Sources
http://projects.puppetlabs.com/projects/1/wiki/Using_Passenger https://github.com/puppetlabs/puppet/blob/master/ext/rack/README
Install Packages and Dependencies
I had to download some rpms not present in our repository. I downloaded them and put them in my home directory.
cd /home/peridot
sudo rpm --replacepkgs -i gcc-c+-4.1.2-50.el5.x86_64.rpm libstdc+-devel-4.1.2-50.el5.x86_64.rpm ruby-devel-1.8.5-19.el5_6.1.x86_64.rpm mod_ssl-2.2.3-45.el5_6.2.x86_64.rpm httpd-devel-2.2.3-45.el5_6.2.x86_64.rpm httpd-2.2.3-45.el5_6.2.x86_64.rpm apr-1.2.7-11.el5_6.5.x86_64.rpm apr-devel-1.2.7-11.el5_6.5.x86_64.rpm apr-util-devel-1.2.7-11.el5_5.2.x86_64.rpm pkgconfig-0.21-2.el5.x86_64.rpm gcc-4.1.2-50.el5.x86_64.rpm db4-devel-4.3.29-10.el5_5.2.x86_64.rpm expat-devel-1.95.8-8.3.el5_5.3.x86_64.rpm openldap-devel-2.3.43-12.el5_6.7.x86_64.rpm glibc-devel-2.5-58.el5_6.4.x86_64.rpm cyrus-sasl-devel-2.1.22-5.el5_4.3.x86_64.rpm
Install Ruby Gems
The newest version of passenger fails with curl ssl dependency messages. Docs say that later versions of rack don't work, so we specify these versions, and then run the passenger module installer for apache:
sudo gem install -v 1.1.0 rack
sudo gem install -v 2.2.15 passenger
sudo passenger-install-apache2-module
Copy and Edit Files
Add to /etc/httpd/conf/httpd.conf the 3 lines it says in passenger-install-apache2-module
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-2.2.15/ext/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-2.2.15
PassengerRuby /usr/bin/ruby
/etc/puppet/puppet.conf add:
[master]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
cd /usr/share/puppet/ext/rack/files
sudo cp apache2.conf /etc/httpd/conf.d/puppetmaster.conf
edit /etc/httpd/conf.d/puppetmaster.conf:
PassengerHighPerformance on
PassengerUseGlobalQueue on
PassengerMaxPoolSize 60
PassengerPoolIdleTime 300
PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RackAutoDetect Off
RailsAutoDetect Off
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile /etc/puppet/ssl/certs/puppet.marketo.org.pem
SSLCertificateKeyFile /etc/puppet/ssl/private_keys/puppet.marketo.org.pem
SSLCertificateChainFile /etc/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile /etc/puppet/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can try disabling
# CRL checking by commenting the next line, but this is not recommended.
SSLCARevocationFile /etc/puppet/ssl/ca/ca_crl.pem
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
DocumentRoot /usr/share/puppet/rack/puppetmasterd/
RackBaseURI /
<Directory /usr/share/puppet/rack/puppetmasterd/>
Options None
AllowOverride None
Order allow,deny allow from all
</Directory>
</VirtualHost>
mkdir -p /usr/share/puppet/rack/puppetmasterd/public
mkdir -p /usr/share/puppet/rack/puppetmasterd/tmp
cp /usr/share/puppet/ext/rack/files/config.ru /usr/share/puppet/rack/puppetmasterd
chown puppet /usr/share/puppet/rack/puppetmasterd/config.ru (setuid done against owner of this file)
Setup Services
/etc/init.d/puppetmaster stop
/etc/init.d/httpd start
chkconfig puppetmaster off
chkconfig httpd on
test from client: puppet agent --test --noop
Passenger Information
sudo passenger-status
---------- General information ----------
max = 60
count = 5
active = 0
inactive = 5
Waiting on global queue: 0
---------- Domains ----------
/usr/share/puppet/rack:
PID: 7227 Sessions: 0 Processed: 28 Uptime: 4m 57s
PID: 7243 Sessions: 0 Processed: 17 Uptime: 4m 55s
PID: 7140 Sessions: 0 Processed: 41 Uptime: 5m 39s
PID: 7211 Sessions: 0 Processed: 28 Uptime: 5m 0s
PID: 7193 Sessions: 0 Processed: 26 Uptime: 5m 25s
Pastie << self Blog
