diff options
Diffstat (limited to 'modules/apache/manifests')
22 files changed, 290 insertions, 147 deletions
diff --git a/modules/apache/manifests/base.pp b/modules/apache/manifests/base.pp new file mode 100644 index 00000000..4e1d6ed4 --- /dev/null +++ b/modules/apache/manifests/base.pp @@ -0,0 +1,37 @@ +class apache::base { + include apache::var + + $conf_d = '/etc/httpd/conf/conf.d' + + package { 'apache': + alias => 'apache-server', + } + + service { 'httpd': + alias => 'apache', + subscribe => [ Package['apache-server'] ], + } + + exec { 'apachectl configtest': + refreshonly => true, + notify => Service['apache'], + } + + apache::config { + "${conf_d}/no_hidden_file_dir.conf": + content => template('apache/no_hidden_file_dir.conf'), + require => Package[$apache::var::pkg_conf]; + "${conf_d}/customization.conf": + content => template('apache/customization.conf'), + require => Package[$apache::var::pkg_conf]; + '/etc/httpd/conf/vhosts.d/00_default_vhosts.conf': + content => template('apache/00_default_vhosts.conf'), + require => Package[$apache::var::pkg_conf]; + '/etc/httpd/conf/modules.d/50_mod_deflate.conf': + content => template('apache/50_mod_deflate.conf'); + } + + file { '/etc/logrotate.d/httpd': + content => template('apache/logrotate') + } +} diff --git a/modules/apache/manifests/config.pp b/modules/apache/manifests/config.pp new file mode 100644 index 00000000..0ff0962c --- /dev/null +++ b/modules/apache/manifests/config.pp @@ -0,0 +1,6 @@ +define apache::config($content) { + file { $name: + content => $content, + notify => Exec['apachectl configtest'], + } +} diff --git a/modules/apache/manifests/cve-2011-3192.pp b/modules/apache/manifests/cve-2011-3192.pp new file mode 100644 index 00000000..1e39ac04 --- /dev/null +++ b/modules/apache/manifests/cve-2011-3192.pp @@ -0,0 +1,9 @@ +class apache::cve-2011-3192 { + include apache::base + # temporary protection against CVE-2011-3192 + # https://httpd.apache.org/security/CVE-2011-3192.txt + apache::config { + "${apache::base::conf_d}/CVE-2011-3192.conf": + content => template('apache/CVE-2011-3192.conf'), + } +} diff --git a/modules/apache/manifests/init.pp b/modules/apache/manifests/init.pp index e8f7a575..40779d4d 100644 --- a/modules/apache/manifests/init.pp +++ b/modules/apache/manifests/init.pp @@ -1,156 +1,25 @@ class apache { - - class base { - package { "apache-mpm-prefork": - alias => apache, - ensure => installed - } - - service { httpd: - alias => apache, - ensure => running, - subscribe => [ Package['apache-mpm-prefork'] ], - } - - file { "customization.conf": - ensure => present, - path => "/etc/httpd/conf.d/customization.conf", - content => template("apache/customization.conf"), - require => Package["apache"], - notify => Service["apache"], - owner => root, - group => root, - mode => 644, - } - - file { "00_default_vhosts.conf": - path => "/etc/httpd/conf/vhosts.d/00_default_vhosts.conf", - ensure => "present", - owner => root, - group => root, - mode => 644, - notify => Service['apache'], - content => template("apache/00_default_vhosts.conf") - } - } - - class mod_php inherits base { - package { "apache-mod_php": - ensure => installed - } - } - - class mod_perl inherits base { - package { "apache-mod_perl": - ensure => installed - } - } - - class mod_fcgid inherits base { - package { "apache-mod_fcgid": - ensure => installed - } - } - - class mod_fastcgi inherits base { - package { "apache-mod_fastcgi": - ensure => installed - } - } - - class mod_ssl inherits base { - package { "apache-mod_ssl": - ensure => installed - } - } - - class mod_wsgi inherits base { - package { "apache-mod_wsgi": - ensure => installed - } - - file { "/usr/local/lib/wsgi": - ensure => directory, - owner => root, - group => root, - mode => 644, + define vhost_simple($location) { + include