Revision 908b6ba6
Added by Ewoud Kohl van Wijngaarden about 7 years ago
manifests/apache.pp | ||
---|---|---|
$ldap_custom_fragment = {}
|
||
}
|
||
|
||
$directories = [
|
||
$base_directories = [
|
||
merge($webservices_wsgi_directory, $ldap_custom_fragment),
|
||
{
|
||
'path' => '/usr/share/pulp/wsgi',
|
||
... | ... | |
},
|
||
]
|
||
|
||
if $::pulp::ssl_username and !empty($::pulp::ssl_username) {
|
||
$directories = concat(
|
||
$base_directories,
|
||
{
|
||
'path' => '/pulp/api',
|
||
'provider' => 'Location',
|
||
'custom_fragment' => "SSLUsername ${::pulp::ssl_username}",
|
||
}
|
||
)
|
||
} else {
|
||
$directories = $base_directories
|
||
}
|
||
|
||
$aliases = [
|
||
{
|
||
alias => '/pulp/static',
|
||
... | ... | |
port => 443,
|
||
servername => $::fqdn,
|
||
serveraliases => [$::hostname],
|
||
keepalive => 'on',
|
||
max_keepalive_requests => $::pulp::max_keep_alive,
|
||
ssl => true,
|
||
ssl_cert => $::pulp::https_cert,
|
||
ssl_key => $::pulp::https_key,
|
||
... | ... | |
aliases => $aliases,
|
||
options => ['SymLinksIfOwnerMatch'],
|
||
add_default_charset => 'UTF-8',
|
||
custom_fragment => template('pulp/etc/httpd/conf.d/_ssl_vhost.conf.erb'),
|
||
# allow older yum clients to connect, see bz 647828
|
||
custom_fragment => 'SSLInsecureRenegotiation On',
|
||
}
|
||
} else {
|
||
file {'/etc/httpd/conf.d/pulp.conf':
|
manifests/child/config.pp | ||
---|---|---|
# Pulp Node Configuration
|
||
class pulp::child::config {
|
||
class pulp::child::config(
|
||
$servername = $::fqdn,
|
||
$ssl_cert = $::pulp::child::ssl_cert,
|
||
$ssl_key = $::pulp::child::ssl_key,
|
||
$ssl_ca = $::pulp::ca_cert,
|
||
$max_keep_alive = $::pulp::max_keep_alive,
|
||
$ssl_username = $::pulp::ssl_username,
|
||
) {
|
||
|
||
file { '/etc/pulp/nodes.conf':
|
||
ensure => 'file',
|
||
... | ... | |
|
||
include ::apache
|
||
|
||
if $ssl_username and !empty($ssl_username) {
|
||
$directories = {
|
||
'path' => '/pulp/api',
|
||
'provider' => 'Location',
|
||
'custom_fragment' => "SSLUsername ${ssl_username}",
|
||
}
|
||
} else {
|
||
$directories = undef
|
||
}
|
||
|
||
apache::vhost { 'pulp-node-ssl':
|
||
servername => $::fqdn,
|
||
docroot => '/var/www/html',
|
||
port => 443,
|
||
priority => '25',
|
||
ssl => true,
|
||
ssl_cert => $pulp::child::ssl_cert,
|
||
ssl_key => $pulp::child::ssl_key,
|
||
ssl_ca => $pulp::ca_cert,
|
||
ssl_verify_client => 'optional',
|
||
ssl_options => '+StdEnvVars',
|
||
ssl_verify_depth => '3',
|
||
custom_fragment => template('pulp/etc/httpd/conf.d/_ssl_vhost.conf.erb'),
|
||
servername => $servername,
|
||
docroot => '/var/www/html',
|
||
port => 443,
|
||
priority => '25',
|
||
keepalive => 'on',
|
||
max_keepalive_requests => $max_keep_alive,
|
||
directories => $directories,
|
||
ssl => true,
|
||
ssl_cert => $ssl_cert,
|
||
ssl_key => $ssl_key,
|
||
ssl_ca => $ssl_ca,
|
||
ssl_verify_client => 'optional',
|
||
ssl_options => '+StdEnvVars',
|
||
ssl_verify_depth => '3',
|
||
# allow older yum clients to connect, see bz 647828
|
||
custom_fragment => 'SSLInsecureRenegotiation On',
|
||
}
|
||
|
||
# we need to make sure the goferd reads the current oauth credentials to talk
|
templates/etc/httpd/conf.d/_ssl_vhost.conf.erb | ||
---|---|---|
# allow older yum clients to connect, see bz 647828
|
||
SSLInsecureRenegotiation On
|
||
|
||
KeepAlive On
|
||
MaxKeepAliveRequests <%= scope['::pulp::max_keep_alive'] %>
|
||
|
||
<% if scope['::pulp::ssl_username'] and !scope['::pulp::ssl_username'].empty? -%>
|
||
<Location /pulp/api>
|
||
SSLUsername <%= scope['::pulp::ssl_username'] %>
|
||
</Location>
|
||
<%- end -%>
|
Also available in: Unified diff
Use puppetlabs-apache vhost options where possible