diff options
| -rw-r--r-- | files/conf.d/status.conf | 4 | ||||
| -rw-r--r-- | manifests/defines.pp | 524 | ||||
| -rw-r--r-- | manifests/defines/0-README | 7 | ||||
| -rw-r--r-- | manifests/defines/configuration.pp | 109 | ||||
| -rw-r--r-- | manifests/defines/modules.pp | 59 | ||||
| -rw-r--r-- | manifests/defines/vhost_files.pp | 209 | ||||
| -rw-r--r-- | manifests/defines/vhost_varieties.pp | 144 | ||||
| -rw-r--r-- | manifests/init.pp | 54 | ||||
| -rw-r--r-- | templates/vhosts/php/CentOS.erb | 2 | ||||
| -rw-r--r-- | templates/vhosts/static/CentOS.erb | 24 |
10 files changed, 592 insertions, 544 deletions
diff --git a/files/conf.d/status.conf b/files/conf.d/status.conf index a0188aa..fb706cc 100644 --- a/files/conf.d/status.conf +++ b/files/conf.d/status.conf @@ -11,6 +11,10 @@ Order deny,allow Deny from all Allow from 127.0.0.1 + + <IfModule mod_security2.c> + SecRuleEngine Off + </IfModule> </Location> # ExtendedStatus controls whether Apache will generate "full" status diff --git a/manifests/defines.pp b/manifests/defines.pp deleted file mode 100644 index d3a8776..0000000 --- a/manifests/defines.pp +++ /dev/null @@ -1,524 +0,0 @@ -# manifests/defines.pp - -# This file contains various defines to work with apache. -# They are separated into various categories: -# -# - common vhosts -# - vhost deploy -# - configuration defines -# - wrapper defines - -### common vhosts - -# vhost_mode: which option is choosed to deploy the vhost -# - template: generate it from a template (default) -# - file: deploy a vhost file (apache::vhost::file will be called directly) -# -define apache::vhost::static( - $domain = 'absent', - $domainalias = 'absent', - $path = 'absent', - $owner = root, - $user_owner = root, - $group = 0, - $mode = 0640, - $apache_user = apache, - $apache_group = 0, - $apache_mode = 0640, - $allow_override = 'None', - $options = 'absent', - $additional_options = 'absent', - $ssl_mode = 'false', - $vhost_mode = 'template', - $vhost_source = 'absent', - $vhost_destination = 'absent', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent' -){ - apache::vhost::webhostdir{$name: - path => $path, - owner => $owner, - user_owner => $user_owner, - group => $group, - mode => $mode, - apache_user => $apache_user, - apache_group => $apache_group, - } - - apache::vhost{"${name}": - path => $path, - vhost_mode => $vhost_mode, - source => $vhost_source, - destination => $vhost_destination, - domain => $domain, - domainalias => $domainalias, - allow_override => $allow_override, - options => $options, - additional_options => $additional_options, - template_mode => 'static', - ssl_mode => $ssl_mode, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - mod_security => 'false', - } -} - -define apache::vhost::php::standard( - $domain = 'absent', - $domainalias = 'absent', - $path = 'absent', - $owner = root, - $user_owner = root, - $group = 0, - $mode = 0640, - $apache_user = apache, - $apache_group = 0, - $apache_mode = 0640, - $allow_override = 'None', - $upload_tmp_dir = 'absent', - $session_save_path = 'absent', - $options = 'absent', - $additional_options = 'absent', - $mod_security = 'true', - $vhost_mode = 'template', - $vhost_source = 'absent', - $vhost_destination = 'absent', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent' -){ - apache::vhost::webhostdir{$name: - path => $path, - owner => $owner, - user_owner => $user_owner, - group => $group, - mode => $mode, - apache_user => $apache_user, - apache_group => $apache_group, - } - - case $upload_tmp_dir { - 'absent': { - include apache::defaultphpdirs - $real_upload_tmp_dir = "/var/www/upload_tmp_dir/${name}" - } - default: { - $real_upload_tmp_dir = $upload_tmp_dir - } - } - file{"$upload_tmp_dir": - ensure => directory, - owner => $apache_user, group => $apache_group, mode => $apache_mode; - } - - case $session_save_path { - 'absent': { - include apache::defaultphpdirs - $real_session_save_path = "/var/www/session.save_path/${name}" - } - default: { - $real_session_save_path = $session_save_path - } - } - file{"$session_save_path": - ensure => directory, - owner => $apache_user, group => $apache_group, mode => $apache_mode; - } - - apache::vhost{"${name}": - path => $path, - template_mode => 'php', - vhost_mode => $vhost_mode, - source => $vhost_source, - destination => $vhost_destination, - domain => $domain, - domainalias => $domainalias, - allow_override => $allow_override, - options => $options, - additional_options => $additional_options, - php_upload_tmp_dir => $real_upload_tmp_dir, - php_session_save_path => $real_session_save_path, - ssl_mode => $ssl_mode, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - mod_security => $mod_security, - } - -} - -### vhost deploy stuff -# these defines are used to deploy a vhost file - -# This define is used to wrap the other vhost defines. -# -# vhost_mode: which option is choosed to deploy the vhost -# - template: generate it from a template (default) -# - file: deploy a vhost file (apache::vhost::file will be called directly) -# -define apache::vhost( - $path = 'absent', - $template_mode = 'static', - $vhost_mode = 'template', - $source = 'absent', - $destination = 'absent', - $content = 'absent', - $domain = 'absent', - $domainalias = 'absent', - $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $options = 'absent', - $additional_options = 'absent', - $template_mode = 'static', - $ssl_mode = 'false', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent', - $mod_security = 'true' -) { - case $vhost_mode { - 'file': { - apache::vhost::file{"${name}": - source => $vhost_source, - destination => $vhost_destination, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - } - } - 'template': { - apache::vhost::template{"${name}": - path => $path, - domain => $domain, - domainalias => $domainalias, - php_upload_tmp_dir => $php_upload_tmp_dir, - php_session_save_path => $php_session_save_path, - allow_override => $allow_override, - options => $options, - additional_options => $additional_options, - template_mode => $template_mode, - ssl_mode => $ssl_mode, - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - mod_security => 'false', - } - } - default: { fail("no such vhost_mode: ${vhost_mode} defined for ${name}.") } - } - -} - -# htpasswd_file: wether to deploy a passwd for this vhost or not -# - absent: ignore (default) -# - nodeploy: htpasswd file isn't deployed by this mechanism -# - else: try to deploy the file -# htpasswd_path: where to deploy the passwd file -# - absent: standardpath (default) -# - else: path to deploy -define apache::vhost::file( - $source = 'absent', - $destination = 'absent', - $content = 'absent', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent' -){ - $vhosts_dir = $operatingsystem ? { - centos => "$apache::centos::config_dir/vhosts.d/", - gentoo => "$apache::gentoo::config_dir/vhosts.d/", - debian => "$apache::debian::config_dir/vhosts.d/", - ubuntu => "$apache::ubuntu::config_dir/vhosts.d/", - openbsd => "$apache::openbsd::config_dir/vhosts.d/", - default => '/etc/apache2/vhosts.d/', - } - $real_destination = $destination ? { - 'absent' => "${vhosts_dir}/${name}.conf", - default => $destination, - } - file{"${name}.conf": - path => $real_destination, - require => File[vhosts_dir], - notify => Service[apache], - owner => root, group => 0, mode => 0644; - } - case $content { - 'absent': { - $real_source = $source ? { - 'absent' => [ - "puppet://$server/files/apache/vhosts.d/${fqdn}/${name}.conf", - "puppet://$server/files/apache/vhosts.d/${apache_cluster_node}/${name}.conf", - "puppet://$server/files/apache/vhosts.d/${name}.conf", - "puppet://$server/apache/vhosts.d/${name}.conf", - "puppet://$server/apache/vhosts.d/${operatingsystem}.${lsbdistcodename}/${name}.conf", - "puppet://$server/apache/vhosts.d/${operatingsystem}/${name}.conf", - "puppet://$server/apache/vhosts.d/${name}.conf" - ], - default => "puppet://$server/$source", - } - File["${name}.conf"]{ - source => $real_source, - } - } - default: { - File["${name}.conf"]{ - content => $content, - } - } - } - case $htpasswd_file { - 'absent','nodeploy': { info("don't deploy a htpasswd file for ${name}") } - default: { - case $htpasswd_path { - 'absent': { - $real_htpasswd_path = $operatingsystem ? { - gentoo => "$apache::gentoo::config_dir/htpasswds/${name}", - debian => "$apache::debian::config_dir/htpasswds/${name}", - ubuntu => "$apache::ubuntu::config_dir/htpasswds/${name}", - openbsd => "$apache::openbsd::config_dir/htpasswds/${name}", - default => "/etc/apache2/htpasswds/${name}" - } - } - default: { $real_htpasswd_path = $htpasswd_path } - } - file{"${real_htpasswd_path}": - source => [ "puppet://$server/files/apache/htpasswds/${fqdn}/${name}", - "puppet://$server/files/apache/htpasswds/${apache_cluster_node}/${name}", - "puppet://$server/files/apache/htpasswds/${name}" ], - owner => root, group => 0, mode => 0644; - } - } - } -} - - -# template_mode: -# - php -> for a default php application -# - static -> for a static application (default) -# ssl_mode: wether this vhost supports ssl or not -# - false: don't enable ssl for this vhost (default) -# - true: enable ssl for this vhost -# - force: enable ssl and redirect non-ssl to ssl -define apache::vhost::template( - $path = 'absent', - $domain = 'absent', - $domainalias = 'absent', - $allow_override = 'None', - $php_upload_tmp_dir = 'absent', - $php_session_save_path = 'absent', - $options = 'absent', - $additional_options = 'absent', - $template_mode = 'static', - $ssl_mode = 'false', - $mod_security = 'true', - $htpasswd_file = 'absent', - $htpasswd_path = 'absent' -){ - $real_path = $path ? { - 'absent' => $operatingsystem ? { - openbsd => "/var/www/htdocs/${name}", - default => "/var/www/${name}" - }, - default => "${path}" - } - $documentroot = "${real_path}/www" - $logdir = "${real_path}/logs" - - $servername = $domain ? { - 'absent' => $name, - default => $domain - } - $serveralias = $domainalias ? { - 'absent' => '', - default => $domainalias - } - - case $htpasswd_path { - 'absent': { - $real_htpasswd_path = $operatingsystem ? { - gentoo => "$apache::gentoo::config_dir/htpasswds/${name}", - debian => "$apache::debian::config_dir/htpasswds/${name}", - ubuntu => "$apache::ubuntu::config_dir/htpasswds/${name}", - openbsd => "$apache::openbsd::config_dir/htpasswds/${name}", - default => "/etc/apache2/htpasswds/${name}" - } - } - default: { $real_htpasswd_path = $htpasswd_path } - } - apache::vhost::file{"$name": - content => template("apache/vhosts/${template_mode}/${operatingsystem}.erb"), - htpasswd_file => $htpasswd_file, - htpasswd_path => $htpasswd_path, - } -} - -### configuration defines -# These defines are used to configured the apache -# - -define apache::config::file( - $source = '', - $destination = '' -){ - $real_source = $source ? { - # get a whole bunch of possible sources if there is no specific source for that config-file - '' => [ - "puppet://$server/files/apache/conf.d/${fqdn}/${name}", - "puppet://$server/files/apache/conf.d/${apache_cluster_node}/${name}", - "puppet://$server/files/apache/conf.d/${name}", - "puppet://$server/apache/conf.d/${operatingsystem}.${lsbdistcodename}/${name}", - "puppet://$server/apache/conf.d/${operatingsystem}/${name}", - "puppet://$server/apache/conf.d/${name}" - ], - default => "puppet://$server/$source", - } - $real_destination = $destination ? { - '' => $operatingsystem ? { - centos => "$apache::centos::config_dir/conf.d/${name}", - gentoo => "$apache::gentoo::config_dir/${name}", - debian => "$apache::debian::config_dir/conf.d/${name}", - ubuntu => "$apache::ubuntu::config_dir/conf.d/${name}", - openbsd => "$apache::openbsd::config_dir/conf.d/${name}", - default => "/etc/apache2/${name}", - }, - default => $destination - } - file{"apache_${name}": - path => $real_destination, - source => $real_source, - notify => Service[apache], - owner => root, group => 0, mode => 0644; - } - - case $operatingsystem { - openbsd: { info("no package dependency on ${operatingsystem} for ${name}") } - default: { - File["apache_${name}"]{ - require => Package[apache], - } - } - } -} - -define apache::centos::module( - $source = '', - $destination = '' -){ - $modules_dir = "$apache::centos::config_dir/modules.d/" - $real_destination = $destination ? { - '' => "${modules_dir}/${name}.so", - default => $destination, - } - $real_source = $source ? { - '' => [ - "puppet://$server/files/apache/modules.d/${fqdn}/${name}.so", - "puppet://$server/files/apache/modules.d/${apache_cluster_node}/${name}.so", - "puppet://$server/files/apache/modules.d/${name}.so", - "puppet://$server/apache/modules.d/${operatingsystem}/${name}.so", - "puppet://$server/apache/modules.d/${name}.so" - ], - default => "puppet://$server/$source", - } - file{"modules_${name}.conf": - path => $real_destination, - source => $real_source, - require => [ File[modules_dir], Package[apache] ], - notify => Service[apache], - owner => root, group => 0, mode => 0755; - } -} - - -define apache::gentoo::module( - $source = '', - $destination = '' -){ - $modules_dir = "$apache::gentoo::config_dir/modules.d/" - $real_destination = $destination ? { - '' => "${modules_dir}/${name}.conf", - default => $destination, - } - $real_source = $source ? { - '' => [ - "puppet://$server/files/apache/modules.d/${fqdn}/${name}.conf", - "puppet://$server/files/apache/modules.d/${apache_cluster_node}/${name}.conf", - "puppet://$server/files/apache/modules.d/${name}.conf", - "puppet://$server/apache/modules.d/${operatingsystem}/${name}.conf", - "puppet://$server/apache/modules.d/${name}.conf" - ], - default => "puppet://$server/$source", - } - file{"modules_${name}.conf": - path => $real_destination, - source => $real_source, - require => [ File[modules_dir], Package[apache] ], - notify => Service[apache], - owner => root, group => 0, mode => 0644; - } -} - - -### wrapper defines -# These defines are mostly wrappers for the common setup. -# They are mainly called by the other defines - - -define apache::vhost::webhostdir( - $path = 'absent', - $owner = root, - $user_owner = root, - $group = 0, - $mode = 0640, - $apache_user = apache, - $apache_group = 0 -){ - $real_path = $path ? { - 'absent' => $operatingsystem ? { - openbsd => "/var/www/htdocs/${name}", - default => "/var/www/${name}" - }, - default => "${path}" - } - $documentroot = "${real_path}/www" - $logdir = "${real_path}/logs" - - case $apache_user { - apache: { - case $apache_default_user { - '': { - $real_apache_user = $operatingsystem ? { - openbsd => 'www', - default => $apache_user - } - } - default: { $real_apache_user = $apache_default_user } - } - } - default: { $real_apache_user = $apache_default_user } - } - - case $apache_group { - apache: { - case $apache_default_group { - '': { - $real_apache_group = $operatingsystem ? { - openbsd => 'www', - default => $apache_group - } - } - default: { $real_apache_group = $apache_default_group } - } - } - default: { $real_apache_group = $apache_default_group } - } - - file{"$real_path": - ensure => directory, - owner => $owner, group => $real_apache_group, mode => '0750'; - } - file{"$documentroot": - ensure => directory, - owner => $user_owner, group => $real_apache_group, mode => $mode; - } - - # the logdir must be writeable by the apache and the user - file{"$logdir": - ensure => directory, - owner => $real_apache_user, group => $group, mode => 775; - } -} diff --git a/manifests/defines/0-README b/manifests/defines/0-README new file mode 100644 index 0000000..f72d971 --- /dev/null +++ b/manifests/defines/0-README @@ -0,0 +1,7 @@ +# This folder contains various defines to work with apache. +# They are separated into various categories: +# +# - modules: manage apache modules +# - configuration: common configuration defines +# - vhost files: deploy vhost configuration files +# - vhost varieties: vhost varieties diff --git a/manifests/defines/configuration.pp b/manifests/defines/configuration.pp new file mode 100644 index 0000000..701f13a --- /dev/null +++ b/manifests/defines/configuration.pp @@ -0,0 +1,109 @@ +# manifests/defines/configuration.pp + +### common configuration defines + +# deploy apache (.conf) configuration file (non-vhost) +define apache::config::file( + $source = '', + $destination = '' +){ + $real_source = $source ? { + '' => [ + "puppet://$server/files/apache/conf.d/${fqdn}/${name}", + "puppet://$server/files/apache/conf.d/${apache_cluster_node}/${name}", + "puppet://$server/files/apache/conf.d/${name}", + "puppet://$server/apache/conf.d/${operatingsystem}.${lsbdistcodename}/${name}", + "puppet://$server/apache/conf.d/${operatingsystem}/${name}", + "puppet://$server/apache/conf.d/${name}" + ], + default => "puppet://$server/$source", + } + $real_destination = $destination ? { + '' => $operatingsystem ? { + centos => "$apache::centos::config_dir/conf.d/${name}", + gentoo => "$apache::gentoo::config_dir/${name}", + debian => "$apache::debian::config_dir/conf.d/${name}", + ubuntu => "$apache::ubuntu::config_dir/conf.d/${name}", + openbsd => "$apache::openbsd::config_dir/conf.d/${name}", + default => "/etc/apache2/${name}", + }, + default => $destination + } + file{"apache_${name}": + path => $real_destination, + source => $real_source, + notify => Service[apache], + owner => root, group => 0, mode => 0644; + } + case $operatingsystem { + openbsd: { info("no package dependency on ${operatingsystem} for ${name}") } + default: { + File["apache_${name}"]{ + require => Package[apache], + } + } + } +} + +# create webdir +define apache::vhost::webdir( + $path = 'absent', + $owner = root, + $group = 0, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = 0640 +){ + $real_path = $path ? { + 'absent' => $operatingsystem ? { + openbsd => "/var/www/htdocs/${name}", + default => "/var/www/vhosts/${name}" + }, + default => "${path}" + } + + $documentroot = "${real_path}/www" + $logdir = "${real_path}/logs" + + case $documentroot_owner { + apache: { + case $apache_default_user { + '': { + $real_documentroot_owner = $operatingsystem ? { + openbsd => 'www', + default => $documentroot_owner + } + } + default: { $real_documentroot_owner = $apache_default_user } + } + } + default: { $real_documentroot_owner = $documentroot_owner } + } + case $apache_group { + apache: { + case $apache_default_group { + '': { + $real_documentroot_group = $operatingsystem ? { + openbsd => 'www', + default => $documentroot_group + } + } + default: { $real_documentroot_group = $apache_default_group } + } + } + default: { $real_documentroot_group = $documentroot_group } + } + file{"$real_path": + ensure => directory, + owner => $owner, group => $group, mode => '0750'; + } + file{"$documentroot": + ensure => directory, + owner => $real_documentroot_owner, group => $group, mode => $documentroot_mode; + } + # the logdir must be writeable by the apache and the user + file{$logdir: + ensure => directory, + owner => $real_documentroot_owner, group => $group, mode => 775; + } +} diff --git a/manifests/defines/modules.pp b/manifests/defines/modules.pp new file mode 100644 index 0000000..8e8ceff --- /dev/null +++ b/manifests/defines/modules.pp @@ -0,0 +1,59 @@ +# manifests/defines/modules.pp + +### manage apache modules + +define apache::centos::module( + $source = '', + $destination = '' +){ + $modules_dir = "$apache::centos::config_dir/modules.d/" + $real_destination = $destination ? { + '' => "${modules_dir}/${name}.so", + default => $destination, + } + $real_source = $source ? { + '' => [ + "puppet://$server/files/apache/modules.d/${fqdn}/${name}.so", + "puppet://$server/files/apache/modules.d/${apache_cluster_node}/${name}.so", + "puppet://$server/files/apache/modules.d/${name}.so", + "puppet://$server/apache/modules.d/${operatingsystem}/${name}.so", + "puppet://$server/apache/modules.d/${name}.so" + ], + default => "puppet://$server/$source", + } + file{"modules_${name}.conf": + path => $real_destination, + source => $real_source, + require => [ File[modules_dir], Package[apache] ], + notify => Service[apache], + owner => root, group => 0, mode => 0755; + } +} + +define apache::gentoo::module( + $source = '', + $destination = '' +){ + $modules_dir = "$apache::gentoo::config_dir/modules.d/" + $real_destination = $destination ? { + '' => "${modules_dir}/${name}.conf", + default => $destination, + } + $real_source = $source ? { + '' => [ + "puppet://$server/files/apache/modules.d/${fqdn}/${name}.conf", + "puppet://$server/files/apache/modules.d/${apache_cluster_node}/${name}.conf", + "puppet://$server/files/apache/modules.d/${name}.conf", + "puppet://$server/apache/modules.d/${operatingsystem}/${name}.conf", + "puppet://$server/apache/modules.d/${name}.conf" + ], + default => "puppet://$server/$source", + } + file{"modules_${name}.conf": + path => $real_destination, + source => $real_source, + require => [ File[modules_dir], Package[apache] ], + notify => Service[apache], + owner => root, group => 0, mode => 0644; + } +} diff --git a/manifests/defines/vhost_files.pp b/manifests/defines/vhost_files.pp new file mode 100644 index 0000000..b7e1847 --- /dev/null +++ b/manifests/defines/vhost_files.pp @@ -0,0 +1,209 @@ +# manifests/defines/vhost_files.pp + +### vhost configuration files +# +# deploy vhost configuration files + + +# this is a wrapper for apache::vhost::file and avhost::template below +# +# vhost_mode: which option is choosed to deploy the vhost +# - template: generate it from a template (default) +# - file: deploy a vhost file (apache::vhost::file will be called directly) +# +define apache::vhost( + $path = 'absent', + $template_mode = 'static', + $vhost_mode = 'template', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $content = 'absent', + $domain = 'absent', + $domainalias = 'absent', + $allow_override = 'None', + $php_upload_tmp_dir = 'absent', + $php_session_save_path = 'absent', + $options = 'absent', + $additional_options = 'absent', + $template_mode = 'static', + $ssl_mode = 'false', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent', + $mod_security = 'true' +) { + # file or template mode? + case $vhost_mode { + 'file': { + apache::vhost::file{$name: + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + } + } + 'template': { + apache::vhost::template{$name: + path => $path, + domain => $domain, + domainalias => $domainalias, + php_upload_tmp_dir => $php_upload_tmp_dir, + php_session_save_path => $php_session_save_path, + allow_override => $allow_override, + options => $options, + additional_options => $additional_options, + template_mode => $template_mode, + ssl_mode => $ssl_mode, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + mod_security => 'false', + } + } + default: { fail("no such vhost_mode: $vhost_mode defined for $name.") } + } + +} + +# htpasswd_file: wether to deploy a passwd for this vhost or not +# - absent: ignore (default) +# - nodeploy: htpasswd file isn't deployed by this mechanism +# - else: try to deploy the file +# +# htpasswd_path: where to deploy the passwd file +# - absent: standardpath (default) +# - else: path to deploy +# +define apache::vhost::file( + $vhost_source = 'absent', + $vhost_destination = 'absent', + $content = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent' +){ + $vhosts_dir = $operatingsystem ? { + centos => "$apache::centos::config_dir/vhosts.d/", + gentoo => "$apache::gentoo::config_dir/vhosts.d/", + debian => "$apache::debian::config_dir/vhosts.d/", + ubuntu => "$apache::ubuntu::config_dir/vhosts.d/", + openbsd => "$apache::openbsd::config_dir/vhosts.d/", + default => '/etc/apache2/vhosts.d/', + } + $real_vhost_destination = $vhost_destination ? { + 'absent' => "$vhosts_dir/$name.conf", + default => $vhost_destination, + } + file{"$name.conf": + path => $real_vhost_destination, + require => File[vhosts_dir], + notify => Service[apache], + owner => root, group => 0, mode => 0644; + } + case $content { + 'absent': { + $real_vhost_source = $vhost_source ? { + 'absent' => [ + "puppet://$server/files/apache/vhosts.d/$fqdn/$name.conf", + "puppet://$server/files/apache/vhosts.d/$apache_cluster_node/$name.conf", + "puppet://$server/files/apache/vhosts.d/$name.conf", + "puppet://$server/apache/vhosts.d/$name.conf", + "puppet://$server/apache/vhosts.d/$operatingsystem.$lsbdistcodename/$name.conf", + "puppet://$server/apache/vhosts.d/$operatingsystem/$name.conf", + "puppet://$server/apache/vhosts.d/$name.conf" + ], + default => "puppet://$server/$vhost_source", + } + File["$name.conf"]{ + source => $real_vhost_source, + } + } + default: { + File["$name.conf"]{ + content => $content, + } + } + } + case $htpasswd_file { + 'absent','nodeploy': { info("don't deploy a htpasswd file for ${name") } + default: { + case $htpasswd_path { + 'absent': { + $real_htpasswd_path = $operatingsystem ? { + gentoo => "$apache::gentoo::config_dir/htpasswds/$name", + debian => "$apache::debian::config_dir/htpasswds/$name", + ubuntu => "$apache::ubuntu::config_dir/htpasswds/$name", + openbsd => "$apache::openbsd::config_dir/htpasswds/$name", + default => "/etc/apache2/htpasswds/$name" + } + } + default: { $real_htpasswd_path = $htpasswd_path } + } + file{$real_htpasswd_path: + source => [ "puppet://$server/files/apache/htpasswds/$fqdn/$name", + "puppet://$server/files/apache/htpasswds/$apache_cluster_node/$name", + "puppet://$server/files/apache/htpasswds/$name" ], + owner => root, group => 0, mode => 0644; + } + } + } +} + +# template_mode: +# - php -> for a default php application +# - static -> for a static application (default) +# +# ssl_mode: wether this vhost supports ssl or not +# - false: don't enable ssl for this vhost (default) +# - true: enable ssl for this vhost +# - force: enable ssl and redirect non-ssl to ssl +# +define apache::vhost::template( + $path = 'absent', + $domain = 'absent', + $domainalias = 'absent', + $allow_override = 'None', + $php_upload_tmp_dir = 'absent', + $php_session_save_path = 'absent', + $options = 'absent', + $additional_options = 'absent', + $template_mode = 'static', + $ssl_mode = 'false', + $mod_security = 'true', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent' +){ + $real_path = $path ? { + 'absent' => $operatingsystem ? { + openbsd => "/var/www/htdocs/$name", + default => "/var/www/$name" + }, + default => $path + } + + $documentroot = "$real_path/www" + $logdir = "$real_path/logs" + + $servername = $domain ? { + 'absent' => $name, + default => $domain + } + $serveralias = $domainalias ? { + 'absent' => '', + default => $domainalias + } + case $htpasswd_path { + 'absent': { + $real_htpasswd_path = $operatingsystem ? { + gentoo => "$apache::gentoo::config_dir/htpasswds/$name", + debian => "$apache::debian::config_dir/htpasswds/$name", + ubuntu => "$apache::ubuntu::config_dir/htpasswds/$name", + openbsd => "$apache::openbsd::config_dir/htpasswds/$name", + default => "/etc/apache2/htpasswds/$name" + } + } + default: { $real_htpasswd_path = $htpasswd_path } + } + apache::vhost::file{$name: + content => template("apache/vhosts/$template_mode/$operatingsystem.erb"), + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + } +} diff --git a/manifests/defines/vhost_varieties.pp b/manifests/defines/vhost_varieties.pp new file mode 100644 index 0000000..ba104db --- /dev/null +++ b/manifests/defines/vhost_varieties.pp @@ -0,0 +1,144 @@ +# manifests/defines/vhost_varieties.pp + +### sepcific vhosts varieties +# +# - apache::vhost::static +# - apache::vhost::php +# - apache::vhost::cgi TODO +# - apache::vhost::modperl TODO +# - apache::vhost::modpython TODO +# - apache::vhost::modrails TODO + +# vhost_mode: which option is choosed to deploy the vhost +# - template: generate it from a template (default) +# - file: deploy a vhost file (apache::vhost::file will be called directly) +# +define apache::vhost::static( + $domain = 'absent', + $domainalias = 'absent', + $path = 'absent', + $owner = root, + $group = 0, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = 0750, + $allow_override = 'None', + $options = 'absent', + $additional_options = 'absent', + $ssl_mode = 'false', + $vhost_mode = 'template', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent' +){ + # create webdir + apache::vhost::webdir{$name: + path => $path, + owner => $owner, + group => $group, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + } + + # create vhost configuration file + apache::vhost{$name: + path => $path, + template_mode => 'static', + vhost_mode => $vhost_mode, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + domain => $domain, + domainalias => $domainalias, + allow_override => $allow_override, + options => $options, + additional_options => $additional_options, + ssl_mode => $ssl_mode, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + mod_security => 'false', + } +} + +define apache::vhost::php::standard( + $domain = 'absent', + $domainalias = 'absent', + $path = 'absent', + $owner = root, + $group = 0, + $documentroot_owner = apache, + $documentroot_group = 0, + $documentroot_mode = 0750, + $allow_override = 'None', + $upload_tmp_dir = 'absent', + $session_save_path = 'absent', + $options = 'absent', + $additional_options = 'absent', + $mod_security = 'true', + $vhost_mode = 'template', + $vhost_source = 'absent', + $vhost_destination = 'absent', + $htpasswd_file = 'absent', + $htpasswd_path = 'absent' +){ + # php upload_tmp_dir + case $upload_tmp_dir { + 'absent': { + include apache::defaultphpdirs + $real_upload_tmp_dir = "/var/www/upload_tmp_dir/$name" + } + default: { $real_upload_tmp_dir = $upload_tmp_dir } + } + file{$real_upload_tmp_dir: + ensure => directory, + owner => $documentroot_owner, + group => $documentroot_group, + mode => $documentroot_mode; + } + + # php session_save_path + case $session_save_path { + 'absent': { + include apache::defaultphpdirs + $real_session_save_path = "/var/www/session.save_path/$name" + } + default: { $real_session_save_path = $session_save_path } + } + file{"$real_session_save_path": + ensure => directory, + owner => $documentroot_owner, + group => $documentroot_group, + mode => $documentroot_mode; + } + + # create webdir + apache::vhost::webdir{$name: + path => $path, + owner => $owner, + group => $group, + documentroot_owner => $documentroot_owner, + documentroot_group => $documentroot_group, + documentroot_mode => $documentroot_mode, + } + + # create vhost configuration file + apache::vhost{$name: + path => $path, + template_mode => 'php', + vhost_mode => $vhost_mode, + vhost_source => $vhost_source, + vhost_destination => $vhost_destination, + domain => $domain, + domainalias => $domainalias, + allow_override => $allow_override, + options => $options, + additional_options => $additional_options, + php_upload_tmp_dir => $real_upload_tmp_dir, + php_session_save_path => $real_session_save_path, + ssl_mode => $ssl_mode, + htpasswd_file => $htpasswd_file, + htpasswd_path => $htpasswd_path, + mod_security => $mod_security, + } +} diff --git a/manifests/init.pp b/manifests/init.pp index 8f22137..b96601a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -12,7 +12,7 @@ # the Free Software Foundation. # -import "defines.pp" +import "defines/*.pp" # Global variables: # @@ -53,6 +53,16 @@ class apache::base { ensure => directory, owner => root, group => 0, mode => 0755; } + file{'htpasswd_dir': + path => '/var/www/htpasswds/', + ensure => directory, + owner => apache, group => 0, mode => 0700; + } + file{'web_dir': + path => '/var/www/', + ensure => directory, + owner => root, group => 0, mode => 0755; + } service { apache: name => 'apache2', enable => true, @@ -64,6 +74,7 @@ class apache::base { content => template('apache/default/default_index.erb'), owner => root, group => 0, mode => 0644; } + apache::config::file{ 'defaults.inc': } apache::vhost::file { '0-default': } } @@ -85,6 +96,12 @@ class apache::package inherits apache::base { File['modules_dir']{ require => Package[apache], } + File['web_dir']{ + require => Package[apache], + } + File['htpasswd_dir']{ + require => Package[apache], + } } @@ -96,9 +113,10 @@ class apache::centos inherits apache::package { Package[apache]{ name => 'httpd', - } + } Service[apache]{ name => 'httpd', + restart => '/etc/init.d/httpd graceful', } File[vhosts_dir]{ path => "$config_dir/vhosts.d/", @@ -109,9 +127,13 @@ class apache::centos inherits apache::package { File[modules_dir]{ path => "$config_dir/modules.d/", } + File[web_dir]{ + path => "/var/www/vhosts", + } File[default_apache_index]{ path => '/var/www/html/index.html', } + apache::config::file{ 'welcome.conf': } apache::config::file{ 'vhosts.conf': } } @@ -124,16 +146,17 @@ class apache::gentoo inherits apache::package { gentoo::etcconfd { apache2: require => "Package[apache]", notify => Service[apache], - } + } Package[apache]{ category => 'www-servers', - } + } File[vhosts_dir]{ path => "$config_dir/vhosts.d/", } File[modules_dir]{ path => "$config_dir/modules.d/", } + apache::gentoo::module { '00_default_settings': } apache::gentoo::module { '00_error_documents': } apache::config::file { 'default_vhost.include': @@ -159,7 +182,6 @@ class apache::debian inherits apache::package { File[default_apache_index] { path => '/var/www/index.html', } - } ### ubuntu: similar to debian therefor inheritng from there @@ -178,47 +200,44 @@ class apache::openbsd inherits apache::base { File[config_dir]{ path => "$config_dir/conf.d/", } - + File['htpasswd_dir']{ + owner => www, + } line{'enable_apache_on_boot': file => '/etc/rc.conf.local', line => 'httpd flags=""', } - file{"$config_dir/conf/httpd.conf": source => [ "puppet://$server/files/apache/conf/${fqdn}/httpd.conf", - "puppet://$server/files/apache/conf/${apache_cluster_node}/httpd.conf", - "puppet://$server/files/apache/conf/httpd.conf", - "puppet://$server/apache/conf/${operatingsystem}/httpd.conf", - "puppet://$server/apache/conf/httpd.conf" ], + "puppet://$server/files/apache/conf/${apache_cluster_node}/httpd.conf", + "puppet://$server/files/apache/conf/httpd.conf", + "puppet://$server/apache/conf/${operatingsystem}/httpd.conf", + "puppet://$server/apache/conf/httpd.conf" ], notify => Service['apache'], owner => root, group => 0, mode => 0644; } - - apache::vhost::webhostdir{'default': } File[default_apache_index] { path => '/var/www/htdocs/default/www/index.html', } - - file{'/opt/bin/restart_apache.sh': source => "puppet://$server/apache/OpenBSD/bin/restart_apache.sh", require => File['/opt/bin'], owner => root, group => 0, mode => 0700; } + apache::vhost::webdir{'default': } + Service['apache']{ restart => '/opt/bin/restart_apache.sh', status => 'apachectl status', start => 'apachectl start', stop => 'apachectl stop', } - file{'/opt/bin/apache_logrotate.sh': source => "puppet://$server/apache/OpenBSD/bin/apache_logrotate.sh", require => File['/opt/bin'], owner => root, group => 0, mode => 0700; } - cron { 'update_apache_logrotation': command => '/bin/sh /opt/bin/apache_logrotate.sh > /etc/newsyslog_apache.conf', minute => '1', @@ -228,5 +247,4 @@ class apache::openbsd inherits apache::base { command => '/usr/bin/newsyslog -f /etc/newsyslog_apache.conf > /dev/null', minute => '10', } - } diff --git a/templates/vhosts/php/CentOS.erb b/templates/vhosts/php/CentOS.erb index 9c7722d..472afbc 100644 --- a/templates/vhosts/php/CentOS.erb +++ b/templates/vhosts/php/CentOS.erb @@ -16,12 +16,10 @@ Options <%= options %> <%- end -%> <%- unless htpasswd_file.to_s == 'absent' then -%> - AuthType Basic AuthName "Access fuer <%= servername %>" AuthUserFile <%= htpasswd_path %> require valid-user - <%- end -%> php_admin_flag engine on php_admin_value open_basedir <%= documentroot %>:<%= php_upload_tmp_dir %>:<%= php_session_save_path %> diff --git a/templates/vhosts/static/CentOS.erb b/templates/vhosts/static/CentOS.erb new file mode 100644 index 0000000..1019deb --- /dev/null +++ b/templates/vhosts/static/CentOS.erb @@ -0,0 +1,24 @@ +<VirtualHost *:80> + Include conf.d/defaults.inc + + ServerName <%= servername %> + <%- unless serveralias.to_s.empty? -%> + ServerAlias <%= serveralias %> + <%- end -%> + DocumentRoot <%= documentroot %> + + ErrorLog <%= logdir %>/error_log + CustomLog <%= logdir %>/access_log combined + + <Directory "<%= documentroot %>"> + AllowOverride <%= allow_override %> + </Directory> + + <IfModule mod_security2.c> + SecRuleEngine <%= if mod_security.to_s == 'true' then "On" else "Off" end %> + </IfModule> + + <%- unless additional_options == 'absent' then -%> + <%= additional_options %> + <%- end -%> +</VirtualHost> |