| Using Passenger | ||
|---|---|---|
 | Wheezy Puppetmaster |  |
| Using Passenger | ||
|---|---|---|
| | Wheezy Puppetmaster | |
Install the packages
(See PUPPETMASTER AS A RACK APPLICATION:)
apprentice@puppet:~$ sudo service puppetmaster stop
apprentice@puppet:~$ sudo apt-get install puppetmaster-passenger
Yes, it's that simple.
Puppet is behind Apache now.
Just don't forget to prevent the puppetmaster from running standalone in /etc/default/puppetmaster:
START=no <snip>
Put PuppetDB behind an SSL proxy
Modify /etc/puppet/puppetdb.conf to use localhost:
[main] server = localhost port = 8081
... modify /etc/puppetdb/conf.d/jetty.ini:
[jetty] # Hostname to list for clear-text HTTP. Default is localhost #host = localhost # Port to listen on for clear-text HTTP. port = 8080 ssl-host = host06.servers.mydomain.com ssl-port = 8082 keystore = /etc/puppetdb/ssl/keystore.jks truststore = /etc/puppetdb/ssl/truststore.jks key-password = UY1nVMfZysidmenjmTGtt3Ge8 trust-password = UY1nVMfZysidmenjmTGtt3Ge8
![[Note]](http://jurjenbokma.com/ApprenticesNotes/images/admon/note.png) | Note |
|---|---|
That port 8082 is closed by Shorewall. We 're not going to use it. |
Edit /etc/apache2/sites-available/puppetdb-proxy:
Listen 8081
<VirtualHost *:8081>
ServerName localhost
SSLEngine on
SSLCertificateFile /var/lib/puppet/ssl/certs/localhost.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/localhost.pem
ProxyRequests Off
ProxyPreserveHost On
ProxyStatus On
ProxyPass / http://localhost:8080/
#ProxyPassReverse / http://localhost:8080/
#ProxyHTMLLogVerbose On
LogLevel Info
<Proxy *>
Order Deny,Allow
Allow from all
</Proxy>
</VirtualHost>
... generate puppet certificates for localhost:
apprentice@puppet:~$ sudo puppet cert generate localhost
Enable and restart services
apprentice@puppet:~$ sudo service puppetdb restart
apprentice@puppet:~$ sudo a2ensite puppetdb-proxy
apprentice@puppet:~$ sudo a2enmod proxy_http
Run the client once more
apprentice@some-client:~$ sudo puppet agent --no-daemonize --verbose --waitforcert 10 --no-splay
notice: Starting Puppet client version 2.7.11
info: Caching catalog for some-client.mydomain.com
info: Applying configuration version '1355405046'
notice: Finished catalog run in 0.21 seconds
Verify that something was reported to puppetdb
(You 're going to need the passwd that is stored in /etc/puppetdb/conf.d/database.ini
apprentice@puppet:~$ psql -U puppetdb -W puppetdb
Password for user puppetdb:
psql (9.1.6)
Type "help" for help.
puppetdb=> \d
List of relations
Schema | Name | Type | Owner
--------+-------------------------+-------+----------
public | catalog_resources | table | puppetdb
public | catalogs | table | puppetdb
public | certname_catalogs | table | puppetdb
public | certname_facts | table | puppetdb
public | certname_facts_metadata | table | puppetdb
public | certnames | table | puppetdb
public | classes | table | puppetdb
public | edges | table | puppetdb
public | resource_params | table | puppetdb
public | schema_migrations | table | puppetdb
public | tags | table | puppetdb
(11 rows)
puppetdb=> select * from classes;
catalog | name
------------------------------------------+------------------------
d1cb1e1afdf7ec7b562cf64563d821925a9aabc2 | settings
d1cb1e1afdf7ec7b562cf64563d821925a9aabc2 | some-client.mydomain.com
d1cb1e1afdf7ec7b562cf64563d821925a9aabc2 | puppet_agent
(3 rows)
| |  | |
| Install and configure PuppetDB |  | Upgrading Postgres |