Puppet Class: profile::tendril::webserver

Defined in:
modules/profile/manifests/tendril/webserver.pp

Overview

setup a webserver as required for Tendril and dbtree. Add Apache sites and monitoring for http/https.

Parameters:

  • monitor_https (Any) (defaults to: hiera('do_acme', true))
  • monitor_auth (Any) (defaults to: hiera('monitor_auth', true))


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# File 'modules/profile/manifests/tendril/webserver.pp', line 3

class profile::tendril::webserver (
    $monitor_https = hiera('do_acme', true),
    $monitor_auth  = hiera('monitor_auth', true),
) {
    # Temporary backwards compatibility
    if os_version('debian > buster') {
        fail("Please update ${module_name} to support newer php installed module")
    } elsif os_version('debian == buster') {
        $php_module = 'php7.3'
        require_package('libapache2-mod-php','php-mysql')
    } elsif os_version('debian == stretch') {
        $php_module = 'php7.0'
        require_package('libapache2-mod-php','php-mysql')
    } else {
        $php_module = 'php5'
        require_package('libapache2-mod-php5', 'php5-mysql')
    }

    class { '::httpd':
        modules => ['rewrite',
                    'headers',
                    'ssl',
                    $php_module,
                    'authnz_ldap',
                    ],
    }

    $ssl_settings = ssl_ciphersuite('apache', 'strong', true)

    httpd::site { 'dbtree.wikimedia.org':
        content => template('dbtree/dbtree.wikimedia.org.erb'),
    }

    base::service_auto_restart { 'apache2': }

    # HTTPS monitoring, if enabled
    if $monitor_https {
        monitoring::service { 'https-dbtree':
            description   => 'HTTPS-dbtree',
            check_command => 'check_https_url!dbtree.wikimedia.org!https://dbtree.wikimedia.org',
            notes_url     => 'https://wikitech.wikimedia.org/wiki/Dbtree.wikimedia.org',
        }
        monitoring::service { 'https-tendril':
            description   => 'HTTPS-tendril',
            check_command => 'check_ssl_http_letsencrypt!tendril.wikimedia.org',
            notes_url     => 'https://wikitech.wikimedia.org/wiki/Tendril',
        }
    }

    # TODO: Remove when fully migrated to CAS
    if $monitor_auth {
        monitoring::service { 'https-tendril-unauthorized':
            description   => 'Tendril requires authentication',
            check_command => 'check_https_unauthorized!tendril.wikimedia.org!/!401',
            contact_group => 'admins',
            notes_url     => 'https://wikitech.wikimedia.org/wiki/Tendril',
        }
    }
}