MozillaWiki

ReleaseEngineering/PuppetAgain/Modules/puppetmaster

< ReleaseEngineering‎ | PuppetAgain‎ | Modules
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

This module handles installing, updating, and running puppet master. This setup uses Apache and mod_passenger. Puppet masters doesn't sign client certificates. They are generated by a self signed CA (on cruncher).

Installation

See ReleaseEngineering/PuppetAgain/HowTo/Set up a standalone puppetmaster

Updates

Masters update themselves by puppet::periodic (ReleaseEngineering/PuppetAgain/Modules/puppet).

CRL sync

To keep the list of revoced certificates (CRL) up to date, masters fetch the CRL from CA by a cron job and gracefuly restart apache.

Secrets

Creation of new certificates is guarded by a password, using the username 'deploy'

deploy_password
the cleartext password
deploy_username
always 'deploy'
puppetmaster_deploy_htpasswd
the htpasswd-hashed version of the password. Generate with htpasswd -n - deploy and only include the portion after "deploy:" in the secrets file
Retrieved from "https://wiki.mozilla.org/index.php?title=ReleaseEngineering/PuppetAgain/Modules/puppetmaster&oldid=997054"