ReleaseEngineering/PuppetAgain/Modules/puppetmaster: Difference between revisions
< ReleaseEngineering | PuppetAgain | Modules
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 9: | Line 9: | ||
= CRL sync = | = CRL sync = | ||
To keep the list of revoced certificates (CRL) up to date, masters fetch the CRL from CA by a [http://hg.mozilla.org/build/puppet/file/tip/modules/puppetmaster/templates/update_crl.sh.erb cron job] and gracefuly restart apache. | To keep the list of revoced certificates (CRL) up to date, masters fetch the CRL from CA by a [http://hg.mozilla.org/build/puppet/file/tip/modules/puppetmaster/templates/update_crl.sh.erb cron job] and gracefuly restart apache. | ||
= Secrets = | |||
;puppetmaster_deploy_htpasswd | |||
:the htpasswd-hashed password used to protect the puppetmaster deployment CGI. Generate with <tt>htpasswd -n - deploy</tt> and only include the portion after "deploy:" in the secrets file | |||
Revision as of 17:21, 8 November 2013
This module handles installing, updating, and running puppet master. This setup uses Apache and mod_passenger. Puppet masters doesn't sign client certificates. They are generated by a self signed CA (on cruncher).
Installation
See ReleaseEngineering/PuppetAgain/HowTo/Set up a standalone puppetmaster
Updates
Masters update themselves by puppet::periodic (ReleaseEngineering/PuppetAgain/Modules/puppet).
CRL sync
To keep the list of revoced certificates (CRL) up to date, masters fetch the CRL from CA by a cron job and gracefuly restart apache.
Secrets
- puppetmaster_deploy_htpasswd
- the htpasswd-hashed password used to protect the puppetmaster deployment CGI. Generate with htpasswd -n - deploy and only include the portion after "deploy:" in the secrets file