Puppet Class: puppetmaster::passenger

Defined in:
modules/puppetmaster/manifests/passenger.pp

Overview

Class: puppetmaster::passenger

This class handles the Apache Passenger specific parts of a Puppetmaster

Parameters:

- $bind_address:
    The IP address Apache will bind to
- $verify_client:
    Whether apache mod_ssl will verify the client (SSLVerifyClient option)
- $allow_from:
    Adds an Allow from statement (order Allow,Deny), limiting access
    to the passenger service.
- $deny_from:
    Adds a Deny from statement (order Allow,Deny), limiting access
    to the passenger service.

Parameters:

  • bind_address (Any)
  • verify_client (Any)
  • allow_from (Any)
  • deny_from (Any)


16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# File 'modules/puppetmaster/manifests/passenger.pp', line 16

class puppetmaster::passenger(
    $bind_address,
    $verify_client,
    $allow_from,
    $deny_from,
) {

    include ::sslcert::dhparam

    # Set a unicode capable locale to avoid "SERVER: invalid byte sequence in
    # US-ASCII" errors when puppetmaster is started with LANG that doesn't
    # support non-ASCII encoding.
    # See <https://tickets.puppetlabs.com/browse/PUP-1386#comment-62325>
    $vars = { 'LANG' => 'en_US.UTF-8' }
    httpd::conf { 'use-utf-locale':
        ensure    => present,
        conf_type => 'env',
        content   => shell_exports($vars),
    }

    httpd::conf { 'passenger':
        content  => template('puppetmaster/passenger.conf.erb'),
        priority => 10,
    }

    httpd::conf { 'puppetmaster_ports':
        content => template('puppetmaster/ports.conf.erb'),
    }

    # Place an empty puppet-master.conf file to prevent creation of this file
    # at package install time. Apache breaks if that happens. T179102
    file { '/etc/apache2/sites-available/puppet-master.conf':
        ensure  => present,
        content => '# This file intentionally left blank by puppet - T179102'
    }
    file { '/etc/apache2/sites-enabled/puppet-master.conf':
        ensure  => link,
        target  => '/etc/apache2/sites-available/puppet-master.conf',
        require => File['/etc/apache2/sites-available/puppet-master.conf'],
    }

    package { 'puppet-master-passenger':
        ensure => present,
    }

    # Since we are running puppet via passenger, we need to ensure
    # the puppetmaster service is stopped, since they use the same port
    # and will conflict when both started.
    if defined(Class['puppetmaster']) {
        service { 'puppetmaster':
            ensure => stopped,
            enable => false,
            before => Class['::httpd'],
        }
        # We also make sure puppet master can not be manually started
        file { '/etc/default/puppetmaster':
            ensure  => present,
            owner   => 'root',
            group   => 'root',
            mode    => '0444',
            source  => 'puppet:///modules/puppetmaster/default',
            require => [
                Package['puppet-master-passenger']
            ],
        }
    }

    # Rotate apache logs is now managed via the httpd class
    logrotate::conf { 'passenger':
        ensure => absent,
    }
}