Puppet Class: profile::kibana::httpd_proxy
- Defined in:
- modules/profile/manifests/kibana/httpd_proxy.pp
Overview
Class: profile::kibana::httpd_proxy
Provisions Authentication for Kibana
Parameters:
-
$vhost: Apache vhost name
-
$serveradmin: Email address for contacting server administrator
-
$auth_type: Vhost auth type. One of ldap, local, none
-
$require_ssl: Require SSL connection to vhost?
-
$auth_realm: HTTP basic auth realm description
-
$auth_file: Path to htpasswd file for $auth_type == 'local'
-
$ldap_authurl: AuthLDAPURL for $auth_type == 'ldap'
-
$ldap_binddn: AuthLDAPBindDN for $auth_type == 'ldap'
-
$ldap_groups: List of ldap-group names for $auth_type == 'ldap'
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 |
# File 'modules/profile/manifests/kibana/httpd_proxy.pp', line 18
class profile::kibana::httpd_proxy (
String $vhost = lookup('profile::kibana::httpd_proxy::vhost'),
String $serveradmin = lookup('profile::kibana::httpd_proxy::serveradmin'),
Enum['ldap','local','none'] $auth_type = lookup('profile::kibana::httpd_proxy::auth_type'),
Boolean $require_ssl = lookup('profile::kibana::httpd_proxy::require_ssl', { 'default_value' => true }),
Optional[String] $auth_realm = lookup('profile::kibana::httpd_proxy::auth_realm', { 'default_value' => undef }),
Optional[String] $auth_file = lookup('profile::kibana::httpd_proxy::auth_file', { 'default_value' => undef }),
Optional[String] $ldap_authurl = lookup('profile::kibana::httpd_proxy::ldap_authurl', { 'default_value' => undef }),
Optional[String] $ldap_binddn = lookup('profile::kibana::httpd_proxy::ldap_binddn', { 'default_value' => undef }),
Optional[Array[String]] $ldap_groups = lookup('profile::kibana::httpd_proxy::ldap_groups', { 'default_value' => [] }),
) {
$httpd_base_modules = ['proxy_http',
'proxy',
'alias',
'headers',
'rewrite']
if $auth_type == 'ldap' {
$httpd_extra_modules = ['authnz_ldap']
include ::passwords::ldap::production
# FIXME: move this into hiera config
$ldap_bindpass = $passwords::ldap::production::proxypass
} elsif $auth_type == 'local' {
$httpd_extra_modules = ['authz_groupfile', 'authz_user']
} elsif $auth_type == 'none' {
$httpd_extra_modules = []
}
$httpd_modules = concat($httpd_base_modules, $httpd_extra_modules)
class { '::httpd':
modules => $httpd_modules,
}
$apache_auth = template("profile/kibana/httpd_proxy/apache-auth-${auth_type}.erb")
if $auth_type != 'none' {
ferm::service { 'kibana_frontend':
proto => 'tcp',
port => 80,
notrack => true,
srange => '$DOMAIN_NETWORKS',
}
}
httpd::site { $vhost:
content => template('profile/kibana/httpd_proxy/apache.conf.erb'),
}
}
|