[Pkg-puppet-devel] [SCM] Puppet packaging for Debian branch, master, updated. debian/2.6.0-2-119-g611c2bb

Mathias Gug mathias.gug at canonical.com
Fri Aug 20 15:45:20 UTC 2010

The following commit has been merged in the master branch:
commit 0d2bc3125b48ed5a918ea87150a528df05c56f18
Author: Mathias Gug <mathias.gug at canonical.com>
Date:   Thu Aug 19 19:04:05 2010 -0400

    Update apache2 site example for passenger
    Update apache2 site example configuration to be able to automatically
    setup apache2 from the puppetmaster-passenger postinst script.
    All options that can be defined in a virtual host have been moved to the
    virtual host section in order to confine them to the passenger virtual
    The default puppetmaster port has also been added as a Listen option.
    Ports should be set in /etc/apache2/ports.conf - however this is an
    apache2 configuration file and thus cannot be updated by the
    puppetmaster-passenger postinst script.

diff --git a/ext/rack/files/apache2.conf b/ext/rack/files/apache2.conf
index 381327c..2af2964 100644
--- a/ext/rack/files/apache2.conf
+++ b/ext/rack/files/apache2.conf
@@ -1,12 +1,4 @@
-# you probably want to tune these settings
-PassengerHighPerformance on
-PassengerMaxPoolSize 12
-PassengerPoolIdleTime 1500
-# PassengerMaxRequests 1000
-PassengerStatThrottleRate 120
-RackAutoDetect Off
-RailsAutoDetect Off
+# Based on http://projects.puppetlabs.com/projects/1/wiki/Using_Passenger
 Listen 8140
@@ -15,20 +7,32 @@ Listen 8140
         SSLProtocol -ALL +SSLv3 +TLSv1
         SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
-        SSLCertificateFile      /etc/puppet/ssl/certs/squigley.namespace.at.pem
-        SSLCertificateKeyFile   /etc/puppet/ssl/private_keys/squigley.namespace.at.pem
-        SSLCertificateChainFile /etc/puppet/ssl/ca/ca_crt.pem
-        SSLCACertificateFile    /etc/puppet/ssl/ca/ca_crt.pem
+	SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppetmaster.example.com.pem
+    	SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster.example.com.pem
+    	SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
+        SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
         # If Apache complains about invalid signatures on the CRL, you can try disabling
         # CRL checking by commenting the next line, but this is not recommended.
-        SSLCARevocationFile     /etc/puppet/ssl/ca/ca_crl.pem
+        SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
+        # Set to require if this puppetmaster doesn't issue certificates
+        # to puppet clients.
+        # NB: this requires SSLCACertificateFile to include the CA cert 
+        #     issuing puppet client certificate.
         SSLVerifyClient optional
         SSLVerifyDepth  1
         SSLOptions +StdEnvVars
-        DocumentRoot /etc/puppet/rack/public/
+        # Passenger options that can be set in a virtual host
+        # configuration block.
+        PassengerHighPerformance on
+        PassengerStatThrottleRate 120
+        PassengerUseGlobalQueue on
+        RackAutoDetect Off
+        RailsAutoDetect Off
         RackBaseURI /
-        <Directory /etc/puppet/rack/>
+        DocumentRoot /usr/share/puppet/rack/puppetmasterd/public
+        <Directory /usr/share/puppet/rack/puppetmasterd/>
                 Options None
                 AllowOverride None
                 Order allow,deny

Puppet packaging for Debian

More information about the Pkg-puppet-devel mailing list