From: Julien Cristau Date: Mon, 21 Oct 2019 12:19:42 +0000 (+0200) Subject: Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=884ff151fe761da604b69d9af8bd1ed22c1fccde;hp=d6c2e9deaaeb0676521a0fbe0b23b875329b3b85;p=mirror%2Fdsa-puppet.git Merge branch 'fordsa' of https://git.adam-barratt.org.uk/git/mirror/dsa-puppet --- diff --git a/data/common.yaml b/data/common.yaml index 11973469f..4cc1d2029 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -32,6 +32,7 @@ roles::dns_primary::allow_access: - '2a01:3f0:0:28::25' postgres::backup_cluster::db_backup_role: 'debian-backup' postgres::backup_server::globals::backup_unix_user: 'debbackup' +webserver::defaultpage::defaultdomain: 'default.debian.org' # bacula # bacula::email_all: 'bacula-reports@admin.debian.org' diff --git a/modules/apache2/manifests/auth_digest.pp b/modules/apache2/manifests/auth_digest.pp index 377d14dae..565f450c1 100644 --- a/modules/apache2/manifests/auth_digest.pp +++ b/modules/apache2/manifests/auth_digest.pp @@ -1,3 +1,3 @@ class apache2::auth_digest { - apache2::module { 'auth_digest': } + include apache2::module::auth_digest } diff --git a/modules/apache2/manifests/authn_anon.pp b/modules/apache2/manifests/authn_anon.pp index 2488cd9d0..28ff3382b 100644 --- a/modules/apache2/manifests/authn_anon.pp +++ b/modules/apache2/manifests/authn_anon.pp @@ -1,3 +1,3 @@ class apache2::authn_anon { - apache2::module { 'authn_anon': } + include apache2::module::authn_anon } diff --git a/modules/apache2/manifests/authn_file.pp b/modules/apache2/manifests/authn_file.pp index 09b59f768..f9c5ae728 100644 --- a/modules/apache2/manifests/authn_file.pp +++ b/modules/apache2/manifests/authn_file.pp @@ -1,3 +1,3 @@ class apache2::authn_file { - apache2::module { 'authn_file': } + include apache2::module::authn_file } diff --git a/modules/apache2/manifests/config.pp b/modules/apache2/manifests/config.pp index 13697cba9..15238a9f3 100644 --- a/modules/apache2/manifests/config.pp +++ b/modules/apache2/manifests/config.pp @@ -1,51 +1,41 @@ +# Install and enable (or disable) an apache config snippet +# +# @param source source of the apache conf file +# @param content content of the apache conf file +# @param ensure present or absent define apache2::config ( - $source=undef, - $content=undef, - $nocontentok=undef, - $ensure=present + Optional[String] $source = undef, + Optional[String] $content = undef, + Enum['present','absent'] $ensure = 'present', ) { + include apache2 - include apache2 + case $ensure { + present: { + if ! ($source or $content) { + fail ( "No configuration found for ${name}" ) + } + } + absent: {} + default: { fail ( "Unknown ensure value: ${ensure}" ) } + } - case $ensure { - present: { - if ! ($source or $content or $nocontentok) { - fail ( "No configuration found for ${name}" ) - } + file { "/etc/apache2/conf-available/${name}.conf": + ensure => $ensure, + content => $content, + source => $source, + require => Package['apache2'], + notify => Exec['service apache2 reload'], + } - if $content { - file { "/etc/apache2/conf-available/${name}.conf": - ensure => $ensure, - content => $content, - require => Package['apache2'], - notify => Exec['service apache2 reload'], - } - } elsif $source { - file { "/etc/apache2/conf-available/${name}.conf": - ensure => $ensure, - source => $source, - require => Package['apache2'], - notify => Exec['service apache2 reload'], - } - } - } - absent: { - file { "/etc/apache2/conf-available/${name}.conf": - ensure => $ensure, - require => Package['apache2'], - notify => Exec['service apache2 reload'], - } - } - default: { fail ( "Unknown ensure value: '$ensure'" ) } - } - $link_ensure = $ensure ? { - present => link, - absent => absent - } + $link_ensure = $ensure ? { + present => link, + absent => absent + } - file { "/etc/apache2/conf-enabled/${name}.conf": - ensure => $link_ensure, - target => "../conf-available/${name}.conf", - notify => Exec['service apache2 reload'], - } + file { "/etc/apache2/conf-enabled/${name}.conf": + ensure => $link_ensure, + target => "../conf-available/${name}.conf", + notify => Exec['service apache2 reload'], + } } diff --git a/modules/apache2/manifests/expires.pp b/modules/apache2/manifests/expires.pp index 6043994d5..1dc8a8673 100644 --- a/modules/apache2/manifests/expires.pp +++ b/modules/apache2/manifests/expires.pp @@ -1,3 +1,3 @@ class apache2::expires { - apache2::module { 'expires': } + include apache2::module::expires } diff --git a/modules/apache2/manifests/module.pp b/modules/apache2/manifests/module.pp index ff26ea636..e3cb3c5a1 100644 --- a/modules/apache2/manifests/module.pp +++ b/modules/apache2/manifests/module.pp @@ -1,19 +1,24 @@ -define apache2::module ($ensure = present) { - case $ensure { - present: { - exec { "/usr/sbin/a2enmod ${name}": - creates => "/etc/apache2/mods-enabled/${name}.load", - require => Package['apache2'], - notify => Service['apache2'] - } - } - absent: { - exec { "/usr/sbin/a2dismod ${name}": - onlyif => "test -L /etc/apache2/mods-enabled/${name}.load", - require => Package['apache2'], - notify => Service['apache2'] - } - } - default: { fail ( "Unknown ensure value: '$ensure'" ) } - } +# Enable an apache module +# +# @param ensure present or absent +define apache2::module ( + Enum['present','absent'] $ensure = 'present', +) { + case $ensure { + present: { + exec { "/usr/sbin/a2enmod ${name}": + creates => "/etc/apache2/mods-enabled/${name}.load", + require => Package['apache2'], + notify => Service['apache2'], + } + } + absent: { + exec { "/usr/sbin/a2dismod ${name}": + onlyif => "test -L /etc/apache2/mods-enabled/${name}.load", + require => Package['apache2'], + notify => Service['apache2'], + } + } + default: { fail ( "Unknown ensure value: ${ensure}" ) } + } } diff --git a/modules/apache2/manifests/module/auth_digest.pp b/modules/apache2/manifests/module/auth_digest.pp new file mode 100644 index 000000000..6430aec13 --- /dev/null +++ b/modules/apache2/manifests/module/auth_digest.pp @@ -0,0 +1,3 @@ +class apache2::module::auth_digest { + apache2::module { 'auth_digest': } +} diff --git a/modules/apache2/manifests/module/authn_anon.pp b/modules/apache2/manifests/module/authn_anon.pp new file mode 100644 index 000000000..760c3597b --- /dev/null +++ b/modules/apache2/manifests/module/authn_anon.pp @@ -0,0 +1,3 @@ +class apache2::module::authn_anon { + apache2::module { 'authn_anon': } +} diff --git a/modules/apache2/manifests/module/authn_file.pp b/modules/apache2/manifests/module/authn_file.pp new file mode 100644 index 000000000..82033a1cd --- /dev/null +++ b/modules/apache2/manifests/module/authn_file.pp @@ -0,0 +1,3 @@ +class apache2::module::authn_file { + apache2::module { 'authn_file': } +} diff --git a/modules/apache2/manifests/module/expires.pp b/modules/apache2/manifests/module/expires.pp new file mode 100644 index 000000000..905deb767 --- /dev/null +++ b/modules/apache2/manifests/module/expires.pp @@ -0,0 +1,3 @@ +class apache2::module::expires { + apache2::module { 'expires': } +} diff --git a/modules/apache2/manifests/module/proxy_http.pp b/modules/apache2/manifests/module/proxy_http.pp new file mode 100644 index 000000000..59d6f6e9a --- /dev/null +++ b/modules/apache2/manifests/module/proxy_http.pp @@ -0,0 +1,3 @@ +class apache2::module::proxy_http { + apache2::module { 'proxy_http': } +} diff --git a/modules/apache2/manifests/module/rewrite.pp b/modules/apache2/manifests/module/rewrite.pp new file mode 100644 index 000000000..cac209bde --- /dev/null +++ b/modules/apache2/manifests/module/rewrite.pp @@ -0,0 +1,3 @@ +class apache2::module::rewrite { + apache2::module { 'rewrite': } +} diff --git a/modules/apache2/manifests/module/ssl.pp b/modules/apache2/manifests/module/ssl.pp new file mode 100644 index 000000000..8828cba88 --- /dev/null +++ b/modules/apache2/manifests/module/ssl.pp @@ -0,0 +1,3 @@ +class apache2::module::ssl { + apache2::module { 'ssl': } +} diff --git a/modules/apache2/manifests/proxy_http.pp b/modules/apache2/manifests/proxy_http.pp index 33b9f2c61..df15ab46c 100644 --- a/modules/apache2/manifests/proxy_http.pp +++ b/modules/apache2/manifests/proxy_http.pp @@ -1,3 +1,3 @@ class apache2::proxy_http { - apache2::module { 'proxy_http': } + include apache2::module::proxy_http } diff --git a/modules/apache2/manifests/rewrite.pp b/modules/apache2/manifests/rewrite.pp index 58b8b08c1..a097ccf2c 100644 --- a/modules/apache2/manifests/rewrite.pp +++ b/modules/apache2/manifests/rewrite.pp @@ -1,3 +1,3 @@ class apache2::rewrite { - apache2::module { 'rewrite': } + include apache2::module::rewrite } diff --git a/modules/apache2/manifests/site.pp b/modules/apache2/manifests/site.pp