Puppet Class: confdroid_apache::params

Inherited by:

confdroid_apache::main::config
confdroid_apache::server::dirs
confdroid_apache::server::files
confdroid_apache::server::install
confdroid_apache::server::service
confdroid_apache::firewall::iptables
confdroid_apache::monitoring::target

Defined in:

manifests/params.pp

Summary

This class holds all parameters for the confdroid_apache module, which are inherited by all classes except defines.

Overview

confdroid_apache::params.pp Module name: confdroid_apache Author: 12ww1160 (12ww1160@confdroid.com)

Parameters:

• pkg_ensure (String) (defaults to: 'present') —

  Specify which package type to use, i.e. latest, present or absent.

• ae_manage_cfg (Boolean) (defaults to: false) —

  Whether or not to manage the httpd configuration. httpd is very often a sub system used by many other services, and the required configuration depends on the use case. If using httpd as sub-service ( i.e. for phpmyadmin, Nagios etc.), the main configuration should be done on that end, not in confdroid_apache. IN that case, set ae_manage_cfg to false.

• ae_manage_dirs (Boolean) (defaults to: true) —

  Whether or not main directories required to run httpd should be managed. Typically this should be set to true.

• ae_allow_user_dirs (Boolean) (defaults to: false) —

  Whether or not to allow user directories should be allowed to share content through httpd. Usually this is a security problem and as such should be disabled.

• ae_incl_target (Boolean) (defaults to: true) —

  whether or not to allow nagios monitoring.

• ae_order_no (String) (defaults to: '50') —

  the order number for the firewall rules

• ae_http_port (String) (defaults to: '80') —

  the port to use for the http protocol

• ae_https_port (String) (defaults to: '443') —

  the port to use for the https protocol

• ae_target_service (String) (defaults to: '/etc/nagios/conf.d/httpd_service.cfg') —

  which service to monitor with nagios

• ae_target_contacts (String) (defaults to: 'nagiosadmin') —

  which contacts to notify for nagios alerts

• ae_manage_fw (Boolean) (defaults to: true) —

  whether to manage firewall settings

• reqpackages (Array) (defaults to: ['httpd','mod_ssl']) —

  List of packages to install.

• ae_use_lb (Boolean) (defaults to: false) —

  whether to use load balancer or not. If true, a configuration file will be created to allow reading the client ips from the X-Forwarded-For header, and the httpd service will be restarted to apply the changes. This is required when using httpd behind a load balancer like haproxy, otherwise all client ips will be logged as the load balancer ip.

• ae_trusted_proxy (Array) (defaults to: ['127.0.0.1','10.0.1.0/24']) —

  the IP addresses of the trusted proxies, i.e. the load balancers. This is required when ae_use_lb is set to true, and defaults to [‘127.0.0.1’,‘10.0.1.0/24’].

• ae_internal_proxy (Array) (defaults to: ['127.0.0.1','10.0.1.0/24']) —

  the IP addresses of the internal proxies, i.e. the internal load balancers. This is required when ae_use_lb is set to true, and defaults to [‘127.0.0.1’].

• ae_remoteip_header (String) (defaults to: 'X-Forwarded-For') —

  the header to use for the remote ip, typically X-Forwarded-For. This is required when ae_use_lb is set to true, and defaults to X-Forwarded-For.

# File 'manifests/params.pp', line 43

class confdroid_apache::params (

# installation
  String $pkg_ensure          = 'present',
  Array $reqpackages          = ['httpd','mod_ssl'],

# configuration files
  Boolean $ae_manage_cfg      = false,
  Boolean $ae_manage_dirs     = true,
  Boolean $ae_allow_user_dirs = false,

# nagios
  Boolean $ae_incl_target     = true,
  String $ae_target_service   = '/etc/nagios/conf.d/httpd_service.cfg',
  String $ae_target_contacts  = 'nagiosadmin',

# firewall
  Boolean $ae_manage_fw       = true,
  String $ae_order_no         = '50',
  String $ae_http_port        = '80',
  String $ae_https_port       = '443',

# loadbalancer
  Boolean $ae_use_lb          = false,
  Array $ae_trusted_proxy     = ['127.0.0.1','10.0.1.0/24'],
  Array $ae_internal_proxy    = ['127.0.0.1','10.0.1.0/24'],
  String $ae_remoteip_header  = 'X-Forwarded-For',

) {
# facts
  $fqdn                             = $facts['networking']['fqdn']
  $domain                           = $facts['networking']['domain']
  $os_name                          = $facts['os']['name']
  $os_release                       = $facts['os']['release']['major']

# service
  $ae_service         = 'httpd'

# directories
  $ae_main_dir        = '/etc/httpd'
  $ae_conf_dir        = "${ae_main_dir}/conf"
  $ae_conf_d_dir      = "${ae_main_dir}/conf.d"
  $ae_conf_mods_d     = "${ae_main_dir}/conf.modules.d"
  $ae_var_logs_dir    = '/var/log/httpd'
  $ae_logs_dir        = "${ae_main_dir}/logs"
  $ae_usr_lib_dir     = '/usr/lib64/httpd'
  $ae_usr_mods_dir    = "${ae_usr_lib_dir}/modules"
  $ae_mods_dir        = "${ae_main_dir}/modules"
  $ae_run_dir         = '/run/httpd'
  $ae_run_link        = "${ae_main_dir}/run"
  $ae_share_httpd     = '/usr/share/httpd'
  $ae_cache_httpd     = '/var/cache/httpd'

# files
  $ae_conf_file       = "${ae_conf_dir}/httpd.conf"
  $ae_conf_file_erb   = 'confdroid_apache/httpd_conf.erb'
  $ae_magic_file      = "${ae_conf_dir}/magic"
  $ae_magic_file_erb  = 'confdroid_apache/magic.erb'
  $ae_ssl_file        = "${ae_conf_d_dir}/ssl.conf"
  $ae_ssl_file_erb    = 'confdroid_apache/ssl_conf.erb'
  $ae_autoindex_file  = "${ae_conf_d_dir}/autoindex.conf"
  $ae_autoindex_erb   = 'confdroid_apache/autoindex_conf.erb'
  $ae_userdir_file    = "${ae_conf_d_dir}/userdir.conf"
  $ae_userdir_erb     = 'confdroid_apache/userdir_conf.erb'
  $ae_index_file      = '/var/www/html/index.html'
  $ae_index_erb       = 'confdroid_apache/index_html.erb'
  $ae_remoteip_file   = '/etc/httpd/conf.d/loadbalancer-remoteip.conf'
  $ae_remoteip_erb    = 'confdroid_apache/loadbalancer/remoteip.conf.erb'

# includes must be last
  include confdroid_apache::main::config
}