[Pkg-puppet-devel] [SCM] Puppet packaging for Debian branch, master, updated. debian/2.6.0-2-123-g493b938

Tue Aug 24 02:19:08 UTC 2010

The following commit has been merged in the master branch:
commit 493b93800e5a54d62f35e7d5fe04630d6c87acb1
Author: Mathias Gug <mathias.gug at canonical.com>
Date:   Mon Aug 23 18:19:41 2010 -0400

    Support non-CA puppetmaster setup in puppetmaster-passenger
    
    Only generate CA files if there isn't any ssl certifcates already
    available. This covers the case where the puppet master has already seen
    the run of puppet agent and thus already has its ssl files setup.
    
    Use local host CA certificate and crl location rather than CA
    certification and crl to generate apache2 ssl configuration. This covers
    the use case where the puppet master doesn't act as CA.

diff --git a/debian/puppetmaster-passenger.postinst b/debian/puppetmaster-passenger.postinst
index 7d9c994..537b9fd 100644
--- a/debian/puppetmaster-passenger.postinst
+++ b/debian/puppetmaster-passenger.postinst
@@ -12,11 +12,14 @@ if [ "$1" = "configure" ]; then
     fi
     # Setup passenger configuration
     if [ "$2" = "" ]; then
-        # Initialize puppetmaster CA and generate the master certificate.
+        # Initialize puppetmaster CA and generate the master certificate 
+        # only if the host doesn't already have any puppet ssl certificate.
         # The ssl key and cert need to be available (eg generated) before
         # apache2 is configured and started since apache2 ssl configuration 
         # uses the puppetmaster ssl files.
-        puppetca --generate $(puppetca --configprint certname)
+	if [ ! -e "$(puppetca --configprint hostcert)" ]; then
+        	puppetca --generate $(puppetca --configprint certname)
+	fi
         # Setup apache2 configuration files
         APACHE2_SITE_FILE="/etc/apache2/sites-available/puppetmaster" 
         if  [ ! -e "${APACHE2_SITE_FILE}" ]; then
@@ -24,9 +27,9 @@ if [ "$1" = "configure" ]; then
             # Fix path to SSL files
             sed -r -i "s|(SSLCertificateFile\s+).+$|\1$(puppetca --configprint hostcert)|" "${APACHE2_SITE_FILE}"
             sed -r -i "s|(SSLCertificateKeyFile\s+).+$|\1$(puppetca --configprint hostprivkey)|" "${APACHE2_SITE_FILE}"
-            sed -r -i "s|(SSLCACertificateFile\s+).+$|\1$(puppetca --configprint cacert)|" "${APACHE2_SITE_FILE}"
-            sed -r -i "s|(SSLCertificateChainFile\s+).+$|\1$(puppetca --configprint cacert)|" "${APACHE2_SITE_FILE}"
-            sed -r -i "s|(SSLCARevocationFile\s+).+$|\1$(puppetca --configprint cacrl)|" "${APACHE2_SITE_FILE}"
+            sed -r -i "s|(SSLCACertificateFile\s+).+$|\1$(puppetca --configprint localcacert)|" "${APACHE2_SITE_FILE}"
+            sed -r -i "s|(SSLCertificateChainFile\s+).+$|\1$(puppetca --configprint localcacert)|" "${APACHE2_SITE_FILE}"
+            sed -r -i "s|(SSLCARevocationFile\s+).+$|\1$(puppetca --configprint hostcrl)|" "${APACHE2_SITE_FILE}"
         fi
         a2enmod ssl
         a2ensite puppetmaster

-- 
Puppet packaging for Debian

