diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2013-01-18 18:23:51 -0200 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2013-01-18 18:23:51 -0200 |
commit | 35690aec253a16ca0c48f4fb249ce940dc5f48e0 (patch) | |
tree | 31e7b7ecb45e2dbc11f518ab0f1fbfe894895e1f | |
parent | 0785451f5599f0c6dad60908a5773742f3188f05 (diff) | |
download | puppet-apache-35690aec253a16ca0c48f4fb249ce940dc5f48e0.tar.gz puppet-apache-35690aec253a16ca0c48f4fb249ce940dc5f48e0.tar.bz2 |
Moving site and module definitions to different files
-rw-r--r-- | manifests/init.pp | 220 | ||||
-rw-r--r-- | manifests/module.pp | 25 | ||||
-rw-r--r-- | manifests/site.pp | 193 |
3 files changed, 218 insertions, 220 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 5e0aae1..d6428c0 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -182,226 +182,6 @@ class apache { notify => Service["apache"], } - define site($ensure = present, $docroot = false, $redirect = false, - $redirect_match = false, $protocol = 'http', $aliases = false, - $server_alias = false, $use = false, $ticket = false, - $source = false, $template = 'apache/site.erb', $filename = '', - $manage_docroot = true, $owner = 'root', $group = 'root', - $mpm = true, $mpm_user = '', $mpm_group = '', $password = '*', - $comment = '', $sshkey = absent, - $groups = '', $shell = '/bin/false', $manage_user = true, - $ssl = false, $listen = '*', $https_redirect = false, - $canonical = false, $canonical_exceptions = '', $hidden_service = false) { - - $vhost = $filename ? { - '' => "$title", - default => "$filename", - } - - $hosting_domain = $base_domain ? { - '' => $domain, - default => $base_domain, - } - - $user = $mpm_user ? { - '' => regsubst($title, '\.', '_', 'G'), - default => $mpm_user, - } - - $gid = $mpm_group? { - '' => regsubst($title, '\.', '_', 'G'), - default => $mpm_group, - } - - if $hidden_service == true { - # Make sure that the tor daemon is included - include tor::daemon - - # It's important to use a subdir from the tor datadir - # to ease backup/restore procedures as we don't mix - # hidden service data with other tor files. - if !defined(File["$tor::daemon::data_dir/hidden"]) { - file { "$tor::daemon::data_dir/hidden": - ensure => directory, - owner => 'debian-tor', - group => 'debian-tor', - mode => 0700, - } - } - - tor::daemon::hidden_service { $title: - ports => "80 127.0.0.1:80", - data_dir => "$tor::daemon::data_dir/hidden", - require => File["$tor::daemon::data_dir/hidden"], - ensure => $ensure, - } - } - - if $mpm == true and $manage_user == true and $user != 'root' { - if $ensure == present { - if !defined(Group[$gid]) { - group { "$gid": - ensure => present, - } - } - - if !defined(User["$user"]) { - user::manage { "$user": - tag => "virtual", - password => $password, - gid => $gid, - comment => $comment, - ticket => $ticket, - groups => $groups, - sshkey => $sshkey, - shell => $shell, - ensure => present, - require => Group[$gid], - } - } - } - else { - if !defined(User["$user"]) { - user::manage { "$user": - tag => "virtual", - password => $password, - ensure => absent, - } - } - - if !defined(Group[$gid]) { - group { "$gid": - ensure => absent, - require => User[$user], - } - } - } - } - - if $ssl == true { - ssl::cert { "$name": - group => $gid, - privmode => '0640', - ensure => $ensure, - } - - ssl::check { "$name": - file => "/etc/ssl/certs/$name.crt", - ensure => $ensure, - } - } - - case $source { - true: { - file { "${apache2_sites}-available/$vhost": - ensure => $ensure, - source => [ "puppet:///modules/site-apache/vhosts/$domain/$title", - "puppet:///modules/site-apache/vhosts/$title" ], - owner => root, - group => root, - mode => 0644, - require => File["${apache2_macros}"], - notify => Service["apache"], - } - } - false: { - file { "${apache2_sites}-available/$vhost": - ensure => $ensure, - content => template("$template"), - owner => root, - group => root, - mode => 0644, - require => File["${apache2_macros}"], - notify => Service["apache"], - } - } - } - - # Enable the site without a2ensite - # - #$status = $ensure ? { - # 'present' => "${apache2_sites}-available/$vhost", - # default => 'absent', - #} - # - #file { "/etc/apache2/sites-enabled/$title": - # ensure => $status, - # owner => root, - # group => root, - # require => File["${apache2_sites}-available/$title"], - # notify => Service["apache"], - #} - - case $ensure { - 'present': { - if ($docroot != false) and ($manage_docroot == true) { - if !defined(File["${docroot}"]) { - file { "${docroot}": - ensure => present, - owner => $owner, - group => $group, - mode => 0755, - recurse => false, - } - } - if !defined(Exec["check_docroot_${docroot}"]) { - # Ensure parent folder exist - exec { "check_docroot_${docroot}": - command => "/bin/mkdir -p ${docroot}", - unless => "/bin/sh -c '[ -e ${docroot} ]'", - user => root, - before => File["${docroot}"], - } - } - } - exec { "/usr/sbin/a2ensite $vhost": - unless => "/bin/sh -c '[ -L ${apache2_sites}-enabled/$vhost ] \ - && [ ${apache2_sites}-enabled/$vhost -ef ${apache2_sites}-available/$vhost ]'", - notify => Exec["reload-apache2"], - } - } - 'absent': { - exec { "/usr/sbin/a2dissite $vhost": - onlyif => "/bin/sh -c '[ -L ${apache2_sites}-enabled/$vhost ] \ - && [ ${apache2_sites}-enabled/$vhost -ef ${apache2_sites}-available/$vhost ]'", - notify => Exec["reload-apache2"], - } - - file { "${apache2_sites}-enabled/$vhost": - ensure => absent, - notify => Exec["reload-apache2"], - } - } - default: { err ("Unknown ensure value: '$ensure'") } - } - } - - # Define an apache2 module. Debian packages place the module config - # into /etc/apache2/mods-available. - # - # You can add a custom require (string) if the module depends on - # packages that aren't part of the default apache2 package. Because of - # the package dependencies, apache2 will automagically be included. - define module($ensure = 'present') { - case $ensure { - 'present': { - exec { "/usr/sbin/a2enmod $name": - unless => "/bin/sh -c '[ -L ${apache2_mods}-enabled/${name}.load ] \ - && [ ${apache2_mods}-enabled/${name}.load -ef ${apache2_mods}-available/${name}.load ]'", - notify => Exec["force-reload-apache2"], - } - } - 'absent': { - exec { "/usr/sbin/a2dismod $name": - onlyif => "/bin/sh -c '[ -L ${apache2_mods}-enabled/${name}.load ] \ - && [ ${apache2_mods}-enabled/${name}.load -ef ${apache2_mods}-available/${name}.load ]'", - notify => Exec["force-reload-apache2"], - } - } - default: { err ("Unknown ensure value: '$ensure'") } - } - } - # Notify this when apache needs a reload. This is only needed when # sites are added or removed, since a full restart then would be # a waste of time. When the module-config changes, a force-reload is diff --git a/manifests/module.pp b/manifests/module.pp new file mode 100644 index 0000000..8a36432 --- /dev/null +++ b/manifests/module.pp @@ -0,0 +1,25 @@ +# Define an apache2 module. Debian packages place the module config +# into /etc/apache2/mods-available. +# +# You can add a custom require (string) if the module depends on +# packages that aren't part of the default apache2 package. Because of +# the package dependencies, apache2 will automagically be included. +define apache::module($ensure = 'present') { + case $ensure { + 'present': { + exec { "/usr/sbin/a2enmod $name": + unless => "/bin/sh -c '[ -L ${apache2_mods}-enabled/${name}.load ] \ + && [ ${apache2_mods}-enabled/${name}.load -ef ${apache2_mods}-available/${name}.load ]'", + notify => Exec["force-reload-apache2"], + } + } + 'absent': { + exec { "/usr/sbin/a2dismod $name": + onlyif => "/bin/sh -c '[ -L ${apache2_mods}-enabled/${name}.load ] \ + && [ ${apache2_mods}-enabled/${name}.load -ef ${apache2_mods}-available/${name}.load ]'", + notify => Exec["force-reload-apache2"], + } + } + default: { err ("Unknown ensure value: '$ensure'") } + } +} diff --git a/manifests/site.pp b/manifests/site.pp new file mode 100644 index 0000000..0c68361 --- /dev/null +++ b/manifests/site.pp @@ -0,0 +1,193 @@ +define apache::site($ensure = present, $docroot = false, $redirect = false, + $redirect_match = false, $protocol = 'http', $aliases = false, + $server_alias = false, $use = false, $ticket = false, + $source = false, $template = 'apache/site.erb', $filename = '', + $manage_docroot = true, $owner = 'root', $group = 'root', + $mpm = true, $mpm_user = '', $mpm_group = '', $password = '*', + $comment = '', $sshkey = absent, + $groups = '', $shell = '/bin/false', $manage_user = true, + $ssl = false, $listen = '*', $https_redirect = false, + $canonical = false, $canonical_exceptions = '', $hidden_service = false) { + + $vhost = $filename ? { + '' => "$title", + default => "$filename", + } + + $hosting_domain = $base_domain ? { + '' => $domain, + default => $base_domain, + } + + $user = $mpm_user ? { + '' => regsubst($title, '\.', '_', 'G'), + default => $mpm_user, + } + + $gid = $mpm_group? { + '' => regsubst($title, '\.', '_', 'G'), + default => $mpm_group, + } + + if $hidden_service == true { + # Make sure that the tor daemon is included + include tor::daemon + + # It's important to use a subdir from the tor datadir + # to ease backup/restore procedures as we don't mix + # hidden service data with other tor files. + if !defined(File["$tor::daemon::data_dir/hidden"]) { + file { "$tor::daemon::data_dir/hidden": + ensure => directory, + owner => 'debian-tor', + group => 'debian-tor', + mode => 0700, + } + } + + tor::daemon::hidden_service { $title: + ports => "80 127.0.0.1:80", + data_dir => "$tor::daemon::data_dir/hidden", + require => File["$tor::daemon::data_dir/hidden"], + ensure => $ensure, + } + } + + if $mpm == true and $manage_user == true and $user != 'root' { + if $ensure == present { + if !defined(Group[$gid]) { + group { "$gid": + ensure => present, + } + } + + if !defined(User["$user"]) { + user::manage { "$user": + tag => "virtual", + password => $password, + gid => $gid, + comment => $comment, + ticket => $ticket, + groups => $groups, + sshkey => $sshkey, + shell => $shell, + ensure => present, + require => Group[$gid], + } + } + } + else { + if !defined(User["$user"]) { + user::manage { "$user": + tag => "virtual", + password => $password, + ensure => absent, + } + } + + if !defined(Group[$gid]) { + group { "$gid": + ensure => absent, + require => User[$user], + } + } + } + } + + if $ssl == true { + ssl::cert { "$name": + group => $gid, + privmode => '0640', + ensure => $ensure, + } + + ssl::check { "$name": + file => "/etc/ssl/certs/$name.crt", + ensure => $ensure, + } + } + + case $source { + true: { + file { "${apache2_sites}-available/$vhost": + ensure => $ensure, + source => [ "puppet:///modules/site-apache/vhosts/$domain/$title", + "puppet:///modules/site-apache/vhosts/$title" ], + owner => root, + group => root, + mode => 0644, + require => File["${apache2_macros}"], + notify => Service["apache"], + } + } + false: { + file { "${apache2_sites}-available/$vhost": + ensure => $ensure, + content => template("$template"), + owner => root, + group => root, + mode => 0644, + require => File["${apache2_macros}"], + notify => Service["apache"], + } + } + } + + # Enable the site without a2ensite + # + #$status = $ensure ? { + # 'present' => "${apache2_sites}-available/$vhost", + # default => 'absent', + #} + # + #file { "/etc/apache2/sites-enabled/$title": + # ensure => $status, + # owner => root, + # group => root, + # require => File["${apache2_sites}-available/$title"], + # notify => Service["apache"], + #} + + case $ensure { + 'present': { + if ($docroot != false) and ($manage_docroot == true) { + if !defined(File["${docroot}"]) { + file { "${docroot}": + ensure => present, + owner => $owner, + group => $group, + mode => 0755, + recurse => false, + } + } + if !defined(Exec["check_docroot_${docroot}"]) { + # Ensure parent folder exist + exec { "check_docroot_${docroot}": + command => "/bin/mkdir -p ${docroot}", + unless => "/bin/sh -c '[ -e ${docroot} ]'", + user => root, + before => File["${docroot}"], + } + } + } + exec { "/usr/sbin/a2ensite $vhost": + unless => "/bin/sh -c '[ -L ${apache2_sites}-enabled/$vhost ] \ + && [ ${apache2_sites}-enabled/$vhost -ef ${apache2_sites}-available/$vhost ]'", + notify => Exec["reload-apache2"], + } + } + 'absent': { + exec { "/usr/sbin/a2dissite $vhost": + onlyif => "/bin/sh -c '[ -L ${apache2_sites}-enabled/$vhost ] \ + && [ ${apache2_sites}-enabled/$vhost -ef ${apache2_sites}-available/$vhost ]'", + notify => Exec["reload-apache2"], + } + + file { "${apache2_sites}-enabled/$vhost": + ensure => absent, + notify => Exec["reload-apache2"], + } + } + default: { err ("Unknown ensure value: '$ensure'") } + } +} |