From 5211bdd72ba698de03cca6630f937b3cd0af5e6d Mon Sep 17 00:00:00 2001 From: "Adrien \"ze\" Urban" Date: Wed, 27 Jun 2018 17:06:56 +0000 Subject: [PATCH 1/3] vhosts/standard: allow user/group option Support for DocumentRootUser and DocumentRootGroup --- apache/vhosts/standard.sls | 6 ++++++ pillar.example | 2 ++ 2 files changed, 8 insertions(+) diff --git a/apache/vhosts/standard.sls b/apache/vhosts/standard.sls index 5ccd137..9b0f49c 100644 --- a/apache/vhosts/standard.sls +++ b/apache/vhosts/standard.sls @@ -27,6 +27,12 @@ include: - unless: test -d {{ documentroot }} - name: {{ documentroot }} - makedirs: True +{% if site.get('DocumentRootUser') %} + - user: {{ site.DocumentRootUser }} +{% endif %} +{% if site.get('DocumentRootGroup') %} + - group: {{ site.DocumentRootGroup }} +{% endif %} - allow_symlink: True {% endif %} diff --git a/pillar.example b/pillar.example index d14304f..9d8330b 100644 --- a/pillar.example +++ b/pillar.example @@ -71,6 +71,8 @@ apache: CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com + DocumentRootUser: www-data # Force user if specified, leave it default if not + DocumentRootGroup: www-data # Force group if specified, leave it default if not SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file From 2bae6fea1030cc735117bde734fd949a5965812a Mon Sep 17 00:00:00 2001 From: "Adrien \"ze\" Urban" Date: Wed, 27 Jun 2018 17:08:37 +0000 Subject: [PATCH 2/3] vhosts/standard: fix set user/group unless test -d on file.directory seems useless. --- apache/vhosts/standard.sls | 1 - 1 file changed, 1 deletion(-) diff --git a/apache/vhosts/standard.sls b/apache/vhosts/standard.sls index 9b0f49c..0480a26 100644 --- a/apache/vhosts/standard.sls +++ b/apache/vhosts/standard.sls @@ -24,7 +24,6 @@ include: {% if site.get('DocumentRoot') != False %} {{ id }}-documentroot: file.directory: - - unless: test -d {{ documentroot }} - name: {{ documentroot }} - makedirs: True {% if site.get('DocumentRootUser') %} From 37f8af4b3a9c7698a8f4e031b294b9f88245b951 Mon Sep 17 00:00:00 2001 From: "Adrien \"ze\" Urban" Date: Thu, 28 Jun 2018 13:26:01 +0000 Subject: [PATCH 3/3] vhosts/standard: rewrite, simplify code * No more if. * Allow lookup to set default value for all docroot * updated pillar.example --- apache/vhosts/standard.sls | 8 ++------ pillar.example | 9 +++++++-- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/apache/vhosts/standard.sls b/apache/vhosts/standard.sls index 0480a26..678f3de 100644 --- a/apache/vhosts/standard.sls +++ b/apache/vhosts/standard.sls @@ -26,12 +26,8 @@ include: file.directory: - name: {{ documentroot }} - makedirs: True -{% if site.get('DocumentRootUser') %} - - user: {{ site.DocumentRootUser }} -{% endif %} -{% if site.get('DocumentRootGroup') %} - - group: {{ site.DocumentRootGroup }} -{% endif %} + - user: {{ site.get('DocumentRootUser', apache.get('document_root_user'))|json }} + - group: {{ site.get('DocumentRootGroup', apache.get('document_root_group'))|json }} - allow_symlink: True {% endif %} diff --git a/pillar.example b/pillar.example index 9d8330b..5eb5cf2 100644 --- a/pillar.example +++ b/pillar.example @@ -26,6 +26,11 @@ apache: # Default value for AddDefaultCharset in RedHat configuration default_charset: 'UTF-8' + # Should we enforce DocumentRoot user/group? + # Default: do not enforce + document_root_user: www-data # Force user if specified, leave it default if not + document_root_group: null # Do not enforce group + global: # global apache directives AllowEncodedSlashes: 'On' @@ -71,8 +76,8 @@ apache: CustomLog: /path/to/logs/example.com-access.log # E.g.: /var/log/apache2/example.com-access.log DocumentRoot: /path/to/www/dir/example.com # E.g., /var/www/example.com - DocumentRootUser: www-data # Force user if specified, leave it default if not - DocumentRootGroup: www-data # Force group if specified, leave it default if not + DocumentRootUser: null # do not enforce user, defaults to lookup:document_root_user + DocumentRootGroup: www-data # Force group, defaults to lookup:document_root_group SSLCertificateFile: /etc/ssl/mycert.pem # if ssl is desired SSLCertificateKeyFile: /etc/ssl/mycert.pem.key # if key for cert is needed or in an extra file