modules/apache2/manifests/init.pp

   1 # = Class: apache2
   2 #
   3 # Standard apache config debian.org hosts
   4 #
   5 # == Sample Usage:
   6 #
   7 #   include apache2
   8 #
   9 class apache2 {
  10         package { 'apache2':
  11                 ensure => installed,
  12         }
  13
  14         service { 'apache2':
  15                 ensure  => running,
  16                 require => Package['apache2'],
  17         }
  18
  19         apache2::module { 'info': }
  20         apache2::module { 'status': }
  21         apache2::module { 'headers': }
  22
  23         package { 'libapache2-mod-macro':
  24                 ensure => installed
  25         }
  26
  27         apache2::module { 'macro':
  28                 require => Package['libapache2-mod-macro']
  29         }
  30
  31         apache2::site { '00-default':
  32                 site     => 'default-debian.org',
  33                 content  => template('apache2/default-debian.org.erb'),
  34         }
  35
  36         apache2::site { '000-default':
  37                 ensure => absent,
  38         }
  39
  40         apache2::config { 'serve-cgi-bin':
  41                 ensure => absent,
  42         }
  43
  44         apache2::config { 'ressource-limits':
  45                 ensure => absent,
  46         }
  47
  48         if has_role('udd') {
  49                 $memlimit = 512 * 1024 * 1024
  50         } elsif has_role('sso') {
  51                 $memlimit = 512 * 1024 * 1024
  52         } else {
  53                 $memlimit = 192 * 1024 * 1024
  54         }
  55
  56         apache2::config { 'resource-limits':
  57                 content => template('apache2/resource-limits.erb'),
  58         }
  59
  60         apache2::config { 'security':
  61                 source => 'puppet:///modules/apache2/security',
  62         }
  63
  64         apache2::config { 'logformat-privacy':
  65                 source => 'puppet:///modules/apache2/logformat-privacy',
  66         }
  67
  68         apache2::config { 'local-serverinfo':
  69                 source => 'puppet:///modules/apache2/local-serverinfo',
  70         }
  71
  72         apache2::config { 'server-status':
  73                 source => 'puppet:///modules/apache2/server-status',
  74         }
  75
  76         apache2::config { 'puppet-ssl-macros':
  77                 source => 'puppet:///modules/apache2/puppet-ssl-macros',
  78         }
  79
  80         apache2::config { 'puppet-config':
  81                 content => template('apache2/puppet-config.erb'),
  82         }
  83
  84         apache2::config { 'pratchett':
  85                 source => 'puppet:///modules/apache2/pratchett',
  86         }
  87
  88         if $::lsbmajdistrelease > 7 {
  89                 file { '/etc/apache2/mods-available/mpm_worker.conf':
  90                         content => template('apache2/mpm_worker.erb'),
  91                 }
  92         }
  93
  94         file { '/etc/apache2/sites-available/common-ssl.inc':
  95                 ensure => absent,
  96         }
  97
  98         file { '/etc/logrotate.d/apache2':
  99                 source => 'puppet:///modules/apache2/apache2.logrotate',
 100         }
 101
 102         file { [ '/srv/www', '/srv/www/default.debian.org', '/srv/www/default.debian.org/htdocs' ]:
 103                 ensure  => directory,
 104                 mode    => '0755',
 105         }
 106
 107         file { '/srv/www/default.debian.org/htdocs/index.html':
 108                 content => template('apache2/default-index.html'),
 109         }
 110
 111         file { '/var/log/apache2/.nobackup':
 112                 mode    => '0644',
 113                 content => '',
 114         }
 115
 116         munin::check { 'apache_accesses': }
 117         munin::check { 'apache_processes': }
 118         munin::check { 'apache_volume': }
 119         munin::check { 'apache_servers': }
 120         munin::check { 'ps_apache2':
 121                 script => 'ps_',
 122         }
 123
 124         if $::hostname in [beach,buxtehude,picconi,pkgmirror-1and1] {
 125                 include apache2::dynamic
 126         } else {
 127                 @ferm::rule { 'dsa-http':
 128                         prio        => '23',
 129                         description => 'Allow web access',
 130                         rule        => '&SERVICE(tcp, (http https))'
 131                 }
 132         }
 133
 134         @ferm::rule { 'dsa-http-v6':
 135                 domain          => '(ip6)',
 136                 prio            => '23',
 137                 description     => 'Allow web access',
 138                 rule            => '&SERVICE(tcp, (http https))'
 139         }
 140 }