-20 - Jeff McCune <jeff@puppetlabs.com> - 2.5.0\n * (Maint) Fix mis-use of rvalue functions as statements (4492913)\n\n2012-08-20 - Jeff McCune <jeff@puppetlabs.com> - 2.5.0\n * Add .rspec file to repo root (88789e8)\n\n2012-06-07 - Chris Price <chris@puppetlabs.com> - 2.4.0\n * Add support for a 'match' parameter to file_line (a06c0d8)\n\n2012-08-07 - Erik Dalén <dalen@spotify.com> - 2.4.0\n * (#15872) Add to_bytes function (247b69c)\n\n2012-07-19 - Jeff McCune <jeff@puppetlabs.com> - 2.4.0\n * (Maint) use PuppetlabsSpec::PuppetInternals.scope (master) (deafe88)\n\n2012-07-10 - Hailee Kenney <hailee@puppetlabs.com> - 2.4.0\n * (#2157) Make facts_dot_d compatible with external facts (5fb0ddc)\n\n2012-03-16 - Steve Traylen <steve.traylen@cern.ch> - 2.4.0\n * (#13205) Rotate array/string randomley based on fqdn, fqdn_rotate() (fef247b)\n\n2012-05-22 - Peter Meier <peter.meier@immerda.ch> - 2.3.3\n * fix regression in #11017 properly (f0a62c7)\n\n2012-05-10 - Jeff McCune <jeff@puppetlabs.com> - 2.3.3\n * Fix spec tests using the new spec_helper (7d34333)\n\n2012-05-10 - Puppet Labs <support@puppetlabs.com> - 2.3.2\n * Make file_line default to ensure => present (1373e70)\n * Memoize file_line spec instance variables (20aacc5)\n * Fix spec tests using the new spec_helper (1ebfa5d)\n * (#13595) initialize_everything_for_tests couples modules Puppet ver (3222f35)\n * (#13439) Fix MRI 1.9 issue with spec_helper (15c5fd1)\n * (#13439) Fix test failures with Puppet 2.6.x (665610b)\n * (#13439) refactor spec helper for compatibility with both puppet 2.7 and master (82194ca)\n * (#13494) Specify the behavior of zero padded strings (61891bb)\n\n2012-03-29 Puppet Labs <support@puppetlabs.com> - 2.1.3\n* (#11607) Add Rakefile to enable spec testing\n* (#12377) Avoid infinite loop when retrying require json\n\n2012-03-13 Puppet Labs <support@puppetlabs.com> - 2.3.1\n* (#13091) Fix LoadError bug with puppet apply and puppet_vardir fact\n\n2012-03-12 Puppet Labs <support@puppetlabs.com> - 2.3.0\n* Add a large number of new Puppet functions\n* Backwards compatibility preserved with 2.2.x\n\n2011-12-30 Puppet Labs <support@puppetlabs.com> - 2.2.1\n* Documentation only release for the Forge\n\n2011-12-30 Puppet Labs <support@puppetlabs.com> - 2.1.2\n* Documentation only release for PE 2.0.x\n\n2011-11-08 Puppet Labs <support@puppetlabs.com> - 2.2.0\n* #10285 - Refactor json to use pson instead.\n* Maint - Add watchr autotest script\n* Maint - Make rspec tests work with Puppet 2.6.4\n* #9859 - Add root_home fact and tests\n\n2011-08-18 Puppet Labs <support@puppetlabs.com> - 2.1.1\n* Change facts.d paths to match Facter 2.0 paths.\n* /etc/facter/facts.d\n* /etc/puppetlabs/facter/facts.d\n\n2011-08-17 Puppet Labs <support@puppetlabs.com> - 2.1.0\n* Add R.I. Pienaar's facts.d custom facter fact\n* facts defined in /etc/facts.d and /etc/puppetlabs/facts.d are\n automatically loaded now.\n\n2011-08-04 Puppet Labs <support@puppetlabs.com> - 2.0.0\n* Rename whole_line to file_line\n* This is an API change and as such motivating a 2.0.0 release according to semver.org.\n\n2011-08-04 Puppet Labs <support@puppetlabs.com> - 1.1.0\n* Rename append_line to whole_line\n* This is an API change and as such motivating a 1.1.0 release.\n\n2011-08-04 Puppet Labs <support@puppetlabs.com> - 1.0.0\n* Initial stable release\n* Add validate_array and validate_string functions\n* Make merge() function work with Ruby 1.8.5\n* Add hash merging function\n* Add has_key function\n* Add loadyaml() function\n* Add append_line native\n\n2011-06-21 Jeff McCune <jeff@puppetlabs.com> - 0.1.7\n* Add validate_hash() and getvar() functions\n\n2011-06-15 Jeff McCune <jeff@puppetlabs.com> - 0.1.6\n* Add anchor resource type to provide containment for composite classes\n\n2011-06-03 Jeff McCune <jeff@puppetlabs.com> - 0.1.5\n* Add validate_bool() function to stdlib\n\n0.1.4 2011-05-26 Jeff McCune <jeff@puppetlabs.com>\n* Move most stages after main\n\n0.1.3 2011-05-25 Jeff McCune <jeff@puppetlabs.com>\n* Add validate_re() function\n\n0.1.2 2011-05-24 Jeff McCune <jeff@puppetlabs.com>\n* Update to add annotated tag\n\n0.1.1 2011-05-24 Jeff McCune <jeff@puppetlabs.com>\n* Add stdlib::stages class with a standard set of stages\n</pre></section>",
|
|
316
|
+
"readme": "<section class=\"markdown\"><h1>Puppet Labs Standard Library</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-stdlib\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-stdlib.png?branch=main\" alt=\"Build Status\"></a></p>\n\n<p>This module provides a "standard library" of resources for developing Puppet\nModules. This modules will include the following additions to Puppet</p>\n\n<ul>\n<li>Stages</li>\n<li>Facts</li>\n<li>Functions</li>\n<li>Defined resource types</li>\n<li>Types</li>\n<li>Providers</li>\n</ul>\n\n<p>This module is officially curated and provided by Puppet Labs. The modules\nPuppet Labs writes and distributes will make heavy use of this standard\nlibrary.</p>\n\n<p>To report or research a bug with any part of this module, please go to\n<a href=\"http://projects.puppetlabs.com/projects/stdlib\">http://projects.puppetlabs.com/projects/stdlib</a></p>\n\n<h1>Versions</h1>\n\n<p>This module follows semver.org (v1.0.0) versioning guidelines. The standard\nlibrary module is released as part of <a href=\"http://puppetlabs.com/puppet/puppet-enterprise/\">Puppet\nEnterprise</a> and as a result\nolder versions of Puppet Enterprise that Puppet Labs still supports will have\nbugfix maintenance branches periodically "merged up" into main. The current\nlist of integration branches are:</p>\n\n<ul>\n<li>v2.1.x (v2.1.1 released in PE 1)</li>\n<li>v2.2.x (Never released as part of PE, only to the Forge)</li>\n<li>v2.3.x (Released in PE 2)</li>\n<li>v3.0.x (Never released as part of PE, only to the Forge)</li>\n<li>v4.0.x (Drops support for Puppet 2.7)</li>\n<li>main (mainline development branch)</li>\n</ul>\n\n<p>The first Puppet Enterprise version including the stdlib module is Puppet\nEnterprise 1.2.</p>\n\n<h1>Compatibility</h1>\n\n<table><thead>\n<tr>\n<th align=\"left\">Puppet Versions</th>\n<th align=\"center\">< 2.6</th>\n<th align=\"center\">2.6</th>\n<th align=\"center\">2.7</th>\n<th align=\"center\">3.x</th>\n</tr>\n</thead><tbody>\n<tr>\n<td align=\"left\"><strong>stdlib 2.x</strong></td>\n<td align=\"center\">no</td>\n<td align=\"center\"><strong>yes</strong></td>\n<td align=\"center\"><strong>yes</strong></td>\n<td align=\"center\">no</td>\n</tr>\n<tr>\n<td align=\"left\"><strong>stdlib 3.x</strong></td>\n<td align=\"center\">no</td>\n<td align=\"center\">no</td>\n<td align=\"center\"><strong>yes</strong></td>\n<td align=\"center\"><strong>yes</strong></td>\n</tr>\n<tr>\n<td align=\"left\"><strong>stdlib 4.x</strong></td>\n<td align=\"center\">no</td>\n<td align=\"center\">no</td>\n<td align=\"center\">no</td>\n<td align=\"center\"><strong>yes</strong></td>\n</tr>\n</tbody></table>\n\n<p>The stdlib module does not work with Puppet versions released prior to Puppet\n2.6.0.</p>\n\n<h2>stdlib 2.x</h2>\n\n<p>All stdlib releases in the 2.0 major version support Puppet 2.6 and Puppet 2.7.</p>\n\n<h2>stdlib 3.x</h2>\n\n<p>The 3.0 major release of stdlib drops support for Puppet 2.6. Stdlib 3.x\nsupports Puppet 2 and Puppet 3.</p>\n\n<h2>stdlib 4.x</h2>\n\n<p>The 4.0 major release of stdlib drops support for Puppet 2.7. Stdlib 4.x\nsupports Puppet 3. Notably, ruby 1.8.5 is no longer supported though ruby\n1.8.7, 1.9.3, and 2.0.0 are fully supported.</p>\n\n<h1>Functions</h1>\n\n<h2>abs</h2>\n\n<p>Returns the absolute value of a number, for example -34.56 becomes\n34.56. Takes a single integer and float value as an argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>any2array</h2>\n\n<p>This converts any object to an array containing that object. Empty argument\nlists are converted to an empty array. Arrays are left untouched. Hashes are\nconverted to arrays of alternating keys and values.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>bool2num</h2>\n\n<p>Converts a boolean to a number. Converts the values:\nfalse, f, 0, n, and no to 0\ntrue, t, 1, y, and yes to 1\n Requires a single boolean or string as an input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>capitalize</h2>\n\n<p>Capitalizes the first letter of a string or array of strings.\nRequires either a single string or an array as an input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>chomp</h2>\n\n<p>Removes the record separator from the end of a string or an array of\nstrings, for example <code>hello\\n</code> becomes <code>hello</code>.\nRequires a single string or array as an input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>chop</h2>\n\n<p>Returns a new string with the last character removed. If the string ends\nwith <code>\\r\\n</code>, both characters are removed. Applying chop to an empty\nstring returns an empty string. If you wish to merely remove record\nseparators then you should use the <code>chomp</code> function.\nRequires a string or array of strings as input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>concat</h2>\n\n<p>Appends the contents of array 2 onto array 1.</p>\n\n<p><em>Example:</em></p>\n\n<pre><code>concat(['1','2','3'],['4','5','6'])\n</code></pre>\n\n<p>Would result in:</p>\n\n<p>['1','2','3','4','5','6']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>count</h2>\n\n<p>Takes an array as first argument and an optional second argument.\nCount the number of elements in array that matches second argument.\nIf called with only an array it counts the number of elements that are not nil/undef.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>defined_with_params</h2>\n\n<p>Takes a resource reference and an optional hash of attributes.</p>\n\n<p>Returns true if a resource with the specified attributes has already been added\nto the catalog, and false otherwise.</p>\n\n<pre><code>user { 'dan':\n ensure => present,\n}\n\nif ! defined_with_params(User[dan], {'ensure' => 'present' }) {\n user { 'dan': ensure => present, }\n}\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>delete</h2>\n\n<p>Deletes all instances of a given element from an array, substring from a\nstring, or key from a hash.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>delete(['a','b','c','b'], 'b')\nWould return: ['a','c']\n\ndelete({'a'=>1,'b'=>2,'c'=>3}, 'b')\nWould return: {'a'=>1,'c'=>3}\n\ndelete('abracadabra', 'bra')\nWould return: 'acada'\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>delete_at</h2>\n\n<p>Deletes a determined indexed value from an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>delete_at(['a','b','c'], 1)\n</code></pre>\n\n<p>Would return: ['a','c']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>dirname</h2>\n\n<p>Returns the <code>dirname</code> of a path.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>dirname('/path/to/a/file.ext')\n</code></pre>\n\n<p>Would return: '/path/to/a'</p>\n\n<h2>downcase</h2>\n\n<p>Converts the case of a string or all strings in an array to lower case.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>empty</h2>\n\n<p>Returns true if the variable is empty.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>ensure_packages</h2>\n\n<p>Takes a list of packages and only installs them if they don't already exist.</p>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>ensure_resource</h2>\n\n<p>Takes a resource type, title, and a list of attributes that describe a\nresource.</p>\n\n<pre><code>user { 'dan':\n ensure => present,\n}\n</code></pre>\n\n<p>This example only creates the resource if it does not already exist:</p>\n\n<pre><code>ensure_resource('user, 'dan', {'ensure' => 'present' })\n</code></pre>\n\n<p>If the resource already exists but does not match the specified parameters,\nthis function will attempt to recreate the resource leading to a duplicate\nresource definition error.</p>\n\n<p>An array of resources can also be passed in and each will be created with\nthe type and parameters specified if it doesn't already exist.</p>\n\n<pre><code>ensure_resource('user', ['dan','alex'], {'ensure' => 'present'})\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>flatten</h2>\n\n<p>This function flattens any deeply nested arrays and returns a single flat array\nas a result.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>flatten(['a', ['b', ['c']]])\n</code></pre>\n\n<p>Would return: ['a','b','c']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>floor</h2>\n\n<p>Returns the largest integer less or equal to the argument.\nTakes a single numeric value as an argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>fqdn_rotate</h2>\n\n<p>Rotates an array a random number of times based on a nodes fqdn.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>get_module_path</h2>\n\n<p>Returns the absolute path of the specified module for the current\nenvironment.</p>\n\n<p>Example:\n $module_path = get_module_path('stdlib')</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>getparam</h2>\n\n<p>Takes a resource reference and name of the parameter and\nreturns value of resource's parameter.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>define example_resource($param) {\n}\n\nexample_resource { "example_resource_instance":\n param => "param_value"\n}\n\ngetparam(Example_resource["example_resource_instance"], "param")\n</code></pre>\n\n<p>Would return: param_value</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>getvar</h2>\n\n<p>Lookup a variable in a remote namespace.</p>\n\n<p>For example:</p>\n\n<pre><code>$foo = getvar('site::data::foo')\n# Equivalent to $foo = $site::data::foo\n</code></pre>\n\n<p>This is useful if the namespace itself is stored in a string:</p>\n\n<pre><code>$datalocation = 'site::data'\n$bar = getvar("${datalocation}::bar")\n# Equivalent to $bar = $site::data::bar\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>grep</h2>\n\n<p>This function searches through an array and returns any elements that match\nthe provided regular expression.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>grep(['aaa','bbb','ccc','aaaddd'], 'aaa')\n</code></pre>\n\n<p>Would return:</p>\n\n<pre><code>['aaa','aaaddd']\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>has_interface_with</h2>\n\n<p>Returns boolean based on kind and value:</p>\n\n<ul>\n<li>macaddress</li>\n<li>netmask</li>\n<li>ipaddress</li>\n<li>network</li>\n</ul>\n\n<p>has_interface_with("macaddress", "x:x:x:x:x:x")\nhas_interface_with("ipaddress", "127.0.0.1") => true\netc.</p>\n\n<p>If no "kind" is given, then the presence of the interface is checked:\nhas_interface_with("lo") => true</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>has_ip_address</h2>\n\n<p>Returns true if the client has the requested IP address on some interface.</p>\n\n<p>This function iterates through the 'interfaces' fact and checks the\n'ipaddress_IFACE' facts, performing a simple string comparison.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>has_ip_network</h2>\n\n<p>Returns true if the client has an IP address within the requested network.</p>\n\n<p>This function iterates through the 'interfaces' fact and checks the\n'network_IFACE' facts, performing a simple string comparision.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>has_key</h2>\n\n<p>Determine if a hash has a certain key value.</p>\n\n<p>Example:</p>\n\n<pre><code>$my_hash = {'key_one' => 'value_one'}\nif has_key($my_hash, 'key_two') {\n notice('we will not reach here')\n}\nif has_key($my_hash, 'key_one') {\n notice('this will be printed')\n}\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>hash</h2>\n\n<p>This function converts an array into a hash.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>hash(['a',1,'b',2,'c',3])\n</code></pre>\n\n<p>Would return: {'a'=>1,'b'=>2,'c'=>3}</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_array</h2>\n\n<p>Returns true if the variable passed to this function is an array.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_domain_name</h2>\n\n<p>Returns true if the string passed to this function is a syntactically correct domain name.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_float</h2>\n\n<p>Returns true if the variable passed to this function is a float.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_function_available</h2>\n\n<p>This function accepts a string as an argument, determines whether the\nPuppet runtime has access to a function by that name. It returns a\ntrue if the function exists, false if not.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_hash</h2>\n\n<p>Returns true if the variable passed to this function is a hash.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_integer</h2>\n\n<p>Returns true if the variable returned to this string is an integer.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_ip_address</h2>\n\n<p>Returns true if the string passed to this function is a valid IP address.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_mac_address</h2>\n\n<p>Returns true if the string passed to this function is a valid mac address.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_numeric</h2>\n\n<p>Returns true if the variable passed to this function is a number.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>is_string</h2>\n\n<p>Returns true if the variable passed to this function is a string.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>join</h2>\n\n<p>This function joins an array into a string using a seperator.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>join(['a','b','c'], ",")\n</code></pre>\n\n<p>Would result in: "a,b,c"</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>join_keys_to_values</h2>\n\n<p>This function joins each key of a hash to that key's corresponding value with a\nseparator. Keys and values are cast to strings. The return value is an array in\nwhich each element is one joined key/value pair.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>join_keys_to_values({'a'=>1,'b'=>2}, " is ")\n</code></pre>\n\n<p>Would result in: ["a is 1","b is 2"]</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>keys</h2>\n\n<p>Returns the keys of a hash as an array.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>loadyaml</h2>\n\n<p>Load a YAML file containing an array, string, or hash, and return the data\nin the corresponding native data type.</p>\n\n<p>For example:</p>\n\n<pre><code>$myhash = loadyaml('/etc/puppet/data/myhash.yaml')\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>lstrip</h2>\n\n<p>Strips leading spaces to the left of a string.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>max</h2>\n\n<p>Returns the highest value of all arguments.\nRequires at least one argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>member</h2>\n\n<p>This function determines if a variable is a member of an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>member(['a','b'], 'b')\n</code></pre>\n\n<p>Would return: true</p>\n\n<pre><code>member(['a','b'], 'c')\n</code></pre>\n\n<p>Would return: false</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>merge</h2>\n\n<p>Merges two or more hashes together and returns the resulting hash.</p>\n\n<p>For example:</p>\n\n<pre><code>$hash1 = {'one' => 1, 'two', => 2}\n$hash2 = {'two' => 'dos', 'three', => 'tres'}\n$merged_hash = merge($hash1, $hash2)\n# The resulting hash is equivalent to:\n# $merged_hash = {'one' => 1, 'two' => 'dos', 'three' => 'tres'}\n</code></pre>\n\n<p>When there is a duplicate key, the key in the rightmost hash will "win."</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>min</h2>\n\n<p>Returns the lowest value of all arguments.\nRequires at least one argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>num2bool</h2>\n\n<p>This function converts a number or a string representation of a number into a\ntrue boolean. Zero or anything non-numeric becomes false. Numbers higher then 0\nbecome true.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>parsejson</h2>\n\n<p>This function accepts JSON as a string and converts into the correct Puppet\nstructure.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>parseyaml</h2>\n\n<p>This function accepts YAML as a string and converts it into the correct\nPuppet structure.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>pick</h2>\n\n<p>This function is similar to a coalesce function in SQL in that it will return\nthe first value in a list of values that is not undefined or an empty string\n(two things in Puppet that will return a boolean false value). Typically,\nthis function is used to check for a value in the Puppet Dashboard/Enterprise\nConsole, and failover to a default value like the following:</p>\n\n<pre><code>$real_jenkins_version = pick($::jenkins_version, '1.449')\n</code></pre>\n\n<p>The value of $real_jenkins_version will first look for a top-scope variable\ncalled 'jenkins_version' (note that parameters set in the Puppet Dashboard/\nEnterprise Console are brought into Puppet as top-scope variables), and,\nfailing that, will use a default value of 1.449.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>prefix</h2>\n\n<p>This function applies a prefix to all elements in an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>prefix(['a','b','c'], 'p')\n</code></pre>\n\n<p>Will return: ['pa','pb','pc']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>range</h2>\n\n<p>When given range in the form of (start, stop) it will extrapolate a range as\nan array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>range("0", "9")\n</code></pre>\n\n<p>Will return: [0,1,2,3,4,5,6,7,8,9]</p>\n\n<pre><code>range("00", "09")\n</code></pre>\n\n<p>Will return: <a href=\"Zero%20padded%20strings%20are%20converted%20to%0Aintegers%20automatically\">0,1,2,3,4,5,6,7,8,9</a></p>\n\n<pre><code>range("a", "c")\n</code></pre>\n\n<p>Will return: ["a","b","c"]</p>\n\n<pre><code>range("host01", "host10")\n</code></pre>\n\n<p>Will return: ["host01", "host02", ..., "host09", "host10"]</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>reject</h2>\n\n<p>This function searches through an array and rejects all elements that match\nthe provided regular expression.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>reject(['aaa','bbb','ccc','aaaddd'], 'aaa')\n</code></pre>\n\n<p>Would return:</p>\n\n<pre><code>['bbb','ccc']\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>reverse</h2>\n\n<p>Reverses the order of a string or array.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>rstrip</h2>\n\n<p>Strips leading spaces to the right of the string.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>shuffle</h2>\n\n<p>Randomizes the order of a string or array elements.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>size</h2>\n\n<p>Returns the number of elements in a string or array.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>sort</h2>\n\n<p>Sorts strings and arrays lexically.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>squeeze</h2>\n\n<p>Returns a new string where runs of the same character that occur in this set\nare replaced by a single character.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>str2bool</h2>\n\n<p>This converts a string to a boolean. This attempt to convert strings that\ncontain things like: y, 1, t, true to 'true' and strings that contain things\nlike: 0, f, n, false, no to 'false'.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>str2saltedsha512</h2>\n\n<p>This converts a string to a salted-SHA512 password hash (which is used for\nOS X versions >= 10.7). Given any simple string, you will get a hex version\nof a salted-SHA512 password hash that can be inserted into your Puppet\nmanifests as a valid password attribute.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>strftime</h2>\n\n<p>This function returns formatted time.</p>\n\n<p><em>Examples:</em></p>\n\n<p>To return the time since epoch:</p>\n\n<pre><code>strftime("%s")\n</code></pre>\n\n<p>To return the date:</p>\n\n<pre><code>strftime("%Y-%m-%d")\n</code></pre>\n\n<p><em>Format meaning:</em></p>\n\n<pre><code>%a - The abbreviated weekday name (``Sun'')\n%A - The full weekday name (``Sunday'')\n%b - The abbreviated month name (``Jan'')\n%B - The full month name (``January'')\n%c - The preferred local date and time representation\n%C - Century (20 in 2009)\n%d - Day of the month (01..31)\n%D - Date (%m/%d/%y)\n%e - Day of the month, blank-padded ( 1..31)\n%F - Equivalent to %Y-%m-%d (the ISO 8601 date format)\n%h - Equivalent to %b\n%H - Hour of the day, 24-hour clock (00..23)\n%I - Hour of the day, 12-hour clock (01..12)\n%j - Day of the year (001..366)\n%k - hour, 24-hour clock, blank-padded ( 0..23)\n%l - hour, 12-hour clock, blank-padded ( 0..12)\n%L - Millisecond of the second (000..999)\n%m - Month of the year (01..12)\n%M - Minute of the hour (00..59)\n%n - Newline (\n</code></pre>\n\n<p>)\n %N - Fractional seconds digits, default is 9 digits (nanosecond)\n %3N millisecond (3 digits)\n %6N microsecond (6 digits)\n %9N nanosecond (9 digits)\n %p - Meridian indicator (<code>AM'' or</code>PM'')\n %P - Meridian indicator (<code>am'' or</code>pm'')\n %r - time, 12-hour (same as %I:%M:%S %p)\n %R - time, 24-hour (%H:%M)\n %s - Number of seconds since 1970-01-01 00:00:00 UTC.\n %S - Second of the minute (00..60)\n %t - Tab character ( )\n %T - time, 24-hour (%H:%M:%S)\n %u - Day of the week as a decimal, Monday being 1. (1..7)\n %U - Week number of the current year,\n starting with the first Sunday as the first\n day of the first week (00..53)\n %v - VMS date (%e-%b-%Y)\n %V - Week number of year according to ISO 8601 (01..53)\n %W - Week number of the current year,\n starting with the first Monday as the first\n day of the first week (00..53)\n %w - Day of the week (Sunday is 0, 0..6)\n %x - Preferred representation for the date alone, no time\n %X - Preferred representation for the time alone, no date\n %y - Year without a century (00..99)\n %Y - Year with century\n %z - Time zone as hour offset from UTC (e.g. +0900)\n %Z - Time zone name\n %% - Literal ``%'' character</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>strip</h2>\n\n<p>This function removes leading and trailing whitespace from a string or from\nevery string inside an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>strip(" aaa ")\n</code></pre>\n\n<p>Would result in: "aaa"</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>suffix</h2>\n\n<p>This function applies a suffix to all elements in an array.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>suffix(['a','b','c'], 'p')\n</code></pre>\n\n<p>Will return: ['ap','bp','cp']</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>swapcase</h2>\n\n<p>This function will swap the existing case of a string.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>swapcase("aBcD")\n</code></pre>\n\n<p>Would result in: "AbCd"</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>time</h2>\n\n<p>This function will return the current time since epoch as an integer.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>time()\n</code></pre>\n\n<p>Will return something like: 1311972653</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>to_bytes</h2>\n\n<p>Converts the argument into bytes, for example 4 kB becomes 4096.\nTakes a single string value as an argument.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>type</h2>\n\n<p>Returns the type when passed a variable. Type can be one of:</p>\n\n<ul>\n<li>string</li>\n<li>array</li>\n<li>hash</li>\n<li>float</li>\n<li>integer</li>\n<li><p>boolean</p></li>\n<li><p><em>Type</em>: rvalue</p></li>\n</ul>\n\n<h2>unique</h2>\n\n<p>This function will remove duplicates from strings and arrays.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>unique("aabbcc")\n</code></pre>\n\n<p>Will return:</p>\n\n<pre><code>abc\n</code></pre>\n\n<p>You can also use this with arrays:</p>\n\n<pre><code>unique(["a","a","b","b","c","c"])\n</code></pre>\n\n<p>This returns:</p>\n\n<pre><code>["a","b","c"]\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>upcase</h2>\n\n<p>Converts a string or an array of strings to uppercase.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>upcase("abcd")\n</code></pre>\n\n<p>Will return:</p>\n\n<pre><code>ASDF\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>uriescape</h2>\n\n<p>Urlencodes a string or array of strings.\nRequires either a single string or an array as an input.</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>validate_absolute_path</h2>\n\n<p>Validate the string represents an absolute path in the filesystem. This function works\nfor windows and unix style paths.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$my_path = "C:/Program Files (x86)/Puppet Labs/Puppet"\nvalidate_absolute_path($my_path)\n$my_path2 = "/var/lib/puppet"\nvalidate_absolute_path($my_path2)\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>validate_absolute_path(true)\nvalidate_absolute_path([ 'var/lib/puppet', '/var/foo' ])\nvalidate_absolute_path([ '/var/lib/puppet', 'var/foo' ])\n$undefined = undef\nvalidate_absolute_path($undefined)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_array</h2>\n\n<p>Validate that all passed values are array data structures. Abort catalog\ncompilation if any value fails this check.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$my_array = [ 'one', 'two' ]\nvalidate_array($my_array)\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>validate_array(true)\nvalidate_array('some_string')\n$undefined = undef\nvalidate_array($undefined)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_augeas</h2>\n\n<p>Perform validation of a string using an Augeas lens\nThe first argument of this function should be a string to\ntest, and the second argument should be the name of the Augeas lens to use.\nIf Augeas fails to parse the string with the lens, the compilation will\nabort with a parse error.</p>\n\n<p>A third argument can be specified, listing paths which should\nnot be found in the file. The <code>$file</code> variable points to the location\nof the temporary file being tested in the Augeas tree.</p>\n\n<p>For example, if you want to make sure your passwd content never contains\na user <code>foo</code>, you could write:</p>\n\n<pre><code>validate_augeas($passwdcontent, 'Passwd.lns', ['$file/foo'])\n</code></pre>\n\n<p>Or if you wanted to ensure that no users used the '/bin/barsh' shell,\nyou could use:</p>\n\n<pre><code>validate_augeas($passwdcontent, 'Passwd.lns', ['$file/*[shell="/bin/barsh"]']\n</code></pre>\n\n<p>If a fourth argument is specified, this will be the error message raised and\nseen by the user.</p>\n\n<p>A helpful error message can be returned like this:</p>\n\n<pre><code>validate_augeas($sudoerscontent, 'Sudoers.lns', [], 'Failed to validate sudoers content with Augeas')\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_bool</h2>\n\n<p>Validate that all passed values are either true or false. Abort catalog\ncompilation if any value fails this check.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$iamtrue = true\nvalidate_bool(true)\nvalidate_bool(true, true, false, $iamtrue)\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>$some_array = [ true ]\nvalidate_bool("false")\nvalidate_bool("true")\nvalidate_bool($some_array)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_cmd</h2>\n\n<p>Perform validation of a string with an external command.\nThe first argument of this function should be a string to\ntest, and the second argument should be a path to a test command\ntaking a file as last argument. If the command, launched against\na tempfile containing the passed string, returns a non-null value,\ncompilation will abort with a parse error.</p>\n\n<p>If a third argument is specified, this will be the error message raised and\nseen by the user.</p>\n\n<p>A helpful error message can be returned like this:</p>\n\n<p>Example:</p>\n\n<pre><code>validate_cmd($sudoerscontent, '/usr/sbin/visudo -c -f', 'Visudo failed to validate sudoers content')\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_hash</h2>\n\n<p>Validate that all passed values are hash data structures. Abort catalog\ncompilation if any value fails this check.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$my_hash = { 'one' => 'two' }\nvalidate_hash($my_hash)\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>validate_hash(true)\nvalidate_hash('some_string')\n$undefined = undef\nvalidate_hash($undefined)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_re</h2>\n\n<p>Perform simple validation of a string against one or more regular\nexpressions. The first argument of this function should be a string to\ntest, and the second argument should be a stringified regular expression\n(without the // delimiters) or an array of regular expressions. If none\nof the regular expressions match the string passed in, compilation will\nabort with a parse error.</p>\n\n<p>If a third argument is specified, this will be the error message raised and\nseen by the user.</p>\n\n<p>The following strings will validate against the regular expressions:</p>\n\n<pre><code>validate_re('one', '^one$')\nvalidate_re('one', [ '^one', '^two' ])\n</code></pre>\n\n<p>The following strings will fail to validate, causing compilation to abort:</p>\n\n<pre><code>validate_re('one', [ '^two', '^three' ])\n</code></pre>\n\n<p>A helpful error message can be returned like this:</p>\n\n<pre><code>validate_re($::puppetversion, '^2.7', 'The $puppetversion fact value does not match 2.7')\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_slength</h2>\n\n<p>Validate that the first argument is a string (or an array of strings), and\nless/equal to than the length of the second argument. It fails if the first\nargument is not a string or array of strings, and if arg 2 is not convertable\nto a number.</p>\n\n<p>The following values will pass:</p>\n\n<p>validate_slength("discombobulate",17)\n validate_slength(["discombobulate","moo"],17)</p>\n\n<p>The following valueis will not:</p>\n\n<p>validate_slength("discombobulate",1)\n validate_slength(["discombobulate","thermometer"],5)</p>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>validate_string</h2>\n\n<p>Validate that all passed values are string data structures. Abort catalog\ncompilation if any value fails this check.</p>\n\n<p>The following values will pass:</p>\n\n<pre><code>$my_string = "one two"\nvalidate_string($my_string, 'three')\n</code></pre>\n\n<p>The following values will fail, causing compilation to abort:</p>\n\n<pre><code>validate_string(true)\nvalidate_string([ 'some', 'array' ])\n$undefined = undef\nvalidate_string($undefined)\n</code></pre>\n\n<ul>\n<li><em>Type</em>: statement</li>\n</ul>\n\n<h2>values</h2>\n\n<p>When given a hash this function will return the values of that hash.</p>\n\n<p><em>Examples:</em></p>\n\n<pre><code>$hash = {\n 'a' => 1,\n 'b' => 2,\n 'c' => 3,\n}\nvalues($hash)\n</code></pre>\n\n<p>This example would return:</p>\n\n<pre><code>[1,2,3]\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>values_at</h2>\n\n<p>Finds value inside an array based on location.</p>\n\n<p>The first argument is the array you want to analyze, and the second element can\nbe a combination of:</p>\n\n<ul>\n<li>A single numeric index</li>\n<li>A range in the form of 'start-stop' (eg. 4-9)</li>\n<li>An array combining the above</li>\n</ul>\n\n<p><em>Examples</em>:</p>\n\n<pre><code>values_at(['a','b','c'], 2)\n</code></pre>\n\n<p>Would return ['c'].</p>\n\n<pre><code>values_at(['a','b','c'], ["0-1"])\n</code></pre>\n\n<p>Would return ['a','b'].</p>\n\n<pre><code>values_at(['a','b','c','d','e'], [0, "2-3"])\n</code></pre>\n\n<p>Would return ['a','c','d'].</p>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<h2>zip</h2>\n\n<p>Takes one element from first array and merges corresponding elements from second array. This generates a sequence of n-element arrays, where n is one more than the count of arguments.</p>\n\n<p><em>Example:</em></p>\n\n<pre><code>zip(['1','2','3'],['4','5','6'])\n</code></pre>\n\n<p>Would result in:</p>\n\n<pre><code>["1", "4"], ["2", "5"], ["3", "6"]\n</code></pre>\n\n<ul>\n<li><em>Type</em>: rvalue</li>\n</ul>\n\n<p><em>This page autogenerated on 2013-04-11 13:54:25 -0700</em></p>\n</section>",
|
|
317
|
+
"changelog": "<section class=\"plaintext\"><pre>2013-05-06 - Jeff McCune <jeff@puppetlabs.com> - 4.1.0\n * (#20582) Restore facter_dot_d to stdlib for PE users (3b887c8)\n * (maint) Update Gemfile with GEM_FACTER_VERSION (f44d535)\n\n2013-05-06 - Alex Cline <acline@us.ibm.com> - 4.1.0\n * Terser method of string to array conversion courtesy of ethooz. (d38bce0)\n\n2013-05-06 - Alex Cline <acline@us.ibm.com> 4.1.0\n * Refactor ensure_resource expectations (b33cc24)\n\n2013-05-06 - Alex Cline <acline@us.ibm.com> 4.1.0\n * Changed str-to-array conversion and removed abbreviation. (de253db)\n\n2013-05-03 - Alex Cline <acline@us.ibm.com> 4.1.0\n * (#20548) Allow an array of resource titles to be passed into the ensure_resource function (e08734a)\n\n2013-05-02 - Raphaël Pinson <raphael.pinson@camptocamp.com> - 4.1.0\n * Add a dirname function (2ba9e47)\n\n2013-04-29 - Mark Smith-Guerrero <msmithgu@gmail.com> - 4.1.0\n * (maint) Fix a small typo in hash() description (928036a)\n\n2013-04-12 - Jeff McCune <jeff@puppetlabs.com> - 4.0.2\n * Update user information in gemspec to make the intent of the Gem clear.\n\n2013-04-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.1\n * Fix README function documentation (ab3e30c)\n\n2013-04-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * stdlib 4.0 drops support with Puppet 2.7\n * stdlib 4.0 preserves support with Puppet 3\n\n2013-04-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * Add ability to use puppet from git via bundler (9c5805f)\n\n2013-04-10 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * (maint) Make stdlib usable as a Ruby GEM (e81a45e)\n\n2013-04-10 - Erik Dalén <dalen@spotify.com> - 4.0.0\n * Add a count function (f28550e)\n\n2013-03-31 - Amos Shapira <ashapira@atlassian.com> - 4.0.0\n * (#19998) Implement any2array (7a2fb80)\n\n2013-03-29 - Steve Huff <shuff@vecna.org> - 4.0.0\n * (19864) num2bool match fix (8d217f0)\n\n2013-03-20 - Erik Dalén <dalen@spotify.com> - 4.0.0\n * Allow comparisons of Numeric and number as String (ff5dd5d)\n\n2013-03-26 - Richard Soderberg <rsoderberg@mozilla.com> - 4.0.0\n * add suffix function to accompany the prefix function (88a93ac)\n\n2013-03-19 - Kristof Willaert <kristof.willaert@gmail.com> - 4.0.0\n * Add floor function implementation and unit tests (0527341)\n\n2012-04-03 - Eric Shamow <eric@puppetlabs.com> - 4.0.0\n * (#13610) Add is_function_available to stdlib (961dcab)\n\n2012-12-17 - Justin Lambert <jlambert@eml.cc> - 4.0.0\n * str2bool should return a boolean if called with a boolean (5d5a4d4)\n\n2012-10-23 - Uwe Stuehler <ustuehler@team.mobile.de> - 4.0.0\n * Fix number of arguments check in flatten() (e80207b)\n\n2013-03-11 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * Add contributing document (96e19d0)\n\n2013-03-04 - Raphaël Pinson <raphael.pinson@camptocamp.com> - 4.0.0\n * Add missing documentation for validate_augeas and validate_cmd to README.markdown (a1510a1)\n\n2013-02-14 - Joshua Hoblitt <jhoblitt@cpan.org> - 4.0.0\n * (#19272) Add has_element() function (95cf3fe)\n\n2013-02-07 - Raphaël Pinson <raphael.pinson@camptocamp.com> - 4.0.0\n * validate_cmd(): Use Puppet::Util::Execution.execute when available (69248df)\n\n2012-12-06 - Raphaël Pinson <raphink@gmail.com> - 4.0.0\n * Add validate_augeas function (3a97c23)\n\n2012-12-06 - Raphaël Pinson <raphink@gmail.com> - 4.0.0\n * Add validate_cmd function (6902cc5)\n\n2013-01-14 - David Schmitt <david@dasz.at> - 4.0.0\n * Add geppetto project definition (b3fc0a3)\n\n2013-01-02 - Jaka Hudoklin <jakahudoklin@gmail.com> - 4.0.0\n * Add getparam function to get defined resource parameters (20e0e07)\n\n2013-01-05 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * (maint) Add Travis CI Support (d082046)\n\n2012-12-04 - Jeff McCune <jeff@puppetlabs.com> - 4.0.0\n * Clarify that stdlib 3 supports Puppet 3 (3a6085f)\n\n2012-11-30 - Erik Dalén <dalen@spotify.com> - 4.0.0\n * maint: style guideline fixes (7742e5f)\n\n2012-11-09 - James Fryman <james@frymanet.com> - 4.0.0\n * puppet-lint cleanup (88acc52)\n\n2012-11-06 - Joe Julian <me@joejulian.name> - 4.0.0\n * Add function, uriescape, to URI.escape strings. Redmine #17459 (fd52b8d)\n\n2012-09-18 - Chad Metcalf <chad@wibidata.com> - 3.2.0\n * Add an ensure_packages function. (8a8c09e)\n\n2012-11-23 - Erik Dalén <dalen@spotify.com> - 3.2.0\n * (#17797) min() and max() functions (9954133)\n\n2012-05-23 - Peter Meier <peter.meier@immerda.ch> - 3.2.0\n * (#14670) autorequire a file_line resource's path (dfcee63)\n\n2012-11-19 - Joshua Harlan Lifton <lifton@puppetlabs.com> - 3.2.0\n * Add join_keys_to_values function (ee0f2b3)\n\n2012-11-17 - Joshua Harlan Lifton <lifton@puppetlabs.com> - 3.2.0\n * Extend delete function for strings and hashes (7322e4d)\n\n2012-08-03 - Gary Larizza <gary@puppetlabs.com> - 3.2.0\n * Add the pick() function (ba6dd13)\n\n2012-03-20 - Wil Cooley <wcooley@pdx.edu> - 3.2.0\n * (#13974) Add predicate functions for interface facts (f819417)\n\n2012-11-06 - Joe Julian <me@joejulian.name> - 3.2.0\n * Add function, uriescape, to URI.escape strings. Redmine #17459 (70f4a0e)\n\n2012-10-25 - Jeff McCune <jeff@puppetlabs.com> - 3.1.1\n * (maint) Fix spec failures resulting from Facter API changes (97f836f)\n\n2012-10-23 - Matthaus Owens <matthaus@puppetlabs.com> - 3.1.0\n * Add PE facts to stdlib (cdf3b05)\n\n2012-08-16 - Jeff McCune <jeff@puppetlabs.com> - 3.0.1\n * Fix accidental removal of facts_dot_d.rb in 3.0.0 release\n\n2012-08-16 - Jeff McCune <jeff@puppetlabs.com> - 3.0.0\n * stdlib 3.0 drops support with Puppet 2.6\n * stdlib 3.0 preserves support with Puppet 2.7\n\n2012-08-07 - Dan Bode <dan@puppetlabs.com> - 3.0.0\n * Add function ensure_resource and defined_with_params (ba789de)\n\n2012-07-10 - Hailee Kenney <hailee@puppetlabs.com> - 3.0.0\n * (#2157) Remove facter_dot_d for compatibility with external facts (f92574f)\n\n2012-04-10 - Chris Price <chris@puppetlabs.com> - 3.0.0\n * (#13693) moving logic from local spec_helper to puppetlabs_spec_helper (85f96df)\n\n2012-10-25 - Jeff McCune <jeff@puppetlabs.com> - 2.5.1\n * (maint) Fix spec failures resulting from Facter API changes (97f836f)\n\n2012-10-23 - Matthaus Owens <matthaus@puppetlabs.com> - 2.5.0\n * Add PE facts to stdlib (cdf3b05)\n\n2012-08-15 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Explicitly load functions used by ensure_resource (9fc3063)\n\n2012-08-13 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Add better docs about duplicate resource failures (97d327a)\n\n2012-08-13 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Handle undef for parameter argument (4f8b133)\n\n2012-08-07 - Dan Bode <dan@puppetlabs.com> - 2.5.0\n * Add function ensure_resource and defined_with_params (a0cb8cd)\n\n2012-08-20 - Jeff McCune <jeff@puppetlabs.com> - 2.5.0\n * Disable tests that fail on 2.6.x due to #15912 (c81496e)\n\n2012-08-20 - Jeff McCune <jeff@puppetlabs.com> - 2.5.0\n * (Maint) Fix mis-use of rvalue functions as statements (4492913)\n\n2012-08-20 - Jeff McCune <jeff@puppetlabs.com> - 2.5.0\n * Add .rspec file to repo root (88789e8)\n\n2012-06-07 - Chris Price <chris@puppetlabs.com> - 2.4.0\n * Add support for a 'match' parameter to file_line (a06c0d8)\n\n2012-08-07 - Erik Dalén <dalen@spotify.com> - 2.4.0\n * (#15872) Add to_bytes function (247b69c)\n\n2012-07-19 - Jeff McCune <jeff@puppetlabs.com> - 2.4.0\n * (Maint) use PuppetlabsSpec::PuppetInternals.scope (main) (deafe88)\n\n2012-07-10 - Hailee Kenney <hailee@puppetlabs.com> - 2.4.0\n * (#2157) Make facts_dot_d compatible with external facts (5fb0ddc)\n\n2012-03-16 - Steve Traylen <steve.traylen@cern.ch> - 2.4.0\n * (#13205) Rotate array/string randomley based on fqdn, fqdn_rotate() (fef247b)\n\n2012-05-22 - Peter Meier <peter.meier@immerda.ch> - 2.3.3\n * fix regression in #11017 properly (f0a62c7)\n\n2012-05-10 - Jeff McCune <jeff@puppetlabs.com> - 2.3.3\n * Fix spec tests using the new spec_helper (7d34333)\n\n2012-05-10 - Puppet Labs <support@puppetlabs.com> - 2.3.2\n * Make file_line default to ensure => present (1373e70)\n * Memoize file_line spec instance variables (20aacc5)\n * Fix spec tests using the new spec_helper (1ebfa5d)\n * (#13595) initialize_everything_for_tests couples modules Puppet ver (3222f35)\n * (#13439) Fix MRI 1.9 issue with spec_helper (15c5fd1)\n * (#13439) Fix test failures with Puppet 2.6.x (665610b)\n * (#13439) refactor spec helper for compatibility with both puppet 2.7 and main (82194ca)\n * (#13494) Specify the behavior of zero padded strings (61891bb)\n\n2012-03-29 Puppet Labs <support@puppetlabs.com> - 2.1.3\n* (#11607) Add Rakefile to enable spec testing\n* (#12377) Avoid infinite loop when retrying require json\n\n2012-03-13 Puppet Labs <support@puppetlabs.com> - 2.3.1\n* (#13091) Fix LoadError bug with puppet apply and puppet_vardir fact\n\n2012-03-12 Puppet Labs <support@puppetlabs.com> - 2.3.0\n* Add a large number of new Puppet functions\n* Backwards compatibility preserved with 2.2.x\n\n2011-12-30 Puppet Labs <support@puppetlabs.com> - 2.2.1\n* Documentation only release for the Forge\n\n2011-12-30 Puppet Labs <support@puppetlabs.com> - 2.1.2\n* Documentation only release for PE 2.0.x\n\n2011-11-08 Puppet Labs <support@puppetlabs.com> - 2.2.0\n* #10285 - Refactor json to use pson instead.\n* Maint - Add watchr autotest script\n* Maint - Make rspec tests work with Puppet 2.6.4\n* #9859 - Add root_home fact and tests\n\n2011-08-18 Puppet Labs <support@puppetlabs.com> - 2.1.1\n* Change facts.d paths to match Facter 2.0 paths.\n* /etc/facter/facts.d\n* /etc/puppetlabs/facter/facts.d\n\n2011-08-17 Puppet Labs <support@puppetlabs.com> - 2.1.0\n* Add R.I. Pienaar's facts.d custom facter fact\n* facts defined in /etc/facts.d and /etc/puppetlabs/facts.d are\n automatically loaded now.\n\n2011-08-04 Puppet Labs <support@puppetlabs.com> - 2.0.0\n* Rename whole_line to file_line\n* This is an API change and as such motivating a 2.0.0 release according to semver.org.\n\n2011-08-04 Puppet Labs <support@puppetlabs.com> - 1.1.0\n* Rename append_line to whole_line\n* This is an API change and as such motivating a 1.1.0 release.\n\n2011-08-04 Puppet Labs <support@puppetlabs.com> - 1.0.0\n* Initial stable release\n* Add validate_array and validate_string functions\n* Make merge() function work with Ruby 1.8.5\n* Add hash merging function\n* Add has_key function\n* Add loadyaml() function\n* Add append_line native\n\n2011-06-21 Jeff McCune <jeff@puppetlabs.com> - 0.1.7\n* Add validate_hash() and getvar() functions\n\n2011-06-15 Jeff McCune <jeff@puppetlabs.com> - 0.1.6\n* Add anchor resource type to provide containment for composite classes\n\n2011-06-03 Jeff McCune <jeff@puppetlabs.com> - 0.1.5\n* Add validate_bool() function to stdlib\n\n0.1.4 2011-05-26 Jeff McCune <jeff@puppetlabs.com>\n* Move most stages after main\n\n0.1.3 2011-05-25 Jeff McCune <jeff@puppetlabs.com>\n* Add validate_re() function\n\n0.1.2 2011-05-24 Jeff McCune <jeff@puppetlabs.com>\n* Update to add annotated tag\n\n0.1.1 2011-05-24 Jeff McCune <jeff@puppetlabs.com>\n* Add stdlib::stages class with a standard set of stages\n</pre></section>",
|
|
318
318
|
"license": "<section class=\"plaintext\"><pre>Copyright (C) 2011 Puppet Labs Inc\n\nand some parts:\n\nCopyright (C) 2011 Krzysztof Wilczynski\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n</pre></section>",
|
|
319
319
|
"created_at": "2013-05-13 08:31:19 -0700",
|
|
320
320
|
"updated_at": "2013-05-13 08:31:19 -0700",
|
|
@@ -558,7 +558,7 @@
|
|
|
558
558
|
"file_size": 27238,
|
|
559
559
|
"file_md5": "c483d6e375387d5e1fe780ee51ee512c",
|
|
560
560
|
"downloads": 61047,
|
|
561
|
-
