From 35690aec253a16ca0c48f4fb249ce940dc5f48e0 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 18 Jan 2013 18:23:51 -0200 Subject: Moving site and module definitions to different files --- manifests/site.pp | 193 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 193 insertions(+) create mode 100644 manifests/site.pp (limited to 'manifests/site.pp') diff --git a/manifests/site.pp b/manifests/site.pp new file mode 100644 index 0000000..0c68361 --- /dev/null +++ b/manifests/site.pp @@ -0,0 +1,193 @@ +define apache::site($ensure = present, $docroot = false, $redirect = false, + $redirect_match = false, $protocol = 'http', $aliases = false, + $server_alias = false, $use = false, $ticket = false, + $source = false, $template = 'apache/site.erb', $filename = '', + $manage_docroot = true, $owner = 'root', $group = 'root', + $mpm = true, $mpm_user = '', $mpm_group = '', $password = '*', + $comment = '', $sshkey = absent, + $groups = '', $shell = '/bin/false', $manage_user = true, + $ssl = false, $listen = '*', $https_redirect = false, + $canonical = false, $canonical_exceptions = '', $hidden_service = false) { + + $vhost = $filename ? { + '' => "$title", + default => "$filename", + } + + $hosting_domain = $base_domain ? { + '' => $domain, + default => $base_domain, + } + + $user = $mpm_user ? { + '' => regsubst($title, '\.', '_', 'G'), + default => $mpm_user, + } + + $gid = $mpm_group? { + '' => regsubst($title, '\.', '_', 'G'), + default => $mpm_group, + } + + if $hidden_service == true { + # Make sure that the tor daemon is included + include tor::daemon + + # It's important to use a subdir from the tor datadir + # to ease backup/restore procedures as we don't mix + # hidden service data with other tor files. + if !defined(File["$tor::daemon::data_dir/hidden"]) { + file { "$tor::daemon::data_dir/hidden": + ensure => directory, + owner => 'debian-tor', + group => 'debian-tor', + mode => 0700, + } + } + + tor::daemon::hidden_service { $title: + ports => "80 127.0.0.1:80", + data_dir => "$tor::daemon::data_dir/hidden", + require => File["$tor::daemon::data_dir/hidden"], + ensure => $ensure, + } + } + + if $mpm == true and $manage_user == true and $user != 'root' { + if $ensure == present { + if !defined(Group[$gid]) { + group { "$gid": + ensure => present, + } + } + + if !defined(User["$user"]) { + user::manage { "$user": + tag => "virtual", + password => $password, + gid => $gid, + comment => $comment, + ticket => $ticket, + groups => $groups, + sshkey => $sshkey, + shell => $shell, + ensure => present, + require => Group[$gid], + } + } + } + else { + if !defined(User["$user"]) { + user::manage { "$user": + tag => "virtual", + password => $password, + ensure => absent, + } + } + + if !defined(Group[$gid]) { + group { "$gid": + ensure => absent, + require => User[$user], + } + } + } + } + + if $ssl == true { + ssl::cert { "$name": + group => $gid, + privmode => '0640', + ensure => $ensure, + } + + ssl::check { "$name": + file => "/etc/ssl/certs/$name.crt", + ensure => $ensure, + } + } + + case $source { + true: { + file { "${apache2_sites}-available/$vhost": + ensure => $ensure, + source => [ "puppet:///modules/site-apache/vhosts/$domain/$title", + "puppet:///modules/site-apache/vhosts/$title" ], + owner => root, + group => root, + mode => 0644, + require => File["${apache2_macros}"], + notify => Service["apache"], + } + } + false: { + file { "${apache2_sites}-available/$vhost": + ensure => $ensure, + content => template("$template"), + owner => root, + group => root, + mode => 0644, + require => File["${apache2_macros}"], + notify => Service["apache"], + } + } + } + + # Enable the site without a2ensite + # + #$status = $ensure ? { + # 'present' => "${apache2_sites}-available/$vhost", + # default => 'absent', + #} + # + #file { "/etc/apache2/sites-enabled/$title": + # ensure => $status, + # owner => root, + # group => root, + # require => File["${apache2_sites}-available/$title"], + # notify => Service["apache"], + #} + + case $ensure { + 'present': { + if ($docroot != false) and ($manage_docroot == true) { + if !defined(File["${docroot}"]) { + file { "${docroot}": + ensure => present, + owner => $owner, + group => $group, + mode => 0755, + recurse => false, + } + } + if !defined(Exec["check_docroot_${docroot}"]) { + # Ensure parent folder exist + exec { "check_docroot_${docroot}": + command => "/bin/mkdir -p ${docroot}", + unless => "/bin/sh -c '[ -e ${docroot} ]'", + user => root, + before => File["${docroot}"], + } + } + } + exec { "/usr/sbin/a2ensite $vhost": + unless => "/bin/sh -c '[ -L ${apache2_sites}-enabled/$vhost ] \ + && [ ${apache2_sites}-enabled/$vhost -ef ${apache2_sites}-available/$vhost ]'", + notify => Exec["reload-apache2"], + } + } + 'absent': { + exec { "/usr/sbin/a2dissite $vhost": + onlyif => "/bin/sh -c '[ -L ${apache2_sites}-enabled/$vhost ] \ + && [ ${apache2_sites}-enabled/$vhost -ef ${apache2_sites}-available/$vhost ]'", + notify => Exec["reload-apache2"], + } + + file { "${apache2_sites}-enabled/$vhost": + ensure => absent, + notify => Exec["reload-apache2"], + } + } + default: { err ("Unknown ensure value: '$ensure'") } + } +} -- cgit v1.2.3