Project

General

Profile

« Previous | Next » 

Revision c62fcb8a

Added by Ewoud Kohl van Wijngaarden over 10 years ago

Change from theforeman/apache to puppetlabs/apache

View differences:

.fixtures.yml
fixtures:
repositories:
apache: 'git://github.com/theforeman/puppet-apache'
apache: 'git://github.com/puppetlabs/puppetlabs-apache'
concat:
repo: 'git://github.com/ripienaar/puppet-concat'
ref: '04356974f72b90a1d0f57346a00e95a717924e43'
......
mysql:
repo: 'git://github.com/puppetlabs/puppetlabs-mysql'
ref: '52fb70ebdeb74f66bedc54196c0884c2b84699f3'
passenger: 'git://github.com/theforeman/puppet-passenger'
postgresql: 'git://github.com/puppetlabs/puppetlabs-postgresql'
puppet: 'git://github.com/theforeman/puppet-puppet'
stdlib: 'git://github.com/puppetlabs/puppetlabs-stdlib'
Modulefile
description 'Module for configuring Foreman'
project_page 'http://github.com/theforeman/foreman-installer'
dependency 'theforeman/apache', '>= 1.3.0'
dependency 'theforeman/concat_native', '>= 1.3.0'
dependency 'theforeman/passenger', '>= 1.3.0'
dependency 'puppetlabs/apache', '>= 1.0.0'
dependency 'puppetlabs/postgresql', '>= 3.0.0'
dependency 'puppetlabs/stdlib'
manifests/config.pp
}
if $foreman::passenger {
class{'foreman::config::passenger':
listen_on_interface => $foreman::passenger_interface,
scl_prefix => $foreman::passenger_scl,
}
include foreman::config::passenger
}
}
manifests/config/passenger.pp
# Configure the foreman service using passenger
#
# === Parameters:
#
# $app_root:: Root of the application.
#
# $listen_on_interface:: Specify which interface to bind passenger to.
# Defaults to all interfaces.
#
# $scl_prefix:: RedHat SCL prefix.
#
# $servername:: Servername for the vhost.
#
# $ssl:: Whether to enable SSL.
#
# $ssl_cert:: Location of the SSL certificate file.
#
# $ssl_key:: Location of the SSL key file.
#
# $ssl_ca:: Location of the SSL CA file
#
# $use_vhost:: Whether to install a vhost. Note that using ssl and
# no vhost is unsupported.
#
# $user:: The user under which the application runs.
#
class foreman::config::passenger(
# specifiy which interface to bind passenger to eth0, eth1, ...
$listen_on_interface = '',
$scl_prefix = undef,
$ssl_ca = $foreman::server_ssl_ca,
$ssl_cert = $foreman::server_ssl_cert,
$ssl_key = $foreman::server_ssl_key
$app_root = $foreman::app_root,
$listen_on_interface = $foreman::passenger_interface,
$scl_prefix = $foreman::passenger_scl,
$servername = $::fqdn,
$ssl = $foreman::ssl,
$ssl_ca = $foreman::server_ssl_ca,
$ssl_cert = $foreman::server_ssl_cert,
$ssl_key = $foreman::server_ssl_key,
$use_vhost = $foreman::use_vhost,
$user = $foreman::user
) {
include apache::ssl
include ::passenger
if $scl_prefix {
class { '::passenger::install::scl':
prefix => $scl_prefix,
# validate parameter values
validate_string($listen_on_interface)
validate_bool($ssl)
$docroot = "${app_root}/public"
include ::apache
include ::apache::mod::headers
include ::apache::mod::passenger
if $::osfamily == 'RedHat' {
# Work around https://github.com/puppetlabs/puppetlabs-apache/pull/563
File <| title == 'passenger.conf' |> {
replace => false,
}
Apache::Mod['passenger'] -> File['passenger.conf']
}
# Check the value in case the interface doesn't exist, otherwise listen on all interfaces
if $listen_on_interface in split($::interfaces, ',') {
$listen_interface = inline_template("<%= @ipaddress_${listen_on_interface} %>")
} else {
$listen_interface = '*'
# Ensure the Version module is loaded as we need it in the Foreman vhosts
# RedHat distros come with this enabled. Newer Debian and Ubuntu distros
# comes also with this enabled. Only old Debian and Ubuntu distros (squeeze,
# lucid, precise) needs hand-holding.
case $::lsbdistcodename {
'squeeze','lucid','precise': {
::apache::mod { 'version': }
}
default: {}
}
$foreman_conf = $foreman::use_vhost ? {
false => 'foreman/foreman-apache.conf.erb',
default => 'foreman/foreman-vhost.conf.erb',
}
if $use_vhost {
# Workaround so apache::vhost doesn't attempt to create a directory
file { $docroot: }
# Check the value in case the interface doesn't exist, otherwise listen on all interfaces
if $listen_on_interface and $listen_on_interface in split($::interfaces, ',') {
$listen_interface = inline_template("<%= @ipaddress_${listen_on_interface} %>")
} else {
$listen_interface = undef
}
apache::vhost { 'foreman':
servername => $servername,
serveraliases => ['foreman'],
ip => $listen_interface,
port => 80,
docroot => $docroot,
priority => '5',
options => ['none'],
custom_fragment => template('foreman/apache-fragment.conf.erb', 'foreman/_assets.conf.erb'),
}
if $ssl {
apache::vhost { 'foreman-ssl':
servername => $servername,
serveraliases => ['foreman'],
ip => $listen_interface,
port => 443,
docroot => $docroot,
priority => '5',
options => ['none'],
ssl => true,
ssl_cert => $ssl_cert,
ssl_key => $ssl_key,
ssl_chain => $ssl_ca,
ssl_ca => $ssl_ca,
ssl_verify_client => 'optional',
ssl_options => '+StdEnvVars',
ssl_verify_depth => '3',
custom_fragment => template('foreman/apache-fragment.conf.erb', 'foreman/_assets.conf.erb'),
}
}
} else {
file { 'foreman_vhost':
path => "${apache::params::conf_dir}/foreman.conf",
content => template('foreman/foreman-apache.conf.erb'),
mode => '0644',
}
file {'foreman_vhost':
path => "${foreman::apache_conf_dir}/foreman.conf",
content => template($foreman_conf),
mode => '0644',
notify => Class['foreman::service'],
require => Class['foreman::install'],
if $ssl {
fail('Use of ssl = true and use_vhost = false is unsupported')
}
}
file { ["${foreman::app_root}/config.ru", "${foreman::app_root}/config/environment.rb"]:
owner => $foreman::user,
require => Class['foreman::install'],
file { ["${app_root}/config.ru", "${app_root}/config/environment.rb"]:
owner => $user,
}
}
manifests/init.pp
#
# $environment:: Rails environment of foreman
#
# $apache_conf_dir:: Directory that holds Apache configuration files (e.g. /etc/httpd/conf.d)
#
# $puppet_home:: Puppet home directory
#
# $locations_enabled:: Enable locations?
......
$group = $foreman::params::group,
$user_groups = $foreman::params::user_groups,
$environment = $foreman::params::environment,
$apache_conf_dir = $foreman::params::apache_conf_dir,
$puppet_home = $foreman::params::puppet_home,
$locations_enabled = $foreman::params::locations_enabled,
$organizations_enabled = $foreman::params::organizations_enabled,
manifests/install.pp
require => $repo,
}
}
if $foreman::passenger_scl {
package{ "${foreman::passenger_scl}-rubygem-passenger-native":
ensure => installed,
require => Class['apache'],
before => Class['apache::service'],
}
}
}
manifests/params.pp
# OS specific paths
case $::osfamily {
RedHat: {
$apache_conf_dir = '/etc/httpd/conf.d'
case $::operatingsystem {
fedora: {
$puppet_basedir = '/usr/share/ruby/vendor_ruby/puppet'
......
}
Debian: {
$puppet_basedir = '/usr/lib/ruby/vendor_ruby/puppet'
$apache_conf_dir = '/etc/apache2/conf.d'
$passenger_scl = undef
$plugin_prefix = 'ruby-foreman-'
}
Linux: {
case $::operatingsystem {
Amazon: {
$apache_conf_dir = '/etc/httpd/conf.d'
