modules/roles/manifests/snapshot_web.pp

   1 class roles::snapshot_web {
   2         include apache2
   3         include apache2::rewrite
   4
   5         ensure_packages ( [
   6                 "libapache2-mod-wsgi",
   7                 ], {
   8                 ensure => 'installed',
   9         })
  10
  11         ssl::service { 'snapshot.debian.org':
  12                 notify  => Exec['service apache2 reload'],
  13                 key => true,
  14         }
  15         apache2::site { '020-snapshot.debian.org':
  16                 site   => 'snapshot.debian.org',
  17                 content => template('roles/snapshot/snapshot.debian.org.conf.erb')
  18         }
  19
  20         case $::hostname {
  21                 'lw07': {
  22                         $ipv4addr        = '185.17.185.185'
  23                         $ipv6addr        = '2001:1af8:4020:b030:deb::185'
  24                         $ipv6addr_apache = '2001:1af8:4020:b030:deb::187'
  25                 }
  26                 'sallinen': {
  27                         $ipv4addr        = '193.62.202.27'
  28                         $ipv6addr        = '2001:630:206:4000:1a1a:0:c13e:ca1b'
  29                         $ipv6addr_apache = '2001:630:206:4000:1a1a:0:c13e:ca1a'
  30                 }
  31                 default: {
  32                         fail ( "unknown host $::hostname for snapshot_web." )
  33                 }
  34         }
  35
  36         @ferm::rule { 'dsa-snapshot-varnish-v4':
  37                 rule  => '&SERVICE(tcp, 6081)',
  38         }
  39         @ferm::rule { 'dsa-nat-snapshot-varnish-v4':
  40                 table => 'nat',
  41                 chain => 'PREROUTING',
  42                 rule  => "proto tcp daddr ${ipv4addr} dport 80 REDIRECT to-ports 6081",
  43         }
  44
  45         varnish::config { 'default':
  46                 listen  => [
  47                         ':6081',
  48                         "[$ipv6addr]:80"
  49                         ],
  50                 backend => 'file,/var/lib/varnish/varnish_storage.bin,8G',
  51                 content => template('roles/snapshot/snapshot.debian.org.vcl.erb'),
  52         }
  53
  54         file { '/etc/apache2/ports.conf':
  55                 content  => @("EOF"),
  56                         Listen 0.0.0.0:80
  57                         Listen [$ipv6addr_apache]:80
  58                         | EOF
  59                 require => Package['apache2'],
  60                 notify  => Service['apache2'],
  61         }
  62 }