confdroid/confdroid_apache
3
0
Fork 0
Code Issues Projects Wiki Activity

adjust Parameter types, Jenkinsfile and Readme

Browse Source
This commit is contained in:
Arne Teuke
2025-05-06 14:51:28 +02:00
parent 707feab6c9
commit 12303c67e4
33 changed files with 300 additions and 4939 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
manifests/firewall/iptables.pp
View File

@@ -1,42 +1,22 @@
## cd_apache::firewall::iptables.pp
# Module name: cd_apache
# Author: Arne Teuke (arne_teuke@ConfDroid.com)
# License:
# This file is part of cd_apache.
#
# cd_apache is used for providing automatic configuration of
# log analyzer.
# Copyright (C) 2017 ConfDroid (copyright@ConfDroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary manage firewall settings through cd_firewall or puppetlabs-firewall
###############################################################################
class cd_apache::firewall::iptables (
) inherits cd_apache::params {
if $ae_manage_fw == true {
firewall { "${ae_order_no}${ae_http_port} tcp http port ${ae_http_port}":
proto => ['tcp','udp'],
dport => $ae_http_port,
action => 'accept',
proto => ['tcp','udp'],
dport => $ae_http_port,
action => 'accept',
}
firewall { "${ae_order_no}${ae_https_port} tcp http port ${ae_https_port}":
proto => ['tcp','udp'],
dport => $ae_https_port,
action => 'accept',
proto => ['tcp','udp'],
dport => $ae_https_port,
action => 'accept',
}
}
}

20
manifests/init.pp
View File

@@ -1,25 +1,7 @@
## cd_apache::init.pp
# Module name: cd_apache
# Author: Arne Teuke (arne_teuke@confdroid.com)
# License:
# This file is part of cd_apache.
#
# cd_apache is used for providing automatic configuration of
# Apache Webserver.
# Copyright (C) 2014 confdroid (copyright@confdroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Initialze the cd_apache Puppet module.
# @summary initializes the cd_apache Puppet module.
##############################################################################
class cd_apache {
include cd_apache::params

19
manifests/main/config.pp
View File

@@ -1,30 +1,11 @@
## cd_apache::main::config.pp
# Module name: cd_apache
# Author: Arne Teuke (arne_teuke@confdroid.com)
# License:
# This file is part of cd_apache.
#
# cd_apache is used for providing automatic configuration of
# Apache Webserver.
# Copyright (C) 2014 confdroid (copyright@confdroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary configure the module classes to be used.
##############################################################################
class cd_apache::main::config (
) inherits cd_apache::params {
include cd_apache::server::service
include cd_apache::monitoring::target
}

24
manifests/monitoring/target.pp
View File

@@ -1,33 +1,13 @@
## cd_apache::monitoring::target.pp
# Module name: cd_apache
# Author: Arne Teuke (arne_teuke@puppetsoft.com)
# License:
# This file is part of cd_apache.
#
# cd_apache is used for providing automatic configuration of
# <service / purpose>
# Copyright (C) 2014 PuppetSoft (copyright@puppetsoft.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary class manages exports for nagios monitoring
##############################################################################
class cd_apache::monitoring::target (
) inherits cd_apache::params {
case $ae_incl_target {
false: { notify {'Nagios Service target for check_httpd has been disabled via parameters / ENC override': }
false: { notify { 'Nagios Service target for check_httpd has been disabled via parameters / ENC override': }
}
default: {
@@nagios_service { "check_http_${::hostname}":
@@ -36,7 +16,7 @@ class cd_apache::monitoring::target (
host_name => $::fqdn,
notification_period => '24x7',
service_description => "${::hostname}_check_http",
target => $ae_target_service,
target => $ae_target_service,
owner => 'nagios',
group => 'nagios',
mode => '0640',

