diff --git a/apache/manifests/debian.pp b/apache/manifests/debian.pp
new file mode 100644
index 0000000..395f782
--- /dev/null
+++ b/apache/manifests/debian.pp
@@ -0,0 +1,243 @@
+class apache::debian::common {
+
+ if ! $httpd_user {
+ $httpd_user = "www-data"
+ }
+ if ! $httpd_group {
+ $httpd_group = "www-data"
+ }
+
+ file { [ "/srv/www/http",
+ "/srv/www/http/${fqdn}",
+ "/srv/www/log/http",
+ "/srv/www/log/http/${fqdn}", ]:
+ ensure => directory,
+ mode => 0644,
+ owner => root,
+ group => root,
+ require => Package["httpd"],
+ before => File["/etc/apache2/apache2.conf"],
+ }
+
+ file { "/etc/apache2/envvars":
+ ensure => present,
+ content => template("apache/apache2.envvars.erb"),
+ mode => 0644,
+ owner => root,
+ group => root,
+ require => Package["httpd"],
+ notify => Service["apache2"],
+ }
+
+ file { "/etc/apache2/ports.conf":
+ ensure => present,
+ content => "# HTTP server disabled\n"
+ mode => 0644,
+ owner => root,
+ group => root,
+ notify => Service["apache2"],
+ }
+
+ file { "/etc/apache2/apache2.conf":
+ ensure => present,
+ content => template("apache/apache2.conf.erb"),
+ mode => 0644,
+ owner => root,
+ group => root,
+ require => File["/etc/apache2/envvars", "/etc/apache2/ports.conf" ],
+ notify => Service["apache2"],
+ }
+
+ service { "apache2":
+ ensure => running,
+ enable => true,
+ require => File["/etc/apache2/apache2.conf"],
+ }
+
+}
+
+
+class apache::debian::server inherits apache::debian::common {
+
+ File["/etc/apache2/ports.conf"] {
+ content => "NameVirtualHost *:80\nListen80\n"
+ }
+
+}
+
+
+define apache::debian::site($aliases, $root, $config, $redirect) {
+
+ $site_conf = "/etc/apache2/sites-available/${name}.conf"
+
+ if $name == "default" {
+ $site_fqdn = $fqdn
+ } else {
+ $site_fqdn = $name
+
+ if !$redirect {
+ if $root {
+ file { "/srv/www/http/${site_fqdn}":
+ ensure => link,
+ target => $root,
+ before => File["${site_conf}"],
+ }
+ } else {
+ file { "/srv/www/http/${site_fqdn}":
+ ensure => directory,
+ mode => 0755,
+ owner => root,
+ group => root,
+ before => File["${site_conf}"],
+ }
+ }
+
+ file { "/srv/www/log/http/${site_fqdn}":
+ ensure => directory,
+ mode => 0755,
+ owner => root,
+ group => root,
+ before => File["${site_conf}"],
+ }
+ }
+ }
+
+ file { "${site_conf}":
+ ensure => present,
+ mode => 0644,
+ owner => root,
+ group => root,
+ notify => Service["httpd"],
+ }
+
+ if $config {
+ File["${site_conf}"] {
+ source => $config,
+ }
+ }
+ if $redirect {
+ File["${site_conf}"] {
+ content => "\n ServerName ${site_fqdn}\n Redirect permanent / ${redirect}\n\n",
+ }
+ }
+ if !$config and !$redirect {
+ File["${site_conf}"] {
+ content => template("apache/site.http.conf.erb"),
+ }
+ }
+
+}
+
+
+
+class apache::debian::sslserver inherits apache::debian::common {
+
+ file { [ "/srv/www/https",
+ "/srv/www/https/${fqdn}",
+ "/srv/www/log/https",
+ "/srv/www/log/https/${fqdn}", ]:
+ ensure => directory,
+ mode => 0644,
+ owner => root,
+ group => root,
+ require => Package["httpd"],
+ before => File["/etc/apache2/apache2.conf"],
+ }
+
+ apache::debian::a2enmod { "ssl": }
+
+}
+
+
+define apache::debian::configfile($source, $content, $http, $https) {
+
+ file { "/etc/apache2/conf.d/${name}":
+ ensure => present,
+ mode => 0644,
+ owner => root,
+ group => root,
+ notify => Service["apache2"],
+ require => Package["httpd"],
+ }
+ if $source {
+ File["/etc/apache2/conf.d/${name}"] {
+ source => $source,
+ }
+ }
+ if $content {
+ File["/etc/apache2/conf.d/${name}"] {
+ content => $content,
+ }
+ }
+
+}
+
+
+# Enable module on Debian/Ubuntu Apache.
+#
+# === Parameters
+#
+# $name:
+# Module name.
+# $source:
+# Source for optional module configuration.
+# $content:
+# Content for optional module configuration.
+# See also $source.
+# $require:
+# Dependencies for the module file.
+#
+define apache::debian::a2enmod($source="", $content="") {
+
+ exec { "a2enmod-${name}":
+ path => "/bin:/usr/bin:/sbin:/usr/sbin",
+ command => "a2enmod ${name}",
+ unless => "test -h /etc/apache2/mods-enabled/${name}.load",
+ notify => Service["apache2"],
+ require => Package["httpd"],
+ }
+
+ if $source or $content {
+ file { "/etc/apache2/mods-available/${name}.conf":
+ mode => 0644,
+ owner => root,
+ group => root,
+ notify => Service["apache2"],
+ before => Exec["a2enmod-${name}"],
+ }
+ if $source {
+ File["/etc/apache2/mods-available/${name}.conf"] {
+ source => $source,
+ }
+ }
+ if $content {
+ File["/etc/apache2/mods-available/${name}.conf"] {
+ content => $content,
+ }
+ }
+ }
+
+}
+
+
+# Enable virtual host on Debian/Ubuntu Apache.
+#
+# === Parameters
+#
+# $name:
+# FQDN of virtual host.
+#
+define apache::debian::a2ensite() {
+
+ exec { "a2ensite-${name}":
+ path => "/bin:/usr/bin:/sbin:/usr/sbin",
+ command => "a2ensite ${name}",
+ unless => $name ? {
+ "default" => "test -h /etc/apache2/sites-enabled/000-default",
+ default => "test -h /etc/apache2/sites-enabled/${name}",
+ },
+ notify => Service["apache2"],
+ require => Package["httpd"],
+ }
+
+}
diff --git a/apache/manifests/init.pp b/apache/manifests/init.pp
index b913123..207b580 100644
--- a/apache/manifests/init.pp
+++ b/apache/manifests/init.pp
@@ -1,3 +1,5 @@
+import "debian.pp"
+import "redhat.pp"
# Install Apache, www logrotate script and cron job.
#
@@ -77,89 +79,15 @@ class apache::common {
#
class apache::server inherits apache::common {
- if ! $httpd_user {
- $httpd_user = $operatingsystem ? {
- debian => "www-data",
- ubuntu => "www-data",
- default => "apache",
- }
- }
- if ! $httpd_group {
- $httpd_group = $operatingsystem ? {
- debian => "www-data",
- ubuntu => "www-data",
- default => "apache",
- }
- }
-
- file { [ "/srv/www/http",
- "/srv/www/http/${fqdn}",
- "/srv/www/log/http",
- "/srv/www/log/http/${fqdn}", ]:
- ensure => directory,
- mode => 0644,
- owner => root,
- group => root,
- require => Package["httpd"],
- before => $operatingsystem ? {
- debian => File["/etc/apache2/apache2.conf"],
- ubuntu => File["/etc/apache2/apache2.conf"],
- default => File["/etc/httpd/conf/httpd.conf"],
- },
- }
-
case $operatingsystem {
debian,ubuntu: {
- file { "/etc/apache2/envvars":
- ensure => present,
- content => template("apache/apache2.envvars.erb"),
- mode => 0644,
- owner => root,
- group => root,
- require => Package["httpd"],
- notify => Service["apache2"],
- }
- file { "/etc/apache2/apache2.conf":
- ensure => present,
- content => template("apache/apache2.conf.erb"),
- mode => 0644,
- owner => root,
- group => root,
- require => File["/etc/apache2/envvars"],
- notify => Service["apache2"],
- }
- service { "apache2":
- ensure => running,
- enable => true,
- require => File["/etc/apache2/apache2.conf"],
- }
+ include apache::debian::server
+ }
+ centos,fedora: {
+ include apache::redhat::server
}
default: {
- file { [ "/etc/httpd/conf.http.d", "/etc/httpd/site.http.d" ]:
- ensure => directory,
- mode => 0644,
- owner => root,
- group => root,
- purge => true,
- force => true,
- recurse => true,
- source => "puppet:///custom/empty",
- require => Package["httpd"],
- before => File["/etc/httpd/conf/httpd.conf"],
- }
- file { "/etc/httpd/conf/httpd.conf":
- ensure => present,
- content => template("apache/httpd.conf.erb"),
- mode => 0644,
- owner => root,
- group => root,
- notify => Service["httpd"],
- }
- service { "httpd":
- ensure => running,
- enable => true,
- require => File["/etc/httpd/conf/httpd.conf"],
- }
+ fail("Apache module not supported in ${operatingsystem}.")
}
}
@@ -193,61 +121,25 @@ class apache::server inherits apache::common {
#
define apache::site($aliases="", $root="", $config="", $redirect="") {
- if $name == "default" {
- $site_fqdn = $fqdn
- $site_conf = "/etc/httpd/site.http.d/00-${site_fqdn}.conf"
- } else {
- $site_fqdn = $name
- $site_conf = "/etc/httpd/site.http.d/10-${site_fqdn}.conf"
-
- if !$redirect {
- if $root {
- file { "/srv/www/http/${site_fqdn}":
- ensure => link,
- target => $root,
- before => File["${site_conf}"],
- }
- } else {
- file { "/srv/www/http/${site_fqdn}":
- ensure => directory,
- mode => 0755,
- owner => root,
- group => root,
- before => File["${site_conf}"],
- }
- }
-
- file { "/srv/www/log/http/${site_fqdn}":
- ensure => directory,
- mode => 0755,
- owner => root,
- group => root,
- before => File["${site_conf}"],
+ case $operatingsystem {
+ debian,ubuntu: {
+ apache::debian::site { "${name}":
+ aliases => $aliases,
+ root => $root,
+ config => $config,
+ redirect => $redirect,
}
}
- }
-
- file { "${site_conf}":
- ensure => present,
- mode => 0644,
- owner => root,
- group => root,
- notify => Service["httpd"],
- }
-
- if $config {
- File["${site_conf}"] {
- source => $config,
+ centos,fedora: {
+ apache::redhat::site { "${name}":
+ aliases => $aliases,
+ root => $root,
+ config => $config,
+ redirect => $redirect,
+ }
}
- }
- if $redirect {
- File["${site_conf}"] {
- content => "\n ServerName ${site_fqdn}\n Redirect permanent / ${redirect}\n\n",
- }
- }
- if !$config and !$redirect {
- File["${site_conf}"] {
- content => template("apache/site.http.conf.erb"),
+ default: {
+ fail("Apache module not supported in ${operatingsystem}.")
}
}
@@ -265,74 +157,16 @@ define apache::site($aliases="", $root="", $config="", $redirect="") {
#
class apache::sslserver inherits apache::common {
- if ! $httpsd_user {
- $httpsd_user = "httpsd"
- }
- if ! $httpsd_group {
- $httpsd_group = "httpsd"
- }
-
- package { "mod_ssl":
- ensure => installed
- }
-
- file { [ "/etc/httpd/conf.https.d",
- "/etc/httpd/site.https.d",
- "/srv/www/https",
- "/srv/www/https/${fqdn}",
- "/srv/www/log/https",
- "/srv/www/log/https/${fqdn}", ]:
- ensure => directory,
- mode => 0644,
- owner => root,
- group => root,
- require => Package["httpd"],
- before => File["/etc/httpd/conf/httpsd.conf"],
- }
-
- File["/etc/httpd/conf.https.d", "/etc/httpd/site.https.d"] {
- purge => true,
- force => true,
- recurse => true,
- source => "puppet:///custom/empty",
- }
-
- file { "/etc/httpd/conf/httpsd.conf":
- ensure => present,
- mode => 0644,
- owner => root,
- group => root,
- content => template("apache/httpsd.conf.erb"),
- require => Package["httpd"],
- notify => Service["httpsd"],
- }
-
- file { "/etc/init.d/httpsd":
- ensure => present,
- source => "puppet:///apache/httpsd",
- mode => 0755,
- owner => root,
- group => root,
- }
-
- file { "/usr/sbin/httpsd":
- ensure => link,
- target => "/usr/sbin/httpd",
- seluser => "system_u",
- selrole => "object_r",
- seltype => "httpd_exec_t",
- require => Package["httpd"],
- }
-
- service { "httpsd":
- ensure => running,
- enable => true,
- hasstatus => true,
- require => [ Package["httpd"],
- Package["mod_ssl"],
- File["/etc/httpd/conf/httpsd.conf"],
- File["/etc/init.d/httpsd"],
- File["/usr/sbin/httpsd"], ],
+ case $operatingsystem {
+ debian,ubuntu: {
+ include apache::debian::sslserver
+ }
+ centos,fedora: {
+ include apache::redhat::sslserver
+ }
+ default: {
+ fail("Apache module not supported in ${operatingsystem}.")
+ }
}
}
@@ -366,94 +200,27 @@ class apache::sslserver inherits apache::common {
#
define apache::sslsite($root="", $config="", $ssl_cert="", $ssl_key="", $ssl_chain="") {
- if $name == "default" {
- $site_fqdn = $fqdn
- } else {
- $site_fqdn = $name
-
- if $root {
- file { "/srv/www/https/${site_fqdn}":
- ensure => link,
- target => $root,
- before => Service["httpsd"],
- }
- } else {
- file { "/srv/www/https/${site_fqdn}":
- ensure => directory,
- mode => 0755,
- owner => root,
- group => root,
- before => Service["httpsd"],
+ case $operatingsystem {
+ debian,ubuntu: {
+ apache::debian::sslsite { "${name}":
+ root => $root,
+ config => $config,
+ ssl_cert => $ssl_cert,
+ ssl_key => $ssl_key,
+ ssl_chain => $ssl_chain,
}
}
-
- file { "/srv/www/log/https/${site_fqdn}":
- ensure => directory,
- mode => 0755,
- owner => root,
- group => root,
- before => Service["httpsd"],
+ centos,fedora: {
+ apache::redhat::sslsite { "${name}":
+ root => $root,
+ config => $config,
+ ssl_cert => $ssl_cert,
+ ssl_key => $ssl_key,
+ ssl_chain => $ssl_chain,
+ }
}
- }
-
- if $ssl_cert {
- $real_ssl_cert = $ssl_cert
- } else {
- $real_ssl_cert = "${puppet_ssldir}/certs/${fqdn}.pem"
- }
-
- file { "/etc/pki/tls/certs/${site_fqdn}.crt":
- ensure => present,
- source => $real_ssl_cert,
- mode => 0644,
- owner => root,
- group => root,
- notify => Service["httpsd"],
- }
-
- if $ssl_key {
- $real_ssl_key = $ssl_key
- } else {
- $real_ssl_key = "${puppet_ssldir}/private_keys/${fqdn}.pem"
- }
-
- file { "/etc/pki/tls/private/${site_fqdn}.key":
- ensure => present,
- source => $real_ssl_key,
- mode => 0600,
- owner => root,
- group => root,
- notify => Service["httpsd"],
- }
-
- if $ssl_chain {
- file { "/etc/pki/tls/certs/${site_fqdn}.chain.crt":
- ensure => present,
- source => $ssl_chain,
- mode => 0644,
- owner => root,
- group => root,
- notify => Service["httpsd"],
- }
- }
-
- file { "/etc/httpd/site.https.d/${site_fqdn}.conf":
- ensure => present,
- mode => 0644,
- owner => root,
- group => root,
- notify => Service["httpsd"],
- require => [ File["/etc/pki/tls/certs/${site_fqdn}.crt"],
- File["/etc/pki/tls/private/${site_fqdn}.key"], ],
- }
-
- if $config {
- File["/etc/httpd/site.https.d/${site_fqdn}.conf"] {
- source => $config,
- }
- } else {
- File["/etc/httpd/site.https.d/${site_fqdn}.conf"] {
- content => template("apache/site.https.conf.erb"),
+ default: {
+ fail("Apache module not supported in ${operatingsystem}.")
