Revision c2728551
Added by Ewoud Kohl van Wijngaarden over 10 years ago
.fixtures.yml | ||
---|---|---|
fixtures:
|
||
repositories:
|
||
apache: 'https://github.com/theforeman/puppet-apache'
|
||
passenger: 'https://github.com/theforeman/puppet-passenger'
|
||
apache: 'https://github.com/puppetlabs/puppetlabs-apache'
|
||
concat: 'https://github.com/puppetlabs/puppetlabs-concat'
|
||
foreman: 'https://github.com/theforeman/puppet-foreman'
|
||
git: 'https://github.com/theforeman/puppet-git'
|
||
concat_native: 'https://github.com/theforeman/puppet-concat'
|
Modulefile | ||
---|---|---|
description 'Module for installing the Puppet agent and Puppet server'
|
||
project_page 'http://github.com/theforeman/foreman-installer'
|
||
|
||
dependency 'theforeman/apache', '>= 1.3.0'
|
||
dependency 'theforeman/concat_native', '>= 1.3.0'
|
||
dependency 'theforeman/git', '>= 1.3.0'
|
||
dependency 'theforeman/passenger', '>= 1.3.0'
|
||
dependency 'puppetlabs/apache', '>= 1.0.0'
|
||
dependency 'puppetlabs/stdlib'
|
manifests/server/passenger.pp | ||
---|---|---|
$user = $::puppet::server_user
|
||
) {
|
||
include ::puppet::server::rack
|
||
include ::apache::ssl
|
||
include ::apache::params
|
||
include ::passenger
|
||
include ::apache
|
||
|
||
case $::operatingsystem {
|
||
Debian,Ubuntu: {
|
||
... | ... | |
}
|
||
}
|
||
|
||
file {'puppet_vhost':
|
||
path => "${apache::params::configdir}/puppet.conf",
|
||
content => template('puppet/server/puppet-vhost.conf.erb'),
|
||
mode => '0644',
|
||
notify => Exec['reload-apache'],
|
||
before => Service[$::puppet::server_httpd_service],
|
||
require => Class['::puppet::server::rack'],
|
||
$directories = [
|
||
{
|
||
'path' => "${app_root}/public/",
|
||
'passenger_enabled' => 'On',
|
||
},
|
||
]
|
||
|
||
# The following client headers allow the same configuration to work with Pound.
|
||
$request_headers = [
|
||
'set X-SSL-Subject %{SSL_CLIENT_S_DN}e',
|
||
'set X-Client-DN %{SSL_CLIENT_S_DN}e',
|
||
'set X-Client-Verify %{SSL_CLIENT_VERIFY}e',
|
||
'unset X-Forwarded-For',
|
||
]
|
||
|
||
apache::vhost { 'puppet':
|
||
docroot => "${app_root}/public/",
|
||
directories => $directories,
|
||
port => $port,
|
||
ssl => true,
|
||
ssl_cert => $ssl_cert,
|
||
ssl_key => $ssl_cert_key,
|
||
ssl_ca => $ssl_ca_cert,
|
||
ssl_crl => $ssl_ca_crl,
|
||
ssl_chain => $ssl_chain,
|
||
ssl_protocol => '-ALL +SSLv3 +TLSv1',
|
||
ssl_cipher => 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP',
|
||
ssl_verify_client => 'optional',
|
||
ssl_options => '+StdEnvVars +ExportCertData',
|
||
ssl_verify_depth => '1',
|
||
request_headers => $request_headers,
|
||
options => ['None'],
|
||
require => Class['::puppet::server::rack'],
|
||
}
|
||
|
||
}
|
spec/classes/puppet_agent_spec.rb | ||
---|---|---|
|
||
describe 'puppet::agent' do
|
||
|
||
let(:facts) do
|
||
{
|
||
:fqdn => 'puppetmaster.example.com',
|
||
:clientcert => 'puppetmaster.example.com',
|
||
