Skip to content

Instantly share code, notes, and snippets.

@snehitgajjar

snehitgajjar/gist:0e48f2b52286f294175a0a72af91f38a

Created January 26, 2017 21:39
Show Gist options
  • Save snehitgajjar/0e48f2b52286f294175a0a72af91f38a to your computer and use it in GitHub Desktop.
Save snehitgajjar/0e48f2b52286f294175a0a72af91f38a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
This file has been truncated, but you can view the full file.
-----> Starting Kitchen (v1.15.0)
-----> Cleaning up any prior instances of <better-chef-rundeck-centos-68>
-----> Destroying <better-chef-rundeck-centos-68>...
Finished destroying <better-chef-rundeck-centos-68> (0m0.00s).
-----> Testing <better-chef-rundeck-centos-68>
-----> Creating <better-chef-rundeck-centos-68>...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'bento/centos-6.8'...
Progress: 10%
Progress: 30%
Progress: 40%
Progress: 50%
Progress: 80%
Progress: 90%
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'bento/centos-6.8' is up to date...
==> default: Setting the name of the VM: kitchen-rundeck-better-chef-rundeck-centos-68_default_1485462909585_34014
==> default: Fixed port collision for 22 => 2222. Now on port 2200.
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
==> default: Forwarding ports...
default: 22 (guest) => 2200 (host) (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2200
default: SSH username: vagrant
default: SSH auth method: private key
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: The guest additions on this VM do not match the installed version of
default: VirtualBox! In most cases this is fine, but in rare cases it can
default: prevent things such as shared folders from working properly. If you see
default: shared folder errors, please make sure the guest additions within the
default: virtual machine match the version of VirtualBox you have installed on
default: your host and reload your VM.
default:
default: Guest Additions Version: 5.1.10
default: VirtualBox Version: 5.0
==> default: Setting hostname...
==> default: Mounting shared folders...
default: /tmp/omnibus/cache => /Users/sg045734/.kitchen/cache
==> default: Machine not provisioned because `--no-provision` is specified.
[SSH] Established
Vagrant instance <better-chef-rundeck-centos-68> created.
Finished creating <better-chef-rundeck-centos-68> (0m43.28s).
-----> Converging <better-chef-rundeck-centos-68>...
Preparing files for transfer
Preparing dna.json
Resolving cookbook dependencies with Berkshelf 4.3.5...
Removing non-cookbook files before transfer
Preparing data_bags
Preparing validation.pem
Preparing client.rb
-----> Installing Chef Omnibus (install only if missing)
Downloading https://omnitruck.chef.io/install.sh to file /tmp/install.sh
Trying wget...
Download complete.
el 6 x86_64
Getting information for chef stable for el...
downloading https://omnitruck.chef.io/stable/chef/metadata?v=&p=el&pv=6&m=x86_64
to file /tmp/install.sh.2778/metadata.txt
trying wget...
sha1 bf54e7f486c2b0077db62bfa48adecd7110df332
sha256 d97c3a2279366816cfbdb22916d0952b9da1627a1653b42d3ef71022619473e4
url https://packages.chef.io/files/stable/chef/12.18.31/el/6/chef-12.18.31-1.el6.x86_64.rpm
version 12.18.31
downloaded metadata file looks valid...
/tmp/omnibus/cache/chef-12.18.31-1.el6.x86_64.rpm already exists, verifiying checksum...
Comparing checksum with sha256sum...
checksum compare succeeded, using existing file!
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
You are installing an omnibus package without a version pin. If you are installing
on production servers via an automated process this is DANGEROUS and you will
be upgraded without warning on new releases, even to new major releases.
Letting the version float is only appropriate in desktop, test, development or
CI/CD environments.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
Installing chef
installing with rpm...
warning: /tmp/omnibus/cache/chef-12.18.31-1.el6.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... (100%)# (100%)## (100%)### (100%)#### (100%)##### (100%)###### (100%)####### (100%)######## (100%)######### (100%)########## (100%)########### (100%)############ (100%)############# (100%)############## (100%)############### (100%)################ (100%)################# (100%)################## (100%)################### (100%)#################### (100%)##################### (100%)###################### (100%)####################### (100%)######################## (100%)######################### (100%)########################## (100%)########################### (100%)############################ (100%)############################# (100%)############################## (100%)############################### (100%)################################ (100%)################################# (100%)################################## (100%)################################### (100%)#################################### (100%)##################################### (100%)###################################### (100%)####################################### (100%)######################################## (100%)######################################### (100%)########################################## (100%)########################################### (100%)########################################### [100%]
1:chef ( 1%)# ( 3%)## ( 6%)### ( 8%)#### ( 10%)##### ( 13%)###### ( 15%)####### ( 17%)######## ( 19%)######### ( 22%)########## ( 24%)########### ( 26%)############ ( 28%)############# ( 31%)############## ( 33%)############### ( 35%)################ ( 38%)################# ( 40%)################## ( 42%)################### ( 44%)#################### ( 47%)##################### ( 49%)###################### ( 51%)####################### ( 53%)######################## ( 56%)######################### ( 58%)########################## ( 60%)########################### ( 63%)############################ ( 65%)############################# ( 67%)############################## ( 69%)############################### ( 72%)################################ ( 74%)################################# ( 76%)################################## ( 78%)################################### ( 81%)#################################### ( 83%)##################################### ( 85%)###################################### ( 88%)####################################### ( 90%)######################################## ( 92%)######################################### ( 94%)########################################## ( 97%)########################################### ( 99%)########################################### [100%]
Thank you for installing Chef!
Transferring files to <better-chef-rundeck-centos-68>
Starting Chef Client, version 12.18.31
Creating a new client identity for better-chef-rundeck-centos-68 using the validator key.
resolving cookbooks for run list: ["rundeck_fixtures", "rundeck::server", "rundeck::chef-rundeck", "rundeck_fixtures::chef_zero"]
Synchronizing Cookbooks:
- rundeck_fixtures (0.0.1)
- build-essential (7.0.3)
- runit (3.0.5)
- sudo (3.3.1)
- rundeck (3.2.0)
- java (1.46.0)
- java-libraries (0.2.0)
- seven_zip (2.0.2)
- mingw (1.2.5)
- apache2 (3.2.2)
- packagecloud (0.2.5)
- simple_passenger (0.4.3)
- yum-epel (2.1.1)
- compat_resource (12.16.3)
- apt (5.0.1)
- windows (2.1.1)
- logrotate (1.9.2)
- ruby_build (0.8.0)
- homebrew (3.0.0)
- ohai (4.2.3)
Installing Cookbook Gems:
Compiling Cookbooks...
[2017-01-26T20:35:55+00:00] WARN: Chef::Provider::AptRepository already exists! Cannot create deprecation class for LWRP provider apt_repository from cookbook apt
[2017-01-26T20:35:55+00:00] WARN: AptRepository already exists! Deprecation class overwrites Custom resource apt_repository from cookbook apt
chef-rundeck url: http://chef.kitchentest:9980
Recipe: build-essential::default
* build_essential[install_packages] action install
* yum_package[autoconf, bison, flex, gcc, gcc-c++, gettext, kernel-devel, make, m4, ncurses-devel, patch] action install
- install version 2.63-5.1.el6 of package autoconf
- install version 2.4.1-5.el6 of package bison
- install version 2.5.35-9.el6 of package flex
- install version 4.4.7-17.el6 of package gcc
- install version 4.4.7-17.el6 of package gcc-c++
- install version 0.17-18.el6 of package gettext
- install version 2.6.32-642.13.1.el6 of package kernel-devel
- install version 5.7-4.20090207.el6 of package ncurses-devel
- install version 2.6-6.el6 of package patch
Recipe: rundeck::chef-rundeck
* chef_gem[chef-rundeck] action upgrade (skipped due to not_if)
* chef_gem[chef-rundeck] action upgrade
- upgrade package chef-rundeck from uninstalled to 2.2.0
* chef_gem[sinatra] action install (up to date)
Recipe: rundeck_fixtures::chef_zero
* chef_gem[chef-zero] action install (up to date)
* chef_gem[ridley] action install
- install version 5.1.0 of package ridley
Converging 188 resources
Recipe: rundeck_fixtures::default
* directory[/etc/chef/] action create
- create new directory /etc/chef/
- restore selinux security context
Recipe: java::notify
* log[jdk-version-changed] action nothing (skipped due to action :nothing)
Recipe: java::openjdk
* yum_package[java-1.7.0-openjdk] action install
- install version 1.7.0.121-2.6.8.1.el6_8 of package java-1.7.0-openjdk
Recipe: java::notify
* log[jdk-version-changed] action write
Recipe: java::openjdk
* yum_package[java-1.7.0-openjdk-devel] action install
- install version 1.7.0.121-2.6.8.1.el6_8 of package java-1.7.0-openjdk-devel
Recipe: java::notify
* log[jdk-version-changed] action write
Recipe: java::openjdk
* java_alternatives[set-java-alternatives] action set
- Add alternative for appletviewer
- Add alternative for apt
- Add alternative for extcheck
- Add alternative for idlj
- Add alternative for jar
- Add alternative for jarsigner
- Add alternative for java
- Add alternative for javac
- Add alternative for javadoc
- Add alternative for javah
- Add alternative for javap
- Add alternative for jcmd
- Add alternative for jconsole
- Add alternative for jdb
- Add alternative for jhat
- Add alternative for jinfo
- Add alternative for jmap
- Add alternative for jps
- Add alternative for jrunscript
- Add alternative for jsadebugd
- Add alternative for jstack
- Add alternative for jstat
- Add alternative for jstatd
- Add alternative for keytool
- Add alternative for native2ascii
- Add alternative for orbd
- Add alternative for pack200
- Add alternative for policytool
- Add alternative for rmic
- Add alternative for rmid
- Add alternative for rmiregistry
- Add alternative for schemagen
- Add alternative for serialver
- Add alternative for servertool
- Add alternative for tnameserv
- Add alternative for unpack200
- Add alternative for wsgen
- Add alternative for wsimport
- Add alternative for xjc
Recipe: java::set_java_home
* ruby_block[set-env-java-home] action run
- execute the ruby block set-env-java-home
* directory[/etc/profile.d] action create (up to date)
* template[/etc/profile.d/jdk.sh] action create
- create new file /etc/profile.d/jdk.sh
- update content in file /etc/profile.d/jdk.sh from none to 84a6f9
--- /etc/profile.d/jdk.sh 2017-01-26 20:37:48.209569501 +0000
+++ /etc/profile.d/.chef-jdk20170126-2882-1jbf7hc.sh 2017-01-26 20:37:48.209569501 +0000
@@ -1 +1,2 @@
+export JAVA_HOME=/usr/lib/jvm/java-1.7.0
- change mode from '' to '0755'
- restore selinux security context
Recipe: rundeck::node_unix
* group[rundeck] action create
- create group rundeck
* linux_user[rundeck] action create
- create user rundeck
* directory[/var/lib/rundeck] action create
- create new directory /var/lib/rundeck
- change mode from '' to '0700'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* directory[/var/lib/rundeck/.ssh] action create
- create new directory /var/lib/rundeck/.ssh
- change mode from '' to '0700'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* file[/var/lib/rundeck/.ssh/authorized_keys] action create
- create new file /var/lib/rundeck/.ssh/authorized_keys
- update content in file /var/lib/rundeck/.ssh/authorized_keys from none to 8d07c3
--- /var/lib/rundeck/.ssh/authorized_keys 2017-01-26 20:37:48.928929006 +0000
+++ /var/lib/rundeck/.ssh/.chef-authorized_keys20170126-2882-19fjjxx 2017-01-26 20:37:48.928929006 +0000
@@ -1 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC597B0HxalWxKCS6yz8RRoH4lgdgK7aeGD+cZvqiqlubNXUMU3t3zrFyi0JVwmRfh9ZYew7rW8YkBkrT6+h2nuoF8imcI+6s2pXzXMvDqD+CsOOp7gdr9T8HL76V02cWMq0orXMP/Gu3399Rov5uANVa6BwPmYCHp6sf2N/UFNSRrQS2XCB7UHqS9sJtuLjJbZRaBNYjGspsC3HVYNKPKosCtvAqG9OgNhqj7hBY5KxIyJ8LltaBMv9he1uU+usHHZbT2p1P+FJWzbBOfXMz95nMhAaYoWaGfgnV287m06yAHOWRCLq5N6K95zPn9nmqD4kUdB/mDX/xvW7TwzVo89 rundeck keys
- change mode from '' to '0600'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* sudo[rundeck-admin] action install[2017-01-26T20:37:49+00:00] WARN: rundeck-admin will be rendered, but will not take effect because node['authorization']['sudo']['include_sudoers_d'] is set to false!
* template[/etc/sudoers.d/rundeck-admin] action create
- create new file /etc/sudoers.d/rundeck-admin
- update content in file /etc/sudoers.d/rundeck-admin from none to 4e3ea1
--- /etc/sudoers.d/rundeck-admin 2017-01-26 20:37:49.096012504 +0000
+++ /etc/sudoers.d/.chef-rundeck-admin20170126-2882-33nfo0 2017-01-26 20:37:49.096012504 +0000
@@ -1 +1,9 @@
+# This file is managed by Chef.
+# Do NOT modify this file directly.
+
+
+
+
+rundeck ALL=(ALL) NOPASSWD:ALL
+
- change mode from '' to '0440'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* template[/etc/sudoers.d/rundeck-admin] action nothing (skipped due to action :nothing)
Recipe: rundeck::server_install
* yum_repository[rundeck] action add
* template[/etc/yum.repos.d/rundeck.repo] action create
- create new file /etc/yum.repos.d/rundeck.repo
- update content in file /etc/yum.repos.d/rundeck.repo from none to 37a478
--- /etc/yum.repos.d/rundeck.repo 2017-01-26 20:37:49.218073498 +0000
+++ /etc/yum.repos.d/.chef-rundeck20170126-2882-11an560.repo 2017-01-26 20:37:49.218073498 +0000
@@ -1 +1,11 @@
+# This file was generated by Chef
+# Do NOT modify this file by hand.
+
+[rundeck]
+name=Rundeck - Release
+baseurl=http://dl.bintray.com/rundeck/rundeck-rpm
+enabled=1
+fastestmirror_enabled=0
+gpgcheck=1
+gpgkey=http://rundeck.org/keys/BUILD-GPG-KEY-Rundeck.org.key
- change mode from '' to '0644'
- restore selinux security context
* execute[yum clean metadata rundeck] action run
- execute yum clean metadata --disablerepo=* --enablerepo=rundeck
* execute[yum-makecache-rundeck] action run
- execute yum -q -y makecache --disablerepo=* --enablerepo=rundeck
* ruby_block[yum-cache-reload-rundeck] action create
- execute the ruby block yum-cache-reload-rundeck
* execute[yum clean metadata rundeck] action nothing (skipped due to action :nothing)
* execute[yum-makecache-rundeck] action nothing (skipped due to action :nothing)
* ruby_block[yum-cache-reload-rundeck] action nothing (skipped due to action :nothing)
* yum_package[rundeck] action install
- install version 2.6.11-1.23.GA of package rundeck
* yum_package[rundeck-config] action install
- install version 2.6.11-1.23.GA of package rundeck-config
* service[rundeck] action nothing (skipped due to action :nothing)
* directory[/var/lib/rundeck] action create
- change mode from '0755' to '0700'
- restore selinux security context
* directory[/var/lib/rundeck/logs] action create (up to date)
* directory[/var/lib/rundeck/projects] action create
- create new directory /var/lib/rundeck/projects
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* directory[/var/lib/rundeck/.chef] action create
- create new directory /var/lib/rundeck/.chef
- change mode from '' to '0700'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* template[/var/lib/rundeck/.chef/knife.rb] action create
- create new file /var/lib/rundeck/.chef/knife.rb
- update content in file /var/lib/rundeck/.chef/knife.rb from none to e68e7d
--- /var/lib/rundeck/.chef/knife.rb 2017-01-26 20:38:37.035970499 +0000
+++ /var/lib/rundeck/.chef/.chef-knife20170126-2882-1saxnf9.rb 2017-01-26 20:38:37.035970499 +0000
@@ -1 +1,11 @@
+log_level :info
+log_location STDOUT
+node_name 'rundeck'
+client_key '/var/lib/rundeck/.chef/rundeck.pem'
+validation_client_name 'chef-validator'
+validation_key '/var/lib/rundeck/.chef/chef-validator.pem'
+chef_server_url 'http://localhost:8089'
+cache_type 'BasicFile'
+cache_options( :path => '/var/lib/rundeck/.chef/checksums' )
+cookbook_path [ './cookbooks', './site-cookbooks' ]
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* directory[/var/lib/rundeck/.ssh] action create (up to date)
* file[/var/lib/rundeck/.ssh/id_rsa] action create
- update content in file /var/lib/rundeck/.ssh/id_rsa from b9f623 to 4af3a7
--- /var/lib/rundeck/.ssh/id_rsa 2017-01-26 20:38:33.236071502 +0000
+++ /var/lib/rundeck/.ssh/.chef-id_rsa20170126-2882-xta9tx 2017-01-26 20:38:37.158031502 +0000
@@ -1,28 +1,28 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEoQIBAAKCAQEAwfvQcqcAkcFeldSTxa5El0nWzAZ/H0p9jxgLTYCO/gOEhksv
-Pb1woSCJsTg+O3HGA5RoWc7x0qcKq2S/hST8gY5bVyElRVpul3tkNGvMyz6hCL+M
-YaCLekbsPPP6yyzs86QsZ/Yh3f/Peu/Iffxi9wIybUDOKJupkxSjexnN6S8RngMg
-SnqTn+ahnXoE+90ZHA0Og0xJN9oqoAcRRjMjhNTeiqz9FxO7865xiAWefXNejf2/
-OKTYRRfXYglaaCsDRYAk72nFCWr91knjXbuQ+p6vNrOGcsEOIddWSytvGRJkK3U5
-93q4BG+uFMwpl9/oHH4eZU+pmqnASOk2ivdvIwIBIwKCAQEAsVtCPPB1jJOJrY8o
-BTGdzCZAuomYzCbZMl8gRtvwczZqiWlPw2tfqUJSAR16ugGfGTc61cSFUuHd3of/
-j6zJmwXP2qH2MMe1kc/mllPucK5KFqCAWUJTov8D3/UCjd/ulZ1qba3V0kj4NeKL
-a99wbM7PBM2JSbLkLrPIqxBHO5coEjYIqwrleeBVLLzeqw68LVAd0OexlHXVgO1y
-FoCCfUVyWEL/gEERvdedVZuTQQB0vWg3FqVSdjMN0zpFKB0o1yZEXXY4z0U2qdB7
-duKkNuIud8cvZqOiN2gKIWsnG72ZkGH1OhzFT+1tRjhhlDM8+jmgXMs+KKyYGNZa
-FVfCiwKBgQDjnE/0twkGpO4XXUU//AT23a/om3ga6AxBpEXbJPF2MEU2dl1vrsbT
-nKb7CFw59TVbfzYdbKI1JUmmj7q/EbtgM77veU0rvVS2PSVFFgIPOEWen91RrTUG
-oIa8qRFFNDCVlMcV+lr9QLPoGX84x7pDVE/FdgsCLX24GXrtCohPHQKBgQDaLcgS
-GF2h/astF0YxdMAEbM2FS1bEFW0Hdr2BWKUem4uzA8ZF9AW872Oiagc7eSWDX52l
-iz3Q7oZZs0bfso++Zm9ar+NLKWKTz2iXPbGeJlGtw9RY7UkOFLbOjYz3HopuoML/
-xZBC9FAWdn9GFg2aFn9RicZbcK9B1EPW+RcjPwKBgE4JtQNx9HdOfYRafiSQ68Ja
-orYmrNYGapopsYz2uS/WCRn8slItS3vArkdwlKYoL40VrCdYciDZlZgxR1dzyzbt
-K4VOKRZPisIjl7/qSdlVHy8SPUCTKB+HfqcVZQHIwDNI880FYQZfU6AIveeU72eK
-nwHfVDtCzASbBZMZjdH7AoGAOBpmpZE8pf9mh/AKvEKXxp+ij/1uFSoUuMbDBADa
-AI5lwFFtf7PG9hGr5+9g8gk1iC6Hn5jVYZxrsKpxT3cPBRMGsOtmVSfmJgIiNYTk
-h8C16tqVsHeH0Gu5+pltZB3L003o//D5NcnLc32OcRudGP54gq5mNMU0YWJ32DFs
-WYUCgYA/096iyXKoAjzejVXQbGniJdn71YMtGTlpkN609b2csn77zmYPWF3zZxnL
-54+7njrFigR6fpWP6CxHYFaImkVJZbGY26ifRqmQsNSptBXVdARUCeH0bF+J+P4F
-0eYuzIht7D3h5Yl+fCGJTYXkDO2lFQMZSyn+oyR+paJZuuc46w==
+MIIEpAIBAAKCAQEAufewdB8WpVsSgkuss/EUaB+JYHYCu2nhg/nGb6oqpbmzV1DF
+N7d86xcotCVcJkX4fWWHsO61vGJAZK0+vodp7qBfIpnCPurNqV81zLw6g/grDjqe
+4Ha/U/By++ldNnFjKtKK1zD/xrt9/fUaL+bgDVWugcD5mAh6erH9jf1BTUka0Etl
+wge1B6kvbCbbi4yW2UWgTWIxrKbAtx1WDSjyqLArbwKhvToDYao+4QWOSsSMifC5
+bWgTL/YXtblPrrBx2W09qdT/hSVs2wTn1zM/eZzIQGmKFmhn4J1dvO5tOsgBzlkQ
+i6uTeivecz5/Z5qg+JFHQf5g1/8b1u08M1aPPQIDAQABAoIBAQC0ufunvha59/nS
+2kwqS12zmwJc1hLto4ZgRbsNBeiQShn5/yrKbO1fYpBSEgStxU4qPyNRVYsUWr+N
+l7fkXaEbIIuUCq11i6b2tOqJ31tWqTTejSWdqolhv8le+3l00Vi4Ywg+/QV1Uvys
+cyhR6SNQkjYXLzzg/UxaNOPeu4Jc4ciu6wuvnlqy46LkxMNV0bjb7u10lRwWnwBI
+Ja8bQZsamr8lMEktseHenppIhEnvEs7l1bmaogFJGFUAwskADAWQ07L0vSqLqpQd
+Na5/SKrflkZQjS0mvq7vBQi66ZyXoKfIHVRPuG9o53Az2Nq4SnZyHJvHEx1Hpn6k
+qjkDmFVZAoGBANsAGDSeg0BO9teL0eaD+wH6zA68FxMyYKPpeU908+m5J1ZIyFRK
+tHzBOkQWIuBSRXT+hsT0YJogCwp88Pv+JvHUHrAg/evztWrpsjh/oV3ooyWDJfec
+Vay9KEPacWkRVSNOOxicu8MPaRVknMmOzYgOXNiBakLoP40dhquMgeHzAoGBANli
+51WHQaCBK5yNI2WMWgN+h+/JL5dN0G1Gx5XBmMfV5BFJ9H+7Ig/VUt312/1HAoEu
+g27AaqIvWhnlEuvSuwuthDzevFeAeImsRwFqbrv3mHo8XqHnZTY5UMACdTRThP3E
+0ke5P+8GIEQIG5xLZka+F0adeA00VFEgDe3S3uYPAoGARUdWYO70HlfchntYv09p
+DEtGWjLuKch6AeBN2/DnaDyGUSldFi07w2ts/zTxe30LM+OAxrV4CcmxNHQp182i
+jEXKH3WQXiAOd+/NzUmyxn5dffRrAlWWVLrSDgUAc3hkMnMBBtwuGZq6Z2YYozpl
+knDYtjTaZKgL0pxQidw9CjkCgYAVZrtHnE1Fs/HLM8nsUWj7NxXC8ZeR2cNPPsyf
+XbPg2Jnfadx8RrwPuvyxhWbnBHqmpSGjYaYd2XORYQ//z3tCpw6Bv5vjMW6sfx1u
+cj/8mV+ViSP35IP+Vp4wiQ1o3WAWa64YCZDVw1Ch4fp15KZpCIXaGd6bzi8O3Y0B
+gOUY2QKBgQCNknpg/hLgrIC8x7139xVVG7zad3x0/pcGJpRtqALweDfzkofIgeLj
+Xhgf9I9JYnOUtXlprUnoIkFN0l+Q0x4t0/wMND2fkvR1JI/9KjHLZAwNyCn+Gbt3
+ZfbfscNkrXB6kc47E9XY5T7sokmK3V4+k9Bt1P1RT9WbcSb7QLvqzQ==
-----END RSA PRIVATE KEY-----
- restore selinux security context
* cookbook_file[/var/lib/rundeck/libext/rundeck-winrm-plugin-1.3.3.jar] action create
- create new file /var/lib/rundeck/libext/rundeck-winrm-plugin-1.3.3.jar
- update content in file /var/lib/rundeck/libext/rundeck-winrm-plugin-1.3.3.jar from none to dac572
(new content is binary, diff output suppressed)
- change mode from '' to '0644'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* template[/var/lib/rundeck/exp/webapp/WEB-INF/web.xml] action create
- update content in file /var/lib/rundeck/exp/webapp/WEB-INF/web.xml from 4b249b to 5e6953
--- /var/lib/rundeck/exp/webapp/WEB-INF/web.xml 2016-11-15 21:52:08.000000000 +0000
+++ /var/lib/rundeck/exp/webapp/WEB-INF/.chef-web20170126-2882-tuqjg9.xml 2017-01-26 20:38:37.550227502 +0000
@@ -20,9 +20,19 @@
<filter-name>instrumentedFilter</filter-name>
<filter-class>com.codahale.metrics.servlet.InstrumentedFilter</filter-class>
</filter>
+ <filter>
+ <filter-name>AssetPipelineFilter</filter-name>
+ <filter-class>asset.pipeline.AssetPipelineFilter</filter-class>
+ </filter>
<security-role>
<role-name>user</role-name>
</security-role>
+ <security-role>
+ <role-name>superusers</role-name>
+ </security-role>
+ <security-role>
+ <role-name>run_only_users</role-name>
+ </security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
@@ -216,24 +226,24 @@
<servlet-class>org.codehaus.groovy.grails.web.pages.GroovyPagesServlet</servlet-class>
</servlet>
<servlet>
- <servlet-name>grails-errorhandler</servlet-name>
- <servlet-class>org.codehaus.groovy.grails.web.servlet.ErrorHandlingServlet</servlet-class>
- </servlet>
- <servlet>
<servlet-name>metrics-admin-servlet</servlet-name>
<servlet-class>org.grails.plugins.metricsweb.DisablingAdminServlet</servlet-class>
</servlet>
+ <servlet>
+ <servlet-name>grails-errorhandler</servlet-name>
+ <servlet-class>org.codehaus.groovy.grails.web.servlet.ErrorHandlingServlet</servlet-class>
+ </servlet>
<servlet-mapping>
<servlet-name>gsp</servlet-name>
<url-pattern>*.gsp</url-pattern>
</servlet-mapping>
<servlet-mapping>
- <servlet-name>grails-errorhandler</servlet-name>
- <url-pattern>/grails-errorhandler</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
<servlet-name>metrics-admin-servlet</servlet-name>
<url-pattern>/metrics/*</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>grails-errorhandler</servlet-name>
+ <url-pattern>/grails-errorhandler</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>grails</servlet-name>
- restore selinux security context
* template[/etc/rundeck/jaas-activedirectory.conf] action create
- create new file /etc/rundeck/jaas-activedirectory.conf
- update content in file /etc/rundeck/jaas-activedirectory.conf from none to e2b9a2
--- /etc/rundeck/jaas-activedirectory.conf 2017-01-26 20:38:37.680292502 +0000
+++ /etc/rundeck/.chef-jaas-activedirectory20170126-2882-bi28m9.conf 2017-01-26 20:38:37.680292502 +0000
@@ -1 +1,28 @@
+activedirectory {
+ com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule sufficient
+ debug="true"
+ contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
+ providerUrl="ldap://servername:389"
+ bindDn="CN=binddn,dc=domain,dc=com"
+ bindPassword="BINDPWD"
+ authenticationMethod="simple"
+ forceBindingLogin="true"
+ userBaseDn="ou=Users,dc=domain,dc=com"
+ userRdnAttribute="cn"
+ userIdAttribute="uid"
+ userPasswordAttribute="userPassword"
+ userObjectClass="inetOrgPerson"
+ roleBaseDn="ou=Groups,dc=domain,dc=com"
+ roleNameAttribute="cn"
+ roleMemberAttribute="uniqueMember"
+ roleObjectClass="groupOfUniqueNames"
+ rolePrefix="rundeck-"
+ cacheDurationMillis="300000"
+ supplementalRoles="user"
+ reportStatistics="true";
+
+ org.eclipse.jetty.plus.jaas.spi.PropertyFileLoginModule required
+ debug="true"
+ file="/etc/rundeck/realm.properties";
+};
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* template[/etc/rundeck/profile] action create
- update content in file /etc/rundeck/profile from bd6054 to a34edf
--- /etc/rundeck/profile 2016-11-15 22:00:19.000000000 +0000
+++ /etc/rundeck/.chef-profile20170126-2882-1m5c9pv 2017-01-26 20:38:37.799352002 +0000
@@ -1,3 +1,6 @@
+RDECK_HOME=/var/lib/rundeck
+export RDECK_HOME
+
RDECK_BASE=/var/lib/rundeck
export RDECK_BASE
@@ -32,17 +35,22 @@
-Drdeck.projects=/var/rundeck/projects \
-Drdeck.runlogs=/var/lib/rundeck/logs \
-Drundeck.config.location=/etc/rundeck/rundeck-config.properties \
+ -Dserver.web.context=/ \
+ -Drundeck.jetty.connector.forwarded=true\
-Djava.io.tmpdir=$RUNDECK_TEMPDIR"
#
# Set min/max heap size
#
-RDECK_JVM="$RDECK_JVM -Xmx1024m -Xms256m -XX:MaxPermSize=256m -server"
+RDECK_JVM="$RDECK_JVM -XX:MaxPermSize=256m -Xmx1024m -Xms256m -server"
+
#
+# Set custom JVM properties
+#
+#
# SSL Configuration - Uncomment the following to enable. Check SSL.properties for details.
#
-#export RDECK_JVM="$RDECK_JVM -Drundeck.ssl.config=/etc/rundeck/ssl/ssl.properties -Dserver.https.port=${RDECK_HTTPS_PORT}"
-export RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=/etc/rundeck/ssl/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
+#export RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=/etc/rundeck/ssl/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
if test -t 0 -a -z "$RUNDECK_CLI_TERSE"
then
- restore selinux security context
* template[/etc/rundeck/rundeck-config.properties] action create
- update content in file /etc/rundeck/rundeck-config.properties from de1a7d to 6ce78d
--- /etc/rundeck/rundeck-config.properties 2016-11-15 22:00:19.000000000 +0000
+++ /etc/rundeck/.chef-rundeck-config20170126-2882-176xfcb.properties 2017-01-26 20:38:37.917410998 +0000
@@ -1,11 +1,18 @@
-#loglevel.default is the default log level for jobs: ERROR,WARN,INFO,VERBOSE,DEBUG
+#loglevel.default is the default log level for jobs: ERR,WARN,INFO,VERBOSE,DEBUG
loglevel.default=INFO
-rdeck.base=/var/lib/rundeck
#rss.enabled if set to true enables RSS feeds that are public (non-authenticated)
-rss.enabled=false
-# change hostname here
-grails.serverURL=http://localhost:4440
-dataSource.dbCreate = update
-dataSource.url = jdbc:h2:file:/var/lib/rundeck/data/rundeckdb;MVCC=true;TRACE_LEVEL_FILE=4
+rss.enabled=true
+#
+dataSource.url = jdbc:h2:file:/var/lib/rundeck/data/rundeckdb;MVCC=true
+
+rundeck.security.useHMacRequestTokens=false
+
+grails.mail.default.from=rundeck@kitchentest
+
+grails.serverURL=http://localhost
+
+quartz.props.threadPool.threadCount = 10
+
+# Custom config
- restore selinux security context
* template[/etc/rundeck/framework.properties] action create
- update content in file /etc/rundeck/framework.properties from 860ad9 to e4ef5d
--- /etc/rundeck/framework.properties 2016-11-15 22:00:19.000000000 +0000
+++ /etc/rundeck/.chef-framework20170126-2882-1uxhit0.properties 2017-01-26 20:38:38.036470502 +0000
@@ -1,40 +1,227 @@
# framework.properties -
#
+# $Id: framework.properties.template 2128 2010-08-17 21:29:24Z ahonor $
+#
# ----------------------------------------------------------------
-# Rundeck server connection information
+# Installation specific settings
# ----------------------------------------------------------------
-framework.server.name = localhost
-framework.server.hostname = localhost
-framework.server.port = 4440
-framework.server.url = http://localhost:4440
-# Username/password used by CLI tools.
-framework.server.username = admin
-framework.server.password = admin
+# TODO - DUMP java.home = /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home
+file.separator = /
+rdeck.base = /etc/rundeck
+rdeck.home = /etc/rundeck
+# TODO - DUMP user.home = /home/rundeck
+framework.application.libpath =
+framework.application.properties =
+
+# API Tokens File
+
+#
+# Email settings
+#
+# recipient addresses to send email (comma separated)
+framework.email.tolist = root
+# email address appearing in message "from" field
+framework.email.from = rundeck@kitchentest
+# email address replies should go
+framework.email.replyto = do-not-reply
+# The rdeck email relay host. must be a functioning smtp relay server
+framework.email.mailhost = localhost
+framework.email.mailport = 25
+# User/pass info if the smtp server requires it
+framework.email.user =
+framework.email.password =
+framework.email.ssl = false
+framework.email.failonerror = true
+
+
+#
+# Custom config
+#
+#
+
# ----------------------------------------------------------------
-# Installation locations
+# Do not make changes below this line
# ----------------------------------------------------------------
-rdeck.base=/var/lib/rundeck
-framework.projects.dir=/var/rundeck/projects
-framework.etc.dir=/etc/rundeck
-framework.var.dir=/var/lib/rundeck/var
-framework.tmp.dir=/var/lib/rundeck/var/tmp
+#
+# framework.crypto.keystore.filename is the path to the JKS keystore containing a certchain for
+# verifying signed jars
+#
+framework.crypto.keystore.filename =
+
+#
+# framework.crypto.keystore.password is any password for verifying the keystore integrity
+#
+framework.crypto.keystore.password =
+
+#
+# framework.crypto.jarSigning.aliasName is the name of the cert alias to use for verification
+#
+framework.crypto.jarSigning.aliasName =
+
+
+
+#the hostname of this rdeck node (likely matches hostname)
+framework.node.hostname = localhost
+
+#the logical name of this rdeck node (used during Node registration)
+framework.node.name = localhost
+
+# for backwards compatability
+framework.node = localhost
+
+# the node type
+framework.node.type = @framework.node.type@
+
+#
+#
+# Version of this RUNDECK implementation
+#
+# framework.rdeck.version = 1.1
+
+#
+# Root directory of the framework pkg
+#
+framework.rdeck.dir = ${rdeck.home}
+
+#
+# Root directory of the framework instance
+#
+framework.rdeck.base = /etc/rundeck
+
+#
+# Base directory of the installed functional modules
+#
+# TODO Dump ### framework.modules.dir = /private/tmp/rdl/modules
+
+
+#
+# project spaces containing resources
+#
+framework.projects.dir= /var/rundeck/projects
+framework.depots.dir= /var/rundeck/projects
+
+#
+# directory containing instance based property files
+#
+framework.etc.dir= /etc/rundeck
+
+#
+# Base directory where instance of framework var dir is kept
+#
+framework.var.dir= /var/lib/rundeck/var
+
+#
+# Framework tmp dir
+#
+framework.tmp.dir= ${framework.var.dir}/tmp
+
+#
+# Base directory where logs are kept
+#
framework.logs.dir=/var/lib/rundeck/logs
+
+#
+# Date/time stamp format used in logs. See java.text.SimpleDateFormat
+#
+framework.log.format=[yyyy-MM-dd hh:mm:ss-Z]
+
+#
+# Directory where plugins are kept. cache will be libext/cache.
+#
framework.libext.dir=/var/lib/rundeck/libext
-# ----------------------------------------------------------------
-# SSH defaults for node executor and file copier
-# ----------------------------------------------------------------
+#
+# Base directory where module source code is kept
+#
+# TODO - DUMP framework.src.dir= /private/tmp/rdl/src
+#
+# Name of nodes metadata file for each project (e.g. nodes.xml/nodes.properties)
+#
+framework.nodes.file.name= resources.xml
+
+#
+# Local Authentication/Authorization Security
+#
+framework.authorization.class = com.dtolabs.rundeck.core.authorization.NoAuthorization
+framework.authentication.class = com.dtolabs.rundeck.core.authentication.NoAuthentication
+#
+# Remote Client connection authentication
+#
+framework.nodeauthentication.classname = com.dtolabs.rundeck.core.authentication.DefaultNodeAuthResolutionStrategy
+
+#
+# Remote Central Dispatcher service class
+#
+framework.centraldispatcher.classname = com.dtolabs.client.services.RundeckAPICentralDispatcher
+
+#
+# Rundeck Server UUID
+#
+rundeck.server.uuid = 447d10f8-aaff-49ff-a994-3629a9ea5ffd
+
+#
+#
+# rdeck server connection.
+#
+framework.server.username = admin
+framework.server.password = adminpassword
+framework.server.hostname = localhost
+framework.server.name = better-chef-rundeck-centos-68
+
+framework.server.port = 4440
+framework.server.url = http://localhost:4440
+# URL to Rundeck
+framework.rundeck.url = http://localhost:4440
+
+#
+# ssh keypath
+#
framework.ssh.keypath = /var/lib/rundeck/.ssh/id_rsa
+
+#
+# ssh user
+#
framework.ssh.user = rundeck
-# ssh connection timeout after a specified number of milliseconds.
-# "0" value means wait forever.
+
+#
+# ssh timeout. The connection can be dropped after a specified number of milliseconds.
+# A "0" value means wait forever.
+#
framework.ssh.timeout = 0
+#
+# Set the formatting for run-exec console output
+#
+# Examples:
+# 1) Format specification to work with Rundeck. %command will be "run-exec"
+#
+# framework.log.run-exec.console.format =[%user@%node %command][%level] %message
+#
+framework.log.run-exec.console.format =[%user@%node %command][%level] %message
+
+# winrm authentication type (options "basic" or "kerberos", default: "basic")
+#
+framework.winrm-auth-type = basic
+
+# winrm SSL security (options "all", "self-signed", "default" (trusted certs only))
+#
+framework.winrm-cert-trust = all
+
+# winrm hostname security (options "all", "strict", "browser-compatible")
+#
+framework.winrm-hostname-trust = all
+
+# winrm HTTP(S) protocol to use, either "http" or "https". Default: "https"
+#
+framework.winrm-protocol = https
+
+# winrm connection timeout. Default: PT60.000S
+framework.winrm-timeout = PT60.000S
- restore selinux security context
* template[/etc/rundeck/realm.properties] action create
- update content in file /etc/rundeck/realm.properties from bce17d to 2a2797
--- /etc/rundeck/realm.properties 2016-11-15 22:00:19.000000000 +0000
+++ /etc/rundeck/.chef-realm20170126-2882-gcgznf.properties 2017-01-26 20:38:38.162533502 +0000
@@ -4,7 +4,7 @@
# The format is
# <username>: <password>[,<rolename> ...]
#
-# Passwords may be clear text, obfuscated or checksummed. The class
+# Passwords may be clear text, obfuscated or checksummed. The class
# org.mortbay.util.Password should be used to generate obfuscated
# passwords or password checksums
#
@@ -22,7 +22,9 @@
#
# This sets the default user accounts for the Rundeck app
#
-admin:admin,user,admin,architect,deploy,build
+admin:adminpassword,admin,user,architect,deploy,build
+n00b:TheBestPassw0rd,user
+
#@jetty.user.deploy.name@:@jetty.user.deploy.password@,user,deploy
#@jetty.user.build.name@:@jetty.user.build.password@,user,build
- restore selinux security context
* bash[own rundeck] action run
- execute "bash" "/tmp/chef-script20170126-2882-1js9khz"
* service[rundeckd] action start
- start service service[rundeckd]
* rundeck_plugin[slack] action create
* remote_file[/var/lib/rundeck/libext/rundeck-slack-incoming-webhook-plugin-0.6.jar] action create
- create new file /var/lib/rundeck/libext/rundeck-slack-incoming-webhook-plugin-0.6.jar
- update content in file /var/lib/rundeck/libext/rundeck-slack-incoming-webhook-plugin-0.6.jar from none to d23b31
(new content is binary, diff output suppressed)
- change mode from '' to '0644'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* bash[check-project-localhost] action run (skipped due to only_if)
Recipe: apache2::default
* yum_package[apache2] action install
- install version 2.2.15-56.el6.centos.3 of package httpd
* directory[/etc/httpd/sites-available] action create
- create new directory /etc/httpd/sites-available
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* directory[/etc/httpd/sites-enabled] action create
- create new directory /etc/httpd/sites-enabled
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* directory[/etc/httpd/mods-available] action create
- create new directory /etc/httpd/mods-available
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* directory[/etc/httpd/mods-enabled] action create
- create new directory /etc/httpd/mods-enabled
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* directory[/etc/httpd/conf-available] action create
- create new directory /etc/httpd/conf-available
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* directory[/etc/httpd/conf-enabled] action create
- create new directory /etc/httpd/conf-enabled
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* link[/etc/httpd/sites-enabled/default] action delete (up to date)
* file[/etc/httpd/sites-available/default] action delete (up to date)
* link[/etc/httpd/sites-enabled/default.conf] action delete (up to date)
* file[/etc/httpd/sites-available/default.conf] action delete (up to date)
* link[/etc/httpd/sites-enabled/000-default] action delete (up to date)
* file[/etc/httpd/sites-available/000-default] action delete (up to date)
* link[/etc/httpd/sites-enabled/000-default.conf] action delete (up to date)
* file[/etc/httpd/sites-available/000-default.conf] action delete (up to date)
* directory[/etc/httpd/conf.d] action delete
- delete existing directory /etc/httpd/conf.d
* directory[/var/log/httpd] action create
- change mode from '0700' to '0755'
- restore selinux security context
* yum_package[perl] action install (up to date)
* link[/usr/sbin/a2ensite] action delete (skipped due to only_if)
* template[/usr/sbin/a2ensite] action create
- create new file /usr/sbin/a2ensite
- update content in file /usr/sbin/a2ensite from none to 0556b3
--- /usr/sbin/a2ensite 2017-01-26 20:38:54.984940501 +0000
+++ /usr/sbin/.chef-a2ensite20170126-2882-19kafd7 2017-01-26 20:38:54.984940501 +0000
@@ -1 +1,533 @@
+#!/usr/bin/perl -w
+#
+# a2enmod by Stefan Fritsch <sf@debian.org>
+# Licensed under Apache License 2.0
+#
+# The coding style is "perltidy -pbp"
+
+use strict;
+use Cwd 'realpath';
+use File::Spec;
+use File::Basename;
+use File::Path;
+use Getopt::Long;
+
+my $quiet;
+my $force;
+my $maintmode;
+my $purge;
+
+Getopt::Long::Configure('bundling');
+GetOptions(
+ 'quiet|q' => \$quiet,
+ 'force|f' => \$force,
+ 'maintmode|m' => \$maintmode,
+ 'purge|p' => \$purge
+) or exit 2;
+
+my $basename = basename($0);
+$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
+ or die "$basename call name unknown\n";
+my $act = $1;
+my $obj = $2;
+my $dir_suffix = $3;
+
+my $env_file = $ENV{APACHE_ENVVARS}
+ || (
+ $ENV{APACHE_CONFDIR}
+ ? "$ENV{APACHE_CONFDIR}/envvars"
+ : "/etc/httpd$dir_suffix/envvars"
+ );
+$ENV{LANG} = 'C';
+read_env_file($env_file);
+
+$act .= 'able';
+my ( $name, $dir, $sffx, $reload );
+if ( $obj eq 'mod' ) {
+ $obj = 'module';
+ $dir = 'mods';
+ $sffx = '.load';
+ $reload = 'restart';
+}
+elsif ( $obj eq 'conf' ) {
+ $obj = 'conf';
+ $dir = 'conf';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+else {
+ $dir = 'sites';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+$name = ucfirst($obj);
+
+my $confdir = $ENV{APACHE_CONFDIR} || "/etc/httpd$dir_suffix";
+my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
+ || "$confdir/$dir-available";
+my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib64/httpd";
+
+$statedir .= "/$obj";
+
+my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
+my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
+
+my $request_reload = 0;
+
+my $rc = 0;
+
+if ( !scalar @ARGV ) {
+ my @choices = myglob('*');
+ print "Your choices are: @choices\n";
+ print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
+ my $input = <>;
+ @ARGV = split /\s+/, $input;
+
+}
+
+my @objs;
+foreach my $arg (@ARGV) {
+ $arg =~ s/${sffx}$//;
+ my @glob = myglob($arg);
+ if ( !@glob ) {
+ error("No $obj found matching $arg!\n");
+ $rc = 1;
+ }
+ else {
+ push @objs, @glob;
+ }
+}
+
+foreach my $acton (@objs) {
+ doit($acton) or $rc = 1;
+}
+
+info(
+ "To activate the new configuration, you need to run:\n service apache2 $reload\n"
+) if $request_reload;
+
+exit($rc);
+
+##############################################################################
+
+sub myglob {
+ my $arg = shift;
+
+ my @glob = map {
+ s{^$choicedir/}{};
+ s{$sffx$}{};
+ $_
+ } glob("$choicedir/$arg$sffx");
+
+ return @glob;
+}
+
+sub doit {
+ my $acton = shift;
+
+ my ( $conftgt, $conflink );
+ if ( $obj eq 'module' ) {
+ if ( $acton eq 'cgi' && threaded() ) {
+ print
+ "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
+ $acton = 'cgid';
+ }
+
+ $conftgt = "$availdir/$acton.conf";
+ if ( -e $conftgt ) {
+ $conflink = "$enabldir/$acton.conf";
+ }
+ }
+
+ my $tgt = "$availdir/$acton$sffx";
+ my $link = "$enabldir/$acton$sffx";
+
+ if ( !-e $tgt ) {
+ if ( -l $link && !-e $link ) {
+ if ( $act eq 'disable' ) {
+ info("removing dangling symlink $link\n");
+ unlink($link);
+
+ # force a .conf path. It may exist as dangling link, too
+ $conflink = "$enabldir/$acton.conf";
+
+ if ( -l $conflink && !-e $conflink ) {
+ info("removing dangling symlink $conflink\n");
+ unlink($conflink);
+ }
+
+ return 1;
+ }
+ else {
+ error("$link is a dangling symlink!\n");
+ }
+ }
+
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ # exit silently, we are purging anyway
+ return 1;
+ }
+
+ error("$name $acton does not exist!\n");
+ return 0;
+ }
+
+ # handle module dependencies
+ if ( $obj eq 'module' ) {
+ if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
+ my @depends = get_deps("$availdir/$acton.load");
+ do_deps( $acton, @depends ) or return 0;
+
+ my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
+ check_conflicts( $acton, @conflicts ) or return 0;
+ }
+ else {
+ my @depending;
+ foreach my $d ( glob("$enabldir/*.load") ) {
+ my @deps = get_deps($d);
+ if ( is_in( $acton, @deps ) ) {
+ $d =~ m,/([^/]+).load$,;
+ push @depending, $1;
+ }
+ }
+ if ( scalar @depending ) {
+ if ($force) {
+ do_deps( $acton, @depending ) or return 0;
+ }
+ else {
+ error(
+ "The following modules depend on $acton ",
+ "and need to be disabled first: @depending\n"
+ );
+ return 0;
+ }
+ }
+ }
+ }
+ elsif ( $act eq 'enable' ) {
+ my @depends = get_deps("$availdir/$acton$sffx");
+ warn_deps( $acton, @depends ) or return 0;
+ }
+
+ if ( $act eq 'enable' ) {
+ my $check = check_link( $tgt, $link );
+ if ( $check eq 'ok' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'ok' ) {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ elsif ( $confcheck eq 'missing' ) {
+ print "Enabling config file $acton.conf.\n";
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ else {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+ else {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ }
+ elsif ( $check eq 'missing' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'missing' ) {
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ elsif ( $confcheck ne 'ok' ) {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+
+ print "Enabling $obj $acton.\n";
+ if ( $acton eq 'ssl' ) {
+ info( "See /usr/share/doc/apache2/README.Debian.gz on "
+ . "how to configure SSL and create self-signed certificates.\n"
+ );
+ }
+ return add_link( $tgt, $link )
+ && switch_marker( $obj, $act, $acton );
+ }
+ else {
+ error("$name $acton not properly enabled: $check\n");
+ return 0;
+ }
+ }
+ else {
+ if ( -e $link || -l $link ) {
+ remove_link($link);
+ if ( $conflink && -e $conflink ) {
+ remove_link($conflink);
+ }
+ switch_marker( $obj, $act, $acton );
+ print "$name $acton disabled.\n";
+ }
+ elsif ( $conflink && -e $conflink ) {
+ print "Disabling stale config file $acton.conf.\n";
+ remove_link($conflink);
+ }
+ else {
+ info("$name $acton already disabled\n");
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ }
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+sub get_deps {
+ my $file = shift;
+ my $type = shift || "Depends";
+
+ my $fd;
+ if ( !open( $fd, '<', $file ) ) {
+ error("Can't open $file: $!");
+ return;
+ }
+ my $line;
+ while ( defined( $line = <$fd> ) ) {
+ chomp $line;
+ if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
+ my $deps = $1;
+ return split( /[\n\s]+/, $deps );
+ }
+
+ # only check until the first non-empty non-comment line
+ last if ( $line !~ /^\s*(?:#.*)?$/ );
+ }
+ return;
+}
+
+sub do_deps {
+ my $acton = shift;
+ foreach my $d (@_) {
+ info("Considering dependency $d for $acton:\n");
+ if ( !doit($d) ) {
+ error("Could not $act dependency $d for $acton, aborting\n");
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub warn_deps {
+ my $acton = shift;
+ my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
+ foreach my $d (@_) {
+ info("Checking dependency $d for $acton:\n");
+ if ( !-e "$modsenabldir/$d.load" ) {
+ warning(
+ "Module $d is not enabled, but $acton depends on it, aborting\n"
+ );
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub check_conflicts {
+ my $acton = shift;
+ my $haderror = 0;
+ foreach my $d (@_) {
+ info("Considering conflict $d for $acton:\n");
+
+ my $tgt = "$availdir/$d$sffx";
+ my $link = "$enabldir/$d$sffx";
+
+ my $confcheck = check_link( $tgt, $link );
+ if ( $confcheck eq 'ok' ) {
+ error(
+ "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
+ );
+
+ # Don't return immediately, there could be several conflicts
+ $haderror++;
+ }
+ }
+
+ if ($haderror) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub add_link {
+ my ( $tgt, $link ) = @_;
+
+ # create relative link
+ if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
+ die("Could not create $link: $!\n");
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub check_link {
+ my ( $tgt, $link ) = @_;
+
+ if ( !-e $link ) {
+ if ( -l $link ) {
+
+ # points to nowhere
+ info("Removing dangling link $link");
+ unlink($link) or die "Could not remove $link\n";
+ }
+ return 'missing';
+ }
+
+ if ( -e $link && !-l $link ) {
+ return "$link is a real file, not touching it";
+ }
+ if ( realpath($link) ne realpath($tgt) ) {
+ return "$link exists but does not point to $tgt, not touching it";
+ }
+ return 'ok';
+}
+
+sub remove_link {
+ my ($link) = @_;
+
+ if ( -l $link ) {
+ unlink($link) or die "Could not remove $link: $!\n";
+ }
+ elsif ( -e $link ) {
+ error("$link is not a symbolic link, not deleting\n");
+ return 0;
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub threaded {
+ my $result = "";
+ $result = qx{/usr/sbin/apachectl -V | grep 'threaded'}
+ if -x '/usr/sbin/apachectl';
+ if ( $? != 0 ) {
+
+ # config doesn't work
+ if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
+ {
+ return 0;
+ }
+ elsif (-e "$enabldir/mpm_worker.load"
+ || -e "$enabldir/mpm_event.load" )
+ {
+ return 1;
+ }
+ else {
+ error("Can't determine enabled MPM");
+
+ # do what user requested
+ return 0;
+ }
+ }
+ if ( $result =~ / no/ ) {
+ return 0;
+ }
+ elsif ( $result =~ / yes/ ) {
+ return 1;
+ }
+ else {
+ die("Can't parse output from apache2ctl -V:\n$result\n");
+ }
+}
+
+sub info {
+ print @_ if !$quiet;
+}
+
+sub error {
+ print STDERR 'ERROR: ', @_;
+}
+
+sub warning {
+ print STDERR 'WARNING: ', @_;
+}
+
+sub is_in {
+ my $needle = shift;
+ foreach my $e (@_) {
+ return 1 if $needle eq $e;
+ }
+ return 0;
+}
+
+sub read_env_file {
+ my $file = shift;
+
+ -r $file or return;
+ my @lines = qx{env - sh -c '. $file && env'};
+ if ($?) {
+ die "Could not read $file\n";
+ }
+
+ foreach my $l (@lines) {
+ chomp $l;
+ $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
+ $ENV{$1} = $2;
+ }
+}
+
+sub switch_marker {
+ die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
+ if @_ != 3;
+ my $which = shift;
+ my $what = shift;
+ my $name = shift;
+
+ my $mode = "admin";
+ $mode = "maint" if $maintmode;
+
+ #print("switch_marker $which $what $name\n");
+ # TODO: get rid of the magic string(s)
+ my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
+ my $state_marker = "$state_marker_dir/$name";
+ if ( !-d $state_marker_dir ) {
+ File::Path::mkpath("$state_marker_dir")
+ || error(
+ "Failed to create marker directory: '$state_marker_dir'\n");
+ }
+
+ # XXX: swap find with perl alternative
+ my @markers = qx{find "$statedir" -type f -a -name "$name"};
+ chomp(@markers);
+ foreach (@markers) {
+ unless ( unlink $_ ) {
+ error("Failed to remove old marker '$_'!\n") && return 0;
+ }
+ }
+ unless ($purge) {
+ qx{touch "$state_marker"};
+ if ( $? != 0 ) {
+ error("Failed to create marker '$state_marker'!\n") && return 0;
+ }
+ return 1;
+ }
+}
+
+# vim: syntax=perl sw=4 sts=4 sr et
- change mode from '' to '0700'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* link[/usr/sbin/a2dissite] action delete (skipped due to only_if)
* template[/usr/sbin/a2dissite] action create
- create new file /usr/sbin/a2dissite
- update content in file /usr/sbin/a2dissite from none to 0556b3
--- /usr/sbin/a2dissite 2017-01-26 20:38:55.273084495 +0000
+++ /usr/sbin/.chef-a2dissite20170126-2882-1iy1qdl 2017-01-26 20:38:55.273084495 +0000
@@ -1 +1,533 @@
+#!/usr/bin/perl -w
+#
+# a2enmod by Stefan Fritsch <sf@debian.org>
+# Licensed under Apache License 2.0
+#
+# The coding style is "perltidy -pbp"
+
+use strict;
+use Cwd 'realpath';
+use File::Spec;
+use File::Basename;
+use File::Path;
+use Getopt::Long;
+
+my $quiet;
+my $force;
+my $maintmode;
+my $purge;
+
+Getopt::Long::Configure('bundling');
+GetOptions(
+ 'quiet|q' => \$quiet,
+ 'force|f' => \$force,
+ 'maintmode|m' => \$maintmode,
+ 'purge|p' => \$purge
+) or exit 2;
+
+my $basename = basename($0);
+$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
+ or die "$basename call name unknown\n";
+my $act = $1;
+my $obj = $2;
+my $dir_suffix = $3;
+
+my $env_file = $ENV{APACHE_ENVVARS}
+ || (
+ $ENV{APACHE_CONFDIR}
+ ? "$ENV{APACHE_CONFDIR}/envvars"
+ : "/etc/httpd$dir_suffix/envvars"
+ );
+$ENV{LANG} = 'C';
+read_env_file($env_file);
+
+$act .= 'able';
+my ( $name, $dir, $sffx, $reload );
+if ( $obj eq 'mod' ) {
+ $obj = 'module';
+ $dir = 'mods';
+ $sffx = '.load';
+ $reload = 'restart';
+}
+elsif ( $obj eq 'conf' ) {
+ $obj = 'conf';
+ $dir = 'conf';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+else {
+ $dir = 'sites';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+$name = ucfirst($obj);
+
+my $confdir = $ENV{APACHE_CONFDIR} || "/etc/httpd$dir_suffix";
+my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
+ || "$confdir/$dir-available";
+my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib64/httpd";
+
+$statedir .= "/$obj";
+
+my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
+my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
+
+my $request_reload = 0;
+
+my $rc = 0;
+
+if ( !scalar @ARGV ) {
+ my @choices = myglob('*');
+ print "Your choices are: @choices\n";
+ print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
+ my $input = <>;
+ @ARGV = split /\s+/, $input;
+
+}
+
+my @objs;
+foreach my $arg (@ARGV) {
+ $arg =~ s/${sffx}$//;
+ my @glob = myglob($arg);
+ if ( !@glob ) {
+ error("No $obj found matching $arg!\n");
+ $rc = 1;
+ }
+ else {
+ push @objs, @glob;
+ }
+}
+
+foreach my $acton (@objs) {
+ doit($acton) or $rc = 1;
+}
+
+info(
+ "To activate the new configuration, you need to run:\n service apache2 $reload\n"
+) if $request_reload;
+
+exit($rc);
+
+##############################################################################
+
+sub myglob {
+ my $arg = shift;
+
+ my @glob = map {
+ s{^$choicedir/}{};
+ s{$sffx$}{};
+ $_
+ } glob("$choicedir/$arg$sffx");
+
+ return @glob;
+}
+
+sub doit {
+ my $acton = shift;
+
+ my ( $conftgt, $conflink );
+ if ( $obj eq 'module' ) {
+ if ( $acton eq 'cgi' && threaded() ) {
+ print
+ "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
+ $acton = 'cgid';
+ }
+
+ $conftgt = "$availdir/$acton.conf";
+ if ( -e $conftgt ) {
+ $conflink = "$enabldir/$acton.conf";
+ }
+ }
+
+ my $tgt = "$availdir/$acton$sffx";
+ my $link = "$enabldir/$acton$sffx";
+
+ if ( !-e $tgt ) {
+ if ( -l $link && !-e $link ) {
+ if ( $act eq 'disable' ) {
+ info("removing dangling symlink $link\n");
+ unlink($link);
+
+ # force a .conf path. It may exist as dangling link, too
+ $conflink = "$enabldir/$acton.conf";
+
+ if ( -l $conflink && !-e $conflink ) {
+ info("removing dangling symlink $conflink\n");
+ unlink($conflink);
+ }
+
+ return 1;
+ }
+ else {
+ error("$link is a dangling symlink!\n");
+ }
+ }
+
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ # exit silently, we are purging anyway
+ return 1;
+ }
+
+ error("$name $acton does not exist!\n");
+ return 0;
+ }
+
+ # handle module dependencies
+ if ( $obj eq 'module' ) {
+ if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
+ my @depends = get_deps("$availdir/$acton.load");
+ do_deps( $acton, @depends ) or return 0;
+
+ my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
+ check_conflicts( $acton, @conflicts ) or return 0;
+ }
+ else {
+ my @depending;
+ foreach my $d ( glob("$enabldir/*.load") ) {
+ my @deps = get_deps($d);
+ if ( is_in( $acton, @deps ) ) {
+ $d =~ m,/([^/]+).load$,;
+ push @depending, $1;
+ }
+ }
+ if ( scalar @depending ) {
+ if ($force) {
+ do_deps( $acton, @depending ) or return 0;
+ }
+ else {
+ error(
+ "The following modules depend on $acton ",
+ "and need to be disabled first: @depending\n"
+ );
+ return 0;
+ }
+ }
+ }
+ }
+ elsif ( $act eq 'enable' ) {
+ my @depends = get_deps("$availdir/$acton$sffx");
+ warn_deps( $acton, @depends ) or return 0;
+ }
+
+ if ( $act eq 'enable' ) {
+ my $check = check_link( $tgt, $link );
+ if ( $check eq 'ok' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'ok' ) {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ elsif ( $confcheck eq 'missing' ) {
+ print "Enabling config file $acton.conf.\n";
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ else {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+ else {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ }
+ elsif ( $check eq 'missing' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'missing' ) {
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ elsif ( $confcheck ne 'ok' ) {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+
+ print "Enabling $obj $acton.\n";
+ if ( $acton eq 'ssl' ) {
+ info( "See /usr/share/doc/apache2/README.Debian.gz on "
+ . "how to configure SSL and create self-signed certificates.\n"
+ );
+ }
+ return add_link( $tgt, $link )
+ && switch_marker( $obj, $act, $acton );
+ }
+ else {
+ error("$name $acton not properly enabled: $check\n");
+ return 0;
+ }
+ }
+ else {
+ if ( -e $link || -l $link ) {
+ remove_link($link);
+ if ( $conflink && -e $conflink ) {
+ remove_link($conflink);
+ }
+ switch_marker( $obj, $act, $acton );
+ print "$name $acton disabled.\n";
+ }
+ elsif ( $conflink && -e $conflink ) {
+ print "Disabling stale config file $acton.conf.\n";
+ remove_link($conflink);
+ }
+ else {
+ info("$name $acton already disabled\n");
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ }
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+sub get_deps {
+ my $file = shift;
+ my $type = shift || "Depends";
+
+ my $fd;
+ if ( !open( $fd, '<', $file ) ) {
+ error("Can't open $file: $!");
+ return;
+ }
+ my $line;
+ while ( defined( $line = <$fd> ) ) {
+ chomp $line;
+ if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
+ my $deps = $1;
+ return split( /[\n\s]+/, $deps );
+ }
+
+ # only check until the first non-empty non-comment line
+ last if ( $line !~ /^\s*(?:#.*)?$/ );
+ }
+ return;
+}
+
+sub do_deps {
+ my $acton = shift;
+ foreach my $d (@_) {
+ info("Considering dependency $d for $acton:\n");
+ if ( !doit($d) ) {
+ error("Could not $act dependency $d for $acton, aborting\n");
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub warn_deps {
+ my $acton = shift;
+ my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
+ foreach my $d (@_) {
+ info("Checking dependency $d for $acton:\n");
+ if ( !-e "$modsenabldir/$d.load" ) {
+ warning(
+ "Module $d is not enabled, but $acton depends on it, aborting\n"
+ );
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub check_conflicts {
+ my $acton = shift;
+ my $haderror = 0;
+ foreach my $d (@_) {
+ info("Considering conflict $d for $acton:\n");
+
+ my $tgt = "$availdir/$d$sffx";
+ my $link = "$enabldir/$d$sffx";
+
+ my $confcheck = check_link( $tgt, $link );
+ if ( $confcheck eq 'ok' ) {
+ error(
+ "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
+ );
+
+ # Don't return immediately, there could be several conflicts
+ $haderror++;
+ }
+ }
+
+ if ($haderror) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub add_link {
+ my ( $tgt, $link ) = @_;
+
+ # create relative link
+ if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
+ die("Could not create $link: $!\n");
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub check_link {
+ my ( $tgt, $link ) = @_;
+
+ if ( !-e $link ) {
+ if ( -l $link ) {
+
+ # points to nowhere
+ info("Removing dangling link $link");
+ unlink($link) or die "Could not remove $link\n";
+ }
+ return 'missing';
+ }
+
+ if ( -e $link && !-l $link ) {
+ return "$link is a real file, not touching it";
+ }
+ if ( realpath($link) ne realpath($tgt) ) {
+ return "$link exists but does not point to $tgt, not touching it";
+ }
+ return 'ok';
+}
+
+sub remove_link {
+ my ($link) = @_;
+
+ if ( -l $link ) {
+ unlink($link) or die "Could not remove $link: $!\n";
+ }
+ elsif ( -e $link ) {
+ error("$link is not a symbolic link, not deleting\n");
+ return 0;
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub threaded {
+ my $result = "";
+ $result = qx{/usr/sbin/apachectl -V | grep 'threaded'}
+ if -x '/usr/sbin/apachectl';
+ if ( $? != 0 ) {
+
+ # config doesn't work
+ if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
+ {
+ return 0;
+ }
+ elsif (-e "$enabldir/mpm_worker.load"
+ || -e "$enabldir/mpm_event.load" )
+ {
+ return 1;
+ }
+ else {
+ error("Can't determine enabled MPM");
+
+ # do what user requested
+ return 0;
+ }
+ }
+ if ( $result =~ / no/ ) {
+ return 0;
+ }
+ elsif ( $result =~ / yes/ ) {
+ return 1;
+ }
+ else {
+ die("Can't parse output from apache2ctl -V:\n$result\n");
+ }
+}
+
+sub info {
+ print @_ if !$quiet;
+}
+
+sub error {
+ print STDERR 'ERROR: ', @_;
+}
+
+sub warning {
+ print STDERR 'WARNING: ', @_;
+}
+
+sub is_in {
+ my $needle = shift;
+ foreach my $e (@_) {
+ return 1 if $needle eq $e;
+ }
+ return 0;
+}
+
+sub read_env_file {
+ my $file = shift;
+
+ -r $file or return;
+ my @lines = qx{env - sh -c '. $file && env'};
+ if ($?) {
+ die "Could not read $file\n";
+ }
+
+ foreach my $l (@lines) {
+ chomp $l;
+ $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
+ $ENV{$1} = $2;
+ }
+}
+
+sub switch_marker {
+ die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
+ if @_ != 3;
+ my $which = shift;
+ my $what = shift;
+ my $name = shift;
+
+ my $mode = "admin";
+ $mode = "maint" if $maintmode;
+
+ #print("switch_marker $which $what $name\n");
+ # TODO: get rid of the magic string(s)
+ my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
+ my $state_marker = "$state_marker_dir/$name";
+ if ( !-d $state_marker_dir ) {
+ File::Path::mkpath("$state_marker_dir")
+ || error(
+ "Failed to create marker directory: '$state_marker_dir'\n");
+ }
+
+ # XXX: swap find with perl alternative
+ my @markers = qx{find "$statedir" -type f -a -name "$name"};
+ chomp(@markers);
+ foreach (@markers) {
+ unless ( unlink $_ ) {
+ error("Failed to remove old marker '$_'!\n") && return 0;
+ }
+ }
+ unless ($purge) {
+ qx{touch "$state_marker"};
+ if ( $? != 0 ) {
+ error("Failed to create marker '$state_marker'!\n") && return 0;
+ }
+ return 1;
+ }
+}
+
+# vim: syntax=perl sw=4 sts=4 sr et
- change mode from '' to '0700'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* link[/usr/sbin/a2enmod] action delete (skipped due to only_if)
* template[/usr/sbin/a2enmod] action create
- create new file /usr/sbin/a2enmod
- update content in file /usr/sbin/a2enmod from none to 0556b3
--- /usr/sbin/a2enmod 2017-01-26 20:38:55.841368499 +0000
+++ /usr/sbin/.chef-a2enmod20170126-2882-2a8pbq 2017-01-26 20:38:55.841368499 +0000
@@ -1 +1,533 @@
+#!/usr/bin/perl -w
+#
+# a2enmod by Stefan Fritsch <sf@debian.org>
+# Licensed under Apache License 2.0
+#
+# The coding style is "perltidy -pbp"
+
+use strict;
+use Cwd 'realpath';
+use File::Spec;
+use File::Basename;
+use File::Path;
+use Getopt::Long;
+
+my $quiet;
+my $force;
+my $maintmode;
+my $purge;
+
+Getopt::Long::Configure('bundling');
+GetOptions(
+ 'quiet|q' => \$quiet,
+ 'force|f' => \$force,
+ 'maintmode|m' => \$maintmode,
+ 'purge|p' => \$purge
+) or exit 2;
+
+my $basename = basename($0);
+$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
+ or die "$basename call name unknown\n";
+my $act = $1;
+my $obj = $2;
+my $dir_suffix = $3;
+
+my $env_file = $ENV{APACHE_ENVVARS}
+ || (
+ $ENV{APACHE_CONFDIR}
+ ? "$ENV{APACHE_CONFDIR}/envvars"
+ : "/etc/httpd$dir_suffix/envvars"
+ );
+$ENV{LANG} = 'C';
+read_env_file($env_file);
+
+$act .= 'able';
+my ( $name, $dir, $sffx, $reload );
+if ( $obj eq 'mod' ) {
+ $obj = 'module';
+ $dir = 'mods';
+ $sffx = '.load';
+ $reload = 'restart';
+}
+elsif ( $obj eq 'conf' ) {
+ $obj = 'conf';
+ $dir = 'conf';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+else {
+ $dir = 'sites';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+$name = ucfirst($obj);
+
+my $confdir = $ENV{APACHE_CONFDIR} || "/etc/httpd$dir_suffix";
+my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
+ || "$confdir/$dir-available";
+my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib64/httpd";
+
+$statedir .= "/$obj";
+
+my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
+my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
+
+my $request_reload = 0;
+
+my $rc = 0;
+
+if ( !scalar @ARGV ) {
+ my @choices = myglob('*');
+ print "Your choices are: @choices\n";
+ print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
+ my $input = <>;
+ @ARGV = split /\s+/, $input;
+
+}
+
+my @objs;
+foreach my $arg (@ARGV) {
+ $arg =~ s/${sffx}$//;
+ my @glob = myglob($arg);
+ if ( !@glob ) {
+ error("No $obj found matching $arg!\n");
+ $rc = 1;
+ }
+ else {
+ push @objs, @glob;
+ }
+}
+
+foreach my $acton (@objs) {
+ doit($acton) or $rc = 1;
+}
+
+info(
+ "To activate the new configuration, you need to run:\n service apache2 $reload\n"
+) if $request_reload;
+
+exit($rc);
+
+##############################################################################
+
+sub myglob {
+ my $arg = shift;
+
+ my @glob = map {
+ s{^$choicedir/}{};
+ s{$sffx$}{};
+ $_
+ } glob("$choicedir/$arg$sffx");
+
+ return @glob;
+}
+
+sub doit {
+ my $acton = shift;
+
+ my ( $conftgt, $conflink );
+ if ( $obj eq 'module' ) {
+ if ( $acton eq 'cgi' && threaded() ) {
+ print
+ "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
+ $acton = 'cgid';
+ }
+
+ $conftgt = "$availdir/$acton.conf";
+ if ( -e $conftgt ) {
+ $conflink = "$enabldir/$acton.conf";
+ }
+ }
+
+ my $tgt = "$availdir/$acton$sffx";
+ my $link = "$enabldir/$acton$sffx";
+
+ if ( !-e $tgt ) {
+ if ( -l $link && !-e $link ) {
+ if ( $act eq 'disable' ) {
+ info("removing dangling symlink $link\n");
+ unlink($link);
+
+ # force a .conf path. It may exist as dangling link, too
+ $conflink = "$enabldir/$acton.conf";
+
+ if ( -l $conflink && !-e $conflink ) {
+ info("removing dangling symlink $conflink\n");
+ unlink($conflink);
+ }
+
+ return 1;
+ }
+ else {
+ error("$link is a dangling symlink!\n");
+ }
+ }
+
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ # exit silently, we are purging anyway
+ return 1;
+ }
+
+ error("$name $acton does not exist!\n");
+ return 0;
+ }
+
+ # handle module dependencies
+ if ( $obj eq 'module' ) {
+ if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
+ my @depends = get_deps("$availdir/$acton.load");
+ do_deps( $acton, @depends ) or return 0;
+
+ my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
+ check_conflicts( $acton, @conflicts ) or return 0;
+ }
+ else {
+ my @depending;
+ foreach my $d ( glob("$enabldir/*.load") ) {
+ my @deps = get_deps($d);
+ if ( is_in( $acton, @deps ) ) {
+ $d =~ m,/([^/]+).load$,;
+ push @depending, $1;
+ }
+ }
+ if ( scalar @depending ) {
+ if ($force) {
+ do_deps( $acton, @depending ) or return 0;
+ }
+ else {
+ error(
+ "The following modules depend on $acton ",
+ "and need to be disabled first: @depending\n"
+ );
+ return 0;
+ }
+ }
+ }
+ }
+ elsif ( $act eq 'enable' ) {
+ my @depends = get_deps("$availdir/$acton$sffx");
+ warn_deps( $acton, @depends ) or return 0;
+ }
+
+ if ( $act eq 'enable' ) {
+ my $check = check_link( $tgt, $link );
+ if ( $check eq 'ok' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'ok' ) {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ elsif ( $confcheck eq 'missing' ) {
+ print "Enabling config file $acton.conf.\n";
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ else {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+ else {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ }
+ elsif ( $check eq 'missing' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'missing' ) {
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ elsif ( $confcheck ne 'ok' ) {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+
+ print "Enabling $obj $acton.\n";
+ if ( $acton eq 'ssl' ) {
+ info( "See /usr/share/doc/apache2/README.Debian.gz on "
+ . "how to configure SSL and create self-signed certificates.\n"
+ );
+ }
+ return add_link( $tgt, $link )
+ && switch_marker( $obj, $act, $acton );
+ }
+ else {
+ error("$name $acton not properly enabled: $check\n");
+ return 0;
+ }
+ }
+ else {
+ if ( -e $link || -l $link ) {
+ remove_link($link);
+ if ( $conflink && -e $conflink ) {
+ remove_link($conflink);
+ }
+ switch_marker( $obj, $act, $acton );
+ print "$name $acton disabled.\n";
+ }
+ elsif ( $conflink && -e $conflink ) {
+ print "Disabling stale config file $acton.conf.\n";
+ remove_link($conflink);
+ }
+ else {
+ info("$name $acton already disabled\n");
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ }
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+sub get_deps {
+ my $file = shift;
+ my $type = shift || "Depends";
+
+ my $fd;
+ if ( !open( $fd, '<', $file ) ) {
+ error("Can't open $file: $!");
+ return;
+ }
+ my $line;
+ while ( defined( $line = <$fd> ) ) {
+ chomp $line;
+ if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
+ my $deps = $1;
+ return split( /[\n\s]+/, $deps );
+ }
+
+ # only check until the first non-empty non-comment line
+ last if ( $line !~ /^\s*(?:#.*)?$/ );
+ }
+ return;
+}
+
+sub do_deps {
+ my $acton = shift;
+ foreach my $d (@_) {
+ info("Considering dependency $d for $acton:\n");
+ if ( !doit($d) ) {
+ error("Could not $act dependency $d for $acton, aborting\n");
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub warn_deps {
+ my $acton = shift;
+ my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
+ foreach my $d (@_) {
+ info("Checking dependency $d for $acton:\n");
+ if ( !-e "$modsenabldir/$d.load" ) {
+ warning(
+ "Module $d is not enabled, but $acton depends on it, aborting\n"
+ );
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub check_conflicts {
+ my $acton = shift;
+ my $haderror = 0;
+ foreach my $d (@_) {
+ info("Considering conflict $d for $acton:\n");
+
+ my $tgt = "$availdir/$d$sffx";
+ my $link = "$enabldir/$d$sffx";
+
+ my $confcheck = check_link( $tgt, $link );
+ if ( $confcheck eq 'ok' ) {
+ error(
+ "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
+ );
+
+ # Don't return immediately, there could be several conflicts
+ $haderror++;
+ }
+ }
+
+ if ($haderror) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub add_link {
+ my ( $tgt, $link ) = @_;
+
+ # create relative link
+ if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
+ die("Could not create $link: $!\n");
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub check_link {
+ my ( $tgt, $link ) = @_;
+
+ if ( !-e $link ) {
+ if ( -l $link ) {
+
+ # points to nowhere
+ info("Removing dangling link $link");
+ unlink($link) or die "Could not remove $link\n";
+ }
+ return 'missing';
+ }
+
+ if ( -e $link && !-l $link ) {
+ return "$link is a real file, not touching it";
+ }
+ if ( realpath($link) ne realpath($tgt) ) {
+ return "$link exists but does not point to $tgt, not touching it";
+ }
+ return 'ok';
+}
+
+sub remove_link {
+ my ($link) = @_;
+
+ if ( -l $link ) {
+ unlink($link) or die "Could not remove $link: $!\n";
+ }
+ elsif ( -e $link ) {
+ error("$link is not a symbolic link, not deleting\n");
+ return 0;
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub threaded {
+ my $result = "";
+ $result = qx{/usr/sbin/apachectl -V | grep 'threaded'}
+ if -x '/usr/sbin/apachectl';
+ if ( $? != 0 ) {
+
+ # config doesn't work
+ if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
+ {
+ return 0;
+ }
+ elsif (-e "$enabldir/mpm_worker.load"
+ || -e "$enabldir/mpm_event.load" )
+ {
+ return 1;
+ }
+ else {
+ error("Can't determine enabled MPM");
+
+ # do what user requested
+ return 0;
+ }
+ }
+ if ( $result =~ / no/ ) {
+ return 0;
+ }
+ elsif ( $result =~ / yes/ ) {
+ return 1;
+ }
+ else {
+ die("Can't parse output from apache2ctl -V:\n$result\n");
+ }
+}
+
+sub info {
+ print @_ if !$quiet;
+}
+
+sub error {
+ print STDERR 'ERROR: ', @_;
+}
+
+sub warning {
+ print STDERR 'WARNING: ', @_;
+}
+
+sub is_in {
+ my $needle = shift;
+ foreach my $e (@_) {
+ return 1 if $needle eq $e;
+ }
+ return 0;
+}
+
+sub read_env_file {
+ my $file = shift;
+
+ -r $file or return;
+ my @lines = qx{env - sh -c '. $file && env'};
+ if ($?) {
+ die "Could not read $file\n";
+ }
+
+ foreach my $l (@lines) {
+ chomp $l;
+ $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
+ $ENV{$1} = $2;
+ }
+}
+
+sub switch_marker {
+ die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
+ if @_ != 3;
+ my $which = shift;
+ my $what = shift;
+ my $name = shift;
+
+ my $mode = "admin";
+ $mode = "maint" if $maintmode;
+
+ #print("switch_marker $which $what $name\n");
+ # TODO: get rid of the magic string(s)
+ my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
+ my $state_marker = "$state_marker_dir/$name";
+ if ( !-d $state_marker_dir ) {
+ File::Path::mkpath("$state_marker_dir")
+ || error(
+ "Failed to create marker directory: '$state_marker_dir'\n");
+ }
+
+ # XXX: swap find with perl alternative
+ my @markers = qx{find "$statedir" -type f -a -name "$name"};
+ chomp(@markers);
+ foreach (@markers) {
+ unless ( unlink $_ ) {
+ error("Failed to remove old marker '$_'!\n") && return 0;
+ }
+ }
+ unless ($purge) {
+ qx{touch "$state_marker"};
+ if ( $? != 0 ) {
+ error("Failed to create marker '$state_marker'!\n") && return 0;
+ }
+ return 1;
+ }
+}
+
+# vim: syntax=perl sw=4 sts=4 sr et
- change mode from '' to '0700'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* link[/usr/sbin/a2dismod] action delete (skipped due to only_if)
* template[/usr/sbin/a2dismod] action create
- create new file /usr/sbin/a2dismod
- update content in file /usr/sbin/a2dismod from none to 0556b3
--- /usr/sbin/a2dismod 2017-01-26 20:38:56.400648001 +0000
+++ /usr/sbin/.chef-a2dismod20170126-2882-1x9dx8b 2017-01-26 20:38:56.400648001 +0000
@@ -1 +1,533 @@
+#!/usr/bin/perl -w
+#
+# a2enmod by Stefan Fritsch <sf@debian.org>
+# Licensed under Apache License 2.0
+#
+# The coding style is "perltidy -pbp"
+
+use strict;
+use Cwd 'realpath';
+use File::Spec;
+use File::Basename;
+use File::Path;
+use Getopt::Long;
+
+my $quiet;
+my $force;
+my $maintmode;
+my $purge;
+
+Getopt::Long::Configure('bundling');
+GetOptions(
+ 'quiet|q' => \$quiet,
+ 'force|f' => \$force,
+ 'maintmode|m' => \$maintmode,
+ 'purge|p' => \$purge
+) or exit 2;
+
+my $basename = basename($0);
+$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
+ or die "$basename call name unknown\n";
+my $act = $1;
+my $obj = $2;
+my $dir_suffix = $3;
+
+my $env_file = $ENV{APACHE_ENVVARS}
+ || (
+ $ENV{APACHE_CONFDIR}
+ ? "$ENV{APACHE_CONFDIR}/envvars"
+ : "/etc/httpd$dir_suffix/envvars"
+ );
+$ENV{LANG} = 'C';
+read_env_file($env_file);
+
+$act .= 'able';
+my ( $name, $dir, $sffx, $reload );
+if ( $obj eq 'mod' ) {
+ $obj = 'module';
+ $dir = 'mods';
+ $sffx = '.load';
+ $reload = 'restart';
+}
+elsif ( $obj eq 'conf' ) {
+ $obj = 'conf';
+ $dir = 'conf';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+else {
+ $dir = 'sites';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+$name = ucfirst($obj);
+
+my $confdir = $ENV{APACHE_CONFDIR} || "/etc/httpd$dir_suffix";
+my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
+ || "$confdir/$dir-available";
+my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib64/httpd";
+
+$statedir .= "/$obj";
+
+my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
+my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
+
+my $request_reload = 0;
+
+my $rc = 0;
+
+if ( !scalar @ARGV ) {
+ my @choices = myglob('*');
+ print "Your choices are: @choices\n";
+ print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
+ my $input = <>;
+ @ARGV = split /\s+/, $input;
+
+}
+
+my @objs;
+foreach my $arg (@ARGV) {
+ $arg =~ s/${sffx}$//;
+ my @glob = myglob($arg);
+ if ( !@glob ) {
+ error("No $obj found matching $arg!\n");
+ $rc = 1;
+ }
+ else {
+ push @objs, @glob;
+ }
+}
+
+foreach my $acton (@objs) {
+ doit($acton) or $rc = 1;
+}
+
+info(
+ "To activate the new configuration, you need to run:\n service apache2 $reload\n"
+) if $request_reload;
+
+exit($rc);
+
+##############################################################################
+
+sub myglob {
+ my $arg = shift;
+
+ my @glob = map {
+ s{^$choicedir/}{};
+ s{$sffx$}{};
+ $_
+ } glob("$choicedir/$arg$sffx");
+
+ return @glob;
+}
+
+sub doit {
+ my $acton = shift;
+
+ my ( $conftgt, $conflink );
+ if ( $obj eq 'module' ) {
+ if ( $acton eq 'cgi' && threaded() ) {
+ print
+ "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
+ $acton = 'cgid';
+ }
+
+ $conftgt = "$availdir/$acton.conf";
+ if ( -e $conftgt ) {
+ $conflink = "$enabldir/$acton.conf";
+ }
+ }
+
+ my $tgt = "$availdir/$acton$sffx";
+ my $link = "$enabldir/$acton$sffx";
+
+ if ( !-e $tgt ) {
+ if ( -l $link && !-e $link ) {
+ if ( $act eq 'disable' ) {
+ info("removing dangling symlink $link\n");
+ unlink($link);
+
+ # force a .conf path. It may exist as dangling link, too
+ $conflink = "$enabldir/$acton.conf";
+
+ if ( -l $conflink && !-e $conflink ) {
+ info("removing dangling symlink $conflink\n");
+ unlink($conflink);
+ }
+
+ return 1;
+ }
+ else {
+ error("$link is a dangling symlink!\n");
+ }
+ }
+
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ # exit silently, we are purging anyway
+ return 1;
+ }
+
+ error("$name $acton does not exist!\n");
+ return 0;
+ }
+
+ # handle module dependencies
+ if ( $obj eq 'module' ) {
+ if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
+ my @depends = get_deps("$availdir/$acton.load");
+ do_deps( $acton, @depends ) or return 0;
+
+ my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
+ check_conflicts( $acton, @conflicts ) or return 0;
+ }
+ else {
+ my @depending;
+ foreach my $d ( glob("$enabldir/*.load") ) {
+ my @deps = get_deps($d);
+ if ( is_in( $acton, @deps ) ) {
+ $d =~ m,/([^/]+).load$,;
+ push @depending, $1;
+ }
+ }
+ if ( scalar @depending ) {
+ if ($force) {
+ do_deps( $acton, @depending ) or return 0;
+ }
+ else {
+ error(
+ "The following modules depend on $acton ",
+ "and need to be disabled first: @depending\n"
+ );
+ return 0;
+ }
+ }
+ }
+ }
+ elsif ( $act eq 'enable' ) {
+ my @depends = get_deps("$availdir/$acton$sffx");
+ warn_deps( $acton, @depends ) or return 0;
+ }
+
+ if ( $act eq 'enable' ) {
+ my $check = check_link( $tgt, $link );
+ if ( $check eq 'ok' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'ok' ) {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ elsif ( $confcheck eq 'missing' ) {
+ print "Enabling config file $acton.conf.\n";
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ else {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+ else {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ }
+ elsif ( $check eq 'missing' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'missing' ) {
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ elsif ( $confcheck ne 'ok' ) {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+
+ print "Enabling $obj $acton.\n";
+ if ( $acton eq 'ssl' ) {
+ info( "See /usr/share/doc/apache2/README.Debian.gz on "
+ . "how to configure SSL and create self-signed certificates.\n"
+ );
+ }
+ return add_link( $tgt, $link )
+ && switch_marker( $obj, $act, $acton );
+ }
+ else {
+ error("$name $acton not properly enabled: $check\n");
+ return 0;
+ }
+ }
+ else {
+ if ( -e $link || -l $link ) {
+ remove_link($link);
+ if ( $conflink && -e $conflink ) {
+ remove_link($conflink);
+ }
+ switch_marker( $obj, $act, $acton );
+ print "$name $acton disabled.\n";
+ }
+ elsif ( $conflink && -e $conflink ) {
+ print "Disabling stale config file $acton.conf.\n";
+ remove_link($conflink);
+ }
+ else {
+ info("$name $acton already disabled\n");
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ }
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+sub get_deps {
+ my $file = shift;
+ my $type = shift || "Depends";
+
+ my $fd;
+ if ( !open( $fd, '<', $file ) ) {
