wmdeit-cf-wmdelib/apache.cf

378 lines
9.5 KiB
CFEngine3
Raw Normal View History

2023-09-24 16:15:57 +00:00
#
# Install and configure Apache with SSL and certbot
#
# Use:
# usebundle => install_apache;
# usebundle => apache_vhost(site_data);
#
#
bundle agent apache
{
vars:
2023-10-21 22:09:18 +00:00
"admin_email" string => "[]",unless => isvariable( $(this.promiser) ) ;
2023-09-24 16:15:57 +00:00
freebsd::
"pkgs" slist => {
"apache24",
};
"log_dir" string =>"/var/log/httpd";
2023-10-21 22:09:18 +00:00
"log_dir_owner" string => "root";
"log_dir_group" string => "wheel";
2023-09-24 16:15:57 +00:00
"service_name" string => "apache24";
"www_user" string => "www";
"www_group" string => "www";
"mime_types" string => "/usr/local/etc/apache24/mime.types";
"service_name" string => "apache24";
"restart_cmd" string => "/usr/sbin/service $(service_name) restart";
"etc_dir" string => "/usr/local/etc";
"cfg_dir" string => "$(etc_dir)/apache24";
"main_cfg" string => "$(cfg_dir)/httpd.conf";
"libexec_dir" string => "libexec/apache24";
"www_dir" string => "/usr/local/www",unless => isvariable( $(this.promiser) ) ;
2023-09-24 16:15:57 +00:00
"default_html_dir" string => "$(www_dir)/apache24";
"server_root" string => "/usr/local";
"modules" data => '[
{m: "autoindex",f:"mod_autoindex"},
{m: "log_config",f:"mod_log_config"},
{m: "version",f:"mod_version"},
{m: "unixd",f:"mod_unixd"},
2023-10-21 22:09:18 +00:00
{m: "$(php.apache_m)",f:"$(php.apache_f)"},
2023-09-29 05:59:41 +00:00
{m: "ssl",f:"mod_ssl"}
2023-09-24 16:15:57 +00:00
]';
debian::
"pkgs" slist => {
"apache2",
"libapache2-mod-svn",
};
"log_dir" string =>"/var/log/apache2";
2023-10-21 22:09:18 +00:00
"log_dir_owner" string => "root";
"log_dir_group" string => "adm";
2023-09-24 16:15:57 +00:00
"service_name" string => "apache2";
"restart_cmd" string => "/usr/bin/systemctl restart $(service_name)";
"www_user" string => "www-data";
"www_group" string => "www-data";
"mime_types" string => "/etc/mime.types";
"www_dir" string => "/var/www",unless => isvariable( $(this.promiser) ) ;
2023-09-24 16:15:57 +00:00
"default_html_dir" string => "$(www_dir)/html";
"etc_dir" string => "/etc";
"cfg_dir" string => "$(etc_dir)/apache2";
"main_cfg" string => "$(cfg_dir)/apache2.conf";
"libexec_dir" string => "lib/apache2/modules";
"server_root" string => "/usr";
"modules" data => '[
2023-09-29 05:59:41 +00:00
{m:"php",f:"libphp8.2"},
{m:"ssl",f:"mod_ssl"},
2023-10-20 18:00:35 +00:00
{m:"proxy",f:"mod_proxy"},
{m:"proxy_fcgi",f:"mod_proxy_fcgi"}
2023-09-24 16:15:57 +00:00
]';
centos::
"pkgs" slist => {
"httpd",
2023-09-29 05:59:41 +00:00
"mod_ssl",
2023-09-24 16:15:57 +00:00
"libapache2-mod-svn",
};
2023-09-29 05:59:41 +00:00
fedora::
"pkgs" slist => {
"httpd",
# "mod_ssl",
};
fedora|centos::
"log_dir" string =>"/var/log/httpd";
2023-10-21 22:09:18 +00:00
"log_dir_owner" string => "root";
"log_dir_group" string => "wheel";
2023-09-24 16:15:57 +00:00
"service_name" string => "httpd";
2023-09-29 05:59:41 +00:00
"restart_cmd" string => "/usr/bin/systemctl restart $(service_name)";
"www_user" string => "apache";
"www_group" string => "apache";
"mime_types" string => "/etc/mime.types";
