tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Cleaned up apache module some more.

Browse source
This commit is contained in:
Ossi Salmi 2009-11-26 18:38:06 +02:00 committed by Timo Mkinen
parent 12ac1c01a2
commit 66c88cd9cd
2 changed files with 33 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
apache/manifests/init.pp
View file

@ -89,14 +89,20 @@ class apache::server inherits apache::common {
# config => "puppet:///path/to/www.example.com.conf", # config => "puppet:///path/to/www.example.com.conf",
# } # }
# #
define apache::site($root="none", $config="none") { define apache::site($root="", $config="") {
if $name == "default" { if $name == "default" {
$site_fqdn = $fqdn $site_fqdn = $fqdn
} else { } else {
$site_fqdn = $name $site_fqdn = $name
if $root == "none" { if $root {
file { "/srv/www/http/${site_fqdn}":
ensure => link,
target => $root,
before => File["/etc/httpd/site.http.d/${site_fqdn}.conf"],
}
} else {
file { "/srv/www/http/${site_fqdn}": file { "/srv/www/http/${site_fqdn}":
ensure => directory, ensure => directory,
mode => 0755, mode => 0755,
@ -104,12 +110,6 @@ define apache::site($root="none", $config="none") {
group => root, group => root,
before => File["/etc/httpd/site.http.d/${site_fqdn}.conf"], before => File["/etc/httpd/site.http.d/${site_fqdn}.conf"],
} }
} else {
file { "/srv/www/http/${site_fqdn}":
ensure => link,
target => "${root}",
before => File["/etc/httpd/site.http.d/${site_fqdn}.conf"],
}
} }
file { "/srv/www/log/http/${site_fqdn}": file { "/srv/www/log/http/${site_fqdn}":
@ -126,13 +126,13 @@ define apache::site($root="none", $config="none") {
notify => Service["httpd"], notify => Service["httpd"],
} }
if $config == "none" { if $config {
File["/etc/httpd/site.http.d/${site_fqdn}.conf"] { File["/etc/httpd/site.http.d/${site_fqdn}.conf"] {
content => template("apache/site.http.conf.erb"), source => $config,
} }
} else { } else {
File["/etc/httpd/site.http.d/${site_fqdn}.conf"] { File["/etc/httpd/site.http.d/${site_fqdn}.conf"] {
source => "${config}", content => template("apache/site.http.conf.erb"),
} }
} }
@ -220,26 +220,25 @@ class apache::sslserver inherits apache::common {
# ssl_key => "puppet:///path/to/www.example.com.key", # ssl_key => "puppet:///path/to/www.example.com.key",
# } # }
# #
define apache::sslsite($root="none", $config="none", define apache::sslsite($root="", $config="", $ssl_cert="", $ssl_key="", $ssl_chain="") {
$ssl_cert="none", $ssl_key="none", $ssl_chain="none") {
if $name == "default" { if $name == "default" {
$site_fqdn = $fqdn $site_fqdn = $fqdn
} else { } else {
$site_fqdn = $name $site_fqdn = $name
if $root == "none" { if $root {
file { "/srv/www/https/${site_fqdn}":
ensure => link,
target => $root,
}
} else {
file { "/srv/www/https/${site_fqdn}": file { "/srv/www/https/${site_fqdn}":
ensure => directory, ensure => directory,
mode => 0755, mode => 0755,
owner => root, owner => root,
group => root, group => root,
} }
} else {
file { "/srv/www/https/${site_fqdn}":
ensure => link,
target => "${root}",
}
} }
file { "/srv/www/log/https/${site_fqdn}": file { "/srv/www/log/https/${site_fqdn}":
@ -250,40 +249,40 @@ define apache::sslsite($root="none", $config="none",
} }
} }
if $ssl_cert == "none" { if $ssl_cert {
$real_ssl_cert = "${puppet_ssldir}/certs/${fqdn}.pem"
} else {
$real_ssl_cert = $ssl_cert $real_ssl_cert = $ssl_cert
} else {
$real_ssl_cert = "${puppet_ssldir}/certs/${fqdn}.pem"
} }
file { "/etc/pki/tls/certs/${site_fqdn}.crt": file { "/etc/pki/tls/certs/${site_fqdn}.crt":
ensure => present, ensure => present,
source => "${real_ssl_cert}", source => $real_ssl_cert,
mode => 0644, mode => 0644,
owner => root, owner => root,
group => root, group => root,
notify => Service["httpsd"], notify => Service["httpsd"],
} }
if $ssl_key == "none" { if $ssl_key {
$real_ssl_key = "${puppet_ssldir}/private_keys/${fqdn}.pem"
} else {
$real_ssl_key = $ssl_key $real_ssl_key = $ssl_key
} else {
$real_ssl_key = "${puppet_ssldir}/private_keys/${fqdn}.pem"
} }
file { "/etc/pki/tls/private/${site_fqdn}.key": file { "/etc/pki/tls/private/${site_fqdn}.key":
ensure => present, ensure => present,
source => "${real_ssl_key}", source => $real_ssl_key,
mode => 0600, mode => 0600,
owner => root, owner => root,
group => root, group => root,
notify => Service["httpsd"], notify => Service["httpsd"],
} }
if $ssl_chain != "none" { if $ssl_chain {
file { "/etc/pki/tls/certs/${site_fqdn}.chain.crt": file { "/etc/pki/tls/certs/${site_fqdn}.chain.crt":
ensure => present, ensure => present,
source => "${ssl_chain}", source => $ssl_chain,
mode => 0644, mode => 0644,
owner => root, owner => root,
group => root, group => root,
@ -298,13 +297,13 @@ define apache::sslsite($root="none", $config="none",
File["/etc/pki/tls/private/${site_fqdn}.key"], ], File["/etc/pki/tls/private/${site_fqdn}.key"], ],
} }
if $config == "none" { if $config {
File["/etc/httpd/site.https.d/${site_fqdn}.conf"] { File["/etc/httpd/site.https.d/${site_fqdn}.conf"] {
content => template("apache/site.https.conf.erb"), source => $config,
} }
} else { } else {
File["/etc/httpd/site.https.d/${site_fqdn}.conf"] { File["/etc/httpd/site.https.d/${site_fqdn}.conf"] {
source => "${config}", content => template("apache/site.https.conf.erb"),
} }
} }

4
apache/templates/site.https.conf.erb
View file

@ -125,8 +125,8 @@ SSLCertificateKeyFile /etc/pki/tls/private/<%= site_fqdn %>.key
# the referenced file can be the same as SSLCertificateFile # the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server # when the CA certificates are directly appended to the server
# certificate for convinience. # certificate for convinience.
<% if ssl_chain != "none" -%> <% if ssl_chain != "" -%>
SSLCertificateChainFile <%= site_fqdn %>.chain.crt SSLCertificateChainFile /etc/pki/tls/certs/<%= site_fqdn %>.chain.crt
<% end -%> <% end -%>
# Certificate Authority (CA): # Certificate Authority (CA):