I migrated my puppet master setup to run under thin with files being served from nginx.
Module files are served great, but plugin files don't appear to work. The logs think that the agents are requesting urls like /production/file_content/plugins/puppet/provider/exec/powershell.rb and nginx is therefore throwing a 404 because no such path like that exists. This works fine on WEBrick.
In theory, this should be a simple case of writing a rewrite rule similar to the modules rule below. However, a lot of these providers are within modules, so this particular provider is in /etc/puppet/modules/powershell/lib/puppet/provider/exec/powershell.rb.
How do I map from the request URL to the actual plugin, when they could be scattered around various module directories?
My nginx config looks like this:
upstream puppetmaster-thin {
server unix:/var/run/puppet/puppetmasterd.0.sock;
server unix:/var/run/puppet/puppetmasterd.1.sock;
server unix:/var/run/puppet/puppetmasterd.2.sock;
}
server {
listen 8140;
root /etc/puppet/rack;
ssl on;
ssl_session_timeout 5m;
ssl_certificate /var/lib/puppet/ssl/certs/gcspuppet01.pem;
ssl_certificate_key /var/lib/puppet/ssl/private_keys/gcspuppet01.pem;
ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem;
ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem;
ssl_verify_client optional;
ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA;
proxy_read_timeout 120;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify $ssl_client_verify;
proxy_set_header X-Client_DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
location /production/file_content/ {
location /production/file_content/extra_files/ {
alias /etc/puppet/files/;
}
rewrite ^/production/file_content/modules/([^/]+)/(.*) /$1/files/$2;
break;
root /etc/puppet/modules/;
}
location / {
proxy_pass http://puppetmaster-thin;
}
}
