Revision c62fcb8a
Added by Ewoud Kohl van Wijngaarden over 10 years ago
.fixtures.yml | ||
---|---|---|
fixtures:
|
||
repositories:
|
||
apache: 'git://github.com/theforeman/puppet-apache'
|
||
apache: 'git://github.com/puppetlabs/puppetlabs-apache'
|
||
concat:
|
||
repo: 'git://github.com/ripienaar/puppet-concat'
|
||
ref: '04356974f72b90a1d0f57346a00e95a717924e43'
|
||
... | ... | |
mysql:
|
||
repo: 'git://github.com/puppetlabs/puppetlabs-mysql'
|
||
ref: '52fb70ebdeb74f66bedc54196c0884c2b84699f3'
|
||
passenger: 'git://github.com/theforeman/puppet-passenger'
|
||
postgresql: 'git://github.com/puppetlabs/puppetlabs-postgresql'
|
||
puppet: 'git://github.com/theforeman/puppet-puppet'
|
||
stdlib: 'git://github.com/puppetlabs/puppetlabs-stdlib'
|
Modulefile | ||
---|---|---|
description 'Module for configuring Foreman'
|
||
project_page 'http://github.com/theforeman/foreman-installer'
|
||
|
||
dependency 'theforeman/apache', '>= 1.3.0'
|
||
dependency 'theforeman/concat_native', '>= 1.3.0'
|
||
dependency 'theforeman/passenger', '>= 1.3.0'
|
||
|
||
dependency 'puppetlabs/apache', '>= 1.0.0'
|
||
dependency 'puppetlabs/postgresql', '>= 3.0.0'
|
||
dependency 'puppetlabs/stdlib'
|
manifests/config.pp | ||
---|---|---|
}
|
||
|
||
if $foreman::passenger {
|
||
class{'foreman::config::passenger':
|
||
listen_on_interface => $foreman::passenger_interface,
|
||
scl_prefix => $foreman::passenger_scl,
|
||
}
|
||
include foreman::config::passenger
|
||
}
|
||
|
||
}
|
manifests/config/passenger.pp | ||
---|---|---|
# Configure the foreman service using passenger
|
||
#
|
||
# === Parameters:
|
||
#
|
||
# $app_root:: Root of the application.
|
||
#
|
||
# $listen_on_interface:: Specify which interface to bind passenger to.
|
||
# Defaults to all interfaces.
|
||
#
|
||
# $scl_prefix:: RedHat SCL prefix.
|
||
#
|
||
# $servername:: Servername for the vhost.
|
||
#
|
||
# $ssl:: Whether to enable SSL.
|
||
#
|
||
# $ssl_cert:: Location of the SSL certificate file.
|
||
#
|
||
# $ssl_key:: Location of the SSL key file.
|
||
#
|
||
# $ssl_ca:: Location of the SSL CA file
|
||
#
|
||
# $use_vhost:: Whether to install a vhost. Note that using ssl and
|
||
# no vhost is unsupported.
|
||
#
|
||
# $user:: The user under which the application runs.
|
||
#
|
||
class foreman::config::passenger(
|
||
|
||
# specifiy which interface to bind passenger to eth0, eth1, ...
|
||
$listen_on_interface = '',
|
||
$scl_prefix = undef,
|
||
$ssl_ca = $foreman::server_ssl_ca,
|
||
$ssl_cert = $foreman::server_ssl_cert,
|
||
$ssl_key = $foreman::server_ssl_key
|
||
$app_root = $foreman::app_root,
|
||
$listen_on_interface = $foreman::passenger_interface,
|
||
$scl_prefix = $foreman::passenger_scl,
|
||
$servername = $::fqdn,
|
||
$ssl = $foreman::ssl,
|
||
$ssl_ca = $foreman::server_ssl_ca,
|
||
$ssl_cert = $foreman::server_ssl_cert,
|
||
$ssl_key = $foreman::server_ssl_key,
|
||
$use_vhost = $foreman::use_vhost,
|
||
$user = $foreman::user
|
||
) {
|
||
include apache::ssl
|
||
include ::passenger
|
||
if $scl_prefix {
|
||
class { '::passenger::install::scl':
|
||
prefix => $scl_prefix,
|
||
# validate parameter values
|
||
validate_string($listen_on_interface)
|
||
validate_bool($ssl)
|
||
|
||
$docroot = "${app_root}/public"
|
||
|
||
include ::apache
|
||
include ::apache::mod::headers
|
||
include ::apache::mod::passenger
|
||
|
||
if $::osfamily == 'RedHat' {
|
||
# Work around https://github.com/puppetlabs/puppetlabs-apache/pull/563
|
||
File <| title == 'passenger.conf' |> {
|
||
replace => false,
|
||
}
|
||
Apache::Mod['passenger'] -> File['passenger.conf']
|
||
}
|
||
|
||
# Check the value in case the interface doesn't exist, otherwise listen on all interfaces
|
||
if $listen_on_interface in split($::interfaces, ',') {
|
||
$listen_interface = inline_template("<%= @ipaddress_${listen_on_interface} %>")
|
||
} else {
|
||
$listen_interface = '*'
