Puppet Class: simp_apache

Defined in:
manifests/init.pp

Summary

Configures an Apache server

Overview

Ensures that the appropriate files are in the appropriate places and can optionally rsync the ‘/var/www/html` content.

Ideally, we will move over to the Puppet Labs apache module in the future but it’s going to be quite a bit of work to port all of our code.

Parameters:

  • data_dir (Stdlib::AbsolutePath) (defaults to: '/var/www')

    The location where apache web data should be stored. Set to /srv/www for legacy reasons.

  • rsync_web_root (Boolean) (defaults to: true)

    Whether or not to rsync over the web root.

  • ssl (Boolean) (defaults to: true)

    Whether or not to enable SSL. You will need to set the Hiera variables for apache::ssl appropriately for your needs.

  • rsync_source (String) (defaults to: "apache_${facts['environment']}_${facts['os']['name']}/www")

    The source on the rsync server.

  • rsync_server (Simplib::Host) (defaults to: simplib::lookup('simp_options::rsync::server', { 'default_value' => '127.0.0.1' }))

    The name/address of the rsync server.

  • rsync_timeout (Integer) (defaults to: simplib::lookup('simp_options::rsync::timeout', { 'default_value' => 2 }))

    The rsync connection timeout.

Author:



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
 
# File 'manifests/init.pp', line 31

class simp_apache (
  Stdlib::AbsolutePath $data_dir       = '/var/www',
  Boolean              $ssl            = true,
  String               $rsync_source   = "apache_${facts['environment']}_${facts['os']['name']}/www",
  Simplib::Host        $rsync_server   = simplib::lookup('simp_options::rsync::server',  { 'default_value' => '127.0.0.1' }),
  Integer              $rsync_timeout  = simplib::lookup('simp_options::rsync::timeout', { 'default_value' => 2 }),
  Boolean              $rsync_web_root = true
) {

  simplib::assert_metadata($module_name)

  include 'simp_apache::install'
  include 'simp_apache::conf'
  include 'simp_apache::service'

  if $ssl {
    include 'simp_apache::ssl'
    Class['simp_apache::install'] -> Class['simp_apache::ssl']
  }

  Class['simp_apache::install'] -> Class['simp_apache']
  Class['simp_apache::install'] -> Class['simp_apache::conf']
  Class['simp_apache::install'] ~> Class['simp_apache::service']
  Class['simp_apache::conf']    ~> Class['simp_apache::service']

  $apache_homedir = '/usr/share/httpd'

  group { 'apache':
    ensure    => 'present',
    allowdupe => false,
    gid       => '48'
  }

  if $rsync_web_root {
    include 'rsync'

    # Rsync the /var/www space from the rsync server.
    # Add anything here you want to go to every web server.
    $_downcase_os_name = downcase($facts['os']['name'])
    rsync { 'site':
      user     => "apache_rsync_${facts['environment']}_${_downcase_os_name}",
      password => simplib::passgen("apache_rsync_${facts['environment']}_${_downcase_os_name}"),
      source   => $rsync_source,
      target   => '/var',
      server   => $rsync_server,
      timeout  => $rsync_timeout,
      delete   => false
    }
  }

  if $facts['os']['selinux']['current_mode'] and $facts['os']['selinux']['current_mode'] != 'disabled' {
    selboolean { [
      'httpd_verify_dns',
      'allow_ypbind',
      'allow_httpd_mod_auth_pam',
      'httpd_can_network_connect'
    ]:
      persistent => true,
      value      => 'on'
    }
  }

  user { 'apache':
    ensure     => 'present',
    allowdupe  => false,
    gid        => '48',
    home       => $apache_homedir,
    membership => 'minimum',
    shell      => '/sbin/nologin',
    uid        => '48',
    require    => Group['apache']
  }
}