diff --git a/site-modules/profile/manifests/munin/master.pp b/site-modules/profile/manifests/munin/master.pp index f22acbc9..8c694f8b 100644 --- a/site-modules/profile/manifests/munin/master.pp +++ b/site-modules/profile/manifests/munin/master.pp @@ -1,61 +1,65 @@ # Munin master class class profile::munin::master { $master_hostname = lookup('munin::master::hostname') $master_hostname_domain = join(delete_at(split($master_hostname, '[.]'), 0), '.') $master_hostname_target = "${::hostname}.${master_hostname_domain}." class { '::munin::master': extra_config => ["cgiurl_graph http://$master_hostname"], } $export_path = lookup('stats_export::export_path') file {$export_path: ensure => directory, owner => 'root', group => 'root', mode => '0755', } ~> Apache::Vhost[$master_hostname] include ::profile::apache::common include ::apache::mod::rewrite include ::apache::mod::fcgid apache::vhost { $master_hostname: port => 80, docroot => '/var/www/html', rewrites => [ { comment => 'static resources', rewrite_rule => [ '^/favicon.ico /etc/munin/static/favicon.ico [L]', '^/static/(.*) /etc/munin/static/$1 [L]', "^/export/(.*) ${export_path}/\$1 [L]", ], }, { comment => 'HTML', rewrite_cond => [ '%{REQUEST_URI} .html$ [or]', '%{REQUEST_URI} =/', ], rewrite_rule => [ '^/(.*) /usr/lib/munin/cgi/munin-cgi-html/$1 [L]', ], }, { comment => 'Images', rewrite_rule => [ '^/munin-cgi/munin-cgi-graph/(.*) /usr/lib/munin/cgi/munin-cgi-graph/$1 [L]', '^/(.*) /usr/lib/munin/cgi/munin-cgi-graph/$1 [L]', ], }, ], directories => [ { 'path' => '/usr/lib/munin/cgi', 'options' => '+ExecCGI', - 'sethandler' => 'fcgid-script' }, + 'sethandler' => 'fcgid-script' + }, + { 'path' => "${export_path}", + 'options' => '+Indexes', # allow listing + } ], } } diff --git a/site-modules/profile/manifests/stats_web.pp b/site-modules/profile/manifests/stats_web.pp index 144472a9..14252118 100644 --- a/site-modules/profile/manifests/stats_web.pp +++ b/site-modules/profile/manifests/stats_web.pp @@ -1,55 +1,55 @@ # Deployment of web-facing stats export (from munin) class profile::stats_web { $vhost_name = lookup('stats_export::vhost::name') $vhost_docroot = lookup('stats_export::vhost::docroot') $vhost_ssl_protocol = lookup('stats_export::vhost::ssl_protocol') $vhost_ssl_honorcipherorder = lookup('stats_export::vhost::ssl_honorcipherorder') $vhost_ssl_cipher = lookup('stats_export::vhost::ssl_cipher') $vhost_hsts_header = lookup('stats_export::vhost::hsts_header') file {$vhost_docroot: ensure => directory, owner => 'www-data', group => 'www-data', mode => '0755', } include ::profile::apache::common include ::profile::ssl ::apache::vhost {"${vhost_name}_non-ssl": servername => $vhost_name, port => '80', docroot => $vhost_docroot, redirect_status => 'permanent', redirect_dest => "https://${vhost_name}/", } $ssl_cert_name = 'stats_export_softwareheritage_org' $ssl_cert = $::profile::ssl::certificate_paths[$ssl_cert_name] $ssl_chain = $::profile::ssl::chain_paths[$ssl_cert_name] $ssl_key = $::profile::ssl::private_key_paths[$ssl_cert_name] ::apache::vhost {"${vhost_name}_ssl": servername => $vhost_name, port => '443', ssl => true, ssl_protocol => $vhost_ssl_protocol, ssl_honorcipherorder => $vhost_ssl_honorcipherorder, ssl_cipher => $vhost_ssl_cipher, ssl_cert => $ssl_cert, ssl_chain => $ssl_chain, ssl_key => $ssl_key, headers => [$vhost_hsts_header], docroot => $vhost_docroot, proxy_pass => { path => '/', - url => 'http://munin.internal.softwareheritage.org/' + url => 'http://munin.internal.softwareheritage.org/export/' }, require => [ File[$ssl_cert], File[$ssl_chain], File[$ssl_key], ], } }