"readme": "<section class=\"markdown\"><h1>apt</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-apt\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-apt.png?branch=master\" alt=\"Build Status\"></a></p>\n\n<h2>Description</h2>\n\n<h1>Provides helpful definitions for dealing with Apt.</h1>\n\n<h2>Overview</h2>\n\n<p>The APT module provides a simple interface for managing APT source, key, and definitions with Puppet. </p>\n\n<h2>Module Description</h2>\n\n<p>APT automates obtaining and installing software packages on *nix systems. </p>\n\n<h2>Setup</h2>\n\n<p><strong>What APT affects:</strong></p>\n\n<ul>\n<li>package/service/configuration files for APT </li>\n<li>your system's <code>sources.list</code> file and <code>sources.list.d</code> directory\n\n<ul>\n<li>NOTE: Setting the <code>purge_sources_list</code> and <code>purge_sources_list_d</code> parameters to 'true' will destroy any existing content that was not declared with Puppet. The default for these parameters is 'false'.</li>\n</ul></li>\n<li>system repositories</li>\n<li>authentication keys</li>\n<li>wget (optional)</li>\n</ul>\n\n<h3>Beginning with APT</h3>\n\n<p>To begin using the APT module with default parameters, declare the class</p>\n\n<pre><code>class { 'apt': }\n</code></pre>\n\n<p>Puppet code that uses anything from the APT module requires that the core apt class be declared. </p>\n\n<h2>Usage</h2>\n\n<p>Using the APT module consists predominantly in declaring classes that provide desired functionality and features. </p>\n\n<h3>apt</h3>\n\n<p><code>apt</code> provides a number of common resources and options that are shared by the various defined types in this module, so you MUST always include this class in your manifests.</p>\n\n<p>The parameters for <code>apt</code> are not required in general and are predominantly for development environment use-cases.</p>\n\n<pre><code>class { 'apt':\n always_apt_update => false,\n disable_keys => undef,\n proxy_host => false,\n proxy_port => '8080',\n purge_sources_list => false,\n purge_sources_list_d => false,\n purge_preferences_d => false,\n update_timeout => undef\n}\n</code></pre>\n\n<p>Puppet will manage your system's <code>sources.list</code> file and <code>sources.list.d</code> directory but will do its best to respect existing content. </p>\n\n<p>If you declare your apt class with <code>purge_sources_list</code> and <code>purge_sources_list_d</code> set to 'true', Puppet will unapologetically purge any existing content it finds that wasn't declared with Puppet. </p>\n\n<h3>apt::builddep</h3>\n\n<p>Installs the build depends of a specified package.</p>\n\n<pre><code>apt::builddep { 'glusterfs-server': }\n</code></pre>\n\n<h3>apt::force</h3>\n\n<p>Forces a package to be installed from a specific release. This class is particularly useful when using repositories, like Debian, that are unstable in Ubuntu.</p>\n\n<pre><code>apt::force { 'glusterfs-server':\n release => 'unstable',\n version => '3.0.3',\n require => Apt::Source['debian_unstable'],\n}\n</code></pre>\n\n<h3>apt::key</h3>\n\n<p>Adds a key to the list of keys used by APT to authenticate packages.</p>\n\n<pre><code>apt::key { 'puppetlabs':\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n\napt::key { 'jenkins':\n key => 'D50582E6',\n key_source => 'http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key',\n}\n</code></pre>\n\n<p>Note that use of <code>key_source</code> requires wget to be installed and working.</p>\n\n<h3>apt::pin</h3>\n\n<p>Adds an apt pin for a certain release.</p>\n\n<pre><code>apt::pin { 'karmic': priority => 700 }\napt::pin { 'karmic-updates': priority => 700 }\napt::pin { 'karmic-security': priority => 700 }\n</code></pre>\n\n<p>Note you can also specifying more complex pins using distribution properties.</p>\n\n<pre><code>apt::pin { 'stable':\n priority => -10,\n originator => 'Debian',\n release_version => '3.0',\n component => 'main',\n label => 'Debian'\n}\n</code></pre>\n\n<h3>apt::ppa</h3>\n\n<p>Adds a ppa repository using <code>add-apt-repository</code>.</p>\n\n<pre><code>apt::ppa { 'ppa:drizzle-developers/ppa': }\n</code></pre>\n\n<h3>apt::release</h3>\n\n<p>Sets the default apt release. This class is particularly useful when using repositories, like Debian, that are unstable in Ubuntu.</p>\n\n<pre><code>class { 'apt::release':\n release_id => 'precise',\n}\n</code></pre>\n\n<h3>apt::source</h3>\n\n<p>Adds an apt source to <code>/etc/apt/sources.list.d/</code>.</p>\n\n<pre><code>apt::source { 'debian_unstable':\n location => 'http://debian.mirror.iweb.ca/debian/',\n release => 'unstable',\n repos => 'main contrib non-free',\n required_packages => 'debian-keyring debian-archive-keyring',\n key => '55BE302B',\n key_server => 'subkeys.pgp.net',\n pin => '-10',\n include_src => true\n}\n</code></pre>\n\n<p>If you would like to configure your system so the source is the Puppet Labs APT repository</p>\n\n<pre><code>apt::source { 'puppetlabs':\n location => 'http://apt.puppetlabs.com',\n repos => 'main',\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n</code></pre>\n\n<h3>Testing</h3>\n\n<p>The APT module is mostly a collection of defined resource types, which provide reusable logic that can be leveraged to manage APT. It does provide smoke tests for testing functionality on a target system, as well as spec tests for checking a compiled catalog against an expected set of resources.</p>\n\n<h4>Example Test</h4>\n\n<p>This test will set up a Puppet Labs apt repository. Start by creating a new smoke test in the apt module's test folder. Call it puppetlabs-apt.pp. Inside, declare a single resource representing the Puppet Labs APT source and gpg key</p>\n\n<pre><code>apt::source { 'puppetlabs':\n location => 'http://apt.puppetlabs.com',\n repos => 'main',\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n</code></pre>\n\n<p>This resource creates an apt source named puppetlabs and gives Puppet information about the repository's location and key used to sign its packages. Puppet leverages Facter to determine the appropriate release, but you can set it directly by adding the release type.</p>\n\n<p>Check your smoke test for syntax errors</p>\n\n<pre><code>$ puppet parser validate tests/puppetlabs-apt.pp\n</code></pre>\n\n<p>If you receive no output from that command, it means nothing is wrong. Then apply the code</p>\n\n<pre><code>$ puppet apply --verbose tests/puppetlabs-apt.pp\nnotice: /Stage[main]//Apt::Source[puppetlabs]/File[puppetlabs.list]/ensure: defined content as '{md5}3be1da4923fb910f1102a233b77e982e'\ninfo: /Stage[main]//Apt::Source[puppetlabs]/File[puppetlabs.list]: Scheduling refresh of Exec[puppetlabs apt update]\nnotice: /Stage[main]//Apt::Source[puppetlabs]/Exec[puppetlabs apt update]: Triggered 'refresh' from 1 events>\n</code></pre>\n\n<p>The above example used a smoke test to easily lay out a resource declaration and apply it on your system. In production, you may want to declare your APT sources inside the classes where they’re needed. </p>\n\n<h2>Implementation</h2>\n\n<h3>apt::backports</h3>\n\n<p>Adds the necessary components to get backports for Ubuntu and Debian. The release name defaults to <code>$lsbdistcodename</code>. Setting this manually can cause undefined behavior (read: universe exploding).</p>\n\n<h2>Limitations</h2>\n\n<p>This module should work across all versions of Debian/Ubuntu and support all major APT repository management features. </p>\n\n<h2>Development</h2>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n\n<h2>Contributors</h2>\n\n<p>A lot of great people have contributed to this module. A somewhat current list follows:</p>\n\n<ul>\n<li>Ben Godfrey <a href=\"mailto:ben.godfrey@wonga.com\">ben.godfrey@wonga.com</a></li>\n<li>Branan Purvine-Riley <a href=\"mailto:branan@puppetlabs.com\">branan@puppetlabs.com</a></li>\n<li>Christian G. Warden <a href=\"mailto:cwarden@xerus.org\">cwarden@xerus.org</a><br></li>\n<li>Dan Bode <a href=\"mailto:bodepd@gmail.com\">bodepd@gmail.com</a> <a href=\"mailto:dan@puppetlabs.com\">dan@puppetlabs.com</a><br></li>\n<li>Garrett Honeycutt <a href=\"mailto:github@garretthoneycutt.com\">github@garretthoneycutt.com</a><br></li>\n<li>Jeff Wallace <a href=\"mailto:jeff@evolvingweb.ca\">jeff@evolvingweb.ca</a> <a href=\"mailto:jeff@tjwallace.ca\">jeff@tjwallace.ca</a><br></li>\n<li>Ken Barber <a href=\"mailto:ken@bob.sh\">ken@bob.sh</a><br></li>\n<li>Matthaus Litteken <a href=\"mailto:matthaus@puppetlabs.com\">matthaus@puppetlabs.com</a> <a href=\"mailto:mlitteken@gmail.com\">mlitteken@gmail.com</a><br></li>\n<li>Matthias Pigulla <a href=\"mailto:mp@webfactory.de\">mp@webfactory.de</a><br></li>\n<li>Monty Taylor <a href=\"mailto:mordred@inaugust.com\">mordred@inaugust.com</a><br></li>\n<li>Peter Drake <a href=\"mailto:pdrake@allplayers.com\">pdrake@allplayers.com</a><br></li>\n<li>Reid Vandewiele <a href=\"mailto:marut@cat.pdx.edu\">marut@cat.pdx.edu</a><br></li>\n<li>Robert Navarro <a href=\"mailto:rnavarro@phiivo.com\">rnavarro@phiivo.com</a><br></li>\n<li>Ryan Coleman <a href=\"mailto:ryan@puppetlabs.com\">ryan@puppetlabs.com</a><br></li>\n<li>Scott McLeod <a href=\"mailto:scott.mcleod@theice.com\">scott.mcleod@theice.com</a><br></li>\n<li>Spencer Krum <a href=\"mailto:spencer@puppetlabs.com\">spencer@puppetlabs.com</a><br></li>\n<li>William Van Hevelingen <a href=\"mailto:blkperl@cat.pdx.edu\">blkperl@cat.pdx.edu</a> <a href=\"mailto:wvan13@gmail.com\">wvan13@gmail.com</a><br></li>\n<li>Zach Leslie <a href=\"mailto:zach@puppetlabs.com\">zach@puppetlabs.com</a><br></li>\n</ul>\n</section>",
|
|
561
|
+
"readme": "<section class=\"markdown\"><h1>apt</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-apt\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-apt.png?branch=main\" alt=\"Build Status\"></a></p>\n\n<h2>Description</h2>\n\n<h1>Provides helpful definitions for dealing with Apt.</h1>\n\n<h2>Overview</h2>\n\n<p>The APT module provides a simple interface for managing APT source, key, and definitions with Puppet. </p>\n\n<h2>Module Description</h2>\n\n<p>APT automates obtaining and installing software packages on *nix systems. </p>\n\n<h2>Setup</h2>\n\n<p><strong>What APT affects:</strong></p>\n\n<ul>\n<li>package/service/configuration files for APT </li>\n<li>your system's <code>sources.list</code> file and <code>sources.list.d</code> directory\n\n<ul>\n<li>NOTE: Setting the <code>purge_sources_list</code> and <code>purge_sources_list_d</code> parameters to 'true' will destroy any existing content that was not declared with Puppet. The default for these parameters is 'false'.</li>\n</ul></li>\n<li>system repositories</li>\n<li>authentication keys</li>\n<li>wget (optional)</li>\n</ul>\n\n<h3>Beginning with APT</h3>\n\n<p>To begin using the APT module with default parameters, declare the class</p>\n\n<pre><code>class { 'apt': }\n</code></pre>\n\n<p>Puppet code that uses anything from the APT module requires that the core apt class be declared. </p>\n\n<h2>Usage</h2>\n\n<p>Using the APT module consists predominantly in declaring classes that provide desired functionality and features. </p>\n\n<h3>apt</h3>\n\n<p><code>apt</code> provides a number of common resources and options that are shared by the various defined types in this module, so you MUST always include this class in your manifests.</p>\n\n<p>The parameters for <code>apt</code> are not required in general and are predominantly for development environment use-cases.</p>\n\n<pre><code>class { 'apt':\n always_apt_update => false,\n disable_keys => undef,\n proxy_host => false,\n proxy_port => '8080',\n purge_sources_list => false,\n purge_sources_list_d => false,\n purge_preferences_d => false,\n update_timeout => undef\n}\n</code></pre>\n\n<p>Puppet will manage your system's <code>sources.list</code> file and <code>sources.list.d</code> directory but will do its best to respect existing content. </p>\n\n<p>If you declare your apt class with <code>purge_sources_list</code> and <code>purge_sources_list_d</code> set to 'true', Puppet will unapologetically purge any existing content it finds that wasn't declared with Puppet. </p>\n\n<h3>apt::builddep</h3>\n\n<p>Installs the build depends of a specified package.</p>\n\n<pre><code>apt::builddep { 'glusterfs-server': }\n</code></pre>\n\n<h3>apt::force</h3>\n\n<p>Forces a package to be installed from a specific release. This class is particularly useful when using repositories, like Debian, that are unstable in Ubuntu.</p>\n\n<pre><code>apt::force { 'glusterfs-server':\n release => 'unstable',\n version => '3.0.3',\n require => Apt::Source['debian_unstable'],\n}\n</code></pre>\n\n<h3>apt::key</h3>\n\n<p>Adds a key to the list of keys used by APT to authenticate packages.</p>\n\n<pre><code>apt::key { 'puppetlabs':\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n\napt::key { 'jenkins':\n key => 'D50582E6',\n key_source => 'http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key',\n}\n</code></pre>\n\n<p>Note that use of <code>key_source</code> requires wget to be installed and working.</p>\n\n<h3>apt::pin</h3>\n\n<p>Adds an apt pin for a certain release.</p>\n\n<pre><code>apt::pin { 'karmic': priority => 700 }\napt::pin { 'karmic-updates': priority => 700 }\napt::pin { 'karmic-security': priority => 700 }\n</code></pre>\n\n<p>Note you can also specifying more complex pins using distribution properties.</p>\n\n<pre><code>apt::pin { 'stable':\n priority => -10,\n originator => 'Debian',\n release_version => '3.0',\n component => 'main',\n label => 'Debian'\n}\n</code></pre>\n\n<h3>apt::ppa</h3>\n\n<p>Adds a ppa repository using <code>add-apt-repository</code>.</p>\n\n<pre><code>apt::ppa { 'ppa:drizzle-developers/ppa': }\n</code></pre>\n\n<h3>apt::release</h3>\n\n<p>Sets the default apt release. This class is particularly useful when using repositories, like Debian, that are unstable in Ubuntu.</p>\n\n<pre><code>class { 'apt::release':\n release_id => 'precise',\n}\n</code></pre>\n\n<h3>apt::source</h3>\n\n<p>Adds an apt source to <code>/etc/apt/sources.list.d/</code>.</p>\n\n<pre><code>apt::source { 'debian_unstable':\n location => 'http://debian.mirror.iweb.ca/debian/',\n release => 'unstable',\n repos => 'main contrib non-free',\n required_packages => 'debian-keyring debian-archive-keyring',\n key => '55BE302B',\n key_server => 'subkeys.pgp.net',\n pin => '-10',\n include_src => true\n}\n</code></pre>\n\n<p>If you would like to configure your system so the source is the Puppet Labs APT repository</p>\n\n<pre><code>apt::source { 'puppetlabs':\n location => 'http://apt.puppetlabs.com',\n repos => 'main',\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n</code></pre>\n\n<h3>Testing</h3>\n\n<p>The APT module is mostly a collection of defined resource types, which provide reusable logic that can be leveraged to manage APT. It does provide smoke tests for testing functionality on a target system, as well as spec tests for checking a compiled catalog against an expected set of resources.</p>\n\n<h4>Example Test</h4>\n\n<p>This test will set up a Puppet Labs apt repository. Start by creating a new smoke test in the apt module's test folder. Call it puppetlabs-apt.pp. Inside, declare a single resource representing the Puppet Labs APT source and gpg key</p>\n\n<pre><code>apt::source { 'puppetlabs':\n location => 'http://apt.puppetlabs.com',\n repos => 'main',\n key => '4BD6EC30',\n key_server => 'pgp.mit.edu',\n}\n</code></pre>\n\n<p>This resource creates an apt source named puppetlabs and gives Puppet information about the repository's location and key used to sign its packages. Puppet leverages Facter to determine the appropriate release, but you can set it directly by adding the release type.</p>\n\n<p>Check your smoke test for syntax errors</p>\n\n<pre><code>$ puppet parser validate tests/puppetlabs-apt.pp\n</code></pre>\n\n<p>If you receive no output from that command, it means nothing is wrong. Then apply the code</p>\n\n<pre><code>$ puppet apply --verbose tests/puppetlabs-apt.pp\nnotice: /Stage[main]//Apt::Source[puppetlabs]/File[puppetlabs.list]/ensure: defined content as '{md5}3be1da4923fb910f1102a233b77e982e'\ninfo: /Stage[main]//Apt::Source[puppetlabs]/File[puppetlabs.list]: Scheduling refresh of Exec[puppetlabs apt update]\nnotice: /Stage[main]//Apt::Source[puppetlabs]/Exec[puppetlabs apt update]: Triggered 'refresh' from 1 events>\n</code></pre>\n\n<p>The above example used a smoke test to easily lay out a resource declaration and apply it on your system. In production, you may want to declare your APT sources inside the classes where they’re needed. </p>\n\n<h2>Implementation</h2>\n\n<h3>apt::backports</h3>\n\n<p>Adds the necessary components to get backports for Ubuntu and Debian. The release name defaults to <code>$lsbdistcodename</code>. Setting this manually can cause undefined behavior (read: universe exploding).</p>\n\n<h2>Limitations</h2>\n\n<p>This module should work across all versions of Debian/Ubuntu and support all major APT repository management features. </p>\n\n<h2>Development</h2>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n\n<h2>Contributors</h2>\n\n<p>A lot of great people have contributed to this module. A somewhat current list follows:</p>\n\n<ul>\n<li>Ben Godfrey <a href=\"mailto:ben.godfrey@wonga.com\">ben.godfrey@wonga.com</a></li>\n<li>Branan Purvine-Riley <a href=\"mailto:branan@puppetlabs.com\">branan@puppetlabs.com</a></li>\n<li>Christian G. Warden <a href=\"mailto:cwarden@xerus.org\">cwarden@xerus.org</a><br></li>\n<li>Dan Bode <a href=\"mailto:bodepd@gmail.com\">bodepd@gmail.com</a> <a href=\"mailto:dan@puppetlabs.com\">dan@puppetlabs.com</a><br></li>\n<li>Garrett Honeycutt <a href=\"mailto:github@garretthoneycutt.com\">github@garretthoneycutt.com</a><br></li>\n<li>Jeff Wallace <a href=\"mailto:jeff@evolvingweb.ca\">jeff@evolvingweb.ca</a> <a href=\"mailto:jeff@tjwallace.ca\">jeff@tjwallace.ca</a><br></li>\n<li>Ken Barber <a href=\"mailto:ken@bob.sh\">ken@bob.sh</a><br></li>\n<li>Matthaus Litteken <a href=\"mailto:matthaus@puppetlabs.com\">matthaus@puppetlabs.com</a> <a href=\"mailto:mlitteken@gmail.com\">mlitteken@gmail.com</a><br></li>\n<li>Matthias Pigulla <a href=\"mailto:mp@webfactory.de\">mp@webfactory.de</a><br></li>\n<li>Monty Taylor <a href=\"mailto:mordred@inaugust.com\">mordred@inaugust.com</a><br></li>\n<li>Peter Drake <a href=\"mailto:pdrake@allplayers.com\">pdrake@allplayers.com</a><br></li>\n<li>Reid Vandewiele <a href=\"mailto:marut@cat.pdx.edu\">marut@cat.pdx.edu</a><br></li>\n<li>Robert Navarro <a href=\"mailto:rnavarro@phiivo.com\">rnavarro@phiivo.com</a><br></li>\n<li>Ryan Coleman <a href=\"mailto:ryan@puppetlabs.com\">ryan@puppetlabs.com</a><br></li>\n<li>Scott McLeod <a href=\"mailto:scott.mcleod@theice.com\">scott.mcleod@theice.com</a><br></li>\n<li>Spencer Krum <a href=\"mailto:spencer@puppetlabs.com\">spencer@puppetlabs.com</a><br></li>\n<li>William Van Hevelingen <a href=\"mailto:blkperl@cat.pdx.edu\">blkperl@cat.pdx.edu</a> <a href=\"mailto:wvan13@gmail.com\">wvan13@gmail.com</a><br></li>\n<li>Zach Leslie <a href=\"mailto:zach@puppetlabs.com\">zach@puppetlabs.com</a><br></li>\n</ul>\n</section>",
|
|
562
562
|
"changelog": "<section class=\"plaintext\"><pre>2013-10-08 1.4.0\n\nSummary:\n\nMinor bugfix and allow the timeout to be adjusted.\n\nFeatures:\n- Add an `updates_timeout` to apt::params\n\nFixes:\n- Ensure apt::ppa can readd a ppa removed by hand.\n\nSummary\n\n1.3.0\n=====\n\nSummary:\n\nThis major feature in this release is the new apt::unattended_upgrades class,\nallowing you to handle Ubuntu's unattended feature. This allows you to select\nspecific packages to automatically upgrade without any further user\ninvolvement.\n\nIn addition we extend our Wheezy support, add proxy support to apt:ppa and do\nvarious cleanups and tweaks.\n\nFeatures:\n- Add apt::unattended_upgrades support for Ubuntu.\n- Add wheezy backports support.\n- Use the geoDNS http.debian.net instead of the main debian ftp server.\n- Add `options` parameter to apt::ppa in order to pass options to apt-add-repository command.\n- Add proxy support for apt::ppa (uses proxy_host and proxy_port from apt).\n\nBugfixes:\n- Fix regsubst() calls to quote single letters (for future parser).\n- Fix lint warnings and other misc cleanup.\n\n1.2.0\n=====\n\nFeatures:\n- Add geppetto `.project` natures\n- Add GH auto-release\n- Add `apt::key::key_options` parameter\n- Add complex pin support using distribution properties for `apt::pin` via new properties:\n - `apt::pin::codename`\n - `apt::pin::release_version`\n - `apt::pin::component`\n - `apt::pin::originator`\n - `apt::pin::label`\n- Add source architecture support to `apt::source::architecture`\n\nBugfixes:\n- Use apt-get instead of aptitude in apt::force\n- Update default backports location\n- Add dependency for required packages before apt-get update\n\n\n1.1.1\n=====\n\nThis is a bug fix release that resolves a number of issues:\n\n* By changing template variable usage, we remove the deprecation warnings\n for Puppet 3.2.x\n* Fixed proxy file removal, when proxy absent\n\nSome documentation, style and whitespaces changes were also merged. This\nrelease also introduced proper rspec-puppet unit testing on Travis-CI to help\nreduce regression.\n\nThanks to all the community contributors below that made this patch possible.\n\n#### Detail Changes\n\n* fix minor comment type (Chris Rutter)\n* whitespace fixes (Michael Moll)\n* Update travis config file (William Van Hevelingen)\n* Build all branches on travis (William Van Hevelingen)\n* Standardize travis.yml on pattern introduced in stdlib (William Van Hevelingen)\n* Updated content to conform to README best practices template (Lauren Rother)\n* Fix apt::release example in readme (Brian Galey)\n* add @ to variables in template (Peter Hoeg)\n* Remove deprecation warnings for pin.pref.erb as well (Ken Barber)\n* Update travis.yml to latest versions of puppet (Ken Barber)\n* Fix proxy file removal (Scott Barber)\n* Add spec test for removing proxy configuration (Dean Reilly)\n* Fix apt::key listing longer than 8 chars (Benjamin Knofe)\n\n\n---------------------------------------\n\n1.1.0\n=====\n\nThis release includes Ubuntu 12.10 (Quantal) support for PPAs.\n\n---------------------------------------\n\n2012-05-25 Puppet Labs <info@puppetlabs.com> - 0.0.4\n * Fix ppa list filename when there is a period in the PPA name\n * Add .pref extension to apt preferences files\n * Allow preferences to be purged\n * Extend pin support\n\n2012-05-04 Puppet Labs <info@puppetlabs.com> - 0.0.3\n * only invoke apt-get update once\n * only install python-software-properties if a ppa is added\n * support 'ensure => absent' for all defined types\n * add apt::conf\n * add apt::backports\n * fixed Modulefile for module tool dependency resolution\n * configure proxy before doing apt-get update\n * use apt-get update instead of aptitude for apt::ppa\n * add support to pin release\n\n\n2012-03-26 Puppet Labs <info@puppetlabs.com> - 0.0.2\n41cedbb (#13261) Add real examples to smoke tests.\nd159a78 (#13261) Add key.pp smoke test\n7116c7a (#13261) Replace foo source with puppetlabs source\n1ead0bf Ignore pkg directory.\n9c13872 (#13289) Fix some more style violations\n0ea4ffa (#13289) Change test scaffolding to use a module & manifest dir fixture path\na758247 (#13289) Clean up style violations and fix corresponding tests\n99c3fd3 (#13289) Add puppet lint tests to Rakefile\n5148cbf (#13125) Apt keys should be case insensitive\nb9607a4 Convert apt::key to use anchors\n\n2012-03-07 Puppet Labs <info@puppetlabs.com> - 0.0.1\nd4fec56 Modify apt::source release parameter test\n1132a07 (#12917) Add contributors to README\n8cdaf85 (#12823) Add apt::key defined type and modify apt::source to use it\n7c0d10b (#12809) $release should use $lsbdistcodename and fall back to manual input\nbe2cc3e (#12522) Adjust spec test for splitting purge\n7dc60ae (#12522) Split purge option to spare sources.list\n9059c4e Fix source specs to test all key permutations\n8acb202 Add test for python-software-properties package\na4af11f Check if python-software-properties is defined before attempting to define it.\n1dcbf3d Add tests for required_packages change\nf3735d2 Allow duplicate $required_packages\n74c8371 (#12430) Add tests for changes to apt module\n97ebb2d Test two sources with the same key\n1160bcd (#12526) Add ability to reverse apt { disable_keys => true }\n2842d73 Add Modulefile to puppet-apt\nc657742 Allow the use of the same key in multiple sources\n8c27963 (#12522) Adding purge option to apt class\n997c9fd (#12529) Add unit test for apt proxy settings\n50f3cca (#12529) Add parameter to support setting a proxy for apt\nd522877 (#12094) Replace chained .with_* with a hash\n8cf1bd0 (#12094) Remove deprecated spec.opts file\n2d688f4 (#12094) Add rspec-puppet tests for apt\n0fb5f78 (#12094) Replace name with path in file resources\nf759bc0 (#11953) Apt::force passes $version to aptitude\nf71db53 (#11413) Add spec test for apt::force to verify changes to unless\n2f5d317 (#11413) Update dpkg query used by apt::force\ncf6caa1 (#10451) Add test coverage to apt::ppa\n0dd697d include_src parameter in example; Whitespace cleanup\nb662eb8 fix typos in "repositories"\n1be7457 Fix (#10451) - apt::ppa fails to "apt-get update" when new PPA source is added\n864302a Set the pin priority before adding the source (Fix #10449)\n1de4e0a Refactored as per mlitteken\n1af9a13 Added some crazy bash madness to check if the ppa is installed already. Otherwise the manifest tries to add it on every run!\n52ca73e (#8720) Replace Apt::Ppa with Apt::Builddep\n5c05fa0 added builddep command.\na11af50 added the ability to specify the content of a key\nc42db0f Fixes ppa test.\n77d2b0d reformatted whitespace to match recommended style of 2 space indentation.\n27ebdfc ignore swap files.\n377d58a added smoke tests for module.\n18f614b reformatted apt::ppa according to recommended style.\nd8a1e4e Created a params class to hold global data.\n636ae85 Added two params for apt class\n148fc73 Update LICENSE.\ned2d19e Support ability to add more than one PPA\n420d537 Add call to apt-update after add-apt-repository in apt::ppa\n945be77 Add package definition for python-software-properties\n71fc425 Abs paths for all commands\n9d51cd1 Adding LICENSE\n71796e3 Heading fix in README\n87777d8 Typo in README\nf848bac First commit\n</pre></section>",
|
|
563
563
|
"license": "<section class=\"plaintext\"><pre>Copyright (c) 2011 Evolving Web Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the "Software"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n</pre></section>",
|
|
564
564
|
"created_at": "2013-10-15 11:06:03 -0700",
|
|
@@ -903,8 +903,8 @@
|
|
|
903
903
|
"file_size": 51834,
|
|
904
904
|
"file_md5": "7862ef0aa64d9a4b87152ef27302c9e4",
|
|
905
905
|
"downloads": 53034,
|
|
906
|
-
"readme": "<section class=\"markdown\"><h1>firewall</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-firewall\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-firewall.png?branch=master\" alt=\"Build Status\"></a></p>\n\n<h4>Table of Contents</h4>\n\n<ol>\n<li><a href=\"#overview\">Overview - What is the Firewall module?</a></li>\n<li><a href=\"#module-description\">Module Description - What does the module do?</a></li>\n<li><a href=\"#setup\">Setup - The basics of getting started with Firewall</a>\n\n<ul>\n<li><a href=\"#what-firewall-affects\">What Firewall affects</a></li>\n<li><a href=\"#setup-requirements\">Setup Requirements</a></li>\n<li><a href=\"#beginning-with-firewall\">Beginning with Firewall</a></li>\n<li><a href=\"#upgrading\">Upgrading</a></li>\n</ul></li>\n<li><a href=\"#usage\">Usage - Configuration and customization options</a>\n\n<ul>\n<li><a href=\"#default-rules\">Default rules - Setting up general configurations for all firewalls</a></li>\n<li><a href=\"#application-specific-rules\">Application-specific rules - Options for configuring and managing firewalls across applications</a></li>\n<li><a href=\"#other-rules\">Other Rules</a></li>\n</ul></li>\n<li><a href=\"#reference\">Reference - An under-the-hood peek at what the module is doing</a></li>\n<li><a href=\"#limitations\">Limitations - OS compatibility, etc.</a></li>\n<li><a href=\"#development\">Development - Guide for contributing to the module</a>\n\n<ul>\n<li><a href=\"#tests\">Tests - Testing your configuration</a></li>\n</ul></li>\n</ol>\n\n<h2>Overview</h2>\n\n<p>The Firewall module lets you manage firewall rules with Puppet.</p>\n\n<h2>Module Description</h2>\n\n<p>PuppetLabs' Firewall introduces the resource <code>firewall</code>, which is used to manage and configure firewall rules from within the Puppet DSL. This module offers support for iptables, ip6tables, and ebtables.</p>\n\n<p>The module also introduces the resource <code>firewallchain</code>, which allows you to manage chains or firewall lists. At the moment, only iptables and ip6tables chains are supported.</p>\n\n<h2>Setup</h2>\n\n<h3>What Firewall affects:</h3>\n\n<ul>\n<li>every node running a firewall</li>\n<li>system's firewall settings</li>\n<li>connection settings for managed nodes</li>\n<li>unmanaged resources (get purged)</li>\n<li>site.pp</li>\n</ul>\n\n<h3>Setup Requirements</h3>\n\n<p>Firewall uses Ruby-based providers, so you must have <a href=\"http://docs.puppetlabs.com/guides/plugins_in_modules.html#enabling-pluginsync\">pluginsync enabled</a>.</p>\n\n<h3>Beginning with Firewall</h3>\n\n<p>To begin, you need to provide some initial top-scope configuration to ensure your firewall configurations are ordered properly and you do not lock yourself out of your box or lose any configuration.</p>\n\n<p>Persistence of rules between reboots is handled automatically, although there are known issues with ip6tables on older Debian/Ubuntu, as well as known issues with ebtables.</p>\n\n<p>In your <code>site.pp</code> (or some similarly top-scope file), set up a metatype to purge unmanaged firewall resources. This will clear any existing rules and make sure that only rules defined in Puppet exist on the machine.</p>\n\n<pre><code>resources { "firewall":\n purge => true\n}\n</code></pre>\n\n<p>Next, set up the default parameters for all of the firewall rules you will be establishing later. These defaults will ensure that the pre and post classes (you will be setting up in just a moment) are run in the correct order to avoid locking you out of your box during the first puppet run.</p>\n\n<pre><code>Firewall {\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n}\n</code></pre>\n\n<p>You also need to declare the <code>my_fw::pre</code> & <code>my_fw::post</code> classes so that dependencies are satisfied. This can be achieved using an External Node Classifier or the following</p>\n\n<pre><code>class { ['my_fw::pre', 'my_fw::post']: }\n</code></pre>\n\n<p>Finally, you should include the <code>firewall</code> class to ensure the correct packages are installed.</p>\n\n<pre><code>class { 'firewall': }\n</code></pre>\n\n<p>Now to create the <code>my_fw::pre</code> and <code>my_fw::post</code> classes. Firewall acts on your running firewall, making immediate changes as the catalog executes. Defining default pre and post rules allows you provide global defaults for your hosts before and after any custom rules; it is also required to avoid locking yourself out of your own boxes when Puppet runs. This approach employs a whitelist setup, so you can define what rules you want and everything else is ignored rather than removed.</p>\n\n<p>The <code>pre</code> class should be located in <code>my_fw/manifests/pre.pp</code> and should contain any default rules to be applied first.</p>\n\n<pre><code>class my_fw::pre {\n Firewall {\n require => undef,\n }\n\n # Default firewall rules\n firewall { '000 accept all icmp':\n proto => 'icmp',\n action => 'accept',\n }->\n firewall { '001 accept all to lo interface':\n proto => 'all',\n iniface => 'lo',\n action => 'accept',\n }->\n firewall { '002 accept related established rules':\n proto => 'all',\n state => ['RELATED', 'ESTABLISHED'],\n action => 'accept',\n }\n}\n</code></pre>\n\n<p>The rules in <code>pre</code> should allow basic networking (such as ICMP and TCP), as well as ensure that existing connections are not closed.</p>\n\n<p>The <code>post</code> class should be located in <code>my_fw/manifests/post.pp</code> and include any default rules to be applied last.</p>\n\n<pre><code>class my_fw::post {\n firewall { '999 drop all':\n proto => 'all',\n action => 'drop',\n before => undef,\n }\n}\n</code></pre>\n\n<p>To put it all together: the <code>before</code> parameter in <code>Firewall {}</code> ensures <code>my_fw::post</code> is run before any other rules and the the <code>require</code> parameter ensures <code>my_fw::pre</code> is run after any other rules. So the run order is:</p>\n\n<ul>\n<li>run the rules in <code>my_fw::pre</code></li>\n<li>run your rules (defined in code)</li>\n<li>run the rules in <code>my_fw::post</code></li>\n</ul>\n\n<h3>Upgrading</h3>\n\n<h4>Upgrading from version 0.2.0 and newer</h4>\n\n<p>Upgrade the module with the puppet module tool as normal:</p>\n\n<pre><code>puppet module upgrade puppetlabs/firewall\n</code></pre>\n\n<h4>Upgrading from version 0.1.1 and older</h4>\n\n<p>Start by upgrading the module using the puppet module tool:</p>\n\n<pre><code>puppet module upgrade puppetlabs/firewall\n</code></pre>\n\n<p>Previously, you would have required the following in your <code>site.pp</code> (or some other global location):</p>\n\n<pre><code># Always persist firewall rules\nexec { 'persist-firewall':\n command => $operatingsystem ? {\n 'debian' => '/sbin/iptables-save > /etc/iptables/rules.v4',\n /(RedHat|CentOS)/ => '/sbin/iptables-save > /etc/sysconfig/iptables',\n },\n refreshonly => true,\n}\nFirewall {\n notify => Exec['persist-firewall'],\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n}\nFirewallchain {\n notify => Exec['persist-firewall'],\n}\nresources { "firewall":\n purge => true\n}\n</code></pre>\n\n<p>With the latest version, we now have in-built persistence, so this is no longer needed. However, you will still need some basic setup to define pre & post rules.</p>\n\n<pre><code>resources { "firewall":\n purge => true\n}\nFirewall {\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n}\nclass { ['my_fw::pre', 'my_fw::post']: }\nclass { 'firewall': }\n</code></pre>\n\n<p>Consult the the documentation below for more details around the classes <code>my_fw::pre</code> and <code>my_fw::post</code>.</p>\n\n<h2>Usage</h2>\n\n<p>There are two kinds of firewall rules you can use with Firewall: default rules and application-specific rules. Default rules apply to general firewall settings, whereas application-specific rules manage firewall settings of a specific application, node, etc.</p>\n\n<p>All rules employ a numbering system in the resource's title that is used for ordering. When titling your rules, make sure you prefix the rule with a number.</p>\n\n<pre><code> 000 this runs first\n 999 this runs last\n</code></pre>\n\n<h3>Default rules</h3>\n\n<p>You can place default rules in either <code>my_fw::pre</code> or <code>my_fw::post</code>, depending on when you would like them to run. Rules placed in the <code>pre</code> class will run first, rules in the <code>post</code> class, last.</p>\n\n<p>Depending on the provider, the title of the rule can be stored using the comment feature of the underlying firewall subsystem. Values can match <code>/^\\d+[[:alpha:][:digit:][:punct:][:space:]]+$/</code>.</p>\n\n<h4>Examples of default rules</h4>\n\n<p>Basic accept ICMP request example:</p>\n\n<pre><code>firewall { "000 accept all icmp requests":\n proto => "icmp",\n action => "accept",\n}\n</code></pre>\n\n<p>Drop all:</p>\n\n<pre><code>firewall { "999 drop all other requests":\n action => "drop",\n}\n</code></pre>\n\n<h3>Application-specific rules</h3>\n\n<p>Application-specific rules can live anywhere you declare the firewall resource. It is best to put your firewall rules close to the service that needs it, such as in the module that configures it.</p>\n\n<p>You should be able to add firewall rules to your application-specific classes so firewalling is performed at the same time when the class is invoked.</p>\n\n<p>For example, if you have an Apache module, you could declare the class as below</p>\n\n<pre><code>class apache {\n firewall { '100 allow http and https access':\n port => [80, 443],\n proto => tcp,\n action => accept,\n }\n # ... the rest of your code ...\n}\n</code></pre>\n\n<p>When someone uses the class, firewalling is provided automatically.</p>\n\n<pre><code>class { 'apache': }\n</code></pre>\n\n<h3>Other rules</h3>\n\n<p>You can also apply firewall rules to specific nodes. Usually, you will want to put the firewall rule in another class and apply that class to a node. But you can apply a rule to a node.</p>\n\n<pre><code>node 'foo.bar.com' {\n firewall { '111 open port 111':\n dport => 111\n }\n}\n</code></pre>\n\n<p>You can also do more complex things with the <code>firewall</code> resource. Here we are doing some NAT configuration.</p>\n\n<pre><code>firewall { '100 snat for network foo2':\n chain => 'POSTROUTING',\n jump => 'MASQUERADE',\n proto => 'all',\n outiface => "eth0",\n source => '10.1.2.0/24',\n table => 'nat',\n}\n</code></pre>\n\n<p>In the below example, we are creating a new chain and forwarding any port 5000 access to it.</p>\n\n<pre><code>firewall { '100 forward to MY_CHAIN':\n chain => 'INPUT',\n jump => 'MY_CHAIN',\n}\n# The namevar here is in the format chain_name:table:protocol\nfirewallchain { 'MY_CHAIN:filter:IPv4':\n ensure => present,\n}\nfirewall { '100 my rule':\n chain => 'MY_CHAIN',\n action => 'accept',\n proto => 'tcp',\n dport => 5000,\n}\n</code></pre>\n\n<h3>Additional Information</h3>\n\n<p>You can access the inline documentation:</p>\n\n<pre><code>puppet describe firewall\n</code></pre>\n\n<p>Or</p>\n\n<pre><code>puppet doc -r type\n(and search for firewall)\n</code></pre>\n\n<h2>Reference</h2>\n\n<p>Classes:</p>\n\n<ul>\n<li><a href=\"#class-firewall\">firewall</a></li>\n</ul>\n\n<p>Types:</p>\n\n<ul>\n<li><a href=\"#type-firewall\">firewall</a></li>\n<li><a href=\"#type-firewallchain\">firewallchain</a></li>\n</ul>\n\n<p>Facts:</p>\n\n<ul>\n<li><a href=\"#fact-ip6tablesversion\">ip6tables_version</a></li>\n<li><a href=\"#fact-iptablesversion\">iptables_version</a></li>\n<li><a href=\"#fact-iptablespersistentversion\">iptables_persistent_version</a></li>\n</ul>\n\n<h3>Class: firewall</h3>\n\n<p>This class is provided to do the basic setup tasks required for using the firewall resources.</p>\n\n<p>At the moment this takes care of:</p>\n\n<ul>\n<li>iptables-persistent package installation</li>\n</ul>\n\n<p>You should include the class for nodes that need to use the resources in this module. For example</p>\n\n<pre><code>class { 'firewall': }\n</code></pre>\n\n<h4><code>ensure</code></h4>\n\n<p>Indicates the state of <code>iptables</code> on your system, allowing you to disable <code>iptables</code> if desired.</p>\n\n<p>Can either be <code>running</code> or <code>stopped</code>. Default to <code>running</code>.</p>\n\n<h3>Type: firewall</h3>\n\n<p>This type provides the capability to manage firewall rules within puppet.</p>\n\n<p>For more documentation on the type, access the 'Types' tab on the Puppet Labs Forge:</p>\n\n<p><a href=\"http://forge.puppetlabs.com/puppetlabs/firewall#types\">http://forge.puppetlabs.com/puppetlabs/firewall#types</a></p>\n\n<h3>Type:: firewallchain</h3>\n\n<p>This type provides the capability to manage rule chains for firewalls.</p>\n\n<p>For more documentation on the type, access the 'Types' tab on the Puppet Labs Forge:</p>\n\n<p><a href=\"http://forge.puppetlabs.com/puppetlabs/firewall#types\">http://forge.puppetlabs.com/puppetlabs/firewall#types</a></p>\n\n<h3>Fact: ip6tables_version</h3>\n\n<p>The module provides a Facter fact that can be used to determine what the default version of ip6tables is for your operating system/distribution.</p>\n\n<h3>Fact: iptables_version</h3>\n\n<p>The module provides a Facter fact that can be used to determine what the default version of iptables is for your operating system/distribution.</p>\n\n<h3>Fact: iptables_persistent_version</h3>\n\n<p>Retrieves the version of iptables-persistent from your OS. This is a Debian/Ubuntu specific fact.</p>\n\n<h2>Limitations</h2>\n\n<p>While we aim to support as low as Puppet 2.6.x (for now), we recommend installing the latest Puppet version from the Puppetlabs official repos.</p>\n\n<p>Please note, we only aim support for the following distributions and versions - that is, we actually do ongoing system tests on these platforms:</p>\n\n<ul>\n<li>Redhat 5.9 and 6.4</li>\n<li>Debian 6.0 and 7.0</li>\n<li>Ubuntu 10.04 and 12.04</li>\n</ul>\n\n<p>If you want a new distribution supported feel free to raise a ticket and we'll consider it. If you want an older revision supported we'll also consider it, but don't get insulted if we reject it. Specifically, we will not consider Redhat 4.x support - its just too old.</p>\n\n<p>If you really want to get support for your OS we suggest writing any patch fix yourself, and for continual system testing if you can provide a sufficient trusted Veewee template we could consider adding such an OS to our ongoing continuous integration tests.</p>\n\n<p>Also, as this is a 0.x release the API is still in flux and may change. Make sure\nyou read the release notes before upgrading.</p>\n\n<p>Bugs can be reported using Github Issues:</p>\n\n<p><a href=\"http://github.com/puppetlabs/puppetlabs-firewall/issues\">http://github.com/puppetlabs/puppetlabs-firewall/issues</a></p>\n\n<h2>Development</h2>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n\n<p>For this particular module, please also read CONTRIBUTING.md before contributing.</p>\n\n<p>Currently we support:</p>\n\n<ul>\n<li>iptables</li>\n<li>ip6tables</li>\n<li>ebtables (chains only)</li>\n</ul>\n\n<p>But plans are to support lots of other firewall implementations:</p>\n\n<ul>\n<li>FreeBSD (ipf)</li>\n<li>Mac OS X (ipfw)</li>\n<li>OpenBSD (pf)</li>\n<li>Cisco (ASA and basic access lists)</li>\n</ul>\n\n<p>If you have knowledge in these technologies, know how to code, and wish to contribute to this project, we would welcome the help.</p>\n\n<h3>Testing</h3>\n\n<p>Make sure you have:</p>\n\n<ul>\n<li>rake</li>\n<li>bundler</li>\n</ul>\n\n<p>Install the necessary gems:</p>\n\n<pre><code>bundle install\n</code></pre>\n\n<p>And run the tests from the root of the source code:</p>\n\n<pre><code>rake test\n</code></pre>\n\n<p>If you have a copy of Vagrant 1.1.0 you can also run the system tests:</p>\n\n<pre><code>RSPEC_SET=debian-606-x64 rake spec:system\nRSPEC_SET=centos-58-x64 rake spec:system\n</code></pre>\n\n<p><em>Note:</em> system testing is fairly alpha at this point, your mileage may vary.</p>\n</section>",
|
|
907
|
-
"changelog": "<section class=\"plaintext\"><pre>## puppetlabs-firewall changelog\n\nRelease notes for puppetlabs-firewall module.\n\n---------------------------------------\n\n#### 0.4.2 - 2013-09-10\n\nAnother attempt to fix the packaging issue. We think we understand exactly\nwhat is failing and this should work properly for the first time.\n\n---------------------------------------\n\n#### 0.4.1 - 2013-08-09\n\nBugfix release to fix a packaging issue that may have caused puppet module\ninstall commands to fail.\n\n---------------------------------------\n\n#### 0.4.0 - 2013-07-11\n\nThis release adds support for address type, src/dest ip ranges, and adds\nadditional testing and bugfixes.\n\n#### Features\n* Add `src_type` and `dst_type` attributes (Nick Stenning)\n* Add `src_range` and `dst_range` attributes (Lei Zhang)\n* Add SL and SLC operatingsystems as supported (Steve Traylen)\n\n#### Bugfixes\n* Fix parser for bursts other than 5 (Chris Rutter)\n* Fix parser for -f in --comment (Georg Koester)\n* Add doc headers to class files (Dan Carley)\n* Fix lint warnings/errors (Wolf Noble)\n\n---------------------------------------\n\n#### 0.3.1 - 2013/6/10\n\nThis minor release provides some bugfixes and additional tests.\n\n#### Changes\n\n* Update tests for rspec-system-puppet 2 (Ken Barber)\n* Update rspec-system tests for rspec-system-puppet 1.5 (Ken Barber)\n* Ensure all services have 'hasstatus => true' for Puppet 2.6 (Ken Barber)\n* Accept pre-existing rule with invalid name (Joe Julian)\n* Swap log_prefix and log_level order to match the way it's saved (Ken Barber)\n* Fix log test to replicate bug #182 (Ken Barber)\n* Split argments while maintaining quoted strings (Joe Julian)\n* Add more log param tests (Ken Barber)\n* Add extra tests for logging parameters (Ken Barber)\n* Clarify OS support (Ken Barber)\n\n---------------------------------------\n\n#### 0.3.0 - 2013/4/25\n\nThis release introduces support for Arch Linux and extends support for Fedora 15 and up. There are also lots of bugs fixed and improved testing to prevent regressions.\n\n##### Changes\n\n* Fix error reporting for insane hostnames (Tomas Doran)\n* Support systemd on Fedora 15 and up (Eduardo Gutierrez)\n* Move examples to docs (Ken Barber)\n* Add support for Arch Linux platform (Ingmar Steen)\n* Add match rule for fragments (Georg Koester)\n* Fix boolean rules being recognized as changed (Georg Koester)\n* Same rules now get deleted (Anastasis Andronidis)\n* Socket params test (Ken Barber)\n* Ensure parameter can disable firewall (Marc Tardif)\n\n---------------------------------------\n\n#### 0.2.1 - 2012/3/13\n\nThis maintenance release introduces the new README layout, and fixes a bug with iptables_persistent_version.\n\n##### Changes\n\n* (GH-139) Throw away STDERR from dpkg-query in Fact\n* Update README to be consistent with module documentation template\n* Fix failing spec tests due to dpkg change in iptables_persistent_version\n\n---------------------------------------\n\n#### 0.2.0 - 2012/3/3\n\nThis release introduces automatic persistence, removing the need for the previous manual dependency requirement for persistent the running rules to the OS persistence file.\n\nPreviously you would have required the following in your site.pp (or some other global location):\n\n # Always persist firewall rules\n exec { 'persist-firewall':\n command => $operatingsystem ? {\n 'debian' => '/sbin/iptables-save > /etc/iptables/rules.v4',\n /(RedHat|CentOS)/ => '/sbin/iptables-save > /etc/sysconfig/iptables',\n },\n refreshonly => true,\n }\n Firewall {\n notify => Exec['persist-firewall'],\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n }\n Firewallchain {\n notify => Exec['persist-firewall'],\n }\n resources { "firewall":\n purge => true\n }\n\nYou only need:\n\n class { 'firewall': }\n Firewall {\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n }\n\nTo install pre-requisites and to create dependencies on your pre & post rules. Consult the README for more information.\n\n##### Changes\n\n* Firewall class manifests (Dan Carley)\n* Firewall and firewallchain persistence (Dan Carley)\n* (GH-134) Autorequire iptables related packages (Dan Carley)\n* Typo in #persist_iptables OS normalisation (Dan Carley)\n* Tests for #persist_iptables (Dan Carley)\n* (GH-129) Replace errant return in autoreq block (Dan Carley)\n\n---------------------------------------\n\n#### 0.1.1 - 2012/2/28\n\nThis release primarily fixes changing parameters in 3.x\n\n##### Changes\n\n* (GH-128) Change method_missing usage to define_method for 3.x compatibility\n* Update travis.yml gem specifications to actually test 2.6\n* Change source in Gemfile to use a specific URL for Ruby 2.0.0 compatibility\n\n---------------------------------------\n\n#### 0.1.0 - 2012/2/24\n\nThis release is somewhat belated, so no summary as there are far too many changes this time around. Hopefully we won't fall this far behind again :-).\n\n##### Changes\n\n* Add support for MARK target and set-mark property (Johan Huysmans)\n* Fix broken call to super for ruby-1.9.2 in munge (Ken Barber)\n* simple fix of the error message for allowed values of the jump property (Daniel Black)\n* Adding OSPF(v3) protocol to puppetlabs-firewall (Arnoud Vermeer)\n* Display multi-value: port, sport, dport and state command seperated (Daniel Black)\n* Require jump=>LOG for log params (Daniel Black)\n* Reject and document icmp => "any" (Dan Carley)\n* add firewallchain type and iptables_chain provider (Daniel Black)\n* Various fixes for firewallchain resource (Ken Barber)\n* Modify firewallchain name to be chain:table:protocol (Ken Barber)\n* Fix allvalidchain iteration (Ken Barber)\n* Firewall autorequire Firewallchains (Dan Carley)\n* Tests and docstring for chain autorequire (Dan Carley)\n* Fix README so setup instructions actually work (Ken Barber)\n* Support vlan interfaces (interface containing ".") (Johan Huysmans)\n* Add tests for VLAN support for iniface/outiface (Ken Barber)\n* Add the table when deleting rules (Johan Huysmans)\n* Fix tests since we are now prefixing -t)\n* Changed 'jump' to 'action', commands to lower case (Jason Short)\n* Support interface names containing "+" (Simon Deziel)\n* Fix for when iptables-save spews out "FATAL" errors (Sharif Nassar)\n* Fix for incorrect limit command arguments for ip6tables provider (Michael Hsu)\n* Document Util::Firewall.host_to_ip (Dan Carley)\n* Nullify addresses with zero prefixlen (Dan Carley)\n* Add support for --tcp-flags (Thomas Vander Stichele)\n* Make tcp_flags support a feature (Ken Barber)\n* OUTPUT is a valid chain for the mangle table (Adam Gibbins)\n* Enable travis-ci support (Ken Barber)\n* Convert an existing test to CIDR (Dan Carley)\n* Normalise iptables-save to CIDR (Dan Carley)\n* be clearer about what distributions we support (Ken Barber)\n* add gre protocol to list of acceptable protocols (Jason Hancock)\n* Added pkttype property (Ashley Penney)\n* Fix mark to not repeat rules with iptables 1.4.1+ (Sharif Nassar)\n* Stub iptables_version for now so tests run on non-Linux hosts (Ken Barber)\n* Stub iptables facts for set_mark tests (Dan Carley)\n* Update formatting of README to meet Puppet Labs best practices (Will Hopper)\n* Support for ICMP6 type code resolutions (Dan Carley)\n* Insert order hash included chains from different tables (Ken Barber)\n* rspec 2.11 compatibility (Jonathan Boyett)\n* Add missing class declaration in README (sfozz)\n* array_matching is contraindicated (Sharif Nassar)\n* Convert port Fixnum into strings (Sharif Nassar)\n* Update test framework to the modern age (Ken Barber)\n* working with ip6tables support (wuwx)\n* Remove gemfile.lock and add to gitignore (William Van Hevelingen)\n* Update travis and gemfile to be like stdlib travis files (William Van Hevelingen)\n* Add support for -m socket option (Ken Barber)\n* Add support for single --sport and --dport parsing (Ken Barber)\n* Fix tests for Ruby 1.9.3 from 3e13bf3 (Dan Carley)\n* Mock Resolv.getaddress in #host_to_ip (Dan Carley)\n* Update docs for source and dest - they are not arrays (Ken Barber)\n\n---------------------------------------\n\n#### 0.0.4 - 2011/12/05\n\nThis release adds two new parameters, 'uid' and 'gid'. As a part of the owner module, these params allow you to specify a uid, username, gid, or group got a match:\n\n firewall { '497 match uid':\n port => '123',\n proto => 'mangle',\n chain => 'OUTPUT',\n action => 'drop'\n uid => '123'\n }\n\nThis release also adds value munging for the 'log_level', 'source', and 'destination' parameters. The 'source' and 'destination' now support hostnames:\n\n firewall { '498 accept from puppetlabs.com':\n port => '123',\n proto => 'tcp',\n source => 'puppetlabs.com',\n action => 'accept'\n }\n\n\nThe 'log_level' parameter now supports using log level names, such as 'warn', 'debug', and 'panic':\n\n firewall { '499 logging':\n port => '123',\n proto => 'udp',\n log_level => 'debug',\n action => 'drop'\n }\n\nAdditional changes include iptables and ip6tables version facts, general whitespace cleanup, and adding additional unit tests.\n\n##### Changes\n\n* (#10957) add iptables_version and ip6tables_version facts\n* (#11093) Improve log_level property so it converts names to numbers\n* (#10723) Munge hostnames and IPs to IPs with CIDR\n* (#10718) Add owner-match support\n* (#10997) Add fixtures for ipencap\n* (#11034) Whitespace cleanup\n* (#10690) add port property support to ip6tables\n\n---------------------------------------\n\n#### 0.0.3 - 2011/11/12\n\nThis release introduces a new parameter 'port' which allows you to set both\nsource and destination ports for a match:\n\n firewall { "500 allow NTP requests":\n port => "123",\n proto => "udp",\n action => "accept",\n }\n\nWe also have the limit parameter finally working:\n\n firewall { "500 limit HTTP requests":\n dport => 80,\n proto => tcp,\n limit => "60/sec",\n burst => 30,\n action => accept,\n }\n\nState ordering has been fixed now, and more characters are allowed in the\nnamevar:\n\n* Alphabetical\n* Numbers\n* Punctuation\n* Whitespace\n\n##### Changes\n\n* (#10693) Ensure -m limit is added for iptables when using 'limit' param\n* (#10690) Create new port property\n* (#10700) allow additional characters in comment string\n* (#9082) Sort iptables --state option values internally to keep it consistent across runs\n* (#10324) Remove extraneous whitespace from iptables rule line in spec tests\n\n---------------------------------------\n\n#### 0.0.2 - 2011/10/26\n\nThis is largely a maintanence and cleanup release, but includes the ability to\nspecify ranges of ports in the sport/dport parameter:\n\n firewall { "500 allow port range":\n dport => ["3000-3030","5000-5050"],\n sport => ["1024-65535"],\n action => "accept",\n }\n\n##### Changes\n\n* (#10295) Work around bug #4248 whereby the puppet/util paths are not being loaded correctly on the puppetmaster\n* (#10002) Change to dport and sport to handle ranges, and fix handling of name to name to port\n* (#10263) Fix tests on Puppet 2.6.x\n* (#10163) Cleanup some of the inline documentation and README file to align with general forge usage\n\n---------------------------------------\n\n#### 0.0.1 - 2011/10/18\n\nInitial release.\n\n##### Changes\n\n* (#9362) Create action property and perform transformation for accept, drop, reject value for iptables jump parameter\n* (#10088) Provide a customised version of CONTRIBUTING.md\n* (#10026) Re-arrange provider and type spec files to align with Puppet\n* (#10026) Add aliases for test,specs,tests to Rakefile and provide -T as default\n* (#9439) fix parsing and deleting existing rules\n* (#9583) Fix provider detection for gentoo and unsupported linuxes for the iptables provider\n* (#9576) Stub provider so it works properly outside of Linux\n* (#9576) Align spec framework with Puppet core\n* and lots of other earlier development tasks ...\n</pre></section>",
|
|
906
|
+
"readme": "<section class=\"markdown\"><h1>firewall</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-firewall\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-firewall.png?branch=main\" alt=\"Build Status\"></a></p>\n\n<h4>Table of Contents</h4>\n\n<ol>\n<li><a href=\"#overview\">Overview - What is the Firewall module?</a></li>\n<li><a href=\"#module-description\">Module Description - What does the module do?</a></li>\n<li><a href=\"#setup\">Setup - The basics of getting started with Firewall</a>\n\n<ul>\n<li><a href=\"#what-firewall-affects\">What Firewall affects</a></li>\n<li><a href=\"#setup-requirements\">Setup Requirements</a></li>\n<li><a href=\"#beginning-with-firewall\">Beginning with Firewall</a></li>\n<li><a href=\"#upgrading\">Upgrading</a></li>\n</ul></li>\n<li><a href=\"#usage\">Usage - Configuration and customization options</a>\n\n<ul>\n<li><a href=\"#default-rules\">Default rules - Setting up general configurations for all firewalls</a></li>\n<li><a href=\"#application-specific-rules\">Application-specific rules - Options for configuring and managing firewalls across applications</a></li>\n<li><a href=\"#other-rules\">Other Rules</a></li>\n</ul></li>\n<li><a href=\"#reference\">Reference - An under-the-hood peek at what the module is doing</a></li>\n<li><a href=\"#limitations\">Limitations - OS compatibility, etc.</a></li>\n<li><a href=\"#development\">Development - Guide for contributing to the module</a>\n\n<ul>\n<li><a href=\"#tests\">Tests - Testing your configuration</a></li>\n</ul></li>\n</ol>\n\n<h2>Overview</h2>\n\n<p>The Firewall module lets you manage firewall rules with Puppet.</p>\n\n<h2>Module Description</h2>\n\n<p>PuppetLabs' Firewall introduces the resource <code>firewall</code>, which is used to manage and configure firewall rules from within the Puppet DSL. This module offers support for iptables, ip6tables, and ebtables.</p>\n\n<p>The module also introduces the resource <code>firewallchain</code>, which allows you to manage chains or firewall lists. At the moment, only iptables and ip6tables chains are supported.</p>\n\n<h2>Setup</h2>\n\n<h3>What Firewall affects:</h3>\n\n<ul>\n<li>every node running a firewall</li>\n<li>system's firewall settings</li>\n<li>connection settings for managed nodes</li>\n<li>unmanaged resources (get purged)</li>\n<li>site.pp</li>\n</ul>\n\n<h3>Setup Requirements</h3>\n\n<p>Firewall uses Ruby-based providers, so you must have <a href=\"http://docs.puppetlabs.com/guides/plugins_in_modules.html#enabling-pluginsync\">pluginsync enabled</a>.</p>\n\n<h3>Beginning with Firewall</h3>\n\n<p>To begin, you need to provide some initial top-scope configuration to ensure your firewall configurations are ordered properly and you do not lock yourself out of your box or lose any configuration.</p>\n\n<p>Persistence of rules between reboots is handled automatically, although there are known issues with ip6tables on older Debian/Ubuntu, as well as known issues with ebtables.</p>\n\n<p>In your <code>site.pp</code> (or some similarly top-scope file), set up a metatype to purge unmanaged firewall resources. This will clear any existing rules and make sure that only rules defined in Puppet exist on the machine.</p>\n\n<pre><code>resources { "firewall":\n purge => true\n}\n</code></pre>\n\n<p>Next, set up the default parameters for all of the firewall rules you will be establishing later. These defaults will ensure that the pre and post classes (you will be setting up in just a moment) are run in the correct order to avoid locking you out of your box during the first puppet run.</p>\n\n<pre><code>Firewall {\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n}\n</code></pre>\n\n<p>You also need to declare the <code>my_fw::pre</code> & <code>my_fw::post</code> classes so that dependencies are satisfied. This can be achieved using an External Node Classifier or the following</p>\n\n<pre><code>class { ['my_fw::pre', 'my_fw::post']: }\n</code></pre>\n\n<p>Finally, you should include the <code>firewall</code> class to ensure the correct packages are installed.</p>\n\n<pre><code>class { 'firewall': }\n</code></pre>\n\n<p>Now to create the <code>my_fw::pre</code> and <code>my_fw::post</code> classes. Firewall acts on your running firewall, making immediate changes as the catalog executes. Defining default pre and post rules allows you provide global defaults for your hosts before and after any custom rules; it is also required to avoid locking yourself out of your own boxes when Puppet runs. This approach employs a allowlist setup, so you can define what rules you want and everything else is ignored rather than removed.</p>\n\n<p>The <code>pre</code> class should be located in <code>my_fw/manifests/pre.pp</code> and should contain any default rules to be applied first.</p>\n\n<pre><code>class my_fw::pre {\n Firewall {\n require => undef,\n }\n\n # Default firewall rules\n firewall { '000 accept all icmp':\n proto => 'icmp',\n action => 'accept',\n }->\n firewall { '001 accept all to lo interface':\n proto => 'all',\n iniface => 'lo',\n action => 'accept',\n }->\n firewall { '002 accept related established rules':\n proto => 'all',\n state => ['RELATED', 'ESTABLISHED'],\n action => 'accept',\n }\n}\n</code></pre>\n\n<p>The rules in <code>pre</code> should allow basic networking (such as ICMP and TCP), as well as ensure that existing connections are not closed.</p>\n\n<p>The <code>post</code> class should be located in <code>my_fw/manifests/post.pp</code> and include any default rules to be applied last.</p>\n\n<pre><code>class my_fw::post {\n firewall { '999 drop all':\n proto => 'all',\n action => 'drop',\n before => undef,\n }\n}\n</code></pre>\n\n<p>To put it all together: the <code>before</code> parameter in <code>Firewall {}</code> ensures <code>my_fw::post</code> is run before any other rules and the the <code>require</code> parameter ensures <code>my_fw::pre</code> is run after any other rules. So the run order is:</p>\n\n<ul>\n<li>run the rules in <code>my_fw::pre</code></li>\n<li>run your rules (defined in code)</li>\n<li>run the rules in <code>my_fw::post</code></li>\n</ul>\n\n<h3>Upgrading</h3>\n\n<h4>Upgrading from version 0.2.0 and newer</h4>\n\n<p>Upgrade the module with the puppet module tool as normal:</p>\n\n<pre><code>puppet module upgrade puppetlabs/firewall\n</code></pre>\n\n<h4>Upgrading from version 0.1.1 and older</h4>\n\n<p>Start by upgrading the module using the puppet module tool:</p>\n\n<pre><code>puppet module upgrade puppetlabs/firewall\n</code></pre>\n\n<p>Previously, you would have required the following in your <code>site.pp</code> (or some other global location):</p>\n\n<pre><code># Always persist firewall rules\nexec { 'persist-firewall':\n command => $operatingsystem ? {\n 'debian' => '/sbin/iptables-save > /etc/iptables/rules.v4',\n /(RedHat|CentOS)/ => '/sbin/iptables-save > /etc/sysconfig/iptables',\n },\n refreshonly => true,\n}\nFirewall {\n notify => Exec['persist-firewall'],\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n}\nFirewallchain {\n notify => Exec['persist-firewall'],\n}\nresources { "firewall":\n purge => true\n}\n</code></pre>\n\n<p>With the latest version, we now have in-built persistence, so this is no longer needed. However, you will still need some basic setup to define pre & post rules.</p>\n\n<pre><code>resources { "firewall":\n purge => true\n}\nFirewall {\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n}\nclass { ['my_fw::pre', 'my_fw::post']: }\nclass { 'firewall': }\n</code></pre>\n\n<p>Consult the the documentation below for more details around the classes <code>my_fw::pre</code> and <code>my_fw::post</code>.</p>\n\n<h2>Usage</h2>\n\n<p>There are two kinds of firewall rules you can use with Firewall: default rules and application-specific rules. Default rules apply to general firewall settings, whereas application-specific rules manage firewall settings of a specific application, node, etc.</p>\n\n<p>All rules employ a numbering system in the resource's title that is used for ordering. When titling your rules, make sure you prefix the rule with a number.</p>\n\n<pre><code> 000 this runs first\n 999 this runs last\n</code></pre>\n\n<h3>Default rules</h3>\n\n<p>You can place default rules in either <code>my_fw::pre</code> or <code>my_fw::post</code>, depending on when you would like them to run. Rules placed in the <code>pre</code> class will run first, rules in the <code>post</code> class, last.</p>\n\n<p>Depending on the provider, the title of the rule can be stored using the comment feature of the underlying firewall subsystem. Values can match <code>/^\\d+[[:alpha:][:digit:][:punct:][:space:]]+$/</code>.</p>\n\n<h4>Examples of default rules</h4>\n\n<p>Basic accept ICMP request example:</p>\n\n<pre><code>firewall { "000 accept all icmp requests":\n proto => "icmp",\n action => "accept",\n}\n</code></pre>\n\n<p>Drop all:</p>\n\n<pre><code>firewall { "999 drop all other requests":\n action => "drop",\n}\n</code></pre>\n\n<h3>Application-specific rules</h3>\n\n<p>Application-specific rules can live anywhere you declare the firewall resource. It is best to put your firewall rules close to the service that needs it, such as in the module that configures it.</p>\n\n<p>You should be able to add firewall rules to your application-specific classes so firewalling is performed at the same time when the class is invoked.</p>\n\n<p>For example, if you have an Apache module, you could declare the class as below</p>\n\n<pre><code>class apache {\n firewall { '100 allow http and https access':\n port => [80, 443],\n proto => tcp,\n action => accept,\n }\n # ... the rest of your code ...\n}\n</code></pre>\n\n<p>When someone uses the class, firewalling is provided automatically.</p>\n\n<pre><code>class { 'apache': }\n</code></pre>\n\n<h3>Other rules</h3>\n\n<p>You can also apply firewall rules to specific nodes. Usually, you will want to put the firewall rule in another class and apply that class to a node. But you can apply a rule to a node.</p>\n\n<pre><code>node 'foo.bar.com' {\n firewall { '111 open port 111':\n dport => 111\n }\n}\n</code></pre>\n\n<p>You can also do more complex things with the <code>firewall</code> resource. Here we are doing some NAT configuration.</p>\n\n<pre><code>firewall { '100 snat for network foo2':\n chain => 'POSTROUTING',\n jump => 'MASQUERADE',\n proto => 'all',\n outiface => "eth0",\n source => '10.1.2.0/24',\n table => 'nat',\n}\n</code></pre>\n\n<p>In the below example, we are creating a new chain and forwarding any port 5000 access to it.</p>\n\n<pre><code>firewall { '100 forward to MY_CHAIN':\n chain => 'INPUT',\n jump => 'MY_CHAIN',\n}\n# The namevar here is in the format chain_name:table:protocol\nfirewallchain { 'MY_CHAIN:filter:IPv4':\n ensure => present,\n}\nfirewall { '100 my rule':\n chain => 'MY_CHAIN',\n action => 'accept',\n proto => 'tcp',\n dport => 5000,\n}\n</code></pre>\n\n<h3>Additional Information</h3>\n\n<p>You can access the inline documentation:</p>\n\n<pre><code>puppet describe firewall\n</code></pre>\n\n<p>Or</p>\n\n<pre><code>puppet doc -r type\n(and search for firewall)\n</code></pre>\n\n<h2>Reference</h2>\n\n<p>Classes:</p>\n\n<ul>\n<li><a href=\"#class-firewall\">firewall</a></li>\n</ul>\n\n<p>Types:</p>\n\n<ul>\n<li><a href=\"#type-firewall\">firewall</a></li>\n<li><a href=\"#type-firewallchain\">firewallchain</a></li>\n</ul>\n\n<p>Facts:</p>\n\n<ul>\n<li><a href=\"#fact-ip6tablesversion\">ip6tables_version</a></li>\n<li><a href=\"#fact-iptablesversion\">iptables_version</a></li>\n<li><a href=\"#fact-iptablespersistentversion\">iptables_persistent_version</a></li>\n</ul>\n\n<h3>Class: firewall</h3>\n\n<p>This class is provided to do the basic setup tasks required for using the firewall resources.</p>\n\n<p>At the moment this takes care of:</p>\n\n<ul>\n<li>iptables-persistent package installation</li>\n</ul>\n\n<p>You should include the class for nodes that need to use the resources in this module. For example</p>\n\n<pre><code>class { 'firewall': }\n</code></pre>\n\n<h4><code>ensure</code></h4>\n\n<p>Indicates the state of <code>iptables</code> on your system, allowing you to disable <code>iptables</code> if desired.</p>\n\n<p>Can either be <code>running</code> or <code>stopped</code>. Default to <code>running</code>.</p>\n\n<h3>Type: firewall</h3>\n\n<p>This type provides the capability to manage firewall rules within puppet.</p>\n\n<p>For more documentation on the type, access the 'Types' tab on the Puppet Labs Forge:</p>\n\n<p><a href=\"http://forge.puppetlabs.com/puppetlabs/firewall#types\">http://forge.puppetlabs.com/puppetlabs/firewall#types</a></p>\n\n<h3>Type:: firewallchain</h3>\n\n<p>This type provides the capability to manage rule chains for firewalls.</p>\n\n<p>For more documentation on the type, access the 'Types' tab on the Puppet Labs Forge:</p>\n\n<p><a href=\"http://forge.puppetlabs.com/puppetlabs/firewall#types\">http://forge.puppetlabs.com/puppetlabs/firewall#types</a></p>\n\n<h3>Fact: ip6tables_version</h3>\n\n<p>The module provides a Facter fact that can be used to determine what the default version of ip6tables is for your operating system/distribution.</p>\n\n<h3>Fact: iptables_version</h3>\n\n<p>The module provides a Facter fact that can be used to determine what the default version of iptables is for your operating system/distribution.</p>\n\n<h3>Fact: iptables_persistent_version</h3>\n\n<p>Retrieves the version of iptables-persistent from your OS. This is a Debian/Ubuntu specific fact.</p>\n\n<h2>Limitations</h2>\n\n<p>While we aim to support as low as Puppet 2.6.x (for now), we recommend installing the latest Puppet version from the Puppetlabs official repos.</p>\n\n<p>Please note, we only aim support for the following distributions and versions - that is, we actually do ongoing system tests on these platforms:</p>\n\n<ul>\n<li>Redhat 5.9 and 6.4</li>\n<li>Debian 6.0 and 7.0</li>\n<li>Ubuntu 10.04 and 12.04</li>\n</ul>\n\n<p>If you want a new distribution supported feel free to raise a ticket and we'll consider it. If you want an older revision supported we'll also consider it, but don't get insulted if we reject it. Specifically, we will not consider Redhat 4.x support - its just too old.</p>\n\n<p>If you really want to get support for your OS we suggest writing any patch fix yourself, and for continual system testing if you can provide a sufficient trusted Veewee template we could consider adding such an OS to our ongoing continuous integration tests.</p>\n\n<p>Also, as this is a 0.x release the API is still in flux and may change. Make sure\nyou read the release notes before upgrading.</p>\n\n<p>Bugs can be reported using Github Issues:</p>\n\n<p><a href=\"http://github.com/puppetlabs/puppetlabs-firewall/issues\">http://github.com/puppetlabs/puppetlabs-firewall/issues</a></p>\n\n<h2>Development</h2>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n\n<p>For this particular module, please also read CONTRIBUTING.md before contributing.</p>\n\n<p>Currently we support:</p>\n\n<ul>\n<li>iptables</li>\n<li>ip6tables</li>\n<li>ebtables (chains only)</li>\n</ul>\n\n<p>But plans are to support lots of other firewall implementations:</p>\n\n<ul>\n<li>FreeBSD (ipf)</li>\n<li>Mac OS X (ipfw)</li>\n<li>OpenBSD (pf)</li>\n<li>Cisco (ASA and basic access lists)</li>\n</ul>\n\n<p>If you have knowledge in these technologies, know how to code, and wish to contribute to this project, we would welcome the help.</p>\n\n<h3>Testing</h3>\n\n<p>Make sure you have:</p>\n\n<ul>\n<li>rake</li>\n<li>bundler</li>\n</ul>\n\n<p>Install the necessary gems:</p>\n\n<pre><code>bundle install\n</code></pre>\n\n<p>And run the tests from the root of the source code:</p>\n\n<pre><code>rake test\n</code></pre>\n\n<p>If you have a copy of Vagrant 1.1.0 you can also run the system tests:</p>\n\n<pre><code>RSPEC_SET=debian-606-x64 rake spec:system\nRSPEC_SET=centos-58-x64 rake spec:system\n</code></pre>\n\n<p><em>Note:</em> system testing is fairly alpha at this point, your mileage may vary.</p>\n</section>",
|
|
907
|
+
"changelog": "<section class=\"plaintext\"><pre>## puppetlabs-firewall changelog\n\nRelease notes for puppetlabs-firewall module.\n\n---------------------------------------\n\n#### 0.4.2 - 2013-09-10\n\nAnother attempt to fix the packaging issue. We think we understand exactly\nwhat is failing and this should work properly for the first time.\n\n---------------------------------------\n\n#### 0.4.1 - 2013-08-09\n\nBugfix release to fix a packaging issue that may have caused puppet module\ninstall commands to fail.\n\n---------------------------------------\n\n#### 0.4.0 - 2013-07-11\n\nThis release adds support for address type, src/dest ip ranges, and adds\nadditional testing and bugfixes.\n\n#### Features\n* Add `src_type` and `dst_type` attributes (Nick Stenning)\n* Add `src_range` and `dst_range` attributes (Lei Zhang)\n* Add SL and SLC operatingsystems as supported (Steve Traylen)\n\n#### Bugfixes\n* Fix parser for bursts other than 5 (Chris Rutter)\n* Fix parser for -f in --comment (Georg Koester)\n* Add doc headers to class files (Dan Carley)\n* Fix lint warnings/errors (Wolf Noble)\n\n---------------------------------------\n\n#### 0.3.1 - 2013/6/10\n\nThis minor release provides some bugfixes and additional tests.\n\n#### Changes\n\n* Update tests for rspec-system-puppet 2 (Ken Barber)\n* Update rspec-system tests for rspec-system-puppet 1.5 (Ken Barber)\n* Ensure all services have 'hasstatus => true' for Puppet 2.6 (Ken Barber)\n* Accept pre-existing rule with invalid name (Joe Julian)\n* Swap log_prefix and log_level order to match the way it's saved (Ken Barber)\n* Fix log test to replicate bug #182 (Ken Barber)\n* Split argments while maintaining quoted strings (Joe Julian)\n* Add more log param tests (Ken Barber)\n* Add extra tests for logging parameters (Ken Barber)\n* Clarify OS support (Ken Barber)\n\n---------------------------------------\n\n#### 0.3.0 - 2013/4/25\n\nThis release introduces support for Arch Linux and extends support for Fedora 15 and up. There are also lots of bugs fixed and improved testing to prevent regressions.\n\n##### Changes\n\n* Fix error reporting for insane hostnames (Tomas Doran)\n* Support systemd on Fedora 15 and up (Eduardo Gutierrez)\n* Move examples to docs (Ken Barber)\n* Add support for Arch Linux platform (Ingmar Steen)\n* Add match rule for fragments (Georg Koester)\n* Fix boolean rules being recognized as changed (Georg Koester)\n* Same rules now get deleted (Anastasis Andronidis)\n* Socket params test (Ken Barber)\n* Ensure parameter can disable firewall (Marc Tardif)\n\n---------------------------------------\n\n#### 0.2.1 - 2012/3/13\n\nThis maintenance release introduces the new README layout, and fixes a bug with iptables_persistent_version.\n\n##### Changes\n\n* (GH-139) Throw away STDERR from dpkg-query in Fact\n* Update README to be consistent with module documentation template\n* Fix failing spec tests due to dpkg change in iptables_persistent_version\n\n---------------------------------------\n\n#### 0.2.0 - 2012/3/3\n\nThis release introduces automatic persistence, removing the need for the previous manual dependency requirement for persistent the running rules to the OS persistence file.\n\nPreviously you would have required the following in your site.pp (or some other global location):\n\n # Always persist firewall rules\n exec { 'persist-firewall':\n command => $operatingsystem ? {\n 'debian' => '/sbin/iptables-save > /etc/iptables/rules.v4',\n /(RedHat|CentOS)/ => '/sbin/iptables-save > /etc/sysconfig/iptables',\n },\n refreshonly => true,\n }\n Firewall {\n notify => Exec['persist-firewall'],\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n }\n Firewallchain {\n notify => Exec['persist-firewall'],\n }\n resources { "firewall":\n purge => true\n }\n\nYou only need:\n\n class { 'firewall': }\n Firewall {\n before => Class['my_fw::post'],\n require => Class['my_fw::pre'],\n }\n\nTo install pre-requisites and to create dependencies on your pre & post rules. Consult the README for more information.\n\n##### Changes\n\n* Firewall class manifests (Dan Carley)\n* Firewall and firewallchain persistence (Dan Carley)\n* (GH-134) Autorequire iptables related packages (Dan Carley)\n* Typo in #persist_iptables OS normalisation (Dan Carley)\n* Tests for #persist_iptables (Dan Carley)\n* (GH-129) Replace errant return in autoreq block (Dan Carley)\n\n---------------------------------------\n\n#### 0.1.1 - 2012/2/28\n\nThis release primarily fixes changing parameters in 3.x\n\n##### Changes\n\n* (GH-128) Change method_missing usage to define_method for 3.x compatibility\n* Update travis.yml gem specifications to actually test 2.6\n* Change source in Gemfile to use a specific URL for Ruby 2.0.0 compatibility\n\n---------------------------------------\n\n#### 0.1.0 - 2012/2/24\n\nThis release is somewhat belated, so no summary as there are far too many changes this time around. Hopefully we won't fall this far behind again :-).\n\n##### Changes\n\n* Add support for MARK target and set-mark property (Johan Huysmans)\n* Fix broken call to super for ruby-1.9.2 in munge (Ken Barber)\n* simple fix of the error message for allowed values of the jump property (Daniel Black)\n* Adding OSPF(v3) protocol to puppetlabs-firewall (Arnoud Vermeer)\n* Display multi-value: port, sport, dport and state command seperated (Daniel Black)\n* Require jump=>LOG for log params (Daniel Black)\n* Reject and document icmp => "any" (Dan Carley)\n* add firewallchain type and iptables_chain provider (Daniel Black)\n* Various fixes for firewallchain resource (Ken Barber)\n* Modify firewallchain name to be chain:table:protocol (Ken Barber)\n* Fix allvalidchain iteration (Ken Barber)\n* Firewall autorequire Firewallchains (Dan Carley)\n* Tests and docstring for chain autorequire (Dan Carley)\n* Fix README so setup instructions actually work (Ken Barber)\n* Support vlan interfaces (interface containing ".") (Johan Huysmans)\n* Add tests for VLAN support for iniface/outiface (Ken Barber)\n* Add the table when deleting rules (Johan Huysmans)\n* Fix tests since we are now prefixing -t)\n* Changed 'jump' to 'action', commands to lower case (Jason Short)\n* Support interface names containing "+" (Simon Deziel)\n* Fix for when iptables-save spews out "FATAL" errors (Sharif Nassar)\n* Fix for incorrect limit command arguments for ip6tables provider (Michael Hsu)\n* Document Util::Firewall.host_to_ip (Dan Carley)\n* Nullify addresses with zero prefixlen (Dan Carley)\n* Add support for --tcp-flags (Thomas Vander Stichele)\n* Make tcp_flags support a feature (Ken Barber)\n* OUTPUT is a valid chain for the mangle table (Adam Gibbins)\n* Enable travis-ci support (Ken Barber)\n* Convert an existing test to CIDR (Dan Carley)\n* Normalise iptables-save to CIDR (Dan Carley)\n* be clearer about what distributions we support (Ken Barber)\n* add gre protocol to list of acceptable protocols (Jason Hancock)\n* Added pkttype property (Ashley Penney)\n* Fix mark to not repeat rules with iptables 1.4.1+ (Sharif Nassar)\n* Stub iptables_version for now so tests run on non-Linux hosts (Ken Barber)\n* Stub iptables facts for set_mark tests (Dan Carley)\n* Update formatting of README to meet Puppet Labs best practices (Will Hopper)\n* Support for ICMP6 type code resolutions (Dan Carley)\n* Insert order hash included chains from different tables (Ken Barber)\n* rspec 2.11 compatibility (Jonathan Boyett)\n* Add missing class declaration in README (sfozz)\n* array_matching is contraindicated (Sharif Nassar)\n* Convert port Fixnum into strings (Sharif Nassar)\n* Update test framework to the modern age (Ken Barber)\n* working with ip6tables support (wuwx)\n* Remove gemfile.lock and add to gitignore (William Van Hevelingen)\n* Update travis and gemfile to be like stdlib travis files (William Van Hevelingen)\n* Add support for -m socket option (Ken Barber)\n* Add support for single --sport and --dport parsing (Ken Barber)\n* Fix tests for Ruby 1.9.3 from 3e13bf3 (Dan Carley)\n* Mock Resolv.getaddress in #host_to_ip (Dan Carley)\n* Update docs for source and dest - they are not arrays (Ken Barber)\n\n---------------------------------------\n\n#### 0.0.4 - 2011/12/05\n\nThis release adds two new parameters, 'uid' and 'gid'. As a part of the owner module, these params allow you to specify a uid, username, gid, or group got a match:\n\n firewall { '497 match uid':\n port => '123',\n proto => 'mangle',\n chain => 'OUTPUT',\n action => 'drop'\n uid => '123'\n }\n\nThis release also adds value munging for the 'log_level', 'source', and 'destination' parameters. The 'source' and 'destination' now support hostnames:\n\n firewall { '498 accept from puppetlabs.com':\n port => '123',\n proto => 'tcp',\n source => 'puppetlabs.com',\n action => 'accept'\n }\n\n\nThe 'log_level' parameter now supports using log level names, such as 'warn', 'debug', and 'panic':\n\n firewall { '499 logging':\n port => '123',\n proto => 'udp',\n log_level => 'debug',\n action => 'drop'\n }\n\nAdditional changes include iptables and ip6tables version facts, general whitespace cleanup, and adding additional unit tests.\n\n##### Changes\n\n* (#10957) add iptables_version and ip6tables_version facts\n* (#11093) Improve log_level property so it converts names to numbers\n* (#10723) Munge hostnames and IPs to IPs with CIDR\n* (#10718) Add owner-match support\n* (#10997) Add fixtures for ipencap\n* (#11034) Whitespace cleanup\n* (#10690) add port property support to ip6tables\n\n---------------------------------------\n\n#### 0.0.3 - 2011/11/12\n\nThis release introduces a new parameter 'port' which allows you to set both\nsource and destination ports for a match:\n\n firewall { "500 allow NTP requests":\n port => "123",\n proto => "udp",\n action => "accept",\n }\n\nWe also have the limit parameter finally working:\n\n firewall { "500 limit HTTP requests":\n dport => 80,\n proto => tcp,\n limit => "60/sec",\n burst => 30,\n action => accept,\n }\n\nState ordering has been fixed now, and more characters are allowed in the\nnamevar:\n\n* Alphabetical\n* Numbers\n* Punctuation\n* Whitespace\n\n##### Changes\n\n* (#10693) Ensure -m limit is added for iptables when using 'limit' param\n* (#10690) Create new port property\n* (#10700) allow additional characters in comment string\n* (#9082) Sort iptables --state option values internally to keep it consistent across runs\n* (#10324) Remove extraneous whitespace from iptables rule line in spec tests\n\n---------------------------------------\n\n#### 0.0.2 - 2011/10/26\n\nThis is largely a maintanence and cleanup release, but includes the ability to\nspecify ranges of ports in the sport/dport parameter:\n\n firewall { "500 allow port range":\n dport => ["3000-3030","5000-5050"],\n sport => ["1024-65535"],\n action => "accept",\n }\n\n##### Changes\n\n* (#10295) Work around bug #4248 whereby the puppet/util paths are not being loaded correctly on the primary Puppet server\n* (#10002) Change to dport and sport to handle ranges, and fix handling of name to name to port\n* (#10263) Fix tests on Puppet 2.6.x\n* (#10163) Cleanup some of the inline documentation and README file to align with general forge usage\n\n---------------------------------------\n\n#### 0.0.1 - 2011/10/18\n\nInitial release.\n\n##### Changes\n\n* (#9362) Create action property and perform transformation for accept, drop, reject value for iptables jump parameter\n* (#10088) Provide a customised version of CONTRIBUTING.md\n* (#10026) Re-arrange provider and type spec files to align with Puppet\n* (#10026) Add aliases for test,specs,tests to Rakefile and provide -T as default\n* (#9439) fix parsing and deleting existing rules\n* (#9583) Fix provider detection for gentoo and unsupported linuxes for the iptables provider\n* (#9576) Stub provider so it works properly outside of Linux\n* (#9576) Align spec framework with Puppet core\n* and lots of other earlier development tasks ...\n</pre></section>",
|
|
908
908
|
"license": "<section class=\"plaintext\"><pre>Puppet Firewall Module - Puppet module for managing Firewalls\n\nCopyright (C) 2011-2013 Puppet Labs, Inc.\nCopyright (C) 2011 Jonathan Boyett\nCopyright (C) 2011 Media Temple, Inc.\n\nSome of the iptables code was taken from puppet-iptables which was:\n\nCopyright (C) 2011 Bob.sh Limited\nCopyright (C) 2008 Camptocamp Association\nCopyright (C) 2007 Dmitri Priimak\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n</pre></section>",
|
|
909
909
|
"created_at": "2013-09-10 13:27:07 -0700",
|
|
910
910
|
"updated_at": "2013-09-10 13:27:07 -0700",
|
|
@@ -1277,7 +1277,7 @@
|
|
|
1277
1277
|
"file_size": 85004,
|
|
1278
1278
|
"file_md5": "4036f35903264c9b6e3289455cfee225",
|
|
1279
1279
|
"downloads": 6389,
|
|
1280
|
-
"readme": "<section class=\"markdown\"><h1>apache</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-apache\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-apache.png?branch=master\" alt=\"Build Status\"></a></p>\n\n<h4>Table of Contents</h4>\n\n<ol>\n<li><a href=\"#overview\">Overview - What is the Apache module?</a></li>\n<li><a href=\"#module-description\">Module Description - What does the module do?</a></li>\n<li><a href=\"#setup\">Setup - The basics of getting started with Apache</a>\n\n<ul>\n<li><a href=\"#beginning-with-apache\">Beginning with Apache - Installation</a></li>\n<li><a href=\"#configure-a-virtual-host\">Configure a Virtual Host - Basic options for getting started</a></li>\n</ul></li>\n<li><a href=\"#usage\">Usage - The classes, defined types, and their parameters available for configuration</a>\n\n<ul>\n<li><a href=\"#classes-and-defined-types\">Classes and Defined Types</a>\n\n<ul>\n<li><a href=\"#class-apache\">Class: apache</a></li>\n<li><a href=\"#classes-apachemodname\">Classes: apache::mod::*</a></li>\n<li><a href=\"#defined-type-apachevhost\">Defined Type: apache::vhost</a></li>\n</ul></li>\n<li><a href=\"#virtual-host-examples\">Virtual Host Examples - Demonstrations of some configuration options</a></li>\n</ul></li>\n<li><a href=\"#implementation\">Implementation - An under-the-hood peek at what the module is doing</a>\n\n<ul>\n<li><a href=\"#classes-and-defined-types\">Classes and Defined Types</a></li>\n<li><a href=\"#templates\">Templates</a></li>\n</ul></li>\n<li><a href=\"#limitations\">Limitations - OS compatibility, etc.</a></li>\n<li><a href=\"#development\">Development - Guide for contributing to the module</a></li>\n<li><a href=\"#release-notes\">Release Notes - Notes on the most recent updates to the module</a></li>\n</ol>\n\n<h2>Overview</h2>\n\n<p>The Apache module allows you to set up virtual hosts and manage web services with minimal effort.</p>\n\n<h2>Module Description</h2>\n\n<p>Apache is a widely-used web server, and this module provides a simplified way of creating configurations to manage your infrastructure. This includes the ability to configure and manage a range of different virtual host setups, as well as a streamlined way to install and configure Apache modules.</p>\n\n<h2>Setup</h2>\n\n<p><strong>What Apache affects:</strong></p>\n\n<ul>\n<li>configuration files and directories (created and written to)\n\n<ul>\n<li><strong>NOTE</strong>: Configurations that are <em>not</em> managed by Puppet will be purged.</li>\n</ul></li>\n<li>package/service/configuration files for Apache</li>\n<li>Apache modules</li>\n<li>virtual hosts</li>\n<li>listened-to ports</li>\n<li><code>/etc/make.conf</code> on FreeBSD</li>\n</ul>\n\n<h3>Beginning with Apache</h3>\n\n<p>To install Apache with the default parameters</p>\n\n<pre lang=\"puppet\"><code> class { 'apache': }\n</code></pre>\n\n<p>The defaults are determined by your operating system (e.g. Debian systems have one set of defaults, RedHat systems have another). These defaults will work well in a testing environment, but are not suggested for production. To establish customized parameters</p>\n\n<pre lang=\"puppet\"><code> class { 'apache':\n default_mods => false,\n default_confd_files => false,\n }\n</code></pre>\n\n<h3>Configure a virtual host</h3>\n\n<p>Declaring the <code>apache</code> class will create a default virtual host by setting up a vhost on port 80, listening on all interfaces and serving <code>$apache::docroot</code>.</p>\n\n<pre lang=\"puppet\"><code> class { 'apache': }\n</code></pre>\n\n<p>To configure a very basic, name-based virtual host</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'first.example.com':\n port => '80',\n docroot => '/var/www/first',\n }\n</code></pre>\n\n<p><em>Note:</em> The default priority is 15. If nothing matches this priority, the alphabetically first name-based vhost will be used. This is also true if you pass a higher priority and no names match anything else.</p>\n\n<p>A slightly more complicated example, which moves the docroot owner/group</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'second.example.com':\n port => '80',\n docroot => '/var/www/second',\n docroot_owner => 'third',\n docroot_group => 'third',\n }\n</code></pre>\n\n<p>To set up a virtual host with SSL and default SSL certificates</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'ssl.example.com':\n port => '443',\n docroot => '/var/www/ssl',\n ssl => true,\n }\n</code></pre>\n\n<p>To set up a virtual host with SSL and specific SSL certificates</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'fourth.example.com':\n port => '443',\n docroot => '/var/www/fourth',\n ssl => true,\n ssl_cert => '/etc/ssl/fourth.example.com.cert',\n ssl_key => '/etc/ssl/fourth.example.com.key',\n }\n</code></pre>\n\n<p>To set up a virtual host with IP address different than '*'</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'subdomain.example.com':\n ip => '127.0.0.1',\n port => '80',\n docrout => '/var/www/subdomain',\n }\n</code></pre>\n\n<p>To set up a virtual host with wildcard alias for subdomain mapped to same named directory\n<code>http://examle.com.loc => /var/www/example.com</code></p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'subdomain.loc':\n vhost_name => '*',\n port => '80',\n virtual_docroot' => '/var/www/%-2+',\n docroot => '/var/www',\n serveraliases => ['*.loc',],\n }\n</code></pre>\n\n<p>To set up a virtual host with suPHP</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'suphp.example.com':\n port => '80',\n docroot => '/home/appuser/myphpapp',\n suphp_addhandler => 'x-httpd-php',\n suphp_engine => 'on',\n suphp_configpath => '/etc/php5/apache2',\n directories => { path => '/home/appuser/myphpapp',\n 'suphp' => { user => 'myappuser', group => 'myappgroup' },\n }\n }\n</code></pre>\n\n<p>To set up a virtual host with WSGI</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'wsgi.example.com':\n port => '80',\n docroot => '/var/www/pythonapp',\n wsgi_daemon_process => 'wsgi',\n wsgi_daemon_process_options =>\n { processes => '2', threads => '15', display-name => '%{GROUP}' },\n wsgi_process_group => 'wsgi',\n wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' },\n }\n</code></pre>\n\n<p>Starting 2.2.16, httpd supports <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_dir.html#fallbackresource\">FallbackResource</a> which is a simple replace for common RewriteRules:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'wordpress.example.com':\n port => '80',\n docroot => '/var/www/wordpress',\n fallbackresource => '/index.php',\n }\n</code></pre>\n\n<p>Please note that the <code>disabled</code> argument to FallbackResource is only supported since 2.2.24.</p>\n\n<p>To see a list of all virtual host parameters, <a href=\"#defined-type-apachevhost\">please go here</a>. To see an extensive list of virtual host examples <a href=\"#virtual-host-examples\">please look here</a>.</p>\n\n<h2>Usage</h2>\n\n<h3>Classes and Defined Types</h3>\n\n<p>This module modifies Apache configuration files and directories and will purge any configuration not managed by Puppet. Configuration of Apache should be managed by Puppet, as non-puppet configuration files can cause unexpected failures.</p>\n\n<p>It is possible to temporarily disable full Puppet management by setting the <code>purge_configs</code> parameter within the base <code>apache</code> class to 'false'. This option should only be used as a temporary means of saving and relocating customized configurations.</p>\n\n<h4>Class: <code>apache</code></h4>\n\n<p>The Apache module's primary class, <code>apache</code>, guides the basic setup of Apache on your system.</p>\n\n<p>You may establish a default vhost in this class, the <code>vhost</code> class, or both. You may add additional vhost configurations for specific virtual hosts using a declaration of the <code>vhost</code> type.</p>\n\n<p><strong>Parameters within <code>apache</code>:</strong></p>\n\n<h5><code>default_mods</code></h5>\n\n<p>Sets up Apache with default settings based on your OS. Defaults to 'true', set to 'false' for customized configuration.</p>\n\n<h5><code>default_vhost</code></h5>\n\n<p>Sets up a default virtual host. Defaults to 'true', set to 'false' to set up <a href=\"#configure-a-virtual-host\">customized virtual hosts</a>.</p>\n\n<h5><code>default_confd_files</code></h5>\n\n<p>Generates default set of include-able apache configuration files under <code>${apache::confd_dir}</code> directory. These configuration files correspond to what is usually installed with apache package on given platform.</p>\n\n<h5><code>default_ssl_vhost</code></h5>\n\n<p>Sets up a default SSL virtual host. Defaults to 'false'.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'default-ssl':\n port => 443,\n ssl => true,\n docroot => $docroot,\n scriptalias => $scriptalias,\n serveradmin => $serveradmin,\n access_log_file => "ssl_${access_log_file}",\n }\n</code></pre>\n\n<p>SSL vhosts only respond to HTTPS queries.</p>\n\n<h5><code>default_ssl_cert</code></h5>\n\n<p>The default SSL certification, which is automatically set based on your operating system (<code>/etc/pki/tls/certs/localhost.crt</code> for RedHat, <code>/etc/ssl/certs/ssl-cert-snakeoil.pem</code> for Debian, <code>/usr/local/etc/apache22/server.crt</code> for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_key</code></h5>\n\n<p>The default SSL key, which is automatically set based on your operating system (<code>/etc/pki/tls/private/localhost.key</code> for RedHat, <code>/etc/ssl/private/ssl-cert-snakeoil.key</code> for Debian, <code>/usr/local/etc/apache22/server.key</code> for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_chain</code></h5>\n\n<p>The default SSL chain, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_ca</code></h5>\n\n<p>The default certificate authority, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_crl_path</code></h5>\n\n<p>The default certificate revocation list path, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_crl</code></h5>\n\n<p>The default certificate revocation list to use, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>service_name</code></h5>\n\n<p>Name of apache service to run. Defaults to: <code>'httpd'</code> on RedHat, <code>'apache2'</code> on Debian, and <code>'apache22'</code> on FreeBSD.</p>\n\n<h5><code>service_enable</code></h5>\n\n<p>Determines whether the 'httpd' service is enabled when the machine is booted. Defaults to 'true'.</p>\n\n<h5><code>service_ensure</code></h5>\n\n<p>Determines whether the service should be running. Can be set to 'undef' which is useful when you want to let the service be managed by some other application like pacemaker. Defaults to 'running'.</p>\n\n<h5><code>purge_configs</code></h5>\n\n<p>Removes all other apache configs and vhosts, which is automatically set to true. Setting this to false is a stopgap measure to allow the apache module to coexist with existing or otherwise managed configuration. It is recommended that you move your configuration entirely to resources within this module.</p>\n\n<h5><code>serveradmin</code></h5>\n\n<p>Sets the server administrator. Defaults to 'root@localhost'.</p>\n\n<h5><code>servername</code></h5>\n\n<p>Sets the servername. Defaults to fqdn provided by facter.</p>\n\n<h5><code>server_root</code></h5>\n\n<p>A value to be set as <code>ServerRoot</code> in main configuration file (<code>httpd.conf</code>). Defaults to <code>/etc/httpd</code> on RedHat, <code>/etc/apache2</code> on Debian and <code>/usr/local</code> on FreeBSD.</p>\n\n<h5><code>sendfile</code></h5>\n\n<p>Makes Apache use the Linux kernel 'sendfile' to serve static files. Defaults to 'On'.</p>\n\n<h5><code>server_root</code></h5>\n\n<p>A value to be set as <code>ServerRoot</code> in main configuration file (<code>httpd.conf</code>). Defaults to <code>/etc/httpd</code> on RedHat and <code>/etc/apache2</code> on Debian.</p>\n\n<h5><code>error_documents</code></h5>\n\n<p>Enables custom error documents. Defaults to 'false'.</p>\n\n<h5><code>httpd_dir</code></h5>\n\n<p>Changes the base location of the configuration directories used for the service. This is useful for specially repackaged HTTPD builds but may have unintended consequences when used in combination with the default distribution packages. Default is based on your OS.</p>\n\n<h5><code>confd_dir</code></h5>\n\n<p>Changes the location of the configuration directory your custom configuration files are placed in. Default is based on your OS.</p>\n\n<h5><code>vhost_dir</code></h5>\n\n<p>Changes the location of the configuration directory your virtual host configuration files are placed in. Default is based on your OS.</p>\n\n<h5><code>mod_dir</code></h5>\n\n<p>Changes the location of the configuration directory your Apache modules configuration files are placed in. Default is based on your OS.</p>\n\n<h5><code>mpm_module</code></h5>\n\n<p>Configures which mpm module is loaded and configured for the httpd process by the <code>apache::mod::event</code>, <code>apache::mod::itk</code>, <code>apache::mod::peruser</code>, <code>apache::mod::prefork</code> and <code>apache::mod::worker</code> classes. Must be set to <code>false</code> to explicitly declare <code>apache::mod::event</code>, <code>apache::mod::itk</code>, <code>apache::mod::peruser</code>, <code>apache::mod::prefork</code> or <code>apache::mod::worker</code> classes with parameters. All possible values are <code>event</code>, <code>itk</code>, <code>peruser</code>, <code>prefork</code>, <code>worker</code> (valid values depend on agent's OS), or the boolean <code>false</code>. Defaults to <code>prefork</code> on RedHat and FreeBSD and <code>worker</code> on Debian. Note: on FreeBSD switching between different mpm modules is quite difficult (but possible). Before changing <code>$mpm_module</code> one has to deinstall all packages that depend on currently installed <code>apache</code>.</p>\n\n<h5><code>conf_template</code></h5>\n\n<p>Setting this allows you to override the template used for the main apache configuration file. This is a potentially risky thing to do as this module has been built around the concept of a minimal configuration file with most of the configuration coming in the form of conf.d/ entries. Defaults to 'apache/httpd.conf.erb'.</p>\n\n<h5><code>keepalive</code></h5>\n\n<p>Setting this allows you to enable persistent connections.</p>\n\n<h5><code>keepalive_timeout</code></h5>\n\n<p>Amount of time the server will wait for subsequent requests on a persistent connection. Defaults to '15'.</p>\n\n<h5><code>logroot</code></h5>\n\n<p>Changes the location of the directory Apache log files are placed in. Defaut is based on your OS.</p>\n\n<h5><code>log_level</code></h5>\n\n<p>Changes the verbosity level of the error log. Defaults to 'warn'. Valid values are <code>emerg</code>, <code>alert</code>, <code>crit</code>, <code>error</code>, <code>warn</code>, <code>notice</code>, <code>info</code> or <code>debug</code>.</p>\n\n<h5><code>ports_file</code></h5>\n\n<p>Changes the name of the file containing Apache ports configuration. Default is <code>${conf_dir}/ports.conf</code>.</p>\n\n<h5><code>server_tokens</code></h5>\n\n<p>Controls how much information Apache sends to the browser about itself and the operating system. See Apache documentation for 'ServerTokens'. Defaults to 'OS'.</p>\n\n<h5><code>server_signature</code></h5>\n\n<p>Allows the configuration of a trailing footer line under server-generated documents. See Apache documentation for 'ServerSignature'. Defaults to 'On'.</p>\n\n<h5><code>trace_enable</code></h5>\n\n<p>Controls, how TRACE requests per RFC 2616 are handled. See Apache documentation for 'TraceEnable'. Defaults to 'On'.</p>\n\n<h5><code>manage_user</code></h5>\n\n<p>Setting this to false will avoid the user resource to be created by this module. This is useful when you already have a user created in another puppet module and that you want to used it to run apache. Without this, it would result in a duplicate resource error.</p>\n\n<h5><code>manage_group</code></h5>\n\n<p>Setting this to false will avoid the group resource to be created by this module. This is useful when you already have a group created in another puppet module and that you want to used it for apache. Without this, it would result in a duplicate resource error.</p>\n\n<h5><code>package_ensure</code></h5>\n\n<p>Allow control over the package ensure statement. This is useful if you want to make sure apache is always at the latest version or whether it is only installed.</p>\n\n<h4>Class: <code>apache::default_mods</code></h4>\n\n<p>Installs default Apache modules based on what OS you are running</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::default_mods': }\n</code></pre>\n\n<h4>Defined Type: <code>apache::mod</code></h4>\n\n<p>Used to enable arbitrary Apache httpd modules for which there is no specific <code>apache::mod::[name]</code> class. The <code>apache::mod</code> defined type will also install the required packages to enable the module, if any.</p>\n\n<pre lang=\"puppet\"><code> apache::mod { 'rewrite': }\n apache::mod { 'ldap': }\n</code></pre>\n\n<h4>Classes: <code>apache::mod::[name]</code></h4>\n\n<p>There are many <code>apache::mod::[name]</code> classes within this module that can be declared using <code>include</code>:</p>\n\n<ul>\n<li><code>alias</code></li>\n<li><code>auth_basic</code></li>\n<li><code>auth_kerb</code></li>\n<li><code>autoindex</code></li>\n<li><code>cache</code></li>\n<li><code>cgi</code></li>\n<li><code>cgid</code></li>\n<li><code>dav</code></li>\n<li><code>dav_fs</code></li>\n<li><code>dav_svn</code></li>\n<li><code>deflate</code></li>\n<li><code>dev</code></li>\n<li><code>dir</code>*</li>\n<li><code>disk_cache</code></li>\n<li><code>event</code></li>\n<li><code>fastcgi</code></li>\n<li><code>fcgid</code></li>\n<li><code>headers</code></li>\n<li><code>info</code></li>\n<li><code>itk</code></li>\n<li><code>ldap</code></li>\n<li><code>mime</code></li>\n<li><code>mime_magic</code>*</li>\n<li><code>mpm_event</code></li>\n<li><code>negotiation</code></li>\n<li><code>nss</code>*</li>\n<li><code>passenger</code>*</li>\n<li><code>perl</code></li>\n<li><code>peruser</code></li>\n<li><code>php</code> (requires <a href=\"#mpm_module\"><code>mpm_module</code></a> set to <code>prefork</code>)</li>\n<li><code>prefork</code>*</li>\n<li><code>proxy</code>*</li>\n<li><code>proxy_ajp</code></li>\n<li><code>proxy_html</code></li>\n<li><code>proxy_http</code></li>\n<li><code>python</code></li>\n<li><code>reqtimeout</code></li>\n<li><code>rewrite</code></li>\n<li><code>rpaf</code>*</li>\n<li><code>setenvif</code></li>\n<li><code>ssl</code>* (see <a href=\"#class-apachemodssl\">apache::mod::ssl</a> below)</li>\n<li><code>status</code>*</li>\n<li><code>suphp</code></li>\n<li><code>userdir</code>*</li>\n<li><code>vhost_alias</code></li>\n<li><code>worker</code>*</li>\n<li><code>wsgi</code> (see <a href=\"#class-apachemodwsgi\">apache::mod::wsgi</a> below)</li>\n<li><code>xsendfile</code></li>\n</ul>\n\n<p>Modules noted with a * indicate that the module has settings and, thus, a template that includes parameters. These parameters control the module's configuration. Most of the time, these parameters will not require any configuration or attention.</p>\n\n<p>The modules mentioned above, and other Apache modules that have templates, will cause template files to be dropped along with the mod install, and the module will not work without the template. Any mod without a template will install package but drop no files.</p>\n\n<h4>Class: <code>apache::mod::ssl</code></h4>\n\n<p>Installs Apache SSL capabilities and utilizes <code>ssl.conf.erb</code> template. These are the defaults:</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::mod::ssl':\n ssl_compression => false,\n ssl_options => [ 'StdEnvVars' ],\n }\n</code></pre>\n\n<p>To <em>use</em> SSL with a virtual host, you must either set the<code>default_ssl_vhost</code> parameter in <code>apache</code> to 'true' or set the <code>ssl</code> parameter in <code>apache::vhost</code> to 'true'.</p>\n\n<h4>Class: <code>apache::mod::wsgi</code></h4>\n\n<pre lang=\"puppet\"><code> class { 'apache::mod::wsgi':\n wsgi_socket_prefix => "\\${APACHE_RUN_DIR}WSGI",\n wsgi_python_home => '/path/to/virtenv',\n wsgi_python_path => '/path/to/virtenv/site-packages',\n }\n</code></pre>\n\n<h4>Defined Type: <code>apache::vhost</code></h4>\n\n<p>The Apache module allows a lot of flexibility in the set up and configuration of virtual hosts. This flexibility is due, in part, to <code>vhost</code>'s setup as a defined resource type, which allows it to be evaluated multiple times with different parameters.</p>\n\n<p>The <code>vhost</code> defined type allows you to have specialized configurations for virtual hosts that have requirements outside of the defaults. You can set up a default vhost within the base <code>apache</code> class as well as set a customized vhost setup as default. Your customized vhost (priority 10) will be privileged over the base class vhost (15).</p>\n\n<p>If you have a series of specific configurations and do not want a base <code>apache</code> class default vhost, make sure to set the base class default host to 'false'.</p>\n\n<pre lang=\"puppet\"><code> class { 'apache':\n default_vhost => false,\n }\n</code></pre>\n\n<p><strong>Parameters within <code>apache::vhost</code>:</strong></p>\n\n<p>The default values for each parameter will vary based on operating system and type of virtual host.</p>\n\n<h5><code>access_log</code></h5>\n\n<p>Specifies whether <code>*_access.log</code> directives should be configured. Valid values are 'true' and 'false'. Defaults to 'true'.</p>\n\n<h5><code>access_log_file</code></h5>\n\n<p>Points to the <code>*_access.log</code> file. Defaults to 'undef'.</p>\n\n<h5><code>access_log_pipe</code></h5>\n\n<p>Specifies a pipe to send access log messages to. Defaults to 'undef'.</p>\n\n<h5><code>access_log_syslog</code></h5>\n\n<p>Sends all access log messages to syslog. Defaults to 'undef'.</p>\n\n<h5><code>access_log_format</code></h5>\n\n<p>Specifies either a LogFormat nickname or custom format string for access log. Defaults to 'undef'.</p>\n\n<h5><code>add_listen</code></h5>\n\n<p>Determines whether the vhost creates a listen statement. The default value is 'true'.</p>\n\n<p>Setting <code>add_listen</code> to 'false' stops the vhost from creating a listen statement, and this is important when you combine vhosts that are not passed an <code>ip</code> parameter with vhosts that <em>are</em> passed the <code>ip</code> parameter.</p>\n\n<h5><code>aliases</code></h5>\n\n<p>Passes a list of hashes to the vhost to create <code>Alias</code> or <code>AliasMatch</code> statements as per the <a href=\"http://httpd.apache.org/docs/current/mod/mod_alias.html\"><code>mod_alias</code> documentation</a>. Each hash is expected to be of the form:</p>\n\n<pre><code>aliases => [\n { aliasmatch => '^/image/(.*)\\.jpg$', path => '/files/jpg.images/$1.jpg' }\n { alias => '/image', path => '/ftp/pub/image' },\n],\n</code></pre>\n\n<p>For <code>Alias</code> and <code>AliasMatch</code> to work, each will need a corresponding <code><Directory /path/to/directory></code> or <code><Location /path/to/directory></code> block. The <code>Alias</code> and <code>AliasMatch</code> directives are created in the order specified in the <code>aliases</code> paramter. As described in the <a href=\"http://httpd.apache.org/docs/current/mod/mod_alias.html\"><code>mod_alias</code> documentation</a> more specific <code>Alias</code> or <code>AliasMatch</code> directives should come before the more general ones to avoid shadowing.</p>\n\n<p><strong>Note:</strong> If <code>apache::mod::passenger</code> is loaded and <code>PassengerHighPerformance true</code> is set, then <code>Alias</code> may have issues honouring the <code>PassengerEnabled off</code> statement. See <a href=\"http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html\">this article</a> for details.</p>\n\n<h5><code>block</code></h5>\n\n<p>Specifies the list of things Apache will block access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories. To add to this, please see the <a href=\"#development\">Development</a> section.</p>\n\n<h5><code>custom_fragment</code></h5>\n\n<p>Pass a string of custom configuration directives to be placed at the end of the vhost configuration.</p>\n\n<h5><code>default_vhost</code></h5>\n\n<p>Sets a given <code>apache::vhost</code> as the default to serve requests that do not match any other <code>apache::vhost</code> definitions. The default value is 'false'.</p>\n\n<h5><code>directories</code></h5>\n\n<p>Passes a list of hashes to the vhost to create <code><Directory /path/to/directory>...</Directory></code> directive blocks as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/core.html#directory\">Apache core documentation</a>. The <code>path</code> key is required in these hashes. An optional <code>provider</code> defaults to <code>directory</code>. Usage will typically look like:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', <directive> => <value> },\n { path => '/path/to/another/directory', <directive> => <value> },\n ],\n }\n</code></pre>\n\n<p><em>Note:</em> At least one directory should match <code>docroot</code> parameter, once you start declaring directories <code>apache::vhost</code> assumes that all required <code><Directory></code> blocks will be declared.</p>\n\n<p><em>Note:</em> If not defined a single default <code><Directory></code> block will be created that matches the <code>docroot</code> parameter.</p>\n\n<p><code>provider</code> can be set to any of <code>directory</code>, <code>files</code>, or <code>location</code>. If the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#files\">pathspec starts with a <code>~</code></a>, httpd will interpret this as the equivalent of <code>DirectoryMatch</code>, <code>FilesMatch</code>, or <code>LocationMatch</code>, respectively.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'files.example.net':\n docroot => '/var/www/files',\n directories => [\n { path => '~ (\\.swp|\\.bak|~)$', 'provider' => 'files', 'deny' => 'from all' },\n ],\n }\n</code></pre>\n\n<p>The directives will be embedded within the <code>Directory</code> (<code>Files</code>, or <code>Location</code>) directive block, missing directives should be undefined and not be added, resulting in their default vaules in Apache. Currently this is the list of supported directives:</p>\n\n<h6><code>addhandlers</code></h6>\n\n<p>Sets <code>AddHandler</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_mime.html#addhandler\">Apache Core documentation</a>. Accepts a list of hashes of the form <code>{ handler => 'handler-name', extensions => ['extension']}</code>. Note that <code>extensions</code> is a list of extenstions being handled by the handler.\nAn example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory',\n addhandlers => [ { handler => 'cgi-script', extensions => ['.cgi']} ],\n } ],\n }\n</code></pre>\n\n<h6><code>allow</code></h6>\n\n<p>Sets an <code>Allow</code> directive as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow\">Apache Core documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', allow => 'from example.org' } ],\n }\n</code></pre>\n\n<h6><code>allow_override</code></h6>\n\n<p>Sets the usage of <code>.htaccess</code> files as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride\">Apache core documentation</a>. Should accept in the form of a list or a string. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', allow_override => ['AuthConfig', 'Indexes'] } ],\n }\n</code></pre>\n\n<h6><code>deny</code></h6>\n\n<p>Sets an <code>Deny</code> directive as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny\">Apache Core documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', deny => 'from example.org' } ],\n }\n</code></pre>\n\n<h6><code>error_documents</code></h6>\n\n<p>A list of hashes which can be used to override the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#errordocument\">ErrorDocument</a> settings for this directory. Example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n directories => [ { path => '/srv/www'\n error_documents => [\n { 'error_code' => '503', 'document' => '/service-unavail' },\n ],\n }]\n }\n</code></pre>\n\n<h6><code>headers</code></h6>\n\n<p>Adds lines for <code>Header</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header\">Apache Header documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => {\n path => '/path/to/directory',\n headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',\n },\n }\n</code></pre>\n\n<h6><code>options</code></h6>\n\n<p>Lists the options for the given <code><Directory></code> block</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'] }],\n }\n</code></pre>\n\n<h6><code>index_options</code></h6>\n\n<p>Styles the list</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'], index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'] }],\n }\n</code></pre>\n\n<h6><code>index_order_default</code></h6>\n\n<p>Sets the order of the list </p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', order => 'Allow,Deny', index_order_default => ['Descending', 'Date']}, ],\n }\n</code></pre>\n\n<h6><code>order</code></h6>\n\n<p>Sets the order of processing <code>Allow</code> and <code>Deny</code> statements as per <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order\">Apache core documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', order => 'Allow,Deny' } ],\n }\n</code></pre>\n\n<h6><code>auth_type</code></h6>\n\n<p>Sets the value for <code>AuthType</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#authtype\">Apache AuthType\ndocumentation</a>.</p>\n\n<h6><code>auth_name</code></h6>\n\n<p>Sets the value for <code>AuthName</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#authname\">Apache AuthName\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_algorithm</code></h6>\n\n<p>Sets the value for <code>AuthDigestAlgorithm</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestalgorithm\">Apache\nAuthDigestAlgorithm\ndocumentation</a></p>\n\n<h6><code>auth_digest_domain</code></h6>\n\n<p>Sets the value for <code>AuthDigestDomain</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestdomain\">Apache AuthDigestDomain\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_nonce_lifetime</code></h6>\n\n<p>Sets the value for <code>AuthDigestNonceLifetime</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestnoncelifetime\">Apache\nAuthDigestNonceLifetime\ndocumentation</a></p>\n\n<h6><code>auth_digest_provider</code></h6>\n\n<p>Sets the value for <code>AuthDigestProvider</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestprovider\">Apache AuthDigestProvider\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_qop</code></h6>\n\n<p>Sets the value for <code>AuthDigestQop</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestqop\">Apache AuthDigestQop\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_shmem_size</code></h6>\n\n<p>Sets the value for <code>AuthAuthDigestShmemSize</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestshmemsize\">Apache AuthDigestShmemSize\ndocumentation</a>.</p>\n\n<h6><code>auth_basic_authoritative</code></h6>\n\n<p>Sets the value for <code>AuthBasicAuthoritative</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicauthoritative\">Apache\nAuthBasicAuthoritative\ndocumentation</a>.</p>\n\n<h6><code>auth_basic_fake</code></h6>\n\n<p>Sets the value for <code>AuthBasicFake</code> as per the <a href=\"https://httpd.apache.org/docs/trunk/mod/mod_auth_basic.html#authbasicfake\">Apache AuthBasicFake\ndocumentation</a>.</p>\n\n<h6><code>auth_basic_provider</code></h6>\n\n<p>Sets the value for <code>AuthBasicProvider</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicprovider\">Apache AuthBasicProvider\ndocumentation</a>.</p>\n\n<h6><code>auth_user_file</code></h6>\n\n<p>Sets the value for <code>AuthUserFile</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_authn_file.html#authuserfile\">Apache AuthUserFile\ndocumentation</a>.</p>\n\n<h6><code>auth_require</code></h6>\n\n<p>Sets the value for <code>AuthName</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#require\">Apache Require\ndocumentation</a></p>\n\n<h6><code>passenger_enabled</code></h6>\n\n<p>Sets the value for the <code>PassengerEnabled</code> directory to <code>on</code> or <code>off</code> as per the <a href=\"http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled\">Passenger documentation</a>.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', passenger_enabled => 'off' } ],\n }\n</code></pre>\n\n<p><strong>Note:</strong> This directive requires <code>apache::mod::passenger</code> to be active, Apache may not start with an unrecognised directive without it.</p>\n\n<p><strong>Note:</strong> Be aware that there is an <a href=\"http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html\">issue</a> using the <code>PassengerEnabled</code> directive with the <code>PassengerHighPerformance</code> directive.</p>\n\n<h6><code>ssl_options</code></h6>\n\n<p>String or list of <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions\"><code>SSLOptions</code></a> for the given <code><Directory></code> block. This overrides, or refines the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions\"><code>SSLOptions</code></a> of the parent block (either vhost, or server).</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'secure.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', ssl_options => '+ExportCertData' }\n { path => '/path/to/different/dir', ssl_options => [ '-StdEnvVars', '+ExportCertData'] },\n ],\n }\n</code></pre>\n\n<h6><code>suphp</code></h6>\n\n<p>An array containing two values: User and group for the <a href=\"http://www.suphp.org/DocumentationView.html?file=apache/CONFIG\">suPHP_UserGroup</a> setting.\nThis directive must be used with <code>suphp_engine => on</code> in the vhost declaration. This directive only works in <code><Directory></code> or <code><Location></code>.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'secure.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', suphp => { user => 'myappuser', group => 'myappgroup' }\n ],\n }\n</code></pre>\n\n<h6><code>custom_fragment</code></h6>\n\n<p>Pass a string of custom configuration directives to be placed at the end of the\ndirectory configuration.</p>\n\n<h5><code>directoryindex</code></h5>\n\n<p>Set a DirectoryIndex directive, to set the list of resources to look for, when the client requests an index of the directory by specifying a / at the end of the directory name..</p>\n\n<h5><code>docroot</code></h5>\n\n<p>Provides the DocumentRoot directive, identifying the directory Apache serves files from.</p>\n\n<h5><code>docroot_group</code></h5>\n\n<p>Sets group access to the docroot directory. Defaults to 'root'.</p>\n\n<h5><code>docroot_owner</code></h5>\n\n<p>Sets individual user access to the docroot directory. Defaults to 'root'.</p>\n\n<h5><code>error_log</code></h5>\n\n<p>Specifies whether <code>*_error.log</code> directives should be configured. Defaults to 'true'.</p>\n\n<h5><code>error_log_file</code></h5>\n\n<p>Points to the <code>*_error.log</code> file. Defaults to 'undef'.</p>\n\n<h5><code>error_log_pipe</code></h5>\n\n<p>Specifies a pipe to send error log messages to. Defaults to 'undef'.</p>\n\n<h5><code>error_log_syslog</code></h5>\n\n<p>Sends all error log messages to syslog. Defaults to 'undef'.</p>\n\n<h5><code>error_documents</code></h5>\n\n<p>A list of hashes which can be used to override the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#errordocument\">ErrorDocument</a> settings for this vhost. Defaults to <code>[]</code>. Example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n error_documents => [\n { 'error_code' => '503', 'document' => '/service-unavail' },\n { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' },\n ],\n }\n</code></pre>\n\n<h5><code>ensure</code></h5>\n\n<p>Specifies if the vhost file is present or absent.</p>\n\n<h5><code>fastcgi_server</code></h5>\n\n<p>Specifies the filename as an external FastCGI application. Defaults to 'undef'.</p>\n\n<h5><code>fastcgi_socket</code></h5>\n\n<p>Filename used to communicate with the web server. Defaults to 'undef'.</p>\n\n<h5><code>fastcgi_dir</code></h5>\n\n<p>Directory to enable for FastCGI. Defaults to 'undef'.</p>\n\n<h5><code>additional_includes</code></h5>\n\n<p>Specifies paths to additional static vhost-specific Apache configuration files.\nThis option is useful when you need to implement a unique and/or custom\nconfiguration not supported by this module.</p>\n\n<h5><code>ip</code></h5>\n\n<p>The IP address the vhost listens on. Defaults to 'undef'.</p>\n\n<h5><code>ip_based</code></h5>\n\n<p>Enables an IP-based vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'.</p>\n\n<h5><code>logroot</code></h5>\n\n<p>Specifies the location of the virtual host's logfiles. Defaults to <code>/var/log/<apache log location>/</code>.</p>\n\n<h5><code>log_level</code></h5>\n\n<p>Specifies the verbosity level of the error log. Defaults to <code>warn</code> for the global server configuration and can be overridden on a per-vhost basis using this parameter. Valid value for <code>log_level</code> is one of <code>emerg</code>, <code>alert</code>, <code>crit</code>, <code>error</code>, <code>warn</code>, <code>notice</code>, <code>info</code> or <code>debug</code>.</p>\n\n<h5><code>no_proxy_uris</code></h5>\n\n<p>Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with <code>proxy_dest</code>.</p>\n\n<h5><code>options</code></h5>\n\n<p>Lists the options for the given virtual host</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n options => ['Indexes','FollowSymLinks','MultiViews'],\n }\n</code></pre>\n\n<h5><code>override</code></h5>\n\n<p>Sets the overrides for the given virtual host. Accepts an array of AllowOverride arguments.</p>\n\n<h5><code>port</code></h5>\n\n<p>Sets the port the host is configured on.</p>\n\n<h5><code>priority</code></h5>\n\n<p>Sets the relative load-order for Apache httpd VirtualHost configuration files. Defaults to '25'.</p>\n\n<p>If nothing matches the priority, the first name-based vhost will be used. Likewise, passing a higher priority will cause the alphabetically first name-based vhost to be used if no other names match.</p>\n\n<p><em>Note</em>: You should not need to use this parameter. However, if you do use it, be aware that the <code>default_vhost</code> parameter for <code>apache::vhost</code> passes a priority of '15'.</p>\n\n<h5><code>proxy_dest</code></h5>\n\n<p>Specifies the destination address of a proxypass configuration. Defaults to 'undef'.</p>\n\n<h5><code>proxy_pass</code></h5>\n\n<p>Specifies an array of path => uri for a proxypass configuration. Defaults to 'undef'.</p>\n\n<p>Example:</p>\n\n<pre lang=\"puppet\"><code>$proxy_pass = [\n { 'path' => '/a', 'url' => 'http://backend-a/' },\n { 'path' => '/b', 'url' => 'http://backend-b/' },\n { 'path' => '/c', 'url' => 'http://backend-a/c' }\n]\n\napache::vhost { 'site.name.fdqn':\n …\n proxy_pass => $proxy_pass,\n}\n</code></pre>\n\n<h5><code>rack_base_uris</code></h5>\n\n<p>Specifies the resource identifiers for a rack configuration. The file paths specified will be listed as rack application roots for passenger/rack in the <code>_rack.erb</code> template. Defaults to 'undef'.</p>\n\n<h5><code>redirect_dest</code></h5>\n\n<p>Specifies the address to redirect to. Defaults to 'undef'.</p>\n\n<h5><code>redirect_source</code></h5>\n\n<p>Specifies the source items? that will redirect to the destination specified in <code>redirect_dest</code>. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n redirect_source => ['/images','/downloads'],\n redirect_dest => ['http://img.example.com/','http://downloads.example.com/'],\n }\n</code></pre>\n\n<h5><code>redirect_status</code></h5>\n\n<p>Specifies the status to append to the redirect. Defaults to 'undef'.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n redirect_status => ['temp','permanent'],\n }\n</code></pre>\n\n<h5><code>request_headers</code></h5>\n\n<p>Specifies additional request headers.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n request_headers => [\n 'append MirrorID "mirror 12"',\n 'unset MirrorID',\n ],\n }\n</code></pre>\n\n<h5><code>rewrite_base</code></h5>\n\n<p>Limits the <code>rewrite_rule</code> to the specified base URL. Defaults to 'undef'.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n rewrite_rule => '^index\\.html$ welcome.html',\n rewrite_base => '/blog/',\n }\n</code></pre>\n\n<p>The above example would limit the index.html -> welcome.html rewrite to only something inside of <a href=\"http://example.com/blog/\">http://example.com/blog/</a>.</p>\n\n<h5><code>rewrite_cond</code></h5>\n\n<p>Rewrites a URL via <code>rewrite_rule</code> based on the truth of specified conditions. For example</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n rewrite_cond => '%{HTTP_USER_AGENT} ^MSIE',\n }\n</code></pre>\n\n<p>will rewrite URLs only if the visitor is using IE. Defaults to 'undef'.</p>\n\n<p><em>Note</em>: At the moment, each vhost is limited to a single list of rewrite conditions. In the future, you will be able to specify multiple <code>rewrite_cond</code> and <code>rewrite_rules</code> per vhost, so that different conditions get different rewrites.</p>\n\n<h5><code>rewrite_rule</code></h5>\n\n<p>Creates URL rewrite rules. Defaults to 'undef'. This parameter allows you to specify, for example, that anyone trying to access index.html will be served welcome.html.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n rewrite_rule => '^index\\.html$ welcome.html',\n }\n</code></pre>\n\n<h5><code>scriptalias</code></h5>\n\n<p>Defines a directory of CGI scripts to be aliased to the path '/cgi-bin'</p>\n\n<h5><code>scriptaliases</code></h5>\n\n<p>Passes a list of hashes to the vhost to create <code>ScriptAlias</code> or <code>ScriptAliasMatch</code> statements as per the <a href=\"http://httpd.apache.org/docs/current/mod/mod_alias.html\"><code>mod_alias</code> documentation</a>. Each hash is expected to be of the form:</p>\n\n<pre lang=\"puppet\"><code> scriptaliases => [\n {\n alias => '/myscript',\n path => '/usr/share/myscript',\n },\n {\n aliasmatch => '^/foo(.*)',\n path => '/usr/share/fooscripts$1',\n },\n {\n aliasmatch => '^/bar/(.*)',\n path => '/usr/share/bar/wrapper.sh/$1',\n },\n {\n alias => '/neatscript',\n path => '/usr/share/neatscript',\n },\n ]\n</code></pre>\n\n<p>These directives are created in the order specified. As with <code>Alias</code> and <code>AliasMatch</code> directives the more specific aliases should come before the more general ones to avoid shadowing.</p>\n\n<h5><code>serveradmin</code></h5>\n\n<p>Specifies the email address Apache will display when it renders one of its error pages.</p>\n\n<h5><code>serveraliases</code></h5>\n\n<p>Sets the server aliases of the site.</p>\n\n<h5><code>servername</code></h5>\n\n<p>Sets the primary name of the virtual host.</p>\n\n<h5><code>setenv</code></h5>\n\n<p>Used by HTTPD to set environment variables for vhosts. Defaults to '[]'.</p>\n\n<h5><code>setenvif</code></h5>\n\n<p>Used by HTTPD to conditionally set environment variables for vhosts. Defaults to '[]'.</p>\n\n<h5><code>ssl</code></h5>\n\n<p>Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'.</p>\n\n<h5><code>ssl_ca</code></h5>\n\n<p>Specifies the certificate authority.</p>\n\n<h5><code>ssl_cert</code></h5>\n\n<p>Specifies the SSL certification.</p>\n\n<h5><code>ssl_protocol</code></h5>\n\n<p>Specifies the SSL Protocol (SSLProtocol).</p>\n\n<h5><code>ssl_cipher</code></h5>\n\n<p>Specifies the SSLCipherSuite.</p>\n\n<h5><code>ssl_honorcipherorder</code></h5>\n\n<p>Sets SSLHonorCipherOrder directive, used to prefer the server's cipher preference order</p>\n\n<h5><code>ssl_certs_dir</code></h5>\n\n<p>Specifies the location of the SSL certification directory. Defaults to <code>/etc/ssl/certs</code> on Debian and <code>/etc/pki/tls/certs</code> on RedHat.</p>\n\n<h5><code>ssl_chain</code></h5>\n\n<p>Specifies the SSL chain.</p>\n\n<h5><code>ssl_crl</code></h5>\n\n<p>Specifies the certificate revocation list to use.</p>\n\n<h5><code>ssl_crl_path</code></h5>\n\n<p>Specifies the location of the certificate revocation list.</p>\n\n<h5><code>ssl_key</code></h5>\n\n<p>Specifies the SSL key.</p>\n\n<h5><code>ssl_verify_client</code></h5>\n\n<p>Sets <code>SSLVerifyClient</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyclient\">Apache Core documentation</a>. Defaults to undef.\nAn example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_verify_client => 'optional',\n }\n</code></pre>\n\n<h5><code>ssl_verify_depth</code></h5>\n\n<p>Sets <code>SSLVerifyDepth</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifydepth\">Apache Core documentation</a>. Defaults to undef.\nAn example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_verify_depth => 1,\n }\n</code></pre>\n\n<h5><code>ssl_options</code></h5>\n\n<p>Sets <code>SSLOptions</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions\">Apache Core documentation</a>. This is the global setting for the vhost and can be a string or an array. Defaults to undef. A single string example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_options => '+ExportCertData',\n }\n</code></pre>\n\n<p>An array of strings example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_options => [ '+StrictRequire', '+ExportCertData' ],\n }\n</code></pre>\n\n<h5><code>ssl_proxyengine</code></h5>\n\n<p>Specifies whether to use <code>SSLProxyEngine</code> or not. Defaults to <code>false</code>.</p>\n\n<h5><code>vhost_name</code></h5>\n\n<p>This parameter is for use with name-based virtual hosting. Defaults to '*'.</p>\n\n<h5><code>itk</code></h5>\n\n<p>Hash containing infos to configure itk as per the <a href=\"http://mpm-itk.sesse.net/\">ITK documentation</a>.</p>\n\n<p>Keys could be:</p>\n\n<ul>\n<li>user + group</li>\n<li>assignuseridexpr</li>\n<li>assigngroupidexpr</li>\n<li>maxclientvhost</li>\n<li>nice</li>\n<li>limituidrange (Linux 3.5.0 or newer)</li>\n<li>limitgidrange (Linux 3.5.0 or newer)</li>\n</ul>\n\n<p>Usage will typically look like:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n itk => {\n user => 'someuser',\n group => 'somegroup',\n },\n }\n</code></pre>\n\n<h3>Virtual Host Examples</h3>\n\n<p>The Apache module allows you to set up pretty much any configuration of virtual host you might desire. This section will address some common configurations. Please see the <a href=\"https://github.com/puppetlabs/puppetlabs-apache/tree/master/tests\">Tests section</a> for even more examples.</p>\n\n<p>Configure a vhost with a server administrator</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'third.example.com':\n port => '80',\n docroot => '/var/www/third',\n serveradmin => 'admin@example.com',\n }\n</code></pre>\n\n<hr>\n\n<p>Set up a vhost with aliased servers</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sixth.example.com':\n serveraliases => [\n 'sixth.example.org',\n 'sixth.example.net',\n ],\n port => '80',\n docroot => '/var/www/fifth',\n }\n</code></pre>\n\n<hr>\n\n<p>Configure a vhost with a cgi-bin</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'eleventh.example.com':\n port => '80',\n docroot => '/var/www/eleventh',\n scriptalias => '/usr/lib/cgi-bin',\n }\n</code></pre>\n\n<hr>\n\n<p>Set up a vhost with a rack configuration</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'fifteenth.example.com':\n port => '80',\n docroot => '/var/www/fifteenth',\n rack_base_uris => ['/rackapp1', '/rackapp2'],\n }\n</code></pre>\n\n<hr>\n\n<p>Set up a mix of SSL and non-SSL vhosts at the same domain</p>\n\n<pre lang=\"puppet\"><code> #The non-ssl vhost\n apache::vhost { 'first.example.com non-ssl':\n servername => 'first.example.com',\n port => '80',\n docroot => '/var/www/first',\n }\n\n #The SSL vhost at the same domain\n apache::vhost { 'first.example.com ssl':\n servername => 'first.example.com',\n port => '443',\n docroot => '/var/www/first',\n ssl => true,\n }\n</code></pre>\n\n<hr>\n\n<p>Configure a vhost to redirect non-SSL connections to SSL</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sixteenth.example.com non-ssl':\n servername => 'sixteenth.example.com',\n port => '80',\n docroot => '/var/www/sixteenth',\n redirect_status => 'permanent'\n redirect_dest => 'https://sixteenth.example.com/'\n }\n apache::vhost { 'sixteenth.example.com ssl':\n servername => 'sixteenth.example.com',\n port => '443',\n docroot => '/var/www/sixteenth',\n ssl => true,\n }\n</code></pre>\n\n<hr>\n\n<p>Set up IP-based vhosts on any listen port and have them respond to requests on specific IP addresses. In this example, we will set listening on ports 80 and 81. This is required because the example vhosts are not declared with a port parameter.</p>\n\n<pre lang=\"puppet\"><code> apache::listen { '80': }\n apache::listen { '81': }\n</code></pre>\n\n<p>Then we will set up the IP-based vhosts</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'first.example.com':\n ip => '10.0.0.10',\n docroot => '/var/www/first',\n ip_based => true,\n }\n apache::vhost { 'second.example.com':\n ip => '10.0.0.11',\n docroot => '/var/www/second',\n ip_based => true,\n }\n</code></pre>\n\n<hr>\n\n<p>Configure a mix of name-based and IP-based vhosts. First, we will add two IP-based vhosts on 10.0.0.10, one SSL and one non-SSL</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'The first IP-based vhost, non-ssl':\n servername => 'first.example.com',\n ip => '10.0.0.10',\n port => '80',\n ip_based => true,\n docroot => '/var/www/first',\n }\n apache::vhost { 'The first IP-based vhost, ssl':\n servername => 'first.example.com',\n ip => '10.0.0.10',\n port => '443',\n ip_based => true,\n docroot => '/var/www/first-ssl',\n ssl => true,\n }\n</code></pre>\n\n<p>Then, we will add two name-based vhosts listening on 10.0.0.20</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'second.example.com':\n ip => '10.0.0.20',\n port => '80',\n docroot => '/var/www/second',\n }\n apache::vhost { 'third.example.com':\n ip => '10.0.0.20',\n port => '80',\n docroot => '/var/www/third',\n }\n</code></pre>\n\n<p>If you want to add two name-based vhosts so that they will answer on either 10.0.0.10 or 10.0.0.20, you <strong>MUST</strong> declare <code>add_listen => 'false'</code> to disable the otherwise automatic 'Listen 80', as it will conflict with the preceding IP-based vhosts.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'fourth.example.com':\n port => '80',\n docroot => '/var/www/fourth',\n add_listen => false,\n }\n apache::vhost { 'fifth.example.com':\n port => '80',\n docroot => '/var/www/fifth',\n add_listen => false,\n }\n</code></pre>\n\n<h2>Implementation</h2>\n\n<h3>Classes and Defined Types</h3>\n\n<h4>Class: <code>apache::dev</code></h4>\n\n<p>Installs Apache development libraries</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::dev': }\n</code></pre>\n\n<p>On FreeBSD you're required to define <code>apache::package</code> or <code>apache</code> class before <code>apache::dev</code>.</p>\n\n<h4>Defined Type: <code>apache::listen</code></h4>\n\n<p>Controls which ports Apache binds to for listening based on the title:</p>\n\n<pre lang=\"puppet\"><code> apache::listen { '80': }\n apache::listen { '443': }\n</code></pre>\n\n<p>Declaring this defined type will add all <code>Listen</code> directives to the <code>ports.conf</code> file in the Apache httpd configuration directory. <code>apache::listen</code> titles should always take the form of: <code><port></code>, <code><ipv4>:<port></code>, or <code>[<ipv6>]:<port></code></p>\n\n<p>Apache httpd requires that <code>Listen</code> directives must be added for every port. The <code>apache::vhost</code> defined type will automatically add <code>Listen</code> directives unless the <code>apache::vhost</code> is passed <code>add_listen => false</code>.</p>\n\n<h4>Defined Type: <code>apache::namevirtualhost</code></h4>\n\n<p>Enables named-based hosting of a virtual host</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::namevirtualhost`: }\n</code></pre>\n\n<p>Declaring this defined type will add all <code>NameVirtualHost</code> directives to the <code>ports.conf</code> file in the Apache https configuration directory. <code>apache::namevirtualhost</code> titles should always take the form of: <code>*</code>, <code>*:<port></code>, <code>_default_:<port></code>, <code><ip></code>, or <code><ip>:<port></code>.</p>\n\n<h4>Defined Type: <code>apache::balancermember</code></h4>\n\n<p>Define members of a proxy_balancer set (mod_proxy_balancer). Very useful when using exported resources.</p>\n\n<p>On every app server you can export a balancermember like this:</p>\n\n<pre lang=\"puppet\"><code> @@apache::balancermember { "${::fqdn}-puppet00":\n balancer_cluster => 'puppet00',\n url => "ajp://${::fqdn}:8009"\n options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],\n }\n</code></pre>\n\n<p>And on the proxy itself you create the balancer cluster using the defined type apache::balancer:</p>\n\n<pre lang=\"puppet\"><code> apache::balancer { 'puppet00': }\n</code></pre>\n\n<p>If you need to use ProxySet in the balncer config you can do as so:</p>\n\n<pre lang=\"puppet\"><code> apache::balancer { 'puppet01':\n proxy_set => {'stickysession' => 'JSESSIONID'},\n }\n</code></pre>\n\n<h3>Templates</h3>\n\n<p>The Apache module relies heavily on templates to enable the <code>vhost</code> and <code>apache::mod</code> defined types. These templates are built based on Facter facts around your operating system. Unless explicitly called out, most templates are not meant for configuration.</p>\n\n<h2>Limitations</h2>\n\n<p>This has been tested on Ubuntu Precise, Debian Wheezy, CentOS 5.8, and FreeBSD 9.1.</p>\n\n<h2>Development</h2>\n\n<h3>Overview</h3>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n\n<h3>Running tests</h3>\n\n<p>This project contains tests for both <a href=\"http://rspec-puppet.com/\">rspec-puppet</a> and <a href=\"https://github.com/puppetlabs/rspec-system\">rspec-system</a> to verify functionality. For in-depth information please see their respective documentation.</p>\n\n<p>Quickstart:</p>\n\n<pre><code>gem install bundler\nbundle install\nbundle exec rake spec\nbundle exec rake spec:system\n</code></pre>\n\n<h2>Copyright and License</h2>\n\n<p>Copyright (C) 2012 <a href=\"https://www.puppetlabs.com/\">Puppet Labs</a> Inc</p>\n\n<p>Puppet Labs can be contacted at: <a href=\"mailto:info@puppetlabs.com\">info@puppetlabs.com</a></p>\n\n<p>Licensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at</p>\n\n<p><a href=\"http://www.apache.org/licenses/LICENSE-2.0\">http://www.apache.org/licenses/LICENSE-2.0</a></p>\n\n<p>Unless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.</p>\n</section>",
|
|
1280
|
+
"readme": "<section class=\"markdown\"><h1>apache</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-apache\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-apache.png?branch=main\" alt=\"Build Status\"></a></p>\n\n<h4>Table of Contents</h4>\n\n<ol>\n<li><a href=\"#overview\">Overview - What is the Apache module?</a></li>\n<li><a href=\"#module-description\">Module Description - What does the module do?</a></li>\n<li><a href=\"#setup\">Setup - The basics of getting started with Apache</a>\n\n<ul>\n<li><a href=\"#beginning-with-apache\">Beginning with Apache - Installation</a></li>\n<li><a href=\"#configure-a-virtual-host\">Configure a Virtual Host - Basic options for getting started</a></li>\n</ul></li>\n<li><a href=\"#usage\">Usage - The classes, defined types, and their parameters available for configuration</a>\n\n<ul>\n<li><a href=\"#classes-and-defined-types\">Classes and Defined Types</a>\n\n<ul>\n<li><a href=\"#class-apache\">Class: apache</a></li>\n<li><a href=\"#classes-apachemodname\">Classes: apache::mod::*</a></li>\n<li><a href=\"#defined-type-apachevhost\">Defined Type: apache::vhost</a></li>\n</ul></li>\n<li><a href=\"#virtual-host-examples\">Virtual Host Examples - Demonstrations of some configuration options</a></li>\n</ul></li>\n<li><a href=\"#implementation\">Implementation - An under-the-hood peek at what the module is doing</a>\n\n<ul>\n<li><a href=\"#classes-and-defined-types\">Classes and Defined Types</a></li>\n<li><a href=\"#templates\">Templates</a></li>\n</ul></li>\n<li><a href=\"#limitations\">Limitations - OS compatibility, etc.</a></li>\n<li><a href=\"#development\">Development - Guide for contributing to the module</a></li>\n<li><a href=\"#release-notes\">Release Notes - Notes on the most recent updates to the module</a></li>\n</ol>\n\n<h2>Overview</h2>\n\n<p>The Apache module allows you to set up virtual hosts and manage web services with minimal effort.</p>\n\n<h2>Module Description</h2>\n\n<p>Apache is a widely-used web server, and this module provides a simplified way of creating configurations to manage your infrastructure. This includes the ability to configure and manage a range of different virtual host setups, as well as a streamlined way to install and configure Apache modules.</p>\n\n<h2>Setup</h2>\n\n<p><strong>What Apache affects:</strong></p>\n\n<ul>\n<li>configuration files and directories (created and written to)\n\n<ul>\n<li><strong>NOTE</strong>: Configurations that are <em>not</em> managed by Puppet will be purged.</li>\n</ul></li>\n<li>package/service/configuration files for Apache</li>\n<li>Apache modules</li>\n<li>virtual hosts</li>\n<li>listened-to ports</li>\n<li><code>/etc/make.conf</code> on FreeBSD</li>\n</ul>\n\n<h3>Beginning with Apache</h3>\n\n<p>To install Apache with the default parameters</p>\n\n<pre lang=\"puppet\"><code> class { 'apache': }\n</code></pre>\n\n<p>The defaults are determined by your operating system (e.g. Debian systems have one set of defaults, RedHat systems have another). These defaults will work well in a testing environment, but are not suggested for production. To establish customized parameters</p>\n\n<pre lang=\"puppet\"><code> class { 'apache':\n default_mods => false,\n default_confd_files => false,\n }\n</code></pre>\n\n<h3>Configure a virtual host</h3>\n\n<p>Declaring the <code>apache</code> class will create a default virtual host by setting up a vhost on port 80, listening on all interfaces and serving <code>$apache::docroot</code>.</p>\n\n<pre lang=\"puppet\"><code> class { 'apache': }\n</code></pre>\n\n<p>To configure a very basic, name-based virtual host</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'first.example.com':\n port => '80',\n docroot => '/var/www/first',\n }\n</code></pre>\n\n<p><em>Note:</em> The default priority is 15. If nothing matches this priority, the alphabetically first name-based vhost will be used. This is also true if you pass a higher priority and no names match anything else.</p>\n\n<p>A slightly more complicated example, which moves the docroot owner/group</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'second.example.com':\n port => '80',\n docroot => '/var/www/second',\n docroot_owner => 'third',\n docroot_group => 'third',\n }\n</code></pre>\n\n<p>To set up a virtual host with SSL and default SSL certificates</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'ssl.example.com':\n port => '443',\n docroot => '/var/www/ssl',\n ssl => true,\n }\n</code></pre>\n\n<p>To set up a virtual host with SSL and specific SSL certificates</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'fourth.example.com':\n port => '443',\n docroot => '/var/www/fourth',\n ssl => true,\n ssl_cert => '/etc/ssl/fourth.example.com.cert',\n ssl_key => '/etc/ssl/fourth.example.com.key',\n }\n</code></pre>\n\n<p>To set up a virtual host with IP address different than '*'</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'subdomain.example.com':\n ip => '127.0.0.1',\n port => '80',\n docrout => '/var/www/subdomain',\n }\n</code></pre>\n\n<p>To set up a virtual host with wildcard alias for subdomain mapped to same named directory\n<code>http://examle.com.loc => /var/www/example.com</code></p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'subdomain.loc':\n vhost_name => '*',\n port => '80',\n virtual_docroot' => '/var/www/%-2+',\n docroot => '/var/www',\n serveraliases => ['*.loc',],\n }\n</code></pre>\n\n<p>To set up a virtual host with suPHP</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'suphp.example.com':\n port => '80',\n docroot => '/home/appuser/myphpapp',\n suphp_addhandler => 'x-httpd-php',\n suphp_engine => 'on',\n suphp_configpath => '/etc/php5/apache2',\n directories => { path => '/home/appuser/myphpapp',\n 'suphp' => { user => 'myappuser', group => 'myappgroup' },\n }\n }\n</code></pre>\n\n<p>To set up a virtual host with WSGI</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'wsgi.example.com':\n port => '80',\n docroot => '/var/www/pythonapp',\n wsgi_daemon_process => 'wsgi',\n wsgi_daemon_process_options =>\n { processes => '2', threads => '15', display-name => '%{GROUP}' },\n wsgi_process_group => 'wsgi',\n wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' },\n }\n</code></pre>\n\n<p>Starting 2.2.16, httpd supports <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_dir.html#fallbackresource\">FallbackResource</a> which is a simple replace for common RewriteRules:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'wordpress.example.com':\n port => '80',\n docroot => '/var/www/wordpress',\n fallbackresource => '/index.php',\n }\n</code></pre>\n\n<p>Please note that the <code>disabled</code> argument to FallbackResource is only supported since 2.2.24.</p>\n\n<p>To see a list of all virtual host parameters, <a href=\"#defined-type-apachevhost\">please go here</a>. To see an extensive list of virtual host examples <a href=\"#virtual-host-examples\">please look here</a>.</p>\n\n<h2>Usage</h2>\n\n<h3>Classes and Defined Types</h3>\n\n<p>This module modifies Apache configuration files and directories and will purge any configuration not managed by Puppet. Configuration of Apache should be managed by Puppet, as non-puppet configuration files can cause unexpected failures.</p>\n\n<p>It is possible to temporarily disable full Puppet management by setting the <code>purge_configs</code> parameter within the base <code>apache</code> class to 'false'. This option should only be used as a temporary means of saving and relocating customized configurations.</p>\n\n<h4>Class: <code>apache</code></h4>\n\n<p>The Apache module's primary class, <code>apache</code>, guides the basic setup of Apache on your system.</p>\n\n<p>You may establish a default vhost in this class, the <code>vhost</code> class, or both. You may add additional vhost configurations for specific virtual hosts using a declaration of the <code>vhost</code> type.</p>\n\n<p><strong>Parameters within <code>apache</code>:</strong></p>\n\n<h5><code>default_mods</code></h5>\n\n<p>Sets up Apache with default settings based on your OS. Defaults to 'true', set to 'false' for customized configuration.</p>\n\n<h5><code>default_vhost</code></h5>\n\n<p>Sets up a default virtual host. Defaults to 'true', set to 'false' to set up <a href=\"#configure-a-virtual-host\">customized virtual hosts</a>.</p>\n\n<h5><code>default_confd_files</code></h5>\n\n<p>Generates default set of include-able apache configuration files under <code>${apache::confd_dir}</code> directory. These configuration files correspond to what is usually installed with apache package on given platform.</p>\n\n<h5><code>default_ssl_vhost</code></h5>\n\n<p>Sets up a default SSL virtual host. Defaults to 'false'.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'default-ssl':\n port => 443,\n ssl => true,\n docroot => $docroot,\n scriptalias => $scriptalias,\n serveradmin => $serveradmin,\n access_log_file => "ssl_${access_log_file}",\n }\n</code></pre>\n\n<p>SSL vhosts only respond to HTTPS queries.</p>\n\n<h5><code>default_ssl_cert</code></h5>\n\n<p>The default SSL certification, which is automatically set based on your operating system (<code>/etc/pki/tls/certs/localhost.crt</code> for RedHat, <code>/etc/ssl/certs/ssl-cert-snakeoil.pem</code> for Debian, <code>/usr/local/etc/apache22/server.crt</code> for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_key</code></h5>\n\n<p>The default SSL key, which is automatically set based on your operating system (<code>/etc/pki/tls/private/localhost.key</code> for RedHat, <code>/etc/ssl/private/ssl-cert-snakeoil.key</code> for Debian, <code>/usr/local/etc/apache22/server.key</code> for FreeBSD). This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_chain</code></h5>\n\n<p>The default SSL chain, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_ca</code></h5>\n\n<p>The default certificate authority, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_crl_path</code></h5>\n\n<p>The default certificate revocation list path, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>default_ssl_crl</code></h5>\n\n<p>The default certificate revocation list to use, which is automatically set to 'undef'. This default will work out of the box but must be updated with your specific certificate information before being used in production.</p>\n\n<h5><code>service_name</code></h5>\n\n<p>Name of apache service to run. Defaults to: <code>'httpd'</code> on RedHat, <code>'apache2'</code> on Debian, and <code>'apache22'</code> on FreeBSD.</p>\n\n<h5><code>service_enable</code></h5>\n\n<p>Determines whether the 'httpd' service is enabled when the machine is booted. Defaults to 'true'.</p>\n\n<h5><code>service_ensure</code></h5>\n\n<p>Determines whether the service should be running. Can be set to 'undef' which is useful when you want to let the service be managed by some other application like pacemaker. Defaults to 'running'.</p>\n\n<h5><code>purge_configs</code></h5>\n\n<p>Removes all other apache configs and vhosts, which is automatically set to true. Setting this to false is a stopgap measure to allow the apache module to coexist with existing or otherwise managed configuration. It is recommended that you move your configuration entirely to resources within this module.</p>\n\n<h5><code>serveradmin</code></h5>\n\n<p>Sets the server administrator. Defaults to 'root@localhost'.</p>\n\n<h5><code>servername</code></h5>\n\n<p>Sets the servername. Defaults to fqdn provided by facter.</p>\n\n<h5><code>server_root</code></h5>\n\n<p>A value to be set as <code>ServerRoot</code> in main configuration file (<code>httpd.conf</code>). Defaults to <code>/etc/httpd</code> on RedHat, <code>/etc/apache2</code> on Debian and <code>/usr/local</code> on FreeBSD.</p>\n\n<h5><code>sendfile</code></h5>\n\n<p>Makes Apache use the Linux kernel 'sendfile' to serve static files. Defaults to 'On'.</p>\n\n<h5><code>server_root</code></h5>\n\n<p>A value to be set as <code>ServerRoot</code> in main configuration file (<code>httpd.conf</code>). Defaults to <code>/etc/httpd</code> on RedHat and <code>/etc/apache2</code> on Debian.</p>\n\n<h5><code>error_documents</code></h5>\n\n<p>Enables custom error documents. Defaults to 'false'.</p>\n\n<h5><code>httpd_dir</code></h5>\n\n<p>Changes the base location of the configuration directories used for the service. This is useful for specially repackaged HTTPD builds but may have unintended consequences when used in combination with the default distribution packages. Default is based on your OS.</p>\n\n<h5><code>confd_dir</code></h5>\n\n<p>Changes the location of the configuration directory your custom configuration files are placed in. Default is based on your OS.</p>\n\n<h5><code>vhost_dir</code></h5>\n\n<p>Changes the location of the configuration directory your virtual host configuration files are placed in. Default is based on your OS.</p>\n\n<h5><code>mod_dir</code></h5>\n\n<p>Changes the location of the configuration directory your Apache modules configuration files are placed in. Default is based on your OS.</p>\n\n<h5><code>mpm_module</code></h5>\n\n<p>Configures which mpm module is loaded and configured for the httpd process by the <code>apache::mod::event</code>, <code>apache::mod::itk</code>, <code>apache::mod::peruser</code>, <code>apache::mod::prefork</code> and <code>apache::mod::worker</code> classes. Must be set to <code>false</code> to explicitly declare <code>apache::mod::event</code>, <code>apache::mod::itk</code>, <code>apache::mod::peruser</code>, <code>apache::mod::prefork</code> or <code>apache::mod::worker</code> classes with parameters. All possible values are <code>event</code>, <code>itk</code>, <code>peruser</code>, <code>prefork</code>, <code>worker</code> (valid values depend on agent's OS), or the boolean <code>false</code>. Defaults to <code>prefork</code> on RedHat and FreeBSD and <code>worker</code> on Debian. Note: on FreeBSD switching between different mpm modules is quite difficult (but possible). Before changing <code>$mpm_module</code> one has to deinstall all packages that depend on currently installed <code>apache</code>.</p>\n\n<h5><code>conf_template</code></h5>\n\n<p>Setting this allows you to override the template used for the main apache configuration file. This is a potentially risky thing to do as this module has been built around the concept of a minimal configuration file with most of the configuration coming in the form of conf.d/ entries. Defaults to 'apache/httpd.conf.erb'.</p>\n\n<h5><code>keepalive</code></h5>\n\n<p>Setting this allows you to enable persistent connections.</p>\n\n<h5><code>keepalive_timeout</code></h5>\n\n<p>Amount of time the server will wait for subsequent requests on a persistent connection. Defaults to '15'.</p>\n\n<h5><code>logroot</code></h5>\n\n<p>Changes the location of the directory Apache log files are placed in. Defaut is based on your OS.</p>\n\n<h5><code>log_level</code></h5>\n\n<p>Changes the verbosity level of the error log. Defaults to 'warn'. Valid values are <code>emerg</code>, <code>alert</code>, <code>crit</code>, <code>error</code>, <code>warn</code>, <code>notice</code>, <code>info</code> or <code>debug</code>.</p>\n\n<h5><code>ports_file</code></h5>\n\n<p>Changes the name of the file containing Apache ports configuration. Default is <code>${conf_dir}/ports.conf</code>.</p>\n\n<h5><code>server_tokens</code></h5>\n\n<p>Controls how much information Apache sends to the browser about itself and the operating system. See Apache documentation for 'ServerTokens'. Defaults to 'OS'.</p>\n\n<h5><code>server_signature</code></h5>\n\n<p>Allows the configuration of a trailing footer line under server-generated documents. See Apache documentation for 'ServerSignature'. Defaults to 'On'.</p>\n\n<h5><code>trace_enable</code></h5>\n\n<p>Controls, how TRACE requests per RFC 2616 are handled. See Apache documentation for 'TraceEnable'. Defaults to 'On'.</p>\n\n<h5><code>manage_user</code></h5>\n\n<p>Setting this to false will avoid the user resource to be created by this module. This is useful when you already have a user created in another puppet module and that you want to used it to run apache. Without this, it would result in a duplicate resource error.</p>\n\n<h5><code>manage_group</code></h5>\n\n<p>Setting this to false will avoid the group resource to be created by this module. This is useful when you already have a group created in another puppet module and that you want to used it for apache. Without this, it would result in a duplicate resource error.</p>\n\n<h5><code>package_ensure</code></h5>\n\n<p>Allow control over the package ensure statement. This is useful if you want to make sure apache is always at the latest version or whether it is only installed.</p>\n\n<h4>Class: <code>apache::default_mods</code></h4>\n\n<p>Installs default Apache modules based on what OS you are running</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::default_mods': }\n</code></pre>\n\n<h4>Defined Type: <code>apache::mod</code></h4>\n\n<p>Used to enable arbitrary Apache httpd modules for which there is no specific <code>apache::mod::[name]</code> class. The <code>apache::mod</code> defined type will also install the required packages to enable the module, if any.</p>\n\n<pre lang=\"puppet\"><code> apache::mod { 'rewrite': }\n apache::mod { 'ldap': }\n</code></pre>\n\n<h4>Classes: <code>apache::mod::[name]</code></h4>\n\n<p>There are many <code>apache::mod::[name]</code> classes within this module that can be declared using <code>include</code>:</p>\n\n<ul>\n<li><code>alias</code></li>\n<li><code>auth_basic</code></li>\n<li><code>auth_kerb</code></li>\n<li><code>autoindex</code></li>\n<li><code>cache</code></li>\n<li><code>cgi</code></li>\n<li><code>cgid</code></li>\n<li><code>dav</code></li>\n<li><code>dav_fs</code></li>\n<li><code>dav_svn</code></li>\n<li><code>deflate</code></li>\n<li><code>dev</code></li>\n<li><code>dir</code>*</li>\n<li><code>disk_cache</code></li>\n<li><code>event</code></li>\n<li><code>fastcgi</code></li>\n<li><code>fcgid</code></li>\n<li><code>headers</code></li>\n<li><code>info</code></li>\n<li><code>itk</code></li>\n<li><code>ldap</code></li>\n<li><code>mime</code></li>\n<li><code>mime_magic</code>*</li>\n<li><code>mpm_event</code></li>\n<li><code>negotiation</code></li>\n<li><code>nss</code>*</li>\n<li><code>passenger</code>*</li>\n<li><code>perl</code></li>\n<li><code>peruser</code></li>\n<li><code>php</code> (requires <a href=\"#mpm_module\"><code>mpm_module</code></a> set to <code>prefork</code>)</li>\n<li><code>prefork</code>*</li>\n<li><code>proxy</code>*</li>\n<li><code>proxy_ajp</code></li>\n<li><code>proxy_html</code></li>\n<li><code>proxy_http</code></li>\n<li><code>python</code></li>\n<li><code>reqtimeout</code></li>\n<li><code>rewrite</code></li>\n<li><code>rpaf</code>*</li>\n<li><code>setenvif</code></li>\n<li><code>ssl</code>* (see <a href=\"#class-apachemodssl\">apache::mod::ssl</a> below)</li>\n<li><code>status</code>*</li>\n<li><code>suphp</code></li>\n<li><code>userdir</code>*</li>\n<li><code>vhost_alias</code></li>\n<li><code>worker</code>*</li>\n<li><code>wsgi</code> (see <a href=\"#class-apachemodwsgi\">apache::mod::wsgi</a> below)</li>\n<li><code>xsendfile</code></li>\n</ul>\n\n<p>Modules noted with a * indicate that the module has settings and, thus, a template that includes parameters. These parameters control the module's configuration. Most of the time, these parameters will not require any configuration or attention.</p>\n\n<p>The modules mentioned above, and other Apache modules that have templates, will cause template files to be dropped along with the mod install, and the module will not work without the template. Any mod without a template will install package but drop no files.</p>\n\n<h4>Class: <code>apache::mod::ssl</code></h4>\n\n<p>Installs Apache SSL capabilities and utilizes <code>ssl.conf.erb</code> template. These are the defaults:</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::mod::ssl':\n ssl_compression => false,\n ssl_options => [ 'StdEnvVars' ],\n }\n</code></pre>\n\n<p>To <em>use</em> SSL with a virtual host, you must either set the<code>default_ssl_vhost</code> parameter in <code>apache</code> to 'true' or set the <code>ssl</code> parameter in <code>apache::vhost</code> to 'true'.</p>\n\n<h4>Class: <code>apache::mod::wsgi</code></h4>\n\n<pre lang=\"puppet\"><code> class { 'apache::mod::wsgi':\n wsgi_socket_prefix => "\\${APACHE_RUN_DIR}WSGI",\n wsgi_python_home => '/path/to/virtenv',\n wsgi_python_path => '/path/to/virtenv/site-packages',\n }\n</code></pre>\n\n<h4>Defined Type: <code>apache::vhost</code></h4>\n\n<p>The Apache module allows a lot of flexibility in the set up and configuration of virtual hosts. This flexibility is due, in part, to <code>vhost</code>'s setup as a defined resource type, which allows it to be evaluated multiple times with different parameters.</p>\n\n<p>The <code>vhost</code> defined type allows you to have specialized configurations for virtual hosts that have requirements outside of the defaults. You can set up a default vhost within the base <code>apache</code> class as well as set a customized vhost setup as default. Your customized vhost (priority 10) will be privileged over the base class vhost (15).</p>\n\n<p>If you have a series of specific configurations and do not want a base <code>apache</code> class default vhost, make sure to set the base class default host to 'false'.</p>\n\n<pre lang=\"puppet\"><code> class { 'apache':\n default_vhost => false,\n }\n</code></pre>\n\n<p><strong>Parameters within <code>apache::vhost</code>:</strong></p>\n\n<p>The default values for each parameter will vary based on operating system and type of virtual host.</p>\n\n<h5><code>access_log</code></h5>\n\n<p>Specifies whether <code>*_access.log</code> directives should be configured. Valid values are 'true' and 'false'. Defaults to 'true'.</p>\n\n<h5><code>access_log_file</code></h5>\n\n<p>Points to the <code>*_access.log</code> file. Defaults to 'undef'.</p>\n\n<h5><code>access_log_pipe</code></h5>\n\n<p>Specifies a pipe to send access log messages to. Defaults to 'undef'.</p>\n\n<h5><code>access_log_syslog</code></h5>\n\n<p>Sends all access log messages to syslog. Defaults to 'undef'.</p>\n\n<h5><code>access_log_format</code></h5>\n\n<p>Specifies either a LogFormat nickname or custom format string for access log. Defaults to 'undef'.</p>\n\n<h5><code>add_listen</code></h5>\n\n<p>Determines whether the vhost creates a listen statement. The default value is 'true'.</p>\n\n<p>Setting <code>add_listen</code> to 'false' stops the vhost from creating a listen statement, and this is important when you combine vhosts that are not passed an <code>ip</code> parameter with vhosts that <em>are</em> passed the <code>ip</code> parameter.</p>\n\n<h5><code>aliases</code></h5>\n\n<p>Passes a list of hashes to the vhost to create <code>Alias</code> or <code>AliasMatch</code> statements as per the <a href=\"http://httpd.apache.org/docs/current/mod/mod_alias.html\"><code>mod_alias</code> documentation</a>. Each hash is expected to be of the form:</p>\n\n<pre><code>aliases => [\n { aliasmatch => '^/image/(.*)\\.jpg$', path => '/files/jpg.images/$1.jpg' }\n { alias => '/image', path => '/ftp/pub/image' },\n],\n</code></pre>\n\n<p>For <code>Alias</code> and <code>AliasMatch</code> to work, each will need a corresponding <code><Directory /path/to/directory></code> or <code><Location /path/to/directory></code> block. The <code>Alias</code> and <code>AliasMatch</code> directives are created in the order specified in the <code>aliases</code> paramter. As described in the <a href=\"http://httpd.apache.org/docs/current/mod/mod_alias.html\"><code>mod_alias</code> documentation</a> more specific <code>Alias</code> or <code>AliasMatch</code> directives should come before the more general ones to avoid shadowing.</p>\n\n<p><strong>Note:</strong> If <code>apache::mod::passenger</code> is loaded and <code>PassengerHighPerformance true</code> is set, then <code>Alias</code> may have issues honouring the <code>PassengerEnabled off</code> statement. See <a href=\"http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html\">this article</a> for details.</p>\n\n<h5><code>block</code></h5>\n\n<p>Specifies the list of things Apache will block access to. The default is an empty set, '[]'. Currently, the only option is 'scm', which blocks web access to .svn, .git and .bzr directories. To add to this, please see the <a href=\"#development\">Development</a> section.</p>\n\n<h5><code>custom_fragment</code></h5>\n\n<p>Pass a string of custom configuration directives to be placed at the end of the vhost configuration.</p>\n\n<h5><code>default_vhost</code></h5>\n\n<p>Sets a given <code>apache::vhost</code> as the default to serve requests that do not match any other <code>apache::vhost</code> definitions. The default value is 'false'.</p>\n\n<h5><code>directories</code></h5>\n\n<p>Passes a list of hashes to the vhost to create <code><Directory /path/to/directory>...</Directory></code> directive blocks as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/core.html#directory\">Apache core documentation</a>. The <code>path</code> key is required in these hashes. An optional <code>provider</code> defaults to <code>directory</code>. Usage will typically look like:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', <directive> => <value> },\n { path => '/path/to/another/directory', <directive> => <value> },\n ],\n }\n</code></pre>\n\n<p><em>Note:</em> At least one directory should match <code>docroot</code> parameter, once you start declaring directories <code>apache::vhost</code> assumes that all required <code><Directory></code> blocks will be declared.</p>\n\n<p><em>Note:</em> If not defined a single default <code><Directory></code> block will be created that matches the <code>docroot</code> parameter.</p>\n\n<p><code>provider</code> can be set to any of <code>directory</code>, <code>files</code>, or <code>location</code>. If the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#files\">pathspec starts with a <code>~</code></a>, httpd will interpret this as the equivalent of <code>DirectoryMatch</code>, <code>FilesMatch</code>, or <code>LocationMatch</code>, respectively.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'files.example.net':\n docroot => '/var/www/files',\n directories => [\n { path => '~ (\\.swp|\\.bak|~)$', 'provider' => 'files', 'deny' => 'from all' },\n ],\n }\n</code></pre>\n\n<p>The directives will be embedded within the <code>Directory</code> (<code>Files</code>, or <code>Location</code>) directive block, missing directives should be undefined and not be added, resulting in their default vaules in Apache. Currently this is the list of supported directives:</p>\n\n<h6><code>addhandlers</code></h6>\n\n<p>Sets <code>AddHandler</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_mime.html#addhandler\">Apache Core documentation</a>. Accepts a list of hashes of the form <code>{ handler => 'handler-name', extensions => ['extension']}</code>. Note that <code>extensions</code> is a list of extenstions being handled by the handler.\nAn example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory',\n addhandlers => [ { handler => 'cgi-script', extensions => ['.cgi']} ],\n } ],\n }\n</code></pre>\n\n<h6><code>allow</code></h6>\n\n<p>Sets an <code>Allow</code> directive as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow\">Apache Core documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', allow => 'from example.org' } ],\n }\n</code></pre>\n\n<h6><code>allow_override</code></h6>\n\n<p>Sets the usage of <code>.htaccess</code> files as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride\">Apache core documentation</a>. Should accept in the form of a list or a string. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', allow_override => ['AuthConfig', 'Indexes'] } ],\n }\n</code></pre>\n\n<h6><code>deny</code></h6>\n\n<p>Sets an <code>Deny</code> directive as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny\">Apache Core documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', deny => 'from example.org' } ],\n }\n</code></pre>\n\n<h6><code>error_documents</code></h6>\n\n<p>A list of hashes which can be used to override the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#errordocument\">ErrorDocument</a> settings for this directory. Example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n directories => [ { path => '/srv/www'\n error_documents => [\n { 'error_code' => '503', 'document' => '/service-unavail' },\n ],\n }]\n }\n</code></pre>\n\n<h6><code>headers</code></h6>\n\n<p>Adds lines for <code>Header</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_headers.html#header\">Apache Header documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => {\n path => '/path/to/directory',\n headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',\n },\n }\n</code></pre>\n\n<h6><code>options</code></h6>\n\n<p>Lists the options for the given <code><Directory></code> block</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'] }],\n }\n</code></pre>\n\n<h6><code>index_options</code></h6>\n\n<p>Styles the list</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', options => ['Indexes','FollowSymLinks','MultiViews'], index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'] }],\n }\n</code></pre>\n\n<h6><code>index_order_default</code></h6>\n\n<p>Sets the order of the list </p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', order => 'Allow,Deny', index_order_default => ['Descending', 'Date']}, ],\n }\n</code></pre>\n\n<h6><code>order</code></h6>\n\n<p>Sets the order of processing <code>Allow</code> and <code>Deny</code> statements as per <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order\">Apache core documentation</a>. An example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', order => 'Allow,Deny' } ],\n }\n</code></pre>\n\n<h6><code>auth_type</code></h6>\n\n<p>Sets the value for <code>AuthType</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#authtype\">Apache AuthType\ndocumentation</a>.</p>\n\n<h6><code>auth_name</code></h6>\n\n<p>Sets the value for <code>AuthName</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#authname\">Apache AuthName\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_algorithm</code></h6>\n\n<p>Sets the value for <code>AuthDigestAlgorithm</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestalgorithm\">Apache\nAuthDigestAlgorithm\ndocumentation</a></p>\n\n<h6><code>auth_digest_domain</code></h6>\n\n<p>Sets the value for <code>AuthDigestDomain</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestdomain\">Apache AuthDigestDomain\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_nonce_lifetime</code></h6>\n\n<p>Sets the value for <code>AuthDigestNonceLifetime</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestnoncelifetime\">Apache\nAuthDigestNonceLifetime\ndocumentation</a></p>\n\n<h6><code>auth_digest_provider</code></h6>\n\n<p>Sets the value for <code>AuthDigestProvider</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestprovider\">Apache AuthDigestProvider\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_qop</code></h6>\n\n<p>Sets the value for <code>AuthDigestQop</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestqop\">Apache AuthDigestQop\ndocumentation</a>.</p>\n\n<h6><code>auth_digest_shmem_size</code></h6>\n\n<p>Sets the value for <code>AuthAuthDigestShmemSize</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestshmemsize\">Apache AuthDigestShmemSize\ndocumentation</a>.</p>\n\n<h6><code>auth_basic_authoritative</code></h6>\n\n<p>Sets the value for <code>AuthBasicAuthoritative</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicauthoritative\">Apache\nAuthBasicAuthoritative\ndocumentation</a>.</p>\n\n<h6><code>auth_basic_fake</code></h6>\n\n<p>Sets the value for <code>AuthBasicFake</code> as per the <a href=\"https://httpd.apache.org/docs/trunk/mod/mod_auth_basic.html#authbasicfake\">Apache AuthBasicFake\ndocumentation</a>.</p>\n\n<h6><code>auth_basic_provider</code></h6>\n\n<p>Sets the value for <code>AuthBasicProvider</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicprovider\">Apache AuthBasicProvider\ndocumentation</a>.</p>\n\n<h6><code>auth_user_file</code></h6>\n\n<p>Sets the value for <code>AuthUserFile</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_authn_file.html#authuserfile\">Apache AuthUserFile\ndocumentation</a>.</p>\n\n<h6><code>auth_require</code></h6>\n\n<p>Sets the value for <code>AuthName</code> as per the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#require\">Apache Require\ndocumentation</a></p>\n\n<h6><code>passenger_enabled</code></h6>\n\n<p>Sets the value for the <code>PassengerEnabled</code> directory to <code>on</code> or <code>off</code> as per the <a href=\"http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled\">Passenger documentation</a>.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n directories => [ { path => '/path/to/directory', passenger_enabled => 'off' } ],\n }\n</code></pre>\n\n<p><strong>Note:</strong> This directive requires <code>apache::mod::passenger</code> to be active, Apache may not start with an unrecognised directive without it.</p>\n\n<p><strong>Note:</strong> Be aware that there is an <a href=\"http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html\">issue</a> using the <code>PassengerEnabled</code> directive with the <code>PassengerHighPerformance</code> directive.</p>\n\n<h6><code>ssl_options</code></h6>\n\n<p>String or list of <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions\"><code>SSLOptions</code></a> for the given <code><Directory></code> block. This overrides, or refines the <a href=\"https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions\"><code>SSLOptions</code></a> of the parent block (either vhost, or server).</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'secure.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', ssl_options => '+ExportCertData' }\n { path => '/path/to/different/dir', ssl_options => [ '-StdEnvVars', '+ExportCertData'] },\n ],\n }\n</code></pre>\n\n<h6><code>suphp</code></h6>\n\n<p>An array containing two values: User and group for the <a href=\"http://www.suphp.org/DocumentationView.html?file=apache/CONFIG\">suPHP_UserGroup</a> setting.\nThis directive must be used with <code>suphp_engine => on</code> in the vhost declaration. This directive only works in <code><Directory></code> or <code><Location></code>.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'secure.example.net':\n docroot => '/path/to/directory',\n directories => [\n { path => '/path/to/directory', suphp => { user => 'myappuser', group => 'myappgroup' }\n ],\n }\n</code></pre>\n\n<h6><code>custom_fragment</code></h6>\n\n<p>Pass a string of custom configuration directives to be placed at the end of the\ndirectory configuration.</p>\n\n<h5><code>directoryindex</code></h5>\n\n<p>Set a DirectoryIndex directive, to set the list of resources to look for, when the client requests an index of the directory by specifying a / at the end of the directory name..</p>\n\n<h5><code>docroot</code></h5>\n\n<p>Provides the DocumentRoot directive, identifying the directory Apache serves files from.</p>\n\n<h5><code>docroot_group</code></h5>\n\n<p>Sets group access to the docroot directory. Defaults to 'root'.</p>\n\n<h5><code>docroot_owner</code></h5>\n\n<p>Sets individual user access to the docroot directory. Defaults to 'root'.</p>\n\n<h5><code>error_log</code></h5>\n\n<p>Specifies whether <code>*_error.log</code> directives should be configured. Defaults to 'true'.</p>\n\n<h5><code>error_log_file</code></h5>\n\n<p>Points to the <code>*_error.log</code> file. Defaults to 'undef'.</p>\n\n<h5><code>error_log_pipe</code></h5>\n\n<p>Specifies a pipe to send error log messages to. Defaults to 'undef'.</p>\n\n<h5><code>error_log_syslog</code></h5>\n\n<p>Sends all error log messages to syslog. Defaults to 'undef'.</p>\n\n<h5><code>error_documents</code></h5>\n\n<p>A list of hashes which can be used to override the <a href=\"https://httpd.apache.org/docs/2.2/mod/core.html#errordocument\">ErrorDocument</a> settings for this vhost. Defaults to <code>[]</code>. Example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n error_documents => [\n { 'error_code' => '503', 'document' => '/service-unavail' },\n { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' },\n ],\n }\n</code></pre>\n\n<h5><code>ensure</code></h5>\n\n<p>Specifies if the vhost file is present or absent.</p>\n\n<h5><code>fastcgi_server</code></h5>\n\n<p>Specifies the filename as an external FastCGI application. Defaults to 'undef'.</p>\n\n<h5><code>fastcgi_socket</code></h5>\n\n<p>Filename used to communicate with the web server. Defaults to 'undef'.</p>\n\n<h5><code>fastcgi_dir</code></h5>\n\n<p>Directory to enable for FastCGI. Defaults to 'undef'.</p>\n\n<h5><code>additional_includes</code></h5>\n\n<p>Specifies paths to additional static vhost-specific Apache configuration files.\nThis option is useful when you need to implement a unique and/or custom\nconfiguration not supported by this module.</p>\n\n<h5><code>ip</code></h5>\n\n<p>The IP address the vhost listens on. Defaults to 'undef'.</p>\n\n<h5><code>ip_based</code></h5>\n\n<p>Enables an IP-based vhost. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based vhosts. Defaults to 'false'.</p>\n\n<h5><code>logroot</code></h5>\n\n<p>Specifies the location of the virtual host's logfiles. Defaults to <code>/var/log/<apache log location>/</code>.</p>\n\n<h5><code>log_level</code></h5>\n\n<p>Specifies the verbosity level of the error log. Defaults to <code>warn</code> for the global server configuration and can be overridden on a per-vhost basis using this parameter. Valid value for <code>log_level</code> is one of <code>emerg</code>, <code>alert</code>, <code>crit</code>, <code>error</code>, <code>warn</code>, <code>notice</code>, <code>info</code> or <code>debug</code>.</p>\n\n<h5><code>no_proxy_uris</code></h5>\n\n<p>Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with <code>proxy_dest</code>.</p>\n\n<h5><code>options</code></h5>\n\n<p>Lists the options for the given virtual host</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n options => ['Indexes','FollowSymLinks','MultiViews'],\n }\n</code></pre>\n\n<h5><code>override</code></h5>\n\n<p>Sets the overrides for the given virtual host. Accepts an array of AllowOverride arguments.</p>\n\n<h5><code>port</code></h5>\n\n<p>Sets the port the host is configured on.</p>\n\n<h5><code>priority</code></h5>\n\n<p>Sets the relative load-order for Apache httpd VirtualHost configuration files. Defaults to '25'.</p>\n\n<p>If nothing matches the priority, the first name-based vhost will be used. Likewise, passing a higher priority will cause the alphabetically first name-based vhost to be used if no other names match.</p>\n\n<p><em>Note</em>: You should not need to use this parameter. However, if you do use it, be aware that the <code>default_vhost</code> parameter for <code>apache::vhost</code> passes a priority of '15'.</p>\n\n<h5><code>proxy_dest</code></h5>\n\n<p>Specifies the destination address of a proxypass configuration. Defaults to 'undef'.</p>\n\n<h5><code>proxy_pass</code></h5>\n\n<p>Specifies an array of path => uri for a proxypass configuration. Defaults to 'undef'.</p>\n\n<p>Example:</p>\n\n<pre lang=\"puppet\"><code>$proxy_pass = [\n { 'path' => '/a', 'url' => 'http://backend-a/' },\n { 'path' => '/b', 'url' => 'http://backend-b/' },\n { 'path' => '/c', 'url' => 'http://backend-a/c' }\n]\n\napache::vhost { 'site.name.fdqn':\n …\n proxy_pass => $proxy_pass,\n}\n</code></pre>\n\n<h5><code>rack_base_uris</code></h5>\n\n<p>Specifies the resource identifiers for a rack configuration. The file paths specified will be listed as rack application roots for passenger/rack in the <code>_rack.erb</code> template. Defaults to 'undef'.</p>\n\n<h5><code>redirect_dest</code></h5>\n\n<p>Specifies the address to redirect to. Defaults to 'undef'.</p>\n\n<h5><code>redirect_source</code></h5>\n\n<p>Specifies the source items? that will redirect to the destination specified in <code>redirect_dest</code>. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n redirect_source => ['/images','/downloads'],\n redirect_dest => ['http://img.example.com/','http://downloads.example.com/'],\n }\n</code></pre>\n\n<h5><code>redirect_status</code></h5>\n\n<p>Specifies the status to append to the redirect. Defaults to 'undef'.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n redirect_status => ['temp','permanent'],\n }\n</code></pre>\n\n<h5><code>request_headers</code></h5>\n\n<p>Specifies additional request headers.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n request_headers => [\n 'append MirrorID "mirror 12"',\n 'unset MirrorID',\n ],\n }\n</code></pre>\n\n<h5><code>rewrite_base</code></h5>\n\n<p>Limits the <code>rewrite_rule</code> to the specified base URL. Defaults to 'undef'.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n rewrite_rule => '^index\\.html$ welcome.html',\n rewrite_base => '/blog/',\n }\n</code></pre>\n\n<p>The above example would limit the index.html -> welcome.html rewrite to only something inside of <a href=\"http://example.com/blog/\">http://example.com/blog/</a>.</p>\n\n<h5><code>rewrite_cond</code></h5>\n\n<p>Rewrites a URL via <code>rewrite_rule</code> based on the truth of specified conditions. For example</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n rewrite_cond => '%{HTTP_USER_AGENT} ^MSIE',\n }\n</code></pre>\n\n<p>will rewrite URLs only if the visitor is using IE. Defaults to 'undef'.</p>\n\n<p><em>Note</em>: At the moment, each vhost is limited to a single list of rewrite conditions. In the future, you will be able to specify multiple <code>rewrite_cond</code> and <code>rewrite_rules</code> per vhost, so that different conditions get different rewrites.</p>\n\n<h5><code>rewrite_rule</code></h5>\n\n<p>Creates URL rewrite rules. Defaults to 'undef'. This parameter allows you to specify, for example, that anyone trying to access index.html will be served welcome.html.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'site.name.fdqn':\n …\n rewrite_rule => '^index\\.html$ welcome.html',\n }\n</code></pre>\n\n<h5><code>scriptalias</code></h5>\n\n<p>Defines a directory of CGI scripts to be aliased to the path '/cgi-bin'</p>\n\n<h5><code>scriptaliases</code></h5>\n\n<p>Passes a list of hashes to the vhost to create <code>ScriptAlias</code> or <code>ScriptAliasMatch</code> statements as per the <a href=\"http://httpd.apache.org/docs/current/mod/mod_alias.html\"><code>mod_alias</code> documentation</a>. Each hash is expected to be of the form:</p>\n\n<pre lang=\"puppet\"><code> scriptaliases => [\n {\n alias => '/myscript',\n path => '/usr/share/myscript',\n },\n {\n aliasmatch => '^/foo(.*)',\n path => '/usr/share/fooscripts$1',\n },\n {\n aliasmatch => '^/bar/(.*)',\n path => '/usr/share/bar/wrapper.sh/$1',\n },\n {\n alias => '/neatscript',\n path => '/usr/share/neatscript',\n },\n ]\n</code></pre>\n\n<p>These directives are created in the order specified. As with <code>Alias</code> and <code>AliasMatch</code> directives the more specific aliases should come before the more general ones to avoid shadowing.</p>\n\n<h5><code>serveradmin</code></h5>\n\n<p>Specifies the email address Apache will display when it renders one of its error pages.</p>\n\n<h5><code>serveraliases</code></h5>\n\n<p>Sets the server aliases of the site.</p>\n\n<h5><code>servername</code></h5>\n\n<p>Sets the primary name of the virtual host.</p>\n\n<h5><code>setenv</code></h5>\n\n<p>Used by HTTPD to set environment variables for vhosts. Defaults to '[]'.</p>\n\n<h5><code>setenvif</code></h5>\n\n<p>Used by HTTPD to conditionally set environment variables for vhosts. Defaults to '[]'.</p>\n\n<h5><code>ssl</code></h5>\n\n<p>Enables SSL for the virtual host. SSL vhosts only respond to HTTPS queries. Valid values are 'true' or 'false'.</p>\n\n<h5><code>ssl_ca</code></h5>\n\n<p>Specifies the certificate authority.</p>\n\n<h5><code>ssl_cert</code></h5>\n\n<p>Specifies the SSL certification.</p>\n\n<h5><code>ssl_protocol</code></h5>\n\n<p>Specifies the SSL Protocol (SSLProtocol).</p>\n\n<h5><code>ssl_cipher</code></h5>\n\n<p>Specifies the SSLCipherSuite.</p>\n\n<h5><code>ssl_honorcipherorder</code></h5>\n\n<p>Sets SSLHonorCipherOrder directive, used to prefer the server's cipher preference order</p>\n\n<h5><code>ssl_certs_dir</code></h5>\n\n<p>Specifies the location of the SSL certification directory. Defaults to <code>/etc/ssl/certs</code> on Debian and <code>/etc/pki/tls/certs</code> on RedHat.</p>\n\n<h5><code>ssl_chain</code></h5>\n\n<p>Specifies the SSL chain.</p>\n\n<h5><code>ssl_crl</code></h5>\n\n<p>Specifies the certificate revocation list to use.</p>\n\n<h5><code>ssl_crl_path</code></h5>\n\n<p>Specifies the location of the certificate revocation list.</p>\n\n<h5><code>ssl_key</code></h5>\n\n<p>Specifies the SSL key.</p>\n\n<h5><code>ssl_verify_client</code></h5>\n\n<p>Sets <code>SSLVerifyClient</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyclient\">Apache Core documentation</a>. Defaults to undef.\nAn example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_verify_client => 'optional',\n }\n</code></pre>\n\n<h5><code>ssl_verify_depth</code></h5>\n\n<p>Sets <code>SSLVerifyDepth</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifydepth\">Apache Core documentation</a>. Defaults to undef.\nAn example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_verify_depth => 1,\n }\n</code></pre>\n\n<h5><code>ssl_options</code></h5>\n\n<p>Sets <code>SSLOptions</code> directives as per the <a href=\"http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssloptions\">Apache Core documentation</a>. This is the global setting for the vhost and can be a string or an array. Defaults to undef. A single string example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_options => '+ExportCertData',\n }\n</code></pre>\n\n<p>An array of strings example:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n …\n ssl_options => [ '+StrictRequire', '+ExportCertData' ],\n }\n</code></pre>\n\n<h5><code>ssl_proxyengine</code></h5>\n\n<p>Specifies whether to use <code>SSLProxyEngine</code> or not. Defaults to <code>false</code>.</p>\n\n<h5><code>vhost_name</code></h5>\n\n<p>This parameter is for use with name-based virtual hosting. Defaults to '*'.</p>\n\n<h5><code>itk</code></h5>\n\n<p>Hash containing infos to configure itk as per the <a href=\"http://mpm-itk.sesse.net/\">ITK documentation</a>.</p>\n\n<p>Keys could be:</p>\n\n<ul>\n<li>user + group</li>\n<li>assignuseridexpr</li>\n<li>assigngroupidexpr</li>\n<li>maxclientvhost</li>\n<li>nice</li>\n<li>limituidrange (Linux 3.5.0 or newer)</li>\n<li>limitgidrange (Linux 3.5.0 or newer)</li>\n</ul>\n\n<p>Usage will typically look like:</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sample.example.net':\n docroot => '/path/to/directory',\n itk => {\n user => 'someuser',\n group => 'somegroup',\n },\n }\n</code></pre>\n\n<h3>Virtual Host Examples</h3>\n\n<p>The Apache module allows you to set up pretty much any configuration of virtual host you might desire. This section will address some common configurations. Please see the <a href=\"https://github.com/puppetlabs/puppetlabs-apache/tree/main/tests\">Tests section</a> for even more examples.</p>\n\n<p>Configure a vhost with a server administrator</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'third.example.com':\n port => '80',\n docroot => '/var/www/third',\n serveradmin => 'admin@example.com',\n }\n</code></pre>\n\n<hr>\n\n<p>Set up a vhost with aliased servers</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sixth.example.com':\n serveraliases => [\n 'sixth.example.org',\n 'sixth.example.net',\n ],\n port => '80',\n docroot => '/var/www/fifth',\n }\n</code></pre>\n\n<hr>\n\n<p>Configure a vhost with a cgi-bin</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'eleventh.example.com':\n port => '80',\n docroot => '/var/www/eleventh',\n scriptalias => '/usr/lib/cgi-bin',\n }\n</code></pre>\n\n<hr>\n\n<p>Set up a vhost with a rack configuration</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'fifteenth.example.com':\n port => '80',\n docroot => '/var/www/fifteenth',\n rack_base_uris => ['/rackapp1', '/rackapp2'],\n }\n</code></pre>\n\n<hr>\n\n<p>Set up a mix of SSL and non-SSL vhosts at the same domain</p>\n\n<pre lang=\"puppet\"><code> #The non-ssl vhost\n apache::vhost { 'first.example.com non-ssl':\n servername => 'first.example.com',\n port => '80',\n docroot => '/var/www/first',\n }\n\n #The SSL vhost at the same domain\n apache::vhost { 'first.example.com ssl':\n servername => 'first.example.com',\n port => '443',\n docroot => '/var/www/first',\n ssl => true,\n }\n</code></pre>\n\n<hr>\n\n<p>Configure a vhost to redirect non-SSL connections to SSL</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'sixteenth.example.com non-ssl':\n servername => 'sixteenth.example.com',\n port => '80',\n docroot => '/var/www/sixteenth',\n redirect_status => 'permanent'\n redirect_dest => 'https://sixteenth.example.com/'\n }\n apache::vhost { 'sixteenth.example.com ssl':\n servername => 'sixteenth.example.com',\n port => '443',\n docroot => '/var/www/sixteenth',\n ssl => true,\n }\n</code></pre>\n\n<hr>\n\n<p>Set up IP-based vhosts on any listen port and have them respond to requests on specific IP addresses. In this example, we will set listening on ports 80 and 81. This is required because the example vhosts are not declared with a port parameter.</p>\n\n<pre lang=\"puppet\"><code> apache::listen { '80': }\n apache::listen { '81': }\n</code></pre>\n\n<p>Then we will set up the IP-based vhosts</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'first.example.com':\n ip => '10.0.0.10',\n docroot => '/var/www/first',\n ip_based => true,\n }\n apache::vhost { 'second.example.com':\n ip => '10.0.0.11',\n docroot => '/var/www/second',\n ip_based => true,\n }\n</code></pre>\n\n<hr>\n\n<p>Configure a mix of name-based and IP-based vhosts. First, we will add two IP-based vhosts on 10.0.0.10, one SSL and one non-SSL</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'The first IP-based vhost, non-ssl':\n servername => 'first.example.com',\n ip => '10.0.0.10',\n port => '80',\n ip_based => true,\n docroot => '/var/www/first',\n }\n apache::vhost { 'The first IP-based vhost, ssl':\n servername => 'first.example.com',\n ip => '10.0.0.10',\n port => '443',\n ip_based => true,\n docroot => '/var/www/first-ssl',\n ssl => true,\n }\n</code></pre>\n\n<p>Then, we will add two name-based vhosts listening on 10.0.0.20</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'second.example.com':\n ip => '10.0.0.20',\n port => '80',\n docroot => '/var/www/second',\n }\n apache::vhost { 'third.example.com':\n ip => '10.0.0.20',\n port => '80',\n docroot => '/var/www/third',\n }\n</code></pre>\n\n<p>If you want to add two name-based vhosts so that they will answer on either 10.0.0.10 or 10.0.0.20, you <strong>MUST</strong> declare <code>add_listen => 'false'</code> to disable the otherwise automatic 'Listen 80', as it will conflict with the preceding IP-based vhosts.</p>\n\n<pre lang=\"puppet\"><code> apache::vhost { 'fourth.example.com':\n port => '80',\n docroot => '/var/www/fourth',\n add_listen => false,\n }\n apache::vhost { 'fifth.example.com':\n port => '80',\n docroot => '/var/www/fifth',\n add_listen => false,\n }\n</code></pre>\n\n<h2>Implementation</h2>\n\n<h3>Classes and Defined Types</h3>\n\n<h4>Class: <code>apache::dev</code></h4>\n\n<p>Installs Apache development libraries</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::dev': }\n</code></pre>\n\n<p>On FreeBSD you're required to define <code>apache::package</code> or <code>apache</code> class before <code>apache::dev</code>.</p>\n\n<h4>Defined Type: <code>apache::listen</code></h4>\n\n<p>Controls which ports Apache binds to for listening based on the title:</p>\n\n<pre lang=\"puppet\"><code> apache::listen { '80': }\n apache::listen { '443': }\n</code></pre>\n\n<p>Declaring this defined type will add all <code>Listen</code> directives to the <code>ports.conf</code> file in the Apache httpd configuration directory. <code>apache::listen</code> titles should always take the form of: <code><port></code>, <code><ipv4>:<port></code>, or <code>[<ipv6>]:<port></code></p>\n\n<p>Apache httpd requires that <code>Listen</code> directives must be added for every port. The <code>apache::vhost</code> defined type will automatically add <code>Listen</code> directives unless the <code>apache::vhost</code> is passed <code>add_listen => false</code>.</p>\n\n<h4>Defined Type: <code>apache::namevirtualhost</code></h4>\n\n<p>Enables named-based hosting of a virtual host</p>\n\n<pre lang=\"puppet\"><code> class { 'apache::namevirtualhost`: }\n</code></pre>\n\n<p>Declaring this defined type will add all <code>NameVirtualHost</code> directives to the <code>ports.conf</code> file in the Apache https configuration directory. <code>apache::namevirtualhost</code> titles should always take the form of: <code>*</code>, <code>*:<port></code>, <code>_default_:<port></code>, <code><ip></code>, or <code><ip>:<port></code>.</p>\n\n<h4>Defined Type: <code>apache::balancermember</code></h4>\n\n<p>Define members of a proxy_balancer set (mod_proxy_balancer). Very useful when using exported resources.</p>\n\n<p>On every app server you can export a balancermember like this:</p>\n\n<pre lang=\"puppet\"><code> @@apache::balancermember { "${::fqdn}-puppet00":\n balancer_cluster => 'puppet00',\n url => "ajp://${::fqdn}:8009"\n options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],\n }\n</code></pre>\n\n<p>And on the proxy itself you create the balancer cluster using the defined type apache::balancer:</p>\n\n<pre lang=\"puppet\"><code> apache::balancer { 'puppet00': }\n</code></pre>\n\n<p>If you need to use ProxySet in the balncer config you can do as so:</p>\n\n<pre lang=\"puppet\"><code> apache::balancer { 'puppet01':\n proxy_set => {'stickysession' => 'JSESSIONID'},\n }\n</code></pre>\n\n<h3>Templates</h3>\n\n<p>The Apache module relies heavily on templates to enable the <code>vhost</code> and <code>apache::mod</code> defined types. These templates are built based on Facter facts around your operating system. Unless explicitly called out, most templates are not meant for configuration.</p>\n\n<h2>Limitations</h2>\n\n<p>This has been tested on Ubuntu Precise, Debian Wheezy, CentOS 5.8, and FreeBSD 9.1.</p>\n\n<h2>Development</h2>\n\n<h3>Overview</h3>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n\n<h3>Running tests</h3>\n\n<p>This project contains tests for both <a href=\"http://rspec-puppet.com/\">rspec-puppet</a> and <a href=\"https://github.com/puppetlabs/rspec-system\">rspec-system</a> to verify functionality. For in-depth information please see their respective documentation.</p>\n\n<p>Quickstart:</p>\n\n<pre><code>gem install bundler\nbundle install\nbundle exec rake spec\nbundle exec rake spec:system\n</code></pre>\n\n<h2>Copyright and License</h2>\n\n<p>Copyright (C) 2012 <a href=\"https://www.puppetlabs.com/\">Puppet Labs</a> Inc</p>\n\n<p>Puppet Labs can be contacted at: <a href=\"mailto:info@puppetlabs.com\">info@puppetlabs.com</a></p>\n\n<p>Licensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at</p>\n\n<p><a href=\"http://www.apache.org/licenses/LICENSE-2.0\">http://www.apache.org/licenses/LICENSE-2.0</a></p>\n\n<p>Unless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.</p>\n</section>",
|
|
1281
1281
|
"changelog": "<section class=\"markdown\"><h2>2013-12-05 Release 0.10.0</h2>\n\n<h3>Summary:</h3>\n\n<p>This release adds FreeBSD osfamily support and various other improvements to some mods.</p>\n\n<h3>Features:</h3>\n\n<ul>\n<li>Add suPHP_UserGroup directive to directory context</li>\n<li>Add support for ScriptAliasMatch directives</li>\n<li>Set SSLOptions StdEnvVars in server context</li>\n<li>No implicit <Directory> entry for ScriptAlias path</li>\n<li>Add support for overriding ErrorDocument</li>\n<li>Add support for AliasMatch directives</li>\n<li>Disable default "allow from all" in vhost-directories</li>\n<li>Add WSGIPythonPath as an optional parameter to mod_wsgi. </li>\n<li>Add mod_rpaf support</li>\n<li>Add directives: IndexOptions, IndexOrderDefault</li>\n<li>Add ability to include additional external configurations in vhost</li>\n<li>need to use the provider variable not the provider key value from the directory hash for matches</li>\n<li>Support for FreeBSD and few other features</li>\n<li>Add new params to apache::mod::mime class</li>\n<li>Allow apache::mod to specify module id and path</li>\n<li>added $server_root parameter</li>\n<li>Add Allow and ExtendedStatus support to mod_status</li>\n<li>Expand vhost/_directories.pp directive support</li>\n<li>Add initial support for nss module (no directives in vhost template yet)</li>\n<li>added peruser and event mpms</li>\n<li>added $service_name parameter</li>\n<li>add parameter for TraceEnable</li>\n<li>Make LogLevel configurable for server and vhost</li>\n<li>Add documentation about $ip</li>\n<li>Add ability to pass ip (instead of wildcard) in default vhost files</li>\n</ul>\n\n<h3>Bugfixes:</h3>\n\n<ul>\n<li>Don't listen on port or set NameVirtualHost for non-existent vhost</li>\n<li>only apply Directory defaults when provider is a directory</li>\n<li>Working mod_authnz_ldap support on Debian/Ubuntu</li>\n</ul>\n\n<h2>2013-09-06 Release 0.9.0</h2>\n\n<h3>Summary:</h3>\n\n<p>This release adds more parameters to the base apache class and apache defined\nresource to make the module more flexible. It also adds or enhances SuPHP,\nWSGI, and Passenger mod support, and support for the ITK mpm module.</p>\n\n<h3>Backwards-incompatible Changes:</h3>\n\n<ul>\n<li>Remove many default mods that are not normally needed.</li>\n<li>Remove <code>rewrite_base</code> <code>apache::vhost</code> parameter; did not work anyway.</li>\n<li>Specify dependencies on stdlib >=2.4.0 (this was already the case, but\nmaking explicit)</li>\n<li>Deprecate <code>a2mod</code> in favor of the <code>apache::mod::*</code> classes and <code>apache::mod</code>\ndefined resource.</li>\n</ul>\n\n<h3>Features:</h3>\n\n<ul>\n<li><code>apache</code> class\n\n<ul>\n<li>Add <code>httpd_dir</code> parameter to change the location of the configuration\nfiles.</li>\n<li>Add <code>logroot</code> parameter to change the logroot</li>\n<li>Add <code>ports_file</code> parameter to changes the <code>ports.conf</code> file location</li>\n<li>Add <code>keepalive</code> parameter to enable persistent connections</li>\n<li>Add <code>keepalive_timeout</code> parameter to change the timeout</li>\n<li>Update <code>default_mods</code> to be able to take an array of mods to enable.</li>\n</ul></li>\n<li><code>apache::vhost</code>\n\n<ul>\n<li>Add <code>wsgi_daemon_process</code>, <code>wsgi_daemon_process_options</code>,\n<code>wsgi_process_group</code>, and <code>wsgi_script_aliases</code> parameters for per-vhost\nWSGI configuration.</li>\n<li>Add <code>access_log_syslog</code> parameter to enable syslogging.</li>\n<li>Add <code>error_log_syslog</code> parameter to enable syslogging of errors.</li>\n<li>Add <code>directories</code> hash parameter. Please see README for documentation.</li>\n<li>Add <code>sslproxyengine</code> parameter to enable SSLProxyEngine</li>\n<li>Add <code>suphp_addhandler</code>, <code>suphp_engine</code>, and <code>suphp_configpath</code> for\nconfiguring SuPHP.</li>\n<li>Add <code>custom_fragment</code> parameter to allow for arbitrary apache\nconfiguration injection. (Feature pull requests are prefered over using\nthis, but it is available in a pinch.)</li>\n</ul></li>\n<li>Add <code>apache::mod::suphp</code> class for configuring SuPHP.</li>\n<li>Add <code>apache::mod::itk</code> class for configuring ITK mpm module.</li>\n<li>Update <code>apache::mod::wsgi</code> class for global WSGI configuration with\n<code>wsgi_socket_prefix</code> and <code>wsgi_python_home</code> parameters.</li>\n<li>Add README.passenger.md to document the <code>apache::mod::passenger</code> usage.\nAdded <code>passenger_high_performance</code>, <code>passenger_pool_idle_time</code>,\n<code>passenger_max_requests</code>, <code>passenger_stat_throttle_rate</code>, <code>rack_autodetect</code>,\nand <code>rails_autodetect</code> parameters.</li>\n<li>Separate the httpd service resource into a new <code>apache::service</code> class for\ndependency chaining of <code>Class['apache'] -> <resource> ~>\nClass['apache::service']</code></li>\n<li>Added <code>apache::mod::proxy_balancer</code> class for <code>apache::balancer</code></li>\n</ul>\n\n<h3>Bugfixes:</h3>\n\n<ul>\n<li>Change dependency to puppetlabs-concat</li>\n<li>Fix ruby 1.9 bug for <code>a2mod</code></li>\n<li>Change servername to be <code>$::hostname</code> if there is no <code>$::fqdn</code></li>\n<li>Make <code>/etc/ssl/certs</code> the default ssl certs directory for RedHat non-5.</li>\n<li>Make <code>php</code> the default php package for RedHat non-5.</li>\n<li>Made <code>aliases</code> able to take a single alias hash instead of requiring an\narray.</li>\n</ul>\n\n<h2>2013-07-26 Release 0.8.1</h2>\n\n<h3>Bugfixes:</h3>\n\n<ul>\n<li>Update <code>apache::mpm_module</code> detection for worker/prefork</li>\n<li>Update <code>apache::mod::cgi</code> and <code>apache::mod::cgid</code> detection for\nworker/prefork</li>\n</ul>\n\n<h2>2013-07-16 Release 0.8.0</h2>\n\n<h3>Features:</h3>\n\n<ul>\n<li>Add <code>servername</code> parameter to <code>apache</code> class</li>\n<li>Add <code>proxy_set</code> parameter to <code>apache::balancer</code> define</li>\n</ul>\n\n<h3>Bugfixes:</h3>\n\n<ul>\n<li>Fix ordering for multiple <code>apache::balancer</code> clusters</li>\n<li>Fix symlinking for sites-available on Debian-based OSs</li>\n<li>Fix dependency ordering for recursive confdir management</li>\n<li>Fix <code>apache::mod::*</code> to notify the service on config change</li>\n<li>Documentation updates</li>\n</ul>\n\n<h2>2013-07-09 Release 0.7.0</h2>\n\n<h3>Changes:</h3>\n\n<ul>\n<li>Essentially rewrite the module -- too many to list</li>\n<li><code>apache::vhost</code> has many abilities -- see README.md for details</li>\n<li><code>apache::mod::*</code> classes provide httpd mod-loading capabilities</li>\n<li><code>apache</code> base class is much more configurable</li>\n</ul>\n\n<h3>Bugfixes:</h3>\n\n<ul>\n<li>Many. And many more to come</li>\n</ul>\n\n<h2>2013-03-2 Release 0.6.0</h2>\n\n<ul>\n<li>update travis tests (add more supported versions)</li>\n<li>add access log_parameter</li>\n<li>make purging of vhost dir configurable</li>\n</ul>\n\n<h2>2012-08-24 Release 0.4.0</h2>\n\n<h3>Changes:</h3>\n\n<ul>\n<li><code>include apache</code> is now required when using <code>apache::mod::*</code></li>\n</ul>\n\n<h3>Bugfixes:</h3>\n\n<ul>\n<li>Fix syntax for validate_re</li>\n<li>Fix formatting in vhost template</li>\n<li><p>Fix spec tests such that they pass</p>\n\n<p>2012-05-08 Puppet Labs <a href=\"mailto:info@puppetlabs.com\">info@puppetlabs.com</a> - 0.0.4\ne62e362 Fix broken tests for ssl, vhost, vhost::*\n42c6363 Changes to match style guide and pass puppet-lint without error\n42bc8ba changed name => path for file resources in order to name namevar by it's name\n72e13de One end too much\n0739641 style guide fixes: 'true' <> true, $operatingsystem needs to be $::operatingsystem, etc.\n273f94d fix tests\na35ede5 (#13860) Make a2enmod/a2dismo commands optional\n98d774e (#13860) Autorequire Package['httpd']\n05fcec5 (#13073) Add missing puppet spec tests\n541afda (#6899) Remove virtual a2mod definition\n976cb69 (#13072) Move mod python and wsgi package names to params\n323915a (#13060) Add .gitignore to repo\nfdf40af (#13060) Remove pkg directory from source tree\nfd90015 Add LICENSE file and update the ModuleFile\nd3d0d23 Re-enable local php class\nd7516c7 Make management of firewalls configurable for vhosts\n60f83ba Explicitly lookup scope of apache_name in templates.\nf4d287f (#12581) Add explicit ordering for vdir directory\n88a2ac6 (#11706) puppetlabs-apache depends on puppetlabs-firewall\na776a8b (#11071) Fix to work with latest firewall module\n2b79e8b (#11070) Add support for Scientific Linux\n405b3e9 Fix for a2mod\n57b9048 Commit apache::vhost::redirect Manifest\n8862d01 Commit apache::vhost::proxy Manifest\nd5c1fd0 Commit apache::mod::wsgi Manifest\na825ac7 Commit apache::mod::python Manifest\nb77062f Commit Templates\n9a51b4a Vhost File Declarations\n6cf7312 Defaults for Parameters\n6a5b11a Ensure installed\nf672e46 a2mod fix\n8a56ee9 add pthon support to apache</p></li>\n</ul>\n</section>",
|
|
1282
1282
|
"license": "<section class=\"plaintext\"><pre>Copyright (C) 2012 Puppet Labs Inc\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n</pre></section>",
|
|
1283
1283
|
"created_at": "2013-12-05 15:29:14 -0800",
|
|
@@ -1855,7 +1855,7 @@
|
|
|
1855
1855
|
"file_size": 11866,
|
|
1856
1856
|
"file_md5": "b46fed82226a08b37428769f4fa6e534",
|
|
1857
1857
|
"downloads": 66264,
|
|
1858
|
-
"readme": "<section class=\"markdown\"><h1>What is it?</h1>\n\n<p>A Puppet module that can construct files from fragments.</p>\n\n<p>Please see the comments in the various .pp files for details\nas well as posts on my blog at <a href=\"http://www.devco.net/\">http://www.devco.net/</a></p>\n\n<p>Released under the Apache 2.0 licence</p>\n\n<h2>Usage:</h2>\n\n<p>If you wanted a /etc/motd file that listed all the major modules\non the machine. And that would be maintained automatically even\nif you just remove the include lines for other modules you could\nuse code like below, a sample /etc/motd would be:</p>\n\n<pre>\nPuppet modules on this server:\n\n -- Apache\n -- MySQL\n</pre>\n\n<p>Local sysadmins can also append to the file by just editing /etc/motd.local\ntheir changes will be incorporated into the puppet managed motd.</p>\n\n<pre>\n# class to setup basic motd, include on all nodes\nclass motd {\n $motd = \"/etc/motd\"\n\n concat{$motd:\n owner => root,\n group => root,\n mode => '0644',\n }\n\n concat::fragment{\"motd_header\":\n target => $motd,\n content => \"\\nPuppet modules on this server:\\n\\n\",\n order => 01,\n }\n\n # local users on the machine can append to motd by just creating\n # /etc/motd.local\n concat::fragment{\"motd_local\":\n target => $motd,\n ensure => \"/etc/motd.local\",\n order => 15\n }\n}\n\n# used by other modules to register themselves in the motd\ndefine motd::register($content=\"\", $order=10) {\n if $content == \"\" {\n $body = $name\n } else {\n $body = $content\n }\n\n concat::fragment{\"motd_fragment_$name\":\n target => \"/etc/motd\",\n content => \" -- $body\\n\"\n }\n}\n\n# a sample apache module\nclass apache {\n include apache::install, apache::config, apache::service\n\n motd::register{\"Apache\": }\n}\n</pre>\n\n<p>Detailed documentation of the class options can be found in the\nmanifest files.</p>\n\n<h2>Known Issues:</h2>\n\n<ul>\n<li>Since puppet-concat now relies on a fact for the concat directory,\nyou will need to set up pluginsync = true on the [
|
|
1858
|
+
"readme": "<section class=\"markdown\"><h1>What is it?</h1>\n\n<p>A Puppet module that can construct files from fragments.</p>\n\n<p>Please see the comments in the various .pp files for details\nas well as posts on my blog at <a href=\"http://www.devco.net/\">http://www.devco.net/</a></p>\n\n<p>Released under the Apache 2.0 licence</p>\n\n<h2>Usage:</h2>\n\n<p>If you wanted a /etc/motd file that listed all the major modules\non the machine. And that would be maintained automatically even\nif you just remove the include lines for other modules you could\nuse code like below, a sample /etc/motd would be:</p>\n\n<pre>\nPuppet modules on this server:\n\n -- Apache\n -- MySQL\n</pre>\n\n<p>Local sysadmins can also append to the file by just editing /etc/motd.local\ntheir changes will be incorporated into the puppet managed motd.</p>\n\n<pre>\n# class to setup basic motd, include on all nodes\nclass motd {\n $motd = \"/etc/motd\"\n\n concat{$motd:\n owner => root,\n group => root,\n mode => '0644',\n }\n\n concat::fragment{\"motd_header\":\n target => $motd,\n content => \"\\nPuppet modules on this server:\\n\\n\",\n order => 01,\n }\n\n # local users on the machine can append to motd by just creating\n # /etc/motd.local\n concat::fragment{\"motd_local\":\n target => $motd,\n ensure => \"/etc/motd.local\",\n order => 15\n }\n}\n\n# used by other modules to register themselves in the motd\ndefine motd::register($content=\"\", $order=10) {\n if $content == \"\" {\n $body = $name\n } else {\n $body = $content\n }\n\n concat::fragment{\"motd_fragment_$name\":\n target => \"/etc/motd\",\n content => \" -- $body\\n\"\n }\n}\n\n# a sample apache module\nclass apache {\n include apache::install, apache::config, apache::service\n\n motd::register{\"Apache\": }\n}\n</pre>\n\n<p>Detailed documentation of the class options can be found in the\nmanifest files.</p>\n\n<h2>Known Issues:</h2>\n\n<ul>\n<li>Since puppet-concat now relies on a fact for the concat directory,\nyou will need to set up pluginsync = true on the [main] section of your\nnode's '/etc/puppet/puppet.conf' for at least the first run.\nYou have this issue if puppet fails to run on the client and you have\na message similar to\n"err: Failed to apply catalog: Parameter path failed: File\npaths must be fully qualified, not 'undef' at [...]/concat/manifests/setup.pp:44".</li>\n</ul>\n\n<h2>Contributors:</h2>\n\n<p><strong>Paul Elliot</strong></p>\n\n<ul>\n<li>Provided 0.24.8 support, shell warnings and empty file creation support.</li>\n</ul>\n\n<p><strong>Chad Netzer</strong></p>\n\n<ul>\n<li>Various patches to improve safety of file operations</li>\n<li>Symlink support</li>\n</ul>\n\n<p><strong>David Schmitt</strong></p>\n\n<ul>\n<li>Patch to remove hard coded paths relying on OS path</li>\n<li>Patch to use file{} to copy the resulting file to the final destination. This means Puppet client will show diffs and that hopefully we can change file ownerships now</li>\n</ul>\n\n<p><strong>Peter Meier</strong></p>\n\n<ul>\n<li>Basedir as a fact</li>\n<li>Unprivileged user support</li>\n</ul>\n\n<p><strong>Sharif Nassar</strong></p>\n\n<ul>\n<li>Solaris/Nexenta support</li>\n<li>Better error reporting</li>\n</ul>\n\n<p><strong>Christian G. Warden</strong></p>\n\n<ul>\n<li>Style improvements</li>\n</ul>\n\n<p><strong>Reid Vandewiele</strong></p>\n\n<ul>\n<li>Support non GNU systems by default</li>\n</ul>\n\n<p><strong>Erik Dalén</strong></p>\n\n<ul>\n<li>Style improvements</li>\n</ul>\n\n<p><strong>Gildas Le Nadan</strong></p>\n\n<ul>\n<li>Documentation improvements</li>\n</ul>\n\n<p><strong>Paul Belanger</strong></p>\n\n<ul>\n<li>Testing improvements and Travis support</li>\n</ul>\n\n<p><strong>Branan Purvine-Riley</strong></p>\n\n<ul>\n<li>Support Puppet Module Tool better</li>\n</ul>\n\n<p><strong>Dustin J. Mitchell</strong></p>\n\n<ul>\n<li>Always include setup when using the concat define</li>\n</ul>\n\n<p><strong>Andreas Jaggi</strong></p>\n\n<ul>\n<li>Puppet Lint support</li>\n</ul>\n\n<p><strong>Jan Vansteenkiste</strong></p>\n\n<ul>\n<li>Configurable paths</li>\n</ul>\n\n<h2>Contact:</h2>\n\n<p>puppet-users@ mailing list.</p>\n</section>",
|
|
1859
1859
|
"changelog": "<section class=\"plaintext\"><pre>2013-08-09 1.0.0\n\nSummary:\n\nMany new features and bugfixes in this release, and if you're a heavy concat\nuser you should test carefully before upgrading. The features should all be\nbackwards compatible but only light testing has been done from our side before\nthis release.\n\nFeatures:\n- New parameters in concat:\n - `replace`: specify if concat should replace existing files.\n - `ensure_newline`: controls if fragments should contain a newline at the end.\n- Improved README documentation.\n- Add rspec:system tests (rake spec:system to test concat)\n\nBugfixes\n- Gracefully handle \\n in a fragment resource name.\n- Adding more helpful message for 'pluginsync = true'\n- Allow passing `source` and `content` directly to file resource, rather than\ndefining resource defaults.\n- Added -r flag to read so that filenames with \\ will be read correctly.\n- sort always uses LANG=C.\n- Allow WARNMSG to contain/start with '#'.\n- Replace while-read pattern with for-do in order to support Solaris.\n\nCHANGELOG:\n- 2010/02/19 - initial release\n- 2010/03/12 - add support for 0.24.8 and newer\n - make the location of sort configurable\n - add the ability to add shell comment based warnings to\n top of files\n - add the ablity to create empty files\n- 2010/04/05 - fix parsing of WARN and change code style to match rest\n of the code\n - Better and safer boolean handling for warn and force\n - Don't use hard coded paths in the shell script, set PATH\n top of the script\n - Use file{} to copy the result and make all fragments owned\n by root. This means we can chnage the ownership/group of the\n resulting file at any time.\n - You can specify ensure => "/some/other/file" in concat::fragment\n to include the contents of a symlink into the final file.\n- 2010/04/16 - Add more cleaning of the fragment name - removing / from the $name\n- 2010/05/22 - Improve documentation and show the use of ensure =>\n- 2010/07/14 - Add support for setting the filebucket behavior of files\n- 2010/10/04 - Make the warning message configurable\n- 2010/12/03 - Add flags to make concat work better on Solaris - thanks Jonathan Boyett\n- 2011/02/03 - Make the shell script more portable and add a config option for root group\n- 2011/06/21 - Make base dir root readable only for security\n- 2011/06/23 - Set base directory using a fact instead of hardcoding it\n- 2011/06/23 - Support operating as non privileged user\n- 2011/06/23 - Support dash instead of bash or sh\n- 2011/07/11 - Better solaris support\n- 2011/12/05 - Use fully qualified variables\n- 2011/12/13 - Improve Nexenta support\n- 2012/04/11 - Do not use any GNU specific extensions in the shell script\n- 2012/03/24 - Comply to community style guides\n- 2012/05/23 - Better errors when basedir isnt set\n- 2012/05/31 - Add spec tests\n- 2012/07/11 - Include concat::setup in concat improving UX\n- 2012/08/14 - Puppet Lint improvements\n- 2012/08/30 - The target path can be different from the $name\n- 2012/08/30 - More Puppet Lint cleanup\n- 2012/09/04 - RELEASE 0.2.0\n- 2012/12/12 - Added (file) $replace parameter to concat\n</pre></section>",
|
|
1860
1860
|
"license": "<section class=\"plaintext\"><pre> Copyright 2012 R.I.Pienaar\n\n Licensed under the Apache License, Version 2.0 (the "License");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n\n</pre></section>",
|
|
1861
1861
|
"created_at": "2013-08-14 15:59:00 -0700",
|
|
@@ -2574,8 +2574,8 @@
|
|
|
2574
2574
|
"file_size": 19438,
|
|
2575
2575
|
"file_md5": "b254b09335ffd1ce073965499350e2d2",
|
|
2576
2576
|
"downloads": 9136,
|
|
2577
|
-
"readme": "<section class=\"markdown\"><h1>vcsrepo</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-vcsrepo\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-vcsrepo.png?branch=
|
|
2578
|
-
"changelog": "<section class=\"plaintext\"><pre>2013-11-13 - Version 0.2.0\n\nSummary:\n\nThis release mainly focuses on a number of bugfixes, which should\nsignificantly improve the reliability of Git and SVN. Thanks to\nour many contributors for all of these fixes!\n\nFeatures:\n- Git:\n - Add autorequire for Package['git']\n- HG:\n - Allow user and identity properties.\n- Bzr:\n - "ensure => latest" support.\n- SVN:\n - Added configuration parameter.\n - Add support for
|
|
2577
|
+
"readme": "<section class=\"markdown\"><h1>vcsrepo</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-vcsrepo\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-vcsrepo.png?branch=main\" alt=\"Build Status\"></a></p>\n\n<h2>Purpose</h2>\n\n<p>This provides a single type, <code>vcsrepo</code>.</p>\n\n<p>This type can be used to describe:</p>\n\n<ul>\n<li>A working copy checked out from a (remote or local) source, at an\narbitrary revision</li>\n<li>A "blank" working copy not associated with a source (when it makes\nsense for the VCS being used)</li>\n<li>A "blank" central repository (when the distinction makes sense for the VCS\nbeing used)</li>\n</ul>\n\n<h2>Supported Version Control Systems</h2>\n\n<p>This module supports a wide range of VCS types, each represented by a\nseparate provider.</p>\n\n<p>For information on how to use this module with a specific VCS, see\n<code>README.<VCS>.markdown</code>.</p>\n\n<h2>License</h2>\n\n<p>See LICENSE.</p>\n</section>",
|
|
2578
|
+
"changelog": "<section class=\"plaintext\"><pre>2013-11-13 - Version 0.2.0\n\nSummary:\n\nThis release mainly focuses on a number of bugfixes, which should\nsignificantly improve the reliability of Git and SVN. Thanks to\nour many contributors for all of these fixes!\n\nFeatures:\n- Git:\n - Add autorequire for Package['git']\n- HG:\n - Allow user and identity properties.\n- Bzr:\n - "ensure => latest" support.\n- SVN:\n - Added configuration parameter.\n - Add support for main svn repositories.\n- CVS:\n - Allow for setting the CVS_RSH environment variable.\n\nFixes:\n- Handle Puppet::Util[::Execution].withenv for 2.x and 3.x properly.\n- Change path_empty? to not do full directory listing.\n- Overhaul spec tests to work with rspec2.\n- Git:\n - Improve Git SSH usage documentation.\n - Add ssh session timeouts to prevent network issues from blocking runs.\n - Fix git provider checkout of a remote ref on an existing repo.\n - Allow unlimited submodules (thanks to --recursive).\n - Use git checkout --force instead of short -f everywhere.\n - Update git provider to handle checking out into an existing (empty) dir.\n- SVN:\n - Handle force property. for svn.\n - Adds support for changing upstream repo url.\n - Check that the URL of the WC matches the URL from the manifest.\n - Changed from using "update" to "switch".\n - Handle revision update without source switch.\n - Fix svn provider to look for '^Revision:' instead of '^Last Changed Rev:'.\n- CVS:\n - Documented the "module" attribute.\n</pre></section>",
|
|
2579
2579
|
"license": "<section class=\"plaintext\"><pre>Copyright (C) 2010-2012 Puppet Labs Inc.\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nThis program and entire repository is free software; you can\nredistribute it and/or modify it under the terms of the GNU\nGeneral Public License as published by the Free Software\nFoundation; either version 2 of the License, or any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program; if not, write to the Free Software\nFoundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n</pre></section>",
|
|
2580
2580
|
"created_at": "2013-11-13 10:21:58 -0800",
|
|
2581
2581
|
"updated_at": "2013-11-13 10:21:58 -0800",
|
|
@@ -2770,7 +2770,7 @@
|
|
|
2770
2770
|
"summary": "PuppetDB resource types",
|
|
2771
2771
|
"source": "git://github.com/puppetlabs/puppetlabs-puppetdb.git",
|
|
2772
2772
|
"checksums": {
|
|
2773
|
-
"manifests/
|
|
2773
|
+
"manifests/main/report_processor.pp": "0bcf515ce1547166fb2aaeeea03d2108",
|
|
2774
2774
|
"manifests/init.pp": "cdd9f0d32115802878d06abf920bd9ed",
|
|
2775
2775
|
"manifests/database/postgresql.pp": "d7944858425f6cacb54ae8a46423bbd0",
|
|
2776
2776
|
"lib/puppet/type/puppetdb_conn_validator.rb": "aa4846110f363047a8988f261378ec0e",
|
|
@@ -2778,17 +2778,17 @@
|
|
|
2778
2778
|
"manifests/server/jetty_ini.pp": "4207efbf3ce27c57921368ebe46f3701",
|
|
2779
2779
|
"manifests/params.pp": "abbcec237f977061315f58fb3b4cc763",
|
|
2780
2780
|
"NOTICE": "dd0cc848426aa3648e668269e7a04252",
|
|
2781
|
-
"manifests/
|
|
2781
|
+
"manifests/main/routes.pp": "b3c370dd0e1e18e8db0b30be8aa10056",
|
|
2782
2782
|
"lib/puppet/util/puppetdb_validator.rb": "87dfd3cde4a06f898d88b9fda35c7dce",
|
|
2783
2783
|
"CHANGELOG": "8d3b060589d25d936d06d61b891302da",
|
|
2784
2784
|
"manifests/server/database_ini.pp": "bf8f6a936cdea3ec4c56bf3aefd8a8fa",
|
|
2785
|
-
"manifests/
|
|
2785
|
+
"manifests/main/puppetdb_conf.pp": "a757975b360c74103cfea1417004b61a",
|
|
2786
2786
|
"manifests/server/firewall.pp": "c09a3c3b65e47353d1fcc98514faaead",
|
|
2787
2787
|
"manifests/server.pp": "ddccf98a84a0f4a889375cf7a7963867",
|
|
2788
2788
|
"Modulefile": "d420eeddd4072b84f5dd08880b606136",
|
|
2789
2789
|
"manifests/server/validate_db.pp": "163c5a161b79839c1827cf3ba1f06d2c",
|
|
2790
|
-
"manifests/
|
|
2791
|
-
"manifests/
|
|
2790
|
+
"manifests/main/storeconfigs.pp": "7bb67d0559564a44bfb6740f967a3bc2",
|
|
2791
|
+
"manifests/main/config.pp": "6b4509b30fa1d66a6c37799844907f70",
|
|
2792
2792
|
"lib/puppet/provider/puppetdb_conn_validator/puppet_https.rb": "17c55730cd42c64fe959f12a87a96085",
|
|
2793
2793
|
"lib/puppet/parser/functions/puppetdb_create_subsetting_resource_hash.rb": "61b6f5ebc352e9bff5a914a43a14dc22",
|
|
2794
2794
|
"README.md": "0b168fe59aa1f041c44eb7755bc22112",
|
|
@@ -2827,8 +2827,8 @@
|
|
|
2827
2827
|
"file_size": 24498,
|
|
2828
2828
|
"file_md5": "a65924f70c75ee6d48be49b9f1ee5e03",
|
|
2829
2829
|
"downloads": 6887,
|
|
2830
|
-
"readme": "<section class=\"markdown\"><h1>puppetdb</h1>\n\n<h4>Table of Contents</h4>\n\n<ol>\n<li><a href=\"#overview\">Overview - What is the PuppetDB module?</a></li>\n<li><a href=\"#module-description\">Module Description - What does the module do?</a></li>\n<li><a href=\"#setup\">Setup - The basics of getting started with PuppetDB module</a></li>\n<li><a href=\"#upgrading\">Upgrading - Guide for upgrading from older revisions of this module</a></li>\n<li><a href=\"#usage\">Usage - The classes and parameters available for configuration</a></li>\n<li><a href=\"#implementation\">Implementation - An under-the-hood peek at what the module is doing</a></li>\n<li><a href=\"#limitations\">Limitations - OS compatibility, etc.</a></li>\n<li><a href=\"#development\">Development - Guide for contributing to the module</a></li>\n<li><a href=\"#release-notes\">Release Notes - Notes on the most recent updates to the module</a></li>\n</ol>\n\n<h2>Overview</h2>\n\n<p>By guiding puppetdb setup and configuration with a puppet master, the PuppetDB module provides fast, streamlined access to data on puppetized infrastructure.</p>\n\n<h2>Module Description</h2>\n\n<p>The PuppetDB module provides a quick way to get started using PuppetDB, an open source inventory resource service that manages storage and retrieval of platform-generated data. The module will install PostgreSQL and PuppetDB if you don't have them, as well as set up the connection to puppet master. The module will also provide a dashboard you can use to view the current state of your system.</p>\n\n<p>For more information about PuppetDB <a href=\"http://docs.puppetlabs.com/puppetdb/\">please see the official PuppetDB documentation.</a></p>\n\n<h2>Setup</h2>\n\n<p><strong>What PuppetDB affects:</strong></p>\n\n<ul>\n<li>package/service/configuration files for PuppetDB</li>\n<li>package/service/configuration files for PostgreSQL (optional, but set as default)</li>\n<li>puppet master's runtime (via plugins)</li>\n<li>puppet master's configuration\n\n<ul>\n<li><strong>note</strong>: Using the <code>puppetdb::master::config</code> class will cause your routes.yaml file to be overwritten entirely (see <strong>Usage</strong> below for options and more information )</li>\n</ul></li>\n<li>system firewall (optional)</li>\n<li>listened-to ports</li>\n</ul>\n\n<p><strong>Introductory Questions</strong></p>\n\n<p>To begin using PuppetDB, you’ll have to make a few decisions:</p>\n\n<ul>\n<li>Which database back-end should I use?\n\n<ul>\n<li>PostgreSQL (default) or our embedded database</li>\n<li>Embedded database</li>\n<li><strong>note:</strong> We suggest using the embedded database only for experimental environments rather than production, as it does not scale well and can cause difficulty in migrating to PostgreSQL.</li>\n</ul></li>\n<li>Should I run the database on the same node that I run PuppetDB on?</li>\n<li>Should I run PuppetDB on the same node that I run my master on?</li>\n</ul>\n\n<p>The answers to those questions will be largely dependent on your answers to questions about your Puppet environment:</p>\n\n<ul>\n<li>How many nodes are you managing?</li>\n<li>What kind of hardware are you running on?</li>\n<li>Is your current load approaching the limits of your hardware?</li>\n</ul>\n\n<p>Depending on your answers to all of the questions above, you will likely fall under one of these set-up options:</p>\n\n<ol>\n<li><a href=\"#single-node-setup\">Single Node (Testing and Development)</a></li>\n<li><a href=\"#multiple-node-setup\">Multiple Node (Recommended)</a></li>\n</ol>\n\n<h3>Single Node Setup</h3>\n\n<p>This approach assumes you will use our default database (PostgreSQL) and run everything (PostgreSQL, PuppetDB, puppet master) all on the same node. This setup will be great for a testing or experimental environment. In this case, your manifest will look like:</p>\n\n<pre><code>node puppetmaster {\n # Configure puppetdb and its underlying database\n class { 'puppetdb': }\n # Configure the puppet master to use puppetdb\n class { 'puppetdb::master::config': }\n}\n</code></pre>\n\n<p>You can provide some parameters for these classes if you’d like more control, but that is literally all that it will take to get you up and running with the default configuration.</p>\n\n<h3>Multiple Node Setup</h3>\n\n<p>This approach is for those who prefer not to install PuppetDB on the same node as the puppet master. Your environment will be easier to scale if you are able to dedicate hardware to the individual system components. You may even choose to run the puppetdb server on a different node from the PostgreSQL database that it uses to store its data. So let’s have a look at what a manifest for that scenario might look like:</p>\n\n<p><strong>This is an example of a very basic 3-node setup for PuppetDB.</strong></p>\n\n<p>This node is our puppet master:</p>\n\n<pre><code>node puppet {\n # Here we configure the puppet master to use PuppetDB,\n # and tell it that the hostname is ‘puppetdb’\n class { 'puppetdb::master::config':\n puppetdb_server => 'puppetdb',\n }\n}\n</code></pre>\n\n<p>This node is our postgres server:</p>\n\n<pre><code>node puppetdb-postgres {\n # Here we install and configure postgres and the puppetdb\n # database instance, and tell postgres that it should\n # listen for connections to the hostname ‘puppetdb-postgres’\n class { 'puppetdb::database::postgresql':\n listen_addresses => 'puppetdb-postgres',\n }\n}\n</code></pre>\n\n<p>This node is our main puppetdb server:</p>\n\n<pre><code>node puppetdb {\n # Here we install and configure PuppetDB, and tell it where to\n # find the postgres database.\n class { 'puppetdb::server':\n database_host => 'puppetdb-postgres',\n }\n}\n</code></pre>\n\n<p>This should be all it takes to get a 3-node, distributed installation of PuppetDB up and running. Note that, if you prefer, you could easily move two of these classes to a single node and end up with a 2-node setup instead.</p>\n\n<h3>Beginning with PuppetDB</h3>\n\n<p>Whether you choose a single node development setup or a multi-node setup, a basic setup of PuppetDB will cause: PostgreSQL to install on the node if it’s not already there; PuppetDB postgres database instance and user account to be created; the postgres connection to be validated and, if successful, PuppetDB to be installed and configured; PuppetDB connection to be validated and, if successful, the puppet master config files to be modified to use PuppetDB; and the puppet master to be restarted so that it will pick up the config changes.</p>\n\n<p>If your logging level is set to INFO or finer, you should start seeing PuppetDB-related log messages appear in both your puppet master log and your puppetdb log as subsequent agent runs occur.</p>\n\n<p>If you’d prefer to use PuppetDB’s embedded database rather than PostgreSQL, have a look at the database parameter on the puppetdb class:</p>\n\n<pre><code>class { 'puppetdb':\n database => 'embedded',\n}\n</code></pre>\n\n<p>The embedded database can be useful for testing and very small production environments, but it is not recommended for production environments since it consumes a great deal of memory as your number of nodes increase.</p>\n\n<h3>Cross-node Dependencies</h3>\n\n<p>It is worth noting that there are some cross-node dependencies, which means that the first time you add the module's configurations to your manifests, you may see a few failed puppet runs on the affected nodes.</p>\n\n<p>PuppetDB handles cross-node dependencies by taking a sort of “eventual consistency” approach. There’s nothing that the module can do to control the order in which your nodes check in, but the module can check to verify that the services it depends on are up and running before it makes configuration changes--so that’s what it does.</p>\n\n<p>When your puppet master node checks in, it will validate the connectivity to the puppetdb server before it applies its changes to the puppet master config files. If it can’t connect to puppetdb, then the puppet run will fail and the previous config files will be left intact. This prevents your master from getting into a broken state where all incoming puppet runs fail because the master is configured to use a puppetdb server that doesn’t exist yet. The same strategy is used to handle the dependency between the puppetdb server and the postgres server.</p>\n\n<p>Hence the failed puppet runs. These failures should be limited to 1 failed run on the puppetdb node, and up to 2 failed runs on the puppet master node. After that, all of the dependencies should be satisfied and your puppet runs should start to succeed again.</p>\n\n<p>You can also manually trigger puppet runs on the nodes in the correct order (Postgres, PuppetDB, puppet master), which will avoid any failed runs.</p>\n\n<h2>Upgrading</h2>\n\n<h3>Upgrading from 2.x to version 3.x</h3>\n\n<p>For this release a major dependency has changed. The module <code>pupppetlabs/postgresql</code> must now be version 3.x. Upgrading the module should upgrade the <code>puppetlabs/postgresql</code> module for you, but if another module has a fixed dependency that module will have to be fixed before you can continue.</p>\n\n<p>Some other changes include:</p>\n\n<ul>\n<li>The parameter <code>manage_redhat_firewall</code> for the class <code>puppetdb</code> has now been removed completely in favor of <code>open_postgres_port</code> and <code>open_ssl_listen_port</code>.</li>\n<li>The parameter <code>manage_redhat_firewall</code> for the class <code>puppetdb::database::postgresql</code>, has now been renamed to <code>manage_firewall</code>.</li>\n<li>The parameter <code>manage_redhat_firewall</code> for the class <code>puppetdb::server</code> has now been removed completely in favor of <code>open_listen_port</code> and <code>open_ssl_listen_port</code>.</li>\n<li>The internal class: <code>puppetdb::database::postgresql_db</code> has been removed. If you were using this, it is now defunct.</li>\n<li>The class <code>puppetdb::server::firewall</code> has been marked as private, do not use it directly.</li>\n<li>The class <code>puppetdb::server::jetty_ini</code> and <code>puppetdb::server::database_ini</code> have been marked as private, do not use it directly.</li>\n</ul>\n\n<h3>Upgrading from 1.x to version 2.x</h3>\n\n<p>A major dependency has been changed, so now when you upgrade to 2.0 the dependency <code>cprice404/inifile</code> has been replaced with <code>puppetlabs/inifile</code>. This may interfer with other modules as they may depend on the old <code>cprice404/inifile</code> instead, so upgrading should be done with caution. Check that your other modules use the newer <code>puppetlabs/inifile</code> module as interoperation with the old <code>cprice404/inifile</code> module will no longer be supported by this module.</p>\n\n<p>Depending on how you install your modules, changing the dependency may require manual intervention. Double check your modules contains the newer <code>puppetlabs/inifile</code> after installing this latest module.</p>\n\n<p>Otherwise, all existing parameters from 1.x should still work correctly.</p>\n\n<h2>Usage</h2>\n\n<p>PuppetDB supports a large number of configuration options for both configuring the puppetdb service and connecting that service to the puppet master.</p>\n\n<h3>puppetdb</h3>\n\n<p>The <code>puppetdb</code> class is intended as a high-level abstraction (sort of an 'all-in-one' class) to help simplify the process of getting your puppetdb server up and running. It wraps the slightly-lower-level classes <code>puppetdb::server</code> and <code>puppetdb::database::*</code>, and it'll get you up and running with everything you need (including database setup and management) on the server side. For maximum configurability, you may choose not to use this class. You may prefer to use the <code>puppetdb::server</code> class directly, or manage your puppetdb setup on your own.</p>\n\n<p>You must declare the class to use it:</p>\n\n<pre><code>class { 'puppetdb': }\n</code></pre>\n\n<p><strong>Parameters within <code>puppetdb</code>:</strong></p>\n\n<h4><code>listen_address</code></h4>\n\n<p>The address that the web server should bind to for HTTP requests (defaults to <code>localhost</code>.'0.0.0.0' = all).</p>\n\n<h4><code>listen_port</code></h4>\n\n<p>The port on which the puppetdb web server should accept HTTP requests (defaults to '8080').</p>\n\n<h4><code>open_listen_port</code></h4>\n\n<p>If true, open the http_listen_port on the firewall (defaults to false).</p>\n\n<h4><code>ssl_listen_address</code></h4>\n\n<p>The address that the web server should bind to for HTTPS requests (defaults to <code>$::clientcert</code>). Set to '0.0.0.0' to listen on all addresses.</p>\n\n<h4><code>ssl_listen_port</code></h4>\n\n<p>The port on which the puppetdb web server should accept HTTPS requests (defaults to '8081').</p>\n\n<h4><code>disable_ssl</code></h4>\n\n<p>If true, the puppetdb web server will only serve HTTP and not HTTPS requests (defaults to false).</p>\n\n<h4><code>open_ssl_listen_port</code></h4>\n\n<p>If true, open the ssl_listen_port on the firewall (defaults to true).</p>\n\n<h4><code>database</code></h4>\n\n<p>Which database backend to use; legal values are <code>postgres</code> (default) or <code>embedded</code>. The <code>embedded</code> db can be used for very small installations or for testing, but is not recommended for use in production environments. For more info, see the <a href=\"http://docs.puppetlabs.com/puppetdb/\">puppetdb docs</a>.</p>\n\n<h4><code>database_port</code></h4>\n\n<p>The port that the database server listens on (defaults to <code>5432</code>; ignored for <code>embedded</code> db).</p>\n\n<h4><code>database_username</code></h4>\n\n<p>The name of the database user to connect as (defaults to <code>puppetdb</code>; ignored for <code>embedded</code> db).</p>\n\n<h4><code>database_password</code></h4>\n\n<p>The password for the database user (defaults to <code>puppetdb</code>; ignored for <code>embedded</code> db).</p>\n\n<h4><code>database_name</code></h4>\n\n<p>The name of the database instance to connect to (defaults to <code>puppetdb</code>; ignored for <code>embedded</code> db).</p>\n\n<h4><code>database_ssl</code></h4>\n\n<p>If true, puppetdb will use SSL to connect to the postgres database (defaults to false; ignored for <code>embedded</code> db).\nSetting up proper trust- and keystores has to be managed outside of the puppetdb module.</p>\n\n<h4><code>node_ttl</code></h4>\n\n<p>The length of time a node can go without receiving any new data before it's automatically deactivated. (defaults to '0', which disables auto-deactivation). This option is supported in PuppetDB >= 1.1.0.</p>\n\n<h4><code>node_purge_ttl</code></h4>\n\n<p>The length of time a node can be deactivated before it's deleted from the database. (defaults to '0', which disables purging). This option is supported in PuppetDB >= 1.2.0.</p>\n\n<h4><code>report_ttl</code></h4>\n\n<p>The length of time reports should be stored before being deleted. (defaults to '7d', which is a 7-day period). This option is supported in PuppetDB >= 1.1.0.</p>\n\n<h4><code>gc_interval</code></h4>\n\n<p>This controls how often, in minutes, to compact the database. The compaction process reclaims space and deletes unnecessary rows. If not supplied, the default is every 60 minutes. This option is supported in PuppetDB >= 0.9.</p>\n\n<h4><code>log_slow_statements</code></h4>\n\n<p>This sets the number of seconds before an SQL query is considered "slow." Slow SQL queries are logged as warnings, to assist in debugging and tuning. Note PuppetDB does not interrupt slow queries; it simply reports them after they complete.</p>\n\n<p>The default value is 10 seconds. A value of 0 will disable logging of slow queries. This option is supported in PuppetDB >= 1.1.</p>\n\n<h4><code>conn_max_age</code></h4>\n\n<p>The maximum time (in minutes), for a pooled connection to remain unused before it is closed off.</p>\n\n<p>If not supplied, we default to 60 minutes. This option is supported in PuppetDB >= 1.1.</p>\n\n<h4><code>conn_keep_alive</code></h4>\n\n<p>This sets the time (in minutes), for a connection to remain idle before sending a test query to the DB. This is useful to prevent a DB from timing out connections on its end.</p>\n\n<p>If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.1.</p>\n\n<h4><code>conn_lifetime</code></h4>\n\n<p>The maximum time (in minutes) a pooled connection should remain open. Any connections older than this setting will be closed off. Connections currently in use will not be affected until they are returned to the pool.</p>\n\n<p>If not supplied, we won't terminate connections based on their age alone. This option is supported in PuppetDB >= 1.4.</p>\n\n<h4><code>puppetdb_package</code></h4>\n\n<p>The puppetdb package name in the package manager.</p>\n\n<h4><code>puppetdb_version</code></h4>\n\n<p>The version of the <code>puppetdb</code> package that should be installed. You may specify an explicit version number, 'present', or 'latest' (defaults to 'present').</p>\n\n<h4><code>puppetdb_service</code></h4>\n\n<p>The name of the puppetdb service.</p>\n\n<h4><code>puppetdb_service_status</code></h4>\n\n<p>Sets whether the service should be running or stopped. When set to stopped the service doesn't start on boot either. Valid values are 'true', 'running', 'false', and 'stopped'.</p>\n\n<h4><code>confdir</code></h4>\n\n<p>The puppetdb configuration directory (defaults to <code>/etc/puppetdb/conf.d</code>).</p>\n\n<h4><code>java_args</code></h4>\n\n<p>Java VM options used for overriding default Java VM options specified in PuppetDB package (defaults to <code>{}</code>). See <a href=\"http://docs.puppetlabs.com/puppetdb/1.1/configure.html\">PuppetDB Configuration</a> to get more details about the current defaults.</p>\n\n<p>Example: to set <code>-Xmx512m -Xms256m</code> options use <code>{ '-Xmx' => '512m', '-Xms' => '256m' }</code></p>\n\n<h3>puppetdb:server</h3>\n\n<p>The <code>puppetdb::server</code> class manages the puppetdb server independently of the underlying database that it depends on. It will manage the puppetdb package, service, config files, etc., but will still allow you to manage the database (e.g. postgresql) however you see fit.</p>\n\n<pre><code>class { 'puppetdb::server':\n database_host => 'puppetdb-postgres',\n}\n</code></pre>\n\n<p><strong>Parameters within <code>puppetdb::server</code>:</strong></p>\n\n<p>Uses the same parameters as <code>puppetdb</code>, with one addition:</p>\n\n<h4><code>database_host</code></h4>\n\n<p>The hostname or IP address of the database server (defaults to <code>localhost</code>; ignored for <code>embedded</code> db).</p>\n\n<h3>puppetdb::master::config</h3>\n\n<p>The <code>puppetdb::master::config</code> class directs your puppet master to use PuppetDB, which means that this class should be used on your puppet master node. It’ll verify that it can successfully communicate with your puppetdb server, and then configure your master to use PuppetDB.</p>\n\n<p>Using this class involves allowing the module to manipulate your puppet configuration files; in particular: puppet.conf and routes.yaml. The puppet.conf changes are supplemental and should not affect any of your existing settings, but the routes.yaml file will be overwritten entirely. If you have an existing routes.yaml file, you will want to take care to use the manage_routes parameter of this class to prevent the module from managing that file, and you’ll need to manage it yourself.</p>\n\n<pre><code>class { 'puppetdb::master::config':\n puppetdb_server => 'my.host.name',\n puppetdb_port => 8081,\n}\n</code></pre>\n\n<p><strong>Parameters within <code>puppetdb::master::config</code>:</strong></p>\n\n<h4><code>puppetdb_server</code></h4>\n\n<p>The dns name or ip of the puppetdb server (defaults to the certname of the current node).</p>\n\n<h4><code>puppetdb_port</code></h4>\n\n<p>The port that the puppetdb server is running on (defaults to 8081).</p>\n\n<h4><code>puppetdb_soft_write_failure</code></h4>\n\n<p>Boolean to fail in a soft-manner if PuppetDB is not accessable for command submission (defaults to false).</p>\n\n<h4><code>manage_routes</code></h4>\n\n<p>If true, the module will overwrite the puppet master's routes file to configure it to use PuppetDB (defaults to true).</p>\n\n<h4><code>manage_storeconfigs</code></h4>\n\n<p>If true, the module will manage the puppet master's storeconfig settings (defaults to true).</p>\n\n<h4><code>manage_report_processor</code></h4>\n\n<p>If true, the module will manage the 'reports' field in the puppet.conf file to enable or disable the puppetdb report processor. Defaults to 'false'.</p>\n\n<h4><code>manage_config</code></h4>\n\n<p>If true, the module will store values from puppetdb_server and puppetdb_port parameters in the puppetdb configuration file.\nIf false, an existing puppetdb configuration file will be used to retrieve server and port values.</p>\n\n<h4><code>strict_validation</code></h4>\n\n<p>If true, the module will fail if puppetdb is not reachable, otherwise it will preconfigure puppetdb without checking.</p>\n\n<h4><code>enable_reports</code></h4>\n\n<p>Ignored unless <code>manage_report_processor</code> is <code>true</code>, in which case this setting will determine whether or not the puppetdb report processor is enabled (<code>true</code>) or disabled (<code>false</code>) in the puppet.conf file.</p>\n\n<h4><code>puppet_confdir</code></h4>\n\n<p>Puppet's config directory (defaults to <code>/etc/puppet</code>).</p>\n\n<h4><code>puppet_conf</code></h4>\n\n<p>Puppet's config file (defaults to <code>/etc/puppet/puppet.conf</code>).</p>\n\n<h4><code>puppetdb_version</code></h4>\n\n<p>The version of the <code>puppetdb</code> package that should be installed. You may specify an explicit version number, 'present', or 'latest' (defaults to 'present').</p>\n\n<h4><code>terminus_package</code></h4>\n\n<p>Name of the package to use that represents the PuppetDB terminus code.</p>\n\n<h4><code>puppet_service_name</code></h4>\n\n<p>Name of the service that represents Puppet. You can change this to <code>apache2</code> or <code>httpd</code> depending on your operating system, if you plan on having Puppet run using Apache/Passenger for example.</p>\n\n<h4><code>puppetdb_startup_timeout</code></h4>\n\n<p>The maximum amount of time that the module should wait for PuppetDB to start up. This is most important during the initial install of PuppetDB (defaults to 15 seconds).</p>\n\n<h4><code>restart_puppet</code></h4>\n\n<p>If true, the module will restart the puppet master when PuppetDB configuration files are changed by the module. The default is 'true'. If set to 'false', you must restart the service manually in order to pick up changes to the config files (other than <code>puppet.conf</code>).</p>\n\n<h3>puppetdb::database::postgresql</h3>\n\n<p>The <code>puppetdb::database::postgresql</code> class manages a postgresql server for use by PuppetDB. It can manage the postgresql packages and service, as well as creating and managing the puppetdb database and database user accounts.</p>\n\n<pre><code>class { 'puppetdb::database::postgresql':\n listen_addresses => 'my.postgres.host.name',\n}\n</code></pre>\n\n<h4><code>listen_addresses</code></h4>\n\n<p>The <code>listen_address</code> is a comma-separated list of hostnames or IP addresses on which the postgres server should listen for incoming connections. This defaults to <code>localhost</code>. This parameter maps directly to postgresql's <code>listen_addresses</code> config option; use a <code>*</code> to allow connections on any accessible address.</p>\n\n<h4><code>manage_firewall</code></h4>\n\n<p>If set to <code>true</code> this will enable open the local firewall for PostgreSQL protocol access. Defaults to <code>false</code>.</p>\n\n<h4><code>database_name</code></h4>\n\n<p>Sets the name of the database. Defaults to <code>puppetdb</code>.</p>\n\n<h4><code>database_username</code></h4>\n\n<p>Creates a user for access the database. Defaults to <code>puppetdb</code>.</p>\n\n<h4><code>database_password</code></h4>\n\n<p>Sets the password for the database user above. Defaults to <code>puppetdb</code>.</p>\n\n<h2>Implementation</h2>\n\n<h3>Resource overview</h3>\n\n<p>In addition to the classes and variables mentioned above, PuppetDB includes:</p>\n\n<p><strong>puppetdb::master::routes</strong></p>\n\n<p>Configures the puppet master to use PuppetDB as the facts terminus. <em>WARNING</em>: the current implementation simply overwrites your routes.yaml file; if you have an existing routes.yaml file that you are using for other purposes, you should <em>not</em> use this.</p>\n\n<pre><code>class { 'puppetdb::master::routes':\n puppet_confdir => '/etc/puppet'\n}\n</code></pre>\n\n<p><strong>puppetdb::master::storeconfigs</strong></p>\n\n<p>Configures the puppet master to enable storeconfigs and to use PuppetDB as the storeconfigs backend.</p>\n\n<pre><code>class { 'puppetdb::master::storeconfigs':\n puppet_conf => '/etc/puppet/puppet.conf'\n}\n</code></pre>\n\n<p><strong>puppetdb::server::validate_db</strong></p>\n\n<p>Validates that a successful database connection can be established between the node on which this resource is run and the specified puppetdb database instance (host/port/user/password/database name).</p>\n\n<pre><code>puppetdb::server::validate_db { 'validate my puppetdb database connection':\n database_host => 'my.postgres.host',\n database_username => 'mydbuser',\n database_password => 'mydbpassword',\n database_name => 'mydbname',\n}\n</code></pre>\n\n<h3>Custom Types</h3>\n\n<p><strong>puppetdb_conn_validator</strong></p>\n\n<p>Verifies that a connection can be successfully established between a node and the puppetdb server. Its primary use is as a precondition to prevent configuration changes from being applied if the puppetdb server cannot be reached, but it could potentially be used for other purposes such as monitoring.</p>\n\n<h2>Limitations</h2>\n\n<p>Currently, PuppetDB is compatible with:</p>\n\n<pre><code>Puppet Version: 2.7+\n</code></pre>\n\n<p>Platforms:</p>\n\n<ul>\n<li>RHEL6</li>\n<li>Debian6</li>\n<li>Ubuntu 10.04</li>\n<li>Archlinux</li>\n</ul>\n\n<h2>Development</h2>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n</section>",
