Merge branch 'apache_err_decoder'
diff --git a/apache/files/_locations.conf b/apache/files/_locations.conf
index d9bb74d..0c382d7 100644
--- a/apache/files/_locations.conf
+++ b/apache/files/_locations.conf
@@ -1,3 +1,10 @@
+{%- from "apache/map.jinja" import server with context -%}
+ {%- if site.robots is defined %}
+ <Location "/robots.txt">
+ SetHandler None
+ </Location>
+ Alias /robots.txt {{ server.www_dir }}/robots_{{ site.robots }}.txt
+ {%- endif %}
{%- if site.locations is defined %}
{%- for location in site.locations %}
diff --git a/apache/files/heka.toml b/apache/files/heka.toml
index 2000eec..c03fe17 100644
--- a/apache/files/heka.toml
+++ b/apache/files/heka.toml
@@ -51,9 +51,10 @@
user_agent_transform = true
log_format = '%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"'
-[Sandbox_apache_error]
+Sandbox_apache_error]
type = "SandboxDecoder"
filename = "lua_decoders/decoders/apache-error.lua"
[Sandbox_apache_error.config]
type = "apache_error"
+
diff --git a/apache/files/robots.txt b/apache/files/robots.txt
new file mode 100644
index 0000000..26c434a
--- /dev/null
+++ b/apache/files/robots.txt
@@ -0,0 +1,13 @@
+{%- set robots = salt['pillar.get']('apache:server:robots:'+robots_name) -%}
+{%- for robot, opts in robots.iteritems() -%}
+User-agent: {% if robot == 'all' %}*{% else %}{{ robot }}{% endif %}
+{%- if opts.disallow %}
+{%- for path in opts.disallow %}
+Disallow: {{ path }}
+{%- endfor %}
+{%- else %}
+Disallow:
+{%- endif %}
+{%- endfor %}
+
+{#- vim: syntax=jinja -#}
diff --git a/apache/files/stats.conf b/apache/files/stats.conf
index fd53e1d..0c7a6ef 100644
--- a/apache/files/stats.conf
+++ b/apache/files/stats.conf
@@ -5,7 +5,6 @@
{%- if 'status' in server.modules %}
- ExtendedStatus on
<Location /server-status>
SetHandler server-status
Order Deny,Allow
diff --git a/apache/map.jinja b/apache/map.jinja
index dde5d4f..8e9566c 100644
--- a/apache/map.jinja
+++ b/apache/map.jinja
@@ -13,7 +13,7 @@
'conf_dir': '/etc/apache2/conf-available',
'conf_ext': '.conf',
'log_dir': '/var/log/apache2',
- 'wwwdir': '/srv',
+ 'www_dir': '/var/www',
'service_user': 'www-data',
'service_group': 'www-data',
},
@@ -27,7 +27,7 @@
'conf_dir': '/etc/httpd/conf',
'conf_ext': '.conf',
'log_dir': '/var/log/httpd',
- 'wwwdir': '/srv',
+ 'www_dir': '/var/www',
'service_user': 'apache',
'service_group': 'apache',
},
diff --git a/apache/meta/iptables.yml b/apache/meta/iptables.yml
new file mode 100644
index 0000000..38295e6
--- /dev/null
+++ b/apache/meta/iptables.yml
@@ -0,0 +1,22 @@
+{%- from "apache/map.jinja" import server, listen_ports with context -%}
+iptables:
+ rules:
+{%- for port in listen_ports.iterkeys() %}
+ - destination_port: {{ port }}
+ protocol: tcp
+ jump: ACCEPT
+{%- endfor %}
+{%- if 443 not in listen_ports.keys() %}
+ - destination_port: 443
+ protocol: tcp
+ jump: ACCEPT
+{%- endif %}
+{%- if 80 not in listen_ports.keys() %}
+ - destination_port: 80
+ protocol: tcp
+ jump: ACCEPT
+{%- endif %}
+
+{#-
+vim: syntax=jinja
+-#}
diff --git a/apache/meta/sensu.yml b/apache/meta/sensu.yml
index f7a05da..b753932 100644
--- a/apache/meta/sensu.yml
+++ b/apache/meta/sensu.yml
@@ -1,8 +1,26 @@
{%- from "apache/map.jinja" import server with context -%}
check:
- local_nginx_server_proc:
+ local_apache_server_proc:
command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_procs -C apache2 -u root -c 1:1"
- interval: 60
+ interval: 30
+ occurrences: 3
+ subscribers:
+ - local-apache-server
+ local_apache_server:
+ command: "PATH=$PATH:/etc/sensu/plugins check_apache2.sh -H localhost -P {{ server.bind.get('ports', [80]).0 }} -t 3 -wr 100 -cr 250"
+ interval: 120
occurrences: 1
subscribers:
- - local-apache-server
\ No newline at end of file
+ - local-apache-server
+ {%- for site_name, site in server.get('site', {}).iteritems() %}
+ {%- if site.enabled %}
+ {%- if site.get('check', True) %}
+ remote_apache_server_http_{{ site.host.name }}_{{ site.host.get('port', '80') }}:
+ command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_http -H {{ site.host.name }} -p {% if site.host.port is defined %}{{ site.host.port }}{% else %}{% if site.ssl is defined %}443{% else %}80{% endif %}{% endif %} -w 5 -c 10{% if site.type != 'redirect' %} -f follow{% endif %}{% if site.get('ssl', {}).get('enabled', False) %} -S{% endif %}{% if site.auth is defined %} -e 'HTTP/1.1 401 Unauthorized'{% endif %}"
+ interval: 60
+ occurrences: 2
+ subscribers:
+ - remote-network
+ {%- endif %}
+ {%- endif %}
+ {%- endfor %}
diff --git a/apache/server/init.sls b/apache/server/init.sls
index 46d4d4f..797345b 100644
--- a/apache/server/init.sls
+++ b/apache/server/init.sls
@@ -2,3 +2,4 @@
- apache.server.service
- apache.server.site
- apache.server.users
+- apache.server.robots
diff --git a/apache/server/robots.sls b/apache/server/robots.sls
new file mode 100644
index 0000000..9001343
--- /dev/null
+++ b/apache/server/robots.sls
@@ -0,0 +1,14 @@
+{%- from "apache/map.jinja" import server with context %}
+{%- if server.enabled %}
+
+{%- for name, robots in server.get('robots', {}).iteritems() %}
+robots_{{ name }}:
+ file.managed:
+ - name: {{ server.www_dir }}/robots_{{ name }}.txt
+ - template: jinja
+ - source: salt://apache/files/robots.txt
+ - defaults:
+ robots_name: "{{ name }}"
+{%- endfor %}
+
+{%- endif %}
diff --git a/apache/server/service/init.sls b/apache/server/service/init.sls
index c7f43c1..319680c 100644
--- a/apache/server/service/init.sls
+++ b/apache/server/service/init.sls
@@ -1,8 +1,12 @@
{%- from "apache/map.jinja" import server with context %}
include:
+{%- if server.modules is defined %}
- apache.server.service.modules
+{%- endif %}
+{%- if server.mpm is defined %}
- apache.server.service.mpm
+{%- endif %}
{%- if server.enabled %}
diff --git a/metadata/service/support.yml b/metadata/service/support.yml
index cb80bf3..b830c0e 100644
--- a/metadata/service/support.yml
+++ b/metadata/service/support.yml
@@ -9,3 +9,5 @@
enabled: true
sphinx:
enabled: true
+ iptables:
+ enabled: true
diff --git a/tests/pillar/apache_server.sls b/tests/pillar/apache_server.sls
index da59713..fe53ffa 100644
--- a/tests/pillar/apache_server.sls
+++ b/tests/pillar/apache_server.sls
@@ -9,12 +9,18 @@
enabled: true
password: cloudlab
htpasswd: cloudlab.htpasswd
+ robots:
+ default:
+ all:
+ disallow:
+ - /
site:
roundcube:
enabled: true
type: static
name: roundcube
root: /usr/share/roundcube
+ robots: default
locations:
- uri: /admin
path: /usr/share/postfixadmin