From 3580b0ee72b210365de78a024c3bf280839cb420 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Thu, 16 Jun 2016 14:50:55 -0300 Subject: Removes puppetmaster support --- manifests/puppetmaster.pp | 59 ------------------------------------- templates/puppetmaster.conf.erb | 18 ------------ templates/puppetmaster.erb | 65 ----------------------------------------- 3 files changed, 142 deletions(-) delete mode 100644 manifests/puppetmaster.pp delete mode 100644 templates/puppetmaster.conf.erb delete mode 100644 templates/puppetmaster.erb diff --git a/manifests/puppetmaster.pp b/manifests/puppetmaster.pp deleted file mode 100644 index a04007b..0000000 --- a/manifests/puppetmaster.pp +++ /dev/null @@ -1,59 +0,0 @@ -class nginx::puppetmaster inherits nginx::base { - - $worker_processes = hiera('puppet::master::worker_processes', 4) - $puppetmaster_certname = hiera('puppet::master::certname', "puppet.${::domain}") - - $worker_connections = 1024 - $ssl_port = 8140 - $non_ssl_port = 8141 - $puppetmaster_servers = [ "127.0.0.1:18140", - "127.0.0.1:18141", - "127.0.0.1:18142", - "127.0.0.1:18143" ] - - file { "/etc/nginx/conf.d/puppetmaster.conf": - content => template("nginx/puppetmaster.conf.erb"), - owner => "root", - group => "root", - mode => 0644, - ensure => present, - notify => Service["nginx"], - } - - nginx::base::site { "puppetmaster": - ensure => present, - source => 'template', - require => File['/etc/nginx/conf.d/puppetmaster.conf'], - } - - # We don't want nginx to listen at port 80 - nginx::base::site { "default": - source => 'none', - ensure => absent, - } - - File["/etc/nginx/nginx.conf"] { - content => template("nginx/nginx.conf.puppetmaster.erb"), - } -} - -class nginx::puppetmaster::disabled inherits nginx::puppetmaster { - File["/etc/nginx/nginx.conf", "/etc/nginx/conf.d/puppetmaster.conf", - "/etc/nginx", "/etc/nginx/sites-available", "/etc/nginx/sites-enabled"] { - ensure => absent, - force => true, - } - - Service['nginx'] { - enable => false, - ensure => stopped, - } - - Nginx::Base::Site['puppetmaster'] { - ensure => absent, - } - - Package['nginx'] { - ensure => absent, - } -} diff --git a/templates/puppetmaster.conf.erb b/templates/puppetmaster.conf.erb deleted file mode 100644 index f8590c2..0000000 --- a/templates/puppetmaster.conf.erb +++ /dev/null @@ -1,18 +0,0 @@ -# This configuration file was auto-generated by the Puppet configuration -# management system. Any changes you make to this file will be overwritten -# the next time Puppet runs. Please make configuration changes to this -# service in Puppet. - -ssl on; -ssl_certificate /var/lib/puppetmaster/ssl/certs/<%= puppetmaster_certname %>.pem; -ssl_certificate_key /var/lib/puppetmaster/ssl/private_keys/<%= puppetmaster_certname %>.pem; -ssl_client_certificate /var/lib/puppetmaster/ssl/certs/ca.pem; -ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA; -ssl_session_cache shared:SSL:8m; -ssl_session_timeout 5m; - -upstream puppet-production { - <% puppetmaster_servers.each do |upstream| -%> - server <%= upstream %>; - <% end -%> -} diff --git a/templates/puppetmaster.erb b/templates/puppetmaster.erb deleted file mode 100644 index b678163..0000000 --- a/templates/puppetmaster.erb +++ /dev/null @@ -1,65 +0,0 @@ -# This configuration file was auto-generated by the Puppet configuration -# management system. Any changes you make to this file will be overwritten -# the next time Puppet runs. Please make configuration changes to this -# service in Puppet. - -server { - listen <%= scope.lookupvar('nginx::puppetmaster::ssl_port') %>; - ssl_verify_client on; - root /var/empty; - access_log /var/log/nginx/access-<%= scope.lookupvar('nginx::puppetmaster::ssl_port') %>.log; - rewrite_log on; - large_client_header_buffers 16 4k; - - # Variables - # $ssl_cipher returns the line of those utilized it is cipher for established SSL-connection - # $ssl_client_serial returns the series number of client certificate for established SSL-connection - # $ssl_client_s_dn returns line subject DN of client certificate for established SSL-connection - # $ssl_client_i_dn returns line issuer DN of client certificate for established SSL-connection - # $ssl_protocol returns the protocol of established SSL-connection - - location / { - proxy_pass http://puppet-production; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Client-Verify SUCCESS; - proxy_set_header X-SSL-Subject $ssl_client_s_dn; - proxy_set_header X-SSL-Issuer $ssl_client_i_dn; - proxy_connect_timeout 90; - proxy_send_timeout 180; - proxy_read_timeout 180; - proxy_buffer_size 16k; - proxy_busy_buffers_size 32k; - proxy_intercept_errors on; - proxy_buffers 128 4k; - } -} - -server { - listen <%= scope.lookupvar('nginx::puppetmaster::non_ssl_port') %>; - ssl_verify_client off; - root /var/empty; - access_log /var/log/nginx/access-<%= scope.lookupvar('nginx::puppetmaster::non_ssl_port') %>.log; - rewrite_log on; - large_client_header_buffers 16 4k; - - location / { - proxy_pass http://puppet-production; - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Client-Verify FAILURE; - proxy_set_header X-SSL-Subject $ssl_client_s_dn; - proxy_set_header X-SSL-Issuer $ssl_client_i_dn; - proxy_connect_timeout 90; - proxy_send_timeout 180; - proxy_read_timeout 180; - proxy_buffer_size 16k; - proxy_busy_buffers_size 32k; - proxy_intercept_errors on; - proxy_buffers 128 4k; - } -} -- cgit v1.2.3