notify => Service["apache"],
}
- define site($ensure = present, $docroot = false, $redirect = false,
- $redirect_match = false, $protocol = 'http', $aliases = false,
- $server_alias = false, $use = false, $ticket = false,
- $source = false, $template = 'apache/site.erb', $filename = '',
- $manage_docroot = true, $owner = 'root', $group = 'root',
- $mpm = true, $mpm_user = '', $mpm_group = '', $password = '*',
- $comment = '', $sshkey = absent,
- $groups = '', $shell = '/bin/false', $manage_user = true,
- $ssl = false, $listen = '*', $https_redirect = false,
- $canonical = false, $canonical_exceptions = '', $hidden_service = false) {
-
- $vhost = $filename ? {
- '' => "$title",
- default => "$filename",
- }
-
- $hosting_domain = $base_domain ? {
- '' => $domain,
- default => $base_domain,
- }
-
- $user = $mpm_user ? {
- '' => regsubst($title, '\.', '_', 'G'),
- default => $mpm_user,
- }
-
- $gid = $mpm_group? {
- '' => regsubst($title, '\.', '_', 'G'),
- default => $mpm_group,
- }
-
- if $hidden_service == true {
- # Make sure that the tor daemon is included
- include tor::daemon
-
- # It's important to use a subdir from the tor datadir
- # to ease backup/restore procedures as we don't mix
- # hidden service data with other tor files.
- if !defined(File["$tor::daemon::data_dir/hidden"]) {
- file { "$tor::daemon::data_dir/hidden":
- ensure => directory,
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => 0700,
- }
- }
-
- tor::daemon::hidden_service { $title:
- ports => "80 127.0.0.1:80",
- data_dir => "$tor::daemon::data_dir/hidden",
- require => File["$tor::daemon::data_dir/hidden"],
- ensure => $ensure,
- }
- }
-
- if $mpm == true and $manage_user == true and $user != 'root' {
- if $ensure == present {
- if !defined(Group[$gid]) {
- group { "$gid":
- ensure => present,
- }
- }
-
- if !defined(User["$user"]) {
- user::manage { "$user":
- tag => "virtual",
- password => $password,
- gid => $gid,
- comment => $comment,
- ticket => $ticket,
- groups => $groups,
- sshkey => $sshkey,
- shell => $shell,
- ensure => present,
- require => Group[$gid],
- }
- }
- }
- else {
- if !defined(User["$user"]) {
- user::manage { "$user":
- tag => "virtual",
- password => $password,
- ensure => absent,
- }
- }
-
- if !defined(Group[$gid]) {
- group { "$gid":
- ensure => absent,
- require => User[$user],
- }
- }
- }
- }
-
- if $ssl == true {
- ssl::cert { "$name":
- group => $gid,
- privmode => '0640',
- ensure => $ensure,
- }
-
- ssl::check { "$name":
- file => "/etc/ssl/certs/$name.crt",
- ensure => $ensure,
- }
- }
-
- case $source {
- true: {
- file { "${apache2_sites}-available/$vhost":
- ensure => $ensure,
- source => [ "puppet:///modules/site-apache/vhosts/$domain/$title",
- "puppet:///modules/site-apache/vhosts/$title" ],
- owner => root,
- group => root,
- mode => 0644,
- require => File["${apache2_macros}"],
- notify => Service["apache"],
- }
- }
- false: {
- file { "${apache2_sites}-available/$vhost":
- ensure => $ensure,
- content => template("$template"),
- owner => root,
- group => root,
- mode => 0644,
- require => File["${apache2_macros}"],
- notify => Service["apache"],
- }
- }
- }
-
- # Enable the site without a2ensite
- #
- #$status = $ensure ? {
- # 'present' => "${apache2_sites}-available/$vhost",
- # default => 'absent',
- #}
- #
- #file { "/etc/apache2/sites-enabled/$title":
- # ensure => $status,
- # owner => root,
- # group => root,
- # require => File["${apache2_sites}-available/$title"],
- # notify => Service["apache"],
- #}
-
- case $ensure {
- 'present': {
