(MODULES-8107) - Support added for Ubuntu 18.04.

PR made to finialize work started by community member bastelfreak, (#1809).
Includes work done to migrate spec classes tests to rspec-puppet-facts.

Author: david22swan

manifests/mod/dav_svn.pp

@@ -13,7 +13,7 @@
 
   ::apache::mod { 'dav_svn': }
 
-  if $::osfamily == 'Debian' and ! ($::operatingsystemmajrelease in ['6', '16.04', '9']) {
+  if $::osfamily == 'Debian' and ! ($::operatingsystemmajrelease in ['6', '9', '16.04', '18.04']) {
     $loadfile_name = undef
   } else {
     $loadfile_name = 'dav_svn_authz_svn.load'

manifests/mod/fastcgi.pp

@@ -3,6 +3,9 @@
   if ($::osfamily == 'Redhat' and versioncmp($::operatingsystemrelease, '7.0') >= 0) {
     fail('mod_fastcgi is no longer supported on el7 and above.')
   }
+  if ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '18.04') >= 0) {
+    fail('mod_fastcgi is no longer supported on Ubuntu 18.04 and above. Please use mod_proxy_fcgi')
+  }
   # Debian specifies it's fastcgi lib path, but RedHat uses the default value
   # with no config file
   $fastcgi_lib_path = $::apache::params::fastcgi_lib_path

manifests/mod/security.pp

@@ -129,8 +129,7 @@
   }
 
   # Debian 9 has a different rule setup
-  unless $::operatingsystem == 'SLES' or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) {
+  unless $::operatingsystem == 'SLES' or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) or ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') >= 0) {
     apache::security::rule_link { $activated_rules: }
   }
-
 }

manifests/mod/suphp.pp

@@ -1,5 +1,9 @@
 class apache::mod::suphp (
 ){
+  if  ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '15.10') >= 0) or
+      ($facts['os']['name'] == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) {
+    fail("suphp was declared EOL by it's creators as of 2013 and so is no longer supported on Ubuntu 15.10/Debian 8 and above. Please use php-fpm")
+  }
   include ::apache
   ::apache::mod { 'suphp': }
 

manifests/mpm.pp

@@ -82,7 +82,6 @@
       }
 
       if $mpm == 'itk' {
-
         if ( ( $::operatingsystem == 'Ubuntu' ) or ( ($::operatingsystem == 'Debian') and ( versioncmp($::operatingsystemrelease, '8.0.0') >= 0 ) ) ) {
           ensure_resource('exec', '/usr/sbin/a2dismod mpm_event', {
             onlyif  => "/usr/bin/test -e ${apache::mod_enable_dir}/mpm_event.load",
@@ -98,7 +97,6 @@
             File[$::apache::mod_enable_dir],
           ],
         }
-
       }
 
       if $mpm == 'prefork' {

manifests/params.pp

@@ -291,6 +291,33 @@
         'wsgi'                  => 'libapache2-mod-wsgi',
         'xsendfile'             => 'libapache2-mod-xsendfile',
       }
+    } elsif ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') >= 0) {
+      # major.minor version used since Debian stretch and Ubuntu Xenial
+      $php_version = '7.2' # different to Ubuntu 16.04
+      # fastcgi and suphp got removed from #mod_packages, they aren't supported anymore
+      $mod_packages = {
+        'auth_cas'              => 'libapache2-mod-auth-cas',
+        'auth_kerb'             => 'libapache2-mod-auth-kerb',
+        'auth_gssapi'           => 'libapache2-mod-auth-gssapi',
+        'auth_mellon'           => 'libapache2-mod-auth-mellon',
+        'authnz_pam'            => 'libapache2-mod-authnz-pam',
+        'dav_svn'               => 'libapache2-mod-svn', # different to Ubuntu16.04
+        'fcgid'                 => 'libapache2-mod-fcgid',
+        'geoip'                 => 'libapache2-mod-geoip',
+        'intercept_form_submit' => 'libapache2-mod-intercept-form-submit',
+        'lookup_identity'       => 'libapache2-mod-lookup-identity',
+        'nss'                   => 'libapache2-mod-nss',
+        'pagespeed'             => 'mod-pagespeed-stable',
+        'passenger'             => 'libapache2-mod-passenger',
+        'perl'                  => 'libapache2-mod-perl2',
+        'phpXXX'                => 'libapache2-mod-phpXXX',
+        'python'                => 'libapache2-mod-python',
+        'rpaf'                  => 'libapache2-mod-rpaf',
+        'security'              => 'libapache2-mod-security2',
+        'shib2'                 => 'libapache2-mod-shib2',
+        'wsgi'                  => 'libapache2-mod-wsgi',
+        'xsendfile'             => 'libapache2-mod-xsendfile',
+      }
     } else {
       # major.minor version used since Debian stretch and Ubuntu Xenial
       $php_version = '7.0'
@@ -354,7 +381,7 @@
     $secpcrematchlimit = 1500
     $secpcrematchlimitrecursion = 1500
     $modsec_secruleengine = 'On'
-    if $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0 {
+    if ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) or ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') >= 0) {
       $modsec_default_rules = [
         'crawlers-user-agents.data',
         'iis-errors.data',

metadata.json

@@ -65,8 +65,8 @@
     {
       "operatingsystem": "Ubuntu",
       "operatingsystemrelease": [
-        "14.04",
-        "16.04"
+        "16.04",
+        "18.04"
       ]
     }
   ],

spec/acceptance/mod_passenger_spec.rb

@@ -7,36 +7,8 @@
     conf_file = "#{$mod_dir}/passenger.conf"
     load_file = "#{$mod_dir}/zpassenger.load"
 
-    case fact('operatingsystem')
-    when 'Ubuntu'
-      case fact('lsbdistrelease')
-      when '14.04'
-        passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
-        passenger_default_ruby = '/usr/bin/ruby'
-      when '16.04'
-        passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
-        passenger_default_ruby = '/usr/bin/ruby'
-      else
-        # Includes 10.04 and 12.04
-        # This may or may not work on Ubuntu releases other than the above
-        passenger_root = '/usr'
-        passenger_ruby = '/usr/bin/ruby'
-      end
-    when 'Debian'
-      case fact('operatingsystemmajrelease')
-      when '8'
-        passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
-        passenger_default_ruby = '/usr/bin/ruby'
-      when '9'
-        passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
-        passenger_default_ruby = '/usr/bin/ruby'
-      else
-        # Includes wheezy
-        # This may or may not work on Debian releases other than the above
-        passenger_root = '/usr'
-        passenger_ruby = '/usr/bin/ruby'
-      end
-    end
+    passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
+    passenger_default_ruby = '/usr/bin/ruby'
 
     passenger_module_path = '/usr/lib/apache2/modules/mod_passenger.so'
     rackapp_user = 'www-data'
@@ -116,6 +88,11 @@ class { 'apache::mod::passenger':
       end
     end
     context 'default passenger config' do
+      # We need to set passenger_instance_registry_dir on every sane distro
+      # with systemd. Systemd can force processes into a seperate/private
+      # tmpdir. This is the default for apache on Ubuntu 18.04. As a result,
+      # passenger CLI tools can't find the config/socket, which defaults to /tmp
+      # we enable it for ubuntu 16.04/18.04, centos7 and debian 9
       pp =  if ['7', '9', '16.04', '18.04'].include?(fact('operatingsystemmajrelease'))
               <<-MANIFEST
                 /* stock apache and mod_passenger */
@@ -148,36 +125,8 @@ class { 'apache::mod::passenger': }
 
       describe file(conf_file) do
         it { is_expected.to contain %(PassengerRoot "#{passenger_root}") }
-        case fact('operatingsystem')
-        when 'Ubuntu'
-          case fact('lsbdistrelease')
-          when '14.04'
-            it { is_expected.to contain %(PassengerDefaultRuby "#{passenger_default_ruby}") }
-            it { is_expected.not_to contain '/PassengerRuby/' }
-          when '16.04'
-            it { is_expected.to contain %(PassengerDefaultRuby "#{passenger_default_ruby}") }
-            it { is_expected.not_to contain '/PassengerRuby/' }
-          else
-            # Includes 10.04 and 12.04
-            # This may or may not work on Ubuntu releases other than the above
-            it { is_expected.to contain %(PassengerRuby "#{passenger_ruby}) }
-            it { is_expected.not_to contain '/PassengerDefaultRuby/' }
-          end
-        when 'Debian'
-          case fact('operatingsystemmajrelease')
-          when '8'
-            it { is_expected.to contain %(PassengerDefaultRuby "#{passenger_default_ruby}") }
-            it { is_expected.not_to contain '/PassengerRuby/' }
-          when '9'
-            it { is_expected.to contain %(PassengerDefaultRuby "#{passenger_default_ruby}") }
-            it { is_expected.not_to contain '/PassengerRuby/' }
-          else
-            # Includes wheezy
-            # This may or may not work on Debian releases other than the above
-            it { is_expected.to contain %(PassengerRuby "#{passenger_ruby}) }
-            it { is_expected.not_to contain '/PassengerDefaultRuby/' }
-          end
-        end
+        it { is_expected.to contain %(PassengerDefaultRuby "#{passenger_default_ruby}") }
+        it { is_expected.not_to contain '/PassengerRuby/' }
       end
       # rubocop:enable RSpec/RepeatedExample
 
@@ -188,10 +137,7 @@ class { 'apache::mod::passenger': }
       expected_one = [%r{Apache processes}, %r{Nginx processes}, %r{Passenger processes}]
       # passenger-memory-stats output on newer Debian/Ubuntu verions do not contain
       # these two lines
-      unless (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04') ||
-             (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '16.04') ||
-             (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') ||
-             (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
+      unless fact('osfamily') == 'Debian'
         expected_one << [%r{### Processes: [0-9]+}, %r{### Total private dirty RSS: [0-9\.]+ MB}]
       end
       it 'outputs status via passenger-memory-stats #stdout' do
@@ -207,34 +153,27 @@ class { 'apache::mod::passenger': }
         end
       end
 
-      # passenger-status fails under stock ubuntu-server-12042-x64 + mod_passenger,
-      # even when the passenger process is successfully installed and running
-      unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '12.04'
-        it 'outputs status via passenger-status #General information' do
-          shell('PATH=/usr/bin:$PATH PASSENGER_INSTANCE_REGISTRY_DIR=/var/run /usr/sbin/passenger-status') do |r|
-            # spacing may vary
-            expect(r.stdout).to match(%r{[\-]+ General information [\-]+})
-          end
+      it 'outputs status via passenger-status #General information' do
+        shell('PATH=/usr/bin:$PATH PASSENGER_INSTANCE_REGISTRY_DIR=/var/run /usr/sbin/passenger-status') do |r|
+          # spacing may vary
+          expect(r.stdout).to match(%r{[\-]+ General information [\-]+})
         end
-        expected_two = if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04') ||
-                          (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '16.04') ||
-                          (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') ||
-                          (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
-                         [%r{Max pool size[ ]+: [0-9]+}, %r{Processes[ ]+: [0-9]+}, %r{Requests in top-level queue[ ]+: [0-9]+}]
-                       else
-                         [%r{max[ ]+= [0-9]+}, %r{count[ ]+= [0-9]+}, %r{active[ ]+= [0-9]+}, %r{inactive[ ]+= [0-9]+}, %r{Waiting on global queue: [0-9]+}]
-                       end
-        it 'outputs status via passenger-status #stdout' do
-          shell('PATH=/usr/bin:$PATH PASSENGER_INSTANCE_REGISTRY_DIR=/var/run /usr/sbin/passenger-status') do |r|
-            expected_two.each do |expect|
-              expect(r.stdout).to match(expect)
-            end
+      end
+      expected_two = if fact('osfamily') == 'Debian'
+                       [%r{Max pool size[ ]+: [0-9]+}, %r{Processes[ ]+: [0-9]+}, %r{Requests in top-level queue[ ]+: [0-9]+}]
+                     else
+                       [%r{max[ ]+= [0-9]+}, %r{count[ ]+= [0-9]+}, %r{active[ ]+= [0-9]+}, %r{inactive[ ]+= [0-9]+}, %r{Waiting on global queue: [0-9]+}]
+                     end
+      it 'outputs status via passenger-status #stdout' do
+        shell('PATH=/usr/bin:$PATH PASSENGER_INSTANCE_REGISTRY_DIR=/var/run /usr/sbin/passenger-status') do |r|
+          expected_two.each do |expect|
+            expect(r.stdout).to match(expect)
           end
         end
-        it 'outputs status via passenger-status #exit_code' do
-          shell('PATH=/usr/bin:$PATH PASSENGER_INSTANCE_REGISTRY_DIR=/var/run /usr/sbin/passenger-status') do |r|
-            expect(r.exit_code).to eq(0)
-          end
+      end
+      it 'outputs status via passenger-status #exit_code' do
+        shell('PATH=/usr/bin:$PATH PASSENGER_INSTANCE_REGISTRY_DIR=/var/run /usr/sbin/passenger-status') do |r|
+          expect(r.exit_code).to eq(0)
         end
       end
 

spec/acceptance/mod_php_spec.rb

@@ -4,6 +4,28 @@
 unless fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') == '12'
   describe 'apache::mod::php class' do
     context 'default php config' do
+      if ['16.04', '18.04'].include?(fact('operatingsystemmajrelease'))
+        # this policy defaults to 101. it prevents newly installed services from starting
+        # it is useful for containers, it prevents new processes during 'docker build'
+        # but we actually want to test the services and this should not behave like docker
+        # but like a normal operating system
+
+        # without this apache fails to start -> installation of mod-php-something fails because it reloads apache to enable the module
+        # exit codes are documented at https://askubuntu.com/a/365912. Default for docker images is 101
+        shell("if [ -a '/usr/sbin/policy-rc.d' ]; then sed -i 's/^exit.*/exit 0/' /usr/sbin/policy-rc.d; fi")
+      end
+      if fact('operatingsystemmajrelease') == '18.04'
+        # apache helper script has a bug which prevents the installation of certain apache modules
+        # https://bugs.launchpad.net/ubuntu/+source/php7.2/+bug/1771934
+        # https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1782806
+        pp1 = "class { 'apache': mpm_module => 'prefork',}"
+        it 'succeeds in installing apache' do
+          apply_manifest(pp1, catch_failures: true)
+        end
+        it 'fixes the broken apache2 helper from Ubuntu 18.04' do
+          shell("sed -i 's|a2query -m \"$mpm_$MPM\"|a2query -m \"mpm_$MPM\"|' /usr/share/apache2/apache2-maintscript-helper")
+        end
+      end
       pp = <<-MANIFEST
           class { 'apache':
             mpm_module => 'prefork',
@@ -37,6 +59,10 @@ class { 'apache::mod::php': }
         describe file("#{$mod_dir}/php7.0.conf") do
           it { is_expected.to contain 'DirectoryIndex index.php' }
         end
+      elsif fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '18.04'
+        describe file("#{$mod_dir}/php7.2.conf") do
+          it { is_expected.to contain 'DirectoryIndex index.php' }
+        end
       else
         describe file("#{$mod_dir}/php5.conf") do
           it { is_expected.to contain 'DirectoryIndex index.php' }
@@ -126,30 +152,8 @@ class {'apache::mod::php':
         describe file("#{$mod_dir}/php7.0.conf") do
           it { is_expected.to contain '# somecontent' }
         end
-      else
-        describe file("#{$mod_dir}/php5.conf") do
-          it { is_expected.to contain '# somecontent' }
-        end
-      end
-    end
-
-    context 'provide content and template config file' do
-      pp = <<-MANIFEST
-          class {'apache':
-            mpm_module => 'prefork',
-          }
-          class {'apache::mod::php':
-            content  => '# somecontent',
-            template => 'apache/mod/php5.conf.erb',
-          }
-      MANIFEST
-      it 'succeeds in puppeting php' do
-        apply_manifest(pp, catch_failures: true)
-      end
-
-      if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04') ||
-         (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
-        describe file("#{$mod_dir}/php7.0.conf") do
+      elsif fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '18.04'
+        describe file("#{$mod_dir}/php7.2.conf") do
           it { is_expected.to contain '# somecontent' }
         end
       else

spec/acceptance/mod_security_spec.rb

@@ -76,7 +76,8 @@ class { 'apache::mod::security': }
       end
 
       unless fact('operatingsystem') == 'SLES' ||
-             (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
+             (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') ||
+             (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '18.04')
         it 'blocks query with SQL' do
           shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', acceptable_exit_codes: [22]
         end
@@ -116,7 +117,8 @@ class { 'apache::mod::security': }
     end
 
     unless fact('operatingsystem') == 'SLES' ||
-           (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
+           (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') ||
+           (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '18.04')
       it 'blocks query with SQL' do
         shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', acceptable_exit_codes: [22]
       end
@@ -179,7 +181,8 @@ class { 'apache::mod::security': }
     end
 
     unless  fact('operatingsystem') == 'SLES' ||
-            (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
+            (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') ||
+            (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '18.04')
       it 'blocks query with SQL' do
         shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', acceptable_exit_codes: [22]
       end
@@ -246,7 +249,8 @@ class { 'apache::mod::security': }
     end
 
     unless  fact('operatingsystem') == 'SLES' ||
-            (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
+            (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') ||
+            (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '18.04')
       it 'blocks query with SQL' do
         shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', acceptable_exit_codes: [22]
       end
@@ -313,7 +317,8 @@ class { 'apache::mod::security': }
     end
 
     unless  fact('operatingsystem') == 'SLES' ||
-            (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
+            (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') ||
+            (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '18.04')
       it 'blocks query with SQL' do
         shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', acceptable_exit_codes: [22]
       end
@@ -380,7 +385,8 @@ class { 'apache::mod::security': }
     end
 
     unless  fact('operatingsystem') == 'SLES' ||
-            (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
+            (fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9') ||
+            (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '18.04')
       it 'blocks query with SQL' do
         shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', acceptable_exit_codes: [22]
       end