Added support for puppetmaster on OpenBSD using nxing and passenger
This commit is contained in:
Ossi Salmi
parent
0b4d310656
commit
78d6eddb2c
3 changed files with 121 additions and 34 deletions
16
puppet/files/puppet-config.ru
Normal file
16
puppet/files/puppet-config.ru
Normal file
|
|
@ -0,0 +1,16 @@
|
||||||
|
# a config.ru, for use with every rack-compatible webserver.
|
||||||
|
# SSL needs to be handled outside this, though.
|
||||||
|
|
||||||
|
# if puppet is not in your RUBYLIB:
|
||||||
|
# $:.unshift('/opt/puppet/lib')
|
||||||
|
|
||||||
|
$0 = "master"
|
||||||
|
|
||||||
|
# if you want debugging:
|
||||||
|
#ARGV << "--debug"
|
||||||
|
|
||||||
|
ARGV << "--rack"
|
||||||
|
require 'puppet/application/master'
|
||||||
|
# we're usually running inside a Rack::Builder.new {} block,
|
||||||
|
# therefore we need to call run *here*.
|
||||||
|
run Puppet::Application[:master].run
|
||||||
|
|
@ -47,6 +47,7 @@ class puppet::client {
|
||||||
case $operatingsystem {
|
case $operatingsystem {
|
||||||
openbsd: {
|
openbsd: {
|
||||||
service { "puppet":
|
service { "puppet":
|
||||||
|
name => "puppetd",
|
||||||
ensure => running,
|
ensure => running,
|
||||||
enable => true,
|
enable => true,
|
||||||
start => $operatingsystemrelease ? {
|
start => $operatingsystemrelease ? {
|
||||||
|
|
@ -57,7 +58,6 @@ class puppet::client {
|
||||||
/4\.[1-6]/ => "/usr/bin/pkill -HUP -f /usr/local/bin/puppetd",
|
/4\.[1-6]/ => "/usr/bin/pkill -HUP -f /usr/local/bin/puppetd",
|
||||||
default => "/usr/bin/pkill -HUP -f /usr/local/sbin/puppetd",
|
default => "/usr/bin/pkill -HUP -f /usr/local/sbin/puppetd",
|
||||||
},
|
},
|
||||||
pattern => puppetd,
|
|
||||||
subscribe => File["/etc/puppet/puppet.conf"],
|
subscribe => File["/etc/puppet/puppet.conf"],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -156,6 +156,17 @@ class puppet::server {
|
||||||
#
|
#
|
||||||
class puppet::server::common inherits puppet::client {
|
class puppet::server::common inherits puppet::client {
|
||||||
|
|
||||||
|
case $operatingsystem {
|
||||||
|
"openbsd": {
|
||||||
|
$user = "_puppet"
|
||||||
|
$group = "_puppet"
|
||||||
|
}
|
||||||
|
default: {
|
||||||
|
$user = "puppet"
|
||||||
|
$group = "puppet"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
case $puppet_storeconfigs {
|
case $puppet_storeconfigs {
|
||||||
"": { $puppet_storeconfigs = "thin" }
|
"": { $puppet_storeconfigs = "thin" }
|
||||||
"thin","full","none": { }
|
"thin","full","none": { }
|
||||||
|
|
@ -168,6 +179,7 @@ class puppet::server::common inherits puppet::client {
|
||||||
name => $operatingsystem ? {
|
name => $operatingsystem ? {
|
||||||
debian => "puppetmaster",
|
debian => "puppetmaster",
|
||||||
ubuntu => "puppetmaster",
|
ubuntu => "puppetmaster",
|
||||||
|
openbsd => "ruby-puppet",
|
||||||
default => "puppet-server",
|
default => "puppet-server",
|
||||||
},
|
},
|
||||||
ensure => installed,
|
ensure => installed,
|
||||||
|
|
@ -196,14 +208,18 @@ class puppet::server::common inherits puppet::client {
|
||||||
package { [ "rails",
|
package { [ "rails",
|
||||||
regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'libsqlite3-ruby\1'), ]:
|
regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'libsqlite3-ruby\1'), ]:
|
||||||
ensure => installed,
|
ensure => installed,
|
||||||
before => Service["puppetmaster"],
|
}
|
||||||
|
}
|
||||||
|
"openbsd": {
|
||||||
|
package { [ "ruby-rails",
|
||||||
|
"ruby-sqlite3", ]:
|
||||||
|
ensure => installed,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
default: {
|
default: {
|
||||||
package { [ "rubygem-rails",
|
package { [ "rubygem-rails",
|
||||||
"rubygem-sqlite3-ruby", ]:
|
"rubygem-sqlite3-ruby", ]:
|
||||||
ensure => installed,
|
ensure => installed,
|
||||||
before => Service["puppetmaster"],
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -213,6 +229,7 @@ class puppet::server::common inherits puppet::client {
|
||||||
name => $operatingsystem ? {
|
name => $operatingsystem ? {
|
||||||
debian => regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'librrd-ruby\1'),
|
debian => regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'librrd-ruby\1'),
|
||||||
ubuntu => regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'librrd-ruby\1'),
|
ubuntu => regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'librrd-ruby\1'),
|
||||||
|
openbsd => "ruby-rrd",
|
||||||
default => "ruby-RRDtool",
|
default => "ruby-RRDtool",
|
||||||
},
|
},
|
||||||
ensure => installed,
|
ensure => installed,
|
||||||
|
|
@ -223,7 +240,10 @@ class puppet::server::common inherits puppet::client {
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
mode => 0755,
|
mode => 0755,
|
||||||
owner => root,
|
owner => root,
|
||||||
group => root,
|
group => $operatingsystem ? {
|
||||||
|
"openbsd" => "wheel",
|
||||||
|
default => "root",
|
||||||
|
},
|
||||||
require => Package["puppetmaster"],
|
require => Package["puppetmaster"],
|
||||||
}
|
}
|
||||||
file { "/srv/puppet":
|
file { "/srv/puppet":
|
||||||
|
|
@ -236,7 +256,10 @@ class puppet::server::common inherits puppet::client {
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
mode => 0755,
|
mode => 0755,
|
||||||
owner => root,
|
owner => root,
|
||||||
group => root,
|
group => $operatingsystem ? {
|
||||||
|
"openbsd" => "wheel",
|
||||||
|
default => "root",
|
||||||
|
},
|
||||||
require => Package["puppetmaster"],
|
require => Package["puppetmaster"],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -245,10 +268,9 @@ class puppet::server::common inherits puppet::client {
|
||||||
file { "/srv/puppet/storeconfigs":
|
file { "/srv/puppet/storeconfigs":
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
mode => 0750,
|
mode => 0750,
|
||||||
owner => puppet,
|
owner => $user,
|
||||||
group => puppet,
|
group => $group,
|
||||||
require => File["/srv/puppet"],
|
require => File["/srv/puppet"],
|
||||||
before => Service["puppetmaster"],
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
file { [ "/srv/puppet/bucket",
|
file { [ "/srv/puppet/bucket",
|
||||||
|
|
@ -256,35 +278,37 @@ class puppet::server::common inherits puppet::client {
|
||||||
"/srv/puppet/rrd", ]:
|
"/srv/puppet/rrd", ]:
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
mode => 0750,
|
mode => 0750,
|
||||||
owner => puppet,
|
owner => $user,
|
||||||
group => puppet,
|
group => $group,
|
||||||
require => File["/srv/puppet"],
|
require => File["/srv/puppet"],
|
||||||
before => Service["puppetmaster"],
|
|
||||||
}
|
}
|
||||||
file { [ "/srv/puppet/files",
|
file { [ "/srv/puppet/files",
|
||||||
"/srv/puppet/templates" ]:
|
"/srv/puppet/templates" ]:
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
mode => 0755,
|
mode => 0755,
|
||||||
owner => root,
|
owner => root,
|
||||||
group => root,
|
group => $operatingsystem ? {
|
||||||
|
"openbsd" => "wheel",
|
||||||
|
default => "root",
|
||||||
|
},
|
||||||
require => File["/srv/puppet"],
|
require => File["/srv/puppet"],
|
||||||
before => Service["puppetmaster"],
|
|
||||||
}
|
}
|
||||||
file { "/srv/puppet/files/common":
|
file { "/srv/puppet/files/common":
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
mode => 0755,
|
mode => 0755,
|
||||||
owner => root,
|
owner => root,
|
||||||
group => root,
|
group => $operatingsystem ? {
|
||||||
|
"openbsd" => "wheel",
|
||||||
|
default => "root",
|
||||||
|
},
|
||||||
require => File["/srv/puppet/files"],
|
require => File["/srv/puppet/files"],
|
||||||
before => Service["puppetmaster"],
|
|
||||||
}
|
}
|
||||||
file { "/srv/puppet/files/private":
|
file { "/srv/puppet/files/private":
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
mode => 0750,
|
mode => 0750,
|
||||||
owner => root,
|
owner => root,
|
||||||
group => puppet,
|
group => $group,
|
||||||
require => File["/srv/puppet/files"],
|
require => File["/srv/puppet/files"],
|
||||||
before => Service["puppetmaster"],
|
|
||||||
}
|
}
|
||||||
|
|
||||||
File["/etc/puppet/puppet.conf"] {
|
File["/etc/puppet/puppet.conf"] {
|
||||||
|
|
@ -298,7 +322,10 @@ class puppet::server::common inherits puppet::client {
|
||||||
"puppet:///modules/puppet/tagmail.conf", ],
|
"puppet:///modules/puppet/tagmail.conf", ],
|
||||||
mode => 0644,
|
mode => 0644,
|
||||||
owner => root,
|
owner => root,
|
||||||
group => root,
|
group => $operatingsystem ? {
|
||||||
|
"openbsd" => "wheel",
|
||||||
|
default => "root",
|
||||||
|
},
|
||||||
require => Package["puppetmaster"],
|
require => Package["puppetmaster"],
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -309,21 +336,25 @@ class puppet::server::common inherits puppet::client {
|
||||||
"puppet:///modules/puppet/fileserver.conf", ],
|
"puppet:///modules/puppet/fileserver.conf", ],
|
||||||
mode => 0644,
|
mode => 0644,
|
||||||
owner => root,
|
owner => root,
|
||||||
group => root,
|
group => $operatingsystem ? {
|
||||||
|
"openbsd" => "wheel",
|
||||||
|
default => "root",
|
||||||
|
},
|
||||||
require => Package["puppetmaster"],
|
require => Package["puppetmaster"],
|
||||||
notify => Service["puppetmaster"],
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if !$puppet_report_maxage {
|
if $operatingsystem != "OpenBSD" {
|
||||||
$puppet_report_maxage = "720"
|
if !$puppet_report_maxage {
|
||||||
}
|
$puppet_report_maxage = "720"
|
||||||
file { "/etc/cron.daily/puppet-report-cleanup":
|
}
|
||||||
ensure => present,
|
file { "/etc/cron.daily/puppet-report-cleanup":
|
||||||
content => template("puppet/puppet-report-cleanup.erb"),
|
ensure => present,
|
||||||
mode => 0755,
|
content => template("puppet/puppet-report-cleanup.erb"),
|
||||||
owner => root,
|
mode => 0755,
|
||||||
group => root,
|
owner => root,
|
||||||
require => File["/srv/puppet/reports"],
|
group => root,
|
||||||
|
require => File["/srv/puppet/reports"],
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -337,7 +368,9 @@ class puppet::server::common inherits puppet::client {