:osfamily => 'RedHat',
|
||
}
|
||
end
|
||
let :facts do {
|
||
:clientcert => 'puppetmaster.example.com',
|
||
:concat_basedir => '/nonexistant',
|
||
:fqdn => 'puppetmaster.example.com',
|
||
:operatingsystemrelease => '6.5',
|
||
:osfamily => 'RedHat',
|
||
} end
|
||
|
||
describe 'with no custom parameters' do
|
||
let :pre_condition do
|
spec/classes/puppet_init_spec.rb | ||
---|---|---|
|
||
describe 'puppet' do
|
||
|
||
let(:facts) do
|
||
{
|
||
:fqdn => 'puppetmaster.example.com',
|
||
:clientcert => 'puppetmaster.example.com',
|
||
:osfamily => 'RedHat'
|
||
}
|
||
end
|
||
let :facts do {
|
||
:clientcert => 'puppetmaster.example.com',
|
||
:concat_basedir => '/nonexistant',
|
||
:fqdn => 'puppetmaster.example.com',
|
||
:operatingsystemrelease => '6.5',
|
||
:osfamily => 'RedHat',
|
||
} end
|
||
|
||
describe 'with no custom parameters' do
|
||
it { should contain_class('puppet::config') }
|
spec/classes/puppet_server_config_spec.rb | ||
---|---|---|
require 'spec_helper'
|
||
|
||
describe 'puppet::server::config' do
|
||
let :facts do
|
||
{
|
||
:osfamily => 'RedHat',
|
||
:rubyversion => '1.9.3',
|
||
:fqdn => 'puppetmaster.example.com',
|
||
:clientcert => 'puppetmaster.example.com',
|
||
}
|
||
end
|
||
let :facts do {
|
||
:clientcert => 'puppetmaster.example.com',
|
||
:concat_basedir => '/nonexistant',
|
||
:fqdn => 'puppetmaster.example.com',
|
||
:rubyversion => '1.9.3',
|
||
:operatingsystemrelease => '6.5',
|
||
:osfamily => 'RedHat',
|
||
} end
|
||
|
||
describe 'with no custom parameters' do
|
||
let :pre_condition do
|
spec/classes/puppet_server_passenger_spec.rb | ||
---|---|---|
require 'spec_helper'
|
||
|
||
describe 'puppet::server::passenger' do
|
||
let :facts do
|
||
{
|
||
:osfamily => 'RedHat',
|
||
:fqdn => 'puppetmaster.example.com',
|
||
:clientcert => 'puppetmaster.example.com',
|
||
}
|
||
let :facts do {
|
||
:concat_basedir => '/nonexistant',
|
||
:osfamily => 'RedHat',
|
||
:operatingsystemrelease => '6.5',
|
||
} end
|
||
|
||
it 'should include the puppet vhost' do
|
||
should contain_apache__vhost('puppet')
|
||
end
|
||
|
||
describe 'with no custom parameters' do
|
||
let :pre_condition do
|
||
"
|
||
class {'puppet': server => true}
|
||
"
|
||
end
|
||
|
||
it 'should include the puppet vhost' do
|
||
should contain_file('puppet_vhost').
|
||
with_content(/^Listen 8140$/).
|
||
with_content(/^<VirtualHost \*:8140>$/).
|
||
with_content(/^ SSLCertificateFile\s+\/var\/lib\/puppet\/ssl\/certs\/#{facts[:fqdn]}.pem$/).
|
||
with_content(/^ SSLCertificateKeyFile\s+\/var\/lib\/puppet\/ssl\/private_keys\/#{facts[:fqdn]}.pem$/).
|
||
with_content(/^ SSLCACertificateFile\s+\/var\/lib\/puppet\/ssl\/ca\/ca_crt.pem$/).
|
||
with_content(/^ SSLCertificateChainFile\s+\/var\/lib\/puppet\/ssl\/ca\/ca_crt.pem$/).
|
||
with_content(/^ SSLCARevocationFile\s+\/var\/lib\/puppet\/ssl\/ca\/ca_crl.pem$/).
|
||
with_content(/^ DocumentRoot \/etc\/puppet\/rack\/public\/$/).
|
||
with_content(/^ <Directory \/etc\/puppet\/rack>$/).
|
||
with_content(/^ PassengerMaxPoolSize 12$/).
|
||
with({
|
||
:path => '/etc/httpd/conf.d/puppet.conf',
|
||
:mode => '0644',
|
||
:notify => 'Exec[reload-apache]',
|
||
:before => /Service\[httpd\]/,
|
||
:require => /Class\[Puppet::Server::Rack\]/,
|
||
})
|
||
end
|
||
end
|
||
|
||
describe 'with no custom parameters' do
|
||
let :pre_condition do
|
||
"
|
||
class {'puppet':
|
||
server => true,
|
||
server_passenger_max_pool => 6,
|
||
}
|
||
"
|
||
end
|
||
it 'should override PassengerMaxPoolSize' do
|
||
should contain_file('puppet_vhost').with_content(/^ PassengerMaxPoolSize 6$/)
|
||
end
|
||
end
|
||
|
||
end
|
spec/classes/puppet_server_spec.rb | ||
---|---|---|
"class {'puppet': server => true}"
|
||
end
|
||
|
||
let :facts do
|
||
{
|
||
:osfamily => 'RedHat',
|
||
:fqdn => 'puppetmaster.example.com',
|
||
:clientcert => 'puppetmaster.example.com',
|
||
}
|
||
end
|
||
let :facts do {
|
||
:concat_basedir => '/nonexistant',
|
||
:clientcert => 'puppetmaster.example.com',
|
||
:fqdn => 'puppetmaster.example.com',
|
||
:operatingsystemrelease => '6.5',
|
||
:osfamily => 'RedHat',
|
||
} end
|
||
|
||
describe 'with no custom parameters' do
|
||
it 'should include classes' do
|
templates/server/puppet-vhost.conf.erb | ||
---|---|---|
<%= ERB.new(File.read(File.expand_path("../_header.erb",File.dirname(file)))).result(binding) -%>
|
||
# vim: ts=2:sw=2:et
|
||
|
||
Listen <%= @port %>
|
||
<VirtualHost *:<%= @port %>>
|
||
|
||
SSLEngine on
|
||
SSLProtocol -ALL +SSLv3 +TLSv1
|
||
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
|
||
|
||
SSLCertificateFile <%= @ssl_cert %>
|
||
SSLCertificateKeyFile <%= @ssl_cert_key %>
|
||
|
||
SSLCACertificateFile <%= @ssl_ca_cert %>
|
||
<% if @ssl_chain -%>
|
||
SSLCertificateChainFile <%= @ssl_chain %>
|
||
<% end -%>
|
||
<% if @ssl_ca_crl -%>
|
||
SSLCARevocationFile <%= @ssl_ca_crl %>
|
||
<% end -%>
|
||
|
||
SSLVerifyClient optional
|
||
SSLVerifyDepth 1
|
||
SSLOptions +StdEnvVars +ExportCertData
|
||
|
||
# The following client headers allow the same configuration to work with Pound.
|
||
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
|
||
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
|
||
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
|
||
RequestHeader unset X-Forwarded-For
|
||
|
||
# you probably want to tune these settings
|
||
PassengerHighPerformance on
|
||
PassengerMaxPoolSize <%= @passenger_max_pool %>
|
||
PassengerPoolIdleTime 1500
|
||
# PassengerMaxRequests 1000
|
||
PassengerStatThrottleRate 120
|
||
|
||
DocumentRoot <%= @app_root %>/public/
|
||
<Directory <%= @app_root %>>
|
||
Options None
|
||
AllowOverride None
|
||
<IfVersion < 2.4>
|
||
Order allow,deny
|
||
Allow from all
|
||
</IfVersion>
|
||
<IfVersion >= 2.4>
|
||
Require all granted
|
||
</IfVersion>
|
||
</Directory>
|
||
</VirtualHost>
|
Also available in: Unified diff
Switch from theforeman/apache to puppetlabs/apache
This silently ignores the PassengerMaxPoolSize parameter now.