|
||
# Ensure the Version module is loaded as we need it in the Foreman vhosts
|
||
# RedHat distros come with this enabled. Newer Debian and Ubuntu distros
|
||
# comes also with this enabled. Only old Debian and Ubuntu distros (squeeze,
|
||
# lucid, precise) needs hand-holding.
|
||
case $::lsbdistcodename {
|
||
'squeeze','lucid','precise': {
|
||
::apache::mod { 'version': }
|
||
}
|
||
default: {}
|
||
}
|
||
|
||
$foreman_conf = $foreman::use_vhost ? {
|
||
false => 'foreman/foreman-apache.conf.erb',
|
||
default => 'foreman/foreman-vhost.conf.erb',
|
||
}
|
||
if $use_vhost {
|
||
# Workaround so apache::vhost doesn't attempt to create a directory
|
||
file { $docroot: }
|
||
|
||
# Check the value in case the interface doesn't exist, otherwise listen on all interfaces
|
||
if $listen_on_interface and $listen_on_interface in split($::interfaces, ',') {
|
||
$listen_interface = inline_template("<%= @ipaddress_${listen_on_interface} %>")
|
||
} else {
|
||
$listen_interface = undef
|
||
}
|
||
|
||
apache::vhost { 'foreman':
|
||
servername => $servername,
|
||
serveraliases => ['foreman'],
|
||
ip => $listen_interface,
|
||
port => 80,
|
||
docroot => $docroot,
|
||
priority => '5',
|
||
options => ['none'],
|
||
custom_fragment => template('foreman/apache-fragment.conf.erb', 'foreman/_assets.conf.erb'),
|
||
}
|
||
|
||
if $ssl {
|
||
apache::vhost { 'foreman-ssl':
|
||
servername => $servername,
|
||
serveraliases => ['foreman'],
|
||
ip => $listen_interface,
|
||
port => 443,
|
||
docroot => $docroot,
|
||
priority => '5',
|
||
options => ['none'],
|
||
ssl => true,
|
||
ssl_cert => $ssl_cert,
|
||
ssl_key => $ssl_key,
|
||
ssl_chain => $ssl_ca,
|
||
ssl_ca => $ssl_ca,
|
||
ssl_verify_client => 'optional',
|
||
ssl_options => '+StdEnvVars',
|
||
ssl_verify_depth => '3',
|
||
custom_fragment => template('foreman/apache-fragment.conf.erb', 'foreman/_assets.conf.erb'),
|
||
}
|
||
}
|
||
} else {
|
||
file { 'foreman_vhost':
|
||
path => "${apache::params::conf_dir}/foreman.conf",
|
||
content => template('foreman/foreman-apache.conf.erb'),
|
||
mode => '0644',
|
||
}
|
||
|
||
file {'foreman_vhost':
|
||
path => "${foreman::apache_conf_dir}/foreman.conf",
|
||
content => template($foreman_conf),
|
||
mode => '0644',
|
||
notify => Class['foreman::service'],
|
||
require => Class['foreman::install'],
|
||
if $ssl {
|
||
fail('Use of ssl = true and use_vhost = false is unsupported')
|
||
}
|
||
}
|
||
|
||
file { ["${foreman::app_root}/config.ru", "${foreman::app_root}/config/environment.rb"]:
|
||
owner => $foreman::user,
|
||
require => Class['foreman::install'],
|
||
file { ["${app_root}/config.ru", "${app_root}/config/environment.rb"]:
|
||
owner => $user,
|
||
}
|
||
}
|
manifests/init.pp | ||
---|---|---|
#
|
||
# $environment:: Rails environment of foreman
|
||
#
|
||
# $apache_conf_dir:: Directory that holds Apache configuration files (e.g. /etc/httpd/conf.d)
|
||
#
|
||
# $puppet_home:: Puppet home directory
|
||
#
|
||
# $locations_enabled:: Enable locations?
|
||
... | ... | |
$group = $foreman::params::group,
|
||
$user_groups = $foreman::params::user_groups,
|
||
$environment = $foreman::params::environment,
|
||
$apache_conf_dir = $foreman::params::apache_conf_dir,
|
||
$puppet_home = $foreman::params::puppet_home,
|
||
$locations_enabled = $foreman::params::locations_enabled,
|
||
$organizations_enabled = $foreman::params::organizations_enabled,
|
manifests/install.pp | ||
---|---|---|
require => $repo,
|
||
}
|
||
}
|
||
|
||
if $foreman::passenger_scl {
|
||
package{ "${foreman::passenger_scl}-rubygem-passenger-native":
|
||
ensure => installed,
|
||
require => Class['apache'],
|
||
before => Class['apache::service'],
|
||
}
|
||
}
|
||
}
|
manifests/params.pp | ||
---|---|---|
# OS specific paths
|
||
case $::osfamily {
|
||
RedHat: {
|
||
$apache_conf_dir = '/etc/httpd/conf.d'
|
||
|
||
case $::operatingsystem {
|
||
fedora: {
|
||
$puppet_basedir = '/usr/share/ruby/vendor_ruby/puppet'
|
||
... | ... | |
}
|
||
Debian: {
|
||
$puppet_basedir = '/usr/lib/ruby/vendor_ruby/puppet'
|
||
$apache_conf_dir = '/etc/apache2/conf.d'
|
||
$passenger_scl = undef
|
||
$plugin_prefix = 'ruby-foreman-'
|
||
}
|
||
Linux: {
|
||
case $::operatingsystem {
|
||
Amazon: {
|
||
$apache_conf_dir = '/etc/httpd/conf.d'
|
||
$puppet_basedir = regsubst($::rubyversion, '^(\d+\.\d+).*$', '/usr/lib/ruby/site_ruby/\1/puppet')
|
||
$yumcode = 'el6'
|
||
# add passenger::install::scl as EL uses SCL on Foreman 1.2+
|
spec/classes/foreman_config_passenger_spec.rb | ||
---|---|---|
|
||
|
||
describe 'foreman::config::passenger' do
|
||
let :default_facts do
|
||
{
|
||
:concat_basedir => '/tmp',
|
||
:interfaces => 'lo',
|
||
:ipaddress_lo => '127.0.0.1',
|
||
}
|
||
end
|
||
|
||
context 'on redhat' do
|
||
let :facts do
|
||
default_facts.merge({
|
||
:operatingsystem => 'RedHat',
|
||
:operatingsystemrelease => '6.4',
|
||
:osfamily => 'RedHat',
|
||
})
|
||
let :facts do {
|
||
:concat_basedir => '/nonexistant',
|
||
:fqdn => 'foreman.example.org',
|
||
:operatingsystem => 'RedHat',
|
||
:operatingsystemrelease => '6.4',
|
||
:osfamily => 'RedHat',
|
||
} end
|
||
|
||
describe 'with minimal parameters' do
|
||
let :params do {
|
||
:app_root => '/usr/share/foreman',
|
||
:ssl => false,
|
||
:user => 'foreman',
|
||
} end
|
||
|
||
it 'should include apache with modules' do
|
||
should contain_class('apache')
|
||
should contain_class('apache::mod::headers')
|
||
should contain_class('apache::mod::passenger')
|
||
end
|
||
|
||
describe 'without parameters' do
|
||
let :pre_condition do
|
||
"class {'foreman':}"
|
||
end
|
||
|
||
it do
|
||
should contain_class('apache::ssl')
|
||
should contain_class('passenger')
|
||
should_not contain_class('::passenger::install::scl')
|
||
|
||
should contain_file('foreman_vhost').with({
|
||
:path => '/etc/httpd/conf.d/foreman.conf',
|
||
:mode => '0644',
|
||
:notify => 'Class[Foreman::Service]',
|
||
:require => 'Class[Foreman::Install]',
|
||
})
|
||
|
||
should contain_file('foreman_vhost').with_content(/<VirtualHost \*:80>/)
|
||
|
||
should contain_file('foreman_vhost').with_content(/<VirtualHost \*:443>/)
|
||
|
||
should contain_file('foreman_vhost').with_content(/access plus 1 year/)
|
||
|
||
should contain_file('/usr/share/foreman/config.ru').with({
|
||
:owner => 'foreman',
|
||
:require => 'Class[Foreman::Install]',
|
||
})
|
||
|
||
should contain_file('/usr/share/foreman/config/environment.rb').with({
|
||
:owner => 'foreman',
|
||
:require => 'Class[Foreman::Install]',
|
||
})
|
||
end
|
||
it 'should ensure ownership' do
|
||
should contain_file("#{params[:app_root]}/config.ru").with_owner(params[:user])
|
||
should contain_file("#{params[:app_root]}/config/environment.rb").with_owner(params[:user])
|
||
end
|
||
end
|
||
|
||
describe 'with listen_interface' do
|
||
let :pre_condition do
|
||
"class {'foreman':
|
||
passenger_interface => 'lo',
|
||
}"
|
||
end
|
||
|
||
it 'should contain the HTTP vhost' do
|
||
should contain_file('foreman_vhost').with({
|
||
:content => /<VirtualHost 127.0.0.1:80>/,
|
||
})
|
||
end
|
||
|
||
it 'should contain the HTTPS vhost' do
|
||
should contain_file('foreman_vhost').with({
|
||
:content => /<VirtualHost 127.0.0.1:443>/,
|
||
})
|
||
end
|
||
end
|
||
|
||
describe 'with scl_prefix' do
|
||
let :pre_condition do
|
||
"class {'foreman':
|
||
passenger_scl => 'ruby193',
|
||
}"
|
||
end
|
||
|
||
it 'should include scl' do
|
||
should contain_class('passenger::install::scl')
|
||
end
|
||
describe 'with vhost and ssl' do
|
||
let :params do {
|
||
:app_root => '/usr/share/foreman',
|
||
:use_vhost => true,
|
||
:ssl => true,
|
||
:ssl_cert => 'cert.pem',
|
||
:ssl_key => 'key.pem',
|
||
:ssl_ca => 'ca.pem',
|
||
} end
|
||
|
||
it 'should contain the docroot' do
|
||
should contain_file("#{params[:app_root]}/public")
|
||
end
|
||
|
||
describe 'without ssl' do
|
||
let :pre_condition do
|
||
"class {'foreman':
|
||
ssl => false,
|
||
}"
|
||
end
|
||
|
||
it 'should contain the HTTP vhost' do
|
||
should contain_file('foreman_vhost').with_content(/<VirtualHost \*:80>/)
|
||
end
|
||
|
||
it 'should not contain the HTTPS vhost' do
|
||
should_not contain_file('foreman_vhost').with_content(/<VirtualHost \*:443>/)
|
||
end
|
||
it 'should include a http vhost' do
|
||
should contain_apache__vhost('foreman').with({
|
||
:ip => nil,
|
||
:servername => facts[:fqdn],
|
||
:serveraliases => ['foreman'],
|
||
:docroot => "#{params[:app_root]}/public",
|
||
:priority => '5',
|
||
:options => ['none'],
|
||
:port => 80,
|
||
:custom_fragment => %r{^<Directory #{params[:app_root]}/public>$},
|
||
})
|
||
end
|
||
|
||
describe 'with custom ssl cert' do
|
||
let :pre_condition do
|
||
"class {'foreman':
|
||
server_ssl_cert => 'foo',
|
||
server_ssl_key => 'bar',
|
||
server_ssl_ca => 'baz',
|
||
ssl => true,
|
||
}"
|
||
end
|
||
|
||
it 'should specify trust chain' do
|
||
should contain_file('foreman_vhost').with_content(/SSLCertificateFile\s+foo/)
|
||
should contain_file('foreman_vhost').with_content(/SSLCertificateKeyFile\s+bar/)
|
||
should contain_file('foreman_vhost').with_content(/SSLCertificateChainFile\s+baz/)
|
||
end
|
||
it 'should include a https vhost' do
|
||
should contain_apache__vhost('foreman-ssl').with({
|
||
:ip => nil,
|
||
:servername => facts[:fqdn],
|
||
:serveraliases => ['foreman'],
|
||
:docroot => "#{params[:app_root]}/public",
