Complete Mongrel Setup For Debian¶
this is a quick how-to for setting up mongrel with apache and puppet
We assume that you already installed puppet and apache2
- Setup mongrel
N.B: puppetmaster 2.6 and newer knows how to work with mongrel starting multiple puppet instances. So we won’t have to install mongrel-cluster
sudo apt-get install mongrel
- Enable some apache modules
sudo a2enmod headers proxy proxy_http proxy_balancer ssl
reload apache2
sudo /etc/init.d/apache2 reload
- Edit the puppetmaster default file
sudo vi /etc/default/puppetmaster
#tell puppet to use mongrel SERVERTYPE=mongrel # How many puppetmaster instances to start? PUPPETMASTERS=100 # What port should the puppetmaster listen on. # NOTE: if you are using mongrel, then you will need to have a # front-end web-proxy (such as apache, nginx, pound) that takes # incoming requests on the port your clients are connecting to # (default is: 8140), and then passes them off to the mongrel # processes. In this case it is recommended to run your web-proxy on # port 8140 and change the below number to something else, such as # 18140. PORT=18140
in my case, i use 100 instances of puppetmaster listening, but you’re not compel to, it will depend on your architecture and the number of nodes.
restart the puppetmaster
sudo /etc/init.d/puppetmaster restart
list your processes
ps -ef | grep puppet
/usr/bin/ruby1.8 /usr/bin/puppet master --servertype=mongrel --masterport=18140 --pidfile=/var/run/puppet/master-18140.pid /usr/bin/puppet master --servertype=mongrel --masterport=18141 --pidfile=/var/run/puppet/master-18141.pid /usr/bin/puppet master --servertype=mongrel --masterport=18142 --pidfile=/var/run/puppet/master-18142.pid /usr/bin/puppet master --servertype=mongrel --masterport=18143 --pidfile=/var/run/puppet/master-18143.pid
- create a virtualhost
this virtual host was adapted from puppet documentation
sudo vi /etc/apache2/sites-available/puppetmaster
Listen 8140 ProxyRequests Off ProxyBadHeader IgnoreBalancerMember http://127.0.0.1:18140 SSLEngine On SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLCertificateFile /var/lib/puppet/ssl/certs/puppethost.domain.name.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppethost.domain.name.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e SetHandler balancer-manager Order allow,deny Allow from all ProxyPass / balancer://puppetmaster/ ProxyPassReverse / balancer://puppetmaster/ ProxyPreserveHost On ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/access.log combined CustomLog /var/log/apache2/balancer_ssl_requests.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
replace puppethost.domain.name with your hostname
reload apache2
sudo /etc/init.d/apache2 reload
you should now be able to rum puppet client on a node and get your modifications applies or your packages installed
NB: on some architecture you’ll have to modify /etc/apache2/apache.conf to tune mpm_worker_module
hope this will help waiting for your comments