apache::base + apache::vhost::base { $name: + location => $location, } - } - - define vhost_redirect_ssl() { - file { "redirect_ssl_$name.conf": - path => "/etc/httpd/conf/vhosts.d/redirect_ssl_$name.conf", - ensure => "present", - owner => root, - group => root, - mode => 644, - notify => Service['apache'], - content => template("apache/vhost_ssl_redirect.conf") + apache::vhost::base { "ssl_${name}": + vhost => $name, + use_ssl => true, + location => $location, } } - define vhost_catalyst_app($script, $location = '', $process = 4, $use_ssl = false) { - - include apache::mod_fastcgi - - file { "$name.conf": - path => "/etc/httpd/conf/vhosts.d/$name.conf", - ensure => "present", - owner => root, - group => root, - mode => 644, - notify => Service['apache'], - content => template("apache/vhost_catalyst_app.conf") + define vhost_redirect($url, + $vhost = false, + $use_ssl = false) { + include apache::base + apache::vhost::base { $name: + use_ssl => $use_ssl, + vhost => $vhost, + content => template("apache/vhost_redirect.conf"), } } - define vhost_django_app($module, $module_path = '/usr/share') { - include apache::mod_wsgi - - file { "$name.conf": - path => "/etc/httpd/conf/vhosts.d/$name.conf", - ensure => "present", - owner => root, - group => root, - mode => 644, - notify => Service['apache'], - content => template("apache/vhost_django_app.conf") - } - - # fichier django wsgi - file { "$name.wsgi": - path => "/usr/local/lib/wsgi/$name.wsgi", - ensure => "present", - owner => root, - group => root, - mode => 755, - notify => Service['apache'], - content => template("apache/django.wsgi") - } - } - - define vhost_other_app($vhost_file) { - file { "$name.conf": - path => "/etc/httpd/conf/vhosts.d/$name.conf", - ensure => "present", - owner => root, - group => root, - mode => 644, - notify => Service['apache'], - content => template($vhost_file) - } - } - - define webapp_other($webapp_file) { - $webappname = $name - file { "webapp_$name.conf": - path => "/etc/httpd/conf/webapps.d/$webappname.conf", - ensure => "present", - owner => root, - group => root, - mode => 644, - notify => Service['apache'], - content => template($webapp_file) - } - } } diff --git a/modules/apache/manifests/mod/fastcgi.pp b/modules/apache/manifests/mod/fastcgi.pp new file mode 100644 index 00000000..2b421291 --- /dev/null +++ b/modules/apache/manifests/mod/fastcgi.pp @@ -0,0 +1,5 @@ +class apache::mod::fastcgi { + include apache::base + package { 'apache-mod_fastcgi': } +} + diff --git a/modules/apache/manifests/mod/fcgid.pp b/modules/apache/manifests/mod/fcgid.pp new file mode 100644 index 00000000..b8186a64 --- /dev/null +++ b/modules/apache/manifests/mod/fcgid.pp @@ -0,0 +1,11 @@ +class apache::mod::fcgid { + include apache::base + package { 'apache-mod_fcgid': } + + file { 'urlescape': + path => '/usr/local/bin/urlescape', + mode => '0755', + notify => Service['apache'], + content => template('apache/urlescape'), + } +} diff --git a/modules/apache/manifests/mod/geoip.pp b/modules/apache/manifests/mod/geoip.pp new file mode 100644 index 00000000..7f5516bc --- /dev/null +++ b/modules/apache/manifests/mod/geoip.pp @@ -0,0 +1,4 @@ +class apache::mod::geoip { + include apache::base + package { 'apache-mod_geoip': } +} diff --git a/modules/apache/manifests/mod/perl.pp b/modules/apache/manifests/mod/perl.pp new file mode 100644 index 00000000..2c52bf50 --- /dev/null +++ b/modules/apache/manifests/mod/perl.pp @@ -0,0 +1,4 @@ +class apache::mod::perl { + include apache::base + package { 'apache-mod_perl': } +} diff --git a/modules/apache/manifests/mod/php.pp b/modules/apache/manifests/mod/php.pp new file mode 100644 index 00000000..2c8d6733 --- /dev/null +++ b/modules/apache/manifests/mod/php.pp @@ -0,0 +1,10 @@ +class apache::mod::php { + include apache::base + $php_date_timezone = 'UTC' + + package { 'apache-mod_php': } + + apache::config { "${apache::base::conf_d}/mod_php.conf": + content => template('apache/mod/php.conf'), + } +} diff --git a/modules/apache/manifests/mod/proxy.pp b/modules/apache/manifests/mod/proxy.pp new file mode 100644 index 00000000..80180d62 --- /dev/null +++ b/modules/apache/manifests/mod/proxy.pp @@ -0,0 +1,4 @@ +class apache::mod::proxy { + include apache::base + package { 'apache-mod_proxy': } +} diff --git a/modules/apache/manifests/mod/public_html.pp b/modules/apache/manifests/mod/public_html.pp new file mode 100644 index 00000000..b5691b53 --- /dev/null +++ b/modules/apache/manifests/mod/public_html.pp @@ -0,0 +1,4 @@ +class apache::mod::public_html { + include apache::base + package { 'apache-mod_public_html': } +} diff --git a/modules/apache/manifests/mod/ssl.pp b/modules/apache/manifests/mod/ssl.pp new file mode 100644 index 00000000..ab3d24e4 --- /dev/null +++ b/modules/apache/manifests/mod/ssl.pp @@ -0,0 +1,20 @@ +class apache::mod::ssl { + include apache::base + file { '/etc/ssl/apache/': + ensure => directory + } + + openssl::self_signed_cert{ 'localhost': + directory => '/etc/ssl/apache/', + before => Apache::Config['/etc/httpd/conf/vhosts.d/01_default_ssl_vhost.conf'], + } + + package { 'apache-mod_ssl': } + + apache::config { + '/etc/httpd/conf/vhosts.d/01_default_ssl_vhost.conf': + content => template('apache/01_default_ssl_vhost.conf'); + "${apache::base::conf_d}/ssl_vhost.conf": + content => template('apache/mod/ssl_vhost.conf'); + } +} diff --git a/modules/apache/manifests/mod/wsgi.pp b/modules/apache/manifests/mod/wsgi.pp new file mode 100644 index 00000000..7f4fb719 --- /dev/null +++ b/modules/apache/manifests/mod/wsgi.pp @@ -0,0 +1,12 @@ +class apache::mod::wsgi { + include apache::base + package { 'apache-mod_wsgi': } + + file { '/usr/local/lib/wsgi': + ensure => directory, + } + + apache::config { "${apache::base::conf_d}/mod_wsgi.conf": + content => template('apache/mod/wsgi.conf'), + } +} diff --git a/modules/apache/manifests/var.pp b/modules/apache/manifests/var.pp new file mode 100644 index 00000000..4a6d68eb --- /dev/null +++ b/modules/apache/manifests/var.pp @@ -0,0 +1,12 @@ +# $httpdlogs_rotate: +# number of time the log file are rotated before being removed +# $default_vhost_redirect: +# URL to redirect to in case of unknown vhost +class apache::var( + $httpdlogs_rotate = '24', + $apache_user = 'apache', + $apache_group = 'apache', + $default_vhost_redirect = '' +) { + $pkg_conf = 'apache' +} diff --git a/modules/apache/manifests/vhost/base.pp b/modules/apache/manifests/vhost/base.pp new file mode 100644 index 00000000..27a19998 --- /dev/null +++ b/modules/apache/manifests/vhost/base.pp @@ -0,0 +1,50 @@ +define apache::vhost::base ($content = '', + $location = '/dev/null', + $use_ssl = false, + $vhost = false, + $aliases = {}, + $server_aliases = [], + $access_logfile = false, + $error_logfile = false, + $options = [], + $enable_public_html = false, + $enable_location = true) { + include apache::base + $httpd_logdir = '/var/log/httpd' + $filename = "${name}.conf" + + if ! $vhost { + $real_vhost = $name + } else { + $real_vhost = $vhost + } + + if ! $access_logfile { + $real_access_logfile = "${httpd_logdir}/${real_vhost}-access_log" + } else { + $real_access_logfile = $access_logfile + } + if ! $error_logfile { + $real_error_logfile = "${httpd_logdir}/${real_vhost}-error_log" + } else { + $real_error_logfile = $error_logfile + } + + if $use_ssl { + include apache::mod::ssl + if $wildcard_sslcert != true { + openssl::self_signed_cert{ $real_vhost: + directory => '/etc/ssl/apache/', + before => Apache::Config["/etc/httpd/conf/vhosts.d/${filename}"], + } + } + } + + if $enable_public_html { + include apache::mod::public_html + } + + apache::config { "/etc/httpd/conf/vhosts.d/${filename}": + content => template('apache/vhost_base.conf') + } +} diff --git a/modules/apache/manifests/vhost/catalyst_app.pp b/modules/apache/manifests/vhost/catalyst_app.pp new file mode 100644 index 00000000..1ce40747 --- /dev/null +++ b/modules/apache/manifests/vhost/catalyst_app.pp @@ -0,0 +1,24 @@ +define apache::vhost::catalyst_app( $script, + $location = '', + $process = 4, + $use_ssl = false, + $aliases = {}, + $vhost = false) { + include apache::mod::fcgid + if ($location) { + $aliases['/static'] = "${location}/root/static" + } + + $script_aliases = { + '/' => "$script/", + } + + apache::vhost::base { $name: + vhost => $vhost, + use_ssl => $use_ssl, + content => template('apache/vhost_fcgid.conf'), + aliases => $aliases, + } +} + + diff --git a/modules/apache/manifests/vhost/django_app.pp b/modules/apache/manifests/vhost/django_app.pp new file mode 100644 index 00000000..91974acd --- /dev/null +++ b/modules/apache/manifests/vhost/django_app.pp @@ -0,0 +1,22 @@ +define apache::vhost::django_app ($module = false, + $module_path = false, + $use_ssl = false, + $aliases= {}) { + include apache::mod::wsgi + apache::vhost::base { $name: + use_ssl => $use_ssl, + content => template('apache/vhost_django_app.conf'), + aliases => $aliases, + } + + # module is a ruby reserved keyword, cannot be used in templates + $django_module = $module + file { "${name}.wsgi": + path => "/usr/local/lib/wsgi/${name}.wsgi", + mode => '0755', + notify => Service['apache'], + content => template('apache/django.wsgi'), + } +} + + diff --git a/modules/apache/manifests/vhost/other_app.pp b/modules/apache/manifests/vhost/other_app.pp new file mode 100644 index 00000000..f5a71574 --- /dev/null +++ b/modules/apache/manifests/vhost/other_app.pp @@ -0,0 +1,6 @@ +define apache::vhost::other_app($vhost_file) { + include apache::base + apache::config { "/etc/httpd/conf/vhosts.d/${name}.conf": + content => template($vhost_file), + } +} diff --git a/modules/apache/manifests/vhost/redirect_ssl.pp b/modules/apache/manifests/vhost/redirect_ssl.pp new file mode 100644 index 00000000..22a4d4f6 --- /dev/null +++ b/modules/apache/manifests/vhost/redirect_ssl.pp @@ -0,0 +1,6 @@ +define apache::vhost::redirect_ssl() { + apache::vhost::base { "redirect_ssl_${name}": + vhost => $name, + content => template('apache/vhost_ssl_redirect.conf') + } +} diff --git a/modules/apache/manifests/vhost/reverse_proxy.pp b/modules/apache/manifests/vhost/reverse_proxy.pp new file mode 100644 index 00000000..a32aaff0 --- /dev/null +++ b/modules/apache/manifests/vhost/reverse_proxy.pp @@ -0,0 +1,11 @@ +define apache::vhost::reverse_proxy($url, + $vhost = false, + $use_ssl = false, + $content = '') { + include apache::mod::proxy + apache::vhost::base { $name: + use_ssl => $use_ssl, + vhost => $vhost, + content => template('apache/vhost_reverse_proxy.conf') + } +} diff --git a/modules/apache/manifests/vhost/wsgi.pp b/modules/apache/manifests/vhost/wsgi.pp new file mode 100644 index 00000000..291c6d71 --- /dev/null +++ b/modules/apache/manifests/vhost/wsgi.pp @@ -0,0 +1,10 @@ +define apache::vhost::wsgi ($wsgi_path, + $aliases = {}, + $server_aliases = []) { + include apache::mod::wsgi + apache::vhost::base { $name: + aliases => $aliases, + server_aliases => $server_aliases, + content => template('apache/vhost_wsgi.conf'), + } +} diff --git a/modules/apache/manifests/webapp_other.pp b/modules/apache/manifests/webapp_other.pp new file mode 100644 index 00000000..147a2370 --- /dev/null +++ b/modules/apache/manifests/webapp_other.pp @@ -0,0 +1,7 @@ +define apache::webapp_other($webapp_file) { + include apache::base + $webappname = $name + apache::config { "/etc/httpd/conf/webapps.d/${webappname}.conf": + content => template($webapp_file), + } +} |