Skip to content

Commit b21ec23

Browse files
authored
Merge pull request #1849 from david22swan/MODULES-8108
(MODULES-8108) - Support added for Debian 9
2 parents d297285 + e7a8d6b commit b21ec23

File tree

10 files changed

+154
-67
lines changed

10 files changed

+154
-67
lines changed

manifests/mod/dav_svn.pp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313

1414
::apache::mod { 'dav_svn': }
1515

16-
if $::osfamily == 'Debian' and ($::operatingsystemmajrelease != '6' and $::operatingsystemmajrelease != '10.04' and $::operatingsystemrelease != '10.04' and $::operatingsystemmajrelease != '16.04') {
16+
if $::osfamily == 'Debian' and ! ($::operatingsystemmajrelease in ['6', '16.04', '9']) {
1717
$loadfile_name = undef
1818
} else {
1919
$loadfile_name = 'dav_svn_authz_svn.load'

manifests/mod/security.pp

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -128,6 +128,9 @@
128128
}
129129
}
130130

131-
unless $::operatingsystem == 'SLES' { apache::security::rule_link { $activated_rules: } }
131+
# Debian 9 has a different rule setup
132+
unless $::operatingsystem == 'SLES' or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) {
133+
apache::security::rule_link { $activated_rules: }
134+
}
132135

133136
}

manifests/params.pp

Lines changed: 74 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -263,6 +263,34 @@
263263
'wsgi' => 'libapache2-mod-wsgi',
264264
'xsendfile' => 'libapache2-mod-xsendfile',
265265
}
266+
} elsif ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0) {
267+
# Debian stretch uses a different dav_svn from Ubuntu Xenial
268+
$php_version = '7.0'
269+
$mod_packages = {
270+
'auth_cas' => 'libapache2-mod-auth-cas',
271+
'auth_kerb' => 'libapache2-mod-auth-kerb',
272+
'auth_gssapi' => 'libapache2-mod-auth-gssapi',
273+
'auth_mellon' => 'libapache2-mod-auth-mellon',
274+
'authnz_pam' => 'libapache2-mod-authnz-pam',
275+
'dav_svn' => 'libapache2-mod-svn',
276+
'fastcgi' => 'libapache2-mod-fastcgi',
277+
'fcgid' => 'libapache2-mod-fcgid',
278+
'geoip' => 'libapache2-mod-geoip',
279+
'intercept_form_submit' => 'libapache2-mod-intercept-form-submit',
280+
'lookup_identity' => 'libapache2-mod-lookup-identity',
281+
'nss' => 'libapache2-mod-nss',
282+
'pagespeed' => 'mod-pagespeed-stable',
283+
'passenger' => 'libapache2-mod-passenger',
284+
'perl' => 'libapache2-mod-perl2',
285+
'phpXXX' => 'libapache2-mod-phpXXX',
286+
'python' => 'libapache2-mod-python',
287+
'rpaf' => 'libapache2-mod-rpaf',
288+
'security' => 'libapache2-mod-security2',
289+
'shib2' => 'libapache2-mod-shib2',
290+
'suphp' => 'libapache2-mod-suphp',
291+
'wsgi' => 'libapache2-mod-wsgi',
292+
'xsendfile' => 'libapache2-mod-xsendfile',
293+
}
266294
} else {
267295
# major.minor version used since Debian stretch and Ubuntu Xenial
268296
$php_version = '7.0'
@@ -326,28 +354,52 @@
326354
$secpcrematchlimit = 1500
327355
$secpcrematchlimitrecursion = 1500
328356
$modsec_secruleengine = 'On'
329-
$modsec_default_rules = [
330-
'base_rules/modsecurity_35_bad_robots.data',
331-
'base_rules/modsecurity_35_scanners.data',
332-
'base_rules/modsecurity_40_generic_attacks.data',
333-
'base_rules/modsecurity_50_outbound.data',
334-
'base_rules/modsecurity_50_outbound_malware.data',
335-
'base_rules/modsecurity_crs_20_protocol_violations.conf',
336-
'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
337-
'base_rules/modsecurity_crs_23_request_limits.conf',
338-
'base_rules/modsecurity_crs_30_http_policy.conf',
339-
'base_rules/modsecurity_crs_35_bad_robots.conf',
340-
'base_rules/modsecurity_crs_40_generic_attacks.conf',
341-
'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
342-
'base_rules/modsecurity_crs_41_xss_attacks.conf',
343-
'base_rules/modsecurity_crs_42_tight_security.conf',
344-
'base_rules/modsecurity_crs_45_trojans.conf',
345-
'base_rules/modsecurity_crs_47_common_exceptions.conf',
346-
'base_rules/modsecurity_crs_49_inbound_blocking.conf',
347-
'base_rules/modsecurity_crs_50_outbound.conf',
348-
'base_rules/modsecurity_crs_59_outbound_blocking.conf',
349-
'base_rules/modsecurity_crs_60_correlation.conf',
350-
]
357+
if $::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') >= 0 {
358+
$modsec_default_rules = [
359+
'crawlers-user-agents.data',
360+
'iis-errors.data',
361+
'java-code-leakages.data',
362+
'java-errors.data',
363+
'lfi-os-files.data',
364+
'php-config-directives.data',
365+
'php-errors.data',
366+
'php-function-names-933150.data',
367+
'php-function-names-933151.data',
368+
'php-variables.data',
369+
'restricted-files.data',
370+
'scanners-headers.data',
371+
'scanners-urls.data',
372+
'scanners-user-agents.data',
373+
'scripting-user-agents.data',
374+
'sql-errors.data',
375+
'sql-function-names.data',
376+
'unix-shell.data',
377+
'windows-powershell-commands.data',
378+
]
379+
} else {
380+
$modsec_default_rules = [
381+
'base_rules/modsecurity_35_bad_robots.data',
382+
'base_rules/modsecurity_35_scanners.data',
383+
'base_rules/modsecurity_40_generic_attacks.data',
384+
'base_rules/modsecurity_50_outbound.data',
385+
'base_rules/modsecurity_50_outbound_malware.data',
386+
'base_rules/modsecurity_crs_20_protocol_violations.conf',
387+
'base_rules/modsecurity_crs_21_protocol_anomalies.conf',
388+
'base_rules/modsecurity_crs_23_request_limits.conf',
389+
'base_rules/modsecurity_crs_30_http_policy.conf',
390+
'base_rules/modsecurity_crs_35_bad_robots.conf',
391+
'base_rules/modsecurity_crs_40_generic_attacks.conf',
392+
'base_rules/modsecurity_crs_41_sql_injection_attacks.conf',
393+
'base_rules/modsecurity_crs_41_xss_attacks.conf',
394+
'base_rules/modsecurity_crs_42_tight_security.conf',
395+
'base_rules/modsecurity_crs_45_trojans.conf',
396+
'base_rules/modsecurity_crs_47_common_exceptions.conf',
397+
'base_rules/modsecurity_crs_49_inbound_blocking.conf',
398+
'base_rules/modsecurity_crs_50_outbound.conf',
399+
'base_rules/modsecurity_crs_59_outbound_blocking.conf',
400+
'base_rules/modsecurity_crs_60_correlation.conf',
401+
]
402+
}
351403
$alias_icons_path = '/usr/share/apache2/icons'
352404
$error_documents_path = '/usr/share/apache2/error'
353405
if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '13.10') >= 0) or ($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '8') >= 0) {

