define apache::site( $ensure = present, $docroot = false, $redirect = false, $redirect_match = false, $protocol = 'http', $aliases = false, $server_alias = false, $use = false, $ticket = false, $source = false, $template = 'apache/site.erb', $filename = '', $manage_docroot = true, $owner = 'root', $group = 'root', $mpm = true, $mpm_user = '', $mpm_group = '', $password = '*', $comment = '', $sshkey = absent, $groups = '', $shell = '/bin/false', $manage_user = true, $ssl = false, $listen = '*', $https_redirect = false, $canonical = false, $canonical_exceptions = '', $hidden_service = false, $custom_directives = false ) { $vhost = $filename ? { '' => "$title", default => "$filename", } $hosting_domain = hiera('apache::site::domain', $::domain) $user = $mpm_user ? { '' => regsubst($title, '\.', '_', 'G'), default => $mpm_user, } $gid = $mpm_group ? { '' => regsubst($title, '\.', '_', 'G'), default => $mpm_group, } $hidden_enabled = hiera('apache::site::hidden', false) if $hidden_service == true and $hidden_enabled == true { tor::daemon::hidden_service { $title: ports => [ "80 127.0.0.1:${apache::http_port}" ], data_dir => "${tor::daemon::data_dir}/hidden", require => File["${tor::daemon::data_dir}/hidden"], ensure => $ensure, } } if $mpm == true and $manage_user == true and $user != 'root' { if $ensure == present { if !defined(Group[$gid]) { group { "$gid": ensure => present, } } if !defined(User["$user"]) { user::manage { "$user": tag => "virtual", password => $password, gid => $gid, comment => $comment, ticket => $ticket, groups => $groups, sshkey => $sshkey, shell => $shell, ensure => present, require => Group[$gid], } } } else { if !defined(User["$user"]) { user::manage { "$user": tag => "virtual", password => $password, ensure => absent, } } if !defined(Group[$gid]) { group { "$gid": ensure => absent, require => User[$user], } } } } if $ssl == true { ssl::cert { "$name": group => $gid, privmode => '0640', ensure => $ensure, } ssl::check { "$name": file => "/etc/ssl/certs/$name.crt", ensure => $ensure, } } case $source { true: { file { "${apache::sites}-available/$vhost.conf": ensure => $ensure, source => [ "puppet:///modules/site_apache/vhosts/$domain/$title", "puppet:///modules/site_apache/vhosts/$title" ], owner => root, group => root, mode => 0644, require => File["${apache::macros}"], notify => Service["apache"], } } false: { file { "${apache::sites}-available/$vhost.conf": ensure => $ensure, content => template("$template"), owner => root, group => root, mode => 0644, require => File["${apache::macros}"], notify => Service["apache"], } } } # Enable the site without a2ensite # #$status = $ensure ? { # 'present' => "${apache::sites}-available/$vhost", # default => 'absent', #} # #file { "/etc/apache2/sites-enabled/$title": # ensure => $status, # owner => root, # group => root, # require => File["${apache::sites}-available/$title"], # notify => Service["apache"], #} case $ensure { 'present': { if ($docroot != false) and ($manage_docroot == true) { if !defined(File["${docroot}"]) { file { "${docroot}": ensure => present, owner => $owner, group => $group, mode => 0755, recurse => false, } } if !defined(Exec["check_docroot_${docroot}"]) { # Ensure parent folder exist exec { "check_docroot_${docroot}": command => "/bin/mkdir -p ${docroot}", unless => "/bin/sh -c '[ -e ${docroot} ]'", user => root, before => File["${docroot}"], } } } exec { "/usr/sbin/a2ensite $vhost": unless => "/bin/sh -c '[ -L ${apache::sites}-enabled/$vhost.conf ] \ && [ ${apache::sites}-enabled/$vhost.conf -ef ${apache::sites}-available/$vhost.conf ]'", notify => Exec["reload-apache2"], } } 'absent': { exec { "/usr/sbin/a2dissite $vhost": onlyif => "/bin/sh -c '[ -L ${apache::sites}-enabled/$vhost.conf ] \ && [ ${apache::sites}-enabled/$vhost.conf -ef ${apache::sites}-available/$vhost.conf ]'", notify => Exec["reload-apache2"], } file { "${apache::sites}-enabled/$vhost.conf": ensure => absent, notify => Exec["reload-apache2"], } } default: { err ("Unknown ensure value: '$ensure'") } } }