[MediaWiki-commits] [Gerrit] librenms: Move to apache::site - change (operations/puppet)

Yuvipanda (Code Review) Mon, 16 Nov 2015 16:01:17 -0800

Yuvipanda has submitted this change and it was merged.

Change subject: librenms: Move to apache::site
......................................................................



librenms: Move to apache::site

Also move the website from role class to its own class

Bug: T118786
Change-Id: Ib40c2c89dfb9e5d8e1af07f7931956f50af65e6d
---
M manifests/role/librenms.pp
A modules/librenms/manifests/web.pp
A modules/librenms/templates/apache.conf.erb
3 files changed, 67 insertions(+), 24 deletions(-)

Approvals:
  Yuvipanda: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/manifests/role/librenms.pp b/manifests/role/librenms.pp
index 63c68ea..70e0c69 100644
--- a/manifests/role/librenms.pp
+++ b/manifests/role/librenms.pp
@@ -70,29 +70,10 @@
         require => Class['::librenms']
     }
 
-    sslcert::certificate { $sitename: }
-
-    monitoring::service { 'https':
-        description   => 'HTTPS',
-        check_command => 'check_ssl_http!librenms.wikimedia.org',
-    }
-
-    include ::apache::mod::php5
-    include ::apache::mod::rewrite
-    include ::apache::mod::ssl
-    @webserver::apache::site { $sitename:
-        docroot => "${install_dir}/html",
-        ssl     => 'redirected',
-        require => [
-            Class['::apache::mod::php5', '::apache::mod::ssl'],
-            Sslcert::Certificate[$sitename],
-            Class['::librenms'],
-        ],
-    }
-
-    monitoring::service { 'librenms':
-        description   => 'LibreNMS HTTPS',
-        check_command => "check_https_url!${sitename}!http://${sitename}";,
+    class { '::librenms::web':
+        sitename    => $sitename,
+        install_dir => $install_dir,
+        require     => Class['::librenms'],
     }
 
     ferm::service { 'librenms-http':
@@ -104,5 +85,4 @@
         proto => 'tcp',
         port  => '443',
     }
-
 }
diff --git a/modules/librenms/manifests/web.pp 
b/modules/librenms/manifests/web.pp
new file mode 100644
index 0000000..b20b718
--- /dev/null
+++ b/modules/librenms/manifests/web.pp
@@ -0,0 +1,31 @@
+class librenms::web(
+    $sitename,
+    $install_dir,
+) {
+    include ::apache::mod::php5
+    include ::apache::mod::rewrite
+
+    include ::apache::mod::ssl
+
+    if os_version('debian >= jessie || ubuntu >= trusty') {
+        $ssl_settings = ssl_ciphersuite('apache-2.4', 'compat')
+    } else {
+        $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat')
+    }
+
+    apache::site { $sitename:
+        content => template('librenms/apache.conf.erb'),
+    }
+
+    sslcert::certificate { $sitename: }
+
+    monitoring::service { 'https':
+        description   => 'HTTPS',
+        check_command => 'check_ssl_http!librenms.wikimedia.org',
+    }
+
+    monitoring::service { 'librenms':
+        description   => 'LibreNMS HTTPS',
+        check_command => "check_https_url!${sitename}!http://${sitename}";,
+    }
+}
diff --git a/modules/librenms/templates/apache.conf.erb 
b/modules/librenms/templates/apache.conf.erb
new file mode 100644
index 0000000..ebfc914
--- /dev/null
+++ b/modules/librenms/templates/apache.conf.erb
@@ -0,0 +1,32 @@
+<VirtualHost *:80>
+    ServerName librenms.wikimedia.org
+    ServerAdmin [email protected]
+
+    Redirect permanent / https://<%= @sitename %>
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName <%= @sitename %>
+    ServerAdmin [email protected]
+
+    SSLEngine on
+    SSLCertificateFile /etc/ssl/localcerts/<%= @sitename %>.crt
+    SSLCertificateKeyFile /etc/ssl/private/<%= @sitename %>.key
+    SSLCACertificatePath /etc/ssl/certs
+    <%= @ssl_settings.join("\n") %>
+
+    DocumentRoot <%= @install_dir %>/html
+    <Directory <%= @install_dir %>/html>
+        Options Indexes FollowSymLinks MultiViews
+        AllowOverride All
+        Order allow,deny
+        allow from all
+    </Directory>
+
+    ErrorLog /var/log/apache2/<%= @sitename %>.error.log
+    LogLevel warn
+
+    CustomLog /var/log/apache2/<%= @sitename %>.access.log combined
+    ServerSignature On
+
+</VirtualHost>

-- 
To view, visit https://gerrit.wikimedia.org/r/253495
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ib40c2c89dfb9e5d8e1af07f7931956f50af65e6d
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] librenms: Move to apache::site - change (operations/puppet)

Reply via email to