Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge branch 'upstream'

  • Loading branch information...
commit bc24740dae2a6081e6a010bfbf4dfe34c5e93aae 2 parents 1cb2858 + 793d3a8
@anl authored
Showing with 60 additions and 2 deletions.
  1. +47 −0 files/puppetmaster
  2. +13 −2 manifests/init.pp
View
47 files/puppetmaster
@@ -0,0 +1,47 @@
+
+# you probably want to tune these settings
+PassengerHighPerformance on
+PassengerMaxPoolSize 12
+PassengerPoolIdleTime 1500
+# PassengerMaxRequests 1000
+PassengerStatThrottleRate 120
+RackAutoDetect Off
+RailsAutoDetect Off
+
+Listen 8140
+
+<VirtualHost *:8140>
+ SSLEngine on
+ SSLProtocol -ALL +SSLv3 +TLSv1
+ SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
+
+ SSLCertificateFile /var/lib/puppet/ssl/certs/puppet02.sbri.org.pem
+ SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet02.sbri.org.pem
+ SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
+ SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem
+ # If Apache complains about invalid signatures on the CRL, you can try disabling
+ # CRL checking by commenting the next line, but this is not recommended.
+ SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
+ SSLVerifyClient optional
+ SSLVerifyDepth 1
+ # The `ExportCertData` option is needed for agent certificate expiration warnings
+ #SSLOptions +StdEnvVars +ExportCertData
+ SSLOptions +StdEnvVars
+
+ # This header needs to be set if using a loadbalancer or proxy
+ RequestHeader unset X-Forwarded-For
+
+ RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
+ RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
+ RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
+
+ DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
+ RackBaseURI /
+ <Directory /usr/share/puppet/rack/puppetmasterd/>
+ Options None
+ AllowOverride None
+ Order allow,deny
+ allow from all
+ </Directory>
+</VirtualHost>
+
View
15 manifests/init.pp
@@ -9,6 +9,7 @@
#
# == Actions:
# - Install puppetmaster/mod_passenger packages
+# - Fix puppetmaster/passenger configuration
# - Configure puppet.conf
# - Set reports directory permissions
# - Configure hiera
@@ -35,6 +36,17 @@
ensure => present,
}
+ # Fix puppetmaster/passenger configuration in 3.0.0 - see bug at
+ # <http://projects.puppetlabs.com/issues/16769>:
+ file { '/etc/apache2/sites-available/puppetmaster':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ source => 'puppet:///modules/puppetmaster/puppetmaster',
+ require => Package['puppetmaster-passenger'],
+ }
+
if ($master_name == '') {
fail('Puppetmaster name must be set; is fqdn fact not populated?')
} else {
@@ -55,7 +67,7 @@
owner => 'puppet',
require => Package['puppetmaster-passenger'],
}
-
+
# Configure hiera:
file { '/etc/hiera.yaml':
@@ -74,5 +86,4 @@
group => 'root',
mode => '0755',
}
-
}
Please sign in to comment.
Something went wrong with that request. Please try again.