Add apache cookbook
authorTom Hughes <tom@compton.nu>
Thu, 30 May 2013 20:40:23 +0000 (21:40 +0100)
committerTom Hughes <tom@compton.nu>
Thu, 30 May 2013 20:53:54 +0000 (21:53 +0100)
cookbooks/apache/README.rdoc [new file with mode: 0644]
cookbooks/apache/attributes/default.rb [new file with mode: 0644]
cookbooks/apache/definitions/apache_module.rb [new file with mode: 0644]
cookbooks/apache/definitions/apache_site.rb [new file with mode: 0644]
cookbooks/apache/metadata.rb [new file with mode: 0644]
cookbooks/apache/recipes/default.rb [new file with mode: 0644]
cookbooks/apache/recipes/ssl.rb [new file with mode: 0644]
cookbooks/apache/templates/default/httpd.conf.erb [new file with mode: 0644]
cookbooks/apache/templates/default/info.conf.erb [new file with mode: 0644]
cookbooks/apache/templates/default/ssl.erb [new file with mode: 0644]
cookbooks/apache/templates/default/status.conf.erb [new file with mode: 0644]

diff --git a/cookbooks/apache/README.rdoc b/cookbooks/apache/README.rdoc
new file mode 100644 (file)
index 0000000..3de2ec7
--- /dev/null
@@ -0,0 +1,8 @@
+= DESCRIPTION:
+
+= REQUIREMENTS:
+
+= ATTRIBUTES:
+
+= USAGE:
+
diff --git a/cookbooks/apache/attributes/default.rb b/cookbooks/apache/attributes/default.rb
new file mode 100644 (file)
index 0000000..23ef339
--- /dev/null
@@ -0,0 +1,27 @@
+default[:apache][:mpm] = "worker"
+
+default[:apache][:timeout] = 300
+
+default[:apache][:keepalive] = true
+
+default[:apache][:prefork][:start_servers] = 5
+default[:apache][:prefork][:min_spare_servers] = 5
+default[:apache][:prefork][:max_spare_servers] = 10
+default[:apache][:prefork][:max_clients] = 150
+default[:apache][:prefork][:max_requests_per_child] = 0
+
+default[:apache][:worker][:start_servers] = 2
+default[:apache][:worker][:min_spare_threads] = 25
+default[:apache][:worker][:max_spare_threads] = 75
+default[:apache][:worker][:thread_limit] = 64
+default[:apache][:worker][:threads_per_child] = 25
+default[:apache][:worker][:max_clients] = 150
+default[:apache][:worker][:max_requests_per_child] = 0
+
+default[:apache][:event][:start_servers] = 2
+default[:apache][:event][:max_clients] = 150
+default[:apache][:event][:min_spare_threads] = 25
+default[:apache][:event][:max_spare_threads] = 75
+default[:apache][:event][:thread_limit] = 64
+default[:apache][:event][:threads_per_child] = 25
+default[:apache][:event][:max_requests_per_child] = 0
diff --git a/cookbooks/apache/definitions/apache_module.rb b/cookbooks/apache/definitions/apache_module.rb
new file mode 100644 (file)
index 0000000..4ac8943
--- /dev/null
@@ -0,0 +1,70 @@
+#
+# Cookbook Name:: apache
+# Definition:: apache_module
+#
+# Copyright 2010, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_module, :action => [ :install, :enable ], :variables => {} do
+  name = params[:name]
+  module_action = params[:action]
+
+  if params[:package].nil? or params[:package].empty?