|
||
:priority => '5',
|
||
:options => ['none'],
|
||
:port => 443,
|
||
:ssl => true,
|
||
:ssl_cert => params[:ssl_cert],
|
||
:ssl_key => params[:ssl_key],
|
||
:ssl_chain => params[:ssl_ca],
|
||
:ssl_ca => params[:ssl_ca],
|
||
:ssl_verify_client => 'optional',
|
||
:ssl_options => '+StdEnvVars',
|
||
:ssl_verify_depth => '3',
|
||
:custom_fragment => %r{^<Directory #{params[:app_root]}/public>$},
|
||
})
|
||
end
|
||
end
|
||
end
|
templates/_assets.conf.erb | ||
---|---|---|
# Static public dir serving
|
||
<Directory <%= scope.lookupvar 'foreman::app_root' %>/public>
|
||
<Directory <%= @docroot %>>
|
||
|
||
<IfVersion < 2.4>
|
||
Allow from all
|
||
... | ... | |
|
||
</Directory>
|
||
|
||
<Directory <%= scope.lookupvar 'foreman::app_root' %>/public/assets>
|
||
<Directory <%= @docroot %>/assets>
|
||
|
||
# Use standard http expire header for assets instead of ETag
|
||
<IfModule mod_expires.c>
|
templates/apache-fragment.conf.erb | ||
---|---|---|
PassengerAppRoot <%= @app_root %>
|
||
<% if @scl_prefix and !@scl_prefix.empty? -%>
|
||
PassengerRuby /usr/bin/<%= @scl_prefix -%>-ruby
|
||
<% end -%>
|
||
|
||
AddDefaultCharset UTF-8
|
templates/foreman-apache.conf.erb | ||
---|---|---|
<%= ERB.new(File.read(File.expand_path("_header.erb",File.dirname(file)))).result(binding) -%>
|
||
|
||
DocumentRoot <%= scope.lookupvar 'foreman::app_root' %>/public
|
||
PassengerAppRoot <%= scope.lookupvar 'foreman::app_root' %>
|
||
<% if @scl_prefix and !@scl_prefix.empty? -%>
|
||
PassengerRuby /usr/bin/<%= @scl_prefix -%>-ruby
|
||
<% end -%>
|
||
|
||
AddDefaultCharset UTF-8
|
||
DocumentRoot <%= @docroot %>
|
||
<%= scope.function_template(['foreman/apache-fragment.conf.erb']) -%>
|
||
|
||
<%= scope.function_template(['foreman/_assets.conf.erb']) %>
|
templates/foreman-vhost.conf.erb | ||
---|---|---|
<%= ERB.new(File.read(File.expand_path("_header.erb",File.dirname(file)))).result(binding) -%>
|
||
|
||
<VirtualHost <%= @listen_interface %>:80>
|
||
ServerName <%= @fqdn %>
|
||
ServerAlias foreman
|
||
|
||
DocumentRoot <%= scope.lookupvar 'foreman::app_root' %>/public
|
||
PassengerAppRoot <%= scope.lookupvar 'foreman::app_root' %>
|
||
<% if @scl_prefix and !@scl_prefix.empty? -%>
|
||
PassengerRuby /usr/bin/<%= @scl_prefix -%>-ruby
|
||
<% end -%>
|
||
|
||
AddDefaultCharset UTF-8
|
||
|
||
<%= scope.function_template(['foreman/_assets.conf.erb']) %>
|
||
|
||
</VirtualHost>
|
||
|
||
<% if scope.lookupvar 'foreman::ssl' -%>
|
||
<VirtualHost <%= @listen_interface %>:443>
|
||
ServerName <%= @fqdn %>
|
||
ServerAlias foreman
|
||
|
||
DocumentRoot <%= scope.lookupvar 'foreman::app_root' %>/public
|
||
PassengerAppRoot <%= scope.lookupvar 'foreman::app_root' %>
|
||
<% if @scl_prefix and !@scl_prefix.empty? -%>
|
||
PassengerRuby /usr/bin/<%= @scl_prefix -%>-ruby
|
||
<% end -%>
|
||
|
||
AddDefaultCharset UTF-8
|
||
|
||
<%= scope.function_template(['foreman/_assets.conf.erb']) %>
|
||
|
||
SSLEngine On
|
||
SSLCertificateFile <%= @ssl_cert %>
|
||
SSLCertificateKeyFile <%= @ssl_key %>
|
||
SSLCertificateChainFile <%= @ssl_ca %>
|
||
SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem
|
||
SSLVerifyClient optional
|
||
SSLOptions +StdEnvVars
|
||
SSLVerifyDepth 3
|
||
|
||
</VirtualHost>
|
||
<% end -%>
|
Also available in: Unified diff
Change from theforeman/apache to puppetlabs/apache