puppet: Initial support for Passenger on Apache

2013-05-02 21:48:36 +03:00 · 2013-05-02 21:48:36 +03:00 · 2e3a2e5782
commit 2e3a2e5782
parent e8251bae66
4 changed files with 98 additions and 5 deletions
--- a/puppet/bootstrap-server.sh
+++ b/puppet/bootstrap-server.sh
@ -1,12 +1,12 @@
 #!/bin/sh

 case $1 in
-    apache|webrick)
+    apache|passenger|webrick)
    SERVER=$1
    ;;

    *)
-    echo "usage: $0 apache|webrick" 1>&2
+    echo "usage: $0 apache|passenger|webrick" 1>&2
    exit 1
    ;;
 esac
@ -56,7 +56,7 @@ EOF
    include yum::repo::epel

 EOF
-        if [ "${SERVER}" = "apache" ]; then
+        if [ "${SERVER}" = "apache" -o "${SERVER}" = "passenger" ]; then
            cat >> /etc/puppet/manifests/node/${FQDN}.pp << EOF
    include user::system
    realize(User["httpsd"], Group["httpsd"])
--- a/puppet/manifests/init.pp
+++ b/puppet/manifests/init.pp
@ -581,7 +581,7 @@ class puppet::server::apache {

    include apache::sslserver
    apache::configfile { "puppet.conf":
-        content => template("puppet/puppet-httpd.conf.erb"),
+        content => template("puppet/mongrel-httpd.conf.erb"),
        http    => false,
    }
    case $::operatingsystem {
@ -596,6 +596,43 @@ class puppet::server::apache {
 }


+# Install and configure Puppet server using apache and passenger.
+#
+class puppet::server::passenger {
+
+    require puppet::server::common
+
+    include apache::sslserver
+    include apache::mod::passenger
+    apache::configfile { "puppet.conf":
+        content => template("puppet/passenger-httpd.conf.erb"),
+        http    => false,
+    }
+    case $::operatingsystem {
+        "debian","ubuntu": {
+            include apache::mod::headers
+        }
+    }
+
+    file { [ "/var/lib/passenger/puppet",
+             "/var/lib/passenger/puppet/public",
+             "/var/lib/passenger/puppet/tmp", ]:
+        ensure => directory,
+        mode   => "0755",
+        owner  => "root",
+        group  => "root",
+    }
+    file { "/var/lib/passenger/puppet/config.ru":
+        ensure => present,
+        mode   => "0444",
+        owner  => "puppet",
+        group  => "puppet",
+        source => "puppet:///modules/puppet/puppet-config.ru",
+    }
+
+}
+
+
 # Install and configure Puppet server using nginx and passenger.
 #
 class puppet::server::nginx::passenger {
--- a/puppet/templates/mongrel-httpd.conf.erb
+++ b/puppet/templates/mongrel-httpd.conf.erb
--- a/puppet/templates/passenger-httpd.conf.erb
+++ b/puppet/templates/passenger-httpd.conf.erb
@ -0,0 +1,56 @@
+#
+# Load SSL module if not loaded
+#
+<IfModule !mod_ssl.c>
+LoadModule ssl_module modules/mod_ssl.so
+</IfModule>
+
+# Listen to puppet port also
+Listen 8140
+
+##
+## Puppet Virtual Host
+##
+
+<VirtualHost _default_:8140>
+
+  # Use default log path for puppet
+  ErrorLog /srv/www/log/https/<%= homename %>/error_log
+  CustomLog /srv/www/log/https/<%= homename %>/access_log combined
+  LogLevel warn
+
+  # SSL settings
+  SSLEngine on
+  SSLProtocol TLSv1
+  SSLCipherSuite DHE-RSA-AES256-SHA
+
+  # Certificates and keys
+  SSLCertificateFile <%= puppet_ssldir %>/certs/<%= homename %>.pem
+  SSLCertificateKeyFile <%= puppet_ssldir %>/private_keys/<%= homename %>.pem
+  SSLCertificateChainFile <%= puppet_ssldir %>/certs/ca.pem
+  SSLCACertificateFile <%= puppet_ssldir %>/certs/ca.pem
+  SSLCARevocationFile <%= puppet_ssldir %>/ca/ca_crl.pem
+
+  # Client authentication
+  SSLVerifyClient optional
+  SSLVerifyDepth 1
+
+  # SSL options and headers
+  SSLOptions +StdEnvVars
+  RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
+  RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
+  RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
+
+  # Passenger settings
+  PassengerEnabled On
+  PassengerHighPerformance On
+  PassengerMaxRequests 1000
+  DocumentRoot /var/lib/passenger/puppet/public
+  <Directory "/var/lib/passenger/puppet">
+      Options None
+      AllowOverride None
+      Order Allow,Deny
+      Allow from All
+  </Directory>
+
+</VirtualHost>