index dc9b1ced1..b847c223e 100644 --- a/modules/apache2/manifests/site.pp +++ b/modules/apache2/manifests/site.pp @@ -1,68 +1,40 @@ +# Install and enable an apache site +# +# @param source source of the apache vhost file +# @param content content of the apache vhost file +# @param ensure present or absent +# @param site site name define apache2::site ( - $source=undef, - $content=undef, - $ensure=present, - $site=undef + Optional[String] $source = undef, + Optional[String] $content = undef, + Enum['present','absent'] $ensure = 'present', + String $site = $name ) { - - include apache2 - - case $ensure { - present: { - if ! ($source or $content) { - fail ( "No configuration found for ${name}" ) - } - } - absent: {} - default: { fail ( "Unknown ensure value: '$ensure'" ) } - } - - if $site { - $base = $site - } else { - $base = $name - } - - $target = "/etc/apache2/sites-available/${base}" - - $link_target = $ensure ? { - present => $target, - absent => absent - } - - if $content { - file { $target: - ensure => $ensure, - content => $content, - require => Package['apache2'], - notify => Exec['service apache2 reload'], - } - } else { - file { $target: - ensure => $ensure, - source => $source, - require => Package['apache2'], - notify => Exec['service apache2 reload'], - } - } - - $symlink = "/etc/apache2/sites-enabled/${name}.conf" - - file { "/etc/apache2/sites-enabled/${name}": - ensure => absent, - notify => Exec['service apache2 reload'], - } - - if $ensure == present { - file { $symlink: - ensure => link, - target => $link_target, - notify => Exec['service apache2 reload'], - } - } else { - file { $symlink: - ensure => absent, - notify => Exec['service apache2 reload'], - } - } + include apache2 + + if $ensure == 'present' { + if ! ($source or $content) { + fail ( "No configuration (source or content) found for ${name}" ) + } + } + + $target = "/etc/apache2/sites-available/${site}" + $symlink = "/etc/apache2/sites-enabled/${name}.conf" + $link_ensure = $ensure ? { + present => link, + absent => absent, + } + + file { $target: + ensure => $ensure, + content => $content, + source => $source, + require => Package['apache2'], + notify => Exec['service apache2 reload'], + } + file { $symlink: + ensure => $link_ensure, + target => $target, + notify => Exec['service apache2 reload'], + } } diff --git a/modules/apache2/manifests/ssl.pp b/modules/apache2/manifests/ssl.pp index 4bf9d4c90..21a5c1765 100644 --- a/modules/apache2/manifests/ssl.pp +++ b/modules/apache2/manifests/ssl.pp @@ -1,3 +1,3 @@ class apache2::ssl { - apache2::module { 'ssl': } + include apache2::module::ssl } diff --git a/modules/webserver/manifests/defaultpage.pp b/modules/webserver/manifests/defaultpage.pp index 29c7e05d6..0d6d8953a 100644 --- a/modules/webserver/manifests/defaultpage.pp +++ b/modules/webserver/manifests/defaultpage.pp @@ -1,15 +1,19 @@ +# Install default website content # -class webserver::defaultpage { - file { [ '/srv/www', '/srv/www/default.debian.org', '/srv/www/default.debian.org/htdocs', '/srv/www/default.debian.org/htdocs-disabled' ]: - ensure => directory, - mode => '0755', - } +# @param defaultdomain domain name of the default page, to create directory under /srv/www +class webserver::defaultpage ( + String $defaultdomain, +) { + file { [ '/srv/www', "/srv/www/${defaultdomain}", "/srv/www/${defaultdomain}/htdocs", "/srv/www/${defaultdomain}/htdocs-disabled" ]: + ensure => directory, + mode => '0755', + } - file { '/srv/www/default.debian.org/htdocs/index.html': - content => template('webserver/default-index.html'), - } + file { "/srv/www/${defaultdomain}/htdocs/index.html": + content => template('webserver/default-index.html'), + } - file { '/srv/www/default.debian.org/htdocs-disabled/index.html': - content => template('webserver/disabled-index.html'), - } + file { "/srv/www/${defaultdomain}/htdocs-disabled/index.html": + content => template('webserver/disabled-index.html'), + } } diff --git a/modules/webserver/manifests/init.pp b/modules/webserver/manifests/init.pp index e5b91401b..1a7844a0b 100644 --- a/modules/webserver/manifests/init.pp +++ b/modules/webserver/manifests/init.pp @@ -1,4 +1,5 @@ +# base webserver class. Currently only ships a default page # class webserver { - include webserver::defaultpage + include webserver::defaultpage }