Project

General

Profile

« Previous | Next » 

Revision c2728551

Added by Ewoud Kohl van Wijngaarden over 10 years ago

Switch from theforeman/apache to puppetlabs/apache

This silently ignores the PassengerMaxPoolSize parameter now.

View differences:

.fixtures.yml
fixtures:
repositories:
apache: 'https://github.com/theforeman/puppet-apache'
passenger: 'https://github.com/theforeman/puppet-passenger'
apache: 'https://github.com/puppetlabs/puppetlabs-apache'
concat: 'https://github.com/puppetlabs/puppetlabs-concat'
foreman: 'https://github.com/theforeman/puppet-foreman'
git: 'https://github.com/theforeman/puppet-git'
concat_native: 'https://github.com/theforeman/puppet-concat'
Modulefile
description 'Module for installing the Puppet agent and Puppet server'
project_page 'http://github.com/theforeman/foreman-installer'
dependency 'theforeman/apache', '>= 1.3.0'
dependency 'theforeman/concat_native', '>= 1.3.0'
dependency 'theforeman/git', '>= 1.3.0'
dependency 'theforeman/passenger', '>= 1.3.0'
dependency 'puppetlabs/apache', '>= 1.0.0'
dependency 'puppetlabs/stdlib'
manifests/server/passenger.pp
$user = $::puppet::server_user
) {
include ::puppet::server::rack
include ::apache::ssl
include ::apache::params
include ::passenger
include ::apache
case $::operatingsystem {
Debian,Ubuntu: {
......
}
}
file {'puppet_vhost':
path => "${apache::params::configdir}/puppet.conf",
content => template('puppet/server/puppet-vhost.conf.erb'),
mode => '0644',
notify => Exec['reload-apache'],
before => Service[$::puppet::server_httpd_service],
require => Class['::puppet::server::rack'],
$directories = [
{
'path' => "${app_root}/public/",
'passenger_enabled' => 'On',
},
]
# The following client headers allow the same configuration to work with Pound.
$request_headers = [
'set X-SSL-Subject %{SSL_CLIENT_S_DN}e',
'set X-Client-DN %{SSL_CLIENT_S_DN}e',
'set X-Client-Verify %{SSL_CLIENT_VERIFY}e',
'unset X-Forwarded-For',
]
apache::vhost { 'puppet':
docroot => "${app_root}/public/",
directories => $directories,
port => $port,
ssl => true,
ssl_cert => $ssl_cert,
ssl_key => $ssl_cert_key,
ssl_ca => $ssl_ca_cert,
ssl_crl => $ssl_ca_crl,
ssl_chain => $ssl_chain,
ssl_protocol => '-ALL +SSLv3 +TLSv1',
ssl_cipher => 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP',
ssl_verify_client => 'optional',
ssl_options => '+StdEnvVars +ExportCertData',
ssl_verify_depth => '1',
request_headers => $request_headers,
options => ['None'],
require => Class['::puppet::server::rack'],
}
}
spec/classes/puppet_agent_spec.rb
describe 'puppet::agent' do
let(:facts) do
{
:fqdn => 'puppetmaster.example.com',
:clientcert => 'puppetmaster.example.com',
:osfamily => 'RedHat',
}
end
let :facts do {
:clientcert => 'puppetmaster.example.com',
:concat_basedir => '/nonexistant',
:fqdn => 'puppetmaster.example.com',
:operatingsystemrelease => '6.5',
:osfamily => 'RedHat',
} end
describe 'with no custom parameters' do
let :pre_condition do
spec/classes/puppet_init_spec.rb
describe 'puppet' do
let(:facts) do
{
:fqdn => 'puppetmaster.example.com',
:clientcert => 'puppetmaster.example.com',
:osfamily => 'RedHat'
}
end
let :facts do {
:clientcert => 'puppetmaster.example.com',
:concat_basedir => '/nonexistant',
:fqdn => 'puppetmaster.example.com',
:operatingsystemrelease => '6.5',
:osfamily => 'RedHat',
} end
describe 'with no custom parameters' do
it { should contain_class('puppet::config') }
spec/classes/puppet_server_config_spec.rb
require 'spec_helper'
describe 'puppet::server::config' do
let :facts do
{
:osfamily => 'RedHat',
:rubyversion => '1.9.3',
:fqdn => 'puppetmaster.example.com',
:clientcert => 'puppetmaster.example.com',
}
end
let :facts do {
:clientcert => 'puppetmaster.example.com',
:concat_basedir => '/nonexistant',
:fqdn => 'puppetmaster.example.com',
:rubyversion => '1.9.3',
:operatingsystemrelease => '6.5',
:osfamily => 'RedHat',
} end
describe 'with no custom parameters' do
let :pre_condition do
spec/classes/puppet_server_passenger_spec.rb
require 'spec_helper'
describe 'puppet::server::passenger' do
let :facts do
{
:osfamily => 'RedHat',
:fqdn => 'puppetmaster.example.com',
:clientcert => 'puppetmaster.example.com',
}
let :facts do {
:concat_basedir => '/nonexistant',
:osfamily => 'RedHat',
:operatingsystemrelease => '6.5',
} end
it 'should include the puppet vhost' do
should contain_apache__vhost('puppet')
end
describe 'with no custom parameters' do
let :pre_condition do
"
class {'puppet': server => true}
"
end
it 'should include the puppet vhost' do
should contain_file('puppet_vhost').
with_content(/^Listen 8140$/).
with_content(/^<VirtualHost \*:8140>$/).
with_content(/^ SSLCertificateFile\s+\/var\/lib\/puppet\/ssl\/certs\/#{facts[:fqdn]}.pem$/).
with_content(/^ SSLCertificateKeyFile\s+\/var\/lib\/puppet\/ssl\/private_keys\/#{facts[:fqdn]}.pem$/).
with_content(/^ SSLCACertificateFile\s+\/var\/lib\/puppet\/ssl\/ca\/ca_crt.pem$/).
with_content(/^ SSLCertificateChainFile\s+\/var\/lib\/puppet\/ssl\/ca\/ca_crt.pem$/).
with_content(/^ SSLCARevocationFile\s+\/var\/lib\/puppet\/ssl\/ca\/ca_crl.pem$/).
with_content(/^ DocumentRoot \/etc\/puppet\/rack\/public\/$/).
with_content(/^ <Directory \/etc\/puppet\/rack>$/).
with_content(/^ PassengerMaxPoolSize 12$/).
with({
:path => '/etc/httpd/conf.d/puppet.conf',
:mode => '0644',
:notify => 'Exec[reload-apache]',
:before => /Service\[httpd\]/,
:require => /Class\[Puppet::Server::Rack\]/,
})
end
end
describe 'with no custom parameters' do
let :pre_condition do
"
class {'puppet':
server => true,
server_passenger_max_pool => 6,
}
"
end
it 'should override PassengerMaxPoolSize' do
should contain_file('puppet_vhost').with_content(/^ PassengerMaxPoolSize 6$/)
end
end
end
spec/classes/puppet_server_spec.rb
"class {'puppet': server => true}"
end
let :facts do
{
:osfamily => 'RedHat',
:fqdn => 'puppetmaster.example.com',
:clientcert => 'puppetmaster.example.com',
}
end
let :facts do {
:concat_basedir => '/nonexistant',
:clientcert => 'puppetmaster.example.com',
:fqdn => 'puppetmaster.example.com',
:operatingsystemrelease => '6.5',
:osfamily => 'RedHat',
} end
describe 'with no custom parameters' do
it 'should include classes' do
templates/server/puppet-vhost.conf.erb
<%= ERB.new(File.read(File.expand_path("../_header.erb",File.dirname(file)))).result(binding) -%>
# vim: ts=2:sw=2:et
Listen <%= @port %>
<VirtualHost *:<%= @port %>>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile <%= @ssl_cert %>
SSLCertificateKeyFile <%= @ssl_cert_key %>
SSLCACertificateFile <%= @ssl_ca_cert %>
<% if @ssl_chain -%>
SSLCertificateChainFile <%= @ssl_chain %>
<% end -%>
<% if @ssl_ca_crl -%>
SSLCARevocationFile <%= @ssl_ca_crl %>
<% end -%>
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +ExportCertData
# The following client headers allow the same configuration to work with Pound.
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
RequestHeader unset X-Forwarded-For
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize <%= @passenger_max_pool %>
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
DocumentRoot <%= @app_root %>/public/
<Directory <%= @app_root %>>
Options None
AllowOverride None
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
</VirtualHost>

Also available in: Unified diff