diff options
| author | Adrien Thebo <git@somethingsinistral.net> | 2014-05-14 13:15:08 -0700 |
|---|---|---|
| committer | Melissa Stone <melissa@puppetlabs.com> | 2014-05-27 11:22:10 -0700 |
| commit | bcc6dc3207b81ab10e17c63737d18618dca05c1b (patch) | |
| tree | a7f53bada4a2c5dda20a843752ddd3973c523417 /ext | |
| parent | b02af7e05d9b9a3bc23474933d8d7f6cd6191158 (diff) | |
| download | puppet-bcc6dc3207b81ab10e17c63737d18618dca05c1b.tar.gz | |
(maint) extract initial Passenger configuration
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/debian/puppetmaster-passenger.postinst | 86 |
1 files changed, 45 insertions, 41 deletions
diff --git a/ext/debian/puppetmaster-passenger.postinst b/ext/debian/puppetmaster-passenger.postinst index 608ad409d..8b9a54638 100644 --- a/ext/debian/puppetmaster-passenger.postinst +++ b/ext/debian/puppetmaster-passenger.postinst @@ -66,6 +66,48 @@ update_vhost_for_apache24() { fi } +create_initial_puppetmaster_vhost() { + # Check that puppet master --configprint works properly + # If it doesn't the following steps to update the vhost will produce a very unhelpful and broken vhost + if [ $(puppet master --configprint all 2>&1 | grep "Could not parse" | wc -l) != "0" ]; then + echo "Puppet config print not working properly, exiting" + exit 1 + fi + + # Initialize puppetmaster CA and generate the master certificate + # only if the host doesn't already have any puppet ssl certificate. + # The ssl key and cert need to be available (eg generated) before + # apache2 is configured and started since apache2 ssl configuration + # uses the puppetmaster ssl files. + if [ ! -e "$(puppet master --configprint hostcert)" ]; then + puppet cert generate $(puppet master --configprint certname) + fi + + # Setup apache2 configuration files + APACHE2_SITE_FILE="/etc/apache2/sites-available/$(apache2_puppetmaster_sitename)" + if [ ! -e "${APACHE2_SITE_FILE}" ]; then + tempfile=$(mktemp) + sed -r \ + -e "s|(SSLCertificateFile\s+).+$|\1$(puppet master --configprint hostcert)|" \ + -e "s|(SSLCertificateKeyFile\s+).+$|\1$(puppet master --configprint hostprivkey)|" \ + -e "s|(SSLCACertificateFile\s+).+$|\1$(puppet master --configprint localcacert)|" \ + -e "s|(SSLCertificateChainFile\s+).+$|\1$(puppet master --configprint localcacert)|" \ + -e "s|(SSLCARevocationFile\s+).+$|\1$(puppet master --configprint cacrl)|" \ + -e "s|DocumentRoot /etc/puppet/rack/public|DocumentRoot /usr/share/puppet/rack/puppetmasterd/public|" \ + -e "s|<Directory /etc/puppet/rack/>|<Directory /usr/share/puppet/rack/puppetmasterd/>|" \ + /usr/share/puppetmaster-passenger/apache2.site.conf.tmpl > $tempfile + update_vhost_for_passenger4 + update_vhost_for_apache24 + mv $tempfile "${APACHE2_SITE_FILE}" + fi + + # Enable needed modules + a2enmod ssl + a2enmod headers + a2ensite ${sitename} + restart_apache2 +} + if [ "$1" = "configure" ]; then # Change the owner of the rack config.ru to be the puppet user @@ -74,48 +116,10 @@ if [ "$1" = "configure" ]; then then dpkg-statoverride --update --add puppet puppet 0644 /usr/share/puppet/rack/puppetmasterd/config.ru fi - # Setup passenger configuration - if [ "$2" = "" ]; then - - # Check that puppet master --configprint works properly - # If it doesn't the following steps to update the vhost will produce a very unhelpful and broken vhost - if [ $(puppet master --configprint all 2>&1 | grep "Could not parse" | wc -l) != "0" ]; then - echo "Puppet config print not working properly, exiting" - exit 1 - fi - - # Initialize puppetmaster CA and generate the master certificate - # only if the host doesn't already have any puppet ssl certificate. - # The ssl key and cert need to be available (eg generated) before - # apache2 is configured and started since apache2 ssl configuration - # uses the puppetmaster ssl files. - if [ ! -e "$(puppet master --configprint hostcert)" ]; then - puppet cert generate $(puppet master --configprint certname) - fi - - # Setup apache2 configuration files - APACHE2_SITE_FILE="/etc/apache2/sites-available/$(apache2_puppetmaster_sitename)" - if [ ! -e "${APACHE2_SITE_FILE}" ]; then - tempfile=$(mktemp) - sed -r \ - -e "s|(SSLCertificateFile\s+).+$|\1$(puppet master --configprint hostcert)|" \ - -e "s|(SSLCertificateKeyFile\s+).+$|\1$(puppet master --configprint hostprivkey)|" \ - -e "s|(SSLCACertificateFile\s+).+$|\1$(puppet master --configprint localcacert)|" \ - -e "s|(SSLCertificateChainFile\s+).+$|\1$(puppet master --configprint localcacert)|" \ - -e "s|(SSLCARevocationFile\s+).+$|\1$(puppet master --configprint cacrl)|" \ - -e "s|DocumentRoot /etc/puppet/rack/public|DocumentRoot /usr/share/puppet/rack/puppetmasterd/public|" \ - -e "s|<Directory /etc/puppet/rack/>|<Directory /usr/share/puppet/rack/puppetmasterd/>|" \ - /usr/share/puppetmaster-passenger/apache2.site.conf.tmpl > $tempfile - update_vhost_for_passenger4 - update_vhost_for_apache24 - mv $tempfile "${APACHE2_SITE_FILE}" - fi - # Enable needed modules - a2enmod ssl - a2enmod headers - a2ensite ${sitename} - restart_apache2 + # Setup puppetmaster passenger vhost + if [ "$2" = "" ]; then + create_initial_puppetmaster_vhost fi # Fix CRL file on upgrade to use the CA crl file instead of the host crl. |