Início > Uncategorized > puppet parte 2

puppet parte 2

Last time we got our Puppet server embedded in a WEBrick server. Today I’ll show how to go one step further by installing Passenger (mod_rails). By enabling Apache to serve our Puppet clients we will benefit from performance gains like being able to handle concurrent connections.

Getting Passenger working

Add the following into your puppet.conf:

ssl_client_header = SSL_CLIENT_S_D
ssl_client_verify_header = SSL_CLIENT_VERIFY

Install the following on our Puppet server:

[root@puppet]# yum install gcc-c++ httpd-devel apr-devel ruby-devel ruby-rdoc

Install some gems:

[root@puppet]# gem install -v=1.0.1 rack

[root@puppet]# gem install -v=2.3.5 activerecord

And Passenger:

[root@puppet]# gem install -v=2.2.11 passenger


[root@puppet]# passenger-install-apache2-module

If this final install of Passenger fails it will tell you where it went wrong so fix as and if needed.

Install mod_ssl:

[root@puppet]# yum install mod_ssl

Create the document root:

[root@puppet]# mkdir -p /usr/share/puppet/rack/puppetmasterd/public

Now we need to create the Apache configuration in /etc/httpd/conf.d/puppet.conf:

LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11/ext/apache2/
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11
PassengerRuby /usr/bin/ruby

Listen 8140

SSLEngine on
SSLCertificateFile /var/lib/puppet/ssl/certs/
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
# CRL checking should be enabled; if you have problems withApache complaining about the CRL, disable the next line
SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars

# The following client headers allow the same configuration to work with Pound.
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

RackAutoDetect On
DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/

Options None
AllowOverride None
Order allow,deny
allow from all

Check the Apache configuration with an apachectl configtest and again fix any errors you encounter.

Now, copy the Rack config:

[root@puppet]# cp /usr/share/puppet/ext/rack/files/ /usr/share/puppet/rack/puppetmasterd/

Give Puppet correct permission to access the Rack config:

[root@puppet]# chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/

Stop the Puppet server with a service puppetmaster stop so it won’t interfere with Passenger. Remember to deactivate the puppetmaster service via chkconfig too. Then start Apache and you should have Passenger working.

To check from our Puppet client:

[root@pclient]# puppetd –noop –test –server –port 8140

  1. Nenhum comentário ainda.
  1. No trackbacks yet.

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do

Você está comentando utilizando sua conta Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s

%d blogueiros gostam disto: