puppet/apache/manifests/init.pp

# Install Apache, www logrotate script and cron job.
#
class apache::common {

    file { [ "/srv/www",
             "/srv/www/log", ]:
        ensure => directory,
        mode   => 0755,
        owner  => root,
        group  => root,
    }

    package { "httpd":
        ensure => installed,
    }

    file { "/usr/local/sbin/www-logrotate.sh":
        ensure => present,
        source => "puppet:///apache/www-logrotate.sh",
        mode   => 0755,
        owner  => root,
        group  => root,
    }

    cron { "www-logrotate":
        ensure  => present,
        command => "/usr/local/sbin/www-logrotate.sh",
        user    => "root",
        hour    => "0",
        minute  => "0",
        weekday => "1",
        require => File["/usr/local/sbin/www-logrotate.sh"],
    }

}


# Configure HTTP server.
#
class apache::server inherits apache::common {

    file { [ "/etc/httpd/conf.http.d",
             "/etc/httpd/site.http.d",
             "/srv/www/http",
             "/srv/www/http/${fqdn}",
             "/srv/www/log/http",
             "/srv/www/log/http/${fqdn}", ]:
        ensure  => directory,
        mode    => 0755,
        owner   => root,
        group   => root,
        require => Package["httpd"],
        before  => File["/etc/httpd/conf/httpd.conf"],
    }

    file { "/etc/httpd/conf/httpd.conf":
        ensure  => present,
        content => template("apache/httpd.conf.erb"),
        require => Package["httpd"],
        notify  => Service["httpd"],
    }

    service { "httpd":
        ensure  => running,
        enable  => true,
        require => [ Package["httpd"],
                     File["/etc/httpd/conf/httpd.conf"], ],
    }

}


# Configure HTTP virtual host.
#
# === Parameters
#
#   $name:
#       FQDN of virtual host.
#   $root:
#       Path to document root. Defaults to /srv/www/http/$fqdn
#   $config:
#       Path to custom configuration file. Defaults to a basic template.
#
# === Sample usage
#
# apache::site { "www.example.com":
#     root   => "/roles/prteam/public/public_access",
#     config => "puppet:///path/to/www.example.com.conf",
# }
#
define apache::site($root="", $config="") {

    if $name == "default" {
        $site_fqdn = $fqdn
    } else {
        $site_fqdn = $name

        if $root {
            file { "/srv/www/http/${site_fqdn}":
                ensure => link,
                target => $root,
                before => File["/etc/httpd/site.http.d/${site_fqdn}.conf"],
            }
        } else {
            file { "/srv/www/http/${site_fqdn}":
                ensure => directory,
                mode   => 0755,
                owner  => root,
                group  => root,
                before => File["/etc/httpd/site.http.d/${site_fqdn}.conf"],
            }
        }

        file { "/srv/www/log/http/${site_fqdn}":
            ensure => directory,
            mode   => 0755,
            owner  => root,
            group  => root,
            before => File["/etc/httpd/site.http.d/${site_fqdn}.conf"],
        }
    }

    file { "/etc/httpd/site.http.d/${site_fqdn}.conf":
        ensure => present,
        notify => Service["httpd"],
    }

    if $config {
        File["/etc/httpd/site.http.d/${site_fqdn}.conf"] {
            source => $config,
        }
    } else {
        File["/etc/httpd/site.http.d/${site_fqdn}.conf"] {
            content => template("apache/site.http.conf.erb"),
        }
    }

}


# Configure HTTPS server.
#
class apache::sslserver inherits apache::common {

    package { "mod_ssl":
        ensure => installed
    }

    file { [ "/etc/httpd/conf.https.d",
             "/etc/httpd/site.https.d",
             "/srv/www/https",
             "/srv/www/https/${fqdn}",
             "/srv/www/log/https",
             "/srv/www/log/https/${fqdn}", ]:
        ensure  => directory,
        mode    => 0755,
        owner   => root,
        group   => root,
        require => Package["httpd"],
        before  => File["/etc/httpd/conf/httpsd.conf"],
    }

    file { "/etc/httpd/conf/httpsd.conf":
        ensure  => present,
        content => template("apache/httpsd.conf.erb"),
        require => Package["httpd"],
        notify  => Service["httpsd"],
    }

    file { "/etc/init.d/httpsd":
        ensure => present,
        source => "puppet:///apache/httpsd",
        mode   => 0755,
        owner  => root,
        group  => root,
    }

    file { "/usr/sbin/httpsd":
        ensure => link,
        target => "/usr/sbin/httpd",
    }

    service { "httpsd":
        ensure  => running,
        enable  => true,
        require => [ Package["httpd"],
                     Package["mod_ssl"],
                     File["/etc/httpd/conf/httpsd.conf"],
                     File["/etc/init.d/httpsd"],
                     File["/usr/sbin/httpsd"], ],
    }

