[Pkg-puppet-devel] Initializating puppet master ssl files

Mathias Gug mathiaz at ubuntu.com
Tue Aug 3 02:41:14 UTC 2010


Hi,

I've got a working prototype of a puppetmaster-passenger package that
will install passenger and configure puppetmaster to be run by
passenger.

One of the issue I've run is in setting up the ssl files to work with
mod_ssl - which needs to happen before apache2 is started. The [upstream
documentation][1] suggest that puppetmasterd should be run once before
apache2 is started.

[1]: http://projects.puppetlabs.com/projects/1/wiki/Using_Passenger

That leads to the following *ugly* code in
puppetmaster-passenger.postinst:

    # Setup passenger configuration
    if [ "$2" = "" ]; then
        # Start the puppetmaster once to generate the certificates
        puppetmasterd
        sleep 1
        [ -e "/var/run/puppet/master.pid" ] && kill $(cat /var/run/puppet/master.pid)
        # Setup apache2 configuration files
        APACHE2_SITE_FILE="/etc/apache2/sites-available/puppetmaster" 
        if  [ ! -e "${APACHE2_SITE_FILE}" ]; then
            cp /usr/share/puppetmaster-passenger/apache2.site.conf.tmpl "${APACHE2_SITE_FILE}"
            # Fix path to SSL certs and private key
            HOSTNAME="$(hostname -f)"
            [ "${HOSTNAME}" != "" ] && sed -i  "s/@@FQDN@@/${HOSTNAME}/g" "${APACHE2_SITE_FILE}"
        fi
        a2enmod ssl
        a2ensite puppetmaster
        if [ -x "/etc/init.d/apache2" ]; then
            if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
                invoke-rc.d apache2 force-reload || exit $?
            else
                /etc/init.d/apache2 force-reload || exit $?
            fi
        fi
    fi


I've filed a feature request [2] to provide an init command to decouple
generating the ssl configuration files from running the daemon. Do you
have any other suggestions?

[2]: http://projects.reductivelabs.com/issues/4440


Thanks,

-- 
Mathias Gug
Ubuntu Developer  http://www.ubuntu.com



More information about the Pkg-puppet-devel mailing list