tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
puppet/apache/manifests/redhat.pp
Ossi Salmi 512c38ba9d Restructured apache module
2010-11-05 22:56:18 +02:00

353 lines
9.1 KiB
Puppet
Raw Blame History

class apache::redhat::server {
if ! $httpd_user {
$httpd_user = "apache"
}
if ! $httpd_group {
$httpd_group = "apache"
}
file { [ "/etc/httpd/conf.http.d",
"/etc/httpd/site.http.d",
"/srv/www/http",
"/srv/www/http/${fqdn}",
"/srv/www/log/http",
"/srv/www/log/http/${fqdn}", ]:
ensure => directory,
mode => 0644,
owner => root,
group => root,
require => Package["httpd"],
before => File["/etc/httpd/conf/httpd.conf"],
}
File["/etc/httpd/conf.http.d", "/etc/httpd/site.http.d"] {
purge => true,
force => true,
recurse => true,
source => "puppet:///custom/empty",
}
file { "/etc/httpd/conf/httpd.conf":
ensure => present,
content => template("apache/httpd.conf.erb"),
mode => 0644,
owner => root,
group => root,
require => Package["httpd"],
notify => Service["httpd"],
}
service { "httpd":
ensure => running,
enable => true,
require => [ Package["httpd"],
File["/etc/httpd/conf/httpd.conf"], ],
}
}
define apache::redhat::site($aliases, $root, $config, $redirect) {
if $name == "default" {
$site_fqdn = $fqdn
$site_conf = "/etc/httpd/site.http.d/00-${site_fqdn}.conf"
} else {
$site_fqdn = $name
$site_conf = "/etc/httpd/site.http.d/10-${site_fqdn}.conf"
if !$redirect {
if $root {
file { "/srv/www/http/${site_fqdn}":
ensure => link,
target => $root,
before => File["${site_conf}"],
}
} else {
file { "/srv/www/http/${site_fqdn}":
ensure => directory,
mode => 0755,
owner => root,
group => root,
before => File["${site_conf}"],
}
}
file { "/srv/www/log/http/${site_fqdn}":
ensure => directory,
mode => 0755,
owner => root,
group => root,
before => File["${site_conf}"],
}
}
}
file { "${site_conf}":
ensure => present,
mode => 0644,
owner => root,
group => root,
notify => Service["httpd"],
}
if $config {
File["${site_conf}"] {
source => $config,
}
}
if $redirect {
File["${site_conf}"] {
content => "<VirtualHost *:80>\n ServerName ${site_fqdn}\n Redirect permanent / ${redirect}\n</VirtualHost>\n",
}
}
if !$config and !$redirect {
File["${site_conf}"] {
content => template("apache/site.http.conf.erb"),
}
}
}
class apache::redhat::sslserver {
if ! $httpsd_user {
$httpsd_user = "httpsd"
}
if ! $httpsd_group {
$httpsd_group = "httpsd"
}
package { "mod_ssl":
ensure => installed
}
file { [ "/etc/httpd/conf.https.d",
"/etc/httpd/site.https.d",
"/srv/www/https",
"/srv/www/https/${fqdn}",
"/srv/www/log/https",
"/srv/www/log/https/${fqdn}", ]:
ensure => directory,
mode => 0644,
owner => root,
group => root,
require => Package["httpd"],
before => File["/etc/httpd/conf/httpsd.conf"],
}
File["/etc/httpd/conf.https.d", "/etc/httpd/site.https.d"] {
purge => true,
force => true,
recurse => true,
source => "puppet:///custom/empty",
}
file { "/etc/httpd/conf/httpsd.conf":
ensure => present,
mode => 0644,
owner => root,
group => root,
content => template("apache/httpsd.conf.erb"),
require => Package["httpd"],
notify => Service["httpsd"],
}
file { "/etc/init.d/httpsd":
ensure => present,
source => "puppet:///apache/httpsd",
mode => 0755,
owner => root,
group => root,
}
file { "/usr/sbin/httpsd":
ensure => link,
target => "/usr/sbin/httpd",
seluser => "system_u",
