# Install Apache, www logrotate script and cron job. # class apache::common { file { [ "/srv/www", "/srv/www/log", ]: ensure => directory, mode => 0755, owner => root, group => root, } package { "httpd": ensure => installed, } file { "/usr/local/sbin/www-logrotate.sh": ensure => present, source => "puppet:///apache/www-logrotate.sh", mode => 0755, owner => root, group => root, } cron { "www-logrotate": ensure => present, command => "/usr/local/sbin/www-logrotate.sh", user => "root", hour => "0", minute => "0", weekday => "1", require => File["/usr/local/sbin/www-logrotate.sh"], } } # Configure HTTP server. # class apache::server inherits apache::common { file { [ "/etc/httpd/conf.http.d", "/etc/httpd/site.http.d", "/srv/www/http", "/srv/www/http/${fqdn}", "/srv/www/log/http", "/srv/www/log/http/${fqdn}", ]: ensure => directory, mode => 0755, owner => root, group => root, require => Package["httpd"], before => File["/etc/httpd/conf/httpd.conf"], } file { "/etc/httpd/conf/httpd.conf": ensure => present, content => template("apache/httpd.conf.erb"), require => Package["httpd"], notify => Service["httpd"], } service { "httpd": ensure => running, enable => true, require => [ Package["httpd"], File["/etc/httpd/conf/httpd.conf"], ], } } # Configure HTTP virtual host. # # === Parameters # # $name: # FQDN of virtual host. # $root: # Path to document root. Defaults to /srv/www/http/$fqdn # $config: # Path to custom configuration file. Defaults to a basic template. # # === Sample usage # # apache::site { "www.example.com": # root => "/roles/prteam/public/public_access", # config => "puppet:///path/to/www.example.com.conf", # } # define apache::site($root="none", $config="none") { if $name == "default" { $site_fqdn = $fqdn } else { $site_fqdn = $name if $root == "none" { file { "/srv/www/http/${site_fqdn}": ensure => directory, mode => 0755, owner => root, group => root, before => File["/etc/httpd/site.http.d/${site_fqdn}.conf"], } } else { file { "/srv/www/http/${site_fqdn}": ensure => link, target => "${root}", before => File["/etc/httpd/site.http.d/${site_fqdn}.conf"], } } file { "/srv/www/log/http/${site_fqdn}": ensure => directory, mode => 0755, owner => root, group => root, before => File["/etc/httpd/site.http.d/${site_fqdn}.conf"], } } file { "/etc/httpd/site.http.d/${site_fqdn}.conf": ensure => present, notify => Service["httpd"], } if $config == "none" { File["/etc/httpd/site.http.d/${site_fqdn}.conf"] { content => template("apache/site.http.conf.erb"), } } else { File["/etc/httpd/site.http.d/${site_fqdn}.conf"] { source => "${config}", } } } # Configure HTTPS server. # class apache::sslserver inherits apache::common { package { "mod_ssl": ensure => installed } file { [ "/etc/httpd/conf.https.d", "/etc/httpd/site.https.d", "/srv/www/https", "/srv/www/https/${fqdn}", "/srv/www/log/https", "/srv/www/log/https/${fqdn}", ]: ensure => directory, mode => 0755, owner => root, group => root, require => Package["httpd"], before => File["/etc/httpd/conf/httpsd.conf"], } file { "/etc/httpd/conf/httpsd.conf": ensure => present, content => template("apache/httpsd.conf.erb"), require => Package["httpd"], notify => Service["httpsd"], } file { "/etc/init.d/httpsd": ensure => present, source => "puppet:///apache/httpsd", mode => 0755, owner => root, group => root, } file { "/usr/sbin/httpsd": ensure => link, target => "/usr/sbin/httpd", } service { "httpsd": ensure => running, enable => true, require => [ Package["httpd"], Package["mod_ssl"], File["/etc/httpd/conf/httpsd.conf"], File["/etc/init.d/httpsd"], File["/usr/sbin/httpsd"], ], } } # Configure HTTPS virtual host. # # === Parameters # # $name: # FQDN of virtual host. # $root: # Path to document root. Defaults to /srv/www/https/$fqdn # $config: # Path to custom configuration file. Defaults to a basic template. # $ssl_cert: # Path to SSL certificate. Defaults to puppet client certificate. # $ssl_key: # Path to SSL private key. Defaults to puppet client certificate. # $ssl_chain: # Path to SSL certificate chain. Defaults to none. # # === Sample usage # # apache::site { "www.example.com": # root => "/roles/prteam/public/secure_access", # config => "puppet:///path/to/www.example.com.conf", # ssl_cert => "puppet:///path/to/www.example.com.crt", # ssl_key => "puppet:///path/to/www.example.com.key", # } # define apache::sslsite($root="none", $config="none", $ssl_cert="none", $ssl_key="none", $ssl_chain="none") { if $name == "default" { $site_fqdn = $fqdn } else { $site_fqdn = $name if $root == "none" { file { "/srv/www/https/${site_fqdn}": ensure => directory, mode => 0755, owner => root, group => root, } } else { file { "/srv/www/https/${site_fqdn}": ensure => link, target => "${root}", } } file { "/srv/www/log/https/${site_fqdn}": ensure => directory, mode => 0755, owner => root, group => root, } } if $ssl_cert == "none" { $real_ssl_cert = "${puppet_ssldir}/certs/${fqdn}.pem" } else { $real_ssl_cert = $ssl_cert } file { "/etc/pki/tls/certs/${site_fqdn}.crt": ensure => present, source => "${real_ssl_cert}", mode => 0644, owner => root, group => root, notify => Service["httpsd"], } if $ssl_key == "none" { $real_ssl_key = "${puppet_ssldir}/private_keys/${fqdn}.pem" } else { $real_ssl_key = $ssl_key } file { "/etc/pki/tls/private/${site_fqdn}.key": ensure => present, source => "${real_ssl_key}", mode => 0600, owner => root, group => root, notify => Service["httpsd"], } if $ssl_chain != "none" { file { "/etc/pki/tls/certs/${site_fqdn}.chain.crt": ensure => present, source => "${ssl_chain}", mode => 0644, owner => root, group => root, notify => Service["httpsd"], } } file { "/etc/httpd/site.https.d/${site_fqdn}.conf": ensure => present, notify => Service["httpsd"], require => [ File["/etc/pki/tls/certs/${site_fqdn}.crt"], File["/etc/pki/tls/private/${site_fqdn}.key"], ], } if $config == "none" { File["/etc/httpd/site.https.d/${site_fqdn}.conf"] { content => template("apache/site.https.conf.erb"), } } else { File["/etc/httpd/site.https.d/${site_fqdn}.conf"] { source => "${config}", } } } # Install mod_python. # class apache::mod::python { package { "mod_python": ensure => installed, require => Package["httpd"], } if defined(Service["httpd"]) { file { "/etc/httpd/conf.http.d/python.conf": ensure => link, target => "/etc/httpd/conf.d/python.conf", require => Package["mod_python"], notify => Service["httpd"], } } if defined(Service["httpsd"]) { file { "/etc/httpd/conf.https.d/python.conf": ensure => link, target => "/etc/httpd/conf.d/python.conf", require => Package["mod_python"], notify => Service["httpsd"], } } }