$puppet_basedir = regsubst($::rubyversion, '^(\d+\.\d+).*$', '/usr/lib/ruby/site_ruby/\1/puppet')
$yumcode = 'el6'
# add passenger::install::scl as EL uses SCL on Foreman 1.2+
spec/classes/foreman_config_passenger_spec.rb
describe 'foreman::config::passenger' do
let :default_facts do
{
:concat_basedir => '/tmp',
:interfaces => 'lo',
:ipaddress_lo => '127.0.0.1',
}
end
context 'on redhat' do
let :facts do
default_facts.merge({
:operatingsystem => 'RedHat',
:operatingsystemrelease => '6.4',
:osfamily => 'RedHat',
})
let :facts do {
:concat_basedir => '/nonexistant',
:fqdn => 'foreman.example.org',
:operatingsystem => 'RedHat',
:operatingsystemrelease => '6.4',
:osfamily => 'RedHat',
} end
describe 'with minimal parameters' do
let :params do {
:app_root => '/usr/share/foreman',
:ssl => false,
:user => 'foreman',
} end
it 'should include apache with modules' do
should contain_class('apache')
should contain_class('apache::mod::headers')
should contain_class('apache::mod::passenger')
end
describe 'without parameters' do
let :pre_condition do
"class {'foreman':}"
end
it do
should contain_class('apache::ssl')
should contain_class('passenger')
should_not contain_class('::passenger::install::scl')
should contain_file('foreman_vhost').with({
:path => '/etc/httpd/conf.d/foreman.conf',
:mode => '0644',
:notify => 'Class[Foreman::Service]',
:require => 'Class[Foreman::Install]',
})
should contain_file('foreman_vhost').with_content(/<VirtualHost \*:80>/)
should contain_file('foreman_vhost').with_content(/<VirtualHost \*:443>/)
should contain_file('foreman_vhost').with_content(/access plus 1 year/)
should contain_file('/usr/share/foreman/config.ru').with({
:owner => 'foreman',
:require => 'Class[Foreman::Install]',
})
should contain_file('/usr/share/foreman/config/environment.rb').with({
:owner => 'foreman',
:require => 'Class[Foreman::Install]',
})
end
it 'should ensure ownership' do
should contain_file("#{params[:app_root]}/config.ru").with_owner(params[:user])
should contain_file("#{params[:app_root]}/config/environment.rb").with_owner(params[:user])
end
end
describe 'with listen_interface' do
let :pre_condition do
"class {'foreman':
passenger_interface => 'lo',
}"
end
it 'should contain the HTTP vhost' do
should contain_file('foreman_vhost').with({
:content => /<VirtualHost 127.0.0.1:80>/,
})
end
it 'should contain the HTTPS vhost' do
should contain_file('foreman_vhost').with({
:content => /<VirtualHost 127.0.0.1:443>/,
})
end
end
describe 'with scl_prefix' do
let :pre_condition do
"class {'foreman':
passenger_scl => 'ruby193',
}"
end
it 'should include scl' do
should contain_class('passenger::install::scl')
end
describe 'with vhost and ssl' do
let :params do {
:app_root => '/usr/share/foreman',
:use_vhost => true,
:ssl => true,
:ssl_cert => 'cert.pem',
:ssl_key => 'key.pem',
:ssl_ca => 'ca.pem',
} end
it 'should contain the docroot' do
should contain_file("#{params[:app_root]}/public")
end
describe 'without ssl' do
let :pre_condition do
"class {'foreman':
ssl => false,
}"
end
it 'should contain the HTTP vhost' do
should contain_file('foreman_vhost').with_content(/<VirtualHost \*:80>/)
end
it 'should not contain the HTTPS vhost' do
should_not contain_file('foreman_vhost').with_content(/<VirtualHost \*:443>/)
end
it 'should include a http vhost' do
should contain_apache__vhost('foreman').with({
:ip => nil,
:servername => facts[:fqdn],
:serveraliases => ['foreman'],
:docroot => "#{params[:app_root]}/public",
:priority => '5',
:options => ['none'],
:port => 80,