selrole => "object_r",
seltype => "httpd_exec_t",
require => Package["httpd"],
}
service { "httpsd":
ensure => running,
enable => true,
hasstatus => true,
require => [ Package["httpd"],
Package["mod_ssl"],
File["/etc/httpd/conf/httpsd.conf"],
File["/etc/init.d/httpsd"],
File["/usr/sbin/httpsd"], ],
}
}
define apache::redhat::sslsite($root, $config, $ssl_cert, $ssl_key, $ssl_chain) {
if $name == "default" {
$site_fqdn = $fqdn
} else {
$site_fqdn = $name
if $root {
file { "/srv/www/https/${site_fqdn}":
ensure => link,
target => $root,
before => Service["httpsd"],
}
} else {
file { "/srv/www/https/${site_fqdn}":
ensure => directory,
mode => 0755,
owner => root,
group => root,
before => Service["httpsd"],
}
}
file { "/srv/www/log/https/${site_fqdn}":
ensure => directory,
mode => 0755,
owner => root,
group => root,
before => Service["httpsd"],
}
}
if $ssl_cert {
$real_ssl_cert = $ssl_cert
} else {
$real_ssl_cert = "${puppet_ssldir}/certs/${fqdn}.pem"
}
file { "/etc/pki/tls/certs/${site_fqdn}.crt":
ensure => present,
source => $real_ssl_cert,
mode => 0644,
owner => root,
group => root,
notify => Service["httpsd"],
}
if $ssl_key {
$real_ssl_key = $ssl_key
} else {
$real_ssl_key = "${puppet_ssldir}/private_keys/${fqdn}.pem"
}
file { "/etc/pki/tls/private/${site_fqdn}.key":
ensure => present,
source => $real_ssl_key,
mode => 0600,
owner => root,
group => root,
notify => Service["httpsd"],
}
if $ssl_chain {
file { "/etc/pki/tls/certs/${site_fqdn}.chain.crt":
ensure => present,
source => $ssl_chain,
mode => 0644,
owner => root,
group => root,
notify => Service["httpsd"],
}
}
file { "/etc/httpd/site.https.d/${site_fqdn}.conf":
ensure => present,
mode => 0644,
owner => root,
group => root,
notify => Service["httpsd"],
require => [ File["/etc/pki/tls/certs/${site_fqdn}.crt"],
File["/etc/pki/tls/private/${site_fqdn}.key"], ],
}
if $config {
File["/etc/httpd/site.https.d/${site_fqdn}.conf"] {
source => $config,
}
} else {
File["/etc/httpd/site.https.d/${site_fqdn}.conf"] {
content => template("apache/site.https.conf.erb"),
}
}
}
define apache::redhat::configfile($source, $content, $http, $https) {
if defined(Service["httpd"]) {
file { "/etc/httpd/conf.http.d/${name}":
ensure => $http ? {
true => present,
default => absent,
},
mode => 0644,
owner => root,
group => root,
notify => Service["httpd"],
}
if $source {
File["/etc/httpd/conf.http.d/${name}"] {
source => $source,
}
}
if $content {
File["/etc/httpd/conf.http.d/${name}"] {
content => $content,
}
}
if ! $source and ! $content {
File["/etc/httpd/conf.http.d/${name}"] {
source => "/etc/httpd/conf.d/${name}",
}
}
if $require {
File["/etc/httpd/conf.http.d/${name}"] {
require => $require,
}
}
}
if defined(Service["httpsd"]) {
file { "/etc/httpd/conf.https.d/${name}":
ensure => $https ? {
true => present,
default => absent,
},
mode => 0644,
owner => root,
group => root,
notify => Service["httpsd"],
}
if $source {
File["/etc/httpd/conf.https.d/${name}"] {
source => $source,
}
}
if $content {
File["/etc/httpd/conf.https.d/${name}"] {
content => $content,
}
}
if ! $source and ! $content {
File["/etc/httpd/conf.https.d/${name}"] {
source => "/etc/httpd/conf.d/${name}",
}
}
if $require {
File["/etc/httpd/conf.https.d/${name}"] {
require => $require,
}
}
}
}
Reference in a new issue View git blame Copy permalink