Project

General

Profile

Download (9.51 KB) Statistics
| Branch: | Tag: | Revision:

puppet-foreman/manifests/config/apache.pp @ 016d196d

# Configure the foreman service using Apache
#
# === Parameters:
#
# $app_root:: Root of the application.
#
# $listen_on_interface:: Specify which interface to bind passenger to.
# Defaults to all interfaces.
#
# $ruby:: Path to Ruby interpreter
#
# $priority:: Apache vhost priority
#
# $servername:: Servername for the vhost.
#
# $serveraliases:: Serveraliases for the vhost.
#
# $server_port:: Port for Apache to listen on HTTP requests
#
# $server_ssl_port:: Port for Apache to listen on HTTPS requests
#
# $ssl:: Whether to enable SSL.
#
# $ssl_cert:: Location of the SSL certificate file.
#
# $ssl_certs_dir:: Location of additional certificates for SSL client authentication.
#
# $ssl_key:: Location of the SSL key file.
#
# $ssl_ca:: Location of the SSL CA file
#
# $ssl_chain:: Location of the SSL chain file
#
# $ssl_crl:: Location of the SSL certificate revocation list file
#
# $ssl_protocol:: SSLProtocol configuration to use
#
# $use_vhost:: Whether to install a vhost. Note that using ssl and
# no vhost is unsupported.
#
# $user:: The user under which the application runs.
#
# $prestart:: Pre-start the first passenger worker instance process during httpd start.
#
# $min_instances:: Minimum passenger worker instances to keep when application is idle.
#
# $start_timeout:: Amount of seconds to wait for Ruby application boot.
#
# $foreman_url:: The URL Foreman should be reachable under. Used for loading the application
# on startup rather than on demand.
#
# $keepalive:: Enable KeepAlive setting of Apache?
#
# $max_keepalive_requests:: MaxKeepAliveRequests setting of Apache
# (Number of requests allowed on a persistent connection)
#
# $keepalive_timeout:: KeepAliveTimeout setting of Apache
# (Seconds the server will wait for subsequent requests on a persistent connection)
#
# $access_log_format:: Apache log format to use
#
# $ipa_authentication:: Whether to install support for IPA authentication
#
# === Advanced options:
#
# $http_vhost_options:: Direct options to apache::vhost for the http vhost
#
# $https_vhost_options:: Direct options to apache::vhost for the https vhost
#
class foreman::config::apache(
Stdlib::Absolutepath $app_root = $::foreman::app_root,
Optional[String] $listen_on_interface = $::foreman::passenger_interface,
Optional[String] $ruby = $::foreman::passenger_ruby,
String $priority = $::foreman::vhost_priority,
Stdlib::Fqdn $servername = $::foreman::servername,
Array[Stdlib::Fqdn] $serveraliases = $::foreman::serveraliases,
Stdlib::Port $server_port = $::foreman::server_port,
Stdlib::Port $server_ssl_port = $::foreman::server_ssl_port,
Boolean $ssl = $::foreman::ssl,
Stdlib::Absolutepath $ssl_ca = $::foreman::server_ssl_ca,
Stdlib::Absolutepath $ssl_chain = $::foreman::server_ssl_chain,
Stdlib::Absolutepath $ssl_cert = $::foreman::server_ssl_cert,
Variant[Enum[''], Stdlib::Absolutepath] $ssl_certs_dir = $::foreman::server_ssl_certs_dir,
Stdlib::Absolutepath $ssl_key = $::foreman::server_ssl_key,
Variant[Enum[''], Stdlib::Absolutepath] $ssl_crl = $::foreman::server_ssl_crl,
Optional[String] $ssl_protocol = $::foreman::server_ssl_protocol,
Boolean $use_vhost = $::foreman::use_vhost,
String $user = $::foreman::user,
Boolean $prestart = $::foreman::passenger_prestart,
Integer[0] $min_instances = $::foreman::passenger_min_instances,
Integer[0] $start_timeout = $::foreman::passenger_start_timeout,
Stdlib::HTTPUrl $foreman_url = $::foreman::foreman_url,
Boolean $keepalive = $::foreman::keepalive,
Integer[0] $max_keepalive_requests = $::foreman::max_keepalive_requests,
Integer[0] $keepalive_timeout = $::foreman::keepalive_timeout,
Optional[String] $access_log_format = undef,
Boolean $ipa_authentication = $::foreman::ipa_authentication,
Hash[String, Any] $http_vhost_options = {},
Hash[String, Any] $https_vhost_options = {},
) {
$docroot = "${app_root}/public"
$suburi_parts = split($foreman_url, '/')
$suburi_parts_count = size($suburi_parts) - 1
if $suburi_parts_count >= 3 {
$suburi_without_slash = join(values_at($suburi_parts, ["3-${suburi_parts_count}"]), '/')
if $suburi_without_slash {
$suburi = "/${suburi_without_slash}"
}
}

