From 3691a94efed823adad17282b79f9ba6745d3b1ed Mon Sep 17 00:00:00 2001
From: Alex Vandiver <alexmv@zulip.com>
Date: Wed, 8 Jul 2020 22:24:41 +0000
Subject: [PATCH] puppet: Configure munin and nagios under apache with puppet.

This swaps in the actually-in-use munin configuiration file;
otherwise, it is an implementation of the configuration as it exists
on the machine.
---
 puppet/zulip/lib/puppet/type/apache2conf.rb | 21 ++++++
 puppet/zulip_ops/files/munin/apache.conf    | 82 +--------------------
 puppet/zulip_ops/manifests/apache.pp        |  5 ++
 puppet/zulip_ops/manifests/munin_server.pp  | 17 ++++-
 puppet/zulip_ops/manifests/nagios.pp        | 33 +++++----
 5 files changed, 61 insertions(+), 97 deletions(-)
 create mode 100644 puppet/zulip/lib/puppet/type/apache2conf.rb

diff --git a/puppet/zulip/lib/puppet/type/apache2conf.rb b/puppet/zulip/lib/puppet/type/apache2conf.rb
new file mode 100644
index 0000000000..6e8c014f7a
--- /dev/null
+++ b/puppet/zulip/lib/puppet/type/apache2conf.rb
@@ -0,0 +1,21 @@
+Puppet::Type.newtype(:apache2conf) do
+    ensurable
+    newparam(:name) do
+       desc "The name of the conf to enable"
+       isnamevar
+    end
+end
+
+Puppet::Type.type(:apache2conf).provide(:apache2conf) do
+  def exists?
+    File.exists?("/etc/apache2/conf-enabled/" + resource[:name] + ".conf")
+  end
+
+  def create
+    system("a2enconf #{@resource[:name]}")
+  end
+
+  def destroy
+    system("a2disconf #{@resource[:name]}")
+  end
+end
diff --git a/puppet/zulip_ops/files/munin/apache.conf b/puppet/zulip_ops/files/munin/apache.conf
index 69de0d756b..07dc73a68c 100644
--- a/puppet/zulip_ops/files/munin/apache.conf
+++ b/puppet/zulip_ops/files/munin/apache.conf
@@ -1,88 +1,12 @@
-# Enable this for template generation
 Alias /munin /var/cache/munin/www
-
-# Enable this for cgi-based templates
-#Alias /munin-cgi/static /var/cache/munin/www/static
-#ScriptAlias /munin-cgi /usr/lib/munin/cgi/munin-cgi-html
-#<Location /munin-cgi>
-#	Order allow,deny
-#	Allow from localhost 127.0.0.0/8 ::1
-#	AuthUserFile /etc/munin/munin-htpasswd
-#	AuthName "Munin"
-#	AuthType Basic
-#	require valid-user
-#</Location>
-
 <Directory /var/cache/munin/www>
-        Order allow,deny
-        Allow from localhost 127.0.0.0/8 ::1
-        Options None
-
-	# This file can be used as a .htaccess file, or a part of your apache
-	# config file.
-	#
-	# For the .htaccess file option to work the munin www directory
-	# (/var/cache/munin/www) must have "AllowOverride all" or something
-	# close to that set.
-	#
-
-        AuthType Digest
-        AuthName "monitoring"
-        AuthDigestProvider file
-        AuthUserFile /etc/apache2/users/monitoring
-        Require valid-user
-
-	# This next part requires mod_expires to be enabled.
-	#
-
-	# Set the default expiration time for files to 5 minutes 10 seconds from
-	# their creation (modification) time.  There are probably new files by
-	# that time.
-	#
-
-    <IfModule mod_expires.c>
-        ExpiresActive On
-    	ExpiresDefault M310
-    </IfModule>
-
+	Require local
+	Options None
 </Directory>
 
-# Enables fastcgi for munin-cgi-html if present
-#<Location /munin-cgi>
-#    <IfModule mod_fastcgi.c>
-#        SetHandler fastcgi-script
-#    </IfModule>
-#</Location>
-
-#<Location /munin-cgi/static>
-#	SetHandler None
-#</Location>
-
-# Enables fastcgi for munin-cgi-graph if present
 ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph
 <Location /munin-cgi/munin-cgi-graph>
-        AuthType Digest
-        AuthName "monitoring"
-        AuthDigestProvider file
-        AuthUserFile /etc/apache2/users/monitoring
-        Require valid-user
-
-	<IfModule mod_fcgid.c>
-	    SetHandler fcgid-script
-	</IfModule>
-	<IfModule !mod_fcgid.c>
-	    SetHandler cgi-script
-	</IfModule>
-</Location>
-
-ScriptAlias /munin-cgi/munin-cgi-html /usr/lib/munin/cgi/munin-cgi-html
-<Location /munin-cgi/munin-cgi-html>
-        AuthType Digest
-        AuthName "monitoring"
-        AuthDigestProvider file
-        AuthUserFile /etc/apache2/users/monitoring
-        Require valid-user
-
+	Require local
 	<IfModule mod_fcgid.c>
 	    SetHandler fcgid-script
 	</IfModule>
diff --git a/puppet/zulip_ops/manifests/apache.pp b/puppet/zulip_ops/manifests/apache.pp
index 5b3d6ea210..5055a25764 100644
--- a/puppet/zulip_ops/manifests/apache.pp
+++ b/puppet/zulip_ops/manifests/apache.pp
@@ -4,10 +4,14 @@ class zulip_ops::apache {
                       'libapache2-mod-wsgi',
                       ]
   package { $apache_packages: ensure => 'installed' }
+  service { 'apache2':
+    require => Package['apache2'],
+  }
 