158
manifests/params.pp
View File

@@ -1,136 +1,112 @@
## cd_apache::params.pp
# Module name: cd_apache
# Author: Arne Teuke (arne_teuke@confdroid.com)
# License:
# This file is part of cd_apache.
#
# cd_apache is used for providing automatic configuration of
# Apache Webserver.
# Copyright (C) 2014 confdroid (copyright@confdroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary This class holds all parameters for the cd_apache module, which are
# inherited by all classes except defines.
# @param [string] pkg_ensure Specify which
# @param [String] pkg_ensure Specify which
# [package type] (https://confdroid.com/2017/05/puppet-type-package/)
# to use, i.e. `latest`, `present` or `absent`.
# @param [boolean] ae_manage_user Whether or not to manage details for the
# @param [Boolean] ae_manage_user Whether or not to manage details for the
# httpd service user. This is generally only required when using httpd on
# a number of servers sharing storage resources, i.e. NFS, where UID and GID
# settings must be same accross all nodes.
# @param [string] ae_user_name Specify the user name for the httpd user.
# settings must be same across all nodes.
# @param [String] ae_user_name Specify the user name for the httpd user.
# only active if ae_manage_user is set to true.
# @param [String] ae_user_uid Specify the UID for the httpd service user.
# only active if `ae_manage_user` is set to true.
# @param [string] ae_user_uid Specify the UID for teh httpd service user.
# @param [String] ae_u_comment Specify the user comment for /etc/passwd.
# Shows up in email notifications as sender information.
# only active if `ae_manage_user` is set to true.
# @param [string] ae_u_comment Specify the user comment for /etc/passwd.
# Shows up in email notofications as sender informations.
# @param [String] ae_u_groups Specify any secondary groups the httpd service
# user should be in. Must not contain the primary group.
# only active if `ae_manage_user` is set to true.
# @param [string] ae_u_groups Specify any secondary groups the httpd service
# user shoould be in. Must not contain teh primary group.
# @param [String] ae_user_home Specify the home of the httpd service user.
# only active if `ae_manage_user` is set to true.
# @param [string] ae_user_home Specify the home of the httpd service user.
# only active if `ae_manage_user` is set to true.
# @param [string] ae_user_shell Specify the shell for teh httpd service user,
# @param [String] ae_user_shell Specify the shell for the httpd service user,
# which normally should not be allowed to log in .
# only active if `ae_manage_user` is set to true.
# @param [boolean] ae_manage_cfg Whether or not to manage the httpd
# @param [Boolean] ae_manage_cfg Whether or not to manage the httpd
# configuration. httpd is very often a sub system used by many other services,
# and the required configuration depends on the use case. If using httpd as
# sub-service ( i.e. for phpmyadmin, Nagios etc.), the main configuration
# should be done on that end, not in cd_apache. IN that case, set `ae_manage_cfg`
# to `false`.
# @param [boolean] ae_manage_dirs Whether or not main directories required
# to run httpd should be managed. Tyically this should be set to true.
# @param [boolean] ae_allow_user_dirs Whether or not to allow user directories
# @param [Boolean] ae_manage_dirs Whether or not main directories required
# to run httpd should be managed. Typically this should be set to true.
# @param [Boolean] ae_allow_user_dirs Whether or not to allow user directories
# should be allowed to share content through httpd. Usually this is a security
# problem and as such should be disabled.
# @param [boolean] ae_incl_target whether or not to allow nagios monitoring.
# @param [string] ae_order_no the order number for the firewall rules
# @param [string] ae_http_port the port to use for the http protocol
# @param [string] ae_https_port the port to use for the https protocol
# @param [string] ae_target_service wich service to monitor with nagios
# @param [boolean] ae_manage_fw whether to manage firewll settings
# @param [string] reqpackages List of packages to install.
# @param [Boolean] ae_incl_target whether or not to allow nagios monitoring.
# @param [String] ae_order_no the order number for the firewall rules
# @param [String] ae_http_port the port to use for the http protocol
# @param [String] ae_https_port the port to use for the https protocol
# @param [String] ae_target_service which service to monitor with nagios
# @param [Boolean] ae_manage_fw whether to manage firewall settings
# @param [String] reqpackages List of packages to install.
###########################################################################
