# Copyright 2017 Red Hat, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. define openstack_project::website ( $aliases = undef, $volume_name = undef, $ssl_cert = undef, $ssl_key = undef, $ssl_intermediate = undef, $ssl_cert_file = undef, $ssl_key_file = undef, $ssl_chain_file = undef, $template = 'openstack_project/website.vhost.erb', $docroot = undef, $allow_override_list = undef, ) { $afs_root = '/afs/openstack.org/' if $volume_name == undef { # Default to volume name matching vhost name $volume_name_ = $name } else { $volume_name_ = $volume_name } if $docroot == undef { $docroot_ = "${afs_root}/project/${volume_name_}/www" } else { $docroot_ = $docroot } if $allow_override_list == undef { $allow_override_list_ = "Redirect RedirectMatch" } else { $allow_override_list_ = $allow_override_list } if ($ssl_cert != undef) { $ssl_cert_file_ = "/etc/ssl/certs/${name}.pem" file { "${ssl_cert_file_}": ensure => present, owner => 'root', group => 'root', mode => '0644', content => $ssl_cert, require => File['/etc/ssl/certs'], } } else { $ssl_cert_file_ = $ssl_cert_file } if ($ssl_key != undef) { $ssl_key_file_ = "/etc/ssl/private/${name}.key" file { "${ssl_key_file_}": ensure => present, owner => 'root', group => 'root', mode => '0600', content => $ssl_key, require => File['/etc/ssl/private'], } } else { $ssl_key_file_ = $ssl_key_file } if ($ssl_intermediate != undef) { $ssl_chain_file_ = "/etc/ssl/certs/${name}_intermediate.pem" file { "${ssl_chain_file_}": ensure => present, owner => 'root', group => 'root', mode => '0644', content => $ssl_intermediate, require => File['/etc/ssl/certs'], } } else { $ssl_chain_file_ = $ssl_chain_file } ::httpd::vhost { $name: serveraliases => $aliases, port => 443, # Is required despite not being used. docroot => $docroot_, priority => '50', content => template($template) } }