Use apache for puppetmaster authentication in ubuntu 12.04

Ubuntu 12.04 use apache for puppetmaster authentication service prerequisites: aptitude-y install puppet augeas-toolsaptitude-y install puppetmaster sqlite3 libsqlite3-ruby libactiverecord-ruby git rake www.2cto.com has been installed puppetmaster end 1. install software apt-get install apache2 libapache2-mod-passenger rails librack-ruby libmysql-ruby2. you need to generate a certificate first. For example, if my hostname is server, start puppetmaster first and connect puppet agent-vt to the server. If everything goes well,/var/lib/puppet/ssl/certs/server will be generated. pem/var/lib/puppet/ssl/private_keys/server. pem files, which require 3.vim/etc/apache2/conf in apache authentication configuration. d/puppet. the conf file is as follows: www.2cto.com Listen 8140 <VirtualHost *: 8140> SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT: RC4 + RSA SSLCertificateFile/var/lib/puppet/ssl/certs/server. pem SSLCertificateKeyFile/var/lib/puppet/ssl/private_keys/server. pem SSLCertificateChainFile/var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile/var/lib/puppet/ssl/ca/ca_crt.pem # CRL checking shoshould be enabled; if you have problems with Apache complaining about the CRL, disable the next line # Release/var/lib/puppet/ssl/ca/ca_crl.pem SSLVerifyClient optional limit 1 SSLOptions + StdEnvVars # The following client headers allow the same configuration to work with Pound. requestHeader set X-SSL-Subject % {SSL_CLIENT_S_DN} e RequestHeader set X-Client-DN % {token} e RequestHeader set X-Client-Verify % {SSL_CLIENT_VERIFY} e www.2cto.com RackAutoDetect /etc/puppet/rack/public/<Directory/etc/puppet/rack> Options None AllowOverride None Order allow, deny allow from all </Directory> </VirtualHost> where SSLCertificateFileSSLCertificateKeyFile
The two lines need to be changed to no5./etc/default/puppetmasterSTART = yes according to your puppetmaster Certificate Name 4.vim/etc/puppet to create the rack folder mkdir-p rack/{tmp, public} and create the config.ru File
The content is as follows: # a config.ru, for use with every rack-compatible webserver. # SSL needs to be handled outside this, though. www.2cto.com # if puppet is not in your RUBYLIB: # $ :. unshift ('/opt/puppet/lib') $0 = "master" # if you want debugging: # ARGV <"-- debug" ARGV <"-- rack" require 'puppet/application/master' # we're usually running inside a Rack: Builder. new {} block, # therefore we need to call run * here *. run Puppet: Application [: master]. run
The rack folder structure is as follows: www.2cto.com root @ server:/etc/puppet/rack # lsconfig.ru public tmpchown-R puppet: puppet/etc/puppet/rack6. at this time it may be 8140 or puppetmaster is running kill the process, restart apache, if apache does not report an error try puppet agent-vt is correct refer to the document http://projects.puppetlabs.com/projects/1/wiki/using_passenger