Add possibility to manage server-status in the
mods-available/status.conf file
Change-Id: Ideec7840152c7afbbd11a98d8b106cf0afecd512
Related-Prod: PROD-25671
diff --git a/README.rst b/README.rst
index 82ac5d1..2f60808 100644
--- a/README.rst
+++ b/README.rst
@@ -485,6 +485,26 @@
enabled: True
status: 'disabled'
+Apache server-status management
+
+.. code-block:: yaml
+
+ apache:
+ server:
+ mods:
+ status:
+ enabled: True
+ status: 'enabled'
+ host:
+ address: 127.0.0.1
+ port: 80
+ allow:
+ localhost:
+ enabled: True
+ value: '127.0.0.0/255.0.0.0'
+ localhost_ipv6:
+ enabled: True
+ value: '::1/128'
Apache directories and modules management
diff --git a/apache/files/stats.conf b/apache/files/stats.conf
index 0c7a6ef..3a16374 100644
--- a/apache/files/stats.conf
+++ b/apache/files/stats.conf
@@ -1,17 +1,21 @@
{%- from "apache/map.jinja" import server with context %}
-<VirtualHost 127.0.0.1:80>
-
- ServerAdmin root@localhost
-
- {%- if 'status' in server.modules %}
-
+{%- if 'status' in server.mods.keys() %}
+{%- set _status = server.mods.status %}
+{%- set _address = _status.get('host', {}).get('address', '127.0.0.1') %}
+{%- set _port = _status.get('host', {}).get('port', 80) %}
+Listen {{ _address }}:{{ _port }}
+<VirtualHost {{ _address }}:{{ _port }}>
<Location /server-status>
SetHandler server-status
- Order Deny,Allow
- Deny from all
- Allow from 127.0.0.0/255.0.0.0 ::1/128
+ {%- if _status.get('host', {}).allow is defined %}
+ {%- for item_name, item in _status.host.allow.iteritems() %}
+ {%- if item.get('enabled', False) %}
+ Require ip {{ item.value }}
+ {%- endif %}
+ {%- endfor %}
+ {%- else %}
+ Require ip 127.0.0.0/255.0.0.0 ::1/128
+ {%- endif %}
</Location>
-
- {% endif %}
-
</VirtualHost>
+{% endif %}
diff --git a/apache/server/service/modules.sls b/apache/server/service/modules.sls
index 1e12078..066f572 100644
--- a/apache/server/service/modules.sls
+++ b/apache/server/service/modules.sls
@@ -81,9 +81,22 @@
{%- for _module, _params in server.mods.iteritems() %}
{%- if _params.enabled == true %}
+
+ {%- if _module == 'status' %}
+apache_mods_{{ _module }}_config:
+ file.managed:
+ - name: /etc/apache2/mods-available/status.conf
+ - source: salt://apache/files/stats.conf
+ - template: jinja
+ - require:
+ - pkg: apache_packages
+ - watch_in:
+ - service: apache_service
+ {%- endif %}
+
{%- if _params.status == 'enabled' %}
-apache_{{ _module }}_enable:
+apache_mods_{{ _module }}_enable:
cmd.run:
- name: "a2enmod {{ _module }} -q"
- creates: /etc/apache2/mods-enabled/{{ _module }}.load
@@ -94,7 +107,7 @@
{%- else %}
-apache_{{ _module }}_disable:
+apache_mods_{{ _module }}_disable:
cmd.run:
- name: "a2dismod {{ _module }} -q"
- require:
diff --git a/tests/pillar/server_php7_ssl.sls b/tests/pillar/server_php7_ssl.sls
index 55c8264..200eb3d 100644
--- a/tests/pillar/server_php7_ssl.sls
+++ b/tests/pillar/server_php7_ssl.sls
@@ -33,7 +33,17 @@
mods:
status:
enabled: True
- status: 'disabled'
+ status: 'enabled'
+ host:
+ address: '127.0.0.1'
+ port: '80'
+ allow:
+ localhost:
+ enabled: True
+ value: '127.0.0.0/255.0.0.0'
+ localhost_ipv6:
+ enabled: True
+ value: '::1/128'
module_php: php7.0
user:
cloudlab: