Puppet Class: apache::mod::ssl

Defined in:
manifests/mod/ssl.pp

Overview

Parameters:

  • ssl_compression (Any) (defaults to: false)
  • ssl_cryptodevice (Any) (defaults to: 'builtin')
  • ssl_options (Any) (defaults to: [ 'StdEnvVars' ])
  • ssl_openssl_conf_cmd (Any) (defaults to: undef)
  • ssl_cipher (Any) (defaults to: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4')
  • ssl_honorcipherorder (Any) (defaults to: true)
  • ssl_protocol (Any) (defaults to: [ 'all', '-SSLv2', '-SSLv3' ])
  • ssl_pass_phrase_dialog (Any) (defaults to: 'builtin')
  • ssl_random_seed_bytes (Any) (defaults to: '512')
  • ssl_sessioncachetimeout (Any) (defaults to: '300')
  • ssl_mutex (Any) (defaults to: undef)
  • apache_version (Any) (defaults to: undef)
  • package_name (Any) (defaults to: undef) 


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'manifests/mod/ssl.pp', line 1

class apache::mod::ssl (
  $ssl_compression         = false,
  $ssl_cryptodevice        = 'builtin',
  $ssl_options             = [ 'StdEnvVars' ],
  $ssl_openssl_conf_cmd    = undef,
  $ssl_cipher              = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4',
  $ssl_honorcipherorder    = true,
  $ssl_protocol            = [ 'all', '-SSLv2', '-SSLv3' ],
  $ssl_pass_phrase_dialog  = 'builtin',
  $ssl_random_seed_bytes   = '512',
  $ssl_sessioncachetimeout = '300',
  $ssl_mutex               = undef,
  $apache_version          = undef,
  $package_name            = undef,
) {
  include ::apache
  include ::apache::mod::mime
  $_apache_version = pick($apache_version, $apache::apache_version)
  if $ssl_mutex {
    $_ssl_mutex = $ssl_mutex
  } else {
    case $::osfamily {
      'debian': {
        if versioncmp($_apache_version, '2.4') >= 0 {
          $_ssl_mutex = 'default'
        } elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' {
          $_ssl_mutex = 'file:/var/run/apache2/ssl_mutex'
        } else {
          $_ssl_mutex = "file:\${APACHE_RUN_DIR}/ssl_mutex"
        }
      }
      'redhat': {
        $_ssl_mutex = 'default'
      }
      'freebsd': {
        $_ssl_mutex = 'default'
      }
      'gentoo': {
        $_ssl_mutex = 'default'
      }
      'Suse': {
        $_ssl_mutex = 'default'
      }
      default: {
        fail("Unsupported osfamily ${::osfamily}, please explicitly pass in \$ssl_mutex")
      }
    }
  }

  validate_bool($ssl_compression)

  if is_bool($ssl_honorcipherorder) {
    $_ssl_honorcipherorder = $ssl_honorcipherorder
  } else {
    $_ssl_honorcipherorder = $ssl_honorcipherorder ? {
      'on'    => true,
      'off'   => false,
      default => true,
    }
  }

  $session_cache = $::osfamily ? {
    'debian'  => "\${APACHE_RUN_DIR}/ssl_scache(512000)",
    'redhat'  => '/var/cache/mod_ssl/scache(512000)',
    'freebsd' => '/var/run/ssl_scache(512000)',
    'gentoo'  => '/var/run/ssl_scache(512000)',
    'Suse'    => '/var/lib/apache2/ssl_scache(512000)'
  }

  ::apache::mod { 'ssl':
    package => $package_name,
  }

  if versioncmp($_apache_version, '2.4') >= 0 {
    ::apache::mod { 'socache_shmcb': }
  }

  # Template uses
  #
  # $ssl_compression
  # $ssl_cryptodevice
  # $ssl_cipher
  # $ssl_honorcipherorder
  # $ssl_options
  # $ssl_openssl_conf_cmd
  # $session_cache
  # $ssl_mutex
  # $ssl_random_seed_bytes
  # $ssl_sessioncachetimeout
  # $_apache_version
  file { 'ssl.conf':
    ensure  => file,
    path    => "${::apache::mod_dir}/ssl.conf",
    mode    => $::apache::file_mode,
    content => template('apache/mod/ssl.conf.erb'),
    require => Exec["mkdir ${::apache::mod_dir}"],
    before  => File[$::apache::mod_dir],
    notify  => Class['apache::service'],
  }
}