Puppet < 3

Notes on running on puppet on puias.

puppet is in the unsupported repo.

The recommended configuration is using passenger with apache. nginx will also work.

  • Install mod_passenger, mod_ssl
  • mkdir -p /etc/puppet/rack/public
  • copy /usr/share/puppet/ext/rack/files/ /etc/puppet/rack
  • create puppetmaster.conf in /etc/httpd/conf.d
Listen 8140
<VirtualHost *:8140>

    SSLEngine on
    SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
    SSLCertificateFile      /var/lib/puppet/ssl/certs/puppetmaster.pem
    SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppetmaster.pem
    SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
    # CRL checking should be enabled; if you have problems with Apache complaining about the CRL, disable the next line
    SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
    SSLVerifyClient optional
    SSLVerifyDepth  1
    SSLOptions +StdEnvVars

    # The following client headers allow the same configuration to work with Pound.
    RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

    RackAutoDetect On
    DocumentRoot /etc/puppet/rack/public/
    <Directory /etc/puppet/rack>
        Options None
        AllowOverride None
        Order allow,deny
        allow from all


puppet3 is in the unsupported repo, users of puppet prior to version 3 will have to update their manifests before using version 3, so we have made this package under a different name. Users can install puppet3 and migrate their configurations over to the new format. Eventually version 3 will be pushed out as puppet, but for now, we'll keep it separate as puppet3.

Last modified 8 years ago Last modified on Dec 6, 2012 4:55:24 PM