apacheconf - The LCFG apacheconf component
This component aims to permit configuration of the Apache daemon in a more flexible fashion than the current 'apache' component. It does so by taking resources from LCFG, along with configuration fragments produced by other components, and combining them all together to produce a configuration for the server.
There are a number of ways in which it can be used, allowing for differing levels of flexibility and effort, and differing levels of effort from the user!
The simplest mechanism is to use this component to control the entire server configuration. Within this model, configuration parameters may be set using the resources listed below. Resources not supported by the component may be added using the various verbatim resources, as documented below. Once the basic resources are specified, a given virtual host may be specified by using the vhosts list. Within this list, configuration directives for that particular host may be specified by using the vhostverbatim element of the vhost list.
If all of that hard coding of configuration starts to prove too complex, the component will permit the use of configuration file snippets. To use these, the configfiles resource may be set for those files to be included at the top level, with the vhostfile element of the vhost list permitting the inclusion of files as part of a virtual host's definition. These files are included as read off disk - no further parsing will be performed by this component.
The component records the md5sums of all recorded files, and will only restart Apache in response to a configure event if the configuration has actually changed. This allows these configuration files to be provided by other components, which may call om apacheconf.configure whenever they update a configuration file.
Resources for this component are split into two sections. The first, are general resources which will be used by every instance of this service. The second are SSL specific resources which will only be used if the server being configured supports SSL.
The Apache version compatibility required for the generated configuration files. The default value is 1.3.
The path to the httpd to run
What to set the LANG environment variable to before starting the httpd.
The type of server being configured. Typically this will be set to 'standalone' for Apache 1.3 servers, and left blank for Apache 2.0 systems
The location of the root of the server. Typically, this will be /etc/httpd-lcfg, although it may be elsewhere on the system. The component will ensure that the directories conf, conf.d and logs exist within this directory.
Note that changing the serverroot may confuse RPMs and components which expect to be able to put configuration fragments into the server root.
The location of the /etc/sysconfig/ file which is used to modify the behaviour of the apachectl command.
A boolean value specifying whether to start SSL portions of the web service or not. Note that if this is false, this component will not process any SSL specific resources.
The location that the servers pid should be written to
The directory in which Apache's loadable modules are stored.
A list of loadable modules to include, in the order in which they must appear in the configuration. Note that the component does _no_ post-processing of this list so, for example, if you are enabling SSL support it is your responsibility to ensure that mod_ssl is listed.
The name of the loadable module, as would appear on the left hand side of an apache LoadModule directive
The location of the object file for this loadable module, as would appear on the right hand side of an apache LoadModule directive. Note that the contents of the modulepath resource is prepended to this.
The port to listen to as standard. Additional ports are determined from the list of virtual hosts configured on this machine. This will typically be '80'. Note that this configuration option was removed in Apache 2, it only has a meaning for Apache 1.3 and older.
The user to run Apache as. Note that this is a global setting, so all virtual hosts will run with this setting
The group to run Apache as, with the same caveats as user
The administrator of the server
The name of the default instance of this server.
The root of the document tree for the default instance of this server.
The location of a mime.types file for the server
The default MIME type to serve pages as
The level at which to log error and debug messages. Equivalent to the Apache LogLevel directive.
The location of the error log file for the default host
The location of the access log file for the default host
The type of logging to perform for the default host. These are defined through Apache LogFormat directives in the template configuration file. The default template supports 'combined', 'common', 'referer', and 'agent'
When this is set, the configuration file will include a section denying access to .htaccess (or any other file beginning .ht*). Unsetting this prevents this section from being included in the server configuration.
A space-separated list of configuration files to be included into the configuration file. These are referenced by means of the Apache Include directive. If the file is a basename, it will be included relative to the conf.d directory in the configured serverroot.
A list of keys for configuration lines to be placed verbatim into the configuration file
The configuration line to be output for a given key.
A list of keys for the set of virtual hosts to be supported by this Apache instance.
The server name for this virtual host
A space-separated list of aliases for this virtual host. These are alternate names for a host which are used with name-based virtual hosts.
The address of this virtual host. If unset, this will default to be the same as the vhostname_key
The port that this virtual host is running on. This defaults to 80 if vhostssl_key is false, and to 443 if vhostssl_key is true. Note that the Apache Listen directive will be created from the set of all configured ports - there is no need to manually configure this directive!
Set to true if this virtual host is an ipbased one, and therefore should not appear in the NameVirtualHost list for this server
Set to true if this is to be an SSL virtual host. Setting this will cause 'SSLEngine on' to be set for this virtual host.
If set, sets a virtual host specific SSL certificate
If set, sets a virtual host specific SSL private key
A space separated list of files to include in this virtual hosts configuration. These are processed in the same way as the configfiles directive detailed earlier.
The document root directory to be used for the virtual host.
The path to the access log file for this virtual host. If specified this file will be rotated with logrotated at the same time as the main apacheconf log files.
The path to the error log file for this virtual host. If specified this file will be rotated with logrotated at the same time as the main apacheconf log files.
A list of keys of additional configuration lines to include in this virtual host's definition.
The line to include for a given vhostverbatim key, on a given virtual host.
These resources will only be included if the startssl directive is set to true.
The timeout to set for the SSL session cache.
The location of the ssl log
The level of debugging to use for SSL events
The location of the default SSL certificate file
The location of the default SSL private key file
This method provides the ability to manually do a graceful reload of the Apache server. Note that this almost certainly is NOT SAFE with Apache 1.3 when using SSL, it tends to cause the server to hang.
This component supports the LCFG monitoring system, and currently contains additional hooks to enable monitoring by the Nagios engine.
When installed at a site with Nagios monitoring configured, the following additional elements of the vhost list are available
A boolean property which controls whether monitoring is enabled for this virtual host. If not provided, the default is 'true'.
A space separated list of nagios contact groups who should be notified in the event of problems with this virtual host. These groups will be contacted in addition to those in the standard nagios_groups resource
The number of days to warn in advance of SSL certificate expiry. If this is 'no' SSL certificate checking will be disabled for this virtual host. Setting this has no effect if the server, or virtual host, aren't configured with SSL support
Declare this virtual host as being a member of a given Nagios service cluster
Declare this virtual host as providing a particular dependency tag. Note that a given tag may only be provided once - if multiple services provide the same tag, then they should be declared as a cluster
Declare this virtual host as depending on a particular tag for monitoring purposes. Multiple dependencies may be specified as a space separated list.
The path on the server that the monitoring system should fetch to check the server is working correctly. If not specified, the system will use the root.
FedoraCore5, FedoraCore6, ScientificLinux5, ScientificLinux6
Simon Wilkinson <simon@sxw.org.uk>, Stephen Quinney <squinney@inf.ed.ac.uk>