Puppet Class: pxe_install::apache

Defined in:

manifests/apache.pp

Summary

Configure webserver for install server

Overview

Configure the Apache webserver for the install server.

Directory where the SSL certs are located.

Examples:

include pxe_install::apache

Parameters:

• kickstart_dir (Stdlib::Unixpath) —

  The location where the kickstart/preseed files are stored.

• kickstart_url (String) —

  The URL to access the kickstart/preseed files

• pub_dir (Stdlib::Unixpath) —

  The location where public file like post install scripts are stored.

• pub_url (String) —

  The URL to access the public files.

• repos_dir (Stdlib::Unixpath) —

  The location where package repositories are stores if they are synced.

• repos_url (String) —

  The URL to acces the package repositories.

• servername (String) —

  The server name for the Apache vhost.

• status_allow_from (Array) —

  Array with IPs which are allowed to query the Apache status page.

• create_aliases (Boolean) (defaults to: true) —

  If aliases should be created.

• ssl_cert (Optional[String]) (defaults to: '') —

  SSL certificate file

• ssl_key (Optional[String]) (defaults to: '') —

  SSL key corresponding to the cert.

• ssl_chain (Optional[String]) (defaults to: '') —

  SSL chain file.

• ssl_certs_dir (Optional[String]) (defaults to: '')
• documentroot (Optional[String]) (defaults to: '') —

  The document root directory for the Apache vhost.

# File 'manifests/apache.pp', line 52

class pxe_install::apache (
  Stdlib::Unixpath $kickstart_dir,
  String $kickstart_url,
  Stdlib::Unixpath $pub_dir,
  String $pub_url,
  Stdlib::Unixpath $repos_dir,
  String $repos_url,
  String $servername,
  Array $status_allow_from,
  Boolean $create_aliases             = true,
  Optional[String] $ssl_cert          = '',
  Optional[String] $ssl_key           = '',
  Optional[String] $ssl_chain         = '',
  Optional[String] $ssl_certs_dir     = '',
  Optional[String] $documentroot      = '',
) {

  ensure_resource('file', ['/etc/pki/httpd', "/etc/pki/httpd/${servername}"], {
    ensure => directory,
    owner  => 'root',
    group  => 'root',
    mode   => '0755',
  })

  class { 'apache':
    default_vhost    => false,
    server_tokens    => 'Prod',
    server_signature => 'Off',
    trace_enable     => 'Off',
  }

  class { 'apache::mod::ssl':

  }

  class { 'apache::mod::status':
    allow_from => $status_allow_from,
  }

  class { 'apache::mod::info':
    allow_from => $status_allow_from,
  }

  if $create_aliases {
    $aliases = [
      {
        alias => $kickstart_url,
        path  => $kickstart_dir,
      },
      {
        alias => $pub_url,
        path  => $pub_dir,
      },
      {
        alias => $repos_url,
        path  => $repos_dir,
      }
    ]
  } else {
    $aliases = []
  }

  apache::vhost { $servername: #lint:ignore:security_apache_no_ssl_vhost
    port              => 80,
    docroot           => $documentroot,
    servername        => $servername,
    access_log_format => 'combined',
    aliases           => $aliases,
  }

  apache::vhost { "${servername} ssl":
    port                 => 443,
    ssl                  => true,
    ssl_cipher           => '"EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"', #lint:ignore:140chars
    ssl_protocol         => 'TLSv1.2',
    ssl_honorcipherorder => 'on',
    ssl_options          => ['+StdEnvVars'],
    ssl_cert             => $ssl_cert,
    ssl_key              => $ssl_key,
    ssl_chain            => $ssl_chain,
    ssl_certs_dir        => $ssl_certs_dir,
    docroot              => $documentroot,
    servername           => $servername,
    access_log_format    => 'combined',
    aliases              => $aliases,
  }
}