container.pp 4.88 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
# domainalias:
#   - www: add as well a www.${name} entry
#   - absent: do nothing
#   - default: add the string
#
# logmode:
#   - default: Do normal logging to CustomLog and ErrorLog
#   - nologs: Send every logging to /dev/null
#   - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null
#   - semianonym: Don't log ips for CustomLog, log normal ErrorLog
define webhosting::container(
  String $image,
13
  Integer[1,65535] $port,
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
  $ensure               = present,
  $configuration        = {},
  $uid                  = 'absent',
  $uid_name             = $name,
  $gid                  = 'uid',
  $gid_name             = 'absent',
  $password             = 'absent',
  $password_crypted     = true,
  $domain               = 'absent',
  $domainalias          = 'www',
  $server_admin         = 'absent',
  $logmode              = 'default',
  $owner                = root,
  $group                = 'absent',
  $allow_override       = 'None',
  $do_includes          = false,
  $additional_options   = 'absent',
  $default_charset      = 'absent',
  $ssl_mode             = false,
  $vhost_mode           = 'template',
  $template_partial     = 'absent',
  $vhost_source         = 'absent',
  $vhost_destination    = 'absent',
  $htpasswd_file        = 'absent',
  $nagios_check         = 'ensure',
  $nagios_check_domain  = 'absent',
  $nagios_check_url     = '/',
  $nagios_check_code    = '200',
  $nagios_use           = 'generic-service',
  $watch_adjust_webfiles  = 'absent',
  $user_scripts         = 'absent',
  $user_scripts_options = {},
){
  if ($gid_name == 'absent'){
    $real_gid_name = $uid_name
  } else {
    $real_gid_name = $gid_name
  }
  if ($group == 'absent') {
    $real_group = $real_gid_name
  } else {
    $real_group = 'apache'
  }
  $real_uid = $uid ? {
    'iuid'  => iuid($uid_name,'webhosting'),
    default => $uid,
  }
  if ($gid == 'uid') {
    $real_gid = $real_uid
  } else {
    $real_gid = $gid ? {
      'iuid'  => iuid($uid_name,'webhosting'),
      default => $gid,
    }
  }
  webhosting::common{$name:
    ensure                => $ensure,
    configuration         => $configuration,
    uid                   => $real_uid,
    uid_name              => $uid_name,
    gid                   => $real_gid,
    gid_name              => $real_gid_name,
    password              => $password,
    password_crypted      => $password_crypted,
    htpasswd_file         => $htpasswd_file,
    ssl_mode              => $ssl_mode,
    run_mode              => 'static',
    nagios_check          => $nagios_check,
    nagios_check_domain   => $nagios_check_domain,
    nagios_check_url      => $nagios_check_url,
    nagios_check_code     => $nagios_check_code,
    nagios_use            => $nagios_use,
    git_repo              => $git_repo,
    watch_adjust_webfiles => $watch_adjust_webfiles,
    user_scripts          => $user_scripts,
    user_scripts_options  => $user_scripts_options,
  } -> podman::container{
    $name:
      ensure         => $ensure,
      user           => $uid_name,
      uid            => $real_uid,
      gid            => $real_gid,
      homedir        => "/var/www/vhosts/${name}",
      container_name => 'con',
      manage_user    => false,
      image          => $image,
100
      publish        => ["12342:${port}"],
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
      run_flags      => {
        userns                    => 'keep-id',
        user                      => "${real_uid}:${real_gid}",
        'security-opt-label-type' => 'httpd_container_rw_content',
      },
      volumes        => {},
  } -> Service['apache']

  apache::vhost::container{$name:
    ensure             => $ensure,
    configuration      => $configuration,
    domain             => $domain,
    domainalias        => $domainalias,
    server_admin       => $server_admin,
    logmode            => $logmode,
    group              => $real_group,
    documentroot_owner => $uid_name,
    documentroot_group => $real_group,
    allow_override     => $allow_override,
    do_includes        => $do_includes,
    additional_options => $additional_options,
    default_charset    => $default_charset,
    ssl_mode           => $ssl_mode,
    vhost_mode         => $vhost_mode,
    vhost_source       => $vhost_source,
    vhost_destination  => $vhost_destination,
    htpasswd_file      => $htpasswd_file,
128
    options            => "http://127.0.0.1:12342",
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
  }
  if $template_partial != 'absent' {
    Apache::Vhost::Static[$name]{
      template_partial => $template_partial
    }
  }

  if $ensure == 'present' {
    exec{"adjust_path_access_for_keep-user-id_/var/www/vhosts/${name}":
      command => "bash -c \"setfacl -m user:$(grep -E '^${uid_name}:' /etc/subuid | cut -d: -f 2):rx /var/www/vhosts/${name}\"",
      unless  => "getfacl -p -n /var/www/vhosts/${name}  | grep -qE \"^user:$(grep -E '^${uid_name}:' /etc/subuid | cut -d: -f 2):r-x\\$\"",
      require => [File["/var/www/vhosts/${name}"],User[$uid_name]];
    } -> Podman::Container[$name]
  }
}