From 2e3a2e57829546a2f88afcf8c251f78c8ad3ac32 Mon Sep 17 00:00:00 2001
From: Ossi Salmi <osalmi@iki.fi>
Date: Thu, 2 May 2013 21:48:36 +0300
Subject: [PATCH] puppet: Initial support for Passenger on Apache

---
 puppet/bootstrap-server.sh                    |  8 +--
 puppet/manifests/init.pp                      | 39 ++++++++++++-
 ...-httpd.conf.erb => mongrel-httpd.conf.erb} |  0
 puppet/templates/passenger-httpd.conf.erb     | 56 +++++++++++++++++++
 4 files changed, 98 insertions(+), 5 deletions(-)
 rename puppet/templates/{puppet-httpd.conf.erb => mongrel-httpd.conf.erb} (100%)
 create mode 100644 puppet/templates/passenger-httpd.conf.erb

diff --git a/puppet/bootstrap-server.sh b/puppet/bootstrap-server.sh
index ca2e3b3..2f37424 100755
--- a/puppet/bootstrap-server.sh
+++ b/puppet/bootstrap-server.sh
@@ -1,12 +1,12 @@
 #!/bin/sh
 
 case $1 in
-    apache|webrick)
+    apache|passenger|webrick)
     SERVER=$1
     ;;
 
     *)
-    echo "usage: $0 apache|webrick" 1>&2
+    echo "usage: $0 apache|passenger|webrick" 1>&2
     exit 1
     ;;
 esac
@@ -56,8 +56,8 @@ EOF
     include yum::repo::epel
 
 EOF
-        if [ "${SERVER}" = "apache" ]; then
-        cat >> /etc/puppet/manifests/node/${FQDN}.pp << EOF
+        if [ "${SERVER}" = "apache" -o "${SERVER}" = "passenger" ]; then
+            cat >> /etc/puppet/manifests/node/${FQDN}.pp << EOF
     include user::system
     realize(User["httpsd"], Group["httpsd"])
 
diff --git a/puppet/manifests/init.pp b/puppet/manifests/init.pp
index b362722..9a09437 100644
--- a/puppet/manifests/init.pp
+++ b/puppet/manifests/init.pp
@@ -581,7 +581,7 @@ class puppet::server::apache {
 
     include apache::sslserver
     apache::configfile { "puppet.conf":
-        content => template("puppet/puppet-httpd.conf.erb"),
+        content => template("puppet/mongrel-httpd.conf.erb"),
         http    => false,
     }
     case $::operatingsystem {
@@ -596,6 +596,43 @@ class puppet::server::apache {
 }
 
 
+# Install and configure Puppet server using apache and passenger.
+#
+class puppet::server::passenger {
+
+    require puppet::server::common
+
+    include apache::sslserver
+    include apache::mod::passenger
+    apache::configfile { "puppet.conf":
+        content => template("puppet/passenger-httpd.conf.erb"),
+        http    => false,
+    }
+    case $::operatingsystem {
+        "debian","ubuntu": {
+            include apache::mod::headers
+        }
+    }
+
+    file { [ "/var/lib/passenger/puppet",
+             "/var/lib/passenger/puppet/public",
+             "/var/lib/passenger/puppet/tmp", ]:
+        ensure => directory,
+        mode   => "0755",
+        owner  => "root",
+        group  => "root",
+    }
+    file { "/var/lib/passenger/puppet/config.ru":
+        ensure => present,
+        mode   => "0444",
+        owner  => "puppet",
+        group  => "puppet",
+        source => "puppet:///modules/puppet/puppet-config.ru",
+    }
+
+}
+
+
 # Install and configure Puppet server using nginx and passenger.
 #
 class puppet::server::nginx::passenger {
diff --git a/puppet/templates/puppet-httpd.conf.erb b/puppet/templates/mongrel-httpd.conf.erb
similarity index 100%
rename from puppet/templates/puppet-httpd.conf.erb
rename to puppet/templates/mongrel-httpd.conf.erb
diff --git a/puppet/templates/passenger-httpd.conf.erb b/puppet/templates/passenger-httpd.conf.erb
new file mode 100644
index 0000000..2f0439a
--- /dev/null
+++ b/puppet/templates/passenger-httpd.conf.erb
@@ -0,0 +1,56 @@
+#
+# Load SSL module if not loaded
+#
+<IfModule !mod_ssl.c>
+LoadModule ssl_module modules/mod_ssl.so
+</IfModule>
+
+# Listen to puppet port also
+Listen 8140
+
+##
+## Puppet Virtual Host
+##
+
+<VirtualHost _default_:8140>
+
+  # Use default log path for puppet
+  ErrorLog /srv/www/log/https/<%= homename %>/error_log
+  CustomLog /srv/www/log/https/<%= homename %>/access_log combined
+  LogLevel warn
+
+  # SSL settings
+  SSLEngine on
+  SSLProtocol TLSv1
+  SSLCipherSuite DHE-RSA-AES256-SHA
+
+  # Certificates and keys
+  SSLCertificateFile <%= puppet_ssldir %>/certs/<%= homename %>.pem
+  SSLCertificateKeyFile <%= puppet_ssldir %>/private_keys/<%= homename %>.pem
+  SSLCertificateChainFile <%= puppet_ssldir %>/certs/ca.pem
+  SSLCACertificateFile <%= puppet_ssldir %>/certs/ca.pem
+  SSLCARevocationFile <%= puppet_ssldir %>/ca/ca_crl.pem
+
+  # Client authentication
+  SSLVerifyClient optional
+  SSLVerifyDepth 1
+
+  # SSL options and headers
+  SSLOptions +StdEnvVars
+  RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
+  RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
+  RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
+
+  # Passenger settings
+  PassengerEnabled On
+  PassengerHighPerformance On
+  PassengerMaxRequests 1000
+  DocumentRoot /var/lib/passenger/puppet/public
+  <Directory "/var/lib/passenger/puppet">
+      Options None
+      AllowOverride None
+      Order Allow,Deny
+      Allow from All
+  </Directory>
+
+</VirtualHost>