Merge pull request 'neoloc/mediaproxy' (#92) from neoloc/mediaproxy into develop
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/92
This commit was merged in pull request #92.
This commit is contained in:
@@ -0,0 +1,72 @@
|
||||
class profiles::nginx::ldapauth (
|
||||
Stdlib::AbsolutePath $bin_path = '/usr/local/bin/nginx-ldap-auth',
|
||||
Stdlib::AbsolutePath $env_path = '/etc/default/nginx-ldap-auth',
|
||||
String $user = 'nginx-ldap-auth',
|
||||
String $group = 'nginx-ldap-auth',
|
||||
Boolean $systempkgs = false,
|
||||
String $version = 'system',
|
||||
Hash $packages = {
|
||||
'python3.11-ldap' => { ensure => 'present' }
|
||||
}
|
||||
){
|
||||
|
||||
|
||||
if $::facts['python3_version'] {
|
||||
|
||||
$python_version = $version ? {
|
||||
'system' => $::facts['python3_version'],
|
||||
default => $version,
|
||||
}
|
||||
|
||||
ensure_resources('package', $packages)
|
||||
|
||||
# Deploy the default configuration file using a template
|
||||
file { $env_path:
|
||||
ensure => file,
|
||||
content => template('profiles/ldapauth/nginx-ldap-auth.default.erb'),
|
||||
}
|
||||
|
||||
# Deploy the daemon script using a template
|
||||
file { $bin_path:
|
||||
ensure => file,
|
||||
content => template('profiles/ldapauth/nginx-ldap-auth-daemon.py.erb'),
|
||||
mode => '0755',
|
||||
}
|
||||
|
||||
# Manage user and group
|
||||
group { $group:
|
||||
ensure => present,
|
||||
system => true,
|
||||
}
|
||||
|
||||
user { $user:
|
||||
ensure => present,
|
||||
comment => 'nginx-ldap-auth helper',
|
||||
gid => $group,
|
||||
shell => '/sbin/nologin',
|
||||
system => true,
|
||||
require => Group[$group],
|
||||
}
|
||||
|
||||
# Create log directory for nginx-ldap-auth
|
||||
file { '/var/log/nginx-ldap-auth':
|
||||
ensure => directory,
|
||||
owner => $user,
|
||||
group => $group,
|
||||
mode => '0755',
|
||||
require => User[$user],
|
||||
}
|
||||
|
||||
# Ensure the systemd service is enabled and started
|
||||
systemd::unit_file { 'nginx-ldap-auth.service':
|
||||
content => template('profiles/ldapauth/nginx-ldap-auth.service.erb'),
|
||||
enable => true,
|
||||
active => true,
|
||||
require => [
|
||||
File[$bin_path],
|
||||
File[$env_path],
|
||||
User[$user],
|
||||
],
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -12,6 +12,8 @@ class profiles::nginx::simpleproxy (
|
||||
Stdlib::Port $proxy_port = 80,
|
||||
Stdlib::Host $proxy_host = $facts['networking']['ip'],
|
||||
String $proxy_path = '/',
|
||||
Boolean $use_default_location = true,
|
||||
Hash $locations = {},
|
||||
) {
|
||||
|
||||
# if nginx_version isnt set, install nginx
|
||||
@@ -83,7 +85,7 @@ class profiles::nginx::simpleproxy (
|
||||
$defaults = {
|
||||
'listen_port' => $listen_port,
|
||||
'server_name' => $server_names,
|
||||
'use_default_location' => true,
|
||||
'use_default_location' => $use_default_location,
|
||||
'access_log' => "/var/log/nginx/${nginx_vhost}_access.log",
|
||||
'error_log' => "/var/log/nginx/${nginx_vhost}_error.log",
|
||||
'autoindex' => 'on',
|
||||
@@ -98,11 +100,25 @@ class profiles::nginx::simpleproxy (
|
||||
$nginx_parameters = merge($defaults, $extras_hash)
|
||||
|
||||
# manage the nginx class
|
||||
include 'nginx'
|
||||
class { 'nginx':
|
||||
proxy_cache_path => {
|
||||
'/var/cache/nginx/cache' => 'cache:128m',
|
||||
},
|
||||
proxy_cache_levels => '1:2',
|
||||
proxy_cache_keys_zone => 'cache:128m',
|
||||
proxy_cache_max_size => '1024m',
|
||||
proxy_cache_inactive => '10m',
|
||||
proxy_temp_path => '/var/cache/nginx/cache_temp',
|
||||
}
|
||||
|
||||
# create the nginx vhost with the merged parameters
|
||||
create_resources('nginx::resource::server', { $nginx_vhost => $nginx_parameters })
|
||||
|
||||
# create nginx locations
|
||||
if $use_default_location == false {
|
||||
create_resources('nginx::resource::location', $locations)
|
||||
}
|
||||
|
||||
# manage selinux
|
||||
if $::facts['os']['selinux']['config_mode'] == 'enforcing' {
|
||||
|
||||
|
||||
Reference in New Issue
Block a user