diff --git a/puppet/files/puppet-config.ru b/puppet/files/puppet-config.ru new file mode 100644 index 0000000..d91ae7b --- /dev/null +++ b/puppet/files/puppet-config.ru @@ -0,0 +1,16 @@ +# a config.ru, for use with every rack-compatible webserver. +# SSL needs to be handled outside this, though. + +# if puppet is not in your RUBYLIB: +# $:.unshift('/opt/puppet/lib') + +$0 = "master" + +# if you want debugging: +#ARGV << "--debug" + +ARGV << "--rack" +require 'puppet/application/master' +# we're usually running inside a Rack::Builder.new {} block, +# therefore we need to call run *here*. +run Puppet::Application[:master].run diff --git a/puppet/manifests/init.pp b/puppet/manifests/init.pp index 065ef95..5f8502b 100644 --- a/puppet/manifests/init.pp +++ b/puppet/manifests/init.pp @@ -47,6 +47,7 @@ class puppet::client { case $operatingsystem { openbsd: { service { "puppet": + name => "puppetd", ensure => running, enable => true, start => $operatingsystemrelease ? { @@ -57,7 +58,6 @@ class puppet::client { /4\.[1-6]/ => "/usr/bin/pkill -HUP -f /usr/local/bin/puppetd", default => "/usr/bin/pkill -HUP -f /usr/local/sbin/puppetd", }, - pattern => puppetd, subscribe => File["/etc/puppet/puppet.conf"], } } @@ -156,6 +156,17 @@ class puppet::server { # class puppet::server::common inherits puppet::client { + case $operatingsystem { + "openbsd": { + $user = "_puppet" + $group = "_puppet" + } + default: { + $user = "puppet" + $group = "puppet" + } + } + case $puppet_storeconfigs { "": { $puppet_storeconfigs = "thin" } "thin","full","none": { } @@ -168,6 +179,7 @@ class puppet::server::common inherits puppet::client { name => $operatingsystem ? { debian => "puppetmaster", ubuntu => "puppetmaster", + openbsd => "ruby-puppet", default => "puppet-server", }, ensure => installed, @@ -196,14 +208,18 @@ class puppet::server::common inherits puppet::client { package { [ "rails", regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'libsqlite3-ruby\1'), ]: ensure => installed, - before => Service["puppetmaster"], + } + } + "openbsd": { + package { [ "ruby-rails", + "ruby-sqlite3", ]: + ensure => installed, } } default: { package { [ "rubygem-rails", "rubygem-sqlite3-ruby", ]: ensure => installed, - before => Service["puppetmaster"], } } } @@ -213,6 +229,7 @@ class puppet::server::common inherits puppet::client { name => $operatingsystem ? { debian => regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'librrd-ruby\1'), ubuntu => regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'librrd-ruby\1'), + openbsd => "ruby-rrd", default => "ruby-RRDtool", }, ensure => installed, @@ -223,7 +240,10 @@ class puppet::server::common inherits puppet::client { ensure => directory, mode => 0755, owner => root, - group => root, + group => $operatingsystem ? { + "openbsd" => "wheel", + default => "root", + }, require => Package["puppetmaster"], } file { "/srv/puppet": @@ -236,7 +256,10 @@ class puppet::server::common inherits puppet::client { ensure => directory, mode => 0755, owner => root, - group => root, + group => $operatingsystem ? { + "openbsd" => "wheel", + default => "root", + }, require => Package["puppetmaster"], } } @@ -245,10 +268,9 @@ class puppet::server::common inherits puppet::client { file { "/srv/puppet/storeconfigs": ensure => directory, mode => 0750, - owner => puppet, - group => puppet, + owner => $user, + group => $group, require => File["/srv/puppet"], - before => Service["puppetmaster"], } } file { [ "/srv/puppet/bucket", @@ -256,35 +278,37 @@ class puppet::server::common inherits puppet::client { "/srv/puppet/rrd", ]: ensure => directory, mode => 0750, - owner => puppet, - group => puppet, + owner => $user, + group => $group, require => File["/srv/puppet"], - before => Service["puppetmaster"], } file { [ "/srv/puppet/files", "/srv/puppet/templates" ]: ensure => directory, mode => 0755, owner => root, - group => root, + group => $operatingsystem ? { + "openbsd" => "wheel", + default => "root", + }, require => File["/srv/puppet"], - before => Service["puppetmaster"], } file { "/srv/puppet/files/common": ensure => directory, mode => 0755, owner => root, - group => root, + group => $operatingsystem ? { + "openbsd" => "wheel", + default => "root", + }, require => File["/srv/puppet/files"], - before => Service["puppetmaster"], } file { "/srv/puppet/files/private": ensure => directory, mode => 0750, owner => root, - group => puppet, + group => $group, require => File["/srv/puppet/files"], - before => Service["puppetmaster"], } File["/etc/puppet/puppet.conf"] { @@ -298,7 +322,10 @@ class puppet::server::common inherits puppet::client { "puppet:///modules/puppet/tagmail.conf", ], mode => 0644, owner => root, - group => root, + group => $operatingsystem ? { + "openbsd" => "wheel", + default => "root", + }, require => Package["puppetmaster"], } @@ -309,21 +336,25 @@ class puppet::server::common inherits puppet::client { "puppet:///modules/puppet/fileserver.conf", ], mode => 0644, owner => root, - group => root, + group => $operatingsystem ? { + "openbsd" => "wheel", + default => "root", + }, require => Package["puppetmaster"], - notify => Service["puppetmaster"], } - if !$puppet_report_maxage { - $puppet_report_maxage = "720" - } - file { "/etc/cron.daily/puppet-report-cleanup": - ensure => present, - content => template("puppet/puppet-report-cleanup.erb"), - mode => 0755, - owner => root, - group => root, - require => File["/srv/puppet/reports"], + if $operatingsystem != "OpenBSD" { + if !$puppet_report_maxage { + $puppet_report_maxage = "720" + } + file { "/etc/cron.daily/puppet-report-cleanup": + ensure => present, + content => template("puppet/puppet-report-cleanup.erb"), + mode => 0755, + owner => root, + group => root, + require => File["/srv/puppet/reports"], + } } } @@ -337,7 +368,9 @@ class puppet::server::common inherits puppet::client { # Array containing ports that puppetmaster should listen to. Defaults to # [ "18140", "18141", "18142", "18143", ]. # -class puppet::server::mongrel inherits puppet::server::common { +class puppet::server::mongrel { + + require puppet::server::common if ! $puppet_listenports { $puppet_listenports = [ "18140", "18141", "18142", "18143", ] @@ -351,7 +384,8 @@ class puppet::server::mongrel inherits puppet::server::common { enable => true, hasstatus => true, require => Package["puppetmaster", "mongrel"], - subscribe => File["/etc/puppet/puppet.conf"], + subscribe => File["/etc/puppet/fileserver.conf", + "/etc/puppet/puppet.conf"], } case $operatingsystem { @@ -382,13 +416,14 @@ class puppet::server::mongrel inherits puppet::server::common { # Install and configure Puppet server using apache as proxy server. # -class puppet::server::apache inherits puppet::server::mongrel { +class puppet::server::apache { + + require puppet::server::mongrel include apache::sslserver apache::configfile { "puppet.conf": content => template("puppet/puppet-httpd.conf.erb"), http => false, - require => Service["puppetmaster"], } case $operatingsystem { debian,ubuntu: { @@ -402,6 +437,20 @@ class puppet::server::apache inherits puppet::server::mongrel { } +# Install and configure Puppet server using nginx and passenger. +# +class puppet::server::nginx::passenger { + + require puppet::server::common + + include ::nginx::passenger + nginx::configfile { "puppet.conf": + content => template("puppet/puppet-passenger.conf.erb"), + } + +} + + # Install and configure opencollab-puppet-uploader. # # === Global variables diff --git a/puppet/templates/puppet-passenger.conf.erb b/puppet/templates/puppet-passenger.conf.erb new file mode 100644 index 0000000..2660c25 --- /dev/null +++ b/puppet/templates/puppet-passenger.conf.erb @@ -0,0 +1,22 @@ +server { + server_name puppet; + listen 8140 default ssl; + ssl_certificate <%= puppet_ssldir %>/certs/<%= homename %>.pem; + ssl_certificate_key <%= puppet_ssldir %>/private_keys/<%= homename %>.pem; + ssl_client_certificate <%= puppet_ssldir %>/certs/ca.pem; + ssl_crl <%= puppet_ssldir %>/ca/ca_crl.pem; + ssl_protocols SSLv3 TLSv1; + ssl_ciphers HIGH:+MEDIUM; + ssl_prefer_server_ciphers on; + ssl_verify_client optional; + ssl_verify_depth 1; + ssl_session_cache shared:SSL:8m; + ssl_session_timeout 5m; + + passenger_enabled on; + rails_env production; + root /var/nginx/puppet/public; + + passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn; + passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify; +}