- if ($docroot != false) and ($manage_docroot == true) {
- if !defined(File["${docroot}"]) {
- file { "${docroot}":
- ensure => present,
- owner => $owner,
- group => $group,
- mode => 0755,
- recurse => false,
- }
- }
- if !defined(Exec["check_docroot_${docroot}"]) {
- # Ensure parent folder exist
- exec { "check_docroot_${docroot}":
- command => "/bin/mkdir -p ${docroot}",
- unless => "/bin/sh -c '[ -e ${docroot} ]'",
- user => root,
- before => File["${docroot}"],
- }
- }
- }
- exec { "/usr/sbin/a2ensite $vhost":
- unless => "/bin/sh -c '[ -L ${apache2_sites}-enabled/$vhost ] \
- && [ ${apache2_sites}-enabled/$vhost -ef ${apache2_sites}-available/$vhost ]'",
- notify => Exec["reload-apache2"],
- }
- }
- 'absent': {
- exec { "/usr/sbin/a2dissite $vhost":
- onlyif => "/bin/sh -c '[ -L ${apache2_sites}-enabled/$vhost ] \
- && [ ${apache2_sites}-enabled/$vhost -ef ${apache2_sites}-available/$vhost ]'",
- notify => Exec["reload-apache2"],
- }
-
- file { "${apache2_sites}-enabled/$vhost":
- ensure => absent,
- notify => Exec["reload-apache2"],
- }
- }
- default: { err ("Unknown ensure value: '$ensure'") }
- }
- }
-
- # Define an apache2 module. Debian packages place the module config
- # into /etc/apache2/mods-available.
- #
- # You can add a custom require (string) if the module depends on
- # packages that aren't part of the default apache2 package. Because of
- # the package dependencies, apache2 will automagically be included.
- define module($ensure = 'present') {
- case $ensure {
- 'present': {
- exec { "/usr/sbin/a2enmod $name":
- unless => "/bin/sh -c '[ -L ${apache2_mods}-enabled/${name}.load ] \
- && [ ${apache2_mods}-enabled/${name}.load -ef ${apache2_mods}-available/${name}.load ]'",
- notify => Exec["force-reload-apache2"],
- }
- }
- 'absent': {
- exec { "/usr/sbin/a2dismod $name":
- onlyif => "/bin/sh -c '[ -L ${apache2_mods}-enabled/${name}.load ] \
- && [ ${apache2_mods}-enabled/${name}.load -ef ${apache2_mods}-available/${name}.load ]'",
- notify => Exec["force-reload-apache2"],
- }
- }
- default: { err ("Unknown ensure value: '$ensure'") }
- }
- }
-
# Notify this when apache needs a reload. This is only needed when
# sites are added or removed, since a full restart then would be
# a waste of time. When the module-config changes, a force-reload is
--- /dev/null
+define apache::site($ensure = present, $docroot = false, $redirect = false,
+ $redirect_match = false, $protocol = 'http', $aliases = false,
+ $server_alias = false, $use = false, $ticket = false,
+ $source = false, $template = 'apache/site.erb', $filename = '',
+ $manage_docroot = true, $owner = 'root', $group = 'root',
+ $mpm = true, $mpm_user = '', $mpm_group = '', $password = '*',
+ $comment = '', $sshkey = absent,
+ $groups = '', $shell = '/bin/false', $manage_user = true,
+ $ssl = false, $listen = '*', $https_redirect = false,
+ $canonical = false, $canonical_exceptions = '', $hidden_service = false) {
+
+ $vhost = $filename ? {
+ '' => "$title",
+ default => "$filename",
+ }
+
+ $hosting_domain = $base_domain ? {
+ '' => $domain,
+ default => $base_domain,
+ }
+
+ $user = $mpm_user ? {
+ '' => regsubst($title, '\.', '_', 'G'),
+ default => $mpm_user,
+ }
+
+ $gid = $mpm_group? {
+ '' => regsubst($title, '\.', '_', 'G'),
+ default => $mpm_group,
+ }
+
+ if $hidden_service == true {
+ # Make sure that the tor daemon is included
+ include tor::daemon
+
+ # It's important to use a subdir from the tor datadir
+ # to ease backup/restore procedures as we don't mix
+ # hidden service data with other tor files.
