Puppet - passenger: Difference between revisions

From ICO wiki
Jump to navigationJump to search
Mernits (talk | contribs)
No edit summary
Mernits (talk | contribs)
 
(20 intermediate revisions by the same user not shown)
Line 1: Line 1:
=Sissejuhatus=
Seadistame puppetmasteri teenuse kasutamaks passenger moodulit ja apache2 veebiserverit. Näidetes on kasutatud puppetmasteri nime puppet.planet.zz
=Tarkvara paigaldamine=
<source lang="bash">
<source lang="bash">
sudo apt-get install apache2 ruby1.8-dev rubygems
sudo apt-get install apache2 ruby1.8-dev rubygems
Line 14: Line 20:
sudo mkdir -p /usr/share/puppet/rack/puppetmasterd
sudo mkdir -p /usr/share/puppet/rack/puppetmasterd
sudo mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp
sudo mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp
sudo cp /usr/share/puppet/ext/rack/files/config.ru /usr/share/puppet/rack/puppetmasterd/
sudo cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/
sudo chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru
 
</source>
</source>
Peatame puppet teenuse ja keelame automaatse käivituse alglaadimisel
<source lang="bash">
sudo service puppetmaster stop
sudo update-rc.d -f puppetmaster remove
service apache2 restart
</source>
=Apache konfigureerimine=
Loome uue SSL konfi /etc/apache2/sites-available/puppet.planet.zz alljärgneva sisuga:
Faili sisu
<source lang="apache">
<IfModule mod_ssl.c>
LoadModule passenger_module /var/lib/gems/1.8/gems/passenger-4.0.37/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
PassengerRoot /var/lib/gems/1.8/gems/passenger-4.0.37
PassengerDefaultRuby /usr/bin/ruby1.8
</IfModule>
# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
#RackAutoDetect Off
#RailsAutoDetect Off
NameVirtualhost *:8140
Listen 8140
<VirtualHost *:8140>
ServerAdmin webmaster@localhost
        DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
        RackBaseURI /
        <Directory /usr/share/puppet/rack/puppetmasterd/>
                Options None
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
        SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
        SSLCertificateFile      /var/lib/puppet/ssl/certs/puppet.planet.zz.pem
        SSLCertificateKeyFile  /var/lib/puppet/ssl/private_keys/puppet.planet.zz.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile    /var/lib/puppet/ssl/certs/ca.pem
SSLCARevocationFile    /var/lib/puppet/ssl/crl.pem
SSLOptions +StdEnvVars +ExportCertData
        SSLVerifyClient optional
        SSLVerifyDepth  1
        RequestHeader unset X-Forwarded-For
        RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
</VirtualHost>
</IfModule>
</source>
Lubame virtualhosti puppet.planet.zz
<source lang="bash">
a2ensite puppet.planet.zz
</source>
Taaskäivitage veebiserver
<source lang="bash">
service apache2 restart
</source>
Testimiseks mine lehele: https://puppet.planet.zz:8140/
Kui kuvatakse:
<pre>
The environment must be purely alphanumeric, not ''
</pre>
Siis on keskkond seadistatud.

Latest revision as of 13:01, 30 January 2014

Sissejuhatus

Seadistame puppetmasteri teenuse kasutamaks passenger moodulit ja apache2 veebiserverit. Näidetes on kasutatud puppetmasteri nime puppet.planet.zz


Tarkvara paigaldamine

sudo apt-get install apache2 ruby1.8-dev rubygems
sudo a2enmod ssl
sudo a2enmod headers
sudo service apache2 restart
sudo gem install rack passenger
sudo apt-get install libcurl4-openssl-dev
sudo apt-get install apache2-threaded-dev
sudo apt-get install zlib1g-dev
sudo apt-get install libapr1-dev
sudo apt-get install libaprutil1-dev
sudo apt-get install apache2-threaded-dev
sudo passenger-install-apache2-module
sudo mkdir -p /usr/share/puppet/rack/puppetmasterd
sudo mkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp
sudo cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/
sudo chown puppet:puppet /usr/share/puppet/rack/puppetmasterd/config.ru

Peatame puppet teenuse ja keelame automaatse käivituse alglaadimisel


sudo service puppetmaster stop
sudo update-rc.d -f puppetmaster remove
service apache2 restart

Apache konfigureerimine

Loome uue SSL konfi /etc/apache2/sites-available/puppet.planet.zz alljärgneva sisuga:

Faili sisu

<IfModule mod_ssl.c>

LoadModule passenger_module /var/lib/gems/1.8/gems/passenger-4.0.37/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
 PassengerRoot /var/lib/gems/1.8/gems/passenger-4.0.37
 PassengerDefaultRuby /usr/bin/ruby1.8
</IfModule>


# you probably want to tune these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
#RackAutoDetect Off
#RailsAutoDetect Off

NameVirtualhost *:8140
Listen 8140

<VirtualHost *:8140>
	ServerAdmin webmaster@localhost
        DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
        RackBaseURI /
        <Directory /usr/share/puppet/rack/puppetmasterd/>
                Options None
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

	ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
	LogLevel warn
	CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

	SSLEngine on
	SSLProtocol -ALL +SSLv3 +TLSv1
        SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
        SSLCertificateFile      /var/lib/puppet/ssl/certs/puppet.planet.zz.pem
        SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppet.planet.zz.pem

	SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
	SSLCACertificateFile    /var/lib/puppet/ssl/certs/ca.pem
	SSLCARevocationFile     /var/lib/puppet/ssl/crl.pem

	SSLOptions +StdEnvVars +ExportCertData

        SSLVerifyClient optional

        SSLVerifyDepth  1

        RequestHeader unset X-Forwarded-For

        RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
        RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

</VirtualHost>
</IfModule>

Lubame virtualhosti puppet.planet.zz

a2ensite puppet.planet.zz

Taaskäivitage veebiserver

service apache2 restart


Testimiseks mine lehele: https://puppet.planet.zz:8140/

Kui kuvatakse:

The environment must be purely alphanumeric, not ''

Siis on keskkond seadistatud.