tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added support for puppetmaster on OpenBSD using nxing and passenger

Browse source
This commit is contained in:
Ossi Salmi 2011-11-28 00:58:54 +02:00 committed by Timo Mkinen
parent 0b4d310656
commit 78d6eddb2c
3 changed files with 121 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
puppet/files/puppet-config.ru Normal file
View file

@ -0,0 +1,16 @@
# a config.ru, for use with every rack-compatible webserver.
# SSL needs to be handled outside this, though.
# if puppet is not in your RUBYLIB:
# $:.unshift('/opt/puppet/lib')
$0 = "master"
# if you want debugging:
#ARGV << "--debug"
ARGV << "--rack"
require 'puppet/application/master'
# we're usually running inside a Rack::Builder.new {} block,
# therefore we need to call run *here*.
run Puppet::Application[:master].run

117
puppet/manifests/init.pp
View file

@ -47,6 +47,7 @@ class puppet::client {
case $operatingsystem { case $operatingsystem {
openbsd: { openbsd: {
service { "puppet": service { "puppet":
name => "puppetd",
ensure => running, ensure => running,
enable => true, enable => true,
start => $operatingsystemrelease ? { start => $operatingsystemrelease ? {
@ -57,7 +58,6 @@ class puppet::client {
/4\.[1-6]/ => "/usr/bin/pkill -HUP -f /usr/local/bin/puppetd", /4\.[1-6]/ => "/usr/bin/pkill -HUP -f /usr/local/bin/puppetd",
default => "/usr/bin/pkill -HUP -f /usr/local/sbin/puppetd", default => "/usr/bin/pkill -HUP -f /usr/local/sbin/puppetd",
}, },
pattern => puppetd,
subscribe => File["/etc/puppet/puppet.conf"], subscribe => File["/etc/puppet/puppet.conf"],
} }
} }
@ -156,6 +156,17 @@ class puppet::server {
# #
class puppet::server::common inherits puppet::client { class puppet::server::common inherits puppet::client {
case $operatingsystem {
"openbsd": {
$user = "_puppet"
$group = "_puppet"
}
default: {
$user = "puppet"
$group = "puppet"
}
}
case $puppet_storeconfigs { case $puppet_storeconfigs {
"": { $puppet_storeconfigs = "thin" } "": { $puppet_storeconfigs = "thin" }
"thin","full","none": { } "thin","full","none": { }
@ -168,6 +179,7 @@ class puppet::server::common inherits puppet::client {
name => $operatingsystem ? { name => $operatingsystem ? {
debian => "puppetmaster", debian => "puppetmaster",
ubuntu => "puppetmaster", ubuntu => "puppetmaster",
openbsd => "ruby-puppet",
default => "puppet-server", default => "puppet-server",
}, },
ensure => installed, ensure => installed,
@ -196,14 +208,18 @@ class puppet::server::common inherits puppet::client {
package { [ "rails", package { [ "rails",
regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'libsqlite3-ruby\1'), ]: regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'libsqlite3-ruby\1'), ]:
ensure => installed, ensure => installed,
before => Service["puppetmaster"], }
}
"openbsd": {
package { [ "ruby-rails",
"ruby-sqlite3", ]:
ensure => installed,
} }
} }
default: { default: {
package { [ "rubygem-rails", package { [ "rubygem-rails",
"rubygem-sqlite3-ruby", ]: "rubygem-sqlite3-ruby", ]:
ensure => installed, ensure => installed,
before => Service["puppetmaster"],
} }
} }
} }
@ -213,6 +229,7 @@ class puppet::server::common inherits puppet::client {
name => $operatingsystem ? { name => $operatingsystem ? {
debian => regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'librrd-ruby\1'), debian => regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'librrd-ruby\1'),
ubuntu => regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'librrd-ruby\1'), ubuntu => regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'librrd-ruby\1'),
openbsd => "ruby-rrd",
default => "ruby-RRDtool", default => "ruby-RRDtool",
}, },
ensure => installed, ensure => installed,
@ -223,7 +240,10 @@ class puppet::server::common inherits puppet::client {
ensure => directory, ensure => directory,
mode => 0755, mode => 0755,
owner => root, owner => root,
group => root, group => $operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
require => Package["puppetmaster"], require => Package["puppetmaster"],
} }
file { "/srv/puppet": file { "/srv/puppet":
@ -236,7 +256,10 @@ class puppet::server::common inherits puppet::client {
ensure => directory, ensure => directory,
mode => 0755, mode => 0755,
owner => root, owner => root,
group => root, group => $operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
require => Package["puppetmaster"], require => Package["puppetmaster"],
} }
} }
@ -245,10 +268,9 @@ class puppet::server::common inherits puppet::client {
file { "/srv/puppet/storeconfigs": file { "/srv/puppet/storeconfigs":
ensure => directory, ensure => directory,
mode => 0750, mode => 0750,
owner => puppet, owner => $user,
group => puppet, group => $group,
require => File["/srv/puppet"], require => File["/srv/puppet"],
before => Service["puppetmaster"],
} }
} }
file { [ "/srv/puppet/bucket", file { [ "/srv/puppet/bucket",
@ -256,35 +278,37 @@ class puppet::server::common inherits puppet::client {
"/srv/puppet/rrd", ]: "/srv/puppet/rrd", ]:
ensure => directory, ensure => directory,
mode => 0750, mode => 0750,
owner => puppet, owner => $user,
group => puppet, group => $group,
require => File["/srv/puppet"], require => File["/srv/puppet"],
before => Service["puppetmaster"],
} }
file { [ "/srv/puppet/files", file { [ "/srv/puppet/files",
"/srv/puppet/templates" ]: "/srv/puppet/templates" ]:
ensure => directory, ensure => directory,
mode => 0755, mode => 0755,
