a924e7b172
This change allows us to shift away from the default setup of using Wildfly's internal undertow webserver to using Apache as a frontend via mod_proxy_ajp. The built-in https and ajp may be selectively enabled or disabled. Change-Id: I7152b43edb5e028fbad9631dd137536f90e33388
84 lines
2.2 KiB
Puppet
84 lines
2.2 KiB
Puppet
# Copyright 2014 Hewlett-Packard Development Company, L.P.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# == Class: zanata::apache
|
|
#
|
|
|
|
class zanata::apache (
|
|
$vhost_name = $::fqdn,
|
|
$serveradmin = "webmaster@${::fqdn}",
|
|
$ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem',
|
|
$ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key',
|
|
$ssl_chain_file = '',
|
|
$ssl_cert_file_contents = '', # If left empty puppet will not create file.
|
|
$ssl_key_file_contents = '', # If left empty puppet will not create file.
|
|
$ssl_chain_file_contents = '', # If left empty puppet will not create file.
|
|
) {
|
|
|
|
include ::apache
|
|
include ::apache::ssl
|
|
|
|
a2mod { 'proxy':
|
|
ensure => present,
|
|
}
|
|
|
|
a2mod { 'proxy_http':
|
|
ensure => present,
|
|
}
|
|
|
|
a2mod { 'proxy_ajp':
|
|
ensure => present,
|
|
}
|
|
|
|
apache::vhost { $vhost_name:
|
|
port => 443,
|
|
docroot => 'MEANINGLESS ARGUMENT',
|
|
priority => '50',
|
|
template => 'zanata/zanata.vhost.erb',
|
|
ssl => true,
|
|
subscribe => File['/opt/wildfly/standalone/configuration/standalone.xml'],
|
|
}
|
|
|
|
if $ssl_cert_file_contents != '' {
|
|
file { $ssl_cert_file:
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0640',
|
|
content => $ssl_cert_file_contents,
|
|
before => Apache::Vhost[$vhost_name],
|
|
}
|
|
}
|
|
|
|
if $ssl_key_file_contents != '' {
|
|
file { $ssl_key_file:
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0640',
|
|
content => $ssl_key_file_contents,
|
|
before => Apache::Vhost[$vhost_name],
|
|
}
|
|
}
|
|
|
|
if $ssl_chain_file_contents != '' {
|
|
file { $ssl_chain_file:
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0640',
|
|
content => $ssl_chain_file_contents,
|
|
before => Apache::Vhost[$vhost_name],
|
|
}
|
|
}
|
|
|
|
}
|