+ if !defined(File["$tor::daemon::data_dir/hidden"]) {
+ file { "$tor::daemon::data_dir/hidden":
+ ensure => directory,
+ owner => 'debian-tor',
+ group => 'debian-tor',
+ mode => 0700,
+ }
+ }
+
+ tor::daemon::hidden_service { $title:
+ ports => "80 127.0.0.1:80",
+ data_dir => "$tor::daemon::data_dir/hidden",
+ require => File["$tor::daemon::data_dir/hidden"],
+ ensure => $ensure,
+ }
+ }
+
+ if $mpm == true and $manage_user == true and $user != 'root' {
+ if $ensure == present {
+ if !defined(Group[$gid]) {
+ group { "$gid":
+ ensure => present,
+ }
+ }
+
+ if !defined(User["$user"]) {
+ user::manage { "$user":
+ tag => "virtual",
+ password => $password,
+ gid => $gid,
+ comment => $comment,
+ ticket => $ticket,
+ groups => $groups,
+ sshkey => $sshkey,
+ shell => $shell,
+ ensure => present,
+ require => Group[$gid],
+ }
+ }
+ }
+ else {
+ if !defined(User["$user"]) {
+ user::manage { "$user":
+ tag => "virtual",
+ password => $password,
+ ensure => absent,
+ }
+ }
+
+ if !defined(Group[$gid]) {
+ group { "$gid":
+ ensure => absent,
+ require => User[$user],
+ }
+ }
+ }
+ }
+
+ if $ssl == true {
+ ssl::cert { "$name":
+ group => $gid,
+ privmode => '0640',
+ ensure => $ensure,
+ }
+
+ ssl::check { "$name":
+ file => "/etc/ssl/certs/$name.crt",
+ ensure => $ensure,
+ }
+ }
+
+ case $source {
+ true: {
+ file { "${apache2_sites}-available/$vhost":
+ ensure => $ensure,
+ source => [ "puppet:///modules/site-apache/vhosts/$domain/$title",
+ "puppet:///modules/site-apache/vhosts/$title" ],
+ owner => root,
+ group => root,
+ mode => 0644,
+ require => File["${apache2_macros}"],
+ notify => Service["apache"],
+ }
+ }
+ false: {
+ file { "${apache2_sites}-available/$vhost":
+ ensure => $ensure,
+ content => template("$template"),
+ owner => root,
+ group => root,
+ mode => 0644,
+ require => File["${apache2_macros}"],
+ notify => Service["apache"],
+ }
+ }
+ }
+
+ # Enable the site without a2ensite
+ #
+ #$status = $ensure ? {
+ # 'present' => "${apache2_sites}-available/$vhost",
+ # default => 'absent',
+ #}
+ #
+ #file { "/etc/apache2/sites-enabled/$title":
+ # ensure => $status,
+ # owner => root,
+ # group => root,
+ # require => File["${apache2_sites}-available/$title"],
+ # notify => Service["apache"],
+ #}
+
+ case $ensure {
+ 'present': {
+ if ($docroot != false) and ($manage_docroot == true) {
+ if !defined(File["${docroot}"]) {
+ file { "${docroot}":
+ ensure => present,
+ owner => $owner,
+ group => $group,
+ mode => 0755,
+ recurse => false,
+ }
+ }
+ if !defined(Exec["check_docroot_${docroot}"]) {
+ # Ensure parent folder exist
+ exec { "check_docroot_${docroot}":
+ command => "/bin/mkdir -p ${docroot}",
+ unless => "/bin/sh -c '[ -e ${docroot} ]'",
+ user => root,
+ before => File["${docroot}"],
+ }
+ }
+ }
+ exec { "/usr/sbin/a2ensite $vhost":
+ unless => "/bin/sh -c '[ -L ${apache2_sites}-enabled/$vhost ] \
+ && [ ${apache2_sites}-enabled/$vhost -ef ${apache2_sites}-available/$vhost ]'",
+ notify => Exec["reload-apache2"],
+ }
+ }
+ 'absent': {
+ exec { "/usr/sbin/a2dissite $vhost":
+ onlyif => "/bin/sh -c '[ -L ${apache2_sites}-enabled/$vhost ] \
+ && [ ${apache2_sites}-enabled/$vhost -ef ${apache2_sites}-available/$vhost ]'",
+ notify => Exec["reload-apache2"],
+ }
+
+ file { "${apache2_sites}-enabled/$vhost":
+ ensure => absent,
+ notify => Exec["reload-apache2"],
+ }
+ }
+ default: { err ("Unknown ensure value: '$ensure'") }
+ }
+}
projects / puppet-apache.git / commitdiff