e5996fd275
Evaluating the template from the vhost defined type rather than the
module where it originates causes problems when dereferencing the
variables in the ERB file. If they are not accessed via the internal
scope object, they can't be found when using puppet 4. The scope object
is also useless when the variables are defined in a defined type and not
a class.
This patch adds a new parameter, $content, which overrides the $template
parameter. If provided, $content indicates the literal string content
for the vhost, as opposed to a reference to a template that needs to be
rendered. This can be used like this:
$content = template('example/example.vhost.erb')
httpd::vhost { 'vhostname':
content => $content,
priority => 50
}
This way the template is evaluated when the template() function is
called and has access to variables in that scope.
Change-Id: Ibe3c609d92f3321f43f4794062a64b119b07a1d0
120 lines
3.4 KiB
Puppet
120 lines
3.4 KiB
Puppet
# Definition: httpd::vhost
|
|
#
|
|
# This class installs Apache Virtual Hosts
|
|
#
|
|
# Parameters:
|
|
# - The $port to configure the host on
|
|
# - The $docroot provides the DocumentationRoot variable
|
|
# - The $ssl option is set true or false to enable SSL for this Virtual Host
|
|
# - The $configure_firewall option is set to true or false to specify if
|
|
# a firewall should be configured.
|
|
# - The $template option specifies whether to use the default template or
|
|
# override
|
|
# - The $content option specifies the exact content of the vhost file;
|
|
# overrides the template parameter
|
|
# - The $priority of the site
|
|
# - The $serveraliases of the site
|
|
# - The $options for the given vhost
|
|
# - The $vhost_name for name based virtualhosting, defaulting to *
|
|
#
|
|
# Actions:
|
|
# - Install Apache Virtual Hosts
|
|
#
|
|
# Requires:
|
|
# - The httpd class
|
|
#
|
|
# Sample Usage:
|
|
# httpd::vhost { 'site.name.fqdn':
|
|
# priority => '20',
|
|
# port => '80',
|
|
# docroot => '/path/to/docroot',
|
|
# }
|
|
#
|
|
define httpd::vhost(
|
|
$docroot,
|
|
$port,
|
|
$apache_name = $httpd::params::apache_name,
|
|
$auth = $httpd::params::auth,
|
|
$configure_firewall = true,
|
|
$options = $httpd::params::options,
|
|
$priority = $httpd::params::priority,
|
|
$redirect_ssl = $httpd::params::redirect_ssl,
|
|
$serveraliases = $httpd::params::serveraliases,
|
|
$servername = $httpd::params::servername,
|
|
$ssl = $httpd::params::ssl,
|
|
$template = $httpd::params::template,
|
|
$content = undef,
|
|
$vhost_name = $httpd::params::vhost_name,
|
|
) {
|
|
|
|
include ::httpd
|
|
|
|
if $servername == undef {
|
|
$srvname = $name
|
|
} else {
|
|
$srvname = $servername
|
|
}
|
|
|
|
if $ssl == true {
|
|
include ::httpd::ssl
|
|
}
|
|
|
|
# Since the template will use auth, redirect to https requires mod_rewrite
|
|
if $redirect_ssl == true {
|
|
case $::operatingsystem {
|
|
'debian','ubuntu': {
|
|
Httpd_mod <| title == 'rewrite' |>
|
|
}
|
|
default: { }
|
|
}
|
|
}
|
|
|
|
# The Apache mod_version module only needs to be enabled on Ubuntu 12.04
|
|
# as it comes compiled and enabled by default on newer OS, including CentOS
|
|
if !defined(Httpd::Mod['version']) and $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '12.04' {
|
|
httpd::mod { 'version': ensure => present }
|
|
}
|
|
|
|
# selinux may deny directory listing and access to subdirectories
|
|
# so update context to allow it
|
|
if $::osfamily == 'RedHat' {
|
|
if ! defined(Exec["update_context_${docroot}"]) {
|
|
exec { "update_context_${docroot}":
|
|
command => "chcon -R -t httpd_sys_content_t ${docroot}/",
|
|
unless => "ls -lZ ${docroot} | grep httpd_sys_content_t",
|
|
onlyif => "test -d ${docroot}",
|
|
path => '/bin:/usr/bin:/usr/local/bin:/usr/sbin',
|
|
require => Package['httpd'],
|
|
notify => Service['httpd'],
|
|
}
|
|
}
|
|
}
|
|
|
|
if $content != undef {
|
|
$_content = $content
|
|
} else {
|
|
$_content = template($template)
|
|
}
|
|
file { "${priority}-${name}.conf":
|
|
path => "${httpd::params::vdir}/${priority}-${name}.conf",
|
|
content => $_content,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
require => Package['httpd'],
|
|
notify => Service['httpd'],
|
|
}
|
|
|
|
if $configure_firewall {
|
|
if ! defined(Firewall["0100-INPUT ACCEPT ${port}"]) {
|
|
@firewall {
|
|
"0100-INPUT ACCEPT ${port}":
|
|
action => 'accept',
|
|
dport => '$port',
|
|
proto => 'tcp'
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|