Improved apache virtual host configuration

Additional configuration files are now fetched from the puppet file server.
2010-11-05 16:55:08 +02:00 · 2010-11-05 16:55:08 +02:00 · 63440a18d4
commit 63440a18d4
parent eca8e074e5
5 changed files with 76 additions and 49 deletions
--- a/apache/manifests/debian.pp
+++ b/apache/manifests/debian.pp
@ -88,14 +88,16 @@ class apache::debian::server inherits apache::debian::common {
 }
-define apache::debian::site($aliases, $root, $config, $redirect) {
+define apache::debian::site($aliases, $root, $redirect) {
    if $name == "default" {
        $site_fqdn = $fqdn
        $site_conf = "/etc/apache2/sites-enabled/00-${site_fqdn}.conf"
        $site_confdir = "/etc/apache2/sites-enabled/00-${site_fqdn}.d"
    } else {
        $site_fqdn = $name
        $site_conf = "/etc/apache2/sites-enabled/${site_fqdn}.conf"
        $site_confdir = "/etc/apache2/sites-enabled/${site_fqdn}.d"
        if !$redirect {
            if $root {
@ -132,20 +134,27 @@ define apache::debian::site($aliases, $root, $config, $redirect) {
        notify => Service["apache2"],
    }
    if $config {
        File["${site_conf}"] {
            source => $config,
        }
    }
    if $redirect {
        File["${site_conf}"] {
            content => "<VirtualHost *:80>\n  ServerName ${site_fqdn}\n  Redirect permanent / ${redirect}\n</VirtualHost>\n",
        }
-    }
+    } else {
    if !$config and !$redirect {
        File["${site_conf}"] {
            content => template("apache/site.http.conf.erb"),
        }
        file { "${site_confdir}":
            ensure  => directory,
            mode    => 0644,
            owner   => root,
            group   => root,
            purge   => true,
            force   => true,
            recurse => true,
            source  => [ "puppet:///files/apache/sites/${site_fqdn}",
                         "puppet:///custom/empty", ],
            before  => File["${site_conf}"],
            notify  => Service["apache2"],
        }
    }
 }
@ -171,7 +180,7 @@ class apache::debian::sslserver inherits apache::debian::common {
 }
-define apache::debian::sslsite($root, $config, $ssl_cert, $ssl_key, $ssl_chain) {
+define apache::debian::sslsite($root, $ssl_cert, $ssl_key, $ssl_chain) {
    if $name == "default" {
        $site_fqdn = $fqdn
@ -244,8 +253,12 @@ define apache::debian::sslsite($root, $config, $ssl_cert, $ssl_key, $ssl_chain)
        }
    }
-    file { "/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf":
+    $site_conf = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf"
    $site_confdir = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.d"
    file { "${site_conf}":
        ensure  => present,
        content => template("apache/site.https.conf.erb"),
        mode    => 0644,
        owner   => root,
        group   => root,
@ -254,14 +267,18 @@ define apache::debian::sslsite($root, $config, $ssl_cert, $ssl_key, $ssl_chain)
                     File["/etc/ssl/private/${site_fqdn}.key"], ],
    }
-    if $config {
+    file { "${site_confdir}":
-        File["/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf"] {
+        ensure  => directory,
-            source => $config,
+        mode    => 0644,
-        }
+        owner   => root,
-    } else {
+        group   => root,
-        File["/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf"] {
+        purge   => true,
-            content => template("apache/site.https.conf.erb"),
+        force   => true,
-        }
+        recurse => true,
        source  => [ "puppet:///files/apache/sslsites/${site_fqdn}",
                     "puppet:///custom/empty", ],
        before  => File["${site_conf}"],
        notify  => Service["apache2"],
    }
 }
--- a/apache/manifests/init.pp
+++ b/apache/manifests/init.pp
@ -104,8 +104,6 @@ class apache::server inherits apache::common {
 #       Optional ServerAlias for this virtual host.
 #   $root:
 #       Path to document root. Defaults to /srv/www/http/$fqdn
 #   $config:
 #       Path to custom configuration file. Defaults to a basic template.
 #   $redirect:
 #       Add redirect to given URL.
 #
@ -116,17 +114,15 @@ class apache::server inherits apache::common {
 # }
 # apache::site { "www.example.com":
 #     root   => "/roles/prteam/public/public_access",
 #     config => "puppet:///path/to/www.example.com.conf",
 # }
 #
-define apache::site($aliases="", $root="", $config="", $redirect="") {
+define apache::site($aliases="", $root="", $redirect="") {
    case $operatingsystem {
        debian,ubuntu: {
            apache::debian::site { "${name}":
                aliases  => $aliases,
                root     => $root,
                config   => $config,
                redirect => $redirect,
            }
        }
@ -134,7 +130,6 @@ define apache::site($aliases="", $root="", $config="", $redirect="") {
            apache::redhat::site { "${name}":
                aliases  => $aliases,
                root     => $root,
                config   => $config,
                redirect => $redirect,
            }
        }
@ -191,8 +186,6 @@ class apache::sslserver inherits apache::common {
 #       FQDN of virtual host.
 #   $root:
 #       Path to document root. Defaults to /srv/www/https/$fqdn
 #   $config:
 #       Path to custom configuration file. Defaults to a basic template.
 #   $ssl_cert:
 #       Path to SSL certificate. Defaults to puppet client certificate.
 #   $ssl_key:
@ -204,19 +197,17 @@ class apache::sslserver inherits apache::common {
 #
 # apache::site { "www.example.com":
 #     root     => "/roles/prteam/public/secure_access",
 #     config   => "puppet:///path/to/www.example.com.conf",
 #     ssl_cert => "puppet:///path/to/www.example.com.crt",
 #     ssl_key  => "puppet:///path/to/www.example.com.key",
 # }
 #
-define apache::sslsite($root="", $config="", $ssl_cert="", $ssl_key="", $ssl_chain="") {
+define apache::sslsite($root="", $ssl_cert="", $ssl_key="", $ssl_chain="") {
    case $operatingsystem {
        debian,ubuntu: {
            $apache_ssldir = "/etc/ssl"
            apache::debian::sslsite { "${name}":
                root      => $root,
                config    => $config,
                ssl_cert  => $ssl_cert,
                ssl_key   => $ssl_key,
                ssl_chain => $ssl_chain,
@ -226,7 +217,6 @@ define apache::sslsite($root="", $config="", $ssl_cert="", $ssl_key="", $ssl_cha
            $apache_ssldir = "/etc/pki/tls"
            apache::redhat::sslsite { "${name}":
                root      => $root,
                config    => $config,
                ssl_cert  => $ssl_cert,
                ssl_key   => $ssl_key,
                ssl_chain => $ssl_chain,
--- a/apache/manifests/redhat.pp
+++ b/apache/manifests/redhat.pp
@ -48,14 +48,16 @@ class apache::redhat::server {
 }
-define apache::redhat::site($aliases, $root, $config, $redirect) {
+define apache::redhat::site($aliases, $root, $redirect) {
    if $name == "default" {
        $site_fqdn = $fqdn
        $site_conf = "/etc/httpd/site.http.d/00-${site_fqdn}.conf"
        $site_confdir = "/etc/httpd/site.http.d/00-${site_fqdn}.d"
    } else {
        $site_fqdn = $name
-        $site_conf = "/etc/httpd/site.http.d/10-${site_fqdn}.conf"
+        $site_conf = "/etc/httpd/site.http.d/${site_fqdn}.conf"
        $site_confdir = "/etc/httpd/site.http.d/${site_fqdn}.d"
        if !$redirect {
            if $root {
@ -92,20 +94,27 @@ define apache::redhat::site($aliases, $root, $config, $redirect) {
        notify => Service["httpd"],
    }
    if $config {
        File["${site_conf}"] {
            source => $config,
        }
    }
    if $redirect {
        File["${site_conf}"] {
            content => "<VirtualHost *:80>\n  ServerName ${site_fqdn}\n  Redirect permanent / ${redirect}\n</VirtualHost>\n",
        }
-    }
+    } else {
    if !$config and !$redirect {
        File["${site_conf}"] {
            content => template("apache/site.http.conf.erb"),
        }
        file { "${site_confdir}":
            ensure  => directory,
            mode    => 0644,
            owner   => root,
            group   => root,
            purge   => true,
            force   => true,
            recurse => true,
            source  => [ "puppet:///files/apache/sites/${site_fqdn}",
                         "puppet:///custom/empty", ],
            before  => File["${site_conf}"],
            notify  => Service["httpd"],
        }
    }
 }
@ -186,7 +195,7 @@ class apache::redhat::sslserver {
 }
-define apache::redhat::sslsite($root, $config, $ssl_cert, $ssl_key, $ssl_chain) {
+define apache::redhat::sslsite($root, $ssl_cert, $ssl_key, $ssl_chain) {
    if $name == "default" {
        $site_fqdn = $fqdn
@ -259,8 +268,12 @@ define apache::redhat::sslsite($root, $config, $ssl_cert, $ssl_key, $ssl_chain)
        }
    }
-    file { "/etc/httpd/site.https.d/${site_fqdn}.conf":
+    $site_conf = "/etc/httpd/site.https.d/${site_fqdn}.conf"
    $site_confdir = "/etc/httpd/site.https.d/${site_fqdn}.d"
    file { "${site_conf}":
        ensure  => present,
        content => template("apache/site.https.conf.erb"),
        mode    => 0644,
        owner   => root,
        group   => root,
@ -269,14 +282,18 @@ define apache::redhat::sslsite($root, $config, $ssl_cert, $ssl_key, $ssl_chain)
                     File["/etc/pki/tls/private/${site_fqdn}.key"], ],
    }
-    if $config {
+    file { "${site_confdir}":
-        File["/etc/httpd/site.https.d/${site_fqdn}.conf"] {
+        ensure  => directory,
-            source => $config,
+        mode    => 0644,
-        }
+        owner   => root,
-    } else {
+        group   => root,
-        File["/etc/httpd/site.https.d/${site_fqdn}.conf"] {
+        purge   => true,
-            content => template("apache/site.https.conf.erb"),
+        force   => true,
-        }
+        recurse => true,
        source  => [ "puppet:///files/apache/sslsites/${site_fqdn}",
                     "puppet:///custom/empty", ],
        before  => File["${site_conf}"],
        notify  => Service["httpsd"],
    }
 }
--- a/apache/templates/site.http.conf.erb
+++ b/apache/templates/site.http.conf.erb
@ -6,4 +6,5 @@
  ErrorLog /srv/www/log/http/<%= site_fqdn %>/error_log
  CustomLog /srv/www/log/http/<%= site_fqdn %>/access_log combined
  DocumentRoot /srv/www/http/<%= site_fqdn %>
  Include <%= site_confdir %>
 </VirtualHost>
--- a/apache/templates/site.https.conf.erb
+++ b/apache/templates/site.https.conf.erb
@ -234,5 +234,7 @@ SetEnvIf User-Agent ".*MSIE.*" \
 #CustomLog logs/ssl_request_log \
 #          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 Include <%= site_confdir %>
 </VirtualHost>