From a924e7b1725aa032c9a1d133f22a7a7920001003 Mon Sep 17 00:00:00 2001 From: stephane Date: Tue, 10 Mar 2015 14:06:21 -0700 Subject: [PATCH] Add apache configuration for zanata This change allows us to shift away from the default setup of using Wildfly's internal undertow webserver to using Apache as a frontend via mod_proxy_ajp. The built-in https and ajp may be selectively enabled or disabled. Change-Id: I7152b43edb5e028fbad9631dd137536f90e33388 --- manifests/apache.pp | 83 ++++++++++++++++++++++++++++++++++++ manifests/init.pp | 15 ++++++- templates/standalone.xml.erb | 9 ++++ templates/zanata.vhost.erb | 38 +++++++++++++++++ 4 files changed, 144 insertions(+), 1 deletion(-) create mode 100644 manifests/apache.pp create mode 100644 templates/zanata.vhost.erb diff --git a/manifests/apache.pp b/manifests/apache.pp new file mode 100644 index 0000000..f6f251b --- /dev/null +++ b/manifests/apache.pp @@ -0,0 +1,83 @@ +# Copyright 2014 Hewlett-Packard Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: zanata::apache +# + +class zanata::apache ( + $vhost_name = $::fqdn, + $serveradmin = "webmaster@${::fqdn}", + $ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem', + $ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key', + $ssl_chain_file = '', + $ssl_cert_file_contents = '', # If left empty puppet will not create file. + $ssl_key_file_contents = '', # If left empty puppet will not create file. + $ssl_chain_file_contents = '', # If left empty puppet will not create file. +) { + + include ::apache + include ::apache::ssl + + a2mod { 'proxy': + ensure => present, + } + + a2mod { 'proxy_http': + ensure => present, + } + + a2mod { 'proxy_ajp': + ensure => present, + } + + apache::vhost { $vhost_name: + port => 443, + docroot => 'MEANINGLESS ARGUMENT', + priority => '50', + template => 'zanata/zanata.vhost.erb', + ssl => true, + subscribe => File['/opt/wildfly/standalone/configuration/standalone.xml'], + } + + if $ssl_cert_file_contents != '' { + file { $ssl_cert_file: + owner => 'root', + group => 'root', + mode => '0640', + content => $ssl_cert_file_contents, + before => Apache::Vhost[$vhost_name], + } + } + + if $ssl_key_file_contents != '' { + file { $ssl_key_file: + owner => 'root', + group => 'root', + mode => '0640', + content => $ssl_key_file_contents, + before => Apache::Vhost[$vhost_name], + } + } + + if $ssl_chain_file_contents != '' { + file { $ssl_chain_file: + owner => 'root', + group => 'root', + mode => '0640', + content => $ssl_chain_file_contents, + before => Apache::Vhost[$vhost_name], + } + } + +} diff --git a/manifests/init.pp b/manifests/init.pp index 10f8441..b5ae9d0 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -35,12 +35,17 @@ class zanata( $zanata_openid_provider_url = '', $zanata_admin_users = '', + $zanata_listeners = [], + ) { $zanata_file = inline_template('<%= File.basename(@zanata_url) %>') $zanata_hibernate_file = inline_template('<%= File.basename(@zanata_hibernate_url) %>') $zanata_mojarra_file = inline_template('<%= File.basename(@zanata_mojarra_url) %>') + zanata::validate_listener { $zanata_listeners: + } + class { 'zanata::wildfly': wildfly_version => $zanata_wildfly_version, wildfly_install_source => $zanata_wildfly_install_url, @@ -143,5 +148,13 @@ class zanata( Exec['unzip_hibernate'], ], } - +} + +# == Define: zanata::validate_listener +# +define zanata::validate_listener ($listener = $name) { + $listeners = [ 'https', 'ajp' ] + if $listener and !($listener in $listeners) { + fail("${listener} is not a valid listener type") + } } diff --git a/templates/standalone.xml.erb b/templates/standalone.xml.erb index 8a39cb3..bf9b3aa 100644 --- a/templates/standalone.xml.erb +++ b/templates/standalone.xml.erb @@ -534,6 +534,15 @@ + +<% @zanata_listeners.each do |listener| -%> +<% if listener == 'https' -%> +<% @listener_realm = ' security-realm="ApplicationRealm"' -%> +<% else -%> +<% @listener_realm = '' -%> +<% end -%> + <<%= listener %>-listener name="default.<%= listener %>" socket-binding="<%= listener %>"<%= @listener_realm %>/> +<% end -%> diff --git a/templates/zanata.vhost.erb b/templates/zanata.vhost.erb new file mode 100644 index 0000000..08f45b3 --- /dev/null +++ b/templates/zanata.vhost.erb @@ -0,0 +1,38 @@ + + ServerName <%= scope.lookupvar("zanata::apache::vhost_name") %> + ServerAdmin <%= scope.lookupvar("zanata::apache::serveradmin") %> + + ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("zanata::apache::vhost_name") %>-error.log + + LogLevel warn + + CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("zanata::apache::vhost_name") %>-access.log combined + + Redirect / https://<%= scope.lookupvar("zanata::apache::vhost_name") %>/ + + + + + + ServerName <%= scope.lookupvar("zanata::apache::vhost_name") %> + ServerAdmin <%= scope.lookupvar("zanata::apache::serveradmin") %> + + ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("zanata::apache::vhost_name") %>-error.log + + LogLevel warn + + CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("zanata::apache::vhost_name") %>-access.log combined + + SSLEngine on + SSLProtocol All -SSLv2 -SSLv3 + + SSLCertificateFile <%= scope.lookupvar("zanata::apache::ssl_cert_file") %> + SSLCertificateKeyFile <%= scope.lookupvar("zanata::apache::ssl_key_file") %> + <% if scope.lookupvar("zanata::apache::ssl_chain_file") != "" %> + SSLCertificateChainFile <%= scope.lookupvar("zanata::apache::ssl_chain_file") %> + <% end -%> + + ProxyPass / ajp://127.0.0.1:8009/ retry=0 + + + \ No newline at end of file