metadata.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,8 @@
5151
{
5252
"operatingsystem": "Debian",
5353
"operatingsystemrelease": [
54-
"8"
54+
"8",
55+
"9"
5556
]
5657
},
5758
{

spec/acceptance/mod_dav_svn_spec.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
describe 'apache::mod::dav_svn class', unless: (fact('operatingsystem') == 'OracleLinux' && fact('operatingsystemmajrelease') == '7') do
55
authz_svn_load_file = case fact('osfamily')
66
when 'Debian'
7-
if fact('operatingsystemmajrelease') == '16.04'
7+
if fact('operatingsystemmajrelease') == '16.04' || fact('operatingsystemmajrelease') == '9'
88
'dav_svn_authz_svn.load'
99
else
1010
'authz_svn.load'

spec/acceptance/mod_passenger_spec.rb

Lines changed: 50 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,11 @@
2323
passenger_ruby = '/usr/bin/ruby'
2424
end
2525
when 'Debian'
26-
case fact('lsbdistcodename')
27-
when 'jessie'
26+
case fact('operatingsystemmajrelease')
27+
when '8'
28+
passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
29+
passenger_default_ruby = '/usr/bin/ruby'
30+
when '9'
2831
passenger_root = '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini'
2932
passenger_default_ruby = '/usr/bin/ruby'
3033
else
@@ -76,35 +79,35 @@
7679
when 'Debian'
7780
context 'passenger config with passenger_installed_version set' do
7881
pp_one = <<-MANIFEST
79-
class { 'apache': }
80-
class { 'apache::mod::passenger':
81-
passenger_installed_version => '4.0.0',
82-
passenger_instance_registry_dir => '/some/path/to/nowhere'
83-
}
82+
class { 'apache': }
83+
class { 'apache::mod::passenger':
84+
passenger_installed_version => '4.0.0',
85+
passenger_instance_registry_dir => '/some/path/to/nowhere'
86+
}
8487
MANIFEST
8588
it 'fails when an option is not valid for $passenger_installed_version' do
8689
apply_manifest(pp_one, expect_failures: true) do |r|
8790
expect(r.stderr).to match(%r{passenger_instance_registry_dir is not introduced until version 5.0.0})
8891
end
8992
end
9093
pp_two = <<-MANIFEST
91-
class { 'apache': }
92-
class { 'apache::mod::passenger':
93-
passenger_installed_version => '5.0.0',
94-
rails_autodetect => 'on'
95-
}
94+
class { 'apache': }
95+
class { 'apache::mod::passenger':
96+
passenger_installed_version => '5.0.0',
97+
rails_autodetect => 'on'
98+
}
9699
MANIFEST
97100
it 'fails when an option is removed' do
98101
apply_manifest(pp_two, expect_failures: true) do |r|
99102
expect(r.stderr).to match(%r{REMOVED PASSENGER OPTION})
100103
end
101104
end
102105
pp_three = <<-MANIFEST
103-
class { 'apache': }
104-
class { 'apache::mod::passenger':
105-
passenger_installed_version => '5.0.0',
106-
rails_ruby => '/some/path/to/ruby'
107-
}
106+
class { 'apache': }
107+
class { 'apache::mod::passenger':
108+
passenger_installed_version => '5.0.0',
109+
rails_ruby => '/some/path/to/ruby'
110+
}
108111
MANIFEST
109112
it 'warns when an option is deprecated' do
110113
apply_manifest(pp_three, catch_failures: true) do |r|
@@ -113,12 +116,23 @@ class { 'apache::mod::passenger':
113116
end
114117
end
115118
context 'default passenger config' do
116-
pp = <<-MANIFEST
117-
/* stock apache and mod_passenger */
118-
class { 'apache': }
119-
class { 'apache::mod::passenger': }
120-
#{pp_rackapp}
121-
MANIFEST
119+
pp = if ['7', '9', '16.04', '18.04'].include?(fact('operatingsystemmajrelease'))
120+
<<-MANIFEST
121+
/* stock apache and mod_passenger */
122+
class { 'apache': }
123+
class { 'apache::mod::passenger':
124+
passenger_instance_registry_dir => '/var/run',
125+
}
126+
#{pp_rackapp}
127+
MANIFEST
128+
else
129+
<<-MANIFEST
130+
/* stock apache and mod_passenger */
131+
class { 'apache': }
132+
class { 'apache::mod::passenger': }
133+
#{pp_rackapp}
134+
MANIFEST
135+
end
122136
it 'succeeds in puppeting passenger' do
123137
apply_manifest(pp, catch_failures: true)
124138
end
@@ -150,8 +164,11 @@ class { 'apache::mod::passenger': }
150164
it { is_expected.not_to contain '/PassengerDefaultRuby/' }
151165
end
152166
when 'Debian'
153-
case fact('lsbdistcodename')
154-
when 'jessie'
167+
case fact('operatingsystemmajrelease')
168+
when '8'
169+
it { is_expected.to contain %(PassengerDefaultRuby "#{passenger_default_ruby}") }
170+
it { is_expected.not_to contain '/PassengerRuby/' }
171+
when '9'
155172
it { is_expected.to contain %(PassengerDefaultRuby "#{passenger_default_ruby}") }
156173
it { is_expected.not_to contain '/PassengerRuby/' }
157174
else
@@ -173,7 +190,8 @@ class { 'apache::mod::passenger': }
173190
# these two lines
174191
unless (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04') ||
175192
(fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '16.04') ||
176-
(fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8')
193+
(fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') ||
194+
(fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
177195
expected_one << [%r{### Processes: [0-9]+}, %r{### Total private dirty RSS: [0-9\.]+ MB}]
178196
end
179197
it 'outputs status via passenger-memory-stats #stdout' do
@@ -193,27 +211,28 @@ class { 'apache::mod::passenger': }
193211
# even when the passenger process is successfully installed and running
194212
unless fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '12.04'
195213
it 'outputs status via passenger-status #General information' do
196-
shell('PATH=/usr/bin:$PATH /usr/sbin/passenger-status') do |r|
214+
shell('PATH=/usr/bin:$PATH PASSENGER_INSTANCE_REGISTRY_DIR=/var/run /usr/sbin/passenger-status') do |r|
197215
# spacing may vary
198216
expect(r.stdout).to match(%r{[\-]+ General information [\-]+})
199217
end
200218
end
201-
expected_two = if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04' ||
219+
expected_two = if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '14.04') ||
202220
(fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemrelease') == '16.04') ||
203-
fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8'
221+
(fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '8') ||
222+
(fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
204223
[%r{Max pool size[ ]+: [0-9]+}, %r{Processes[ ]+: [0-9]+}, %r{Requests in top-level queue[ ]+: [0-9]+}]
205224
else
206225
[%r{max[ ]+= [0-9]+}, %r{count[ ]+= [0-9]+}, %r{active[ ]+= [0-9]+}, %r{inactive[ ]+= [0-9]+}, %r{Waiting on global queue: [0-9]+}]
207226
end
208227
it 'outputs status via passenger-status #stdout' do
209-
shell('PATH=/usr/bin:$PATH /usr/sbin/passenger-status') do |r|
228+
shell('PATH=/usr/bin:$PATH PASSENGER_INSTANCE_REGISTRY_DIR=/var/run /usr/sbin/passenger-status') do |r|
210229
expected_two.each do |expect|
211230
expect(r.stdout).to match(expect)
212231
end
213232
end
214233
end
215234
it 'outputs status via passenger-status #exit_code' do
216-
shell('PATH=/usr/bin:$PATH /usr/sbin/passenger-status') do |r|
235+
shell('PATH=/usr/bin:$PATH PASSENGER_INSTANCE_REGISTRY_DIR=/var/run /usr/sbin/passenger-status') do |r|
217236
expect(r.exit_code).to eq(0)
218237
end
219238
end

spec/acceptance/mod_php_spec.rb

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,8 @@ class { 'apache::mod::php': }
3232
it { is_expected.to be_running }
3333
end
3434

35-
if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04'
35+
if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04') ||
36+
(fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
3637
describe file("#{$mod_dir}/php7.0.conf") do
3738
it { is_expected.to contain 'DirectoryIndex index.php' }
3839
end
@@ -120,7 +121,8 @@ class {'apache::mod::php':
120121
it 'succeeds in puppeting php' do
121122
apply_manifest(pp, catch_failures: true)
122123
end
123-
if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04'
124+
if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04') ||
125+
(fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
124126
describe file("#{$mod_dir}/php7.0.conf") do
125127
it { is_expected.to contain '# somecontent' }
126128
end
@@ -145,7 +147,8 @@ class {'apache::mod::php':
145147
apply_manifest(pp, catch_failures: true)
146148
end
147149

148-
if fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04'
150+
if (fact('operatingsystem') == 'Ubuntu' && fact('operatingsystemmajrelease') == '16.04') ||
151+
(fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
149152
describe file("#{$mod_dir}/php7.0.conf") do
150153
it { is_expected.to contain '# somecontent' }
151154
end

spec/acceptance/mod_security_spec.rb

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,8 @@ class { 'apache::mod::security': }
7575
end
7676
end
7777

78-
unless fact('operatingsystem') == 'SLES'
78+
unless fact('operatingsystem') == 'SLES' ||
79+
(fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
7980
it 'blocks query with SQL' do
8081
shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', acceptable_exit_codes: [22]
8182
end
@@ -114,7 +115,8 @@ class { 'apache::mod::security': }
114115
it { is_expected.to contain 'mod_security2.c' }
115116
end
116117

117-
unless fact('operatingsystem') == 'SLES'
118+
unless fact('operatingsystem') == 'SLES' ||
119+
(fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
118120
it 'blocks query with SQL' do
119121
shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', acceptable_exit_codes: [22]
120122
end
@@ -176,7 +178,8 @@ class { 'apache::mod::security': }
176178
it { is_expected.to contain 'mod_security2.c' }
177179
end
178180

179-
unless fact('operatingsystem') == 'SLES'
181+
unless fact('operatingsystem') == 'SLES' ||
182+
(fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
180183
it 'blocks query with SQL' do
181184
shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', acceptable_exit_codes: [22]
182185
end
@@ -242,7 +245,8 @@ class { 'apache::mod::security': }
242245
it { is_expected.to contain 'mod_security2.c' }
243246
end
244247

245-
unless fact('operatingsystem') == 'SLES'
248+
unless fact('operatingsystem') == 'SLES' ||
249+
(fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
246250
it 'blocks query with SQL' do
247251
shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', acceptable_exit_codes: [22]
248252
end
@@ -308,7 +312,8 @@ class { 'apache::mod::security': }
308312
it { is_expected.to contain 'mod_security2.c' }
309313
end
310314

311-
unless fact('operatingsystem') == 'SLES'
315+
unless fact('operatingsystem') == 'SLES' ||
316+
(fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
312317
it 'blocks query with SQL' do
313318
shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', acceptable_exit_codes: [22]
314319
end
@@ -374,7 +379,8 @@ class { 'apache::mod::security': }
374379
it { is_expected.to contain 'mod_security2.c' }
375380
end
376381

377-
unless fact('operatingsystem') == 'SLES'
382+
unless fact('operatingsystem') == 'SLES' ||
383+
(fact('operatingsystem') == 'Debian' && fact('operatingsystemmajrelease') == '9')
378384
it 'blocks query with SQL' do
379385
shell '/usr/bin/curl -A beaker -f modsec.example.com:80?SELECT%20*FROM%20mysql.users', acceptable_exit_codes: [22]
380386
end

0 commit comments

Comments
 (0)