Fixed #1603 - Added support for running Puppet inside a Rack application

author: James Turnbull <james@lovedthanlost.net> 2008-09-30 22:13:08 +1000
committer: James Turnbull <james@lovedthanlost.net> 2008-09-30 22:13:08 +1000
commit: 860bdb120df93c3ad9f323529f22f71ca8548cf8 (patch)
tree: 6d04f71bf1008b0d6c85eac297066dc98dddb924 /ext
parent: b2f0d872a273760c5ac65663685faea9be9ecfd5 (diff)
download: puppet-860bdb120df93c3ad9f323529f22f71ca8548cf8.tar.gz
puppet-860bdb120df93c3ad9f323529f22f71ca8548cf8.tar.xz
puppet-860bdb120df93c3ad9f323529f22f71ca8548cf8.zip
3 files changed, 132 insertions, 0 deletions
diff --git a/ext/passenger/README b/ext/passenger/README
new file mode 100644
index 000000000..fcdcb913a
--- /dev/null
+++ b/ext/passenger/README
@@ -0,0 +1,63 @@
+
+PUPPETMASTER INSIDE APACHE & PASSENGER
+======================================
+
+This is about running a puppetmaster inside Apache.
+
+Please also see the docs at http://reductivelabs.com/trac/puppet/wiki/UsingPassenger
+for further information.
+
+
+WHAT IS IT?
+===========
+
+Passenger [1] (AKA mod_rails or mod_rack) is an Apache 2.x Extension for 
+serving Rails or Rack applications.
+
+This extension allows running a puppetmasterd as a Rack application;
+it has only been tested with Passenger.
+
+
+SHORT INSTALLATION INSTRUCTIONS
+===============================
+
+Make sure puppetmasterd ran at least once, so the SSL certificates
+got set up. 
+
+Install Rack:
+  gem install -v 0.4.0 rack
+
+Install Apache and Passenger:
+  apt-get install apache2
+  gem install passenger
+  passenger-install-apache2-module
+  (See the Passenger installation instructions [2] for details.)
+
+Enable Apache modules:
+  a2enmod ssl
+  a2enmod headers
+
+Configure Apache:
+  cp apache2.conf /etc/apache2/conf.d/puppetmasterd
+  vim /etc/apache2/conf.d/puppetmasterd (replace the server hostnames)
+
+Install the rack application [3]:
+  mkdir -p /usr/share/puppet/rack/puppetmasterd
+  mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp
+  cp config.ru /usr/share/puppet/rack/puppetmasterd
+  chown puppet /usr/share/puppet/rack/puppetmasterd/config.ru
+
+Go:
+/etc/init.d/apache2 restart
+
+
+
+[1] http://www.modrails.com/
+
+[2] http://www.modrails.com/install.html
+
+[3] Passenger will not let applications run as root or the Apache user, 
+instead an implicit setuid will be done, to the user whom owns 
+config.ru. Therefore, config.ru shall be owned by the puppet user.
+
+
diff --git a/ext/passenger/apache2.conf b/ext/passenger/apache2.conf
new file mode 100644
index 000000000..6a8a974d7
--- /dev/null
+++ b/ext/passenger/apache2.conf
@@ -0,0 +1,29 @@
+Listen 8140
+<VirtualHost *:8140>
+	SSLEngine on
+	SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
+	SSLCertificateFile      /var/lib/puppet/ssl/certs/puppet-server.inqnet.at.pem
+	SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppet-server.inqnet.at.pem
+	SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
+	SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
+	# If Apache complains about invalid signatures on the CRL, you can try disabling
+	# CRL checking by commenting the next line.
+	SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
+	SSLVerifyClient optional
+	SSLVerifyDepth  1
+	SSLOptions +StdEnvVars
+
+	# The following client headers allow the same configuration to work with Pound.
+	RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
+	RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
+	RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
+
+	RackAutoDetect On
+	DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
+	<Directory /usr/share/puppet/rack/puppetmasterd/>
+		Options None
+		AllowOverride None
+		Order allow,deny
+		allow from all
+	</Directory>
+</VirtualHost>
diff --git a/ext/passenger/config.ru b/ext/passenger/config.ru
new file mode 100644
index 000000000..86082928a
--- /dev/null
+++ b/ext/passenger/config.ru
@@ -0,0 +1,40 @@
+# Author: Christian Hofstaedtler <hofstaedtler@inqnet.at>
+# Copyright (c) 2007 Luke Kanies, 2008 Christian Hofstaedtler
+#
+# This file is mostly based on puppetmasterd, which is part of
+# the standard puppet distribution.
+
+require 'rack'
+require 'puppet'
+require 'puppet/network/http_server/rack'
+
+# startup code from bin/puppetmasterd
+Puppet.parse_config
+Puppet::Util::Log.level = :info
+Puppet::Util::Log.newdestination(:syslog)
+# A temporary solution, to at least make the master work for now.
+Puppet::Node::Facts.terminus_class = :yaml
+# Cache our nodes in yaml.  Currently not configurable.
+Puppet::Node.cache_class = :yaml
+
+# The list of handlers running inside this puppetmaster
+handlers = {
+	:Status => {},
+	:FileServer => {},
+	:Master => {},
+	:CA => {},
+	:FileBucket => {},
+	:Report => {}
+}
+
+# Fire up the Rack-Server instance
+server = Puppet::Network::HTTPServer::Rack.new(handlers)
+
+# prepare the rack app
+app = proc do |env|
+	server.process(env)
+end
+
+# Go.
+run app
+
author	James Turnbull <james@lovedthanlost.net>	2008-09-30 22:13:08 +1000
committer	James Turnbull <james@lovedthanlost.net>	2008-09-30 22:13:08 +1000
commit	860bdb120df93c3ad9f323529f22f71ca8548cf8 (patch)
tree	6d04f71bf1008b0d6c85eac297066dc98dddb924 /ext
parent	b2f0d872a273760c5ac65663685faea9be9ecfd5 (diff)
download	puppet-860bdb120df93c3ad9f323529f22f71ca8548cf8.tar.gz puppet-860bdb120df93c3ad9f323529f22f71ca8548cf8.tar.xz puppet-860bdb120df93c3ad9f323529f22f71ca8548cf8.zip