Feature nginx

README.markdown

@@ -13,6 +13,7 @@ as this module requires the passenger apache module.
 
 Requires the following modules from puppetforge: [stdlib](https://forge.puppetlabs.com/puppetlabs/stdlib), [apache](https://forge.puppetlabs.com/puppetlabs/apache), [concat](https://forge.puppetlabs.com/puppetlabs/concat), [inifile](https://forge.puppetlabs.com/puppetlabs/inifile)
 
+
 ## Usage Note ##
 
 If you are using this module to install a puppetmaster and serving the manifest of 
@@ -52,6 +53,13 @@ Puppet 3.5 introduced a new way of handling Puppet environments known as _Direct
 
 Optionally, an `environmentpath` parameter can be supplied to configure the base root of Puppet environments, this defaults to `$confdir/environments`
 
+### Support for httpd and nginx ###
+
+    class { 'puppet::master':
+      webserver => 'nginx'
+    }
+
+The default installed webserver is httpd with passenger, but via the webserver param you can switch to nginx with unicorn (nginx is currently only tested on centos7, testers are welcome). Note that if you have selinux enabled, you must have [this](https://github.com/gavinrogers/puppet-selinux) selinux module installed.
 
 ## Agent ##
     class { 'puppet::agent':

manifests/agent.pp

@@ -31,6 +31,8 @@
 #   ['templatedir']           - Template dir, if unset it will remove the setting.
 #   ['configtimeout']         - How long the client should wait for the configuration to be retrieved before considering it a failure
 #   ['stringify_facts']       - Wether puppet transforms structured facts in strings or no. Defaults to true in puppet < 4, deprecated in puppet >=4 (and will default to false)
+#   ['serialization_format']  - defaults to undef, otherwise it sets the preferred_serialization_format param (currently only msgpack is supported)
+#   ['serialization_package'] - defaults to undef, if provided, we install this package, otherwise we fall back to the gem from 'serialization_format'
 #   ['cron_hour']             - What hour to run if puppet_run_style is cron
 #   ['cron_minute']           - What minute to run if puppet_run_style is cron
 #   ['serialization_format']  - defaults to undef, otherwise it sets the preferred_serialization_format param (currently only msgpack is supported)
@@ -444,6 +446,10 @@
             ensure    => 'latest',
             provider  => 'gem',
             require   => Package[$::puppet::params::ruby_dev, 'gcc'],
+          } ~>
+          exec{'cleanup_old_gems':
+            command     => '/usr/bin/gem cleanup msgpack',
+            refreshonly => true,
           }
         }
       }
@@ -454,3 +460,4 @@
     }
   }
 }
+

