Changeset View
Changeset View
Standalone View
Standalone View
site-modules/profile/manifests/swh/deploy/webapp.pp
Show First 20 Lines • Show All 128 Lines • ▼ Show 20 Lines | ::gunicorn::instance {'swh-webapp': | ||||
}, | }, | ||||
} | } | ||||
include ::profile::apache::common | include ::profile::apache::common | ||||
include ::apache::mod::proxy | include ::apache::mod::proxy | ||||
include ::apache::mod::headers | include ::apache::mod::headers | ||||
::apache::vhost {"${vhost_name}_non-ssl": | ::apache::vhost {"${vhost_name}_non-ssl": | ||||
servername => $vhost_name, | servername => $vhost_name, | ||||
serveraliases => $vhost_aliases, | serveraliases => $vhost_aliases, | ||||
port => $vhost_port, | port => $vhost_port, | ||||
docroot => $vhost_docroot, | docroot => $vhost_docroot, | ||||
proxy_pass => [ | proxy_pass => [ | ||||
{ path => '/static', | { path => '/static', | ||||
url => '!', | url => '!', | ||||
}, | }, | ||||
{ path => '/robots.txt', | { path => '/robots.txt', | ||||
url => '!', | url => '!', | ||||
}, | }, | ||||
{ path => '/favicon.ico', | { path => '/favicon.ico', | ||||
url => '!', | url => '!', | ||||
}, | }, | ||||
{ path => '/', | { path => '/', | ||||
url => "http://${backend_listen_address}/", | url => "http://${backend_listen_address}/", | ||||
}, | }, | ||||
], | ], | ||||
directories => [ | directories => [ | ||||
{ path => $static_dir, | { path => $static_dir, | ||||
options => ['-Indexes'], | options => ['-Indexes'], | ||||
}, | }, | ||||
] + $endpoint_directories, | ] + $endpoint_directories, | ||||
aliases => [ | aliases => [ | ||||
{ alias => '/static', | { alias => '/static', | ||||
path => $static_dir, | path => $static_dir, | ||||
}, | }, | ||||
{ alias => '/robots.txt', | { alias => '/robots.txt', | ||||
path => "${static_dir}/robots.txt", | path => "${static_dir}/robots.txt", | ||||
}, | }, | ||||
], | ], | ||||
# work around fix for CVE-2019-0220 introduced in Apache2 2.4.25-3+deb9u7 | # work around fix for CVE-2019-0220 introduced in Apache2 2.4.25-3+deb9u7 | ||||
custom_fragment => 'MergeSlashes off', | custom_fragment => 'MergeSlashes off', | ||||
require => [ | require => [ | ||||
File[$vhost_basic_auth_file], | File[$vhost_basic_auth_file], | ||||
], | ], | ||||
access_log_format => $vhost_access_log_format, | access_log_format => $vhost_access_log_format, | ||||
} | } | ||||
if $endpoint_directories { | if $endpoint_directories { | ||||
file {$vhost_basic_auth_file: | file {$vhost_basic_auth_file: | ||||
ensure => present, | ensure => present, | ||||
Show All 30 Lines | profile::filebeat::log_input { "${vhost_name}-non-ssl-access": | ||||
fields => { | fields => { | ||||
'apache_log_type' => 'access_log', | 'apache_log_type' => 'access_log', | ||||
'environment' => $environment, | 'environment' => $environment, | ||||
'vhost' => $vhost_name, | 'vhost' => $vhost_name, | ||||
'application' => 'webapp', | 'application' => 'webapp', | ||||
}, | }, | ||||
} | } | ||||
$filename_refresh_status = "refresh-savecodenow-statuses" | $filename_refresh_status = 'refresh-savecodenow-statuses' | ||||
$filepath_refresh_status = "/usr/local/bin/${filename_refresh_status}" | $filepath_refresh_status = "/usr/local/bin/${filename_refresh_status}" | ||||
file {$filepath_refresh_status: | file {$filepath_refresh_status: | ||||
ensure => present, | ensure => present, | ||||
owner => 'root', | owner => 'root', | ||||
group => 'www-data', | group => 'www-data', | ||||
mode => '0755', | mode => '0755', | ||||
content => template("profile/swh/deploy/webapp/${filename_refresh_status}.sh.erb"), | content => template("profile/swh/deploy/webapp/${filename_refresh_status}.sh.erb"), | ||||
} | } | ||||
$activate_once_per_environment_webapp = lookup('swh::deploy::webapp::cron::refresh_statuses') | $activate_once_per_environment_webapp = lookup('swh::deploy::webapp::cron::refresh_statuses') | ||||
if $activate_once_per_environment_webapp { | if $activate_once_per_environment_webapp { | ||||
profile::cron::d {$filename_refresh_status: | profile::cron::d {$filename_refresh_status: | ||||
target => $filename_refresh_status, | target => $filename_refresh_status, | ||||
command => "chronic sh -c '${filepath_refresh_status}'", | command => "chronic sh -c '${filepath_refresh_status}'", | ||||
minute => '*', | minute => '*', | ||||
hour => '*', | hour => '*', | ||||
} | } | ||||
} | } | ||||
} | } |