proposal: webserver/site configs in puppet

seth vidal skvidal at fedoraproject.org
Wed Jun 8 16:44:13 UTC 2011 

On Wed, 2011-06-08 at 08:29 -0400, Adam M. Dutko wrote:
> It seems like the Apache "Include" directive is being overlooked.
> Can't we have a base http/https file with essential "global
> directives" like ServerTokens, some (not all) modules and etc. then
> maintain a seperate set of include files for each site that has any
> needed changes?
> 
> We could then use puppet to change which files are included on a per
> host basis, no?


> 
> On Wed, 2011-06-08 at 19:24 +0530, ranjib dey wrote:
> hi seth,
> > I prefer to maintain the whole apache configs in debian style. Where
> I have base apache module for minimal setup + sites-available +
> mods-available, and individual use cases (passenger /mod_wsgi etc or
> virtualhosts/proxypasses) are modelled as dependant modules of apache
> where they selectively enable/disable sites or mods. Individual mods
> are loaded by separate .load file and configured by separate .conf
> files. Also we have separate puppet sub modules for individual mods.
> This way i can readily assemble my node specific apache configs
> without tampering the base puppet modules even if they need fin
> grained customizations.
> > 
> 

Wanted to reply to both of these. I think this is what I'm aiming for.

I suspect our base apache configuration on all of our hosts of a single
distro ver are shockingly similar. However, I do not believe the base
apache config file that ships in rhel is limited enough.

So we'll probably need a minimal apache config and then a bunch of .conf
files included in. Which is, ostensibly, what we do now, but we've
abstracted that 2 or 3 layers more which is where the complexity is
coming from.

so I think I'm in favor of not using the classes (or subclasses as that
just means we end up going deeper into puppetisms when, realistically,
we should be doing more apache-isms since that is what we're actually
running)

If we have:

 httpd.conf
  and a simple site-include directive in puppet to pull in a dir/.conf
file.  

this makes it similar to how we lay things out on the systems now - but
makes our puppet configs look more like what things do look like on the
system. :)

thinking on this some more - seems like working on this for the rhel6
change over for our various servers is a good idea. Instead of trying to
force this back onto rhel5.

-sv

More information about the infrastructure mailing list