}


# Configure HTTPS virtual host.
#
# === Parameters
#
#   $name:
#       FQDN of virtual host.
#   $root:
#       Path to document root. Defaults to /srv/www/https/$fqdn
#   $config:
#       Path to custom configuration file. Defaults to a basic template.
#   $ssl_cert:
#       Path to SSL certificate. Defaults to puppet client certificate.
#   $ssl_key:
#       Path to SSL private key. Defaults to puppet client certificate.
#   $ssl_chain:
#       Path to SSL certificate chain. Defaults to none.
#
# === Sample usage
#
# apache::site { "www.example.com":
#     root     => "/roles/prteam/public/secure_access",
#     config   => "puppet:///path/to/www.example.com.conf",
#     ssl_cert => "puppet:///path/to/www.example.com.crt",
#     ssl_key  => "puppet:///path/to/www.example.com.key",
# }
#
define apache::sslsite($root="", $config="", $ssl_cert="", $ssl_key="", $ssl_chain="") {

    if $name == "default" {
        $site_fqdn = $fqdn
    } else {
        $site_fqdn = $name

        if $root {
            file { "/srv/www/https/${site_fqdn}":
                ensure => link,
                target => $root,
            }
        } else {
            file { "/srv/www/https/${site_fqdn}":
                ensure => directory,
                mode   => 0755,
                owner  => root,
                group  => root,
            }
        }

        file { "/srv/www/log/https/${site_fqdn}":
            ensure => directory,
            mode   => 0755,
            owner  => root,
            group  => root,
        }
    }

    if $ssl_cert {
        $real_ssl_cert = $ssl_cert
    } else {
        $real_ssl_cert = "${puppet_ssldir}/certs/${fqdn}.pem"
    }

    file { "/etc/pki/tls/certs/${site_fqdn}.crt":
        ensure => present,
        source => $real_ssl_cert,
        mode   => 0644,
        owner  => root,
        group  => root,
        notify => Service["httpsd"],
    }

    if $ssl_key {
        $real_ssl_key = $ssl_key
    } else {
        $real_ssl_key = "${puppet_ssldir}/private_keys/${fqdn}.pem"
    }

    file { "/etc/pki/tls/private/${site_fqdn}.key":
        ensure => present,
        source => $real_ssl_key,
        mode   => 0600,
        owner  => root,
        group  => root,
        notify => Service["httpsd"],
    }

    if $ssl_chain {
        file { "/etc/pki/tls/certs/${site_fqdn}.chain.crt":
            ensure => present,
            source => $ssl_chain,
            mode   => 0644,
            owner  => root,
            group  => root,
            notify => Service["httpsd"],
        }
    }

    file { "/etc/httpd/site.https.d/${site_fqdn}.conf":
        ensure  => present,
        notify  => Service["httpsd"],
        require => [ File["/etc/pki/tls/certs/${site_fqdn}.crt"],
                     File["/etc/pki/tls/private/${site_fqdn}.key"], ],
    }

    if $config {
        File["/etc/httpd/site.https.d/${site_fqdn}.conf"] {
            source => $config,
        }
    } else {
        File["/etc/httpd/site.https.d/${site_fqdn}.conf"] {
            content => template("apache/site.https.conf.erb"),
        }
    }

}


# Install extra configuration file.
#
# === Parameters
#
#   $name:
#       Config file name.
#   $source:
#       Config file source. Defaults to /etc/httpd/conf.d/$name
#       if neither $source nor $content is defined.
#   $content:
#       Config file content. See also $source.
#   $require:
#       Dependencies for the config file.
#   $http:
#       Set to false to disable config on http server.
#   $https:
#       Set to false to disable config on https server.
#
# === Sample usage
#
#apache::configfile { "auth_kerb.conf":
#    content => template("apache/auth_kerb.conf.erb"),
#    require => Package["mod_auth_kerb"],
#    http    => false,
#}
#
define apache::configfile($source="", $content="", $http=true, $https=true) {

    if defined(Service["httpd"]) {
        file { "/etc/httpd/conf.http.d/${name}":
            ensure  => $http ? {
                true    => present,
                default => absent,
            },
            mode    => 0644,
            owner   => root,
            group   => root,
            notify  => Service["httpd"],
        }
        if $source {
            File["/etc/httpd/conf.http.d/${name}"] {
                source => $source,
            }
        }
        if $content {
            File["/etc/httpd/conf.http.d/${name}"] {
                content => $content,
            }
        }
        if ! $source and ! $content {
            File["/etc/httpd/conf.http.d/${name}"] {
                source => "/etc/httpd/conf.d/${name}",
            }
        }
        if $require {
            File["/etc/httpd/conf.http.d/${name}"] {
                require => $require,
            }
        }
    }

    if defined(Service["httpsd"]) {
        file { "/etc/httpd/conf.https.d/${name}":
            ensure  => $https ? {
                true    => present,
                default => absent,
            },
            mode    => 0644,
            owner   => root,
            group   => root,
            notify  => Service["httpsd"],
        }
        if $source {
            File["/etc/httpd/conf.https.d/${name}"] {
                source => $source,
            }
        }
        if $content {
            File["/etc/httpd/conf.https.d/${name}"] {
                content => $content,
            }
        }
        if ! $source and ! $content {
            File["/etc/httpd/conf.https.d/${name}"] {
                source => "/etc/httpd/conf.d/${name}",
            }
        }
        if $require {
            File["/etc/httpd/conf.https.d/${name}"] {
                require => $require,
            }
        }
    }

}


# Install mod_auth_kerb.
#
class apache::mod::auth_kerb {

    package { "mod_auth_kerb":
        ensure  => installed,
        require => Package["httpd"],
    }

    apache::configfile { "auth_kerb.conf":
        content => template("apache/auth_kerb.conf.erb"),
        require => Package["mod_auth_kerb"],
        http    => false,
    }

}


# Install mod_perl.
#
class apache::mod::perl {

    package { "mod_perl":
        ensure  => installed,
        require => Package["httpd"],
    }

    apache::configfile { "perl.conf":
        require => Package["mod_perl"],
    }

}


# Install PHP.
#
class apache::mod::php {

    package { "php":
        ensure  => installed,
        require => Package["httpd"],
    }

    apache::configfile { "php.conf":
        require => Package["php"],
    }

}


# Install mod_python.
#
class apache::mod::python {

    package { "mod_python":
        ensure => installed,
        require => Package["httpd"],
    }

    apache::configfile { "python.conf":
        require => Package["mod_python"],
    }

}