diff --git a/puppet/bootstrap-server.sh b/puppet/bootstrap-server.sh
index ca2e3b3..2f37424 100755
--- a/puppet/bootstrap-server.sh
+++ b/puppet/bootstrap-server.sh
@@ -1,12 +1,12 @@
#!/bin/sh
case $1 in
- apache|webrick)
+ apache|passenger|webrick)
SERVER=$1
;;
*)
- echo "usage: $0 apache|webrick" 1>&2
+ echo "usage: $0 apache|passenger|webrick" 1>&2
exit 1
;;
esac
@@ -56,8 +56,8 @@ EOF
include yum::repo::epel
EOF
- if [ "${SERVER}" = "apache" ]; then
- cat >> /etc/puppet/manifests/node/${FQDN}.pp << EOF
+ if [ "${SERVER}" = "apache" -o "${SERVER}" = "passenger" ]; then
+ cat >> /etc/puppet/manifests/node/${FQDN}.pp << EOF
include user::system
realize(User["httpsd"], Group["httpsd"])
diff --git a/puppet/manifests/init.pp b/puppet/manifests/init.pp
index b362722..9a09437 100644
--- a/puppet/manifests/init.pp
+++ b/puppet/manifests/init.pp
@@ -581,7 +581,7 @@ class puppet::server::apache {
include apache::sslserver
apache::configfile { "puppet.conf":
- content => template("puppet/puppet-httpd.conf.erb"),
+ content => template("puppet/mongrel-httpd.conf.erb"),
http => false,
}
case $::operatingsystem {
@@ -596,6 +596,43 @@ class puppet::server::apache {
}
+# Install and configure Puppet server using apache and passenger.
+#
+class puppet::server::passenger {
+
+ require puppet::server::common
+
+ include apache::sslserver
+ include apache::mod::passenger
+ apache::configfile { "puppet.conf":
+ content => template("puppet/passenger-httpd.conf.erb"),
+ http => false,
+ }
+ case $::operatingsystem {
+ "debian","ubuntu": {
+ include apache::mod::headers
+ }
+ }
+
+ file { [ "/var/lib/passenger/puppet",
+ "/var/lib/passenger/puppet/public",
+ "/var/lib/passenger/puppet/tmp", ]:
+ ensure => directory,
+ mode => "0755",
+ owner => "root",
+ group => "root",
+ }
+ file { "/var/lib/passenger/puppet/config.ru":
+ ensure => present,
+ mode => "0444",
+ owner => "puppet",
+ group => "puppet",
+ source => "puppet:///modules/puppet/puppet-config.ru",
+ }
+
+}
+
+
# Install and configure Puppet server using nginx and passenger.
#
class puppet::server::nginx::passenger {
diff --git a/puppet/templates/puppet-httpd.conf.erb b/puppet/templates/mongrel-httpd.conf.erb
similarity index 100%
rename from puppet/templates/puppet-httpd.conf.erb
rename to puppet/templates/mongrel-httpd.conf.erb
diff --git a/puppet/templates/passenger-httpd.conf.erb b/puppet/templates/passenger-httpd.conf.erb
new file mode 100644
index 0000000..2f0439a
--- /dev/null
+++ b/puppet/templates/passenger-httpd.conf.erb
@@ -0,0 +1,56 @@
+#
+# Load SSL module if not loaded
+#
+
+LoadModule ssl_module modules/mod_ssl.so
+
+
+# Listen to puppet port also
+Listen 8140
+
+##
+## Puppet Virtual Host
+##
+
+
+
+ # Use default log path for puppet
+ ErrorLog /srv/www/log/https/<%= homename %>/error_log
+ CustomLog /srv/www/log/https/<%= homename %>/access_log combined
+ LogLevel warn
+
+ # SSL settings
+ SSLEngine on
+ SSLProtocol TLSv1
+ SSLCipherSuite DHE-RSA-AES256-SHA
+
+ # Certificates and keys
+ SSLCertificateFile <%= puppet_ssldir %>/certs/<%= homename %>.pem
+ SSLCertificateKeyFile <%= puppet_ssldir %>/private_keys/<%= homename %>.pem
+ SSLCertificateChainFile <%= puppet_ssldir %>/certs/ca.pem
+ SSLCACertificateFile <%= puppet_ssldir %>/certs/ca.pem
+ SSLCARevocationFile <%= puppet_ssldir %>/ca/ca_crl.pem
+
+ # Client authentication
+ SSLVerifyClient optional
+ SSLVerifyDepth 1
+
+ # SSL options and headers
+ SSLOptions +StdEnvVars
+ RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
+ RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
+ RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
+
+ # Passenger settings
+ PassengerEnabled On
+ PassengerHighPerformance On
+ PassengerMaxRequests 1000
+ DocumentRoot /var/lib/passenger/puppet/public
+
+ Options None
+ AllowOverride None
+ Order Allow,Deny
+ Allow from All
+
+
+