tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
puppet/apache/manifests/init.pp

563 lines
13 KiB
Puppet
Raw Blame History

# Install Apache, www logrotate script and cron job.
#
class apache::common {
file { [ "/srv/www",
"/srv/www/log", ]:
ensure => directory,
mode => 0755,
owner => root,
group => root,
}
package { "httpd":
ensure => installed,
}
file { "/usr/local/sbin/www-logrotate.sh":
ensure => present,
source => "puppet:///apache/www-logrotate.sh",
mode => 0755,
owner => root,
group => root,
}
cron { "www-logrotate":
ensure => present,
command => "/usr/local/sbin/www-logrotate.sh",
user => "root",
hour => "0",
minute => "0",
weekday => "1",
require => File["/usr/local/sbin/www-logrotate.sh"],
}
}
# Configure HTTP server.
#
# === Global variables
#
# $httpd_user:
# User httpd runs as. Defaults to apache.
# $httpd_group:
# Group httpd runs as. Defaults to apache.
#
class apache::server inherits apache::common {
if ! $httpd_user {
$httpd_user = "apache"
}
if ! $httpd_group {
$httpd_group = "apache"
}
file { [ "/etc/httpd/conf.http.d",
"/etc/httpd/site.http.d",
"/srv/www/http",
"/srv/www/http/${fqdn}",
"/srv/www/log/http",
"/srv/www/log/http/${fqdn}", ]:
ensure => directory,
mode => 0755,
owner => root,
group => root,
require => Package["httpd"],
before => File["/etc/httpd/conf/httpd.conf"],
}
file { "/etc/httpd/conf/httpd.conf":
ensure => present,
content => template("apache/httpd.conf.erb"),
mode => 0644,
owner => root,
group => root,
require => Package["httpd"],
notify => Service["httpd"],
}
service { "httpd":
ensure => running,
enable => true,
require => [ Package["httpd"],
File["/etc/httpd/conf/httpd.conf"], ],
}
}
# Configure HTTP virtual host.
#
# === Parameters
#
# $name:
# FQDN of virtual host.
# $aliases:
# Optional ServerAlias for this virtual host.
# $root:
# Path to document root. Defaults to /srv/www/http/$fqdn
# $config:
# Path to custom configuration file. Defaults to a basic template.
# $redirect:
# Add redirect to given URL.
#
# === Sample usage
#
# apache::site { "default":
# redirect => "http://www.example.com/",
# }
# apache::site { "www.example.com":
# root => "/roles/prteam/public/public_access",
# config => "puppet:///path/to/www.example.com.conf",
# }
#
define apache::site(aliases="", $root="", $config="", $redirect="") {
if $name == "default" {
$site_fqdn = $fqdn
$site_conf = "/etc/httpd/site.http.d/00-${site_fqdn}.conf"
} else {
$site_fqdn = $name
$site_conf = "/etc/httpd/site.http.d/10-${site_fqdn}.conf"
if !$redirect {
if $root {
file { "/srv/www/http/${site_fqdn}":
ensure => link,
target => $root,
before => File["${site_conf}"],
}
} else {
file { "/srv/www/http/${site_fqdn}":
ensure => directory,
mode => 0755,
owner => root,
group => root,
before => File["${site_conf}"],
}
}
file { "/srv/www/log/http/${site_fqdn}":
ensure => directory,
mode => 0755,
owner => root,
group => root,
before => File["${site_conf}"],
}
}
}
file { "${site_conf}":
ensure => present,
mode => 0644,
owner => root,
group => root,
notify => Service["httpd"],
}
if $config {
File["${site_conf}"] {
source => $config,
}
}
if $redirect {
File["${site_conf}"] {
content => "<VirtualHost *:80>\n ServerName ${site_fqdn}\n Redirect permanent / ${redirect}\n</VirtualHost>\n",
}
}
if !$config and !$redirect {
File["${site_conf}"] {
content => template("apache/site.http.conf.erb"),
}
}
}
# Configure HTTPS server.
#
# === Global variables
#
# $httpsd_user:
# User httpsd runs as. Defaults to httpsd.
# $httpsd_group:
# Group httpsd runs as. Defaults to httpsd.
#
class apache::sslserver inherits apache::common {
if ! $httpsd_user {
$httpsd_user = "httpsd"
}
if ! $httpsd_group {
$httpsd_group = "httpsd"
}
package { "mod_ssl":
ensure => installed
}
file { [ "/etc/httpd/conf.https.d",
"/etc/httpd/site.https.d",
"/srv/www/https",
"/srv/www/https/${fqdn}",
"/srv/www/log/https",
"/srv/www/log/https/${fqdn}", ]:
ensure => directory,
mode => 0755,
owner => root,
group => root,
require => Package["httpd"],
before => File["/etc/httpd/conf/httpsd.conf"],
}
file { "/etc/httpd/conf/httpsd.conf":
ensure => present,
mode => 0644,
owner => root,
group => root,
content => template("apache/httpsd.conf.erb"),
require => Package["httpd"],
notify => Service["httpsd"],
}
file { "/etc/init.d/httpsd":
ensure => present,
source => "puppet:///apache/httpsd",
mode => 0755,
owner => root,
group => root,
}
file { "/usr/sbin/httpsd":
ensure => link,
target => "/usr/sbin/httpd",
require => Package["httpd"],
}
service { "httpsd":
ensure => running,
enable => true,
require => [ Package["httpd"],
Package["mod_ssl"],
File["/etc/httpd/conf/httpsd.conf"],
File["/etc/init.d/httpsd"],
File["/usr/sbin/httpsd"], ],
}
}
# Configure HTTPS virtual host.
#
# === Parameters
#
# $name:
# FQDN of virtual host.
# $root:
# Path to document root. Defaults to /srv/www/https/$fqdn
# $config:
# Path to custom configuration file. Defaults to a basic template.
# $ssl_cert:
# Path to SSL certificate. Defaults to puppet client certificate.
# $ssl_key:
# Path to SSL private key. Defaults to puppet client certificate.
# $ssl_chain:
# Path to SSL certificate chain. Defaults to none.
#
# === Sample usage
#
# apache::site { "www.example.com":
# root => "/roles/prteam/public/secure_access",
# config => "puppet:///path/to/www.example.com.conf",
# ssl_cert => "puppet:///path/to/www.example.com.crt",
# ssl_key => "puppet:///path/to/www.example.com.key",
# }
#
define apache::sslsite($root="", $config="", $ssl_cert="", $ssl_key="", $ssl_chain="") {
if $name == "default" {
$site_fqdn = $fqdn
} else {
$site_fqdn = $name
if $root {
file { "/srv/www/https/${site_fqdn}":
ensure => link,
target => $root,
}
} else {
file { "/srv/www/https/${site_fqdn}":
ensure => directory,
mode => 0755,
owner => root,
group => root,
}
}
file { "/srv/www/log/https/${site_fqdn}":
ensure => directory,
mode => 0755,
owner => root,
group => root,
}
}
if $ssl_cert {
$real_ssl_cert = $ssl_cert
} else {
$real_ssl_cert = "${puppet_ssldir}/certs/${fqdn}.pem"
}
file { "/etc/pki/tls/certs/${site_fqdn}.crt":
ensure => present,
source => $real_ssl_cert,
mode => 0644,
owner => root,
group => root,
notify => Service["httpsd"],
}
if $ssl_key {
$real_ssl_key = $ssl_key
} else {
$real_ssl_key = "${puppet_ssldir}/private_keys/${fqdn}.pem"
}
file { "/etc/pki/tls/private/${site_fqdn}.key":
ensure => present,
source => $real_ssl_key,
mode => 0600,
owner => root,
group => root,
notify => Service["httpsd"],
}
if $ssl_chain {
file { "/etc/pki/tls/certs/${site_fqdn}.chain.crt":
ensure => present,
source => $ssl_chain,
mode => 0644,
owner => root,
group => root,
notify => Service["httpsd"],
}
}
file { "/etc/httpd/site.https.d/${site_fqdn}.conf":
ensure => present,
mode => 0644,
owner => root,
group => root,
notify => Service["httpsd"],
require => [ File["/etc/pki/tls/certs/${site_fqdn}.crt"],
File["/etc/pki/tls/private/${site_fqdn}.key"], ],
}
if $config {
File["/etc/httpd/site.https.d/${site_fqdn}.conf"] {
source => $config,
}
} else {
File["/etc/httpd/site.https.d/${site_fqdn}.conf"] {
content => template("apache/site.https.conf.erb"),
}
}
}
# Install extra configuration file.
#
# === Parameters
#
# $name:
# Config file name.
# $source:
# Config file source. Defaults to /etc/httpd/conf.d/$name
# if neither $source nor $content is defined.
# $content:
# Config file content. See also $source.
# $require:
# Dependencies for the config file.
# $http:
# Set to false to disable config on http server.
# $https:
# Set to false to disable config on https server.
#
# === Sample usage
#
#apache::configfile { "auth_kerb.conf":
# content => template("apache/auth_kerb.conf.erb"),
# require => Package["mod_auth_kerb"],
# http => false,
#}
#
define apache::configfile($source="", $content="", $http=true, $https=true) {
if defined(Service["httpd"]) {
file { "/etc/httpd/conf.http.d/${name}":
ensure => $http ? {
true => present,
default => absent,
},
mode => 0644,
owner => root,
group => root,
notify => Service["httpd"],
}
if $source {
File["/etc/httpd/conf.http.d/${name}"] {
source => $source,
}
}
if $content {
File["/etc/httpd/conf.http.d/${name}"] {
content => $content,
}
}
if ! $source and ! $content {
File["/etc/httpd/conf.http.d/${name}"] {
source => "/etc/httpd/conf.d/${name}",
}
}
if $require {
File["/etc/httpd/conf.http.d/${name}"] {
require => $require,
}
}
}
if defined(Service["httpsd"]) {
file { "/etc/httpd/conf.https.d/${name}":
ensure => $https ? {
true => present,
default => absent,
},
mode => 0644,
owner => root,
group => root,
notify => Service["httpsd"],
}
if $source {
File["/etc/httpd/conf.https.d/${name}"] {
source => $source,
}
}
if $content {
File["/etc/httpd/conf.https.d/${name}"] {
content => $content,
}
}
if ! $source and ! $content {
File["/etc/httpd/conf.https.d/${name}"] {
source => "/etc/httpd/conf.d/${name}",
}
}
if $require {
File["/etc/httpd/conf.https.d/${name}"] {
require => $require,
}
}
}
}
# Install mod_auth_kerb.
#
class apache::mod::auth_kerb {
package { "mod_auth_kerb":
ensure => installed,
require => Package["httpd"],
}
apache::configfile { "auth_kerb.conf":
content => template("apache/auth_kerb.conf.erb"),
require => Package["mod_auth_kerb"],
http => false,
}
}
# Install mod_fcgid.
#
class apache::mod::fcgid {
package { "mod_fcgid":
ensure => installed,
require => Package["httpd"],
}
apache::configfile { "fcgid.conf":
require => Package["mod_fcgid"],
}
}
# Install mod_perl.
#
class apache::mod::perl {
package { "mod_perl":
ensure => installed,
require => Package["httpd"],
}
apache::configfile { "perl.conf":
require => Package["mod_perl"],
}
}
# Install PHP.
#
class apache::mod::php {
package { "php":
ensure => installed,
require => Package["httpd"],
}
apache::configfile { "php.conf":
require => Package["php"],
}
}
# Install mod_python.
#
class apache::mod::python {
package { "mod_python":
ensure => installed,
require => Package["httpd"],
}
apache::configfile { "python.conf":
require => Package["mod_python"],
}
}
# Install mod_wsgi.
#
class apache::mod::wsgi {
package { "mod_wsgi":
ensure => installed,
require => Package["httpd"],
}
apache::configfile { "wsgi.conf":
require => Package["mod_wsgi"],
}
}
Reference in a new issue View git blame Copy permalink