[Pkg-puppet-devel] Initializating puppet master ssl files
Mathias Gug
mathiaz at ubuntu.com
Tue Aug 3 02:41:14 UTC 2010
Hi,
I've got a working prototype of a puppetmaster-passenger package that
will install passenger and configure puppetmaster to be run by
passenger.
One of the issue I've run is in setting up the ssl files to work with
mod_ssl - which needs to happen before apache2 is started. The [upstream
documentation][1] suggest that puppetmasterd should be run once before
apache2 is started.
[1]: http://projects.puppetlabs.com/projects/1/wiki/Using_Passenger
That leads to the following *ugly* code in
puppetmaster-passenger.postinst:
# Setup passenger configuration
if [ "$2" = "" ]; then
# Start the puppetmaster once to generate the certificates
puppetmasterd
sleep 1
[ -e "/var/run/puppet/master.pid" ] && kill $(cat /var/run/puppet/master.pid)
# Setup apache2 configuration files
APACHE2_SITE_FILE="/etc/apache2/sites-available/puppetmaster"
if [ ! -e "${APACHE2_SITE_FILE}" ]; then
cp /usr/share/puppetmaster-passenger/apache2.site.conf.tmpl "${APACHE2_SITE_FILE}"
# Fix path to SSL certs and private key
HOSTNAME="$(hostname -f)"
[ "${HOSTNAME}" != "" ] && sed -i "s/@@FQDN@@/${HOSTNAME}/g" "${APACHE2_SITE_FILE}"
fi
a2enmod ssl
a2ensite puppetmaster
if [ -x "/etc/init.d/apache2" ]; then
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
invoke-rc.d apache2 force-reload || exit $?
else
/etc/init.d/apache2 force-reload || exit $?
fi
fi
fi
I've filed a feature request [2] to provide an init command to decouple
generating the ssl configuration files from running the daemon. Do you
have any other suggestions?
[2]: http://projects.reductivelabs.com/issues/4440
Thanks,
--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com
More information about the Pkg-puppet-devel
mailing list