Changes between Version 2 and Version 3 of Puppet

Timestamp:

Dec 6, 2012 4:54:00 PM (11 years ago)

Author:

thomas

Comment:

--

Puppet

@@ -1 @@
-== Puppet ==
+== Puppet < 3 ==
 
 Notes on running on puppet on puias.
 
-puppet is in the unsupported repo
+puppet is in the unsupported repo.
+
+The recommended configuration is using passenger with apache.  nginx will also work.  
+
+* Install mod_passenger
+* mkdir -p /etc/puppet/rack/public
+* copy /usr/share/puppet/ext/rack/files/config.ru /etc/puppet/rack
+* create puppetmaster.conf in /etc/httpd/conf.d
+
+{{{
+Listen 8140
+<VirtualHost *:8140>
+
+    SSLEngine on
+    SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
+    SSLCertificateFile      /var/lib/puppet/ssl/certs/puppetmaster.pem
+    SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppetmaster.pem
+    SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
+    SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
+    # CRL checking should be enabled; if you have problems with Apache complaining about the CRL, disable the next line
+    SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
+    SSLVerifyClient optional
+    SSLVerifyDepth  1
+    SSLOptions +StdEnvVars
+
+    # The following client headers allow the same configuration to work with Pound.
+    RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
+    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
+    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
+
+    RackAutoDetect On
+    DocumentRoot /etc/puppet/rack/public/
+    <Directory /etc/puppet/rack>
+        Options None
+        AllowOverride None
+        Order allow,deny
+        allow from all
+    </Directory>
+</VirtualHost>
+
+}}}
 
 == Puppet3 ==