##############################################################################
class cd_apache::params (
# installation
$pkg_ensure = 'latest',
$reqpackages = ['httpd','mod_ssl'],
String $pkg_ensure = 'latest',
String $reqpackages = ['httpd','mod_ssl'],
Boolean $ae_manage_user = false,
$ae_manage_user = false,
$ae_user_name = 'apache',
$ae_user_uid = '48',
$ae_u_comment = 'Apache',
$ae_u_groups = undef,
$ae_user_home = '/usr/share/httpd',
$ae_user_shell = '/bin/false',
String $ae_user_name = 'apache',
String $ae_user_uid = '48',
String $ae_u_comment = 'Apache',
String $ae_u_groups = undef,
String $ae_user_home = '/usr/share/httpd',
String $ae_user_shell = '/bin/false',
# configuration files
$ae_manage_cfg = false,
$ae_manage_dirs = true,
$ae_allow_user_dirs = false,
Boolean $ae_manage_cfg = false,
Boolean $ae_manage_dirs = true,
Boolean $ae_allow_user_dirs = false,
# nagios
$ae_incl_target = true,
$ae_target_service = '/etc/nagios/conf.d/httpd_service.cfg',
Boolean $ae_incl_target = true,
String $ae_target_service = '/etc/nagios/conf.d/httpd_service.cfg',
# firewall
$ae_manage_fw = false,
$ae_order_no = '50',
$ae_http_port = '80',
$ae_https_port = '443',
Boolean $ae_manage_fw = false,
String $ae_order_no = '50',
String $ae_http_port = '80',
String $ae_https_port = '443',
) {
# service
$ae_service = 'httpd'
$ae_service = 'httpd'
# directories
$ae_main_dir = '/etc/httpd'
$ae_conf_dir = "${ae_main_dir}/conf"
$ae_conf_d_dir = "${ae_main_dir}/conf.d"
$ae_conf_mods_d = "${ae_main_dir}/conf.modules.d"
$ae_var_logs_dir = '/var/log/httpd'
$ae_logs_dir = "${ae_main_dir}/logs"
$ae_usr_lib_dir = '/usr/lib64/httpd'
$ae_usr_mods_dir = "${ae_usr_lib_dir}/modules"
$ae_mods_dir = "${ae_main_dir}/modules"
$ae_run_dir = '/run/httpd'
$ae_run_link = "${ae_main_dir}/run"
$ae_share_httpd = '/usr/share/httpd'
$ae_cache_httpd = '/var/cache/httpd'
$ae_main_dir = '/etc/httpd'
$ae_conf_dir = "${ae_main_dir}/conf"
$ae_conf_d_dir = "${ae_main_dir}/conf.d"
$ae_conf_mods_d = "${ae_main_dir}/conf.modules.d"
$ae_var_logs_dir = '/var/log/httpd'
$ae_logs_dir = "${ae_main_dir}/logs"
$ae_usr_lib_dir = '/usr/lib64/httpd'
$ae_usr_mods_dir = "${ae_usr_lib_dir}/modules"
$ae_mods_dir = "${ae_main_dir}/modules"
$ae_run_dir = '/run/httpd'
$ae_run_link = "${ae_main_dir}/run"
$ae_share_httpd = '/usr/share/httpd'
$ae_cache_httpd = '/var/cache/httpd'
# files
$ae_conf_file = "${ae_conf_dir}/httpd.conf"
$ae_conf_file_erb = 'cd_apache/httpd_conf.erb'
$ae_magic_file = "${ae_conf_dir}/magic"
$ae_magic_file_erb = 'cd_apache/magic.erb'
$ae_ssl_file = "${ae_conf_d_dir}/ssl.conf"
$ae_ssl_file_erb = 'cd_apache/ssl_conf.erb'
$ae_autoindex_file = "${ae_conf_d_dir}/autoindex.conf"
$ae_autoindex_erb = 'cd_apache/autoindex_conf.erb'
$ae_userdir_file = "${ae_conf_d_dir}/userdir.conf"
$ae_userdir_erb = 'cd_apache/userdir_conf.erb'
$ae_index_file = '/var/www/html/index.html'
$ae_index_erb = 'cd_apache/index_html.erb'
$ae_conf_file = "${ae_conf_dir}/httpd.conf"
$ae_conf_file_erb = 'cd_apache/httpd_conf.erb'
$ae_magic_file = "${ae_conf_dir}/magic"
$ae_magic_file_erb = 'cd_apache/magic.erb'
$ae_ssl_file = "${ae_conf_d_dir}/ssl.conf"
$ae_ssl_file_erb = 'cd_apache/ssl_conf.erb'
$ae_autoindex_file = "${ae_conf_d_dir}/autoindex.conf"
$ae_autoindex_erb = 'cd_apache/autoindex_conf.erb'
$ae_userdir_file = "${ae_conf_d_dir}/userdir.conf"
$ae_userdir_erb = 'cd_apache/userdir_conf.erb'
$ae_index_file = '/var/www/html/index.html'
$ae_index_erb = 'cd_apache/index_html.erb'
# includes must be last
include cd_apache::main::config
}

260
manifests/server/dirs.pp
View File

@@ -1,218 +1,198 @@
## cd_apache::server::dirs.pp
# Module name: cd_apache
# Author: Arne Teuke (arne_teuke@confdroid.com)
# License:
# This file is part of cd_apache.
#
# cd_apache is used for providing automatic configuration of
# Apache Webserver.
# Copyright (C) 2014 confdroid (copyright@confdroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Manage all aspects of the directory structure required for the
# httpd service.
##############################################################################
class cd_apache::server::dirs (
) inherits cd_apache::params {
require cd_apache::server::user
if $ae_manage_dirs == true {
# create main dir
file { $ae_main_dir:
ensure => directory,
path => $ae_main_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
ensure => directory,
path => $ae_main_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
}
# conf dir
file { $ae_conf_dir:
ensure => directory,
path => $ae_conf_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
ensure => directory,
path => $ae_conf_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
}
# conf.d dir
file { $ae_conf_d_dir:
ensure => directory,
path => $ae_conf_d_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
ensure => directory,
path => $ae_conf_d_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
}
# conf.modules.d
file { $ae_conf_mods_d:
ensure => directory,
path => $ae_conf_mods_d,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
ensure => directory,
path => $ae_conf_mods_d,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
}
# /var/log/httpd
file { $ae_var_logs_dir:
ensure => directory,
path => $ae_var_logs_dir,
owner => 'root',
group => 'root',
mode => '0700',
selrange => s0,
selrole => object_r,
seltype => httpd_log_t,
seluser => system_u,
ensure => directory,
path => $ae_var_logs_dir,
owner => 'root',
group => 'root',
mode => '0700',
selrange => s0,
selrole => object_r,
seltype => httpd_log_t,
seluser => system_u,
}
# logs dir link
file { $ae_logs_dir:
ensure => link,
path => $ae_logs_dir,
target => $ae_var_logs_dir,
owner => 'root',
group => 'root',
mode => '0777',
selrange => s0,
selrole => object_r,
seltype => httpd_log_t,
seluser => system_u,
ensure => link,
path => $ae_logs_dir,
target => $ae_var_logs_dir,
owner => 'root',
group => 'root',
mode => '0777',
selrange => s0,
selrole => object_r,
seltype => httpd_log_t,
seluser => system_u,
}
# /usr/lib/httpd
file { $ae_usr_lib_dir:
ensure => directory,
path => $ae_usr_lib_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => httpd_modules_t,
seluser => system_u,
ensure => directory,
path => $ae_usr_lib_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => httpd_modules_t,
seluser => system_u,
}
# mods dir
file { $ae_usr_mods_dir:
ensure => directory,
path => $ae_usr_mods_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => httpd_modules_t,
seluser => system_u,
ensure => directory,
path => $ae_usr_mods_dir,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => httpd_modules_t,
seluser => system_u,
}
# logs dir link
file { $ae_mods_dir:
ensure => link,
path => $ae_mods_dir,
target => $ae_usr_mods_dir,
owner => 'root',
group => 'root',
mode => '0777',
selrange => s0,
selrole => object_r,
seltype => httpd_modules_t,
seluser => system_u,
ensure => link,
path => $ae_mods_dir,
target => $ae_usr_mods_dir,
owner => 'root',
group => 'root',
mode => '0777',
selrange => s0,
selrole => object_r,
seltype => httpd_modules_t,
seluser => system_u,
}
# run dir
file { $ae_run_dir:
ensure => directory,
path => $ae_run_dir,
owner => 'root',
group => $ae_user_name,
mode => '0710',
selrange => s0,
selrole => object_r,
seltype => httpd_var_run_t,
seluser => system_u,
ensure => directory,
path => $ae_run_dir,
owner => 'root',
group => $ae_user_name,
mode => '0710',
selrange => s0,
selrole => object_r,
seltype => httpd_var_run_t,
seluser => system_u,
}
# run link
file { $ae_run_link:
ensure => link,
path => $ae_run_link,
target => $ae_run_dir,
owner => 'root',
group => 'root',
mode => '0777',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
ensure => link,
path => $ae_run_link,
target => $ae_run_dir,
owner => 'root',
group => 'root',
mode => '0777',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
}
# /usr/share/httpd dir
file { $ae_share_httpd:
ensure => directory,
path => $ae_share_httpd,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => usr_t,
seluser => system_u,
ensure => directory,
path => $ae_share_httpd,
owner => 'root',
group => 'root',
mode => '0755',
selrange => s0,
selrole => object_r,
seltype => usr_t,
seluser => system_u,
}
# /var/cache/httpd
file { $ae_cache_httpd:
ensure => directory,
path => $ae_cache_httpd,
owner => $ae_user_name,
group => $ae_user_name,
mode => '0700',
selrange => s0,
selrole => object_r,
seltype => httpd_cache_t,
seluser => system_u,
ensure => directory,
path => $ae_cache_httpd,
owner => $ae_user_name,
group => $ae_user_name,
mode => '0700',
selrange => s0,
selrole => object_r,
seltype => httpd_cache_t,
seluser => system_u,
}
}
}

174
manifests/server/files.pp
View File

@@ -1,132 +1,110 @@
## cd_apache::server::files.pp
# Module name: cd_apache
# Author: Arne Teuke (arne_teuke@confdroid.com)
# License:
# This file is part of cd_apache.
#
# cd_apache is used for providing automatic configuration of
# Apache Webserver.
# Copyright (C) 2014 confdroid (copyright@confdroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Manage all aspects for the httpd configuration, if enabled.
##############################################################################
class cd_apache::server::files (
) inherits cd_apache::params {
require cd_apache::server::dirs
if $ae_manage_cfg == true {
# manage main config file
file { $ae_conf_file:
ensure => file,
path => $ae_conf_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ae_conf_file_erb),
notify => Service['httpd'],
file { $ae_conf_file:
ensure => file,
path => $ae_conf_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ae_conf_file_erb),
notify => Service['httpd'],
}
# manage magic file
file { $ae_magic_file:
ensure => file,
path => $ae_magic_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ae_magic_file_erb),
notify => Service['httpd'],
file { $ae_magic_file:
ensure => file,
path => $ae_magic_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ae_magic_file_erb),
notify => Service['httpd'],
}
# manage main ssl config file
file { $ae_ssl_file:
ensure => file,
path => $ae_ssl_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ae_ssl_file_erb),
notify => Service['httpd'],
}
file { $ae_ssl_file:
ensure => file,
path => $ae_ssl_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ae_ssl_file_erb),
notify => Service['httpd'],
}
# manage autoindex.conf
file { $ae_autoindex_file:
ensure => file,
path => $ae_autoindex_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ae_autoindex_erb),
notify => Service['httpd'],
}
file { $ae_autoindex_file:
ensure => file,
path => $ae_autoindex_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ae_autoindex_erb),
notify => Service['httpd'],
}
if $ae_allow_user_dirs == true {
# manage userdir.conf
# manage userdir.conf
file { $ae_userdir_file:
ensure => file,
path => $ae_userdir_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ae_userdir_erb),
notify => Service['httpd'],
file { $ae_userdir_file:
ensure => file,
path => $ae_userdir_file,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_config_t,
seluser => system_u,
content => template($ae_userdir_erb),
notify => Service['httpd'],
}
}
}
# manage index.html
# manage index.html
file { $ae_index_file:
ensure => file,
path => $ae_index_file,
owner => $ae_user_name,
group => $ae_user_name,
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_sys_content_t,
seluser => system_u,
content => template($ae_index_erb),
notify => Service['httpd'],
file { $ae_index_file:
ensure => file,
path => $ae_index_file,
owner => $ae_user_name,
group => $ae_user_name,
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => httpd_sys_content_t,
seluser => system_u,
content => template($ae_index_erb),
notify => Service['httpd'],
}
}

