Using Phusion Passenger with Nginx_Puppet：Mastering Infrastructure Automation-QQ阅读男生中文历史网

上QQ阅读APP看书，第一时间看更新

Using Phusion Passenger with Nginx

Some operators don't like running important services in the Java Virtual Machine, for various reasons, such as its memory requirements. As of Puppet 4, alternatives to puppetserver are still available, so the requirement can be avoided.

The best way to run the master without the JVM is a web server with a support for Passenger. In this context, the Puppet master runs as a Rack application. The most common setup comprises the Apache web server and mod_passenger. Setting this up is quite straightforward and documentation is plentiful. We will therefore, concentrate on an attractive alternative.

Unfortunately, the Puppet 4 package cannot be made to work with Passenger easily. The best way to achieve this was a manual Puppet installation from the source, at the time of writing this. With Puppet 3.x, Passenger was the default for a long time, and making it work with Nginx is quite simple with the following instructions.

Note

Please note that in Puppet 4, the Rack support is already deprecated. It will likely be removed in a future release. The same holds true for the standalone master that is available through the puppet master subcommand (this mode is not covered in this book).

Nginx is a lean and fast web server that is ever increasing in popularity. It can run your Puppet master through Passenger just like Apache, so you don't need to install and run the latter. Unfortunately, the stock version of Nginx cannot run Passenger through a module. The Phusion project supplies packages for the more popular Linux distributions. The following instructions are applicable to Debian:

Follow the instructions at https://www.phusionpassenger.com/documentation/Users%20guide%20Nginx.html#install_on_debian_ubuntu in order to install the appropriate Nginx packages.

In the /etc/nginx/nginx.conf file, uncomment or insert the passenger specific statements:

passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
passenger_ruby /usr/bin/ruby;

Prepare the Rails root:

root@puppetmaster# mkdir -p /etc/puppet/rack/{tmp,public}
root@puppetmaster# install -o puppet -g puppet /usr/share/puppet/rack/config.ru /etc/puppet/rack

Create a vhost for Puppet at /etc/nginx/sites-available/puppetmaster. Older versions of Passenger use passenger_set_cgi_param instead of passenger_env_var:

server {
        listen 8140;
        server_name master.example.net;
        root /etc/puppet/rack/public;

        ssl on;
        ssl_certificate
          /var/lib/puppet/ssl/certs/master.example.net.pem;
        ssl_certificate_key
          /var/lib/puppet/ssl/private_keys/master.example.net.pem;
        ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
        ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem;
        ssl_verify_client optional;
        ssl_verify_depth 1;

        passenger_enabled on;
        passenger_env_var HTTPS on;
        passenger_env_var SSL_CLIENT_S_DN $ssl_client_s_dn;
        passenger_env_var SSL_CLIENT_VERIFY $ssl_client_verify;
}

Enable the vhost and restart Nginx:

root@puppetmaster# ln -s ../sites-available/puppetmaster /etc/nginx/sites-enabled/puppetmaster
root@puppetmaster# /etc/init.d/nginx restart

Nginx is now running the Puppet master service for you through Passenger.The mentioned configuration is bare boned, and you might wish to extend it for tuning and features.

Comparing Passenger with puppetserver

Both Passenger and puppetserver have their share of complexity. These are much less visible to the user in the case of puppetserver, however. All that's needed is the software package and a Java runtime. The internals are well hidden.

The following diagram highlights the differences:

With puppetserver, both the web service and the Ruby runtimes share a single JVM. This allows a better overall performance, and is easier to set up. All new setups should therefore, prefer puppetserver over Passenger.