Merged tmakinen/puppet into master
This commit is contained in:
Ossi Herrala
commit
2535359a5a
5 changed files with 60 additions and 7 deletions
|
|
@ -180,7 +180,8 @@ class apache::debian::sslserver inherits apache::debian::common {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain) {
|
define apache::debian::sslsite($first, $ipaddr, $root,
|
||||||
|
$ssl_cert, $ssl_key, $ssl_chain) {
|
||||||
|
|
||||||
if $name == "default" {
|
if $name == "default" {
|
||||||
$site_fqdn = $homename
|
$site_fqdn = $homename
|
||||||
|
|
@ -253,8 +254,13 @@ define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$site_conf = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf"
|
if $first == true {
|
||||||
$site_confdir = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.d"
|
$site_conf = "/etc/apache2/sites-enabled/00-${site_fqdn}-ssl.conf"
|
||||||
|
$site_confdir = "/etc/apache2/sites-enabled/00-${site_fqdn}-ssl.d"
|
||||||
|
} else {
|
||||||
|
$site_conf = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf"
|
||||||
|
$site_confdir = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.d"
|
||||||
|
}
|
||||||
|
|
||||||
file { $site_conf:
|
file { $site_conf:
|
||||||
ensure => present,
|
ensure => present,
|
||||||
|
|
|
||||||
|
|
@ -255,6 +255,9 @@ class apache::sslserver::listen {
|
||||||
#
|
#
|
||||||
# $name:
|
# $name:
|
||||||
# FQDN of virtual host.
|
# FQDN of virtual host.
|
||||||
|
# $first:
|
||||||
|
# Bool for whether this is the first (default) vhost
|
||||||
|
# when using NameVirtualHost. Defaults to false.
|
||||||
# $ipaddr:
|
# $ipaddr:
|
||||||
# IP address of virtual host. Defaults to _default_.
|
# IP address of virtual host. Defaults to _default_.
|
||||||
# $root:
|
# $root:
|
||||||
|
|
@ -274,7 +277,7 @@ class apache::sslserver::listen {
|
||||||
# ssl_key => "puppet:///path/to/www.example.com.key",
|
# ssl_key => "puppet:///path/to/www.example.com.key",
|
||||||
# }
|
# }
|
||||||
#
|
#
|
||||||
define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", $ssl_chain="") {
|
define apache::sslsite($first=false, $ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", $ssl_chain="") {
|
||||||
|
|
||||||
include apache::sslserver::listen
|
include apache::sslserver::listen
|
||||||
|
|
||||||
|
|
@ -282,6 +285,7 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="",
|
||||||
"debian","ubuntu": {
|
"debian","ubuntu": {
|
||||||
$apache_ssldir = "/etc/ssl"
|
$apache_ssldir = "/etc/ssl"
|
||||||
apache::debian::sslsite { $name:
|
apache::debian::sslsite { $name:
|
||||||
|
first => $first,
|
||||||
ipaddr => $ipaddr,
|
ipaddr => $ipaddr,
|
||||||
root => $root,
|
root => $root,
|
||||||
ssl_cert => $ssl_cert,
|
ssl_cert => $ssl_cert,
|
||||||
|
|
@ -293,6 +297,7 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="",
|
||||||
"centos","redhat","fedora": {
|
"centos","redhat","fedora": {
|
||||||
$apache_ssldir = "/etc/pki/tls"
|
$apache_ssldir = "/etc/pki/tls"
|
||||||
apache::redhat::sslsite { $name:
|
apache::redhat::sslsite { $name:
|
||||||
|
first => $first,
|
||||||
ipaddr => $ipaddr,
|
ipaddr => $ipaddr,
|
||||||
root => $root,
|
root => $root,
|
||||||
ssl_cert => $ssl_cert,
|
ssl_cert => $ssl_cert,
|
||||||
|
|
|
||||||
|
|
@ -219,7 +219,8 @@ class apache::redhat::sslserver {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain) {
|
define apache::redhat::sslsite($first, $ipaddr, $root,
|
||||||
|
$ssl_cert, $ssl_key, $ssl_chain) {
|
||||||
|
|
||||||
if $name == "default" {
|
if $name == "default" {
|
||||||
$site_fqdn = $homename
|
$site_fqdn = $homename
|
||||||
|
|
@ -293,8 +294,13 @@ define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$site_conf = "/etc/httpd/site.https.d/${site_fqdn}.conf"
|
if $first == true {
|
||||||
$site_confdir = "/etc/httpd/site.https.d/${site_fqdn}.d"
|
$site_conf = "/etc/httpd/site.https.d/00-${site_fqdn}.conf"
|
||||||
|
$site_confdir = "/etc/httpd/site.https.d/00-${site_fqdn}.d"
|
||||||
|
} else {
|
||||||
|
$site_conf = "/etc/httpd/site.https.d/${site_fqdn}.conf"
|
||||||
|
$site_confdir = "/etc/httpd/site.https.d/${site_fqdn}.d"
|
||||||
|
}
|
||||||
|
|
||||||
file { $site_conf:
|
file { $site_conf:
|
||||||
ensure => present,
|
ensure => present,
|
||||||
|
|
|
||||||
8
selinux/files/restorecond.conf
Normal file
8
selinux/files/restorecond.conf
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
/etc/services
|
||||||
|
/etc/resolv.conf
|
||||||
|
/etc/samba/secrets.tdb
|
||||||
|
/etc/mtab
|
||||||
|
/var/run/utmp
|
||||||
|
/var/log/wtmp
|
||||||
|
/root/*
|
||||||
|
/root/.ssh/*
|
||||||
|
|
@ -92,6 +92,34 @@ class selinux::tools {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Enable restorecond service.
|
||||||
|
#
|
||||||
|
class selinux::restorecond {
|
||||||
|
|
||||||
|
if $::selinux == "true" {
|
||||||
|
file { "/etc/selinux/restorecond.conf":
|
||||||
|
ensure => present,
|
||||||
|
mode => "0644",
|
||||||
|
owner => "root",
|
||||||
|
group => "root",
|
||||||
|
seltype => "selinux_config_t",
|
||||||
|
source => [
|
||||||
|
"puppet:///files/selinux/restorecond.conf.${homename}",
|
||||||
|
"puppet:///files/selinux/restorecond.conf",
|
||||||
|
"puppet:///modules/selinux/restorecond.conf",
|
||||||
|
],
|
||||||
|
notify => Service["restorecond"],
|
||||||
|
}
|
||||||
|
|
||||||
|
service { "restorecond":
|
||||||
|
ensure => running,
|
||||||
|
enable => true,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# Set SELinux boolean value
|
# Set SELinux boolean value
|
||||||
#
|
#
|
||||||
# === Parameters
|
# === Parameters
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue