Add apache configuration for zanata

This change allows us to shift away from the default setup of using Wildfly's internal undertow webserver to using Apache as a frontend via mod_proxy_ajp. The built-in https and ajp may be selectively enabled or disabled. Change-Id: I7152b43edb5e028fbad9631dd137536f90e33388
2015-03-10 14:06:21 -07:00 · 2015-03-10 14:06:21 -07:00 · a924e7b172
commit a924e7b172
parent 475bff78c2
4 changed files with 144 additions and 1 deletions
--- a/manifests/apache.pp
+++ b/manifests/apache.pp
@ -0,0 +1,83 @@
+# Copyright 2014 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: zanata::apache
+#
+
+class zanata::apache (
+  $vhost_name = $::fqdn,
+  $serveradmin = "webmaster@${::fqdn}",
+  $ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem',
+  $ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key',
+  $ssl_chain_file = '',
+  $ssl_cert_file_contents = '', # If left empty puppet will not create file.
+  $ssl_key_file_contents = '', # If left empty puppet will not create file.
+  $ssl_chain_file_contents = '', # If left empty puppet will not create file.
+) {
+
+  include ::apache
+  include ::apache::ssl
+
+  a2mod { 'proxy':
+    ensure => present,
+  }
+
+  a2mod { 'proxy_http':
+    ensure => present,
+  }
+
+  a2mod { 'proxy_ajp':
+    ensure => present,
+  }
+
+  apache::vhost { $vhost_name:
+    port        => 443,
+    docroot     => 'MEANINGLESS ARGUMENT',
+    priority    => '50',
+    template    => 'zanata/zanata.vhost.erb',
+    ssl         => true,
+    subscribe   => File['/opt/wildfly/standalone/configuration/standalone.xml'],
+  }
+
+  if $ssl_cert_file_contents != '' {
+    file { $ssl_cert_file:
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0640',
+      content => $ssl_cert_file_contents,
+      before  => Apache::Vhost[$vhost_name],
+    }
+  }
+
+  if $ssl_key_file_contents != '' {
+    file { $ssl_key_file:
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0640',
+      content => $ssl_key_file_contents,
+      before  => Apache::Vhost[$vhost_name],
+    }
+  }
+
+  if $ssl_chain_file_contents != '' {
+    file { $ssl_chain_file:
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0640',
+      content => $ssl_chain_file_contents,
+      before  => Apache::Vhost[$vhost_name],
+    }
+  }
+
+}
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -35,12 +35,17 @@ class zanata(
  $zanata_openid_provider_url = '',
  $zanata_admin_users = '',

+  $zanata_listeners = [],
+
 ) {

  $zanata_file = inline_template('<%= File.basename(@zanata_url) %>')
  $zanata_hibernate_file = inline_template('<%= File.basename(@zanata_hibernate_url) %>')
  $zanata_mojarra_file = inline_template('<%= File.basename(@zanata_mojarra_url) %>')

+  zanata::validate_listener { $zanata_listeners:
+  }
+
  class { 'zanata::wildfly':
    wildfly_version        => $zanata_wildfly_version,
    wildfly_install_source => $zanata_wildfly_install_url,
@ -143,5 +148,13 @@ class zanata(
                Exec['unzip_hibernate'],
                ],
  }
-
+}
+
+# == Define: zanata::validate_listener
+#
+define zanata::validate_listener ($listener = $name) {
+  $listeners = [ 'https', 'ajp' ]
+  if $listener and !($listener in $listeners) {
+    fail("${listener} is not a valid listener type")
+  }
 }
--- a/templates/standalone.xml.erb
+++ b/templates/standalone.xml.erb
@ -534,6 +534,15 @@
        <subsystem xmlns="urn:jboss:domain:undertow:1.1">
            <buffer-cache name="default"/>
            <server name="default-server">
+
+<% @zanata_listeners.each do |listener| -%>
+<% if listener == 'https' -%>
+<% @listener_realm = ' security-realm="ApplicationRealm"' -%>
+<% else -%>
+<% @listener_realm = '' -%>
+<% end -%>
+                <<%= listener %>-listener name="default.<%= listener %>" socket-binding="<%= listener %>"<%= @listener_realm %>/>
+<% end -%>
                <http-listener name="default" socket-binding="http"/>
                <host name="default-host" alias="localhost">
                    <location name="/" handler="welcome-content"/>
--- a/templates/zanata.vhost.erb
+++ b/templates/zanata.vhost.erb
@ -0,0 +1,38 @@
+<VirtualHost *:80>
+  ServerName <%= scope.lookupvar("zanata::apache::vhost_name") %>
+  ServerAdmin <%= scope.lookupvar("zanata::apache::serveradmin") %>
+
+  ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("zanata::apache::vhost_name") %>-error.log
+
+  LogLevel warn
+
+  CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("zanata::apache::vhost_name") %>-access.log combined
+
+  Redirect / https://<%= scope.lookupvar("zanata::apache::vhost_name") %>/
+
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+  ServerName <%= scope.lookupvar("zanata::apache::vhost_name") %>
+  ServerAdmin <%= scope.lookupvar("zanata::apache::serveradmin") %>
+
+  ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("zanata::apache::vhost_name") %>-error.log
+
+  LogLevel warn
+
+  CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("zanata::apache::vhost_name") %>-access.log combined
+
+  SSLEngine on
+  SSLProtocol All -SSLv2 -SSLv3
+
+  SSLCertificateFile <%= scope.lookupvar("zanata::apache::ssl_cert_file") %>
+  SSLCertificateKeyFile <%= scope.lookupvar("zanata::apache::ssl_key_file") %>
+  <% if scope.lookupvar("zanata::apache::ssl_chain_file") != "" %>
+    SSLCertificateChainFile <%= scope.lookupvar("zanata::apache::ssl_chain_file") %>
+  <% end -%>
+
+  ProxyPass / ajp://127.0.0.1:8009/ retry=0
+
+</VirtualHost>
+</IfModule>