add LB support

Tim Meusel · Tim Meusel · commit 48822cf2c4ec · 2015-01-22T11:58:44.000+01:00
now it is possible to create an nginx setup with ssl. this is usefull if you run this node behind a loadbalancer that breaks up ssl. also you can specify multiple backup upstream server in nginx.
diff --git a/manifests/master.pp b/manifests/master.pp
@@ -34,6 +34,8 @@
 #  ['digest_algorithm']         - The algorithm to use for file digests.
 #  ['webserver']                - install 'nginx' (with unicorn) or 'httpd' (with passenger) - httpd is default
 #  ['listen_address']           - IP for binding the webserver, defaults to *
+#  ['disable_ssl']              - Disables SSL on the webserver. usefull if you use this master behind a loadbalancer. currently only supported by nginx, defaults to undef
+#  ['backup_upstream']          - specify another puppet master as fallback. currently only supported by nginx
 #
 # Requires:
 #
@@ -87,6 +89,8 @@
   $digest_algorithm           = $::puppet::params::digest_algorithm,
   $webserver                  = $::puppet::params::default_webserver,
   $listen_address             = $::puppet::params::listen_address,
+  $disable_ssl                = $::puppet::params::disable_ssl,
+  $backup_upstream            = $::puppet::params::backup_upstream,
 ) inherits puppet::params {
 
   anchor { 'puppet::master::begin': }
@@ -128,6 +132,8 @@
       class {'puppet::unicorn':
         listen_address    => $listen_address,
         puppet_proxy_port => $puppet_proxy_port,
+        disable_ssl       => $disable_ssl,
+        backup_upstream   => $backup_upstream,
       } ->
       Anchor['puppet::master::end']
     }
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -33,6 +33,8 @@
   $digest_algorithm                 = 'md5'
   $listen_address                   = '*'
   $default_webserver                = 'httpd'
+  $disable_ssl                      = undef
+  $backup_upstream                  = undef
 
   # Only used when environments == directory
   $environmentpath                  = '$confdir/environments'
diff --git a/manifests/unicorn.pp b/manifests/unicorn.pp
@@ -22,6 +22,8 @@
 class puppet::unicorn (
   $listen_address,
   $puppet_proxy_port,
+  $disable_ssl,
+  $backup_upstream,
 ){
   include nginx
   # install unicorn
diff --git a/templates/puppetmaster b/templates/puppetmaster
@@ -1,10 +1,14 @@
 # define the new unicorn backend
 upstream puppetmaster_unicorn {
-  server unix:/var/run/puppet/puppetmaster_unicorn.sock fail_timeout=0;
+  server unix:/var/run/puppet/puppetmaster_unicorn.sock fail_timeout=5;
+  <% backup_upstream.each do |server| -%>
+  server <%= server %> backup;
+  <% end %->
 }
 
 # define our proxy for breaking up SSL
 server {
+  <% unless @disable_ssl %>
   ssl on; 
   ssl_certificate /var/lib/puppet/ssl/certs/<%= @fqdn %>.pem;
   ssl_certificate_key /var/lib/puppet/ssl/private_keys/<%= @fqdn %>.pem;
@@ -20,6 +24,7 @@ server {
   proxy_set_header    X-Client-DN     $ssl_client_s_dn;
   proxy_set_header    X-SSL-Subject   $ssl_client_s_dn;
   proxy_set_header    X-SSL-Issuer    $ssl_client_i_dn;
+  <% end %>
   listen <%= @listen_address %>:<%= @puppet_proxy_port %> ssl;
   root /var/empty;
   location / { 