manifests/master.pp

@@ -22,7 +22,8 @@
 #  ['puppet_ssldir']            - Puppet sll directory
 #  ['puppet_docroot']           - Doc root to be configured in apache vhost
 #  ['puppet_vardir']            - Vardir used by puppet
-#  ['puppet_passenger_port']    - Port to configure passenger on default 8140
+#  ['puppet_proxy_port']        - Port to configure the proxy on - default 8140
+#  ['puppet_conf']              - Path to the puppet main/agent/master config
 #  ['puppet_master_package']    - Puppet master package
 #  ['puppet_master_service']    - Puppet master service
 #  ['version']                  - Version of the puppet master package to install
@@ -37,6 +38,15 @@
 #  ['always_cache_features']    - if false (default), always try to load a feature even if a previous load failed
 #  ['serialization_format']     - defaults to undef, otherwise it sets the preferred_serialization_format param (currently only msgpack is supported)
 #  ['serialization_package']    - defaults to undef, if provided, we install this package, otherwise we fall back to the gem from 'serialization_format'
+#  ['webserver']                - install 'nginx' (with unicorn) or 'httpd' (with passenger) - httpd is default
+#  ['listen_address']           - IP for binding the webserver, defaults to *
+#  ['disable_ssl']              - Disables SSL on the webserver. usefull if you use this master behind a loadbalancer. currently only supported by nginx, defaults to undef
+#  ['backup_upstream']          - specify another puppet master as fallback. currently only supported by nginx
+#  ['unicorn_package']          - package name of a unicorn rpm. if provided we install it, otherwise we built it via gem/gcc
+#  ['unicorn_path']             - custom path to the unicorn binary
+#  ['disable_master']           - this disables the normal master, the server will only act as a CA, currently only supported by nginx
+#  ['upstream']                 - define additional masters reachable via tcp as an array, currently only supported by nginx
+#  ['backend_process_number']   - number of processes to start on the backebd webserver (unicorn/passenger), currently only supported by unicorn
 #
 # Requires:
 #
@@ -77,7 +87,7 @@
   $puppet_ssldir                = $::puppet::params::puppet_ssldir,
   $puppet_docroot               = $::puppet::params::puppet_docroot,
   $puppet_vardir                = $::puppet::params::puppet_vardir,
-  $puppet_passenger_port        = $::puppet::params::puppet_passenger_port,
+  $puppet_proxy_port            = $::puppet::params::puppet_proxy_port,
   $puppet_passenger_tempdir     = false,
   $puppet_passenger_cfg_addon   = '',
   $puppet_master_package        = $::puppet::params::puppet_master_package,
@@ -100,6 +110,18 @@
   $passenger_stat_throttle_rate = 30,
   $serialization_format         = undef,
   $serialization_package        = undef,
+  $webserver                    = $::puppet::params::default_webserver,
+  $listen_address               = $::puppet::params::listen_address,
+  $disable_ssl                  = $::puppet::params::disable_ssl,
+  $backup_upstream              = $::puppet::params::backup_upstream,
+  $unicorn_path                 = $::puppet::params::unicorn_path,
+  $unicorn_package              = $::puppet::params::unicorn_package,
+  $unicorn_ensure               = $::puppet::params::unicorn_ensure,
+  $rack_ensure                  = $::puppet::params::rack_ensure,
+  $disable_master               = $::puppet::params::disable_master,
+  $upstream                     = $::puppet::params::upstream,
+  $backend_process_number       = $::puppet::params::backend_process_number,
+
 ) inherits puppet::params {
 
   anchor { 'puppet::master::begin': }
@@ -135,28 +157,51 @@
       ensure         => $version,
     }
   }
+  case $webserver {
+    nginx: {
+      Anchor['puppet::master::begin'] ->
+      class {'puppet::unicorn':
+        certname               => $certname,
+        puppet_conf            => $::puppet::params::puppet_conf,
+        puppet_ssldir          => $puppet_ssldir,
+        dns_alt_names          => $dns_alt_names,
+        listen_address         => $listen_address,
+        puppet_proxy_port      => $puppet_proxy_port,
+        disable_ssl            => $disable_ssl,
+        backup_upstream        => $backup_upstream,
+        unicorn_package        => $unicorn_package,
+        unicorn_ensure         => $unicorn_ensure,
+        unicorn_path           => $unicorn_path,
+        rack_ensure            => $rack_ensure,
+        disable_master         => $disable_master,
+        upstream               => $upstream,
+        backend_process_number => $backend_process_number,
+      } ->
+      Anchor['puppet::master::end']
+    }
+    default: {
+      Anchor['puppet::master::begin'] ->
+      class {'puppet::passenger':
+        puppet_proxy_port             => $puppet_proxy_port,
+        puppet_docroot                => $puppet_docroot,
+        apache_serveradmin            => $apache_serveradmin,
+        puppet_conf                   => $::puppet::params::puppet_conf,
+        puppet_ssldir                 => $puppet_ssldir,
+        certname                      => $certname,
+        conf_dir                      => $::puppet::params::confdir,
+        dns_alt_names                 => join($dns_alt_names,','),
+        generate_ssl_certs            => $generate_ssl_certs,
+        puppet_passenger_tempdir      => $puppet_passenger_tempdir,
+        config_addon                  => $puppet_passenger_cfg_addon,
+        passenger_max_pool_size       => $passenger_max_pool_size,
+        passenger_high_performance    => $passenger_high_performance,
+        passenger_max_requests        => $passenger_max_requests,
+        passenger_stat_throttle_rate  => $passenger_stat_throttle_rate,
 
-  Anchor['puppet::master::begin'] ->
-  class {'puppet::passenger':
-    puppet_passenger_port        => $puppet_passenger_port,
-    puppet_docroot               => $puppet_docroot,
-    apache_serveradmin           => $apache_serveradmin,
-    puppet_conf                  => $::puppet::params::puppet_conf,
-    puppet_ssldir                => $puppet_ssldir,
-    certname                     => $certname,
-    conf_dir                     => $::puppet::params::confdir,
-    dns_alt_names                => join($dns_alt_names,','),
-    generate_ssl_certs           => $generate_ssl_certs,
-    puppet_passenger_tempdir     => $puppet_passenger_tempdir,
-    config_addon                 => $puppet_passenger_cfg_addon,
-    passenger_max_pool_size      => $passenger_max_pool_size,
-    passenger_high_performance   => $passenger_high_performance,
-    passenger_max_requests       => $passenger_max_requests,
-    passenger_stat_throttle_rate => $passenger_stat_throttle_rate,
-
-  } ->
-  Anchor['puppet::master::end']
-
+      } ->
+      Anchor['puppet::master::end']
+    }
+  }
   service { $puppet_master_service:
     ensure  => stopped,
     enable  => false,
@@ -170,12 +215,12 @@
       require => File[$::puppet::params::confdir],
       owner   => $::puppet::params::puppet_user,
       group   => $::puppet::params::puppet_group,
-      notify  => Service['httpd'],
+      notify  => Service[$webserver],
     }
   }
   else {
     File<| title == $::puppet::params::puppet_conf |> {
-      notify  => Service['httpd'],
+      notify  => Service[$webserver],
     }
   }
 
@@ -186,12 +231,12 @@
       require => Package[$puppet_master_package],
       owner   => $::puppet::params::puppet_user,
       group   => $::puppet::params::puppet_group,
-      notify  => Service['httpd'],
+      notify  => Service[$webserver],
     }
   }
   else {
     File<| title == $::puppet::params::confdir |> {
-      notify  +> Service['httpd'],
+      notify  +> Service[$webserver],
       require +> Package[$puppet_master_package],
     }
   }
@@ -200,7 +245,7 @@
     ensure  => directory,
     owner   => $::puppet::params::puppet_user,
     group   => $::puppet::params::puppet_group,
-    notify  => Service['httpd'],
+    notify  => Service[$webserver],
     require => Package[$puppet_master_package]
   }
 
@@ -209,7 +254,7 @@
     class { 'puppet::storeconfigs':
       dbserver                   => $storeconfigs_dbserver,
       dbport                     => $storeconfigs_dbport,
-      puppet_service             => Service['httpd'],
+      puppet_service             => Service[$webserver],
       puppet_confdir             => $::puppet::params::confdir,
       puppet_conf                => $::puppet::params::puppet_conf,
       puppet_master_package      => $puppet_master_package,
@@ -223,7 +268,7 @@
   Ini_setting {
       path    => $::puppet::params::puppet_conf,
       require => File[$::puppet::params::puppet_conf],
-      notify  => Service['httpd'],
+      notify  => Service[$webserver],
       section => 'master',
   }
 
@@ -332,21 +377,6 @@
     setting => 'digest_algorithm',
     value   => $digest_algorithm,
   }
-
-  if $strict_variables != undef {
-    validate_bool(str2bool($strict_variables))
-    ini_setting {'puppetmasterstrictvariables':
-      ensure  => present,
-      setting => 'strict_variables',
-      value   => $strict_variables,
-    }
-  }
-  validate_bool(str2bool($always_cache_features))
-  ini_setting { 'puppetmasteralwayscachefeatures':
-    ensure  => present,
-    setting => 'always_cache_features',
-    value   => $always_cache_features,
-  }
   if $serialization_format != undef {
     if $serialization_package != undef {
       package { $serialization_package:
@@ -356,19 +386,23 @@
       if $serialization_format == 'msgpack' {
         unless defined(Package[$::puppet::params::ruby_dev]) {
           package {$::puppet::params::ruby_dev:
-            ensure  => 'latest',
+            ensure  => latest,
           }
         }
         unless defined(Package['gcc']) {
           package {'gcc':
-            ensure  => 'latest',
+            ensure  => latest,
           }
         }
         unless defined(Package['msgpack']) {
           package {'msgpack':
-            ensure   => 'latest',
-            provider => 'gem',
+            ensure   => latest,
+            provider => gem,
             require  => Package[$::puppet::params::ruby_dev, 'gcc'],
+          } ~>
+          exec{'cleanup_old_gems':
+            command     => '/usr/bin/gem cleanup msgpack',
+            refreshonly => true,
           }
         }
       }
@@ -378,5 +412,19 @@
       value   => $serialization_format,
     }
   }
+  if $strict_variables != undef {
+    validate_bool(str2bool($strict_variables))
+    ini_setting {'puppetmasterstrictvariables':
+      ensure  => present,
+      setting => 'strict_variables',
+      value   => $strict_variables,
+    }
+  }
+  validate_bool(str2bool($always_cache_features))
+  ini_setting { 'puppetmasteralwayscachefeatures':
+    ensure  => present,
+    setting => 'always_cache_features',
+    value   => $always_cache_features,
+  }
   anchor { 'puppet::master::end': }
 }

manifests/params.pp

@@ -23,7 +23,8 @@
   $manifest                         = '/etc/puppet/manifests/site.pp'
   $hiera_config                     = '/etc/puppet/hiera.yaml'
   $puppet_docroot                   = '/etc/puppet/rack/public/'
-  $puppet_passenger_port            = '8140'
+  $puppet_proxy_port                = '8140'
+  $puppet_passenger_tempdir         = '/var/run/rubygem-passenger'
   $puppet_server_port               = '8140'
   $puppet_agent_enabled             = true
   $apache_serveradmin               = 'root'
@@ -34,6 +35,17 @@
   $puppet_run_interval              = 30
   $classfile                        = '$statedir/classes.txt'
   $package_provider                 = undef # falls back to system default
+  $listen_address                   = '*'
+  $default_webserver                = 'httpd'
+  $disable_ssl                      = undef
+  $backup_upstream                  = []
+  $unicorn_package                  = undef
+  $unicorn_path                     = '/usr/local/bin/unicorn'
+  $disable_master                   = false
+  $upstream                         = []
+  $backend_process_number           = $::processorcount
+  $unicorn_ensure                   = latest
+  $rack_ensure                      = latest
 
   # Only used when environments == directory
   $environmentpath                  = "${confdir}/environments"
@@ -90,6 +102,17 @@
       $puppet_vardir                = '/var/lib/puppet'
       $puppet_ssldir                = '/etc/puppet/ssl'
     }
+    'Archlinux': {
+      $puppet_master_package        = 'puppet'
+      $puppet_agent_service         = 'puppet.service'
+      $puppet_agent_package         = 'puppet'
+      $puppet_conf                  = '/etc/puppet/puppet.conf'
+      $puppet_vardir                = '/var/lib/puppet'
+      $puppet_ssldir                = '/var/lib/puppet/ssl'
+      $passenger_package            = 'passenger'
+      $rack_package                 = 'ruby-rack'
+      $ruby_dev                     = 'ruby'
+    }
     default: {
       err('The Puppet module does not support your os')
     }