   apache2mod { [ 'headers', 'proxy', 'proxy_http', 'rewrite', 'auth_digest', 'ssl' ]:
     ensure  => present,
     require => Package['apache2'],
+    notify  => Service['apache2'],
   }
 
   file { '/etc/apache2/users/':
@@ -42,6 +46,7 @@ class zulip_ops::apache {
     group   => 'root',
     mode    => '0640',
     source  => 'puppet:///modules/zulip_ops/apache/ports.conf',
+    notify  => Service['apache2'],
   }
 
   file { '/etc/apache2/sites-available/':
diff --git a/puppet/zulip_ops/manifests/munin_server.pp b/puppet/zulip_ops/manifests/munin_server.pp
index 65df686170..b3ecb87462 100644
--- a/puppet/zulip_ops/manifests/munin_server.pp
+++ b/puppet/zulip_ops/manifests/munin_server.pp
@@ -1,5 +1,6 @@
 class zulip_ops::munin_server {
   include zulip_ops::base
+  include zulip_ops::apache
   include zulip::supervisor
 
   $munin_packages = [
@@ -17,8 +18,20 @@ class zulip_ops::munin_server {
     owner   => 'root',
     group   => 'root',
     mode    => '0644',
-    source  => 'puppet:///modules/zulip_ops/munin/apache.conf'
-    notify  => Service['munin-node'],
+    source  => 'puppet:///modules/zulip_ops/munin/apache.conf',
+    notify  => Service['apache2'],
+  }
+
+  file { '/etc/apache2/conf-available/munin.conf':
+    ensure  => link,
+    target  => '/etc/munin/apache.conf',
+    require => File['/etc/munin/apache.conf'],
+  }
+
+  apache2conf { 'munin':
+    ensure  => present,
+    require => File['/etc/apache2/conf-available/munin.conf'],
+    notify  => Service['apache2'],
   }
 
   file { '/etc/munin/munin.conf':
diff --git a/puppet/zulip_ops/manifests/nagios.pp b/puppet/zulip_ops/manifests/nagios.pp
index a8c3a2f488..312e6e870d 100644
--- a/puppet/zulip_ops/manifests/nagios.pp
+++ b/puppet/zulip_ops/manifests/nagios.pp
@@ -31,13 +31,6 @@ class zulip_ops::nagios {
   $hosts_stats = split(zulipconf('nagios', 'hosts_stats', undef), ',')
   $hosts_fullstack = split(zulipconf('nagios', 'hosts_fullstack', undef), ',')
 
-  apache2site { 'nagios':
-    ensure  => present,
-    require => [File['/etc/apache2/sites-available/'],
-                Apache2mod['headers'], Apache2mod['ssl'],
-                ],
-  }
-
   file { '/etc/nagios3/':
     recurse => true,
     purge   => false,
@@ -49,6 +42,23 @@ class zulip_ops::nagios {
     notify  => Service['nagios3'],
   }
 
+  file { '/etc/apache2/sites-available/nagios.conf':
+    purge   => false,
+    require => Package[apache2],
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0640',
+    content => template('zulip_ops/nagios_apache_site.conf.template.erb'),
+  }
+  apache2site { 'nagios':
+    ensure  => present,
+    require => [
+      File['/etc/apache2/sites-available/nagios.conf'],
+      Apache2mod['headers'], Apache2mod['ssl'],
+    ],
+    notify  => Service['apache2'],
+  }
+
   file { '/etc/nagios3/conf.d/contacts.cfg':
     require => Package[nagios3],
     owner   => 'root',
@@ -135,14 +145,5 @@ class zulip_ops::nagios {
     notify  => Service['nagios3'],
   }
 
-  file { '/etc/apache2/sites-available/nagios.conf':
-    recurse => true,
-    purge   => false,
-    require => Package[apache2],
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0640',
-    content => template('zulip_ops/nagios_apache_site.conf.template.erb'),
-  }
   # TODO: Install our API
 }