|
|
2831
|
-
"changelog": "<section class=\"plaintext\"><pre>## puppetlabs-puppetdb changelog\n\nRelease notes for the puppetlabs-puppetdb module.\n\n------------------------------------------\n\n#### 3.0.0 - 2013/10/27\n\nThis major release changes the main dependency for the postgresql module from\nversion 2.5.x to 3.x. Since the postgresql module is not backwards compatible,\nthis release is also not backwards compatible. As a consequence we have taken\nsome steps to deprecate some of the older functionality:\n\n* The parameter manage_redhat_firewall for the class puppetdb has now been removed completely in favor of open_postgres_port and open_ssl_listen_port.\n* The parameter manage_redhat_firewall for the class puppetdb::database::postgresql, has now been renamed to manage_firewall.\n* The parameter manage_redhat_firewall for the class puppetdb::server has now been removed completely in favor of open_listen_port and open_ssl_listen_port.\n* The internal class: puppetdb::database::postgresql_db has been removed. If you were using this, it is now defunct.\n* The class puppetdb::server::firewall has been marked as private, do not use it directly.\n* The class puppetdb::server::jetty_ini and puppetdb::server::database_ini have been marked as private, do not use it directly.\n\nAll of this is documented in the upgrade portion of the README.\n\nAdditionally some features have been included in this release as well:\n\n* soft_write_failure can now be enabled in your puppetdb.conf with this\n module to handle failing silently when your PuppetDB is not available\n during writes.\n* There is a new switch to enable SSL connectivity to PostgreSQL. While this\n functionality is only in its infancy this is a good start.\n\nDetailed Changes:\n\n* FM-103: Add metadata.json to all modules. (Ashley Penney)\n* Add soft_write_failure to puppetdb.conf (Garrett Honeycutt)\n* Add switch to configure database SSL connection (Stefan Dietrich)\n* (GH-91) Update to use rspec-system-puppet 2.x (Ken Barber)\n* (GH-93) Switch to using puppetlabs-postgresql 3.x (Ken Barber)\n* Fix copyright and project notice (Ken Barber)\n* Adjust memory for PuppetDB tests to avoid OOM killer (Ken Barber)\n* Ensure ntpdate executes early during testing (Ken Barber)\n\n------------------------------------------\n\n#### 2.0.0 - 2013/10/04\n\nThis major release changes the main dependency for the inifile module from\nthe deprecated `cprice404/inifile` to `puppetlabs/inifile` to remove\ndeprecation warnings and to move onto the latest and greatest implementation\nof that code.\n\nIts a major release, because it may affect other dependencies since modules\ncannot have overlapping second part dependencies (that is inifile cannot be from\ntwo different locations).\n\nIt also adds the parameter `puppetdb_service_status` to the class `puppetdb` to\nallow users to specify whether the module manages the puppetdb service for you.\n\nThe `database_password` parameter is now optional, and initial Arch Linux\nsupport has been added.\n\nDetailed Changes:\n\n* (GH-73) Switch to puppetlabs/inifile from cprice/inifile (Ken Barber)\n* Make database_password an optional parameter (Nick Lewis)\n* add archlinux support (Niels Abspoel)\n* Added puppetdb service control (Akos Hencz)\n\n------------------------------------------\n\n#### 1.6.0 - 2013/08/07\n\nThis minor feature release provides extra parameters for new configuration\nitems available in PuppetDB 1.4, and also provides some older parameters\nthat were missed previously:\n\n* gc_interval\n* log_slow_statements\n* conn_max_age\n* conn_keep_alive\n* conn_lifetime\n\nConsult the README.md file, or the PuppetDB documentation for more details.\n\n------------------------------------------\n\n#### 1.5.0 - 2013/07/18\n\nThis minor feature release provides the following new functionality:\n\n* The module is now capable of managing PuppetDB on SUSE systems\n for which PuppetDB packages are available\n* The ruby code for validating the PuppetDB connection now\n supports validating on a non-SSL HTTP port.\n\n------------------------------------------\n\n#### 1.4.0 - 2013/05/13\n\nThis feature release provides support for managing the puppetdb report\nprocessor on your master.\n\nTo enable the report processor, you can do something like this:\n\n class { 'puppetdb::master::config':\n manage_report_processor => true,\n enable_reports => true\n }\n\nThis will add the 'puppetdb' report processor to the list of `reports`\ninside your master's `puppet.conf` file.\n\n------------------------------------------\n\n#### 1.3.0 - 2013/05/13\n\nThis feature release provides us with a few new features for the PuppetDB\nmodule.\n\nYou can now disable SSL when using the `puppetdb` class by using the new\nparameter `disable_ssl`:\n\n class { 'puppetdb':\n disable_ssl => true,\n }\n\nThis will remove the SSL settings from your `jetty.ini` configuration file\ndisabling any SSL communication. This is useful when you want to offload SSL\nto another web server, such as Apache or Nginx.\n\nWe have now added an option `java_args` for passing in Java options to\nPuppetDB. The format is a hash that is passed in when declaring the use of the\n`puppetdb` class:\n\n class { 'puppetdb':\n java_args => {\n '-Xmx' => '512m',\n '-Xms' => '256m',\n }\n }\n\nAlso, the default `report-ttl` was set to `14d` in PuppetDB to align it with an\nupcoming PE release, so we've also reflected that default here now.\n\nAnd finally we've fixed the issue whereby the options `report_ttl`, `node_ttl`,\n`node_purge_ttl` and `gc_interval` were not making the correct changes. On top\nof that you can now set these values to zero in the module, and the correct\ntime modifier (`s`, `m`, `h` etc.) will automatically get applied for you.\n\nBehind the scenes we've also added system and unit testing, which was\npreviously non-existent. This should help us reduce regression going forward.\n\nThanks to all the contributing developers in the list below that made this\nrelease possible :-).\n\n#### Changes\n\n* Allows for 0 _ttl's without time signifier and enables tests (Garrett Honeycutt)\n* Add option to disable SSL in Jetty, including tests and documentation (Christian Berg)\n* Cleaned up ghoneycutt's code a tad (Ken Barber)\n* the new settings report_ttl, node_ttl and node_purge_ttl were added but they are not working, this fixes it (fsalum)\n* Also fix gc_interval (Ken Barber)\n* Support for remote puppetdb (Filip Hrbek)\n* Added support for Java VM options (Karel Brezina)\n* Add initial rspec-system tests and scaffolding (Ken Barber)\n\n------------------------------------------\n\n#### 1.2.1 - 2013/04/08\n\nThis is a minor bugfix that solves the PuppetDB startup exception:\n\n java.lang.AssertionError: Assert failed: (string? s)\n\nThis was due to the default `node-ttl` and `node-purge-ttl` settings not having a time suffix by default. These settings required 's', 'm', 'd' etc. to be suffixed, even if they are zero.\n\n#### Changes\n\n* (Ken Barber) Add 's' suffix to period settings to avoid exceptions in PuppetDB\n\n------------------------------------------\n\n#### 1.2.0 - 2013/04/05\n\nThis release is primarily about providing full configuration file support in the module for PuppetDB 1.2.0. (The alignment of version is a coincidence I assure you :-).\n\nThis feature release adds the following new configuration parameters to the main `puppetdb` class:\n\n* node_ttl\n* node_purge_ttl (available in >=1.2.0)\n* report_ttl\n\nConsult the README for futher details about these new configurable items.\n\n##### Changes\n\n* (Nick Lewis) Add params and ini settings for node/purge/report ttls and document them\n\n------------------------------------------\n\n1.1.5\n=====\n\n2013-02-13 - Karel Brezina\n * Fix database creation so database_username, database_password and\n database_name are correctly passed during database creation.\n\n2013-01-29 - Lauren Rother\n * Change README to conform to new style and various other README improvements\n\n2013-01-17 - Chris Price\n * Improve documentation in init.pp\n\n------------------------------------------\n\n1.1.4\n=====\n\nThis is a bugfix release, mostly around fixing backward-compatibility for the\ndeprecated `manage_redhat_firewall` parameter. It wasn't actually entirely\nbackwards-compatible in the 1.1.3 release.\n\n2013-01-17 - Chris Price <chris@puppetlabs.com>\n * Fix backward compatibility of `manage_redhat_firewall` parameter (de20b44)\n\n2013-01-16 - Chris Price <chris@puppetlabs.com>\n * Fix deprecation warnings around manage_redhat_firewall (448f8bc)\n\n------------------------------------------\n\n1.1.3\n=====\n\nThis is mostly a maintenance release, to update the module dependencies to newer\nversions in preparation for some new features. This release does include some nice\nadditions around the ability to set the listen address for the HTTP port on Jetty\nand manage the firewall for that port. Thanks very much to Drew Blessing for those\nsubmissions!\n\n2013-01-15 - Chris Price <chris@puppetlabs.com>\n * Update Modulefile for 1.1.3 release (updates dependencies\n on postgres and inifile modules to the latest versions) (76bfd9e)\n\n2012-12-19 - Garrett Honeycutt <garrett@puppetlabs.com>\n * (#18228) updates README for style (fd2e990)\n\n2012-11-29 - Drew Blessing <Drew.Blessing@Buckle.com>\n * 17594 - Fixes suggested by cprice-puppet (0cf9632)\n\n2012-11-14 - Drew Blessing <Drew.Blessing@Buckle.com>\n * Adjust examples in tests to include new port params (0afc276)\n\n2012-11-13 - Drew Blessing <Drew.Blessing@Buckle.com>\n * 17594 - PuppetDB - Add ability to set standard host listen address and open firewall\n\n------------------------------------------\n\n1.1.2\n=====\n\n2012-10-26 - Chris Price <chris@puppetlabs.com> (1.1.2)\n * 1.1.2 release\n\n2012-10-26 - Chris Price <chris@puppetlabs.com>\n * Add some more missing `inherit`s for `puppetdb::params` (a72cc7c)\n\n2012-10-26 - Chris Price <chris@puppetlabs.com> (1.1.2)\n * 1.1.1 release\n\n2012-10-26 - Chris Price <chris@puppetlabs.com> (1.1.1)\n * Add missing `inherit` for `puppetdb::params` (ea9b379)\n\n2012-10-24 - Chris Price <chris@puppetlabs.com>\n * 1.1.0 release\n\n2012-10-24 - Chris Price <chris@puppetlabs.com> (1.1.0)\n * Update postgres dependency to puppetlabs/postgresql (bea79b4)\n\n2012-10-17 - Reid Vandewiele <reid@puppetlabs.com> (1.1.0)\n * Fix embedded db setup in Puppet Enterprise (bf0ab45)\n\n2012-10-17 - Chris Price <chris@puppetlabs.com> (1.1.0)\n * Update manifests/master/config.pp (b119a30)\n\n2012-10-16 - Chris Price <chris@puppetlabs.com> (1.1.0)\n * Make puppetdb startup timeout configurable (783b595)\n\n2012-10-01 - Hunter Haugen <h.haugen@gmail.com> (1.1.0)\n * Add condition to detect PE installations and provide different parameters (63f1c52)\n\n2012-10-01 - Hunter Haugen <h.haugen@gmail.com> (1.1.0)\n * Add example manifest code for pe puppet master (a598edc)\n\n2012-10-01 - Chris Price <chris@puppetlabs.com> (1.1.0)\n * Update comments and docs w/rt PE params (b5df5d9)\n\n2012-10-01 - Hunter Haugen <h.haugen@gmail.com> (1.1.0)\n * Adding pe_puppetdb tests class (850e039)\n\n2012-09-28 - Hunter Haugen <h.haugen@gmail.com> (1.1.0)\n * Add parameters to enable usage of enterprise versions of PuppetDB (df6f7cc)\n\n2012-09-23 - Chris Price <chris@puppetlabs.com>\n * 1.0.3 release\n\n2012-09-23 - Chris Price <chris@puppetlabs.com>\n * Add a parameter for restarting puppet master (179b337)\n\n2012-09-21 - Chris Price <chris@puppetlabs.com>\n * 1.0.2 release\n\n2012-09-21 - Chris Price <chris@puppetlabs.com>\n * Pass 'manage_redhat_firewall' param through to postgres (f21740b)\n\n2012-09-20 - Chris Price <chris@puppetlabs.com>\n * 1.0.1 release\n\n2012-09-20 - Garrett Honeycutt <garrett@puppetlabs.com>\n * complies with style guide (1aab5d9)\n\n2012-09-19 - Chris Price <chris@puppetlabs.com>\n * Fix invalid subname in database.ini (be683b7)\n\n2011-09-18 Chris Price <chris@puppetlabs.com> - 1.0.0\n* Initial 1.0.0 release\n</pre></section>",
|
|
2830
|
+
"readme": "<section class=\"markdown\"><h1>puppetdb</h1>\n\n<h4>Table of Contents</h4>\n\n<ol>\n<li><a href=\"#overview\">Overview - What is the PuppetDB module?</a></li>\n<li><a href=\"#module-description\">Module Description - What does the module do?</a></li>\n<li><a href=\"#setup\">Setup - The basics of getting started with PuppetDB module</a></li>\n<li><a href=\"#upgrading\">Upgrading - Guide for upgrading from older revisions of this module</a></li>\n<li><a href=\"#usage\">Usage - The classes and parameters available for configuration</a></li>\n<li><a href=\"#implementation\">Implementation - An under-the-hood peek at what the module is doing</a></li>\n<li><a href=\"#limitations\">Limitations - OS compatibility, etc.</a></li>\n<li><a href=\"#development\">Development - Guide for contributing to the module</a></li>\n<li><a href=\"#release-notes\">Release Notes - Notes on the most recent updates to the module</a></li>\n</ol>\n\n<h2>Overview</h2>\n\n<p>By guiding puppetdb setup and configuration with a primary Puppet server, the PuppetDB module provides fast, streamlined access to data on puppetized infrastructure.</p>\n\n<h2>Module Description</h2>\n\n<p>The PuppetDB module provides a quick way to get started using PuppetDB, an open source inventory resource service that manages storage and retrieval of platform-generated data. The module will install PostgreSQL and PuppetDB if you don't have them, as well as set up the connection to primary Puppet server. The module will also provide a dashboard you can use to view the current state of your system.</p>\n\n<p>For more information about PuppetDB <a href=\"http://docs.puppetlabs.com/puppetdb/\">please see the official PuppetDB documentation.</a></p>\n\n<h2>Setup</h2>\n\n<p><strong>What PuppetDB affects:</strong></p>\n\n<ul>\n<li>package/service/configuration files for PuppetDB</li>\n<li>package/service/configuration files for PostgreSQL (optional, but set as default)</li>\n<li>primary Puppet server's runtime (via plugins)</li>\n<li>primary Puppet server's configuration\n\n<ul>\n<li><strong>note</strong>: Using the <code>puppetdb::config</code> class will cause your routes.yaml file to be overwritten entirely (see <strong>Usage</strong> below for options and more information )</li>\n</ul></li>\n<li>system firewall (optional)</li>\n<li>listened-to ports</li>\n</ul>\n\n<p><strong>Introductory Questions</strong></p>\n\n<p>To begin using PuppetDB, you’ll have to make a few decisions:</p>\n\n<ul>\n<li>Which database back-end should I use?\n\n<ul>\n<li>PostgreSQL (default) or our embedded database</li>\n<li>Embedded database</li>\n<li><strong>note:</strong> We suggest using the embedded database only for experimental environments rather than production, as it does not scale well and can cause difficulty in migrating to PostgreSQL.</li>\n</ul></li>\n<li>Should I run the database on the same node that I run PuppetDB on?</li>\n<li>Should I run PuppetDB on the same node that I run my primary Puppet server on?</li>\n</ul>\n\n<p>The answers to those questions will be largely dependent on your answers to questions about your Puppet environment:</p>\n\n<ul>\n<li>How many nodes are you managing?</li>\n<li>What kind of hardware are you running on?</li>\n<li>Is your current load approaching the limits of your hardware?</li>\n</ul>\n\n<p>Depending on your answers to all of the questions above, you will likely fall under one of these set-up options:</p>\n\n<ol>\n<li><a href=\"#single-node-setup\">Single Node (Testing and Development)</a></li>\n<li><a href=\"#multiple-node-setup\">Multiple Node (Recommended)</a></li>\n</ol>\n\n<h3>Single Node Setup</h3>\n\n<p>This approach assumes you will use our default database (PostgreSQL) and run everything (PostgreSQL, PuppetDB, primary Puppet server) all on the same node. This setup will be great for a testing or experimental environment. In this case, your manifest will look like:</p>\n\n<pre><code>node primary Puppet server {\n # Configure puppetdb and its underlying database\n class { 'puppetdb': }\n # Configure the primary Puppet server to use puppetdb\n class { 'puppetdb::config': }\n}\n</code></pre>\n\n<p>You can provide some parameters for these classes if you’d like more control, but that is literally all that it will take to get you up and running with the default configuration.</p>\n\n<h3>Multiple Node Setup</h3>\n\n<p>This approach is for those who prefer not to install PuppetDB on the same node as the primary Puppet server. Your environment will be easier to scale if you are able to dedicate hardware to the individual system components. You may even choose to run the puppetdb server on a different node from the PostgreSQL database that it uses to store its data. So let’s have a look at what a manifest for that scenario might look like:</p>\n\n<p><strong>This is an example of a very basic 3-node setup for PuppetDB.</strong></p>\n\n<p>This node is our primary Puppet server:</p>\n\n<pre><code>node puppet {\n # Here we configure the primary Puppet server to use PuppetDB,\n # and tell it that the hostname is ‘puppetdb’\n class { 'puppetdb::config':\n puppetdb_server => 'puppetdb',\n }\n}\n</code></pre>\n\n<p>This node is our postgres server:</p>\n\n<pre><code>node puppetdb-postgres {\n # Here we install and configure postgres and the puppetdb\n # database instance, and tell postgres that it should\n # listen for connections to the hostname ‘puppetdb-postgres’\n class { 'puppetdb::database::postgresql':\n listen_addresses => 'puppetdb-postgres',\n }\n}\n</code></pre>\n\n<p>This node is our main puppetdb server:</p>\n\n<pre><code>node puppetdb {\n # Here we install and configure PuppetDB, and tell it where to\n # find the postgres database.\n class { 'puppetdb::server':\n database_host => 'puppetdb-postgres',\n }\n}\n</code></pre>\n\n<p>This should be all it takes to get a 3-node, distributed installation of PuppetDB up and running. Note that, if you prefer, you could easily move two of these classes to a single node and end up with a 2-node setup instead.</p>\n\n<h3>Beginning with PuppetDB</h3>\n\n<p>Whether you choose a single node development setup or a multi-node setup, a basic setup of PuppetDB will cause: PostgreSQL to install on the node if it’s not already there; PuppetDB postgres database instance and user account to be created; the postgres connection to be validated and, if successful, PuppetDB to be installed and configured; PuppetDB connection to be validated and, if successful, the primary Puppet server config files to be modified to use PuppetDB; and the primary Puppet server to be restarted so that it will pick up the config changes.</p>\n\n<p>If your logging level is set to INFO or finer, you should start seeing PuppetDB-related log messages appear in both your primary Puppet server log and your puppetdb log as subsequent agent runs occur.</p>\n\n<p>If you’d prefer to use PuppetDB’s embedded database rather than PostgreSQL, have a look at the database parameter on the puppetdb class:</p>\n\n<pre><code>class { 'puppetdb':\n database => 'embedded',\n}\n</code></pre>\n\n<p>The embedded database can be useful for testing and very small production environments, but it is not recommended for production environments since it consumes a great deal of memory as your number of nodes increase.</p>\n\n<h3>Cross-node Dependencies</h3>\n\n<p>It is worth noting that there are some cross-node dependencies, which means that the first time you add the module's configurations to your manifests, you may see a few failed puppet runs on the affected nodes.</p>\n\n<p>PuppetDB handles cross-node dependencies by taking a sort of “eventual consistency” approach. There’s nothing that the module can do to control the order in which your nodes check in, but the module can check to verify that the services it depends on are up and running before it makes configuration changes--so that’s what it does.</p>\n\n<p>When your primary Puppet server node checks in, it will validate the connectivity to the puppetdb server before it applies its changes to the primary Puppet server config files. If it can’t connect to puppetdb, then the puppet run will fail and the previous config files will be left intact. This prevents your primary Puppet server from getting into a broken state where all incoming puppet runs fail because the primary Puppet server is configured to use a puppetdb server that doesn’t exist yet. The same strategy is used to handle the dependency between the puppetdb server and the postgres server.</p>\n\n<p>Hence the failed puppet runs. These failures should be limited to 1 failed run on the puppetdb node, and up to 2 failed runs on the primary Puppet server node. After that, all of the dependencies should be satisfied and your puppet runs should start to succeed again.</p>\n\n<p>You can also manually trigger puppet runs on the nodes in the correct order (Postgres, PuppetDB, primary Puppet server), which will avoid any failed runs.</p>\n\n<h2>Upgrading</h2>\n\n<h3>Upgrading from 2.x to version 3.x</h3>\n\n<p>For this release a major dependency has changed. The module <code>pupppetlabs/postgresql</code> must now be version 3.x. Upgrading the module should upgrade the <code>puppetlabs/postgresql</code> module for you, but if another module has a fixed dependency that module will have to be fixed before you can continue.</p>\n\n<p>Some other changes include:</p>\n\n<ul>\n<li>The parameter <code>manage_redhat_firewall</code> for the class <code>puppetdb</code> has now been removed completely in favor of <code>open_postgres_port</code> and <code>open_ssl_listen_port</code>.</li>\n<li>The parameter <code>manage_redhat_firewall</code> for the class <code>puppetdb::database::postgresql</code>, has now been renamed to <code>manage_firewall</code>.</li>\n<li>The parameter <code>manage_redhat_firewall</code> for the class <code>puppetdb::server</code> has now been removed completely in favor of <code>open_listen_port</code> and <code>open_ssl_listen_port</code>.</li>\n<li>The internal class: <code>puppetdb::database::postgresql_db</code> has been removed. If you were using this, it is now defunct.</li>\n<li>The class <code>puppetdb::server::firewall</code> has been marked as private, do not use it directly.</li>\n<li>The class <code>puppetdb::server::jetty_ini</code> and <code>puppetdb::server::database_ini</code> have been marked as private, do not use it directly.</li>\n</ul>\n\n<h3>Upgrading from 1.x to version 2.x</h3>\n\n<p>A major dependency has been changed, so now when you upgrade to 2.0 the dependency <code>cprice404/inifile</code> has been replaced with <code>puppetlabs/inifile</code>. This may interfer with other modules as they may depend on the old <code>cprice404/inifile</code> instead, so upgrading should be done with caution. Check that your other modules use the newer <code>puppetlabs/inifile</code> module as interoperation with the old <code>cprice404/inifile</code> module will no longer be supported by this module.</p>\n\n<p>Depending on how you install your modules, changing the dependency may require manual intervention. Double check your modules contains the newer <code>puppetlabs/inifile</code> after installing this latest module.</p>\n\n<p>Otherwise, all existing parameters from 1.x should still work correctly.</p>\n\n<h2>Usage</h2>\n\n<p>PuppetDB supports a large number of configuration options for both configuring the puppetdb service and connecting that service to the primary Puppet server.</p>\n\n<h3>puppetdb</h3>\n\n<p>The <code>puppetdb</code> class is intended as a high-level abstraction (sort of an 'all-in-one' class) to help simplify the process of getting your puppetdb server up and running. It wraps the slightly-lower-level classes <code>puppetdb::server</code> and <code>puppetdb::database::*</code>, and it'll get you up and running with everything you need (including database setup and management) on the server side. For maximum configurability, you may choose not to use this class. You may prefer to use the <code>puppetdb::server</code> class directly, or manage your puppetdb setup on your own.</p>\n\n<p>You must declare the class to use it:</p>\n\n<pre><code>class { 'puppetdb': }\n</code></pre>\n\n<p><strong>Parameters within <code>puppetdb</code>:</strong></p>\n\n<h4><code>listen_address</code></h4>\n\n<p>The address that the web server should bind to for HTTP requests (defaults to <code>localhost</code>.'0.0.0.0' = all).</p>\n\n<h4><code>listen_port</code></h4>\n\n<p>The port on which the puppetdb web server should accept HTTP requests (defaults to '8080').</p>\n\n<h4><code>open_listen_port</code></h4>\n\n<p>If true, open the http_listen_port on the firewall (defaults to false).</p>\n\n<h4><code>ssl_listen_address</code></h4>\n\n<p>The address that the web server should bind to for HTTPS requests (defaults to <code>$::clientcert</code>). Set to '0.0.0.0' to listen on all addresses.</p>\n\n<h4><code>ssl_listen_port</code></h4>\n\n<p>The port on which the puppetdb web server should accept HTTPS requests (defaults to '8081').</p>\n\n<h4><code>disable_ssl</code></h4>\n\n<p>If true, the puppetdb web server will only serve HTTP and not HTTPS requests (defaults to false).</p>\n\n<h4><code>open_ssl_listen_port</code></h4>\n\n<p>If true, open the ssl_listen_port on the firewall (defaults to true).</p>\n\n<h4><code>database</code></h4>\n\n<p>Which database backend to use; legal values are <code>postgres</code> (default) or <code>embedded</code>. The <code>embedded</code> db can be used for very small installations or for testing, but is not recommended for use in production environments. For more info, see the <a href=\"http://docs.puppetlabs.com/puppetdb/\">puppetdb docs</a>.</p>\n\n<h4><code>database_port</code></h4>\n\n<p>The port that the database server listens on (defaults to <code>5432</code>; ignored for <code>embedded</code> db).</p>\n\n<h4><code>database_username</code></h4>\n\n<p>The name of the database user to connect as (defaults to <code>puppetdb</code>; ignored for <code>embedded</code> db).</p>\n\n<h4><code>database_password</code></h4>\n\n<p>The password for the database user (defaults to <code>puppetdb</code>; ignored for <code>embedded</code> db).</p>\n\n<h4><code>database_name</code></h4>\n\n<p>The name of the database instance to connect to (defaults to <code>puppetdb</code>; ignored for <code>embedded</code> db).</p>\n\n<h4><code>database_ssl</code></h4>\n\n<p>If true, puppetdb will use SSL to connect to the postgres database (defaults to false; ignored for <code>embedded</code> db).\nSetting up proper trust- and keystores has to be managed outside of the puppetdb module.</p>\n\n<h4><code>node_ttl</code></h4>\n\n<p>The length of time a node can go without receiving any new data before it's automatically deactivated. (defaults to '0', which disables auto-deactivation). This option is supported in PuppetDB >= 1.1.0.</p>\n\n<h4><code>node_purge_ttl</code></h4>\n\n<p>The length of time a node can be deactivated before it's deleted from the database. (defaults to '0', which disables purging). This option is supported in PuppetDB >= 1.2.0.</p>\n\n<h4><code>report_ttl</code></h4>\n\n<p>The length of time reports should be stored before being deleted. (defaults to '7d', which is a 7-day period). This option is supported in PuppetDB >= 1.1.0.</p>\n\n<h4><code>gc_interval</code></h4>\n\n<p>This controls how often, in minutes, to compact the database. The compaction process reclaims space and deletes unnecessary rows. If not supplied, the default is every 60 minutes. This option is supported in PuppetDB >= 0.9.</p>\n\n<h4><code>log_slow_statements</code></h4>\n\n<p>This sets the number of seconds before an SQL query is considered "slow." Slow SQL queries are logged as warnings, to assist in debugging and tuning. Note PuppetDB does not interrupt slow queries; it simply reports them after they complete.</p>\n\n<p>The default value is 10 seconds. A value of 0 will disable logging of slow queries. This option is supported in PuppetDB >= 1.1.</p>\n\n<h4><code>conn_max_age</code></h4>\n\n<p>The maximum time (in minutes), for a pooled connection to remain unused before it is closed off.</p>\n\n<p>If not supplied, we default to 60 minutes. This option is supported in PuppetDB >= 1.1.</p>\n\n<h4><code>conn_keep_alive</code></h4>\n\n<p>This sets the time (in minutes), for a connection to remain idle before sending a test query to the DB. This is useful to prevent a DB from timing out connections on its end.</p>\n\n<p>If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.1.</p>\n\n<h4><code>conn_lifetime</code></h4>\n\n<p>The maximum time (in minutes) a pooled connection should remain open. Any connections older than this setting will be closed off. Connections currently in use will not be affected until they are returned to the pool.</p>\n\n<p>If not supplied, we won't terminate connections based on their age alone. This option is supported in PuppetDB >= 1.4.</p>\n\n<h4><code>puppetdb_package</code></h4>\n\n<p>The puppetdb package name in the package manager.</p>\n\n<h4><code>puppetdb_version</code></h4>\n\n<p>The version of the <code>puppetdb</code> package that should be installed. You may specify an explicit version number, 'present', or 'latest' (defaults to 'present').</p>\n\n<h4><code>puppetdb_service</code></h4>\n\n<p>The name of the puppetdb service.</p>\n\n<h4><code>puppetdb_service_status</code></h4>\n\n<p>Sets whether the service should be running or stopped. When set to stopped the service doesn't start on boot either. Valid values are 'true', 'running', 'false', and 'stopped'.</p>\n\n<h4><code>confdir</code></h4>\n\n<p>The puppetdb configuration directory (defaults to <code>/etc/puppetdb/conf.d</code>).</p>\n\n<h4><code>java_args</code></h4>\n\n<p>Java VM options used for overriding default Java VM options specified in PuppetDB package (defaults to <code>{}</code>). See <a href=\"http://docs.puppetlabs.com/puppetdb/1.1/configure.html\">PuppetDB Configuration</a> to get more details about the current defaults.</p>\n\n<p>Example: to set <code>-Xmx512m -Xms256m</code> options use <code>{ '-Xmx' => '512m', '-Xms' => '256m' }</code></p>\n\n<h3>puppetdb:server</h3>\n\n<p>The <code>puppetdb::server</code> class manages the puppetdb server independently of the underlying database that it depends on. It will manage the puppetdb package, service, config files, etc., but will still allow you to manage the database (e.g. postgresql) however you see fit.</p>\n\n<pre><code>class { 'puppetdb::server':\n database_host => 'puppetdb-postgres',\n}\n</code></pre>\n\n<p><strong>Parameters within <code>puppetdb::server</code>:</strong></p>\n\n<p>Uses the same parameters as <code>puppetdb</code>, with one addition:</p>\n\n<h4><code>database_host</code></h4>\n\n<p>The hostname or IP address of the database server (defaults to <code>localhost</code>; ignored for <code>embedded</code> db).</p>\n\n<h3>puppetdb::config</h3>\n\n<p>The <code>puppetdb::config</code> class directs your primary Puppet server to use PuppetDB, which means that this class should be used on your primary Puppet server node. It’ll verify that it can successfully communicate with your puppetdb server, and then configure your primary Puppet server to use PuppetDB.</p>\n\n<p>Using this class involves allowing the module to manipulate your puppet configuration files; in particular: puppet.conf and routes.yaml. The puppet.conf changes are supplemental and should not affect any of your existing settings, but the routes.yaml file will be overwritten entirely. If you have an existing routes.yaml file, you will want to take care to use the manage_routes parameter of this class to prevent the module from managing that file, and you’ll need to manage it yourself.</p>\n\n<pre><code>class { 'puppetdb::config':\n puppetdb_server => 'my.host.name',\n puppetdb_port => 8081,\n}\n</code></pre>\n\n<p><strong>Parameters within <code>puppetdb::config</code>:</strong></p>\n\n<h4><code>puppetdb_server</code></h4>\n\n<p>The dns name or ip of the puppetdb server (defaults to the certname of the current node).</p>\n\n<h4><code>puppetdb_port</code></h4>\n\n<p>The port that the puppetdb server is running on (defaults to 8081).</p>\n\n<h4><code>puppetdb_soft_write_failure</code></h4>\n\n<p>Boolean to fail in a soft-manner if PuppetDB is not accessable for command submission (defaults to false).</p>\n\n<h4><code>manage_routes</code></h4>\n\n<p>If true, the module will overwrite the primary Puppet server's routes file to configure it to use PuppetDB (defaults to true).</p>\n\n<h4><code>manage_storeconfigs</code></h4>\n\n<p>If true, the module will manage the primary Puppet server's storeconfig settings (defaults to true).</p>\n\n<h4><code>manage_report_processor</code></h4>\n\n<p>If true, the module will manage the 'reports' field in the puppet.conf file to enable or disable the puppetdb report processor. Defaults to 'false'.</p>\n\n<h4><code>manage_config</code></h4>\n\n<p>If true, the module will store values from puppetdb_server and puppetdb_port parameters in the puppetdb configuration file.\nIf false, an existing puppetdb configuration file will be used to retrieve server and port values.</p>\n\n<h4><code>strict_validation</code></h4>\n\n<p>If true, the module will fail if puppetdb is not reachable, otherwise it will preconfigure puppetdb without checking.</p>\n\n<h4><code>enable_reports</code></h4>\n\n<p>Ignored unless <code>manage_report_processor</code> is <code>true</code>, in which case this setting will determine whether or not the puppetdb report processor is enabled (<code>true</code>) or disabled (<code>false</code>) in the puppet.conf file.</p>\n\n<h4><code>puppet_confdir</code></h4>\n\n<p>Puppet's config directory (defaults to <code>/etc/puppet</code>).</p>\n\n<h4><code>puppet_conf</code></h4>\n\n<p>Puppet's config file (defaults to <code>/etc/puppet/puppet.conf</code>).</p>\n\n<h4><code>puppetdb_version</code></h4>\n\n<p>The version of the <code>puppetdb</code> package that should be installed. You may specify an explicit version number, 'present', or 'latest' (defaults to 'present').</p>\n\n<h4><code>terminus_package</code></h4>\n\n<p>Name of the package to use that represents the PuppetDB terminus code.</p>\n\n<h4><code>puppet_service_name</code></h4>\n\n<p>Name of the service that represents Puppet. You can change this to <code>apache2</code> or <code>httpd</code> depending on your operating system, if you plan on having Puppet run using Apache/Passenger for example.</p>\n\n<h4><code>puppetdb_startup_timeout</code></h4>\n\n<p>The maximum amount of time that the module should wait for PuppetDB to start up. This is most important during the initial install of PuppetDB (defaults to 15 seconds).</p>\n\n<h4><code>restart_puppet</code></h4>\n\n<p>If true, the module will restart the primary Puppet server when PuppetDB configuration files are changed by the module. The default is 'true'. If set to 'false', you must restart the service manually in order to pick up changes to the config files (other than <code>puppet.conf</code>).</p>\n\n<h3>puppetdb::database::postgresql</h3>\n\n<p>The <code>puppetdb::database::postgresql</code> class manages a postgresql server for use by PuppetDB. It can manage the postgresql packages and service, as well as creating and managing the puppetdb database and database user accounts.</p>\n\n<pre><code>class { 'puppetdb::database::postgresql':\n listen_addresses => 'my.postgres.host.name',\n}\n</code></pre>\n\n<h4><code>listen_addresses</code></h4>\n\n<p>The <code>listen_address</code> is a comma-separated list of hostnames or IP addresses on which the postgres server should listen for incoming connections. This defaults to <code>localhost</code>. This parameter maps directly to postgresql's <code>listen_addresses</code> config option; use a <code>*</code> to allow connections on any accessible address.</p>\n\n<h4><code>manage_firewall</code></h4>\n\n<p>If set to <code>true</code> this will enable open the local firewall for PostgreSQL protocol access. Defaults to <code>false</code>.</p>\n\n<h4><code>database_name</code></h4>\n\n<p>Sets the name of the database. Defaults to <code>puppetdb</code>.</p>\n\n<h4><code>database_username</code></h4>\n\n<p>Creates a user for access the database. Defaults to <code>puppetdb</code>.</p>\n\n<h4><code>database_password</code></h4>\n\n<p>Sets the password for the database user above. Defaults to <code>puppetdb</code>.</p>\n\n<h2>Implementation</h2>\n\n<h3>Resource overview</h3>\n\n<p>In addition to the classes and variables mentioned above, PuppetDB includes:</p>\n\n<p><strong>puppetdb::routes</strong></p>\n\n<p>Configures the primary Puppet server to use PuppetDB as the facts terminus. <em>WARNING</em>: the current implementation simply overwrites your routes.yaml file; if you have an existing routes.yaml file that you are using for other purposes, you should <em>not</em> use this.</p>\n\n<pre><code>class { 'puppetdb::routes':\n puppet_confdir => '/etc/puppet'\n}\n</code></pre>\n\n<p><strong>puppetdb::storeconfigs</strong></p>\n\n<p>Configures the primary Puppet server to enable storeconfigs and to use PuppetDB as the storeconfigs backend.</p>\n\n<pre><code>class { 'puppetdb::storeconfigs':\n puppet_conf => '/etc/puppet/puppet.conf'\n}\n</code></pre>\n\n<p><strong>puppetdb::server::validate_db</strong></p>\n\n<p>Validates that a successful database connection can be established between the node on which this resource is run and the specified puppetdb database instance (host/port/user/password/database name).</p>\n\n<pre><code>puppetdb::server::validate_db { 'validate my puppetdb database connection':\n database_host => 'my.postgres.host',\n database_username => 'mydbuser',\n database_password => 'mydbpassword',\n database_name => 'mydbname',\n}\n</code></pre>\n\n<h3>Custom Types</h3>\n\n<p><strong>puppetdb_conn_validator</strong></p>\n\n<p>Verifies that a connection can be successfully established between a node and the puppetdb server. Its primary use is as a precondition to prevent configuration changes from being applied if the puppetdb server cannot be reached, but it could potentially be used for other purposes such as monitoring.</p>\n\n<h2>Limitations</h2>\n\n<p>Currently, PuppetDB is compatible with:</p>\n\n<pre><code>Puppet Version: 2.7+\n</code></pre>\n\n<p>Platforms:</p>\n\n<ul>\n<li>RHEL6</li>\n<li>Debian6</li>\n<li>Ubuntu 10.04</li>\n<li>Archlinux</li>\n</ul>\n\n<h2>Development</h2>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n</section>",
|
|
2831
|
+
"changelog": "<section class=\"plaintext\"><pre>## puppetlabs-puppetdb changelog\n\nRelease notes for the puppetlabs-puppetdb module.\n\n------------------------------------------\n\n#### 3.0.0 - 2013/10/27\n\nThis major release changes the main dependency for the postgresql module from\nversion 2.5.x to 3.x. Since the postgresql module is not backwards compatible,\nthis release is also not backwards compatible. As a consequence we have taken\nsome steps to deprecate some of the older functionality:\n\n* The parameter manage_redhat_firewall for the class puppetdb has now been removed completely in favor of open_postgres_port and open_ssl_listen_port.\n* The parameter manage_redhat_firewall for the class puppetdb::database::postgresql, has now been renamed to manage_firewall.\n* The parameter manage_redhat_firewall for the class puppetdb::server has now been removed completely in favor of open_listen_port and open_ssl_listen_port.\n* The internal class: puppetdb::database::postgresql_db has been removed. If you were using this, it is now defunct.\n* The class puppetdb::server::firewall has been marked as private, do not use it directly.\n* The class puppetdb::server::jetty_ini and puppetdb::server::database_ini have been marked as private, do not use it directly.\n\nAll of this is documented in the upgrade portion of the README.\n\nAdditionally some features have been included in this release as well:\n\n* soft_write_failure can now be enabled in your puppetdb.conf with this\n module to handle failing silently when your PuppetDB is not available\n during writes.\n* There is a new switch to enable SSL connectivity to PostgreSQL. While this\n functionality is only in its infancy this is a good start.\n\nDetailed Changes:\n\n* FM-103: Add metadata.json to all modules. (Ashley Penney)\n* Add soft_write_failure to puppetdb.conf (Garrett Honeycutt)\n* Add switch to configure database SSL connection (Stefan Dietrich)\n* (GH-91) Update to use rspec-system-puppet 2.x (Ken Barber)\n* (GH-93) Switch to using puppetlabs-postgresql 3.x (Ken Barber)\n* Fix copyright and project notice (Ken Barber)\n* Adjust memory for PuppetDB tests to avoid OOM killer (Ken Barber)\n* Ensure ntpdate executes early during testing (Ken Barber)\n\n------------------------------------------\n\n#### 2.0.0 - 2013/10/04\n\nThis major release changes the main dependency for the inifile module from\nthe deprecated `cprice404/inifile` to `puppetlabs/inifile` to remove\ndeprecation warnings and to move onto the latest and greatest implementation\nof that code.\n\nIts a major release, because it may affect other dependencies since modules\ncannot have overlapping second part dependencies (that is inifile cannot be from\ntwo different locations).\n\nIt also adds the parameter `puppetdb_service_status` to the class `puppetdb` to\nallow users to specify whether the module manages the puppetdb service for you.\n\nThe `database_password` parameter is now optional, and initial Arch Linux\nsupport has been added.\n\nDetailed Changes:\n\n* (GH-73) Switch to puppetlabs/inifile from cprice/inifile (Ken Barber)\n* Make database_password an optional parameter (Nick Lewis)\n* add archlinux support (Niels Abspoel)\n* Added puppetdb service control (Akos Hencz)\n\n------------------------------------------\n\n#### 1.6.0 - 2013/08/07\n\nThis minor feature release provides extra parameters for new configuration\nitems available in PuppetDB 1.4, and also provides some older parameters\nthat were missed previously:\n\n* gc_interval\n* log_slow_statements\n* conn_max_age\n* conn_keep_alive\n* conn_lifetime\n\nConsult the README.md file, or the PuppetDB documentation for more details.\n\n------------------------------------------\n\n#### 1.5.0 - 2013/07/18\n\nThis minor feature release provides the following new functionality:\n\n* The module is now capable of managing PuppetDB on SUSE systems\n for which PuppetDB packages are available\n* The ruby code for validating the PuppetDB connection now\n supports validating on a non-SSL HTTP port.\n\n------------------------------------------\n\n#### 1.4.0 - 2013/05/13\n\nThis feature release provides support for managing the puppetdb report\nprocessor on your primary Puppet server.\n\nTo enable the report processor, you can do something like this:\n\n class { 'puppetdb::config':\n manage_report_processor => true,\n enable_reports => true\n }\n\nThis will add the 'puppetdb' report processor to the list of `reports`\ninside your primary Puppet server's `puppet.conf` file.\n\n------------------------------------------\n\n#### 1.3.0 - 2013/05/13\n\nThis feature release provides us with a few new features for the PuppetDB\nmodule.\n\nYou can now disable SSL when using the `puppetdb` class by using the new\nparameter `disable_ssl`:\n\n class { 'puppetdb':\n disable_ssl => true,\n }\n\nThis will remove the SSL settings from your `jetty.ini` configuration file\ndisabling any SSL communication. This is useful when you want to offload SSL\nto another web server, such as Apache or Nginx.\n\nWe have now added an option `java_args` for passing in Java options to\nPuppetDB. The format is a hash that is passed in when declaring the use of the\n`puppetdb` class:\n\n class { 'puppetdb':\n java_args => {\n '-Xmx' => '512m',\n '-Xms' => '256m',\n }\n }\n\nAlso, the default `report-ttl` was set to `14d` in PuppetDB to align it with an\nupcoming PE release, so we've also reflected that default here now.\n\nAnd finally we've fixed the issue whereby the options `report_ttl`, `node_ttl`,\n`node_purge_ttl` and `gc_interval` were not making the correct changes. On top\nof that you can now set these values to zero in the module, and the correct\ntime modifier (`s`, `m`, `h` etc.) will automatically get applied for you.\n\nBehind the scenes we've also added system and unit testing, which was\npreviously non-existent. This should help us reduce regression going forward.\n\nThanks to all the contributing developers in the list below that made this\nrelease possible :-).\n\n#### Changes\n\n* Allows for 0 _ttl's without time signifier and enables tests (Garrett Honeycutt)\n* Add option to disable SSL in Jetty, including tests and documentation (Christian Berg)\n* Cleaned up ghoneycutt's code a tad (Ken Barber)\n* the new settings report_ttl, node_ttl and node_purge_ttl were added but they are not working, this fixes it (fsalum)\n* Also fix gc_interval (Ken Barber)\n* Support for remote puppetdb (Filip Hrbek)\n* Added support for Java VM options (Karel Brezina)\n* Add initial rspec-system tests and scaffolding (Ken Barber)\n\n------------------------------------------\n\n#### 1.2.1 - 2013/04/08\n\nThis is a minor bugfix that solves the PuppetDB startup exception:\n\n java.lang.AssertionError: Assert failed: (string? s)\n\nThis was due to the default `node-ttl` and `node-purge-ttl` settings not having a time suffix by default. These settings required 's', 'm', 'd' etc. to be suffixed, even if they are zero.\n\n#### Changes\n\n* (Ken Barber) Add 's' suffix to period settings to avoid exceptions in PuppetDB\n\n------------------------------------------\n\n#### 1.2.0 - 2013/04/05\n\nThis release is primarily about providing full configuration file support in the module for PuppetDB 1.2.0. (The alignment of version is a coincidence I assure you :-).\n\nThis feature release adds the following new configuration parameters to the main `puppetdb` class:\n\n* node_ttl\n* node_purge_ttl (available in >=1.2.0)\n* report_ttl\n\nConsult the README for futher details about these new configurable items.\n\n##### Changes\n\n* (Nick Lewis) Add params and ini settings for node/purge/report ttls and document them\n\n------------------------------------------\n\n1.1.5\n=====\n\n2013-02-13 - Karel Brezina\n * Fix database creation so database_username, database_password and\n database_name are correctly passed during database creation.\n\n2013-01-29 - Lauren Rother\n * Change README to conform to new style and various other README improvements\n\n2013-01-17 - Chris Price\n * Improve documentation in init.pp\n\n------------------------------------------\n\n1.1.4\n=====\n\nThis is a bugfix release, mostly around fixing backward-compatibility for the\ndeprecated `manage_redhat_firewall` parameter. It wasn't actually entirely\nbackwards-compatible in the 1.1.3 release.\n\n2013-01-17 - Chris Price <chris@puppetlabs.com>\n * Fix backward compatibility of `manage_redhat_firewall` parameter (de20b44)\n\n2013-01-16 - Chris Price <chris@puppetlabs.com>\n * Fix deprecation warnings around manage_redhat_firewall (448f8bc)\n\n------------------------------------------\n\n1.1.3\n=====\n\nThis is mostly a maintenance release, to update the module dependencies to newer\nversions in preparation for some new features. This release does include some nice\nadditions around the ability to set the listen address for the HTTP port on Jetty\nand manage the firewall for that port. Thanks very much to Drew Blessing for those\nsubmissions!\n\n2013-01-15 - Chris Price <chris@puppetlabs.com>\n * Update Modulefile for 1.1.3 release (updates dependencies\n on postgres and inifile modules to the latest versions) (76bfd9e)\n\n2012-12-19 - Garrett Honeycutt <garrett@puppetlabs.com>\n * (#18228) updates README for style (fd2e990)\n\n2012-11-29 - Drew Blessing <Drew.Blessing@Buckle.com>\n * 17594 - Fixes suggested by cprice-puppet (0cf9632)\n\n2012-11-14 - Drew Blessing <Drew.Blessing@Buckle.com>\n * Adjust examples in tests to include new port params (0afc276)\n\n2012-11-13 - Drew Blessing <Drew.Blessing@Buckle.com>\n * 17594 - PuppetDB - Add ability to set standard host listen address and open firewall\n\n------------------------------------------\n\n1.1.2\n=====\n\n2012-10-26 - Chris Price <chris@puppetlabs.com> (1.1.2)\n * 1.1.2 release\n\n2012-10-26 - Chris Price <chris@puppetlabs.com>\n * Add some more missing `inherit`s for `puppetdb::params` (a72cc7c)\n\n2012-10-26 - Chris Price <chris@puppetlabs.com> (1.1.2)\n * 1.1.1 release\n\n2012-10-26 - Chris Price <chris@puppetlabs.com> (1.1.1)\n * Add missing `inherit` for `puppetdb::params` (ea9b379)\n\n2012-10-24 - Chris Price <chris@puppetlabs.com>\n * 1.1.0 release\n\n2012-10-24 - Chris Price <chris@puppetlabs.com> (1.1.0)\n * Update postgres dependency to puppetlabs/postgresql (bea79b4)\n\n2012-10-17 - Reid Vandewiele <reid@puppetlabs.com> (1.1.0)\n * Fix embedded db setup in Puppet Enterprise (bf0ab45)\n\n2012-10-17 - Chris Price <chris@puppetlabs.com> (1.1.0)\n * Update manifests/main/config.pp (b119a30)\n\n2012-10-16 - Chris Price <chris@puppetlabs.com> (1.1.0)\n * Make puppetdb startup timeout configurable (783b595)\n\n2012-10-01 - Hunter Haugen <h.haugen@gmail.com> (1.1.0)\n * Add condition to detect PE installations and provide different parameters (63f1c52)\n\n2012-10-01 - Hunter Haugen <h.haugen@gmail.com> (1.1.0)\n * Add example manifest code for pe primary Puppet server (a598edc)\n\n2012-10-01 - Chris Price <chris@puppetlabs.com> (1.1.0)\n * Update comments and docs w/rt PE params (b5df5d9)\n\n2012-10-01 - Hunter Haugen <h.haugen@gmail.com> (1.1.0)\n * Adding pe_puppetdb tests class (850e039)\n\n2012-09-28 - Hunter Haugen <h.haugen@gmail.com> (1.1.0)\n * Add parameters to enable usage of enterprise versions of PuppetDB (df6f7cc)\n\n2012-09-23 - Chris Price <chris@puppetlabs.com>\n * 1.0.3 release\n\n2012-09-23 - Chris Price <chris@puppetlabs.com>\n * Add a parameter for restarting primary Puppet server (179b337)\n\n2012-09-21 - Chris Price <chris@puppetlabs.com>\n * 1.0.2 release\n\n2012-09-21 - Chris Price <chris@puppetlabs.com>\n * Pass 'manage_redhat_firewall' param through to postgres (f21740b)\n\n2012-09-20 - Chris Price <chris@puppetlabs.com>\n * 1.0.1 release\n\n2012-09-20 - Garrett Honeycutt <garrett@puppetlabs.com>\n * complies with style guide (1aab5d9)\n\n2012-09-19 - Chris Price <chris@puppetlabs.com>\n * Fix invalid subname in database.ini (be683b7)\n\n2011-09-18 Chris Price <chris@puppetlabs.com> - 1.0.0\n* Initial 1.0.0 release\n</pre></section>",
