3baf809e4e
Add the ethercalc::apache class to the test fixture and ensure the service is accessible over port 80. This also corrects a minor idempotency issue in this class due to the way the ssl-cert package and the /etc/ssl/private file resources were ordered. Change-Id: I4cdba5b1881c3e9891ca9f8c2c4dd50ca5662d4e
192 lines
5.0 KiB
Puppet
192 lines
5.0 KiB
Puppet
# == Class: ethercalc::apache
|
|
#
|
|
class ethercalc::apache (
|
|
$docroot = '/srv/ethercalc',
|
|
$serveradmin = "webmaster@${::fqdn}",
|
|
$ssl_cert_file = '',
|
|
$ssl_cert_file_contents = '', # If left empty puppet will not create file.
|
|
$ssl_chain_file = '',
|
|
$ssl_chain_file_contents = '', # If left empty puppet will not create file.
|
|
$ssl_key_file = '',
|
|
$ssl_key_file_contents = '', # If left empty puppet will not create file.
|
|
$vhost_name = $::fqdn,
|
|
# Table containing openid auth details. If undef not enabled
|
|
# Example dict:
|
|
# {
|
|
# banner => "Welcome",
|
|
# singleIdp => "https://openstackid.org",
|
|
# trusted => '^https://openstackid.org/.*$',
|
|
# any_valid_user => false,
|
|
# users => ['https://openstackid.org/foo',
|
|
# 'https://openstackid.org/bar'],
|
|
# }
|
|
# Note that if you care which users get access set any_valid_user to false
|
|
# and then provide an explicit list of openids in the users list. Otherwise
|
|
# set any_valid_user to true and any successfully authenticated user will
|
|
# get access.
|
|
$auth_openid = undef,
|
|
) {
|
|
|
|
package { 'ssl-cert':
|
|
ensure => present,
|
|
}
|
|
|
|
include ::httpd
|
|
::httpd::vhost { $vhost_name:
|
|
port => 443,
|
|
docroot => $docroot,
|
|
priority => '50',
|
|
template => 'ethercalc/ethercalc.vhost.erb',
|
|
ssl => true,
|
|
}
|
|
|
|
if !defined(Httpd::Mod['rewrite']) {
|
|
httpd::mod { 'rewrite':
|
|
ensure => present,
|
|
}
|
|
}
|
|
if !defined(Httpd::Mod['proxy']) {
|
|
httpd::mod { 'proxy':
|
|
ensure => present,
|
|
}
|
|
}
|
|
if !defined(Httpd::Mod['proxy_http']) {
|
|
httpd::mod { 'proxy_http':
|
|
ensure => present,
|
|
}
|
|
}
|
|
if !defined(Httpd::Mod['proxy_wstunnel']) {
|
|
httpd::mod { 'proxy_wstunnel':
|
|
ensure => present,
|
|
}
|
|
}
|
|
if ($auth_openid != undef) {
|
|
if !defined(Package['libapache2-mod-auth-openid']) {
|
|
package { 'libapache2-mod-auth-openid':
|
|
ensure => present,
|
|
}
|
|
}
|
|
if !defined(Httpd::Mod['auth_openid']) {
|
|
httpd::mod { 'auth_openid':
|
|
ensure => present,
|
|
require => Package['libapache2-mod-auth-openid'],
|
|
}
|
|
}
|
|
}
|
|
|
|
file { '/etc/apache2':
|
|
ensure => directory,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
}
|
|
if ($::lsbdistcodename == 'precise') {
|
|
file { '/etc/apache2/conf.d':
|
|
ensure => directory,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
require => File['/etc/apache2'],
|
|
}
|
|
file { '/etc/apache2/conf.d/connection-tuning':
|
|
ensure => present,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644',
|
|
source => 'puppet:///modules/ethercalc/apache-connection-tuning',
|
|
notify => Service['httpd'],
|
|
require => File['/etc/apache2/conf.d'],
|
|
}
|
|
} else {
|
|
file { '/etc/apache2/conf-available':
|
|
ensure => directory,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
require => File['/etc/apache2'],
|
|
}
|
|
file { '/etc/apache2/conf-available/connection-tuning':
|
|
ensure => present,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644',
|
|
source => 'puppet:///modules/ethercalc/apache-connection-tuning',
|
|
require => File['/etc/apache2/conf-available'],
|
|
}
|
|
|
|
file { '/etc/apache2/conf-enabled':
|
|
ensure => directory,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
require => File['/etc/apache2'],
|
|
}
|
|
file { '/etc/apache2/conf-enabled/connection-tuning':
|
|
ensure => link,
|
|
target => '/etc/apache2/conf-available/connection-tuning.conf',
|
|
notify => Service['httpd'],
|
|
require => [
|
|
File['/etc/apache2/conf-enabled'],
|
|
File['/etc/apache2/conf-available/connection-tuning'],
|
|
],
|
|
}
|
|
}
|
|
|
|
file { $docroot:
|
|
ensure => directory,
|
|
}
|
|
|
|
file { "${docroot}/robots.txt":
|
|
ensure => present,
|
|
source => 'puppet:///modules/ethercalc/robots.txt',
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0444',
|
|
require => File[$docroot],
|
|
}
|
|
|
|
file { '/etc/ssl/certs':
|
|
ensure => directory,
|
|
owner => 'root',
|
|
mode => '0755',
|
|
}
|
|
|
|
file { '/etc/ssl/private':
|
|
ensure => directory,
|
|
owner => 'root',
|
|
mode => '0700',
|
|
require => Package['ssl-cert'],
|
|
}
|
|
|
|
if $ssl_cert_file_contents != '' {
|
|
file { $ssl_cert_file:
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0640',
|
|
content => $ssl_cert_file_contents,
|
|
before => Httpd::Vhost[$vhost_name],
|
|
}
|
|
}
|
|
|
|
if $ssl_key_file_contents != '' {
|
|
file { $ssl_key_file:
|
|
owner => 'root',
|
|
group => 'ssl-cert',
|
|
mode => '0640',
|
|
content => $ssl_key_file_contents,
|
|
require => Package['ssl-cert'],
|
|
before => Httpd::Vhost[$vhost_name],
|
|
}
|
|
}
|
|
|
|
if $ssl_chain_file_contents != '' {
|
|
file { $ssl_chain_file:
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0640',
|
|
content => $ssl_chain_file_contents,
|
|
before => Httpd::Vhost[$vhost_name],
|
|
}
|
|
}
|
|
}
|