21
manifests/server/install.pp
View File

@@ -1,33 +1,14 @@
## cd_apache::server::install.pp
# Module name: cd_apache
# Author: Arne Teuke (arne_teuke@confdroid.com)
# License:
# This file is part of cd_apache.
#
# cd_apache is used for providing automatic configuration of
# Apache Webserver.
# Copyright (C) 2014 confdroid (copyright@confdroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary Install required binaries
##############################################################################
class cd_apache::server::install (
) inherits cd_apache::params {
require cd_resources
package {$reqpackages:
package { $reqpackages:
ensure => $pkg_ensure,
}
}

27
manifests/server/service.pp
View File

@@ -1,37 +1,18 @@
## cd_apache::server::service.pp
# Module name: cd_apache
# Author: Arne Teuke (arne_teuke@confdroid.com)
# License:
# This file is part of cd_apache.
#
# cd_apache is used for providing automatic configuration of
# Apache Webserver.
# Copyright (C) 2014 confdroid (copyright@confdroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary manage the httpd service.
##############################################################################
class cd_apache::server::service (
) inherits cd_apache::params {
require cd_apache::server::files
require cd_apache::firewall::iptables
service { $ae_service:
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
}
}

55
manifests/server/user.pp
View File

@@ -1,58 +1,37 @@
## cd_apache::server:;user.pp
# Module name: cd_apache
# Author: Arne Teuke (arne_teuke@confdroid.com)
# License:
# This file is part of cd_apache.
#
# cd_apache is used for providing automatic configuration of
# Apache Webserver.
# Copyright (C) 2014 confdroid (copyright@confdroid.com)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# @summary manage all aspects of the httpd service user, if enabled
##############################################################################
class cd_apache::server::user (
) inherits cd_apache::params {
require cd_apache::server::install
if $ae_manage_user == true {
group { $ae_user_name:
ensure => present,
name => $ae_user_name,
gid => $ae_user_uid,
allowdupe => false,
ensure => present,
name => $ae_user_name,
gid => $ae_user_uid,
allowdupe => false,
}
user { $ae_user_name:
ensure => present,
name => $ae_user_name,
allowdupe => false,
comment => $ae_u_comment,
uid => $ae_user_uid,
gid => $ae_user_name,
groups => $ae_u_groups,
managehome => true,
home => $ae_user_home,
shell => $ae_user_shell,
require => Group[$ae_user_name],
user { $ae_user_name:
ensure => present,
name => $ae_user_name,
allowdupe => false,
comment => $ae_u_comment,
uid => $ae_user_uid,
gid => $ae_user_name,
groups => $ae_u_groups,
managehome => true,
home => $ae_user_home,
shell => $ae_user_shell,
require => Group[$ae_user_name],
}
}
else {
# do nothing
# do nothing
}
}