"www_dir" string => "/var/www",unless => isvariable( $(this.promiser) ) ;
"default_html_dir" string => "$(www_dir)/html";
"etc_dir" string => "/etc";
"cfg_dir" string => "$(etc_dir)/httpd";
"main_cfg" string => "$(cfg_dir)/conf/httpd.conf";
"libexec_dir" string => "$(cfg_dir)/modules";
"server_root" string => "/var";
"modules" data => '[
{m: "autoindex",f:"mod_autoindex"},
{m: "log_config",f:"mod_log_config"},
{m: "version",f:"mod_version"},
{m: "unixd",f:"mod_unixd"},
]';
# {m: "php",f:"libphp8"},
2023-09-24 16:15:57 +00:00
2023-09-29 05:59:41 +00:00
2023-09-24 16:15:57 +00:00
ubuntu_20::
"phpm" string => "php7";
ubuntu_22::
"phpm" string => "php";
ubuntu::
2023-10-21 22:09:18 +00:00
"log_dir_owner" string => "root";
"log_dir_group" string => "adm";
2023-09-26 12:58:58 +00:00
"modules" data => '[
2023-09-24 16:15:57 +00:00
{m:"$(phpm)",f:"libphp$(install_php.version)"},
{m:"proxy",f:"mod_proxy"},
{m:"proxy_http",f:"mod_proxy_http"},
{m: "autoindex",f:"mod_autoindex"},
{m: "dav",f:"mod_dav"},
{m: "dav_svn", f:"mod_dav_svn"},
{m: "authz_svn", f:"mod_authz_svn"},
2023-09-30 07:58:07 +00:00
{m: "ssl",f:"mod_ssl"}
2023-09-24 16:15:57 +00:00
]';
}
bundle agent install_apache_php
{
vars:
2023-10-21 22:09:18 +00:00
freebsd::
"pkgs" slist => {"mod_php$(php.bsdvs)"};
debian::
"pkgs" slist => {"libapache2-mod-php"};
centos::
"pkgs" slist => {"libapache2-mod-php"};
packages:
freebsd::
"$(pkgs)"
policy => "present",
package_module => pkg,
handle => "apache_php_installed",
classes => if_repaired(apache_changed);
debian::
"$(pkgs)"
policy => "present",
package_module => apt_get,
handle => "apache_php_installed",
depends_on => { "apache_mpm_event_disabled" },
classes => if_repaired(apache_changed);
fedora|centos::
"$(pkgs)"
policy => "present",
package_module => yum,
handle => "apache_php_installed",
classes => if_repaired(apache_changed);
commands:
2023-10-21 22:09:18 +00:00
debian|ubuntu::
"/bin/sh"
args => "-c '/usr/sbin/a2dismod mpm_event > /dev/null'",
inform=>"false",
handle => "apache_mpm_event_disabled";
}
2023-09-30 07:58:07 +00:00
bundle agent install_apache(raw)
2023-09-24 16:15:57 +00:00
{
classes:
packages:
freebsd::
"$(apache.pkgs)"
policy => "present",
handle => "apache_pkgs_installed",
2023-10-21 22:09:18 +00:00
package_module => pkg,
2023-09-24 16:15:57 +00:00
classes => if_repaired(apache_changed);
debian::
"$(apache.pkgs)"
policy => "present",
package_module => apt_get,
handle => "apache_pkgs_installed",
2023-09-24 16:15:57 +00:00
classes => if_repaired(apache_changed);
2023-09-29 05:59:41 +00:00
fedora|centos::
2023-09-24 16:15:57 +00:00
"$(apache.pkgs)"
policy => "present",
package_module => yum,
handle => "apache_pkgs_installed",
2023-09-24 16:15:57 +00:00
classes => if_repaired(apache_changed);
methods:
"any" usebundle => install_apache_php,
depends_on => { "apache_pkgs_installed" };
2023-09-24 16:15:57 +00:00
commands:
2023-10-22 21:29:07 +00:00
# freebsd::
# "/usr/sbin/sysrc"
# handle => "apache_editrc",
# args => "apache24_enable=yes",
# inform=>"false";
# debian|centos::
# any::
# "/bin/true" handle => "apache_editrc",
# inform => "false";
2023-09-24 16:15:57 +00:00
files:
2023-10-21 22:09:18 +00:00
"$(apache.log_dir)/."
