apache-formula icon indicating copy to clipboard operation
apache-formula copied to clipboard

Published 20 hours ago verified publisher icon saltstack-formulas

Processing error with apache.manage_security state

Open jbouse opened this issue 8 years ago • 3 comments

There seems to be an issue with the apache.manage_security.sls with the file.blockreplace & file.accumulated and I've not been able to determine if it's in the file state functions or the formula itself...

If I provide the following pillar excerpt to the minion:

apache:
  security:
    ServerTokens: 'Prod'
    ServerSignature: 'Off'

What I'd expect from reading the manage_security.sls state file would be something like:

# START managed zone -DO-NOT-EDIT-
ServerSignature Off
ServerTokens Prod
# END managed zone --

However, what I'm actually getting is:

# START managed zone -DO-NOT-EDIT-
ServerSignature Off
ServerTokens Prod# END managed zone --

Which when you run apachectl configtest or the formula attempts to restart Apache fails.

$ sudo apachectl configtest
AH00526: Syntax error on line 77 of /etc/apache2/conf-enabled/security.conf:
ServerTokens takes 1-2 arguments, Determine tokens displayed in the Server: header - Min(imal), Major, Minor, Prod, OS or Full
Action 'configtest' failed.
The Apache error log may have more information.

Simply going and adding the carriage return and moving the "# END managed zone --" marker end string to a new line fixes the problem. Not sure if this is expected behavior with the blockreplace/accumulated file functions or if something is wrong in the formula but it makes using apache.managed_security useless.

jbouse avatar Jul 29 '16 19:07 jbouse

It seems like changing L#26 to read as - text: "{{ option }} {{ value }}\n" instead of - text: "{{ option }} {{ value }}" as it is written does make the state work... It just seems kludgy as it adds unnecessary extra empty lines and doesn't match what the documentation shows in it's example for a blockreplace/accumulated configuration though that isn't running the file.accumulated inside a for loop so could the items() call for the for loop be injecting something?

jbouse avatar Jul 29 '16 19:07 jbouse

Think it might be related to this issue in salt: https://github.com/saltstack/salt/issues/33686

stokbaek avatar Aug 03 '16 07:08 stokbaek

@stokbaek that does sound like the issue... I'll push that Salt ticket through support and see if we can't get some more attention put on it.

jbouse avatar Aug 03 '16 13:08 jbouse