|
|
2832
2832
|
"license": "<section class=\"plaintext\"><pre>\n Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n "License" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n "Licensor" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n "Legal Entity" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n "control" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n "You" (or "Your") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n "Source" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n "Object" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n "Work" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n "Derivative Works" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n "Contribution" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, "submitted"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as "Not a Contribution."\n\n "Contributor" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a "NOTICE" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets "[]"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same "printed page" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright [yyyy] [name of copyright owner]\n\n Licensed under the Apache License, Version 2.0 (the "License");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n</pre></section>",
|
|
2833
2833
|
"created_at": "2013-10-29 13:14:09 -0700",
|
|
2834
2834
|
"updated_at": "2013-10-29 13:14:09 -0700",
|
|
@@ -3332,7 +3332,7 @@
|
|
|
3332
3332
|
"file_size": 14873,
|
|
3333
3333
|
"file_md5": "ec56c205fb566e93a5845476d7cd2966",
|
|
3334
3334
|
"downloads": 542,
|
|
3335
|
-
"readme": "<section class=\"markdown\"><h1>mongodb puppet module</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-mongodb\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-mongodb.png?branch=master\" alt=\"Build Status\"></a></p>\n\n<h4>Table of Contents</h4>\n\n<ol>\n<li><a href=\"#overview\">Overview</a></li>\n<li><a href=\"#module-description\">Module Description - What does the module do?</a></li>\n<li><a href=\"#setup\">Setup - The basics of getting started with mongodb</a></li>\n<li><a href=\"#usage\">Usage - Configuration options and additional functionality</a></li>\n<li><a href=\"#reference\">Reference - An under-the-hood peek at what the module is doing and how</a></li>\n<li><a href=\"#limitations\">Limitations - OS compatibility, etc.</a></li>\n<li><a href=\"#development\">Development - Guide for contributing to the module</a></li>\n</ol>\n\n<h2>Overview</h2>\n\n<p>Installs MongoDB on RHEL/Ubuntu/Debian from OS repo, or alternatively from\n10gen repository <a href=\"http://www.mongodb.org/display/DOCS/Ubuntu+and+Debian+packages\">installation documentation</a>.</p>\n\n<h3>Deprecation Warning</h3>\n\n<p>This release is a major refactoring of the module which means that the API may\nhave changed in backwards incompatible ways. If your project depends on the old API, \nplease pin your dependencies to 0.3 version to ensure your environments don't break.</p>\n\n<p>The current module design is undergoing review for potential 1.0 release. We welcome\nany feedback with regard to the APIs and patterns used in this release.</p>\n\n<h2>Module Description</h2>\n\n<p>The MongoDB module manages mongod server installation and configuration of the mongod daemon. For the time being it supports only a single\nMongoDB server instance, without sharding and limited replica set \nfunctionality (you can define the replica set parameter in the config file, however\nrs.initiate() has to be done manually).</p>\n\n<h2>Setup</h2>\n\n<h3>What MongoDB affects</h3>\n\n<ul>\n<li>MongoDB package.</li>\n<li>MongoDB configuration files.</li>\n<li>MongoDB service.</li>\n<li>10gen/mongodb apt/yum repository.</li>\n</ul>\n\n<h3>Beginning with MongoDB</h3>\n\n<p>If you just want a server installation with the default options you can run\n<code>include '::mongodb:server'</code>. If you need to customize configuration\noptions you need to do the following:</p>\n\n<pre lang=\"puppet\"><code>class {'::mongodb::server':\n port => 27018,\n verbose => true,\n}\n</code></pre>\n\n<p>Although most distro comes with a prepacked MongoDB server we recommend to\nuse the 10gen/MongoDB software repository, because most of the current OS\npackages are outdated and not appropriate for a production environment.\nTo install MongoDB from 10gen repository:</p>\n\n<pre lang=\"puppet\"><code>class {'::mongodb::globals':\n manage_package_repo => true,\n}->\nclass {'::mongodb::server': }\n</code></pre>\n\n<h2>Usage</h2>\n\n<p>Most of the interaction for the server is done via <code>mongodb::server</code>. For\nmore options please have a look at <a href=\"#class-mongodbserver\">monogbd::server</a>.\nAlso in this version we introduced <code>mongodb::globals</code>, which is meant more\nfor future implementation, where you can configure the main settings for\nthis module in a global way, to be used by other classes and defined resources. \nOn its own it does nothing.</p>\n\n<h2>Reference</h2>\n\n<h3>Classes</h3>\n\n<h4>Public classes</h4>\n\n<ul>\n<li><code>mongodb::server</code>: Installs and configure MongoDB</li>\n<li><code>mongodb::globals</code>: Configure main settings on a global way</li>\n</ul>\n\n<h4>Private classes</h4>\n\n<ul>\n<li><code>mongodb::repo</code>: Manage 10gen/MongoDB software repository</li>\n<li><code>mongodb::repo::apt</code>: Manage Debian/Ubuntu apt 10gen/MongoDB repository</li>\n<li><code>mongodb::repo::yum</code>: Manage Redhat/CentOS apt 10gen/MongoDB repository</li>\n<li><code>mongodb::server::config</code>: Configures MongoDB configuration files</li>\n<li><code>mongodb::server::install</code>: Install MongoDB software packages</li>\n<li><code>mongodb::server::service</code>: Manages service</li>\n</ul>\n\n<h4>Class: mongodb::globals</h4>\n\n<p><em>Note:</em> most server specific defaults should be overridden in the <code>mongodb::server</code>\nclass. This class should only be used if you are using a non-standard OS or\nif you are changing elements such as <code>version</code> or <code>manage_package_repo</code> that\ncan only be changed here.</p>\n\n<p>This class allows you to configure the main settings for this module in a\nglobal way, to be used by the other classes and defined resources. On its\nown it does nothing.</p>\n\n<h5><code>server_package_name</code></h5>\n\n<p>This setting can be used to override the default MongoDB server package\nname. If not specified, the module will use whatever package name is the\ndefault for your OS distro.</p>\n\n<h5><code>service_name</code></h5>\n\n<p>This setting can be used to override the default MongoDB service name. If not\nspecified, the module will use whatever service name is the default for your OS distro.</p>\n\n<h5><code>service_provider</code></h5>\n\n<p>This setting can be used to override the default MongoDB service provider. If\nnot specified, the module will use whatever service provider is the default for\nyour OS distro.</p>\n\n<h5><code>service_status</code></h5>\n\n<p>This setting can be used to override the default status check command for\nyour MongoDB service. If not specified, the module will use whatever service\nname is the default for your OS distro.</p>\n\n<h5><code>user</code></h5>\n\n<p>This setting can be used to override the default MongoDB user and owner of the\nservice and related files in the file system. If not specified, the module will\nuse the default for your OS distro.</p>\n\n<h5><code>group</code></h5>\n\n<p>This setting can be used to override the default MongoDB user group to be used\nfor related files in the file system. If not specified, the module will use\nthe default for your OS distro.</p>\n\n<h5><code>bind_ip</code></h5>\n\n<p>This setting can be used to configure MonogDB process to bind to and listen\nfor connections from applications on this address. If not specified, the\nmodule will use the default for your OS distro.\n<em>Note:</em> This value should be passed an an array.</p>\n\n<h5><code>version</code></h5>\n\n<p>The version of MonogDB to install/manage. This is a simple way of providing\na specific version such as '2.2' or '2.4' for example. If not specified,\nthe module will use the default for your OS distro.</p>\n\n<h4>Class: mongodb::server</h4>\n\n<p>Most of the parameters manipulates the mongod.conf file. </p>\n\n<p>For more details about configuration parameters consult the <a href=\"http://docs.mongodb.org/manual/reference/configuration-options/\">MongoDB Configuration File Options</a>.</p>\n\n<h5><code>ensure</code></h5>\n\n<p>enable or disable the service</p>\n\n<h5><code>config</code></h5>\n\n<p>Path of the config file. If not specified, the module will use the default\nfor your OS distro.</p>\n\n<h5><code>dbpath</code></h5>\n\n<p>Set this value to designate a directory for the mongod instance to store\nit's data. If not specified, the module will use the default for your OS distro.</p>\n\n<h5><code>pidfilepath</code></h5>\n\n<p>Specify a file location to hold the PID or process ID of the mongod process.\nIf not specified, the module will use the default for your OS distro.</p>\n\n<h5><code>logpath</code></h5>\n\n<p>Specify the path to a file name for the log file that will hold all diagnostic\nlogging information. Unless specified, mongod will output all log information\nto the standard output.</p>\n\n<h5><code>bind_ip</code></h5>\n\n<p>Set this option to configure the mongod or mongos process to bind to and listen\nfor connections from applications on this address. If not specified, the module\nwill use the default for your OS distro. Example: bind_ip=['127.0.0.1', '192.168.0.3']\n<em>Note</em>: bind_ip accept array as a value. </p>\n\n<h5><code>logappend</code></h5>\n\n<p>Set to true to add new entries to the end of the logfile rather than overwriting\nthe content of the log when the process restarts. Default: True</p>\n\n<h5><code>fork</code></h5>\n\n<p>Set to true to enable database authentication for users connecting from remote\nhosts. If not specified, the module will use the default for your OS distro.</p>\n\n<h5><code>port</code></h5>\n\n<p>Specifies a TCP port for the server instance to listen for client connections. \nDefault: 27017</p>\n\n<h5><code>journal</code></h5>\n\n<p>Set to true to enable operation journaling to ensure write durability and\ndata consistency. Default: on 64-bit systems true and on 32-bit systems false</p>\n\n<h5><code>nojournal</code></h5>\n\n<p>Set nojournal = true to disable durability journaling. By default, mongod\nenables journaling in 64-bit versions after v2.0. \nDefault: on 64-bit systems false and on 32-bit systems true</p>\n\n<p><em>Note</em>: You must use journal to enable journaling on 32-bit systems.</p>\n\n<h5><code>smallfiles</code></h5>\n\n<p>Set to true to modify MongoDB to use a smaller default data file size. \nSpecifically, smallfiles reduces the initial size for data files and\nlimits them to 512 megabytes. Default: false</p>\n\n<h5><code>cpu</code></h5>\n\n<p>Set to true to force mongod to report every four seconds CPU utilization\nand the amount of time that the processor waits for I/O operations to\ncomplete (i.e. I/O wait.) Default: false</p>\n\n<h5><code>auth</code></h5>\n\n<p>Set to true to enable database authentication for users connecting from\nremote hosts. If no users exist, the localhost interface will continue\nto have access to the database until you create the first user. \nDefault: false</p>\n\n<h5><code>noauth</code></h5>\n\n<p>Disable authentication. Currently the default. Exists for future compatibility\n and clarity.</p>\n\n<h5><code>verbose</code></h5>\n\n<p>Increases the amount of internal reporting returned on standard output or in\nthe log file generated by <code>logpath</code>. Default: false</p>\n\n<h5><code>verbositylevel</code></h5>\n\n<p>MongoDB has the following levels of verbosity: v, vv, vvv, vvvv and vvvvv.\nDefault: None</p>\n\n<h5><code>objcheck</code></h5>\n\n<p>Forces the mongod to validate all requests from clients upon receipt to ensure\nthat clients never insert invalid documents into the database. \nDefault: on v2.4 default to true and on earlier version to false</p>\n\n<h5><code>quota</code></h5>\n\n<p>Set to true to enable a maximum limit for the number data files each database\ncan have. The default quota is 8 data files, when quota is true. Default: false</p>\n\n<h5><code>quotafiles</code></h5>\n\n<p>Modify limit on the number of data files per database. This option requires the\n<code>quota</code> setting. Default: 8</p>\n\n<h5><code>diaglog</code></h5>\n\n<p>Creates a very verbose diagnostic log for troubleshooting and recording various\nerrors. Valid values: 0, 1, 2, 3 and 7. \nFor more information please refer to <a href=\"http://docs.mongodb.org/manual/reference/configuration-options/\">MongoDB Configuration File Options</a>.</p>\n\n<h5><code>directoryperdb</code></h5>\n\n<p>Set to true to modify the storage pattern of the data directory to store each\ndatabase’s files in a distinct folder. Default: false</p>\n\n<h5><code>profile</code></h5>\n\n<p>Modify this value to changes the level of database profiling, which inserts\ninformation about operation performance into output of mongod or the\nlog file if specified by <code>logpath</code>.</p>\n\n<h5><code>maxconns</code></h5>\n\n<p>Specifies a value to set the maximum number of simultaneous connections\nthat MongoDB will accept. Default: depends on system (i.e. ulimit and file descriptor)\nlimits. Unless set, MongoDB will not limit its own connections.</p>\n\n<h5><code>oplog_size</code></h5>\n\n<p>Specifies a maximum size in megabytes for the replication operation log \n(e.g. oplog.) mongod creates an oplog based on the maximum amount of space\navailable. For 64-bit systems, the oplog is typically 5% of available disk space.</p>\n\n<h5><code>nohints</code></h5>\n\n<p>Ignore query hints. Default: None</p>\n\n<h5><code>nohttpinterface</code></h5>\n\n<p>Set to true to disable the HTTP interface. This command will override the rest\nand disable the HTTP interface if you specify both. Default: false</p>\n\n<h5><code>noscripting</code></h5>\n\n<p>Set noscripting = true to disable the scripting engine. Default: false</p>\n\n<h5><code>notablescan</code></h5>\n\n<p>Set notablescan = true to forbid operations that require a table scan. Default: false</p>\n\n<h5><code>noprealloc</code></h5>\n\n<p>Set noprealloc = true to disable the preallocation of data files. This will shorten\nthe start up time in some cases, but can cause significant performance penalties\nduring normal operations. Default: false</p>\n\n<h5><code>nssize</code></h5>\n\n<p>Use this setting to control the default size for all newly created namespace f\niles (i.e .ns). Default: 16</p>\n\n<h5><code>mms_token</code></h5>\n\n<p>MMS token for mms monitoring. Default: None</p>\n\n<h5><code>mms_name</code></h5>\n\n<p>MMS identifier for mms monitoring. Default: None</p>\n\n<h5><code>mms_interval</code></h5>\n\n<p>MMS interval for mms monitoring. Default: None</p>\n\n<h5><code>replset</code></h5>\n\n<p>Use this setting to configure replication with replica sets. Specify a replica\nset name as an argument to this set. All hosts must have the same set name.</p>\n\n<h5><code>rest</code></h5>\n\n<p>Set to true to enable a simple REST interface. Default: false</p>\n\n<h5><code>slowms</code></h5>\n\n<p>Sets the threshold for mongod to consider a query “slow” for the database profiler. \nDefault: 100 ms</p>\n\n<h5><code>keyfile</code></h5>\n\n<p>Specify the path to a key file to store authentication information. This option \nis only useful for the connection between replica set members. Default: None</p>\n\n<h5><code>master</code></h5>\n\n<p>Set to true to configure the current instance to act as master instance in a\nreplication configuration. Default: False <em>Note</em>: deprecated – use replica sets</p>\n\n<h5><code>slave</code></h5>\n\n<p>Set to true to configure the current instance to act as slave instance in a\nreplication configuration. Default: false\n<em>Note</em>: deprecated – use replica sets</p>\n\n<h5><code>only</code></h5>\n\n<p>Used with the slave option, only specifies only a single database to\nreplicate. Default: <> \n<em>Note</em>: deprecated – use replica sets</p>\n\n<h5><code>source</code></h5>\n\n<p>Used with the slave setting to specify the master instance from which\nthis slave instance will replicate. Default: <> \n<em>Note</em>: deprecated – use replica sets</p>\n\n<h2>Limitation</h2>\n\n<p>This module has been tested on:</p>\n\n<ul>\n<li>Debian 7.* (Wheezy)</li>\n<li>Debian 6.* (squeeze)</li>\n<li>Ubuntu 12.04.2 (precise)</li>\n<li>Ubuntu 10.04.4 LTS (lucid)</li>\n<li>RHEL 5/6</li>\n<li>CentOS 5/6</li>\n</ul>\n\n<p>For a for list of tested OS please have a look at the <a href=\"https://github.com/puppetlabs/puppetlabs-mongodb/blob/master/.nodeset.yml\">.nodeset.xml</a> definition.</p>\n\n<h2>Development</h2>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community\ncontributions are essential for keeping them great. We can’t access the\nhuge number of platforms and myriad of hardware, software, and deployment\nconfigurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our\nmodules work in your environment. There are a few guidelines that we need\ncontributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n\n<h3>Testing</h3>\n\n<p>There are two types of tests distributed with this module. Unit tests with\nrspec-puppet and system tests using rspec-system.</p>\n\n<p>unit tests should be run under Bundler with the gem versions as specified\nin the Gemfile. To install the necessary gems:</p>\n\n<pre><code>bundle install --path=vendor\n</code></pre>\n\n<p>Test setup and teardown is handled with rake tasks, so the\nsupported way of running tests is with </p>\n\n<pre><code>bundle exec rake spec\n</code></pre>\n\n<p>For system test you will also need to install vagrant > 1.3.x and virtualbox > 4.2.10.\nTo run the system tests</p>\n\n<pre><code>bundle exec rake spec:system\n</code></pre>\n\n<p>To run the tests on different operating systems, see the sets available in <a href=\"https://github.com/puppetlabs/puppetlabs-mongodb/blob/master/.nodeset.yml\">.nodeset.xml</a>\nand run the specific set with the following syntax:</p>\n\n<pre><code>RSPEC_SET=ubuntu-server-12042-x64 bundle exec rake spec:system\n</code></pre>\n\n<h3>Authors</h3>\n\n<p>We would like to thank everyone who has contributed issues and pull requests to this modules.\nA complete list of contributors can be found on the \n<a href=\"https://github.com/puppetlabs/puppetlabs-mongodb/graphs/contributors\">GitHub Contributor Graph</a>\nfor the <a href=\"https://github.com/puppetlabs/puppetlabs-mongodb\">puppetlabs-mongodb module</a>.</p>\n</section>",
|
|
3335
|
+
"readme": "<section class=\"markdown\"><h1>mongodb puppet module</h1>\n\n<p><a href=\"https://travis-ci.org/puppetlabs/puppetlabs-mongodb\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-mongodb.png?branch=main\" alt=\"Build Status\"></a></p>\n\n<h4>Table of Contents</h4>\n\n<ol>\n<li><a href=\"#overview\">Overview</a></li>\n<li><a href=\"#module-description\">Module Description - What does the module do?</a></li>\n<li><a href=\"#setup\">Setup - The basics of getting started with mongodb</a></li>\n<li><a href=\"#usage\">Usage - Configuration options and additional functionality</a></li>\n<li><a href=\"#reference\">Reference - An under-the-hood peek at what the module is doing and how</a></li>\n<li><a href=\"#limitations\">Limitations - OS compatibility, etc.</a></li>\n<li><a href=\"#development\">Development - Guide for contributing to the module</a></li>\n</ol>\n\n<h2>Overview</h2>\n\n<p>Installs MongoDB on RHEL/Ubuntu/Debian from OS repo, or alternatively from\n10gen repository <a href=\"http://www.mongodb.org/display/DOCS/Ubuntu+and+Debian+packages\">installation documentation</a>.</p>\n\n<h3>Deprecation Warning</h3>\n\n<p>This release is a major refactoring of the module which means that the API may\nhave changed in backwards incompatible ways. If your project depends on the old API, \nplease pin your dependencies to 0.3 version to ensure your environments don't break.</p>\n\n<p>The current module design is undergoing review for potential 1.0 release. We welcome\nany feedback with regard to the APIs and patterns used in this release.</p>\n\n<h2>Module Description</h2>\n\n<p>The MongoDB module manages mongod server installation and configuration of the mongod daemon. For the time being it supports only a single\nMongoDB server instance, without sharding and limited replica set \nfunctionality (you can define the replica set parameter in the config file, however\nrs.initiate() has to be done manually).</p>\n\n<h2>Setup</h2>\n\n<h3>What MongoDB affects</h3>\n\n<ul>\n<li>MongoDB package.</li>\n<li>MongoDB configuration files.</li>\n<li>MongoDB service.</li>\n<li>10gen/mongodb apt/yum repository.</li>\n</ul>\n\n<h3>Beginning with MongoDB</h3>\n\n<p>If you just want a server installation with the default options you can run\n<code>include '::mongodb:server'</code>. If you need to customize configuration\noptions you need to do the following:</p>\n\n<pre lang=\"puppet\"><code>class {'::mongodb::server':\n port => 27018,\n verbose => true,\n}\n</code></pre>\n\n<p>Although most distro comes with a prepacked MongoDB server we recommend to\nuse the 10gen/MongoDB software repository, because most of the current OS\npackages are outdated and not appropriate for a production environment.\nTo install MongoDB from 10gen repository:</p>\n\n<pre lang=\"puppet\"><code>class {'::mongodb::globals':\n manage_package_repo => true,\n}->\nclass {'::mongodb::server': }\n</code></pre>\n\n<h2>Usage</h2>\n\n<p>Most of the interaction for the server is done via <code>mongodb::server</code>. For\nmore options please have a look at <a href=\"#class-mongodbserver\">monogbd::server</a>.\nAlso in this version we introduced <code>mongodb::globals</code>, which is meant more\nfor future implementation, where you can configure the main settings for\nthis module in a global way, to be used by other classes and defined resources. \nOn its own it does nothing.</p>\n\n<h2>Reference</h2>\n\n<h3>Classes</h3>\n\n<h4>Public classes</h4>\n\n<ul>\n<li><code>mongodb::server</code>: Installs and configure MongoDB</li>\n<li><code>mongodb::globals</code>: Configure main settings on a global way</li>\n</ul>\n\n<h4>Private classes</h4>\n\n<ul>\n<li><code>mongodb::repo</code>: Manage 10gen/MongoDB software repository</li>\n<li><code>mongodb::repo::apt</code>: Manage Debian/Ubuntu apt 10gen/MongoDB repository</li>\n<li><code>mongodb::repo::yum</code>: Manage Redhat/CentOS apt 10gen/MongoDB repository</li>\n<li><code>mongodb::server::config</code>: Configures MongoDB configuration files</li>\n<li><code>mongodb::server::install</code>: Install MongoDB software packages</li>\n<li><code>mongodb::server::service</code>: Manages service</li>\n</ul>\n\n<h4>Class: mongodb::globals</h4>\n\n<p><em>Note:</em> most server specific defaults should be overridden in the <code>mongodb::server</code>\nclass. This class should only be used if you are using a non-standard OS or\nif you are changing elements such as <code>version</code> or <code>manage_package_repo</code> that\ncan only be changed here.</p>\n\n<p>This class allows you to configure the main settings for this module in a\nglobal way, to be used by the other classes and defined resources. On its\nown it does nothing.</p>\n\n<h5><code>server_package_name</code></h5>\n\n<p>This setting can be used to override the default MongoDB server package\nname. If not specified, the module will use whatever package name is the\ndefault for your OS distro.</p>\n\n<h5><code>service_name</code></h5>\n\n<p>This setting can be used to override the default MongoDB service name. If not\nspecified, the module will use whatever service name is the default for your OS distro.</p>\n\n<h5><code>service_provider</code></h5>\n\n<p>This setting can be used to override the default MongoDB service provider. If\nnot specified, the module will use whatever service provider is the default for\nyour OS distro.</p>\n\n<h5><code>service_status</code></h5>\n\n<p>This setting can be used to override the default status check command for\nyour MongoDB service. If not specified, the module will use whatever service\nname is the default for your OS distro.</p>\n\n<h5><code>user</code></h5>\n\n<p>This setting can be used to override the default MongoDB user and owner of the\nservice and related files in the file system. If not specified, the module will\nuse the default for your OS distro.</p>\n\n<h5><code>group</code></h5>\n\n<p>This setting can be used to override the default MongoDB user group to be used\nfor related files in the file system. If not specified, the module will use\nthe default for your OS distro.</p>\n\n<h5><code>bind_ip</code></h5>\n\n<p>This setting can be used to configure MonogDB process to bind to and listen\nfor connections from applications on this address. If not specified, the\nmodule will use the default for your OS distro.\n<em>Note:</em> This value should be passed an an array.</p>\n\n<h5><code>version</code></h5>\n\n<p>The version of MonogDB to install/manage. This is a simple way of providing\na specific version such as '2.2' or '2.4' for example. If not specified,\nthe module will use the default for your OS distro.</p>\n\n<h4>Class: mongodb::server</h4>\n\n<p>Most of the parameters manipulates the mongod.conf file. </p>\n\n<p>For more details about configuration parameters consult the <a href=\"http://docs.mongodb.org/manual/reference/configuration-options/\">MongoDB Configuration File Options</a>.</p>\n\n<h5><code>ensure</code></h5>\n\n<p>enable or disable the service</p>\n\n<h5><code>config</code></h5>\n\n<p>Path of the config file. If not specified, the module will use the default\nfor your OS distro.</p>\n\n<h5><code>dbpath</code></h5>\n\n<p>Set this value to designate a directory for the mongod instance to store\nit's data. If not specified, the module will use the default for your OS distro.</p>\n\n<h5><code>pidfilepath</code></h5>\n\n<p>Specify a file location to hold the PID or process ID of the mongod process.\nIf not specified, the module will use the default for your OS distro.</p>\n\n<h5><code>logpath</code></h5>\n\n<p>Specify the path to a file name for the log file that will hold all diagnostic\nlogging information. Unless specified, mongod will output all log information\nto the standard output.</p>\n\n<h5><code>bind_ip</code></h5>\n\n<p>Set this option to configure the mongod or mongos process to bind to and listen\nfor connections from applications on this address. If not specified, the module\nwill use the default for your OS distro. Example: bind_ip=['127.0.0.1', '192.168.0.3']\n<em>Note</em>: bind_ip accept array as a value. </p>\n\n<h5><code>logappend</code></h5>\n\n<p>Set to true to add new entries to the end of the logfile rather than overwriting\nthe content of the log when the process restarts. Default: True</p>\n\n<h5><code>fork</code></h5>\n\n<p>Set to true to enable database authentication for users connecting from remote\nhosts. If not specified, the module will use the default for your OS distro.</p>\n\n<h5><code>port</code></h5>\n\n<p>Specifies a TCP port for the server instance to listen for client connections. \nDefault: 27017</p>\n\n<h5><code>journal</code></h5>\n\n<p>Set to true to enable operation journaling to ensure write durability and\ndata consistency. Default: on 64-bit systems true and on 32-bit systems false</p>\n\n<h5><code>nojournal</code></h5>\n\n<p>Set nojournal = true to disable durability journaling. By default, mongod\nenables journaling in 64-bit versions after v2.0. \nDefault: on 64-bit systems false and on 32-bit systems true</p>\n\n<p><em>Note</em>: You must use journal to enable journaling on 32-bit systems.</p>\n\n<h5><code>smallfiles</code></h5>\n\n<p>Set to true to modify MongoDB to use a smaller default data file size. \nSpecifically, smallfiles reduces the initial size for data files and\nlimits them to 512 megabytes. Default: false</p>\n\n<h5><code>cpu</code></h5>\n\n<p>Set to true to force mongod to report every four seconds CPU utilization\nand the amount of time that the processor waits for I/O operations to\ncomplete (i.e. I/O wait.) Default: false</p>\n\n<h5><code>auth</code></h5>\n\n<p>Set to true to enable database authentication for users connecting from\nremote hosts. If no users exist, the localhost interface will continue\nto have access to the database until you create the first user. \nDefault: false</p>\n\n<h5><code>noauth</code></h5>\n\n<p>Disable authentication. Currently the default. Exists for future compatibility\n and clarity.</p>\n\n<h5><code>verbose</code></h5>\n\n<p>Increases the amount of internal reporting returned on standard output or in\nthe log file generated by <code>logpath</code>. Default: false</p>\n\n<h5><code>verbositylevel</code></h5>\n\n<p>MongoDB has the following levels of verbosity: v, vv, vvv, vvvv and vvvvv.\nDefault: None</p>\n\n<h5><code>objcheck</code></h5>\n\n<p>Forces the mongod to validate all requests from clients upon receipt to ensure\nthat clients never insert invalid documents into the database. \nDefault: on v2.4 default to true and on earlier version to false</p>\n\n<h5><code>quota</code></h5>\n\n<p>Set to true to enable a maximum limit for the number data files each database\ncan have. The default quota is 8 data files, when quota is true. Default: false</p>\n\n<h5><code>quotafiles</code></h5>\n\n<p>Modify limit on the number of data files per database. This option requires the\n<code>quota</code> setting. Default: 8</p>\n\n<h5><code>diaglog</code></h5>\n\n<p>Creates a very verbose diagnostic log for troubleshooting and recording various\nerrors. Valid values: 0, 1, 2, 3 and 7. \nFor more information please refer to <a href=\"http://docs.mongodb.org/manual/reference/configuration-options/\">MongoDB Configuration File Options</a>.</p>\n\n<h5><code>directoryperdb</code></h5>\n\n<p>Set to true to modify the storage pattern of the data directory to store each\ndatabase’s files in a distinct folder. Default: false</p>\n\n<h5><code>profile</code></h5>\n\n<p>Modify this value to changes the level of database profiling, which inserts\ninformation about operation performance into output of mongod or the\nlog file if specified by <code>logpath</code>.</p>\n\n<h5><code>maxconns</code></h5>\n\n<p>Specifies a value to set the maximum number of simultaneous connections\nthat MongoDB will accept. Default: depends on system (i.e. ulimit and file descriptor)\nlimits. Unless set, MongoDB will not limit its own connections.</p>\n\n<h5><code>oplog_size</code></h5>\n\n<p>Specifies a maximum size in megabytes for the replication operation log \n(e.g. oplog.) mongod creates an oplog based on the maximum amount of space\navailable. For 64-bit systems, the oplog is typically 5% of available disk space.</p>\n\n<h5><code>nohints</code></h5>\n\n<p>Ignore query hints. Default: None</p>\n\n<h5><code>nohttpinterface</code></h5>\n\n<p>Set to true to disable the HTTP interface. This command will override the rest\nand disable the HTTP interface if you specify both. Default: false</p>\n\n<h5><code>noscripting</code></h5>\n\n<p>Set noscripting = true to disable the scripting engine. Default: false</p>\n\n<h5><code>notablescan</code></h5>\n\n<p>Set notablescan = true to forbid operations that require a table scan. Default: false</p>\n\n<h5><code>noprealloc</code></h5>\n\n<p>Set noprealloc = true to disable the preallocation of data files. This will shorten\nthe start up time in some cases, but can cause significant performance penalties\nduring normal operations. Default: false</p>\n\n<h5><code>nssize</code></h5>\n\n<p>Use this setting to control the default size for all newly created namespace f\niles (i.e .ns). Default: 16</p>\n\n<h5><code>mms_token</code></h5>\n\n<p>MMS token for mms monitoring. Default: None</p>\n\n<h5><code>mms_name</code></h5>\n\n<p>MMS identifier for mms monitoring. Default: None</p>\n\n<h5><code>mms_interval</code></h5>\n\n<p>MMS interval for mms monitoring. Default: None</p>\n\n<h5><code>replset</code></h5>\n\n<p>Use this setting to configure replication with replica sets. Specify a replica\nset name as an argument to this set. All hosts must have the same set name.</p>\n\n<h5><code>rest</code></h5>\n\n<p>Set to true to enable a simple REST interface. Default: false</p>\n\n<h5><code>slowms</code></h5>\n\n<p>Sets the threshold for mongod to consider a query “slow” for the database profiler. \nDefault: 100 ms</p>\n\n<h5><code>keyfile</code></h5>\n\n<p>Specify the path to a key file to store authentication information. This option \nis only useful for the connection between replica set members. Default: None</p>\n\n<h5><code>primary Puppet server</code></h5>\n\n<p>Set to true to configure the current instance to act as primary Puppet server instance in a\nreplication configuration. Default: False <em>Note</em>: deprecated – use replica sets</p>\n\n<h5><code>replica</code></h5>\n\n<p>Set to true to configure the current instance to act as replica instance in a\nreplication configuration. Default: false\n<em>Note</em>: deprecated – use replica sets</p>\n\n<h5><code>only</code></h5>\n\n<p>Used with the replica option, only specifies only a single database to\nreplicate. Default: <> \n<em>Note</em>: deprecated – use replica sets</p>\n\n<h5><code>source</code></h5>\n\n<p>Used with the replica setting to specify the primary Puppet server instance from which\nthis replica instance will replicate. Default: <> \n<em>Note</em>: deprecated – use replica sets</p>\n\n<h2>Limitation</h2>\n\n<p>This module has been tested on:</p>\n\n<ul>\n<li>Debian 7.* (Wheezy)</li>\n<li>Debian 6.* (squeeze)</li>\n<li>Ubuntu 12.04.2 (precise)</li>\n<li>Ubuntu 10.04.4 LTS (lucid)</li>\n<li>RHEL 5/6</li>\n<li>CentOS 5/6</li>\n</ul>\n\n<p>For a for list of tested OS please have a look at the <a href=\"https://github.com/puppetlabs/puppetlabs-mongodb/blob/main/.nodeset.yml\">.nodeset.xml</a> definition.</p>\n\n<h2>Development</h2>\n\n<p>Puppet Labs modules on the Puppet Forge are open projects, and community\ncontributions are essential for keeping them great. We can’t access the\nhuge number of platforms and myriad of hardware, software, and deployment\nconfigurations that Puppet is intended to serve.</p>\n\n<p>We want to keep it as easy as possible to contribute changes so that our\nmodules work in your environment. There are a few guidelines that we need\ncontributors to follow so that we can have a chance of keeping on top of things.</p>\n\n<p>You can read the complete module contribution guide <a href=\"http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing\">on the Puppet Labs wiki.</a></p>\n\n<h3>Testing</h3>\n\n<p>There are two types of tests distributed with this module. Unit tests with\nrspec-puppet and system tests using rspec-system.</p>\n\n<p>unit tests should be run under Bundler with the gem versions as specified\nin the Gemfile. To install the necessary gems:</p>\n\n<pre><code>bundle install --path=vendor\n</code></pre>\n\n<p>Test setup and teardown is handled with rake tasks, so the\nsupported way of running tests is with </p>\n\n<pre><code>bundle exec rake spec\n</code></pre>\n\n<p>For system test you will also need to install vagrant > 1.3.x and virtualbox > 4.2.10.\nTo run the system tests</p>\n\n<pre><code>bundle exec rake spec:system\n</code></pre>\n\n<p>To run the tests on different operating systems, see the sets available in <a href=\"https://github.com/puppetlabs/puppetlabs-mongodb/blob/main/.nodeset.yml\">.nodeset.xml</a>\nand run the specific set with the following syntax:</p>\n\n<pre><code>RSPEC_SET=ubuntu-server-12042-x64 bundle exec rake spec:system\n</code></pre>\n\n<h3>Authors</h3>\n\n<p>We would like to thank everyone who has contributed issues and pull requests to this modules.\nA complete list of contributors can be found on the \n<a href=\"https://github.com/puppetlabs/puppetlabs-mongodb/graphs/contributors\">GitHub Contributor Graph</a>\nfor the <a href=\"https://github.com/puppetlabs/puppetlabs-mongodb\">puppetlabs-mongodb module</a>.</p>\n</section>",
|
|
3336
3336
|
"changelog": "<section class=\"plaintext\"><pre>2013-10-31 - Version 0.3.0\n\nSummary:\n\nAdds a number of parameters and fixes some platform\nspecific bugs in module deployment.\n\n2013-09-25 - Version 0.2.0\n\nSummary:\n\nThis release fixes a duplicate parameter.\n\nFixes:\n- Fix a duplicated parameter.\n\n2012-07-13 Puppet Labs <info@puppetlabs.com> - 0.1.0\n* Add support for RHEL/CentOS\n* Change default mongodb install location to OS repo\n\n2012-05-29 Puppet Labs <info@puppetlabs.com> - 0.0.2\n* Fix Modulefile typo.\n* Remove repo pin.\n* Update spec tests and add travis support.\n\n2012-05-03 Puppet Labs <info@puppetlabs.com> - 0.0.1\n* Initial Release.\n</pre></section>",
|
|
3337
3337
|
"license": "<section class=\"plaintext\"><pre>Copyright (C) 2012 Puppet Labs Inc\n\nPuppet Labs can be contacted at: info@puppetlabs.com\n\nLicensed under the Apache License, Version 2.0 (the "License");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an "AS IS" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n</pre></section>",
|
|
3338
3338
|
"created_at": "2013-12-18 11:21:51 -0800",
|
|
@@ -4059,7 +4059,7 @@
|
|
|
4059
4059
|
"file_size": 20568,
|
|
4060
4060
|
"file_md5": "7cf55f8c280c1f4cb9abb5d40c8f0986",
|
|
4061
4061
|
"downloads": 18255,
|
|
4062
|
-
"readme": "<section class=\"markdown\"><p><a href=\"https://travis-ci.org/cprice-puppet/puppetlabs-inifile\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-inifile.png?branch=
|
|
4062
|
+
"readme": "<section class=\"markdown\"><p><a href=\"https://travis-ci.org/cprice-puppet/puppetlabs-inifile\"><img src=\"https://travis-ci.org/puppetlabs/puppetlabs-inifile.png?branch=main\" alt=\"Build Status\"></a></p>\n\n<h1>INI-file module</h1>\n\n<p>This module provides resource types for use in managing INI-style configuration\nfiles. The main resource type is <code>ini_setting</code>, which is used to manage an\nindividual setting in an INI file. Here's an example usage:</p>\n\n<pre><code>ini_setting { "sample setting":\n path => '/tmp/foo.ini',\n section => 'foo',\n setting => 'foosetting',\n value => 'FOO!',\n ensure => present,\n}\n</code></pre>\n\n<p>A supplementary resource type is <code>ini_subsetting</code>, which is used to manage\nsettings that consist of several arguments such as</p>\n\n<pre><code>JAVA_ARGS="-Xmx192m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/log/pe-puppetdb/puppetdb-oom.hprof "\n\nini_subsetting {'sample subsetting':\n ensure => present,\n section => '',\n key_val_separator => '=',\n path => '/etc/default/pe-puppetdb',\n setting => 'JAVA_ARGS',\n subsetting => '-Xmx',\n value => '512m',\n}\n</code></pre>\n\n<h2>implementing child providers:</h2>\n\n<p>The ini_setting class can be overridden by child providers in order to implement the management of ini settings for a specific configuration file.</p>\n\n<p>In order to implement this, you will need to specify your own Type (as shown below). This type needs to implement a namevar (name), and a property called value:</p>\n\n<p>example:</p>\n\n<pre><code>#my_module/lib/puppet/type/glance_api_config.rb\nPuppet::Type.newtype(:glance_api_config) do\n ensurable\n newparam(:name, :namevar => true) do\n desc 'Section/setting name to manage from glance-api.conf'\n # namevar should be of the form section/setting\n newvalues(/\\S+\\/\\S+/)\n end\n newproperty(:value) do\n desc 'The value of the setting to be defined.'\n munge do |v|\n v.to_s.strip\n end\n end\nend\n</code></pre>\n\n<p>This type also must have a provider that utilizes the ini_setting provider as its parent:</p>\n\n<p>example:</p>\n\n<pre><code># my_module/lib/puppet/provider/glance_api_config/ini_setting.rb\nPuppet::Type.type(:glance_api_config).provide(\n :ini_setting,\n # set ini_setting as the parent provider\n :parent => Puppet::Type.type(:ini_setting).provider(:ruby)\n) do\n # implement section as the first part of the namevar\n def section\n resource[:name].split('/', 2).first\n end\n def setting\n # implement setting as the second part of the namevar\n resource[:name].split('/', 2).last\n end\n # hard code the file path (this allows purging)\n def self.file_path\n '/etc/glance/glance-api.conf'\n end\nend\n</code></pre>\n\n<p>Now, the individual settings of the /etc/glance/glance-api.conf file can be managed as individual resources:</p>\n\n<pre><code>glance_api_config { 'HEADER/important_config':\n value => 'secret_value',\n}\n</code></pre>\n\n<p>Provided that self.file_path has been implemented, you can purge with the following puppet syntax:</p>\n\n<pre><code>resources { 'glance_api_config'\n purge => true,\n}\n</code></pre>\n\n<p>If the above code is added, then the resulting configured file will only contain lines implemented as Puppet resources</p>\n\n<h2>A few noteworthy features:</h2>\n\n<ul>\n<li>The module tries <em>hard</em> not to manipulate your file any more than it needs to.\nIn most cases, it should leave the original whitespace, comments, ordering,\netc. perfectly intact.</li>\n<li>Supports comments starting with either '#' or ';'.</li>\n<li>Will add missing sections if they don't exist.</li>\n<li>Supports a "global" section (settings that go at the beginning of the file,\nbefore any named sections) by specifying a section name of "".</li>\n</ul>\n</section>",
|
|
4063
4063
|
"changelog": "<section class=\"plaintext\"><pre>2013-07-16 - Version 1.0.0\nFeatures:\n- Handle empty values.\n- Handle whitespace in settings names (aka: server role = something)\n- Add mechanism for allowing ini_setting subclasses to override the\nformation of the namevar during .instances, to allow for ini_setting\nderived types that manage flat ini-file-like files and still purge\nthem.\n\n2013-05-28 - Chris Price <chris@puppetlabs.com> - 0.10.3\n * Fix bug in subsetting handling for new settings (cbea5dc)\n\n2013-05-22 - Chris Price <chris@puppetlabs.com> - 0.10.2\n * Better handling of quotes for subsettings (1aa7e60)\n\n2013-05-21 - Chris Price <chris@puppetlabs.com> - 0.10.1\n * Change constants to class variables to avoid ruby warnings (6b19864)\n\n2013-04-10 - Erik Dalén <dalen@spotify.com> - 0.10.1\n * Style fixes (c4af8c3)\n\n2013-04-02 - Dan Bode <dan@puppetlabs.com> - 0.10.1\n * Add travisfile and Gemfile (c2052b3)\n\n2013-04-02 - Chris Price <chris@puppetlabs.com> - 0.10.1\n * Update README.markdown (ad38a08)\n\n2013-02-15 - Karel Brezina <karel.brezina@gmail.com> - 0.10.0\n * Added 'ini_subsetting' custom resource type (4351d8b)\n\n2013-03-11 - Dan Bode <dan@puppetlabs.com> - 0.10.0\n * guard against nil indentation values (5f71d7f)\n\n2013-01-07 - Dan Bode <dan@puppetlabs.com> - 0.10.0\n * Add purging support to ini file (2f22483)\n\n2013-02-05 - James Sweeny <james.sweeny@puppetlabs.com> - 0.10.0\n * Fix test to use correct key_val_parameter (b1aff63)\n\n2012-11-06 - Chris Price <chris@puppetlabs.com> - 0.10.0\n * Added license file w/Apache 2.0 license (5e1d203)\n\n2012-11-02 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Version 0.9.0 released\n\n2012-10-26 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Add detection for commented versions of settings (a45ab65)\n\n2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Refactor to clarify implementation of `save` (f0d443f)\n\n2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Add example for `ensure=absent` (e517148)\n\n2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Better handling of whitespace lines at ends of sections (845fa70)\n\n2012-10-20 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Respect indentation / spacing for existing sections and settings (c2c26de)\n\n2012-10-17 - Chris Price <chris@puppetlabs.com> - 0.9.0\n * Minor tweaks to handling of removing settings (cda30a6)\n\n2012-10-10 - Dan Bode <dan@puppetlabs.com> - 0.9.0\n * Add support for removing lines (1106d70)\n\n2012-10-02 - Dan Bode <dan@puppetlabs.com> - 0.9.0\n * Make value a property (cbc90d3)\n\n2012-10-02 - Dan Bode <dan@puppetlabs.com> - 0.9.0\n * Make ruby provider a better parent. (1564c47)\n\n2012-09-29 - Reid Vandewiele <reid@puppetlabs.com> - 0.9.0\n * Allow values with spaces to be parsed and set (3829e20)\n\n2012-09-24 - Chris Price <chris@pupppetlabs.com> - 0.0.3\n * Version 0.0.3 released\n\n2012-09-20 - Chris Price <chris@puppetlabs.com> - 0.0.3\n * Add validation for key_val_separator (e527908)\n\n2012-09-19 - Chris Price <chris@puppetlabs.com> - 0.0.3\n * Allow overriding separator string between key/val pairs (8d1fdc5)\n\n2012-08-20 - Chris Price <chris@pupppetlabs.com> - 0.0.2\n * Version 0.0.2 released\n\n2012-08-17 - Chris Price <chris@pupppetlabs.com> - 0.0.2\n * Add support for "global" section at beginning of file (c57dab4)\n</pre></section>",
|
|
4064
4064
|
"license": "<section class=\"plaintext\"><pre> Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n "License" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n "Licensor" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n "Legal Entity" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n "control" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n "You" (or "Your") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n "Source" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n "Object" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n "Work" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n "Derivative Works" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n "Contribution" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, "submitted"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as "Not a Contribution."\n\n "Contributor" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a "NOTICE" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets "[]"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same "printed page" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright 2012 Chris Price\n\n Licensed under the Apache License, Version 2.0 (the "License");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an "AS IS" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n</pre></section>",
|
|
4065
4065
|
"created_at": "2013-07-17 05:26:51 -0700",
|
|
@@ -4176,4 +4176,4 @@
|
|
|
4176
4176
|
"issues_url": "https://tickets.puppetlabs.com"
|
|
4177
4177
|
}
|
|
4178
4178
|
]
|
|
4179
|
-
}
|
|
4179
|
+
}
|