tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

puppet: Initial support for Passenger on Apache

Browse source
This commit is contained in:
Ossi Salmi 2013-05-02 21:48:36 +03:00
parent e8251bae66
commit 2e3a2e5782
4 changed files with 98 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
puppet/bootstrap-server.sh
View file

@ -1,12 +1,12 @@
#!/bin/sh #!/bin/sh
case $1 in case $1 in
apache|webrick) apache|passenger|webrick)
SERVER=$1 SERVER=$1
;; ;;
*) *)
echo "usage: $0 apache|webrick" 1>&2 echo "usage: $0 apache|passenger|webrick" 1>&2
exit 1 exit 1
;; ;;
esac esac
@ -56,7 +56,7 @@ EOF
include yum::repo::epel include yum::repo::epel
EOF EOF
if [ "${SERVER}" = "apache" ]; then if [ "${SERVER}" = "apache" -o "${SERVER}" = "passenger" ]; then
cat >> /etc/puppet/manifests/node/${FQDN}.pp << EOF cat >> /etc/puppet/manifests/node/${FQDN}.pp << EOF
include user::system include user::system
realize(User["httpsd"], Group["httpsd"]) realize(User["httpsd"], Group["httpsd"])

39
puppet/manifests/init.pp
View file

@ -581,7 +581,7 @@ class puppet::server::apache {
include apache::sslserver include apache::sslserver
apache::configfile { "puppet.conf": apache::configfile { "puppet.conf":
content => template("puppet/puppet-httpd.conf.erb"), content => template("puppet/mongrel-httpd.conf.erb"),
http => false, http => false,
} }
case $::operatingsystem { case $::operatingsystem {
@ -596,6 +596,43 @@ class puppet::server::apache {
} }
# Install and configure Puppet server using apache and passenger.
#
class puppet::server::passenger {
require puppet::server::common
include apache::sslserver
include apache::mod::passenger
apache::configfile { "puppet.conf":
content => template("puppet/passenger-httpd.conf.erb"),
http => false,
}
case $::operatingsystem {
"debian","ubuntu": {
include apache::mod::headers
}
}
file { [ "/var/lib/passenger/puppet",
"/var/lib/passenger/puppet/public",
"/var/lib/passenger/puppet/tmp", ]:
ensure => directory,
mode => "0755",
owner => "root",
group => "root",
}
file { "/var/lib/passenger/puppet/config.ru":
ensure => present,
mode => "0444",
owner => "puppet",
group => "puppet",
source => "puppet:///modules/puppet/puppet-config.ru",
}
}
# Install and configure Puppet server using nginx and passenger. # Install and configure Puppet server using nginx and passenger.
# #
class puppet::server::nginx::passenger { class puppet::server::nginx::passenger {

0
puppet/templates/puppet-httpd.conf.erb → puppet/templates/mongrel-httpd.conf.erb
View file

56
puppet/templates/passenger-httpd.conf.erb Normal file
View file

@ -0,0 +1,56 @@
#
# Load SSL module if not loaded
#
<IfModule !mod_ssl.c>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>
# Listen to puppet port also
Listen 8140
##
## Puppet Virtual Host
##
<VirtualHost _default_:8140>
# Use default log path for puppet
ErrorLog /srv/www/log/https/<%= homename %>/error_log
CustomLog /srv/www/log/https/<%= homename %>/access_log combined
LogLevel warn
# SSL settings
SSLEngine on
SSLProtocol TLSv1
SSLCipherSuite DHE-RSA-AES256-SHA
# Certificates and keys
SSLCertificateFile <%= puppet_ssldir %>/certs/<%= homename %>.pem
SSLCertificateKeyFile <%= puppet_ssldir %>/private_keys/<%= homename %>.pem
SSLCertificateChainFile <%= puppet_ssldir %>/certs/ca.pem
SSLCACertificateFile <%= puppet_ssldir %>/certs/ca.pem
SSLCARevocationFile <%= puppet_ssldir %>/ca/ca_crl.pem
# Client authentication
SSLVerifyClient optional
SSLVerifyDepth 1
# SSL options and headers
SSLOptions +StdEnvVars
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
# Passenger settings
PassengerEnabled On
PassengerHighPerformance On
PassengerMaxRequests 1000
DocumentRoot /var/lib/passenger/puppet/public
<Directory "/var/lib/passenger/puppet">
Options None
AllowOverride None
Order Allow,Deny
Allow from All
</Directory>
</VirtualHost>