diff --git a/apache/manifests/debian.pp b/apache/manifests/debian.pp
index 116cf73..7f3a462 100644
--- a/apache/manifests/debian.pp
+++ b/apache/manifests/debian.pp
@@ -88,14 +88,16 @@ class apache::debian::server inherits apache::debian::common {
}
-define apache::debian::site($aliases, $root, $config, $redirect) {
+define apache::debian::site($aliases, $root, $redirect) {
if $name == "default" {
$site_fqdn = $fqdn
$site_conf = "/etc/apache2/sites-enabled/00-${site_fqdn}.conf"
+ $site_confdir = "/etc/apache2/sites-enabled/00-${site_fqdn}.d"
} else {
$site_fqdn = $name
$site_conf = "/etc/apache2/sites-enabled/${site_fqdn}.conf"
+ $site_confdir = "/etc/apache2/sites-enabled/${site_fqdn}.d"
if !$redirect {
if $root {
@@ -132,20 +134,27 @@ define apache::debian::site($aliases, $root, $config, $redirect) {
notify => Service["apache2"],
}
- if $config {
- File["${site_conf}"] {
- source => $config,
- }
- }
if $redirect {
File["${site_conf}"] {
content => "\n ServerName ${site_fqdn}\n Redirect permanent / ${redirect}\n\n",
}
- }
- if !$config and !$redirect {
+ } else {
File["${site_conf}"] {
content => template("apache/site.http.conf.erb"),
}
+ file { "${site_confdir}":
+ ensure => directory,
+ mode => 0644,
+ owner => root,
+ group => root,
+ purge => true,
+ force => true,
+ recurse => true,
+ source => [ "puppet:///files/apache/sites/${site_fqdn}",
+ "puppet:///custom/empty", ],
+ before => File["${site_conf}"],
+ notify => Service["apache2"],
+ }
}
}
@@ -171,7 +180,7 @@ class apache::debian::sslserver inherits apache::debian::common {
}
-define apache::debian::sslsite($root, $config, $ssl_cert, $ssl_key, $ssl_chain) {
+define apache::debian::sslsite($root, $ssl_cert, $ssl_key, $ssl_chain) {
if $name == "default" {
$site_fqdn = $fqdn
@@ -244,8 +253,12 @@ define apache::debian::sslsite($root, $config, $ssl_cert, $ssl_key, $ssl_chain)
}
}
- file { "/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf":
+ $site_conf = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf"
+ $site_confdir = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.d"
+
+ file { "${site_conf}":
ensure => present,
+ content => template("apache/site.https.conf.erb"),
mode => 0644,
owner => root,
group => root,
@@ -254,14 +267,18 @@ define apache::debian::sslsite($root, $config, $ssl_cert, $ssl_key, $ssl_chain)
File["/etc/ssl/private/${site_fqdn}.key"], ],
}
- if $config {
- File["/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf"] {
- source => $config,
- }
- } else {
- File["/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf"] {
- content => template("apache/site.https.conf.erb"),
- }
+ file { "${site_confdir}":
+ ensure => directory,
+ mode => 0644,
+ owner => root,
+ group => root,
+ purge => true,
+ force => true,
+ recurse => true,
+ source => [ "puppet:///files/apache/sslsites/${site_fqdn}",
+ "puppet:///custom/empty", ],
+ before => File["${site_conf}"],
+ notify => Service["apache2"],
}
}
diff --git a/apache/manifests/init.pp b/apache/manifests/init.pp
index 6d739d4..9ed0917 100644
--- a/apache/manifests/init.pp
+++ b/apache/manifests/init.pp
@@ -104,8 +104,6 @@ class apache::server inherits apache::common {
# Optional ServerAlias for this virtual host.
# $root:
# Path to document root. Defaults to /srv/www/http/$fqdn
-# $config:
-# Path to custom configuration file. Defaults to a basic template.
# $redirect:
# Add redirect to given URL.
#
@@ -116,17 +114,15 @@ class apache::server inherits apache::common {
# }
# apache::site { "www.example.com":
# root => "/roles/prteam/public/public_access",
-# config => "puppet:///path/to/www.example.com.conf",
# }
#
-define apache::site($aliases="", $root="", $config="", $redirect="") {
+define apache::site($aliases="", $root="", $redirect="") {
case $operatingsystem {
debian,ubuntu: {
apache::debian::site { "${name}":
aliases => $aliases,
root => $root,
- config => $config,
redirect => $redirect,
}
}
@@ -134,7 +130,6 @@ define apache::site($aliases="", $root="", $config="", $redirect="") {
apache::redhat::site { "${name}":
aliases => $aliases,
root => $root,
- config => $config,
redirect => $redirect,
}
}
@@ -191,8 +186,6 @@ class apache::sslserver inherits apache::common {
# FQDN of virtual host.
# $root:
# Path to document root. Defaults to /srv/www/https/$fqdn
-# $config:
-# Path to custom configuration file. Defaults to a basic template.
# $ssl_cert:
# Path to SSL certificate. Defaults to puppet client certificate.
# $ssl_key:
@@ -204,19 +197,17 @@ class apache::sslserver inherits apache::common {
#
# apache::site { "www.example.com":
# root => "/roles/prteam/public/secure_access",
-# config => "puppet:///path/to/www.example.com.conf",
# ssl_cert => "puppet:///path/to/www.example.com.crt",
# ssl_key => "puppet:///path/to/www.example.com.key",
# }
#
-define apache::sslsite($root="", $config="", $ssl_cert="", $ssl_key="", $ssl_chain="") {
+define apache::sslsite($root="", $ssl_cert="", $ssl_key="", $ssl_chain="") {
case $operatingsystem {
debian,ubuntu: {
$apache_ssldir = "/etc/ssl"
apache::debian::sslsite { "${name}":
root => $root,
- config => $config,
ssl_cert => $ssl_cert,
ssl_key => $ssl_key,
ssl_chain => $ssl_chain,
@@ -226,7 +217,6 @@ define apache::sslsite($root="", $config="", $ssl_cert="", $ssl_key="", $ssl_cha
$apache_ssldir = "/etc/pki/tls"
apache::redhat::sslsite { "${name}":
root => $root,
- config => $config,
ssl_cert => $ssl_cert,
ssl_key => $ssl_key,
ssl_chain => $ssl_chain,
diff --git a/apache/manifests/redhat.pp b/apache/manifests/redhat.pp
index f2a566c..a5204fc 100644
--- a/apache/manifests/redhat.pp
+++ b/apache/manifests/redhat.pp
@@ -48,14 +48,16 @@ class apache::redhat::server {
}
-define apache::redhat::site($aliases, $root, $config, $redirect) {
+define apache::redhat::site($aliases, $root, $redirect) {
if $name == "default" {
$site_fqdn = $fqdn
$site_conf = "/etc/httpd/site.http.d/00-${site_fqdn}.conf"
+ $site_confdir = "/etc/httpd/site.http.d/00-${site_fqdn}.d"
} else {
$site_fqdn = $name
- $site_conf = "/etc/httpd/site.http.d/10-${site_fqdn}.conf"
+ $site_conf = "/etc/httpd/site.http.d/${site_fqdn}.conf"
+ $site_confdir = "/etc/httpd/site.http.d/${site_fqdn}.d"
if !$redirect {
if $root {
@@ -92,20 +94,27 @@ define apache::redhat::site($aliases, $root, $config, $redirect) {
notify => Service["httpd"],
}
- if $config {
- File["${site_conf}"] {
- source => $config,
- }
- }
if $redirect {
File["${site_conf}"] {
content => "\n ServerName ${site_fqdn}\n Redirect permanent / ${redirect}\n\n",
}
- }
- if !$config and !$redirect {
+ } else {
File["${site_conf}"] {
content => template("apache/site.http.conf.erb"),
}
+ file { "${site_confdir}":
+ ensure => directory,
+ mode => 0644,
+ owner => root,
+ group => root,
+ purge => true,
+ force => true,
+ recurse => true,
+ source => [ "puppet:///files/apache/sites/${site_fqdn}",
+ "puppet:///custom/empty", ],
+ before => File["${site_conf}"],
+ notify => Service["httpd"],
+ }
}
}
@@ -186,7 +195,7 @@ class apache::redhat::sslserver {
}
-define apache::redhat::sslsite($root, $config, $ssl_cert, $ssl_key, $ssl_chain) {
+define apache::redhat::sslsite($root, $ssl_cert, $ssl_key, $ssl_chain) {
if $name == "default" {
$site_fqdn = $fqdn
@@ -259,8 +268,12 @@ define apache::redhat::sslsite($root, $config, $ssl_cert, $ssl_key, $ssl_chain)
}
}
- file { "/etc/httpd/site.https.d/${site_fqdn}.conf":
+ $site_conf = "/etc/httpd/site.https.d/${site_fqdn}.conf"
+ $site_confdir = "/etc/httpd/site.https.d/${site_fqdn}.d"
+
+ file { "${site_conf}":
ensure => present,
+ content => template("apache/site.https.conf.erb"),
mode => 0644,
owner => root,
group => root,
@@ -269,14 +282,18 @@ define apache::redhat::sslsite($root, $config, $ssl_cert, $ssl_key, $ssl_chain)
File["/etc/pki/tls/private/${site_fqdn}.key"], ],
}
- if $config {
- File["/etc/httpd/site.https.d/${site_fqdn}.conf"] {
- source => $config,
- }
- } else {
- File["/etc/httpd/site.https.d/${site_fqdn}.conf"] {
- content => template("apache/site.https.conf.erb"),
- }
+ file { "${site_confdir}":
+ ensure => directory,
+ mode => 0644,
+ owner => root,
+ group => root,
+ purge => true,
+ force => true,
+ recurse => true,
+ source => [ "puppet:///files/apache/sslsites/${site_fqdn}",
+ "puppet:///custom/empty", ],
+ before => File["${site_conf}"],
+ notify => Service["httpsd"],
}
}
diff --git a/apache/templates/site.http.conf.erb b/apache/templates/site.http.conf.erb
index f3945c8..63cb94b 100644
--- a/apache/templates/site.http.conf.erb
+++ b/apache/templates/site.http.conf.erb
@@ -6,4 +6,5 @@
ErrorLog /srv/www/log/http/<%= site_fqdn %>/error_log
CustomLog /srv/www/log/http/<%= site_fqdn %>/access_log combined
DocumentRoot /srv/www/http/<%= site_fqdn %>
+ Include <%= site_confdir %>
diff --git a/apache/templates/site.https.conf.erb b/apache/templates/site.https.conf.erb
index 221bbac..7f85259 100644
--- a/apache/templates/site.https.conf.erb
+++ b/apache/templates/site.https.conf.erb
@@ -234,5 +234,7 @@ SetEnvIf User-Agent ".*MSIE.*" \
#CustomLog logs/ssl_request_log \
# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+Include <%= site_confdir %>
+