Skip to content

Instantly share code, notes, and snippets.

@kornypoet

kornypoet/install.sh

Created May 16, 2014 20:35
Show Gist options
  • Save kornypoet/2b88e3a251f34d9141c7 to your computer and use it in GitHub Desktop.
Save kornypoet/2b88e3a251f34d9141c7 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
install.sh
#!/bin/sh
# Echo all commands to stdout
set -x
# Fail on non-zero exit status
set -e
# Install puppet and passenger
gem install puppet passenger --no-ri --no-rdoc
# Install web package dependencies
yum install -y pcre-devel libcurl-devel
src_dir=/usr/local/src
puppet_dir=`dirname "$(sudo gem which puppet)"`/..
rack_dir=/etc/puppet/rack
# Build passenger nginx extension
cd `passenger-config --root`
rake nginx
cd
# Download and unpack nginx source
wget http://nginx.org/download/nginx-1.6.0.tar.gz -P $src_dir
tar -xvzf /usr/local/src/nginx-1.6.0.tar.gz -C $src_dir
cd $src_dir/nginx-1.6.0
# Configure and install nginx
./configure \
--prefix=/opt/nginx \
--conf-path=/etc/nginx/nginx.conf \
--pid-path=/var/run/nginx.pid \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--with-http_ssl_module \
--with-http_gzip_static_module \
--add-module=`passenger-config --root`/ext/nginx
make
make install
adduser nginx
cd
# Setup nginx init
cat <<EOF > /etc/init.d/nginx
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /etc/nginx/nginx.conf
# config: /etc/sysconfig/nginx
# pidfile: /var/run/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "\$NETWORKING" = "no" ] && exit 0
NGINX="/opt/nginx/sbin/nginx"
prog=\$(basename \$NGINX)
NGINX_CONF_FILE="/etc/nginx/nginx.conf"
LOCKFILE="/var/lock/subsys/nginx"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
start() {
[ -x \$NGINX ] || exit 5
[ -f \$NGINX_CONF_FILE ] || exit 6
echo -n \$"Starting \$prog: "
daemon \$NGINX -c \$NGINX_CONF_FILE
retval=\$?
echo
[ \$retval -eq 0 ] && touch \$LOCKFILE
return \$retval
}
stop() {
echo -n \$"Stopping \$prog: "
killproc \$prog -QUIT
retval=\$?
echo
[ \$retval -eq 0 ] && rm -f \$LOCKFILE
return \$retval
}
restart() {
configtest || return \$?
stop
sleep 1
start
}
reload() {
configtest || return \$?
echo -n \$"Reloading \$prog: "
killproc \$NGINX -HUP
RETVAL=\$?
echo
}
force_reload() {
restart
}
configtest() {
\$NGINX -t -c \$NGINX_CONF_FILE
}
rh_status() {
status \$prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "\$1" in
start)
rh_status_q && exit 0
\$1
;;
stop)
rh_status_q || exit 0
\$1
;;
restart|configtest)
\$1
;;
reload)
rh_status_q || exit 7
\$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo \$"Usage: \$0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
EOF
chmod +x /etc/init.d/nginx
# Setup puppet server init
cp $puppet_dir/ext/redhat/server.init /etc/init.d/puppet_server
chmod +x /etc/init.d/puppet_server
# Setup puppet user
puppet resource group puppet ensure=present
puppet resource user puppet ensure=present gid=puppet shell='/sbin/nologin'
# Setup conf dir
mkdir -p /etc/puppet
cp $puppet_dir/conf/auth.conf /etc/puppet
cat <<EOF > /etc/puppet/puppet.conf
[main]
dns_alt_names = puppet.infochimps.com
[master]
certname = puppet.infochimps.com
[agent]
server = puppet.infochimps.com
EOF
# Create SSL cert
puppet master --verbose --no-daemonize &
puppet_pid=$!
sleep 10
kill $puppet_pid
# Setup the rack environment
mkdir -p $rack_dir
mkdir -p $rack_dir/tmp
mkdir -p $rack_dir/public
cp $puppet_dir/ext/rack/config.ru $rack_dir
chown -R puppet:puppet $rack_dir
# Setup nginx
cat <<EOF > /etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
'\$status \$body_bytes_sent "\$http_referer" '
'"\$http_user_agent" "\$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
# Passenger needed for puppet
passenger_root `passenger-config --root`;
passenger_ruby `which ruby`;
passenger_max_pool_size 15;
include /etc/nginx/conf.d/*.conf;
}
EOF
mkdir -p /etc/nginx/conf.d
cat <<EOF > /etc/nginx/conf.d/puppet.conf
server {
listen 8140 ssl;
server_name puppet puppet.example.com;
passenger_enabled on;
passenger_set_cgi_param HTTP_X_CLIENT_DN \$ssl_client_s_dn;
passenger_set_cgi_param HTTP_X_CLIENT_VERIFY \$ssl_client_verify;
access_log /var/log/nginx/puppet_access.log;
error_log /var/log/nginx/puppet_error.log;
root /etc/puppet/rack/public;
ssl_certificate /etc/puppet/ssl/certs/puppet.infochimps.com.pem;
ssl_certificate_key /etc/puppet/ssl/private_keys/puppet.infochimps.com.pem;
ssl_crl /etc/puppet/ssl/ca/ca_crl.pem;
ssl_client_certificate /etc/puppet/ssl/certs/ca.pem;
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
ssl_prefer_server_ciphers on;
ssl_verify_client optional;
ssl_verify_depth 1;
ssl_session_cache shared:SSL:128m;
ssl_session_timeout 5m;
}
EOF
# Establish services
chkconfig puppet_server off
chkconfig nginx on
service nginx configtest
service nginx start
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment