This module handles installing, updating, and running puppet master. This setup uses Apache and mod_passenger. Puppet masters doesn't sign client certificates. They are generated by a self signed CA (on cruncher).

Installation

See ReleaseEngineering/PuppetAgain/HowTo/Set up a standalone puppetmaster

Updates

Masters update themselves by puppet::periodic (ReleaseEngineering/PuppetAgain/Modules/puppet).

CRL sync

To keep the list of revoced certificates (CRL) up to date, masters fetch the CRL from CA by a cron job and gracefuly restart apache.