puppetmasterd and passenger

Configure puppetmaster

Your puppet package should contain a config.ru. I found mine in /usr/share/doc/puppet-0.25.4-r1/ext/rack/files/config.ru.bz2 (Gentoo).

mkdir /etc/puppet/rack
mkdir /etc/puppet/rack/public
cp [YOUR_CONFIG.RU] /etc/puppet/rack
chown puppet:root /etc/puppet/rack/config.ru

The final chown line is important! This way rack determines under which user to run the puppetmaster processes.

Add the following lines to your puppet.conf:

[puppetmasterd]
...
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY

Apache config

You can keep your passenger config as is and modify it when required. Here’s a example vhost config:

Listen 8140
 
<VirtualHost *:8140>
    ServerName puppet
    DocumentRoot /etc/puppet/rack/public/
 
    CustomLog "|/usr/sbin/rotatelogs /var/www/puppet/logs/access_log.%Y%m%d-%H%M 86400" common
    ErrorLog  "|/usr/sbin/rotatelogs /var/www/puppet/logs/error_log.%Y%m%d-%H%M 86400"
 
    PassengerHighPerformance on
    PassengerMaxPoolSize 15
    PassengerPoolIdleTime 300
    PassengerUseGlobalQueue on
    PassengerStatThrottleRate 120
    RackAutoDetect Off
    RailsAutoDetect Off
 
    RackBaseURI /
 
    SSLEngine on
    SSLProtocol -ALL +SSLv3 +TLSv1
    SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
    SSLCertificateFile /var/lib/puppet/ssl/certs/XXXXXXXXXXXX.pem
    SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/XXXXXXXXXXXX.pem
    SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
    SSLVerifyClient optional
    SSLVerifyDepth 1
    SSLOptions +StdEnvVars
 
    <Directory "/etc/puppet/rack/public/">
        Options None
        AllowOverride None
 
        Order allow,deny
        Allow from all
    </Directory>
</Virtualhost>

Restart apache and when clients connect are are triggered via puppetrun you may see something like this with passenger-status:

passenger-status
----------- General information -----------
max      = 20
count    = 9
active   = 0
inactive = 9
Waiting on global queue: 0
 
----------- Domains -----------
/etc/puppet/rack:
  PID: 19160   Sessions: 0    Processed: 39      Uptime: 20s
  PID: 19202   Sessions: 0    Processed: 70      Uptime: 17s
  PID: 18934   Sessions: 0    Processed: 95      Uptime: 45s
  PID: 18977   Sessions: 0    Processed: 66      Uptime: 42s
  PID: 19008   Sessions: 0    Processed: 63      Uptime: 40s
  PID: 19184   Sessions: 0    Processed: 2       Uptime: 19s
  PID: 19103   Sessions: 0    Processed: 8       Uptime: 28s
 
/var/www/puppet-dashboard/htdocs:
  PID: 19158   Sessions: 0    Processed: 6       Uptime: 22s
  PID: 19236   Sessions: 0    Processed: 3       Uptime: 10s

Also refer to the offical puppet documentation on passenger here.

That’s it.

Just released v0.10.0 of django-pki (initial release): http://bit.ly/cMAgKg #django #pki

My two ¢'s

puppetmasterd and passenger

Install depencies

Configure puppetmaster

Apache config

Leave a Reply

License

Twitter: linuxaddicted

Calendar

Archive

My two ¢'s

puppetmasterd and passenger

Install depencies

Configure puppetmaster

Apache config

Leave a Reply

License

Tags

Twitter: linuxaddicted

Calendar

Archive