|
||||||
# Array containing ports that puppetmaster should listen to. Defaults to
|
# Array containing ports that puppetmaster should listen to. Defaults to
|
||||||
# [ "18140", "18141", "18142", "18143", ].
|
# [ "18140", "18141", "18142", "18143", ].
|
||||||
#
|
#
|
||||||
class puppet::server::mongrel inherits puppet::server::common {
|
class puppet::server::mongrel {
|
||||||
|
|
||||||
|
require puppet::server::common
|
||||||
|
|
||||||
if ! $puppet_listenports {
|
if ! $puppet_listenports {
|
||||||
$puppet_listenports = [ "18140", "18141", "18142", "18143", ]
|
$puppet_listenports = [ "18140", "18141", "18142", "18143", ]
|
||||||
|
|
@ -351,7 +384,8 @@ class puppet::server::mongrel inherits puppet::server::common {
|
||||||
enable => true,
|
enable => true,
|
||||||
hasstatus => true,
|
hasstatus => true,
|
||||||
require => Package["puppetmaster", "mongrel"],
|
require => Package["puppetmaster", "mongrel"],
|
||||||
subscribe => File["/etc/puppet/puppet.conf"],
|
subscribe => File["/etc/puppet/fileserver.conf",
|
||||||
|
"/etc/puppet/puppet.conf"],
|
||||||
}
|
}
|
||||||
|
|
||||||
case $operatingsystem {
|
case $operatingsystem {
|
||||||
|
|
@ -382,13 +416,14 @@ class puppet::server::mongrel inherits puppet::server::common {
|
||||||
|
|
||||||
# Install and configure Puppet server using apache as proxy server.
|
# Install and configure Puppet server using apache as proxy server.
|
||||||
#
|
#
|
||||||
class puppet::server::apache inherits puppet::server::mongrel {
|
class puppet::server::apache {
|
||||||
|
|
||||||
|
require puppet::server::mongrel
|
||||||
|
|
||||||
include apache::sslserver
|
include apache::sslserver
|
||||||
apache::configfile { "puppet.conf":
|
apache::configfile { "puppet.conf":
|
||||||
content => template("puppet/puppet-httpd.conf.erb"),
|
content => template("puppet/puppet-httpd.conf.erb"),
|
||||||
http => false,
|
http => false,
|
||||||
require => Service["puppetmaster"],
|
|
||||||
}
|
}
|
||||||
case $operatingsystem {
|
case $operatingsystem {
|
||||||
debian,ubuntu: {
|
debian,ubuntu: {
|
||||||
|
|
@ -402,6 +437,20 @@ class puppet::server::apache inherits puppet::server::mongrel {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Install and configure Puppet server using nginx and passenger.
|
||||||
|
#
|
||||||
|
class puppet::server::nginx::passenger {
|
||||||
|
|
||||||
|
require puppet::server::common
|
||||||
|
|
||||||
|
include ::nginx::passenger
|
||||||
|
nginx::configfile { "puppet.conf":
|
||||||
|
content => template("puppet/puppet-passenger.conf.erb"),
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# Install and configure opencollab-puppet-uploader.
|
# Install and configure opencollab-puppet-uploader.
|
||||||
#
|
#
|
||||||
# === Global variables
|
# === Global variables
|
||||||
|
|
|
||||||
22
puppet/templates/puppet-passenger.conf.erb
Normal file
22
puppet/templates/puppet-passenger.conf.erb
Normal file
|
|
@ -0,0 +1,22 @@
|
||||||
|
server {
|
||||||
|
server_name puppet;
|
||||||
|
listen 8140 default ssl;
|
||||||
|
ssl_certificate <%= puppet_ssldir %>/certs/<%= homename %>.pem;
|
||||||
|
ssl_certificate_key <%= puppet_ssldir %>/private_keys/<%= homename %>.pem;
|
||||||
|
ssl_client_certificate <%= puppet_ssldir %>/certs/ca.pem;
|
||||||
|
ssl_crl <%= puppet_ssldir %>/ca/ca_crl.pem;
|
||||||
|
ssl_protocols SSLv3 TLSv1;
|
||||||
|
ssl_ciphers HIGH:+MEDIUM;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
ssl_verify_client optional;
|
||||||
|
ssl_verify_depth 1;
|
||||||
|
ssl_session_cache shared:SSL:8m;
|
||||||
|
ssl_session_timeout 5m;
|
||||||
|
|
||||||
|
passenger_enabled on;
|
||||||
|
rails_env production;
|
||||||
|
root /var/nginx/puppet/public;
|
||||||
|
|
||||||
|
passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
|
||||||
|
passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
|
||||||
|
}
|
||||||
Loading…
Add table
Reference in a new issue