[Pkg-puppet-devel] [SCM] Puppet packaging for Debian branch, master, updated. debian/0.25.4-2-27-gc0b7a07

Sun Apr 25 22:48:36 UTC 2010

The following commit has been merged in the master branch:
commit c0b7a0702deb908c92ce39de82ddf120efb855d0
Author: Micah Anderson <micah at riseup.net>
Date:   Sun Apr 25 18:48:23 2010 -0400

    add a patch to modify the ext/rack/files/apache2.conf example passenger configuration to have the values needed for debian, plus some standard configuration tunings

diff --git a/.pc/.quilt_patches b/.pc/.quilt_patches
new file mode 100644
index 0000000..6857a8d
--- /dev/null
+++ b/.pc/.quilt_patches
@@ -0,0 +1 @@
+debian/patches
diff --git a/.pc/.quilt_series b/.pc/.quilt_series
new file mode 100644
index 0000000..c206706
--- /dev/null
+++ b/.pc/.quilt_series
@@ -0,0 +1 @@
+series
diff --git a/.pc/.version b/.pc/.version
new file mode 100644
index 0000000..0cfbf08
--- /dev/null
+++ b/.pc/.version
@@ -0,0 +1 @@
+2
diff --git a/debian/changelog b/debian/changelog
index 3a02c6a..a761753 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
 puppet (0.25.4-6) unstable; urgency=low
 
+  * add patch to ext/rack/files/apache2.conf for debian-specific settings
   * debian/control: add version depends on librack-ruby
   * additional start-stop-daemon fix for puppet.init and puppetqd.init
   * debian/rules: actually install config.ru owned by the puppet user,
diff --git a/debian/patches/debianize_apache2.conf b/debian/patches/debianize_apache2.conf
new file mode 100644
index 0000000..e46a210
--- /dev/null
+++ b/debian/patches/debianize_apache2.conf
@@ -0,0 +1,70 @@
+Index: puppet/ext/rack/files/apache2.conf
+===================================================================
+--- puppet.orig/ext/rack/files/apache2.conf	2010-04-25 18:39:21.000000000 -0400
++++ puppet/ext/rack/files/apache2.conf	2010-04-25 18:40:11.000000000 -0400
+@@ -1,11 +1,32 @@
++# performance settings, from http://reductivelabs.com/trac/puppet/wiki/UsingPassenger
+ 
+-# you probably want to tune these settings
++# Set to 5 min (300 seconds) or less. The shorting this option allows for
++# puppetmasterd to get refreshed at some interval. This option is also
++# somewhat dependent upon the amount of puppetd nodes connecting and at what
++# interval.
++PassengerPoolIdleTime 300
++
++# to 15% more instances than what's needed. This will allow idle
++# puppetmasterd to get recycled. The net effect is less memory will be used,
++# not more.
++PassengerMaxPoolSize 15
++
++# Since communication with the puppetmaster from puppetd is a long process
++# (more than 20 seconds in most cases) and will allow for processes to get
++# recycled better
++PassengerUseGlobalQueue on
++
++# The additional Passenger features for apache compatibility are not needed
++# with Puppet.
+ PassengerHighPerformance on
+-PassengerMaxPoolSize 12
+-PassengerPoolIdleTime 1500
+-# PassengerMaxRequests 1000
+-PassengerStatThrottleRate 120
++
++# Whether Passenger should automatically detect whether a virtual host’s
++# document root is a Rack application. The default is on. Because
++# RackBaseURI is set, this does not need to be on
+ RackAutoDetect Off
++
++# Whether Phusion Passenger should automatically detect whether a virtual
++# host’s document root is a Ruby on Rails application. The default is on.
+ RailsAutoDetect Off
+ 
+ Listen 8140
+@@ -15,20 +36,20 @@
+         SSLProtocol -ALL +SSLv3 +TLSv1
+         SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
+ 
+-        SSLCertificateFile      /etc/puppet/ssl/certs/squigley.namespace.at.pem
+-        SSLCertificateKeyFile   /etc/puppet/ssl/private_keys/squigley.namespace.at.pem
+-        SSLCertificateChainFile /etc/puppet/ssl/ca/ca_crt.pem
+-        SSLCACertificateFile    /etc/puppet/ssl/ca/ca_crt.pem
++	SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppetmaster.example.com.pem
++    	SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster.example.com.pem
++    	SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
++        SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
+         # If Apache complains about invalid signatures on the CRL, you can try disabling
+         # CRL checking by commenting the next line, but this is not recommended.
+-        SSLCARevocationFile     /etc/puppet/ssl/ca/ca_crl.pem
++        SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
+         SSLVerifyClient optional
+         SSLVerifyDepth  1
+         SSLOptions +StdEnvVars
+ 
+-        DocumentRoot /etc/puppet/rack/public/
++        DocumentRoot /usr/share/puppet/rack/puppetmasterd/public
+         RackBaseURI /
+-        <Directory /etc/puppet/rack/>
++        <Directory /usr/share/puppet/rack/puppetmasterd/>
+                 Options None
+                 AllowOverride None
+                 Order allow,deny
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..a0e7e5e
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+debianize_apache2.conf
diff --git a/debian/puppetmaster.README.debian b/debian/puppetmaster.README.debian
index 8114730..078111c 100644
--- a/debian/puppetmaster.README.debian
+++ b/debian/puppetmaster.README.debian
@@ -12,7 +12,15 @@ If you would like to run Passenger (aka. mod_rails) with apache or
 mongrel, then you will need to make sure you have
 libapache2-mod-passenger and librack-ruby installed and you should
 have a look at the /usr/share/doc/puppetmaster/examples/apache2.conf
-for some reasonable settings to get you started.
+for some reasonable settings to get you started (be sure to change
+the domain name in the SSL configuration to be yours).
+
+Additionally, your puppet.conf on your puppetmaster will need the
+following settings:
+
+[puppetmasterd]]
+ssl_client_header = SSL_CLIENT_S_DN
+ssl_client_verify_header = SSL_CLIENT_VERIFY
 
 For more information:
 http://projects.reductivelabs.com/projects/puppet/wiki/Using_Passenger

-- 
Puppet packaging for Debian

