diff options
author | Luke Kanies <luke@madstop.com> | 2008-12-18 18:06:45 -0600 |
---|---|---|
committer | Luke Kanies <luke@madstop.com> | 2008-12-18 18:06:45 -0600 |
commit | 566bf7820e56b3be503a05645cad54152309b20f (patch) | |
tree | f773fa8ea389790c01ae8a6eb92de7cd8a44874c /bin | |
parent | 0cf9decfeab5a45f8457af2e51633fd6e0f877fc (diff) | |
download | puppet-566bf7820e56b3be503a05645cad54152309b20f.tar.gz puppet-566bf7820e56b3be503a05645cad54152309b20f.tar.xz puppet-566bf7820e56b3be503a05645cad54152309b20f.zip |
Fixing #1729 - puppetmasterd can now read certs at startup
The main aspect of this solution is to create a site-wide
Puppet::SSL::Host instance to cache ssl key and certificate,
so that by the time we've switched UIDs, we've got the key and
cert in memory. Then webrick just uses that, rather than creating
a new Host instance.
Signed-off-by: Luke Kanies <luke@madstop.com>
Diffstat (limited to 'bin')
-rwxr-xr-x | bin/puppetmasterd | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/bin/puppetmasterd b/bin/puppetmasterd index 9c3cc168c..47384f261 100755 --- a/bin/puppetmasterd +++ b/bin/puppetmasterd @@ -155,6 +155,8 @@ if Puppet.settings.print_configs? exit(Puppet.settings.print_configs ? 0 : 1) end +Puppet.settings.use :main, :puppetmasterd, :ssl + # A temporary solution, to at least make the master work for now. Puppet::Node::Facts.terminus_class = :yaml @@ -164,7 +166,7 @@ Puppet::Node.cache_class = :yaml # Configure all of the SSL stuff. if Puppet::SSL::CertificateAuthority.ca? Puppet::SSL::Host.ca_location = :local - Puppet.settings.use :main, :ssl, :ca + Puppet.settings.use :ca Puppet::SSL::CertificateAuthority.instance else Puppet::SSL::Host.ca_location = :none @@ -197,6 +199,16 @@ end server = Puppet::Network::Server.new(:handlers => rest_handlers, :xmlrpc_handlers => xmlrpc_handlers) +# Make sure we've got a localhost ssl cert +Puppet::SSL::Host.localhost + +# And now configure our server to *only* hit the CA for data, because that's +# all it will have write access to. +if Puppet::SSL::CertificateAuthority.ca? + Puppet::SSL::Host.ca_location = :only + Puppet::SSL::Host.ca_location = :none +end + if Process.uid == 0 begin Puppet::Util.chuser |