}
}
@@ -490,144 +257,29 @@ define apache::configfile($source="", $content="", $http=true, $https=true) {
case $operatingsystem {
debian,ubuntu: {
- file { "/etc/apache2/conf.d/${name}":
- mode => 0644,
- owner => root,
- group => root,
- notify => Service["apache2"],
- require => Package["httpd"],
+ apache::debian::configfile { "${name}":
+ source => "${source}",
+ content => "${content}",
+ http => $http,
+ https => $https,
}
- if $source {
- File["/etc/apache2/conf.d/${name}"] {
- source => $source,
- }
- }
- if $content {
- File["/etc/apache2/conf.d/${name}"] {
- content => $content,
- }
+ }
+ centos,fedora: {
+ apache::redhat::configfile { "${name}":
+ source => "${source}",
+ content => "${content}",
+ http => $http,
+ https => $https,
}
}
default: {
- if defined(Service["httpd"]) {
- file { "/etc/httpd/conf.http.d/${name}":
- ensure => $http ? {
- true => present,
- default => absent,
- },
- mode => 0644,
- owner => root,
- group => root,
- notify => Service["httpd"],
- }
- if $source {
- File["/etc/httpd/conf.http.d/${name}"] {
- source => $source,
- }
- }
- if $content {
- File["/etc/httpd/conf.http.d/${name}"] {
- content => $content,
- }
- }
- if ! $source and ! $content {
- File["/etc/httpd/conf.http.d/${name}"] {
- source => "/etc/httpd/conf.d/${name}",
- }
- }
- if $require {
- File["/etc/httpd/conf.http.d/${name}"] {
- require => $require,
- }
- }
- }
-
- if defined(Service["httpsd"]) {
- file { "/etc/httpd/conf.https.d/${name}":
- ensure => $https ? {
- true => present,
- default => absent,
- },
- mode => 0644,
- owner => root,
- group => root,
- notify => Service["httpsd"],
- }
- if $source {
- File["/etc/httpd/conf.https.d/${name}"] {
- source => $source,
- }
- }
- if $content {
- File["/etc/httpd/conf.https.d/${name}"] {
- content => $content,
- }
- }
- if ! $source and ! $content {
- File["/etc/httpd/conf.https.d/${name}"] {
- source => "/etc/httpd/conf.d/${name}",
- }
- }
- if $require {
- File["/etc/httpd/conf.https.d/${name}"] {
- require => $require,
- }
- }
- }
+ fail("Apache module not supported in ${operatingsystem}.")
}
}
}
-# Enable module on Debian/Ubuntu Apache.
-#
-# === Parameters
-#
-# $name:
-# Module name.
-# $source:
-# Source for optional module configuration.
-# $content:
-# Content for optional module configuration.
-# See also $source.
-# $require:
-# Dependencies for the module file.
-#
-define apache::a2enmod($source="", $content="") {
-
- exec { "a2enmod-${name}":
- path => "/bin:/usr/bin:/sbin:/usr/sbin",
- command => "a2enmod ${name}",
- unless => "test -h /etc/apache2/mods-enabled/${name}.load",
- notify => Service["apache2"],
- require => Package["httpd"],
- }
-
- if $source or $content {
- file { "/etc/apache2/mods-available/${name}.conf":