+ error("Can't open $file: $!");
+ return;
+ }
+ my $line;
+ while ( defined( $line = <$fd> ) ) {
+ chomp $line;
+ if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
+ my $deps = $1;
+ return split( /[\n\s]+/, $deps );
+ }
+
+ # only check until the first non-empty non-comment line
+ last if ( $line !~ /^\s*(?:#.*)?$/ );
+ }
+ return;
+}
+
+sub do_deps {
+ my $acton = shift;
+ foreach my $d (@_) {
+ info("Considering dependency $d for $acton:\n");
+ if ( !doit($d) ) {
+ error("Could not $act dependency $d for $acton, aborting\n");
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub warn_deps {
+ my $acton = shift;
+ my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
+ foreach my $d (@_) {
+ info("Checking dependency $d for $acton:\n");
+ if ( !-e "$modsenabldir/$d.load" ) {
+ warning(
+ "Module $d is not enabled, but $acton depends on it, aborting\n"
+ );
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub check_conflicts {
+ my $acton = shift;
+ my $haderror = 0;
+ foreach my $d (@_) {
+ info("Considering conflict $d for $acton:\n");
+
+ my $tgt = "$availdir/$d$sffx";
+ my $link = "$enabldir/$d$sffx";
+
+ my $confcheck = check_link( $tgt, $link );
+ if ( $confcheck eq 'ok' ) {
+ error(
+ "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
+ );
+
+ # Don't return immediately, there could be several conflicts
+ $haderror++;
+ }
+ }
+
+ if ($haderror) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub add_link {
+ my ( $tgt, $link ) = @_;
+
+ # create relative link
+ if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
+ die("Could not create $link: $!\n");
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub check_link {
+ my ( $tgt, $link ) = @_;
+
+ if ( !-e $link ) {
+ if ( -l $link ) {
+
+ # points to nowhere
+ info("Removing dangling link $link");
+ unlink($link) or die "Could not remove $link\n";
+ }
+ return 'missing';
+ }
+
+ if ( -e $link && !-l $link ) {
+ return "$link is a real file, not touching it";
+ }
+ if ( realpath($link) ne realpath($tgt) ) {
+ return "$link exists but does not point to $tgt, not touching it";
+ }
+ return 'ok';
+}
+
+sub remove_link {
+ my ($link) = @_;
+
+ if ( -l $link ) {
+ unlink($link) or die "Could not remove $link: $!\n";
+ }
+ elsif ( -e $link ) {
+ error("$link is not a symbolic link, not deleting\n");
+ return 0;
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub threaded {
+ my $result = "";
+ $result = qx{/usr/sbin/apachectl -V | grep 'threaded'}
+ if -x '/usr/sbin/apachectl';
+ if ( $? != 0 ) {
+
+ # config doesn't work
+ if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
+ {
+ return 0;
+ }
+ elsif (-e "$enabldir/mpm_worker.load"
+ || -e "$enabldir/mpm_event.load" )
+ {
+ return 1;
+ }
+ else {
+ error("Can't determine enabled MPM");
+
+ # do what user requested
+ return 0;
+ }
+ }
+ if ( $result =~ / no/ ) {
+ return 0;
+ }
+ elsif ( $result =~ / yes/ ) {
+ return 1;
+ }
+ else {
+ die("Can't parse output from apache2ctl -V:\n$result\n");
+ }
+}
+
+sub info {
+ print @_ if !$quiet;
+}
+
+sub error {
+ print STDERR 'ERROR: ', @_;
+}
+
+sub warning {
+ print STDERR 'WARNING: ', @_;
+}
+
+sub is_in {
+ my $needle = shift;
+ foreach my $e (@_) {
+ return 1 if $needle eq $e;
+ }
+ return 0;
+}
+
+sub read_env_file {
+ my $file = shift;
+
+ -r $file or return;
+ my @lines = qx{env - sh -c '. $file && env'};
+ if ($?) {
+ die "Could not read $file\n";
+ }
+
+ foreach my $l (@lines) {
+ chomp $l;
+ $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
+ $ENV{$1} = $2;
+ }
+}
+
+sub switch_marker {
+ die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
+ if @_ != 3;
+ my $which = shift;
+ my $what = shift;
+ my $name = shift;
+
+ my $mode = "admin";
+ $mode = "maint" if $maintmode;
+
+ #print("switch_marker $which $what $name\n");
+ # TODO: get rid of the magic string(s)
+ my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
+ my $state_marker = "$state_marker_dir/$name";
+ if ( !-d $state_marker_dir ) {
+ File::Path::mkpath("$state_marker_dir")
+ || error(
+ "Failed to create marker directory: '$state_marker_dir'\n");
+ }
+
+ # XXX: swap find with perl alternative
+ my @markers = qx{find "$statedir" -type f -a -name "$name"};
+ chomp(@markers);
+ foreach (@markers) {
+ unless ( unlink $_ ) {
+ error("Failed to remove old marker '$_'!\n") && return 0;
+ }
+ }
+ unless ($purge) {
+ qx{touch "$state_marker"};
+ if ( $? != 0 ) {
+ error("Failed to create marker '$state_marker'!\n") && return 0;
+ }
+ return 1;
+ }
+}
+
+# vim: syntax=perl sw=4 sts=4 sr et
- change mode from '' to '0700'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* link[/usr/sbin/a2enconf] action delete (skipped due to only_if)
* template[/usr/sbin/a2enconf] action create
- create new file /usr/sbin/a2enconf
- update content in file /usr/sbin/a2enconf from none to 0556b3
--- /usr/sbin/a2enconf 2017-01-26 20:38:57.064980001 +0000
+++ /usr/sbin/.chef-a2enconf20170126-2882-1fygw1e 2017-01-26 20:38:57.064980001 +0000
@@ -1 +1,533 @@
+#!/usr/bin/perl -w
+#
+# a2enmod by Stefan Fritsch <sf@debian.org>
+# Licensed under Apache License 2.0
+#
+# The coding style is "perltidy -pbp"
+
+use strict;
+use Cwd 'realpath';
+use File::Spec;
+use File::Basename;
+use File::Path;
+use Getopt::Long;
+
+my $quiet;
+my $force;
+my $maintmode;
+my $purge;
+
+Getopt::Long::Configure('bundling');
+GetOptions(
+ 'quiet|q' => \$quiet,
+ 'force|f' => \$force,
+ 'maintmode|m' => \$maintmode,
+ 'purge|p' => \$purge
+) or exit 2;
+
+my $basename = basename($0);
+$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
+ or die "$basename call name unknown\n";
+my $act = $1;
+my $obj = $2;
+my $dir_suffix = $3;
+
+my $env_file = $ENV{APACHE_ENVVARS}
+ || (
+ $ENV{APACHE_CONFDIR}
+ ? "$ENV{APACHE_CONFDIR}/envvars"
+ : "/etc/httpd$dir_suffix/envvars"
+ );
+$ENV{LANG} = 'C';
+read_env_file($env_file);
+
+$act .= 'able';
+my ( $name, $dir, $sffx, $reload );
+if ( $obj eq 'mod' ) {
+ $obj = 'module';
+ $dir = 'mods';
+ $sffx = '.load';
+ $reload = 'restart';
+}
+elsif ( $obj eq 'conf' ) {
+ $obj = 'conf';
+ $dir = 'conf';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+else {
+ $dir = 'sites';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+$name = ucfirst($obj);
+
+my $confdir = $ENV{APACHE_CONFDIR} || "/etc/httpd$dir_suffix";
+my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
+ || "$confdir/$dir-available";
+my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib64/httpd";
+
+$statedir .= "/$obj";
+
+my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
+my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
+
+my $request_reload = 0;
+
+my $rc = 0;
+
+if ( !scalar @ARGV ) {
+ my @choices = myglob('*');
+ print "Your choices are: @choices\n";
+ print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
+ my $input = <>;
+ @ARGV = split /\s+/, $input;
+
+}
+
+my @objs;
+foreach my $arg (@ARGV) {
+ $arg =~ s/${sffx}$//;
+ my @glob = myglob($arg);
+ if ( !@glob ) {
+ error("No $obj found matching $arg!\n");
+ $rc = 1;
+ }
+ else {
+ push @objs, @glob;
+ }
+}
+
+foreach my $acton (@objs) {
+ doit($acton) or $rc = 1;
+}
+
+info(
+ "To activate the new configuration, you need to run:\n service apache2 $reload\n"
+) if $request_reload;
+
+exit($rc);
+
+##############################################################################
+
+sub myglob {
+ my $arg = shift;
+
+ my @glob = map {
+ s{^$choicedir/}{};
+ s{$sffx$}{};
+ $_
+ } glob("$choicedir/$arg$sffx");
+
+ return @glob;
+}
+
+sub doit {
+ my $acton = shift;
+
+ my ( $conftgt, $conflink );
+ if ( $obj eq 'module' ) {
+ if ( $acton eq 'cgi' && threaded() ) {
+ print
+ "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
+ $acton = 'cgid';
+ }
+
+ $conftgt = "$availdir/$acton.conf";
+ if ( -e $conftgt ) {
+ $conflink = "$enabldir/$acton.conf";
+ }
+ }
+
+ my $tgt = "$availdir/$acton$sffx";
+ my $link = "$enabldir/$acton$sffx";
+
+ if ( !-e $tgt ) {
+ if ( -l $link && !-e $link ) {
+ if ( $act eq 'disable' ) {
+ info("removing dangling symlink $link\n");
+ unlink($link);
+
+ # force a .conf path. It may exist as dangling link, too
+ $conflink = "$enabldir/$acton.conf";
+
+ if ( -l $conflink && !-e $conflink ) {
+ info("removing dangling symlink $conflink\n");
+ unlink($conflink);
+ }
+
+ return 1;
+ }
+ else {
+ error("$link is a dangling symlink!\n");
+ }
+ }
+
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ # exit silently, we are purging anyway
+ return 1;
+ }
+
+ error("$name $acton does not exist!\n");
+ return 0;
+ }
+
+ # handle module dependencies
+ if ( $obj eq 'module' ) {
+ if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
+ my @depends = get_deps("$availdir/$acton.load");
+ do_deps( $acton, @depends ) or return 0;
+
+ my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
+ check_conflicts( $acton, @conflicts ) or return 0;
+ }
+ else {
+ my @depending;
+ foreach my $d ( glob("$enabldir/*.load") ) {
+ my @deps = get_deps($d);
+ if ( is_in( $acton, @deps ) ) {
+ $d =~ m,/([^/]+).load$,;
+ push @depending, $1;
+ }
+ }
+ if ( scalar @depending ) {
+ if ($force) {
+ do_deps( $acton, @depending ) or return 0;
+ }
+ else {
+ error(
+ "The following modules depend on $acton ",
+ "and need to be disabled first: @depending\n"
+ );
+ return 0;
+ }
+ }
+ }
+ }
+ elsif ( $act eq 'enable' ) {
+ my @depends = get_deps("$availdir/$acton$sffx");
+ warn_deps( $acton, @depends ) or return 0;
+ }
+
+ if ( $act eq 'enable' ) {
+ my $check = check_link( $tgt, $link );
+ if ( $check eq 'ok' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'ok' ) {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ elsif ( $confcheck eq 'missing' ) {
+ print "Enabling config file $acton.conf.\n";
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ else {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+ else {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ }
+ elsif ( $check eq 'missing' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'missing' ) {
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ elsif ( $confcheck ne 'ok' ) {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+
+ print "Enabling $obj $acton.\n";
+ if ( $acton eq 'ssl' ) {
+ info( "See /usr/share/doc/apache2/README.Debian.gz on "
+ . "how to configure SSL and create self-signed certificates.\n"
+ );
+ }
+ return add_link( $tgt, $link )
+ && switch_marker( $obj, $act, $acton );
+ }
+ else {
+ error("$name $acton not properly enabled: $check\n");
+ return 0;
+ }
+ }
+ else {
+ if ( -e $link || -l $link ) {
+ remove_link($link);
+ if ( $conflink && -e $conflink ) {
+ remove_link($conflink);
+ }
+ switch_marker( $obj, $act, $acton );
+ print "$name $acton disabled.\n";
+ }
+ elsif ( $conflink && -e $conflink ) {
+ print "Disabling stale config file $acton.conf.\n";
+ remove_link($conflink);
+ }
+ else {
+ info("$name $acton already disabled\n");
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ }
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+sub get_deps {
+ my $file = shift;
+ my $type = shift || "Depends";
+
+ my $fd;
+ if ( !open( $fd, '<', $file ) ) {
+ error("Can't open $file: $!");
+ return;
+ }
+ my $line;
+ while ( defined( $line = <$fd> ) ) {
+ chomp $line;
+ if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
+ my $deps = $1;
+ return split( /[\n\s]+/, $deps );
+ }
+
+ # only check until the first non-empty non-comment line
+ last if ( $line !~ /^\s*(?:#.*)?$/ );
+ }
+ return;
+}
+
+sub do_deps {
+ my $acton = shift;
+ foreach my $d (@_) {
+ info("Considering dependency $d for $acton:\n");
+ if ( !doit($d) ) {
+ error("Could not $act dependency $d for $acton, aborting\n");
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub warn_deps {
+ my $acton = shift;
+ my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
+ foreach my $d (@_) {
+ info("Checking dependency $d for $acton:\n");
+ if ( !-e "$modsenabldir/$d.load" ) {
+ warning(
+ "Module $d is not enabled, but $acton depends on it, aborting\n"
+ );
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub check_conflicts {
+ my $acton = shift;
+ my $haderror = 0;
+ foreach my $d (@_) {
+ info("Considering conflict $d for $acton:\n");
+
+ my $tgt = "$availdir/$d$sffx";
+ my $link = "$enabldir/$d$sffx";
+
+ my $confcheck = check_link( $tgt, $link );
+ if ( $confcheck eq 'ok' ) {
+ error(
+ "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
+ );
+
+ # Don't return immediately, there could be several conflicts
+ $haderror++;
+ }
+ }
+
+ if ($haderror) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub add_link {
+ my ( $tgt, $link ) = @_;
+
+ # create relative link
+ if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
+ die("Could not create $link: $!\n");
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub check_link {
+ my ( $tgt, $link ) = @_;
+
+ if ( !-e $link ) {
+ if ( -l $link ) {
+
+ # points to nowhere
+ info("Removing dangling link $link");
+ unlink($link) or die "Could not remove $link\n";
+ }
+ return 'missing';
+ }
+
+ if ( -e $link && !-l $link ) {
+ return "$link is a real file, not touching it";
+ }
+ if ( realpath($link) ne realpath($tgt) ) {
+ return "$link exists but does not point to $tgt, not touching it";
+ }
+ return 'ok';
+}
+
+sub remove_link {
+ my ($link) = @_;
+
+ if ( -l $link ) {
+ unlink($link) or die "Could not remove $link: $!\n";
+ }
+ elsif ( -e $link ) {
+ error("$link is not a symbolic link, not deleting\n");
+ return 0;
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub threaded {
+ my $result = "";
+ $result = qx{/usr/sbin/apachectl -V | grep 'threaded'}
+ if -x '/usr/sbin/apachectl';
+ if ( $? != 0 ) {
+
+ # config doesn't work
+ if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
+ {
+ return 0;
+ }
+ elsif (-e "$enabldir/mpm_worker.load"
+ || -e "$enabldir/mpm_event.load" )
+ {
+ return 1;
+ }
+ else {
+ error("Can't determine enabled MPM");
+
+ # do what user requested
+ return 0;
+ }
+ }
+ if ( $result =~ / no/ ) {
+ return 0;
+ }
+ elsif ( $result =~ / yes/ ) {
+ return 1;
+ }
+ else {
+ die("Can't parse output from apache2ctl -V:\n$result\n");
+ }
+}
+
+sub info {
+ print @_ if !$quiet;
+}
+
+sub error {
+ print STDERR 'ERROR: ', @_;
+}
+
+sub warning {
+ print STDERR 'WARNING: ', @_;
+}
+
+sub is_in {
+ my $needle = shift;
+ foreach my $e (@_) {
+ return 1 if $needle eq $e;
+ }
+ return 0;
+}
+
+sub read_env_file {
+ my $file = shift;
+
+ -r $file or return;
+ my @lines = qx{env - sh -c '. $file && env'};
+ if ($?) {
+ die "Could not read $file\n";
+ }
+
+ foreach my $l (@lines) {
+ chomp $l;
+ $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
+ $ENV{$1} = $2;
+ }
+}
+
+sub switch_marker {
+ die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
+ if @_ != 3;
+ my $which = shift;
+ my $what = shift;
+ my $name = shift;
+
+ my $mode = "admin";
+ $mode = "maint" if $maintmode;
+
+ #print("switch_marker $which $what $name\n");
+ # TODO: get rid of the magic string(s)
+ my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
+ my $state_marker = "$state_marker_dir/$name";
+ if ( !-d $state_marker_dir ) {
+ File::Path::mkpath("$state_marker_dir")
+ || error(
+ "Failed to create marker directory: '$state_marker_dir'\n");
+ }
+
+ # XXX: swap find with perl alternative
+ my @markers = qx{find "$statedir" -type f -a -name "$name"};
+ chomp(@markers);
+ foreach (@markers) {
+ unless ( unlink $_ ) {
+ error("Failed to remove old marker '$_'!\n") && return 0;
+ }
+ }
+ unless ($purge) {
+ qx{touch "$state_marker"};
+ if ( $? != 0 ) {
+ error("Failed to create marker '$state_marker'!\n") && return 0;
+ }
+ return 1;
+ }
+}
+
+# vim: syntax=perl sw=4 sts=4 sr et
- change mode from '' to '0700'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* link[/usr/sbin/a2disconf] action delete (skipped due to only_if)
* template[/usr/sbin/a2disconf] action create
- create new file /usr/sbin/a2disconf
- update content in file /usr/sbin/a2disconf from none to 0556b3
--- /usr/sbin/a2disconf 2017-01-26 20:38:57.610252501 +0000
+++ /usr/sbin/.chef-a2disconf20170126-2882-1pylamc 2017-01-26 20:38:57.610252501 +0000
@@ -1 +1,533 @@
+#!/usr/bin/perl -w
+#
+# a2enmod by Stefan Fritsch <sf@debian.org>
+# Licensed under Apache License 2.0
+#
+# The coding style is "perltidy -pbp"
+
+use strict;
+use Cwd 'realpath';
+use File::Spec;
+use File::Basename;
+use File::Path;
+use Getopt::Long;
+
+my $quiet;
+my $force;
+my $maintmode;
+my $purge;
+
+Getopt::Long::Configure('bundling');
+GetOptions(
+ 'quiet|q' => \$quiet,
+ 'force|f' => \$force,
+ 'maintmode|m' => \$maintmode,
+ 'purge|p' => \$purge
+) or exit 2;
+
+my $basename = basename($0);
+$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
+ or die "$basename call name unknown\n";
+my $act = $1;
+my $obj = $2;
+my $dir_suffix = $3;
+
+my $env_file = $ENV{APACHE_ENVVARS}
+ || (
+ $ENV{APACHE_CONFDIR}
+ ? "$ENV{APACHE_CONFDIR}/envvars"
+ : "/etc/httpd$dir_suffix/envvars"
+ );
+$ENV{LANG} = 'C';
+read_env_file($env_file);
+
+$act .= 'able';
+my ( $name, $dir, $sffx, $reload );
+if ( $obj eq 'mod' ) {
+ $obj = 'module';
+ $dir = 'mods';
+ $sffx = '.load';
+ $reload = 'restart';
+}
+elsif ( $obj eq 'conf' ) {
+ $obj = 'conf';
+ $dir = 'conf';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+else {
+ $dir = 'sites';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+$name = ucfirst($obj);
+
+my $confdir = $ENV{APACHE_CONFDIR} || "/etc/httpd$dir_suffix";
+my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
+ || "$confdir/$dir-available";
+my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib64/httpd";
+
+$statedir .= "/$obj";
+
+my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
+my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
+
+my $request_reload = 0;
+
+my $rc = 0;
+
+if ( !scalar @ARGV ) {
+ my @choices = myglob('*');
+ print "Your choices are: @choices\n";
+ print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
+ my $input = <>;
+ @ARGV = split /\s+/, $input;
+
+}
+
+my @objs;
+foreach my $arg (@ARGV) {
+ $arg =~ s/${sffx}$//;
+ my @glob = myglob($arg);
+ if ( !@glob ) {
+ error("No $obj found matching $arg!\n");
+ $rc = 1;
+ }
+ else {
+ push @objs, @glob;
+ }
+}
+
+foreach my $acton (@objs) {
+ doit($acton) or $rc = 1;
+}
+
+info(
+ "To activate the new configuration, you need to run:\n service apache2 $reload\n"
+) if $request_reload;
+
+exit($rc);
+
+##############################################################################
+
+sub myglob {
+ my $arg = shift;
+
+ my @glob = map {
+ s{^$choicedir/}{};
+ s{$sffx$}{};
+ $_
+ } glob("$choicedir/$arg$sffx");
+
+ return @glob;
+}
+
+sub doit {
+ my $acton = shift;
+
+ my ( $conftgt, $conflink );
+ if ( $obj eq 'module' ) {
+ if ( $acton eq 'cgi' && threaded() ) {
+ print
+ "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
+ $acton = 'cgid';
+ }
+
+ $conftgt = "$availdir/$acton.conf";
+ if ( -e $conftgt ) {
+ $conflink = "$enabldir/$acton.conf";
+ }
+ }
+
+ my $tgt = "$availdir/$acton$sffx";
+ my $link = "$enabldir/$acton$sffx";
+
+ if ( !-e $tgt ) {
+ if ( -l $link && !-e $link ) {
+ if ( $act eq 'disable' ) {
+ info("removing dangling symlink $link\n");
+ unlink($link);
+
+ # force a .conf path. It may exist as dangling link, too
+ $conflink = "$enabldir/$acton.conf";
+
+ if ( -l $conflink && !-e $conflink ) {
+ info("removing dangling symlink $conflink\n");
+ unlink($conflink);
+ }
+
+ return 1;
+ }
+ else {
+ error("$link is a dangling symlink!\n");
+ }
+ }
+
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ # exit silently, we are purging anyway
+ return 1;
+ }
+
+ error("$name $acton does not exist!\n");
+ return 0;
+ }
+
+ # handle module dependencies
+ if ( $obj eq 'module' ) {
+ if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
+ my @depends = get_deps("$availdir/$acton.load");
+ do_deps( $acton, @depends ) or return 0;
+
+ my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
+ check_conflicts( $acton, @conflicts ) or return 0;
+ }
+ else {
+ my @depending;
+ foreach my $d ( glob("$enabldir/*.load") ) {
+ my @deps = get_deps($d);
+ if ( is_in( $acton, @deps ) ) {
+ $d =~ m,/([^/]+).load$,;
+ push @depending, $1;
+ }
+ }
+ if ( scalar @depending ) {
+ if ($force) {
+ do_deps( $acton, @depending ) or return 0;
+ }
+ else {
+ error(
+ "The following modules depend on $acton ",
+ "and need to be disabled first: @depending\n"
+ );
+ return 0;
+ }
+ }
+ }
+ }
+ elsif ( $act eq 'enable' ) {
+ my @depends = get_deps("$availdir/$acton$sffx");
+ warn_deps( $acton, @depends ) or return 0;
+ }
+
+ if ( $act eq 'enable' ) {
+ my $check = check_link( $tgt, $link );
+ if ( $check eq 'ok' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'ok' ) {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ elsif ( $confcheck eq 'missing' ) {
+ print "Enabling config file $acton.conf.\n";
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ else {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+ else {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ }
+ elsif ( $check eq 'missing' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'missing' ) {
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ elsif ( $confcheck ne 'ok' ) {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+
+ print "Enabling $obj $acton.\n";
+ if ( $acton eq 'ssl' ) {
+ info( "See /usr/share/doc/apache2/README.Debian.gz on "
+ . "how to configure SSL and create self-signed certificates.\n"
+ );
+ }
+ return add_link( $tgt, $link )
+ && switch_marker( $obj, $act, $acton );
+ }
+ else {
+ error("$name $acton not properly enabled: $check\n");
+ return 0;
+ }
+ }
+ else {
+ if ( -e $link || -l $link ) {
+ remove_link($link);
+ if ( $conflink && -e $conflink ) {
+ remove_link($conflink);
+ }
+ switch_marker( $obj, $act, $acton );
+ print "$name $acton disabled.\n";
+ }
+ elsif ( $conflink && -e $conflink ) {
+ print "Disabling stale config file $acton.conf.\n";
+ remove_link($conflink);
+ }
+ else {
+ info("$name $acton already disabled\n");
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ }
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+sub get_deps {
+ my $file = shift;
+ my $type = shift || "Depends";
+
+ my $fd;
+ if ( !open( $fd, '<', $file ) ) {
+ error("Can't open $file: $!");
+ return;
+ }
+ my $line;
+ while ( defined( $line = <$fd> ) ) {
+ chomp $line;
+ if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
+ my $deps = $1;
+ return split( /[\n\s]+/, $deps );
+ }
+
+ # only check until the first non-empty non-comment line
+ last if ( $line !~ /^\s*(?:#.*)?$/ );
+ }
+ return;
+}
+
+sub do_deps {
+ my $acton = shift;
+ foreach my $d (@_) {
+ info("Considering dependency $d for $acton:\n");
+ if ( !doit($d) ) {
+ error("Could not $act dependency $d for $acton, aborting\n");
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub warn_deps {
+ my $acton = shift;
+ my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
+ foreach my $d (@_) {
+ info("Checking dependency $d for $acton:\n");
+ if ( !-e "$modsenabldir/$d.load" ) {
+ warning(
+ "Module $d is not enabled, but $acton depends on it, aborting\n"
+ );
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub check_conflicts {
+ my $acton = shift;
+ my $haderror = 0;
+ foreach my $d (@_) {
+ info("Considering conflict $d for $acton:\n");
+
+ my $tgt = "$availdir/$d$sffx";
+ my $link = "$enabldir/$d$sffx";
+
+ my $confcheck = check_link( $tgt, $link );
+ if ( $confcheck eq 'ok' ) {
+ error(
+ "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
+ );
+
+ # Don't return immediately, there could be several conflicts
+ $haderror++;
+ }
+ }
+
+ if ($haderror) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub add_link {
+ my ( $tgt, $link ) = @_;
+
+ # create relative link
+ if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
+ die("Could not create $link: $!\n");
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub check_link {
+ my ( $tgt, $link ) = @_;
+
+ if ( !-e $link ) {
+ if ( -l $link ) {
+
+ # points to nowhere
+ info("Removing dangling link $link");
+ unlink($link) or die "Could not remove $link\n";
+ }
+ return 'missing';
+ }
+
+ if ( -e $link && !-l $link ) {
+ return "$link is a real file, not touching it";
+ }
+ if ( realpath($link) ne realpath($tgt) ) {
+ return "$link exists but does not point to $tgt, not touching it";
+ }
+ return 'ok';
+}
+
+sub remove_link {
+ my ($link) = @_;
+
+ if ( -l $link ) {
+ unlink($link) or die "Could not remove $link: $!\n";
+ }
+ elsif ( -e $link ) {
+ error("$link is not a symbolic link, not deleting\n");
+ return 0;
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub threaded {
+ my $result = "";
+ $result = qx{/usr/sbin/apachectl -V | grep 'threaded'}
+ if -x '/usr/sbin/apachectl';
+ if ( $? != 0 ) {
+
+ # config doesn't work
+ if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
+ {
+ return 0;
+ }
+ elsif (-e "$enabldir/mpm_worker.load"
+ || -e "$enabldir/mpm_event.load" )
+ {
+ return 1;
+ }
+ else {
+ error("Can't determine enabled MPM");
+
+ # do what user requested
+ return 0;
+ }
+ }
+ if ( $result =~ / no/ ) {
+ return 0;
+ }
+ elsif ( $result =~ / yes/ ) {
+ return 1;
+ }
+ else {
+ die("Can't parse output from apache2ctl -V:\n$result\n");
+ }
+}
+
+sub info {
+ print @_ if !$quiet;
+}
+
+sub error {
+ print STDERR 'ERROR: ', @_;
+}
+
+sub warning {
+ print STDERR 'WARNING: ', @_;
+}
+
+sub is_in {
+ my $needle = shift;
+ foreach my $e (@_) {
+ return 1 if $needle eq $e;
+ }
+ return 0;
+}
+
+sub read_env_file {
+ my $file = shift;
+
+ -r $file or return;
+ my @lines = qx{env - sh -c '. $file && env'};
+ if ($?) {
+ die "Could not read $file\n";
+ }
+
+ foreach my $l (@lines) {
+ chomp $l;
+ $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
+ $ENV{$1} = $2;
+ }
+}
+
+sub switch_marker {
+ die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
+ if @_ != 3;
+ my $which = shift;
+ my $what = shift;
+ my $name = shift;
+
+ my $mode = "admin";
+ $mode = "maint" if $maintmode;
+
+ #print("switch_marker $which $what $name\n");
+ # TODO: get rid of the magic string(s)
+ my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
+ my $state_marker = "$state_marker_dir/$name";
+ if ( !-d $state_marker_dir ) {
+ File::Path::mkpath("$state_marker_dir")
+ || error(
+ "Failed to create marker directory: '$state_marker_dir'\n");
+ }
+
+ # XXX: swap find with perl alternative
+ my @markers = qx{find "$statedir" -type f -a -name "$name"};
+ chomp(@markers);
+ foreach (@markers) {
+ unless ( unlink $_ ) {
+ error("Failed to remove old marker '$_'!\n") && return 0;
+ }
+ }
+ unless ($purge) {
+ qx{touch "$state_marker"};
+ if ( $? != 0 ) {
+ error("Failed to create marker '$state_marker'!\n") && return 0;
+ }
+ return 1;
+ }
+}
+
+# vim: syntax=perl sw=4 sts=4 sr et
- change mode from '' to '0700'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* cookbook_file[/usr/local/bin/apache2_module_conf_generate.pl] action create
- create new file /usr/local/bin/apache2_module_conf_generate.pl
- update content in file /usr/local/bin/apache2_module_conf_generate.pl from none to eaf6aa
--- /usr/local/bin/apache2_module_conf_generate.pl 2017-01-26 20:38:58.100497501 +0000
+++ /usr/local/bin/.chef-apache2_module_conf_generate20170126-2882-1g26d6y.pl 2017-01-26 20:38:58.099496999 +0000
@@ -1 +1,42 @@
+#!/usr/bin/perl
+
+=begin
+
+Generates Ubuntu style module.load files.
+
+./apache2_module_conf_generate.pl /usr/lib64/httpd/modules /etc/httpd/mods-available
+
+ARGV[0] is the apache modules directory, ARGV[1] is where you want 'em.
+
+=cut
+
+use File::Find;
+
+use strict;
+use warnings;
+
+die "Must have '/path/to/modules' and '/path/to/modules.load'"
+ unless $ARGV[0] && $ARGV[1];
+
+find(
+ {
+ wanted => sub {
+ return 1 if $File::Find::name !~ /\.so$/;
+ my $modfile = $_;
+ $modfile =~ /(lib|mod_)(.+)\.so$/;
+ my $modname = $2;
+ my $filename = "$ARGV[1]/$modname.load";
+ unless ( -f $filename ) {
+ open( FILE, ">", $filename ) or die "Cannot open $filename";
+ print FILE "LoadModule " . $modname . "_module $File::Find::name\n";
+ close(FILE);
+ }
+ },
+ follow => 1,
+ },
+ $ARGV[0]
+);
+
+exit 0;
+
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* execute[generate-module-list] action nothing (skipped due to action :nothing)
* directory[/etc/httpd/ssl] action create
- create new directory /etc/httpd/ssl
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* directory[/var/cache/httpd] action create
- create new directory /var/cache/httpd
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* directory[/var/run/httpd] action create
- change mode from '0710' to '0755'
- change group from 'apache' to 'root'
- restore selinux security context
* template[/etc/sysconfig/httpd] action create
- update content in file /etc/sysconfig/httpd from f2f8a4 to a17f9c
--- /etc/sysconfig/httpd 2016-12-13 09:27:11.000000000 +0000
+++ /etc/sysconfig/.chef-httpd20170126-2882-1nri2fx 2017-01-26 20:38:59.129011500 +0000
@@ -1,4 +1,4 @@
-# Configuration file for the httpd service.
+# This file is managed by Chef. Changes will be overwritten.
#
# The default processing model (MPM) is the process-based
@@ -6,7 +6,7 @@
# available, but does not work with some modules (such as PHP).
# The service must be stopped before changing this variable.
#
-#HTTPD=/usr/sbin/httpd.worker
+HTTPD=/usr/sbin/httpd
#
# To pass additional options (for instance, -D definitions) to the
@@ -15,11 +15,11 @@
#OPTIONS=
#
-# By default, the httpd process is started in the C locale; to
+# By default, the httpd process is started in the C locale; to
# change the locale in which the server runs, the HTTPD_LANG
# variable can be set.
#
-#HTTPD_LANG=C
+HTTPD_LANG=C
#
# By default, the httpd process will create the file
@@ -28,5 +28,6 @@
# specified in httpd.conf (via the PidFile directive), the new
# location needs to be reported in the PIDFILE.
#
-#PIDFILE=/var/run/httpd/httpd.pid
+PIDFILE=/var/run/httpd/httpd.pid
+
- restore selinux security context
* template[/etc/httpd/envvars] action create (skipped due to only_if)
* template[apache2.conf] action create
- update content in file /etc/httpd/conf/httpd.conf from 05850f to 928919
--- /etc/httpd/conf/httpd.conf 2016-12-13 09:27:11.000000000 +0000
+++ /etc/httpd/conf/.chef-httpd20170126-2882-95ngpq.conf 2017-01-26 20:38:59.337115501 +0000
@@ -1,79 +1,31 @@
#
-# This is the main Apache server configuration file. It contains the
-# configuration directives that give the server its instructions.
-# See <URL:http://httpd.apache.org/docs/2.2/> for detailed information.
-# In particular, see
-# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
-# for a discussion of each configuration directive.
+# Generated by Chef
#
-#
-# Do NOT simply read the instructions in here without understanding
-# what they do. They're here only as hints or reminders. If you are unsure
-# consult the online docs. You have been warned.
-#
-# The configuration directives are grouped into three basic sections:
-# 1. Directives that control the operation of the Apache server process as a
-# whole (the 'global environment').
-# 2. Directives that define the parameters of the 'main' or 'default' server,
-# which responds to requests that aren't handled by a virtual host.
-# These directives also provide default values for the settings
-# of all virtual hosts.
-# 3. Settings for virtual hosts, which allow Web requests to be sent to
-# different IP addresses or hostnames and have them handled by the
-# same Apache server process.
-#
-# Configuration and logfile names: If the filenames you specify for many
-# of the server's control files begin with "/" (or "drive:/" for Win32), the
-# server will use that explicit path. If the filenames do *not* begin
-# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
-# with ServerRoot set to "/etc/httpd" will be interpreted by the
-# server as "/etc/httpd/logs/foo.log".
-#
+# Based on the Ubuntu apache2.conf
-### Section 1: Global Environment
-#
-# The directives in this section affect the overall operation of Apache,
-# such as the number of concurrent requests it can handle or where it
-# can find its configuration files.
-#
+ServerRoot "/etc/httpd"
#
-# Don't give away too much information about all the subcomponents
-# we are running. Comment out this line if you don't mind remote sites
-# finding out what major optional modules you are running
-ServerTokens OS
-
+# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
-# ServerRoot: The top of the directory tree under which the server's
-# configuration, error, and log files are kept.
-#
-# NOTE! If you intend to place this on an NFS (or otherwise network)
-# mounted filesystem then please read the LockFile documentation
-# (available at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>);
-# you will save yourself a lot of trouble.
-#
-# Do NOT add a slash at the end of the directory path.
-#
-ServerRoot "/etc/httpd"
+LockFile /var/run/httpd/accept.lock
#
# PidFile: The file in which the server should record its process
-# identification number when it starts. Note the PIDFILE variable in
-# /etc/sysconfig/httpd must be set appropriately if this location is
-# changed.
+# identification number when it starts.
#
-PidFile run/httpd.pid
+PidFile /var/run/httpd/httpd.pid
#
# Timeout: The number of seconds before receives and sends time out.
#
-Timeout 60
+Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
-KeepAlive Off
+KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
@@ -86,345 +38,32 @@
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
-KeepAliveTimeout 15
+KeepAliveTimeout 5
-##
-## Server-Pool Size Regulation (MPM specific)
-##
-
-# prefork MPM
-# StartServers: number of server processes to start
-# MinSpareServers: minimum number of server processes which are kept spare
-# MaxSpareServers: maximum number of server processes which are kept spare
-# ServerLimit: maximum value for MaxClients for the lifetime of the server
-# MaxClients: maximum number of server processes allowed to start
-# MaxRequestsPerChild: maximum number of requests a server process serves
-<IfModule prefork.c>
-StartServers 8
-MinSpareServers 5
-MaxSpareServers 20
-ServerLimit 256
-MaxClients 256
-MaxRequestsPerChild 4000
-</IfModule>
-
-# worker MPM
-# StartServers: initial number of server processes to start
-# MaxClients: maximum number of simultaneous client connections
-# MinSpareThreads: minimum number of worker threads which are kept spare
-# MaxSpareThreads: maximum number of worker threads which are kept spare
-# ThreadsPerChild: constant number of worker threads in each server process
-# MaxRequestsPerChild: maximum number of requests a server process serves
-<IfModule worker.c>
-StartServers 4
-MaxClients 300
-MinSpareThreads 25
-MaxSpareThreads 75
-ThreadsPerChild 25
-MaxRequestsPerChild 0
-</IfModule>
-
-#
-# Listen: Allows you to bind Apache to specific IP addresses and/or
-# ports, in addition to the default. See also the <VirtualHost>
-# directive.
-#
-# Change this to Listen on specific IP addresses as shown below to
-# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
-#
-#Listen 12.34.56.78:80
-Listen 80
-
-#
-# Dynamic Shared Object (DSO) Support
-#
-# To be able to use the functionality of a module which was built as a DSO you
-# have to place corresponding `LoadModule' lines at this location so the
-# directives contained in it are actually available _before_ they are used.
-# Statically compiled modules (those listed by `httpd -l') do not need
-# to be loaded here.
-#
-# Example:
-# LoadModule foo_module modules/mod_foo.so
-#
-LoadModule auth_basic_module modules/mod_auth_basic.so
-LoadModule auth_digest_module modules/mod_auth_digest.so
-LoadModule authn_file_module modules/mod_authn_file.so
-LoadModule authn_alias_module modules/mod_authn_alias.so
-LoadModule authn_anon_module modules/mod_authn_anon.so
-LoadModule authn_dbm_module modules/mod_authn_dbm.so
-LoadModule authn_default_module modules/mod_authn_default.so
-LoadModule authz_host_module modules/mod_authz_host.so
-LoadModule authz_user_module modules/mod_authz_user.so
-LoadModule authz_owner_module modules/mod_authz_owner.so
-LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
-LoadModule authz_dbm_module modules/mod_authz_dbm.so
-LoadModule authz_default_module modules/mod_authz_default.so
-LoadModule ldap_module modules/mod_ldap.so
-LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
-LoadModule include_module modules/mod_include.so
-LoadModule log_config_module modules/mod_log_config.so
-LoadModule logio_module modules/mod_logio.so
-LoadModule env_module modules/mod_env.so
-LoadModule ext_filter_module modules/mod_ext_filter.so
-LoadModule mime_magic_module modules/mod_mime_magic.so
-LoadModule expires_module modules/mod_expires.so
-LoadModule deflate_module modules/mod_deflate.so
-LoadModule headers_module modules/mod_headers.so
-LoadModule usertrack_module modules/mod_usertrack.so
-LoadModule setenvif_module modules/mod_setenvif.so
-LoadModule mime_module modules/mod_mime.so
-LoadModule dav_module modules/mod_dav.so
-LoadModule status_module modules/mod_status.so
-LoadModule autoindex_module modules/mod_autoindex.so
-LoadModule info_module modules/mod_info.so
-LoadModule dav_fs_module modules/mod_dav_fs.so
-LoadModule vhost_alias_module modules/mod_vhost_alias.so
-LoadModule negotiation_module modules/mod_negotiation.so
-LoadModule dir_module modules/mod_dir.so
-LoadModule actions_module modules/mod_actions.so
-LoadModule speling_module modules/mod_speling.so
-LoadModule userdir_module modules/mod_userdir.so
-LoadModule alias_module modules/mod_alias.so
-LoadModule substitute_module modules/mod_substitute.so
-LoadModule rewrite_module modules/mod_rewrite.so
-LoadModule proxy_module modules/mod_proxy.so
-LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
-LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
-LoadModule proxy_http_module modules/mod_proxy_http.so
-LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
-LoadModule proxy_connect_module modules/mod_proxy_connect.so
-LoadModule cache_module modules/mod_cache.so
-LoadModule suexec_module modules/mod_suexec.so
-LoadModule disk_cache_module modules/mod_disk_cache.so
-LoadModule cgi_module modules/mod_cgi.so
-LoadModule version_module modules/mod_version.so
-
-#
-# The following modules are not loaded by default:
-#
-#LoadModule asis_module modules/mod_asis.so
-#LoadModule authn_dbd_module modules/mod_authn_dbd.so
-#LoadModule cern_meta_module modules/mod_cern_meta.so
-#LoadModule cgid_module modules/mod_cgid.so
-#LoadModule dbd_module modules/mod_dbd.so
-#LoadModule dumpio_module modules/mod_dumpio.so
-#LoadModule filter_module modules/mod_filter.so
-#LoadModule ident_module modules/mod_ident.so
-#LoadModule log_forensic_module modules/mod_log_forensic.so
-#LoadModule unique_id_module modules/mod_unique_id.so
-#
-
-#
-# Load config files from the config directory "/etc/httpd/conf.d".
-#
-Include conf.d/*.conf
-
-#
-# ExtendedStatus controls whether Apache will generate "full" status
-# information (ExtendedStatus On) or just basic information (ExtendedStatus
-# Off) when the "server-status" handler is called. The default is Off.
-#
-#ExtendedStatus On
-
-#
-# If you wish httpd to run as a different user or group, you must run
-# httpd as root initially and it will switch.
-#
-# User/Group: The name (or #number) of the user/group to run httpd as.
-# . On SCO (ODT 3) use "User nouser" and "Group nogroup".
-# . On HPUX you may not be able to use shared memory as nobody, and the
-# suggested workaround is to create a user www and use that user.
-# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
-# when the value of (unsigned)Group is above 60000;
-# don't use Group #-1 on these systems!
-#
+#<IfModule unixd_module>
User apache
Group apache
+#</IfModule>
-### Section 2: 'Main' server configuration
-#
-# The directives in this section set up the values used by the 'main'
-# server, which responds to any requests that aren't handled by a
-# <VirtualHost> definition. These values also provide defaults for
-# any <VirtualHost> containers you may define later in the file.
-#
-# All of these directives may appear inside <VirtualHost> containers,
-# in which case these default settings will be overridden for the
-# virtual host being defined.
-#
#
-# ServerAdmin: Your address, where problems with the server should be
-# e-mailed. This address appears on some server-generated pages, such
-# as error documents. e.g. admin@your-domain.com
-#
-ServerAdmin root@localhost
-
-#
-# ServerName gives the name and port that the server uses to identify itself.
-# This can often be determined automatically, but we recommend you specify
-# it explicitly to prevent problems during startup.
-#
-# If this is not set to valid DNS name for your host, server-generated
-# redirections will not work. See also the UseCanonicalName directive.
-#
-# If your host doesn't have a registered DNS name, enter its IP address here.
-# You will have to access it by its address anyway, and this will make
-# redirections work in a sensible way.
-#
-#ServerName www.example.com:80
-
-#
-# UseCanonicalName: Determines how Apache constructs self-referencing
-# URLs and the SERVER_NAME and SERVER_PORT variables.
-# When set "Off", Apache will use the Hostname and Port supplied
-# by the client. When set "On", Apache will use the value of the
-# ServerName directive.
-#
-UseCanonicalName Off
-
-#
-# DocumentRoot: The directory out of which you will serve your
-# documents. By default, all requests are taken from this directory, but
-# symbolic links and aliases may be used to point to other locations.
-#
-DocumentRoot "/var/www/html"
-
-#
-# Each directory to which Apache has access can be configured with respect
-# to which services and features are allowed and/or disabled in that
-# directory (and its subdirectories).
-#
-# First, we configure the "default" to be a very restrictive set of
-# features.
-#
-<Directory />
- Options FollowSymLinks
- AllowOverride None
-</Directory>
-
-#
-# Note that from this point forward you must specifically allow
-# particular features to be enabled - so if something's not working as
-# you might expect, make sure that you have specifically enabled it
-# below.
-#
-
-#
-# This should be changed to whatever you set DocumentRoot to.
-#
-<Directory "/var/www/html">
-
-#
-# Possible values for the Options directive are "None", "All",
-# or any combination of:
-# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
-#
-# Note that "MultiViews" must be named *explicitly* --- "Options All"
-# doesn't give it to you.
-#
-# The Options directive is both complicated and important. Please see
-# http://httpd.apache.org/docs/2.2/mod/core.html#options
-# for more information.
-#
- Options Indexes FollowSymLinks
-
-#
-# AllowOverride controls what directives may be placed in .htaccess files.
-# It can be "All", "None", or any combination of the keywords:
-# Options FileInfo AuthConfig Limit
-#
- AllowOverride None
-
-#
-# Controls who can get stuff from this server.
-#
- Order allow,deny
- Allow from all
-
-</Directory>
-
-#
-# UserDir: The name of the directory that is appended onto a user's home
-# directory if a ~user request is received.
-#
-# The path to the end user account 'public_html' directory must be
-# accessible to the webserver userid. This usually means that ~userid
-# must have permissions of 711, ~userid/public_html must have permissions
-# of 755, and documents contained therein must be world-readable.
-# Otherwise, the client will only receive a "403 Forbidden" message.
-#
-# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
-#
-<IfModule mod_userdir.c>
- #
- # UserDir is disabled by default since it can confirm the presence
- # of a username on the system (depending on home directory
- # permissions).
- #
- UserDir disabled
-
- #
- # To enable requests to /~user/ to serve the user's public_html
- # directory, remove the "UserDir disabled" line above, and uncomment
- # the following line instead:
- #
- #UserDir public_html
-
-</IfModule>
-
-#
-# Control access to UserDir directories. The following is an example
-# for a site where these directories are restricted to read-only.
-#
-#<Directory /home/*/public_html>
-# AllowOverride FileInfo AuthConfig Limit
-# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
-# <Limit GET POST OPTIONS>
-# Order allow,deny
-# Allow from all
-# </Limit>
-# <LimitExcept GET POST OPTIONS>
-# Order deny,allow
-# Deny from all
-# </LimitExcept>
-#</Directory>
-
-#
-# DirectoryIndex: sets the file that Apache will serve if a directory
-# is requested.
-#
-# The index.html.var file (a type-map) is used to deliver content-
-# negotiated documents. The MultiViews Option can be used for the
-# same purpose, but it is much slower.
-#
-DirectoryIndex index.html index.html.var
-
-#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
+
AccessFileName .htaccess
#
-# The following lines prevent .htaccess and .htpasswd files from being
-# viewed by Web clients.
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
- Satisfy All
</Files>
#
-# TypesConfig describes where the mime.types file (or equivalent) is
-# to be found.
-#
-TypesConfig /etc/mime.types
-
-#
# DefaultType is the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
@@ -436,16 +75,6 @@
DefaultType text/plain
#
-# The mod_mime_magic module allows the server to use various hints from the
-# contents of the file itself to determine its type. The MIMEMagicFile
-# directive tells the module where the hint definitions are located.
-#
-<IfModule mod_mime_magic.c>
-# MIMEMagicFile /usr/share/magic.mime
- MIMEMagicFile conf/magic
-</IfModule>
-
-#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
@@ -455,33 +84,13 @@
#
HostnameLookups Off
-#
-# EnableMMAP: Control whether memory-mapping is used to deliver
-# files (assuming that the underlying OS supports it).
-# The default is on; turn this off if you serve from NFS-mounted
-# filesystems. On some systems, turning it off (regardless of
-# filesystem) can improve performance; for details, please see
-# http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap
-#
-#EnableMMAP off
-
-#
-# EnableSendfile: Control whether the sendfile kernel support is
-# used to deliver files (assuming that the OS supports it).
-# The default is on; turn this off if you serve from NFS-mounted
-# filesystems. Please see
-# http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile
-#
-#EnableSendfile off
-
-#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
-ErrorLog logs/error_log
+ErrorLog /var/log/httpd/error.log
#
# LogLevel: Control the number of messages logged to the error_log.
@@ -490,341 +99,27 @@
#
LogLevel warn
+# COOK-1021: Dummy LoadModule directive to aid module installations
+#LoadModule dummy_module modules/mod_dummy.so
+
+# Include module configuration:
+Include /etc/httpd/mods-enabled/*.load
+Include /etc/httpd/mods-enabled/*.conf
+
+
+# Include ports listing
+Include /etc/httpd/ports.conf
+
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
-
-# "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this
-# requires the mod_logio module to be loaded.
-#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
-
#
-# The location and format of the access logfile (Common Logfile Format).
-# If you do not define any access logfiles within a <VirtualHost>
-# container, they will be logged here. Contrariwise, if you *do*
-# define per-<VirtualHost> access logfiles, transactions will be
-# logged therein and *not* in this file.
-#
-#CustomLog logs/access_log common
-
-#
-# If you would like to have separate agent and referer logfiles, uncomment
-# the following directives.
-#
-#CustomLog logs/referer_log referer
-#CustomLog logs/agent_log agent
-
-#
-# For a single logfile with access, agent, and referer information
-# (Combined Logfile Format), use the following directive:
-#
-CustomLog logs/access_log combined
-
-#
-# Optionally add a line containing the server version and virtual host
-# name to server-generated pages (internal error documents, FTP directory
-# listings, mod_status and mod_info output etc., but not CGI generated
-# documents or custom error documents).
-# Set to "EMail" to also include a mailto: link to the ServerAdmin.
-# Set to one of: On | Off | EMail
-#
-ServerSignature On
-
-#
-# Aliases: Add here as many aliases as you need (with no limit). The format is
-# Alias fakename realname
-#
-# Note that if you include a trailing / on fakename then the server will
-# require it to be present in the URL. So "/icons" isn't aliased in this
-# example, only "/icons/". If the fakename is slash-terminated, then the
-# realname must also be slash terminated, and if the fakename omits the
-# trailing slash, the realname must also omit it.
-#
-# We include the /icons/ alias for FancyIndexed directory listings. If you
-# do not use FancyIndexing, you may comment this out.
-#
-Alias /icons/ "/var/www/icons/"
-
-<Directory "/var/www/icons">
- Options Indexes MultiViews FollowSymLinks
- AllowOverride None
- Order allow,deny
- Allow from all
-</Directory>
-
-#
-# WebDAV module configuration section.
-#
-<IfModule mod_dav_fs.c>
- # Location of the WebDAV lock database.
- DAVLockDB /var/lib/dav/lockdb
-</IfModule>
-
-#
-# ScriptAlias: This controls which directories contain server scripts.
-# ScriptAliases are essentially the same as Aliases, except that
-# documents in the realname directory are treated as applications and
-# run by the server when requested rather than as documents sent to the client.
-# The same rules about trailing "/" apply to ScriptAlias directives as to
-# Alias.
-#
-ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
-
-#
-# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
-# CGI directory exists, if you have that configured.
-#
-<Directory "/var/www/cgi-bin">
- AllowOverride None
- Options None
- Order allow,deny
- Allow from all
-</Directory>
-
-#
-# Redirect allows you to tell clients about documents which used to exist in
-# your server's namespace, but do not anymore. This allows you to tell the
-# clients where to look for the relocated document.
-# Example:
-# Redirect permanent /foo http://www.example.com/bar
-
-#
-# Directives controlling the display of server-generated directory listings.
-#
-
-#
-# IndexOptions: Controls the appearance of server-generated directory
-# listings.
-#
-IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8
-
-#
-# AddIcon* directives tell the server which icon to show for different
-# files or filename extensions. These are only displayed for
-# FancyIndexed directories.
-#
-AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
-
-AddIconByType (TXT,/icons/text.gif) text/*
-AddIconByType (IMG,/icons/image2.gif) image/*
-AddIconByType (SND,/icons/sound2.gif) audio/*
-AddIconByType (VID,/icons/movie.gif) video/*
-
-AddIcon /icons/binary.gif .bin .exe
-AddIcon /icons/binhex.gif .hqx
-AddIcon /icons/tar.gif .tar
-AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
-AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
-AddIcon /icons/a.gif .ps .ai .eps
-AddIcon /icons/layout.gif .html .shtml .htm .pdf
-AddIcon /icons/text.gif .txt
-AddIcon /icons/c.gif .c
-AddIcon /icons/p.gif .pl .py
-AddIcon /icons/f.gif .for
-AddIcon /icons/dvi.gif .dvi
-AddIcon /icons/uuencoded.gif .uu
-AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
-AddIcon /icons/tex.gif .tex
-AddIcon /icons/bomb.gif /core
-
-AddIcon /icons/back.gif ..
-AddIcon /icons/hand.right.gif README
-AddIcon /icons/folder.gif ^^DIRECTORY^^
-AddIcon /icons/blank.gif ^^BLANKICON^^
-
-#
-# DefaultIcon is which icon to show for files which do not have an icon
-# explicitly set.
-#
-DefaultIcon /icons/unknown.gif
-
-#
-# AddDescription allows you to place a short description after a file in
-# server-generated indexes. These are only displayed for FancyIndexed
-# directories.
-# Format: AddDescription "description" filename
-#
-#AddDescription "GZIP compressed document" .gz
-#AddDescription "tar archive" .tar
-#AddDescription "GZIP compressed tar archive" .tgz
-
-#
-# ReadmeName is the name of the README file the server will look for by
-# default, and append to directory listings.
-#
-# HeaderName is the name of a file which should be prepended to
-# directory indexes.
-ReadmeName README.html
-HeaderName HEADER.html
-
-#
-# IndexIgnore is a set of filenames which directory indexing should ignore
-# and not include in the listing. Shell-style wildcarding is permitted.
-#
-IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
-
-#
-# DefaultLanguage and AddLanguage allows you to specify the language of
-# a document. You can then use content negotiation to give a browser a
-# file in a language the user can understand.
-#
-# Specify a default language. This means that all data
-# going out without a specific language tag (see below) will
-# be marked with this one. You probably do NOT want to set
-# this unless you are sure it is correct for all cases.
-#
-# * It is generally better to not mark a page as
-# * being a certain language than marking it with the wrong
-# * language!
-#
-# DefaultLanguage nl
-#
-# Note 1: The suffix does not have to be the same as the language
-# keyword --- those with documents in Polish (whose net-standard
-# language code is pl) may wish to use "AddLanguage pl .po" to
-# avoid the ambiguity with the common suffix for perl scripts.
-#
-# Note 2: The example entries below illustrate that in some cases
-# the two character 'Language' abbreviation is not identical to
-# the two character 'Country' code for its country,
-# E.g. 'Danmark/dk' versus 'Danish/da'.
-#
-# Note 3: In the case of 'ltz' we violate the RFC by using a three char
-# specifier. There is 'work in progress' to fix this and get
-# the reference data for rfc1766 cleaned up.
-#
-# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
-# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
-# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
-# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
-# Norwegian (no) - Polish (pl) - Portugese (pt)
-# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
-# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
-#
-AddLanguage ca .ca
-AddLanguage cs .cz .cs
-AddLanguage da .dk
-AddLanguage de .de
-AddLanguage el .el
-AddLanguage en .en
-AddLanguage eo .eo
-AddLanguage es .es
-AddLanguage et .et
-AddLanguage fr .fr
-AddLanguage he .he
-AddLanguage hr .hr
-AddLanguage it .it
-AddLanguage ja .ja
-AddLanguage ko .ko
-AddLanguage ltz .ltz
-AddLanguage nl .nl
-AddLanguage nn .nn
-AddLanguage no .no
-AddLanguage pl .po
-AddLanguage pt .pt
-AddLanguage pt-BR .pt-br
-AddLanguage ru .ru
-AddLanguage sv .sv
-AddLanguage zh-CN .zh-cn
-AddLanguage zh-TW .zh-tw
-
-#
-# LanguagePriority allows you to give precedence to some languages
-# in case of a tie during content negotiation.
-#
-# Just list the languages in decreasing order of preference. We have
-# more or less alphabetized them here. You probably want to change this.
-#
-LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
-
-#
-# ForceLanguagePriority allows you to serve a result page rather than
-# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
-# [in case no accepted languages matched the available variants]
-#
-ForceLanguagePriority Prefer Fallback
-
-#
-# Specify a default charset for all content served; this enables
-# interpretation of all content as UTF-8 by default. To use the
-# default browser choice (ISO-8859-1), or to allow the META tags
-# in HTML content to override this choice, comment out this
-# directive:
-#
-AddDefaultCharset UTF-8
-
-#
-# AddType allows you to add to or override the MIME configuration
-# file mime.types for specific file types.
-#
-#AddType application/x-tar .tgz
-
-#
-# AddEncoding allows you to have certain browsers uncompress
-# information on the fly. Note: Not all browsers support this.
-# Despite the name similarity, the following Add* directives have nothing
-# to do with the FancyIndexing customization directives above.
-#
-#AddEncoding x-compress .Z
-#AddEncoding x-gzip .gz .tgz
-
-# If the AddEncoding directives above are commented-out, then you
-# probably should define those extensions to indicate media types:
-#
-AddType application/x-compress .Z
-AddType application/x-gzip .gz .tgz
-
-#
-# MIME-types for downloading Certificates and CRLs
-#
-AddType application/x-x509-ca-cert .crt
-AddType application/x-pkcs7-crl .crl
-
-#
-# AddHandler allows you to map certain file extensions to "handlers":
-# actions unrelated to filetype. These can be either built into the server
-# or added with the Action directive (see below)
-#
-# To use CGI scripts outside of ScriptAliased directories:
-# (You will also need to add "ExecCGI" to the "Options" directive.)
-#
-#AddHandler cgi-script .cgi
-
-#
-# For files that include their own HTTP headers:
-#
-#AddHandler send-as-is asis
-
-#
-# For type maps (negotiated resources):
-# (This is enabled by default to allow the Apache "It Worked" page
-# to be distributed in multiple languages.)
-#
-AddHandler type-map var
-
-#
-# Filters allow you to process content before it is sent to the client.
-#
-# To parse .shtml files for server-side includes (SSI):
-# (You will also need to add "Includes" to the "Options" directive.)
-#
-AddType text/html .shtml
-AddOutputFilter INCLUDES .shtml
-
-#
-# Action lets you define media types that will execute a script whenever
-# a matching file is called. This eliminates the need for repeated URL
-# pathnames for oft-used CGI file processors.
-# Format: Action media/type /cgi-script/location
-# Format: Action handler-name /cgi-script/location
-#
-
-#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
@@ -839,7 +134,7 @@
# Putting this all together, we can internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
-# our collection of by-error message multi-language collections. We use
+# our collection of by-error message multi-language collections. We use
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
@@ -848,25 +143,27 @@
# Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
-# /var/www/error/include/ files and
-# copying them to /your/include/path/, even on a per-VirtualHost basis.
+# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
+# even on a per-VirtualHost basis. The default include files will display
+# your Apache version number and your ServerAdmin email address regardless
+# of the setting of ServerSignature.
#
+# The internationalized error documents require mod_alias, mod_include
+# and mod_negotiation. To activate them, uncomment the following 30 lines.
-Alias /error/ "/var/www/error/"
-
-<IfModule mod_negotiation.c>
-<IfModule mod_include.c>
- <Directory "/var/www/error">
- AllowOverride None
- Options IncludesNoExec
- AddOutputFilter Includes html
- AddHandler type-map var
- Order allow,deny
- Allow from all
- LanguagePriority en es de fr
- ForceLanguagePriority Prefer Fallback
- </Directory>
-
+# Alias /error/ "/usr/share/apache2/error/"
+#
+# <Directory "/usr/share/apache2/error">
+# AllowOverride None
+# Options IncludesNoExec
+# AddOutputFilter Includes html
+# AddHandler type-map var
+# Order allow,deny
+# Allow from all
+# LanguagePriority en cs de es fr it nl sv pt-br ro
+# ForceLanguagePriority Prefer Fallback
+# </Directory>
+#
# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
@@ -885,126 +182,9 @@
# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
-</IfModule>
-</IfModule>
+# Include generic snippets of statements
+Include /etc/httpd/conf-enabled/*.conf
-#
-# The following directives modify normal HTTP response behavior to
-# handle known problems with browser implementations.
-#
-BrowserMatch "Mozilla/2" nokeepalive
-BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
-BrowserMatch "RealPlayer 4\.0" force-response-1.0
-BrowserMatch "Java/1\.0" force-response-1.0
-BrowserMatch "JDK/1\.0" force-response-1.0
-
-#
-# The following directive disables redirects on non-GET requests for
-# a directory that does not include the trailing slash. This fixes a
-# problem with Microsoft WebFolders which does not appropriately handle
-# redirects for folders with DAV methods.
-# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
-#
-BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
-BrowserMatch "MS FrontPage" redirect-carefully
-BrowserMatch "^WebDrive" redirect-carefully
-BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
-BrowserMatch "^gnome-vfs/1.0" redirect-carefully
-BrowserMatch "^XML Spy" redirect-carefully
-BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
-
-#
-# Allow server status reports generated by mod_status,
-# with the URL of http://servername/server-status
-# Change the ".example.com" to match your domain to enable.
-#
-#<Location /server-status>
-# SetHandler server-status
-# Order deny,allow
-# Deny from all
-# Allow from .example.com
-#</Location>
-
-#
-# Allow remote server configuration reports, with the URL of
-# http://servername/server-info (requires that mod_info.c be loaded).
-# Change the ".example.com" to match your domain to enable.
-#
-#<Location /server-info>
-# SetHandler server-info
-# Order deny,allow
-# Deny from all
-# Allow from .example.com
-#</Location>
-
-#
-# Proxy Server directives. Uncomment the following lines to
-# enable the proxy server:
-#
-#<IfModule mod_proxy.c>
-#ProxyRequests On
-#
-#<Proxy *>
-# Order deny,allow
-# Deny from all
-# Allow from .example.com
-#</Proxy>
-
-#
-# Enable/disable the handling of HTTP/1.1 "Via:" headers.
-# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
-# Set to one of: Off | On | Full | Block
-#
-#ProxyVia On
-
-#
-# To enable a cache of proxied content, uncomment the following lines.
-# See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details.
-#
-#<IfModule mod_disk_cache.c>
-# CacheEnable disk /
-# CacheRoot "/var/cache/mod_proxy"
-#</IfModule>
-#
-
-#</IfModule>
-# End of proxy directives.
-
-### Section 3: Virtual Hosts
-#
-# VirtualHost: If you want to maintain multiple domains/hostnames on your
-# machine you can setup VirtualHost containers for them. Most configurations
-# use only name-based virtual hosts so the server doesn't need to worry about
-# IP addresses. This is indicated by the asterisks in the directives below.
-#
-# Please see the documentation at
-# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
-# for further details before you try to setup virtual hosts.
-#
-# You may use the command line option '-S' to verify your virtual host
-# configuration.
-
-#
-# Use name-based virtual hosting.
-#
-#NameVirtualHost *:80
-#
-# NOTE: NameVirtualHost cannot be used without a port specifier
-# (e.g. :80) if mod_ssl is being used, due to the nature of the
-# SSL protocol.
-#
-
-#
-# VirtualHost example:
-# Almost any Apache directive may go into a VirtualHost container.
-# The first VirtualHost section is used for requests without a known
-# server name.
-#
-#<VirtualHost *:80>
-# ServerAdmin webmaster@dummy-host.example.com
-# DocumentRoot /www/docs/dummy-host.example.com
-# ServerName dummy-host.example.com
-# ErrorLog logs/dummy-host.example.com-error_log
-# CustomLog logs/dummy-host.example.com-access_log common
-#</VirtualHost>
+# Include the virtual host configurations:
+Include /etc/httpd/sites-enabled/*.conf
- restore selinux security context
* file[/etc/httpd/conf-available/security] action delete (up to date)
* template[/etc/httpd/conf-available/security.conf] action create
- create new file /etc/httpd/conf-available/security.conf
- update content in file /etc/httpd/conf-available/security.conf from none to b8213b
--- /etc/httpd/conf-available/security.conf 2017-01-26 20:38:59.671282503 +0000
+++ /etc/httpd/conf-available/.chef-security20170126-2882-bhmnmz.conf 2017-01-26 20:38:59.671282503 +0000
@@ -1 +1,33 @@
+# Changing the following options will not really affect the security of the
+# server, but might make attacks slightly more difficult in some cases.
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of: Full | OS | Minimal | Minor | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#
+ServerTokens Prod
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of: On | Off | EMail
+#
+ServerSignature On
+
+#
+# Allow TRACE method
+#
+# Set to "extended" to also reflect the request body (only for testing and
+# diagnostic purposes).
+#
+# Set to one of: On | Off | extended
+#
+TraceEnable Off
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* execute[a2enconf security.conf] action run
- execute /usr/sbin/a2enconf security.conf
* file[/etc/httpd/conf-available/charset] action delete (up to date)
* template[/etc/httpd/conf-available/charset.conf] action create
- create new file /etc/httpd/conf-available/charset.conf
- update content in file /etc/httpd/conf-available/charset.conf from none to 543c6c
--- /etc/httpd/conf-available/charset.conf 2017-01-26 20:38:59.996445000 +0000
+++ /etc/httpd/conf-available/.chef-charset20170126-2882-1reupjl.conf 2017-01-26 20:38:59.996445000 +0000
@@ -1 +1,7 @@
+# Read the documentation before enabling AddDefaultCharset.
+# In general, it is only a good idea if you know that all your files
+# have this encoding. It will override any encoding given in the files
+# in meta http-equiv or xml encoding tags.
+
+#AddDefaultCharset UTF-8
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* execute[a2enconf charset.conf] action run
- execute /usr/sbin/a2enconf charset.conf
* file[/etc/httpd/ports] action delete (up to date)
* template[/etc/httpd/ports.conf] action create
- create new file /etc/httpd/ports.conf
- update content in file /etc/httpd/ports.conf from none to fd14c8
--- /etc/httpd/ports.conf 2017-01-26 20:39:00.253573500 +0000
+++ /etc/httpd/.chef-ports20170126-2882-1xg0jhj.conf 2017-01-26 20:39:00.250572002 +0000
@@ -1 +1,5 @@
+# This file was generated by Chef for better-chef-rundeck-centos-68.
+# Do NOT modify this file by hand!
+
+Listen *:80
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
Recipe: apache2::mod_status
* template[/etc/httpd/mods-available/status.conf] action create
- create new file /etc/httpd/mods-available/status.conf
- update content in file /etc/httpd/mods-available/status.conf from none to 7736cd
--- /etc/httpd/mods-available/status.conf 2017-01-26 20:39:00.525709501 +0000
+++ /etc/httpd/mods-available/.chef-status20170126-2882-3olqjc.conf 2017-01-26 20:39:00.525709501 +0000
@@ -1 +1,23 @@
+<IfModule mod_status.c>
+ #
+ # Allow server status reports generated by mod_status,
+ # with the URL of http://servername/server-status
+ # Uncomment and change the ".example.com" to allow
+ # access from other hosts.
+ #
+ <Location /server-status>
+ SetHandler server-status
+ Order deny,allow
+ Deny from all
+ Allow from 127.0.0.1 ::1
+ </Location>
+
+ #
+ # ExtendedStatus controls whether Apache will generate "full" status
+ # information (ExtendedStatus On) or just basic information (ExtendedStatus
+ # Off) when the "server-status" handler is called. The default is Off.
+ #
+ ExtendedStatus Off
+
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/status.load] action create
- create new file /etc/httpd/mods-available/status.load
- update content in file /etc/httpd/mods-available/status.load from none to 4fdc51
--- /etc/httpd/mods-available/status.load 2017-01-26 20:39:00.752823000 +0000
+++ /etc/httpd/mods-available/.chef-status20170126-2882-18ldbod.load 2017-01-26 20:39:00.752823000 +0000
@@ -1 +1,2 @@
+LoadModule status_module /usr/lib64/httpd/modules/mod_status.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod status] action run
- execute /usr/sbin/a2enmod status
Recipe: apache2::mod_alias
* template[/etc/httpd/mods-available/alias.conf] action create
- create new file /etc/httpd/mods-available/alias.conf
- update content in file /etc/httpd/mods-available/alias.conf from none to c16439
--- /etc/httpd/mods-available/alias.conf 2017-01-26 20:39:01.068981003 +0000
+++ /etc/httpd/mods-available/.chef-alias20170126-2882-ne0o8t.conf 2017-01-26 20:39:01.068981003 +0000
@@ -1 +1,24 @@
+<IfModule alias_module>
+ #
+ # Aliases: Add here as many aliases as you need (with no limit). The format is
+ # Alias fakename realname
+ #
+ # Note that if you include a trailing / on fakename then the server will
+ # require it to be present in the URL. So "/icons" isn't aliased in this
+ # example, only "/icons/". If the fakename is slash-terminated, then the
+ # realname must also be slash terminated, and if the fakename omits the
+ # trailing slash, the realname must also omit it.
+ #
+ # We include the /icons/ alias for FancyIndexed directory listings. If
+ # you do not use FancyIndexing, you may comment this out.
+ #
+ Alias /icons/ "/var/www/icons/"
+
+ <Directory "/var/www/icons">
+ Options Indexes MultiViews
+ AllowOverride None
+ Order allow,deny
+ Allow from all
+ </Directory>
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/alias.load] action create
- create new file /etc/httpd/mods-available/alias.load
- update content in file /etc/httpd/mods-available/alias.load from none to aceb16
--- /etc/httpd/mods-available/alias.load 2017-01-26 20:39:01.297095001 +0000
+++ /etc/httpd/mods-available/.chef-alias20170126-2882-18wihic.load 2017-01-26 20:39:01.297095001 +0000
@@ -1 +1,2 @@
+LoadModule alias_module /usr/lib64/httpd/modules/mod_alias.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod alias] action run
- execute /usr/sbin/a2enmod alias
Recipe: apache2::mod_auth_basic
* file[/etc/httpd/mods-available/auth_basic.load] action create
- create new file /etc/httpd/mods-available/auth_basic.load
- update content in file /etc/httpd/mods-available/auth_basic.load from none to 053e14
--- /etc/httpd/mods-available/auth_basic.load 2017-01-26 20:39:01.716304501 +0000
+++ /etc/httpd/mods-available/.chef-auth_basic20170126-2882-hj9rvp.load 2017-01-26 20:39:01.714303501 +0000
@@ -1 +1,2 @@
+LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod auth_basic] action run
- execute /usr/sbin/a2enmod auth_basic
Recipe: apache2::mod_authn_file
* file[/etc/httpd/mods-available/authn_file.load] action create
- create new file /etc/httpd/mods-available/authn_file.load
- update content in file /etc/httpd/mods-available/authn_file.load from none to d22bea
--- /etc/httpd/mods-available/authn_file.load 2017-01-26 20:39:02.001447000 +0000
+++ /etc/httpd/mods-available/.chef-authn_file20170126-2882-1kzyhuz.load 2017-01-26 20:39:02.001447000 +0000
@@ -1 +1,2 @@
+LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod authn_file] action run
- execute /usr/sbin/a2enmod authn_file
Recipe: apache2::mod_authz_core
* file[/etc/httpd/mods-available/authz_default.load] action create
- create new file /etc/httpd/mods-available/authz_default.load
- update content in file /etc/httpd/mods-available/authz_default.load from none to 66efa5
--- /etc/httpd/mods-available/authz_default.load 2017-01-26 20:39:02.294593501 +0000
+++ /etc/httpd/mods-available/.chef-authz_default20170126-2882-sqknj6.load 2017-01-26 20:39:02.294593501 +0000
@@ -1 +1,2 @@
+LoadModule authz_default_module /usr/lib64/httpd/modules/mod_authz_default.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod authz_default] action run
- execute /usr/sbin/a2enmod authz_default
Recipe: apache2::mod_authz_groupfile
* file[/etc/httpd/mods-available/authz_groupfile.load] action create
- create new file /etc/httpd/mods-available/authz_groupfile.load
- update content in file /etc/httpd/mods-available/authz_groupfile.load from none to 4f60ac
--- /etc/httpd/mods-available/authz_groupfile.load 2017-01-26 20:39:02.617755002 +0000
+++ /etc/httpd/mods-available/.chef-authz_groupfile20170126-2882-3ie3is.load 2017-01-26 20:39:02.617755002 +0000
@@ -1 +1,2 @@
+LoadModule authz_groupfile_module /usr/lib64/httpd/modules/mod_authz_groupfile.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod authz_groupfile] action run
- execute /usr/sbin/a2enmod authz_groupfile
Recipe: apache2::mod_authz_host
* file[/etc/httpd/mods-available/authz_host.load] action create
- create new file /etc/httpd/mods-available/authz_host.load
- update content in file /etc/httpd/mods-available/authz_host.load from none to bb59ea
--- /etc/httpd/mods-available/authz_host.load 2017-01-26 20:39:02.887890003 +0000
+++ /etc/httpd/mods-available/.chef-authz_host20170126-2882-yhu5gp.load 2017-01-26 20:39:02.887890003 +0000
@@ -1 +1,2 @@
+LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod authz_host] action run
- execute /usr/sbin/a2enmod authz_host
Recipe: apache2::mod_authz_user
* file[/etc/httpd/mods-available/authz_user.load] action create
- create new file /etc/httpd/mods-available/authz_user.load
- update content in file /etc/httpd/mods-available/authz_user.load from none to a4603f
--- /etc/httpd/mods-available/authz_user.load 2017-01-26 20:39:03.238065007 +0000
+++ /etc/httpd/mods-available/.chef-authz_user20170126-2882-qi9nhq.load 2017-01-26 20:39:03.237064512 +0000
@@ -1 +1,2 @@
+LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod authz_user] action run
- execute /usr/sbin/a2enmod authz_user
Recipe: apache2::mod_autoindex
* template[/etc/httpd/mods-available/autoindex.conf] action create
- create new file /etc/httpd/mods-available/autoindex.conf
- update content in file /etc/httpd/mods-available/autoindex.conf from none to 8e7e44
--- /etc/httpd/mods-available/autoindex.conf 2017-01-26 20:39:03.571231501 +0000
+++ /etc/httpd/mods-available/.chef-autoindex20170126-2882-c0cez0.conf 2017-01-26 20:39:03.571231501 +0000
@@ -1 +1,101 @@
+<IfModule mod_autoindex.c>
+ #
+ # Directives controlling the display of server-generated directory listings.
+ #
+
+ #
+ # IndexOptions: Controls the appearance of server-generated directory
+ # listings.
+ # Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames.
+ #
+ IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
+
+ #
+ # AddIcon* directives tell the server which icon to show for different
+ # files or filename extensions. These are only displayed for
+ # FancyIndexed directories.
+ #
+ AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2
+
+ AddIconByType (TXT,/icons/text.gif) text/*
+ AddIconByType (IMG,/icons/image2.gif) image/*
+ AddIconByType (SND,/icons/sound2.gif) audio/*
+ AddIconByType (VID,/icons/movie.gif) video/*
+
+ AddIcon /icons/binary.gif .bin .exe
+ AddIcon /icons/binhex.gif .hqx
+ AddIcon /icons/tar.gif .tar
+ AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+ AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+ AddIcon /icons/a.gif .ps .ai .eps
+ AddIcon /icons/layout.gif .html .shtml .htm .pdf
+ AddIcon /icons/text.gif .txt
+ AddIcon /icons/c.gif .c
+ AddIcon /icons/p.gif .pl .py
+ AddIcon /icons/f.gif .for
+ AddIcon /icons/dvi.gif .dvi
+ AddIcon /icons/uuencoded.gif .uu
+ AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+ AddIcon /icons/tex.gif .tex
+ # It's a suffix rule, so simply matching "core" matches "score" as well !
+ AddIcon /icons/bomb.gif /core
+ AddIcon (SND,/icons/sound2.gif) .ogg
+ AddIcon (VID,/icons/movie.gif) .ogm
+
+ AddIcon /icons/back.gif ..
+ AddIcon /icons/hand.right.gif README
+ AddIcon /icons/folder.gif ^^DIRECTORY^^
+ AddIcon /icons/blank.gif ^^BLANKICON^^
+
+ # Default icons for OpenDocument format
+ AddIcon /icons/odf6odt-20x22.png .odt
+ AddIcon /icons/odf6ods-20x22.png .ods
+ AddIcon /icons/odf6odp-20x22.png .odp
+ AddIcon /icons/odf6odg-20x22.png .odg
+ AddIcon /icons/odf6odc-20x22.png .odc
+ AddIcon /icons/odf6odf-20x22.png .odf
+ AddIcon /icons/odf6odb-20x22.png .odb
+ AddIcon /icons/odf6odi-20x22.png .odi
+ AddIcon /icons/odf6odm-20x22.png .odm
+
+ AddIcon /icons/odf6ott-20x22.png .ott
+ AddIcon /icons/odf6ots-20x22.png .ots
+ AddIcon /icons/odf6otp-20x22.png .otp
+ AddIcon /icons/odf6otg-20x22.png .otg
+ AddIcon /icons/odf6otc-20x22.png .otc
+ AddIcon /icons/odf6otf-20x22.png .otf
+ AddIcon /icons/odf6oti-20x22.png .oti
+ AddIcon /icons/odf6oth-20x22.png .oth
+
+ #
+ # DefaultIcon is which icon to show for files which do not have an icon
+ # explicitly set.
+ #
+ DefaultIcon /icons/unknown.gif
+
+ #
+ # AddDescription allows you to place a short description after a file in
+ # server-generated indexes. These are only displayed for FancyIndexed
+ # directories.
+ # Format: AddDescription "description" filename
+ #
+ #AddDescription "GZIP compressed document" .gz
+ #AddDescription "tar archive" .tar
+ #AddDescription "GZIP compressed tar archive" .tgz
+
+ #
+ # ReadmeName is the name of the README file the server will look for by
+ # default, and append to directory listings.
+ #
+ # HeaderName is the name of a file which should be prepended to
+ # directory indexes.
+ ReadmeName README.html
+ HeaderName HEADER.html
+
+ #
+ # IndexIgnore is a set of filenames which directory indexing should ignore
+ # and not include in the listing. Shell-style wildcarding is permitted.
+ #
+ IndexIgnore .??* *~ *# RCS CVS *,v *,t
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/autoindex.load] action create
- create new file /etc/httpd/mods-available/autoindex.load
- update content in file /etc/httpd/mods-available/autoindex.load from none to a4888e
--- /etc/httpd/mods-available/autoindex.load 2017-01-26 20:39:03.924408001 +0000
+++ /etc/httpd/mods-available/.chef-autoindex20170126-2882-1s0hb08.load 2017-01-26 20:39:03.923407501 +0000
@@ -1 +1,2 @@
+LoadModule autoindex_module /usr/lib64/httpd/modules/mod_autoindex.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod autoindex] action run
- execute /usr/sbin/a2enmod autoindex
Recipe: apache2::mod_deflate
* template[/etc/httpd/mods-available/deflate.conf] action create
- create new file /etc/httpd/mods-available/deflate.conf
- update content in file /etc/httpd/mods-available/deflate.conf from none to c8749f
--- /etc/httpd/mods-available/deflate.conf 2017-01-26 20:39:04.234563009 +0000
+++ /etc/httpd/mods-available/.chef-deflate20170126-2882-1779lmn.conf 2017-01-26 20:39:04.234563009 +0000
@@ -1 +1,19 @@
+<IfModule mod_deflate.c>
+ <IfModule mod_filter.c>
+ # these are known to be safe with MSIE 6
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml
+
+ # everything else may cause problems with MSIE 6
+ AddOutputFilterByType DEFLATE text/css
+ AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
+ AddOutputFilterByType DEFLATE application/rss+xml
+ AddOutputFilterByType DEFLATE application/xml
+ AddOutputFilterByType DEFLATE application/xhtml+xml
+ AddOutputFilterByType DEFLATE image/svg+xml
+ AddOutputFilterByType DEFLATE application/atom_xml
+ AddOutputFilterByType DEFLATE application/x-httpd-php
+ AddOutputFilterByType DEFLATE application/x-httpd-fastphp
+ AddOutputFilterByType DEFLATE application/x-httpd-eruby
+ </IfModule>
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/deflate.load] action create
- create new file /etc/httpd/mods-available/deflate.load
- update content in file /etc/httpd/mods-available/deflate.load from none to d20592
--- /etc/httpd/mods-available/deflate.load 2017-01-26 20:39:04.489690503 +0000
+++ /etc/httpd/mods-available/.chef-deflate20170126-2882-k67qxx.load 2017-01-26 20:39:04.489690503 +0000
@@ -1 +1,2 @@
+LoadModule deflate_module /usr/lib64/httpd/modules/mod_deflate.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod deflate] action run
- execute /usr/sbin/a2enmod deflate
Recipe: apache2::mod_dir
* template[/etc/httpd/mods-available/dir.conf] action create
- create new file /etc/httpd/mods-available/dir.conf
- update content in file /etc/httpd/mods-available/dir.conf from none to 5d2651
--- /etc/httpd/mods-available/dir.conf 2017-01-26 20:39:04.976934004 +0000
+++ /etc/httpd/mods-available/.chef-dir20170126-2882-1j97dvb.conf 2017-01-26 20:39:04.976934004 +0000
@@ -1 +1,4 @@
+<IfModule mod_dir.c>
+ DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/dir.load] action create
- create new file /etc/httpd/mods-available/dir.load
- update content in file /etc/httpd/mods-available/dir.load from none to 846d55
--- /etc/httpd/mods-available/dir.load 2017-01-26 20:39:05.203047005 +0000
+++ /etc/httpd/mods-available/.chef-dir20170126-2882-y4gkiy.load 2017-01-26 20:39:05.203047005 +0000
@@ -1 +1,2 @@
+LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod dir] action run
- execute /usr/sbin/a2enmod dir
Recipe: apache2::mod_env
* file[/etc/httpd/mods-available/env.load] action create
- create new file /etc/httpd/mods-available/env.load
- update content in file /etc/httpd/mods-available/env.load from none to bac691
--- /etc/httpd/mods-available/env.load 2017-01-26 20:39:05.478184503 +0000
+++ /etc/httpd/mods-available/.chef-env20170126-2882-sofgar.load 2017-01-26 20:39:05.478184503 +0000
@@ -1 +1,2 @@
+LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod env] action run
- execute /usr/sbin/a2enmod env
Recipe: apache2::mod_mime
* template[/etc/httpd/mods-available/mime.conf] action create
- create new file /etc/httpd/mods-available/mime.conf
- update content in file /etc/httpd/mods-available/mime.conf from none to 76e7d0
--- /etc/httpd/mods-available/mime.conf 2017-01-26 20:39:05.900395500 +0000
+++ /etc/httpd/mods-available/.chef-mime20170126-2882-1jez1gb.conf 2017-01-26 20:39:05.900395500 +0000
@@ -1 +1,193 @@
+<IfModule mod_mime.c>
+ #
+ # TypesConfig points to the file containing the list of mappings from
+ # filename extension to MIME-type.
+ #
+ TypesConfig /etc/mime.types
+
+ #
+ # AddType allows you to add to or override the MIME configuration
+ # file mime.types for specific file types.
+ #
+ #AddType application/x-gzip .tgz
+ #
+ # AddEncoding allows you to have certain browsers uncompress
+ # information on the fly. Note: Not all browsers support this.
+ # Despite the name similarity, the following Add* directives have
+ # nothing to do with the FancyIndexing customization directives above.
+ #
+ #AddEncoding x-compress .Z
+ #AddEncoding x-gzip .gz .tgz
+ #AddEncoding x-bzip2 .bz2
+ #
+ # If the AddEncoding directives above are commented-out, then you
+ # probably should define those extensions to indicate media types:
+ #
+ AddType application/x-compress .Z
+ AddType application/x-gzip .gz .tgz
+ AddType application/x-bzip2 .bz2
+
+ AddType image/svg+xml svg svgz
+ AddEncoding gzip svgz
+
+ #
+ # DefaultLanguage and AddLanguage allows you to specify the language of
+ # a document. You can then use content negotiation to give a browser a
+ # file in a language the user can understand.
+ #
+ # Specify a default language. This means that all data
+ # going out without a specific language tag (see below) will
+ # be marked with this one. You probably do NOT want to set
+ # this unless you are sure it is correct for all cases.
+ #
+ # * It is generally better to not mark a page as
+ # * being a certain language than marking it with the wrong
+ # * language!
+ #
+ # DefaultLanguage nl
+ #
+ # Note 1: The suffix does not have to be the same as the language
+ # keyword --- those with documents in Polish (whose net-standard
+ # language code is pl) may wish to use "AddLanguage pl .po" to
+ # avoid the ambiguity with the common suffix for perl scripts.
+ #
+ # Note 2: The example entries below illustrate that in some cases
+ # the two character 'Language' abbreviation is not identical to
+ # the two character 'Country' code for its country,
+ # E.g. 'Danmark/dk' versus 'Danish/da'.
+ #
+ # Note 3: In the case of 'ltz' we violate the RFC by using a three char
+ # specifier. There is 'work in progress' to fix this and get
+ # the reference data for rfc1766 cleaned up.
+ #
+ # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
+ # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
+ # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
+ # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
+ # Norwegian (no) - Polish (pl) - Portugese (pt)
+ # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
+ # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
+ #
+ AddLanguage ca .ca
+ AddLanguage cs .cz .cs
+ AddLanguage da .dk
+ AddLanguage de .de
+ AddLanguage el .el
+ AddLanguage en .en
+ AddLanguage eo .eo
+ # See README.Debian for Spanish
+ AddLanguage es .es
+ AddLanguage et .et
+ AddLanguage fr .fr
+ AddLanguage he .he
+ AddLanguage hr .hr
+ AddLanguage it .it
+ AddLanguage ja .ja
+ AddLanguage ko .ko
+ AddLanguage ltz .ltz
+ AddLanguage nl .nl
+ AddLanguage nn .nn
+ AddLanguage no .no
+ AddLanguage pl .po
+ AddLanguage pt .pt
+ AddLanguage pt-BR .pt-br
+ AddLanguage ru .ru
+ AddLanguage sv .sv
+ # See README.Debian for Turkish
+ AddLanguage tr .tr
+ AddLanguage zh-CN .zh-cn
+ AddLanguage zh-TW .zh-tw
+
+ #
+ # Commonly used filename extensions to character sets. You probably
+ # want to avoid clashes with the language extensions, unless you
+ # are good at carefully testing your setup after each change.
+ # See http://www.iana.org/assignments/character-sets for the
+ # official list of charset names and their respective RFCs.
+ #
+ AddCharset us-ascii .ascii .us-ascii
+ AddCharset ISO-8859-1 .iso8859-1 .latin1
+ AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
+ AddCharset ISO-8859-3 .iso8859-3 .latin3
+ AddCharset ISO-8859-4 .iso8859-4 .latin4
+ AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
+ AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
+ AddCharset ISO-8859-7 .iso8859-7 .grk .greek
+ AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
+ AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
+ AddCharset ISO-8859-10 .iso8859-10 .latin6
+ AddCharset ISO-8859-13 .iso8859-13
+ AddCharset ISO-8859-14 .iso8859-14 .latin8
+ AddCharset ISO-8859-15 .iso8859-15 .latin9
+ AddCharset ISO-8859-16 .iso8859-16 .latin10
+ AddCharset ISO-2022-JP .iso2022-jp .jis
+ AddCharset ISO-2022-KR .iso2022-kr .kis
+ AddCharset ISO-2022-CN .iso2022-cn .cis
+ AddCharset Big5 .Big5 .big5 .b5
+ AddCharset cn-Big5 .cn-big5
+ # For russian, more than one charset is used (depends on client, mostly):
+ AddCharset WINDOWS-1251 .cp-1251 .win-1251
+ AddCharset CP866 .cp866
+ AddCharset KOI8 .koi8
+ AddCharset KOI8-E .koi8-e
+ AddCharset KOI8-r .koi8-r .koi8-ru
+ AddCharset KOI8-U .koi8-u
+ AddCharset KOI8-ru .koi8-uk .ua
+ AddCharset ISO-10646-UCS-2 .ucs2
+ AddCharset ISO-10646-UCS-4 .ucs4
+ AddCharset UTF-7 .utf7
+ AddCharset UTF-8 .utf8
+ AddCharset UTF-16 .utf16
+ AddCharset UTF-16BE .utf16be
+ AddCharset UTF-16LE .utf16le
+ AddCharset UTF-32 .utf32
+ AddCharset UTF-32BE .utf32be
+ AddCharset UTF-32LE .utf32le
+ AddCharset euc-cn .euc-cn
+ AddCharset euc-gb .euc-gb
+ AddCharset euc-jp .euc-jp
+ AddCharset euc-kr .euc-kr
+ #Not sure how euc-tw got in - IANA doesn't list it???
+ AddCharset EUC-TW .euc-tw
+ AddCharset gb2312 .gb2312 .gb
+ AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
+ AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
+ AddCharset shift_jis .shift_jis .sjis
+
+ #
+ # AddHandler allows you to map certain file extensions to "handlers":
+ # actions unrelated to filetype. These can be either built into the server
+ # or added with the Action directive (see below)
+ #
+ # To use CGI scripts outside of ScriptAliased directories:
+ # (You will also need to add "ExecCGI" to the "Options" directive.)
+ #
+ #AddHandler cgi-script .cgi
+
+ #
+ # For files that include their own HTTP headers:
+ #
+ #AddHandler send-as-is asis
+
+ #
+ # For server-parsed imagemap files:
+ #
+ #AddHandler imap-file map
+
+ #
+ # For type maps (negotiated resources):
+ # (This is enabled by default to allow the Apache "It Worked" page
+ # to be distributed in multiple languages.)
+ #
+ AddHandler type-map var
+
+ #
+ # Filters allow you to process content before it is sent to the client.
+ #
+ # To parse .shtml files for server-side includes (SSI):
+ # (You will also need to add "Includes" to the "Options" directive.)
+ #
+ AddType text/html .shtml
+ AddOutputFilter INCLUDES .shtml
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/mime.load] action create
- create new file /etc/httpd/mods-available/mime.load
- update content in file /etc/httpd/mods-available/mime.load from none to 37c2d3
--- /etc/httpd/mods-available/mime.load 2017-01-26 20:39:06.209549998 +0000
+++ /etc/httpd/mods-available/.chef-mime20170126-2882-1gmlaer.load 2017-01-26 20:39:06.209549998 +0000
@@ -1 +1,2 @@
+LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod mime] action run
- execute /usr/sbin/a2enmod mime
Recipe: apache2::mod_negotiation
* template[/etc/httpd/mods-available/negotiation.conf] action create
- create new file /etc/httpd/mods-available/negotiation.conf
- update content in file /etc/httpd/mods-available/negotiation.conf from none to 3ad8fd
--- /etc/httpd/mods-available/negotiation.conf 2017-01-26 20:39:06.579735000 +0000
+++ /etc/httpd/mods-available/.chef-negotiation20170126-2882-13oafu6.conf 2017-01-26 20:39:06.579735000 +0000
@@ -1 +1,18 @@
+<IfModule mod_negotiation.c>
+ #
+ # LanguagePriority allows you to give precedence to some languages
+ # in case of a tie during content negotiation.
+ #
+ # Just list the languages in decreasing order of preference. We have
+ # more or less alphabetized them here. You probably want to change this.
+ #
+ LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
+
+ #
+ # ForceLanguagePriority allows you to serve a result page rather than
+ # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
+ # [in case no accepted languages matched the available variants]
+ #
+ ForceLanguagePriority Prefer Fallback
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/negotiation.load] action create
- create new file /etc/httpd/mods-available/negotiation.load
- update content in file /etc/httpd/mods-available/negotiation.load from none to 114b49
--- /etc/httpd/mods-available/negotiation.load 2017-01-26 20:39:06.803847000 +0000
+++ /etc/httpd/mods-available/.chef-negotiation20170126-2882-1bxwiyw.load 2017-01-26 20:39:06.802846500 +0000
@@ -1 +1,2 @@
+LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod negotiation] action run
- execute /usr/sbin/a2enmod negotiation
Recipe: apache2::mod_setenvif
* template[/etc/httpd/mods-available/setenvif.conf] action create
- create new file /etc/httpd/mods-available/setenvif.conf
- update content in file /etc/httpd/mods-available/setenvif.conf from none to fb5a27
--- /etc/httpd/mods-available/setenvif.conf 2017-01-26 20:39:07.230060002 +0000
+++ /etc/httpd/mods-available/.chef-setenvif20170126-2882-gugiop.conf 2017-01-26 20:39:07.230060002 +0000
@@ -1 +1,29 @@
+<IfModule mod_setenvif.c>
+ #
+ # The following directives modify normal HTTP response behavior to
+ # handle known problems with browser implementations.
+ #
+ BrowserMatch "Mozilla/2" nokeepalive
+ BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+ BrowserMatch "RealPlayer 4\.0" force-response-1.0
+ BrowserMatch "Java/1\.0" force-response-1.0
+ BrowserMatch "JDK/1\.0" force-response-1.0
+
+ #
+ # The following directive disables redirects on non-GET requests for
+ # a directory that does not include the trailing slash. This fixes a
+ # problem with Microsoft WebFolders which does not appropriately handle
+ # redirects for folders with DAV methods.
+ # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+ #
+ BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+ BrowserMatch "MS FrontPage" redirect-carefully
+ BrowserMatch "^WebDrive" redirect-carefully
+ BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
+ BrowserMatch "^gnome-vfs/1.0" redirect-carefully
+ BrowserMatch "^gvfs/1" redirect-carefully
+ BrowserMatch "^XML Spy" redirect-carefully
+ BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+ BrowserMatch " Konqueror/4" redirect-carefully
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/setenvif.load] action create
- create new file /etc/httpd/mods-available/setenvif.load
- update content in file /etc/httpd/mods-available/setenvif.load from none to 3b5f9f
--- /etc/httpd/mods-available/setenvif.load 2017-01-26 20:39:07.643266502 +0000
+++ /etc/httpd/mods-available/.chef-setenvif20170126-2882-1x5mzt1.load 2017-01-26 20:39:07.643266502 +0000
@@ -1 +1,2 @@
+LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod setenvif] action run
- execute /usr/sbin/a2enmod setenvif
Recipe: apache2::mod_log_config
* file[/etc/httpd/mods-available/log_config.load] action create
- create new file /etc/httpd/mods-available/log_config.load
- update content in file /etc/httpd/mods-available/log_config.load from none to 73d95c
--- /etc/httpd/mods-available/log_config.load 2017-01-26 20:39:08.001445502 +0000
+++ /etc/httpd/mods-available/.chef-log_config20170126-2882-1wplplb.load 2017-01-26 20:39:08.001445502 +0000
@@ -1 +1,2 @@
+LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod log_config] action run
- execute /usr/sbin/a2enmod log_config
Recipe: apache2::mod_logio
* file[/etc/httpd/mods-available/logio.load] action create
- create new file /etc/httpd/mods-available/logio.load
- update content in file /etc/httpd/mods-available/logio.load from none to d7e67c
--- /etc/httpd/mods-available/logio.load 2017-01-26 20:39:08.378634001 +0000
+++ /etc/httpd/mods-available/.chef-logio20170126-2882-1xw77j.load 2017-01-26 20:39:08.374632003 +0000
@@ -1 +1,2 @@
+LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod logio] action run
- execute /usr/sbin/a2enmod logio
Recipe: apache2::default
* service[apache2] action enable
- enable service service[apache2]
* service[apache2] action start
- start service service[apache2]
Recipe: apache2::mod_headers
* file[/etc/httpd/mods-available/headers.load] action create
- create new file /etc/httpd/mods-available/headers.load
- update content in file /etc/httpd/mods-available/headers.load from none to b039b4
--- /etc/httpd/mods-available/headers.load 2017-01-26 20:39:09.641265002 +0000
+++ /etc/httpd/mods-available/.chef-headers20170126-2882-1v12kat.load 2017-01-26 20:39:09.641265002 +0000
@@ -1 +1,2 @@
+LoadModule headers_module /usr/lib64/httpd/modules/mod_headers.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod headers] action run
- execute /usr/sbin/a2enmod headers
Recipe: apache2::mod_proxy
* template[/etc/httpd/mods-available/proxy.conf] action create
- create new file /etc/httpd/mods-available/proxy.conf
- update content in file /etc/httpd/mods-available/proxy.conf from none to e5e6e2
--- /etc/httpd/mods-available/proxy.conf 2017-01-26 20:39:09.930409501 +0000
+++ /etc/httpd/mods-available/.chef-proxy20170126-2882-1bw2h5b.conf 2017-01-26 20:39:09.930409501 +0000
@@ -1 +1,20 @@
+<IfModule mod_proxy.c>
+ #turning ProxyRequests on and allowing proxying from all may allow
+ #spammers to use your proxy to send email.
+
+ ProxyRequests Off
+
+ <Proxy *>
+ AddDefaultCharset off
+ Order deny,allow
+ Deny from all
+ Allow from none
+ </Proxy>
+
+ # Enable/disable the handling of HTTP/1.1 "Via:" headers.
+ # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
+ # Set to one of: Off | On | Full | Block
+
+ ProxyVia On
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/proxy.load] action create
- create new file /etc/httpd/mods-available/proxy.load
- update content in file /etc/httpd/mods-available/proxy.load from none to a83d3b
--- /etc/httpd/mods-available/proxy.load 2017-01-26 20:39:10.151520003 +0000
+++ /etc/httpd/mods-available/.chef-proxy20170126-2882-1tlqeva.load 2017-01-26 20:39:10.151520003 +0000
@@ -1 +1,2 @@
+LoadModule proxy_module /usr/lib64/httpd/modules/mod_proxy.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod proxy] action run
- execute /usr/sbin/a2enmod proxy
Recipe: apache2::mod_proxy_http
* file[/etc/httpd/mods-available/proxy_http.load] action create
- create new file /etc/httpd/mods-available/proxy_http.load
- update content in file /etc/httpd/mods-available/proxy_http.load from none to 5b8e8e
--- /etc/httpd/mods-available/proxy_http.load 2017-01-26 20:39:10.451670002 +0000
+++ /etc/httpd/mods-available/.chef-proxy_http20170126-2882-1gbxgul.load 2017-01-26 20:39:10.451670002 +0000
@@ -1 +1,2 @@
+LoadModule proxy_http_module /usr/lib64/httpd/modules/mod_proxy_http.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod proxy_http] action run
- execute /usr/sbin/a2enmod proxy_http
Recipe: apache2::mod_rewrite
* file[/etc/httpd/mods-available/rewrite.load] action create
- create new file /etc/httpd/mods-available/rewrite.load
- update content in file /etc/httpd/mods-available/rewrite.load from none to 819a3c
--- /etc/httpd/mods-available/rewrite.load 2017-01-26 20:39:10.890889499 +0000
+++ /etc/httpd/mods-available/.chef-rewrite20170126-2882-bfuh6s.load 2017-01-26 20:39:10.880884501 +0000
@@ -1 +1,2 @@
+LoadModule rewrite_module /usr/lib64/httpd/modules/mod_rewrite.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod rewrite] action run
- execute /usr/sbin/a2enmod rewrite
Recipe: rundeck::apache
* execute[a2dissite default.conf] action run (skipped due to only_if)
* execute[a2dissite 000-default.conf] action run (skipped due to only_if)
* template[apache-config] action create
- create new file /etc/httpd/sites-available/rundeck.conf
- update content in file /etc/httpd/sites-available/rundeck.conf from none to dc8202
--- /etc/httpd/sites-available/rundeck.conf 2017-01-26 20:39:11.519203502 +0000
+++ /etc/httpd/sites-available/.chef-rundeck20170126-2882-1p3bggy.conf 2017-01-26 20:39:11.518203002 +0000
@@ -1 +1,44 @@
+<VirtualHost *:80>
+ ServerName localhost
+ ServerAdmin rundeck@kitchentest
+
+ ErrorLog /var/log/httpd/rundeck_error.log
+ TransferLog /var/log/httpd/rundeck_access.log
+
+ DocumentRoot /var/www/html
+ ServerSignature On
+
+ <Proxy *>
+ <IfModule mod_authz_core.c>
+ Require all granted
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ Order deny,allow
+ Allow from all
+ </IfModule>
+ </Proxy>
+
+ ProxyPass / http://localhost:4440/
+ ProxyPassReverse / http://localhost:4440/
+
+ <Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ </Directory>
+ <Location /server-status>
+ SetHandler server-status
+
+ <IfModule mod_authz_core.c>
+ Require ip 127.0.0.1
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ Order deny,allow
+ Deny from all
+ Allow from 127.0.0.1
+ </IfModule>
+
+ </Location>
+
+</VirtualHost>
+
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* execute[a2ensite rundeck.conf] action run
- execute /usr/sbin/a2ensite rundeck.conf
Recipe: simple_passenger::default
* execute[restart app] action nothing (skipped due to action :nothing)
* execute[stop app] action nothing (skipped due to action :nothing)
* group[passenger group] action create (up to date)
* linux_user[passenger user] action create (up to date)
* directory[app log dir] action create
- create new directory /var/log/better-chef-rundeck
- change mode from '' to '0774'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
Recipe: logrotate::default
* yum_package[logrotate] action install (up to date)
* directory[/etc/logrotate.d] action create (up to date)
Recipe: simple_passenger::default
* template[/etc/logrotate.d/better-chef-rundeck] action create
- create new file /etc/logrotate.d/better-chef-rundeck
- update content in file /etc/logrotate.d/better-chef-rundeck from none to 28b857
--- /etc/logrotate.d/better-chef-rundeck 2017-01-26 20:39:12.588738002 +0000
+++ /etc/logrotate.d/.chef-better-chef-rundeck20170126-2882-1fn4eqk 2017-01-26 20:39:12.588738002 +0000
@@ -1 +1,14 @@
+# This file was generated by Chef for better-chef-rundeck-centos-68.
+# Do not modify this file by hand!
+
+"/var/log/better-chef-rundeck.log" {
+ daily
+ create 644 rundeck rundeck
+ rotate 7
+ missingok
+ compress
+ delaycompress
+ copytruncate
+ notifempty
+}
- change mode from '' to '0440'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* directory[pid dir] action create
- create new directory /var/run/better-chef-rundeck
- change mode from '' to '0774'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* directory[app dir] action create
- create new directory /opt/better-chef-rundeck
- change mode from '' to '0774'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* yum_package[git] action install
- install version 1.7.1-4.el6_7.1 of package git
* git[app] action sync
- clone from https://github.com/atheiman/better-chef-rundeck.git into /opt/better-chef-rundeck
- checkout ref b0c2bea40c39133b9813362301b984a86799d625 branch master
* template[passengerfile] action create
- create new file /opt/better-chef-rundeck/Passengerfile.json
- update content in file /opt/better-chef-rundeck/Passengerfile.json from none to 20e8ec
--- /opt/better-chef-rundeck/Passengerfile.json 2017-01-26 20:39:26.688784501 +0000
+++ /opt/better-chef-rundeck/.chef-Passengerfile20170126-2882-94x44q.json 2017-01-26 20:39:26.688784501 +0000
@@ -1 +1,13 @@
+{
+ "daemonize": true,
+ "environment": "production",
+ "envvars": {
+ "BCR_CHEF_CONFIG": "/etc/chef/rundeck.rb"
+ },
+ "log_file": "/var/log/better-chef-rundeck.log",
+ "pid_file": "/var/run/better-chef-rundeck/better-chef-rundeck.pid",
+ "port": 4000,
+ "ruby": "/usr/local/ruby/2.2.5/bin/ruby",
+ "user": "rundeck"
+}
- change mode from '' to '0664'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
Recipe: build-essential::default
* build_essential[install_packages] action install
* yum_package[autoconf, bison, flex, gcc, gcc-c++, gettext, kernel-devel, make, m4, ncurses-devel, patch] action install (up to date)
(up to date)
Recipe: simple_passenger::default
* yum_package[ruby devel dependencies] action install
- install version 1.0.1e-48.el6_8.3 of package openssl-devel
- install version 6.0-4.el6 of package readline-devel
- install version 1.2.3-29.el6 of package zlib-devel
Recipe: ruby_build::default
* yum_package[tar] action install (up to date)
* yum_package[bash] action install (up to date)
* yum_package[curl] action install (up to date)
* yum_package[git] action install (skipped due to not_if)
* execute[Install ruby-build] action nothing (skipped due to action :nothing)
* directory[/tmp/kitchen/cache] action create (up to date)
* git[/tmp/kitchen/cache/ruby-build] action checkout
- clone from https://github.com/sstephenson/ruby-build.git into /tmp/kitchen/cache/ruby-build
- checkout ref 3d593941745946a96b46f16ccb87aca9a7bd1014 branch master
* execute[Install ruby-build] action run
- execute ./install.sh
Recipe: simple_passenger::default
* ruby_build_ruby[app ruby version 2.2.5] action install
* execute[ruby-build[2.2.5]] action run
- execute /usr/local/bin/ruby-build "2.2.5" "/usr/local/ruby/2.2.5"
* execute[ruby-build[2.2.5]] action nothing (skipped due to action :nothing)
* gem_package[bundler] action install
- install version ~> 1.12.0 of package bundler
* execute[bundle install] action run
- execute /usr/local/ruby/2.2.5/bin/bundle install --deployment --without development test
* execute[start app] action run
- execute /usr/local/ruby/2.2.5/bin/bundle exec passenger start
Recipe: rundeck::chef_server_config
* template[/etc/chef/rundeck.rb] action create
- create new file /etc/chef/rundeck.rb
- update content in file /etc/chef/rundeck.rb from none to 982a4f
--- /etc/chef/rundeck.rb 2017-01-26 20:45:05.188950003 +0000
+++ /etc/chef/.chef-rundeck20170126-2882-8hjvg6.rb 2017-01-26 20:45:05.188950003 +0000
@@ -1 +1,9 @@
+log_level :info
+log_location STDOUT
+node_name 'chef-rundeck'
+client_key '/etc/chef/rundeck.pem'
+validation_client_name 'chef-validator'
+validation_key '/etc/chef/validation.pem'
+chef_server_url 'http://localhost:8089'
+cache_type 'BasicFile'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* file[/etc/chef/rundeck.pem] action create
- create new file /etc/chef/rundeck.pem
- update content in file /etc/chef/rundeck.pem from none to 4af3a7
--- /etc/chef/rundeck.pem 2017-01-26 20:45:05.338024503 +0000
+++ /etc/chef/.chef-rundeck20170126-2882-1i2hszh.pem 2017-01-26 20:45:05.338024503 +0000
@@ -1 +1,28 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAufewdB8WpVsSgkuss/EUaB+JYHYCu2nhg/nGb6oqpbmzV1DF
+N7d86xcotCVcJkX4fWWHsO61vGJAZK0+vodp7qBfIpnCPurNqV81zLw6g/grDjqe
+4Ha/U/By++ldNnFjKtKK1zD/xrt9/fUaL+bgDVWugcD5mAh6erH9jf1BTUka0Etl
+wge1B6kvbCbbi4yW2UWgTWIxrKbAtx1WDSjyqLArbwKhvToDYao+4QWOSsSMifC5
+bWgTL/YXtblPrrBx2W09qdT/hSVs2wTn1zM/eZzIQGmKFmhn4J1dvO5tOsgBzlkQ
+i6uTeivecz5/Z5qg+JFHQf5g1/8b1u08M1aPPQIDAQABAoIBAQC0ufunvha59/nS
+2kwqS12zmwJc1hLto4ZgRbsNBeiQShn5/yrKbO1fYpBSEgStxU4qPyNRVYsUWr+N
+l7fkXaEbIIuUCq11i6b2tOqJ31tWqTTejSWdqolhv8le+3l00Vi4Ywg+/QV1Uvys
+cyhR6SNQkjYXLzzg/UxaNOPeu4Jc4ciu6wuvnlqy46LkxMNV0bjb7u10lRwWnwBI
+Ja8bQZsamr8lMEktseHenppIhEnvEs7l1bmaogFJGFUAwskADAWQ07L0vSqLqpQd
+Na5/SKrflkZQjS0mvq7vBQi66ZyXoKfIHVRPuG9o53Az2Nq4SnZyHJvHEx1Hpn6k
+qjkDmFVZAoGBANsAGDSeg0BO9teL0eaD+wH6zA68FxMyYKPpeU908+m5J1ZIyFRK
+tHzBOkQWIuBSRXT+hsT0YJogCwp88Pv+JvHUHrAg/evztWrpsjh/oV3ooyWDJfec
+Vay9KEPacWkRVSNOOxicu8MPaRVknMmOzYgOXNiBakLoP40dhquMgeHzAoGBANli
+51WHQaCBK5yNI2WMWgN+h+/JL5dN0G1Gx5XBmMfV5BFJ9H+7Ig/VUt312/1HAoEu
+g27AaqIvWhnlEuvSuwuthDzevFeAeImsRwFqbrv3mHo8XqHnZTY5UMACdTRThP3E
+0ke5P+8GIEQIG5xLZka+F0adeA00VFEgDe3S3uYPAoGARUdWYO70HlfchntYv09p
+DEtGWjLuKch6AeBN2/DnaDyGUSldFi07w2ts/zTxe30LM+OAxrV4CcmxNHQp182i
+jEXKH3WQXiAOd+/NzUmyxn5dffRrAlWWVLrSDgUAc3hkMnMBBtwuGZq6Z2YYozpl
+knDYtjTaZKgL0pxQidw9CjkCgYAVZrtHnE1Fs/HLM8nsUWj7NxXC8ZeR2cNPPsyf
+XbPg2Jnfadx8RrwPuvyxhWbnBHqmpSGjYaYd2XORYQ//z3tCpw6Bv5vjMW6sfx1u
+cj/8mV+ViSP35IP+Vp4wiQ1o3WAWa64YCZDVw1Ch4fp15KZpCIXaGd6bzi8O3Y0B
+gOUY2QKBgQCNknpg/hLgrIC8x7139xVVG7zad3x0/pcGJpRtqALweDfzkofIgeLj
+Xhgf9I9JYnOUtXlprUnoIkFN0l+Q0x4t0/wMND2fkvR1JI/9KjHLZAwNyCn+Gbt3
+ZfbfscNkrXB6kc47E9XY5T7sokmK3V4+k9Bt1P1RT9WbcSb7QLvqzQ==
+-----END RSA PRIVATE KEY-----
- change mode from '' to '0400'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
Recipe: rundeck::chef-rundeck
* directory[/etc/chef] action create (up to date)
* file[/etc/chef/chef-rundeck.json] action create
- create new file /etc/chef/chef-rundeck.json
- update content in file /etc/chef/chef-rundeck.json from none to 703e90
--- /etc/chef/chef-rundeck.json 2017-01-26 20:45:05.464087503 +0000
+++ /etc/chef/.chef-chef-rundeck20170126-2882-121i1yg.json 2017-01-26 20:45:05.463087003 +0000
@@ -1 +1,9 @@
+{
+ "localhost": {
+ "pattern": "*:*",
+ "username": "rundeck",
+ "hostname": "ipaddress",
+ "attributes": null
+ }
+}
- change mode from '' to '0644'
- restore selinux security context
* chef_gem[chef-rundeck] action upgrade (skipped due to not_if)
* chef_gem[chef-rundeck] action upgrade (up to date)
* chef_gem[sinatra] action install (up to date)
* directory[/var/log/chef-rundeck] action create
- create new directory /var/log/chef-rundeck
- change mode from '' to '0755'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* file[/var/log/chef-rundeck/server.log] action create_if_missing
- create new file /var/log/chef-rundeck/server.log
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* template[/etc/systemd/system/chef-rundeck.service] action create (skipped due to only_if)
* template[/etc/init/chef-rundeck.conf] action create (skipped due to only_if)
Recipe: runit::default
* service[runit] action nothing (skipped due to action :nothing)
* execute[start-runsvdir] action nothing (skipped due to action :nothing)
Recipe: yum-epel::default
* yum_repository[epel] action create
* template[/etc/yum.repos.d/epel.repo] action create
- create new file /etc/yum.repos.d/epel.repo
- update content in file /etc/yum.repos.d/epel.repo from none to 5f5536
--- /etc/yum.repos.d/epel.repo 2017-01-26 20:45:06.867789000 +0000
+++ /etc/yum.repos.d/.chef-epel20170126-2882-cvr28a.repo 2017-01-26 20:45:06.867789000 +0000
@@ -1 +1,12 @@
+# This file was generated by Chef
+# Do NOT modify this file by hand.
+
+[epel]
+name=Extra Packages for 6 - $basearch
+enabled=1
+failovermethod=priority
+fastestmirror_enabled=0
+gpgcheck=1
+gpgkey=https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6
+mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6&arch=$basearch
- change mode from '' to '0644'
- restore selinux security context
* execute[yum clean metadata epel] action run
- execute yum clean metadata --disablerepo=* --enablerepo=epel
* execute[yum-makecache-epel] action run
- execute yum -q -y makecache --disablerepo=* --enablerepo=epel
* ruby_block[yum-cache-reload-epel] action create
- execute the ruby block yum-cache-reload-epel
* execute[yum clean metadata epel] action nothing (skipped due to action :nothing)
* execute[yum-makecache-epel] action nothing (skipped due to action :nothing)
* ruby_block[yum-cache-reload-epel] action nothing (skipped due to action :nothing)
Recipe: runit::default
* packagecloud_repo[imeyer/runit] action add
* yum_package[pygpgme] action install (up to date)
* log[pygpgme_warning] action write (skipped due to not_if)
* ruby_block[disable repo_gpgcheck if no pygpgme] action run (skipped due to not_if)
* template[/etc/yum.repos.d/imeyer_runit.repo] action create
- create new file /etc/yum.repos.d/imeyer_runit.repo
- update content in file /etc/yum.repos.d/imeyer_runit.repo from none to c89480
--- /etc/yum.repos.d/imeyer_runit.repo 2017-01-26 20:45:28.313506502 +0000
+++ /etc/yum.repos.d/.chef-imeyer_runit20170126-2882-tutkx6.repo 2017-01-26 20:45:28.313506502 +0000
@@ -1 +1,11 @@
+[imeyer_runit]
+name=imeyer_runit
+baseurl=https://packagecloud.io/imeyer/runit/el/6/$basearch
+repo_gpgcheck=1
+gpgcheck=0
+enabled=1
+gpgkey=https://packagecloud.io/imeyer/runit/gpgkey
+sslverify=1
+sslcacert=/etc/pki/tls/certs/ca-bundle.crt
+metadata_expire=300
- change mode from '' to '0644'
- restore selinux security context
* execute[yum-makecache-imeyer_runit] action run
- execute yum -q makecache -y --disablerepo=* --enablerepo=imeyer_runit
* ruby_block[yum-cache-reload-imeyer_runit] action create
- execute the ruby block yum-cache-reload-imeyer_runit
* execute[yum-makecache-imeyer_runit] action nothing (skipped due to action :nothing)
* ruby_block[yum-cache-reload-imeyer_runit] action nothing (skipped due to action :nothing)
* yum_package[runit] action install
- install version 2.1.2-1.el6 of package runit
* service[runsvdir-start] action start (skipped due to only_if)
* service[runsvdir-start] action enable (skipped due to only_if)
Recipe: <Dynamically Defined Resource>
* service[chef-rundeck] action nothing (skipped due to action :nothing)
Recipe: rundeck::chef-rundeck
* runit_service[chef-rundeck] action enable
* ruby_block[restart_service] action nothing (skipped due to action :nothing)
* ruby_block[restart_log_service] action nothing (skipped due to action :nothing)
* directory[/etc/sv/chef-rundeck] action create
- create new directory /etc/sv/chef-rundeck
- change mode from '' to '0755'
- restore selinux security context
* template[/etc/sv/chef-rundeck/run] action create
- create new file /etc/sv/chef-rundeck/run
- update content in file /etc/sv/chef-rundeck/run from none to ced7cb
--- /etc/sv/chef-rundeck/run 2017-01-26 20:45:41.846269503 +0000
+++ /etc/sv/chef-rundeck/.chef-run20170126-2882-4gupjf 2017-01-26 20:45:41.846269503 +0000
@@ -1 +1,6 @@
+#!/bin/sh
+exec 2>&1
+exec 1> /var/log/chef-rundeck/server.log
+exec \
+chpst -u rundeck /opt/chef/embedded/bin/chef-rundeck -c /etc/chef/rundeck.rb -f /etc/chef/chef-rundeck.json -w https://chef.kitchentest -o 0.0.0.0 -p 9980 -t 30
- change mode from '' to '0755'
- restore selinux security context
* directory[/etc/sv/chef-rundeck/log] action create
- create new directory /etc/sv/chef-rundeck/log
- restore selinux security context
* directory[/etc/sv/chef-rundeck/log/main] action create
- create new directory /etc/sv/chef-rundeck/log/main
- change mode from '' to '0755'
- restore selinux security context
* directory[/var/log/chef-rundeck] action create (up to date)
* template[/etc/sv/chef-rundeck/log/config] action create
- create new file /etc/sv/chef-rundeck/log/config
- update content in file /etc/sv/chef-rundeck/log/config from none to e3b0c4
(no diff)
- change mode from '' to '0644'
- restore selinux security context
* link[/var/log/chef-rundeck/config] action create
- create symlink at /var/log/chef-rundeck/config to /etc/sv/chef-rundeck/log/config
* template[/etc/sv/chef-rundeck/log/run] action create
- create new file /etc/sv/chef-rundeck/log/run
- update content in file /etc/sv/chef-rundeck/log/run from none to e64148
--- /etc/sv/chef-rundeck/log/run 2017-01-26 20:45:42.296494499 +0000
+++ /etc/sv/chef-rundeck/log/.chef-run20170126-2882-1wpkoyk 2017-01-26 20:45:42.295493999 +0000
@@ -1 +1,3 @@
+#!/bin/sh
+exec svlogd -tt ./main
- change mode from '' to '0755'
- restore selinux security context
* directory[/etc/sv/chef-rundeck/env] action create
- create new directory /etc/sv/chef-rundeck/env
- change mode from '' to '0755'
- restore selinux security context
* ruby_block[Delete unmanaged env files for chef-rundeck service] action run (skipped due to only_if)
* template[/etc/sv/chef-rundeck/check] action create (skipped due to only_if)
* template[/etc/sv/chef-rundeck/finish] action create (skipped due to only_if)
* directory[/etc/sv/chef-rundeck/control] action create
- create new directory /etc/sv/chef-rundeck/control
- change mode from '' to '0755'
- restore selinux security context
* link[/etc/init.d/chef-rundeck] action create
- create symlink at /etc/init.d/chef-rundeck to /sbin/sv
* file[/etc/sv/chef-rundeck/down] action nothing (skipped due to action :nothing)
* ruby_block[restart_service] action run
* ruby_block[restart_service] action nothing (skipped due to action :nothing)
* ruby_block[restart_log_service] action nothing (skipped due to action :nothing)
* directory[/etc/sv/chef-rundeck] action create (up to date)
* template[/etc/sv/chef-rundeck/run] action create (up to date)
* directory[/etc/sv/chef-rundeck/log] action create (up to date)
* directory[/etc/sv/chef-rundeck/log/main] action create (up to date)
* directory[/var/log/chef-rundeck] action create (up to date)
* template[/etc/sv/chef-rundeck/log/config] action create (up to date)
* link[/var/log/chef-rundeck/config] action create (up to date)
* template[/etc/sv/chef-rundeck/log/run] action create (up to date)
* directory[/etc/sv/chef-rundeck/env] action create (up to date)
* ruby_block[Delete unmanaged env files for chef-rundeck service] action run (skipped due to only_if)
* template[/etc/sv/chef-rundeck/check] action create (skipped due to only_if)
* template[/etc/sv/chef-rundeck/finish] action create (skipped due to only_if)
* directory[/etc/sv/chef-rundeck/control] action create (up to date)
* link[/etc/init.d/chef-rundeck] action create (up to date)
* file[/etc/sv/chef-rundeck/down] action nothing (skipped due to action :nothing)
* directory[/etc/service] action create (up to date)
* link[/etc/service/chef-rundeck] action create
- create symlink at /etc/service/chef-rundeck to /etc/sv/chef-rundeck
* ruby_block[wait for chef-rundeck service socket] action run
- execute the ruby block wait for chef-rundeck service socket
- execute the ruby block restart_service
* ruby_block[restart_log_service] action run
* ruby_block[restart_service] action nothing (skipped due to action :nothing)
* ruby_block[restart_log_service] action nothing (skipped due to action :nothing)
* directory[/etc/sv/chef-rundeck] action create (up to date)
* template[/etc/sv/chef-rundeck/run] action create (up to date)
* directory[/etc/sv/chef-rundeck/log] action create (up to date)
* directory[/etc/sv/chef-rundeck/log/main] action create (up to date)
* directory[/var/log/chef-rundeck] action create (up to date)
* template[/etc/sv/chef-rundeck/log/config] action create (up to date)
* link[/var/log/chef-rundeck/config] action create (up to date)
* template[/etc/sv/chef-rundeck/log/run] action create (up to date)
* directory[/etc/sv/chef-rundeck/env] action create (up to date)
* ruby_block[Delete unmanaged env files for chef-rundeck service] action run (skipped due to only_if)
* template[/etc/sv/chef-rundeck/check] action create (skipped due to only_if)
* template[/etc/sv/chef-rundeck/finish] action create (skipped due to only_if)
* directory[/etc/sv/chef-rundeck/control] action create (up to date)
* link[/etc/init.d/chef-rundeck] action create (up to date)
* file[/etc/sv/chef-rundeck/down] action nothing (skipped due to action :nothing)
* directory[/etc/service] action create (up to date)
* link[/etc/service/chef-rundeck] action create (up to date)
* ruby_block[wait for chef-rundeck service socket] action run
- execute the ruby block wait for chef-rundeck service socket
- execute the ruby block restart_log_service
* directory[/etc/service] action create (up to date)
* link[/etc/service/chef-rundeck] action create (up to date)
* ruby_block[wait for chef-rundeck service socket] action run
- execute the ruby block wait for chef-rundeck service socket
* service[chef-rundeck] action start (up to date)
Recipe: rundeck_fixtures::chef_zero
* chef_gem[chef-zero] action install (up to date)
* chef_gem[ridley] action install (up to date)
* execute[server] action run
- execute bin/chef-zero -H localhost -p 8089 -d
* ruby_block[Add test nodes in chef-zero server] action run
- execute the ruby block Add test nodes in chef-zero server
Recipe: rundeck::server_install
* service[rundeck] action nothing (skipped due to action :nothing)
Recipe: apache2::default
* service[apache2] action restart
- restart service service[apache2]
* service[apache2] action reload
- reload service service[apache2]
Recipe: simple_passenger::default
* execute[stop app] action run
- execute /usr/local/ruby/2.2.5/bin/bundle exec passenger stop
* execute[restart app] action run (skipped due to only_if)
Recipe: rundeck::chef-rundeck
* service[chef-rundeck] action restart
- restart service service[chef-rundeck]
Recipe: simple_passenger::default
* execute[start app] action run
- execute /usr/local/ruby/2.2.5/bin/bundle exec passenger start
Running handlers:
Running handlers complete
Deprecated features used!
method access to node attributes (node.foo.bar) is deprecated and will be removed in Chef 13, please use bracket syntax (node["foo"]["bar"]) at 3 locations:
- /tmp/kitchen/cache/cookbooks/ruby_build/attributes/default.rb:32:in `from_file'
- (erubis):47:in `block in evaluate'
- (erubis):183:in `block in evaluate'
See https://docs.chef.io/deprecations_attributes.html for further details.
node.set is deprecated and will be removed in Chef 14, please use node.default/node.override (or node.normal only if you really need persistence) at 4 locations:
- /tmp/kitchen/cache/cookbooks/ruby_build/attributes/default.rb:34:in `from_file'
- /tmp/kitchen/cache/cookbooks/ruby_build/attributes/default.rb:35:in `from_file'
- /tmp/kitchen/cache/cookbooks/ruby_build/attributes/default.rb:36:in `from_file'
- /tmp/kitchen/cache/cookbooks/ruby_build/attributes/default.rb:42:in `from_file'
See https://docs.chef.io/deprecations_attributes.html for further details.
Cloning resource attributes for directory[/var/lib/rundeck] from prior resource
Previous directory[/var/lib/rundeck]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/node_unix.rb:39:in `from_file'
Current directory[/var/lib/rundeck]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/server_install.rb:89:in `from_file' at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/server_install.rb:89:in `from_file'
See https://docs.chef.io/deprecations_resource_cloning.html for further details.
Cloning resource attributes for directory[/var/lib/rundeck/.ssh] from prior resource
Previous directory[/var/lib/rundeck/.ssh]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/node_unix.rb:46:in `from_file'
Current directory[/var/lib/rundeck/.ssh]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/server_install.rb:126:in `from_file' at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/server_install.rb:126:in `from_file'
See https://docs.chef.io/deprecations_resource_cloning.html for further details.
Cloning resource attributes for yum_package[git] from prior resource
Previous yum_package[git]: /tmp/kitchen/cache/cookbooks/simple_passenger/recipes/default.rb:93:in `from_file'
Current yum_package[git]: /tmp/kitchen/cache/cookbooks/ruby_build/recipes/default.rb:38:in `block in from_file' at 1 location:
- /tmp/kitchen/cache/cookbooks/ruby_build/recipes/default.rb:38:in `block in from_file'
See https://docs.chef.io/deprecations_resource_cloning.html for further details.
chef_gem[chef-rundeck] chef_gem compile_time installation is deprecated. Please set `compile_time false` on the resource to use the new behavior, or set `compile_time true` on the resource if compile_time behavior is required. at 2 locations:
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:49:in `from_file'
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:55:in `from_file'
See https://docs.chef.io/deprecations_chef_gem_compile_time.html for further details.
Cloning resource attributes for chef_gem[chef-rundeck] from prior resource
Previous chef_gem[chef-rundeck]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:49:in `from_file'
Current chef_gem[chef-rundeck]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:55:in `from_file' at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:55:in `from_file'
See https://docs.chef.io/deprecations_resource_cloning.html for further details.
chef_gem[sinatra] chef_gem compile_time installation is deprecated. Please set `compile_time false` on the resource to use the new behavior, or set `compile_time true` on the resource if compile_time behavior is required. at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:60:in `from_file'
See https://docs.chef.io/deprecations_chef_gem_compile_time.html for further details.
Cloning resource attributes for service[chef-rundeck] from prior resource
Current service[chef-rundeck]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:128:in `from_file' at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:128:in `from_file'
See https://docs.chef.io/deprecations_resource_cloning.html for further details.
chef_gem[chef-zero] chef_gem compile_time installation is deprecated. Please set `compile_time false` on the resource to use the new behavior, or set `compile_time true` on the resource if compile_time behavior is required. at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck_fixtures/recipes/chef_zero.rb:3:in `from_file'
See https://docs.chef.io/deprecations_chef_gem_compile_time.html for further details.
chef_gem[ridley] chef_gem compile_time installation is deprecated. Please set `compile_time false` on the resource to use the new behavior, or set `compile_time true` on the resource if compile_time behavior is required. at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck_fixtures/recipes/chef_zero.rb:4:in `from_file'
See https://docs.chef.io/deprecations_chef_gem_compile_time.html for further details.
Chef Client finished, 177/297 resources updated in 10 minutes 03 seconds
W, [2017-01-26T20:45:56.002233 #2882] WARN -- : Terminating task: type=:finalizer, meta={:method_name=>:__shutdown__}, status=:receiving
Celluloid::TaskFiber backtrace unavailable. Please try `Celluloid.task_class = Celluloid::TaskThread` if you need backtraces here.
W, [2017-01-26T20:45:56.003459 #2882] WARN -- : Terminating task: type=:finalizer, meta={:method_name=>:__shutdown__}, status=:receiving
Celluloid::TaskFiber backtrace unavailable. Please try `Celluloid.task_class = Celluloid::TaskThread` if you need backtraces here.
W, [2017-01-26T20:45:56.006083 #2882] WARN -- : Terminating task: type=:finalizer, meta={:method_name=>:__shutdown__}, status=:receiving
Celluloid::TaskFiber backtrace unavailable. Please try `Celluloid.task_class = Celluloid::TaskThread` if you need backtraces here.
Finished converging <better-chef-rundeck-centos-68> (10m13.19s).
-----> Setting up <better-chef-rundeck-centos-68>...
Finished setting up <better-chef-rundeck-centos-68> (0m0.00s).
-----> Verifying <better-chef-rundeck-centos-68>...
Preparing files for transfer
-----> Installing Busser (busser)
Fetching: thor-0.19.0.gem
Fetching: thor-0.19.0.gem ( 3%)
Fetching: thor-0.19.0.gem ( 6%)
Fetching: thor-0.19.0.gem ( 9%)
Fetching: thor-0.19.0.gem ( 12%)
Fetching: thor-0.19.0.gem ( 15%)
Fetching: thor-0.19.0.gem ( 17%)
Fetching: thor-0.19.0.gem ( 20%)
Fetching: thor-0.19.0.gem ( 23%)
Fetching: thor-0.19.0.gem ( 26%)
Fetching: thor-0.19.0.gem ( 29%)
Fetching: thor-0.19.0.gem ( 32%)
Fetching: thor-0.19.0.gem ( 35%)
Fetching: thor-0.19.0.gem ( 53%)
Fetching: thor-0.19.0.gem ( 71%)
Fetching: thor-0.19.0.gem ( 89%)
Fetching: thor-0.19.0.gem (100%)
Fetching: thor-0.19.0.gem (100%)
Successfully installed thor-0.19.0
Fetching: busser-0.7.1.gem
Fetching: busser-0.7.1.gem ( 64%)
Fetching: busser-0.7.1.gem (100%)
Fetching: busser-0.7.1.gem (100%)
Successfully installed busser-0.7.1
2 gems installed
Installing Busser plugins: busser-serverspec
Plugin serverspec installed (version 0.5.10)
-----> Running postinstall for serverspec plugin
Suite path directory /tmp/verifier/suites does not exist, skipping.
Transferring files to <better-chef-rundeck-centos-68>
-----> Running serverspec test suite
-----> Installing Serverspec..
Fetching: diff-lcs-1.3.gem
Fetching: diff-lcs-1.3.gem ( 5%)
Fetching: diff-lcs-1.3.gem ( 11%)
Fetching: diff-lcs-1.3.gem ( 17%)
Fetching: diff-lcs-1.3.gem ( 23%)
Fetching: diff-lcs-1.3.gem ( 28%)
Fetching: diff-lcs-1.3.gem ( 34%)
Fetching: diff-lcs-1.3.gem ( 40%)
Fetching: diff-lcs-1.3.gem ( 46%)
Fetching: diff-lcs-1.3.gem ( 52%)
Fetching: diff-lcs-1.3.gem ( 58%)
Fetching: diff-lcs-1.3.gem ( 64%)
Fetching: diff-lcs-1.3.gem ( 70%)
Fetching: diff-lcs-1.3.gem (100%)
Fetching: diff-lcs-1.3.gem (100%)
Fetching: rspec-expectations-3.5.0.gem
Fetching: rspec-expectations-3.5.0.gem ( 21%)
Fetching: rspec-expectations-3.5.0.gem ( 42%)
Fetching: rspec-expectations-3.5.0.gem ( 63%)
Fetching: rspec-expectations-3.5.0.gem ( 84%)
Fetching: rspec-expectations-3.5.0.gem (100%)
Fetching: rspec-expectations-3.5.0.gem (100%)
Fetching: rspec-mocks-3.5.0.gem
Fetching: rspec-mocks-3.5.0.gem ( 21%)
Fetching: rspec-mocks-3.5.0.gem ( 42%)
Fetching: rspec-mocks-3.5.0.gem ( 63%)
Fetching: rspec-mocks-3.5.0.gem ( 85%)
Fetching: rspec-mocks-3.5.0.gem (100%)
Fetching: rspec-mocks-3.5.0.gem (100%)
Fetching: rspec-3.5.0.gem
Fetching: rspec-3.5.0.gem (100%)
Fetching: rspec-3.5.0.gem (100%)
Fetching: rspec-its-1.2.0.gem
Fetching: rspec-its-1.2.0.gem (100%)
Fetching: rspec-its-1.2.0.gem (100%)
Fetching: multi_json-1.12.1.gem
Fetching: multi_json-1.12.1.gem ( 60%)
Fetching: multi_json-1.12.1.gem (100%)
Fetching: multi_json-1.12.1.gem (100%)
Fetching: net-ssh-4.0.1.gem
Fetching: net-ssh-4.0.1.gem ( 13%)
Fetching: net-ssh-4.0.1.gem ( 26%)
Fetching: net-ssh-4.0.1.gem ( 40%)
Fetching: net-ssh-4.0.1.gem ( 53%)
Fetching: net-ssh-4.0.1.gem ( 66%)
Fetching: net-ssh-4.0.1.gem ( 80%)
Fetching: net-ssh-4.0.1.gem ( 93%)
Fetching: net-ssh-4.0.1.gem (100%)
Fetching: net-ssh-4.0.1.gem (100%)
Fetching: net-scp-1.2.1.gem
Fetching: net-scp-1.2.1.gem ( 48%)
Fetching: net-scp-1.2.1.gem ( 98%)
Fetching: net-scp-1.2.1.gem (100%)
Fetching: net-scp-1.2.1.gem (100%)
Fetching: net-telnet-0.1.1.gem
Fetching: net-telnet-0.1.1.gem ( 92%)
Fetching: net-telnet-0.1.1.gem (100%)
Fetching: net-telnet-0.1.1.gem (100%)
Fetching: sfl-2.3.gem
Fetching: sfl-2.3.gem (100%)
Fetching: sfl-2.3.gem (100%)
Fetching: specinfra-2.66.6.gem
Fetching: specinfra-2.66.6.gem ( 19%)
Fetching: specinfra-2.66.6.gem ( 39%)
Fetching: specinfra-2.66.6.gem ( 58%)
Fetching: specinfra-2.66.6.gem ( 78%)
Fetching: specinfra-2.66.6.gem ( 98%)
Fetching: specinfra-2.66.6.gem (100%)
Fetching: specinfra-2.66.6.gem (100%)
Fetching: serverspec-2.38.0.gem
Fetching: serverspec-2.38.0.gem ( 40%)
Fetching: serverspec-2.38.0.gem ( 82%)
Fetching: serverspec-2.38.0.gem (100%)
Fetching: serverspec-2.38.0.gem (100%)
-----> serverspec installed (version 2.38.0)
/opt/chef/embedded/bin/ruby -I/tmp/verifier/suites/serverspec -I/tmp/verifier/gems/gems/rspec-support-3.5.0/lib:/tmp/verifier/gems/gems/rspec-core-3.5.4/lib /opt/chef/embedded/bin/rspec --pattern /tmp/verifier/suites/serverspec/\*\*/\*_spec.rb --color --format documentation --default-path /tmp/verifier/suites/serverspec
better-chef-rundeck
when request is made to server
 is up and running
when request is made to server with '*:*' search query
 returns all nodes from chef server
when request is made to server with specific search query
 returns nodes which satisfies search query
Finished in 0.08329 seconds (files took 0.69862 seconds to load)
3 examples, 0 failures
Finished verifying <better-chef-rundeck-centos-68> (0m9.26s).
-----> Destroying <better-chef-rundeck-centos-68>...
==> default: Forcing shutdown of VM...
==> default: Destroying VM and associated drives...
Vagrant instance <better-chef-rundeck-centos-68> destroyed.
Finished destroying <better-chef-rundeck-centos-68> (0m4.83s).
Finished testing <better-chef-rundeck-centos-68> (11m10.58s).
-----> Cleaning up any prior instances of <better-chef-rundeck-centos-72>
-----> Destroying <better-chef-rundeck-centos-72>...
Finished destroying <better-chef-rundeck-centos-72> (0m0.00s).
-----> Testing <better-chef-rundeck-centos-72>
-----> Creating <better-chef-rundeck-centos-72>...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'bento/centos-7.2'...
Progress: 20%
Progress: 50%
Progress: 70%
Progress: 90%
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'bento/centos-7.2' is up to date...
==> default: Setting the name of the VM: kitchen-rundeck-better-chef-rundeck-centos-72_default_1485463582345_65728
==> default: Fixed port collision for 22 => 2222. Now on port 2200.
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
==> default: Forwarding ports...
default: 22 (guest) => 2200 (host) (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2200
default: SSH username: vagrant
default: SSH auth method: private key
default: Warning: Remote connection disconnect. Retrying...
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: The guest additions on this VM do not match the installed version of
default: VirtualBox! In most cases this is fine, but in rare cases it can
default: prevent things such as shared folders from working properly. If you see
default: shared folder errors, please make sure the guest additions within the
default: virtual machine match the version of VirtualBox you have installed on
default: your host and reload your VM.
default:
default: Guest Additions Version: 5.1.10
default: VirtualBox Version: 5.0
==> default: Setting hostname...
==> default: Mounting shared folders...
default: /tmp/omnibus/cache => /Users/sg045734/.kitchen/cache
==> default: Machine not provisioned because `--no-provision` is specified.
[SSH] Established
Vagrant instance <better-chef-rundeck-centos-72> created.
Finished creating <better-chef-rundeck-centos-72> (0m37.08s).
-----> Converging <better-chef-rundeck-centos-72>...
Preparing files for transfer
Preparing dna.json
Resolving cookbook dependencies with Berkshelf 4.3.5...
Removing non-cookbook files before transfer
Preparing data_bags
Preparing validation.pem
Preparing client.rb
-----> Installing Chef Omnibus (install only if missing)
Downloading https://omnitruck.chef.io/install.sh to file /tmp/install.sh
Trying wget...
Download complete.
el 7 x86_64
Getting information for chef stable for el...
downloading https://omnitruck.chef.io/stable/chef/metadata?v=&p=el&pv=7&m=x86_64
to file /tmp/install.sh.8825/metadata.txt
trying wget...
sha1 59d78114aa5e13cbb56e8ddc2eb423260e197683
sha256 d535392f6f2aa236c6ffebd0e1f3c1a349a1a9294252a22b37b8d2aee9581f04
url https://packages.chef.io/files/stable/chef/12.18.31/el/7/chef-12.18.31-1.el7.x86_64.rpm
version 12.18.31
downloaded metadata file looks valid...
/tmp/omnibus/cache/chef-12.18.31-1.el7.x86_64.rpm already exists, verifiying checksum...
Comparing checksum with sha256sum...
checksum compare succeeded, using existing file!
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
You are installing an omnibus package without a version pin. If you are installing
on production servers via an automated process this is DANGEROUS and you will
be upgraded without warning on new releases, even to new major releases.
Letting the version float is only appropriate in desktop, test, development or
CI/CD environments.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
Installing chef
installing with rpm...
warning: /tmp/omnibus/cache/chef-12.18.31-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Preparing... (100%)# (100%)## (100%)### (100%)#### (100%)##### (100%)###### (100%)####### (100%)######## (100%)######### (100%)########## (100%)########### (100%)############ (100%)############# (100%)############## (100%)############### (100%)################ (100%)################# (100%)################## (100%)################### (100%)#################### (100%)##################### (100%)###################### (100%)####################### (100%)######################## (100%)######################### (100%)########################## (100%)########################### (100%)############################ (100%)############################# (100%)############################## (100%)############################### (100%)################################ (100%)################################# (100%)################################# [100%]
Updating / installing...
1:chef-12.18.31-1.el7 ( 1%)# ( 4%)## ( 7%)### ( 10%)#### ( 13%)##### ( 16%)###### ( 19%)####### ( 22%)######## ( 25%)######### ( 28%)########## ( 31%)########### ( 34%)############ ( 37%)############# ( 40%)############## ( 43%)############### ( 46%)################ ( 49%)################# ( 51%)################## ( 54%)################### ( 57%)#################### ( 60%)##################### ( 63%)###################### ( 66%)####################### ( 69%)######################## ( 72%)######################### ( 75%)########################## ( 78%)########################### ( 81%)############################ ( 84%)############################# ( 87%)############################## ( 90%)############################### ( 93%)################################ ( 96%)################################# ( 99%)################################# [100%]
Thank you for installing Chef!
Transferring files to <better-chef-rundeck-centos-72>
Starting Chef Client, version 12.18.31
Creating a new client identity for better-chef-rundeck-centos-72 using the validator key.
resolving cookbooks for run list: ["rundeck_fixtures", "rundeck::server", "rundeck::chef-rundeck", "rundeck_fixtures::chef_zero"]
Synchronizing Cookbooks:
- rundeck_fixtures (0.0.1)
- runit (3.0.5)
- sudo (3.3.1)
- java (1.46.0)
- build-essential (7.0.3)
- rundeck (3.2.0)
- java-libraries (0.2.0)
- seven_zip (2.0.2)
- simple_passenger (0.4.3)
- yum-epel (2.1.1)
- apache2 (3.2.2)
- mingw (1.2.5)
- logrotate (1.9.2)
- ohai (4.2.3)
- compat_resource (12.16.3)
- apt (5.0.1)
- packagecloud (0.2.5)
- windows (2.1.1)
- homebrew (3.0.0)
- ruby_build (0.8.0)
Installing Cookbook Gems:
Compiling Cookbooks...
[2017-01-26T20:47:12+00:00] WARN: Chef::Provider::AptRepository already exists! Cannot create deprecation class for LWRP provider apt_repository from cookbook apt
[2017-01-26T20:47:12+00:00] WARN: AptRepository already exists! Deprecation class overwrites Custom resource apt_repository from cookbook apt
chef-rundeck url: http://chef.kitchentest:9980
Recipe: build-essential::default
* build_essential[install_packages] action install
* yum_package[autoconf, bison, flex, gcc, gcc-c++, gettext, kernel-devel, make, m4, ncurses-devel, patch] action install
- install version 2.69-11.el7 of package autoconf
- install version 2.7-4.el7 of package bison
- install version 2.5.37-3.el7 of package flex
- install version 4.8.5-11.el7 of package gcc
- install version 4.8.5-11.el7 of package gcc-c++
- install version 3.10.0-514.6.1.el7 of package kernel-devel
- install version 5.9-13.20130511.el7 of package ncurses-devel
- install version 2.7.1-8.el7 of package patch
Recipe: rundeck::chef-rundeck
* chef_gem[chef-rundeck] action upgrade (skipped due to not_if)
* chef_gem[chef-rundeck] action upgrade
- upgrade package chef-rundeck from uninstalled to 2.2.0
* chef_gem[sinatra] action install (up to date)
Recipe: rundeck_fixtures::chef_zero
* chef_gem[chef-zero] action install (up to date)
* chef_gem[ridley] action install
- install version 5.1.0 of package ridley
Converging 193 resources
Recipe: rundeck_fixtures::default
* directory[/etc/chef/] action create
- create new directory /etc/chef/
- restore selinux security context
Recipe: java::notify
* log[jdk-version-changed] action nothing (skipped due to action :nothing)
Recipe: java::openjdk
* yum_package[java-1.7.0-openjdk] action install
- install version 1.7.0.121-2.6.8.0.el7_3 of package java-1.7.0-openjdk
Recipe: java::notify
* log[jdk-version-changed] action write
Recipe: java::openjdk
* yum_package[java-1.7.0-openjdk-devel] action install
- install version 1.7.0.121-2.6.8.0.el7_3 of package java-1.7.0-openjdk-devel
Recipe: java::notify
* log[jdk-version-changed] action write
Recipe: java::openjdk
* java_alternatives[set-java-alternatives] action set
- Add alternative for appletviewer
- Add alternative for apt
- Add alternative for extcheck
- Add alternative for idlj
- Add alternative for jar
- Add alternative for jarsigner
- Add alternative for java
- Add alternative for javac
- Add alternative for javadoc
- Add alternative for javah
- Add alternative for javap
- Add alternative for jcmd
- Add alternative for jconsole
- Add alternative for jdb
- Add alternative for jhat
- Add alternative for jinfo
- Add alternative for jmap
- Add alternative for jps
- Add alternative for jrunscript
- Add alternative for jsadebugd
- Add alternative for jstack
- Add alternative for jstat
- Add alternative for jstatd
- Add alternative for keytool
- Add alternative for native2ascii
- Add alternative for orbd
- Add alternative for pack200
- Add alternative for policytool
- Add alternative for rmic
- Add alternative for rmid
- Add alternative for rmiregistry
- Add alternative for schemagen
- Add alternative for serialver
- Add alternative for servertool
- Add alternative for tnameserv
- Add alternative for unpack200
- Add alternative for wsgen
- Add alternative for wsimport
- Add alternative for xjc
Recipe: java::set_java_home
* ruby_block[set-env-java-home] action run
- execute the ruby block set-env-java-home
* directory[/etc/profile.d] action create (up to date)
* template[/etc/profile.d/jdk.sh] action create
- create new file /etc/profile.d/jdk.sh
- update content in file /etc/profile.d/jdk.sh from none to 84a6f9
--- /etc/profile.d/jdk.sh 2017-01-26 20:49:00.634802591 +0000
+++ /etc/profile.d/.chef-jdk20170126-11192-nwn847.sh 2017-01-26 20:49:00.634802591 +0000
@@ -1 +1,2 @@
+export JAVA_HOME=/usr/lib/jvm/java-1.7.0
- change mode from '' to '0755'
- restore selinux security context
Recipe: rundeck::node_unix
* group[rundeck] action create
- create group rundeck
* linux_user[rundeck] action create
- create user rundeck
* directory[/var/lib/rundeck] action create
- create new directory /var/lib/rundeck
- change mode from '' to '0700'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* directory[/var/lib/rundeck/.ssh] action create
- create new directory /var/lib/rundeck/.ssh
- change mode from '' to '0700'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* file[/var/lib/rundeck/.ssh/authorized_keys] action create
- create new file /var/lib/rundeck/.ssh/authorized_keys
- update content in file /var/lib/rundeck/.ssh/authorized_keys from none to 8d07c3
--- /var/lib/rundeck/.ssh/authorized_keys 2017-01-26 20:49:00.808889585 +0000
+++ /var/lib/rundeck/.ssh/.chef-authorized_keys20170126-11192-1a7tf9e 2017-01-26 20:49:00.808889585 +0000
@@ -1 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC597B0HxalWxKCS6yz8RRoH4lgdgK7aeGD+cZvqiqlubNXUMU3t3zrFyi0JVwmRfh9ZYew7rW8YkBkrT6+h2nuoF8imcI+6s2pXzXMvDqD+CsOOp7gdr9T8HL76V02cWMq0orXMP/Gu3399Rov5uANVa6BwPmYCHp6sf2N/UFNSRrQS2XCB7UHqS9sJtuLjJbZRaBNYjGspsC3HVYNKPKosCtvAqG9OgNhqj7hBY5KxIyJ8LltaBMv9he1uU+usHHZbT2p1P+FJWzbBOfXMz95nMhAaYoWaGfgnV287m06yAHOWRCLq5N6K95zPn9nmqD4kUdB/mDX/xvW7TwzVo89 rundeck keys
- change mode from '' to '0600'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* sudo[rundeck-admin] action install[2017-01-26T20:49:00+00:00] WARN: rundeck-admin will be rendered, but will not take effect because node['authorization']['sudo']['include_sudoers_d'] is set to false!
* template[/etc/sudoers.d/rundeck-admin] action create
- create new file /etc/sudoers.d/rundeck-admin
- update content in file /etc/sudoers.d/rundeck-admin from none to 4e3ea1
--- /etc/sudoers.d/rundeck-admin 2017-01-26 20:49:00.858914583 +0000
+++ /etc/sudoers.d/.chef-rundeck-admin20170126-11192-1bhmnni 2017-01-26 20:49:00.858914583 +0000
@@ -1 +1,9 @@
+# This file is managed by Chef.
+# Do NOT modify this file directly.
+
+
+
+
+rundeck ALL=(ALL) NOPASSWD:ALL
+
- change mode from '' to '0440'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* template[/etc/sudoers.d/rundeck-admin] action nothing (skipped due to action :nothing)
Recipe: rundeck::server_install
* yum_repository[rundeck] action add
* template[/etc/yum.repos.d/rundeck.repo] action create
- create new file /etc/yum.repos.d/rundeck.repo
- update content in file /etc/yum.repos.d/rundeck.repo from none to 37a478
--- /etc/yum.repos.d/rundeck.repo 2017-01-26 20:49:00.885928082 +0000
+++ /etc/yum.repos.d/.chef-rundeck20170126-11192-1as3jjh.repo 2017-01-26 20:49:00.885928082 +0000
@@ -1 +1,11 @@
+# This file was generated by Chef
+# Do NOT modify this file by hand.
+
+[rundeck]
+name=Rundeck - Release
+baseurl=http://dl.bintray.com/rundeck/rundeck-rpm
+enabled=1
+fastestmirror_enabled=0
+gpgcheck=1
+gpgkey=http://rundeck.org/keys/BUILD-GPG-KEY-Rundeck.org.key
- change mode from '' to '0644'
- restore selinux security context
* execute[yum clean metadata rundeck] action run
- execute yum clean metadata --disablerepo=* --enablerepo=rundeck
* execute[yum-makecache-rundeck] action run
- execute yum -q -y makecache --disablerepo=* --enablerepo=rundeck
* ruby_block[yum-cache-reload-rundeck] action create
- execute the ruby block yum-cache-reload-rundeck
* execute[yum clean metadata rundeck] action nothing (skipped due to action :nothing)
* execute[yum-makecache-rundeck] action nothing (skipped due to action :nothing)
* ruby_block[yum-cache-reload-rundeck] action nothing (skipped due to action :nothing)
* yum_package[rundeck] action install
- install version 2.6.11-1.23.GA of package rundeck
* yum_package[rundeck-config] action install
- install version 2.6.11-1.23.GA of package rundeck-config
* service[rundeck] action nothing (skipped due to action :nothing)
* directory[/var/lib/rundeck] action create
- change mode from '0755' to '0700'
- restore selinux security context
* directory[/var/lib/rundeck/logs] action create (up to date)
* directory[/var/lib/rundeck/projects] action create
- create new directory /var/lib/rundeck/projects
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* directory[/var/lib/rundeck/.chef] action create
- create new directory /var/lib/rundeck/.chef
- change mode from '' to '0700'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* template[/var/lib/rundeck/.chef/knife.rb] action create
- create new file /var/lib/rundeck/.chef/knife.rb
- update content in file /var/lib/rundeck/.chef/knife.rb from none to e68e7d
--- /var/lib/rundeck/.chef/knife.rb 2017-01-26 20:49:33.233092411 +0000
+++ /var/lib/rundeck/.chef/.chef-knife20170126-11192-1h0tpvg.rb 2017-01-26 20:49:33.233092411 +0000
@@ -1 +1,11 @@
+log_level :info
+log_location STDOUT
+node_name 'rundeck'
+client_key '/var/lib/rundeck/.chef/rundeck.pem'
+validation_client_name 'chef-validator'
+validation_key '/var/lib/rundeck/.chef/chef-validator.pem'
+chef_server_url 'http://localhost:8089'
+cache_type 'BasicFile'
+cache_options( :path => '/var/lib/rundeck/.chef/checksums' )
+cookbook_path [ './cookbooks', './site-cookbooks' ]
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* directory[/var/lib/rundeck/.ssh] action create (up to date)
* file[/var/lib/rundeck/.ssh/id_rsa] action create
- update content in file /var/lib/rundeck/.ssh/id_rsa from fbde3c to 4af3a7
--- /var/lib/rundeck/.ssh/id_rsa 2017-01-26 20:49:30.978965992 +0000
+++ /var/lib/rundeck/.ssh/.chef-id_rsa20170126-11192-1t8km0u 2017-01-26 20:49:33.259105410 +0000
@@ -1,28 +1,28 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEApoiWoeH8JJHO8UdlG/GUz+E4OG0h4F0oykrTMcH3Hv9iSo1t
-ZmkstJsodV7CxESmZvHYu8gv+3Fl2nQQ67FrJC4M/y+QzrUVCKxBHbfByvJiiSzd
-vapxRMlhfdrafVOZwanYYqEZ5i/PKI1es/dokF9lAZ6hvfXrnGLTEKaBvPM7r+VC
-5du8V6W9Y7R3Hylm/O30Uy1hlxUEKbQhwImhiIF27bbHQu4o3c+5VuVe3PYTqkJ+
-v97Lob88KbWm5Tx8du3lbYvcMsNYRo6KsMYWnPXSruEdK/KLGaf7Pl2UMDZt8gdV
-xxj7/PD9jImDzyk/UM+jbPDJlYoxPmdKen/PtwIDAQABAoIBAEZGjYpy2vxzq2iW
-QEyyfaHb4OWu6ATOS1BSkx0ERUyHaOsdE3WMHJl6gHBHNNmuPqpilJtptxXcnKa7
-JAjSLexuon1tjSYttFqclj38NYN3Fa3diRVov7PPZ5y8pkcM6G2ZRv8YDN3efwUV
-40j+ttl16CHu10JabLrp2TfFjCo3q+1ziSmN3EYYO7lciGgdrVBzWklQr11VWJDA
-p+/TeKF6N4MdaKg8gFj2S7tw3V2qy8SfqU7eHN7Ut+yzlrl/nIkFMSMP2e2vUf3Y
-A6zoVRNHACfcqHXZODjfYUKVrM226htubpjoAlCXU5ON8UqtwSqOcd1L7dghvjKx
-8LpwGsECgYEA3GfU3m4EkMTIGTPbOiTDCKDn7HWfgXgePDPq2Vsi2EQawB/lfyMK
-9nJTSpaR1eddsWzq3lgOpqmRIjZGWJfZYzxn30ZsWwicyTB+yZNBXFMqOH4bqYe/
-AAtREewWy6WGPNzYNV8peq986xzO25b7KUGfxJCXHR2t0pPCQTJK/00CgYEAwW2K
-Jdi13dsZdYTb0EzDn+nUBRUQ8T7WSptIWctEMwro9ql8dN/IwTeDf4uO6vHRKzlP
-y9BheaPRxOziuOQZgifFsHi4TZKgmcaolb+7EGDJuB5Jofmkfcf+QCq+A4fEChv9
-79Vl9aI6fpnG561EHka65ocP42CvqE7Rb6gF0RMCgYAvWUL6scnbS9rsxx4ehI09
-ikuombA1gReFuWWHYjO/IApbIb8Mq/uL7A2GpYgY2sZe+lYOg/5JwX3DSsOb/qsd
-zXlHFvrqJ5R/CCMErNTKv7b/QeAxcE8Q9F1rKzvObfXDl3H/LT1c9NwyKhMqS2oT
-d9yZvrIn+BtCdKmzldlUtQKBgHOztGlDIjadMrNrT5lf8bycQCjyGvpTnhdun26m
-+hqWMhgp9bprikiZjl0i+9Bp6bazR5ohAc2jQn1LPatfNir243fWHli4lrylan54
-+8qmOsOZym3LSKu8j8eOSa8O7SMm71UhDyZJbjgAgExhBlgd8vqmW8ilMy24R+tE
-VIZlAoGACdak9vON7qAnf01rKH4x+ua7dq6Xik3SsxkCgQ4NN3NeM2S5YWY50M64
-AtV36uNLMDoH7FIyWeBZGTzeY3vvknkaIhwz8T5c43MbN2nzUBYKmysJZ0quRj6j
-lTJv4G1cqobE3f5mwMMBQ24ufeE/ye8IsdKMSyT+yLoQ5YrKZgM=
+MIIEpAIBAAKCAQEAufewdB8WpVsSgkuss/EUaB+JYHYCu2nhg/nGb6oqpbmzV1DF
+N7d86xcotCVcJkX4fWWHsO61vGJAZK0+vodp7qBfIpnCPurNqV81zLw6g/grDjqe
+4Ha/U/By++ldNnFjKtKK1zD/xrt9/fUaL+bgDVWugcD5mAh6erH9jf1BTUka0Etl
+wge1B6kvbCbbi4yW2UWgTWIxrKbAtx1WDSjyqLArbwKhvToDYao+4QWOSsSMifC5
+bWgTL/YXtblPrrBx2W09qdT/hSVs2wTn1zM/eZzIQGmKFmhn4J1dvO5tOsgBzlkQ
+i6uTeivecz5/Z5qg+JFHQf5g1/8b1u08M1aPPQIDAQABAoIBAQC0ufunvha59/nS
+2kwqS12zmwJc1hLto4ZgRbsNBeiQShn5/yrKbO1fYpBSEgStxU4qPyNRVYsUWr+N
+l7fkXaEbIIuUCq11i6b2tOqJ31tWqTTejSWdqolhv8le+3l00Vi4Ywg+/QV1Uvys
+cyhR6SNQkjYXLzzg/UxaNOPeu4Jc4ciu6wuvnlqy46LkxMNV0bjb7u10lRwWnwBI
+Ja8bQZsamr8lMEktseHenppIhEnvEs7l1bmaogFJGFUAwskADAWQ07L0vSqLqpQd
+Na5/SKrflkZQjS0mvq7vBQi66ZyXoKfIHVRPuG9o53Az2Nq4SnZyHJvHEx1Hpn6k
+qjkDmFVZAoGBANsAGDSeg0BO9teL0eaD+wH6zA68FxMyYKPpeU908+m5J1ZIyFRK
+tHzBOkQWIuBSRXT+hsT0YJogCwp88Pv+JvHUHrAg/evztWrpsjh/oV3ooyWDJfec
+Vay9KEPacWkRVSNOOxicu8MPaRVknMmOzYgOXNiBakLoP40dhquMgeHzAoGBANli
+51WHQaCBK5yNI2WMWgN+h+/JL5dN0G1Gx5XBmMfV5BFJ9H+7Ig/VUt312/1HAoEu
+g27AaqIvWhnlEuvSuwuthDzevFeAeImsRwFqbrv3mHo8XqHnZTY5UMACdTRThP3E
+0ke5P+8GIEQIG5xLZka+F0adeA00VFEgDe3S3uYPAoGARUdWYO70HlfchntYv09p
+DEtGWjLuKch6AeBN2/DnaDyGUSldFi07w2ts/zTxe30LM+OAxrV4CcmxNHQp182i
+jEXKH3WQXiAOd+/NzUmyxn5dffRrAlWWVLrSDgUAc3hkMnMBBtwuGZq6Z2YYozpl
+knDYtjTaZKgL0pxQidw9CjkCgYAVZrtHnE1Fs/HLM8nsUWj7NxXC8ZeR2cNPPsyf
+XbPg2Jnfadx8RrwPuvyxhWbnBHqmpSGjYaYd2XORYQ//z3tCpw6Bv5vjMW6sfx1u
+cj/8mV+ViSP35IP+Vp4wiQ1o3WAWa64YCZDVw1Ch4fp15KZpCIXaGd6bzi8O3Y0B
+gOUY2QKBgQCNknpg/hLgrIC8x7139xVVG7zad3x0/pcGJpRtqALweDfzkofIgeLj
+Xhgf9I9JYnOUtXlprUnoIkFN0l+Q0x4t0/wMND2fkvR1JI/9KjHLZAwNyCn+Gbt3
+ZfbfscNkrXB6kc47E9XY5T7sokmK3V4+k9Bt1P1RT9WbcSb7QLvqzQ==
-----END RSA PRIVATE KEY-----
- restore selinux security context
* cookbook_file[/var/lib/rundeck/libext/rundeck-winrm-plugin-1.3.3.jar] action create
- create new file /var/lib/rundeck/libext/rundeck-winrm-plugin-1.3.3.jar
- update content in file /var/lib/rundeck/libext/rundeck-winrm-plugin-1.3.3.jar from none to dac572
(new content is binary, diff output suppressed)
- change mode from '' to '0644'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* template[/var/lib/rundeck/exp/webapp/WEB-INF/web.xml] action create
- update content in file /var/lib/rundeck/exp/webapp/WEB-INF/web.xml from 4b249b to 5e6953
--- /var/lib/rundeck/exp/webapp/WEB-INF/web.xml 2016-11-15 21:52:08.000000000 +0000
+++ /var/lib/rundeck/exp/webapp/WEB-INF/.chef-web20170126-11192-vgo16z.xml 2017-01-26 20:49:33.431191403 +0000
@@ -20,9 +20,19 @@
<filter-name>instrumentedFilter</filter-name>
<filter-class>com.codahale.metrics.servlet.InstrumentedFilter</filter-class>
</filter>
+ <filter>
+ <filter-name>AssetPipelineFilter</filter-name>
+ <filter-class>asset.pipeline.AssetPipelineFilter</filter-class>
+ </filter>
<security-role>
<role-name>user</role-name>
</security-role>
+ <security-role>
+ <role-name>superusers</role-name>
+ </security-role>
+ <security-role>
+ <role-name>run_only_users</role-name>
+ </security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
@@ -216,24 +226,24 @@
<servlet-class>org.codehaus.groovy.grails.web.pages.GroovyPagesServlet</servlet-class>
</servlet>
<servlet>
- <servlet-name>grails-errorhandler</servlet-name>
- <servlet-class>org.codehaus.groovy.grails.web.servlet.ErrorHandlingServlet</servlet-class>
- </servlet>
- <servlet>
<servlet-name>metrics-admin-servlet</servlet-name>
<servlet-class>org.grails.plugins.metricsweb.DisablingAdminServlet</servlet-class>
</servlet>
+ <servlet>
+ <servlet-name>grails-errorhandler</servlet-name>
+ <servlet-class>org.codehaus.groovy.grails.web.servlet.ErrorHandlingServlet</servlet-class>
+ </servlet>
<servlet-mapping>
<servlet-name>gsp</servlet-name>
<url-pattern>*.gsp</url-pattern>
</servlet-mapping>
<servlet-mapping>
- <servlet-name>grails-errorhandler</servlet-name>
- <url-pattern>/grails-errorhandler</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
<servlet-name>metrics-admin-servlet</servlet-name>
<url-pattern>/metrics/*</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>grails-errorhandler</servlet-name>
+ <url-pattern>/grails-errorhandler</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>grails</servlet-name>
- restore selinux security context
* template[/etc/rundeck/jaas-activedirectory.conf] action create
- create new file /etc/rundeck/jaas-activedirectory.conf
- update content in file /etc/rundeck/jaas-activedirectory.conf from none to e2b9a2
--- /etc/rundeck/jaas-activedirectory.conf 2017-01-26 20:49:33.459205402 +0000
+++ /etc/rundeck/.chef-jaas-activedirectory20170126-11192-1hclq8t.conf 2017-01-26 20:49:33.459205402 +0000
@@ -1 +1,28 @@
+activedirectory {
+ com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule sufficient
+ debug="true"
+ contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
+ providerUrl="ldap://servername:389"
+ bindDn="CN=binddn,dc=domain,dc=com"
+ bindPassword="BINDPWD"
+ authenticationMethod="simple"
+ forceBindingLogin="true"
+ userBaseDn="ou=Users,dc=domain,dc=com"
+ userRdnAttribute="cn"
+ userIdAttribute="uid"
+ userPasswordAttribute="userPassword"
+ userObjectClass="inetOrgPerson"
+ roleBaseDn="ou=Groups,dc=domain,dc=com"
+ roleNameAttribute="cn"
+ roleMemberAttribute="uniqueMember"
+ roleObjectClass="groupOfUniqueNames"
+ rolePrefix="rundeck-"
+ cacheDurationMillis="300000"
+ supplementalRoles="user"
+ reportStatistics="true";
+
+ org.eclipse.jetty.plus.jaas.spi.PropertyFileLoginModule required
+ debug="true"
+ file="/etc/rundeck/realm.properties";
+};
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* template[/etc/rundeck/profile] action create
- update content in file /etc/rundeck/profile from bd6054 to a34edf
--- /etc/rundeck/profile 2016-11-15 22:00:19.000000000 +0000
+++ /etc/rundeck/.chef-profile20170126-11192-w7qkhz 2017-01-26 20:49:33.484217901 +0000
@@ -1,3 +1,6 @@
+RDECK_HOME=/var/lib/rundeck
+export RDECK_HOME
+
RDECK_BASE=/var/lib/rundeck
export RDECK_BASE
@@ -32,17 +35,22 @@
-Drdeck.projects=/var/rundeck/projects \
-Drdeck.runlogs=/var/lib/rundeck/logs \
-Drundeck.config.location=/etc/rundeck/rundeck-config.properties \
+ -Dserver.web.context=/ \
+ -Drundeck.jetty.connector.forwarded=true\
-Djava.io.tmpdir=$RUNDECK_TEMPDIR"
#
# Set min/max heap size
#
-RDECK_JVM="$RDECK_JVM -Xmx1024m -Xms256m -XX:MaxPermSize=256m -server"
+RDECK_JVM="$RDECK_JVM -XX:MaxPermSize=256m -Xmx1024m -Xms256m -server"
+
#
+# Set custom JVM properties
+#
+#
# SSL Configuration - Uncomment the following to enable. Check SSL.properties for details.
#
-#export RDECK_JVM="$RDECK_JVM -Drundeck.ssl.config=/etc/rundeck/ssl/ssl.properties -Dserver.https.port=${RDECK_HTTPS_PORT}"
-export RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=/etc/rundeck/ssl/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
+#export RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=/etc/rundeck/ssl/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
if test -t 0 -a -z "$RUNDECK_CLI_TERSE"
then
- restore selinux security context
* template[/etc/rundeck/rundeck-config.properties] action create
- update content in file /etc/rundeck/rundeck-config.properties from de1a7d to 6ce78d
--- /etc/rundeck/rundeck-config.properties 2016-11-15 22:00:19.000000000 +0000
+++ /etc/rundeck/.chef-rundeck-config20170126-11192-gkz9n9.properties 2017-01-26 20:49:33.509230401 +0000
@@ -1,11 +1,18 @@
-#loglevel.default is the default log level for jobs: ERROR,WARN,INFO,VERBOSE,DEBUG
+#loglevel.default is the default log level for jobs: ERR,WARN,INFO,VERBOSE,DEBUG
loglevel.default=INFO
-rdeck.base=/var/lib/rundeck
#rss.enabled if set to true enables RSS feeds that are public (non-authenticated)
-rss.enabled=false
-# change hostname here
-grails.serverURL=http://localhost:4440
-dataSource.dbCreate = update
-dataSource.url = jdbc:h2:file:/var/lib/rundeck/data/rundeckdb;MVCC=true;TRACE_LEVEL_FILE=4
+rss.enabled=true
+#
+dataSource.url = jdbc:h2:file:/var/lib/rundeck/data/rundeckdb;MVCC=true
+
+rundeck.security.useHMacRequestTokens=false
+
+grails.mail.default.from=rundeck@kitchentest
+
+grails.serverURL=http://localhost
+
+quartz.props.threadPool.threadCount = 10
+
+# Custom config
- restore selinux security context
* template[/etc/rundeck/framework.properties] action create
- update content in file /etc/rundeck/framework.properties from 860ad9 to 1d885c
--- /etc/rundeck/framework.properties 2016-11-15 22:00:19.000000000 +0000
+++ /etc/rundeck/.chef-framework20170126-11192-bmtlkc.properties 2017-01-26 20:49:33.534242900 +0000
@@ -1,40 +1,227 @@
# framework.properties -
#
+# $Id: framework.properties.template 2128 2010-08-17 21:29:24Z ahonor $
+#
# ----------------------------------------------------------------
-# Rundeck server connection information
+# Installation specific settings
# ----------------------------------------------------------------
-framework.server.name = localhost
-framework.server.hostname = localhost
-framework.server.port = 4440
-framework.server.url = http://localhost:4440
-# Username/password used by CLI tools.
-framework.server.username = admin
-framework.server.password = admin
+# TODO - DUMP java.home = /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home
+file.separator = /
+rdeck.base = /etc/rundeck
+rdeck.home = /etc/rundeck
+# TODO - DUMP user.home = /home/rundeck
+framework.application.libpath =
+framework.application.properties =
+
+# API Tokens File
+
+#
+# Email settings
+#
+# recipient addresses to send email (comma separated)
+framework.email.tolist = root
+# email address appearing in message "from" field
+framework.email.from = rundeck@kitchentest
+# email address replies should go
+framework.email.replyto = do-not-reply
+# The rdeck email relay host. must be a functioning smtp relay server
+framework.email.mailhost = localhost
+framework.email.mailport = 25
+# User/pass info if the smtp server requires it
+framework.email.user =
+framework.email.password =
+framework.email.ssl = false
+framework.email.failonerror = true
+
+
+#
+# Custom config
+#
+#
+
# ----------------------------------------------------------------
-# Installation locations
+# Do not make changes below this line
# ----------------------------------------------------------------
-rdeck.base=/var/lib/rundeck
-framework.projects.dir=/var/rundeck/projects
-framework.etc.dir=/etc/rundeck
-framework.var.dir=/var/lib/rundeck/var
-framework.tmp.dir=/var/lib/rundeck/var/tmp
+#
+# framework.crypto.keystore.filename is the path to the JKS keystore containing a certchain for
+# verifying signed jars
+#
+framework.crypto.keystore.filename =
+
+#
+# framework.crypto.keystore.password is any password for verifying the keystore integrity
+#
+framework.crypto.keystore.password =
+
+#
+# framework.crypto.jarSigning.aliasName is the name of the cert alias to use for verification
+#
+framework.crypto.jarSigning.aliasName =
+
+
+
+#the hostname of this rdeck node (likely matches hostname)
+framework.node.hostname = localhost
+
+#the logical name of this rdeck node (used during Node registration)
+framework.node.name = localhost
+
+# for backwards compatability
+framework.node = localhost
+
+# the node type
+framework.node.type = @framework.node.type@
+
+#
+#
+# Version of this RUNDECK implementation
+#
+# framework.rdeck.version = 1.1
+
+#
+# Root directory of the framework pkg
+#
+framework.rdeck.dir = ${rdeck.home}
+
+#
+# Root directory of the framework instance
+#
+framework.rdeck.base = /etc/rundeck
+
+#
+# Base directory of the installed functional modules
+#
+# TODO Dump ### framework.modules.dir = /private/tmp/rdl/modules
+
+
+#
+# project spaces containing resources
+#
+framework.projects.dir= /var/rundeck/projects
+framework.depots.dir= /var/rundeck/projects
+
+#
+# directory containing instance based property files
+#
+framework.etc.dir= /etc/rundeck
+
+#
+# Base directory where instance of framework var dir is kept
+#
+framework.var.dir= /var/lib/rundeck/var
+
+#
+# Framework tmp dir
+#
+framework.tmp.dir= ${framework.var.dir}/tmp
+
+#
+# Base directory where logs are kept
+#
framework.logs.dir=/var/lib/rundeck/logs
+
+#
+# Date/time stamp format used in logs. See java.text.SimpleDateFormat
+#
+framework.log.format=[yyyy-MM-dd hh:mm:ss-Z]
+
+#
+# Directory where plugins are kept. cache will be libext/cache.
+#
framework.libext.dir=/var/lib/rundeck/libext
-# ----------------------------------------------------------------
-# SSH defaults for node executor and file copier
-# ----------------------------------------------------------------
+#
+# Base directory where module source code is kept
+#
+# TODO - DUMP framework.src.dir= /private/tmp/rdl/src
+#
+# Name of nodes metadata file for each project (e.g. nodes.xml/nodes.properties)
+#
+framework.nodes.file.name= resources.xml
+
+#
+# Local Authentication/Authorization Security
+#
+framework.authorization.class = com.dtolabs.rundeck.core.authorization.NoAuthorization
+framework.authentication.class = com.dtolabs.rundeck.core.authentication.NoAuthentication
+#
+# Remote Client connection authentication
+#
+framework.nodeauthentication.classname = com.dtolabs.rundeck.core.authentication.DefaultNodeAuthResolutionStrategy
+
+#
+# Remote Central Dispatcher service class
+#
+framework.centraldispatcher.classname = com.dtolabs.client.services.RundeckAPICentralDispatcher
+
+#
+# Rundeck Server UUID
+#
+rundeck.server.uuid = 6025764c-200b-4536-8cab-6c579597e023
+
+#
+#
+# rdeck server connection.
+#
+framework.server.username = admin
+framework.server.password = adminpassword
+framework.server.hostname = localhost
+framework.server.name = better-chef-rundeck-centos-72
+
+framework.server.port = 4440
+framework.server.url = http://localhost:4440
+# URL to Rundeck
+framework.rundeck.url = http://localhost:4440
+
+#
+# ssh keypath
+#
framework.ssh.keypath = /var/lib/rundeck/.ssh/id_rsa
+
+#
+# ssh user
+#
framework.ssh.user = rundeck
-# ssh connection timeout after a specified number of milliseconds.
-# "0" value means wait forever.
+
+#
+# ssh timeout. The connection can be dropped after a specified number of milliseconds.
+# A "0" value means wait forever.
+#
framework.ssh.timeout = 0
+#
+# Set the formatting for run-exec console output
+#
+# Examples:
+# 1) Format specification to work with Rundeck. %command will be "run-exec"
+#
+# framework.log.run-exec.console.format =[%user@%node %command][%level] %message
+#
+framework.log.run-exec.console.format =[%user@%node %command][%level] %message
+
+# winrm authentication type (options "basic" or "kerberos", default: "basic")
+#
+framework.winrm-auth-type = basic
+
+# winrm SSL security (options "all", "self-signed", "default" (trusted certs only))
+#
+framework.winrm-cert-trust = all
+
+# winrm hostname security (options "all", "strict", "browser-compatible")
+#
+framework.winrm-hostname-trust = all
+
+# winrm HTTP(S) protocol to use, either "http" or "https". Default: "https"
+#
+framework.winrm-protocol = https
+
+# winrm connection timeout. Default: PT60.000S
+framework.winrm-timeout = PT60.000S
- restore selinux security context
* template[/etc/rundeck/realm.properties] action create
- update content in file /etc/rundeck/realm.properties from bce17d to 2a2797
--- /etc/rundeck/realm.properties 2016-11-15 22:00:19.000000000 +0000
+++ /etc/rundeck/.chef-realm20170126-11192-khrw5d.properties 2017-01-26 20:49:33.568259898 +0000
@@ -4,7 +4,7 @@
# The format is
# <username>: <password>[,<rolename> ...]
#
-# Passwords may be clear text, obfuscated or checksummed. The class
+# Passwords may be clear text, obfuscated or checksummed. The class
# org.mortbay.util.Password should be used to generate obfuscated
# passwords or password checksums
#
@@ -22,7 +22,9 @@
#
# This sets the default user accounts for the Rundeck app
#
-admin:admin,user,admin,architect,deploy,build
+admin:adminpassword,admin,user,architect,deploy,build
+n00b:TheBestPassw0rd,user
+
#@jetty.user.deploy.name@:@jetty.user.deploy.password@,user,deploy
#@jetty.user.build.name@:@jetty.user.build.password@,user,build
- restore selinux security context
* bash[own rundeck] action run
- execute "bash" "/tmp/chef-script20170126-11192-147o70j"
* service[rundeckd] action start
- start service service[rundeckd]
* rundeck_plugin[slack] action create
* remote_file[/var/lib/rundeck/libext/rundeck-slack-incoming-webhook-plugin-0.6.jar] action create
- create new file /var/lib/rundeck/libext/rundeck-slack-incoming-webhook-plugin-0.6.jar
- update content in file /var/lib/rundeck/libext/rundeck-slack-incoming-webhook-plugin-0.6.jar from none to d23b31
(new content is binary, diff output suppressed)
- change mode from '' to '0644'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* bash[check-project-localhost] action run (skipped due to only_if)
Recipe: apache2::default
* yum_package[apache2] action install
- install version 2.4.6-45.el7.centos of package httpd
* directory[/etc/httpd/sites-available] action create
- create new directory /etc/httpd/sites-available
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* directory[/etc/httpd/sites-enabled] action create
- create new directory /etc/httpd/sites-enabled
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* directory[/etc/httpd/mods-available] action create
- create new directory /etc/httpd/mods-available
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* directory[/etc/httpd/mods-enabled] action create
- create new directory /etc/httpd/mods-enabled
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* directory[/etc/httpd/conf-available] action create
- create new directory /etc/httpd/conf-available
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* directory[/etc/httpd/conf-enabled] action create
- create new directory /etc/httpd/conf-enabled
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* link[/etc/httpd/sites-enabled/default] action delete (up to date)
* file[/etc/httpd/sites-available/default] action delete (up to date)
* link[/etc/httpd/sites-enabled/default.conf] action delete (up to date)
* file[/etc/httpd/sites-available/default.conf] action delete (up to date)
* link[/etc/httpd/sites-enabled/000-default] action delete (up to date)
* file[/etc/httpd/sites-available/000-default] action delete (up to date)
* link[/etc/httpd/sites-enabled/000-default.conf] action delete (up to date)
* file[/etc/httpd/sites-available/000-default.conf] action delete (up to date)
* directory[/etc/httpd/conf.d] action delete
- delete existing directory /etc/httpd/conf.d
* directory[/var/log/httpd] action create
- change mode from '0700' to '0755'
- restore selinux security context
* yum_package[perl] action install (up to date)
* link[/usr/sbin/a2ensite] action delete (skipped due to only_if)
* template[/usr/sbin/a2ensite] action create
- create new file /usr/sbin/a2ensite
- update content in file /usr/sbin/a2ensite from none to 0556b3
--- /usr/sbin/a2ensite 2017-01-26 20:49:47.530236893 +0000
+++ /usr/sbin/.chef-a2ensite20170126-11192-1pdssba 2017-01-26 20:49:47.528235893 +0000
@@ -1 +1,533 @@
+#!/usr/bin/perl -w
+#
+# a2enmod by Stefan Fritsch <sf@debian.org>
+# Licensed under Apache License 2.0
+#
+# The coding style is "perltidy -pbp"
+
+use strict;
+use Cwd 'realpath';
+use File::Spec;
+use File::Basename;
+use File::Path;
+use Getopt::Long;
+
+my $quiet;
+my $force;
+my $maintmode;
+my $purge;
+
+Getopt::Long::Configure('bundling');
+GetOptions(
+ 'quiet|q' => \$quiet,
+ 'force|f' => \$force,
+ 'maintmode|m' => \$maintmode,
+ 'purge|p' => \$purge
+) or exit 2;
+
+my $basename = basename($0);
+$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
+ or die "$basename call name unknown\n";
+my $act = $1;
+my $obj = $2;
+my $dir_suffix = $3;
+
+my $env_file = $ENV{APACHE_ENVVARS}
+ || (
+ $ENV{APACHE_CONFDIR}
+ ? "$ENV{APACHE_CONFDIR}/envvars"
+ : "/etc/httpd$dir_suffix/envvars"
+ );
+$ENV{LANG} = 'C';
+read_env_file($env_file);
+
+$act .= 'able';
+my ( $name, $dir, $sffx, $reload );
+if ( $obj eq 'mod' ) {
+ $obj = 'module';
+ $dir = 'mods';
+ $sffx = '.load';
+ $reload = 'restart';
+}
+elsif ( $obj eq 'conf' ) {
+ $obj = 'conf';
+ $dir = 'conf';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+else {
+ $dir = 'sites';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+$name = ucfirst($obj);
+
+my $confdir = $ENV{APACHE_CONFDIR} || "/etc/httpd$dir_suffix";
+my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
+ || "$confdir/$dir-available";
+my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib64/httpd";
+
+$statedir .= "/$obj";
+
+my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
+my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
+
+my $request_reload = 0;
+
+my $rc = 0;
+
+if ( !scalar @ARGV ) {
+ my @choices = myglob('*');
+ print "Your choices are: @choices\n";
+ print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
+ my $input = <>;
+ @ARGV = split /\s+/, $input;
+
+}
+
+my @objs;
+foreach my $arg (@ARGV) {
+ $arg =~ s/${sffx}$//;
+ my @glob = myglob($arg);
+ if ( !@glob ) {
+ error("No $obj found matching $arg!\n");
+ $rc = 1;
+ }
+ else {
+ push @objs, @glob;
+ }
+}
+
+foreach my $acton (@objs) {
+ doit($acton) or $rc = 1;
+}
+
+info(
+ "To activate the new configuration, you need to run:\n service apache2 $reload\n"
+) if $request_reload;
+
+exit($rc);
+
+##############################################################################
+
+sub myglob {
+ my $arg = shift;
+
+ my @glob = map {
+ s{^$choicedir/}{};
+ s{$sffx$}{};
+ $_
+ } glob("$choicedir/$arg$sffx");
+
+ return @glob;
+}
+
+sub doit {
+ my $acton = shift;
+
+ my ( $conftgt, $conflink );
+ if ( $obj eq 'module' ) {
+ if ( $acton eq 'cgi' && threaded() ) {
+ print
+ "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
+ $acton = 'cgid';
+ }
+
+ $conftgt = "$availdir/$acton.conf";
+ if ( -e $conftgt ) {
+ $conflink = "$enabldir/$acton.conf";
+ }
+ }
+
+ my $tgt = "$availdir/$acton$sffx";
+ my $link = "$enabldir/$acton$sffx";
+
+ if ( !-e $tgt ) {
+ if ( -l $link && !-e $link ) {
+ if ( $act eq 'disable' ) {
+ info("removing dangling symlink $link\n");
+ unlink($link);
+
+ # force a .conf path. It may exist as dangling link, too
+ $conflink = "$enabldir/$acton.conf";
+
+ if ( -l $conflink && !-e $conflink ) {
+ info("removing dangling symlink $conflink\n");
+ unlink($conflink);
+ }
+
+ return 1;
+ }
+ else {
+ error("$link is a dangling symlink!\n");
+ }
+ }
+
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ # exit silently, we are purging anyway
+ return 1;
+ }
+
+ error("$name $acton does not exist!\n");
+ return 0;
+ }
+
+ # handle module dependencies
+ if ( $obj eq 'module' ) {
+ if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
+ my @depends = get_deps("$availdir/$acton.load");
+ do_deps( $acton, @depends ) or return 0;
+
+ my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
+ check_conflicts( $acton, @conflicts ) or return 0;
+ }
+ else {
+ my @depending;
+ foreach my $d ( glob("$enabldir/*.load") ) {
+ my @deps = get_deps($d);
+ if ( is_in( $acton, @deps ) ) {
+ $d =~ m,/([^/]+).load$,;
+ push @depending, $1;
+ }
+ }
+ if ( scalar @depending ) {
+ if ($force) {
+ do_deps( $acton, @depending ) or return 0;
+ }
+ else {
+ error(
+ "The following modules depend on $acton ",
+ "and need to be disabled first: @depending\n"
+ );
+ return 0;
+ }
+ }
+ }
+ }
+ elsif ( $act eq 'enable' ) {
+ my @depends = get_deps("$availdir/$acton$sffx");
+ warn_deps( $acton, @depends ) or return 0;
+ }
+
+ if ( $act eq 'enable' ) {
+ my $check = check_link( $tgt, $link );
+ if ( $check eq 'ok' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'ok' ) {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ elsif ( $confcheck eq 'missing' ) {
+ print "Enabling config file $acton.conf.\n";
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ else {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+ else {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ }
+ elsif ( $check eq 'missing' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'missing' ) {
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ elsif ( $confcheck ne 'ok' ) {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+
+ print "Enabling $obj $acton.\n";
+ if ( $acton eq 'ssl' ) {
+ info( "See /usr/share/doc/apache2/README.Debian.gz on "
+ . "how to configure SSL and create self-signed certificates.\n"
+ );
+ }
+ return add_link( $tgt, $link )
+ && switch_marker( $obj, $act, $acton );
+ }
+ else {
+ error("$name $acton not properly enabled: $check\n");
+ return 0;
+ }
+ }
+ else {
+ if ( -e $link || -l $link ) {
+ remove_link($link);
+ if ( $conflink && -e $conflink ) {
+ remove_link($conflink);
+ }
+ switch_marker( $obj, $act, $acton );
+ print "$name $acton disabled.\n";
+ }
+ elsif ( $conflink && -e $conflink ) {
+ print "Disabling stale config file $acton.conf.\n";
+ remove_link($conflink);
+ }
+ else {
+ info("$name $acton already disabled\n");
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ }
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+sub get_deps {
+ my $file = shift;
+ my $type = shift || "Depends";
+
+ my $fd;
+ if ( !open( $fd, '<', $file ) ) {
+ error("Can't open $file: $!");
+ return;
+ }
+ my $line;
+ while ( defined( $line = <$fd> ) ) {
+ chomp $line;
+ if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
+ my $deps = $1;
+ return split( /[\n\s]+/, $deps );
+ }
+
+ # only check until the first non-empty non-comment line
+ last if ( $line !~ /^\s*(?:#.*)?$/ );
+ }
+ return;
+}
+
+sub do_deps {
+ my $acton = shift;
+ foreach my $d (@_) {
+ info("Considering dependency $d for $acton:\n");
+ if ( !doit($d) ) {
+ error("Could not $act dependency $d for $acton, aborting\n");
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub warn_deps {
+ my $acton = shift;
+ my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
+ foreach my $d (@_) {
+ info("Checking dependency $d for $acton:\n");
+ if ( !-e "$modsenabldir/$d.load" ) {
+ warning(
+ "Module $d is not enabled, but $acton depends on it, aborting\n"
+ );
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub check_conflicts {
+ my $acton = shift;
+ my $haderror = 0;
+ foreach my $d (@_) {
+ info("Considering conflict $d for $acton:\n");
+
+ my $tgt = "$availdir/$d$sffx";
+ my $link = "$enabldir/$d$sffx";
+
+ my $confcheck = check_link( $tgt, $link );
+ if ( $confcheck eq 'ok' ) {
+ error(
+ "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
+ );
+
+ # Don't return immediately, there could be several conflicts
+ $haderror++;
+ }
+ }
+
+ if ($haderror) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub add_link {
+ my ( $tgt, $link ) = @_;
+
+ # create relative link
+ if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
+ die("Could not create $link: $!\n");
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub check_link {
+ my ( $tgt, $link ) = @_;
+
+ if ( !-e $link ) {
+ if ( -l $link ) {
+
+ # points to nowhere
+ info("Removing dangling link $link");
+ unlink($link) or die "Could not remove $link\n";
+ }
+ return 'missing';
+ }
+
+ if ( -e $link && !-l $link ) {
+ return "$link is a real file, not touching it";
+ }
+ if ( realpath($link) ne realpath($tgt) ) {
+ return "$link exists but does not point to $tgt, not touching it";
+ }
+ return 'ok';
+}
+
+sub remove_link {
+ my ($link) = @_;
+
+ if ( -l $link ) {
+ unlink($link) or die "Could not remove $link: $!\n";
+ }
+ elsif ( -e $link ) {
+ error("$link is not a symbolic link, not deleting\n");
+ return 0;
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub threaded {
+ my $result = "";
+ $result = qx{/usr/sbin/apachectl -V | grep 'threaded'}
+ if -x '/usr/sbin/apachectl';
+ if ( $? != 0 ) {
+
+ # config doesn't work
+ if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
+ {
+ return 0;
+ }
+ elsif (-e "$enabldir/mpm_worker.load"
+ || -e "$enabldir/mpm_event.load" )
+ {
+ return 1;
+ }
+ else {
+ error("Can't determine enabled MPM");
+
+ # do what user requested
+ return 0;
+ }
+ }
+ if ( $result =~ / no/ ) {
+ return 0;
+ }
+ elsif ( $result =~ / yes/ ) {
+ return 1;
+ }
+ else {
+ die("Can't parse output from apache2ctl -V:\n$result\n");
+ }
+}
+
+sub info {
+ print @_ if !$quiet;
+}
+
+sub error {
+ print STDERR 'ERROR: ', @_;
+}
+
+sub warning {
+ print STDERR 'WARNING: ', @_;
+}
+
+sub is_in {
+ my $needle = shift;
+ foreach my $e (@_) {
+ return 1 if $needle eq $e;
+ }
+ return 0;
+}
+
+sub read_env_file {
+ my $file = shift;
+
+ -r $file or return;
+ my @lines = qx{env - sh -c '. $file && env'};
+ if ($?) {
+ die "Could not read $file\n";
+ }
+
+ foreach my $l (@lines) {
+ chomp $l;
+ $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
+ $ENV{$1} = $2;
+ }
+}
+
+sub switch_marker {
+ die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
+ if @_ != 3;
+ my $which = shift;
+ my $what = shift;
+ my $name = shift;
+
+ my $mode = "admin";
+ $mode = "maint" if $maintmode;
+
+ #print("switch_marker $which $what $name\n");
+ # TODO: get rid of the magic string(s)
+ my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
+ my $state_marker = "$state_marker_dir/$name";
+ if ( !-d $state_marker_dir ) {
+ File::Path::mkpath("$state_marker_dir")
+ || error(
+ "Failed to create marker directory: '$state_marker_dir'\n");
+ }
+
+ # XXX: swap find with perl alternative
+ my @markers = qx{find "$statedir" -type f -a -name "$name"};
+ chomp(@markers);
+ foreach (@markers) {
+ unless ( unlink $_ ) {
+ error("Failed to remove old marker '$_'!\n") && return 0;
+ }
+ }
+ unless ($purge) {
+ qx{touch "$state_marker"};
+ if ( $? != 0 ) {
+ error("Failed to create marker '$state_marker'!\n") && return 0;
+ }
+ return 1;
+ }
+}
+
+# vim: syntax=perl sw=4 sts=4 sr et
- change mode from '' to '0700'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* link[/usr/sbin/a2dissite] action delete (skipped due to only_if)
* template[/usr/sbin/a2dissite] action create
- create new file /usr/sbin/a2dissite
- update content in file /usr/sbin/a2dissite from none to 0556b3
--- /usr/sbin/a2dissite 2017-01-26 20:49:47.614278890 +0000
+++ /usr/sbin/.chef-a2dissite20170126-11192-1hmgrzx 2017-01-26 20:49:47.614278890 +0000
@@ -1 +1,533 @@
+#!/usr/bin/perl -w
+#
+# a2enmod by Stefan Fritsch <sf@debian.org>
+# Licensed under Apache License 2.0
+#
+# The coding style is "perltidy -pbp"
+
+use strict;
+use Cwd 'realpath';
+use File::Spec;
+use File::Basename;
+use File::Path;
+use Getopt::Long;
+
+my $quiet;
+my $force;
+my $maintmode;
+my $purge;
+
+Getopt::Long::Configure('bundling');
+GetOptions(
+ 'quiet|q' => \$quiet,
+ 'force|f' => \$force,
+ 'maintmode|m' => \$maintmode,
+ 'purge|p' => \$purge
+) or exit 2;
+
+my $basename = basename($0);
+$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
+ or die "$basename call name unknown\n";
+my $act = $1;
+my $obj = $2;
+my $dir_suffix = $3;
+
+my $env_file = $ENV{APACHE_ENVVARS}
+ || (
+ $ENV{APACHE_CONFDIR}
+ ? "$ENV{APACHE_CONFDIR}/envvars"
+ : "/etc/httpd$dir_suffix/envvars"
+ );
+$ENV{LANG} = 'C';
+read_env_file($env_file);
+
+$act .= 'able';
+my ( $name, $dir, $sffx, $reload );
+if ( $obj eq 'mod' ) {
+ $obj = 'module';
+ $dir = 'mods';
+ $sffx = '.load';
+ $reload = 'restart';
+}
+elsif ( $obj eq 'conf' ) {
+ $obj = 'conf';
+ $dir = 'conf';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+else {
+ $dir = 'sites';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+$name = ucfirst($obj);
+
+my $confdir = $ENV{APACHE_CONFDIR} || "/etc/httpd$dir_suffix";
+my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
+ || "$confdir/$dir-available";
+my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib64/httpd";
+
+$statedir .= "/$obj";
+
+my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
+my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
+
+my $request_reload = 0;
+
+my $rc = 0;
+
+if ( !scalar @ARGV ) {
+ my @choices = myglob('*');
+ print "Your choices are: @choices\n";
+ print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
+ my $input = <>;
+ @ARGV = split /\s+/, $input;
+
+}
+
+my @objs;
+foreach my $arg (@ARGV) {
+ $arg =~ s/${sffx}$//;
+ my @glob = myglob($arg);
+ if ( !@glob ) {
+ error("No $obj found matching $arg!\n");
+ $rc = 1;
+ }
+ else {
+ push @objs, @glob;
+ }
+}
+
+foreach my $acton (@objs) {
+ doit($acton) or $rc = 1;
+}
+
+info(
+ "To activate the new configuration, you need to run:\n service apache2 $reload\n"
+) if $request_reload;
+
+exit($rc);
+
+##############################################################################
+
+sub myglob {
+ my $arg = shift;
+
+ my @glob = map {
+ s{^$choicedir/}{};
+ s{$sffx$}{};
+ $_
+ } glob("$choicedir/$arg$sffx");
+
+ return @glob;
+}
+
+sub doit {
+ my $acton = shift;
+
+ my ( $conftgt, $conflink );
+ if ( $obj eq 'module' ) {
+ if ( $acton eq 'cgi' && threaded() ) {
+ print
+ "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
+ $acton = 'cgid';
+ }
+
+ $conftgt = "$availdir/$acton.conf";
+ if ( -e $conftgt ) {
+ $conflink = "$enabldir/$acton.conf";
+ }
+ }
+
+ my $tgt = "$availdir/$acton$sffx";
+ my $link = "$enabldir/$acton$sffx";
+
+ if ( !-e $tgt ) {
+ if ( -l $link && !-e $link ) {
+ if ( $act eq 'disable' ) {
+ info("removing dangling symlink $link\n");
+ unlink($link);
+
+ # force a .conf path. It may exist as dangling link, too
+ $conflink = "$enabldir/$acton.conf";
+
+ if ( -l $conflink && !-e $conflink ) {
+ info("removing dangling symlink $conflink\n");
+ unlink($conflink);
+ }
+
+ return 1;
+ }
+ else {
+ error("$link is a dangling symlink!\n");
+ }
+ }
+
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ # exit silently, we are purging anyway
+ return 1;
+ }
+
+ error("$name $acton does not exist!\n");
+ return 0;
+ }
+
+ # handle module dependencies
+ if ( $obj eq 'module' ) {
+ if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
+ my @depends = get_deps("$availdir/$acton.load");
+ do_deps( $acton, @depends ) or return 0;
+
+ my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
+ check_conflicts( $acton, @conflicts ) or return 0;
+ }
+ else {
+ my @depending;
+ foreach my $d ( glob("$enabldir/*.load") ) {
+ my @deps = get_deps($d);
+ if ( is_in( $acton, @deps ) ) {
+ $d =~ m,/([^/]+).load$,;
+ push @depending, $1;
+ }
+ }
+ if ( scalar @depending ) {
+ if ($force) {
+ do_deps( $acton, @depending ) or return 0;
+ }
+ else {
+ error(
+ "The following modules depend on $acton ",
+ "and need to be disabled first: @depending\n"
+ );
+ return 0;
+ }
+ }
+ }
+ }
+ elsif ( $act eq 'enable' ) {
+ my @depends = get_deps("$availdir/$acton$sffx");
+ warn_deps( $acton, @depends ) or return 0;
+ }
+
+ if ( $act eq 'enable' ) {
+ my $check = check_link( $tgt, $link );
+ if ( $check eq 'ok' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'ok' ) {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ elsif ( $confcheck eq 'missing' ) {
+ print "Enabling config file $acton.conf.\n";
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ else {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+ else {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ }
+ elsif ( $check eq 'missing' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'missing' ) {
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ elsif ( $confcheck ne 'ok' ) {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+
+ print "Enabling $obj $acton.\n";
+ if ( $acton eq 'ssl' ) {
+ info( "See /usr/share/doc/apache2/README.Debian.gz on "
+ . "how to configure SSL and create self-signed certificates.\n"
+ );
+ }
+ return add_link( $tgt, $link )
+ && switch_marker( $obj, $act, $acton );
+ }
+ else {
+ error("$name $acton not properly enabled: $check\n");
+ return 0;
+ }
+ }
+ else {
+ if ( -e $link || -l $link ) {
+ remove_link($link);
+ if ( $conflink && -e $conflink ) {
+ remove_link($conflink);
+ }
+ switch_marker( $obj, $act, $acton );
+ print "$name $acton disabled.\n";
+ }
+ elsif ( $conflink && -e $conflink ) {
+ print "Disabling stale config file $acton.conf.\n";
+ remove_link($conflink);
+ }
+ else {
+ info("$name $acton already disabled\n");
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ }
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+sub get_deps {
+ my $file = shift;
+ my $type = shift || "Depends";
+
+ my $fd;
+ if ( !open( $fd, '<', $file ) ) {
+ error("Can't open $file: $!");
+ return;
+ }
+ my $line;
+ while ( defined( $line = <$fd> ) ) {
+ chomp $line;
+ if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
+ my $deps = $1;
+ return split( /[\n\s]+/, $deps );
+ }
+
+ # only check until the first non-empty non-comment line
+ last if ( $line !~ /^\s*(?:#.*)?$/ );
+ }
+ return;
+}
+
+sub do_deps {
+ my $acton = shift;
+ foreach my $d (@_) {
+ info("Considering dependency $d for $acton:\n");
+ if ( !doit($d) ) {
+ error("Could not $act dependency $d for $acton, aborting\n");
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub warn_deps {
+ my $acton = shift;
+ my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
+ foreach my $d (@_) {
+ info("Checking dependency $d for $acton:\n");
+ if ( !-e "$modsenabldir/$d.load" ) {
+ warning(
+ "Module $d is not enabled, but $acton depends on it, aborting\n"
+ );
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub check_conflicts {
+ my $acton = shift;
+ my $haderror = 0;
+ foreach my $d (@_) {
+ info("Considering conflict $d for $acton:\n");
+
+ my $tgt = "$availdir/$d$sffx";
+ my $link = "$enabldir/$d$sffx";
+
+ my $confcheck = check_link( $tgt, $link );
+ if ( $confcheck eq 'ok' ) {
+ error(
+ "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
+ );
+
+ # Don't return immediately, there could be several conflicts
+ $haderror++;
+ }
+ }
+
+ if ($haderror) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub add_link {
+ my ( $tgt, $link ) = @_;
+
+ # create relative link
+ if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
+ die("Could not create $link: $!\n");
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub check_link {
+ my ( $tgt, $link ) = @_;
+
+ if ( !-e $link ) {
+ if ( -l $link ) {
+
+ # points to nowhere
+ info("Removing dangling link $link");
+ unlink($link) or die "Could not remove $link\n";
+ }
+ return 'missing';
+ }
+
+ if ( -e $link && !-l $link ) {
+ return "$link is a real file, not touching it";
+ }
+ if ( realpath($link) ne realpath($tgt) ) {
+ return "$link exists but does not point to $tgt, not touching it";
+ }
+ return 'ok';
+}
+
+sub remove_link {
+ my ($link) = @_;
+
+ if ( -l $link ) {
+ unlink($link) or die "Could not remove $link: $!\n";
+ }
+ elsif ( -e $link ) {
+ error("$link is not a symbolic link, not deleting\n");
+ return 0;
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub threaded {
+ my $result = "";
+ $result = qx{/usr/sbin/apachectl -V | grep 'threaded'}
+ if -x '/usr/sbin/apachectl';
+ if ( $? != 0 ) {
+
+ # config doesn't work
+ if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
+ {
+ return 0;
+ }
+ elsif (-e "$enabldir/mpm_worker.load"
+ || -e "$enabldir/mpm_event.load" )
+ {
+ return 1;
+ }
+ else {
+ error("Can't determine enabled MPM");
+
+ # do what user requested
+ return 0;
+ }
+ }
+ if ( $result =~ / no/ ) {
+ return 0;
+ }
+ elsif ( $result =~ / yes/ ) {
+ return 1;
+ }
+ else {
+ die("Can't parse output from apache2ctl -V:\n$result\n");
+ }
+}
+
+sub info {
+ print @_ if !$quiet;
+}
+
+sub error {
+ print STDERR 'ERROR: ', @_;
+}
+
+sub warning {
+ print STDERR 'WARNING: ', @_;
+}
+
+sub is_in {
+ my $needle = shift;
+ foreach my $e (@_) {
+ return 1 if $needle eq $e;
+ }
+ return 0;
+}
+
+sub read_env_file {
+ my $file = shift;
+
+ -r $file or return;
+ my @lines = qx{env - sh -c '. $file && env'};
+ if ($?) {
+ die "Could not read $file\n";
+ }
+
+ foreach my $l (@lines) {
+ chomp $l;
+ $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
+ $ENV{$1} = $2;
+ }
+}
+
+sub switch_marker {
+ die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
+ if @_ != 3;
+ my $which = shift;
+ my $what = shift;
+ my $name = shift;
+
+ my $mode = "admin";
+ $mode = "maint" if $maintmode;
+
+ #print("switch_marker $which $what $name\n");
+ # TODO: get rid of the magic string(s)
+ my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
+ my $state_marker = "$state_marker_dir/$name";
+ if ( !-d $state_marker_dir ) {
+ File::Path::mkpath("$state_marker_dir")
+ || error(
+ "Failed to create marker directory: '$state_marker_dir'\n");
+ }
+
+ # XXX: swap find with perl alternative
+ my @markers = qx{find "$statedir" -type f -a -name "$name"};
+ chomp(@markers);
+ foreach (@markers) {
+ unless ( unlink $_ ) {
+ error("Failed to remove old marker '$_'!\n") && return 0;
+ }
+ }
+ unless ($purge) {
+ qx{touch "$state_marker"};
+ if ( $? != 0 ) {
+ error("Failed to create marker '$state_marker'!\n") && return 0;
+ }
+ return 1;
+ }
+}
+
+# vim: syntax=perl sw=4 sts=4 sr et
- change mode from '' to '0700'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* link[/usr/sbin/a2enmod] action delete (skipped due to only_if)
* template[/usr/sbin/a2enmod] action create
- create new file /usr/sbin/a2enmod
- update content in file /usr/sbin/a2enmod from none to 0556b3
--- /usr/sbin/a2enmod 2017-01-26 20:49:47.700321887 +0000
+++ /usr/sbin/.chef-a2enmod20170126-11192-9tmndc 2017-01-26 20:49:47.700321887 +0000
@@ -1 +1,533 @@
+#!/usr/bin/perl -w
+#
+# a2enmod by Stefan Fritsch <sf@debian.org>
+# Licensed under Apache License 2.0
+#
+# The coding style is "perltidy -pbp"
+
+use strict;
+use Cwd 'realpath';
+use File::Spec;
+use File::Basename;
+use File::Path;
+use Getopt::Long;
+
+my $quiet;
+my $force;
+my $maintmode;
+my $purge;
+
+Getopt::Long::Configure('bundling');
+GetOptions(
+ 'quiet|q' => \$quiet,
+ 'force|f' => \$force,
+ 'maintmode|m' => \$maintmode,
+ 'purge|p' => \$purge
+) or exit 2;
+
+my $basename = basename($0);
+$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
+ or die "$basename call name unknown\n";
+my $act = $1;
+my $obj = $2;
+my $dir_suffix = $3;
+
+my $env_file = $ENV{APACHE_ENVVARS}
+ || (
+ $ENV{APACHE_CONFDIR}
+ ? "$ENV{APACHE_CONFDIR}/envvars"
+ : "/etc/httpd$dir_suffix/envvars"
+ );
+$ENV{LANG} = 'C';
+read_env_file($env_file);
+
+$act .= 'able';
+my ( $name, $dir, $sffx, $reload );
+if ( $obj eq 'mod' ) {
+ $obj = 'module';
+ $dir = 'mods';
+ $sffx = '.load';
+ $reload = 'restart';
+}
+elsif ( $obj eq 'conf' ) {
+ $obj = 'conf';
+ $dir = 'conf';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+else {
+ $dir = 'sites';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+$name = ucfirst($obj);
+
+my $confdir = $ENV{APACHE_CONFDIR} || "/etc/httpd$dir_suffix";
+my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
+ || "$confdir/$dir-available";
+my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib64/httpd";
+
+$statedir .= "/$obj";
+
+my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
+my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
+
+my $request_reload = 0;
+
+my $rc = 0;
+
+if ( !scalar @ARGV ) {
+ my @choices = myglob('*');
+ print "Your choices are: @choices\n";
+ print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
+ my $input = <>;
+ @ARGV = split /\s+/, $input;
+
+}
+
+my @objs;
+foreach my $arg (@ARGV) {
+ $arg =~ s/${sffx}$//;
+ my @glob = myglob($arg);
+ if ( !@glob ) {
+ error("No $obj found matching $arg!\n");
+ $rc = 1;
+ }
+ else {
+ push @objs, @glob;
+ }
+}
+
+foreach my $acton (@objs) {
+ doit($acton) or $rc = 1;
+}
+
+info(
+ "To activate the new configuration, you need to run:\n service apache2 $reload\n"
+) if $request_reload;
+
+exit($rc);
+
+##############################################################################
+
+sub myglob {
+ my $arg = shift;
+
+ my @glob = map {
+ s{^$choicedir/}{};
+ s{$sffx$}{};
+ $_
+ } glob("$choicedir/$arg$sffx");
+
+ return @glob;
+}
+
+sub doit {
+ my $acton = shift;
+
+ my ( $conftgt, $conflink );
+ if ( $obj eq 'module' ) {
+ if ( $acton eq 'cgi' && threaded() ) {
+ print
+ "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
+ $acton = 'cgid';
+ }
+
+ $conftgt = "$availdir/$acton.conf";
+ if ( -e $conftgt ) {
+ $conflink = "$enabldir/$acton.conf";
+ }
+ }
+
+ my $tgt = "$availdir/$acton$sffx";
+ my $link = "$enabldir/$acton$sffx";
+
+ if ( !-e $tgt ) {
+ if ( -l $link && !-e $link ) {
+ if ( $act eq 'disable' ) {
+ info("removing dangling symlink $link\n");
+ unlink($link);
+
+ # force a .conf path. It may exist as dangling link, too
+ $conflink = "$enabldir/$acton.conf";
+
+ if ( -l $conflink && !-e $conflink ) {
+ info("removing dangling symlink $conflink\n");
+ unlink($conflink);
+ }
+
+ return 1;
+ }
+ else {
+ error("$link is a dangling symlink!\n");
+ }
+ }
+
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ # exit silently, we are purging anyway
+ return 1;
+ }
+
+ error("$name $acton does not exist!\n");
+ return 0;
+ }
+
+ # handle module dependencies
+ if ( $obj eq 'module' ) {
+ if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
+ my @depends = get_deps("$availdir/$acton.load");
+ do_deps( $acton, @depends ) or return 0;
+
+ my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
+ check_conflicts( $acton, @conflicts ) or return 0;
+ }
+ else {
+ my @depending;
+ foreach my $d ( glob("$enabldir/*.load") ) {
+ my @deps = get_deps($d);
+ if ( is_in( $acton, @deps ) ) {
+ $d =~ m,/([^/]+).load$,;
+ push @depending, $1;
+ }
+ }
+ if ( scalar @depending ) {
+ if ($force) {
+ do_deps( $acton, @depending ) or return 0;
+ }
+ else {
+ error(
+ "The following modules depend on $acton ",
+ "and need to be disabled first: @depending\n"
+ );
+ return 0;
+ }
+ }
+ }
+ }
+ elsif ( $act eq 'enable' ) {
+ my @depends = get_deps("$availdir/$acton$sffx");
+ warn_deps( $acton, @depends ) or return 0;
+ }
+
+ if ( $act eq 'enable' ) {
+ my $check = check_link( $tgt, $link );
+ if ( $check eq 'ok' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'ok' ) {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ elsif ( $confcheck eq 'missing' ) {
+ print "Enabling config file $acton.conf.\n";
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ else {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+ else {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ }
+ elsif ( $check eq 'missing' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'missing' ) {
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ elsif ( $confcheck ne 'ok' ) {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+
+ print "Enabling $obj $acton.\n";
+ if ( $acton eq 'ssl' ) {
+ info( "See /usr/share/doc/apache2/README.Debian.gz on "
+ . "how to configure SSL and create self-signed certificates.\n"
+ );
+ }
+ return add_link( $tgt, $link )
+ && switch_marker( $obj, $act, $acton );
+ }
+ else {
+ error("$name $acton not properly enabled: $check\n");
+ return 0;
+ }
+ }
+ else {
+ if ( -e $link || -l $link ) {
+ remove_link($link);
+ if ( $conflink && -e $conflink ) {
+ remove_link($conflink);
+ }
+ switch_marker( $obj, $act, $acton );
+ print "$name $acton disabled.\n";
+ }
+ elsif ( $conflink && -e $conflink ) {
+ print "Disabling stale config file $acton.conf.\n";
+ remove_link($conflink);
+ }
+ else {
+ info("$name $acton already disabled\n");
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ }
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+sub get_deps {
+ my $file = shift;
+ my $type = shift || "Depends";
+
+ my $fd;
+ if ( !open( $fd, '<', $file ) ) {
+ error("Can't open $file: $!");
+ return;
+ }
+ my $line;
+ while ( defined( $line = <$fd> ) ) {
+ chomp $line;
+ if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
+ my $deps = $1;
+ return split( /[\n\s]+/, $deps );
+ }
+
+ # only check until the first non-empty non-comment line
+ last if ( $line !~ /^\s*(?:#.*)?$/ );
+ }
+ return;
+}
+
+sub do_deps {
+ my $acton = shift;
+ foreach my $d (@_) {
+ info("Considering dependency $d for $acton:\n");
+ if ( !doit($d) ) {
+ error("Could not $act dependency $d for $acton, aborting\n");
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub warn_deps {
+ my $acton = shift;
+ my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
+ foreach my $d (@_) {
+ info("Checking dependency $d for $acton:\n");
+ if ( !-e "$modsenabldir/$d.load" ) {
+ warning(
+ "Module $d is not enabled, but $acton depends on it, aborting\n"
+ );
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub check_conflicts {
+ my $acton = shift;
+ my $haderror = 0;
+ foreach my $d (@_) {
+ info("Considering conflict $d for $acton:\n");
+
+ my $tgt = "$availdir/$d$sffx";
+ my $link = "$enabldir/$d$sffx";
+
+ my $confcheck = check_link( $tgt, $link );
+ if ( $confcheck eq 'ok' ) {
+ error(
+ "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
+ );
+
+ # Don't return immediately, there could be several conflicts
+ $haderror++;
+ }
+ }
+
+ if ($haderror) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub add_link {
+ my ( $tgt, $link ) = @_;
+
+ # create relative link
+ if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
+ die("Could not create $link: $!\n");
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub check_link {
+ my ( $tgt, $link ) = @_;
+
+ if ( !-e $link ) {
+ if ( -l $link ) {
+
+ # points to nowhere
+ info("Removing dangling link $link");
+ unlink($link) or die "Could not remove $link\n";
+ }
+ return 'missing';
+ }
+
+ if ( -e $link && !-l $link ) {
+ return "$link is a real file, not touching it";
+ }
+ if ( realpath($link) ne realpath($tgt) ) {
+ return "$link exists but does not point to $tgt, not touching it";
+ }
+ return 'ok';
+}
+
+sub remove_link {
+ my ($link) = @_;
+
+ if ( -l $link ) {
+ unlink($link) or die "Could not remove $link: $!\n";
+ }
+ elsif ( -e $link ) {
+ error("$link is not a symbolic link, not deleting\n");
+ return 0;
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub threaded {
+ my $result = "";
+ $result = qx{/usr/sbin/apachectl -V | grep 'threaded'}
+ if -x '/usr/sbin/apachectl';
+ if ( $? != 0 ) {
+
+ # config doesn't work
+ if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
+ {
+ return 0;
+ }
+ elsif (-e "$enabldir/mpm_worker.load"
+ || -e "$enabldir/mpm_event.load" )
+ {
+ return 1;
+ }
+ else {
+ error("Can't determine enabled MPM");
+
+ # do what user requested
+ return 0;
+ }
+ }
+ if ( $result =~ / no/ ) {
+ return 0;
+ }
+ elsif ( $result =~ / yes/ ) {
+ return 1;
+ }
+ else {
+ die("Can't parse output from apache2ctl -V:\n$result\n");
+ }
+}
+
+sub info {
+ print @_ if !$quiet;
+}
+
+sub error {
+ print STDERR 'ERROR: ', @_;
+}
+
+sub warning {
+ print STDERR 'WARNING: ', @_;
+}
+
+sub is_in {
+ my $needle = shift;
+ foreach my $e (@_) {
+ return 1 if $needle eq $e;
+ }
+ return 0;
+}
+
+sub read_env_file {
+ my $file = shift;
+
+ -r $file or return;
+ my @lines = qx{env - sh -c '. $file && env'};
+ if ($?) {
+ die "Could not read $file\n";
+ }
+
+ foreach my $l (@lines) {
+ chomp $l;
+ $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
+ $ENV{$1} = $2;
+ }
+}
+
+sub switch_marker {
+ die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
+ if @_ != 3;
+ my $which = shift;
+ my $what = shift;
+ my $name = shift;
+
+ my $mode = "admin";
+ $mode = "maint" if $maintmode;
+
+ #print("switch_marker $which $what $name\n");
+ # TODO: get rid of the magic string(s)
+ my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
+ my $state_marker = "$state_marker_dir/$name";
+ if ( !-d $state_marker_dir ) {
+ File::Path::mkpath("$state_marker_dir")
+ || error(
+ "Failed to create marker directory: '$state_marker_dir'\n");
+ }
+
+ # XXX: swap find with perl alternative
+ my @markers = qx{find "$statedir" -type f -a -name "$name"};
+ chomp(@markers);
+ foreach (@markers) {
+ unless ( unlink $_ ) {
+ error("Failed to remove old marker '$_'!\n") && return 0;
+ }
+ }
+ unless ($purge) {
+ qx{touch "$state_marker"};
+ if ( $? != 0 ) {
+ error("Failed to create marker '$state_marker'!\n") && return 0;
+ }
+ return 1;
+ }
+}
+
+# vim: syntax=perl sw=4 sts=4 sr et
- change mode from '' to '0700'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* link[/usr/sbin/a2dismod] action delete (skipped due to only_if)
* template[/usr/sbin/a2dismod] action create
- create new file /usr/sbin/a2dismod
- update content in file /usr/sbin/a2dismod from none to 0556b3
--- /usr/sbin/a2dismod 2017-01-26 20:49:47.797370383 +0000
+++ /usr/sbin/.chef-a2dismod20170126-11192-swx2ze 2017-01-26 20:49:47.797370383 +0000
@@ -1 +1,533 @@
+#!/usr/bin/perl -w
+#
+# a2enmod by Stefan Fritsch <sf@debian.org>
+# Licensed under Apache License 2.0
+#
+# The coding style is "perltidy -pbp"
+
+use strict;
+use Cwd 'realpath';
+use File::Spec;
+use File::Basename;
+use File::Path;
+use Getopt::Long;
+
+my $quiet;
+my $force;
+my $maintmode;
+my $purge;
+
+Getopt::Long::Configure('bundling');
+GetOptions(
+ 'quiet|q' => \$quiet,
+ 'force|f' => \$force,
+ 'maintmode|m' => \$maintmode,
+ 'purge|p' => \$purge
+) or exit 2;
+
+my $basename = basename($0);
+$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
+ or die "$basename call name unknown\n";
+my $act = $1;
+my $obj = $2;
+my $dir_suffix = $3;
+
+my $env_file = $ENV{APACHE_ENVVARS}
+ || (
+ $ENV{APACHE_CONFDIR}
+ ? "$ENV{APACHE_CONFDIR}/envvars"
+ : "/etc/httpd$dir_suffix/envvars"
+ );
+$ENV{LANG} = 'C';
+read_env_file($env_file);
+
+$act .= 'able';
+my ( $name, $dir, $sffx, $reload );
+if ( $obj eq 'mod' ) {
+ $obj = 'module';
+ $dir = 'mods';
+ $sffx = '.load';
+ $reload = 'restart';
+}
+elsif ( $obj eq 'conf' ) {
+ $obj = 'conf';
+ $dir = 'conf';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+else {
+ $dir = 'sites';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+$name = ucfirst($obj);
+
+my $confdir = $ENV{APACHE_CONFDIR} || "/etc/httpd$dir_suffix";
+my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
+ || "$confdir/$dir-available";
+my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib64/httpd";
+
+$statedir .= "/$obj";
+
+my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
+my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
+
+my $request_reload = 0;
+
+my $rc = 0;
+
+if ( !scalar @ARGV ) {
+ my @choices = myglob('*');
+ print "Your choices are: @choices\n";
+ print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
+ my $input = <>;
+ @ARGV = split /\s+/, $input;
+
+}
+
+my @objs;
+foreach my $arg (@ARGV) {
+ $arg =~ s/${sffx}$//;
+ my @glob = myglob($arg);
+ if ( !@glob ) {
+ error("No $obj found matching $arg!\n");
+ $rc = 1;
+ }
+ else {
+ push @objs, @glob;
+ }
+}
+
+foreach my $acton (@objs) {
+ doit($acton) or $rc = 1;
+}
+
+info(
+ "To activate the new configuration, you need to run:\n service apache2 $reload\n"
+) if $request_reload;
+
+exit($rc);
+
+##############################################################################
+
+sub myglob {
+ my $arg = shift;
+
+ my @glob = map {
+ s{^$choicedir/}{};
+ s{$sffx$}{};
+ $_
+ } glob("$choicedir/$arg$sffx");
+
+ return @glob;
+}
+
+sub doit {
+ my $acton = shift;
+
+ my ( $conftgt, $conflink );
+ if ( $obj eq 'module' ) {
+ if ( $acton eq 'cgi' && threaded() ) {
+ print
+ "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
+ $acton = 'cgid';
+ }
+
+ $conftgt = "$availdir/$acton.conf";
+ if ( -e $conftgt ) {
+ $conflink = "$enabldir/$acton.conf";
+ }
+ }
+
+ my $tgt = "$availdir/$acton$sffx";
+ my $link = "$enabldir/$acton$sffx";
+
+ if ( !-e $tgt ) {
+ if ( -l $link && !-e $link ) {
+ if ( $act eq 'disable' ) {
+ info("removing dangling symlink $link\n");
+ unlink($link);
+
+ # force a .conf path. It may exist as dangling link, too
+ $conflink = "$enabldir/$acton.conf";
+
+ if ( -l $conflink && !-e $conflink ) {
+ info("removing dangling symlink $conflink\n");
+ unlink($conflink);
+ }
+
+ return 1;
+ }
+ else {
+ error("$link is a dangling symlink!\n");
+ }
+ }
+
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ # exit silently, we are purging anyway
+ return 1;
+ }
+
+ error("$name $acton does not exist!\n");
+ return 0;
+ }
+
+ # handle module dependencies
+ if ( $obj eq 'module' ) {
+ if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
+ my @depends = get_deps("$availdir/$acton.load");
+ do_deps( $acton, @depends ) or return 0;
+
+ my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
+ check_conflicts( $acton, @conflicts ) or return 0;
+ }
+ else {
+ my @depending;
+ foreach my $d ( glob("$enabldir/*.load") ) {
+ my @deps = get_deps($d);
+ if ( is_in( $acton, @deps ) ) {
+ $d =~ m,/([^/]+).load$,;
+ push @depending, $1;
+ }
+ }
+ if ( scalar @depending ) {
+ if ($force) {
+ do_deps( $acton, @depending ) or return 0;
+ }
+ else {
+ error(
+ "The following modules depend on $acton ",
+ "and need to be disabled first: @depending\n"
+ );
+ return 0;
+ }
+ }
+ }
+ }
+ elsif ( $act eq 'enable' ) {
+ my @depends = get_deps("$availdir/$acton$sffx");
+ warn_deps( $acton, @depends ) or return 0;
+ }
+
+ if ( $act eq 'enable' ) {
+ my $check = check_link( $tgt, $link );
+ if ( $check eq 'ok' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'ok' ) {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ elsif ( $confcheck eq 'missing' ) {
+ print "Enabling config file $acton.conf.\n";
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ else {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+ else {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ }
+ elsif ( $check eq 'missing' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'missing' ) {
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ elsif ( $confcheck ne 'ok' ) {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+
+ print "Enabling $obj $acton.\n";
+ if ( $acton eq 'ssl' ) {
+ info( "See /usr/share/doc/apache2/README.Debian.gz on "
+ . "how to configure SSL and create self-signed certificates.\n"
+ );
+ }
+ return add_link( $tgt, $link )
+ && switch_marker( $obj, $act, $acton );
+ }
+ else {
+ error("$name $acton not properly enabled: $check\n");
+ return 0;
+ }
+ }
+ else {
+ if ( -e $link || -l $link ) {
+ remove_link($link);
+ if ( $conflink && -e $conflink ) {
+ remove_link($conflink);
+ }
+ switch_marker( $obj, $act, $acton );
+ print "$name $acton disabled.\n";
+ }
+ elsif ( $conflink && -e $conflink ) {
+ print "Disabling stale config file $acton.conf.\n";
+ remove_link($conflink);
+ }
+ else {
+ info("$name $acton already disabled\n");
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ }
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+sub get_deps {
+ my $file = shift;
+ my $type = shift || "Depends";
+
+ my $fd;
+ if ( !open( $fd, '<', $file ) ) {
+ error("Can't open $file: $!");
+ return;
+ }
+ my $line;
+ while ( defined( $line = <$fd> ) ) {
+ chomp $line;
+ if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
+ my $deps = $1;
+ return split( /[\n\s]+/, $deps );
+ }
+
+ # only check until the first non-empty non-comment line
+ last if ( $line !~ /^\s*(?:#.*)?$/ );
+ }
+ return;
+}
+
+sub do_deps {
+ my $acton = shift;
+ foreach my $d (@_) {
+ info("Considering dependency $d for $acton:\n");
+ if ( !doit($d) ) {
+ error("Could not $act dependency $d for $acton, aborting\n");
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub warn_deps {
+ my $acton = shift;
+ my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
+ foreach my $d (@_) {
+ info("Checking dependency $d for $acton:\n");
+ if ( !-e "$modsenabldir/$d.load" ) {
+ warning(
+ "Module $d is not enabled, but $acton depends on it, aborting\n"
+ );
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub check_conflicts {
+ my $acton = shift;
+ my $haderror = 0;
+ foreach my $d (@_) {
+ info("Considering conflict $d for $acton:\n");
+
+ my $tgt = "$availdir/$d$sffx";
+ my $link = "$enabldir/$d$sffx";
+
+ my $confcheck = check_link( $tgt, $link );
+ if ( $confcheck eq 'ok' ) {
+ error(
+ "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
+ );
+
+ # Don't return immediately, there could be several conflicts
+ $haderror++;
+ }
+ }
+
+ if ($haderror) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub add_link {
+ my ( $tgt, $link ) = @_;
+
+ # create relative link
+ if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
+ die("Could not create $link: $!\n");
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub check_link {
+ my ( $tgt, $link ) = @_;
+
+ if ( !-e $link ) {
+ if ( -l $link ) {
+
+ # points to nowhere
+ info("Removing dangling link $link");
+ unlink($link) or die "Could not remove $link\n";
+ }
+ return 'missing';
+ }
+
+ if ( -e $link && !-l $link ) {
+ return "$link is a real file, not touching it";
+ }
+ if ( realpath($link) ne realpath($tgt) ) {
+ return "$link exists but does not point to $tgt, not touching it";
+ }
+ return 'ok';
+}
+
+sub remove_link {
+ my ($link) = @_;
+
+ if ( -l $link ) {
+ unlink($link) or die "Could not remove $link: $!\n";
+ }
+ elsif ( -e $link ) {
+ error("$link is not a symbolic link, not deleting\n");
+ return 0;
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub threaded {
+ my $result = "";
+ $result = qx{/usr/sbin/apachectl -V | grep 'threaded'}
+ if -x '/usr/sbin/apachectl';
+ if ( $? != 0 ) {
+
+ # config doesn't work
+ if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
+ {
+ return 0;
+ }
+ elsif (-e "$enabldir/mpm_worker.load"
+ || -e "$enabldir/mpm_event.load" )
+ {
+ return 1;
+ }
+ else {
+ error("Can't determine enabled MPM");
+
+ # do what user requested
+ return 0;
+ }
+ }
+ if ( $result =~ / no/ ) {
+ return 0;
+ }
+ elsif ( $result =~ / yes/ ) {
+ return 1;
+ }
+ else {
+ die("Can't parse output from apache2ctl -V:\n$result\n");
+ }
+}
+
+sub info {
+ print @_ if !$quiet;
+}
+
+sub error {
+ print STDERR 'ERROR: ', @_;
+}
+
+sub warning {
+ print STDERR 'WARNING: ', @_;
+}
+
+sub is_in {
+ my $needle = shift;
+ foreach my $e (@_) {
+ return 1 if $needle eq $e;
+ }
+ return 0;
+}
+
+sub read_env_file {
+ my $file = shift;
+
+ -r $file or return;
+ my @lines = qx{env - sh -c '. $file && env'};
+ if ($?) {
+ die "Could not read $file\n";
+ }
+
+ foreach my $l (@lines) {
+ chomp $l;
+ $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
+ $ENV{$1} = $2;
+ }
+}
+
+sub switch_marker {
+ die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
+ if @_ != 3;
+ my $which = shift;
+ my $what = shift;
+ my $name = shift;
+
+ my $mode = "admin";
+ $mode = "maint" if $maintmode;
+
+ #print("switch_marker $which $what $name\n");
+ # TODO: get rid of the magic string(s)
+ my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
+ my $state_marker = "$state_marker_dir/$name";
+ if ( !-d $state_marker_dir ) {
+ File::Path::mkpath("$state_marker_dir")
+ || error(
+ "Failed to create marker directory: '$state_marker_dir'\n");
+ }
+
+ # XXX: swap find with perl alternative
+ my @markers = qx{find "$statedir" -type f -a -name "$name"};
+ chomp(@markers);
+ foreach (@markers) {
+ unless ( unlink $_ ) {
+ error("Failed to remove old marker '$_'!\n") && return 0;
+ }
+ }
+ unless ($purge) {
+ qx{touch "$state_marker"};
+ if ( $? != 0 ) {
+ error("Failed to create marker '$state_marker'!\n") && return 0;
+ }
+ return 1;
+ }
+}
+
+# vim: syntax=perl sw=4 sts=4 sr et
- change mode from '' to '0700'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* link[/usr/sbin/a2enconf] action delete (skipped due to only_if)
* template[/usr/sbin/a2enconf] action create
- create new file /usr/sbin/a2enconf
- update content in file /usr/sbin/a2enconf from none to 0556b3
--- /usr/sbin/a2enconf 2017-01-26 20:49:47.922432879 +0000
+++ /usr/sbin/.chef-a2enconf20170126-11192-rrx00k 2017-01-26 20:49:47.922432879 +0000
@@ -1 +1,533 @@
+#!/usr/bin/perl -w
+#
+# a2enmod by Stefan Fritsch <sf@debian.org>
+# Licensed under Apache License 2.0
+#
+# The coding style is "perltidy -pbp"
+
+use strict;
+use Cwd 'realpath';
+use File::Spec;
+use File::Basename;
+use File::Path;
+use Getopt::Long;
+
+my $quiet;
+my $force;
+my $maintmode;
+my $purge;
+
+Getopt::Long::Configure('bundling');
+GetOptions(
+ 'quiet|q' => \$quiet,
+ 'force|f' => \$force,
+ 'maintmode|m' => \$maintmode,
+ 'purge|p' => \$purge
+) or exit 2;
+
+my $basename = basename($0);
+$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
+ or die "$basename call name unknown\n";
+my $act = $1;
+my $obj = $2;
+my $dir_suffix = $3;
+
+my $env_file = $ENV{APACHE_ENVVARS}
+ || (
+ $ENV{APACHE_CONFDIR}
+ ? "$ENV{APACHE_CONFDIR}/envvars"
+ : "/etc/httpd$dir_suffix/envvars"
+ );
+$ENV{LANG} = 'C';
+read_env_file($env_file);
+
+$act .= 'able';
+my ( $name, $dir, $sffx, $reload );
+if ( $obj eq 'mod' ) {
+ $obj = 'module';
+ $dir = 'mods';
+ $sffx = '.load';
+ $reload = 'restart';
+}
+elsif ( $obj eq 'conf' ) {
+ $obj = 'conf';
+ $dir = 'conf';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+else {
+ $dir = 'sites';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+$name = ucfirst($obj);
+
+my $confdir = $ENV{APACHE_CONFDIR} || "/etc/httpd$dir_suffix";
+my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
+ || "$confdir/$dir-available";
+my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib64/httpd";
+
+$statedir .= "/$obj";
+
+my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
+my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
+
+my $request_reload = 0;
+
+my $rc = 0;
+
+if ( !scalar @ARGV ) {
+ my @choices = myglob('*');
+ print "Your choices are: @choices\n";
+ print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
+ my $input = <>;
+ @ARGV = split /\s+/, $input;
+
+}
+
+my @objs;
+foreach my $arg (@ARGV) {
+ $arg =~ s/${sffx}$//;
+ my @glob = myglob($arg);
+ if ( !@glob ) {
+ error("No $obj found matching $arg!\n");
+ $rc = 1;
+ }
+ else {
+ push @objs, @glob;
+ }
+}
+
+foreach my $acton (@objs) {
+ doit($acton) or $rc = 1;
+}
+
+info(
+ "To activate the new configuration, you need to run:\n service apache2 $reload\n"
+) if $request_reload;
+
+exit($rc);
+
+##############################################################################
+
+sub myglob {
+ my $arg = shift;
+
+ my @glob = map {
+ s{^$choicedir/}{};
+ s{$sffx$}{};
+ $_
+ } glob("$choicedir/$arg$sffx");
+
+ return @glob;
+}
+
+sub doit {
+ my $acton = shift;
+
+ my ( $conftgt, $conflink );
+ if ( $obj eq 'module' ) {
+ if ( $acton eq 'cgi' && threaded() ) {
+ print
+ "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
+ $acton = 'cgid';
+ }
+
+ $conftgt = "$availdir/$acton.conf";
+ if ( -e $conftgt ) {
+ $conflink = "$enabldir/$acton.conf";
+ }
+ }
+
+ my $tgt = "$availdir/$acton$sffx";
+ my $link = "$enabldir/$acton$sffx";
+
+ if ( !-e $tgt ) {
+ if ( -l $link && !-e $link ) {
+ if ( $act eq 'disable' ) {
+ info("removing dangling symlink $link\n");
+ unlink($link);
+
+ # force a .conf path. It may exist as dangling link, too
+ $conflink = "$enabldir/$acton.conf";
+
+ if ( -l $conflink && !-e $conflink ) {
+ info("removing dangling symlink $conflink\n");
+ unlink($conflink);
+ }
+
+ return 1;
+ }
+ else {
+ error("$link is a dangling symlink!\n");
+ }
+ }
+
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ # exit silently, we are purging anyway
+ return 1;
+ }
+
+ error("$name $acton does not exist!\n");
+ return 0;
+ }
+
+ # handle module dependencies
+ if ( $obj eq 'module' ) {
+ if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
+ my @depends = get_deps("$availdir/$acton.load");
+ do_deps( $acton, @depends ) or return 0;
+
+ my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
+ check_conflicts( $acton, @conflicts ) or return 0;
+ }
+ else {
+ my @depending;
+ foreach my $d ( glob("$enabldir/*.load") ) {
+ my @deps = get_deps($d);
+ if ( is_in( $acton, @deps ) ) {
+ $d =~ m,/([^/]+).load$,;
+ push @depending, $1;
+ }
+ }
+ if ( scalar @depending ) {
+ if ($force) {
+ do_deps( $acton, @depending ) or return 0;
+ }
+ else {
+ error(
+ "The following modules depend on $acton ",
+ "and need to be disabled first: @depending\n"
+ );
+ return 0;
+ }
+ }
+ }
+ }
+ elsif ( $act eq 'enable' ) {
+ my @depends = get_deps("$availdir/$acton$sffx");
+ warn_deps( $acton, @depends ) or return 0;
+ }
+
+ if ( $act eq 'enable' ) {
+ my $check = check_link( $tgt, $link );
+ if ( $check eq 'ok' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'ok' ) {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ elsif ( $confcheck eq 'missing' ) {
+ print "Enabling config file $acton.conf.\n";
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ else {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+ else {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ }
+ elsif ( $check eq 'missing' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'missing' ) {
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ elsif ( $confcheck ne 'ok' ) {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+
+ print "Enabling $obj $acton.\n";
+ if ( $acton eq 'ssl' ) {
+ info( "See /usr/share/doc/apache2/README.Debian.gz on "
+ . "how to configure SSL and create self-signed certificates.\n"
+ );
+ }
+ return add_link( $tgt, $link )
+ && switch_marker( $obj, $act, $acton );
+ }
+ else {
+ error("$name $acton not properly enabled: $check\n");
+ return 0;
+ }
+ }
+ else {
+ if ( -e $link || -l $link ) {
+ remove_link($link);
+ if ( $conflink && -e $conflink ) {
+ remove_link($conflink);
+ }
+ switch_marker( $obj, $act, $acton );
+ print "$name $acton disabled.\n";
+ }
+ elsif ( $conflink && -e $conflink ) {
+ print "Disabling stale config file $acton.conf.\n";
+ remove_link($conflink);
+ }
+ else {
+ info("$name $acton already disabled\n");
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ }
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+sub get_deps {
+ my $file = shift;
+ my $type = shift || "Depends";
+
+ my $fd;
+ if ( !open( $fd, '<', $file ) ) {
+ error("Can't open $file: $!");
+ return;
+ }
+ my $line;
+ while ( defined( $line = <$fd> ) ) {
+ chomp $line;
+ if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
+ my $deps = $1;
+ return split( /[\n\s]+/, $deps );
+ }
+
+ # only check until the first non-empty non-comment line
+ last if ( $line !~ /^\s*(?:#.*)?$/ );
+ }
+ return;
+}
+
+sub do_deps {
+ my $acton = shift;
+ foreach my $d (@_) {
+ info("Considering dependency $d for $acton:\n");
+ if ( !doit($d) ) {
+ error("Could not $act dependency $d for $acton, aborting\n");
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub warn_deps {
+ my $acton = shift;
+ my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
+ foreach my $d (@_) {
+ info("Checking dependency $d for $acton:\n");
+ if ( !-e "$modsenabldir/$d.load" ) {
+ warning(
+ "Module $d is not enabled, but $acton depends on it, aborting\n"
+ );
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub check_conflicts {
+ my $acton = shift;
+ my $haderror = 0;
+ foreach my $d (@_) {
+ info("Considering conflict $d for $acton:\n");
+
+ my $tgt = "$availdir/$d$sffx";
+ my $link = "$enabldir/$d$sffx";
+
+ my $confcheck = check_link( $tgt, $link );
+ if ( $confcheck eq 'ok' ) {
+ error(
+ "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
+ );
+
+ # Don't return immediately, there could be several conflicts
+ $haderror++;
+ }
+ }
+
+ if ($haderror) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub add_link {
+ my ( $tgt, $link ) = @_;
+
+ # create relative link
+ if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
+ die("Could not create $link: $!\n");
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub check_link {
+ my ( $tgt, $link ) = @_;
+
+ if ( !-e $link ) {
+ if ( -l $link ) {
+
+ # points to nowhere
+ info("Removing dangling link $link");
+ unlink($link) or die "Could not remove $link\n";
+ }
+ return 'missing';
+ }
+
+ if ( -e $link && !-l $link ) {
+ return "$link is a real file, not touching it";
+ }
+ if ( realpath($link) ne realpath($tgt) ) {
+ return "$link exists but does not point to $tgt, not touching it";
+ }
+ return 'ok';
+}
+
+sub remove_link {
+ my ($link) = @_;
+
+ if ( -l $link ) {
+ unlink($link) or die "Could not remove $link: $!\n";
+ }
+ elsif ( -e $link ) {
+ error("$link is not a symbolic link, not deleting\n");
+ return 0;
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub threaded {
+ my $result = "";
+ $result = qx{/usr/sbin/apachectl -V | grep 'threaded'}
+ if -x '/usr/sbin/apachectl';
+ if ( $? != 0 ) {
+
+ # config doesn't work
+ if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
+ {
+ return 0;
+ }
+ elsif (-e "$enabldir/mpm_worker.load"
+ || -e "$enabldir/mpm_event.load" )
+ {
+ return 1;
+ }
+ else {
+ error("Can't determine enabled MPM");
+
+ # do what user requested
+ return 0;
+ }
+ }
+ if ( $result =~ / no/ ) {
+ return 0;
+ }
+ elsif ( $result =~ / yes/ ) {
+ return 1;
+ }
+ else {
+ die("Can't parse output from apache2ctl -V:\n$result\n");
+ }
+}
+
+sub info {
+ print @_ if !$quiet;
+}
+
+sub error {
+ print STDERR 'ERROR: ', @_;
+}
+
+sub warning {
+ print STDERR 'WARNING: ', @_;
+}
+
+sub is_in {
+ my $needle = shift;
+ foreach my $e (@_) {
+ return 1 if $needle eq $e;
+ }
+ return 0;
+}
+
+sub read_env_file {
+ my $file = shift;
+
+ -r $file or return;
+ my @lines = qx{env - sh -c '. $file && env'};
+ if ($?) {
+ die "Could not read $file\n";
+ }
+
+ foreach my $l (@lines) {
+ chomp $l;
+ $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
+ $ENV{$1} = $2;
+ }
+}
+
+sub switch_marker {
+ die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
+ if @_ != 3;
+ my $which = shift;
+ my $what = shift;
+ my $name = shift;
+
+ my $mode = "admin";
+ $mode = "maint" if $maintmode;
+
+ #print("switch_marker $which $what $name\n");
+ # TODO: get rid of the magic string(s)
+ my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
+ my $state_marker = "$state_marker_dir/$name";
+ if ( !-d $state_marker_dir ) {
+ File::Path::mkpath("$state_marker_dir")
+ || error(
+ "Failed to create marker directory: '$state_marker_dir'\n");
+ }
+
+ # XXX: swap find with perl alternative
+ my @markers = qx{find "$statedir" -type f -a -name "$name"};
+ chomp(@markers);
+ foreach (@markers) {
+ unless ( unlink $_ ) {
+ error("Failed to remove old marker '$_'!\n") && return 0;
+ }
+ }
+ unless ($purge) {
+ qx{touch "$state_marker"};
+ if ( $? != 0 ) {
+ error("Failed to create marker '$state_marker'!\n") && return 0;
+ }
+ return 1;
+ }
+}
+
+# vim: syntax=perl sw=4 sts=4 sr et
- change mode from '' to '0700'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* link[/usr/sbin/a2disconf] action delete (skipped due to only_if)
* template[/usr/sbin/a2disconf] action create
- create new file /usr/sbin/a2disconf
- update content in file /usr/sbin/a2disconf from none to 0556b3
--- /usr/sbin/a2disconf 2017-01-26 20:49:48.042492874 +0000
+++ /usr/sbin/.chef-a2disconf20170126-11192-1l8ggqf 2017-01-26 20:49:48.042492874 +0000
@@ -1 +1,533 @@
+#!/usr/bin/perl -w
+#
+# a2enmod by Stefan Fritsch <sf@debian.org>
+# Licensed under Apache License 2.0
+#
+# The coding style is "perltidy -pbp"
+
+use strict;
+use Cwd 'realpath';
+use File::Spec;
+use File::Basename;
+use File::Path;
+use Getopt::Long;
+
+my $quiet;
+my $force;
+my $maintmode;
+my $purge;
+
+Getopt::Long::Configure('bundling');
+GetOptions(
+ 'quiet|q' => \$quiet,
+ 'force|f' => \$force,
+ 'maintmode|m' => \$maintmode,
+ 'purge|p' => \$purge
+) or exit 2;
+
+my $basename = basename($0);
+$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
+ or die "$basename call name unknown\n";
+my $act = $1;
+my $obj = $2;
+my $dir_suffix = $3;
+
+my $env_file = $ENV{APACHE_ENVVARS}
+ || (
+ $ENV{APACHE_CONFDIR}
+ ? "$ENV{APACHE_CONFDIR}/envvars"
+ : "/etc/httpd$dir_suffix/envvars"
+ );
+$ENV{LANG} = 'C';
+read_env_file($env_file);
+
+$act .= 'able';
+my ( $name, $dir, $sffx, $reload );
+if ( $obj eq 'mod' ) {
+ $obj = 'module';
+ $dir = 'mods';
+ $sffx = '.load';
+ $reload = 'restart';
+}
+elsif ( $obj eq 'conf' ) {
+ $obj = 'conf';
+ $dir = 'conf';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+else {
+ $dir = 'sites';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+$name = ucfirst($obj);
+
+my $confdir = $ENV{APACHE_CONFDIR} || "/etc/httpd$dir_suffix";
+my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
+ || "$confdir/$dir-available";
+my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib64/httpd";
+
+$statedir .= "/$obj";
+
+my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
+my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
+
+my $request_reload = 0;
+
+my $rc = 0;
+
+if ( !scalar @ARGV ) {
+ my @choices = myglob('*');
+ print "Your choices are: @choices\n";
+ print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
+ my $input = <>;
+ @ARGV = split /\s+/, $input;
+
+}
+
+my @objs;
+foreach my $arg (@ARGV) {
+ $arg =~ s/${sffx}$//;
+ my @glob = myglob($arg);
+ if ( !@glob ) {
+ error("No $obj found matching $arg!\n");
+ $rc = 1;
+ }
+ else {
+ push @objs, @glob;
+ }
+}
+
+foreach my $acton (@objs) {
+ doit($acton) or $rc = 1;
+}
+
+info(
+ "To activate the new configuration, you need to run:\n service apache2 $reload\n"
+) if $request_reload;
+
+exit($rc);
+
+##############################################################################
+
+sub myglob {
+ my $arg = shift;
+
+ my @glob = map {
+ s{^$choicedir/}{};
+ s{$sffx$}{};
+ $_
+ } glob("$choicedir/$arg$sffx");
+
+ return @glob;
+}
+
+sub doit {
+ my $acton = shift;
+
+ my ( $conftgt, $conflink );
+ if ( $obj eq 'module' ) {
+ if ( $acton eq 'cgi' && threaded() ) {
+ print
+ "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
+ $acton = 'cgid';
+ }
+
+ $conftgt = "$availdir/$acton.conf";
+ if ( -e $conftgt ) {
+ $conflink = "$enabldir/$acton.conf";
+ }
+ }
+
+ my $tgt = "$availdir/$acton$sffx";
+ my $link = "$enabldir/$acton$sffx";
+
+ if ( !-e $tgt ) {
+ if ( -l $link && !-e $link ) {
+ if ( $act eq 'disable' ) {
+ info("removing dangling symlink $link\n");
+ unlink($link);
+
+ # force a .conf path. It may exist as dangling link, too
+ $conflink = "$enabldir/$acton.conf";
+
+ if ( -l $conflink && !-e $conflink ) {
+ info("removing dangling symlink $conflink\n");
+ unlink($conflink);
+ }
+
+ return 1;
+ }
+ else {
+ error("$link is a dangling symlink!\n");
+ }
+ }
+
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ # exit silently, we are purging anyway
+ return 1;
+ }
+
+ error("$name $acton does not exist!\n");
+ return 0;
+ }
+
+ # handle module dependencies
+ if ( $obj eq 'module' ) {
+ if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
+ my @depends = get_deps("$availdir/$acton.load");
+ do_deps( $acton, @depends ) or return 0;
+
+ my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
+ check_conflicts( $acton, @conflicts ) or return 0;
+ }
+ else {
+ my @depending;
+ foreach my $d ( glob("$enabldir/*.load") ) {
+ my @deps = get_deps($d);
+ if ( is_in( $acton, @deps ) ) {
+ $d =~ m,/([^/]+).load$,;
+ push @depending, $1;
+ }
+ }
+ if ( scalar @depending ) {
+ if ($force) {
+ do_deps( $acton, @depending ) or return 0;
+ }
+ else {
+ error(
+ "The following modules depend on $acton ",
+ "and need to be disabled first: @depending\n"
+ );
+ return 0;
+ }
+ }
+ }
+ }
+ elsif ( $act eq 'enable' ) {
+ my @depends = get_deps("$availdir/$acton$sffx");
+ warn_deps( $acton, @depends ) or return 0;
+ }
+
+ if ( $act eq 'enable' ) {
+ my $check = check_link( $tgt, $link );
+ if ( $check eq 'ok' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'ok' ) {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ elsif ( $confcheck eq 'missing' ) {
+ print "Enabling config file $acton.conf.\n";
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ else {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+ else {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ }
+ elsif ( $check eq 'missing' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'missing' ) {
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ elsif ( $confcheck ne 'ok' ) {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+
+ print "Enabling $obj $acton.\n";
+ if ( $acton eq 'ssl' ) {
+ info( "See /usr/share/doc/apache2/README.Debian.gz on "
+ . "how to configure SSL and create self-signed certificates.\n"
+ );
+ }
+ return add_link( $tgt, $link )
+ && switch_marker( $obj, $act, $acton );
+ }
+ else {
+ error("$name $acton not properly enabled: $check\n");
+ return 0;
+ }
+ }
+ else {
+ if ( -e $link || -l $link ) {
+ remove_link($link);
+ if ( $conflink && -e $conflink ) {
+ remove_link($conflink);
+ }
+ switch_marker( $obj, $act, $acton );
+ print "$name $acton disabled.\n";
+ }
+ elsif ( $conflink && -e $conflink ) {
+ print "Disabling stale config file $acton.conf.\n";
+ remove_link($conflink);
+ }
+ else {
+ info("$name $acton already disabled\n");
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ }
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+sub get_deps {
+ my $file = shift;
+ my $type = shift || "Depends";
+
+ my $fd;
+ if ( !open( $fd, '<', $file ) ) {
+ error("Can't open $file: $!");
+ return;
+ }
+ my $line;
+ while ( defined( $line = <$fd> ) ) {
+ chomp $line;
+ if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
+ my $deps = $1;
+ return split( /[\n\s]+/, $deps );
+ }
+
+ # only check until the first non-empty non-comment line
+ last if ( $line !~ /^\s*(?:#.*)?$/ );
+ }
+ return;
+}
+
+sub do_deps {
+ my $acton = shift;
+ foreach my $d (@_) {
+ info("Considering dependency $d for $acton:\n");
+ if ( !doit($d) ) {
+ error("Could not $act dependency $d for $acton, aborting\n");
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub warn_deps {
+ my $acton = shift;
+ my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
+ foreach my $d (@_) {
+ info("Checking dependency $d for $acton:\n");
+ if ( !-e "$modsenabldir/$d.load" ) {
+ warning(
+ "Module $d is not enabled, but $acton depends on it, aborting\n"
+ );
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub check_conflicts {
+ my $acton = shift;
+ my $haderror = 0;
+ foreach my $d (@_) {
+ info("Considering conflict $d for $acton:\n");
+
+ my $tgt = "$availdir/$d$sffx";
+ my $link = "$enabldir/$d$sffx";
+
+ my $confcheck = check_link( $tgt, $link );
+ if ( $confcheck eq 'ok' ) {
+ error(
+ "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
+ );
+
+ # Don't return immediately, there could be several conflicts
+ $haderror++;
+ }
+ }
+
+ if ($haderror) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub add_link {
+ my ( $tgt, $link ) = @_;
+
+ # create relative link
+ if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
+ die("Could not create $link: $!\n");
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub check_link {
+ my ( $tgt, $link ) = @_;
+
+ if ( !-e $link ) {
+ if ( -l $link ) {
+
+ # points to nowhere
+ info("Removing dangling link $link");
+ unlink($link) or die "Could not remove $link\n";
+ }
+ return 'missing';
+ }
+
+ if ( -e $link && !-l $link ) {
+ return "$link is a real file, not touching it";
+ }
+ if ( realpath($link) ne realpath($tgt) ) {
+ return "$link exists but does not point to $tgt, not touching it";
+ }
+ return 'ok';
+}
+
+sub remove_link {
+ my ($link) = @_;
+
+ if ( -l $link ) {
+ unlink($link) or die "Could not remove $link: $!\n";
+ }
+ elsif ( -e $link ) {
+ error("$link is not a symbolic link, not deleting\n");
+ return 0;
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub threaded {
+ my $result = "";
+ $result = qx{/usr/sbin/apachectl -V | grep 'threaded'}
+ if -x '/usr/sbin/apachectl';
+ if ( $? != 0 ) {
+
+ # config doesn't work
+ if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
+ {
+ return 0;
+ }
+ elsif (-e "$enabldir/mpm_worker.load"
+ || -e "$enabldir/mpm_event.load" )
+ {
+ return 1;
+ }
+ else {
+ error("Can't determine enabled MPM");
+
+ # do what user requested
+ return 0;
+ }
+ }
+ if ( $result =~ / no/ ) {
+ return 0;
+ }
+ elsif ( $result =~ / yes/ ) {
+ return 1;
+ }
+ else {
+ die("Can't parse output from apache2ctl -V:\n$result\n");
+ }
+}
+
+sub info {
+ print @_ if !$quiet;
+}
+
+sub error {
+ print STDERR 'ERROR: ', @_;
+}
+
+sub warning {
+ print STDERR 'WARNING: ', @_;
+}
+
+sub is_in {
+ my $needle = shift;
+ foreach my $e (@_) {
+ return 1 if $needle eq $e;
+ }
+ return 0;
+}
+
+sub read_env_file {
+ my $file = shift;
+
+ -r $file or return;
+ my @lines = qx{env - sh -c '. $file && env'};
+ if ($?) {
+ die "Could not read $file\n";
+ }
+
+ foreach my $l (@lines) {
+ chomp $l;
+ $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
+ $ENV{$1} = $2;
+ }
+}
+
+sub switch_marker {
+ die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
+ if @_ != 3;
+ my $which = shift;
+ my $what = shift;
+ my $name = shift;
+
+ my $mode = "admin";
+ $mode = "maint" if $maintmode;
+
+ #print("switch_marker $which $what $name\n");
+ # TODO: get rid of the magic string(s)
+ my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
+ my $state_marker = "$state_marker_dir/$name";
+ if ( !-d $state_marker_dir ) {
+ File::Path::mkpath("$state_marker_dir")
+ || error(
+ "Failed to create marker directory: '$state_marker_dir'\n");
+ }
+
+ # XXX: swap find with perl alternative
+ my @markers = qx{find "$statedir" -type f -a -name "$name"};
+ chomp(@markers);
+ foreach (@markers) {
+ unless ( unlink $_ ) {
+ error("Failed to remove old marker '$_'!\n") && return 0;
+ }
+ }
+ unless ($purge) {
+ qx{touch "$state_marker"};
+ if ( $? != 0 ) {
+ error("Failed to create marker '$state_marker'!\n") && return 0;
+ }
+ return 1;
+ }
+}
+
+# vim: syntax=perl sw=4 sts=4 sr et
- change mode from '' to '0700'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* cookbook_file[/usr/local/bin/apache2_module_conf_generate.pl] action create
- create new file /usr/local/bin/apache2_module_conf_generate.pl
- update content in file /usr/local/bin/apache2_module_conf_generate.pl from none to eaf6aa
--- /usr/local/bin/apache2_module_conf_generate.pl 2017-01-26 20:49:48.128535871 +0000
+++ /usr/local/bin/.chef-apache2_module_conf_generate20170126-11192-jdukxm.pl 2017-01-26 20:49:48.128535871 +0000
@@ -1 +1,42 @@
+#!/usr/bin/perl
+
+=begin
+
+Generates Ubuntu style module.load files.
+
+./apache2_module_conf_generate.pl /usr/lib64/httpd/modules /etc/httpd/mods-available
+
+ARGV[0] is the apache modules directory, ARGV[1] is where you want 'em.
+
+=cut
+
+use File::Find;
+
+use strict;
+use warnings;
+
+die "Must have '/path/to/modules' and '/path/to/modules.load'"
+ unless $ARGV[0] && $ARGV[1];
+
+find(
+ {
+ wanted => sub {
+ return 1 if $File::Find::name !~ /\.so$/;
+ my $modfile = $_;
+ $modfile =~ /(lib|mod_)(.+)\.so$/;
+ my $modname = $2;
+ my $filename = "$ARGV[1]/$modname.load";
+ unless ( -f $filename ) {
+ open( FILE, ">", $filename ) or die "Cannot open $filename";
+ print FILE "LoadModule " . $modname . "_module $File::Find::name\n";
+ close(FILE);
+ }
+ },
+ follow => 1,
+ },
+ $ARGV[0]
+);
+
+exit 0;
+
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* execute[generate-module-list] action nothing (skipped due to action :nothing)
* directory[/etc/httpd/ssl] action create
- create new directory /etc/httpd/ssl
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* directory[/var/cache/httpd] action create
- change mode from '0700' to '0755'
- change owner from 'apache' to 'root'
- change group from 'apache' to 'root'
- restore selinux security context
* directory[/var/run/httpd] action create
- change mode from '0710' to '0755'
- change group from 'apache' to 'root'
- restore selinux security context
* template[/etc/sysconfig/httpd] action create
- update content in file /etc/sysconfig/httpd from fa3a9b to a17f9c
--- /etc/sysconfig/httpd 2016-11-14 16:53:16.000000000 +0000
+++ /etc/sysconfig/.chef-httpd20170126-11192-1wz4c48 2017-01-26 20:49:48.260601866 +0000
@@ -1,14 +1,12 @@
+# This file is managed by Chef. Changes will be overwritten.
+
#
-# This file can be used to set additional environment variables for
-# the httpd process, or pass additional options to the httpd
-# executable.
+# The default processing model (MPM) is the process-based
+# 'prefork' model. A thread-based model, 'worker', is also
+# available, but does not work with some modules (such as PHP).
+# The service must be stopped before changing this variable.
#
-# Note: With previous versions of httpd, the MPM could be changed by
-# editing an "HTTPD" variable here. With the current version, that
-# variable is now ignored. The MPM is a loadable module, and the
-# choice of MPM can be changed by editing the configuration file
-# /etc/httpd/conf.modules.d/00-mpm.conf.
-#
+HTTPD=/usr/sbin/httpd
#
# To pass additional options (for instance, -D definitions) to the
@@ -17,10 +15,19 @@
#OPTIONS=
#
-# This setting ensures the httpd process is started in the "C" locale
-# by default. (Some modules will not behave correctly if
-# case-sensitive string comparisons are performed in a different
-# locale.)
+# By default, the httpd process is started in the C locale; to
+# change the locale in which the server runs, the HTTPD_LANG
+# variable can be set.
#
-LANG=C
+HTTPD_LANG=C
+
+#
+# By default, the httpd process will create the file
+# /var/run/httpd/httpd.pid in which it records its process
+# identification number when it starts. If an alternate location is
+# specified in httpd.conf (via the PidFile directive), the new
+# location needs to be reported in the PIDFILE.
+#
+PIDFILE=/var/run/httpd/httpd.pid
+
- restore selinux security context
* template[/etc/httpd/envvars] action create (skipped due to only_if)
* template[apache2.conf] action create
- update content in file /etc/httpd/conf/httpd.conf from 3f002b to 41f82d
--- /etc/httpd/conf/httpd.conf 2016-11-14 16:53:16.000000000 +0000
+++ /etc/httpd/conf/.chef-httpd20170126-11192-mxysya.conf 2017-01-26 20:49:48.304623865 +0000
@@ -1,185 +1,112 @@
#
-# This is the main Apache HTTP server configuration file. It contains the
-# configuration directives that give the server its instructions.
-# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
-# In particular, see
-# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
-# for a discussion of each configuration directive.
+# Generated by Chef
#
-# Do NOT simply read the instructions in here without understanding
-# what they do. They're here only as hints or reminders. If you are unsure
-# consult the online docs. You have been warned.
-#
-# Configuration and logfile names: If the filenames you specify for many
-# of the server's control files begin with "/" (or "drive:/" for Win32), the
-# server will use that explicit path. If the filenames do *not* begin
-# with "/", the value of ServerRoot is prepended -- so 'log/access_log'
-# with ServerRoot set to '/www' will be interpreted by the
-# server as '/www/log/access_log', where as '/log/access_log' will be
-# interpreted as '/log/access_log'.
+# Based on the Ubuntu apache2.conf
-#
-# ServerRoot: The top of the directory tree under which the server's
-# configuration, error, and log files are kept.
-#
-# Do not add a slash at the end of the directory path. If you point
-# ServerRoot at a non-local disk, be sure to specify a local disk on the
-# Mutex directive, if file-based mutexes are used. If you wish to share the
-# same ServerRoot for multiple httpd daemons, you will need to change at
-# least PidFile.
-#
ServerRoot "/etc/httpd"
#
-# Listen: Allows you to bind Apache to specific IP addresses and/or
-# ports, instead of the default. See also the <VirtualHost>
-# directive.
+# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
-# Change this to Listen on specific IP addresses as shown below to
-# prevent Apache from glomming onto all bound IP addresses.
-#
-#Listen 12.34.56.78:80
-Listen 80
+Mutex file:/var/run/httpd default
#
-# Dynamic Shared Object (DSO) Support
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
#
-# To be able to use the functionality of a module which was built as a DSO you
-# have to place corresponding `LoadModule' lines at this location so the
-# directives contained in it are actually available _before_ they are used.
-# Statically compiled modules (those listed by `httpd -l') do not need
-# to be loaded here.
-#
-# Example:
-# LoadModule foo_module modules/mod_foo.so
-#
-Include conf.modules.d/*.conf
+PidFile /var/run/httpd/httpd.pid
#
-# If you wish httpd to run as a different user or group, you must run
-# httpd as root initially and it will switch.
+# Timeout: The number of seconds before receives and sends time out.
#
-# User/Group: The name (or #number) of the user/group to run httpd as.
-# It is usually good practice to create a dedicated user and group for
-# running httpd, as with most system services.
-#
-User apache
-Group apache
+Timeout 300
-# 'Main' server configuration
#
-# The directives in this section set up the values used by the 'main'
-# server, which responds to any requests that aren't handled by a
-# <VirtualHost> definition. These values also provide defaults for
-# any <VirtualHost> containers you may define later in the file.
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
#
-# All of these directives may appear inside <VirtualHost> containers,
-# in which case these default settings will be overridden for the
-# virtual host being defined.
-#
+KeepAlive On
#
-# ServerAdmin: Your address, where problems with the server should be
-# e-mailed. This address appears on some server-generated pages, such
-# as error documents. e.g. admin@your-domain.com
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
#
-ServerAdmin root@localhost
+MaxKeepAliveRequests 100
#
-# ServerName gives the name and port that the server uses to identify itself.
-# This can often be determined automatically, but we recommend you specify
-# it explicitly to prevent problems during startup.
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
#
-# If your host doesn't have a registered DNS name, enter its IP address here.
-#
-#ServerName www.example.com:80
+KeepAliveTimeout 5
+#<IfModule unixd_module>
+User apache
+Group apache
+#</IfModule>
+
+# Sets the default security model of the Apache2 HTTPD server. It does
+# not allow access to the root filesystem outside of /usr/share and /var/www/html.
+# If your system is serving content from a sub-directory in /srv you must allow
+# access in conf-enabled, or in any related virtual host. e.g.
#
-# Deny access to the entirety of your server's filesystem. You must
-# explicitly permit access to web content directories in other
-# <Directory> blocks below.
+# <Directory /srv/>
+# Options Indexes FollowSymLinks
+# AllowOverride None
+# Require all granted
+# </Directory>
#
<Directory />
- AllowOverride none
- Require all denied
+ Options FollowSymLinks
+ AllowOverride None
+ Require all denied
</Directory>
-#
-# Note that from this point forward you must specifically allow
-# particular features to be enabled - so if something's not working as
-# you might expect, make sure that you have specifically enabled it
-# below.
-#
-
-#
-# DocumentRoot: The directory out of which you will serve your
-# documents. By default, all requests are taken from this directory, but
-# symbolic links and aliases may be used to point to other locations.
-#
-DocumentRoot "/var/www/html"
-
-#
-# Relax access to content within /var/www.
-#
-<Directory "/var/www">
- AllowOverride None
- # Allow open access:
- Require all granted
+<Directory /usr/share>
+ AllowOverride None
+ Require all granted
</Directory>
-# Further relax access to the default document root:
-<Directory "/var/www/html">
- #
- # Possible values for the Options directive are "None", "All",
- # or any combination of:
- # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
- #
- # Note that "MultiViews" must be named *explicitly* --- "Options All"
- # doesn't give it to you.
- #
- # The Options directive is both complicated and important. Please see
- # http://httpd.apache.org/docs/2.4/mod/core.html#options
- # for more information.
- #
- Options Indexes FollowSymLinks
-
- #
- # AllowOverride controls what directives may be placed in .htaccess files.
- # It can be "All", "None", or any combination of the keywords:
- # Options FileInfo AuthConfig Limit
- #
- AllowOverride None
-
- #
- # Controls who can get stuff from this server.
- #
- Require all granted
+<Directory /var/www/html>
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
</Directory>
#
-# DirectoryIndex: sets the file that Apache will serve if a directory
-# is requested.
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives. See also the AllowOverride
+# directive.
#
-<IfModule dir_module>
- DirectoryIndex index.html
-</IfModule>
+AccessFileName .htaccess
+
#
-# The following lines prevent .htaccess and .htpasswd files from being
-# viewed by Web clients.
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
#
-<Files ".ht*">
+<Files ~ "^\.ht">
Require all denied
</Files>
+
#
+# HostnameLookups: Log the names of clients or just their IP addresses
+# e.g., www.apache.org (on) or 204.62.129.132 (off).
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on, since enabling it means that
+# each client request will result in AT LEAST one lookup request to the
+# nameserver.
+#
+HostnameLookups Off
+
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
-ErrorLog "logs/error_log"
+ErrorLog /var/log/httpd/error.log
#
# LogLevel: Control the number of messages logged to the error_log.
@@ -188,167 +115,31 @@
#
LogLevel warn
-<IfModule log_config_module>
- #
- # The following directives define some format nicknames for use with
- # a CustomLog directive (see below).
- #
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
- LogFormat "%h %l %u %t \"%r\" %>s %b" common
+# COOK-1021: Dummy LoadModule directive to aid module installations
+#LoadModule dummy_module modules/mod_dummy.so
- <IfModule logio_module>
- # You need to enable mod_logio.c to use %I and %O
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
- </IfModule>
+# Include module configuration:
+IncludeOptional /etc/httpd/mods-enabled/*.load
+IncludeOptional /etc/httpd/mods-enabled/*.conf
- #
- # The location and format of the access logfile (Common Logfile Format).
- # If you do not define any access logfiles within a <VirtualHost>
- # container, they will be logged here. Contrariwise, if you *do*
- # define per-<VirtualHost> access logfiles, transactions will be
- # logged therein and *not* in this file.
- #
- #CustomLog "logs/access_log" common
- #
- # If you prefer a logfile with access, agent, and referer information
- # (Combined Logfile Format) you can use the following directive.
- #
- CustomLog "logs/access_log" combined
-</IfModule>
+# Include ports listing
+Include /etc/httpd/ports.conf
-<IfModule alias_module>
- #
- # Redirect: Allows you to tell clients about documents that used to
- # exist in your server's namespace, but do not anymore. The client
- # will make a new request for the document at its new location.
- # Example:
- # Redirect permanent /foo http://www.example.com/bar
-
- #
- # Alias: Maps web paths into filesystem paths and is used to
- # access content that does not live under the DocumentRoot.
- # Example:
- # Alias /webpath /full/filesystem/path
- #
- # If you include a trailing / on /webpath then the server will
- # require it to be present in the URL. You will also likely
- # need to provide a <Directory> section to allow access to
- # the filesystem path.
-
- #
- # ScriptAlias: This controls which directories contain server scripts.
- # ScriptAliases are essentially the same as Aliases, except that
- # documents in the target directory are treated as applications and
- # run by the server when requested rather than as documents sent to the
- # client. The same rules about trailing "/" apply to ScriptAlias
- # directives as to Alias.
- #
- ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
-
-</IfModule>
-
#
-# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
-# CGI directory exists, if you have that configured.
+# The following directives define some format nicknames for use with
+# a CustomLog directive (see below).
#
-<Directory "/var/www/cgi-bin">
- AllowOverride None
- Options None
- Require all granted
-</Directory>
-
-<IfModule mime_module>
- #
- # TypesConfig points to the file containing the list of mappings from
- # filename extension to MIME-type.
- #
- TypesConfig /etc/mime.types
-
- #
- # AddType allows you to add to or override the MIME configuration
- # file specified in TypesConfig for specific file types.
- #
- #AddType application/x-gzip .tgz
- #
- # AddEncoding allows you to have certain browsers uncompress
- # information on the fly. Note: Not all browsers support this.
- #
- #AddEncoding x-compress .Z
- #AddEncoding x-gzip .gz .tgz
- #
- # If the AddEncoding directives above are commented-out, then you
- # probably should define those extensions to indicate media types:
- #
- AddType application/x-compress .Z
- AddType application/x-gzip .gz .tgz
-
- #
- # AddHandler allows you to map certain file extensions to "handlers":
- # actions unrelated to filetype. These can be either built into the server
- # or added with the Action directive (see below)
- #
- # To use CGI scripts outside of ScriptAliased directories:
- # (You will also need to add "ExecCGI" to the "Options" directive.)
- #
- #AddHandler cgi-script .cgi
-
- # For type maps (negotiated resources):
- #AddHandler type-map var
-
- #
- # Filters allow you to process content before it is sent to the client.
- #
- # To parse .shtml files for server-side includes (SSI):
- # (You will also need to add "Includes" to the "Options" directive.)
- #
- AddType text/html .shtml
- AddOutputFilter INCLUDES .shtml
-</IfModule>
-
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
#
-# Specify a default charset for all content served; this enables
-# interpretation of all content as UTF-8 by default. To use the
-# default browser choice (ISO-8859-1), or to allow the META tags
-# in HTML content to override this choice, comment out this
-# directive:
-#
-AddDefaultCharset UTF-8
-<IfModule mime_magic_module>
- #
- # The mod_mime_magic module allows the server to use various hints from the
- # contents of the file itself to determine its type. The MIMEMagicFile
- # directive tells the module where the hint definitions are located.
- #
- MIMEMagicFile conf/magic
-</IfModule>
+# Include generic snippets of statements
+IncludeOptional /etc/httpd/conf-enabled/*.conf
-#
-# Customizable error responses come in three flavors:
-# 1) plain text 2) local redirects 3) external redirects
-#
-# Some examples:
-#ErrorDocument 500 "The server made a boo boo."
-#ErrorDocument 404 /missing.html
-#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
-#ErrorDocument 402 http://www.example.com/subscription_info.html
-#
-
-#
-# EnableMMAP and EnableSendfile: On systems that support it,
-# memory-mapping or the sendfile syscall may be used to deliver
-# files. This usually improves server performance, but must
-# be turned off when serving from networked-mounted
-# filesystems or if support for these functions is otherwise
-# broken on your system.
-# Defaults if commented: EnableMMAP On, EnableSendfile Off
-#
-#EnableMMAP off
-EnableSendfile on
-
-# Supplemental configuration
-#
-# Load config files in the "/etc/httpd/conf.d" directory, if any.
-IncludeOptional conf.d/*.conf
+# Include the virtual host configurations:
+IncludeOptional /etc/httpd/sites-enabled/*.conf
- restore selinux security context
* file[/etc/httpd/conf-available/security] action delete (up to date)
* template[/etc/httpd/conf-available/security.conf] action create
- create new file /etc/httpd/conf-available/security.conf
- update content in file /etc/httpd/conf-available/security.conf from none to b8213b
--- /etc/httpd/conf-available/security.conf 2017-01-26 20:49:48.402672861 +0000
+++ /etc/httpd/conf-available/.chef-security20170126-11192-1rdf2t.conf 2017-01-26 20:49:48.402672861 +0000
@@ -1 +1,33 @@
+# Changing the following options will not really affect the security of the
+# server, but might make attacks slightly more difficult in some cases.
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of: Full | OS | Minimal | Minor | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#
+ServerTokens Prod
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of: On | Off | EMail
+#
+ServerSignature On
+
+#
+# Allow TRACE method
+#
+# Set to "extended" to also reflect the request body (only for testing and
+# diagnostic purposes).
+#
+# Set to one of: On | Off | extended
+#
+TraceEnable Off
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* execute[a2enconf security.conf] action run
- execute /usr/sbin/a2enconf security.conf
* file[/etc/httpd/conf-available/charset] action delete (up to date)
* template[/etc/httpd/conf-available/charset.conf] action create
- create new file /etc/httpd/conf-available/charset.conf
- update content in file /etc/httpd/conf-available/charset.conf from none to 543c6c
--- /etc/httpd/conf-available/charset.conf 2017-01-26 20:49:49.231086831 +0000
+++ /etc/httpd/conf-available/.chef-charset20170126-11192-wfd6fa.conf 2017-01-26 20:49:49.231086831 +0000
@@ -1 +1,7 @@
+# Read the documentation before enabling AddDefaultCharset.
+# In general, it is only a good idea if you know that all your files
+# have this encoding. It will override any encoding given in the files
+# in meta http-equiv or xml encoding tags.
+
+#AddDefaultCharset UTF-8
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* execute[a2enconf charset.conf] action run
- execute /usr/sbin/a2enconf charset.conf
* file[/etc/httpd/ports] action delete (up to date)
* template[/etc/httpd/ports.conf] action create
- create new file /etc/httpd/ports.conf
- update content in file /etc/httpd/ports.conf from none to f18820
--- /etc/httpd/ports.conf 2017-01-26 20:49:49.534238320 +0000
+++ /etc/httpd/.chef-ports20170126-11192-lhg0cw.conf 2017-01-26 20:49:49.534238320 +0000
@@ -1 +1,5 @@
+# This file was generated by Chef for better-chef-rundeck-centos-72.
+# Do NOT modify this file by hand!
+
+Listen *:80
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
Recipe: apache2::mpm_prefork
* file[/etc/httpd/mods-available/mpm_event.load] action create
- create new file /etc/httpd/mods-available/mpm_event.load
- update content in file /etc/httpd/mods-available/mpm_event.load from none to 53c7f3
--- /etc/httpd/mods-available/mpm_event.load 2017-01-26 20:49:49.615278817 +0000
+++ /etc/httpd/mods-available/.chef-mpm_event20170126-11192-sjkilz.load 2017-01-26 20:49:49.613277817 +0000
@@ -1 +1,2 @@
+LoadModule mpm_event_module /usr/lib64/httpd/modules/mod_mpm_event.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2dismod mpm_event] action run (skipped due to only_if)
* file[/etc/httpd/mods-available/mpm_worker.load] action create
- create new file /etc/httpd/mods-available/mpm_worker.load
- update content in file /etc/httpd/mods-available/mpm_worker.load from none to e206b7
--- /etc/httpd/mods-available/mpm_worker.load 2017-01-26 20:49:49.712327314 +0000
+++ /etc/httpd/mods-available/.chef-mpm_worker20170126-11192-1g4hatg.load 2017-01-26 20:49:49.710326314 +0000
@@ -1 +1,2 @@
+LoadModule mpm_worker_module /usr/lib64/httpd/modules/mod_mpm_worker.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2dismod mpm_worker] action run (skipped due to only_if)
* template[/etc/httpd/mods-available/mpm_prefork.conf] action create
- create new file /etc/httpd/mods-available/mpm_prefork.conf
- update content in file /etc/httpd/mods-available/mpm_prefork.conf from none to a6980c
--- /etc/httpd/mods-available/mpm_prefork.conf 2017-01-26 20:49:49.815378810 +0000
+++ /etc/httpd/mods-available/.chef-mpm_prefork20170126-11192-1kczghr.conf 2017-01-26 20:49:49.814378310 +0000
@@ -1 +1,15 @@
+# prefork MPM
+<IfModule mpm_prefork_module>
+ # StartServers: number of server processes to start
+ # MinSpareServers: minimum number of server processes which are kept spare
+ # MaxSpareServers: maximum number of server processes which are kept spare
+ # MaxRequestWorkers: maximum number of server processes allowed to start
+ # MaxConnectionsPerChild: maximum number of requests a server process serves
+ StartServers 16
+ MinSpareServers 16
+ MaxSpareServers 32
+ ServerLimit 256
+ MaxRequestWorkers 256
+ MaxConnectionsPerChild 10000
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/mpm_prefork.load] action create
- create new file /etc/httpd/mods-available/mpm_prefork.load
- update content in file /etc/httpd/mods-available/mpm_prefork.load from none to 00691d
--- /etc/httpd/mods-available/mpm_prefork.load 2017-01-26 20:49:49.915428806 +0000
+++ /etc/httpd/mods-available/.chef-mpm_prefork20170126-11192-viua2d.load 2017-01-26 20:49:49.915428806 +0000
@@ -1 +1,2 @@
+LoadModule mpm_prefork_module /usr/lib64/httpd/modules/mod_mpm_prefork.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod mpm_prefork] action run
- execute /usr/sbin/a2enmod mpm_prefork
Recipe: apache2::mod_status
* template[/etc/httpd/mods-available/status.conf] action create
- create new file /etc/httpd/mods-available/status.conf
- update content in file /etc/httpd/mods-available/status.conf from none to ed62d0
--- /etc/httpd/mods-available/status.conf 2017-01-26 20:49:50.127534799 +0000
+++ /etc/httpd/mods-available/.chef-status20170126-11192-v6u5tb.conf 2017-01-26 20:49:50.125533799 +0000
@@ -1 +1,31 @@
+<IfModule mod_status.c>
+ #
+ # Allow server status reports generated by mod_status,
+ # with the URL of http://servername/server-status
+ # Uncomment and change the ".example.com" to allow
+ # access from other hosts.
+ #
+ <Location /server-status>
+ SetHandler server-status
+ Require local
+ Require ip 127.0.0.1 ::1
+ </Location>
+
+ #
+ # ExtendedStatus controls whether Apache will generate "full" status
+ # information (ExtendedStatus On) or just basic information (ExtendedStatus
+ # Off) when the "server-status" handler is called. The default is Off.
+ #
+ ExtendedStatus Off
+
+ # Determine if mod_status displays the first 63 characters of a request or
+ # the last 63, assuming the request itself is greater than 63 chars.
+ # Default: Off
+ #SeeRequestTail On
+
+ <IfModule mod_proxy.c>
+ # Show Proxy LoadBalancer status in mod_status
+ ProxyStatus On
+ </IfModule>
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/status.load] action create
- create new file /etc/httpd/mods-available/status.load
- update content in file /etc/httpd/mods-available/status.load from none to 4fdc51
--- /etc/httpd/mods-available/status.load 2017-01-26 20:49:50.156549298 +0000
+++ /etc/httpd/mods-available/.chef-status20170126-11192-10ps7wa.load 2017-01-26 20:49:50.156549298 +0000
@@ -1 +1,2 @@
+LoadModule status_module /usr/lib64/httpd/modules/mod_status.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod status] action run
- execute /usr/sbin/a2enmod status
Recipe: apache2::mod_alias
* template[/etc/httpd/mods-available/alias.conf] action create
- create new file /etc/httpd/mods-available/alias.conf
- update content in file /etc/httpd/mods-available/alias.conf from none to e275d5
--- /etc/httpd/mods-available/alias.conf 2017-01-26 20:49:50.312627292 +0000
+++ /etc/httpd/mods-available/.chef-alias20170126-11192-1b9dzk7.conf 2017-01-26 20:49:50.312627292 +0000
@@ -1 +1,23 @@
+<IfModule alias_module>
+ #
+ # Aliases: Add here as many aliases as you need (with no limit). The format is
+ # Alias fakename realname
+ #
+ # Note that if you include a trailing / on fakename then the server will
+ # require it to be present in the URL. So "/icons" isn't aliased in this
+ # example, only "/icons/". If the fakename is slash-terminated, then the
+ # realname must also be slash terminated, and if the fakename omits the
+ # trailing slash, the realname must also omit it.
+ #
+ # We include the /icons/ alias for FancyIndexed directory listings. If
+ # you do not use FancyIndexing, you may comment this out.
+ #
+ Alias /icons/ "/usr/share/httpd/icons/"
+
+ <Directory "/usr/share/httpd/icons">
+ Options Indexes MultiViews
+ AllowOverride None
+ Require all granted
+ </Directory>
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/alias.load] action create
- create new file /etc/httpd/mods-available/alias.load
- update content in file /etc/httpd/mods-available/alias.load from none to aceb16
--- /etc/httpd/mods-available/alias.load 2017-01-26 20:49:50.350646291 +0000
+++ /etc/httpd/mods-available/.chef-alias20170126-11192-1eoxl6h.load 2017-01-26 20:49:50.350646291 +0000
@@ -1 +1,2 @@
+LoadModule alias_module /usr/lib64/httpd/modules/mod_alias.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod alias] action run
- execute /usr/sbin/a2enmod alias
Recipe: apache2::mod_auth_basic
* file[/etc/httpd/mods-available/auth_basic.load] action create
- create new file /etc/httpd/mods-available/auth_basic.load
- update content in file /etc/httpd/mods-available/auth_basic.load from none to 053e14
--- /etc/httpd/mods-available/auth_basic.load 2017-01-26 20:49:50.505723785 +0000
+++ /etc/httpd/mods-available/.chef-auth_basic20170126-11192-msxhmh.load 2017-01-26 20:49:50.505723785 +0000
@@ -1 +1,2 @@
+LoadModule auth_basic_module /usr/lib64/httpd/modules/mod_auth_basic.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod auth_basic] action run
- execute /usr/sbin/a2enmod auth_basic
Recipe: apache2::mod_authn_core
* file[/etc/httpd/mods-available/authn_core.load] action create
- create new file /etc/httpd/mods-available/authn_core.load
- update content in file /etc/httpd/mods-available/authn_core.load from none to b063ef
--- /etc/httpd/mods-available/authn_core.load 2017-01-26 20:49:50.724833277 +0000
+++ /etc/httpd/mods-available/.chef-authn_core20170126-11192-1qcdm73.load 2017-01-26 20:49:50.724833277 +0000
@@ -1 +1,2 @@
+LoadModule authn_core_module /usr/lib64/httpd/modules/mod_authn_core.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod authn_core] action run
- execute /usr/sbin/a2enmod authn_core
Recipe: apache2::mod_authn_file
* file[/etc/httpd/mods-available/authn_file.load] action create
- create new file /etc/httpd/mods-available/authn_file.load
- update content in file /etc/httpd/mods-available/authn_file.load from none to d22bea
--- /etc/httpd/mods-available/authn_file.load 2017-01-26 20:49:50.845893773 +0000
+++ /etc/httpd/mods-available/.chef-authn_file20170126-11192-1b7f5hc.load 2017-01-26 20:49:50.845893773 +0000
@@ -1 +1,2 @@
+LoadModule authn_file_module /usr/lib64/httpd/modules/mod_authn_file.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod authn_file] action run
- execute /usr/sbin/a2enmod authn_file
Recipe: apache2::mod_authz_core
* file[/etc/httpd/mods-available/authz_core.load] action create
- create new file /etc/httpd/mods-available/authz_core.load
- update content in file /etc/httpd/mods-available/authz_core.load from none to 8b988f
--- /etc/httpd/mods-available/authz_core.load 2017-01-26 20:49:51.015978766 +0000
+++ /etc/httpd/mods-available/.chef-authz_core20170126-11192-1q2zr10.load 2017-01-26 20:49:51.015978766 +0000
@@ -1 +1,2 @@
+LoadModule authz_core_module /usr/lib64/httpd/modules/mod_authz_core.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod authz_core] action run
- execute /usr/sbin/a2enmod authz_core
Recipe: apache2::mod_authz_groupfile
* file[/etc/httpd/mods-available/authz_groupfile.load] action create
- create new file /etc/httpd/mods-available/authz_groupfile.load
- update content in file /etc/httpd/mods-available/authz_groupfile.load from none to 4f60ac
--- /etc/httpd/mods-available/authz_groupfile.load 2017-01-26 20:49:51.186063760 +0000
+++ /etc/httpd/mods-available/.chef-authz_groupfile20170126-11192-1xzcyn3.load 2017-01-26 20:49:51.186063760 +0000
@@ -1 +1,2 @@
+LoadModule authz_groupfile_module /usr/lib64/httpd/modules/mod_authz_groupfile.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod authz_groupfile] action run
- execute /usr/sbin/a2enmod authz_groupfile
Recipe: apache2::mod_authz_host
* file[/etc/httpd/mods-available/authz_host.load] action create
- create new file /etc/httpd/mods-available/authz_host.load
- update content in file /etc/httpd/mods-available/authz_host.load from none to bb59ea
--- /etc/httpd/mods-available/authz_host.load 2017-01-26 20:49:51.350145754 +0000
+++ /etc/httpd/mods-available/.chef-authz_host20170126-11192-wh5d0x.load 2017-01-26 20:49:51.350145754 +0000
@@ -1 +1,2 @@
+LoadModule authz_host_module /usr/lib64/httpd/modules/mod_authz_host.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod authz_host] action run
- execute /usr/sbin/a2enmod authz_host
Recipe: apache2::mod_authz_user
* file[/etc/httpd/mods-available/authz_user.load] action create
- create new file /etc/httpd/mods-available/authz_user.load
- update content in file /etc/httpd/mods-available/authz_user.load from none to a4603f
--- /etc/httpd/mods-available/authz_user.load 2017-01-26 20:49:51.468204750 +0000
+++ /etc/httpd/mods-available/.chef-authz_user20170126-11192-u29rqc.load 2017-01-26 20:49:51.468204750 +0000
@@ -1 +1,2 @@
+LoadModule authz_user_module /usr/lib64/httpd/modules/mod_authz_user.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod authz_user] action run
- execute /usr/sbin/a2enmod authz_user
Recipe: apache2::mod_autoindex
* template[/etc/httpd/mods-available/autoindex.conf] action create
- create new file /etc/httpd/mods-available/autoindex.conf
- update content in file /etc/httpd/mods-available/autoindex.conf from none to 8e7e44
--- /etc/httpd/mods-available/autoindex.conf 2017-01-26 20:49:51.621281245 +0000
+++ /etc/httpd/mods-available/.chef-autoindex20170126-11192-18q1o57.conf 2017-01-26 20:49:51.619280245 +0000
@@ -1 +1,101 @@
+<IfModule mod_autoindex.c>
+ #
+ # Directives controlling the display of server-generated directory listings.
+ #
+
+ #
+ # IndexOptions: Controls the appearance of server-generated directory
+ # listings.
+ # Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames.
+ #
+ IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
+
+ #
+ # AddIcon* directives tell the server which icon to show for different
+ # files or filename extensions. These are only displayed for
+ # FancyIndexed directories.
+ #
+ AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2
+
+ AddIconByType (TXT,/icons/text.gif) text/*
+ AddIconByType (IMG,/icons/image2.gif) image/*
+ AddIconByType (SND,/icons/sound2.gif) audio/*
+ AddIconByType (VID,/icons/movie.gif) video/*
+
+ AddIcon /icons/binary.gif .bin .exe
+ AddIcon /icons/binhex.gif .hqx
+ AddIcon /icons/tar.gif .tar
+ AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+ AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+ AddIcon /icons/a.gif .ps .ai .eps
+ AddIcon /icons/layout.gif .html .shtml .htm .pdf
+ AddIcon /icons/text.gif .txt
+ AddIcon /icons/c.gif .c
+ AddIcon /icons/p.gif .pl .py
+ AddIcon /icons/f.gif .for
+ AddIcon /icons/dvi.gif .dvi
+ AddIcon /icons/uuencoded.gif .uu
+ AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+ AddIcon /icons/tex.gif .tex
+ # It's a suffix rule, so simply matching "core" matches "score" as well !
+ AddIcon /icons/bomb.gif /core
+ AddIcon (SND,/icons/sound2.gif) .ogg
+ AddIcon (VID,/icons/movie.gif) .ogm
+
+ AddIcon /icons/back.gif ..
+ AddIcon /icons/hand.right.gif README
+ AddIcon /icons/folder.gif ^^DIRECTORY^^
+ AddIcon /icons/blank.gif ^^BLANKICON^^
+
+ # Default icons for OpenDocument format
+ AddIcon /icons/odf6odt-20x22.png .odt
+ AddIcon /icons/odf6ods-20x22.png .ods
+ AddIcon /icons/odf6odp-20x22.png .odp
+ AddIcon /icons/odf6odg-20x22.png .odg
+ AddIcon /icons/odf6odc-20x22.png .odc
+ AddIcon /icons/odf6odf-20x22.png .odf
+ AddIcon /icons/odf6odb-20x22.png .odb
+ AddIcon /icons/odf6odi-20x22.png .odi
+ AddIcon /icons/odf6odm-20x22.png .odm
+
+ AddIcon /icons/odf6ott-20x22.png .ott
+ AddIcon /icons/odf6ots-20x22.png .ots
+ AddIcon /icons/odf6otp-20x22.png .otp
+ AddIcon /icons/odf6otg-20x22.png .otg
+ AddIcon /icons/odf6otc-20x22.png .otc
+ AddIcon /icons/odf6otf-20x22.png .otf
+ AddIcon /icons/odf6oti-20x22.png .oti
+ AddIcon /icons/odf6oth-20x22.png .oth
+
+ #
+ # DefaultIcon is which icon to show for files which do not have an icon
+ # explicitly set.
+ #
+ DefaultIcon /icons/unknown.gif
+
+ #
+ # AddDescription allows you to place a short description after a file in
+ # server-generated indexes. These are only displayed for FancyIndexed
+ # directories.
+ # Format: AddDescription "description" filename
+ #
+ #AddDescription "GZIP compressed document" .gz
+ #AddDescription "tar archive" .tar
+ #AddDescription "GZIP compressed tar archive" .tgz
+
+ #
+ # ReadmeName is the name of the README file the server will look for by
+ # default, and append to directory listings.
+ #
+ # HeaderName is the name of a file which should be prepended to
+ # directory indexes.
+ ReadmeName README.html
+ HeaderName HEADER.html
+
+ #
+ # IndexIgnore is a set of filenames which directory indexing should ignore
+ # and not include in the listing. Shell-style wildcarding is permitted.
+ #
+ IndexIgnore .??* *~ *# RCS CVS *,v *,t
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/autoindex.load] action create
- create new file /etc/httpd/mods-available/autoindex.load
- update content in file /etc/httpd/mods-available/autoindex.load from none to a4888e
--- /etc/httpd/mods-available/autoindex.load 2017-01-26 20:49:51.685313242 +0000
+++ /etc/httpd/mods-available/.chef-autoindex20170126-11192-jtbjjm.load 2017-01-26 20:49:51.685313242 +0000
@@ -1 +1,2 @@
+LoadModule autoindex_module /usr/lib64/httpd/modules/mod_autoindex.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod autoindex] action run
- execute /usr/sbin/a2enmod autoindex
Recipe: apache2::mod_deflate
* template[/etc/httpd/mods-available/deflate.conf] action create
- create new file /etc/httpd/mods-available/deflate.conf
- update content in file /etc/httpd/mods-available/deflate.conf from none to c8749f
--- /etc/httpd/mods-available/deflate.conf 2017-01-26 20:49:51.860400736 +0000
+++ /etc/httpd/mods-available/.chef-deflate20170126-11192-1na7vbv.conf 2017-01-26 20:49:51.860400736 +0000
@@ -1 +1,19 @@
+<IfModule mod_deflate.c>
+ <IfModule mod_filter.c>
+ # these are known to be safe with MSIE 6
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml
+
+ # everything else may cause problems with MSIE 6
+ AddOutputFilterByType DEFLATE text/css
+ AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
+ AddOutputFilterByType DEFLATE application/rss+xml
+ AddOutputFilterByType DEFLATE application/xml
+ AddOutputFilterByType DEFLATE application/xhtml+xml
+ AddOutputFilterByType DEFLATE image/svg+xml
+ AddOutputFilterByType DEFLATE application/atom_xml
+ AddOutputFilterByType DEFLATE application/x-httpd-php
+ AddOutputFilterByType DEFLATE application/x-httpd-fastphp
+ AddOutputFilterByType DEFLATE application/x-httpd-eruby
+ </IfModule>
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/deflate.load] action create
- create new file /etc/httpd/mods-available/deflate.load
- update content in file /etc/httpd/mods-available/deflate.load from none to d20592
--- /etc/httpd/mods-available/deflate.load 2017-01-26 20:49:51.902421734 +0000
+++ /etc/httpd/mods-available/.chef-deflate20170126-11192-18j2wx5.load 2017-01-26 20:49:51.902421734 +0000
@@ -1 +1,2 @@
+LoadModule deflate_module /usr/lib64/httpd/modules/mod_deflate.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod deflate] action run
- execute /usr/sbin/a2enmod deflate
Recipe: apache2::mod_dir
* template[/etc/httpd/mods-available/dir.conf] action create
- create new file /etc/httpd/mods-available/dir.conf
- update content in file /etc/httpd/mods-available/dir.conf from none to 5d2651
--- /etc/httpd/mods-available/dir.conf 2017-01-26 20:49:51.990465731 +0000
+++ /etc/httpd/mods-available/.chef-dir20170126-11192-1ly8dsa.conf 2017-01-26 20:49:51.990465731 +0000
@@ -1 +1,4 @@
+<IfModule mod_dir.c>
+ DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/dir.load] action create
- create new file /etc/httpd/mods-available/dir.load
- update content in file /etc/httpd/mods-available/dir.load from none to 846d55
--- /etc/httpd/mods-available/dir.load 2017-01-26 20:49:52.014477730 +0000
+++ /etc/httpd/mods-available/.chef-dir20170126-11192-aw9ckc.load 2017-01-26 20:49:52.014477730 +0000
@@ -1 +1,2 @@
+LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod dir] action run
- execute /usr/sbin/a2enmod dir
Recipe: apache2::mod_env
* file[/etc/httpd/mods-available/env.load] action create
- create new file /etc/httpd/mods-available/env.load
- update content in file /etc/httpd/mods-available/env.load from none to bac691
--- /etc/httpd/mods-available/env.load 2017-01-26 20:49:52.076508728 +0000
+++ /etc/httpd/mods-available/.chef-env20170126-11192-44f35p.load 2017-01-26 20:49:52.076508728 +0000
@@ -1 +1,2 @@
+LoadModule env_module /usr/lib64/httpd/modules/mod_env.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod env] action run
- execute /usr/sbin/a2enmod env
Recipe: apache2::mod_mime
* template[/etc/httpd/mods-available/mime.conf] action create
- create new file /etc/httpd/mods-available/mime.conf
- update content in file /etc/httpd/mods-available/mime.conf from none to 76e7d0
--- /etc/httpd/mods-available/mime.conf 2017-01-26 20:49:52.141541226 +0000
+++ /etc/httpd/mods-available/.chef-mime20170126-11192-lznutv.conf 2017-01-26 20:49:52.141541226 +0000
@@ -1 +1,193 @@
+<IfModule mod_mime.c>
+ #
+ # TypesConfig points to the file containing the list of mappings from
+ # filename extension to MIME-type.
+ #
+ TypesConfig /etc/mime.types
+
+ #
+ # AddType allows you to add to or override the MIME configuration
+ # file mime.types for specific file types.
+ #
+ #AddType application/x-gzip .tgz
+ #
+ # AddEncoding allows you to have certain browsers uncompress
+ # information on the fly. Note: Not all browsers support this.
+ # Despite the name similarity, the following Add* directives have
+ # nothing to do with the FancyIndexing customization directives above.
+ #
+ #AddEncoding x-compress .Z
+ #AddEncoding x-gzip .gz .tgz
+ #AddEncoding x-bzip2 .bz2
+ #
+ # If the AddEncoding directives above are commented-out, then you
+ # probably should define those extensions to indicate media types:
+ #
+ AddType application/x-compress .Z
+ AddType application/x-gzip .gz .tgz
+ AddType application/x-bzip2 .bz2
+
+ AddType image/svg+xml svg svgz
+ AddEncoding gzip svgz
+
+ #
+ # DefaultLanguage and AddLanguage allows you to specify the language of
+ # a document. You can then use content negotiation to give a browser a
+ # file in a language the user can understand.
+ #
+ # Specify a default language. This means that all data
+ # going out without a specific language tag (see below) will
+ # be marked with this one. You probably do NOT want to set
+ # this unless you are sure it is correct for all cases.
+ #
+ # * It is generally better to not mark a page as
+ # * being a certain language than marking it with the wrong
+ # * language!
+ #
+ # DefaultLanguage nl
+ #
+ # Note 1: The suffix does not have to be the same as the language
+ # keyword --- those with documents in Polish (whose net-standard
+ # language code is pl) may wish to use "AddLanguage pl .po" to
+ # avoid the ambiguity with the common suffix for perl scripts.
+ #
+ # Note 2: The example entries below illustrate that in some cases
+ # the two character 'Language' abbreviation is not identical to
+ # the two character 'Country' code for its country,
+ # E.g. 'Danmark/dk' versus 'Danish/da'.
+ #
+ # Note 3: In the case of 'ltz' we violate the RFC by using a three char
+ # specifier. There is 'work in progress' to fix this and get
+ # the reference data for rfc1766 cleaned up.
+ #
+ # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
+ # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
+ # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
+ # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
+ # Norwegian (no) - Polish (pl) - Portugese (pt)
+ # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
+ # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
+ #
+ AddLanguage ca .ca
+ AddLanguage cs .cz .cs
+ AddLanguage da .dk
+ AddLanguage de .de
+ AddLanguage el .el
+ AddLanguage en .en
+ AddLanguage eo .eo
+ # See README.Debian for Spanish
+ AddLanguage es .es
+ AddLanguage et .et
+ AddLanguage fr .fr
+ AddLanguage he .he
+ AddLanguage hr .hr
+ AddLanguage it .it
+ AddLanguage ja .ja
+ AddLanguage ko .ko
+ AddLanguage ltz .ltz
+ AddLanguage nl .nl
+ AddLanguage nn .nn
+ AddLanguage no .no
+ AddLanguage pl .po
+ AddLanguage pt .pt
+ AddLanguage pt-BR .pt-br
+ AddLanguage ru .ru
+ AddLanguage sv .sv
+ # See README.Debian for Turkish
+ AddLanguage tr .tr
+ AddLanguage zh-CN .zh-cn
+ AddLanguage zh-TW .zh-tw
+
+ #
+ # Commonly used filename extensions to character sets. You probably
+ # want to avoid clashes with the language extensions, unless you
+ # are good at carefully testing your setup after each change.
+ # See http://www.iana.org/assignments/character-sets for the
+ # official list of charset names and their respective RFCs.
+ #
+ AddCharset us-ascii .ascii .us-ascii
+ AddCharset ISO-8859-1 .iso8859-1 .latin1
+ AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
+ AddCharset ISO-8859-3 .iso8859-3 .latin3
+ AddCharset ISO-8859-4 .iso8859-4 .latin4
+ AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
+ AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
+ AddCharset ISO-8859-7 .iso8859-7 .grk .greek
+ AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
+ AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
+ AddCharset ISO-8859-10 .iso8859-10 .latin6
+ AddCharset ISO-8859-13 .iso8859-13
+ AddCharset ISO-8859-14 .iso8859-14 .latin8
+ AddCharset ISO-8859-15 .iso8859-15 .latin9
+ AddCharset ISO-8859-16 .iso8859-16 .latin10
+ AddCharset ISO-2022-JP .iso2022-jp .jis
+ AddCharset ISO-2022-KR .iso2022-kr .kis
+ AddCharset ISO-2022-CN .iso2022-cn .cis
+ AddCharset Big5 .Big5 .big5 .b5
+ AddCharset cn-Big5 .cn-big5
+ # For russian, more than one charset is used (depends on client, mostly):
+ AddCharset WINDOWS-1251 .cp-1251 .win-1251
+ AddCharset CP866 .cp866
+ AddCharset KOI8 .koi8
+ AddCharset KOI8-E .koi8-e
+ AddCharset KOI8-r .koi8-r .koi8-ru
+ AddCharset KOI8-U .koi8-u
+ AddCharset KOI8-ru .koi8-uk .ua
+ AddCharset ISO-10646-UCS-2 .ucs2
+ AddCharset ISO-10646-UCS-4 .ucs4
+ AddCharset UTF-7 .utf7
+ AddCharset UTF-8 .utf8
+ AddCharset UTF-16 .utf16
+ AddCharset UTF-16BE .utf16be
+ AddCharset UTF-16LE .utf16le
+ AddCharset UTF-32 .utf32
+ AddCharset UTF-32BE .utf32be
+ AddCharset UTF-32LE .utf32le
+ AddCharset euc-cn .euc-cn
+ AddCharset euc-gb .euc-gb
+ AddCharset euc-jp .euc-jp
+ AddCharset euc-kr .euc-kr
+ #Not sure how euc-tw got in - IANA doesn't list it???
+ AddCharset EUC-TW .euc-tw
+ AddCharset gb2312 .gb2312 .gb
+ AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
+ AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
+ AddCharset shift_jis .shift_jis .sjis
+
+ #
+ # AddHandler allows you to map certain file extensions to "handlers":
+ # actions unrelated to filetype. These can be either built into the server
+ # or added with the Action directive (see below)
+ #
+ # To use CGI scripts outside of ScriptAliased directories:
+ # (You will also need to add "ExecCGI" to the "Options" directive.)
+ #
+ #AddHandler cgi-script .cgi
+
+ #
+ # For files that include their own HTTP headers:
+ #
+ #AddHandler send-as-is asis
+
+ #
+ # For server-parsed imagemap files:
+ #
+ #AddHandler imap-file map
+
+ #
+ # For type maps (negotiated resources):
+ # (This is enabled by default to allow the Apache "It Worked" page
+ # to be distributed in multiple languages.)
+ #
+ AddHandler type-map var
+
+ #
+ # Filters allow you to process content before it is sent to the client.
+ #
+ # To parse .shtml files for server-side includes (SSI):
+ # (You will also need to add "Includes" to the "Options" directive.)
+ #
+ AddType text/html .shtml
+ AddOutputFilter INCLUDES .shtml
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/mime.load] action create
- create new file /etc/httpd/mods-available/mime.load
- update content in file /etc/httpd/mods-available/mime.load from none to 37c2d3
--- /etc/httpd/mods-available/mime.load 2017-01-26 20:49:52.166553725 +0000
+++ /etc/httpd/mods-available/.chef-mime20170126-11192-rqa4r7.load 2017-01-26 20:49:52.166553725 +0000
@@ -1 +1,2 @@
+LoadModule mime_module /usr/lib64/httpd/modules/mod_mime.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod mime] action run
- execute /usr/sbin/a2enmod mime
Recipe: apache2::mod_negotiation
* template[/etc/httpd/mods-available/negotiation.conf] action create
- create new file /etc/httpd/mods-available/negotiation.conf
- update content in file /etc/httpd/mods-available/negotiation.conf from none to 3ad8fd
--- /etc/httpd/mods-available/negotiation.conf 2017-01-26 20:49:52.229585223 +0000
+++ /etc/httpd/mods-available/.chef-negotiation20170126-11192-u5c4ch.conf 2017-01-26 20:49:52.229585223 +0000
@@ -1 +1,18 @@
+<IfModule mod_negotiation.c>
+ #
+ # LanguagePriority allows you to give precedence to some languages
+ # in case of a tie during content negotiation.
+ #
+ # Just list the languages in decreasing order of preference. We have
+ # more or less alphabetized them here. You probably want to change this.
+ #
+ LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
+
+ #
+ # ForceLanguagePriority allows you to serve a result page rather than
+ # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
+ # [in case no accepted languages matched the available variants]
+ #
+ ForceLanguagePriority Prefer Fallback
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/negotiation.load] action create
- create new file /etc/httpd/mods-available/negotiation.load
- update content in file /etc/httpd/mods-available/negotiation.load from none to 114b49
--- /etc/httpd/mods-available/negotiation.load 2017-01-26 20:49:52.252596722 +0000
+++ /etc/httpd/mods-available/.chef-negotiation20170126-11192-1jfhjlq.load 2017-01-26 20:49:52.252596722 +0000
@@ -1 +1,2 @@
+LoadModule negotiation_module /usr/lib64/httpd/modules/mod_negotiation.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod negotiation] action run
- execute /usr/sbin/a2enmod negotiation
Recipe: apache2::mod_setenvif
* template[/etc/httpd/mods-available/setenvif.conf] action create
- create new file /etc/httpd/mods-available/setenvif.conf
- update content in file /etc/httpd/mods-available/setenvif.conf from none to fb5a27
--- /etc/httpd/mods-available/setenvif.conf 2017-01-26 20:49:52.316628719 +0000
+++ /etc/httpd/mods-available/.chef-setenvif20170126-11192-iq2jjl.conf 2017-01-26 20:49:52.316628719 +0000
@@ -1 +1,29 @@
+<IfModule mod_setenvif.c>
+ #
+ # The following directives modify normal HTTP response behavior to
+ # handle known problems with browser implementations.
+ #
+ BrowserMatch "Mozilla/2" nokeepalive
+ BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+ BrowserMatch "RealPlayer 4\.0" force-response-1.0
+ BrowserMatch "Java/1\.0" force-response-1.0
+ BrowserMatch "JDK/1\.0" force-response-1.0
+
+ #
+ # The following directive disables redirects on non-GET requests for
+ # a directory that does not include the trailing slash. This fixes a
+ # problem with Microsoft WebFolders which does not appropriately handle
+ # redirects for folders with DAV methods.
+ # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+ #
+ BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+ BrowserMatch "MS FrontPage" redirect-carefully
+ BrowserMatch "^WebDrive" redirect-carefully
+ BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
+ BrowserMatch "^gnome-vfs/1.0" redirect-carefully
+ BrowserMatch "^gvfs/1" redirect-carefully
+ BrowserMatch "^XML Spy" redirect-carefully
+ BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+ BrowserMatch " Konqueror/4" redirect-carefully
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/setenvif.load] action create
- create new file /etc/httpd/mods-available/setenvif.load
- update content in file /etc/httpd/mods-available/setenvif.load from none to 3b5f9f
--- /etc/httpd/mods-available/setenvif.load 2017-01-26 20:49:52.347644218 +0000
+++ /etc/httpd/mods-available/.chef-setenvif20170126-11192-1m7mcjr.load 2017-01-26 20:49:52.347644218 +0000
@@ -1 +1,2 @@
+LoadModule setenvif_module /usr/lib64/httpd/modules/mod_setenvif.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod setenvif] action run
- execute /usr/sbin/a2enmod setenvif
Recipe: apache2::mod_log_config
* file[/etc/httpd/mods-available/log_config.load] action create
- create new file /etc/httpd/mods-available/log_config.load
- update content in file /etc/httpd/mods-available/log_config.load from none to 73d95c
--- /etc/httpd/mods-available/log_config.load 2017-01-26 20:49:52.451696214 +0000
+++ /etc/httpd/mods-available/.chef-log_config20170126-11192-t5ejex.load 2017-01-26 20:49:52.450695715 +0000
@@ -1 +1,2 @@
+LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod log_config] action run
- execute /usr/sbin/a2enmod log_config
Recipe: apache2::mod_logio
* file[/etc/httpd/mods-available/logio.load] action create
- create new file /etc/httpd/mods-available/logio.load
- update content in file /etc/httpd/mods-available/logio.load from none to d7e67c
--- /etc/httpd/mods-available/logio.load 2017-01-26 20:49:52.566753710 +0000
+++ /etc/httpd/mods-available/.chef-logio20170126-11192-1abiztd.load 2017-01-26 20:49:52.566753710 +0000
@@ -1 +1,2 @@
+LoadModule logio_module /usr/lib64/httpd/modules/mod_logio.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod logio] action run
- execute /usr/sbin/a2enmod logio
Recipe: apache2::mod_unixd
* file[/etc/httpd/mods-available/unixd.load] action create
- create new file /etc/httpd/mods-available/unixd.load
- update content in file /etc/httpd/mods-available/unixd.load from none to 4cb8ec
--- /etc/httpd/mods-available/unixd.load 2017-01-26 20:49:52.696818706 +0000
+++ /etc/httpd/mods-available/.chef-unixd20170126-11192-10839f8.load 2017-01-26 20:49:52.696818706 +0000
@@ -1 +1,2 @@
+LoadModule unixd_module /usr/lib64/httpd/modules/mod_unixd.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod unixd] action run
- execute /usr/sbin/a2enmod unixd
Recipe: apache2::mod_systemd
* file[/etc/httpd/mods-available/systemd.load] action create
- create new file /etc/httpd/mods-available/systemd.load
- update content in file /etc/httpd/mods-available/systemd.load from none to f75665
--- /etc/httpd/mods-available/systemd.load 2017-01-26 20:49:52.795868202 +0000
+++ /etc/httpd/mods-available/.chef-systemd20170126-11192-188bthk.load 2017-01-26 20:49:52.795868202 +0000
@@ -1 +1,2 @@
+LoadModule systemd_module /usr/lib64/httpd/modules/mod_systemd.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod systemd] action run
- execute /usr/sbin/a2enmod systemd
Recipe: apache2::default
* service[apache2] action enable
- enable service service[apache2]
* service[apache2] action start
- start service service[apache2]
Recipe: apache2::mod_headers
* file[/etc/httpd/mods-available/headers.load] action create
- create new file /etc/httpd/mods-available/headers.load
- update content in file /etc/httpd/mods-available/headers.load from none to b039b4
--- /etc/httpd/mods-available/headers.load 2017-01-26 20:49:53.536238175 +0000
+++ /etc/httpd/mods-available/.chef-headers20170126-11192-152i8re.load 2017-01-26 20:49:53.536238175 +0000
@@ -1 +1,2 @@
+LoadModule headers_module /usr/lib64/httpd/modules/mod_headers.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod headers] action run
- execute /usr/sbin/a2enmod headers
Recipe: apache2::mod_proxy
* template[/etc/httpd/mods-available/proxy.conf] action create
- create new file /etc/httpd/mods-available/proxy.conf
- update content in file /etc/httpd/mods-available/proxy.conf from none to 137642
--- /etc/httpd/mods-available/proxy.conf 2017-01-26 20:49:53.697318669 +0000
+++ /etc/httpd/mods-available/.chef-proxy20170126-11192-13dpuhj.conf 2017-01-26 20:49:53.697318669 +0000
@@ -1 +1,18 @@
+<IfModule mod_proxy.c>
+ #turning ProxyRequests on and allowing proxying from all may allow
+ #spammers to use your proxy to send email.
+
+ ProxyRequests Off
+
+ <Proxy *>
+ AddDefaultCharset off
+ Require all denied
+ </Proxy>
+
+ # Enable/disable the handling of HTTP/1.1 "Via:" headers.
+ # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
+ # Set to one of: Off | On | Full | Block
+
+ ProxyVia On
+</IfModule>
- change mode from '' to '0644'
- restore selinux security context
* file[/etc/httpd/mods-available/proxy.load] action create
- create new file /etc/httpd/mods-available/proxy.load
- update content in file /etc/httpd/mods-available/proxy.load from none to a83d3b
--- /etc/httpd/mods-available/proxy.load 2017-01-26 20:49:53.737338668 +0000
+++ /etc/httpd/mods-available/.chef-proxy20170126-11192-quzmy2.load 2017-01-26 20:49:53.737338668 +0000
@@ -1 +1,2 @@
+LoadModule proxy_module /usr/lib64/httpd/modules/mod_proxy.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod proxy] action run
- execute /usr/sbin/a2enmod proxy
Recipe: apache2::mod_proxy_http
* file[/etc/httpd/mods-available/proxy_http.load] action create
- create new file /etc/httpd/mods-available/proxy_http.load
- update content in file /etc/httpd/mods-available/proxy_http.load from none to 5b8e8e
--- /etc/httpd/mods-available/proxy_http.load 2017-01-26 20:49:53.870405163 +0000
+++ /etc/httpd/mods-available/.chef-proxy_http20170126-11192-1taw3l9.load 2017-01-26 20:49:53.870405163 +0000
@@ -1 +1,2 @@
+LoadModule proxy_http_module /usr/lib64/httpd/modules/mod_proxy_http.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod proxy_http] action run
- execute /usr/sbin/a2enmod proxy_http
Recipe: apache2::mod_rewrite
* file[/etc/httpd/mods-available/rewrite.load] action create
- create new file /etc/httpd/mods-available/rewrite.load
- update content in file /etc/httpd/mods-available/rewrite.load from none to 819a3c
--- /etc/httpd/mods-available/rewrite.load 2017-01-26 20:49:53.998469158 +0000
+++ /etc/httpd/mods-available/.chef-rewrite20170126-11192-8aorx.load 2017-01-26 20:49:53.998469158 +0000
@@ -1 +1,2 @@
+LoadModule rewrite_module /usr/lib64/httpd/modules/mod_rewrite.so
- change mode from '' to '0644'
- restore selinux security context
* execute[a2enmod rewrite] action run
- execute /usr/sbin/a2enmod rewrite
Recipe: rundeck::apache
* execute[a2dissite default.conf] action run (skipped due to only_if)
* execute[a2dissite 000-default.conf] action run (skipped due to only_if)
* template[apache-config] action create
- create new file /etc/httpd/sites-available/rundeck.conf
- update content in file /etc/httpd/sites-available/rundeck.conf from none to dc8202
--- /etc/httpd/sites-available/rundeck.conf 2017-01-26 20:49:54.202571151 +0000
+++ /etc/httpd/sites-available/.chef-rundeck20170126-11192-qu3xt7.conf 2017-01-26 20:49:54.202571151 +0000
@@ -1 +1,44 @@
+<VirtualHost *:80>
+ ServerName localhost
+ ServerAdmin rundeck@kitchentest
+
+ ErrorLog /var/log/httpd/rundeck_error.log
+ TransferLog /var/log/httpd/rundeck_access.log
+
+ DocumentRoot /var/www/html
+ ServerSignature On
+
+ <Proxy *>
+ <IfModule mod_authz_core.c>
+ Require all granted
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ Order deny,allow
+ Allow from all
+ </IfModule>
+ </Proxy>
+
+ ProxyPass / http://localhost:4440/
+ ProxyPassReverse / http://localhost:4440/
+
+ <Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ </Directory>
+ <Location /server-status>
+ SetHandler server-status
+
+ <IfModule mod_authz_core.c>
+ Require ip 127.0.0.1
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ Order deny,allow
+ Deny from all
+ Allow from 127.0.0.1
+ </IfModule>
+
+ </Location>
+
+</VirtualHost>
+
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* execute[a2ensite rundeck.conf] action run
- execute /usr/sbin/a2ensite rundeck.conf
Recipe: simple_passenger::default
* execute[restart app] action nothing (skipped due to action :nothing)
* execute[stop app] action nothing (skipped due to action :nothing)
* group[passenger group] action create (up to date)
* linux_user[passenger user] action create (up to date)
* directory[app log dir] action create
- create new directory /var/log/better-chef-rundeck
- change mode from '' to '0774'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
Recipe: logrotate::default
* yum_package[logrotate] action install (up to date)
* directory[/etc/logrotate.d] action create (up to date)
Recipe: simple_passenger::default
* template[/etc/logrotate.d/better-chef-rundeck] action create
- create new file /etc/logrotate.d/better-chef-rundeck
- update content in file /etc/logrotate.d/better-chef-rundeck from none to 3fb0bc
--- /etc/logrotate.d/better-chef-rundeck 2017-01-26 20:49:54.419679643 +0000
+++ /etc/logrotate.d/.chef-better-chef-rundeck20170126-11192-ivnnzv 2017-01-26 20:49:54.419679643 +0000
@@ -1 +1,14 @@
+# This file was generated by Chef for better-chef-rundeck-centos-72.
+# Do not modify this file by hand!
+
+"/var/log/better-chef-rundeck.log" {
+ daily
+ create 644 rundeck rundeck
+ rotate 7
+ missingok
+ compress
+ delaycompress
+ copytruncate
+ notifempty
+}
- change mode from '' to '0440'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* directory[pid dir] action create
- create new directory /var/run/better-chef-rundeck
- change mode from '' to '0774'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* directory[app dir] action create
- create new directory /opt/better-chef-rundeck
- change mode from '' to '0774'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* yum_package[git] action install
- install version 1.8.3.1-6.el7_2.1 of package git
* git[app] action sync
- clone from https://github.com/atheiman/better-chef-rundeck.git into /opt/better-chef-rundeck
- checkout ref b0c2bea40c39133b9813362301b984a86799d625 branch master
* template[passengerfile] action create
- create new file /opt/better-chef-rundeck/Passengerfile.json
- update content in file /opt/better-chef-rundeck/Passengerfile.json from none to 20e8ec
--- /opt/better-chef-rundeck/Passengerfile.json 2017-01-26 20:50:10.204567571 +0000
+++ /opt/better-chef-rundeck/.chef-Passengerfile20170126-11192-iemo5x.json 2017-01-26 20:50:10.204567571 +0000
@@ -1 +1,13 @@
+{
+ "daemonize": true,
+ "environment": "production",
+ "envvars": {
+ "BCR_CHEF_CONFIG": "/etc/chef/rundeck.rb"
+ },
+ "log_file": "/var/log/better-chef-rundeck.log",
+ "pid_file": "/var/run/better-chef-rundeck/better-chef-rundeck.pid",
+ "port": 4000,
+ "ruby": "/usr/local/ruby/2.2.5/bin/ruby",
+ "user": "rundeck"
+}
- change mode from '' to '0664'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
Recipe: build-essential::default
* build_essential[install_packages] action install
* yum_package[autoconf, bison, flex, gcc, gcc-c++, gettext, kernel-devel, make, m4, ncurses-devel, patch] action install (up to date)
(up to date)
Recipe: simple_passenger::default
* yum_package[ruby devel dependencies] action install
- install version 1.0.1e-60.el7 of package openssl-devel
- install version 6.2-9.el7 of package readline-devel
- install version 1.2.7-17.el7 of package zlib-devel
Recipe: ruby_build::default
* yum_package[tar] action install (up to date)
* yum_package[bash] action install (up to date)
* yum_package[curl] action install (up to date)
* yum_package[git] action install (skipped due to not_if)
* execute[Install ruby-build] action nothing (skipped due to action :nothing)
* directory[/tmp/kitchen/cache] action create (up to date)
* git[/tmp/kitchen/cache/ruby-build] action checkout
- clone from https://github.com/sstephenson/ruby-build.git into /tmp/kitchen/cache/ruby-build
- checkout ref 3d593941745946a96b46f16ccb87aca9a7bd1014 branch master
* execute[Install ruby-build] action run
- execute ./install.sh
Recipe: simple_passenger::default
* ruby_build_ruby[app ruby version 2.2.5] action install
* execute[ruby-build[2.2.5]] action run
- execute /usr/local/bin/ruby-build "2.2.5" "/usr/local/ruby/2.2.5"
* execute[ruby-build[2.2.5]] action nothing (skipped due to action :nothing)
* gem_package[bundler] action install
- install version ~> 1.12.0 of package bundler
* execute[bundle install] action run
- execute /usr/local/ruby/2.2.5/bin/bundle install --deployment --without development test
* execute[start app] action run
- execute /usr/local/ruby/2.2.5/bin/bundle exec passenger start
Recipe: rundeck::chef_server_config
* template[/etc/chef/rundeck.rb] action create
- create new file /etc/chef/rundeck.rb
- update content in file /etc/chef/rundeck.rb from none to 982a4f
--- /etc/chef/rundeck.rb 2017-01-26 20:56:56.439568857 +0000
+++ /etc/chef/.chef-rundeck20170126-11192-1714pfg.rb 2017-01-26 20:56:56.439568857 +0000
@@ -1 +1,9 @@
+log_level :info
+log_location STDOUT
+node_name 'chef-rundeck'
+client_key '/etc/chef/rundeck.pem'
+validation_client_name 'chef-validator'
+validation_key '/etc/chef/validation.pem'
+chef_server_url 'http://localhost:8089'
+cache_type 'BasicFile'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* file[/etc/chef/rundeck.pem] action create
- create new file /etc/chef/rundeck.pem
- update content in file /etc/chef/rundeck.pem from none to 4af3a7
--- /etc/chef/rundeck.pem 2017-01-26 20:56:56.478588356 +0000
+++ /etc/chef/.chef-rundeck20170126-11192-17wp0sj.pem 2017-01-26 20:56:56.476587356 +0000
@@ -1 +1,28 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAufewdB8WpVsSgkuss/EUaB+JYHYCu2nhg/nGb6oqpbmzV1DF
+N7d86xcotCVcJkX4fWWHsO61vGJAZK0+vodp7qBfIpnCPurNqV81zLw6g/grDjqe
+4Ha/U/By++ldNnFjKtKK1zD/xrt9/fUaL+bgDVWugcD5mAh6erH9jf1BTUka0Etl
+wge1B6kvbCbbi4yW2UWgTWIxrKbAtx1WDSjyqLArbwKhvToDYao+4QWOSsSMifC5
+bWgTL/YXtblPrrBx2W09qdT/hSVs2wTn1zM/eZzIQGmKFmhn4J1dvO5tOsgBzlkQ
+i6uTeivecz5/Z5qg+JFHQf5g1/8b1u08M1aPPQIDAQABAoIBAQC0ufunvha59/nS
+2kwqS12zmwJc1hLto4ZgRbsNBeiQShn5/yrKbO1fYpBSEgStxU4qPyNRVYsUWr+N
+l7fkXaEbIIuUCq11i6b2tOqJ31tWqTTejSWdqolhv8le+3l00Vi4Ywg+/QV1Uvys
+cyhR6SNQkjYXLzzg/UxaNOPeu4Jc4ciu6wuvnlqy46LkxMNV0bjb7u10lRwWnwBI
+Ja8bQZsamr8lMEktseHenppIhEnvEs7l1bmaogFJGFUAwskADAWQ07L0vSqLqpQd
+Na5/SKrflkZQjS0mvq7vBQi66ZyXoKfIHVRPuG9o53Az2Nq4SnZyHJvHEx1Hpn6k
+qjkDmFVZAoGBANsAGDSeg0BO9teL0eaD+wH6zA68FxMyYKPpeU908+m5J1ZIyFRK
+tHzBOkQWIuBSRXT+hsT0YJogCwp88Pv+JvHUHrAg/evztWrpsjh/oV3ooyWDJfec
+Vay9KEPacWkRVSNOOxicu8MPaRVknMmOzYgOXNiBakLoP40dhquMgeHzAoGBANli
+51WHQaCBK5yNI2WMWgN+h+/JL5dN0G1Gx5XBmMfV5BFJ9H+7Ig/VUt312/1HAoEu
+g27AaqIvWhnlEuvSuwuthDzevFeAeImsRwFqbrv3mHo8XqHnZTY5UMACdTRThP3E
+0ke5P+8GIEQIG5xLZka+F0adeA00VFEgDe3S3uYPAoGARUdWYO70HlfchntYv09p
+DEtGWjLuKch6AeBN2/DnaDyGUSldFi07w2ts/zTxe30LM+OAxrV4CcmxNHQp182i
+jEXKH3WQXiAOd+/NzUmyxn5dffRrAlWWVLrSDgUAc3hkMnMBBtwuGZq6Z2YYozpl
+knDYtjTaZKgL0pxQidw9CjkCgYAVZrtHnE1Fs/HLM8nsUWj7NxXC8ZeR2cNPPsyf
+XbPg2Jnfadx8RrwPuvyxhWbnBHqmpSGjYaYd2XORYQ//z3tCpw6Bv5vjMW6sfx1u
+cj/8mV+ViSP35IP+Vp4wiQ1o3WAWa64YCZDVw1Ch4fp15KZpCIXaGd6bzi8O3Y0B
+gOUY2QKBgQCNknpg/hLgrIC8x7139xVVG7zad3x0/pcGJpRtqALweDfzkofIgeLj
+Xhgf9I9JYnOUtXlprUnoIkFN0l+Q0x4t0/wMND2fkvR1JI/9KjHLZAwNyCn+Gbt3
+ZfbfscNkrXB6kc47E9XY5T7sokmK3V4+k9Bt1P1RT9WbcSb7QLvqzQ==
+-----END RSA PRIVATE KEY-----
- change mode from '' to '0400'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
Recipe: rundeck::chef-rundeck
* directory[/etc/chef] action create (up to date)
* file[/etc/chef/chef-rundeck.json] action create
- create new file /etc/chef/chef-rundeck.json
- update content in file /etc/chef/chef-rundeck.json from none to 703e90
--- /etc/chef/chef-rundeck.json 2017-01-26 20:56:56.514606354 +0000
+++ /etc/chef/.chef-chef-rundeck20170126-11192-50wzv0.json 2017-01-26 20:56:56.513605854 +0000
@@ -1 +1,9 @@
+{
+ "localhost": {
+ "pattern": "*:*",
+ "username": "rundeck",
+ "hostname": "ipaddress",
+ "attributes": null
+ }
+}
- change mode from '' to '0644'
- restore selinux security context
* chef_gem[chef-rundeck] action upgrade (skipped due to not_if)
* chef_gem[chef-rundeck] action upgrade (up to date)
* chef_gem[sinatra] action install (up to date)
* directory[/var/log/chef-rundeck] action create
- create new directory /var/log/chef-rundeck
- change mode from '' to '0755'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* file[/var/log/chef-rundeck/server.log] action create_if_missing
- create new file /var/log/chef-rundeck/server.log
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
- restore selinux security context
* template[/etc/systemd/system/chef-rundeck.service] action create
- create new file /etc/systemd/system/chef-rundeck.service
- update content in file /etc/systemd/system/chef-rundeck.service from none to fd3063
--- /etc/systemd/system/chef-rundeck.service 2017-01-26 20:56:57.379038323 +0000
+++ /etc/systemd/system/.chef-chef-rundeck20170126-11192-17hnr9y.service 2017-01-26 20:56:57.379038323 +0000
@@ -1 +1,14 @@
+# Managed by Chef cookbook rundeck
+[Unit]
+Description=Chef Rundeck service
+After=network.target
+
+[Service]
+Type=simple
+User=rundeck
+ExecStart=/opt/chef/embedded/bin/chef-rundeck -c /etc/chef/rundeck.rb -f /etc/chef/chef-rundeck.json -w https://chef.kitchentest -o 0.0.0.0 -p 9980 -u rundeck -t 30 2>&1 > /var/log/chef-rundeck/server.log
+Restart=on-abort
+
+[Install]
+WantedBy=multi-user.target
- restore selinux security context
* template[/etc/init/chef-rundeck.conf] action create (skipped due to only_if)
* service[chef-rundeck] action start
- start service service[chef-rundeck]
Recipe: rundeck_fixtures::chef_zero
* chef_gem[chef-zero] action install (up to date)
* chef_gem[ridley] action install (up to date)
* execute[server] action run
- execute bin/chef-zero -H localhost -p 8089 -d
* ruby_block[Add test nodes in chef-zero server] action run
- execute the ruby block Add test nodes in chef-zero server
Recipe: rundeck::server_install
* service[rundeck] action nothing (skipped due to action :nothing)
Recipe: apache2::default
* service[apache2] action restart
- restart service service[apache2]
* service[apache2] action reload
- reload service service[apache2]
Recipe: simple_passenger::default
* execute[stop app] action run
- execute /usr/local/ruby/2.2.5/bin/bundle exec passenger stop
* execute[restart app] action run (skipped due to only_if)
Recipe: rundeck::chef-rundeck
* service[chef-rundeck] action restart
- restart service service[chef-rundeck]
Recipe: simple_passenger::default
* execute[start app] action run
- execute /usr/local/ruby/2.2.5/bin/bundle exec passenger start
Running handlers:
Running handlers complete
Deprecated features used!
method access to node attributes (node.foo.bar) is deprecated and will be removed in Chef 13, please use bracket syntax (node["foo"]["bar"]) at 3 locations:
- /tmp/kitchen/cache/cookbooks/ruby_build/attributes/default.rb:32:in `from_file'
- (erubis):47:in `block in evaluate'
- (erubis):183:in `block in evaluate'
See https://docs.chef.io/deprecations_attributes.html for further details.
node.set is deprecated and will be removed in Chef 14, please use node.default/node.override (or node.normal only if you really need persistence) at 4 locations:
- /tmp/kitchen/cache/cookbooks/ruby_build/attributes/default.rb:34:in `from_file'
- /tmp/kitchen/cache/cookbooks/ruby_build/attributes/default.rb:35:in `from_file'
- /tmp/kitchen/cache/cookbooks/ruby_build/attributes/default.rb:36:in `from_file'
- /tmp/kitchen/cache/cookbooks/ruby_build/attributes/default.rb:42:in `from_file'
See https://docs.chef.io/deprecations_attributes.html for further details.
Cloning resource attributes for directory[/var/lib/rundeck] from prior resource
Previous directory[/var/lib/rundeck]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/node_unix.rb:39:in `from_file'
Current directory[/var/lib/rundeck]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/server_install.rb:89:in `from_file' at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/server_install.rb:89:in `from_file'
See https://docs.chef.io/deprecations_resource_cloning.html for further details.
Cloning resource attributes for directory[/var/lib/rundeck/.ssh] from prior resource
Previous directory[/var/lib/rundeck/.ssh]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/node_unix.rb:46:in `from_file'
Current directory[/var/lib/rundeck/.ssh]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/server_install.rb:126:in `from_file' at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/server_install.rb:126:in `from_file'
See https://docs.chef.io/deprecations_resource_cloning.html for further details.
Cloning resource attributes for yum_package[git] from prior resource
Previous yum_package[git]: /tmp/kitchen/cache/cookbooks/simple_passenger/recipes/default.rb:93:in `from_file'
Current yum_package[git]: /tmp/kitchen/cache/cookbooks/ruby_build/recipes/default.rb:38:in `block in from_file' at 1 location:
- /tmp/kitchen/cache/cookbooks/ruby_build/recipes/default.rb:38:in `block in from_file'
See https://docs.chef.io/deprecations_resource_cloning.html for further details.
chef_gem[chef-rundeck] chef_gem compile_time installation is deprecated. Please set `compile_time false` on the resource to use the new behavior, or set `compile_time true` on the resource if compile_time behavior is required. at 2 locations:
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:49:in `from_file'
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:55:in `from_file'
See https://docs.chef.io/deprecations_chef_gem_compile_time.html for further details.
Cloning resource attributes for chef_gem[chef-rundeck] from prior resource
Previous chef_gem[chef-rundeck]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:49:in `from_file'
Current chef_gem[chef-rundeck]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:55:in `from_file' at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:55:in `from_file'
See https://docs.chef.io/deprecations_resource_cloning.html for further details.
chef_gem[sinatra] chef_gem compile_time installation is deprecated. Please set `compile_time false` on the resource to use the new behavior, or set `compile_time true` on the resource if compile_time behavior is required. at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:60:in `from_file'
See https://docs.chef.io/deprecations_chef_gem_compile_time.html for further details.
chef_gem[chef-zero] chef_gem compile_time installation is deprecated. Please set `compile_time false` on the resource to use the new behavior, or set `compile_time true` on the resource if compile_time behavior is required. at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck_fixtures/recipes/chef_zero.rb:3:in `from_file'
See https://docs.chef.io/deprecations_chef_gem_compile_time.html for further details.
chef_gem[ridley] chef_gem compile_time installation is deprecated. Please set `compile_time false` on the resource to use the new behavior, or set `compile_time true` on the resource if compile_time behavior is required. at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck_fixtures/recipes/chef_zero.rb:4:in `from_file'
See https://docs.chef.io/deprecations_chef_gem_compile_time.html for further details.
Chef Client finished, 163/224 resources updated in 09 minutes 54 seconds
W, [2017-01-26T20:57:04.269844 #11192] WARN -- : Terminating task: type=:finalizer, meta={:method_name=>:__shutdown__}, status=:receiving
Celluloid::TaskFiber backtrace unavailable. Please try `Celluloid.task_class = Celluloid::TaskThread` if you need backtraces here.
W, [2017-01-26T20:57:04.270583 #11192] WARN -- : Terminating task: type=:finalizer, meta={:method_name=>:__shutdown__}, status=:receiving
Celluloid::TaskFiber backtrace unavailable. Please try `Celluloid.task_class = Celluloid::TaskThread` if you need backtraces here.
W, [2017-01-26T20:57:04.271321 #11192] WARN -- : Terminating task: type=:finalizer, meta={:method_name=>:__shutdown__}, status=:receiving
Celluloid::TaskFiber backtrace unavailable. Please try `Celluloid.task_class = Celluloid::TaskThread` if you need backtraces here.
Finished converging <better-chef-rundeck-centos-72> (10m16.21s).
-----> Setting up <better-chef-rundeck-centos-72>...
Finished setting up <better-chef-rundeck-centos-72> (0m0.00s).
-----> Verifying <better-chef-rundeck-centos-72>...
Preparing files for transfer
-----> Installing Busser (busser)
Fetching: thor-0.19.0.gem
Fetching: thor-0.19.0.gem ( 3%)
Fetching: thor-0.19.0.gem ( 6%)
Fetching: thor-0.19.0.gem ( 9%)
Fetching: thor-0.19.0.gem ( 12%)
Fetching: thor-0.19.0.gem ( 15%)
Fetching: thor-0.19.0.gem ( 17%)
Fetching: thor-0.19.0.gem ( 20%)
Fetching: thor-0.19.0.gem ( 23%)
Fetching: thor-0.19.0.gem ( 26%)
Fetching: thor-0.19.0.gem ( 29%)
Fetching: thor-0.19.0.gem ( 32%)
Fetching: thor-0.19.0.gem ( 35%)
Fetching: thor-0.19.0.gem ( 53%)
Fetching: thor-0.19.0.gem ( 71%)
Fetching: thor-0.19.0.gem ( 89%)
Fetching: thor-0.19.0.gem (100%)
Fetching: thor-0.19.0.gem (100%)
Successfully installed thor-0.19.0
Fetching: busser-0.7.1.gem
Fetching: busser-0.7.1.gem ( 64%)
Fetching: busser-0.7.1.gem (100%)
Fetching: busser-0.7.1.gem (100%)
Successfully installed busser-0.7.1
2 gems installed
Installing Busser plugins: busser-serverspec
Plugin serverspec installed (version 0.5.10)
-----> Running postinstall for serverspec plugin
Suite path directory /tmp/verifier/suites does not exist, skipping.
Transferring files to <better-chef-rundeck-centos-72>
-----> Running serverspec test suite
-----> Installing Serverspec..
Fetching: diff-lcs-1.3.gem
Fetching: diff-lcs-1.3.gem ( 5%)
Fetching: diff-lcs-1.3.gem ( 11%)
Fetching: diff-lcs-1.3.gem ( 17%)
Fetching: diff-lcs-1.3.gem ( 23%)
Fetching: diff-lcs-1.3.gem ( 28%)
Fetching: diff-lcs-1.3.gem ( 34%)
Fetching: diff-lcs-1.3.gem ( 40%)
Fetching: diff-lcs-1.3.gem ( 46%)
Fetching: diff-lcs-1.3.gem ( 52%)
Fetching: diff-lcs-1.3.gem ( 58%)
Fetching: diff-lcs-1.3.gem ( 64%)
Fetching: diff-lcs-1.3.gem ( 70%)
Fetching: diff-lcs-1.3.gem (100%)
Fetching: diff-lcs-1.3.gem (100%)
Fetching: rspec-expectations-3.5.0.gem
Fetching: rspec-expectations-3.5.0.gem ( 21%)
Fetching: rspec-expectations-3.5.0.gem ( 42%)
Fetching: rspec-expectations-3.5.0.gem ( 63%)
Fetching: rspec-expectations-3.5.0.gem ( 84%)
Fetching: rspec-expectations-3.5.0.gem (100%)
Fetching: rspec-expectations-3.5.0.gem (100%)
Fetching: rspec-mocks-3.5.0.gem
Fetching: rspec-mocks-3.5.0.gem ( 21%)
Fetching: rspec-mocks-3.5.0.gem ( 42%)
Fetching: rspec-mocks-3.5.0.gem ( 63%)
Fetching: rspec-mocks-3.5.0.gem ( 85%)
Fetching: rspec-mocks-3.5.0.gem (100%)
Fetching: rspec-mocks-3.5.0.gem (100%)
Fetching: rspec-3.5.0.gem
Fetching: rspec-3.5.0.gem (100%)
Fetching: rspec-3.5.0.gem (100%)
Fetching: rspec-its-1.2.0.gem
Fetching: rspec-its-1.2.0.gem (100%)
Fetching: rspec-its-1.2.0.gem (100%)
Fetching: multi_json-1.12.1.gem
Fetching: multi_json-1.12.1.gem ( 60%)
Fetching: multi_json-1.12.1.gem (100%)
Fetching: multi_json-1.12.1.gem (100%)
Fetching: net-ssh-4.0.1.gem
Fetching: net-ssh-4.0.1.gem ( 13%)
Fetching: net-ssh-4.0.1.gem ( 26%)
Fetching: net-ssh-4.0.1.gem ( 40%)
Fetching: net-ssh-4.0.1.gem ( 53%)
Fetching: net-ssh-4.0.1.gem ( 66%)
Fetching: net-ssh-4.0.1.gem ( 80%)
Fetching: net-ssh-4.0.1.gem ( 93%)
Fetching: net-ssh-4.0.1.gem (100%)
Fetching: net-ssh-4.0.1.gem (100%)
Fetching: net-scp-1.2.1.gem
Fetching: net-scp-1.2.1.gem ( 48%)
Fetching: net-scp-1.2.1.gem ( 98%)
Fetching: net-scp-1.2.1.gem (100%)
Fetching: net-scp-1.2.1.gem (100%)
Fetching: net-telnet-0.1.1.gem
Fetching: net-telnet-0.1.1.gem ( 92%)
Fetching: net-telnet-0.1.1.gem (100%)
Fetching: net-telnet-0.1.1.gem (100%)
Fetching: sfl-2.3.gem
Fetching: sfl-2.3.gem (100%)
Fetching: sfl-2.3.gem (100%)
Fetching: specinfra-2.66.6.gem
Fetching: specinfra-2.66.6.gem ( 19%)
Fetching: specinfra-2.66.6.gem ( 39%)
Fetching: specinfra-2.66.6.gem ( 58%)
Fetching: specinfra-2.66.6.gem ( 78%)
Fetching: specinfra-2.66.6.gem ( 98%)
Fetching: specinfra-2.66.6.gem (100%)
Fetching: specinfra-2.66.6.gem (100%)
Fetching: serverspec-2.38.0.gem
Fetching: serverspec-2.38.0.gem ( 40%)
Fetching: serverspec-2.38.0.gem ( 82%)
Fetching: serverspec-2.38.0.gem (100%)
Fetching: serverspec-2.38.0.gem (100%)
-----> serverspec installed (version 2.38.0)
/opt/chef/embedded/bin/ruby -I/tmp/verifier/suites/serverspec -I/tmp/verifier/gems/gems/rspec-support-3.5.0/lib:/tmp/verifier/gems/gems/rspec-core-3.5.4/lib /opt/chef/embedded/bin/rspec --pattern /tmp/verifier/suites/serverspec/\*\*/\*_spec.rb --color --format documentation --default-path /tmp/verifier/suites/serverspec
better-chef-rundeck
when request is made to server
 is up and running
when request is made to server with '*:*' search query
 returns all nodes from chef server
when request is made to server with specific search query
 returns nodes which satisfies search query
Finished in 0.03494 seconds (files took 0.34293 seconds to load)
3 examples, 0 failures
Finished verifying <better-chef-rundeck-centos-72> (0m7.70s).
-----> Destroying <better-chef-rundeck-centos-72>...
==> default: Forcing shutdown of VM...
==> default: Destroying VM and associated drives...
Vagrant instance <better-chef-rundeck-centos-72> destroyed.
Finished destroying <better-chef-rundeck-centos-72> (0m4.50s).
Finished testing <better-chef-rundeck-centos-72> (11m5.49s).
-----> Cleaning up any prior instances of <better-chef-rundeck-ubuntu-1404>
-----> Destroying <better-chef-rundeck-ubuntu-1404>...
Finished destroying <better-chef-rundeck-ubuntu-1404> (0m0.00s).
-----> Testing <better-chef-rundeck-ubuntu-1404>
-----> Creating <better-chef-rundeck-ubuntu-1404>...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'bento/ubuntu-14.04'...
Progress: 20%
Progress: 30%
Progress: 40%
Progress: 50%
Progress: 60%
Progress: 70%
Progress: 80%
Progress: 90%
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'bento/ubuntu-14.04' is up to date...
==> default: A newer version of the box 'bento/ubuntu-14.04' is available! You currently
==> default: have version '2.2.7'. The latest is version '2.3.1'. Run
==> default: `vagrant box update` to update.
==> default: Setting the name of the VM: kitchen-rundeck-better-chef-rundeck-ubuntu-1404_default_1485464249791_17159
==> default: Fixed port collision for 22 => 2222. Now on port 2200.
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
==> default: Forwarding ports...
default: 22 (guest) => 2200 (host) (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2200
default: SSH username: vagrant
default: SSH auth method: private key
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
==> default: Setting hostname...
==> default: Mounting shared folders...
default: /tmp/omnibus/cache => /Users/sg045734/.kitchen/cache
==> default: Machine not provisioned because `--no-provision` is specified.
[SSH] Established
Vagrant instance <better-chef-rundeck-ubuntu-1404> created.
Finished creating <better-chef-rundeck-ubuntu-1404> (0m32.26s).
-----> Converging <better-chef-rundeck-ubuntu-1404>...
Preparing files for transfer
Preparing dna.json
Resolving cookbook dependencies with Berkshelf 4.3.5...
Removing non-cookbook files before transfer
Preparing data_bags
Preparing validation.pem
Preparing client.rb
-----> Installing Chef Omnibus (install only if missing)
Downloading https://omnitruck.chef.io/install.sh to file /tmp/install.sh
Trying wget...
Download complete.
ubuntu 14.04 x86_64
Getting information for chef stable for ubuntu...
downloading https://omnitruck.chef.io/stable/chef/metadata?v=&p=ubuntu&pv=14.04&m=x86_64
to file /tmp/install.sh.1166/metadata.txt
trying wget...
sha1 a8c749bfde759692abdd98ae1b841ad089fe5461
sha256 4fdabf0ae37c999795bef5e97133c1b78182129edec28c17ccf9ca6661dcc754
url https://packages.chef.io/files/stable/chef/12.18.31/ubuntu/14.04/chef_12.18.31-1_amd64.deb
version 12.18.31
downloaded metadata file looks valid...
/tmp/omnibus/cache/chef_12.18.31-1_amd64.deb already exists, verifiying checksum...
Comparing checksum with sha256sum...
checksum compare succeeded, using existing file!
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
You are installing an omnibus package without a version pin. If you are installing
on production servers via an automated process this is DANGEROUS and you will
be upgraded without warning on new releases, even to new major releases.
Letting the version float is only appropriate in desktop, test, development or
CI/CD environments.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
Installing chef
installing with dpkg...
Selecting previously unselected package chef.
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 32948 files and directories currently installed.)
Preparing to unpack .../chef_12.18.31-1_amd64.deb ...
Unpacking chef (12.18.31-1) ...
Setting up chef (12.18.31-1) ...
Thank you for installing Chef!
Transferring files to <better-chef-rundeck-ubuntu-1404>
Starting Chef Client, version 12.18.31
Creating a new client identity for better-chef-rundeck-ubuntu-1404 using the validator key.
resolving cookbooks for run list: ["apt", "rundeck_fixtures", "rundeck::server", "rundeck::chef-rundeck", "rundeck_fixtures::chef_zero"]
Synchronizing Cookbooks:
- apt (5.0.1)
- rundeck_fixtures (0.0.1)
- rundeck (3.2.0)
- compat_resource (12.16.3)
- build-essential (7.0.3)
- runit (3.0.5)
- sudo (3.3.1)
- java (1.46.0)
- simple_passenger (0.4.3)
- seven_zip (2.0.2)
- java-libraries (0.2.0)
- apache2 (3.2.2)
- mingw (1.2.5)
- homebrew (3.0.0)
- windows (2.1.1)
- packagecloud (0.2.5)
- yum-epel (2.1.1)
- logrotate (1.9.2)
- ruby_build (0.8.0)
- ohai (4.2.3)
Installing Cookbook Gems:
Compiling Cookbooks...
[2017-01-26T20:58:03+00:00] WARN: Chef::Provider::AptRepository already exists! Cannot create deprecation class for LWRP provider apt_repository from cookbook apt
[2017-01-26T20:58:03+00:00] WARN: AptRepository already exists! Deprecation class overwrites Custom resource apt_repository from cookbook apt
chef-rundeck url: http://chef.kitchentest:9980
Recipe: build-essential::default
* build_essential[install_packages] action install
* apt_package[autoconf, binutils-doc, bison, build-essential, flex, gettext, ncurses-dev] action install
- install version 2.69-6 of package autoconf
- install version 2.24-5ubuntu14.1 of package binutils-doc
- install version 2:3.0.2.dfsg-2 of package bison
- install version 11.6ubuntu6 of package build-essential
- install version 2.5.35-10.1ubuntu2 of package flex
- install version 0.18.3.1-1ubuntu3 of package gettext
- install version 5.9+20140118-1ubuntu1 of package ncurses-dev
Recipe: rundeck::chef-rundeck
* chef_gem[chef-rundeck] action upgrade (skipped due to not_if)
* chef_gem[chef-rundeck] action upgrade
- upgrade package chef-rundeck from uninstalled to 2.2.0
* chef_gem[sinatra] action install (up to date)
Recipe: rundeck_fixtures::chef_zero
* chef_gem[chef-zero] action install (up to date)
* chef_gem[ridley] action install
- install version 5.1.0 of package ridley
Converging 198 resources
Recipe: apt::default
* file[/var/lib/apt/periodic/update-success-stamp] action nothing (skipped due to action :nothing)
* apt_update[periodic] action periodic
- update new lists of packages
* directory[/var/lib/apt/periodic] action create (up to date)
* directory[/etc/apt/apt.conf.d] action create (up to date)
* file[/etc/apt/apt.conf.d/15update-stamp] action create_if_missing
- create new file /etc/apt/apt.conf.d/15update-stamp
- update content in file /etc/apt/apt.conf.d/15update-stamp from none to 174cdb
--- /etc/apt/apt.conf.d/15update-stamp 2017-01-26 20:58:30.085913943 +0000
+++ /etc/apt/apt.conf.d/.chef-15update-stamp20170126-1258-krjcu5 2017-01-26 20:58:30.085913943 +0000
@@ -1 +1,2 @@
+APT::Update::Post-Invoke-Success {"touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true";};
* execute[apt-get -q update] action run
- execute apt-get -q update
* execute[apt-get update] action nothing (skipped due to action :nothing)
* execute[apt-get autoremove] action nothing (skipped due to action :nothing)
* execute[apt-get autoclean] action nothing (skipped due to action :nothing)
* directory[/var/cache/local] action create
- create new directory /var/cache/local
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
* directory[/var/cache/local/preseeding] action create
- create new directory /var/cache/local/preseeding
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
* template[/etc/apt/apt.conf.d/10recommends] action create
- create new file /etc/apt/apt.conf.d/10recommends
- update content in file /etc/apt/apt.conf.d/10recommends from none to f41e1d
--- /etc/apt/apt.conf.d/10recommends 2017-01-26 20:58:39.721913943 +0000
+++ /etc/apt/apt.conf.d/.chef-10recommends20170126-1258-9p9qk3 2017-01-26 20:58:39.721913943 +0000
@@ -1 +1,4 @@
+# Managed by Chef
+APT::Install-Recommends "1";
+APT::Install-Suggests "0";
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
* apt_package[apt-transport-https] action install (up to date)
Recipe: rundeck_fixtures::default
* directory[/etc/chef/] action create
- create new directory /etc/chef/
Recipe: java::notify
* log[jdk-version-changed] action nothing (skipped due to action :nothing)
Recipe: java::openjdk
* apt_repository[openjdk-r-ppa] action add
* execute[apt-cache gencaches] action nothing (skipped due to action :nothing)
* apt_update[openjdk-r-ppa] action nothing (skipped due to action :nothing)
* execute[install-key DA1A4A13543B466853BAF164EB9B1D8886F44E2A] action run
- execute apt-key adv --recv --keyserver hkp://keyserver.ubuntu.com:80 DA1A4A13543B466853BAF164EB9B1D8886F44E2A
* execute[apt-cache gencaches] action run
- execute apt-cache gencaches
* file[/etc/apt/sources.list.d/openjdk-r-ppa.list] action create
- create new file /etc/apt/sources.list.d/openjdk-r-ppa.list
- update content in file /etc/apt/sources.list.d/openjdk-r-ppa.list from none to 6c91a3
--- /etc/apt/sources.list.d/openjdk-r-ppa.list 2017-01-26 20:58:40.941913943 +0000
+++ /etc/apt/sources.list.d/.chef-openjdk-r-ppa20170126-1258-14f4gyw.list 2017-01-26 20:58:40.941913943 +0000
@@ -1 +1,2 @@
+deb "http://ppa.launchpad.net/openjdk-r/ppa/ubuntu" trusty main
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
* execute[apt-cache gencaches] action run
- execute apt-cache gencaches
* apt_update[openjdk-r-ppa] action update
- force update new lists of packages
* directory[/var/lib/apt/periodic] action create (up to date)
* directory[/etc/apt/apt.conf.d] action create (up to date)
* file[/etc/apt/apt.conf.d/15update-stamp] action create_if_missing (up to date)
* execute[apt-get -q update] action run
- execute apt-get -q update
* apt_package[openjdk-7-jdk] action install
- install version 7u121-2.6.8-1ubuntu0.14.04.1 of package openjdk-7-jdk
Recipe: java::notify
* log[jdk-version-changed] action write
Recipe: java::openjdk
* apt_package[openjdk-7-jre-headless] action install (up to date)
* java_alternatives[set-java-alternatives] action set
- Removing alternative for appletviewer with old prio
- Add alternative for appletviewer
- Add alternative for apt
- Removing alternative for extcheck with old prio
- Add alternative for extcheck
- Removing alternative for idlj with old prio
- Add alternative for idlj
- Removing alternative for jar with old prio
- Add alternative for jar
- Removing alternative for jarsigner with old prio
- Add alternative for jarsigner
- Add alternative for java
- Removing alternative for javac with old prio
- Add alternative for javac
- Removing alternative for javadoc with old prio
- Add alternative for javadoc
- Removing alternative for javah with old prio
- Add alternative for javah
- Removing alternative for javap with old prio
- Add alternative for javap
- Removing alternative for jcmd with old prio
- Add alternative for jcmd
- Removing alternative for jconsole with old prio
- Add alternative for jconsole
- Removing alternative for jdb with old prio
- Add alternative for jdb
- Removing alternative for jhat with old prio
- Add alternative for jhat
- Removing alternative for jinfo with old prio
- Add alternative for jinfo
- Removing alternative for jmap with old prio
- Add alternative for jmap
- Removing alternative for jps with old prio
- Add alternative for jps
- Removing alternative for jrunscript with old prio
- Add alternative for jrunscript
- Removing alternative for jsadebugd with old prio
- Add alternative for jsadebugd
- Removing alternative for jstack with old prio
- Add alternative for jstack
- Removing alternative for jstat with old prio
- Add alternative for jstat
- Removing alternative for jstatd with old prio
- Add alternative for jstatd
- Add alternative for keytool
- Removing alternative for native2ascii with old prio
- Add alternative for native2ascii
- Add alternative for orbd
- Add alternative for pack200
- Add alternative for policytool
- Removing alternative for rmic with old prio
- Add alternative for rmic
- Add alternative for rmid
- Add alternative for rmiregistry
- Removing alternative for schemagen with old prio
- Add alternative for schemagen
- Removing alternative for serialver with old prio
- Add alternative for serialver
- Add alternative for servertool
- Add alternative for tnameserv
- Add alternative for unpack200
- Removing alternative for wsgen with old prio
- Add alternative for wsgen
- Removing alternative for wsimport with old prio
- Add alternative for wsimport
- Removing alternative for xjc with old prio
- Add alternative for xjc
Recipe: java::default_java_symlink
* link[/usr/lib/jvm/default-java] action create
- create symlink at /usr/lib/jvm/default-java to /usr/lib/jvm/java-7-openjdk-amd64
Recipe: java::set_java_home
* ruby_block[set-env-java-home] action run
- execute the ruby block set-env-java-home
* directory[/etc/profile.d] action create (up to date)
* template[/etc/profile.d/jdk.sh] action create
- create new file /etc/profile.d/jdk.sh
- update content in file /etc/profile.d/jdk.sh from none to 6db9b5
--- /etc/profile.d/jdk.sh 2017-01-26 21:00:28.517913943 +0000
+++ /etc/profile.d/.chef-jdk20170126-1258-vsibtp.sh 2017-01-26 21:00:28.517913943 +0000
@@ -1 +1,2 @@
+export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64
- change mode from '' to '0755'
Recipe: rundeck::node_unix
* group[rundeck] action create
- create group rundeck
* linux_user[rundeck] action create
- create user rundeck
* directory[/var/lib/rundeck] action create
- create new directory /var/lib/rundeck
- change mode from '' to '0700'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* directory[/var/lib/rundeck/.ssh] action create
- create new directory /var/lib/rundeck/.ssh
- change mode from '' to '0700'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* file[/var/lib/rundeck/.ssh/authorized_keys] action create
- create new file /var/lib/rundeck/.ssh/authorized_keys
- update content in file /var/lib/rundeck/.ssh/authorized_keys from none to 8d07c3
--- /var/lib/rundeck/.ssh/authorized_keys 2017-01-26 21:00:28.657913943 +0000
+++ /var/lib/rundeck/.ssh/.chef-authorized_keys20170126-1258-1oi7e8f 2017-01-26 21:00:28.657913943 +0000
@@ -1 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC597B0HxalWxKCS6yz8RRoH4lgdgK7aeGD+cZvqiqlubNXUMU3t3zrFyi0JVwmRfh9ZYew7rW8YkBkrT6+h2nuoF8imcI+6s2pXzXMvDqD+CsOOp7gdr9T8HL76V02cWMq0orXMP/Gu3399Rov5uANVa6BwPmYCHp6sf2N/UFNSRrQS2XCB7UHqS9sJtuLjJbZRaBNYjGspsC3HVYNKPKosCtvAqG9OgNhqj7hBY5KxIyJ8LltaBMv9he1uU+usHHZbT2p1P+FJWzbBOfXMz95nMhAaYoWaGfgnV287m06yAHOWRCLq5N6K95zPn9nmqD4kUdB/mDX/xvW7TwzVo89 rundeck keys
- change mode from '' to '0600'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* sudo[rundeck-admin] action install[2017-01-26T21:00:28+00:00] WARN: rundeck-admin will be rendered, but will not take effect because node['authorization']['sudo']['include_sudoers_d'] is set to false!
* template[/etc/sudoers.d/rundeck-admin] action create
- create new file /etc/sudoers.d/rundeck-admin
- update content in file /etc/sudoers.d/rundeck-admin from none to 4e3ea1
--- /etc/sudoers.d/rundeck-admin 2017-01-26 21:00:28.697913943 +0000
+++ /etc/sudoers.d/.chef-rundeck-admin20170126-1258-dgagt5 2017-01-26 21:00:28.697913943 +0000
@@ -1 +1,9 @@
+# This file is managed by Chef.
+# Do NOT modify this file directly.
+
+
+
+
+rundeck ALL=(ALL) NOPASSWD:ALL
+
- change mode from '' to '0440'
- change owner from '' to 'root'
- change group from '' to 'root'
* template[/etc/sudoers.d/rundeck-admin] action nothing (skipped due to action :nothing)
Recipe: rundeck::server_install
* remote_file[/tmp/kitchen/cache/rundeck-2.6.11-1-GA.deb] action create
- create new file /tmp/kitchen/cache/rundeck-2.6.11-1-GA.deb
- update content in file /tmp/kitchen/cache/rundeck-2.6.11-1-GA.deb from none to 93e98a
(file sizes exceed 10000000 bytes, diff output suppressed)
- change mode from '' to '0644'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* apt_package[http://download.rundeck.org/deb/rundeck-2.6.11-1-GA.deb] action install
- install version 2.6.11 of package http://download.rundeck.org/deb/rundeck-2.6.11-1-GA.deb
* service[rundeck] action nothing (skipped due to action :nothing)
* directory[/var/lib/rundeck] action create (up to date)
* directory[/var/lib/rundeck/logs] action create
- change group from 'adm' to 'rundeck'
* directory[/var/lib/rundeck/projects] action create
- create new directory /var/lib/rundeck/projects
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* directory[/var/lib/rundeck/.chef] action create
- create new directory /var/lib/rundeck/.chef
- change mode from '' to '0700'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* template[/var/lib/rundeck/.chef/knife.rb] action create
- create new file /var/lib/rundeck/.chef/knife.rb
- update content in file /var/lib/rundeck/.chef/knife.rb from none to e68e7d
--- /var/lib/rundeck/.chef/knife.rb 2017-01-26 21:01:17.977913943 +0000
+++ /var/lib/rundeck/.chef/.chef-knife20170126-1258-ffbqx0.rb 2017-01-26 21:01:17.977913943 +0000
@@ -1 +1,11 @@
+log_level :info
+log_location STDOUT
+node_name 'rundeck'
+client_key '/var/lib/rundeck/.chef/rundeck.pem'
+validation_client_name 'chef-validator'
+validation_key '/var/lib/rundeck/.chef/chef-validator.pem'
+chef_server_url 'http://localhost:8089'
+cache_type 'BasicFile'
+cache_options( :path => '/var/lib/rundeck/.chef/checksums' )
+cookbook_path [ './cookbooks', './site-cookbooks' ]
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* directory[/var/lib/rundeck/.ssh] action create (up to date)
* file[/var/lib/rundeck/.ssh/id_rsa] action create
- create new file /var/lib/rundeck/.ssh/id_rsa
- update content in file /var/lib/rundeck/.ssh/id_rsa from none to 4af3a7
--- /var/lib/rundeck/.ssh/id_rsa 2017-01-26 21:01:17.993913943 +0000
+++ /var/lib/rundeck/.ssh/.chef-id_rsa20170126-1258-15a5hr 2017-01-26 21:01:17.993913943 +0000
@@ -1 +1,28 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAufewdB8WpVsSgkuss/EUaB+JYHYCu2nhg/nGb6oqpbmzV1DF
+N7d86xcotCVcJkX4fWWHsO61vGJAZK0+vodp7qBfIpnCPurNqV81zLw6g/grDjqe
+4Ha/U/By++ldNnFjKtKK1zD/xrt9/fUaL+bgDVWugcD5mAh6erH9jf1BTUka0Etl
+wge1B6kvbCbbi4yW2UWgTWIxrKbAtx1WDSjyqLArbwKhvToDYao+4QWOSsSMifC5
+bWgTL/YXtblPrrBx2W09qdT/hSVs2wTn1zM/eZzIQGmKFmhn4J1dvO5tOsgBzlkQ
+i6uTeivecz5/Z5qg+JFHQf5g1/8b1u08M1aPPQIDAQABAoIBAQC0ufunvha59/nS
+2kwqS12zmwJc1hLto4ZgRbsNBeiQShn5/yrKbO1fYpBSEgStxU4qPyNRVYsUWr+N
+l7fkXaEbIIuUCq11i6b2tOqJ31tWqTTejSWdqolhv8le+3l00Vi4Ywg+/QV1Uvys
+cyhR6SNQkjYXLzzg/UxaNOPeu4Jc4ciu6wuvnlqy46LkxMNV0bjb7u10lRwWnwBI
+Ja8bQZsamr8lMEktseHenppIhEnvEs7l1bmaogFJGFUAwskADAWQ07L0vSqLqpQd
+Na5/SKrflkZQjS0mvq7vBQi66ZyXoKfIHVRPuG9o53Az2Nq4SnZyHJvHEx1Hpn6k
+qjkDmFVZAoGBANsAGDSeg0BO9teL0eaD+wH6zA68FxMyYKPpeU908+m5J1ZIyFRK
+tHzBOkQWIuBSRXT+hsT0YJogCwp88Pv+JvHUHrAg/evztWrpsjh/oV3ooyWDJfec
+Vay9KEPacWkRVSNOOxicu8MPaRVknMmOzYgOXNiBakLoP40dhquMgeHzAoGBANli
+51WHQaCBK5yNI2WMWgN+h+/JL5dN0G1Gx5XBmMfV5BFJ9H+7Ig/VUt312/1HAoEu
+g27AaqIvWhnlEuvSuwuthDzevFeAeImsRwFqbrv3mHo8XqHnZTY5UMACdTRThP3E
+0ke5P+8GIEQIG5xLZka+F0adeA00VFEgDe3S3uYPAoGARUdWYO70HlfchntYv09p
+DEtGWjLuKch6AeBN2/DnaDyGUSldFi07w2ts/zTxe30LM+OAxrV4CcmxNHQp182i
+jEXKH3WQXiAOd+/NzUmyxn5dffRrAlWWVLrSDgUAc3hkMnMBBtwuGZq6Z2YYozpl
+knDYtjTaZKgL0pxQidw9CjkCgYAVZrtHnE1Fs/HLM8nsUWj7NxXC8ZeR2cNPPsyf
+XbPg2Jnfadx8RrwPuvyxhWbnBHqmpSGjYaYd2XORYQ//z3tCpw6Bv5vjMW6sfx1u
+cj/8mV+ViSP35IP+Vp4wiQ1o3WAWa64YCZDVw1Ch4fp15KZpCIXaGd6bzi8O3Y0B
+gOUY2QKBgQCNknpg/hLgrIC8x7139xVVG7zad3x0/pcGJpRtqALweDfzkofIgeLj
+Xhgf9I9JYnOUtXlprUnoIkFN0l+Q0x4t0/wMND2fkvR1JI/9KjHLZAwNyCn+Gbt3
+ZfbfscNkrXB6kc47E9XY5T7sokmK3V4+k9Bt1P1RT9WbcSb7QLvqzQ==
+-----END RSA PRIVATE KEY-----
- change mode from '' to '0600'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* cookbook_file[/var/lib/rundeck/libext/rundeck-winrm-plugin-1.3.3.jar] action create
- create new file /var/lib/rundeck/libext/rundeck-winrm-plugin-1.3.3.jar
- update content in file /var/lib/rundeck/libext/rundeck-winrm-plugin-1.3.3.jar from none to dac572
(new content is binary, diff output suppressed)
- change mode from '' to '0644'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* template[/var/lib/rundeck/exp/webapp/WEB-INF/web.xml] action create
- update content in file /var/lib/rundeck/exp/webapp/WEB-INF/web.xml from 4b249b to 5e6953
--- /var/lib/rundeck/exp/webapp/WEB-INF/web.xml 2016-11-15 21:52:08.000000000 +0000
+++ /var/lib/rundeck/exp/webapp/WEB-INF/.chef-web20170126-1258-xskr9p.xml 2017-01-26 21:01:18.141913943 +0000
@@ -20,9 +20,19 @@
<filter-name>instrumentedFilter</filter-name>
<filter-class>com.codahale.metrics.servlet.InstrumentedFilter</filter-class>
</filter>
+ <filter>
+ <filter-name>AssetPipelineFilter</filter-name>
+ <filter-class>asset.pipeline.AssetPipelineFilter</filter-class>
+ </filter>
<security-role>
<role-name>user</role-name>
</security-role>
+ <security-role>
+ <role-name>superusers</role-name>
+ </security-role>
+ <security-role>
+ <role-name>run_only_users</role-name>
+ </security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
@@ -216,24 +226,24 @@
<servlet-class>org.codehaus.groovy.grails.web.pages.GroovyPagesServlet</servlet-class>
</servlet>
<servlet>
- <servlet-name>grails-errorhandler</servlet-name>
- <servlet-class>org.codehaus.groovy.grails.web.servlet.ErrorHandlingServlet</servlet-class>
- </servlet>
- <servlet>
<servlet-name>metrics-admin-servlet</servlet-name>
<servlet-class>org.grails.plugins.metricsweb.DisablingAdminServlet</servlet-class>
</servlet>
+ <servlet>
+ <servlet-name>grails-errorhandler</servlet-name>
+ <servlet-class>org.codehaus.groovy.grails.web.servlet.ErrorHandlingServlet</servlet-class>
+ </servlet>
<servlet-mapping>
<servlet-name>gsp</servlet-name>
<url-pattern>*.gsp</url-pattern>
</servlet-mapping>
<servlet-mapping>
- <servlet-name>grails-errorhandler</servlet-name>
- <url-pattern>/grails-errorhandler</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
<servlet-name>metrics-admin-servlet</servlet-name>
<url-pattern>/metrics/*</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>grails-errorhandler</servlet-name>
+ <url-pattern>/grails-errorhandler</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>grails</servlet-name>
- change owner from 'root' to 'rundeck'
- change group from 'root' to 'rundeck'
* template[/etc/rundeck/jaas-activedirectory.conf] action create
- create new file /etc/rundeck/jaas-activedirectory.conf
- update content in file /etc/rundeck/jaas-activedirectory.conf from none to e2b9a2
--- /etc/rundeck/jaas-activedirectory.conf 2017-01-26 21:01:18.169913943 +0000
+++ /etc/rundeck/.chef-jaas-activedirectory20170126-1258-x36her.conf 2017-01-26 21:01:18.165913943 +0000
@@ -1 +1,28 @@
+activedirectory {
+ com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule sufficient
+ debug="true"
+ contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
+ providerUrl="ldap://servername:389"
+ bindDn="CN=binddn,dc=domain,dc=com"
+ bindPassword="BINDPWD"
+ authenticationMethod="simple"
+ forceBindingLogin="true"
+ userBaseDn="ou=Users,dc=domain,dc=com"
+ userRdnAttribute="cn"
+ userIdAttribute="uid"
+ userPasswordAttribute="userPassword"
+ userObjectClass="inetOrgPerson"
+ roleBaseDn="ou=Groups,dc=domain,dc=com"
+ roleNameAttribute="cn"
+ roleMemberAttribute="uniqueMember"
+ roleObjectClass="groupOfUniqueNames"
+ rolePrefix="rundeck-"
+ cacheDurationMillis="300000"
+ supplementalRoles="user"
+ reportStatistics="true";
+
+ org.eclipse.jetty.plus.jaas.spi.PropertyFileLoginModule required
+ debug="true"
+ file="/etc/rundeck/realm.properties";
+};
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* template[/etc/rundeck/profile] action create
- update content in file /etc/rundeck/profile from bd6054 to a34edf
--- /etc/rundeck/profile 2016-11-15 22:00:37.000000000 +0000
+++ /etc/rundeck/.chef-profile20170126-1258-63nmc6 2017-01-26 21:01:18.185913943 +0000
@@ -1,3 +1,6 @@
+RDECK_HOME=/var/lib/rundeck
+export RDECK_HOME
+
RDECK_BASE=/var/lib/rundeck
export RDECK_BASE
@@ -32,17 +35,22 @@
-Drdeck.projects=/var/rundeck/projects \
-Drdeck.runlogs=/var/lib/rundeck/logs \
-Drundeck.config.location=/etc/rundeck/rundeck-config.properties \
+ -Dserver.web.context=/ \
+ -Drundeck.jetty.connector.forwarded=true\
-Djava.io.tmpdir=$RUNDECK_TEMPDIR"
#
# Set min/max heap size
#
-RDECK_JVM="$RDECK_JVM -Xmx1024m -Xms256m -XX:MaxPermSize=256m -server"
+RDECK_JVM="$RDECK_JVM -XX:MaxPermSize=256m -Xmx1024m -Xms256m -server"
+
#
+# Set custom JVM properties
+#
+#
# SSL Configuration - Uncomment the following to enable. Check SSL.properties for details.
#
-#export RDECK_JVM="$RDECK_JVM -Drundeck.ssl.config=/etc/rundeck/ssl/ssl.properties -Dserver.https.port=${RDECK_HTTPS_PORT}"
-export RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=/etc/rundeck/ssl/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
+#export RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=/etc/rundeck/ssl/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
if test -t 0 -a -z "$RUNDECK_CLI_TERSE"
then
* template[/etc/rundeck/rundeck-config.properties] action create
- update content in file /etc/rundeck/rundeck-config.properties from de1a7d to 6ce78d
--- /etc/rundeck/rundeck-config.properties 2016-11-15 22:00:37.000000000 +0000
+++ /etc/rundeck/.chef-rundeck-config20170126-1258-por7uq.properties 2017-01-26 21:01:18.201913943 +0000
@@ -1,11 +1,18 @@
-#loglevel.default is the default log level for jobs: ERROR,WARN,INFO,VERBOSE,DEBUG
+#loglevel.default is the default log level for jobs: ERR,WARN,INFO,VERBOSE,DEBUG
loglevel.default=INFO
-rdeck.base=/var/lib/rundeck
#rss.enabled if set to true enables RSS feeds that are public (non-authenticated)
-rss.enabled=false
-# change hostname here
-grails.serverURL=http://localhost:4440
-dataSource.dbCreate = update
-dataSource.url = jdbc:h2:file:/var/lib/rundeck/data/rundeckdb;MVCC=true;TRACE_LEVEL_FILE=4
+rss.enabled=true
+#
+dataSource.url = jdbc:h2:file:/var/lib/rundeck/data/rundeckdb;MVCC=true
+
+rundeck.security.useHMacRequestTokens=false
+
+grails.mail.default.from=rundeck@kitchentest
+
+grails.serverURL=http://localhost
+
+quartz.props.threadPool.threadCount = 10
+
+# Custom config
* template[/etc/rundeck/framework.properties] action create
- update content in file /etc/rundeck/framework.properties from 860ad9 to c66b88
--- /etc/rundeck/framework.properties 2016-11-15 22:00:37.000000000 +0000
+++ /etc/rundeck/.chef-framework20170126-1258-1widjo0.properties 2017-01-26 21:01:18.213913943 +0000
@@ -1,40 +1,227 @@
# framework.properties -
#
+# $Id: framework.properties.template 2128 2010-08-17 21:29:24Z ahonor $
+#
# ----------------------------------------------------------------
-# Rundeck server connection information
+# Installation specific settings
# ----------------------------------------------------------------
-framework.server.name = localhost
-framework.server.hostname = localhost
-framework.server.port = 4440
-framework.server.url = http://localhost:4440
-# Username/password used by CLI tools.
-framework.server.username = admin
-framework.server.password = admin
+# TODO - DUMP java.home = /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home
+file.separator = /
+rdeck.base = /etc/rundeck
+rdeck.home = /etc/rundeck
+# TODO - DUMP user.home = /home/rundeck
+framework.application.libpath =
+framework.application.properties =
+
+# API Tokens File
+
+#
+# Email settings
+#
+# recipient addresses to send email (comma separated)
+framework.email.tolist = root
+# email address appearing in message "from" field
+framework.email.from = rundeck@kitchentest
+# email address replies should go
+framework.email.replyto = do-not-reply
+# The rdeck email relay host. must be a functioning smtp relay server
+framework.email.mailhost = localhost
+framework.email.mailport = 25
+# User/pass info if the smtp server requires it
+framework.email.user =
+framework.email.password =
+framework.email.ssl = false
+framework.email.failonerror = true
+
+
+#
+# Custom config
+#
+#
+
# ----------------------------------------------------------------
-# Installation locations
+# Do not make changes below this line
# ----------------------------------------------------------------
-rdeck.base=/var/lib/rundeck
-framework.projects.dir=/var/rundeck/projects
-framework.etc.dir=/etc/rundeck
-framework.var.dir=/var/lib/rundeck/var
-framework.tmp.dir=/var/lib/rundeck/var/tmp
+#
+# framework.crypto.keystore.filename is the path to the JKS keystore containing a certchain for
+# verifying signed jars
+#
+framework.crypto.keystore.filename =
+
+#
+# framework.crypto.keystore.password is any password for verifying the keystore integrity
+#
+framework.crypto.keystore.password =
+
+#
+# framework.crypto.jarSigning.aliasName is the name of the cert alias to use for verification
+#
+framework.crypto.jarSigning.aliasName =
+
+
+
+#the hostname of this rdeck node (likely matches hostname)
+framework.node.hostname = localhost
+
+#the logical name of this rdeck node (used during Node registration)
+framework.node.name = localhost
+
+# for backwards compatability
+framework.node = localhost
+
+# the node type
+framework.node.type = @framework.node.type@
+
+#
+#
+# Version of this RUNDECK implementation
+#
+# framework.rdeck.version = 1.1
+
+#
+# Root directory of the framework pkg
+#
+framework.rdeck.dir = ${rdeck.home}
+
+#
+# Root directory of the framework instance
+#
+framework.rdeck.base = /etc/rundeck
+
+#
+# Base directory of the installed functional modules
+#
+# TODO Dump ### framework.modules.dir = /private/tmp/rdl/modules
+
+
+#
+# project spaces containing resources
+#
+framework.projects.dir= /var/rundeck/projects
+framework.depots.dir= /var/rundeck/projects
+
+#
+# directory containing instance based property files
+#
+framework.etc.dir= /etc/rundeck
+
+#
+# Base directory where instance of framework var dir is kept
+#
+framework.var.dir= /var/lib/rundeck/var
+
+#
+# Framework tmp dir
+#
+framework.tmp.dir= ${framework.var.dir}/tmp
+
+#
+# Base directory where logs are kept
+#
framework.logs.dir=/var/lib/rundeck/logs
+
+#
+# Date/time stamp format used in logs. See java.text.SimpleDateFormat
+#
+framework.log.format=[yyyy-MM-dd hh:mm:ss-Z]
+
+#
+# Directory where plugins are kept. cache will be libext/cache.
+#
framework.libext.dir=/var/lib/rundeck/libext
-# ----------------------------------------------------------------
-# SSH defaults for node executor and file copier
-# ----------------------------------------------------------------
+#
+# Base directory where module source code is kept
+#
+# TODO - DUMP framework.src.dir= /private/tmp/rdl/src
+#
+# Name of nodes metadata file for each project (e.g. nodes.xml/nodes.properties)
+#
+framework.nodes.file.name= resources.xml
+
+#
+# Local Authentication/Authorization Security
+#
+framework.authorization.class = com.dtolabs.rundeck.core.authorization.NoAuthorization
+framework.authentication.class = com.dtolabs.rundeck.core.authentication.NoAuthentication
+#
+# Remote Client connection authentication
+#
+framework.nodeauthentication.classname = com.dtolabs.rundeck.core.authentication.DefaultNodeAuthResolutionStrategy
+
+#
+# Remote Central Dispatcher service class
+#
+framework.centraldispatcher.classname = com.dtolabs.client.services.RundeckAPICentralDispatcher
+
+#
+# Rundeck Server UUID
+#
+rundeck.server.uuid = 0359fd33-6817-4b92-bc8d-d73ce55d958f
+
+#
+#
+# rdeck server connection.
+#
+framework.server.username = admin
+framework.server.password = adminpassword
+framework.server.hostname = localhost
+framework.server.name = better-chef-rundeck-ubuntu-1404
+
+framework.server.port = 4440
+framework.server.url = http://localhost:4440
+# URL to Rundeck
+framework.rundeck.url = http://localhost:4440
+
+#
+# ssh keypath
+#
framework.ssh.keypath = /var/lib/rundeck/.ssh/id_rsa
+
+#
+# ssh user
+#
framework.ssh.user = rundeck
-# ssh connection timeout after a specified number of milliseconds.
-# "0" value means wait forever.
+
+#
+# ssh timeout. The connection can be dropped after a specified number of milliseconds.
+# A "0" value means wait forever.
+#
framework.ssh.timeout = 0
+#
+# Set the formatting for run-exec console output
+#
+# Examples:
+# 1) Format specification to work with Rundeck. %command will be "run-exec"
+#
+# framework.log.run-exec.console.format =[%user@%node %command][%level] %message
+#
+framework.log.run-exec.console.format =[%user@%node %command][%level] %message
+
+# winrm authentication type (options "basic" or "kerberos", default: "basic")
+#
+framework.winrm-auth-type = basic
+
+# winrm SSL security (options "all", "self-signed", "default" (trusted certs only))
+#
+framework.winrm-cert-trust = all
+
+# winrm hostname security (options "all", "strict", "browser-compatible")
+#
+framework.winrm-hostname-trust = all
+
+# winrm HTTP(S) protocol to use, either "http" or "https". Default: "https"
+#
+framework.winrm-protocol = https
+
+# winrm connection timeout. Default: PT60.000S
+framework.winrm-timeout = PT60.000S
* template[/etc/rundeck/realm.properties] action create
- update content in file /etc/rundeck/realm.properties from bce17d to 2a2797
--- /etc/rundeck/realm.properties 2016-11-15 22:00:37.000000000 +0000
+++ /etc/rundeck/.chef-realm20170126-1258-1hn8rur.properties 2017-01-26 21:01:18.241913943 +0000
@@ -4,7 +4,7 @@
# The format is
# <username>: <password>[,<rolename> ...]
#
-# Passwords may be clear text, obfuscated or checksummed. The class
+# Passwords may be clear text, obfuscated or checksummed. The class
# org.mortbay.util.Password should be used to generate obfuscated
# passwords or password checksums
#
@@ -22,7 +22,9 @@
#
# This sets the default user accounts for the Rundeck app
#
-admin:admin,user,admin,architect,deploy,build
+admin:adminpassword,admin,user,architect,deploy,build
+n00b:TheBestPassw0rd,user
+
#@jetty.user.deploy.name@:@jetty.user.deploy.password@,user,deploy
#@jetty.user.build.name@:@jetty.user.build.password@,user,build
* bash[own rundeck] action run
- execute "bash" "/tmp/chef-script20170126-1258-5hq7r0"
* service[rundeckd] action start
- start service service[rundeckd]
* rundeck_plugin[slack] action create
* remote_file[/var/lib/rundeck/libext/rundeck-slack-incoming-webhook-plugin-0.6.jar] action create
- create new file /var/lib/rundeck/libext/rundeck-slack-incoming-webhook-plugin-0.6.jar
- update content in file /var/lib/rundeck/libext/rundeck-slack-incoming-webhook-plugin-0.6.jar from none to d23b31
(new content is binary, diff output suppressed)
- change mode from '' to '0644'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* bash[check-project-localhost] action run (skipped due to only_if)
Recipe: apache2::default
* apt_package[apache2] action install
- install version 2.4.7-1ubuntu4.13 of package apache2
* directory[/etc/apache2/sites-available] action create (up to date)
* directory[/etc/apache2/sites-enabled] action create (up to date)
* directory[/etc/apache2/mods-available] action create (up to date)
* directory[/etc/apache2/mods-enabled] action create (up to date)
* directory[/etc/apache2/conf-available] action create (up to date)
* directory[/etc/apache2/conf-enabled] action create (up to date)
* link[/etc/apache2/sites-enabled/default] action delete (up to date)
* file[/etc/apache2/sites-available/default] action delete (up to date)
* link[/etc/apache2/sites-enabled/default.conf] action delete (up to date)
* file[/etc/apache2/sites-available/default.conf] action delete (up to date)
* link[/etc/apache2/sites-enabled/000-default] action delete (up to date)
* file[/etc/apache2/sites-available/000-default] action delete (up to date)
* link[/etc/apache2/sites-enabled/000-default.conf] action delete
- delete link to file at /etc/apache2/sites-enabled/000-default.conf
* file[/etc/apache2/sites-available/000-default.conf] action delete
- delete file /etc/apache2/sites-available/000-default.conf
* directory[/etc/apache2/conf.d] action delete (up to date)
* directory[/var/log/apache2] action create
- change mode from '0750' to '0755'
* apt_package[perl] action install (up to date)
* link[/usr/sbin/a2ensite] action delete
- delete link to file at /usr/sbin/a2ensite
* template[/usr/sbin/a2ensite] action create
- create new file /usr/sbin/a2ensite
- update content in file /usr/sbin/a2ensite from none to ce53f4
--- /usr/sbin/a2ensite 2017-01-26 21:01:30.149913943 +0000
+++ /usr/sbin/.chef-a2ensite20170126-1258-1oc25yd 2017-01-26 21:01:30.149913943 +0000
@@ -1 +1,533 @@
+#!/usr/bin/perl -w
+#
+# a2enmod by Stefan Fritsch <sf@debian.org>
+# Licensed under Apache License 2.0
+#
+# The coding style is "perltidy -pbp"
+
+use strict;
+use Cwd 'realpath';
+use File::Spec;
+use File::Basename;
+use File::Path;
+use Getopt::Long;
+
+my $quiet;
+my $force;
+my $maintmode;
+my $purge;
+
+Getopt::Long::Configure('bundling');
+GetOptions(
+ 'quiet|q' => \$quiet,
+ 'force|f' => \$force,
+ 'maintmode|m' => \$maintmode,
+ 'purge|p' => \$purge
+) or exit 2;
+
+my $basename = basename($0);
+$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
+ or die "$basename call name unknown\n";
+my $act = $1;
+my $obj = $2;
+my $dir_suffix = $3;
+
+my $env_file = $ENV{APACHE_ENVVARS}
+ || (
+ $ENV{APACHE_CONFDIR}
+ ? "$ENV{APACHE_CONFDIR}/envvars"
+ : "/etc/apache2$dir_suffix/envvars"
+ );
+$ENV{LANG} = 'C';
+read_env_file($env_file);
+
+$act .= 'able';
+my ( $name, $dir, $sffx, $reload );
+if ( $obj eq 'mod' ) {
+ $obj = 'module';
+ $dir = 'mods';
+ $sffx = '.load';
+ $reload = 'restart';
+}
+elsif ( $obj eq 'conf' ) {
+ $obj = 'conf';
+ $dir = 'conf';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+else {
+ $dir = 'sites';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+$name = ucfirst($obj);
+
+my $confdir = $ENV{APACHE_CONFDIR} || "/etc/apache2$dir_suffix";
+my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
+ || "$confdir/$dir-available";
+my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib/apache2";
+
+$statedir .= "/$obj";
+
+my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
+my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
+
+my $request_reload = 0;
+
+my $rc = 0;
+
+if ( !scalar @ARGV ) {
+ my @choices = myglob('*');
+ print "Your choices are: @choices\n";
+ print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
+ my $input = <>;
+ @ARGV = split /\s+/, $input;
+
+}
+
+my @objs;
+foreach my $arg (@ARGV) {
+ $arg =~ s/${sffx}$//;
+ my @glob = myglob($arg);
+ if ( !@glob ) {
+ error("No $obj found matching $arg!\n");
+ $rc = 1;
+ }
+ else {
+ push @objs, @glob;
+ }
+}
+
+foreach my $acton (@objs) {
+ doit($acton) or $rc = 1;
+}
+
+info(
+ "To activate the new configuration, you need to run:\n service apache2 $reload\n"
+) if $request_reload;
+
+exit($rc);
+
+##############################################################################
+
+sub myglob {
+ my $arg = shift;
+
+ my @glob = map {
+ s{^$choicedir/}{};
+ s{$sffx$}{};
+ $_
+ } glob("$choicedir/$arg$sffx");
+
+ return @glob;
+}
+
+sub doit {
+ my $acton = shift;
+
+ my ( $conftgt, $conflink );
+ if ( $obj eq 'module' ) {
+ if ( $acton eq 'cgi' && threaded() ) {
+ print
+ "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
+ $acton = 'cgid';
+ }
+
+ $conftgt = "$availdir/$acton.conf";
+ if ( -e $conftgt ) {
+ $conflink = "$enabldir/$acton.conf";
+ }
+ }
+
+ my $tgt = "$availdir/$acton$sffx";
+ my $link = "$enabldir/$acton$sffx";
+
+ if ( !-e $tgt ) {
+ if ( -l $link && !-e $link ) {
+ if ( $act eq 'disable' ) {
+ info("removing dangling symlink $link\n");
+ unlink($link);
+
+ # force a .conf path. It may exist as dangling link, too
+ $conflink = "$enabldir/$acton.conf";
+
+ if ( -l $conflink && !-e $conflink ) {
+ info("removing dangling symlink $conflink\n");
+ unlink($conflink);
+ }
+
+ return 1;
+ }
+ else {
+ error("$link is a dangling symlink!\n");
+ }
+ }
+
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ # exit silently, we are purging anyway
+ return 1;
+ }
+
+ error("$name $acton does not exist!\n");
+ return 0;
+ }
+
+ # handle module dependencies
+ if ( $obj eq 'module' ) {
+ if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
+ my @depends = get_deps("$availdir/$acton.load");
+ do_deps( $acton, @depends ) or return 0;
+
+ my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
+ check_conflicts( $acton, @conflicts ) or return 0;
+ }
+ else {
+ my @depending;
+ foreach my $d ( glob("$enabldir/*.load") ) {
+ my @deps = get_deps($d);
+ if ( is_in( $acton, @deps ) ) {
+ $d =~ m,/([^/]+).load$,;
+ push @depending, $1;
+ }
+ }
+ if ( scalar @depending ) {
+ if ($force) {
+ do_deps( $acton, @depending ) or return 0;
+ }
+ else {
+ error(
+ "The following modules depend on $acton ",
+ "and need to be disabled first: @depending\n"
+ );
+ return 0;
+ }
+ }
+ }
+ }
+ elsif ( $act eq 'enable' ) {
+ my @depends = get_deps("$availdir/$acton$sffx");
+ warn_deps( $acton, @depends ) or return 0;
+ }
+
+ if ( $act eq 'enable' ) {
+ my $check = check_link( $tgt, $link );
+ if ( $check eq 'ok' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'ok' ) {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ elsif ( $confcheck eq 'missing' ) {
+ print "Enabling config file $acton.conf.\n";
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ else {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+ else {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ }
+ elsif ( $check eq 'missing' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'missing' ) {
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ elsif ( $confcheck ne 'ok' ) {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+
+ print "Enabling $obj $acton.\n";
+ if ( $acton eq 'ssl' ) {
+ info( "See /usr/share/doc/apache2/README.Debian.gz on "
+ . "how to configure SSL and create self-signed certificates.\n"
+ );
+ }
+ return add_link( $tgt, $link )
+ && switch_marker( $obj, $act, $acton );
+ }
+ else {
+ error("$name $acton not properly enabled: $check\n");
+ return 0;
+ }
+ }
+ else {
+ if ( -e $link || -l $link ) {
+ remove_link($link);
+ if ( $conflink && -e $conflink ) {
+ remove_link($conflink);
+ }
+ switch_marker( $obj, $act, $acton );
+ print "$name $acton disabled.\n";
+ }
+ elsif ( $conflink && -e $conflink ) {
+ print "Disabling stale config file $acton.conf.\n";
+ remove_link($conflink);
+ }
+ else {
+ info("$name $acton already disabled\n");
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ }
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+sub get_deps {
+ my $file = shift;
+ my $type = shift || "Depends";
+
+ my $fd;
+ if ( !open( $fd, '<', $file ) ) {
+ error("Can't open $file: $!");
+ return;
+ }
+ my $line;
+ while ( defined( $line = <$fd> ) ) {
+ chomp $line;
+ if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
+ my $deps = $1;
+ return split( /[\n\s]+/, $deps );
+ }
+
+ # only check until the first non-empty non-comment line
+ last if ( $line !~ /^\s*(?:#.*)?$/ );
+ }
+ return;
+}
+
+sub do_deps {
+ my $acton = shift;
+ foreach my $d (@_) {
+ info("Considering dependency $d for $acton:\n");
+ if ( !doit($d) ) {
+ error("Could not $act dependency $d for $acton, aborting\n");
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub warn_deps {
+ my $acton = shift;
+ my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
+ foreach my $d (@_) {
+ info("Checking dependency $d for $acton:\n");
+ if ( !-e "$modsenabldir/$d.load" ) {
+ warning(
+ "Module $d is not enabled, but $acton depends on it, aborting\n"
+ );
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub check_conflicts {
+ my $acton = shift;
+ my $haderror = 0;
+ foreach my $d (@_) {
+ info("Considering conflict $d for $acton:\n");
+
+ my $tgt = "$availdir/$d$sffx";
+ my $link = "$enabldir/$d$sffx";
+
+ my $confcheck = check_link( $tgt, $link );
+ if ( $confcheck eq 'ok' ) {
+ error(
+ "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
+ );
+
+ # Don't return immediately, there could be several conflicts
+ $haderror++;
+ }
+ }
+
+ if ($haderror) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub add_link {
+ my ( $tgt, $link ) = @_;
+
+ # create relative link
+ if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
+ die("Could not create $link: $!\n");
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub check_link {
+ my ( $tgt, $link ) = @_;
+
+ if ( !-e $link ) {
+ if ( -l $link ) {
+
+ # points to nowhere
+ info("Removing dangling link $link");
+ unlink($link) or die "Could not remove $link\n";
+ }
+ return 'missing';
+ }
+
+ if ( -e $link && !-l $link ) {
+ return "$link is a real file, not touching it";
+ }
+ if ( realpath($link) ne realpath($tgt) ) {
+ return "$link exists but does not point to $tgt, not touching it";
+ }
+ return 'ok';
+}
+
+sub remove_link {
+ my ($link) = @_;
+
+ if ( -l $link ) {
+ unlink($link) or die "Could not remove $link: $!\n";
+ }
+ elsif ( -e $link ) {
+ error("$link is not a symbolic link, not deleting\n");
+ return 0;
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub threaded {
+ my $result = "";
+ $result = qx{/usr/sbin/apache2ctl -V | grep 'threaded'}
+ if -x '/usr/sbin/apache2ctl';
+ if ( $? != 0 ) {
+
+ # config doesn't work
+ if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
+ {
+ return 0;
+ }
+ elsif (-e "$enabldir/mpm_worker.load"
+ || -e "$enabldir/mpm_event.load" )
+ {
+ return 1;
+ }
+ else {
+ error("Can't determine enabled MPM");
+
+ # do what user requested
+ return 0;
+ }
+ }
+ if ( $result =~ / no/ ) {
+ return 0;
+ }
+ elsif ( $result =~ / yes/ ) {
+ return 1;
+ }
+ else {
+ die("Can't parse output from apache2ctl -V:\n$result\n");
+ }
+}
+
+sub info {
+ print @_ if !$quiet;
+}
+
+sub error {
+ print STDERR 'ERROR: ', @_;
+}
+
+sub warning {
+ print STDERR 'WARNING: ', @_;
+}
+
+sub is_in {
+ my $needle = shift;
+ foreach my $e (@_) {
+ return 1 if $needle eq $e;
+ }
+ return 0;
+}
+
+sub read_env_file {
+ my $file = shift;
+
+ -r $file or return;
+ my @lines = qx{env - sh -c '. $file && env'};
+ if ($?) {
+ die "Could not read $file\n";
+ }
+
+ foreach my $l (@lines) {
+ chomp $l;
+ $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
+ $ENV{$1} = $2;
+ }
+}
+
+sub switch_marker {
+ die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
+ if @_ != 3;
+ my $which = shift;
+ my $what = shift;
+ my $name = shift;
+
+ my $mode = "admin";
+ $mode = "maint" if $maintmode;
+
+ #print("switch_marker $which $what $name\n");
+ # TODO: get rid of the magic string(s)
+ my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
+ my $state_marker = "$state_marker_dir/$name";
+ if ( !-d $state_marker_dir ) {
+ File::Path::mkpath("$state_marker_dir")
+ || error(
+ "Failed to create marker directory: '$state_marker_dir'\n");
+ }
+
+ # XXX: swap find with perl alternative
+ my @markers = qx{find "$statedir" -type f -a -name "$name"};
+ chomp(@markers);
+ foreach (@markers) {
+ unless ( unlink $_ ) {
+ error("Failed to remove old marker '$_'!\n") && return 0;
+ }
+ }
+ unless ($purge) {
+ qx{touch "$state_marker"};
+ if ( $? != 0 ) {
+ error("Failed to create marker '$state_marker'!\n") && return 0;
+ }
+ return 1;
+ }
+}
+
+# vim: syntax=perl sw=4 sts=4 sr et
- change mode from '' to '0700'
- change owner from '' to 'root'
- change group from '' to 'root'
* link[/usr/sbin/a2dissite] action delete
- delete link to file at /usr/sbin/a2dissite
* template[/usr/sbin/a2dissite] action create
- create new file /usr/sbin/a2dissite
- update content in file /usr/sbin/a2dissite from none to ce53f4
--- /usr/sbin/a2dissite 2017-01-26 21:01:30.233913943 +0000
+++ /usr/sbin/.chef-a2dissite20170126-1258-rx7i1r 2017-01-26 21:01:30.233913943 +0000
@@ -1 +1,533 @@
+#!/usr/bin/perl -w
+#
+# a2enmod by Stefan Fritsch <sf@debian.org>
+# Licensed under Apache License 2.0
+#
+# The coding style is "perltidy -pbp"
+
+use strict;
+use Cwd 'realpath';
+use File::Spec;
+use File::Basename;
+use File::Path;
+use Getopt::Long;
+
+my $quiet;
+my $force;
+my $maintmode;
+my $purge;
+
+Getopt::Long::Configure('bundling');
+GetOptions(
+ 'quiet|q' => \$quiet,
+ 'force|f' => \$force,
+ 'maintmode|m' => \$maintmode,
+ 'purge|p' => \$purge
+) or exit 2;
+
+my $basename = basename($0);
+$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
+ or die "$basename call name unknown\n";
+my $act = $1;
+my $obj = $2;
+my $dir_suffix = $3;
+
+my $env_file = $ENV{APACHE_ENVVARS}
+ || (
+ $ENV{APACHE_CONFDIR}
+ ? "$ENV{APACHE_CONFDIR}/envvars"
+ : "/etc/apache2$dir_suffix/envvars"
+ );
+$ENV{LANG} = 'C';
+read_env_file($env_file);
+
+$act .= 'able';
+my ( $name, $dir, $sffx, $reload );
+if ( $obj eq 'mod' ) {
+ $obj = 'module';
+ $dir = 'mods';
+ $sffx = '.load';
+ $reload = 'restart';
+}
+elsif ( $obj eq 'conf' ) {
+ $obj = 'conf';
+ $dir = 'conf';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+else {
+ $dir = 'sites';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+$name = ucfirst($obj);
+
+my $confdir = $ENV{APACHE_CONFDIR} || "/etc/apache2$dir_suffix";
+my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
+ || "$confdir/$dir-available";
+my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib/apache2";
+
+$statedir .= "/$obj";
+
+my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
+my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
+
+my $request_reload = 0;
+
+my $rc = 0;
+
+if ( !scalar @ARGV ) {
+ my @choices = myglob('*');
+ print "Your choices are: @choices\n";
+ print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
+ my $input = <>;
+ @ARGV = split /\s+/, $input;
+
+}
+
+my @objs;
+foreach my $arg (@ARGV) {
+ $arg =~ s/${sffx}$//;
+ my @glob = myglob($arg);
+ if ( !@glob ) {
+ error("No $obj found matching $arg!\n");
+ $rc = 1;
+ }
+ else {
+ push @objs, @glob;
+ }
+}
+
+foreach my $acton (@objs) {
+ doit($acton) or $rc = 1;
+}
+
+info(
+ "To activate the new configuration, you need to run:\n service apache2 $reload\n"
+) if $request_reload;
+
+exit($rc);
+
+##############################################################################
+
+sub myglob {
+ my $arg = shift;
+
+ my @glob = map {
+ s{^$choicedir/}{};
+ s{$sffx$}{};
+ $_
+ } glob("$choicedir/$arg$sffx");
+
+ return @glob;
+}
+
+sub doit {
+ my $acton = shift;
+
+ my ( $conftgt, $conflink );
+ if ( $obj eq 'module' ) {
+ if ( $acton eq 'cgi' && threaded() ) {
+ print
+ "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
+ $acton = 'cgid';
+ }
+
+ $conftgt = "$availdir/$acton.conf";
+ if ( -e $conftgt ) {
+ $conflink = "$enabldir/$acton.conf";
+ }
+ }
+
+ my $tgt = "$availdir/$acton$sffx";
+ my $link = "$enabldir/$acton$sffx";
+
+ if ( !-e $tgt ) {
+ if ( -l $link && !-e $link ) {
+ if ( $act eq 'disable' ) {
+ info("removing dangling symlink $link\n");
+ unlink($link);
+
+ # force a .conf path. It may exist as dangling link, too
+ $conflink = "$enabldir/$acton.conf";
+
+ if ( -l $conflink && !-e $conflink ) {
+ info("removing dangling symlink $conflink\n");
+ unlink($conflink);
+ }
+
+ return 1;
+ }
+ else {
+ error("$link is a dangling symlink!\n");
+ }
+ }
+
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ # exit silently, we are purging anyway
+ return 1;
+ }
+
+ error("$name $acton does not exist!\n");
+ return 0;
+ }
+
+ # handle module dependencies
+ if ( $obj eq 'module' ) {
+ if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
+ my @depends = get_deps("$availdir/$acton.load");
+ do_deps( $acton, @depends ) or return 0;
+
+ my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
+ check_conflicts( $acton, @conflicts ) or return 0;
+ }
+ else {
+ my @depending;
+ foreach my $d ( glob("$enabldir/*.load") ) {
+ my @deps = get_deps($d);
+ if ( is_in( $acton, @deps ) ) {
+ $d =~ m,/([^/]+).load$,;
+ push @depending, $1;
+ }
+ }
+ if ( scalar @depending ) {
+ if ($force) {
+ do_deps( $acton, @depending ) or return 0;
+ }
+ else {
+ error(
+ "The following modules depend on $acton ",
+ "and need to be disabled first: @depending\n"
+ );
+ return 0;
+ }
+ }
+ }
+ }
+ elsif ( $act eq 'enable' ) {
+ my @depends = get_deps("$availdir/$acton$sffx");
+ warn_deps( $acton, @depends ) or return 0;
+ }
+
+ if ( $act eq 'enable' ) {
+ my $check = check_link( $tgt, $link );
+ if ( $check eq 'ok' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'ok' ) {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ elsif ( $confcheck eq 'missing' ) {
+ print "Enabling config file $acton.conf.\n";
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ else {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+ else {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ }
+ elsif ( $check eq 'missing' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'missing' ) {
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ elsif ( $confcheck ne 'ok' ) {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+
+ print "Enabling $obj $acton.\n";
+ if ( $acton eq 'ssl' ) {
+ info( "See /usr/share/doc/apache2/README.Debian.gz on "
+ . "how to configure SSL and create self-signed certificates.\n"
+ );
+ }
+ return add_link( $tgt, $link )
+ && switch_marker( $obj, $act, $acton );
+ }
+ else {
+ error("$name $acton not properly enabled: $check\n");
+ return 0;
+ }
+ }
+ else {
+ if ( -e $link || -l $link ) {
+ remove_link($link);
+ if ( $conflink && -e $conflink ) {
+ remove_link($conflink);
+ }
+ switch_marker( $obj, $act, $acton );
+ print "$name $acton disabled.\n";
+ }
+ elsif ( $conflink && -e $conflink ) {
+ print "Disabling stale config file $acton.conf.\n";
+ remove_link($conflink);
+ }
+ else {
+ info("$name $acton already disabled\n");
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ }
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+sub get_deps {
+ my $file = shift;
+ my $type = shift || "Depends";
+
+ my $fd;
+ if ( !open( $fd, '<', $file ) ) {
+ error("Can't open $file: $!");
+ return;
+ }
+ my $line;
+ while ( defined( $line = <$fd> ) ) {
+ chomp $line;
+ if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
+ my $deps = $1;
+ return split( /[\n\s]+/, $deps );
+ }
+
+ # only check until the first non-empty non-comment line
+ last if ( $line !~ /^\s*(?:#.*)?$/ );
+ }
+ return;
+}
+
+sub do_deps {
+ my $acton = shift;
+ foreach my $d (@_) {
+ info("Considering dependency $d for $acton:\n");
+ if ( !doit($d) ) {
+ error("Could not $act dependency $d for $acton, aborting\n");
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub warn_deps {
+ my $acton = shift;
+ my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
+ foreach my $d (@_) {
+ info("Checking dependency $d for $acton:\n");
+ if ( !-e "$modsenabldir/$d.load" ) {
+ warning(
+ "Module $d is not enabled, but $acton depends on it, aborting\n"
+ );
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub check_conflicts {
+ my $acton = shift;
+ my $haderror = 0;
+ foreach my $d (@_) {
+ info("Considering conflict $d for $acton:\n");
+
+ my $tgt = "$availdir/$d$sffx";
+ my $link = "$enabldir/$d$sffx";
+
+ my $confcheck = check_link( $tgt, $link );
+ if ( $confcheck eq 'ok' ) {
+ error(
+ "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
+ );
+
+ # Don't return immediately, there could be several conflicts
+ $haderror++;
+ }
+ }
+
+ if ($haderror) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub add_link {
+ my ( $tgt, $link ) = @_;
+
+ # create relative link
+ if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
+ die("Could not create $link: $!\n");
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub check_link {
+ my ( $tgt, $link ) = @_;
+
+ if ( !-e $link ) {
+ if ( -l $link ) {
+
+ # points to nowhere
+ info("Removing dangling link $link");
+ unlink($link) or die "Could not remove $link\n";
+ }
+ return 'missing';
+ }
+
+ if ( -e $link && !-l $link ) {
+ return "$link is a real file, not touching it";
+ }
+ if ( realpath($link) ne realpath($tgt) ) {
+ return "$link exists but does not point to $tgt, not touching it";
+ }
+ return 'ok';
+}
+
+sub remove_link {
+ my ($link) = @_;
+
+ if ( -l $link ) {
+ unlink($link) or die "Could not remove $link: $!\n";
+ }
+ elsif ( -e $link ) {
+ error("$link is not a symbolic link, not deleting\n");
+ return 0;
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub threaded {
+ my $result = "";
+ $result = qx{/usr/sbin/apache2ctl -V | grep 'threaded'}
+ if -x '/usr/sbin/apache2ctl';
+ if ( $? != 0 ) {
+
+ # config doesn't work
+ if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
+ {
+ return 0;
+ }
+ elsif (-e "$enabldir/mpm_worker.load"
+ || -e "$enabldir/mpm_event.load" )
+ {
+ return 1;
+ }
+ else {
+ error("Can't determine enabled MPM");
+
+ # do what user requested
+ return 0;
+ }
+ }
+ if ( $result =~ / no/ ) {
+ return 0;
+ }
+ elsif ( $result =~ / yes/ ) {
+ return 1;
+ }
+ else {
+ die("Can't parse output from apache2ctl -V:\n$result\n");
+ }
+}
+
+sub info {
+ print @_ if !$quiet;
+}
+
+sub error {
+ print STDERR 'ERROR: ', @_;
+}
+
+sub warning {
+ print STDERR 'WARNING: ', @_;
+}
+
+sub is_in {
+ my $needle = shift;
+ foreach my $e (@_) {
+ return 1 if $needle eq $e;
+ }
+ return 0;
+}
+
+sub read_env_file {
+ my $file = shift;
+
+ -r $file or return;
+ my @lines = qx{env - sh -c '. $file && env'};
+ if ($?) {
+ die "Could not read $file\n";
+ }
+
+ foreach my $l (@lines) {
+ chomp $l;
+ $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
+ $ENV{$1} = $2;
+ }
+}
+
+sub switch_marker {
+ die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
+ if @_ != 3;
+ my $which = shift;
+ my $what = shift;
+ my $name = shift;
+
+ my $mode = "admin";
+ $mode = "maint" if $maintmode;
+
+ #print("switch_marker $which $what $name\n");
+ # TODO: get rid of the magic string(s)
+ my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
+ my $state_marker = "$state_marker_dir/$name";
+ if ( !-d $state_marker_dir ) {
+ File::Path::mkpath("$state_marker_dir")
+ || error(
+ "Failed to create marker directory: '$state_marker_dir'\n");
+ }
+
+ # XXX: swap find with perl alternative
+ my @markers = qx{find "$statedir" -type f -a -name "$name"};
+ chomp(@markers);
+ foreach (@markers) {
+ unless ( unlink $_ ) {
+ error("Failed to remove old marker '$_'!\n") && return 0;
+ }
+ }
+ unless ($purge) {
+ qx{touch "$state_marker"};
+ if ( $? != 0 ) {
+ error("Failed to create marker '$state_marker'!\n") && return 0;
+ }
+ return 1;
+ }
+}
+
+# vim: syntax=perl sw=4 sts=4 sr et
- change mode from '' to '0700'
- change owner from '' to 'root'
- change group from '' to 'root'
* link[/usr/sbin/a2enmod] action delete (skipped due to only_if)
* template[/usr/sbin/a2enmod] action create
- update content in file /usr/sbin/a2enmod from 838751 to ce53f4
--- /usr/sbin/a2enmod 2016-04-20 14:20:56.000000000 +0000
+++ /usr/sbin/.chef-a2enmod20170126-1258-18ucrtf 2017-01-26 21:01:30.301913943 +0000
@@ -66,7 +66,7 @@
my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
|| "$confdir/$dir-available";
my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
-my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/var/lib/apache2";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib/apache2";
$statedir .= "/$obj";
@@ -177,6 +177,11 @@
# handle module dependencies
if ( $obj eq 'module' ) {
if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
my @depends = get_deps("$availdir/$acton.load");
do_deps( $acton, @depends ) or return 0;
- change mode from '0755' to '0700'
* link[/usr/sbin/a2dismod] action delete
- delete link to file at /usr/sbin/a2dismod
* template[/usr/sbin/a2dismod] action create
- create new file /usr/sbin/a2dismod
- update content in file /usr/sbin/a2dismod from none to ce53f4
--- /usr/sbin/a2dismod 2017-01-26 21:01:30.325913943 +0000
+++ /usr/sbin/.chef-a2dismod20170126-1258-o9wco5 2017-01-26 21:01:30.325913943 +0000
@@ -1 +1,533 @@
+#!/usr/bin/perl -w
+#
+# a2enmod by Stefan Fritsch <sf@debian.org>
+# Licensed under Apache License 2.0
+#
+# The coding style is "perltidy -pbp"
+
+use strict;
+use Cwd 'realpath';
+use File::Spec;
+use File::Basename;
+use File::Path;
+use Getopt::Long;
+
+my $quiet;
+my $force;
+my $maintmode;
+my $purge;
+
+Getopt::Long::Configure('bundling');
+GetOptions(
+ 'quiet|q' => \$quiet,
+ 'force|f' => \$force,
+ 'maintmode|m' => \$maintmode,
+ 'purge|p' => \$purge
+) or exit 2;
+
+my $basename = basename($0);
+$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
+ or die "$basename call name unknown\n";
+my $act = $1;
+my $obj = $2;
+my $dir_suffix = $3;
+
+my $env_file = $ENV{APACHE_ENVVARS}
+ || (
+ $ENV{APACHE_CONFDIR}
+ ? "$ENV{APACHE_CONFDIR}/envvars"
+ : "/etc/apache2$dir_suffix/envvars"
+ );
+$ENV{LANG} = 'C';
+read_env_file($env_file);
+
+$act .= 'able';
+my ( $name, $dir, $sffx, $reload );
+if ( $obj eq 'mod' ) {
+ $obj = 'module';
+ $dir = 'mods';
+ $sffx = '.load';
+ $reload = 'restart';
+}
+elsif ( $obj eq 'conf' ) {
+ $obj = 'conf';
+ $dir = 'conf';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+else {
+ $dir = 'sites';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+$name = ucfirst($obj);
+
+my $confdir = $ENV{APACHE_CONFDIR} || "/etc/apache2$dir_suffix";
+my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
+ || "$confdir/$dir-available";
+my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib/apache2";
+
+$statedir .= "/$obj";
+
+my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
+my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
+
+my $request_reload = 0;
+
+my $rc = 0;
+
+if ( !scalar @ARGV ) {
+ my @choices = myglob('*');
+ print "Your choices are: @choices\n";
+ print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
+ my $input = <>;
+ @ARGV = split /\s+/, $input;
+
+}
+
+my @objs;
+foreach my $arg (@ARGV) {
+ $arg =~ s/${sffx}$//;
+ my @glob = myglob($arg);
+ if ( !@glob ) {
+ error("No $obj found matching $arg!\n");
+ $rc = 1;
+ }
+ else {
+ push @objs, @glob;
+ }
+}
+
+foreach my $acton (@objs) {
+ doit($acton) or $rc = 1;
+}
+
+info(
+ "To activate the new configuration, you need to run:\n service apache2 $reload\n"
+) if $request_reload;
+
+exit($rc);
+
+##############################################################################
+
+sub myglob {
+ my $arg = shift;
+
+ my @glob = map {
+ s{^$choicedir/}{};
+ s{$sffx$}{};
+ $_
+ } glob("$choicedir/$arg$sffx");
+
+ return @glob;
+}
+
+sub doit {
+ my $acton = shift;
+
+ my ( $conftgt, $conflink );
+ if ( $obj eq 'module' ) {
+ if ( $acton eq 'cgi' && threaded() ) {
+ print
+ "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
+ $acton = 'cgid';
+ }
+
+ $conftgt = "$availdir/$acton.conf";
+ if ( -e $conftgt ) {
+ $conflink = "$enabldir/$acton.conf";
+ }
+ }
+
+ my $tgt = "$availdir/$acton$sffx";
+ my $link = "$enabldir/$acton$sffx";
+
+ if ( !-e $tgt ) {
+ if ( -l $link && !-e $link ) {
+ if ( $act eq 'disable' ) {
+ info("removing dangling symlink $link\n");
+ unlink($link);
+
+ # force a .conf path. It may exist as dangling link, too
+ $conflink = "$enabldir/$acton.conf";
+
+ if ( -l $conflink && !-e $conflink ) {
+ info("removing dangling symlink $conflink\n");
+ unlink($conflink);
+ }
+
+ return 1;
+ }
+ else {
+ error("$link is a dangling symlink!\n");
+ }
+ }
+
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ # exit silently, we are purging anyway
+ return 1;
+ }
+
+ error("$name $acton does not exist!\n");
+ return 0;
+ }
+
+ # handle module dependencies
+ if ( $obj eq 'module' ) {
+ if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
+ my @depends = get_deps("$availdir/$acton.load");
+ do_deps( $acton, @depends ) or return 0;
+
+ my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
+ check_conflicts( $acton, @conflicts ) or return 0;
+ }
+ else {
+ my @depending;
+ foreach my $d ( glob("$enabldir/*.load") ) {
+ my @deps = get_deps($d);
+ if ( is_in( $acton, @deps ) ) {
+ $d =~ m,/([^/]+).load$,;
+ push @depending, $1;
+ }
+ }
+ if ( scalar @depending ) {
+ if ($force) {
+ do_deps( $acton, @depending ) or return 0;
+ }
+ else {
+ error(
+ "The following modules depend on $acton ",
+ "and need to be disabled first: @depending\n"
+ );
+ return 0;
+ }
+ }
+ }
+ }
+ elsif ( $act eq 'enable' ) {
+ my @depends = get_deps("$availdir/$acton$sffx");
+ warn_deps( $acton, @depends ) or return 0;
+ }
+
+ if ( $act eq 'enable' ) {
+ my $check = check_link( $tgt, $link );
+ if ( $check eq 'ok' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'ok' ) {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ elsif ( $confcheck eq 'missing' ) {
+ print "Enabling config file $acton.conf.\n";
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ else {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+ else {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ }
+ elsif ( $check eq 'missing' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'missing' ) {
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ elsif ( $confcheck ne 'ok' ) {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+
+ print "Enabling $obj $acton.\n";
+ if ( $acton eq 'ssl' ) {
+ info( "See /usr/share/doc/apache2/README.Debian.gz on "
+ . "how to configure SSL and create self-signed certificates.\n"
+ );
+ }
+ return add_link( $tgt, $link )
+ && switch_marker( $obj, $act, $acton );
+ }
+ else {
+ error("$name $acton not properly enabled: $check\n");
+ return 0;
+ }
+ }
+ else {
+ if ( -e $link || -l $link ) {
+ remove_link($link);
+ if ( $conflink && -e $conflink ) {
+ remove_link($conflink);
+ }
+ switch_marker( $obj, $act, $acton );
+ print "$name $acton disabled.\n";
+ }
+ elsif ( $conflink && -e $conflink ) {
+ print "Disabling stale config file $acton.conf.\n";
+ remove_link($conflink);
+ }
+ else {
+ info("$name $acton already disabled\n");
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ }
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+sub get_deps {
+ my $file = shift;
+ my $type = shift || "Depends";
+
+ my $fd;
+ if ( !open( $fd, '<', $file ) ) {
+ error("Can't open $file: $!");
+ return;
+ }
+ my $line;
+ while ( defined( $line = <$fd> ) ) {
+ chomp $line;
+ if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
+ my $deps = $1;
+ return split( /[\n\s]+/, $deps );
+ }
+
+ # only check until the first non-empty non-comment line
+ last if ( $line !~ /^\s*(?:#.*)?$/ );
+ }
+ return;
+}
+
+sub do_deps {
+ my $acton = shift;
+ foreach my $d (@_) {
+ info("Considering dependency $d for $acton:\n");
+ if ( !doit($d) ) {
+ error("Could not $act dependency $d for $acton, aborting\n");
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub warn_deps {
+ my $acton = shift;
+ my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
+ foreach my $d (@_) {
+ info("Checking dependency $d for $acton:\n");
+ if ( !-e "$modsenabldir/$d.load" ) {
+ warning(
+ "Module $d is not enabled, but $acton depends on it, aborting\n"
+ );
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub check_conflicts {
+ my $acton = shift;
+ my $haderror = 0;
+ foreach my $d (@_) {
+ info("Considering conflict $d for $acton:\n");
+
+ my $tgt = "$availdir/$d$sffx";
+ my $link = "$enabldir/$d$sffx";
+
+ my $confcheck = check_link( $tgt, $link );
+ if ( $confcheck eq 'ok' ) {
+ error(
+ "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
+ );
+
+ # Don't return immediately, there could be several conflicts
+ $haderror++;
+ }
+ }
+
+ if ($haderror) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub add_link {
+ my ( $tgt, $link ) = @_;
+
+ # create relative link
+ if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
+ die("Could not create $link: $!\n");
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub check_link {
+ my ( $tgt, $link ) = @_;
+
+ if ( !-e $link ) {
+ if ( -l $link ) {
+
+ # points to nowhere
+ info("Removing dangling link $link");
+ unlink($link) or die "Could not remove $link\n";
+ }
+ return 'missing';
+ }
+
+ if ( -e $link && !-l $link ) {
+ return "$link is a real file, not touching it";
+ }
+ if ( realpath($link) ne realpath($tgt) ) {
+ return "$link exists but does not point to $tgt, not touching it";
+ }
+ return 'ok';
+}
+
+sub remove_link {
+ my ($link) = @_;
+
+ if ( -l $link ) {
+ unlink($link) or die "Could not remove $link: $!\n";
+ }
+ elsif ( -e $link ) {
+ error("$link is not a symbolic link, not deleting\n");
+ return 0;
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub threaded {
+ my $result = "";
+ $result = qx{/usr/sbin/apache2ctl -V | grep 'threaded'}
+ if -x '/usr/sbin/apache2ctl';
+ if ( $? != 0 ) {
+
+ # config doesn't work
+ if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
+ {
+ return 0;
+ }
+ elsif (-e "$enabldir/mpm_worker.load"
+ || -e "$enabldir/mpm_event.load" )
+ {
+ return 1;
+ }
+ else {
+ error("Can't determine enabled MPM");
+
+ # do what user requested
+ return 0;
+ }
+ }
+ if ( $result =~ / no/ ) {
+ return 0;
+ }
+ elsif ( $result =~ / yes/ ) {
+ return 1;
+ }
+ else {
+ die("Can't parse output from apache2ctl -V:\n$result\n");
+ }
+}
+
+sub info {
+ print @_ if !$quiet;
+}
+
+sub error {
+ print STDERR 'ERROR: ', @_;
+}
+
+sub warning {
+ print STDERR 'WARNING: ', @_;
+}
+
+sub is_in {
+ my $needle = shift;
+ foreach my $e (@_) {
+ return 1 if $needle eq $e;
+ }
+ return 0;
+}
+
+sub read_env_file {
+ my $file = shift;
+
+ -r $file or return;
+ my @lines = qx{env - sh -c '. $file && env'};
+ if ($?) {
+ die "Could not read $file\n";
+ }
+
+ foreach my $l (@lines) {
+ chomp $l;
+ $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
+ $ENV{$1} = $2;
+ }
+}
+
+sub switch_marker {
+ die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
+ if @_ != 3;
+ my $which = shift;
+ my $what = shift;
+ my $name = shift;
+
+ my $mode = "admin";
+ $mode = "maint" if $maintmode;
+
+ #print("switch_marker $which $what $name\n");
+ # TODO: get rid of the magic string(s)
+ my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
+ my $state_marker = "$state_marker_dir/$name";
+ if ( !-d $state_marker_dir ) {
+ File::Path::mkpath("$state_marker_dir")
+ || error(
+ "Failed to create marker directory: '$state_marker_dir'\n");
+ }
+
+ # XXX: swap find with perl alternative
+ my @markers = qx{find "$statedir" -type f -a -name "$name"};
+ chomp(@markers);
+ foreach (@markers) {
+ unless ( unlink $_ ) {
+ error("Failed to remove old marker '$_'!\n") && return 0;
+ }
+ }
+ unless ($purge) {
+ qx{touch "$state_marker"};
+ if ( $? != 0 ) {
+ error("Failed to create marker '$state_marker'!\n") && return 0;
+ }
+ return 1;
+ }
+}
+
+# vim: syntax=perl sw=4 sts=4 sr et
- change mode from '' to '0700'
- change owner from '' to 'root'
- change group from '' to 'root'
* link[/usr/sbin/a2enconf] action delete
- delete link to file at /usr/sbin/a2enconf
* template[/usr/sbin/a2enconf] action create
- create new file /usr/sbin/a2enconf
- update content in file /usr/sbin/a2enconf from none to ce53f4
--- /usr/sbin/a2enconf 2017-01-26 21:01:30.409913943 +0000
+++ /usr/sbin/.chef-a2enconf20170126-1258-oejuwe 2017-01-26 21:01:30.409913943 +0000
@@ -1 +1,533 @@
+#!/usr/bin/perl -w
+#
+# a2enmod by Stefan Fritsch <sf@debian.org>
+# Licensed under Apache License 2.0
+#
+# The coding style is "perltidy -pbp"
+
+use strict;
+use Cwd 'realpath';
+use File::Spec;
+use File::Basename;
+use File::Path;
+use Getopt::Long;
+
+my $quiet;
+my $force;
+my $maintmode;
+my $purge;
+
+Getopt::Long::Configure('bundling');
+GetOptions(
+ 'quiet|q' => \$quiet,
+ 'force|f' => \$force,
+ 'maintmode|m' => \$maintmode,
+ 'purge|p' => \$purge
+) or exit 2;
+
+my $basename = basename($0);
+$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
+ or die "$basename call name unknown\n";
+my $act = $1;
+my $obj = $2;
+my $dir_suffix = $3;
+
+my $env_file = $ENV{APACHE_ENVVARS}
+ || (
+ $ENV{APACHE_CONFDIR}
+ ? "$ENV{APACHE_CONFDIR}/envvars"
+ : "/etc/apache2$dir_suffix/envvars"
+ );
+$ENV{LANG} = 'C';
+read_env_file($env_file);
+
+$act .= 'able';
+my ( $name, $dir, $sffx, $reload );
+if ( $obj eq 'mod' ) {
+ $obj = 'module';
+ $dir = 'mods';
+ $sffx = '.load';
+ $reload = 'restart';
+}
+elsif ( $obj eq 'conf' ) {
+ $obj = 'conf';
+ $dir = 'conf';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+else {
+ $dir = 'sites';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+$name = ucfirst($obj);
+
+my $confdir = $ENV{APACHE_CONFDIR} || "/etc/apache2$dir_suffix";
+my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
+ || "$confdir/$dir-available";
+my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib/apache2";
+
+$statedir .= "/$obj";
+
+my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
+my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
+
+my $request_reload = 0;
+
+my $rc = 0;
+
+if ( !scalar @ARGV ) {
+ my @choices = myglob('*');
+ print "Your choices are: @choices\n";
+ print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
+ my $input = <>;
+ @ARGV = split /\s+/, $input;
+
+}
+
+my @objs;
+foreach my $arg (@ARGV) {
+ $arg =~ s/${sffx}$//;
+ my @glob = myglob($arg);
+ if ( !@glob ) {
+ error("No $obj found matching $arg!\n");
+ $rc = 1;
+ }
+ else {
+ push @objs, @glob;
+ }
+}
+
+foreach my $acton (@objs) {
+ doit($acton) or $rc = 1;
+}
+
+info(
+ "To activate the new configuration, you need to run:\n service apache2 $reload\n"
+) if $request_reload;
+
+exit($rc);
+
+##############################################################################
+
+sub myglob {
+ my $arg = shift;
+
+ my @glob = map {
+ s{^$choicedir/}{};
+ s{$sffx$}{};
+ $_
+ } glob("$choicedir/$arg$sffx");
+
+ return @glob;
+}
+
+sub doit {
+ my $acton = shift;
+
+ my ( $conftgt, $conflink );
+ if ( $obj eq 'module' ) {
+ if ( $acton eq 'cgi' && threaded() ) {
+ print
+ "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
+ $acton = 'cgid';
+ }
+
+ $conftgt = "$availdir/$acton.conf";
+ if ( -e $conftgt ) {
+ $conflink = "$enabldir/$acton.conf";
+ }
+ }
+
+ my $tgt = "$availdir/$acton$sffx";
+ my $link = "$enabldir/$acton$sffx";
+
+ if ( !-e $tgt ) {
+ if ( -l $link && !-e $link ) {
+ if ( $act eq 'disable' ) {
+ info("removing dangling symlink $link\n");
+ unlink($link);
+
+ # force a .conf path. It may exist as dangling link, too
+ $conflink = "$enabldir/$acton.conf";
+
+ if ( -l $conflink && !-e $conflink ) {
+ info("removing dangling symlink $conflink\n");
+ unlink($conflink);
+ }
+
+ return 1;
+ }
+ else {
+ error("$link is a dangling symlink!\n");
+ }
+ }
+
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ # exit silently, we are purging anyway
+ return 1;
+ }
+
+ error("$name $acton does not exist!\n");
+ return 0;
+ }
+
+ # handle module dependencies
+ if ( $obj eq 'module' ) {
+ if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
+ my @depends = get_deps("$availdir/$acton.load");
+ do_deps( $acton, @depends ) or return 0;
+
+ my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
+ check_conflicts( $acton, @conflicts ) or return 0;
+ }
+ else {
+ my @depending;
+ foreach my $d ( glob("$enabldir/*.load") ) {
+ my @deps = get_deps($d);
+ if ( is_in( $acton, @deps ) ) {
+ $d =~ m,/([^/]+).load$,;
+ push @depending, $1;
+ }
+ }
+ if ( scalar @depending ) {
+ if ($force) {
+ do_deps( $acton, @depending ) or return 0;
+ }
+ else {
+ error(
+ "The following modules depend on $acton ",
+ "and need to be disabled first: @depending\n"
+ );
+ return 0;
+ }
+ }
+ }
+ }
+ elsif ( $act eq 'enable' ) {
+ my @depends = get_deps("$availdir/$acton$sffx");
+ warn_deps( $acton, @depends ) or return 0;
+ }
+
+ if ( $act eq 'enable' ) {
+ my $check = check_link( $tgt, $link );
+ if ( $check eq 'ok' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'ok' ) {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ elsif ( $confcheck eq 'missing' ) {
+ print "Enabling config file $acton.conf.\n";
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ else {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+ else {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ }
+ elsif ( $check eq 'missing' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'missing' ) {
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ elsif ( $confcheck ne 'ok' ) {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+
+ print "Enabling $obj $acton.\n";
+ if ( $acton eq 'ssl' ) {
+ info( "See /usr/share/doc/apache2/README.Debian.gz on "
+ . "how to configure SSL and create self-signed certificates.\n"
+ );
+ }
+ return add_link( $tgt, $link )
+ && switch_marker( $obj, $act, $acton );
+ }
+ else {
+ error("$name $acton not properly enabled: $check\n");
+ return 0;
+ }
+ }
+ else {
+ if ( -e $link || -l $link ) {
+ remove_link($link);
+ if ( $conflink && -e $conflink ) {
+ remove_link($conflink);
+ }
+ switch_marker( $obj, $act, $acton );
+ print "$name $acton disabled.\n";
+ }
+ elsif ( $conflink && -e $conflink ) {
+ print "Disabling stale config file $acton.conf.\n";
+ remove_link($conflink);
+ }
+ else {
+ info("$name $acton already disabled\n");
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ }
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+sub get_deps {
+ my $file = shift;
+ my $type = shift || "Depends";
+
+ my $fd;
+ if ( !open( $fd, '<', $file ) ) {
+ error("Can't open $file: $!");
+ return;
+ }
+ my $line;
+ while ( defined( $line = <$fd> ) ) {
+ chomp $line;
+ if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
+ my $deps = $1;
+ return split( /[\n\s]+/, $deps );
+ }
+
+ # only check until the first non-empty non-comment line
+ last if ( $line !~ /^\s*(?:#.*)?$/ );
+ }
+ return;
+}
+
+sub do_deps {
+ my $acton = shift;
+ foreach my $d (@_) {
+ info("Considering dependency $d for $acton:\n");
+ if ( !doit($d) ) {
+ error("Could not $act dependency $d for $acton, aborting\n");
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub warn_deps {
+ my $acton = shift;
+ my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
+ foreach my $d (@_) {
+ info("Checking dependency $d for $acton:\n");
+ if ( !-e "$modsenabldir/$d.load" ) {
+ warning(
+ "Module $d is not enabled, but $acton depends on it, aborting\n"
+ );
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub check_conflicts {
+ my $acton = shift;
+ my $haderror = 0;
+ foreach my $d (@_) {
+ info("Considering conflict $d for $acton:\n");
+
+ my $tgt = "$availdir/$d$sffx";
+ my $link = "$enabldir/$d$sffx";
+
+ my $confcheck = check_link( $tgt, $link );
+ if ( $confcheck eq 'ok' ) {
+ error(
+ "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
+ );
+
+ # Don't return immediately, there could be several conflicts
+ $haderror++;
+ }
+ }
+
+ if ($haderror) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub add_link {
+ my ( $tgt, $link ) = @_;
+
+ # create relative link
+ if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
+ die("Could not create $link: $!\n");
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub check_link {
+ my ( $tgt, $link ) = @_;
+
+ if ( !-e $link ) {
+ if ( -l $link ) {
+
+ # points to nowhere
+ info("Removing dangling link $link");
+ unlink($link) or die "Could not remove $link\n";
+ }
+ return 'missing';
+ }
+
+ if ( -e $link && !-l $link ) {
+ return "$link is a real file, not touching it";
+ }
+ if ( realpath($link) ne realpath($tgt) ) {
+ return "$link exists but does not point to $tgt, not touching it";
+ }
+ return 'ok';
+}
+
+sub remove_link {
+ my ($link) = @_;
+
+ if ( -l $link ) {
+ unlink($link) or die "Could not remove $link: $!\n";
+ }
+ elsif ( -e $link ) {
+ error("$link is not a symbolic link, not deleting\n");
+ return 0;
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub threaded {
+ my $result = "";
+ $result = qx{/usr/sbin/apache2ctl -V | grep 'threaded'}
+ if -x '/usr/sbin/apache2ctl';
+ if ( $? != 0 ) {
+
+ # config doesn't work
+ if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
+ {
+ return 0;
+ }
+ elsif (-e "$enabldir/mpm_worker.load"
+ || -e "$enabldir/mpm_event.load" )
+ {
+ return 1;
+ }
+ else {
+ error("Can't determine enabled MPM");
+
+ # do what user requested
+ return 0;
+ }
+ }
+ if ( $result =~ / no/ ) {
+ return 0;
+ }
+ elsif ( $result =~ / yes/ ) {
+ return 1;
+ }
+ else {
+ die("Can't parse output from apache2ctl -V:\n$result\n");
+ }
+}
+
+sub info {
+ print @_ if !$quiet;
+}
+
+sub error {
+ print STDERR 'ERROR: ', @_;
+}
+
+sub warning {
+ print STDERR 'WARNING: ', @_;
+}
+
+sub is_in {
+ my $needle = shift;
+ foreach my $e (@_) {
+ return 1 if $needle eq $e;
+ }
+ return 0;
+}
+
+sub read_env_file {
+ my $file = shift;
+
+ -r $file or return;
+ my @lines = qx{env - sh -c '. $file && env'};
+ if ($?) {
+ die "Could not read $file\n";
+ }
+
+ foreach my $l (@lines) {
+ chomp $l;
+ $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
+ $ENV{$1} = $2;
+ }
+}
+
+sub switch_marker {
+ die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
+ if @_ != 3;
+ my $which = shift;
+ my $what = shift;
+ my $name = shift;
+
+ my $mode = "admin";
+ $mode = "maint" if $maintmode;
+
+ #print("switch_marker $which $what $name\n");
+ # TODO: get rid of the magic string(s)
+ my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
+ my $state_marker = "$state_marker_dir/$name";
+ if ( !-d $state_marker_dir ) {
+ File::Path::mkpath("$state_marker_dir")
+ || error(
+ "Failed to create marker directory: '$state_marker_dir'\n");
+ }
+
+ # XXX: swap find with perl alternative
+ my @markers = qx{find "$statedir" -type f -a -name "$name"};
+ chomp(@markers);
+ foreach (@markers) {
+ unless ( unlink $_ ) {
+ error("Failed to remove old marker '$_'!\n") && return 0;
+ }
+ }
+ unless ($purge) {
+ qx{touch "$state_marker"};
+ if ( $? != 0 ) {
+ error("Failed to create marker '$state_marker'!\n") && return 0;
+ }
+ return 1;
+ }
+}
+
+# vim: syntax=perl sw=4 sts=4 sr et
- change mode from '' to '0700'
- change owner from '' to 'root'
- change group from '' to 'root'
* link[/usr/sbin/a2disconf] action delete
- delete link to file at /usr/sbin/a2disconf
* template[/usr/sbin/a2disconf] action create
- create new file /usr/sbin/a2disconf
- update content in file /usr/sbin/a2disconf from none to ce53f4
--- /usr/sbin/a2disconf 2017-01-26 21:01:30.481913943 +0000
+++ /usr/sbin/.chef-a2disconf20170126-1258-1x53q2c 2017-01-26 21:01:30.481913943 +0000
@@ -1 +1,533 @@
+#!/usr/bin/perl -w
+#
+# a2enmod by Stefan Fritsch <sf@debian.org>
+# Licensed under Apache License 2.0
+#
+# The coding style is "perltidy -pbp"
+
+use strict;
+use Cwd 'realpath';
+use File::Spec;
+use File::Basename;
+use File::Path;
+use Getopt::Long;
+
+my $quiet;
+my $force;
+my $maintmode;
+my $purge;
+
+Getopt::Long::Configure('bundling');
+GetOptions(
+ 'quiet|q' => \$quiet,
+ 'force|f' => \$force,
+ 'maintmode|m' => \$maintmode,
+ 'purge|p' => \$purge
+) or exit 2;
+
+my $basename = basename($0);
+$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
+ or die "$basename call name unknown\n";
+my $act = $1;
+my $obj = $2;
+my $dir_suffix = $3;
+
+my $env_file = $ENV{APACHE_ENVVARS}
+ || (
+ $ENV{APACHE_CONFDIR}
+ ? "$ENV{APACHE_CONFDIR}/envvars"
+ : "/etc/apache2$dir_suffix/envvars"
+ );
+$ENV{LANG} = 'C';
+read_env_file($env_file);
+
+$act .= 'able';
+my ( $name, $dir, $sffx, $reload );
+if ( $obj eq 'mod' ) {
+ $obj = 'module';
+ $dir = 'mods';
+ $sffx = '.load';
+ $reload = 'restart';
+}
+elsif ( $obj eq 'conf' ) {
+ $obj = 'conf';
+ $dir = 'conf';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+else {
+ $dir = 'sites';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+$name = ucfirst($obj);
+
+my $confdir = $ENV{APACHE_CONFDIR} || "/etc/apache2$dir_suffix";
+my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
+ || "$confdir/$dir-available";
+my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib/apache2";
+
+$statedir .= "/$obj";
+
+my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
+my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
+
+my $request_reload = 0;
+
+my $rc = 0;
+
+if ( !scalar @ARGV ) {
+ my @choices = myglob('*');
+ print "Your choices are: @choices\n";
+ print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
+ my $input = <>;
+ @ARGV = split /\s+/, $input;
+
+}
+
+my @objs;
+foreach my $arg (@ARGV) {
+ $arg =~ s/${sffx}$//;
+ my @glob = myglob($arg);
+ if ( !@glob ) {
+ error("No $obj found matching $arg!\n");
+ $rc = 1;
+ }
+ else {
+ push @objs, @glob;
+ }
+}
+
+foreach my $acton (@objs) {
+ doit($acton) or $rc = 1;
+}
+
+info(
+ "To activate the new configuration, you need to run:\n service apache2 $reload\n"
+) if $request_reload;
+
+exit($rc);
+
+##############################################################################
+
+sub myglob {
+ my $arg = shift;
+
+ my @glob = map {
+ s{^$choicedir/}{};
+ s{$sffx$}{};
+ $_
+ } glob("$choicedir/$arg$sffx");
+
+ return @glob;
+}
+
+sub doit {
+ my $acton = shift;
+
+ my ( $conftgt, $conflink );
+ if ( $obj eq 'module' ) {
+ if ( $acton eq 'cgi' && threaded() ) {
+ print
+ "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
+ $acton = 'cgid';
+ }
+
+ $conftgt = "$availdir/$acton.conf";
+ if ( -e $conftgt ) {
+ $conflink = "$enabldir/$acton.conf";
+ }
+ }
+
+ my $tgt = "$availdir/$acton$sffx";
+ my $link = "$enabldir/$acton$sffx";
+
+ if ( !-e $tgt ) {
+ if ( -l $link && !-e $link ) {
+ if ( $act eq 'disable' ) {
+ info("removing dangling symlink $link\n");
+ unlink($link);
+
+ # force a .conf path. It may exist as dangling link, too
+ $conflink = "$enabldir/$acton.conf";
+
+ if ( -l $conflink && !-e $conflink ) {
+ info("removing dangling symlink $conflink\n");
+ unlink($conflink);
+ }
+
+ return 1;
+ }
+ else {
+ error("$link is a dangling symlink!\n");
+ }
+ }
+
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ # exit silently, we are purging anyway
+ return 1;
+ }
+
+ error("$name $acton does not exist!\n");
+ return 0;
+ }
+
+ # handle module dependencies
+ if ( $obj eq 'module' ) {
+ if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
+ my @depends = get_deps("$availdir/$acton.load");
+ do_deps( $acton, @depends ) or return 0;
+
+ my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
+ check_conflicts( $acton, @conflicts ) or return 0;
+ }
+ else {
+ my @depending;
+ foreach my $d ( glob("$enabldir/*.load") ) {
+ my @deps = get_deps($d);
+ if ( is_in( $acton, @deps ) ) {
+ $d =~ m,/([^/]+).load$,;
+ push @depending, $1;
+ }
+ }
+ if ( scalar @depending ) {
+ if ($force) {
+ do_deps( $acton, @depending ) or return 0;
+ }
+ else {
+ error(
+ "The following modules depend on $acton ",
+ "and need to be disabled first: @depending\n"
+ );
+ return 0;
+ }
+ }
+ }
+ }
+ elsif ( $act eq 'enable' ) {
+ my @depends = get_deps("$availdir/$acton$sffx");
+ warn_deps( $acton, @depends ) or return 0;
+ }
+
+ if ( $act eq 'enable' ) {
+ my $check = check_link( $tgt, $link );
+ if ( $check eq 'ok' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'ok' ) {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ elsif ( $confcheck eq 'missing' ) {
+ print "Enabling config file $acton.conf.\n";
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ else {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+ else {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ }
+ elsif ( $check eq 'missing' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'missing' ) {
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ elsif ( $confcheck ne 'ok' ) {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+
+ print "Enabling $obj $acton.\n";
+ if ( $acton eq 'ssl' ) {
+ info( "See /usr/share/doc/apache2/README.Debian.gz on "
+ . "how to configure SSL and create self-signed certificates.\n"
+ );
+ }
+ return add_link( $tgt, $link )
+ && switch_marker( $obj, $act, $acton );
+ }
+ else {
+ error("$name $acton not properly enabled: $check\n");
+ return 0;
+ }
+ }
+ else {
+ if ( -e $link || -l $link ) {
+ remove_link($link);
+ if ( $conflink && -e $conflink ) {
+ remove_link($conflink);
+ }
+ switch_marker( $obj, $act, $acton );
+ print "$name $acton disabled.\n";
+ }
+ elsif ( $conflink && -e $conflink ) {
+ print "Disabling stale config file $acton.conf.\n";
+ remove_link($conflink);
+ }
+ else {
+ info("$name $acton already disabled\n");
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ }
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+sub get_deps {
+ my $file = shift;
+ my $type = shift || "Depends";
+
+ my $fd;
+ if ( !open( $fd, '<', $file ) ) {
+ error("Can't open $file: $!");
+ return;
+ }
+ my $line;
+ while ( defined( $line = <$fd> ) ) {
+ chomp $line;
+ if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
+ my $deps = $1;
+ return split( /[\n\s]+/, $deps );
+ }
+
+ # only check until the first non-empty non-comment line
+ last if ( $line !~ /^\s*(?:#.*)?$/ );
+ }
+ return;
+}
+
+sub do_deps {
+ my $acton = shift;
+ foreach my $d (@_) {
+ info("Considering dependency $d for $acton:\n");
+ if ( !doit($d) ) {
+ error("Could not $act dependency $d for $acton, aborting\n");
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub warn_deps {
+ my $acton = shift;
+ my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
+ foreach my $d (@_) {
+ info("Checking dependency $d for $acton:\n");
+ if ( !-e "$modsenabldir/$d.load" ) {
+ warning(
+ "Module $d is not enabled, but $acton depends on it, aborting\n"
+ );
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub check_conflicts {
+ my $acton = shift;
+ my $haderror = 0;
+ foreach my $d (@_) {
+ info("Considering conflict $d for $acton:\n");
+
+ my $tgt = "$availdir/$d$sffx";
+ my $link = "$enabldir/$d$sffx";
+
+ my $confcheck = check_link( $tgt, $link );
+ if ( $confcheck eq 'ok' ) {
+ error(
+ "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
+ );
+
+ # Don't return immediately, there could be several conflicts
+ $haderror++;
+ }
+ }
+
+ if ($haderror) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub add_link {
+ my ( $tgt, $link ) = @_;
+
+ # create relative link
+ if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
+ die("Could not create $link: $!\n");
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub check_link {
+ my ( $tgt, $link ) = @_;
+
+ if ( !-e $link ) {
+ if ( -l $link ) {
+
+ # points to nowhere
+ info("Removing dangling link $link");
+ unlink($link) or die "Could not remove $link\n";
+ }
+ return 'missing';
+ }
+
+ if ( -e $link && !-l $link ) {
+ return "$link is a real file, not touching it";
+ }
+ if ( realpath($link) ne realpath($tgt) ) {
+ return "$link exists but does not point to $tgt, not touching it";
+ }
+ return 'ok';
+}
+
+sub remove_link {
+ my ($link) = @_;
+
+ if ( -l $link ) {
+ unlink($link) or die "Could not remove $link: $!\n";
+ }
+ elsif ( -e $link ) {
+ error("$link is not a symbolic link, not deleting\n");
+ return 0;
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub threaded {
+ my $result = "";
+ $result = qx{/usr/sbin/apache2ctl -V | grep 'threaded'}
+ if -x '/usr/sbin/apache2ctl';
+ if ( $? != 0 ) {
+
+ # config doesn't work
+ if ( -e "$enabldir/mpm_prefork.load" || -e "$enabldir/mpm_itk.load" )
+ {
+ return 0;
+ }
+ elsif (-e "$enabldir/mpm_worker.load"
+ || -e "$enabldir/mpm_event.load" )
+ {
+ return 1;
+ }
+ else {
+ error("Can't determine enabled MPM");
+
+ # do what user requested
+ return 0;
+ }
+ }
+ if ( $result =~ / no/ ) {
+ return 0;
+ }
+ elsif ( $result =~ / yes/ ) {
+ return 1;
+ }
+ else {
+ die("Can't parse output from apache2ctl -V:\n$result\n");
+ }
+}
+
+sub info {
+ print @_ if !$quiet;
+}
+
+sub error {
+ print STDERR 'ERROR: ', @_;
+}
+
+sub warning {
+ print STDERR 'WARNING: ', @_;
+}
+
+sub is_in {
+ my $needle = shift;
+ foreach my $e (@_) {
+ return 1 if $needle eq $e;
+ }
+ return 0;
+}
+
+sub read_env_file {
+ my $file = shift;
+
+ -r $file or return;
+ my @lines = qx{env - sh -c '. $file && env'};
+ if ($?) {
+ die "Could not read $file\n";
+ }
+
+ foreach my $l (@lines) {
+ chomp $l;
+ $l =~ /^(.*)?=(.*)$/ or die "Could not parse $file\n";
+ $ENV{$1} = $2;
+ }
+}
+
+sub switch_marker {
+ die('usage: switch_marker([module|site|conf], [enable|disable], $name)')
+ if @_ != 3;
+ my $which = shift;
+ my $what = shift;
+ my $name = shift;
+
+ my $mode = "admin";
+ $mode = "maint" if $maintmode;
+
+ #print("switch_marker $which $what $name\n");
+ # TODO: get rid of the magic string(s)
+ my $state_marker_dir = "$statedir/$what" . "d" . "_by_$mode";
+ my $state_marker = "$state_marker_dir/$name";
+ if ( !-d $state_marker_dir ) {
+ File::Path::mkpath("$state_marker_dir")
+ || error(
+ "Failed to create marker directory: '$state_marker_dir'\n");
+ }
+
+ # XXX: swap find with perl alternative
+ my @markers = qx{find "$statedir" -type f -a -name "$name"};
+ chomp(@markers);
+ foreach (@markers) {
+ unless ( unlink $_ ) {
+ error("Failed to remove old marker '$_'!\n") && return 0;
+ }
+ }
+ unless ($purge) {
+ qx{touch "$state_marker"};
+ if ( $? != 0 ) {
+ error("Failed to create marker '$state_marker'!\n") && return 0;
+ }
+ return 1;
+ }
+}
+
+# vim: syntax=perl sw=4 sts=4 sr et
- change mode from '' to '0700'
- change owner from '' to 'root'
- change group from '' to 'root'
* directory[/etc/apache2/ssl] action create
- create new directory /etc/apache2/ssl
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
* directory[/var/cache/apache2] action create (up to date)
* directory[/var/lock/apache2] action create
- change owner from 'www-data' to 'root'
* template[/etc/sysconfig/apache2] action create (skipped due to only_if)
* template[/etc/apache2/envvars] action create
- update content in file /etc/apache2/envvars from dfc55c to 49065a
--- /etc/apache2/envvars 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/.chef-envvars20170126-1258-x0fw30 2017-01-26 21:01:30.569913943 +0000
@@ -3,31 +3,21 @@
# this won't be correct after changing uid
unset HOME
-# for supporting multiple apache2 instances
-if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
- SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
-else
- SUFFIX=
-fi
-
# Since there is no sane way to get the parsed apache2 config in scripts, some
# settings are defined via environment variables and then used in apache2ctl,
# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
# temporary state file location. This might be changed to /run in Wheezy+1
-export APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
-export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
-export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
-# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2.
-export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
+export APACHE_PID_FILE=/var/run/apache2/apache2.pid
+export APACHE_RUN_DIR=/var/run/apache2
+export APACHE_LOCK_DIR=/var/lock/apache2
+export APACHE_LOG_DIR=/var/log/apache2
## The locale used by some modules like mod_dav
export LANG=C
-## Uncomment the following line to use the system default locale instead:
-#. /etc/default/locale
+export LC_ALL=C
-export LANG
## The command to get the status for 'apache2ctl status'.
## Some packages providing 'www-browser' need '--dump' instead of '-dump'.
* template[apache2.conf] action create
- update content in file /etc/apache2/apache2.conf from 17b80a to 45bbc7
--- /etc/apache2/apache2.conf 2014-01-07 13:23:42.000000000 +0000
+++ /etc/apache2/.chef-apache220170126-1258-14dnhiq.conf 2017-01-26 21:01:30.589913943 +0000
@@ -1,84 +1,20 @@
-# This is the main Apache server configuration file. It contains the
-# configuration directives that give the server its instructions.
-# See http://httpd.apache.org/docs/2.4/ for detailed information about
-# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
-# hints.
#
+# Generated by Chef
#
-# Summary of how the Apache 2 configuration works in Debian:
-# The Apache 2 web server configuration in Debian is quite different to
-# upstream's suggested way to configure the web server. This is because Debian's
-# default Apache2 installation attempts to make adding and removing modules,
-# virtual hosts, and extra configuration directives as flexible as possible, in
-# order to make automating the changes and administering the server as easy as
-# possible.
+# Based on the Ubuntu apache2.conf
-# It is split into several files forming the configuration hierarchy outlined
-# below, all located in the /etc/apache2/ directory:
-#
-# /etc/apache2/
-# |-- apache2.conf
-# | `-- ports.conf
-# |-- mods-enabled
-# | |-- *.load
-# | `-- *.conf
-# |-- conf-enabled
-# | `-- *.conf
-# `-- sites-enabled
-# `-- *.conf
-#
-#
-# * apache2.conf is the main configuration file (this file). It puts the pieces
-# together by including all remaining configuration files when starting up the
-# web server.
-#
-# * ports.conf is always included from the main configuration file. It is
-# supposed to determine listening ports for incoming connections which can be
-# customized anytime.
-#
-# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
-# directories contain particular configuration snippets which manage modules,
-# global configuration fragments, or virtual host configurations,
-# respectively.
-#
-# They are activated by symlinking available configuration files from their
-# respective *-available/ counterparts. These should be managed by using our
-# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
-# their respective man pages for detailed information.
-#
-# * The binary is called apache2. Due to the use of environment variables, in
-# the default configuration, apache2 needs to be started/stopped with
-# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
-# work with the default configuration.
+ServerRoot "/etc/apache2"
-
-# Global configuration
#
-
-#
-# ServerRoot: The top of the directory tree under which the server's
-# configuration, error, and log files are kept.
-#
-# NOTE! If you intend to place this on an NFS (or otherwise network)
-# mounted filesystem then please read the Mutex documentation (available
-# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
-# you will save yourself a lot of trouble.
-#
-# Do NOT add a slash at the end of the directory path.
-#
-#ServerRoot "/etc/apache2"
-
-#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
-Mutex file:${APACHE_LOCK_DIR} default
+Mutex file:/var/lock/apache2 default
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
-# This needs to be set in /etc/apache2/envvars
#
-PidFile ${APACHE_PID_FILE}
+PidFile /var/run/apache2/apache2.pid
#
# Timeout: The number of seconds before receives and sends time out.
@@ -104,12 +40,57 @@
#
KeepAliveTimeout 5
+#<IfModule unixd_module>
+User www-data
+Group www-data
+#</IfModule>
-# These need to be set in /etc/apache2/envvars
-User ${APACHE_RUN_USER}
-Group ${APACHE_RUN_GROUP}
+# Sets the default security model of the Apache2 HTTPD server. It does
+# not allow access to the root filesystem outside of /usr/share and /var/www/html.
+# If your system is serving content from a sub-directory in /srv you must allow
+# access in conf-enabled, or in any related virtual host. e.g.
+#
+# <Directory /srv/>
+# Options Indexes FollowSymLinks
+# AllowOverride None
+# Require all granted
+# </Directory>
+#
+<Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ Require all denied
+</Directory>
+<Directory /usr/share>
+ AllowOverride None
+ Require all granted
+</Directory>
+
+<Directory /var/www/html>
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+</Directory>
+
#
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives. See also the AllowOverride
+# directive.
+#
+
+AccessFileName .htaccess
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+<Files ~ "^\.ht">
+ Require all denied
+</Files>
+
+
+#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
@@ -125,98 +106,40 @@
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
-ErrorLog ${APACHE_LOG_DIR}/error.log
+ErrorLog /var/log/apache2/error.log
#
-# LogLevel: Control the severity of messages logged to the error_log.
-# Available values: trace8, ..., trace1, debug, info, notice, warn,
-# error, crit, alert, emerg.
-# It is also possible to configure the log level for particular modules, e.g.
-# "LogLevel info ssl:warn"
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
#
LogLevel warn
+# COOK-1021: Dummy LoadModule directive to aid module installations
+#LoadModule dummy_module modules/mod_dummy.so
+
# Include module configuration:
-IncludeOptional mods-enabled/*.load
-IncludeOptional mods-enabled/*.conf
+IncludeOptional /etc/apache2/mods-enabled/*.load
+IncludeOptional /etc/apache2/mods-enabled/*.conf
-# Include list of ports to listen on
-Include ports.conf
+# Include ports listing
+Include /etc/apache2/ports.conf
-# Sets the default security model of the Apache2 HTTPD server. It does
-# not allow access to the root filesystem outside of /usr/share and /var/www.
-# The former is used by web applications packaged in Debian,
-# the latter may be used for local directories served by the web server. If
-# your system is serving content from a sub-directory in /srv you must allow
-# access here, or in any related virtual host.
-<Directory />
- Options FollowSymLinks
- AllowOverride None
- Require all denied
-</Directory>
-
-<Directory /usr/share>
- AllowOverride None
- Require all granted
-</Directory>
-
-<Directory /var/www/>
- Options Indexes FollowSymLinks
- AllowOverride None
- Require all granted
-</Directory>
-
-#<Directory /srv/>
-# Options Indexes FollowSymLinks
-# AllowOverride None
-# Require all granted
-#</Directory>
-
-
-
-
-# AccessFileName: The name of the file to look for in each directory
-# for additional configuration directives. See also the AllowOverride
-# directive.
#
-AccessFileName .htaccess
-
-#
-# The following lines prevent .htaccess and .htpasswd files from being
-# viewed by Web clients.
-#
-<FilesMatch "^\.ht">
- Require all denied
-</FilesMatch>
-
-
-#
# The following directives define some format nicknames for use with
-# a CustomLog directive.
+# a CustomLog directive (see below).
#
-# These deviate from the Common Log Format definitions in that they use %O
-# (the actual bytes sent including headers) instead of %b (the size of the
-# requested file), because the latter makes it impossible to detect partial
-# requests.
-#
-# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
-# Use mod_remoteip instead.
-#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
-LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
-LogFormat "%h %l %u %t \"%r\" %>s %O" common
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
+#
-# Include of directories ignores editors' and dpkg's backup files,
-# see README.Debian for details.
-
# Include generic snippets of statements
-IncludeOptional conf-enabled/*.conf
+IncludeOptional /etc/apache2/conf-enabled/*.conf
# Include the virtual host configurations:
-IncludeOptional sites-enabled/*.conf
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+IncludeOptional /etc/apache2/sites-enabled/*.conf
* file[/etc/apache2/conf-available/security] action delete (up to date)
* template[/etc/apache2/conf-available/security.conf] action create
- update content in file /etc/apache2/conf-available/security.conf from a62d94 to b8213b
--- /etc/apache2/conf-available/security.conf 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/conf-available/.chef-security20170126-1258-ee2nw8.conf 2017-01-26 21:01:30.637913943 +0000
@@ -1,17 +1,3 @@
-#
-# Disable access to the entire file system except for the directories that
-# are explicitly allowed later.
-#
-# This currently breaks the configurations that come with some web application
-# Debian packages.
-#
-#<Directory />
-# AllowOverride None
-# Order Deny,Allow
-# Deny from all
-#</Directory>
-
-
# Changing the following options will not really affect the security of the
# server, but might make attacks slightly more difficult in some cases.
@@ -22,9 +8,8 @@
# and compiled in modules.
# Set to one of: Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
-#ServerTokens Minimal
-ServerTokens OS
-#ServerTokens Full
+#
+ServerTokens Prod
#
# Optionally add a line containing the server version and virtual host
@@ -33,7 +18,7 @@
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
-#ServerSignature Off
+#
ServerSignature On
#
@@ -43,33 +28,6 @@
# diagnostic purposes).
#
# Set to one of: On | Off | extended
-TraceEnable Off
-#TraceEnable On
-
#
-# Forbid access to version control directories
-#
-# If you use version control systems in your document root, you should
-# probably deny access to their directories. For example, for subversion:
-#
-#<DirectoryMatch "/\.svn">
-# Require all denied
-#</DirectoryMatch>
-
-#
-# Setting this header will prevent MSIE from interpreting files as something
-# else than declared by the content type in the HTTP headers.
-# Requires mod_headers to be enabled.
-#
-#Header set X-Content-Type-Options: "nosniff"
-
-#
-# Setting this header will prevent other sites from embedding pages from this
-# site as frames. This defends against clickjacking attacks.
-# Requires mod_headers to be enabled.
-#
-#Header set X-Frame-Options: "sameorigin"
-
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+TraceEnable Off
* execute[a2enconf security.conf] action run (skipped due to not_if)
* file[/etc/apache2/conf-available/charset] action delete (up to date)
* template[/etc/apache2/conf-available/charset.conf] action create
- update content in file /etc/apache2/conf-available/charset.conf from 1b4173 to 543c6c
--- /etc/apache2/conf-available/charset.conf 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/conf-available/.chef-charset20170126-1258-rahgyv.conf 2017-01-26 21:01:30.669913943 +0000
@@ -4,6 +4,4 @@
# in meta http-equiv or xml encoding tags.
#AddDefaultCharset UTF-8
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
* execute[a2enconf charset.conf] action run (skipped due to not_if)
* file[/etc/apache2/ports] action delete (up to date)
* template[/etc/apache2/ports.conf] action create
- update content in file /etc/apache2/ports.conf from 9d2d53 to 3c42df
--- /etc/apache2/ports.conf 2014-01-07 13:23:42.000000000 +0000
+++ /etc/apache2/.chef-ports20170126-1258-1g42b0p.conf 2017-01-26 21:01:30.685913943 +0000
@@ -1,16 +1,5 @@
-# If you just change the port or add more ports here, you will likely also
-# have to change the VirtualHost statement in
-# /etc/apache2/sites-enabled/000-default.conf
+# This file was generated by Chef for better-chef-rundeck-ubuntu-1404.
+# Do NOT modify this file by hand!
-Listen 80
-
-<IfModule ssl_module>
- Listen 443
-</IfModule>
-
-<IfModule mod_gnutls.c>
- Listen 443
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+Listen *:80
Recipe: apache2::mpm_event
* file[/etc/apache2/mods-available/mpm_prefork.load] action create
- update content in file /etc/apache2/mods-available/mpm_prefork.load from 827c3b to 0d8639
--- /etc/apache2/mods-available/mpm_prefork.load 2016-04-20 14:20:56.000000000 +0000
+++ /etc/apache2/mods-available/.chef-mpm_prefork20170126-1258-7qfhes.load 2017-01-26 21:01:30.697913943 +0000
@@ -1,3 +1,2 @@
-# Conflicts: mpm_event mpm_worker
LoadModule mpm_prefork_module /usr/lib/apache2/modules/mod_mpm_prefork.so
* execute[a2dismod mpm_prefork] action run (skipped due to only_if)
* file[/etc/apache2/mods-available/mpm_worker.load] action create
- update content in file /etc/apache2/mods-available/mpm_worker.load from 48ba3d to 24badb
--- /etc/apache2/mods-available/mpm_worker.load 2016-04-20 14:20:56.000000000 +0000
+++ /etc/apache2/mods-available/.chef-mpm_worker20170126-1258-198di83.load 2017-01-26 21:01:30.709913943 +0000
@@ -1,3 +1,2 @@
-# Conflicts: mpm_event mpm_prefork
LoadModule mpm_worker_module /usr/lib/apache2/modules/mod_mpm_worker.so
* execute[a2dismod mpm_worker] action run (skipped due to only_if)
* template[/etc/apache2/mods-available/mpm_event.conf] action create
- update content in file /etc/apache2/mods-available/mpm_event.conf from 4318a0 to 7be572
--- /etc/apache2/mods-available/mpm_event.conf 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/mods-available/.chef-mpm_event20170126-1258-1vx4qo7.conf 2017-01-26 21:01:30.725913943 +0000
@@ -1,19 +1,18 @@
# event MPM
-# StartServers: initial number of server processes to start
-# MinSpareThreads: minimum number of worker threads which are kept spare
-# MaxSpareThreads: maximum number of worker threads which are kept spare
-# ThreadsPerChild: constant number of worker threads in each server process
-# MaxRequestWorkers: maximum number of worker threads
-# MaxConnectionsPerChild: maximum number of requests a server process serves
<IfModule mpm_event_module>
- StartServers 2
- MinSpareThreads 25
- MaxSpareThreads 75
- ThreadLimit 64
- ThreadsPerChild 25
- MaxRequestWorkers 150
- MaxConnectionsPerChild 0
+ # StartServers: initial number of server processes to start
+ # MinSpareThreads: minimum number of worker threads which are kept spare
+ # MaxSpareThreads: maximum number of worker threads which are kept spare
+ # ThreadsPerChild: constant number of worker threads in each server process
+ # MaxRequestWorkers: maximum number of worker threads
+ # MaxConnectionsPerChild: maximum number of requests a server process serves
+ StartServers 4
+ MinSpareThreads 64
+ MaxSpareThreads 192
+ ThreadsPerChild 64
+ MaxRequestWorkers 1024
+ MaxConnectionsPerChild 0
+ ThreadLimit 192
+ ServerLimit 16
</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
* file[/etc/apache2/mods-available/mpm_event.load] action create
- update content in file /etc/apache2/mods-available/mpm_event.load from 744e65 to 466e14
--- /etc/apache2/mods-available/mpm_event.load 2016-04-20 14:20:56.000000000 +0000
+++ /etc/apache2/mods-available/.chef-mpm_event20170126-1258-5eefd2.load 2017-01-26 21:01:30.753913943 +0000
@@ -1,3 +1,2 @@
-# Conflicts: mpm_worker mpm_prefork
LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
* execute[a2enmod mpm_event] action run (skipped due to not_if)
Recipe: apache2::mod_status
* template[/etc/apache2/mods-available/status.conf] action create
- update content in file /etc/apache2/mods-available/status.conf from 662455 to ed62d0
--- /etc/apache2/mods-available/status.conf 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/mods-available/.chef-status20170126-1258-1i568q4.conf 2017-01-26 21:01:30.757913943 +0000
@@ -1,30 +1,31 @@
<IfModule mod_status.c>
- # Allow server status reports generated by mod_status,
- # with the URL of http://servername/server-status
- # Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
+ #
+ # Allow server status reports generated by mod_status,
+ # with the URL of http://servername/server-status
+ # Uncomment and change the ".example.com" to allow
+ # access from other hosts.
+ #
+ <Location /server-status>
+ SetHandler server-status
+ Require local
+ Require ip 127.0.0.1 ::1
+ </Location>
- <Location /server-status>
- SetHandler server-status
- Require local
- #Require ip 192.0.2.0/24
- </Location>
+ #
+ # ExtendedStatus controls whether Apache will generate "full" status
+ # information (ExtendedStatus On) or just basic information (ExtendedStatus
+ # Off) when the "server-status" handler is called. The default is Off.
+ #
+ ExtendedStatus Off
- # Keep track of extended status information for each request
- ExtendedStatus On
+ # Determine if mod_status displays the first 63 characters of a request or
+ # the last 63, assuming the request itself is greater than 63 chars.
+ # Default: Off
+ #SeeRequestTail On
- # Determine if mod_status displays the first 63 characters of a request or
- # the last 63, assuming the request itself is greater than 63 chars.
- # Default: Off
- #SeeRequestTail On
-
-
- <IfModule mod_proxy.c>
- # Show Proxy LoadBalancer status in mod_status
- ProxyStatus On
- </IfModule>
-
-
+ <IfModule mod_proxy.c>
+ # Show Proxy LoadBalancer status in mod_status
+ ProxyStatus On
+ </IfModule>
</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
* file[/etc/apache2/mods-available/status.load] action create (up to date)
* execute[a2enmod status] action run (skipped due to not_if)
Recipe: apache2::mod_alias
* template[/etc/apache2/mods-available/alias.conf] action create
- update content in file /etc/apache2/mods-available/alias.conf from 51f6f3 to 167573
--- /etc/apache2/mods-available/alias.conf 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/mods-available/.chef-alias20170126-1258-r2xrwt.conf 2017-01-26 21:01:30.781913943 +0000
@@ -1,25 +1,23 @@
<IfModule alias_module>
- # Aliases: Add here as many aliases as you need (with no limit). The format is
- # Alias fakename realname
- #
- # Note that if you include a trailing / on fakename then the server will
- # require it to be present in the URL. So "/icons" isn't aliased in this
- # example, only "/icons/". If the fakename is slash-terminated, then the
- # realname must also be slash terminated, and if the fakename omits the
- # trailing slash, the realname must also omit it.
- #
- # We include the /icons/ alias for FancyIndexed directory listings. If
- # you do not use FancyIndexing, you may comment this out.
+ #
+ # Aliases: Add here as many aliases as you need (with no limit). The format is
+ # Alias fakename realname
+ #
+ # Note that if you include a trailing / on fakename then the server will
+ # require it to be present in the URL. So "/icons" isn't aliased in this
+ # example, only "/icons/". If the fakename is slash-terminated, then the
+ # realname must also be slash terminated, and if the fakename omits the
+ # trailing slash, the realname must also omit it.
+ #
+ # We include the /icons/ alias for FancyIndexed directory listings. If
+ # you do not use FancyIndexing, you may comment this out.
+ #
+ Alias /icons/ "/usr/share/apache2/icons/"
- Alias /icons/ "/usr/share/apache2/icons/"
-
- <Directory "/usr/share/apache2/icons">
- Options FollowSymlinks
- AllowOverride None
- Require all granted
- </Directory>
-
+ <Directory "/usr/share/apache2/icons">
+ Options Indexes MultiViews
+ AllowOverride None
+ Require all granted
+ </Directory>
</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
* file[/etc/apache2/mods-available/alias.load] action create (up to date)
* execute[a2enmod alias] action run (skipped due to not_if)
Recipe: apache2::mod_auth_basic
* file[/etc/apache2/mods-available/auth_basic.load] action create
- update content in file /etc/apache2/mods-available/auth_basic.load from a4b933 to 0d1116
--- /etc/apache2/mods-available/auth_basic.load 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/mods-available/.chef-auth_basic20170126-1258-1grj7zf.load 2017-01-26 21:01:30.801913943 +0000
@@ -1,3 +1,2 @@
-# Depends: authn_core
LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so
* execute[a2enmod auth_basic] action run (skipped due to not_if)
Recipe: apache2::mod_authn_core
* file[/etc/apache2/mods-available/authn_core.load] action create (up to date)
* execute[a2enmod authn_core] action run (skipped due to not_if)
Recipe: apache2::mod_authn_file
* file[/etc/apache2/mods-available/authn_file.load] action create (up to date)
* execute[a2enmod authn_file] action run (skipped due to not_if)
Recipe: apache2::mod_authz_core
* file[/etc/apache2/mods-available/authz_core.load] action create (up to date)
* execute[a2enmod authz_core] action run (skipped due to not_if)
Recipe: apache2::mod_authz_groupfile
* file[/etc/apache2/mods-available/authz_groupfile.load] action create
- update content in file /etc/apache2/mods-available/authz_groupfile.load from 8bc67b to 214f51
--- /etc/apache2/mods-available/authz_groupfile.load 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/mods-available/.chef-authz_groupfile20170126-1258-byzakd.load 2017-01-26 21:01:30.829913943 +0000
@@ -1,3 +1,2 @@
-# Depends: authz_core
LoadModule authz_groupfile_module /usr/lib/apache2/modules/mod_authz_groupfile.so
* execute[a2enmod authz_groupfile] action run
- execute /usr/sbin/a2enmod authz_groupfile
Recipe: apache2::mod_authz_host
* file[/etc/apache2/mods-available/authz_host.load] action create
- update content in file /etc/apache2/mods-available/authz_host.load from 66e656 to a6f9be
--- /etc/apache2/mods-available/authz_host.load 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/mods-available/.chef-authz_host20170126-1258-1ovubiy.load 2017-01-26 21:01:30.929913943 +0000
@@ -1,3 +1,2 @@
-# Depends: authz_core
LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so
* execute[a2enmod authz_host] action run (skipped due to not_if)
Recipe: apache2::mod_authz_user
* file[/etc/apache2/mods-available/authz_user.load] action create
- update content in file /etc/apache2/mods-available/authz_user.load from d219d3 to 854c87
--- /etc/apache2/mods-available/authz_user.load 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/mods-available/.chef-authz_user20170126-1258-1ste3i3.load 2017-01-26 21:01:30.941913943 +0000
@@ -1,3 +1,2 @@
-# Depends: authz_core
LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so
* execute[a2enmod authz_user] action run (skipped due to not_if)
Recipe: apache2::mod_autoindex
* template[/etc/apache2/mods-available/autoindex.conf] action create
- update content in file /etc/apache2/mods-available/autoindex.conf from 727807 to 8e7e44
--- /etc/apache2/mods-available/autoindex.conf 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/mods-available/.chef-autoindex20170126-1258-197pgy9.conf 2017-01-26 21:01:30.949913943 +0000
@@ -1,97 +1,101 @@
<IfModule mod_autoindex.c>
- # Directives controlling the display of server-generated directory listings.
+ #
+ # Directives controlling the display of server-generated directory listings.
+ #
- #
- # IndexOptions: Controls the appearance of server-generated directory
- # listings.
- # Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames.
- IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
+ #
+ # IndexOptions: Controls the appearance of server-generated directory
+ # listings.
+ # Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames.
+ #
+ IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
- #
- # AddIcon* directives tell the server which icon to show for different
- # files or filename extensions. These are only displayed for
- # FancyIndexed directories.
- AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2
+ #
+ # AddIcon* directives tell the server which icon to show for different
+ # files or filename extensions. These are only displayed for
+ # FancyIndexed directories.
+ #
+ AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2
- AddIconByType (TXT,/icons/text.gif) text/*
- AddIconByType (IMG,/icons/image2.gif) image/*
- AddIconByType (SND,/icons/sound2.gif) audio/*
- AddIconByType (VID,/icons/movie.gif) video/*
+ AddIconByType (TXT,/icons/text.gif) text/*
+ AddIconByType (IMG,/icons/image2.gif) image/*
+ AddIconByType (SND,/icons/sound2.gif) audio/*
+ AddIconByType (VID,/icons/movie.gif) video/*
- AddIcon /icons/binary.gif .bin .exe
- AddIcon /icons/binhex.gif .hqx
- AddIcon /icons/tar.gif .tar
- AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
- AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
- AddIcon /icons/a.gif .ps .ai .eps
- AddIcon /icons/layout.gif .html .shtml .htm .pdf
- AddIcon /icons/text.gif .txt
- AddIcon /icons/c.gif .c
- AddIcon /icons/p.gif .pl .py
- AddIcon /icons/f.gif .for
- AddIcon /icons/dvi.gif .dvi
- AddIcon /icons/uuencoded.gif .uu
- AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
- AddIcon /icons/tex.gif .tex
- # It's a suffix rule, so simply matching "core" matches "score" as well !
- AddIcon /icons/bomb.gif /core
- AddIcon (SND,/icons/sound2.gif) .ogg
- AddIcon (VID,/icons/movie.gif) .ogm
+ AddIcon /icons/binary.gif .bin .exe
+ AddIcon /icons/binhex.gif .hqx
+ AddIcon /icons/tar.gif .tar
+ AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+ AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+ AddIcon /icons/a.gif .ps .ai .eps
+ AddIcon /icons/layout.gif .html .shtml .htm .pdf
+ AddIcon /icons/text.gif .txt
+ AddIcon /icons/c.gif .c
+ AddIcon /icons/p.gif .pl .py
+ AddIcon /icons/f.gif .for
+ AddIcon /icons/dvi.gif .dvi
+ AddIcon /icons/uuencoded.gif .uu
+ AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+ AddIcon /icons/tex.gif .tex
+ # It's a suffix rule, so simply matching "core" matches "score" as well !
+ AddIcon /icons/bomb.gif /core
+ AddIcon (SND,/icons/sound2.gif) .ogg
+ AddIcon (VID,/icons/movie.gif) .ogm
- AddIcon /icons/back.gif ..
- AddIcon /icons/hand.right.gif README
- AddIcon /icons/folder.gif ^^DIRECTORY^^
- AddIcon /icons/blank.gif ^^BLANKICON^^
+ AddIcon /icons/back.gif ..
+ AddIcon /icons/hand.right.gif README
+ AddIcon /icons/folder.gif ^^DIRECTORY^^
+ AddIcon /icons/blank.gif ^^BLANKICON^^
- # Default icons for OpenDocument format
- AddIcon /icons/odf6odt-20x22.png .odt
- AddIcon /icons/odf6ods-20x22.png .ods
- AddIcon /icons/odf6odp-20x22.png .odp
- AddIcon /icons/odf6odg-20x22.png .odg
- AddIcon /icons/odf6odc-20x22.png .odc
- AddIcon /icons/odf6odf-20x22.png .odf
- AddIcon /icons/odf6odb-20x22.png .odb
- AddIcon /icons/odf6odi-20x22.png .odi
- AddIcon /icons/odf6odm-20x22.png .odm
+ # Default icons for OpenDocument format
+ AddIcon /icons/odf6odt-20x22.png .odt
+ AddIcon /icons/odf6ods-20x22.png .ods
+ AddIcon /icons/odf6odp-20x22.png .odp
+ AddIcon /icons/odf6odg-20x22.png .odg
+ AddIcon /icons/odf6odc-20x22.png .odc
+ AddIcon /icons/odf6odf-20x22.png .odf
+ AddIcon /icons/odf6odb-20x22.png .odb
+ AddIcon /icons/odf6odi-20x22.png .odi
+ AddIcon /icons/odf6odm-20x22.png .odm
- AddIcon /icons/odf6ott-20x22.png .ott
- AddIcon /icons/odf6ots-20x22.png .ots
- AddIcon /icons/odf6otp-20x22.png .otp
- AddIcon /icons/odf6otg-20x22.png .otg
- AddIcon /icons/odf6otc-20x22.png .otc
- AddIcon /icons/odf6otf-20x22.png .otf
- AddIcon /icons/odf6oti-20x22.png .oti
- AddIcon /icons/odf6oth-20x22.png .oth
+ AddIcon /icons/odf6ott-20x22.png .ott
+ AddIcon /icons/odf6ots-20x22.png .ots
+ AddIcon /icons/odf6otp-20x22.png .otp
+ AddIcon /icons/odf6otg-20x22.png .otg
+ AddIcon /icons/odf6otc-20x22.png .otc
+ AddIcon /icons/odf6otf-20x22.png .otf
+ AddIcon /icons/odf6oti-20x22.png .oti
+ AddIcon /icons/odf6oth-20x22.png .oth
- #
- # DefaultIcon is which icon to show for files which do not have an icon
- # explicitly set.
- DefaultIcon /icons/unknown.gif
+ #
+ # DefaultIcon is which icon to show for files which do not have an icon
+ # explicitly set.
+ #
+ DefaultIcon /icons/unknown.gif
- #
- # AddDescription allows you to place a short description after a file in
- # server-generated indexes. These are only displayed for FancyIndexed
- # directories.
- # Format: AddDescription "description" filename
- #AddDescription "GZIP compressed document" .gz
- #AddDescription "tar archive" .tar
- #AddDescription "GZIP compressed tar archive" .tgz
+ #
+ # AddDescription allows you to place a short description after a file in
+ # server-generated indexes. These are only displayed for FancyIndexed
+ # directories.
+ # Format: AddDescription "description" filename
+ #
+ #AddDescription "GZIP compressed document" .gz
+ #AddDescription "tar archive" .tar
+ #AddDescription "GZIP compressed tar archive" .tgz
- #
- # ReadmeName is the name of the README file the server will look for by
- # default, and append to directory listings.
- #
- # HeaderName is the name of a file which should be prepended to
- # directory indexes
- ReadmeName README.html
- HeaderName HEADER.html
+ #
+ # ReadmeName is the name of the README file the server will look for by
+ # default, and append to directory listings.
+ #
+ # HeaderName is the name of a file which should be prepended to
+ # directory indexes.
+ ReadmeName README.html
+ HeaderName HEADER.html
- #
- # IndexIgnore is a set of filenames which directory indexing should ignore
- # and not include in the listing. Shell-style wildcarding is permitted.
- IndexIgnore .??* *~ *# RCS CVS *,v *,t
-
+ #
+ # IndexIgnore is a set of filenames which directory indexing should ignore
+ # and not include in the listing. Shell-style wildcarding is permitted.
+ #
+ IndexIgnore .??* *~ *# RCS CVS *,v *,t
</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
* file[/etc/apache2/mods-available/autoindex.load] action create (up to date)
* execute[a2enmod autoindex] action run (skipped due to not_if)
Recipe: apache2::mod_deflate
* template[/etc/apache2/mods-available/deflate.conf] action create
- update content in file /etc/apache2/mods-available/deflate.conf from 7c5c22 to c8749f
--- /etc/apache2/mods-available/deflate.conf 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/mods-available/.chef-deflate20170126-1258-117l9mu.conf 2017-01-26 21:01:30.989913943 +0000
@@ -1,15 +1,19 @@
<IfModule mod_deflate.c>
- <IfModule mod_filter.c>
- # these are known to be safe with MSIE 6
- AddOutputFilterByType DEFLATE text/html text/plain text/xml
+ <IfModule mod_filter.c>
+ # these are known to be safe with MSIE 6
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml
- # everything else may cause problems with MSIE 6
- AddOutputFilterByType DEFLATE text/css
- AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
- AddOutputFilterByType DEFLATE application/rss+xml
- AddOutputFilterByType DEFLATE application/xml
- </IfModule>
+ # everything else may cause problems with MSIE 6
+ AddOutputFilterByType DEFLATE text/css
+ AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
+ AddOutputFilterByType DEFLATE application/rss+xml
+ AddOutputFilterByType DEFLATE application/xml
+ AddOutputFilterByType DEFLATE application/xhtml+xml
+ AddOutputFilterByType DEFLATE image/svg+xml
+ AddOutputFilterByType DEFLATE application/atom_xml
+ AddOutputFilterByType DEFLATE application/x-httpd-php
+ AddOutputFilterByType DEFLATE application/x-httpd-fastphp
+ AddOutputFilterByType DEFLATE application/x-httpd-eruby
+ </IfModule>
</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
* file[/etc/apache2/mods-available/deflate.load] action create
- update content in file /etc/apache2/mods-available/deflate.load from 82ba90 to a9a45c
--- /etc/apache2/mods-available/deflate.load 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/mods-available/.chef-deflate20170126-1258-1g2rgtv.load 2017-01-26 21:01:31.005913943 +0000
@@ -1,3 +1,2 @@
-# Depends: filter
LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so
* execute[a2enmod deflate] action run (skipped due to not_if)
Recipe: apache2::mod_dir
* template[/etc/apache2/mods-available/dir.conf] action create
- update content in file /etc/apache2/mods-available/dir.conf from f02232 to 5d2651
--- /etc/apache2/mods-available/dir.conf 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/mods-available/.chef-dir20170126-1258-1zxls1.conf 2017-01-26 21:01:31.017913943 +0000
@@ -1,6 +1,4 @@
<IfModule mod_dir.c>
- DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
+ DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
* file[/etc/apache2/mods-available/dir.load] action create (up to date)
* execute[a2enmod dir] action run (skipped due to not_if)
Recipe: apache2::mod_env
* file[/etc/apache2/mods-available/env.load] action create (up to date)
* execute[a2enmod env] action run (skipped due to not_if)
Recipe: apache2::mod_mime
* template[/etc/apache2/mods-available/mime.conf] action create
- update content in file /etc/apache2/mods-available/mime.conf from 967722 to 76e7d0
--- /etc/apache2/mods-available/mime.conf 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/mods-available/.chef-mime20170126-1258-whoyer.conf 2017-01-26 21:01:31.061913943 +0000
@@ -1,250 +1,193 @@
<IfModule mod_mime.c>
+ #
+ # TypesConfig points to the file containing the list of mappings from
+ # filename extension to MIME-type.
+ #
+ TypesConfig /etc/mime.types
- #
- # TypesConfig points to the file containing the list of mappings from
- # filename extension to MIME-type.
- #
- TypesConfig /etc/mime.types
+ #
+ # AddType allows you to add to or override the MIME configuration
+ # file mime.types for specific file types.
+ #
+ #AddType application/x-gzip .tgz
+ #
+ # AddEncoding allows you to have certain browsers uncompress
+ # information on the fly. Note: Not all browsers support this.
+ # Despite the name similarity, the following Add* directives have
+ # nothing to do with the FancyIndexing customization directives above.
+ #
+ #AddEncoding x-compress .Z
+ #AddEncoding x-gzip .gz .tgz
+ #AddEncoding x-bzip2 .bz2
+ #
+ # If the AddEncoding directives above are commented-out, then you
+ # probably should define those extensions to indicate media types:
+ #
+ AddType application/x-compress .Z
+ AddType application/x-gzip .gz .tgz
+ AddType application/x-bzip2 .bz2
- #
- # AddType allows you to add to or override the MIME configuration
- # file mime.types for specific file types.
- #
- #AddType application/x-gzip .tgz
- #
- # AddEncoding allows you to have certain browsers uncompress
- # information on the fly. Note: Not all browsers support this.
- # Despite the name similarity, the following Add* directives have
- # nothing to do with the FancyIndexing customization directives above.
- #
- #AddEncoding x-compress .Z
- #AddEncoding x-gzip .gz .tgz
- #AddEncoding x-bzip2 .bz2
- #
- # If the AddEncoding directives above are commented-out, then you
- # probably should define those extensions to indicate media types:
- #
- AddType application/x-compress .Z
- AddType application/x-gzip .gz .tgz
- AddType application/x-bzip2 .bz2
+ AddType image/svg+xml svg svgz
+ AddEncoding gzip svgz
- #
- # DefaultLanguage and AddLanguage allows you to specify the language of
- # a document. You can then use content negotiation to give a browser a
- # file in a language the user can understand.
- #
- # Specify a default language. This means that all data
- # going out without a specific language tag (see below) will
- # be marked with this one. You probably do NOT want to set
- # this unless you are sure it is correct for all cases.
- #
- # * It is generally better to not mark a page as
- # * being a certain language than marking it with the wrong
- # * language!
- #
- # DefaultLanguage nl
- #
- # Note 1: The suffix does not have to be the same as the language
- # keyword --- those with documents in Polish (whose net-standard
- # language code is pl) may wish to use "AddLanguage pl .po" to
- # avoid the ambiguity with the common suffix for perl scripts.
- #
- # Note 2: The example entries below illustrate that in some cases
- # the two character 'Language' abbreviation is not identical to
- # the two character 'Country' code for its country,
- # E.g. 'Danmark/dk' versus 'Danish/da'.
- #
- # Note 3: In the case of 'ltz' we violate the RFC by using a three char
- # specifier. There is 'work in progress' to fix this and get
- # the reference data for rfc1766 cleaned up.
- #
- # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
- # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
- # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
- # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
- # Norwegian (no) - Polish (pl) - Portugese (pt)
- # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
- # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
- #
- AddLanguage am .amh
- AddLanguage ar .ara
- AddLanguage be .be
- AddLanguage bg .bg
- AddLanguage bn .bn
- AddLanguage br .br
- AddLanguage bs .bs
- AddLanguage ca .ca
- AddLanguage cs .cz .cs
- AddLanguage cy .cy
- AddLanguage da .dk
- AddLanguage de .de
- AddLanguage dz .dz
- AddLanguage el .el
- AddLanguage en .en
- AddLanguage eo .eo
- # es is ecmascript in /etc/mime.types
- RemoveType es
- AddLanguage es .es
- AddLanguage et .et
- AddLanguage eu .eu
- AddLanguage fa .fa
- AddLanguage fi .fi
- AddLanguage fr .fr
- AddLanguage ga .ga
- AddLanguage gl .glg
- AddLanguage gu .gu
- AddLanguage he .he
- AddLanguage hi .hi
- AddLanguage hr .hr
- AddLanguage hu .hu
- AddLanguage hy .hy
- AddLanguage id .id
- AddLanguage is .is
- AddLanguage it .it
- AddLanguage ja .ja
- AddLanguage ka .ka
- AddLanguage kk .kk
- AddLanguage km .km
- AddLanguage kn .kn
- AddLanguage ko .ko
- AddLanguage ku .ku
- AddLanguage lo .lo
- AddLanguage lt .lt
- AddLanguage ltz .ltz
- AddLanguage lv .lv
- AddLanguage mg .mg
- AddLanguage mk .mk
- AddLanguage ml .ml
- AddLanguage mr .mr
- AddLanguage ms .msa
- AddLanguage nb .nob
- AddLanguage ne .ne
- AddLanguage nl .nl
- AddLanguage nn .nn
- AddLanguage no .no
- AddLanguage pa .pa
- AddLanguage pl .po
- AddLanguage pt-BR .pt-br
- AddLanguage pt .pt
- AddLanguage ro .ro
- AddLanguage ru .ru
- AddLanguage sa .sa
- AddLanguage se .se
- AddLanguage si .si
- AddLanguage sk .sk
- AddLanguage sl .sl
- AddLanguage sq .sq
- AddLanguage sr .sr
- AddLanguage sv .sv
- AddLanguage ta .ta
- AddLanguage te .te
- AddLanguage th .th
- AddLanguage tl .tl
- RemoveType tr
- # tr is troff in /etc/mime.types
- AddLanguage tr .tr
- AddLanguage uk .uk
- AddLanguage ur .ur
- AddLanguage vi .vi
- AddLanguage wo .wo
- AddLanguage xh .xh
- AddLanguage zh-CN .zh-cn
- AddLanguage zh-TW .zh-tw
+ #
+ # DefaultLanguage and AddLanguage allows you to specify the language of
+ # a document. You can then use content negotiation to give a browser a
+ # file in a language the user can understand.
+ #
+ # Specify a default language. This means that all data
+ # going out without a specific language tag (see below) will
+ # be marked with this one. You probably do NOT want to set
+ # this unless you are sure it is correct for all cases.
+ #
+ # * It is generally better to not mark a page as
+ # * being a certain language than marking it with the wrong
+ # * language!
+ #
+ # DefaultLanguage nl
+ #
+ # Note 1: The suffix does not have to be the same as the language
+ # keyword --- those with documents in Polish (whose net-standard
+ # language code is pl) may wish to use "AddLanguage pl .po" to
+ # avoid the ambiguity with the common suffix for perl scripts.
+ #
+ # Note 2: The example entries below illustrate that in some cases
+ # the two character 'Language' abbreviation is not identical to
+ # the two character 'Country' code for its country,
+ # E.g. 'Danmark/dk' versus 'Danish/da'.
+ #
+ # Note 3: In the case of 'ltz' we violate the RFC by using a three char
+ # specifier. There is 'work in progress' to fix this and get
+ # the reference data for rfc1766 cleaned up.
+ #
+ # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
+ # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
+ # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
+ # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
+ # Norwegian (no) - Polish (pl) - Portugese (pt)
+ # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
+ # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
+ #
+ AddLanguage ca .ca
+ AddLanguage cs .cz .cs
+ AddLanguage da .dk
+ AddLanguage de .de
+ AddLanguage el .el
+ AddLanguage en .en
+ AddLanguage eo .eo
+ # See README.Debian for Spanish
+ AddLanguage es .es
+ AddLanguage et .et
+ AddLanguage fr .fr
+ AddLanguage he .he
+ AddLanguage hr .hr
+ AddLanguage it .it
+ AddLanguage ja .ja
+ AddLanguage ko .ko
+ AddLanguage ltz .ltz
+ AddLanguage nl .nl
+ AddLanguage nn .nn
+ AddLanguage no .no
+ AddLanguage pl .po
+ AddLanguage pt .pt
+ AddLanguage pt-BR .pt-br
+ AddLanguage ru .ru
+ AddLanguage sv .sv
+ # See README.Debian for Turkish
+ AddLanguage tr .tr
+ AddLanguage zh-CN .zh-cn
+ AddLanguage zh-TW .zh-tw
- #
- # Commonly used filename extensions to character sets. You probably
- # want to avoid clashes with the language extensions, unless you
- # are good at carefully testing your setup after each change.
- # See http://www.iana.org/assignments/character-sets for the
- # official list of charset names and their respective RFCs.
- #
- AddCharset us-ascii .ascii .us-ascii
- AddCharset ISO-8859-1 .iso8859-1 .latin1
- AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
- AddCharset ISO-8859-3 .iso8859-3 .latin3
- AddCharset ISO-8859-4 .iso8859-4 .latin4
- AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
- AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
- AddCharset ISO-8859-7 .iso8859-7 .grk .greek
- AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
- AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
- AddCharset ISO-8859-10 .iso8859-10 .latin6
- AddCharset ISO-8859-13 .iso8859-13
- AddCharset ISO-8859-14 .iso8859-14 .latin8
- AddCharset ISO-8859-15 .iso8859-15 .latin9
- AddCharset ISO-8859-16 .iso8859-16 .latin10
- AddCharset ISO-2022-JP .iso2022-jp .jis
- AddCharset ISO-2022-KR .iso2022-kr .kis
- AddCharset ISO-2022-CN .iso2022-cn .cis
- AddCharset Big5 .Big5 .big5 .b5
- AddCharset cn-Big5 .cn-big5
- # For russian, more than one charset is used (depends on client, mostly):
- AddCharset WINDOWS-1251 .cp-1251 .win-1251
- AddCharset CP866 .cp866
- AddCharset KOI8 .koi8
- AddCharset KOI8-E .koi8-e
- AddCharset KOI8-r .koi8-r .koi8-ru
- AddCharset KOI8-U .koi8-u
- AddCharset KOI8-ru .koi8-uk .ua
- AddCharset ISO-10646-UCS-2 .ucs2
- AddCharset ISO-10646-UCS-4 .ucs4
- AddCharset UTF-7 .utf7
- AddCharset UTF-8 .utf8
- AddCharset UTF-16 .utf16
- AddCharset UTF-16BE .utf16be
- AddCharset UTF-16LE .utf16le
- AddCharset UTF-32 .utf32
- AddCharset UTF-32BE .utf32be
- AddCharset UTF-32LE .utf32le
- AddCharset euc-cn .euc-cn
- AddCharset euc-gb .euc-gb
- AddCharset euc-jp .euc-jp
- AddCharset euc-kr .euc-kr
- #Not sure how euc-tw got in - IANA doesn't list it???
- AddCharset EUC-TW .euc-tw
- AddCharset gb2312 .gb2312 .gb
- AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
- AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
- AddCharset shift_jis .shift_jis .sjis
- AddCharset BRF .brf
+ #
+ # Commonly used filename extensions to character sets. You probably
+ # want to avoid clashes with the language extensions, unless you
+ # are good at carefully testing your setup after each change.
+ # See http://www.iana.org/assignments/character-sets for the
+ # official list of charset names and their respective RFCs.
+ #
+ AddCharset us-ascii .ascii .us-ascii
+ AddCharset ISO-8859-1 .iso8859-1 .latin1
+ AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
+ AddCharset ISO-8859-3 .iso8859-3 .latin3
+ AddCharset ISO-8859-4 .iso8859-4 .latin4
+ AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
+ AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
+ AddCharset ISO-8859-7 .iso8859-7 .grk .greek
+ AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
+ AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
+ AddCharset ISO-8859-10 .iso8859-10 .latin6
+ AddCharset ISO-8859-13 .iso8859-13
+ AddCharset ISO-8859-14 .iso8859-14 .latin8
+ AddCharset ISO-8859-15 .iso8859-15 .latin9
+ AddCharset ISO-8859-16 .iso8859-16 .latin10
+ AddCharset ISO-2022-JP .iso2022-jp .jis
+ AddCharset ISO-2022-KR .iso2022-kr .kis
+ AddCharset ISO-2022-CN .iso2022-cn .cis
+ AddCharset Big5 .Big5 .big5 .b5
+ AddCharset cn-Big5 .cn-big5
+ # For russian, more than one charset is used (depends on client, mostly):
+ AddCharset WINDOWS-1251 .cp-1251 .win-1251
+ AddCharset CP866 .cp866
+ AddCharset KOI8 .koi8
+ AddCharset KOI8-E .koi8-e
+ AddCharset KOI8-r .koi8-r .koi8-ru
+ AddCharset KOI8-U .koi8-u
+ AddCharset KOI8-ru .koi8-uk .ua
+ AddCharset ISO-10646-UCS-2 .ucs2
+ AddCharset ISO-10646-UCS-4 .ucs4
+ AddCharset UTF-7 .utf7
+ AddCharset UTF-8 .utf8
+ AddCharset UTF-16 .utf16
+ AddCharset UTF-16BE .utf16be
+ AddCharset UTF-16LE .utf16le
+ AddCharset UTF-32 .utf32
+ AddCharset UTF-32BE .utf32be
+ AddCharset UTF-32LE .utf32le
+ AddCharset euc-cn .euc-cn
+ AddCharset euc-gb .euc-gb
+ AddCharset euc-jp .euc-jp
+ AddCharset euc-kr .euc-kr
+ #Not sure how euc-tw got in - IANA doesn't list it???
+ AddCharset EUC-TW .euc-tw
+ AddCharset gb2312 .gb2312 .gb
+ AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
+ AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
+ AddCharset shift_jis .shift_jis .sjis
- #
- # AddHandler allows you to map certain file extensions to "handlers":
- # actions unrelated to filetype. These can be either built into the server
- # or added with the Action directive (see below)
- #
- # To use CGI scripts outside of ScriptAliased directories:
- # (You will also need to add "ExecCGI" to the "Options" directive.)
- #
- #AddHandler cgi-script .cgi
+ #
+ # AddHandler allows you to map certain file extensions to "handlers":
+ # actions unrelated to filetype. These can be either built into the server
+ # or added with the Action directive (see below)
+ #
+ # To use CGI scripts outside of ScriptAliased directories:
+ # (You will also need to add "ExecCGI" to the "Options" directive.)
+ #
+ #AddHandler cgi-script .cgi
- #
- # For files that include their own HTTP headers:
- #
- #AddHandler send-as-is asis
+ #
+ # For files that include their own HTTP headers:
+ #
+ #AddHandler send-as-is asis
- #
- # For server-parsed imagemap files:
- #
- #AddHandler imap-file map
+ #
+ # For server-parsed imagemap files:
+ #
+ #AddHandler imap-file map
- #
- # For type maps (negotiated resources):
- # (This is enabled by default to allow the Apache "It Worked" page
- # to be distributed in multiple languages.)
- #
- AddHandler type-map var
+ #
+ # For type maps (negotiated resources):
+ # (This is enabled by default to allow the Apache "It Worked" page
+ # to be distributed in multiple languages.)
+ #
+ AddHandler type-map var
- #
- # Filters allow you to process content before it is sent to the client.
- #
- # To parse .shtml files for server-side includes (SSI):
- # (You will also need to add "Includes" to the "Options" directive.)
- #
- AddType text/html .shtml
- AddOutputFilter INCLUDES .shtml
-
+ #
+ # Filters allow you to process content before it is sent to the client.
+ #
+ # To parse .shtml files for server-side includes (SSI):
+ # (You will also need to add "Includes" to the "Options" directive.)
+ #
+ AddType text/html .shtml
+ AddOutputFilter INCLUDES .shtml
</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
* file[/etc/apache2/mods-available/mime.load] action create (up to date)
* execute[a2enmod mime] action run (skipped due to not_if)
Recipe: apache2::mod_negotiation
* template[/etc/apache2/mods-available/negotiation.conf] action create
- update content in file /etc/apache2/mods-available/negotiation.conf from 0649b6 to 3ad8fd
--- /etc/apache2/mods-available/negotiation.conf 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/mods-available/.chef-negotiation20170126-1258-1nwupod.conf 2017-01-26 21:01:31.129913943 +0000
@@ -1,21 +1,18 @@
<IfModule mod_negotiation.c>
+ #
+ # LanguagePriority allows you to give precedence to some languages
+ # in case of a tie during content negotiation.
+ #
+ # Just list the languages in decreasing order of preference. We have
+ # more or less alphabetized them here. You probably want to change this.
+ #
+ LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
- # LanguagePriority allows you to give precedence to some languages
- # in case of a tie during content negotiation.
- #
- # Just list the languages in decreasing order of preference. We have
- # more or less alphabetized them here. You probably want to change this.
- #
- LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
-
- #
- # ForceLanguagePriority allows you to serve a result page rather than
- # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
- # [in case no accepted languages matched the available variants]
- #
- ForceLanguagePriority Prefer Fallback
-
+ #
+ # ForceLanguagePriority allows you to serve a result page rather than
+ # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
+ # [in case no accepted languages matched the available variants]
+ #
+ ForceLanguagePriority Prefer Fallback
</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
* file[/etc/apache2/mods-available/negotiation.load] action create (up to date)
* execute[a2enmod negotiation] action run (skipped due to not_if)
Recipe: apache2::mod_setenvif
* template[/etc/apache2/mods-available/setenvif.conf] action create
- update content in file /etc/apache2/mods-available/setenvif.conf from 56aca4 to fb5a27
--- /etc/apache2/mods-available/setenvif.conf 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/mods-available/.chef-setenvif20170126-1258-1ra59xf.conf 2017-01-26 21:01:31.149913943 +0000
@@ -1,33 +1,29 @@
<IfModule mod_setenvif.c>
+ #
+ # The following directives modify normal HTTP response behavior to
+ # handle known problems with browser implementations.
+ #
+ BrowserMatch "Mozilla/2" nokeepalive
+ BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+ BrowserMatch "RealPlayer 4\.0" force-response-1.0
+ BrowserMatch "Java/1\.0" force-response-1.0
+ BrowserMatch "JDK/1\.0" force-response-1.0
- #
- # The following directives modify normal HTTP response behavior to
- # handle known problems with browser implementations.
- #
- BrowserMatch "Mozilla/2" nokeepalive
- BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
- BrowserMatch "RealPlayer 4\.0" force-response-1.0
- BrowserMatch "Java/1\.0" force-response-1.0
- BrowserMatch "JDK/1\.0" force-response-1.0
-
- #
- # The following directive disables redirects on non-GET requests for
- # a directory that does not include the trailing slash. This fixes a
- # problem with Microsoft WebFolders which does not appropriately handle
- # redirects for folders with DAV methods.
- # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
- #
- BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
- BrowserMatch "MS FrontPage" redirect-carefully
- BrowserMatch "^WebDrive" redirect-carefully
- BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
- BrowserMatch "^gnome-vfs/1.0" redirect-carefully
- BrowserMatch "^gvfs/1" redirect-carefully
- BrowserMatch "^XML Spy" redirect-carefully
- BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
- BrowserMatch " Konqueror/4" redirect-carefully
-
+ #
+ # The following directive disables redirects on non-GET requests for
+ # a directory that does not include the trailing slash. This fixes a
+ # problem with Microsoft WebFolders which does not appropriately handle
+ # redirects for folders with DAV methods.
+ # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+ #
+ BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+ BrowserMatch "MS FrontPage" redirect-carefully
+ BrowserMatch "^WebDrive" redirect-carefully
+ BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
+ BrowserMatch "^gnome-vfs/1.0" redirect-carefully
+ BrowserMatch "^gvfs/1" redirect-carefully
+ BrowserMatch "^XML Spy" redirect-carefully
+ BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+ BrowserMatch " Konqueror/4" redirect-carefully
</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
* file[/etc/apache2/mods-available/setenvif.load] action create (up to date)
* execute[a2enmod setenvif] action run (skipped due to not_if)
Recipe: apache2::default
* service[apache2] action enable (up to date)
* service[apache2] action start (up to date)
Recipe: apache2::mod_headers
* file[/etc/apache2/mods-available/headers.load] action create (up to date)
* execute[a2enmod headers] action run
- execute /usr/sbin/a2enmod headers
Recipe: apache2::mod_proxy
* template[/etc/apache2/mods-available/proxy.conf] action create
- update content in file /etc/apache2/mods-available/proxy.conf from 74a91b to 137642
--- /etc/apache2/mods-available/proxy.conf 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/mods-available/.chef-proxy20170126-1258-8mh5m8.conf 2017-01-26 21:01:31.565913943 +0000
@@ -1,28 +1,18 @@
<IfModule mod_proxy.c>
+ #turning ProxyRequests on and allowing proxying from all may allow
+ #spammers to use your proxy to send email.
- # If you want to use apache2 as a forward proxy, uncomment the
- # 'ProxyRequests On' line and the <Proxy *> block below.
- # WARNING: Be careful to restrict access inside the <Proxy *> block.
- # Open proxy servers are dangerous both to your network and to the
- # Internet at large.
- #
- # If you only want to use apache2 as a reverse proxy/gateway in
- # front of some web application server, you DON'T need
- # 'ProxyRequests On'.
+ ProxyRequests Off
- #ProxyRequests On
- #<Proxy *>
- # AddDefaultCharset off
- # Require all denied
- # #Require local
- #</Proxy>
+ <Proxy *>
+ AddDefaultCharset off
+ Require all denied
+ </Proxy>
- # Enable/disable the handling of HTTP/1.1 "Via:" headers.
- # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
- # Set to one of: Off | On | Full | Block
- #ProxyVia Off
+ # Enable/disable the handling of HTTP/1.1 "Via:" headers.
+ # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
+ # Set to one of: Off | On | Full | Block
+ ProxyVia On
</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
* file[/etc/apache2/mods-available/proxy.load] action create (up to date)
* execute[a2enmod proxy] action run
- execute /usr/sbin/a2enmod proxy
Recipe: apache2::mod_proxy_http
* file[/etc/apache2/mods-available/proxy_http.load] action create
- update content in file /etc/apache2/mods-available/proxy_http.load from 70fbaf to ad0b40
--- /etc/apache2/mods-available/proxy_http.load 2014-01-03 14:48:41.000000000 +0000
+++ /etc/apache2/mods-available/.chef-proxy_http20170126-1258-rh5op7.load 2017-01-26 21:01:31.673913943 +0000
@@ -1,3 +1,2 @@
-# Depends: proxy
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
* execute[a2enmod proxy_http] action run
- execute /usr/sbin/a2enmod proxy_http
Recipe: apache2::mod_rewrite
* file[/etc/apache2/mods-available/rewrite.load] action create (up to date)
* execute[a2enmod rewrite] action run
- execute /usr/sbin/a2enmod rewrite
Recipe: rundeck::apache
* execute[a2dissite default.conf] action run (skipped due to only_if)
* execute[a2dissite 000-default.conf] action run (skipped due to only_if)
* template[apache-config] action create
- create new file /etc/apache2/sites-available/rundeck.conf
- update content in file /etc/apache2/sites-available/rundeck.conf from none to 46c937
--- /etc/apache2/sites-available/rundeck.conf 2017-01-26 21:01:31.869913943 +0000
+++ /etc/apache2/sites-available/.chef-rundeck20170126-1258-pnsllj.conf 2017-01-26 21:01:31.869913943 +0000
@@ -1 +1,44 @@
+<VirtualHost *:80>
+ ServerName localhost
+ ServerAdmin rundeck@kitchentest
+
+ ErrorLog /var/log/apache2/rundeck_error.log
+ TransferLog /var/log/apache2/rundeck_access.log
+
+ DocumentRoot /var/www
+ ServerSignature On
+
+ <Proxy *>
+ <IfModule mod_authz_core.c>
+ Require all granted
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ Order deny,allow
+ Allow from all
+ </IfModule>
+ </Proxy>
+
+ ProxyPass / http://localhost:4440/
+ ProxyPassReverse / http://localhost:4440/
+
+ <Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ </Directory>
+ <Location /server-status>
+ SetHandler server-status
+
+ <IfModule mod_authz_core.c>
+ Require ip 127.0.0.1
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ Order deny,allow
+ Deny from all
+ Allow from 127.0.0.1
+ </IfModule>
+
+ </Location>
+
+</VirtualHost>
+
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
* execute[a2ensite rundeck.conf] action run
- execute /usr/sbin/a2ensite rundeck.conf
Recipe: simple_passenger::default
* execute[restart app] action nothing (skipped due to action :nothing)
* execute[stop app] action nothing (skipped due to action :nothing)
* group[passenger group] action create (up to date)
* linux_user[passenger user] action create (up to date)
* directory[app log dir] action create
- create new directory /var/log/better-chef-rundeck
- change mode from '' to '0774'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
Recipe: logrotate::default
* apt_package[logrotate] action install (up to date)
* directory[/etc/logrotate.d] action create (up to date)
Recipe: simple_passenger::default
* template[/etc/logrotate.d/better-chef-rundeck] action create
- create new file /etc/logrotate.d/better-chef-rundeck
- update content in file /etc/logrotate.d/better-chef-rundeck from none to c27ec1
--- /etc/logrotate.d/better-chef-rundeck 2017-01-26 21:01:32.025913943 +0000
+++ /etc/logrotate.d/.chef-better-chef-rundeck20170126-1258-1ijzwai 2017-01-26 21:01:32.025913943 +0000
@@ -1 +1,14 @@
+# This file was generated by Chef for better-chef-rundeck-ubuntu-1404.
+# Do not modify this file by hand!
+
+"/var/log/better-chef-rundeck.log" {
+ daily
+ create 644 rundeck rundeck
+ rotate 7
+ missingok
+ compress
+ delaycompress
+ copytruncate
+ notifempty
+}
- change mode from '' to '0440'
- change owner from '' to 'root'
- change group from '' to 'root'
* directory[pid dir] action create
- create new directory /var/run/better-chef-rundeck
- change mode from '' to '0774'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* directory[app dir] action create
- create new directory /opt/better-chef-rundeck
- change mode from '' to '0774'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* apt_package[git] action install
- install version 1:1.9.1-1ubuntu0.3 of package git
* git[app] action sync
- clone from https://github.com/atheiman/better-chef-rundeck.git into /opt/better-chef-rundeck
- checkout ref b0c2bea40c39133b9813362301b984a86799d625 branch master
* template[passengerfile] action create
- create new file /opt/better-chef-rundeck/Passengerfile.json
- update content in file /opt/better-chef-rundeck/Passengerfile.json from none to 20e8ec
--- /opt/better-chef-rundeck/Passengerfile.json 2017-01-26 21:01:44.833913943 +0000
+++ /opt/better-chef-rundeck/.chef-Passengerfile20170126-1258-1mwi4ye.json 2017-01-26 21:01:44.833913943 +0000
@@ -1 +1,13 @@
+{
+ "daemonize": true,
+ "environment": "production",
+ "envvars": {
+ "BCR_CHEF_CONFIG": "/etc/chef/rundeck.rb"
+ },
+ "log_file": "/var/log/better-chef-rundeck.log",
+ "pid_file": "/var/run/better-chef-rundeck/better-chef-rundeck.pid",
+ "port": 4000,
+ "ruby": "/usr/local/ruby/2.2.5/bin/ruby",
+ "user": "rundeck"
+}
- change mode from '' to '0664'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
Recipe: build-essential::default
* build_essential[install_packages] action install
* apt_package[autoconf, binutils-doc, bison, build-essential, flex, gettext, ncurses-dev] action install (up to date)
(up to date)
Recipe: simple_passenger::default
* apt_package[ruby devel dependencies] action install (up to date)
Recipe: ruby_build::default
* apt_package[tar] action install (up to date)
* apt_package[bash] action install (up to date)
* apt_package[curl] action install
- install version 7.35.0-1ubuntu2.10 of package curl
* apt_package[git-core] action install (skipped due to not_if)
* execute[Install ruby-build] action nothing (skipped due to action :nothing)
* directory[/tmp/kitchen/cache] action create (up to date)
* git[/tmp/kitchen/cache/ruby-build] action checkout
- clone from https://github.com/sstephenson/ruby-build.git into /tmp/kitchen/cache/ruby-build
- checkout ref 3d593941745946a96b46f16ccb87aca9a7bd1014 branch master
* execute[Install ruby-build] action run
- execute ./install.sh
Recipe: simple_passenger::default
* ruby_build_ruby[app ruby version 2.2.5] action install
* execute[ruby-build[2.2.5]] action run
- execute /usr/local/bin/ruby-build "2.2.5" "/usr/local/ruby/2.2.5"
* execute[ruby-build[2.2.5]] action nothing (skipped due to action :nothing)
* gem_package[bundler] action install
- install version ~> 1.12.0 of package bundler
* execute[bundle install] action run
- execute /usr/local/ruby/2.2.5/bin/bundle install --deployment --without development test
* execute[start app] action run
- execute /usr/local/ruby/2.2.5/bin/bundle exec passenger start
Recipe: rundeck::chef_server_config
* template[/etc/chef/rundeck.rb] action create
- create new file /etc/chef/rundeck.rb
- update content in file /etc/chef/rundeck.rb from none to 982a4f
--- /etc/chef/rundeck.rb 2017-01-26 21:08:24.389913943 +0000
+++ /etc/chef/.chef-rundeck20170126-1258-1zgcvy.rb 2017-01-26 21:08:24.385913943 +0000
@@ -1 +1,9 @@
+log_level :info
+log_location STDOUT
+node_name 'chef-rundeck'
+client_key '/etc/chef/rundeck.pem'
+validation_client_name 'chef-validator'
+validation_key '/etc/chef/validation.pem'
+chef_server_url 'http://localhost:8089'
+cache_type 'BasicFile'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* file[/etc/chef/rundeck.pem] action create
- create new file /etc/chef/rundeck.pem
- update content in file /etc/chef/rundeck.pem from none to 4af3a7
--- /etc/chef/rundeck.pem 2017-01-26 21:08:24.413913943 +0000
+++ /etc/chef/.chef-rundeck20170126-1258-1ip8tr6.pem 2017-01-26 21:08:24.413913943 +0000
@@ -1 +1,28 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAufewdB8WpVsSgkuss/EUaB+JYHYCu2nhg/nGb6oqpbmzV1DF
+N7d86xcotCVcJkX4fWWHsO61vGJAZK0+vodp7qBfIpnCPurNqV81zLw6g/grDjqe
+4Ha/U/By++ldNnFjKtKK1zD/xrt9/fUaL+bgDVWugcD5mAh6erH9jf1BTUka0Etl
+wge1B6kvbCbbi4yW2UWgTWIxrKbAtx1WDSjyqLArbwKhvToDYao+4QWOSsSMifC5
+bWgTL/YXtblPrrBx2W09qdT/hSVs2wTn1zM/eZzIQGmKFmhn4J1dvO5tOsgBzlkQ
+i6uTeivecz5/Z5qg+JFHQf5g1/8b1u08M1aPPQIDAQABAoIBAQC0ufunvha59/nS
+2kwqS12zmwJc1hLto4ZgRbsNBeiQShn5/yrKbO1fYpBSEgStxU4qPyNRVYsUWr+N
+l7fkXaEbIIuUCq11i6b2tOqJ31tWqTTejSWdqolhv8le+3l00Vi4Ywg+/QV1Uvys
+cyhR6SNQkjYXLzzg/UxaNOPeu4Jc4ciu6wuvnlqy46LkxMNV0bjb7u10lRwWnwBI
+Ja8bQZsamr8lMEktseHenppIhEnvEs7l1bmaogFJGFUAwskADAWQ07L0vSqLqpQd
+Na5/SKrflkZQjS0mvq7vBQi66ZyXoKfIHVRPuG9o53Az2Nq4SnZyHJvHEx1Hpn6k
+qjkDmFVZAoGBANsAGDSeg0BO9teL0eaD+wH6zA68FxMyYKPpeU908+m5J1ZIyFRK
+tHzBOkQWIuBSRXT+hsT0YJogCwp88Pv+JvHUHrAg/evztWrpsjh/oV3ooyWDJfec
+Vay9KEPacWkRVSNOOxicu8MPaRVknMmOzYgOXNiBakLoP40dhquMgeHzAoGBANli
+51WHQaCBK5yNI2WMWgN+h+/JL5dN0G1Gx5XBmMfV5BFJ9H+7Ig/VUt312/1HAoEu
+g27AaqIvWhnlEuvSuwuthDzevFeAeImsRwFqbrv3mHo8XqHnZTY5UMACdTRThP3E
+0ke5P+8GIEQIG5xLZka+F0adeA00VFEgDe3S3uYPAoGARUdWYO70HlfchntYv09p
+DEtGWjLuKch6AeBN2/DnaDyGUSldFi07w2ts/zTxe30LM+OAxrV4CcmxNHQp182i
+jEXKH3WQXiAOd+/NzUmyxn5dffRrAlWWVLrSDgUAc3hkMnMBBtwuGZq6Z2YYozpl
+knDYtjTaZKgL0pxQidw9CjkCgYAVZrtHnE1Fs/HLM8nsUWj7NxXC8ZeR2cNPPsyf
+XbPg2Jnfadx8RrwPuvyxhWbnBHqmpSGjYaYd2XORYQ//z3tCpw6Bv5vjMW6sfx1u
+cj/8mV+ViSP35IP+Vp4wiQ1o3WAWa64YCZDVw1Ch4fp15KZpCIXaGd6bzi8O3Y0B
+gOUY2QKBgQCNknpg/hLgrIC8x7139xVVG7zad3x0/pcGJpRtqALweDfzkofIgeLj
+Xhgf9I9JYnOUtXlprUnoIkFN0l+Q0x4t0/wMND2fkvR1JI/9KjHLZAwNyCn+Gbt3
+ZfbfscNkrXB6kc47E9XY5T7sokmK3V4+k9Bt1P1RT9WbcSb7QLvqzQ==
+-----END RSA PRIVATE KEY-----
- change mode from '' to '0400'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
Recipe: rundeck::chef-rundeck
* directory[/etc/chef] action create (up to date)
* file[/etc/chef/chef-rundeck.json] action create
- create new file /etc/chef/chef-rundeck.json
- update content in file /etc/chef/chef-rundeck.json from none to 703e90
--- /etc/chef/chef-rundeck.json 2017-01-26 21:08:24.441913943 +0000
+++ /etc/chef/.chef-chef-rundeck20170126-1258-rz0srz.json 2017-01-26 21:08:24.441913943 +0000
@@ -1 +1,9 @@
+{
+ "localhost": {
+ "pattern": "*:*",
+ "username": "rundeck",
+ "hostname": "ipaddress",
+ "attributes": null
+ }
+}
- change mode from '' to '0644'
* chef_gem[chef-rundeck] action upgrade (skipped due to not_if)
* chef_gem[chef-rundeck] action upgrade (up to date)
* chef_gem[sinatra] action install (up to date)
* directory[/var/log/chef-rundeck] action create
- create new directory /var/log/chef-rundeck
- change mode from '' to '0755'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* file[/var/log/chef-rundeck/server.log] action create_if_missing
- create new file /var/log/chef-rundeck/server.log
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* template[/etc/systemd/system/chef-rundeck.service] action create (skipped due to only_if)
* template[/etc/init/chef-rundeck.conf] action create (skipped due to only_if)
Recipe: runit::default
* service[runit] action nothing (skipped due to action :nothing)
* execute[start-runsvdir] action nothing (skipped due to action :nothing)
* apt_package[runit] action install
Recipe: <Dynamically Defined Resource>
* cookbook_file[/tmp/kitchen/cache/preseed/runit/runit-2.1.1-6.2ubuntu3.seed] action create
- create new file /tmp/kitchen/cache/preseed/runit/runit-2.1.1-6.2ubuntu3.seed
- update content in file /tmp/kitchen/cache/preseed/runit/runit-2.1.1-6.2ubuntu3.seed from none to 9c6758
--- /tmp/kitchen/cache/preseed/runit/runit-2.1.1-6.2ubuntu3.seed 2017-01-26 21:08:25.497913943 +0000
+++ /tmp/kitchen/cache/preseed/runit/.chef-runit-220170126-1258-11zhr2t.1.1-6.2ubuntu3.seed 2017-01-26 21:08:25.497913943 +0000
@@ -1 +1,2 @@
+runit runit/signalinit boolean true
- preseed package runit
- install version 2.1.1-6.2ubuntu3 of package runit
* service[chef-rundeck] action nothing (skipped due to action :nothing)
Recipe: rundeck::chef-rundeck
* runit_service[chef-rundeck] action enable
* ruby_block[restart_service] action nothing (skipped due to action :nothing)
* ruby_block[restart_log_service] action nothing (skipped due to action :nothing)
* directory[/etc/sv/chef-rundeck] action create
- create new directory /etc/sv/chef-rundeck
- change mode from '' to '0755'
* template[/etc/sv/chef-rundeck/run] action create
- create new file /etc/sv/chef-rundeck/run
- update content in file /etc/sv/chef-rundeck/run from none to ced7cb
--- /etc/sv/chef-rundeck/run 2017-01-26 21:08:29.205913943 +0000
+++ /etc/sv/chef-rundeck/.chef-run20170126-1258-158gvqq 2017-01-26 21:08:29.205913943 +0000
@@ -1 +1,6 @@
+#!/bin/sh
+exec 2>&1
+exec 1> /var/log/chef-rundeck/server.log
+exec \
+chpst -u rundeck /opt/chef/embedded/bin/chef-rundeck -c /etc/chef/rundeck.rb -f /etc/chef/chef-rundeck.json -w https://chef.kitchentest -o 0.0.0.0 -p 9980 -t 30
- change mode from '' to '0755'
* directory[/etc/sv/chef-rundeck/log] action create
- create new directory /etc/sv/chef-rundeck/log
* directory[/etc/sv/chef-rundeck/log/main] action create
- create new directory /etc/sv/chef-rundeck/log/main
- change mode from '' to '0755'
* directory[/var/log/chef-rundeck] action create (up to date)
* template[/etc/sv/chef-rundeck/log/config] action create
- create new file /etc/sv/chef-rundeck/log/config
- update content in file /etc/sv/chef-rundeck/log/config from none to e3b0c4
(no diff)
- change mode from '' to '0644'
* link[/var/log/chef-rundeck/config] action create
- create symlink at /var/log/chef-rundeck/config to /etc/sv/chef-rundeck/log/config
* template[/etc/sv/chef-rundeck/log/run] action create
- create new file /etc/sv/chef-rundeck/log/run
- update content in file /etc/sv/chef-rundeck/log/run from none to e64148
--- /etc/sv/chef-rundeck/log/run 2017-01-26 21:08:29.253913943 +0000
+++ /etc/sv/chef-rundeck/log/.chef-run20170126-1258-13s4udr 2017-01-26 21:08:29.253913943 +0000
@@ -1 +1,3 @@
+#!/bin/sh
+exec svlogd -tt ./main
- change mode from '' to '0755'
* directory[/etc/sv/chef-rundeck/env] action create
- create new directory /etc/sv/chef-rundeck/env
- change mode from '' to '0755'
* ruby_block[Delete unmanaged env files for chef-rundeck service] action run (skipped due to only_if)
* template[/etc/sv/chef-rundeck/check] action create (skipped due to only_if)
* template[/etc/sv/chef-rundeck/finish] action create (skipped due to only_if)
* directory[/etc/sv/chef-rundeck/control] action create
- create new directory /etc/sv/chef-rundeck/control
- change mode from '' to '0755'
* link[/etc/init.d/chef-rundeck] action create
- create symlink at /etc/init.d/chef-rundeck to /usr/bin/sv
* file[/etc/sv/chef-rundeck/down] action nothing (skipped due to action :nothing)
* ruby_block[restart_service] action run
* ruby_block[restart_service] action nothing (skipped due to action :nothing)
* ruby_block[restart_log_service] action nothing (skipped due to action :nothing)
* directory[/etc/sv/chef-rundeck] action create (up to date)
* template[/etc/sv/chef-rundeck/run] action create (up to date)
* directory[/etc/sv/chef-rundeck/log] action create (up to date)
* directory[/etc/sv/chef-rundeck/log/main] action create (up to date)
* directory[/var/log/chef-rundeck] action create (up to date)
* template[/etc/sv/chef-rundeck/log/config] action create (up to date)
* link[/var/log/chef-rundeck/config] action create (up to date)
* template[/etc/sv/chef-rundeck/log/run] action create (up to date)
* directory[/etc/sv/chef-rundeck/env] action create (up to date)
* ruby_block[Delete unmanaged env files for chef-rundeck service] action run (skipped due to only_if)
* template[/etc/sv/chef-rundeck/check] action create (skipped due to only_if)
* template[/etc/sv/chef-rundeck/finish] action create (skipped due to only_if)
* directory[/etc/sv/chef-rundeck/control] action create (up to date)
* link[/etc/init.d/chef-rundeck] action create (up to date)
* file[/etc/sv/chef-rundeck/down] action nothing (skipped due to action :nothing)
* directory[/etc/service] action create (up to date)
* link[/etc/service/chef-rundeck] action create
- create symlink at /etc/service/chef-rundeck to /etc/sv/chef-rundeck
* ruby_block[wait for chef-rundeck service socket] action run
- execute the ruby block wait for chef-rundeck service socket
- execute the ruby block restart_service
* ruby_block[restart_log_service] action run
* ruby_block[restart_service] action nothing (skipped due to action :nothing)
* ruby_block[restart_log_service] action nothing (skipped due to action :nothing)
* directory[/etc/sv/chef-rundeck] action create (up to date)
* template[/etc/sv/chef-rundeck/run] action create (up to date)
* directory[/etc/sv/chef-rundeck/log] action create (up to date)
* directory[/etc/sv/chef-rundeck/log/main] action create (up to date)
* directory[/var/log/chef-rundeck] action create (up to date)
* template[/etc/sv/chef-rundeck/log/config] action create (up to date)
* link[/var/log/chef-rundeck/config] action create (up to date)
* template[/etc/sv/chef-rundeck/log/run] action create (up to date)
* directory[/etc/sv/chef-rundeck/env] action create (up to date)
* ruby_block[Delete unmanaged env files for chef-rundeck service] action run (skipped due to only_if)
* template[/etc/sv/chef-rundeck/check] action create (skipped due to only_if)
* template[/etc/sv/chef-rundeck/finish] action create (skipped due to only_if)
* directory[/etc/sv/chef-rundeck/control] action create (up to date)
* link[/etc/init.d/chef-rundeck] action create (up to date)
* file[/etc/sv/chef-rundeck/down] action nothing (skipped due to action :nothing)
* directory[/etc/service] action create (up to date)
* link[/etc/service/chef-rundeck] action create (up to date)
* ruby_block[wait for chef-rundeck service socket] action run
- execute the ruby block wait for chef-rundeck service socket
- execute the ruby block restart_log_service
* directory[/etc/service] action create (up to date)
* link[/etc/service/chef-rundeck] action create (up to date)
* ruby_block[wait for chef-rundeck service socket] action run
- execute the ruby block wait for chef-rundeck service socket
* service[chef-rundeck] action start (up to date)
Recipe: rundeck_fixtures::chef_zero
* chef_gem[chef-zero] action install (up to date)
* chef_gem[ridley] action install (up to date)
* execute[server] action run
- execute bin/chef-zero -H localhost -p 8089 -d
* ruby_block[Add test nodes in chef-zero server] action run
- execute the ruby block Add test nodes in chef-zero server
Recipe: rundeck::server_install
* service[rundeck] action nothing (skipped due to action :nothing)
Recipe: apache2::default
* service[apache2] action reload
- reload service service[apache2]
* service[apache2] action restart
- restart service service[apache2]
Recipe: simple_passenger::default
* execute[stop app] action run
- execute /usr/local/ruby/2.2.5/bin/bundle exec passenger stop
* execute[restart app] action run (skipped due to only_if)
Recipe: rundeck::chef-rundeck
* service[chef-rundeck] action restart
- restart service service[chef-rundeck]
Recipe: simple_passenger::default
* execute[start app] action run
- execute /usr/local/ruby/2.2.5/bin/bundle exec passenger start
Running handlers:
Running handlers complete
Deprecated features used!
method access to node attributes (node.foo.bar) is deprecated and will be removed in Chef 13, please use bracket syntax (node["foo"]["bar"]) at 3 locations:
- /tmp/kitchen/cache/cookbooks/ruby_build/attributes/default.rb:32:in `from_file'
- (erubis):47:in `block in evaluate'
- (erubis):183:in `block in evaluate'
See https://docs.chef.io/deprecations_attributes.html for further details.
node.set is deprecated and will be removed in Chef 14, please use node.default/node.override (or node.normal only if you really need persistence) at 4 locations:
- /tmp/kitchen/cache/cookbooks/ruby_build/attributes/default.rb:45:in `from_file'
- /tmp/kitchen/cache/cookbooks/ruby_build/attributes/default.rb:46:in `from_file'
- /tmp/kitchen/cache/cookbooks/ruby_build/attributes/default.rb:47:in `from_file'
- /tmp/kitchen/cache/cookbooks/ruby_build/attributes/default.rb:52:in `from_file'
See https://docs.chef.io/deprecations_attributes.html for further details.
Cloning resource attributes for directory[/var/lib/rundeck] from prior resource
Previous directory[/var/lib/rundeck]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/node_unix.rb:39:in `from_file'
Current directory[/var/lib/rundeck]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/server_install.rb:89:in `from_file' at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/server_install.rb:89:in `from_file'
See https://docs.chef.io/deprecations_resource_cloning.html for further details.
Cloning resource attributes for directory[/var/lib/rundeck/.ssh] from prior resource
Previous directory[/var/lib/rundeck/.ssh]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/node_unix.rb:46:in `from_file'
Current directory[/var/lib/rundeck/.ssh]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/server_install.rb:126:in `from_file' at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/server_install.rb:126:in `from_file'
See https://docs.chef.io/deprecations_resource_cloning.html for further details.
chef_gem[chef-rundeck] chef_gem compile_time installation is deprecated. Please set `compile_time false` on the resource to use the new behavior, or set `compile_time true` on the resource if compile_time behavior is required. at 2 locations:
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:49:in `from_file'
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:55:in `from_file'
See https://docs.chef.io/deprecations_chef_gem_compile_time.html for further details.
Cloning resource attributes for chef_gem[chef-rundeck] from prior resource
Previous chef_gem[chef-rundeck]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:49:in `from_file'
Current chef_gem[chef-rundeck]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:55:in `from_file' at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:55:in `from_file'
See https://docs.chef.io/deprecations_resource_cloning.html for further details.
chef_gem[sinatra] chef_gem compile_time installation is deprecated. Please set `compile_time false` on the resource to use the new behavior, or set `compile_time true` on the resource if compile_time behavior is required. at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:60:in `from_file'
See https://docs.chef.io/deprecations_chef_gem_compile_time.html for further details.
Cloning resource attributes for service[chef-rundeck] from prior resource
Current service[chef-rundeck]: /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:128:in `from_file' at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck/recipes/chef-rundeck.rb:128:in `from_file'
See https://docs.chef.io/deprecations_resource_cloning.html for further details.
chef_gem[chef-zero] chef_gem compile_time installation is deprecated. Please set `compile_time false` on the resource to use the new behavior, or set `compile_time true` on the resource if compile_time behavior is required. at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck_fixtures/recipes/chef_zero.rb:3:in `from_file'
See https://docs.chef.io/deprecations_chef_gem_compile_time.html for further details.
chef_gem[ridley] chef_gem compile_time installation is deprecated. Please set `compile_time false` on the resource to use the new behavior, or set `compile_time true` on the resource if compile_time behavior is required. at 1 location:
- /tmp/kitchen/cache/cookbooks/rundeck_fixtures/recipes/chef_zero.rb:4:in `from_file'
See https://docs.chef.io/deprecations_chef_gem_compile_time.html for further details.
Chef Client finished, 143/299 resources updated in 10 minutes 41 seconds
W, [2017-01-26T21:08:42.123176 #1258] WARN -- : Terminating task: type=:finalizer, meta={:method_name=>:__shutdown__}, status=:receiving
Celluloid::TaskFiber backtrace unavailable. Please try `Celluloid.task_class = Celluloid::TaskThread` if you need backtraces here.
W, [2017-01-26T21:08:42.124375 #1258] WARN -- : Terminating task: type=:finalizer, meta={:method_name=>:__shutdown__}, status=:receiving
Celluloid::TaskFiber backtrace unavailable. Please try `Celluloid.task_class = Celluloid::TaskThread` if you need backtraces here.
W, [2017-01-26T21:08:42.131393 #1258] WARN -- : Terminating task: type=:finalizer, meta={:method_name=>:__shutdown__}, status=:receiving
Celluloid::TaskFiber backtrace unavailable. Please try `Celluloid.task_class = Celluloid::TaskThread` if you need backtraces here.
Finished converging <better-chef-rundeck-ubuntu-1404> (10m52.02s).
-----> Setting up <better-chef-rundeck-ubuntu-1404>...
Finished setting up <better-chef-rundeck-ubuntu-1404> (0m0.00s).
-----> Verifying <better-chef-rundeck-ubuntu-1404>...
Preparing files for transfer
-----> Installing Busser (busser)
Fetching: thor-0.19.0.gem
Fetching: thor-0.19.0.gem ( 3%)
Fetching: thor-0.19.0.gem ( 6%)
Fetching: thor-0.19.0.gem ( 9%)
Fetching: thor-0.19.0.gem ( 12%)
Fetching: thor-0.19.0.gem ( 15%)
Fetching: thor-0.19.0.gem ( 17%)
Fetching: thor-0.19.0.gem ( 20%)
Fetching: thor-0.19.0.gem ( 23%)
Fetching: thor-0.19.0.gem ( 26%)
Fetching: thor-0.19.0.gem ( 29%)
Fetching: thor-0.19.0.gem ( 32%)
Fetching: thor-0.19.0.gem ( 35%)
Fetching: thor-0.19.0.gem ( 53%)
Fetching: thor-0.19.0.gem ( 71%)
Fetching: thor-0.19.0.gem ( 89%)
Fetching: thor-0.19.0.gem (100%)
Fetching: thor-0.19.0.gem (100%)
Successfully installed thor-0.19.0
Fetching: busser-0.7.1.gem
Fetching: busser-0.7.1.gem ( 64%)
Fetching: busser-0.7.1.gem (100%)
Fetching: busser-0.7.1.gem (100%)
Successfully installed busser-0.7.1
2 gems installed
Installing Busser plugins: busser-serverspec
Plugin serverspec installed (version 0.5.10)
-----> Running postinstall for serverspec plugin
Suite path directory /tmp/verifier/suites does not exist, skipping.
Transferring files to <better-chef-rundeck-ubuntu-1404>
-----> Running serverspec test suite
-----> Installing Serverspec..
Fetching: diff-lcs-1.3.gem
Fetching: diff-lcs-1.3.gem ( 5%)
Fetching: diff-lcs-1.3.gem ( 11%)
Fetching: diff-lcs-1.3.gem ( 17%)
Fetching: diff-lcs-1.3.gem ( 23%)
Fetching: diff-lcs-1.3.gem ( 28%)
Fetching: diff-lcs-1.3.gem ( 34%)
Fetching: diff-lcs-1.3.gem ( 40%)
Fetching: diff-lcs-1.3.gem ( 46%)
Fetching: diff-lcs-1.3.gem ( 52%)
Fetching: diff-lcs-1.3.gem ( 58%)
Fetching: diff-lcs-1.3.gem ( 64%)
Fetching: diff-lcs-1.3.gem ( 70%)
Fetching: diff-lcs-1.3.gem (100%)
Fetching: diff-lcs-1.3.gem (100%)
Fetching: rspec-expectations-3.5.0.gem
Fetching: rspec-expectations-3.5.0.gem ( 21%)
Fetching: rspec-expectations-3.5.0.gem ( 42%)
Fetching: rspec-expectations-3.5.0.gem ( 63%)
Fetching: rspec-expectations-3.5.0.gem ( 84%)
Fetching: rspec-expectations-3.5.0.gem (100%)
Fetching: rspec-expectations-3.5.0.gem (100%)
Fetching: rspec-mocks-3.5.0.gem
Fetching: rspec-mocks-3.5.0.gem ( 21%)
Fetching: rspec-mocks-3.5.0.gem ( 42%)
Fetching: rspec-mocks-3.5.0.gem ( 63%)
Fetching: rspec-mocks-3.5.0.gem ( 85%)
Fetching: rspec-mocks-3.5.0.gem (100%)
Fetching: rspec-mocks-3.5.0.gem (100%)
Fetching: rspec-3.5.0.gem
Fetching: rspec-3.5.0.gem (100%)
Fetching: rspec-3.5.0.gem (100%)
Fetching: rspec-its-1.2.0.gem
Fetching: rspec-its-1.2.0.gem (100%)
Fetching: rspec-its-1.2.0.gem (100%)
Fetching: multi_json-1.12.1.gem
Fetching: multi_json-1.12.1.gem ( 60%)
Fetching: multi_json-1.12.1.gem (100%)
Fetching: multi_json-1.12.1.gem (100%)
Fetching: net-ssh-4.0.1.gem
Fetching: net-ssh-4.0.1.gem ( 13%)
Fetching: net-ssh-4.0.1.gem ( 26%)
Fetching: net-ssh-4.0.1.gem ( 40%)
Fetching: net-ssh-4.0.1.gem ( 53%)
Fetching: net-ssh-4.0.1.gem ( 66%)
Fetching: net-ssh-4.0.1.gem ( 80%)
Fetching: net-ssh-4.0.1.gem ( 93%)
Fetching: net-ssh-4.0.1.gem (100%)
Fetching: net-ssh-4.0.1.gem (100%)
Fetching: net-scp-1.2.1.gem
Fetching: net-scp-1.2.1.gem ( 48%)
Fetching: net-scp-1.2.1.gem ( 98%)
Fetching: net-scp-1.2.1.gem (100%)
Fetching: net-scp-1.2.1.gem (100%)
Fetching: net-telnet-0.1.1.gem
Fetching: net-telnet-0.1.1.gem ( 92%)
Fetching: net-telnet-0.1.1.gem (100%)
Fetching: net-telnet-0.1.1.gem (100%)
Fetching: sfl-2.3.gem
Fetching: sfl-2.3.gem (100%)
Fetching: sfl-2.3.gem (100%)
Fetching: specinfra-2.66.6.gem
Fetching: specinfra-2.66.6.gem ( 19%)
Fetching: specinfra-2.66.6.gem ( 39%)
Fetching: specinfra-2.66.6.gem ( 58%)
Fetching: specinfra-2.66.6.gem ( 78%)
Fetching: specinfra-2.66.6.gem ( 98%)
Fetching: specinfra-2.66.6.gem (100%)
Fetching: specinfra-2.66.6.gem (100%)
Fetching: serverspec-2.38.0.gem
Fetching: serverspec-2.38.0.gem ( 5%)
Fetching: serverspec-2.38.0.gem ( 12%)
Fetching: serverspec-2.38.0.gem ( 19%)
Fetching: serverspec-2.38.0.gem ( 27%)
Fetching: serverspec-2.38.0.gem ( 34%)
Fetching: serverspec-2.38.0.gem ( 40%)
Fetching: serverspec-2.38.0.gem ( 47%)
Fetching: serverspec-2.38.0.gem ( 54%)
Fetching: serverspec-2.38.0.gem ( 62%)
Fetching: serverspec-2.38.0.gem ( 69%)
Fetching: serverspec-2.38.0.gem ( 76%)
Fetching: serverspec-2.38.0.gem ( 82%)
Fetching: serverspec-2.38.0.gem ( 89%)
Fetching: serverspec-2.38.0.gem ( 97%)
Fetching: serverspec-2.38.0.gem (100%)
Fetching: serverspec-2.38.0.gem (100%)
-----> serverspec installed (version 2.38.0)
/opt/chef/embedded/bin/ruby -I/tmp/verifier/suites/serverspec -I/tmp/verifier/gems/gems/rspec-support-3.5.0/lib:/tmp/verifier/gems/gems/rspec-core-3.5.4/lib /opt/chef/embedded/bin/rspec --pattern /tmp/verifier/suites/serverspec/\*\*/\*_spec.rb --color --format documentation --default-path /tmp/verifier/suites/serverspec
better-chef-rundeck
when request is made to server
 is up and running
when request is made to server with '*:*' search query
 returns all nodes from chef server
when request is made to server with specific search query
 returns nodes which satisfies search query
Finished in 0.06029 seconds (files took 0.64496 seconds to load)
3 examples, 0 failures
Finished verifying <better-chef-rundeck-ubuntu-1404> (0m8.89s).
-----> Destroying <better-chef-rundeck-ubuntu-1404>...
==> default: Forcing shutdown of VM...
==> default: Destroying VM and associated drives...
Vagrant instance <better-chef-rundeck-ubuntu-1404> destroyed.
Finished destroying <better-chef-rundeck-ubuntu-1404> (0m4.41s).
Finished testing <better-chef-rundeck-ubuntu-1404> (11m37.58s).
-----> Cleaning up any prior instances of <better-chef-rundeck-ubuntu-1604>
-----> Destroying <better-chef-rundeck-ubuntu-1604>...
Finished destroying <better-chef-rundeck-ubuntu-1604> (0m0.00s).
-----> Testing <better-chef-rundeck-ubuntu-1604>
-----> Creating <better-chef-rundeck-ubuntu-1604>...
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'bento/ubuntu-16.04'...
Progress: 10%
Progress: 20%
Progress: 30%
Progress: 40%
Progress: 50%
Progress: 60%
Progress: 70%
Progress: 90%
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'bento/ubuntu-16.04' is up to date...
==> default: Setting the name of the VM: kitchen-rundeck-better-chef-rundeck-ubuntu-1604_default_1485464948068_88406
==> default: Fixed port collision for 22 => 2222. Now on port 2200.
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
==> default: Forwarding ports...
default: 22 (guest) => 2200 (host) (adapter 1)
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2200
default: SSH username: vagrant
default: SSH auth method: private key
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: The guest additions on this VM do not match the installed version of
default: VirtualBox! In most cases this is fine, but in rare cases it can
default: prevent things such as shared folders from working properly. If you see
default: shared folder errors, please make sure the guest additions within the
default: virtual machine match the version of VirtualBox you have installed on
default: your host and reload your VM.
default:
default: Guest Additions Version: 5.1.10
default: VirtualBox Version: 5.0
==> default: Setting hostname...
==> default: Mounting shared folders...
default: /tmp/omnibus/cache => /Users/sg045734/.kitchen/cache
==> default: Machine not provisioned because `--no-provision` is specified.
[SSH] Established
Vagrant instance <better-chef-rundeck-ubuntu-1604> created.
Finished creating <better-chef-rundeck-ubuntu-1604> (0m34.68s).
-----> Converging <better-chef-rundeck-ubuntu-1604>...
Preparing files for transfer
Preparing dna.json
Resolving cookbook dependencies with Berkshelf 4.3.5...
Removing non-cookbook files before transfer
Preparing data_bags
Preparing validation.pem
Preparing client.rb
-----> Installing Chef Omnibus (install only if missing)
Downloading https://omnitruck.chef.io/install.sh to file /tmp/install.sh
Trying wget...
Download complete.
ubuntu 16.04 x86_64
Getting information for chef stable for ubuntu...
downloading https://omnitruck.chef.io/stable/chef/metadata?v=&p=ubuntu&pv=16.04&m=x86_64
to file /tmp/install.sh.1505/metadata.txt
trying wget...
sha1 a8c749bfde759692abdd98ae1b841ad089fe5461
sha256 4fdabf0ae37c999795bef5e97133c1b78182129edec28c17ccf9ca6661dcc754
url https://packages.chef.io/files/stable/chef/12.18.31/ubuntu/16.04/chef_12.18.31-1_amd64.deb
version 12.18.31
downloaded metadata file looks valid...
/tmp/omnibus/cache/chef_12.18.31-1_amd64.deb already exists, verifiying checksum...
Comparing checksum with sha256sum...
checksum compare succeeded, using existing file!
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
You are installing an omnibus package without a version pin. If you are installing
on production servers via an automated process this is DANGEROUS and you will
be upgraded without warning on new releases, even to new major releases.
Letting the version float is only appropriate in desktop, test, development or
CI/CD environments.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
Installing chef
installing with dpkg...
Selecting previously unselected package chef.
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 37814 files and directories currently installed.)
Preparing to unpack .../chef_12.18.31-1_amd64.deb ...
Unpacking chef (12.18.31-1) ...
Setting up chef (12.18.31-1) ...
Thank you for installing Chef!
Transferring files to <better-chef-rundeck-ubuntu-1604>
Starting Chef Client, version 12.18.31
Creating a new client identity for better-chef-rundeck-ubuntu-1604 using the validator key.
resolving cookbooks for run list: ["apt", "rundeck_fixtures", "rundeck::server", "rundeck::chef-rundeck", "rundeck_fixtures::chef_zero"]
Synchronizing Cookbooks:
- rundeck_fixtures (0.0.1)
- apt (5.0.1)
- compat_resource (12.16.3)
- rundeck (3.2.0)
- build-essential (7.0.3)
- runit (3.0.5)
- sudo (3.3.1)
- java (1.46.0)
- seven_zip (2.0.2)
- java-libraries (0.2.0)
- simple_passenger (0.4.3)
- apache2 (3.2.2)
- mingw (1.2.5)
- packagecloud (0.2.5)
- yum-epel (2.1.1)
- homebrew (3.0.0)
- windows (2.1.1)
- logrotate (1.9.2)
- ohai (4.2.3)
- ruby_build (0.8.0)
Installing Cookbook Gems:
Compiling Cookbooks...
[2017-01-26T21:09:49+00:00] WARN: Chef::Provider::AptRepository already exists! Cannot create deprecation class for LWRP provider apt_repository from cookbook apt
[2017-01-26T21:09:49+00:00] WARN: AptRepository already exists! Deprecation class overwrites Custom resource apt_repository from cookbook apt
chef-rundeck url: http://chef.kitchentest:9980
Recipe: build-essential::default
* build_essential[install_packages] action install
* apt_package[autoconf, binutils-doc, bison, build-essential, flex, gettext, ncurses-dev] action install
- install version 2.69-9 of package autoconf
- install version 2.26.1-1ubuntu1~16.04.3 of package binutils-doc
- install version 2:3.0.4.dfsg-1 of package bison
- install version 12.1ubuntu2 of package build-essential
- install version 2.6.0-11 of package flex
- install version 0.19.7-2ubuntu3 of package gettext
- install version 6.0+20160213-1ubuntu1 of package ncurses-dev
Recipe: rundeck::chef-rundeck
* chef_gem[chef-rundeck] action upgrade (skipped due to not_if)
* chef_gem[chef-rundeck] action upgrade
- upgrade package chef-rundeck from uninstalled to 2.2.0
* chef_gem[sinatra] action install (up to date)
Recipe: rundeck_fixtures::chef_zero
* chef_gem[chef-zero] action install (up to date)
* chef_gem[ridley] action install
- install version 5.1.0 of package ridley
Converging 193 resources
Recipe: apt::default
* file[/var/lib/apt/periodic/update-success-stamp] action nothing (skipped due to action :nothing)
* apt_update[periodic] action periodic
- update new lists of packages
* directory[/var/lib/apt/periodic] action create (up to date)
* directory[/etc/apt/apt.conf.d] action create (up to date)
* file[/etc/apt/apt.conf.d/15update-stamp] action create_if_missing (up to date)
* execute[apt-get -q update] action run
- execute apt-get -q update
* execute[apt-get update] action nothing (skipped due to action :nothing)
* execute[apt-get autoremove] action nothing (skipped due to action :nothing)
* execute[apt-get autoclean] action nothing (skipped due to action :nothing)
* directory[/var/cache/local] action create
- create new directory /var/cache/local
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
* directory[/var/cache/local/preseeding] action create
- create new directory /var/cache/local/preseeding
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
* template[/etc/apt/apt.conf.d/10recommends] action create
- create new file /etc/apt/apt.conf.d/10recommends
- update content in file /etc/apt/apt.conf.d/10recommends from none to f41e1d
--- /etc/apt/apt.conf.d/10recommends 2017-01-26 21:10:19.633296946 +0000
+++ /etc/apt/apt.conf.d/.chef-10recommends20170126-1591-1lxynev 2017-01-26 21:10:19.633296946 +0000
@@ -1 +1,4 @@
+# Managed by Chef
+APT::Install-Recommends "1";
+APT::Install-Suggests "0";
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
* apt_package[apt-transport-https] action install (up to date)
Recipe: rundeck_fixtures::default
* directory[/etc/chef/] action create
- create new directory /etc/chef/
Recipe: java::notify
* log[jdk-version-changed] action nothing (skipped due to action :nothing)
Recipe: java::openjdk
* apt_repository[openjdk-r-ppa] action add
* execute[apt-cache gencaches] action nothing (skipped due to action :nothing)
* apt_update[openjdk-r-ppa] action nothing (skipped due to action :nothing)
* execute[install-key DA1A4A13543B466853BAF164EB9B1D8886F44E2A] action run
- execute apt-key adv --recv --keyserver hkp://keyserver.ubuntu.com:80 DA1A4A13543B466853BAF164EB9B1D8886F44E2A
* execute[apt-cache gencaches] action run
- execute apt-cache gencaches
* file[/etc/apt/sources.list.d/openjdk-r-ppa.list] action create
- create new file /etc/apt/sources.list.d/openjdk-r-ppa.list
- update content in file /etc/apt/sources.list.d/openjdk-r-ppa.list from none to 7c008e
--- /etc/apt/sources.list.d/openjdk-r-ppa.list 2017-01-26 21:10:21.070014894 +0000
+++ /etc/apt/sources.list.d/.chef-openjdk-r-ppa20170126-1591-138wt11.list 2017-01-26 21:10:21.070014894 +0000
@@ -1 +1,2 @@
+deb "http://ppa.launchpad.net/openjdk-r/ppa/ubuntu" xenial main
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
* execute[apt-cache gencaches] action run
- execute apt-cache gencaches
* apt_update[openjdk-r-ppa] action update
- force update new lists of packages
* directory[/var/lib/apt/periodic] action create (up to date)
* directory[/etc/apt/apt.conf.d] action create (up to date)
* file[/etc/apt/apt.conf.d/15update-stamp] action create_if_missing (up to date)
* execute[apt-get -q update] action run
- execute apt-get -q update
* apt_package[openjdk-7-jdk] action install
- install version 7u95-2.6.4-3 of package openjdk-7-jdk
Recipe: java::notify
* log[jdk-version-changed] action write
Recipe: java::openjdk
* apt_package[openjdk-7-jre-headless] action install (up to date)
* java_alternatives[set-java-alternatives] action set
- Removing alternative for appletviewer with old prio
- Add alternative for appletviewer
- Removing alternative for extcheck with old prio
- Add alternative for extcheck
- Removing alternative for idlj with old prio
- Add alternative for idlj
- Removing alternative for jar with old prio
- Add alternative for jar
- Removing alternative for jarsigner with old prio
- Add alternative for jarsigner
- Add alternative for java
- Removing alternative for javac with old prio
- Add alternative for javac
- Removing alternative for javadoc with old prio
- Add alternative for javadoc
- Removing alternative for javah with old prio
- Add alternative for javah
- Removing alternative for javap with old prio
- Add alternative for javap
- Removing alternative for jcmd with old prio
- Add alternative for jcmd
- Removing alternative for jconsole with old prio
- Add alternative for jconsole
- Removing alternative for jdb with old prio
- Add alternative for jdb
- Removing alternative for jhat with old prio
- Add alternative for jhat
- Removing alternative for jinfo with old prio
- Add alternative for jinfo
- Removing alternative for jmap with old prio
- Add alternative for jmap
- Removing alternative for jps with old prio
- Add alternative for jps
- Removing alternative for jrunscript with old prio
- Add alternative for jrunscript
- Removing alternative for jsadebugd with old prio
- Add alternative for jsadebugd
- Removing alternative for jstack with old prio
- Add alternative for jstack
- Removing alternative for jstat with old prio
- Add alternative for jstat
- Removing alternative for jstatd with old prio
- Add alternative for jstatd
- Add alternative for keytool
- Removing alternative for native2ascii with old prio
- Add alternative for native2ascii
- Add alternative for orbd
- Add alternative for pack200
- Add alternative for policytool
- Removing alternative for rmic with old prio
- Add alternative for rmic
- Add alternative for rmid
- Add alternative for rmiregistry
- Removing alternative for schemagen with old prio
- Add alternative for schemagen
- Removing alternative for serialver with old prio
- Add alternative for serialver
- Add alternative for servertool
- Add alternative for tnameserv
- Add alternative for unpack200
- Removing alternative for wsgen with old prio
- Add alternative for wsgen
- Removing alternative for wsimport with old prio
- Add alternative for wsimport
- Removing alternative for xjc with old prio
- Add alternative for xjc
Recipe: java::default_java_symlink
* link[/usr/lib/jvm/default-java] action create
- create symlink at /usr/lib/jvm/default-java to /usr/lib/jvm/java-7-openjdk-amd64
Recipe: java::set_java_home
* ruby_block[set-env-java-home] action run
- execute the ruby block set-env-java-home
* directory[/etc/profile.d] action create (up to date)
* template[/etc/profile.d/jdk.sh] action create
- create new file /etc/profile.d/jdk.sh
- update content in file /etc/profile.d/jdk.sh from none to 6db9b5
--- /etc/profile.d/jdk.sh 2017-01-26 21:13:13.039956000 +0000
+++ /etc/profile.d/.chef-jdk20170126-1591-jlljgk.sh 2017-01-26 21:13:13.039956000 +0000
@@ -1 +1,2 @@
+export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64
- change mode from '' to '0755'
Recipe: rundeck::node_unix
* group[rundeck] action create
- create group rundeck
* linux_user[rundeck] action create
- create user rundeck
* directory[/var/lib/rundeck] action create
- create new directory /var/lib/rundeck
- change mode from '' to '0700'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* directory[/var/lib/rundeck/.ssh] action create
- create new directory /var/lib/rundeck/.ssh
- change mode from '' to '0700'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* file[/var/lib/rundeck/.ssh/authorized_keys] action create
- create new file /var/lib/rundeck/.ssh/authorized_keys
- update content in file /var/lib/rundeck/.ssh/authorized_keys from none to 8d07c3
--- /var/lib/rundeck/.ssh/authorized_keys 2017-01-26 21:13:13.188030000 +0000
+++ /var/lib/rundeck/.ssh/.chef-authorized_keys20170126-1591-1hw8b7r 2017-01-26 21:13:13.188030000 +0000
@@ -1 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC597B0HxalWxKCS6yz8RRoH4lgdgK7aeGD+cZvqiqlubNXUMU3t3zrFyi0JVwmRfh9ZYew7rW8YkBkrT6+h2nuoF8imcI+6s2pXzXMvDqD+CsOOp7gdr9T8HL76V02cWMq0orXMP/Gu3399Rov5uANVa6BwPmYCHp6sf2N/UFNSRrQS2XCB7UHqS9sJtuLjJbZRaBNYjGspsC3HVYNKPKosCtvAqG9OgNhqj7hBY5KxIyJ8LltaBMv9he1uU+usHHZbT2p1P+FJWzbBOfXMz95nMhAaYoWaGfgnV287m06yAHOWRCLq5N6K95zPn9nmqD4kUdB/mDX/xvW7TwzVo89 rundeck keys
- change mode from '' to '0600'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* sudo[rundeck-admin] action install[2017-01-26T21:13:13+00:00] WARN: rundeck-admin will be rendered, but will not take effect because node['authorization']['sudo']['include_sudoers_d'] is set to false!
* template[/etc/sudoers.d/rundeck-admin] action create
- create new file /etc/sudoers.d/rundeck-admin
- update content in file /etc/sudoers.d/rundeck-admin from none to 4e3ea1
--- /etc/sudoers.d/rundeck-admin 2017-01-26 21:13:13.240056000 +0000
+++ /etc/sudoers.d/.chef-rundeck-admin20170126-1591-19l7fw0 2017-01-26 21:13:13.240056000 +0000
@@ -1 +1,9 @@
+# This file is managed by Chef.
+# Do NOT modify this file directly.
+
+
+
+
+rundeck ALL=(ALL) NOPASSWD:ALL
+
- change mode from '' to '0440'
- change owner from '' to 'root'
- change group from '' to 'root'
* template[/etc/sudoers.d/rundeck-admin] action nothing (skipped due to action :nothing)
Recipe: rundeck::server_install
* remote_file[/tmp/kitchen/cache/rundeck-2.6.11-1-GA.deb] action create
- create new file /tmp/kitchen/cache/rundeck-2.6.11-1-GA.deb
- update content in file /tmp/kitchen/cache/rundeck-2.6.11-1-GA.deb from none to 93e98a
(file sizes exceed 10000000 bytes, diff output suppressed)
- change mode from '' to '0644'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* apt_package[http://download.rundeck.org/deb/rundeck-2.6.11-1-GA.deb] action install
- install version 2.6.11 of package http://download.rundeck.org/deb/rundeck-2.6.11-1-GA.deb
* service[rundeck] action nothing (skipped due to action :nothing)
* directory[/var/lib/rundeck] action create (up to date)
* directory[/var/lib/rundeck/logs] action create
- change group from 'adm' to 'rundeck'
* directory[/var/lib/rundeck/projects] action create
- create new directory /var/lib/rundeck/projects
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* directory[/var/lib/rundeck/.chef] action create
- create new directory /var/lib/rundeck/.chef
- change mode from '' to '0700'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* template[/var/lib/rundeck/.chef/knife.rb] action create
- create new file /var/lib/rundeck/.chef/knife.rb
- update content in file /var/lib/rundeck/.chef/knife.rb from none to e68e7d
--- /var/lib/rundeck/.chef/knife.rb 2017-01-26 21:13:46.528692000 +0000
+++ /var/lib/rundeck/.chef/.chef-knife20170126-1591-1iwpm76.rb 2017-01-26 21:13:46.528692000 +0000
@@ -1 +1,11 @@
+log_level :info
+log_location STDOUT
+node_name 'rundeck'
+client_key '/var/lib/rundeck/.chef/rundeck.pem'
+validation_client_name 'chef-validator'
+validation_key '/var/lib/rundeck/.chef/chef-validator.pem'
+chef_server_url 'http://localhost:8089'
+cache_type 'BasicFile'
+cache_options( :path => '/var/lib/rundeck/.chef/checksums' )
+cookbook_path [ './cookbooks', './site-cookbooks' ]
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* directory[/var/lib/rundeck/.ssh] action create (up to date)
* file[/var/lib/rundeck/.ssh/id_rsa] action create
- create new file /var/lib/rundeck/.ssh/id_rsa
- update content in file /var/lib/rundeck/.ssh/id_rsa from none to 4af3a7
--- /var/lib/rundeck/.ssh/id_rsa 2017-01-26 21:13:46.544699999 +0000
+++ /var/lib/rundeck/.ssh/.chef-id_rsa20170126-1591-1nulejv 2017-01-26 21:13:46.544699999 +0000
@@ -1 +1,28 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAufewdB8WpVsSgkuss/EUaB+JYHYCu2nhg/nGb6oqpbmzV1DF
+N7d86xcotCVcJkX4fWWHsO61vGJAZK0+vodp7qBfIpnCPurNqV81zLw6g/grDjqe
+4Ha/U/By++ldNnFjKtKK1zD/xrt9/fUaL+bgDVWugcD5mAh6erH9jf1BTUka0Etl
+wge1B6kvbCbbi4yW2UWgTWIxrKbAtx1WDSjyqLArbwKhvToDYao+4QWOSsSMifC5
+bWgTL/YXtblPrrBx2W09qdT/hSVs2wTn1zM/eZzIQGmKFmhn4J1dvO5tOsgBzlkQ
+i6uTeivecz5/Z5qg+JFHQf5g1/8b1u08M1aPPQIDAQABAoIBAQC0ufunvha59/nS
+2kwqS12zmwJc1hLto4ZgRbsNBeiQShn5/yrKbO1fYpBSEgStxU4qPyNRVYsUWr+N
+l7fkXaEbIIuUCq11i6b2tOqJ31tWqTTejSWdqolhv8le+3l00Vi4Ywg+/QV1Uvys
+cyhR6SNQkjYXLzzg/UxaNOPeu4Jc4ciu6wuvnlqy46LkxMNV0bjb7u10lRwWnwBI
+Ja8bQZsamr8lMEktseHenppIhEnvEs7l1bmaogFJGFUAwskADAWQ07L0vSqLqpQd
+Na5/SKrflkZQjS0mvq7vBQi66ZyXoKfIHVRPuG9o53Az2Nq4SnZyHJvHEx1Hpn6k
+qjkDmFVZAoGBANsAGDSeg0BO9teL0eaD+wH6zA68FxMyYKPpeU908+m5J1ZIyFRK
+tHzBOkQWIuBSRXT+hsT0YJogCwp88Pv+JvHUHrAg/evztWrpsjh/oV3ooyWDJfec
+Vay9KEPacWkRVSNOOxicu8MPaRVknMmOzYgOXNiBakLoP40dhquMgeHzAoGBANli
+51WHQaCBK5yNI2WMWgN+h+/JL5dN0G1Gx5XBmMfV5BFJ9H+7Ig/VUt312/1HAoEu
+g27AaqIvWhnlEuvSuwuthDzevFeAeImsRwFqbrv3mHo8XqHnZTY5UMACdTRThP3E
+0ke5P+8GIEQIG5xLZka+F0adeA00VFEgDe3S3uYPAoGARUdWYO70HlfchntYv09p
+DEtGWjLuKch6AeBN2/DnaDyGUSldFi07w2ts/zTxe30LM+OAxrV4CcmxNHQp182i
+jEXKH3WQXiAOd+/NzUmyxn5dffRrAlWWVLrSDgUAc3hkMnMBBtwuGZq6Z2YYozpl
+knDYtjTaZKgL0pxQidw9CjkCgYAVZrtHnE1Fs/HLM8nsUWj7NxXC8ZeR2cNPPsyf
+XbPg2Jnfadx8RrwPuvyxhWbnBHqmpSGjYaYd2XORYQ//z3tCpw6Bv5vjMW6sfx1u
+cj/8mV+ViSP35IP+Vp4wiQ1o3WAWa64YCZDVw1Ch4fp15KZpCIXaGd6bzi8O3Y0B
+gOUY2QKBgQCNknpg/hLgrIC8x7139xVVG7zad3x0/pcGJpRtqALweDfzkofIgeLj
+Xhgf9I9JYnOUtXlprUnoIkFN0l+Q0x4t0/wMND2fkvR1JI/9KjHLZAwNyCn+Gbt3
+ZfbfscNkrXB6kc47E9XY5T7sokmK3V4+k9Bt1P1RT9WbcSb7QLvqzQ==
+-----END RSA PRIVATE KEY-----
- change mode from '' to '0600'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* cookbook_file[/var/lib/rundeck/libext/rundeck-winrm-plugin-1.3.3.jar] action create
- create new file /var/lib/rundeck/libext/rundeck-winrm-plugin-1.3.3.jar
- update content in file /var/lib/rundeck/libext/rundeck-winrm-plugin-1.3.3.jar from none to dac572
(new content is binary, diff output suppressed)
- change mode from '' to '0644'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* template[/var/lib/rundeck/exp/webapp/WEB-INF/web.xml] action create
- update content in file /var/lib/rundeck/exp/webapp/WEB-INF/web.xml from 4b249b to 5e6953
--- /var/lib/rundeck/exp/webapp/WEB-INF/web.xml 2016-11-15 21:52:08.000000000 +0000
+++ /var/lib/rundeck/exp/webapp/WEB-INF/.chef-web20170126-1591-114i7b.xml 2017-01-26 21:13:46.684770000 +0000
@@ -20,9 +20,19 @@
<filter-name>instrumentedFilter</filter-name>
<filter-class>com.codahale.metrics.servlet.InstrumentedFilter</filter-class>
</filter>
+ <filter>
+ <filter-name>AssetPipelineFilter</filter-name>
+ <filter-class>asset.pipeline.AssetPipelineFilter</filter-class>
+ </filter>
<security-role>
<role-name>user</role-name>
</security-role>
+ <security-role>
+ <role-name>superusers</role-name>
+ </security-role>
+ <security-role>
+ <role-name>run_only_users</role-name>
+ </security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Login</web-resource-name>
@@ -216,24 +226,24 @@
<servlet-class>org.codehaus.groovy.grails.web.pages.GroovyPagesServlet</servlet-class>
</servlet>
<servlet>
- <servlet-name>grails-errorhandler</servlet-name>
- <servlet-class>org.codehaus.groovy.grails.web.servlet.ErrorHandlingServlet</servlet-class>
- </servlet>
- <servlet>
<servlet-name>metrics-admin-servlet</servlet-name>
<servlet-class>org.grails.plugins.metricsweb.DisablingAdminServlet</servlet-class>
</servlet>
+ <servlet>
+ <servlet-name>grails-errorhandler</servlet-name>
+ <servlet-class>org.codehaus.groovy.grails.web.servlet.ErrorHandlingServlet</servlet-class>
+ </servlet>
<servlet-mapping>
<servlet-name>gsp</servlet-name>
<url-pattern>*.gsp</url-pattern>
</servlet-mapping>
<servlet-mapping>
- <servlet-name>grails-errorhandler</servlet-name>
- <url-pattern>/grails-errorhandler</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
<servlet-name>metrics-admin-servlet</servlet-name>
<url-pattern>/metrics/*</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>grails-errorhandler</servlet-name>
+ <url-pattern>/grails-errorhandler</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>grails</servlet-name>
- change owner from 'root' to 'rundeck'
- change group from 'root' to 'rundeck'
* template[/etc/rundeck/jaas-activedirectory.conf] action create
- create new file /etc/rundeck/jaas-activedirectory.conf
- update content in file /etc/rundeck/jaas-activedirectory.conf from none to e2b9a2
--- /etc/rundeck/jaas-activedirectory.conf 2017-01-26 21:13:46.708782000 +0000
+++ /etc/rundeck/.chef-jaas-activedirectory20170126-1591-kl6t58.conf 2017-01-26 21:13:46.708782000 +0000
@@ -1 +1,28 @@
+activedirectory {
+ com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule sufficient
+ debug="true"
+ contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
+ providerUrl="ldap://servername:389"
+ bindDn="CN=binddn,dc=domain,dc=com"
+ bindPassword="BINDPWD"
+ authenticationMethod="simple"
+ forceBindingLogin="true"
+ userBaseDn="ou=Users,dc=domain,dc=com"
+ userRdnAttribute="cn"
+ userIdAttribute="uid"
+ userPasswordAttribute="userPassword"
+ userObjectClass="inetOrgPerson"
+ roleBaseDn="ou=Groups,dc=domain,dc=com"
+ roleNameAttribute="cn"
+ roleMemberAttribute="uniqueMember"
+ roleObjectClass="groupOfUniqueNames"
+ rolePrefix="rundeck-"
+ cacheDurationMillis="300000"
+ supplementalRoles="user"
+ reportStatistics="true";
+
+ org.eclipse.jetty.plus.jaas.spi.PropertyFileLoginModule required
+ debug="true"
+ file="/etc/rundeck/realm.properties";
+};
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* template[/etc/rundeck/profile] action create
- update content in file /etc/rundeck/profile from bd6054 to a34edf
--- /etc/rundeck/profile 2016-11-15 22:00:37.000000000 +0000
+++ /etc/rundeck/.chef-profile20170126-1591-pykrxv 2017-01-26 21:13:46.728792000 +0000
@@ -1,3 +1,6 @@
+RDECK_HOME=/var/lib/rundeck
+export RDECK_HOME
+
RDECK_BASE=/var/lib/rundeck
export RDECK_BASE
@@ -32,17 +35,22 @@
-Drdeck.projects=/var/rundeck/projects \
-Drdeck.runlogs=/var/lib/rundeck/logs \
-Drundeck.config.location=/etc/rundeck/rundeck-config.properties \
+ -Dserver.web.context=/ \
+ -Drundeck.jetty.connector.forwarded=true\
-Djava.io.tmpdir=$RUNDECK_TEMPDIR"
#
# Set min/max heap size
#
-RDECK_JVM="$RDECK_JVM -Xmx1024m -Xms256m -XX:MaxPermSize=256m -server"
+RDECK_JVM="$RDECK_JVM -XX:MaxPermSize=256m -Xmx1024m -Xms256m -server"
+
#
+# Set custom JVM properties
+#
+#
# SSL Configuration - Uncomment the following to enable. Check SSL.properties for details.
#
-#export RDECK_JVM="$RDECK_JVM -Drundeck.ssl.config=/etc/rundeck/ssl/ssl.properties -Dserver.https.port=${RDECK_HTTPS_PORT}"
-export RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=/etc/rundeck/ssl/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
+#export RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=/etc/rundeck/ssl/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"
if test -t 0 -a -z "$RUNDECK_CLI_TERSE"
then
* template[/etc/rundeck/rundeck-config.properties] action create
- update content in file /etc/rundeck/rundeck-config.properties from de1a7d to 6ce78d
--- /etc/rundeck/rundeck-config.properties 2016-11-15 22:00:37.000000000 +0000
+++ /etc/rundeck/.chef-rundeck-config20170126-1591-qna24r.properties 2017-01-26 21:13:46.744800000 +0000
@@ -1,11 +1,18 @@
-#loglevel.default is the default log level for jobs: ERROR,WARN,INFO,VERBOSE,DEBUG
+#loglevel.default is the default log level for jobs: ERR,WARN,INFO,VERBOSE,DEBUG
loglevel.default=INFO
-rdeck.base=/var/lib/rundeck
#rss.enabled if set to true enables RSS feeds that are public (non-authenticated)
-rss.enabled=false
-# change hostname here
-grails.serverURL=http://localhost:4440
-dataSource.dbCreate = update
-dataSource.url = jdbc:h2:file:/var/lib/rundeck/data/rundeckdb;MVCC=true;TRACE_LEVEL_FILE=4
+rss.enabled=true
+#
+dataSource.url = jdbc:h2:file:/var/lib/rundeck/data/rundeckdb;MVCC=true
+
+rundeck.security.useHMacRequestTokens=false
+
+grails.mail.default.from=rundeck@kitchentest
+
+grails.serverURL=http://localhost
+
+quartz.props.threadPool.threadCount = 10
+
+# Custom config
* template[/etc/rundeck/framework.properties] action create
- update content in file /etc/rundeck/framework.properties from 860ad9 to 6e79b6
--- /etc/rundeck/framework.properties 2016-11-15 22:00:37.000000000 +0000
+++ /etc/rundeck/.chef-framework20170126-1591-1fdwrzp.properties 2017-01-26 21:13:46.764810000 +0000
@@ -1,40 +1,227 @@
# framework.properties -
#
+# $Id: framework.properties.template 2128 2010-08-17 21:29:24Z ahonor $
+#
# ----------------------------------------------------------------
-# Rundeck server connection information
+# Installation specific settings
# ----------------------------------------------------------------
-framework.server.name = localhost
-framework.server.hostname = localhost
-framework.server.port = 4440
-framework.server.url = http://localhost:4440
-# Username/password used by CLI tools.
-framework.server.username = admin
-framework.server.password = admin
+# TODO - DUMP java.home = /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home
+file.separator = /
+rdeck.base = /etc/rundeck
+rdeck.home = /etc/rundeck
+# TODO - DUMP user.home = /home/rundeck
+framework.application.libpath =
+framework.application.properties =
+
+# API Tokens File
+
+#
+# Email settings
+#
+# recipient addresses to send email (comma separated)
+framework.email.tolist = root
+# email address appearing in message "from" field
+framework.email.from = rundeck@kitchentest
+# email address replies should go
+framework.email.replyto = do-not-reply
+# The rdeck email relay host. must be a functioning smtp relay server
+framework.email.mailhost = localhost
+framework.email.mailport = 25
+# User/pass info if the smtp server requires it
+framework.email.user =
+framework.email.password =
+framework.email.ssl = false
+framework.email.failonerror = true
+
+
+#
+# Custom config
+#
+#
+
# ----------------------------------------------------------------
-# Installation locations
+# Do not make changes below this line
# ----------------------------------------------------------------
-rdeck.base=/var/lib/rundeck
-framework.projects.dir=/var/rundeck/projects
-framework.etc.dir=/etc/rundeck
-framework.var.dir=/var/lib/rundeck/var
-framework.tmp.dir=/var/lib/rundeck/var/tmp
+#
+# framework.crypto.keystore.filename is the path to the JKS keystore containing a certchain for
+# verifying signed jars
+#
+framework.crypto.keystore.filename =
+
+#
+# framework.crypto.keystore.password is any password for verifying the keystore integrity
+#
+framework.crypto.keystore.password =
+
+#
+# framework.crypto.jarSigning.aliasName is the name of the cert alias to use for verification
+#
+framework.crypto.jarSigning.aliasName =
+
+
+
+#the hostname of this rdeck node (likely matches hostname)
+framework.node.hostname = localhost
+
+#the logical name of this rdeck node (used during Node registration)
+framework.node.name = localhost
+
+# for backwards compatability
+framework.node = localhost
+
+# the node type
+framework.node.type = @framework.node.type@
+
+#
+#
+# Version of this RUNDECK implementation
+#
+# framework.rdeck.version = 1.1
+
+#
+# Root directory of the framework pkg
+#
+framework.rdeck.dir = ${rdeck.home}
+
+#
+# Root directory of the framework instance
+#
+framework.rdeck.base = /etc/rundeck
+
+#
+# Base directory of the installed functional modules
+#
+# TODO Dump ### framework.modules.dir = /private/tmp/rdl/modules
+
+
+#
+# project spaces containing resources
+#
+framework.projects.dir= /var/rundeck/projects
+framework.depots.dir= /var/rundeck/projects
+
+#
+# directory containing instance based property files
+#
+framework.etc.dir= /etc/rundeck
+
+#
+# Base directory where instance of framework var dir is kept
+#
+framework.var.dir= /var/lib/rundeck/var
+
+#
+# Framework tmp dir
+#
+framework.tmp.dir= ${framework.var.dir}/tmp
+
+#
+# Base directory where logs are kept
+#
framework.logs.dir=/var/lib/rundeck/logs
+
+#
+# Date/time stamp format used in logs. See java.text.SimpleDateFormat
+#
+framework.log.format=[yyyy-MM-dd hh:mm:ss-Z]
+
+#
+# Directory where plugins are kept. cache will be libext/cache.
+#
framework.libext.dir=/var/lib/rundeck/libext
-# ----------------------------------------------------------------
-# SSH defaults for node executor and file copier
-# ----------------------------------------------------------------
+#
+# Base directory where module source code is kept
+#
+# TODO - DUMP framework.src.dir= /private/tmp/rdl/src
+#
+# Name of nodes metadata file for each project (e.g. nodes.xml/nodes.properties)
+#
+framework.nodes.file.name= resources.xml
+
+#
+# Local Authentication/Authorization Security
+#
+framework.authorization.class = com.dtolabs.rundeck.core.authorization.NoAuthorization
+framework.authentication.class = com.dtolabs.rundeck.core.authentication.NoAuthentication
+#
+# Remote Client connection authentication
+#
+framework.nodeauthentication.classname = com.dtolabs.rundeck.core.authentication.DefaultNodeAuthResolutionStrategy
+
+#
+# Remote Central Dispatcher service class
+#
+framework.centraldispatcher.classname = com.dtolabs.client.services.RundeckAPICentralDispatcher
+
+#
+# Rundeck Server UUID
+#
+rundeck.server.uuid = 04bbd30a-878c-431e-848d-a7dd5701eed4
+
+#
+#
+# rdeck server connection.
+#
+framework.server.username = admin
+framework.server.password = adminpassword
+framework.server.hostname = localhost
+framework.server.name = better-chef-rundeck-ubuntu-1604
+
+framework.server.port = 4440
+framework.server.url = http://localhost:4440
+# URL to Rundeck
+framework.rundeck.url = http://localhost:4440
+
+#
+# ssh keypath
+#
framework.ssh.keypath = /var/lib/rundeck/.ssh/id_rsa
+
+#
+# ssh user
+#
framework.ssh.user = rundeck
-# ssh connection timeout after a specified number of milliseconds.
-# "0" value means wait forever.
+
+#
+# ssh timeout. The connection can be dropped after a specified number of milliseconds.
+# A "0" value means wait forever.
+#
framework.ssh.timeout = 0
+#
+# Set the formatting for run-exec console output
+#
+# Examples:
+# 1) Format specification to work with Rundeck. %command will be "run-exec"
+#
+# framework.log.run-exec.console.format =[%user@%node %command][%level] %message
+#
+framework.log.run-exec.console.format =[%user@%node %command][%level] %message
+
+# winrm authentication type (options "basic" or "kerberos", default: "basic")
+#
+framework.winrm-auth-type = basic
+
+# winrm SSL security (options "all", "self-signed", "default" (trusted certs only))
+#
+framework.winrm-cert-trust = all
+
+# winrm hostname security (options "all", "strict", "browser-compatible")
+#
+framework.winrm-hostname-trust = all
+
+# winrm HTTP(S) protocol to use, either "http" or "https". Default: "https"
+#
+framework.winrm-protocol = https
+
+# winrm connection timeout. Default: PT60.000S
+framework.winrm-timeout = PT60.000S
* template[/etc/rundeck/realm.properties] action create
- update content in file /etc/rundeck/realm.properties from bce17d to 2a2797
--- /etc/rundeck/realm.properties 2016-11-15 22:00:37.000000000 +0000
+++ /etc/rundeck/.chef-realm20170126-1591-t1v6wd.properties 2017-01-26 21:13:46.792824000 +0000
@@ -4,7 +4,7 @@
# The format is
# <username>: <password>[,<rolename> ...]
#
-# Passwords may be clear text, obfuscated or checksummed. The class
+# Passwords may be clear text, obfuscated or checksummed. The class
# org.mortbay.util.Password should be used to generate obfuscated
# passwords or password checksums
#
@@ -22,7 +22,9 @@
#
# This sets the default user accounts for the Rundeck app
#
-admin:admin,user,admin,architect,deploy,build
+admin:adminpassword,admin,user,architect,deploy,build
+n00b:TheBestPassw0rd,user
+
#@jetty.user.deploy.name@:@jetty.user.deploy.password@,user,deploy
#@jetty.user.build.name@:@jetty.user.build.password@,user,build
* bash[own rundeck] action run
- execute "bash" "/tmp/chef-script20170126-1591-17kuj36"
* service[rundeckd] action start
- start service service[rundeckd]
* rundeck_plugin[slack] action create
* remote_file[/var/lib/rundeck/libext/rundeck-slack-incoming-webhook-plugin-0.6.jar] action create
- create new file /var/lib/rundeck/libext/rundeck-slack-incoming-webhook-plugin-0.6.jar
- update content in file /var/lib/rundeck/libext/rundeck-slack-incoming-webhook-plugin-0.6.jar from none to d23b31
(new content is binary, diff output suppressed)
- change mode from '' to '0644'
- change owner from '' to 'rundeck'
- change group from '' to 'rundeck'
* bash[check-project-localhost] action run (skipped due to only_if)
Recipe: apache2::default
* apt_package[apache2] action install
- install version 2.4.18-2ubuntu3.1 of package apache2
* directory[/etc/apache2/sites-available] action create (up to date)
* directory[/etc/apache2/sites-enabled] action create (up to date)
* directory[/etc/apache2/mods-available] action create (up to date)
* directory[/etc/apache2/mods-enabled] action create (up to date)
* directory[/etc/apache2/conf-available] action create (up to date)
* directory[/etc/apache2/conf-enabled] action create (up to date)
* link[/etc/apache2/sites-enabled/default] action delete (up to date)
* file[/etc/apache2/sites-available/default] action delete (up to date)
* link[/etc/apache2/sites-enabled/default.conf] action delete (up to date)
* file[/etc/apache2/sites-available/default.conf] action delete (up to date)
* link[/etc/apache2/sites-enabled/000-default] action delete (up to date)
* file[/etc/apache2/sites-available/000-default] action delete (up to date)
* link[/etc/apache2/sites-enabled/000-default.conf] action delete
- delete link to file at /etc/apache2/sites-enabled/000-default.conf
* file[/etc/apache2/sites-available/000-default.conf] action delete
- delete file /etc/apache2/sites-available/000-default.conf
* directory[/etc/apache2/conf.d] action delete (up to date)
* directory[/var/log/apache2] action create
- change mode from '0750' to '0755'
* apt_package[perl] action install (up to date)
* link[/usr/sbin/a2ensite] action delete
- delete link to file at /usr/sbin/a2ensite
* template[/usr/sbin/a2ensite] action create
- create new file /usr/sbin/a2ensite
- update content in file /usr/sbin/a2ensite from none to ce53f4
--- /usr/sbin/a2ensite 2017-01-26 21:14:26.332584000 +0000
+++ /usr/sbin/.chef-a2ensite20170126-1591-dubdaz 2017-01-26 21:14:26.332584000 +0000
@@ -1 +1,533 @@
+#!/usr/bin/perl -w
+#
+# a2enmod by Stefan Fritsch <sf@debian.org>
+# Licensed under Apache License 2.0
+#
+# The coding style is "perltidy -pbp"
+
+use strict;
+use Cwd 'realpath';
+use File::Spec;
+use File::Basename;
+use File::Path;
+use Getopt::Long;
+
+my $quiet;
+my $force;
+my $maintmode;
+my $purge;
+
+Getopt::Long::Configure('bundling');
+GetOptions(
+ 'quiet|q' => \$quiet,
+ 'force|f' => \$force,
+ 'maintmode|m' => \$maintmode,
+ 'purge|p' => \$purge
+) or exit 2;
+
+my $basename = basename($0);
+$basename =~ /^a2(en|dis)(mod|site|conf)((?:-.+)?)$/
+ or die "$basename call name unknown\n";
+my $act = $1;
+my $obj = $2;
+my $dir_suffix = $3;
+
+my $env_file = $ENV{APACHE_ENVVARS}
+ || (
+ $ENV{APACHE_CONFDIR}
+ ? "$ENV{APACHE_CONFDIR}/envvars"
+ : "/etc/apache2$dir_suffix/envvars"
+ );
+$ENV{LANG} = 'C';
+read_env_file($env_file);
+
+$act .= 'able';
+my ( $name, $dir, $sffx, $reload );
+if ( $obj eq 'mod' ) {
+ $obj = 'module';
+ $dir = 'mods';
+ $sffx = '.load';
+ $reload = 'restart';
+}
+elsif ( $obj eq 'conf' ) {
+ $obj = 'conf';
+ $dir = 'conf';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+else {
+ $dir = 'sites';
+ $sffx = '.conf';
+ $reload = 'reload';
+}
+$name = ucfirst($obj);
+
+my $confdir = $ENV{APACHE_CONFDIR} || "/etc/apache2$dir_suffix";
+my $availdir = $ENV{ uc("APACHE_${dir}_AVAILABLE") }
+ || "$confdir/$dir-available";
+my $enabldir = $ENV{ uc("APACHE_${dir}_ENABLED") } || "$confdir/$dir-enabled";
+my $statedir = $ENV{ uc("APACHE_STATE_DIRECTORY") } || "/usr/lib/apache2";
+
+$statedir .= "/$obj";
+
+my $choicedir = $act eq 'enable' ? $availdir : $enabldir;
+my $linkdir = File::Spec->abs2rel( $availdir, $enabldir );
+
+my $request_reload = 0;
+
+my $rc = 0;
+
+if ( !scalar @ARGV ) {
+ my @choices = myglob('*');
+ print "Your choices are: @choices\n";
+ print "Which ${obj}(s) do you want to $act (wildcards ok)?\n";
+ my $input = <>;
+ @ARGV = split /\s+/, $input;
+
+}
+
+my @objs;
+foreach my $arg (@ARGV) {
+ $arg =~ s/${sffx}$//;
+ my @glob = myglob($arg);
+ if ( !@glob ) {
+ error("No $obj found matching $arg!\n");
+ $rc = 1;
+ }
+ else {
+ push @objs, @glob;
+ }
+}
+
+foreach my $acton (@objs) {
+ doit($acton) or $rc = 1;
+}
+
+info(
+ "To activate the new configuration, you need to run:\n service apache2 $reload\n"
+) if $request_reload;
+
+exit($rc);
+
+##############################################################################
+
+sub myglob {
+ my $arg = shift;
+
+ my @glob = map {
+ s{^$choicedir/}{};
+ s{$sffx$}{};
+ $_
+ } glob("$choicedir/$arg$sffx");
+
+ return @glob;
+}
+
+sub doit {
+ my $acton = shift;
+
+ my ( $conftgt, $conflink );
+ if ( $obj eq 'module' ) {
+ if ( $acton eq 'cgi' && threaded() ) {
+ print
+ "Your MPM seems to be threaded. Selecting cgid instead of cgi.\n";
+ $acton = 'cgid';
+ }
+
+ $conftgt = "$availdir/$acton.conf";
+ if ( -e $conftgt ) {
+ $conflink = "$enabldir/$acton.conf";
+ }
+ }
+
+ my $tgt = "$availdir/$acton$sffx";
+ my $link = "$enabldir/$acton$sffx";
+
+ if ( !-e $tgt ) {
+ if ( -l $link && !-e $link ) {
+ if ( $act eq 'disable' ) {
+ info("removing dangling symlink $link\n");
+ unlink($link);
+
+ # force a .conf path. It may exist as dangling link, too
+ $conflink = "$enabldir/$acton.conf";
+
+ if ( -l $conflink && !-e $conflink ) {
+ info("removing dangling symlink $conflink\n");
+ unlink($conflink);
+ }
+
+ return 1;
+ }
+ else {
+ error("$link is a dangling symlink!\n");
+ }
+ }
+
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ # exit silently, we are purging anyway
+ return 1;
+ }
+
+ error("$name $acton does not exist!\n");
+ return 0;
+ }
+
+ # handle module dependencies
+ if ( $obj eq 'module' ) {
+ if ( $act eq 'enable' ) {
+ if ( $acton eq 'mpm_itk' ) {
+ warning( "MPM_ITK is a third party module that is not part "
+ . "of the official Apache HTTPD. It has seen less "
+ . "testing than the official MPM modules." );
+ }
+ my @depends = get_deps("$availdir/$acton.load");
+ do_deps( $acton, @depends ) or return 0;
+
+ my @conflicts = get_deps( "$availdir/$acton.load", "Conflicts" );
+ check_conflicts( $acton, @conflicts ) or return 0;
+ }
+ else {
+ my @depending;
+ foreach my $d ( glob("$enabldir/*.load") ) {
+ my @deps = get_deps($d);
+ if ( is_in( $acton, @deps ) ) {
+ $d =~ m,/([^/]+).load$,;
+ push @depending, $1;
+ }
+ }
+ if ( scalar @depending ) {
+ if ($force) {
+ do_deps( $acton, @depending ) or return 0;
+ }
+ else {
+ error(
+ "The following modules depend on $acton ",
+ "and need to be disabled first: @depending\n"
+ );
+ return 0;
+ }
+ }
+ }
+ }
+ elsif ( $act eq 'enable' ) {
+ my @depends = get_deps("$availdir/$acton$sffx");
+ warn_deps( $acton, @depends ) or return 0;
+ }
+
+ if ( $act eq 'enable' ) {
+ my $check = check_link( $tgt, $link );
+ if ( $check eq 'ok' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'ok' ) {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ elsif ( $confcheck eq 'missing' ) {
+ print "Enabling config file $acton.conf.\n";
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ else {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+ else {
+ info("$name $acton already enabled\n");
+ return 1;
+ }
+ }
+ elsif ( $check eq 'missing' ) {
+ if ($conflink) {
+
+ # handle .conf file
+ my $confcheck = check_link( $conftgt, $conflink );
+ if ( $confcheck eq 'missing' ) {
+ add_link( $conftgt, $conflink ) or return 0;
+ }
+ elsif ( $confcheck ne 'ok' ) {
+ error(
+ "Config file $acton.conf not properly enabled: $confcheck\n"
+ );
+ return 0;
+ }
+ }
+
+ print "Enabling $obj $acton.\n";
+ if ( $acton eq 'ssl' ) {
+ info( "See /usr/share/doc/apache2/README.Debian.gz on "
+ . "how to configure SSL and create self-signed certificates.\n"
+ );
+ }
+ return add_link( $tgt, $link )
+ && switch_marker( $obj, $act, $acton );
+ }
+ else {
+ error("$name $acton not properly enabled: $check\n");
+ return 0;
+ }
+ }
+ else {
+ if ( -e $link || -l $link ) {
+ remove_link($link);
+ if ( $conflink && -e $conflink ) {
+ remove_link($conflink);
+ }
+ switch_marker( $obj, $act, $acton );
+ print "$name $acton disabled.\n";
+ }
+ elsif ( $conflink && -e $conflink ) {
+ print "Disabling stale config file $acton.conf.\n";
+ remove_link($conflink);
+ }
+ else {
+ info("$name $acton already disabled\n");
+ if ( $purge ) {
+ switch_marker( $obj, $act, $acton );
+ }
+ return 1;
+ }
+ }
+
+ return 1;
+}
+
+sub get_deps {
+ my $file = shift;
+ my $type = shift || "Depends";
+
+ my $fd;
+ if ( !open( $fd, '<', $file ) ) {
+ error("Can't open $file: $!");
+ return;
+ }
+ my $line;
+ while ( defined( $line = <$fd> ) ) {
+ chomp $line;
+ if ( $line =~ /^# $type:\s+(.*?)\s*$/ ) {
+ my $deps = $1;
+ return split( /[\n\s]+/, $deps );
+ }
+
+ # only check until the first non-empty non-comment line
+ last if ( $line !~ /^\s*(?:#.*)?$/ );
+ }
+ return;
+}
+
+sub do_deps {
+ my $acton = shift;
+ foreach my $d (@_) {
+ info("Considering dependency $d for $acton:\n");
+ if ( !doit($d) ) {
+ error("Could not $act dependency $d for $acton, aborting\n");
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub warn_deps {
+ my $acton = shift;
+ my $modsenabldir = $ENV{APACHE_MODS_ENABLED} || "$confdir/mods-enabled";
+ foreach my $d (@_) {
+ info("Checking dependency $d for $acton:\n");
+ if ( !-e "$modsenabldir/$d.load" ) {
+ warning(
+ "Module $d is not enabled, but $acton depends on it, aborting\n"
+ );
+ return 0;
+ }
+ }
+ return 1;
+}
+
+sub check_conflicts {
+ my $acton = shift;
+ my $haderror = 0;
+ foreach my $d (@_) {
+ info("Considering conflict $d for $acton:\n");
+
+ my $tgt = "$availdir/$d$sffx";
+ my $link = "$enabldir/$d$sffx";
+
+ my $confcheck = check_link( $tgt, $link );
+ if ( $confcheck eq 'ok' ) {
+ error(
+ "Module $d is enabled - cannot proceed due to conflicts. It needs to be disabled first!\n"
+ );
+
+ # Don't return immediately, there could be several conflicts
+ $haderror++;
+ }
+ }
+
+ if ($haderror) {
+ return 0;
+ }
+
+ return 1;
+}
+
+sub add_link {
+ my ( $tgt, $link ) = @_;
+
+ # create relative link
+ if ( !symlink( File::Spec->abs2rel( $tgt, dirname($link) ), $link ) ) {
+ die("Could not create $link: $!\n");
+ }
+ $request_reload = 1;
+ return 1;
+}
+
+sub check_link {
+ my ( $tgt, $link ) = @_;
+
+ if ( !-e $link ) {
+ if ( -l $link ) {
+
+ # points to nowhere
+ info("Removing dangling link $link");
+ unlink($link) or die "Could not remove $link\n";
+ }
+ return 'missing';
+ }
+
+ if ( -e $link && !-l $link ) {
+ return "$link is a real file, not touching it";
+ }
+ if ( realpath($link) ne realpath($tgt) ) {
+ return "$link exists but does not point to $tgt, not touching it";
+ }
+ return 'ok';
+}
+
+sub remove_link {
+ my ($link) = @_;
+
+ if ( -l $link ) {
+ unlink($link) or die "Could not remove $link: $!\n";
+ }
+ elsif ( -e $link ) {
+ error("$link is not a symbolic link, not deleting\n");
+ return 0;
+ }
+ $request_reload = 1;
+ return 1;
+}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment