Puppet Class: profile::tendril::webserver

Defined in:
modules/profile/manifests/tendril/webserver.pp

Overview

setup a webserver as required for Tendril and dbtree. Add Apache sites and monitoring for http/https.

Parameters:

  • monitor_https (Boolean) (defaults to: lookup('do_acme', {'default_value' => true}))
  • monitor_auth (Boolean) (defaults to: lookup('monitor_auth', {'default_value' => true}))


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# File 'modules/profile/manifests/tendril/webserver.pp', line 3

class profile::tendril::webserver (
    Boolean $monitor_https = lookup('do_acme', {'default_value' => true}),
    Boolean $monitor_auth  = lookup('monitor_auth', {'default_value' => true}),
) {
    ensure_packages(['libapache2-mod-php5.6','php5.6-mysql'])

    class { 'httpd':
        modules => ['rewrite',
                    'headers',
                    'ssl',
                    'authnz_ldap',
                    ],
    }

    # mod-php can only work with the prefork MPM
    class { 'httpd::mpm':
        mpm => 'prefork',
    }

    httpd::mod_conf { 'php5.6':
        ensure => present,
    }

    $ssl_settings = ssl_ciphersuite('apache', 'strong', true)
    $ssl_certs = profile::pki::get_cert('discovery', 'dbtree.wikimedia.org', {
        'notify'  => Service['apache2'],
    })

    httpd::site { 'dbtree.wikimedia.org':
        content => template('dbtree/dbtree.wikimedia.org.erb'),
    }

    profile::auto_restarts::service { 'apache2': }

    # HTTPS monitoring, if enabled
    if $monitor_https {
        monitoring::service { 'https-dbtree':
            ensure        => absent,
            description   => 'HTTPS-dbtree',
            check_command => 'check_https_url!dbtree.wikimedia.org!https://dbtree.wikimedia.org',
            notes_url     => 'https://wikitech.wikimedia.org/wiki/Dbtree.wikimedia.org',
        }
        monitoring::service { 'https-tendril':
            ensure        => absent,
            description   => 'HTTPS-tendril',
            check_command => 'check_ssl_http_letsencrypt!tendril-legacy.wikimedia.org',
            notes_url     => 'https://wikitech.wikimedia.org/wiki/Tendril',
        }
    }

    # TODO: Remove when fully migrated to CAS
    if $monitor_auth {
        monitoring::service { 'https-tendril-unauthorized':
            description   => 'Tendril requires authentication',
            check_command => 'check_https_unauthorized!tendril-legacy.wikimedia.org!/!401',
            contact_group => 'admins',
            notes_url     => 'https://wikitech.wikimedia.org/wiki/Tendril',
        }
    }
}