Saltstack Official Apache Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

130 lines
4.2KB

  1. # -*- coding: utf-8 -*-
  2. # vim: ft=sls
  3. {%- set tplroot = tpldir.split('/')[0] %}
  4. {%- set sls_service_running = tplroot ~ '.service.running' %}
  5. {%- set sls_package_install = tplroot ~ '.package.install' %}
  6. {%- from tplroot ~ "/map.jinja" import apache with context %}
  7. include:
  8. - {{ sls_service_running }}
  9. - {{ sls_package_install }}
  10. {%- if grains['os_family'] in ('Debian', 'Suse') %}
  11. apache-config-modules-ssl-cmd-run:
  12. cmd.run:
  13. - name: a2enmod ssl
  14. - unless: ls {{ apache.moddir }}/ssl.load || egrep "^APACHE_MODULES=" /etc/sysconfig/apache2 | grep ' ssl'
  15. - order: 225
  16. - require:
  17. - pkg: apache-package-install-pkg-installed
  18. - watch_in:
  19. - module: apache-service-running-restart
  20. - require_in:
  21. - module: apache-service-running-restart
  22. - module: apache-service-running-reload
  23. - service: apache-service-running
  24. file.managed:
  25. - name: /etc/apache2/mods-available/ssl.conf
  26. - source: salt://apache/files/{{ salt['grains.get']('os_family') }}/ssl.conf.jinja
  27. - template: {{ apache.get('template_engine', 'jinja') }}
  28. - context:
  29. apache: {{ apache|json }}
  30. - mode: 644
  31. - makedirs: True
  32. - watch_in:
  33. - module: apache-service-running-restart
  34. {%- elif grains['os_family']=="RedHat" %}
  35. apache-config-modules-ssl-pkg:
  36. pkg.installed:
  37. - name: {{ apache.pkg.mod_ssl }}
  38. - require:
  39. - pkg: apache-package-install-pkg-installed
  40. - watch_in:
  41. - module: apache-service-running-restart
  42. - require_in:
  43. - module: apache-service-running-restart
  44. - module: apache-service-running-reload
  45. - service: apache-service-running
  46. file.absent:
  47. - name: {{ apache.confdir }}/ssl.conf
  48. - require:
  49. - pkg: apache-package-install-pkg-installed
  50. - watch_in:
  51. - module: apache-service-running-restart
  52. - require_in:
  53. - module: apache-service-running-restart
  54. - module: apache-service-running-reload
  55. - service: apache-service-running
  56. {%- elif grains['os_family']=="FreeBSD" %}
  57. - .mod_ssl
  58. apache-config-modules-ssl-file-managed:
  59. file.managed:
  60. - name: {{ apache.modulesdir }}/010_mod_ssl.conf
  61. - source: salt://apache/files/{{ salt['grains.get']('os_family') }}/mod_ssl.conf.jinja
  62. - mode: 644
  63. - makedirs: True
  64. - template: {{ apache.get('template_engine', 'jinja') }}
  65. - context:
  66. apache: {{ apache|json }}
  67. - require:
  68. - pkg: apache-package-install-pkg-installed
  69. - watch_in:
  70. - module: apache-service-running-restart
  71. - require_in:
  72. - module: apache-service-running-restart
  73. - module: apache-service-running-reload
  74. - service: apache-service-running
  75. {%- endif %}
  76. apache-config-modules-ssl-file-managed-tls-defaults:
  77. {%- if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %}
  78. file.managed:
  79. - name: {{ apache.confdir }}/tls-defaults.conf
  80. - source: salt://apache/files/ssl/tls-defaults.conf.jinja
  81. - mode: 644
  82. - makedirs: True
  83. - template: {{ apache.get('template_engine', 'jinja') }}
  84. - context:
  85. apache: {{ apache|json }}
  86. {%- else %}
  87. file.absent:
  88. - name: {{ apache.confdir }}/tls-defaults.conf
  89. {%- endif %}
  90. - require:
  91. - pkg: apache-package-install-pkg-installed
  92. - watch_in:
  93. - module: apache-service-running-restart
  94. - require_in:
  95. - module: apache-service-running-restart
  96. - module: apache-service-running-reload
  97. - service: apache-service-running
  98. {%- if grains['os_family'] in ('Debian',) %}
  99. apache-config-modules-ssl-cmd-run-debian-tls-defaults:
  100. cmd.run:
  101. {%- if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) %}
  102. - name: a2enconf tls-defaults
  103. - unless: test -L /etc/apache2/conf-enabled/tls-defaults.conf
  104. {%- else %}
  105. - name: a2disconf tls-defaults
  106. - onlyif: test -L /etc/apache2/conf-enabled/tls-defaults.conf
  107. {%- endif %}
  108. - order: 225
  109. - require:
  110. - pkg: apache-package-install-pkg-installed
  111. - file: {{ apache.confdir }}/tls-defaults.conf
  112. - watch_in:
  113. - module: apache-service-running-restart
  114. - require_in:
  115. - module: apache-service-running-restart
  116. - module: apache-service-running-reload
  117. - service: apache-service-running
  118. {%- endif %}