+1, with a comment or two below On Apr 28, 2009, at 3:41 PM, Christian Hofstaedtler wrote:
> > From: Christian Hofstaedtler <[email protected]> > > > Signed-off-by: Christian Hofstaedtler <[email protected]> > --- > ext/rack/README | 76 ++++++++++++++++++++++ > +++++++++ > ext/rack/apache2.conf | 24 ++++++++++ > ext/rack/config.ru | 16 +++++++ > lib/puppet/application/puppetmasterd.rb | 22 +++++++-- > spec/unit/application/puppetmasterd.rb | 41 +++++++++++++++++ > 5 files changed, 174 insertions(+), 5 deletions(-) > create mode 100644 ext/rack/README > create mode 100644 ext/rack/apache2.conf > create mode 100644 ext/rack/config.ru > > diff --git a/ext/rack/README b/ext/rack/README > new file mode 100644 > index 0000000..dc15158 > --- /dev/null > +++ b/ext/rack/README > @@ -0,0 +1,76 @@ > + > +PUPPETMASTER AS A RACK APPLICATION > +================================== > + > +puppetmaster can now be hosted as a standard Rack application. A > proper > +config.ru is provided for this. > + > +For more details about rack, see http://rack.rubyforge.org/ . > + > +Getting started > +=============== > + > +You'll need rack installed. Puppetmaster has only been tested with > version > +0.9.1. > + > + > +WEBrick > +------- > + > +WEBrick is currently not supported as a Rack host. You'll be better > off > +just running puppetmasterd directly. > + > + > +Mongrel > +------- > + > +If you like Mongrel, and want to replicate wiki:UsingMongrel, you > could > +probably start your backend mongrels this way: > + > +cd ext/rack > +for port in `seq 18140 18150`; do > + rackup --server mongrel --port $port & > +done > + > +rackup is part of the rack gem. Make sure it's in your path. > + > + > + > +Apache with Passenger (aka mod_rails) > +------------------------------------- > + > +Make sure puppetmasterd ran at least once, so the SSL certificates > +got set up. Is this still true? I expect things to work better now, and if not, it's quite easy (using Puppet::SSL::Host) to generate the certs. > > +Install Rack: > + gem install -v 0.9.1 rack > + > +Install Apache and Passenger: > + apt-get install apache2 > + gem install passenger > + passenger-install-apache2-module > + (See the Passenger installation instructions [1] for details.) > + > +Enable Apache modules: > + a2enmod ssl > + a2enmod headers > + > +Configure Apache: > + cp apache2.conf /etc/apache2/conf.d/puppetmasterd > + vim /etc/apache2/conf.d/puppetmasterd (replace the server > hostnames) > + > +Install the rack application [2]: > + chown puppet ext/rack/config.ru > + > +Go: > +/etc/init.d/apache2 restart This could almost be a puppet manifest. :) > > +[1] http://www.modrails.com/install.html > + > +[2] Passenger will not let applications run as root or the Apache > user, > +instead an implicit setuid will be done, to the user whom owns > +config.ru. Therefore, config.ru shall be owned by the puppet user. > + > + > + > diff --git a/ext/rack/apache2.conf b/ext/rack/apache2.conf > new file mode 100644 > index 0000000..0711316 > --- /dev/null > +++ b/ext/rack/apache2.conf > @@ -0,0 +1,24 @@ > +Listen 8140 > +<VirtualHost *:8140> > + SSLEngine on > + SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA > + SSLCertificateFile /var/lib/puppet/ssl/certs/puppet- > server.inqnet.at.pem > + SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet- > server.inqnet.at.pem > + SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem > + SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem > + # If Apache complains about invalid signatures on the CRL, you can > try disabling > + # CRL checking by commenting the next line. > + SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem > + SSLVerifyClient optional > + SSLVerifyDepth 1 > + SSLOptions +StdEnvVars > + > + RackAutoDetect On > + DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/ > + <Directory /usr/share/puppet/rack/puppetmasterd/> > + Options None > + AllowOverride None > + Order allow,deny > + allow from all > + </Directory> > +</VirtualHost> > diff --git a/ext/rack/config.ru b/ext/rack/config.ru > new file mode 100644 > index 0000000..171b07e > --- /dev/null > +++ b/ext/rack/config.ru > @@ -0,0 +1,16 @@ > +# a config.ru, for use with every rack-compatible webserver. > +# SSL needs to be handled outside this, though. > + > +# if puppet is not in your RUBYLIB: > +$:.push('/home/ch/puppet-cleanrack/lib') > + > +require 'puppet' > +Puppet.settings[:name] = "puppetmasterd" > + > +ARGV << "--debug" > +ARGV << "--rack" > +require 'puppet/application/puppetmasterd' > +# we're usually running inside a Rack::Builder.new {} block, > +# therefore we need to call run *here*. > +run Puppet::Application[:puppetmasterd].run > + > diff --git a/lib/puppet/application/puppetmasterd.rb b/lib/puppet/ > application/puppetmasterd.rb > index fe92bca..85dc58f 100644 > --- a/lib/puppet/application/puppetmasterd.rb > +++ b/lib/puppet/application/puppetmasterd.rb > @@ -2,6 +2,7 @@ require 'puppet' > require 'puppet/application' > require 'puppet/daemon' > require 'puppet/network/server' > +require 'puppet/network/http/rack' if Puppet.features.rack? > > Puppet::Application.new(:puppetmasterd) do > > @@ -10,6 +11,9 @@ Puppet::Application.new(:puppetmasterd) do > option("--debug", "-d") > option("--verbose", "-v") > > + # internal option, only to be used by ext/rack/config.ru > + option("--rack") > + > option("--logdest", "-l") do |arg| > begin > Puppet::Util::Log.newdestination(arg) > @@ -59,8 +63,6 @@ Puppet::Application.new(:puppetmasterd) do > xmlrpc_handlers << :CA > end > > - @daemon.server = > Puppet::Network::Server.new(:xmlrpc_handlers => xmlrpc_handlers) > - > # Make sure we've got a localhost ssl cert > Puppet::SSL::Host.localhost > > @@ -80,11 +82,21 @@ Puppet::Application.new(:puppetmasterd) do > end > end > > - @daemon.daemonize if Puppet[:daemonize] > + if not options[:rack] As with Brice, I prefer 'unless options[:rack]'. > > + @daemon.server = > Puppet::Network::Server.new(:xmlrpc_handlers => xmlrpc_handlers) > + @daemon.daemonize if Puppet[:daemonize] > + else > + require 'puppet/network/http/rack' > + @app = Puppet::Network::HTTP::Rack.new(:xmlrpc_handlers > => xmlrpc_handlers, :protocols => [:rest, :xmlrpc]) > + end I'd think that you could still do Network::Server.new, because it basically just passes through to the Rack instance, right? > > Puppet.notice "Starting Puppet server version %s" % > [Puppet.version] > > - @daemon.start > + if not options[:rack] > + @daemon.start > + else > + return @app > + end And for these, they could almost just be noops in the Rack app, but I suppose that would be more confusing. Certainly 'start' could reasonable be a noop, anyway. Both of these are small points, btw. > > end > > setup do > @@ -96,7 +108,7 @@ Puppet::Application.new(:puppetmasterd) do > Puppet::Util::Log.level = :info > end > > - unless Puppet[:daemonize] > + unless Puppet[:daemonize] or options[:rack] > Puppet::Util::Log.newdestination(:console) > options[:setdest] = true > end > diff --git a/spec/unit/application/puppetmasterd.rb b/spec/unit/ > application/puppetmasterd.rb > index 5b193eb..df6f878 100644 > --- a/spec/unit/application/puppetmasterd.rb > +++ b/spec/unit/application/puppetmasterd.rb > @@ -131,6 +131,14 @@ describe "PuppetMaster" do > @puppetmasterd.run_setup > end > > + it "should set syslog as the log destination if --rack" do > + @puppetmasterd.options.stubs(: > []).with(:rack).returns(:true) > + > + Puppet::Log.expects(:newdestination).with(:syslog) > + > + @puppetmasterd.run_setup > + end > + > it "should print puppet config if asked to in Puppet config" > do > @puppetmasterd.stubs(:exit) > Puppet.settings.stubs(:print_configs?).returns(true) > @@ -255,6 +263,8 @@ describe "PuppetMaster" do > @puppetmasterd.run_preinit > @server = stub_everything 'server' > Puppet::Network::Server.stubs(:new).returns(@server) > + @app = stub_everything 'app' > + Puppet::Network::HTTP::Rack.stubs(:new).returns(@app) > Puppet::SSL::Host.stubs(:localhost) > Puppet::SSL::CertificateAuthority.stubs(:ca?) > Process.stubs(:uid).returns(1000) > @@ -325,6 +335,37 @@ describe "PuppetMaster" do > @puppetmasterd.main > end > > + describe "with --rack" do > + confine "Rack is not available" => > Puppet.features.rack? > + > + it "it should create the app with REST and XMLRPC > support" do > + @puppetmasterd.options.stubs(: > []).with(:rack).returns(:true) > + > + Puppet::Network::HTTP::Rack.expects(:new).with > { |args| > + args[:xmlrpc_handlers] == > [:Status, :FileServer, :Master, :Report, :Filebucket] and > + args[:protocols] == [:rest, :xmlrpc] > + } > + > + @puppetmasterd.main > + end > + > + it "it should not start a daemon" do > + @puppetmasterd.options.stubs(: > []).with(:rack).returns(:true) > + > + @daemon.expects(:start).never > + > + @puppetmasterd.main > + end > + > + it "it should return the app" do > + @puppetmasterd.options.stubs(: > []).with(:rack).returns(:true) > + > + app = @puppetmasterd.main > + app.should equal(@app) > + end > + > + end > + > end > end > end > -- > 1.5.6.5 > > > > -- An ounce of action is worth a ton of theory. --Friedrich Engels --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en -~----------~----~----~----~------~----~------~--~---
