Created
December 28, 2011 03:04
-
-
Save mattfinlayson/1525969 to your computer and use it in GitHub Desktop.
Setting up puppet with passenger
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Setup your puppet.confMake sure you have the following set in your puppetmaster’s puppet.conf: | |
[puppetmasterd] | |
ssl_client_header = SSL_CLIENT_S_DN | |
ssl_client_verify_header = SSL_CLIENT_VERIFY | |
Install apache2, passenger, and rack | |
yum install httpd httpd-devel ruby-devel rubygems | |
yum install gcc-c++ | |
gem install -v 1.1.0 rack | |
gem install -v 2.2.15 passenger | |
passenger-install-apache2-module | |
hit enter and watch it build | |
Add the following to Apache Config | |
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-2.2.15/ext/apache2/mod_passenger.so PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-2.2.15 | |
PassengerRuby /usr/bin/ruby | |
Create /etc/httpd/conf.d/puppetmaster.conf | |
Listen 8140<VirtualHost *:8140> | |
SSLEngine on | |
SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA | |
SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.vmhosted.jiveland.com.pem | |
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.vmhosted.jiveland.com.pem | |
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem | |
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem | |
# CRL checking should be enabled; if you have problems with Apache complaining about the CRL, disable the next line | |
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem | |
SSLVerifyClient optional | |
SSLVerifyDepth 1 | |
SSLOptions +StdEnvVars | |
# The following client headers allow the same configuration to work with Pound. | |
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e | |
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e | |
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e | |
RackAutoDetect On | |
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ | |
<Directory /usr/share/puppet/rack/puppetmasterd/> | |
Options None | |
AllowOverride None | |
Order allow,deny | |
allow from all | |
</Directory> | |
</VirtualHost> | |
mkdir -p /usr/share/puppet/rack/puppetmasterdmkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp | |
Create /usr/share/puppet/rack/puppetmasterd/config.ru | |
# a config.ru, for use with every rack-compatible webserver. | |
# SSL needs to be handled outside this, though. | |
# if puppet is not in your RUBYLIB: | |
# $:.unshift('/opt/puppet/lib') | |
$0 = "puppetmasterd" | |
require 'puppet' | |
# if you want debugging: | |
# ARGV << "--debug" | |
ARGV << "--rack" | |
require 'puppet/application/puppetmasterd' | |
# we're usually running inside a Rack::Builder.new {} block, | |
# therefore we need to call run *here*. | |
run Puppet::Application[:puppetmasterd].run | |
/etc/init.d/puppetmasterd stop | |
chkconfig puppetmaster off chkconfig httpd on | |
/etc/init.d/httpd restart | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment