debian/puppetmaster-passenger.postinst


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

#!/bin/sh

set -e

sitename="puppetmaster"
APACHE2_SITE_FILE="/etc/apache2/sites-available/${sitename}.conf"

# Can be removed when we only support apache >= 2.4
restart_apache2() {
    if [ -x "/etc/init.d/apache2" ]; then
        # Seems that a restart is needed. reload breaks ssl apparently.
        if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
            invoke-rc.d apache2 restart || exit $?
        else
            /etc/init.d/apache2 restart || exit $?
        fi
    fi
}

if [ "$1" = "configure" ]; then

    # Change the owner of the rack config.ru to be the puppet user
    # because passenger will suid to that user, see #577366
    if ! dpkg-statoverride --list /usr/share/puppet/rack/puppetmasterd/config.ru >/dev/null 2>&1
    then
	dpkg-statoverride --update --add puppet puppet 0644 /usr/share/puppet/rack/puppetmasterd/config.ru
    fi

    # Setup passenger configuration
    if [ "$2" = "" ]; then

        # Install needed modules
        if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then
            . /usr/share/apache2/apache2-maintscript-helper
            apache2_invoke enmod ssl
            apache2_invoke enmod headers
        else
            a2enmod ssl
            a2enmod headers
            restart_apache2
        fi

        # Check that puppet master --configprint works properly
        if [ $(puppet master --configprint all 2>&1 | grep "Could not parse" | wc -l) != "0" ]; then
                echo "Puppet config print not working properly, exiting"
                exit 1
        fi

        # Initialize puppetmaster CA and generate the master certificate
        # only if the host doesn't already have any puppet ssl certificate.
        # The ssl key and cert need to be available (eg generated) before
        # apache2 is configured and started since apache2 ssl configuration
        # uses the puppetmaster ssl files.
	if [ ! -e "$(puppet master --configprint hostcert)" ]; then
	    puppet cert generate $(puppet master --configprint certname)
	fi

        # Setup apache2 configuration files
        if  [ ! -e "${APACHE2_SITE_FILE}" ]; then
            tempfile=$(mktemp)
            sed -r \
                -e "s|(SSLCertificateFile\s+).+$|\1$(puppet master --configprint hostcert)|" \
                -e "s|(SSLCertificateKeyFile\s+).+$|\1$(puppet master --configprint hostprivkey)|" \
                -e "s|(SSLCACertificateFile\s+).+$|\1$(puppet master --configprint localcacert)|" \
                -e "s|(SSLCertificateChainFile\s+).+$|\1$(puppet master --configprint localcacert)|" \
                -e "s|(SSLCARevocationFile\s+).+$|\1$(puppet master --configprint cacrl)|" \
                -e "/RailsAutoDetect/d" \
                -e "/RackAutoDetect/d" \
                /usr/share/puppetmaster-passenger/apache2.site.conf.tmpl > $tempfile
            mv $tempfile "${APACHE2_SITE_FILE}"
        fi
        if [ -e /usr/share/apache2/apache2-maintscript-helper ] ; then
            . /usr/share/apache2/apache2-maintscript-helper
            apache2_invoke ensite "${sitename}"
        else
            a2ensite puppetmaster
            restart_apache2
        fi
    fi
fi

#DEBHELPER#