owner => root, owner => root,
group => root, group => $operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
require => File["/srv/puppet"], require => File["/srv/puppet"],
before => Service["puppetmaster"],
} }
file { "/srv/puppet/files/common": file { "/srv/puppet/files/common":
ensure => directory, ensure => directory,
mode => 0755, mode => 0755,
owner => root, owner => root,
group => root, group => $operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
require => File["/srv/puppet/files"], require => File["/srv/puppet/files"],
before => Service["puppetmaster"],
} }
file { "/srv/puppet/files/private": file { "/srv/puppet/files/private":
ensure => directory, ensure => directory,
mode => 0750, mode => 0750,
owner => root, owner => root,
group => puppet, group => $group,
require => File["/srv/puppet/files"], require => File["/srv/puppet/files"],
before => Service["puppetmaster"],
} }
File["/etc/puppet/puppet.conf"] { File["/etc/puppet/puppet.conf"] {
@ -298,7 +322,10 @@ class puppet::server::common inherits puppet::client {
"puppet:///modules/puppet/tagmail.conf", ], "puppet:///modules/puppet/tagmail.conf", ],
mode => 0644, mode => 0644,
owner => root, owner => root,
group => root, group => $operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
require => Package["puppetmaster"], require => Package["puppetmaster"],
} }
@ -309,21 +336,25 @@ class puppet::server::common inherits puppet::client {
"puppet:///modules/puppet/fileserver.conf", ], "puppet:///modules/puppet/fileserver.conf", ],
mode => 0644, mode => 0644,
owner => root, owner => root,
group => root, group => $operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
require => Package["puppetmaster"], require => Package["puppetmaster"],
notify => Service["puppetmaster"],
} }
if !$puppet_report_maxage { if $operatingsystem != "OpenBSD" {
$puppet_report_maxage = "720" if !$puppet_report_maxage {
} $puppet_report_maxage = "720"
file { "/etc/cron.daily/puppet-report-cleanup": }
ensure => present, file { "/etc/cron.daily/puppet-report-cleanup":
content => template("puppet/puppet-report-cleanup.erb"), ensure => present,
mode => 0755, content => template("puppet/puppet-report-cleanup.erb"),
owner => root, mode => 0755,
group => root, owner => root,
require => File["/srv/puppet/reports"], group => root,
require => File["/srv/puppet/reports"],
}
} }
} }
@ -337,7 +368,9 @@ class puppet::server::common inherits puppet::client {
# Array containing ports that puppetmaster should listen to. Defaults to # Array containing ports that puppetmaster should listen to. Defaults to
# [ "18140", "18141", "18142", "18143", ]. # [ "18140", "18141", "18142", "18143", ].
# #
class puppet::server::mongrel inherits puppet::server::common { class puppet::server::mongrel {
require puppet::server::common
if ! $puppet_listenports { if ! $puppet_listenports {
$puppet_listenports = [ "18140", "18141", "18142", "18143", ] $puppet_listenports = [ "18140", "18141", "18142", "18143", ]
@ -351,7 +384,8 @@ class puppet::server::mongrel inherits puppet::server::common {
enable => true, enable => true,
hasstatus => true, hasstatus => true,
require => Package["puppetmaster", "mongrel"], require => Package["puppetmaster", "mongrel"],
subscribe => File["/etc/puppet/puppet.conf"], subscribe => File["/etc/puppet/fileserver.conf",
"/etc/puppet/puppet.conf"],
} }
case $operatingsystem { case $operatingsystem {
@ -382,13 +416,14 @@ class puppet::server::mongrel inherits puppet::server::common {
# Install and configure Puppet server using apache as proxy server. # Install and configure Puppet server using apache as proxy server.
# #
class puppet::server::apache inherits puppet::server::mongrel { class puppet::server::apache {
require puppet::server::mongrel
include apache::sslserver include apache::sslserver
apache::configfile { "puppet.conf": apache::configfile { "puppet.conf":
content => template("puppet/puppet-httpd.conf.erb"), content => template("puppet/puppet-httpd.conf.erb"),
http => false, http => false,
require => Service["puppetmaster"],
} }
case $operatingsystem { case $operatingsystem {
debian,ubuntu: { debian,ubuntu: {
@ -402,6 +437,20 @@ class puppet::server::apache inherits puppet::server::mongrel {
} }
# Install and configure Puppet server using nginx and passenger.
#
class puppet::server::nginx::passenger {
require puppet::server::common
include ::nginx::passenger
nginx::configfile { "puppet.conf":
content => template("puppet/puppet-passenger.conf.erb"),
}
}
# Install and configure opencollab-puppet-uploader. # Install and configure opencollab-puppet-uploader.
# #
# === Global variables # === Global variables

22
puppet/templates/puppet-passenger.conf.erb Normal file
View file

@ -0,0 +1,22 @@
server {
server_name puppet;
listen 8140 default ssl;
ssl_certificate <%= puppet_ssldir %>/certs/<%= homename %>.pem;
ssl_certificate_key <%= puppet_ssldir %>/private_keys/<%= homename %>.pem;
ssl_client_certificate <%= puppet_ssldir %>/certs/ca.pem;
ssl_crl <%= puppet_ssldir %>/ca/ca_crl.pem;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:+MEDIUM;
ssl_prefer_server_ciphers on;
ssl_verify_client optional;
ssl_verify_depth 1;
ssl_session_cache shared:SSL:8m;
ssl_session_timeout 5m;
passenger_enabled on;
rails_env production;
root /var/nginx/puppet/public;
passenger_set_cgi_param HTTP_X_CLIENT_DN $ssl_client_s_dn;
passenger_set_cgi_param HTTP_X_CLIENT_VERIFY $ssl_client_verify;
}