Puppet Class: profile::opensearch::api::httpd_proxy

Defined in:
modules/profile/manifests/opensearch/api/httpd_proxy.pp

Overview

Class: profile::opensearch::api::httpd_proxy

Provisions the httpd reverse proxy for OpenSearch API

Parameters:

  • $vhost: Apache vhost name

  • $serveradmin: Email address for contacting server administrator

  • $auth_type: Vhost auth type. One of ldap, local, none

  • $accounts: hash of username -> htpasswd-hashed password for authentication

  • $require_ssl: Require SSL connection to vhost?

  • $auth_realm: HTTP basic auth realm description

  • $auth_file: Path to htpasswd file for $auth_type == 'local'

filtertags: labs-project-deployment-prep

Parameters:

  • vhost (String) (defaults to: lookup('profile::opensearch::api::httpd_proxy::vhost'))
  • serveradmin (String) (defaults to: lookup('profile::opensearch::api::httpd_proxy::serveradmin'))
  • auth_type (Enum['local','none']) (defaults to: lookup('profile::opensearch::api::httpd_proxy::auth_type'))
  • accounts (Hash[String, String]) (defaults to: lookup('profile::opensearch::api::httpd_proxy::accounts'))
  • require_ssl (Boolean) (defaults to: lookup('profile::opensearch::api::httpd_proxy::require_ssl', { 'default_value' => true }))
  • auth_realm (Optional[String]) (defaults to: lookup('profile::opensearch::api::httpd_proxy::auth_realm', { 'default_value' => undef }))
  • auth_file (Optional[String]) (defaults to: lookup('profile::opensearch::api::httpd_proxy::auth_file', { 'default_value' => undef })) 


18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'modules/profile/manifests/opensearch/api/httpd_proxy.pp', line 18

class profile::opensearch::api::httpd_proxy (
    String                      $vhost        = lookup('profile::opensearch::api::httpd_proxy::vhost'),
    String                      $serveradmin  = lookup('profile::opensearch::api::httpd_proxy::serveradmin'),
    Enum['local','none']        $auth_type    = lookup('profile::opensearch::api::httpd_proxy::auth_type'),
    Hash[String, String]        $accounts     = lookup('profile::opensearch::api::httpd_proxy::accounts'),
    Boolean                     $require_ssl  = lookup('profile::opensearch::api::httpd_proxy::require_ssl',  { 'default_value' => true }),
    Optional[String]            $auth_realm   = lookup('profile::opensearch::api::httpd_proxy::auth_realm',   { 'default_value' => undef }),
    Optional[String]            $auth_file    = lookup('profile::opensearch::api::httpd_proxy::auth_file',    { 'default_value' => undef }),
) {
    if $auth_type == 'local' {
        $httpd_extra_modules = ['authz_groupfile', 'authz_user']
        file { $auth_file:
            ensure  => present,
            mode    => '0400',
            owner   => 'www-data',
            group   => 'www-data',
            content => ($accounts.map |$k, $v| { "${k}:${v}" } + ['']).join("\n"),
        }
    } elsif $auth_type == 'none' {
        $httpd_extra_modules = []
        file { $auth_file:
            ensure  => absent,
        }
    }

    httpd::mod_conf { $httpd_extra_modules:
        ensure => present,
    }

    $apache_auth = template("profile/opensearch/common/httpd_proxy/apache-auth-${auth_type}.erb")

    httpd::site { $vhost:
        content => template('profile/opensearch/api/httpd_proxy/apache.conf.erb'),
    }
}