In the previous post the basic setup of puppet on both the server and client was described, but, because I’d rather not use their built in server (scalability issues) it’s still left to install Passenger on Apache to handle the server side of things. Details are below…
Passenger Repo and Installs
The Puppet docs suggest you use rubygem to install Passenger. Personally I prefer if everything goes in with yum to keep it all handled by one package manager. Since Passenger isn’t in any of the usual repos, add this one then install the necessary bits and pieces.
yum install httpd mod_ssl mod_passenger rubygem-rake rubygem-rack ruby-rdoc |
The httpd/rack Config
First, set up a DocumentRoot for the Ruby/Rack bits and copy the config into it.
mkdir -p /etc/puppet/rack/public /etc/puppet/rack/tmp cp /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack/. |
Create an httpd configuration for the puppetmaster. It uses mod_passenger to run the Puppet server through the more scalable Apache backend. If your network is very large, you may need to run more than one and reverse proxy them, but I’ll leave that for you to Google for if needed. Otherwise, it’ll look like this:
PassengerHighPerformance on PassengerMaxPoolSize 15 PassengerPoolIdleTime 300 PassengerStatThrottleRate 120 PassengerUseGlobalQueue on Listen 8140 <VirtualHost *:8140> SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /ssl/certs/puppet1.DOMAIN.pem SSLCertificateKeyFile /ssl/private_keys/puppet1.DOMAIN.pem SSLCertificateChainFile /ssl/ca/ca_crt.pem SSLCACertificateFile /ssl/ca/ca_crt.pem SSLCARevocationFile /ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e DocumentRoot /etc/puppet/rack/public/ RackBaseURI / <Directory /etc/puppet/rack/> Options None AllowOverride None Order allow,deny allow from all </Directory> </VirtualHost> |
Once that’s all in place, start httpd and make sure it starts at boot:
/etc/init.d/httpd start chkconfig httpd on |
A Test Run
Now that we’ve got a working Puppet server, we should be able to test it from the client. Run the following as root:
puppet agent --test |
This should do a run, but because our default node setup is empty, won’t actually do anything.
Next Steps
I know this was a short one, but the next bit is setting up Dashboard, which is a bit more involved. Once that’s done, finally we can get to actually using Puppet for what it’s intended: managing hosts’ state.