Revision 62fa011b
Added by Timo Goebel about 8 years ago
CHANGELOG.md | ||
---|---|---|
## 5.0.0
|
||
* New or changed parameters:
|
||
* Add server_ip for configuring the listen IP (puppetserver only)
|
||
* Add passenger_min_instances and passenger_pre_start for passenger tuning
|
||
* Other features:
|
||
* Support puppetserver 2.x
|
||
* Other changes and fixes:
|
manifests/init.pp | ||
---|---|---|
# to lower this. Defaults to 12.
|
||
# type:integer
|
||
#
|
||
# $server_passenger_min_instances:: The PassengerMinInstances parameter. Sets the
|
||
# minimum number of application processes to run.
|
||
# Defaults to the number of processors on your
|
||
# system.
|
||
# type:integer
|
||
#
|
||
# $server_passenger_pre_start:: Pre-start the first passenger worker instance
|
||
# process during httpd start.
|
||
# type:boolean
|
||
#
|
||
# $server_config_version:: How to determine the configuration version. When
|
||
# using git_repo, by default a git describe
|
||
# approach will be installed.
|
||
... | ... | |
$server_puppetserver_dir = $puppet::params::server_puppetserver_dir,
|
||
$server_service_fallback = $puppet::params::server_service_fallback,
|
||
$server_passenger_max_pool = $puppet::params::server_passenger_max_pool,
|
||
$server_passenger_min_instances = $puppet::params::server_passenger_min_instances,
|
||
$server_passenger_pre_start = $puppet::params::server_passenger_pre_start,
|
||
$server_httpd_service = $puppet::params::server_httpd_service,
|
||
$server_external_nodes = $puppet::params::server_external_nodes,
|
||
$server_template = $puppet::params::server_template,
|
||
... | ... | |
validate_bool($server_puppetdb_swf)
|
||
validate_bool($server_default_manifest)
|
||
validate_bool($server_ssl_dir_manage)
|
||
validate_bool($server_passenger_pre_start)
|
||
validate_integer($server_passenger_min_instances)
|
||
|
||
validate_hash($additional_settings)
|
||
validate_hash($agent_additional_settings)
|
manifests/params.pp | ||
---|---|---|
$server_passenger = true
|
||
$server_service_fallback = true
|
||
$server_passenger_max_pool = 12
|
||
$server_passenger_min_instances = $::processorcount
|
||
$server_passenger_pre_start = true
|
||
$server_httpd_service = 'httpd'
|
||
$server_external_nodes = "${dir}/node.rb"
|
||
$server_enc_api = 'v2'
|
manifests/server/passenger.pp | ||
---|---|---|
# Set up the puppet server using passenger and apache.
|
||
#
|
||
class puppet::server::passenger (
|
||
$app_root = $::puppet::server_app_root,
|
||
$passenger_max_pool = $::puppet::server_passenger_max_pool,
|
||
$port = $::puppet::server_port,
|
||
$ssl_ca_cert = $::puppet::server::ssl_ca_cert,
|
||
$ssl_ca_crl = $::puppet::server::ssl_ca_crl,
|
||
$ssl_cert = $::puppet::server::ssl_cert,
|
||
$ssl_cert_key = $::puppet::server::ssl_cert_key,
|
||
$ssl_chain = $::puppet::server::ssl_chain,
|
||
$ssl_dir = $::puppet::server_ssl_dir,
|
||
$puppet_ca_proxy = $::puppet::server_ca_proxy,
|
||
$user = $::puppet::server_user,
|
||
$http = $::puppet::server_http,
|
||
$http_port = $::puppet::server_http_port,
|
||
$http_allow = $::puppet::server_http_allow,
|
||
$app_root = $::puppet::server_app_root,
|
||
$passenger_max_pool = $::puppet::server_passenger_max_pool,
|
||
$passenger_min_instances = $::puppet::server_passenger_min_instances,
|
||
$passenger_pre_start = $::puppet::server_passenger_pre_start,
|
||
$port = $::puppet::server_port,
|
||
$ssl_ca_cert = $::puppet::server::ssl_ca_cert,
|
||
$ssl_ca_crl = $::puppet::server::ssl_ca_crl,
|
||
$ssl_cert = $::puppet::server::ssl_cert,
|
||
$ssl_cert_key = $::puppet::server::ssl_cert_key,
|
||
$ssl_chain = $::puppet::server::ssl_chain,
|
||
$ssl_dir = $::puppet::server_ssl_dir,
|
||
$puppet_ca_proxy = $::puppet::server_ca_proxy,
|
||
$user = $::puppet::server_user,
|
||
$http = $::puppet::server_http,
|
||
$http_port = $::puppet::server_http_port,
|
||
$http_allow = $::puppet::server_http_allow,
|
||
) {
|
||
include ::apache
|
||
include ::apache::mod::passenger
|
||
... | ... | |
'path' => "${app_root}/public/",
|
||
'passenger_enabled' => 'On',
|
||
}
|
||
|
||
|
||
$directories = [
|
||
$directory,
|
||
]
|
||
|
||
$http_pre_start = $passenger_pre_start ? {
|
||
true => "http://${::fqdn}:${http_port}",
|
||
false => undef,
|
||
}
|
||
|
||
$https_pre_start = $passenger_pre_start ? {
|
||
true => "https://${::fqdn}:${port}",
|
||
false => undef,
|
||
}
|
||
|
||
# The following client headers allow the same configuration to work with Pound.
|
||
$request_headers = [
|
||
'set X-SSL-Subject %{SSL_CLIENT_S_DN}e',
|
||
... | ... | |
}
|
||
|
||
apache::vhost { 'puppet':
|
||
docroot => "${app_root}/public/",
|
||
directories => $directories,
|
||
port => $port,
|
||
ssl => true,
|
||
ssl_cert => $ssl_cert,
|
||
ssl_key => $ssl_cert_key,
|
||
ssl_ca => $ssl_ca_cert,
|
||
ssl_crl => $ssl_ca_crl,
|
||
ssl_crl_check => $ssl_crl_check,
|
||
ssl_chain => $ssl_chain,
|
||
ssl_protocol => 'ALL -SSLv2 -SSLv3',
|
||
ssl_cipher => 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA',
|
||
ssl_honorcipherorder => 'on',
|
||
ssl_verify_client => 'optional',
|
||
ssl_options => '+StdEnvVars +ExportCertData',
|
||
ssl_verify_depth => '1',
|
||
ssl_proxyengine => $ssl_proxyengine,
|
||
custom_fragment => $custom_fragment,
|
||
request_headers => $request_headers,
|
||
options => ['None'],
|
||
require => Class['::puppet::server::rack'],
|
||
docroot => "${app_root}/public/",
|
||
directories => $directories,
|
||
port => $port,
|
||
ssl => true,
|
||
ssl_cert => $ssl_cert,
|
||
ssl_key => $ssl_cert_key,
|
||
ssl_ca => $ssl_ca_cert,
|
||
ssl_crl => $ssl_ca_crl,
|
||
ssl_crl_check => $ssl_crl_check,
|
||
ssl_chain => $ssl_chain,
|
||
ssl_protocol => 'ALL -SSLv2 -SSLv3',
|
||
ssl_cipher => 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA',
|
||
ssl_honorcipherorder => 'on',
|
||
ssl_verify_client => 'optional',
|
||
ssl_options => '+StdEnvVars +ExportCertData',
|
||
ssl_verify_depth => '1',
|
||
ssl_proxyengine => $ssl_proxyengine,
|
||
custom_fragment => $custom_fragment,
|
||
request_headers => $request_headers,
|
||
options => ['None'],
|
||
passenger_pre_start => $https_pre_start,
|
||
passenger_min_instances => $passenger_min_instances,
|
||
require => Class['::puppet::server::rack'],
|
||
}
|
||
|
||
if $http {
|
||
... | ... | |
], "\n")
|
||
}),
|
||
]
|
||
|
||
|
||
apache::vhost { 'puppet-http':
|
||
docroot => "${app_root}/public/",
|
||
directories => $directories_http,
|
||
port => $http_port,
|
||
custom_fragment => join([
|
||
docroot => "${app_root}/public/",
|
||
directories => $directories_http,
|
||
port => $http_port,
|
||
custom_fragment => join([
|
||
$custom_fragment ? {
|
||
undef => '',
|
||
default => $custom_fragment
|
||
... | ... | |
'SetEnvIf X-Client-Verify "(.*)" SSL_CLIENT_VERIFY=$1',
|
||
'SetEnvIf X-SSL-Client-DN "(.*)" SSL_CLIENT_S_DN=$1',
|
||
], "\n"),
|
||
options => ['None'],
|
||
require => Class['::puppet::server::rack'],
|
||
options => ['None'],
|
||
passenger_pre_start => $http_pre_start,
|
||
passenger_min_instances => $passenger_min_instances,
|
||
require => Class['::puppet::server::rack'],
|
||
}
|
||
}
|
||
}
|
spec/classes/puppet_server_passenger_spec.rb | ||
---|---|---|
os_facts.merge({
|
||
:concat_basedir => '/foo/bar',
|
||
:puppetversion => Puppet.version,
|
||
:fqdn => 'puppet.example.com',
|
||
}) end
|
||
|
||
if Puppet.version < '4.0'
|
||
... | ... | |
end
|
||
|
||
let(:default_params) do {
|
||
:app_root => '/etc/puppet/rack'
|
||
:app_root => '/etc/puppet/rack',
|
||
:passenger_pre_start => true,
|
||
:passenger_min_instances => 12,
|
||
:port => 8140,
|
||
:http_port => 8139,
|
||
} end
|
||
|
||
describe 'without parameters' do
|
||
... | ... | |
end
|
||
end
|
||
|
||
describe 'with passenger settings' do
|
||
let :params do
|
||
default_params.merge({
|
||
:http => true,
|
||
:passenger_min_instances => 10,
|
||
:passenger_pre_start => true,
|
||
})
|
||
end
|
||
|
||
it 'should include the puppet https vhost' do
|
||
should contain_apache__vhost('puppet').with({
|
||
:passenger_min_instances => 10,
|
||
:passenger_pre_start => 'https://puppet.example.com:8140',
|
||
})
|
||
end
|
||
|
||
it 'should include the puppet http vhost' do
|
||
should contain_apache__vhost('puppet-http').with({
|
||
:passenger_min_instances => 10,
|
||
:passenger_pre_start => 'http://puppet.example.com:8139',
|
||
})
|
||
end
|
||
end
|
||
end
|
||
end
|
||
end
|
Also available in: Unified diff
add passenger_min_instances and passenger_pre_start parameters
closes GH-382