+    package_name = "libapache2-mod-#{name}"
+  else
+    package_name = params[:package]
+  end
+
+  if module_action.include?(:install)
+    package package_name do
+      action :install
+      not_if { File.exists?("/etc/apache2/mods-available/#{name}.load") }
+    end
+
+    if params[:conf]
+      template "/etc/apache2/mods-available/#{name}.conf" do
+        source params[:conf]
+        owner "root"
+        group "root"
+        mode 0644
+        variables params[:variables]
+        if File.exists?("/etc/apache2/mods-enabled/#{name}.load")
+          notifies :reload, resources(:service => "apache2")
+        end
+      end
+    end
+  end
+
+  if module_action.include?(:enable)
+    execute "a2enmod-#{name}" do
+      command "/usr/sbin/a2enmod #{name}"
+      notifies :restart, resources(:service => "apache2")
+      not_if { File.exists?("/etc/apache2/mods-enabled/#{name}.load") }
+    end
+  elsif module_action.include?(:disable) or module_action.include?(:remove)
+    execute "a2dismod-#{name}" do
+      command "/usr/sbin/a2dismod #{name}"
+      notifies :restart, resources(:service => "apache2")
+      only_if { File.exists?("/etc/apache2/mods-enabled/#{name}.load") }
+    end
+  end
+
+  if module_action.include?(:remove)
+    package package_name do
+      action :remove
+      only_if { File.exists?("/etc/apache2/mods-available/#{name}.load") }
+    end
+  end
+end
diff --git a/cookbooks/apache/definitions/apache_site.rb b/cookbooks/apache/definitions/apache_site.rb
new file mode 100644 (file)
index 0000000..c089595
--- /dev/null
@@ -0,0 +1,60 @@
+#
+# Cookbook Name:: apache
+# Definition:: apache_site
+#
+# Copyright 2010, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+define :apache_site, :action => [ :create, :enable ], :variables => {} do
+  name = params[:name]
+  directory = params[:directory] || "/var/www/#{name}"
+  site_action = params[:action]
+  link_name = name == "default" ? "000-default" : name
+
+  if site_action.include?(:create) or site_action.include?(:enable)
+    template "/etc/apache2/sites-available/#{name}" do
+      cookbook params[:cookbook]
+      source params[:template]
+      owner "root"
+      group "root"
+      mode 0644
+      variables params[:variables].merge(:name => name, :directory => directory)
+      if File.exists?("/etc/apache2/sites-enabled/#{link_name}")
+        notifies :reload, resources(:service => "apache2")
+      end
+    end
+  end
+
+  if site_action.include?(:enable)
+    execute "a2ensite-#{name}" do
+      command "/usr/sbin/a2ensite #{name}"
+      notifies :restart, resources(:service => "apache2")
+      not_if { File.exists?("/etc/apache2/sites-enabled/#{link_name}") }
+    end
+  elsif site_action.include?(:disable) or site_action.include?(:delete)
+    execute "a2dissite-#{name}" do
+      action :run
+      command "/usr/sbin/a2dissite #{name}"
+      notifies :restart, resources(:service => "apache2")
+      only_if { File.exists?("/etc/apache2/sites-enabled/#{link_name}") }
+    end
+  end
+
+  if site_action.include?(:delete)
+    file "/etc/apache2/sites-available/#{name}" do
+      action :delete
+    end
+  end
+end
diff --git a/cookbooks/apache/metadata.rb b/cookbooks/apache/metadata.rb
new file mode 100644 (file)
index 0000000..3f1eadc
--- /dev/null
@@ -0,0 +1,7 @@
+maintainer        "OpenStreetMap Administrators"
+maintainer_email  "admins@openstreetmap.org"
+license           "Apache 2.0"
+description       "Installs and configures apache"
+long_description  IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
+version           "1.0.0"
+depends           "ssl"
diff --git a/cookbooks/apache/recipes/default.rb b/cookbooks/apache/recipes/default.rb
new file mode 100644 (file)
index 0000000..9fa7fed
--- /dev/null
@@ -0,0 +1,55 @@
+#
+# Cookbook Name:: apache
+# Recipe:: default
+#
+# Copyright 2011, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+package "apache2"
+package "apache2-mpm-#{node[:apache][:mpm]}"
+
+admins = data_bag_item("apache", "admins")
+
+template "/etc/apache2/httpd.conf" do
+  source "httpd.conf.erb"
+  owner "root"
+  group "root"
+  mode 0644
+end
+
+service "apache2" do
+  action [ :enable, :start ]
+  supports :status => true, :restart => true, :reload => true
+  subscribes :restart, "package[apache2-mpm-#{node[:apache][:mpm]}]"
+  subscribes :reload, "template[/etc/apache2/httpd.conf]"
+end
+
+apache_module "info" do
+  conf "info.conf.erb"
+  variables :hosts => admins["hosts"]
+end
+
+apache_module "status" do
+  conf "status.conf.erb"
+  variables :hosts => admins["hosts"]
+end
+
+apache_module "reqtimeout" do
+  action [ :disable ]
+end
+
+munin_plugin "apache_accesses"
+munin_plugin "apache_processes"
+munin_plugin "apache_volume"
diff --git a/cookbooks/apache/recipes/ssl.rb b/cookbooks/apache/recipes/ssl.rb
new file mode 100644 (file)
index 0000000..37bf822
--- /dev/null
@@ -0,0 +1,38 @@
+#
+# Cookbook Name:: apache
+# Recipe:: ssl
+#
+# Copyright 2011, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apache"
+include_recipe "ssl"
+
+apache_module "ssl"
+
+template "/etc/apache2/conf.d/ssl" do
+  source "ssl.erb"
+  owner "root"
+  group "root"
+  mode 0644
+  notifies :reload, resources(:service => "apache2")
+end
+
+service "apache2" do
+  action :nothing
+  subscribes :restart, resources(:cookbook_file => "/etc/ssl/certs/rapidssl.pem")
+  subscribes :restart, resources(:cookbook_file => "/etc/ssl/certs/openstreetmap.pem")
+  subscribes :restart, resources(:file => "/etc/ssl/private/openstreetmap.key")
+end
diff --git a/cookbooks/apache/templates/default/httpd.conf.erb b/cookbooks/apache/templates/default/httpd.conf.erb
new file mode 100644 (file)
index 0000000..0361ffd
--- /dev/null
@@ -0,0 +1,50 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+# Set the number of seconds before receives and sends time out
+Timeout <%= node[:apache][:timeout] %>
+
+# Decide whether or not to allow persistent connections
+Keepalive <%= node[:apache][:keepalive] ? "On" : "Off" %>
+<% if node[:apache][:mpm] == "prefork" -%>
+
+# Configure prefork MPM
+StartServers <%= node[:apache][:prefork][:start_servers] %>
+<% if node[:apache][:prefork][:server_limit] -%>
+ServerLimit <%= node[:apache][:prefork][:server_limit] %>
+<% end -%>
+MinSpareServers <%= node[:apache][:prefork][:min_spare_servers] %>
+MaxSpareServers <%= node[:apache][:prefork][:max_spare_servers] %>
+MaxClients <%= node[:apache][:prefork][:max_clients] %>
+MaxRequestsPerChild <%= node[:apache][:prefork][:max_requests_per_child] %>
+<% end -%>
+<% if node[:apache][:mpm] == "worker" -%>
+
+# Configure worker MPM
+StartServers <%= node[:apache][:worker][:start_servers] %>
+<% if node[:apache][:worker][:server_limit] -%>
+ServerLimit <%= node[:apache][:worker][:server_limit] %>
+<% end -%>
+MinSpareThreads <%= node[:apache][:worker][:min_spare_threads] %>
+MaxSpareThreads <%= node[:apache][:worker][:max_spare_threads] %>
+ThreadLimit <%= node[:apache][:worker][:thread_limit] %>
+ThreadsPerChild <%= node[:apache][:worker][:threads_per_child] %>
+MaxClients <%= node[:apache][:worker][:max_clients] %>
+MaxRequestsPerChild <%= node[:apache][:worker][:max_requests_per_child] %>
+<% end -%>
+<% if node[:apache][:mpm] == "event" -%>
+
+# Configure event MPM
+StartServers <%= node[:apache][:event][:start_servers] %>
+<% if node[:apache][:event][:server_limit] -%>
+ServerLimit <%= node[:apache][:event][:server_limit] %>
+<% end -%>
+MinSpareThreads <%= node[:apache][:event][:min_spare_threads] %>
+MaxSpareThreads <%= node[:apache][:event][:max_spare_threads] %>
+ThreadLimit <%= node[:apache][:event][:thread_limit] %>
+ThreadsPerChild <%= node[:apache][:event][:threads_per_child] %>
+MaxClients <%= node[:apache][:event][:max_clients] %>
+MaxRequestsPerChild <%= node[:apache][:event][:max_requests_per_child] %>
+<% end -%>
+
+# Default to UTF-8
+AddDefaultCharset utf-8
diff --git a/cookbooks/apache/templates/default/info.conf.erb b/cookbooks/apache/templates/default/info.conf.erb
new file mode 100644 (file)
index 0000000..fd3fb8e
--- /dev/null
@@ -0,0 +1,20 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+<IfModule mod_info.c>
+
+<Location /server-info>
+    SetHandler server-info
+    Order deny,allow
+    Deny from all
+<% node.ipaddresses do |address| -%>
+    Allow from <%= address %>
+<% end -%>
+    Allow from 127.0.1.1
+    Allow from 127.0.0.1
+    Allow from ::1
+<% @hosts.each do |host| -%>
+    Allow from <%= host %>
+<% end -%>
+</Location>
+
+</IfModule>
diff --git a/cookbooks/apache/templates/default/ssl.erb b/cookbooks/apache/templates/default/ssl.erb
new file mode 100644 (file)
index 0000000..9e91555
--- /dev/null
@@ -0,0 +1,8 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+SSLHonorCipherOrder On
+SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
+
+SSLCertificateFile /etc/ssl/certs/openstreetmap.pem
+SSLCertificateKeyFile /etc/ssl/private/openstreetmap.key
+SSLCertificateChainFile /etc/ssl/certs/rapidssl.pem
diff --git a/cookbooks/apache/templates/default/status.conf.erb b/cookbooks/apache/templates/default/status.conf.erb
new file mode 100644 (file)
index 0000000..25cda1a
--- /dev/null
@@ -0,0 +1,26 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+<IfModule mod_status.c>
+
+ExtendedStatus On
+
+<Location /server-status>
+    SetHandler server-status
+    Order deny,allow
+    Deny from all
+<% node.ipaddresses do |address| -%>
+    Allow from <%= address %>
+<% end -%>
+    Allow from 127.0.1.1
+    Allow from 127.0.0.1
+    Allow from ::1
+<% @hosts.each do |host| -%>
+    Allow from <%= host %>
+<% end -%>
+</Location>
+
+<IfModule mod_proxy.c>
+    ProxyStatus On
+</IfModule>
+
+</IfModule>