create=>"true",
perms=>mog("750","$(apache.log_dir_owner)","$(apache.log_dir_group)"),
handle => "apache_log_dir_created";
2023-09-24 16:15:57 +00:00
"$(apache.www_dir)/."
create=>"true",
2023-10-21 22:09:18 +00:00
perms => m("755"),
depends_on => { "apache_pkgs_installed" },
2023-09-24 16:15:57 +00:00
handle => "apache_www_dir_created";
"$(apache.default_html_dir)/."
create=>"true",
perms => uperm("$(apache.www_user)","$(apache.www_group)","755"),
depends_on => {"apache_www_dir_created"},
handle=>"apache_default_html_dir_created";
"$(apache.cfg_dir)/Vhosts/dummy.conf"
create=>"true",
content=>"",
2023-10-21 22:09:18 +00:00
perms => m("644"),
depends_on => { "apache_pkgs_installed" },
2023-09-24 16:15:57 +00:00
handle=> "apache_vhost_dir_created";
"$(apache.main_cfg)"
create => "true",
2023-10-02 06:09:38 +00:00
edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/httpd.conf.mustache",
2023-09-24 16:15:57 +00:00
template_method => "mustache",
handle => "apache_main_cfg_crreated",
depends_on => { "apache_pkgs_installed","apache_php_installed" },
2023-09-24 16:15:57 +00:00
classes => if_repaired(apache_changed);
services:
2023-10-22 21:29:07 +00:00
# apache_editrs depends
2023-09-24 16:15:57 +00:00
"$(apache.service_name)"
2023-10-22 21:29:07 +00:00
depends_on => {"apache_vhost_dir_created","apache_www_dir_created","apache_main_cfg_crreated"},
2023-09-24 16:15:57 +00:00
service_policy => "start",
handle => "apache_running";
2023-09-25 05:14:05 +00:00
"php_changed|apache_changed"::
2023-09-24 16:15:57 +00:00
"$(apache.service_name)"
depends_on => {"apache_vhost_dir_created","apache_www_dir_created","apache_main_cfg_crreated"},
2023-09-24 16:15:57 +00:00
service_policy => "restart";
2023-10-21 22:09:18 +00:00
2023-09-24 16:15:57 +00:00
}
bundle agent restart_apache(arg)
{
2023-10-21 22:09:18 +00:00
methods:
"any" usebundle => wmde_restart_service("$(apache.service_name)","$(arg)");
#commands:
# "/bin/sh -c "
# args => "'/bin/echo $(arg) > /dev/null && /usr/bin/systemctl restart $(apache.service_name)'";
2023-09-24 16:15:57 +00:00
}
bundle agent apache_vhost
(site_param)
2023-09-24 16:15:57 +00:00
{
classes:
"delete" expression => $(site[disable]);
"use_ssl" expression => $(site[ssl]);
2023-09-30 07:58:07 +00:00
"use_certbot" expression => strcmp("certbot","$(site[ssl_cert])");
2023-09-24 16:15:57 +00:00
vars:
2023-10-21 22:17:49 +00:00
# "email":$(apache.admin_email),
"site_defaults" data => '
{
"aliases":[],
2023-09-30 07:58:07 +00:00
"ssl_cert":"certbot",
2023-10-07 22:35:18 +00:00
"doc_root":"$(apache.www_dir)/$(site_param[domain])"
}
';
"site" data => mergedata(site_defaults,site_param);
2023-09-24 16:15:57 +00:00
"cert_file" string => "$(certbot.certbot_dir)/live/$(site[domain])";
"template_file"
string =>
2023-10-02 06:09:38 +00:00
"$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/httpd-vhost.conf.mustache";
2023-09-24 16:15:57 +00:00
"domain_file" string => "$(apache.cfg_dir)/Vhosts/$(site[domain]).conf";
"domain_dir" string => "$(apache.www_dir)/$(site[domain])/";
2023-09-30 07:58:07 +00:00
"ssl_cert" string => ifelse( use_certbot,
"$(certbot.certbot_dir)/live/$(site[domain])/fullchain.pem",
"$(site[ssl_cert])");
"ssl_key" string => ifelse( use_certbot,
"$(certbot.certbot_dir)/live/$(site[domain])/privkey.pem",
"$(site[ssl_key])");
use_ssl&(use_certbot)::
"vhostdeps" slist => {"apache_ssl_created$(site[domain])"};
(!use_ssl)|(!use_certbot)::
"vhostdeps" slist => {};
files:
2023-09-24 16:15:57 +00:00
delete::
"$(domain_file)"
delete => tidy,
classes => if_repaired(apache_restart);
!delete::
"$(domain_file)"
perms => uperm("$(apache.www_user)","$(apache.www_group)","644"),
create => "true",
edit_template => "$(template_file)",
template_method => "mustache",
handle => "vhost_cfg_done$(site[domain])",
depends_on => @(vhostdeps),
classes => if_repaired("apache_vhost_restart");
"$(domain_dir)."
create => "true",
perms => uperm("$(apache.www_user)","$(apache.www_group)","750");
methods:
2023-09-30 07:58:07 +00:00
use_ssl&use_certbot::
"any" usebundle => certbot_cert(@(site),"$(apache.default_html_dir)"), #,"$(site[domain])"),
2023-09-24 16:15:57 +00:00
handle => "apache_ssl_created$(site[domain])";
"apache_vhost_restart"::
"any" usebundle => restart_apache("$(site[domain])"),
depends_on => {"vhost_cfg_done$(site[domain])","apache_ssl_created$(site[domain])" };
2023-09-30 07:58:07 +00:00
2023-09-24 16:15:57 +00:00
2023-09-30 07:58:07 +00:00
(!use_ssl)|(!use_certbot)::
2023-09-24 16:15:57 +00:00
"apache_vhost_restart"::
"any" usebundle => restart_apache("$(site[domain])"),
depends_on => {"vhost_cfg_done$(site[domain])" };
reports:
2023-09-30 07:58:07 +00:00
# "SSL_CERT: $(ssl_cert) $(ssl_key) ";
# use_ssl::
# "USE SSL";
# !use_ssl::
# "NOT USE_SSL";
# "RAW: $(site[raw])";
2023-10-07 22:35:18 +00:00
# "APACHE DOCROOT $(site[doc_root])";
2023-09-24 16:15:57 +00:00
}
2023-09-29 05:59:41 +00:00
2023-09-29 06:56:45 +00:00
bundle agent apache_vhosts(sites)
2023-09-29 05:59:41 +00:00
{
vars:
"idx" slist => getindices(@(sites));
methods:
2023-09-29 09:03:22 +00:00
"any" usebundle => apache_vhost(@(sites[$(idx)]));
reports:
2023-09-30 07:58:07 +00:00
# "IDXE $(idx)";
2023-09-29 05:59:41 +00:00
}