:custom_fragment => %r{^<Directory #{params[:app_root]}/public>$},
})
end
describe 'with custom ssl cert' do
let :pre_condition do
"class {'foreman':
server_ssl_cert => 'foo',
server_ssl_key => 'bar',
server_ssl_ca => 'baz',
ssl => true,
}"
end
it 'should specify trust chain' do
should contain_file('foreman_vhost').with_content(/SSLCertificateFile\s+foo/)
should contain_file('foreman_vhost').with_content(/SSLCertificateKeyFile\s+bar/)
should contain_file('foreman_vhost').with_content(/SSLCertificateChainFile\s+baz/)
end
it 'should include a https vhost' do
should contain_apache__vhost('foreman-ssl').with({
:ip => nil,
:servername => facts[:fqdn],
:serveraliases => ['foreman'],
:docroot => "#{params[:app_root]}/public",
:priority => '5',
:options => ['none'],
:port => 443,
:ssl => true,
:ssl_cert => params[:ssl_cert],
:ssl_key => params[:ssl_key],
:ssl_chain => params[:ssl_ca],
:ssl_ca => params[:ssl_ca],
:ssl_verify_client => 'optional',
:ssl_options => '+StdEnvVars',
:ssl_verify_depth => '3',
:custom_fragment => %r{^<Directory #{params[:app_root]}/public>$},
})
end
end
end
templates/_assets.conf.erb
# Static public dir serving
<Directory <%= scope.lookupvar 'foreman::app_root' %>/public>
<Directory <%= @docroot %>>
<IfVersion < 2.4>
Allow from all
......
</Directory>
<Directory <%= scope.lookupvar 'foreman::app_root' %>/public/assets>
<Directory <%= @docroot %>/assets>
# Use standard http expire header for assets instead of ETag
<IfModule mod_expires.c>
templates/apache-fragment.conf.erb
PassengerAppRoot <%= @app_root %>
<% if @scl_prefix and !@scl_prefix.empty? -%>
PassengerRuby /usr/bin/<%= @scl_prefix -%>-ruby
<% end -%>
AddDefaultCharset UTF-8
templates/foreman-apache.conf.erb
<%= ERB.new(File.read(File.expand_path("_header.erb",File.dirname(file)))).result(binding) -%>
DocumentRoot <%= scope.lookupvar 'foreman::app_root' %>/public
PassengerAppRoot <%= scope.lookupvar 'foreman::app_root' %>
<% if @scl_prefix and !@scl_prefix.empty? -%>
PassengerRuby /usr/bin/<%= @scl_prefix -%>-ruby
<% end -%>
AddDefaultCharset UTF-8
DocumentRoot <%= @docroot %>
<%= scope.function_template(['foreman/apache-fragment.conf.erb']) -%>
<%= scope.function_template(['foreman/_assets.conf.erb']) %>
templates/foreman-vhost.conf.erb
<%= ERB.new(File.read(File.expand_path("_header.erb",File.dirname(file)))).result(binding) -%>
<VirtualHost <%= @listen_interface %>:80>
ServerName <%= @fqdn %>
ServerAlias foreman
DocumentRoot <%= scope.lookupvar 'foreman::app_root' %>/public
PassengerAppRoot <%= scope.lookupvar 'foreman::app_root' %>
<% if @scl_prefix and !@scl_prefix.empty? -%>
PassengerRuby /usr/bin/<%= @scl_prefix -%>-ruby
<% end -%>
AddDefaultCharset UTF-8
<%= scope.function_template(['foreman/_assets.conf.erb']) %>
</VirtualHost>
<% if scope.lookupvar 'foreman::ssl' -%>
<VirtualHost <%= @listen_interface %>:443>
ServerName <%= @fqdn %>
ServerAlias foreman
DocumentRoot <%= scope.lookupvar 'foreman::app_root' %>/public
PassengerAppRoot <%= scope.lookupvar 'foreman::app_root' %>
<% if @scl_prefix and !@scl_prefix.empty? -%>
PassengerRuby /usr/bin/<%= @scl_prefix -%>-ruby
<% end -%>
AddDefaultCharset UTF-8
<%= scope.function_template(['foreman/_assets.conf.erb']) %>
SSLEngine On
SSLCertificateFile <%= @ssl_cert %>
SSLCertificateKeyFile <%= @ssl_key %>
SSLCertificateChainFile <%= @ssl_ca %>
SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem
SSLVerifyClient optional
SSLOptions +StdEnvVars
SSLVerifyDepth 3
</VirtualHost>
<% end -%>

Also available in: Unified diff