import "debian.pp" import "redhat.pp" # Install Apache, www logrotate script and cron job. # class apache::common { if $apache_datadir { file { "${apache_datadir}": ensure => directory, mode => 0755, owner => root, group => root, } file { "/srv/www": ensure => link, target => "${apache_datadir}", require => File["${apache_datadir}"], } } else { file { "/srv/www": ensure => directory, mode => 0755, owner => root, group => root, } } file { "/srv/www/log": ensure => directory, mode => 0755, owner => root, group => root, require => File["/srv/www"], } package { "httpd": name => $operatingsystem ? { debian => "apache2", ubuntu => "apache2", default => "httpd", }, ensure => installed, } file { "/usr/local/sbin/www-logrotate.sh": ensure => present, source => "puppet:///apache/www-logrotate.sh", mode => 0755, owner => root, group => root, seluser => "system_u", selrole => "object_r", seltype => "httpd_rotatelogs_exec_t", } cron { "www-logrotate": ensure => present, command => "/usr/local/sbin/www-logrotate.sh", user => "root", hour => "0", minute => "0", weekday => "1", require => File["/usr/local/sbin/www-logrotate.sh"], } } # Configure HTTP server. # # === Global variables # # $httpd_user: # User httpd runs as. Defaults to apache. # $httpd_group: # Group httpd runs as. Defaults to apache. # class apache::server inherits apache::common { case $operatingsystem { debian,ubuntu: { include apache::debian::server } centos,fedora: { include apache::redhat::server } default: { fail("Apache module not supported in ${operatingsystem}.") } } } # Configure HTTP virtual host. # # === Parameters # # $name: # FQDN of virtual host. # $aliases: # Optional ServerAlias for this virtual host. # $root: # Path to document root. Defaults to /srv/www/http/$fqdn # $config: # Path to custom configuration file. Defaults to a basic template. # $redirect: # Add redirect to given URL. # # === Sample usage # # apache::site { "default": # redirect => "http://www.example.com/", # } # apache::site { "www.example.com": # root => "/roles/prteam/public/public_access", # config => "puppet:///path/to/www.example.com.conf", # } # define apache::site($aliases="", $root="", $config="", $redirect="") { case $operatingsystem { debian,ubuntu: { apache::debian::site { "${name}": aliases => $aliases, root => $root, config => $config, redirect => $redirect, } } centos,fedora: { apache::redhat::site { "${name}": aliases => $aliases, root => $root, config => $config, redirect => $redirect, } } default: { fail("Apache module not supported in ${operatingsystem}.") } } } # Configure HTTPS server. # # === Global variables # # $httpsd_user: # User httpsd runs as. Defaults to httpsd. # $httpsd_group: # Group httpsd runs as. Defaults to httpsd. # class apache::sslserver inherits apache::common { case $operatingsystem { debian,ubuntu: { include apache::debian::sslserver } centos,fedora: { include apache::redhat::sslserver } default: { fail("Apache module not supported in ${operatingsystem}.") } } } # Configure HTTPS virtual host. # # === Parameters # # $name: # FQDN of virtual host. # $root: # Path to document root. Defaults to /srv/www/https/$fqdn # $config: # Path to custom configuration file. Defaults to a basic template. # $ssl_cert: # Path to SSL certificate. Defaults to puppet client certificate. # $ssl_key: # Path to SSL private key. Defaults to puppet client certificate. # $ssl_chain: # Path to SSL certificate chain. Defaults to none. # # === Sample usage # # apache::site { "www.example.com": # root => "/roles/prteam/public/secure_access", # config => "puppet:///path/to/www.example.com.conf", # ssl_cert => "puppet:///path/to/www.example.com.crt", # ssl_key => "puppet:///path/to/www.example.com.key", # } # define apache::sslsite($root="", $config="", $ssl_cert="", $ssl_key="", $ssl_chain="") { case $operatingsystem { debian,ubuntu: { apache::debian::sslsite { "${name}": root => $root, config => $config, ssl_cert => $ssl_cert, ssl_key => $ssl_key, ssl_chain => $ssl_chain, } } centos,fedora: { apache::redhat::sslsite { "${name}": root => $root, config => $config, ssl_cert => $ssl_cert, ssl_key => $ssl_key, ssl_chain => $ssl_chain, } } default: { fail("Apache module not supported in ${operatingsystem}.") } } } # Install extra configuration file. # # === Parameters # # $name: # Config file name. # $source: # Config file source. Defaults to /etc/httpd/conf.d/$name # if neither $source nor $content is defined. # $content: # Config file content. See also $source. # $require: # Dependencies for the config file. # $http: # Set to false to disable config on http server. # $https: # Set to false to disable config on https server. # # === Sample usage # #apache::configfile { "auth_kerb.conf": # content => template("apache/auth_kerb.conf.erb"), # require => Package["mod_auth_kerb"], # http => false, #} # define apache::configfile($source="", $content="", $http=true, $https=true) { case $operatingsystem { debian,ubuntu: { apache::debian::configfile { "${name}": source => "${source}", content => "${content}", http => $http, https => $https, } } centos,fedora: { apache::redhat::configfile { "${name}": source => "${source}", content => "${content}", http => $http, https => $https, } } default: { fail("Apache module not supported in ${operatingsystem}.") } } } # Install mod_auth_kerb. # class apache::mod::auth_kerb { package { "mod_auth_kerb": ensure => installed, require => Package["httpd"], } apache::configfile { "auth_kerb.conf": content => template("apache/auth_kerb.conf.erb"), require => Package["mod_auth_kerb"], http => false, } } # Install mod_fcgid. # class apache::mod::fcgid { package { "mod_fcgid": ensure => installed, require => Package["httpd"], } apache::configfile { "fcgid.conf": require => Package["mod_fcgid"], } } # Install mod_perl. # class apache::mod::perl { package { "mod_perl": ensure => installed, require => Package["httpd"], } apache::configfile { "perl.conf": require => Package["mod_perl"], } } # Install PHP. # class apache::mod::php { package { "php": ensure => installed, require => Package["httpd"], } apache::configfile { "php.conf": require => Package["php"], } } # Install mod_python. # class apache::mod::python { package { "mod_python": ensure => installed, require => Package["httpd"], } apache::configfile { "python.conf": require => Package["mod_python"], } } # Install mod_wsgi. # class apache::mod::wsgi { package { "mod_wsgi": ensure => installed, require => Package["httpd"], } apache::configfile { "wsgi.conf": require => Package["mod_wsgi"], } }