Add support for mellon auth

[bp85]

• Add proxy_server configuration option for ood_portal.yml
• Install apache packages required for mellon
• creates a script to generate metadata and certs
• Add mellon configs

[bp85]

@treydock I've been using this in prod for well over an year, finally got around to push it upstream.

[treydock]

@bp85 Generally I don't recommend deploying things that require manual steps, that somewhat defeats the purpose of Puppet. I think one way to achieve full automation is this:

exec { '/usr/local/bin/mellon_ood_metadata.sh':
  creates => [
    "${apache::httpd_dir}/mellon/mellon.cert",
    "${apache::httpd_dir}/mellon/mellon.key",
    "${apache::httpd_dir}/mellon/mellon_metadata.xml",
  ],
  require => File['/usr/local/bin/mellon_ood_metadata.sh'],
  notify   => Class['apache::service'],
}

[treydock]

I also see some hardcoded paths for Mellon defaults while other places use variables from Apache module. I think all paths should be defined in init.pp , and referenced downstream in various places using maybe the mellon_merged_config variable. This helps ensure if someone changes a variable, for example in this module or Apache module, the things using that path will also reflect that change.

[bp85]

@treydock Let me know if this looks good or need any more changes.

[treydock]

Left a few comments, as I think some changes made to this module in past few months are going to conflict with older changes here.

[bp85]

Left a few comments, as I think some changes made to this module in past few months are going to conflict with older changes here.

@treydock can you review this PR again? I've made a few more changes accordingly.

[bp85]

@treydock just checking in if you got time to review this!

[bp85]

@treydock Can you check and let me know if you can merge this

[treydock]

This variable doesn't seem to be defined anywhere.

[treydock]

I made commits to fix some of the lint issues but the undefined variable for auth_mellon_package I'm not sure how to solve as I don't know the correct package name. If the package name doesn't need to be changed, I'd recommend just don't pass anything to package for the auth_mellon apache::mod defined type.