include ::apache
include ::apache::mod::headers
include ::apache::mod::passenger

if $ipa_authentication {
include ::apache::mod::authnz_pam
include ::apache::mod::intercept_form_submit
include ::apache::mod::lookup_identity
include ::apache::mod::auth_kerb
}

if $use_vhost {
# Check the value in case the interface doesn't exist, otherwise listen on all interfaces
if $listen_on_interface and $listen_on_interface in split($::interfaces, ',') {
$listen_interface = fact("ipaddress_${listen_on_interface}")
} else {
$listen_interface = undef
}

$http_prestart = $prestart ? {
true => "http://${servername}:${server_port}",
false => undef,
}

file { "${apache::confd_dir}/${priority}-foreman.d":
ensure => 'directory',
owner => 'root',
group => 'root',
mode => '0644',
purge => true,
recurse => true,
}

$keepalive_onoff = $keepalive ? {
true => 'on',
default => 'off',
}

apache::vhost { 'foreman':
add_default_charset => 'UTF-8',
docroot => $docroot,
manage_docroot => false,
ip => $listen_interface,
options => ['SymLinksIfOwnerMatch'],
passenger_app_root => $app_root,
passenger_min_instances => $min_instances,
passenger_pre_start => $http_prestart,
passenger_start_timeout => $start_timeout,
passenger_ruby => $ruby,
port => $server_port,
priority => $priority,
servername => $servername,
serveraliases => $serveraliases,
keepalive => $keepalive_onoff,
max_keepalive_requests => $max_keepalive_requests,
keepalive_timeout => $keepalive_timeout,
access_log_format => $access_log_format,
additional_includes => ["${::apache::confd_dir}/${priority}-foreman.d/*.conf"],
use_optional_includes => true,
custom_fragment => template('foreman/_assets.conf.erb', 'foreman/_suburi.conf.erb'),
* => $http_vhost_options,
}

if $ssl {
$https_prestart = $prestart ? {
true => "https://${servername}:${server_ssl_port}",
false => undef,
}
if $ssl_crl and $ssl_crl != '' {
$ssl_crl_real = $ssl_crl
$ssl_crl_check = 'chain'
} else {
$ssl_crl_real = undef
$ssl_crl_check = undef
}

file { "${apache::confd_dir}/${priority}-foreman-ssl.d":
ensure => 'directory',
owner => 'root',
group => 'root',
mode => '0644',
purge => true,
recurse => true,
}

apache::vhost { 'foreman-ssl':
add_default_charset => 'UTF-8',
docroot => $docroot,
manage_docroot => false,
ip => $listen_interface,
options => ['SymLinksIfOwnerMatch'],
passenger_app_root => $app_root,
passenger_min_instances => $min_instances,
passenger_pre_start => $https_prestart,
passenger_start_timeout => $start_timeout,
passenger_ruby => $ruby,
port => $server_ssl_port,
priority => $priority,
servername => $servername,
serveraliases => $serveraliases,
ssl => true,
ssl_cert => $ssl_cert,
ssl_certs_dir => $ssl_certs_dir,
ssl_key => $ssl_key,
ssl_chain => $ssl_chain,
ssl_ca => $ssl_ca,
ssl_crl => $ssl_crl_real,
ssl_crl_check => $ssl_crl_check,
ssl_protocol => $ssl_protocol,
ssl_verify_client => 'optional',
ssl_options => '+StdEnvVars +ExportCertData',
ssl_verify_depth => '3',
keepalive => $keepalive_onoff,
max_keepalive_requests => $max_keepalive_requests,
keepalive_timeout => $keepalive_timeout,
access_log_format => $access_log_format,
additional_includes => ["${::apache::confd_dir}/${priority}-foreman-ssl.d/*.conf"],
use_optional_includes => true,
custom_fragment => template('foreman/_assets.conf.erb', 'foreman/_ssl_username.conf.erb', 'foreman/_suburi.conf.erb'),
* => $https_vhost_options,
}
}
} else {
file { 'foreman_vhost':
path => "${::apache::confd_dir}/foreman.conf",
content => template('foreman/foreman-apache.conf.erb'),
mode => '0644',
}

if $ssl {
fail('Use of ssl = true and use_vhost = false is unsupported')
}
}

file { ["${app_root}/config.ru", "${app_root}/config/environment.rb"]:
owner => $user,
}
}
    (1-1/1)