Revision 908b6ba6
Added by Ewoud Kohl van Wijngaarden about 7 years ago
| manifests/apache.pp | ||
|---|---|---|
|
$ldap_custom_fragment = {}
|
||
|
}
|
||
|
|
||
|
$directories = [
|
||
|
$base_directories = [
|
||
|
merge($webservices_wsgi_directory, $ldap_custom_fragment),
|
||
|
{
|
||
|
'path' => '/usr/share/pulp/wsgi',
|
||
| ... | ... | |
|
},
|
||
|
]
|
||
|
|
||
|
if $::pulp::ssl_username and !empty($::pulp::ssl_username) {
|
||
|
$directories = concat(
|
||
|
$base_directories,
|
||
|
{
|
||
|
'path' => '/pulp/api',
|
||
|
'provider' => 'Location',
|
||
|
'custom_fragment' => "SSLUsername ${::pulp::ssl_username}",
|
||
|
}
|
||
|
)
|
||
|
} else {
|
||
|
$directories = $base_directories
|
||
|
}
|
||
|
|
||
|
$aliases = [
|
||
|
{
|
||
|
alias => '/pulp/static',
|
||
| ... | ... | |
|
port => 443,
|
||
|
servername => $::fqdn,
|
||
|
serveraliases => [$::hostname],
|
||
|
keepalive => 'on',
|
||
|
max_keepalive_requests => $::pulp::max_keep_alive,
|
||
|
ssl => true,
|
||
|
ssl_cert => $::pulp::https_cert,
|
||
|
ssl_key => $::pulp::https_key,
|
||
| ... | ... | |
|
aliases => $aliases,
|
||
|
options => ['SymLinksIfOwnerMatch'],
|
||
|
add_default_charset => 'UTF-8',
|
||
|
custom_fragment => template('pulp/etc/httpd/conf.d/_ssl_vhost.conf.erb'),
|
||
|
# allow older yum clients to connect, see bz 647828
|
||
|
custom_fragment => 'SSLInsecureRenegotiation On',
|
||
|
}
|
||
|
} else {
|
||
|
file {'/etc/httpd/conf.d/pulp.conf':
|
||
| manifests/child/config.pp | ||
|---|---|---|
|
# Pulp Node Configuration
|
||
|
class pulp::child::config {
|
||
|
class pulp::child::config(
|
||
|
$servername = $::fqdn,
|
||
|
$ssl_cert = $::pulp::child::ssl_cert,
|
||
|
$ssl_key = $::pulp::child::ssl_key,
|
||
|
$ssl_ca = $::pulp::ca_cert,
|
||
|
$max_keep_alive = $::pulp::max_keep_alive,
|
||
|
$ssl_username = $::pulp::ssl_username,
|
||
|
) {
|
||
|
|
||
|
file { '/etc/pulp/nodes.conf':
|
||
|
ensure => 'file',
|
||
| ... | ... | |
|
|
||
|
include ::apache
|
||
|
|
||
|
if $ssl_username and !empty($ssl_username) {
|
||
|
$directories = {
|
||
|
'path' => '/pulp/api',
|
||
|
'provider' => 'Location',
|
||
|
'custom_fragment' => "SSLUsername ${ssl_username}",
|
||
|
}
|
||
|
} else {
|
||
|
$directories = undef
|
||
|
}
|
||
|
|
||
|
apache::vhost { 'pulp-node-ssl':
|
||
|
servername => $::fqdn,
|
||
|
docroot => '/var/www/html',
|
||
|
port => 443,
|
||
|
priority => '25',
|
||
|
ssl => true,
|
||
|
ssl_cert => $pulp::child::ssl_cert,
|
||
|
ssl_key => $pulp::child::ssl_key,
|
||
|
ssl_ca => $pulp::ca_cert,
|
||
|
ssl_verify_client => 'optional',
|
||
|
ssl_options => '+StdEnvVars',
|
||
|
ssl_verify_depth => '3',
|
||
|
custom_fragment => template('pulp/etc/httpd/conf.d/_ssl_vhost.conf.erb'),
|
||
|
servername => $servername,
|
||
|
docroot => '/var/www/html',
|
||
|
port => 443,
|
||
|
priority => '25',
|
||
|
keepalive => 'on',
|
||
|
max_keepalive_requests => $max_keep_alive,
|
||
|
directories => $directories,
|
||
|
ssl => true,
|
||
|
ssl_cert => $ssl_cert,
|
||
|
ssl_key => $ssl_key,
|
||
|
ssl_ca => $ssl_ca,
|
||
|
ssl_verify_client => 'optional',
|
||
|
ssl_options => '+StdEnvVars',
|
||
|
ssl_verify_depth => '3',
|
||
|
# allow older yum clients to connect, see bz 647828
|
||
|
custom_fragment => 'SSLInsecureRenegotiation On',
|
||
|
}
|
||
|
|
||
|
# we need to make sure the goferd reads the current oauth credentials to talk
|
||
| templates/etc/httpd/conf.d/_ssl_vhost.conf.erb | ||
|---|---|---|
|
# allow older yum clients to connect, see bz 647828
|
||
|
SSLInsecureRenegotiation On
|
||
|
|
||
|
KeepAlive On
|
||
|
MaxKeepAliveRequests <%= scope['::pulp::max_keep_alive'] %>
|
||
|
|
||
|
<% if scope['::pulp::ssl_username'] and !scope['::pulp::ssl_username'].empty? -%>
|
||
|
<Location /pulp/api>
|
||
|
SSLUsername <%= scope['::pulp::ssl_username'] %>
|
||
|
</Location>
|
||
|
<%- end -%>
|
||
Also available in: Unified diff
Use puppetlabs-apache vhost options where possible