From yaakov.nemoy at ergo-project.org Thu May 20 12:55:24 2010 From: yaakov.nemoy at ergo-project.org (Yaakov M. Nemoy) Date: Thu, 20 May 2010 12:55:24 +0200 Subject: Some patches for the webserver module Message-ID: <20100520105524.GA30705@koan.hexago.nl> Hey All, Attached are some patches we've discussed for the webserver module. These patches change the API so i'm not ready to push it straight to development branch yet. The API change is simple: webserver::module::enable{"mod_foo"} => webserver::module{"mod_foo": enable => true } It fixes it up this way so that we don't break inheritance. -Yaakov From loupgaroublond at gmail.com Thu May 20 11:38:03 2010 From: loupgaroublond at gmail.com (Yaakov M. Nemoy) Date: Thu, 20 May 2010 11:38:03 +0200 Subject: [PATCH 5/6] Create a minimal profile that we need in the UMC Message-ID: --- manifests/init.pp | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 86 insertions(+), 0 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 05311d0..a7549df 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -184,6 +184,92 @@ class webserver { } } + class minimal inherits webserver { + webserver::module {["mod_actions", + "mod_autoindex", + "mod_auth_digest", + "mod_auth_basic", + "mod_authn_file", + "mod_authn_alias", + "mod_authn_anon", + "mod_authn_dbm", + "mod_authn_default", + "mod_authnz_ldap", + "mod_authz_user", + "mod_authz_owner", + "mod_authz_groupfile", + "mod_authz_dbm", + "mod_authz_default", + "mod_cache", + "mod_cgi", + "mod_dav", + "mod_dav_fs", + "mod_dir", + "mod_deflate", + "mod_disk_cache", + "mod_expires", + "mod_ext_filter", + "mod_headers", + "mod_include", + "mod_info", + "mod_ldap", + "mod_logio", + "mod_file_cache", + "mod_mime_magic", + "mod_negotiation", + "mod_proxy", + "mod_proxy_connect", + "mod_proxy_ftp", + "mod_proxy_http", + "mod_proxy_ajp", + "mod_proxy_balancer", + "mod_rewrite", + "mod_speling", + "mod_status", + "mod_suexec", + "mod_userdir", + "mod_usertrack", + "mod_vhost_alias", + "mod_annodex", + "mod_auth_kerb", + "mod_auth_mysql", + "mod_auth_ntlm_winbind", + "mod_auth_pam", + "mod_auth_pgsql", + "mod_auth_shadow", + "mod_authz_ldap", + "mod_bw", + "mod_cband", + "mod_dav_svn", + "mod_dnssd", + "mod_evasive", + "mod_extract_forwarded", + "mod_fcgid", + "mod_fcgid-selinux", + "mod_geoip", + "mod_line_edit", + "mod_mono", + "mod_nss", + "mod_perl", + "mod_perl-devel", + "mod_python", + "mod_revocator", + "mod_security", + "mod_speedycgi", + "mod_ssl", + "mod_suphp", + "mod_wsgi", + ]: enable => false + } + webserver::module {["mod_authz_host", + "mod_mime", + "mod_setenvif", + "mod_log_config", + ]: + enable => true + } + } + ## ## Different types of "modules" ## -- 1.6.6.1 --wac7ysb48OaltWcw Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="0001-Replaces-module-class-with-module-definition.patch" From loupgaroublond at gmail.com Wed May 19 15:48:38 2010 From: loupgaroublond at gmail.com (Yaakov M. Nemoy) Date: Wed, 19 May 2010 15:48:38 +0200 Subject: [PATCH 1/6] Replaces module class with module definition Message-ID: --- manifests/init.pp | 86 ++++++++++++++++------------------------------------ 1 files changed, 27 insertions(+), 59 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index a3ca4ae..40162c8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -412,70 +412,38 @@ class webserver { realize(Package["httpd"], Module_application["phpMyAdmin"]) } - class module inherits webserver { - # - # You might call on the same webserver::module enable() or disable() - # more then once, from other modules for example. - # - # This is why these types are types, and first check whether something - # has already been defined (and then toggle the appropriate attribute). - # - # Additionally, it let's you re-enable a disabled module. - # - - define enable() { - if defined(Webserver::Module_stock["$name"]) { - realize(Webserver::Module_stock["$name"]) - } - - if defined(Webserver::Module_package["$name"]) { - realize(Webserver::Module_package["$name"]) - } - - if defined(Webserver::Module_application["$name"]) { - realize(Webserver::Module_application["$name"]) - } - - case $name { - "mod_security": { - file { "/etc/httpd/modsecurity.d/": - ensure => directory, - source => [ - "puppet://$server/private/$environment/webserver/modsecurity.d/", - "puppet://$server/files/webserver/modsecurity.d/", - "puppet://$server/webserver/modsecurity.d/" - ], - recurse => true, - purge => false, - notify => Service["httpd"] - } - } - } + define module($enable = false) { + if defined(Webserver::Module_stock["$name"]) { + realize(Webserver::Module_stock["$name"]) + Webserver::Module_stock["$name"] { enable => $enable} } - define disable() { - if defined(Webserver::Module_stock["$name"]) { - Webserver::Module_stock["$name"] { - enable => false - } - - realize(Webserver::Module_stock["$name"]) - } - - if defined(Webserver::Module_package["$name"]) { - Webserver::Module_package["$name"] { - enable => false - } + if defined(Webserver::Module_package["$name"]) { + realize(Webserver::Module_package["$name"]) + Webserver::Module_package["$name"] { enable => $enable} + } - realize(Webserver::Module_package["$name"]) - } + if defined(Webserver::Module_application["$name"]) { + realize(Webserver::Module_application["$name"]) + Webserver::Module_application["$name"] { enable => $enable} + } - if defined(Webserver::Module_application["$name"]) { - Webserver::Module_application["$name"] { - enable => false + case $name { + "mod_security": { + file { "/etc/httpd/modsecurity.d/": + ensure => $enable ? { + true => directory, + false => false + }, + source => [ + "puppet://$server/files/private/webserver/modsecurity.d/", + "puppet://$server/files/webserver/modsecurity.d/", + "puppet://$server/webserver/modsecurity.d/" + ], + recurse => true, + purge => false, + notify => Service["httpd"] } - - realize(Webserver::Module_application["$name"]) } } } -- 1.6.6.1 --wac7ysb48OaltWcw Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="0004-Create-a-standard-webserver-profile.patch" From loupgaroublond at gmail.com Thu May 20 11:33:06 2010 From: loupgaroublond at gmail.com (Yaakov M. Nemoy) Date: Thu, 20 May 2010 11:33:06 +0200 Subject: [PATCH 4/6] Create a standard webserver profile Message-ID: --- manifests/init.pp | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 72 insertions(+), 0 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index c7d1a00..05311d0 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -112,6 +112,78 @@ class webserver { module { "phpMyAdmin": enable => true } } + class standard inherits webserver { + module { ["mod_actions", + "mod_alias", + "mod_asis", + "mod_auth_basic", + "mod_auth_digest", + "mod_authn_alias", + "mod_authn_anon", + "mod_authn_dbd", + "mod_authn_dbm", + "mod_authn_default", + "mod_authn_file", + "mod_authnz_ldap", + "mod_authz_dbm", + "mod_authz_default", + "mod_authz_groupfile", + "mod_authz_host", + "mod_authz_owner", + "mod_authz_user", + "mod_autoindex", + "mod_cache", + "mod_cern_meta", + "mod_cgi", + "mod_cgid", + "mod_dav", + "mod_dav_fs", + "mod_dbd", + "mod_deflate", + "mod_dir", + "mod_disk_cache", + "mod_dumpio", + "mod_env", + "mod_expires", + "mod_ext_filter", + "mod_file_cache", + "mod_filter", + "mod_headers", + "mod_ident", + "mod_imagemap", + "mod_include", + "mod_info", + "mod_ldap", + "mod_log_config", + "mod_log_forensic", + "mod_logio", + "mod_mem_cache", + "mod_mime", + "mod_mime_magic", + "mod_negotiation", + "mod_proxy", + "mod_proxy_ajp", + "mod_proxy_balancer", + "mod_proxy_connect", + "mod_proxy_ftp", + "mod_proxy_http", + "mod_rewrite", + "mod_setenvif", + "mod_speling", + "mod_status", + "mod_substitute", + "mod_suexec", + "mod_unique_id", + "mod_userdir", + "mod_usertrack", + "mod_version", + "mod_vhost_alias", + "mod_actions", + ]: + enable => true + } + } + ## ## Different types of "modules" ## -- 1.6.6.1 --wac7ysb48OaltWcw Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="0003-Replaces-some-subclasses-with-more-sensical-usage-of.patch" From loupgaroublond at gmail.com Thu May 20 11:23:41 2010 From: loupgaroublond at gmail.com (Yaakov M. Nemoy) Date: Thu, 20 May 2010 11:23:41 +0200 Subject: [PATCH 3/6] Replaces some subclasses with more sensical usage of module Message-ID: --- manifests/init.pp | 66 +++++++++------------------------------------------- 1 files changed, 12 insertions(+), 54 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 942d7ab..c7d1a00 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -88,70 +88,28 @@ class webserver { ) class ssl inherits webserver { - realize(Package["httpd"],Service["httpd"]) - - if defined(Module_package["mod_ssl"]) { - Module_package["mod_ssl"] { - enable => true - } - } else { - @module_package { "mod_ssl": - enable => true - } - } - - realize(Module_package["mod_ssl"]) + module { "mod_ssl": enable => true } } - class mod_dav_svn { - if defined(Module["mod_dav_svn"]) { - Module["mod_dav_svn"] { - enable => true - } - } else { - @module { "mod_dav_svn": - enable => true - } - } - - realize(Module["mod_dav_svn"]) - - if defined(Module["mod_dav"]) { - Module["mod_dav"] { - enable => true - } - } else { - @module { "mod_dav": - enable => true - } + class mod_dav_svn inherits webserver { + module { ["mod_dav_svn", + "mod_dav" + ]: + enable => true } - - realize(Module["mod_dav"]) } class mod_python inherits webserver { - realize(Package["httpd"],Service["httpd"]) - - if defined(Module_package["mod_python"]) { - Module_package["mod_python"] { - enable => true - } - } else { - @module_package { "mod_python": - enable => true - } - } - - realize(Module_package["mod_python"]) + module { "mod_python": enable => true } } - class php { - realize(Package["httpd"], Module_application["php"]) + class php inherits webserver { + module { "php": enable => true } } - class phpMyAdmin { + class phpMyAdmin inherits webserver { include php - realize(Package["httpd"], Module_application["phpMyAdmin"]) + module { "phpMyAdmin": enable => true } } ## @@ -183,7 +141,7 @@ class webserver { ## node 'node1.example.org' { ## include webserver ## - ## webserver::module {"mod_python": enable => true } + ## webserver::module { "mod_python": enable => true } ## } ## -- 1.6.6.1 --wac7ysb48OaltWcw Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="0002-Fixes-the-modules-so-there-is-a-single-define-for-al.patch" From loupgaroublond at gmail.com Thu May 20 11:08:01 2010 From: loupgaroublond at gmail.com (Yaakov M. Nemoy) Date: Thu, 20 May 2010 11:08:01 +0200 Subject: [PATCH 2/6] Fixes the modules so there is a single define for all modules that does the right thing no matter what Message-ID: You can see that this changes the API for modules, but it makes it more uniform with the way we think about defined resources anyways. This fixes some severe issues we had trying to disable modules to create a minimal profile for apache. Because of how inheritance works, the old system could not override settings via the definitions. This allows inheritance to work as it should --- manifests/init.pp | 312 +++++++++++++++++++++++++---------------------------- 1 files changed, 145 insertions(+), 167 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 40162c8..942d7ab 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -82,6 +82,78 @@ class webserver { notify => Service["httpd"] } + realize( + Package["httpd"], + Service["httpd"] + ) + + class ssl inherits webserver { + realize(Package["httpd"],Service["httpd"]) + + if defined(Module_package["mod_ssl"]) { + Module_package["mod_ssl"] { + enable => true + } + } else { + @module_package { "mod_ssl": + enable => true + } + } + + realize(Module_package["mod_ssl"]) + } + + class mod_dav_svn { + if defined(Module["mod_dav_svn"]) { + Module["mod_dav_svn"] { + enable => true + } + } else { + @module { "mod_dav_svn": + enable => true + } + } + + realize(Module["mod_dav_svn"]) + + if defined(Module["mod_dav"]) { + Module["mod_dav"] { + enable => true + } + } else { + @module { "mod_dav": + enable => true + } + } + + realize(Module["mod_dav"]) + } + + class mod_python inherits webserver { + realize(Package["httpd"],Service["httpd"]) + + if defined(Module_package["mod_python"]) { + Module_package["mod_python"] { + enable => true + } + } else { + @module_package { "mod_python": + enable => true + } + } + + realize(Module_package["mod_python"]) + } + + class php { + realize(Package["httpd"], Module_application["php"]) + } + + class phpMyAdmin { + include php + realize(Package["httpd"], Module_application["phpMyAdmin"]) + } + ## ## Different types of "modules" ## @@ -111,14 +183,14 @@ class webserver { ## node 'node1.example.org' { ## include webserver ## - ## webserver::module::enable { ["mod_python"] } + ## webserver::module {"mod_python": enable => true } ## } ## - # Get the list of available modules to httpd with: - # yum list | grep ^mod_ | cut -d'.' -f 1 | sort - # - @module_package { [ + define module($enable = false) { + case $name { + # Get the list of available modules to httpd with: + # yum list | grep ^mod_ | cut -d'.' -f 1 | sort "mod_annodex", "mod_auth_kerb", "mod_auth_mysql", @@ -147,25 +219,21 @@ class webserver { "mod_speedycgi", "mod_ssl", "mod_suphp", - "mod_wsgi" - ]: - enable => true - } - - # These modules include the version number in their configuration, - # so these are templates. - @module_package { "mod_passenger": - enable => true, - template => "module_mod_passenger.erb" - } - - @module_package { "php": - enable => true, - template => "module_php.erb" - } + "mod_wsgi": { webserver::module_package{"$name": + enable => $enable, + } + } + # These modules include the version number in their configuration, + # so these are templates. + "mod_passenger", + "php": { + webserver::module_package { "$name": + enable => $enable, + templates => "module_$name.erb", + } + } - # These modules are *not* available on <= EL-4 - module_stock { [ + # These modules are *not* available on <= EL-4 "mod_auth_basic", "mod_authn_file", "mod_authn_alias", @@ -180,43 +248,42 @@ class webserver { "mod_authz_dbm", "mod_authz_default", "mod_proxy_ajp", - "mod_proxy_balancer" - ]: - enable => $os ? { - "CentOS" => $osmajorver ? { - "4" => false, - default => true - }, - "RedHat" => $osmajorver ? { - "4" => false, - default => true - }, - default => true - } - } + "mod_proxy_balancer": { + webserver::module_stock { "$name": + enable => $os ? { + "CentOS" => $osmajorver ? { + "4" => false, + default => $enable + }, + "RedHat" => $osmajorver ? { + "4" => false, + default => $enable + }, + default => $enable + } + } + } - # These modules are only available on EL-4 - module_stock { [ + # These modules are only available on EL-4 "mod_access", "mod_auth_anon", "mod_auth_dbm", - "mod_auth_ldap" - ]: - enable => $os ? { - "CentOS" => $osmajorver ? { - "4" => true, - default => false - }, - "RedHat" => $osmajorver ? { - "4" => true, - default => false - }, - default => false - } - } + "mod_auth_ldap": { + module_stock { "$name": + enable => $os ? { + "CentOS" => $osmajorver ? { + "4" => $enable, + default => false + }, + "RedHat" => $osmajorver ? { + "4" => $enable, + default => false + }, + default => false + } + } + } - module_stock { [ - "mod_actions", "mod_alias", "mod_autoindex", "mod_auth_digest", @@ -250,29 +317,28 @@ class webserver { "mod_suexec", "mod_userdir", "mod_usertrack", - "mod_vhost_alias" - ]: - enable => true - } + "mod_vhost_alias": { + module_stock { "$name": + enable => $enable + } + } - module_stock { [ "mod_file_cache", - "mod_mem_cache" - ]: - enable => $os ? { - "Fedora" => $osmajorver ? { - "10" => true, - "9" => true, - default => false - }, - default => true - } - } + "mod_mem_cache": { + module_stock { "$name": + enable => $os ? { + "Fedora" => $osmajorver ? { + "10" => $enable, + "9" => $enable, + default => false + }, + default => true + } + } + } - # Get the list of available webapps with: - # repoquery --queryformat="%{NAME}\n" --whatprovides "/etc/httpd/conf.d/*" | grep -vE "(^$|^mod)" | sort | uniq - # - @module_application { [ + # Get the list of available webapps with: + # repoquery --queryformat="%{NAME}\n" --whatprovides "/etc/httpd/conf.d/*" | grep -vE "(^$|^mod)" | sort | uniq "apcupsd-cgi", "awstats", "BackupPC", @@ -335,99 +401,12 @@ class webserver { "wordpress", "wordtrans-web", "zabbix-web", - "zoneminder" - ]: - enable => true - } - - realize( - Package["httpd"], - Service["httpd"] - ) - - class ssl inherits webserver { - realize(Package["httpd"],Service["httpd"]) - - if defined(Module_package["mod_ssl"]) { - Module_package["mod_ssl"] { - enable => true - } - } else { - @module_package { "mod_ssl": - enable => true - } - } - - realize(Module_package["mod_ssl"]) - } - - class mod_dav_svn { - if defined(Module["mod_dav_svn"]) { - Module["mod_dav_svn"] { - enable => true - } - } else { - @module { "mod_dav_svn": - enable => true - } - } - - realize(Module["mod_dav_svn"]) - - if defined(Module["mod_dav"]) { - Module["mod_dav"] { - enable => true - } - } else { - @module { "mod_dav": - enable => true - } - } - - realize(Module["mod_dav"]) - } - - class mod_python inherits webserver { - realize(Package["httpd"],Service["httpd"]) - - if defined(Module_package["mod_python"]) { - Module_package["mod_python"] { - enable => true - } - } else { - @module_package { "mod_python": - enable => true + "zoneminder": { + module_application { "$name": + enable => $enable + } } } - - realize(Module_package["mod_python"]) - } - - class php { - realize(Package["httpd"], Module_application["php"]) - } - - class phpMyAdmin { - include php - realize(Package["httpd"], Module_application["phpMyAdmin"]) - } - - define module($enable = false) { - if defined(Webserver::Module_stock["$name"]) { - realize(Webserver::Module_stock["$name"]) - Webserver::Module_stock["$name"] { enable => $enable} - } - - if defined(Webserver::Module_package["$name"]) { - realize(Webserver::Module_package["$name"]) - Webserver::Module_package["$name"] { enable => $enable} - } - - if defined(Webserver::Module_application["$name"]) { - realize(Webserver::Module_application["$name"]) - Webserver::Module_application["$name"] { enable => $enable} - } - case $name { "mod_security": { file { "/etc/httpd/modsecurity.d/": @@ -447,7 +426,6 @@ class webserver { } } } - define virtualhost( $enable = true, $certificate = false, $template = false, -- 1.6.6.1 --wac7ysb48OaltWcw Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="0006-Switches-over-the-premade-profiles-to-use-the-standa.patch" From loupgaroublond at gmail.com Thu May 20 12:48:53 2010 From: loupgaroublond at gmail.com (Yaakov M. Nemoy) Date: Thu, 20 May 2010 12:48:53 +0200 Subject: [PATCH 6/6] Switches over the premade profiles to use the standard bloated webserver ipv the non functioning base class Message-ID: --- manifests/init.pp | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index a7549df..bda7e59 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -87,11 +87,11 @@ class webserver { Service["httpd"] ) - class ssl inherits webserver { + class ssl inherits webserver::standard { module { "mod_ssl": enable => true } } - class mod_dav_svn inherits webserver { + class mod_dav_svn inherits webserver::standard { module { ["mod_dav_svn", "mod_dav" ]: @@ -99,15 +99,15 @@ class webserver { } } - class mod_python inherits webserver { + class mod_python inherits webserver::standard { module { "mod_python": enable => true } } - class php inherits webserver { + class php inherits webserver::standard { module { "php": enable => true } } - class phpMyAdmin inherits webserver { + class phpMyAdmin inherits webserver::standard { include php module { "phpMyAdmin": enable => true } } -- 1.6.6.1 --wac7ysb48OaltWcw-- From kanarip at kanarip.com Fri May 21 12:14:04 2010 From: kanarip at kanarip.com (Jeroen van Meeuwen) Date: Fri, 21 May 2010 12:14:04 +0200 Subject: Some patches for the webserver module In-Reply-To: <20100520105524.GA30705@koan.hexago.nl> References: <20100520105524.GA30705@koan.hexago.nl> Message-ID: <201005211214.04775.kanarip@kanarip.com> Yaakov M. Nemoy wrote: > Hey All, > > Attached are some patches we've discussed for the webserver > module. These patches change the API so i'm not ready to push it > straight to development branch yet. > > The API change is simple: > > webserver::module::enable{"mod_foo"} => webserver::module{"mod_foo": > enable => true } > > It fixes it up this way so that we don't break inheritance. > I like the way it's going. FWIW, these patches are going to attack the problems we had with disabling one or more modules from the enabled-by-default list of modules. The use-case is a minimally bloated webserver. You mentioned one problem with mod_security that I would like to figure out before we commit this to mainstream/development, but please feel free to push a separate branch upstream. I would also like to have confirmed the following scenario: - Start out with a minimal webserver, but then - (re-)enable one or two modules This should be possible, provided the current patches, no? -- Jeroen From yaakov.nemoy at ergo-project.org Fri May 21 12:48:52 2010 From: yaakov.nemoy at ergo-project.org (Yaakov M. Nemoy) Date: Fri, 21 May 2010 12:48:52 +0200 Subject: Some patches for the webserver module In-Reply-To: <201005211214.04775.kanarip@kanarip.com> References: <20100520105524.GA30705@koan.hexago.nl> <201005211214.04775.kanarip@kanarip.com> Message-ID: <20100521104852.GA25229@koan.hexago.nl> On Fri, May 21, 2010 at 12:14:04PM +0200, Jeroen van Meeuwen wrote: > Yaakov M. Nemoy wrote: > > Hey All, > > > > Attached are some patches we've discussed for the webserver > > module. These patches change the API so i'm not ready to push it > > straight to development branch yet. > > > > The API change is simple: > > > > webserver::module::enable{"mod_foo"} => webserver::module{"mod_foo": > > enable => true } > > > > It fixes it up this way so that we don't break inheritance. > > > > I like the way it's going. > > FWIW, these patches are going to attack the problems we had with disabling one > or more modules from the enabled-by-default list of modules. The use-case is a > minimally bloated webserver. That's exactly what i'm trying to solve. > You mentioned one problem with mod_security that I would like to figure out > before we commit this to mainstream/development, but please feel free to push > a separate branch upstream. Like i said, this is a bug in puppet as far as i can see. I'll push my workaround into a seperate branch, if i have write access. > I would also like to have confirmed the following scenario: > > - Start out with a minimal webserver, but then > - (re-)enable one or two modules Confirmed. But YMMV so do your own tests on your own infrastructure. (Which you should always do anyways.) -Yaakov From kanarip at kanarip.com Fri May 21 14:45:38 2010 From: kanarip at kanarip.com (Jeroen van Meeuwen) Date: Fri, 21 May 2010 14:45:38 +0200 Subject: Some patches for the webserver module In-Reply-To: <20100521104852.GA25229@koan.hexago.nl> References: <20100520105524.GA30705@koan.hexago.nl> <201005211214.04775.kanarip@kanarip.com> <20100521104852.GA25229@koan.hexago.nl> Message-ID: <201005211445.38787.kanarip@kanarip.com> Yaakov M. Nemoy wrote: > On Fri, May 21, 2010 at 12:14:04PM +0200, Jeroen van Meeuwen wrote: > > FWIW, these patches are going to attack the problems we had with disabling one > > or more modules from the enabled-by-default list of modules. The use-case is a > > minimally bloated webserver. > > That's exactly what i'm trying to solve. > Right, I was just trying to explain to any other reader ;-) > > You mentioned one problem with mod_security that I would like to figure out > > before we commit this to mainstream/development, but please feel free to push > > a separate branch upstream. > > Like i said, this is a bug in puppet as far as i can see. I'll push my > workaround into a seperate branch, if i have write access. > Afaik, you do have write access. If not, let me know. > > I would also like to have confirmed the following scenario: > > > > - Start out with a minimal webserver, but then > > - (re-)enable one or two modules > > Confirmed. But YMMV so do your own tests on your own > infrastructure. (Which you should always do anyways.) > Sure, I do not have a solid test environment though. It's merely my own infrastructure that runs in the development branch ;-) -- Jeroen