LCFG apacheconf improvements

I know that the LCFG apacheconf component is one of the more widely used of the non-default components so I thought it worth summarising some recent changes.

  1. Groups support

    It’s now possible to manage simple apache groups through apacheconf resources like this:

    !apacheconf.groups mADD(admins)
    !apacheconf.members_admins mSET(user1 user2 user3)
    

    By default these are stored in the file /etc/httpd/lcfg.groups.d/general but that can be changed on a per-group basis. Within your apache configuration this can then be used like this:

    AuthGroupFile "/etc/httpd/lcfg.groups.d/general"
    Require group "admins"
    

    Of course, the authz_groupfile module needs to be enabled, that’s the default on EL7.

  2. sysconfig support

    Occasionally it is necessary to set extra environment variables before starting apache. This is best done through the /etc/sysconfig/httpd file. Previously the name of the template for this file was hardwired in the component code so that it was not possible to generate truly site-local config. There is now an apacheconf.sysconfig_tmpl resource which can be used to switch the template name.

  3. virtualhosts with multiple addresses

    The support for virtualhosts which listen on multiple explicit addresses has been improved. This is where the virtualhost block
    starts like:

    <VirtualHost 192.168.1.1:443 192.168.1.2:443>
      ...
    </VirtualHost>
    

    Previously, due to a bug in the template, the default port (from the apacheconf.vhostaddr_tag resource) was only applied to the final address in the list. Further to this, if any of the addresses have an explicit port which differs from the default for the vhost it will now be honoured.

  4. template paths

    For convenience, all template paths specified through resources may now be expressed as relative paths (e.g. sysconfig.tmpl), there’s no need to know where they are stored in the local filesystem.

  5. nagios translator

    I believe this is only used by Informatics. I’ve improved the way the IP address for monitoring each vhost is selected. This fixes a couple of peculiar problems we’ve been seeing with nagios that meant the host problems were permanently acked. I’ve also added IPv6 support although it’s not clear what the nagios checks would do with such addresses. There’s still room for improvement here but that will require a more extensive refactoring of the code.

Comments are closed.