[OpenStack-Infra] Reconcile apache fixes for >= 2.4
Yolanda Robla Mota
yolanda.robla-mota at hpe.com
Wed Nov 4 18:55:44 UTC 2015
Hello Infra
I want to start a thread about the best way to reconcile the apache
fixes that we put on place for upgrade to apache >= 2.4
The are two different ways now:
1. rely on apache mod_version , and add a check inside apache vhosts:
<IfVersion >= 2.4>
Require all granted
</IfVersion>
That is the fix currently on place for puppet-httpd, puppet-cgit, and
some other modules. It is quite simple, but has the disadvantage of
depending on
mod_version apache module, so every manifest using that needs to ensure
that mod_version is installed.
2. Rely on satisfy any:
Allow from all
Satisfy Any
It doesn't need an extra check for version, but it is deprecated as
shown on: https://httpd.apache.org/docs/2.4/howto/auth.html . It also
needs module mod_access_compat to be present
in newer apache versions. We currently have this on puppet-zuul.
3. Another alternatives should be:
- add a parameter to puppet-httpd module, so we can pass the apache
version we are expected to have
- create a custom fact to give us the current apache version in puppet,
and do the apache check using that fact instead of relying in mod_version
- use osfamily/operatingsystem/lsbrelease facts to decide about apache
version, and apply proper directives there
I'd like to get more opinions about how to better proceed with that, and
ensure that all infra puppet modules are following the same criteria.
Best
--
Yolanda Robla Mota
Cloud Automation and Distribution Engineer
+34 605641639
yolanda.robla-mota at hpe.com
More information about the OpenStack-Infra
mailing list