Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Processing error with apache.manage_security state #153

Open
jbouse opened this issue Jul 29, 2016 · 3 comments
Open

Processing error with apache.manage_security state #153

jbouse opened this issue Jul 29, 2016 · 3 comments

Comments

@jbouse
Copy link
Contributor

jbouse commented Jul 29, 2016

There seems to be an issue with the apache.manage_security.sls with the file.blockreplace & file.accumulated and I've not been able to determine if it's in the file state functions or the formula itself...

If I provide the following pillar excerpt to the minion:

apache:
  security:
    ServerTokens: 'Prod'
    ServerSignature: 'Off'

What I'd expect from reading the manage_security.sls state file would be something like:

# START managed zone -DO-NOT-EDIT-
ServerSignature Off
ServerTokens Prod
# END managed zone --

However, what I'm actually getting is:

# START managed zone -DO-NOT-EDIT-
ServerSignature Off
ServerTokens Prod# END managed zone --

Which when you run apachectl configtest or the formula attempts to restart Apache fails.

$ sudo apachectl configtest
AH00526: Syntax error on line 77 of /etc/apache2/conf-enabled/security.conf:
ServerTokens takes 1-2 arguments, Determine tokens displayed in the Server: header - Min(imal), Major, Minor, Prod, OS or Full
Action 'configtest' failed.
The Apache error log may have more information.

Simply going and adding the carriage return and moving the "# END managed zone --" marker end string to a new line fixes the problem. Not sure if this is expected behavior with the blockreplace/accumulated file functions or if something is wrong in the formula but it makes using apache.managed_security useless.
@jbouse
Copy link
Contributor Author

jbouse commented Jul 29, 2016

It seems like changing L#26 to read as - text: "{{ option }} {{ value }}\n" instead of - text: "{{ option }} {{ value }}" as it is written does make the state work... It just seems kludgy as it adds unnecessary extra empty lines and doesn't match what the documentation shows in it's example for a blockreplace/accumulated configuration though that isn't running the file.accumulated inside a for loop so could the items() call for the for loop be injecting something?

@stokbaek
Copy link

stokbaek commented Aug 3, 2016

Think it might be related to this issue in salt: saltstack/salt#33686

@jbouse
Copy link
Contributor Author

jbouse commented Aug 3, 2016

@stokbaek that does sound like the issue... I'll push that Salt ticket through support and see if we can't get some more attention put on it.

@kadogo kadogo mentioned this issue Jan 31, 2017
Closed
alxwr added a commit to alxwr/apache-formula that referenced this issue May 17, 2017
@alxwr
Template security.conf in Debian
5fa91b7 
Including optional per-OS templates

(Solves saltstack-formulas#153)
@alxwr alxwr mentioned this issue May 17, 2017
Merged
noelmcloughlin pushed a commit to noelmcloughlin/apache-formula that referenced this issue Jan 11, 2018
@alxwr @noelmcloughlin
Template security.conf in Debian
7350ee2 
Including optional per-OS templates

(Solves saltstack-formulas#153)
noelmcloughlin pushed a commit to noelmcloughlin/apache-formula that referenced this issue Feb 13, 2018
@alxwr @noelmcloughlin
Template security.conf in Debian
b5950d1 
Including optional per-OS templates

(Solves saltstack-formulas#153)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jbouse @stokbaek