- mode => 0644,
- owner => root,
- group => root,
- notify => Service["apache2"],
- before => Exec["a2enmod-${name}"],
- }
- if $source {
- File["/etc/apache2/mods-available/${name}.conf"] {
- source => $source,
- }
- }
- if $content {
- File["/etc/apache2/mods-available/${name}.conf"] {
- content => $content,
- }
- }
- }
-
-
-}
-
-
# Install mod_auth_kerb.
#
class apache::mod::auth_kerb {
diff --git a/apache/manifests/redhat.pp b/apache/manifests/redhat.pp
new file mode 100644
index 0000000..f2a566c
--- /dev/null
+++ b/apache/manifests/redhat.pp
@@ -0,0 +1,353 @@
+class apache::redhat::server {
+
+ if ! $httpd_user {
+ $httpd_user = "apache"
+ }
+ if ! $httpd_group {
+ $httpd_group = "apache"
+ }
+
+ file { [ "/etc/httpd/conf.http.d",
+ "/etc/httpd/site.http.d",
+ "/srv/www/http",
+ "/srv/www/http/${fqdn}",
+ "/srv/www/log/http",
+ "/srv/www/log/http/${fqdn}", ]:
+ ensure => directory,
+ mode => 0644,
+ owner => root,
+ group => root,
+ require => Package["httpd"],
+ before => File["/etc/httpd/conf/httpd.conf"],
+ }
+
+ File["/etc/httpd/conf.http.d", "/etc/httpd/site.http.d"] {
+ purge => true,
+ force => true,
+ recurse => true,
+ source => "puppet:///custom/empty",
+ }
+
+ file { "/etc/httpd/conf/httpd.conf":
+ ensure => present,
+ content => template("apache/httpd.conf.erb"),
+ mode => 0644,
+ owner => root,
+ group => root,
+ require => Package["httpd"],
+ notify => Service["httpd"],
+ }
+
+ service { "httpd":
+ ensure => running,
+ enable => true,
+ require => [ Package["httpd"],
+ File["/etc/httpd/conf/httpd.conf"], ],
+ }
+
+}
+
+
+define apache::redhat::site($aliases, $root, $config, $redirect) {
+
+ if $name == "default" {
+ $site_fqdn = $fqdn
+ $site_conf = "/etc/httpd/site.http.d/00-${site_fqdn}.conf"
+ } else {
+ $site_fqdn = $name
+ $site_conf = "/etc/httpd/site.http.d/10-${site_fqdn}.conf"
+
+ if !$redirect {
+ if $root {
+ file { "/srv/www/http/${site_fqdn}":
+ ensure => link,
+ target => $root,
+ before => File["${site_conf}"],
+ }
+ } else {
+ file { "/srv/www/http/${site_fqdn}":
+ ensure => directory,
+ mode => 0755,
+ owner => root,
+ group => root,
+ before => File["${site_conf}"],
+ }
+ }
+
+ file { "/srv/www/log/http/${site_fqdn}":
+ ensure => directory,
+ mode => 0755,
+ owner => root,
+ group => root,
+ before => File["${site_conf}"],
+ }
+ }
+ }
+
+ file { "${site_conf}":
+ ensure => present,
+ mode => 0644,
+ owner => root,
+ group => root,
+ notify => Service["httpd"],
+ }
+
+ if $config {
+ File["${site_conf}"] {
+ source => $config,
+ }
+ }
+ if $redirect {
+ File["${site_conf}"] {
+ content => "\n ServerName ${site_fqdn}\n Redirect permanent / ${redirect}\n\n",
+ }
+ }
+ if !$config and !$redirect {
+ File["${site_conf}"] {
+ content => template("apache/site.http.conf.erb"),
+ }
+ }
+
+}
+
+
+class apache::redhat::sslserver {
+
+ if ! $httpsd_user {
+ $httpsd_user = "httpsd"
+ }
+ if ! $httpsd_group {
+ $httpsd_group = "httpsd"
+ }
+
+ package { "mod_ssl":
+ ensure => installed
+ }
+
+ file { [ "/etc/httpd/conf.https.d",
+ "/etc/httpd/site.https.d",
+ "/srv/www/https",
+ "/srv/www/https/${fqdn}",
+ "/srv/www/log/https",
+ "/srv/www/log/https/${fqdn}", ]:
+ ensure => directory,
+ mode => 0644,
+ owner => root,
+ group => root,
+ require => Package["httpd"],
+ before => File["/etc/httpd/conf/httpsd.conf"],
+ }
+
+ File["/etc/httpd/conf.https.d", "/etc/httpd/site.https.d"] {
+ purge => true,
+ force => true,
+ recurse => true,
+ source => "puppet:///custom/empty",
+ }
+
+ file { "/etc/httpd/conf/httpsd.conf":
+ ensure => present,
+ mode => 0644,
+ owner => root,
+ group => root,
+ content => template("apache/httpsd.conf.erb"),
+ require => Package["httpd"],
+ notify => Service["httpsd"],
+ }
+
+ file { "/etc/init.d/httpsd":
+ ensure => present,
+ source => "puppet:///apache/httpsd",
+ mode => 0755,
+ owner => root,
+ group => root,
+ }
+
+ file { "/usr/sbin/httpsd":
+ ensure => link,
+ target => "/usr/sbin/httpd",
+ seluser => "system_u",
+ selrole => "object_r",
+ seltype => "httpd_exec_t",
+ require => Package["httpd"],
+ }
+
+ service { "httpsd":
+ ensure => running,
+ enable => true,
+ hasstatus => true,
+ require => [ Package["httpd"],
+ Package["mod_ssl"],
+ File["/etc/httpd/conf/httpsd.conf"],
+ File["/etc/init.d/httpsd"],
+ File["/usr/sbin/httpsd"], ],
+ }
+
+}
+
+
+define apache::redhat::sslsite($root, $config, $ssl_cert, $ssl_key, $ssl_chain) {
+
+ if $name == "default" {
+ $site_fqdn = $fqdn
+ } else {
+ $site_fqdn = $name
+
+ if $root {
+ file { "/srv/www/https/${site_fqdn}":
+ ensure => link,
+ target => $root,
+ before => Service["httpsd"],
+ }
+ } else {
+ file { "/srv/www/https/${site_fqdn}":
+ ensure => directory,
+ mode => 0755,
+ owner => root,
+ group => root,
+ before => Service["httpsd"],
+ }
+ }
+
+ file { "/srv/www/log/https/${site_fqdn}":
+ ensure => directory,
+ mode => 0755,
+ owner => root,
+ group => root,
+ before => Service["httpsd"],
+ }
+ }
+
+ if $ssl_cert {
+ $real_ssl_cert = $ssl_cert
+ } else {
+ $real_ssl_cert = "${puppet_ssldir}/certs/${fqdn}.pem"
+ }
+
+ file { "/etc/pki/tls/certs/${site_fqdn}.crt":
+ ensure => present,
+ source => $real_ssl_cert,
+ mode => 0644,
+ owner => root,
+ group => root,
+ notify => Service["httpsd"],
+ }
+
+ if $ssl_key {
+ $real_ssl_key = $ssl_key
+ } else {
+ $real_ssl_key = "${puppet_ssldir}/private_keys/${fqdn}.pem"
+ }
+
+ file { "/etc/pki/tls/private/${site_fqdn}.key":
+ ensure => present,
+ source => $real_ssl_key,
+ mode => 0600,
+ owner => root,
+ group => root,
+ notify => Service["httpsd"],
+ }
+
+ if $ssl_chain {
+ file { "/etc/pki/tls/certs/${site_fqdn}.chain.crt":
+ ensure => present,
+ source => $ssl_chain,
+ mode => 0644,
+ owner => root,
+ group => root,
+ notify => Service["httpsd"],
+ }
+ }
+
+ file { "/etc/httpd/site.https.d/${site_fqdn}.conf":
+ ensure => present,
+ mode => 0644,
+ owner => root,
+ group => root,
+ notify => Service["httpsd"],
+ require => [ File["/etc/pki/tls/certs/${site_fqdn}.crt"],
+ File["/etc/pki/tls/private/${site_fqdn}.key"], ],
+ }
+
+ if $config {
+ File["/etc/httpd/site.https.d/${site_fqdn}.conf"] {
+ source => $config,
+ }
+ } else {
+ File["/etc/httpd/site.https.d/${site_fqdn}.conf"] {
+ content => template("apache/site.https.conf.erb"),
+ }
+ }
+
+}
+
+
+define apache::redhat::configfile($source, $content, $http, $https) {
+
+ if defined(Service["httpd"]) {
+ file { "/etc/httpd/conf.http.d/${name}":
+ ensure => $http ? {
+ true => present,
+ default => absent,
+ },
+ mode => 0644,
+ owner => root,
+ group => root,
+ notify => Service["httpd"],
+ }
+ if $source {
+ File["/etc/httpd/conf.http.d/${name}"] {
+ source => $source,
+ }
+ }
+ if $content {
+ File["/etc/httpd/conf.http.d/${name}"] {
+ content => $content,
+ }
+ }
+ if ! $source and ! $content {
+ File["/etc/httpd/conf.http.d/${name}"] {
+ source => "/etc/httpd/conf.d/${name}",
+ }
+ }
+ if $require {
+ File["/etc/httpd/conf.http.d/${name}"] {
+ require => $require,
+ }
+ }
+ }
+
+ if defined(Service["httpsd"]) {
+ file { "/etc/httpd/conf.https.d/${name}":
+ ensure => $https ? {
+ true => present,
+ default => absent,
+ },
+ mode => 0644,
+ owner => root,
+ group => root,
+ notify => Service["httpsd"],
+ }
+ if $source {
+ File["/etc/httpd/conf.https.d/${name}"] {
+ source => $source,
+ }
+ }
+ if $content {
+ File["/etc/httpd/conf.https.d/${name}"] {
+ content => $content,
+ }
+ }
+ if ! $source and ! $content {
+ File["/etc/httpd/conf.https.d/${name}"] {
+ source => "/etc/httpd/conf.d/${name}",
+ }
+ }
+ if $require {
+ File["/etc/httpd/conf.https.d/${name}"] {
+ require => $require,
+ }
+ }
+ }
+
+}