puppetmasterd can now run as a standard Rack application (config.ru-style)

4 files changed, 183 insertions, 0 deletions

diff --git a/ext/rack/README b/ext/rack/README
new file mode 100644
index 000000000..33f958e36
--- /dev/null
+++ b/ext/rack/README
@@ -0,0 +1,70 @@
+
+PUPPETMASTER AS A RACK APPLICATION
+==================================
+
+puppetmaster can now be hosted as a standard Rack application. A proper 
+config.ru is provided for this.
+
+For more details about rack, see http://rack.rubyforge.org/ .
+
+Getting started
+===============
+
+You'll need rack installed, version 1.0.0. Older versions are known not
+to work.
+
+
+WEBrick
+-------
+
+WEBrick is currently not supported as a Rack host. You'll be better off 
+just running puppetmasterd directly.
+
+
+Mongrel
+-------
+
+If you like Mongrel, and want to replicate wiki:UsingMongrel, you could 
+probably start your backend mongrels this way:
+
+cd ext/rack
+for port in `seq 18140 18150`; do
+  rackup --server mongrel --port $port &
+done
+
+rackup is part of the rack gem. Make sure it's in your path.
+
+
+
+Apache with Passenger (aka mod_rails)
+-------------------------------------
+
+Make sure puppetmasterd ran at least once, so the SSL certificates
+got set up.
+
+Requirements:
+  Passenger version 2.2.2 or newer [1]
+  Rack version 1.0.0
+  Apache 2.x
+  SSL Module loaded
+
+Apache configuration snippet is in files/apache2.conf. You need to 
+edit it to reflect your servername.
+
+Required puppet.conf settings:
+  [puppetmasterd]
+    ssl_client_header = SSL_CLIENT_S_DN
+    ssl_client_verify_header = SSL_CLIENT_VERIFY
+
+To set up most of the boring stuff, you can use this command:
+  puppet --verbose --modulepath ./ext ext/rack/manifest.pp
+Or use manifest.pp as a starting point for your own module.
+
+Note: Passenger will not let applications run as root or the Apache user, 
+instead an implicit setuid will be done, to the user whom owns 
+config.ru. Therefore, config.ru shall be owned by the puppet user.
+
+
+[1] http://www.modrails.com/install.html
+
+
diff --git a/ext/rack/files/apache2.conf b/ext/rack/files/apache2.conf
new file mode 100644
index 000000000..88c0f052d
--- /dev/null
+++ b/ext/rack/files/apache2.conf
@@ -0,0 +1,36 @@
+Listen 8140
+<VirtualHost *:8140>
+        SSLEngine on
+        SSLProtocol -ALL +SSLv3 +TLSv1
+        SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
+
+        SSLCertificateFile      /etc/puppet/ssl/certs/squigley.namespace.at.pem
+        SSLCertificateKeyFile   /etc/puppet/ssl/private_keys/squigley.namespace.at.pem
+        SSLCertificateChainFile /etc/puppet/ssl/ca/ca_crt.pem
+        SSLCACertificateFile    /etc/puppet/ssl/ca/ca_crt.pem
+        # If Apache complains about invalid signatures on the CRL, you can try disabling
+        # CRL checking by commenting the next line, but this is not recommended.
+        SSLCARevocationFile     /etc/puppet/ssl/ca/ca_crl.pem
+        SSLVerifyClient optional
+        SSLVerifyDepth  1
+        SSLOptions +StdEnvVars
+
+        # you probably want to tune these settings
+        PassengerHighPerformance on
+        PassengerMaxPoolSize 12
+        PassengerPoolIdleTime 1500
+        # PassengerMaxRequests 1000
+        PassengerStatThrottleRate 120
+        RackAutoDetect Off
+        RailsAutoDetect Off
+
+        DocumentRoot /etc/puppet/rack/public/
+        RackBaseURI /
+        <Directory /etc/puppet/rack/>
+                Options None
+                AllowOverride None
+                Order allow,deny
+                allow from all
+        </Directory>
+</VirtualHost>
+
diff --git a/ext/rack/files/config.ru b/ext/rack/files/config.ru
new file mode 100644
index 000000000..5607bab72
--- /dev/null
+++ b/ext/rack/files/config.ru
@@ -0,0 +1,18 @@
+# a config.ru, for use with every rack-compatible webserver.
+# SSL needs to be handled outside this, though.
+
+# if puppet is not in your RUBYLIB:
+# $:.push('/opt/puppet/lib')
+
+$0 = "puppetmasterd"
+require 'puppet'
+
+# if you want debugging:
+# ARGV << "--debug"
+
+ARGV << "--rack"
+require 'puppet/application/puppetmasterd'
+# we're usually running inside a Rack::Builder.new {} block,
+# therefore we need to call run *here*.
+run Puppet::Application[:puppetmasterd].run
+
diff --git a/ext/rack/manifest.pp b/ext/rack/manifest.pp
new file mode 100644
index 000000000..5145e05c8
--- /dev/null
+++ b/ext/rack/manifest.pp
@@ -0,0 +1,59 @@
+
+file { ["/etc/puppet/rack", "/etc/puppet/rack/public"]:
+  ensure => directory,
+  mode => 0755,
+  owner => root,
+  group => root,
+}
+file { "/etc/puppet/rack/config.ru":
+  ensure => present,
+  source => "puppet:///modules/rack/config.ru",
+  mode => 0644,
+  owner => puppet,
+  group => root,
+}
+file { "/etc/apache2/conf.d/puppetmasterd":
+  ensure => present,
+  source => "puppet:///modules/rack/apache2.conf",
+  mode => 0644,
+  owner => root,
+  group => root,
+  require => [File["/etc/puppet/rack/config.ru"], File["/etc/puppet/rack/public"], Package["apache2"], Package["passenger"]],
+  notify => Service["apache2"],
+}
+
+package { ["rack", "passenger"]:
+  ensure => installed,
+  provider => "gem",
+}
+
+service { "apache2":
+}
+
+case $lsbdistid { 
+  "Debian": {
+    package { ["apache2-mpm-worker", "apache2-threaded-dev", "apache2"]:
+      ensure => installed,
+    }
+    file { "/etc/apache2/mods-enabled/ssl.load":
+      ensure => "../mods-available/ssl.load",
+      notify => Service["apache2"],
+      require => Package["apache2"],
+    }
+    Service["apache2"] {
+      require => Package["apache2"],
+    }
+    exec { "/var/lib/gems/1.8/bin/passenger-install-apache2-module --auto":
+      subscribe => Package["passenger"],
+      before => Service["apache2"],
+      require => Package[["passenger", "apache2-threaded-dev"]],
+    }
+  }
+}
+
+notice("You need to manually enable mod_passenger.so for Apache.")
+notice("Usually, you put these config stanzas into httpd.conf:")
+notice("   LoadModule passenger_module /var/lib/gems/1.8/gems/passenger-2.2.2/ext/apache2/mod_passenger.so")
+notice("   PassengerRoot /var/lib/gems/1.8/gems/passenger-2.2.2")
+notice("   PassengerRuby /usr/bin/ruby1.8")
+notice("--------------------------------------------------------")