Puppet Class: apache::mod::itk

Defined in:
manifests/mod/itk.pp

Summary

Installs MPM `mod_itk`.

Overview

Note:

Unsupported platforms: CentOS: 8; RedHat: 8, 9; SLES: all

Parameters:

  • startservers (Integer) (defaults to: 8)

    Number of child server processes created on startup.

  • minspareservers (Integer) (defaults to: 5)

    Minimum number of idle child server processes.

  • maxspareservers (Integer) (defaults to: 20)

    Maximum number of idle child server processes.

  • serverlimit (Integer) (defaults to: 256)

    Maximum configured value for ‘MaxRequestWorkers` for the lifetime of the Apache httpd process.

  • maxclients (Integer) (defaults to: 256)

    Limit on the number of simultaneous requests that will be served.

  • maxrequestsperchild (Integer) (defaults to: 4000)

    Limit on the number of connections that an individual child server process will handle.

  • enablecapabilities (Optional[Variant[Boolean, String]]) (defaults to: undef)

    Drop most root capabilities in the parent process, and instead run as the user given by the User/Group directives with some extra capabilities (in particular setuid). Somewhat more secure, but can cause problems when serving from filesystems that do not honor capabilities, such as NFS.

See Also:



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# File 'manifests/mod/itk.pp', line 29

class apache::mod::itk (
  Integer $startservers                                  = 8,
  Integer $minspareservers                               = 5,
  Integer $maxspareservers                               = 20,
  Integer $serverlimit                                   = 256,
  Integer $maxclients                                    = 256,
  Integer $maxrequestsperchild                           = 4000,
  Optional[Variant[Boolean, String]] $enablecapabilities = undef,
) {
  include apache

  if defined(Class['apache::mod::event']) {
    fail('May not include both apache::mod::itk and apache::mod::event on the same node')
  }
  if defined(Class['apache::mod::peruser']) {
    fail('May not include both apache::mod::itk and apache::mod::peruser on the same node')
  }
  # prefork is a requirement for itk in 2.4; except on FreeBSD and Gentoo, which are special
  if $facts['os']['family'] =~ /^(FreeBSD|Gentoo)/ {
    if defined(Class['apache::mod::prefork']) {
      fail('May not include both apache::mod::itk and apache::mod::prefork on the same node')
    }
  } else {
    if ! defined(Class['apache::mod::prefork']) {
      include apache::mod::prefork
    }
  }
  if defined(Class['apache::mod::worker']) {
    fail('May not include both apache::mod::itk and apache::mod::worker on the same node')
  }
  File {
    owner => 'root',
    group => $apache::params::root_group,
    mode  => $apache::file_mode,
  }

  # Template uses:
  # - $startservers
  # - $minspareservers
  # - $maxspareservers
  # - $serverlimit
  # - $maxclients
  # - $maxrequestsperchild
  $parameters = {
    'startservers'        => $startservers,
    'minspareservers'     => $minspareservers,
    'maxspareservers'     => $maxspareservers,
    'serverlimit'         => $serverlimit,
    'maxclients'          => $maxclients,
    'maxrequestsperchild' => $maxrequestsperchild,
    'enablecapabilities'  => $enablecapabilities,
  }

  file { "${apache::mod_dir}/itk.conf":
    ensure  => file,
    mode    => $apache::file_mode,
    content => epp('apache/mod/itk.conf.epp', $parameters),
    require => Exec["mkdir ${apache::mod_dir}"],
    before  => File[$apache::mod_dir],
    notify  => Class['apache::service'],
  }

  case $facts['os']['family'] {
    'RedHat': {
      package { 'httpd-itk':
        ensure => present,
      }
      ::apache::mpm { 'itk':
      }
    }
    'Debian', 'FreeBSD': {
      apache::mpm { 'itk':
      }
    }
    'Gentoo': {
      ::portage::makeconf { 'apache2_mpms':
        content => 'itk',
      }
    }
    default: {
      fail("Unsupported osfamily ${$facts['os']['family']}")
    }
  }
}