Using Mongrel On Debian
Version 4 (romuald FREBAULT, 12/27/2011 06:07 am)
| 1 | 1 | # Complete Mongrel Setup For Debian |
|
|---|---|---|---|
| 2 | 1 | ||
| 3 | 4 | romuald FREBAULT | this is a quick how-to for setting up mongrel with apache and puppet |
| 4 | 1 | ||
| 5 | 4 | romuald FREBAULT | We assume that you already installed puppet and apache2 |
| 6 | 1 | ||
| 7 | 4 | romuald FREBAULT | * Setup mongrel |
| 8 | 1 | ||
| 9 | 4 | romuald FREBAULT | **N.B:** *puppetmaster 2.6 and newer knows how to work with mongrel starting multiple puppet instances. |
| 10 | 4 | romuald FREBAULT | So we won't have to install mongrel-cluster* |
| 11 | 1 | ||
| 12 | 4 | romuald FREBAULT | <pre> |
| 13 | 4 | romuald FREBAULT | sudo apt-get install mongrel |
| 14 | 4 | romuald FREBAULT | </pre> |
| 15 | 1 | ||
| 16 | 4 | romuald FREBAULT | * Enable some apache modules |
| 17 | 1 | ||
| 18 | 4 | romuald FREBAULT | <pre> |
| 19 | 4 | romuald FREBAULT | sudo a2enmod headers proxy proxy_http proxy_balancer ssl |
| 20 | 4 | romuald FREBAULT | </pre> |
| 21 | 1 | ||
| 22 | 4 | romuald FREBAULT | reload apache2 |
| 23 | 1 | ||
| 24 | 4 | romuald FREBAULT | <pre> |
| 25 | 4 | romuald FREBAULT | sudo /etc/init.d/apache2 reload |
| 26 | 4 | romuald FREBAULT | </pre> |
| 27 | 1 | ||
| 28 | 4 | romuald FREBAULT | * Edit the puppetmaster default file |
| 29 | 1 | ||
| 30 | 4 | romuald FREBAULT | <pre> |
| 31 | 4 | romuald FREBAULT | sudo vi /etc/default/puppetmaster |
| 32 | 4 | romuald FREBAULT | </pre> |
| 33 | 4 | romuald FREBAULT | |
| 34 | 4 | romuald FREBAULT | <pre> |
| 35 | 4 | romuald FREBAULT | #tell puppet to use mongrel |
| 36 | 4 | romuald FREBAULT | SERVERTYPE=mongrel |
| 37 | 4 | romuald FREBAULT | |
| 38 | 4 | romuald FREBAULT | # How many puppetmaster instances to start? |
| 39 | 4 | romuald FREBAULT | PUPPETMASTERS=100 |
| 40 | 4 | romuald FREBAULT | |
| 41 | 4 | romuald FREBAULT | # What port should the puppetmaster listen on. |
| 42 | 4 | romuald FREBAULT | # NOTE: if you are using mongrel, then you will need to have a |
| 43 | 4 | romuald FREBAULT | # front-end web-proxy (such as apache, nginx, pound) that takes |
| 44 | 4 | romuald FREBAULT | # incoming requests on the port your clients are connecting to |
| 45 | 4 | romuald FREBAULT | # (default is: 8140), and then passes them off to the mongrel |
| 46 | 4 | romuald FREBAULT | # processes. In this case it is recommended to run your web-proxy on |
| 47 | 4 | romuald FREBAULT | # port 8140 and change the below number to something else, such as |
| 48 | 4 | romuald FREBAULT | # 18140. |
| 49 | 4 | romuald FREBAULT | PORT=18140 |
| 50 | 4 | romuald FREBAULT | </pre> |
| 51 | 4 | romuald FREBAULT | |
| 52 | 4 | romuald FREBAULT | in my case, i use 100 instances of puppetmaster listening, but you're not compel to, it will depend on your architecture and the number of nodes. |
| 53 | 4 | romuald FREBAULT | |
| 54 | 4 | romuald FREBAULT | restart the puppetmaster |
| 55 | 4 | romuald FREBAULT | |
| 56 | 4 | romuald FREBAULT | <pre> |
| 57 | 4 | romuald FREBAULT | sudo /etc/init.d/puppetmaster restart |
| 58 | 4 | romuald FREBAULT | </pre> |
| 59 | 4 | romuald FREBAULT | |
| 60 | 4 | romuald FREBAULT | list your processes |
| 61 | 4 | romuald FREBAULT | <pre> |
| 62 | 4 | romuald FREBAULT | ps -ef | grep puppet |
| 63 | 4 | romuald FREBAULT | </pre> |
| 64 | 4 | romuald FREBAULT | |
| 65 | 4 | romuald FREBAULT | <pre> |
| 66 | 4 | romuald FREBAULT | /usr/bin/ruby1.8 /usr/bin/puppet master --servertype=mongrel --masterport=18140 --pidfile=/var/run/puppet/master-18140.pid |
| 67 | 4 | romuald FREBAULT | /usr/bin/puppet master --servertype=mongrel --masterport=18141 --pidfile=/var/run/puppet/master-18141.pid |
| 68 | 4 | romuald FREBAULT | /usr/bin/puppet master --servertype=mongrel --masterport=18142 --pidfile=/var/run/puppet/master-18142.pid |
| 69 | 4 | romuald FREBAULT | /usr/bin/puppet master --servertype=mongrel --masterport=18143 --pidfile=/var/run/puppet/master-18143.pid |
| 70 | 4 | romuald FREBAULT | </pre> |
| 71 | 4 | romuald FREBAULT | |
| 72 | 4 | romuald FREBAULT | * create a virtualhost |
| 73 | 4 | romuald FREBAULT | |
| 74 | 4 | romuald FREBAULT | this virtual host was adapted from puppet documentation |
| 75 | 4 | romuald FREBAULT | |
| 76 | 4 | romuald FREBAULT | <pre> |
| 77 | 4 | romuald FREBAULT | sudo vi /etc/apache2/sites-available/puppetmaster |
| 78 | 4 | romuald FREBAULT | </pre> |
| 79 | 4 | romuald FREBAULT | |
| 80 | 4 | romuald FREBAULT | <pre> |
| 81 | 4 | romuald FREBAULT | Listen 8140 |
| 82 | 4 | romuald FREBAULT | |
| 83 | 4 | romuald FREBAULT | ProxyRequests Off |
| 84 | 4 | romuald FREBAULT | ProxyBadHeader Ignore |
| 85 | 4 | romuald FREBAULT | |
| 86 | 4 | romuald FREBAULT | |
| 87 | 4 | romuald FREBAULT | <Proxy balancer://puppetmaster> |
| 88 | 4 | romuald FREBAULT | BalancerMember http://127.0.0.1:18140 |
| 89 | 4 | romuald FREBAULT | </Proxy> |
| 90 | 4 | romuald FREBAULT | |
| 91 | 4 | romuald FREBAULT | <VirtualHost *:8140> |
| 92 | 4 | romuald FREBAULT | SSLEngine On |
| 93 | 4 | romuald FREBAULT | SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA |
| 94 | 4 | romuald FREBAULT | SSLCertificateFile /var/lib/puppet/ssl/certs/puppethost.domain.name.pem |
| 95 | 4 | romuald FREBAULT | SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppethost.domain.name.pem |
| 96 | 4 | romuald FREBAULT | SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem |
| 97 | 4 | romuald FREBAULT | SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem |
| 98 | 4 | romuald FREBAULT | SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem |
| 99 | 4 | romuald FREBAULT | |
| 100 | 4 | romuald FREBAULT | SSLVerifyClient optional |
| 101 | 4 | romuald FREBAULT | SSLVerifyDepth 1 |
| 102 | 4 | romuald FREBAULT | SSLOptions +StdEnvVars |
| 103 | 4 | romuald FREBAULT | |
| 104 | 4 | romuald FREBAULT | RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e |
| 105 | 4 | romuald FREBAULT | RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e |
| 106 | 4 | romuald FREBAULT | RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e |
| 107 | 4 | romuald FREBAULT | |
| 108 | 4 | romuald FREBAULT | <Location /> |
| 109 | 4 | romuald FREBAULT | SetHandler balancer-manager |
| 110 | 4 | romuald FREBAULT | Order allow,deny |
| 111 | 4 | romuald FREBAULT | Allow from all |
| 112 | 4 | romuald FREBAULT | </Location> |
| 113 | 4 | romuald FREBAULT | |
| 114 | 4 | romuald FREBAULT | ProxyPass / balancer://puppetmaster/ |
| 115 | 4 | romuald FREBAULT | ProxyPassReverse / balancer://puppetmaster/ |
| 116 | 4 | romuald FREBAULT | ProxyPreserveHost On |
| 117 | 4 | romuald FREBAULT | |
| 118 | 4 | romuald FREBAULT | ErrorLog /var/log/apache2/error.log |
| 119 | 4 | romuald FREBAULT | CustomLog /var/log/apache2/access.log combined |
| 120 | 4 | romuald FREBAULT | CustomLog /var/log/apache2/balancer_ssl_requests.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" |
| 121 | 4 | romuald FREBAULT | |
| 122 | 4 | romuald FREBAULT | </VirtualHost> |
| 123 | 4 | romuald FREBAULT | |
| 124 | 4 | romuald FREBAULT | |
| 125 | 4 | romuald FREBAULT | </pre> |
| 126 | 4 | romuald FREBAULT | |
| 127 | 4 | romuald FREBAULT | |
| 128 | 4 | romuald FREBAULT | replace puppethost.domain.name with your hostname |
| 129 | 4 | romuald FREBAULT | |
| 130 | 4 | romuald FREBAULT | reload apache2 |
| 131 | 4 | romuald FREBAULT | |
| 132 | 4 | romuald FREBAULT | <pre> |
| 133 | 4 | romuald FREBAULT | sudo /etc/init.d/apache2 reload |
| 134 | 4 | romuald FREBAULT | </pre> |
| 135 | 4 | romuald FREBAULT | |
| 136 | 4 | romuald FREBAULT | |
| 137 | 4 | romuald FREBAULT | |
| 138 | 4 | romuald FREBAULT | you should now be able to rum puppet client on a node and get your modifications applies or your packages installed |
| 139 | 4 | romuald FREBAULT | |
| 140 | 4 | romuald FREBAULT | *NB*: on some architecture you'll have to modify /etc/apache2/apache.conf to tune mpm_worker_module |
| 141 | 4 | romuald FREBAULT | |
| 142 | 4 | romuald FREBAULT | hope this will help |
| 143 | 4 | romuald FREBAULT | waiting for your comments |