# # Puppet module for Apache # # This module is distributed under the GNU Affero General Public License: # # Backup module for puppet # Copyright (C) 2009 Sarava Group # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # # Using code from Debian Apache2 recipe: # # http://reductivelabs.com/trac/puppet/wiki/Recipes/DebianApache2Recipe # $apache2_sites = "/etc/apache2/sites" $apache2_mods = "/etc/apache2/mods" $apache2_conf_d = "/etc/apache2/conf.d" $apache2_macros = "/etc/apache2/conf.d/macros" $apache2_conf = "/etc/apache2/apache2.conf" class apache { include ssl case $apache_www_folder { '': { $apache_www_folder = "/var/www" } } case $apache_default_folder { # Give the "It works!" webpage by default. '': { $apache_default_folder = "/var/www" } } case $apache_sites_folder { '': { $apache_sites_folder = "${apache_www_folder}/sites" } } case $apache_error_folder { '': { $apache_error_folder = "${apache_www_folder}/error" } } case $apache_error_dest { '': { $apache_error_dest = "${apache_error_folder}/index.html" } } case $apache_server_name { '': { $apache_server_name = $hostname } } package { "apache": name => "apache2-mpm-itk", ensure => installed, } package { "mod_macro": name => "libapache2-mod-macro", ensure => installed, } service { "apache2": alias => "apache", ensure => running, require => Package["apache"], hasstatus => true, hasrestart => true, } module { "macro": ensure => present, require => Package["mod_macro"], } module { "headers": ensure => present, require => Package["apache"], } module { "ssl": ensure => present, require => Package["apache"], } module { "rewrite": ensure => present, require => Package["apache"], } # apache mod_macro configuration file { "${apache2_macros}": ensure => present, content => template('apache/macros.erb'), owner => root, group => root, mode => 0644, require => Module["macro"], notify => Service["apache"], } # apache mod_macro configuration file { "${apache2_conf}": ensure => present, content => template('apache/apache2.conf.erb'), owner => root, group => root, mode => 0644, notify => Service["apache"], } # default site configuration file { "${apache2_sites}-available/default": ensure => present, content => template('apache/default.erb'), owner => root, group => root, mode => 0644, notify => Service["apache"], } # https proxy configuration # see http://www.metaltoad.com/blog/running-drupal-secure-pages-behind-proxy file { "$apache2_conf_d/https-proxy": ensure => $apache_https_proxy ? { '' => absent, default => present, }, content => $apache_https_proxy ? { 'force' => "SetEnv HTTPS on\n", default => "SetEnvIf X-Forwarded-Proto https HTTPS=on\n", }, owner => root, group => root, mode => 0644, notify => Service["apache"], } define site($ensure = present, $docroot = false, $redirect = false, $redirect_match = false, $protocol = 'http', $aliases = false, $server_alias = false, $use = false, $ticket = false, $source = false, $template = 'apache/site.erb', $filename = '', $manage_docroot = true, $owner = 'root', $group = 'root', $mpm = true, $mpm_user = '', $mpm_group = '', $password = '*', $comment = '', $sshkey = absent, $groups = '', $shell = '/bin/false', $manage_user = true, $ssl = false, $listen = '*', $https_redirect = false) { $vhost = $filename ? { '' => "$title", default => "$filename", } $hosting_domain = $base_domain ? { '' => $domain, default => $base_domain, } $user = $mpm_user ? { '' => regsubst($title, '\.', '_', 'G'), default => $mpm_user, } $gid = $mpm_group? { '' => regsubst($title, '\.', '_', 'G'), default => $mpm_group, } if $mpm == true and $manage_user == true and $user != 'root' { if $ensure == present { if !defined(Group[$gid]) { group { "$gid": ensure => present, } } if !defined(User["$user"]) { user::manage { "$user": tag => "virtual", password => $password, gid => $gid, comment => $comment, ticket => $ticket, groups => $groups, sshkey => $sshkey, shell => $shell, ensure => present, require => Group[$gid], } } } else { if !defined(User["$user"]) { user::manage { "$user": tag => "virtual", password => $password, ensure => absent, } } if !defined(Group[$gid]) { group { "$gid": ensure => absent, require => User[$user], } } } } if $ssl == true { ssl::cert { "$name": group => $gid, privmode => '0640', ensure => $ensure, } ssl::check { "$name": file => "/etc/ssl/certs/$name.crt", ensure => $ensure, } } case $source { true: { file { "${apache2_sites}-available/$vhost": ensure => $ensure, source => [ "puppet:///modules/site-apache/vhosts/$domain/$title", "puppet:///modules/site-apache/vhosts/$title" ], owner => root, group => root, mode => 0644, require => File["${apache2_macros}"], notify => Service["apache"], } } false: { file { "${apache2_sites}-available/$vhost": ensure => $ensure, content => template("$template"), owner => root, group => root, mode => 0644, require => File["${apache2_macros}"], notify => Service["apache"], } } } # Enable the site without a2ensite # #$status = $ensure ? { # 'present' => "${apache2_sites}-available/$vhost", # default => 'absent', #} # #file { "/etc/apache2/sites-enabled/$title": # ensure => $status, # owner => root, # group => root, # require => File["${apache2_sites}-available/$title"], # notify => Service["apache"], #} case $ensure { 'present': { if ($docroot != false) and ($manage_docroot == true) { if !defined(File["${docroot}"]) { file { "${docroot}": ensure => present, owner => $owner, group => $group, mode => 0755, recurse => false, } } if !defined(Exec["check_docroot_${docroot}"]) { # Ensure parent folder exist exec { "check_docroot_${docroot}": command => "/bin/mkdir -p ${docroot}", unless => "/bin/sh -c '[ -e ${docroot} ]'", user => root, before => File["${docroot}"], } } } exec { "/usr/sbin/a2ensite $vhost": unless => "/bin/sh -c '[ -L ${apache2_sites}-enabled/$vhost ] \ && [ ${apache2_sites}-enabled/$vhost -ef ${apache2_sites}-available/$vhost ]'", notify => Exec["reload-apache2"], } } 'absent': { exec { "/usr/sbin/a2dissite $vhost": onlyif => "/bin/sh -c '[ -L ${apache2_sites}-enabled/$vhost ] \ && [ ${apache2_sites}-enabled/$vhost -ef ${apache2_sites}-available/$vhost ]'", notify => Exec["reload-apache2"], } file { "${apache2_sites}-enabled/$vhost": ensure => absent, notify => Exec["reload-apache2"], } } default: { err ("Unknown ensure value: '$ensure'") } } } # Define an apache2 module. Debian packages place the module config # into /etc/apache2/mods-available. # # You can add a custom require (string) if the module depends on # packages that aren't part of the default apache2 package. Because of # the package dependencies, apache2 will automagically be included. define module($ensure = 'present') { case $ensure { 'present': { exec { "/usr/sbin/a2enmod $name": unless => "/bin/sh -c '[ -L ${apache2_mods}-enabled/${name}.load ] \ && [ ${apache2_mods}-enabled/${name}.load -ef ${apache2_mods}-available/${name}.load ]'", notify => Exec["force-reload-apache2"], } } 'absent': { exec { "/usr/sbin/a2dismod $name": onlyif => "/bin/sh -c '[ -L ${apache2_mods}-enabled/${name}.load ] \ && [ ${apache2_mods}-enabled/${name}.load -ef ${apache2_mods}-available/${name}.load ]'", notify => Exec["force-reload-apache2"], } } default: { err ("Unknown ensure value: '$ensure'") } } } # Notify this when apache needs a reload. This is only needed when # sites are added or removed, since a full restart then would be # a waste of time. When the module-config changes, a force-reload is # needed. exec { "reload-apache2": command => "/etc/init.d/apache2 reload", refreshonly => true, } exec { "force-reload-apache2": command => "/etc/init.d/apache2 force-reload", refreshonly => true, } } class apache::rails inherits apache { package { "mod_rack": name => "libapache2-mod-passenger", ensure => installed, } # Needed by https://git.codecoop.org/projects/coquelicot package { [ 'libsinatra-ruby1.8', 'libopenssl-ruby1.8', 'libhaml-ruby1.8', 'liblockfile-ruby', 'libgettext-ruby1.8' ]: ensure => installed, } module { "passenger": ensure => present, require => Package["mod_rack"], } }