Skip to content
This repository has been archived by the owner on Jun 11, 2019. It is now read-only.

Add ability to manage ssl.conf file within apache::ssl #76

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add ability to manage ssl.conf file within apache::ssl #76

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6fa377c
adding support to manage default ssl.conf file
Feb 19, 2015
a96426f
update README for apache::ssl config file management
Feb 19, 2015
b9d1c4b
fixup puppet-lint indentation warnings
Feb 19, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,14 @@ For detailed info about the logic and usage patterns of Example42 modules read R

include apache::ssl

class { 'apache::ssl':
ssl_template => 'example42/apache/ssl.conf.erb',
}

class { 'apache::ssl':
ssl_source => [ "puppet:///modules/lab42/apache/ssl.conf-${hostname}" , "puppet:///modules/lab42/apache/ssl.conf" ],
}


* Manage basic auth users (Here user joe is created with the $crypt_password on the defined htpasswd_file

Expand Down
2 changes: 2 additions & 0 deletions manifests/params.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,8 @@

$port = '80'
$ssl_port = '443'
$ssl_source = ''
$ssl_template = ''
$protocol = 'tcp'

# General Settings
Expand Down
41 changes: 31 additions & 10 deletions manifests/ssl.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,24 @@
#
# Apache resources specific for SSL
#
class apache::ssl {
class apache::ssl (
$ssl_port = params_lookup( 'ssl_port' ),
$ssl_source = params_lookup( 'ssl_source' ),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Honestly I've always used params_lookup on the main class, and not in sub classes, I'm not sure about the params namespace and the functionality when using it in subclasses.
Incidentally I think it's better to have params in the classes where they are used, as here, but that's not a pattern I've used in ng modules.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wasn't sure, but it didn't seem to make sense to have a node declaration like:

class { 'apache':
  ssl_template => 'site/apache/ssl.conf.erb',
}
class { 'apache::ssl': }

I was concerned about it causing confusion when 1) user specifies the param in the apache class and doesn't declare apache:ssl, 2) user attempts to specify the param in the apache::ssl class, and 3) when using an ENC, where the param would be specified as apache_ssl_template might make it look like apache::ssl::template instead of apache::ssl_template if that makes sense.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree, better to leave the params in the ssl class.
Still looking at the params_lookup function (https://github.com/example42/puppi/blob/master/lib/puppet/parser/functions/params_lookup.rb), I wonder if the lookup names are what we expect. For example I'm not sure the default values are searched in apache::params

$ssl_template = params_lookup( 'ssl_template' ),
) inherits apache::params {

include apache

$manage_ssl_file_source = $apache::ssl::ssl_source ? {
'' => undef,
default => $apache::ssl::ssl_source,
}

$manage_ssl_file_content = $apache::ssl::ssl_template ? {
'' => undef,
default => template($apache::ssl::ssl_template),
}

case $::operatingsystem {
ubuntu,debian,mint: {
exec { 'enable-ssl':
Expand All @@ -22,11 +36,18 @@
require => Package['apache'],
notify => Service['apache'],
}
file { "${apache::config_dir}/ssl.conf":
mode => '0644',
owner => 'root',
group => 'root',
notify => Service['apache'],
file { 'ssl.conf':
ensure => $apache::manage_file,
path => "${apache::ssl::dotconf_dir}/ssl.conf",
mode => $apache::config_file_mode,
owner => $apache::config_file_owner,
group => $apache::config_file_group,
require => Package['mod_ssl'],
notify => $apache::manage_service_autorestart,
source => $apache::ssl::manage_ssl_file_source,
content => $apache::ssl::manage_ssl_file_content,
replace => $apache::manage_file_replace,
audit => $apache::manage_audit,
}
file {['/var/cache/mod_ssl', '/var/cache/mod_ssl/scache']:
ensure => directory,
Expand All @@ -41,9 +62,9 @@

### Port monitoring, if enabled ( monitor => true )
if $apache::bool_monitor == true {
monitor::port { "apache_${apache::protocol}_${apache::ssl_port}":
monitor::port { "apache_${apache::protocol}_${apache::ssl::ssl_port}":
protocol => $apache::protocol,
port => $apache::ssl_port,
port => $apache::ssl::ssl_port,
target => $apache::monitor_target,
tool => $apache::monitor_tool,
enable => $apache::manage_monitor,
Expand All @@ -52,11 +73,11 @@

### Firewall management, if enabled ( firewall => true )
if $apache::bool_firewall == true {
firewall { "apache_${apache::protocol}_${apache::ssl_port}":
firewall { "apache_${apache::protocol}_${apache::ssl::ssl_port}":
source => $apache::firewall_src,
destination => $apache::firewall_dst,
protocol => $apache::protocol,
port => $apache::ssl_port,
port => $apache::ssl::ssl_port,
action => 'allow',
direction => 'input',
tool => $apache::firewall_tool,
Expand Down