diff --git a/ext/debian/control b/ext/debian/control index 37f73025d..6f0e8467b 100644 --- a/ext/debian/control +++ b/ext/debian/control @@ -1,143 +1,143 @@ Source: puppet Section: admin Priority: optional Maintainer: Puppet Labs Uploaders: Micah Anderson , Andrew Pollock , Nigel Kersten , Stig Sandbeck Mathisen Build-Depends-Indep: ruby | ruby-interpreter, libopenssl-ruby | libopenssl-ruby1.9.1 | libruby (>= 1:1.9.3.4), facter (>= 1.7.0), hiera (>= 1.0.0) Build-Depends: debhelper (>= 7.0.0), openssl Standards-Version: 3.9.1 Vcs-Git: git://github.com/puppetlabs/puppet Homepage: http://projects.puppetlabs.com/projects/puppet Package: puppet-common Architecture: all Depends: ${misc:Depends}, ruby | ruby-interpreter, libopenssl-ruby | libopenssl-ruby1.9.1 | libruby (>= 1:1.9.3.4), ruby-shadow | libshadow-ruby1.8, libaugeas-ruby | libaugeas-ruby1.9.1 | libaugeas-ruby1.8, adduser, lsb-base, sysv-rc (>= 2.86) | file-rc, hiera (>= 1.0.0), facter (>= 1.7.0), ruby-rgen (>= 0.6.5), libjson-ruby | ruby-json Recommends: lsb-release, debconf-utils Suggests: ruby-selinux | libselinux-ruby1.8, librrd-ruby1.9.1 | librrd-ruby1.8 Breaks: puppet (<< 2.6.0~rc2-1), puppetmaster (<< 0.25.4-1) Provides: hiera-puppet Conflicts: hiera-puppet Replaces: hiera-puppet Description: Centralized configuration management Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. . Puppet's simple declarative specification language provides powerful classing abilities for drawing out the similarities between hosts while allowing them to be as specific as necessary, and it handles dependency and prerequisite relationships between objects clearly and explicitly. . This package contains the puppet software and documentation. For the startup scripts needed to run the puppet agent and master, see the "puppet" and "puppetmaster" packages, respectively. Package: puppet Architecture: all Depends: ${misc:Depends}, puppet-common (= ${binary:Version}), ruby | ruby-interpreter Recommends: rdoc Suggests: puppet-el, vim-puppet Description: Centralized configuration management - agent startup and compatibility scripts This package contains the startup script and compatbility scripts for the puppet agent, which is the process responsible for configuring the local node. . Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. . Puppet's simple declarative specification language provides powerful classing abilities for drawing out the similarities between hosts while allowing them to be as specific as necessary, and it handles dependency and prerequisite relationships between objects clearly and explicitly. Package: puppetmaster-common Architecture: all Depends: ${misc:Depends}, ruby | ruby-interpreter, puppet-common (= ${binary:Version}), facter (>= 1.7.0), lsb-base Breaks: puppet (<< 0.24.7-1), puppetmaster (<< 2.6.1~rc2-1) Replaces: puppetmaster (<< 2.6.1~rc2-1) Suggests: apache2 | nginx, puppet-el, vim-puppet, stompserver, ruby-stomp | libstomp-ruby1.8, rdoc, ruby-ldap | libldap-ruby1.8, puppetdb-terminus Description: Puppet master common scripts This package contains common scripts for the puppet master, which is the server hosting manifests and files for the puppet nodes. . Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. . Puppet's simple declarative specification language provides powerful classing abilities for drawing out the similarities between hosts while allowing them to be as specific as necessary, and it handles dependency and prerequisite relationships between objects clearly and explicitly. Package: puppetmaster Architecture: all Depends: ${misc:Depends}, ruby | ruby-interpreter, puppetmaster-common (= ${source:Version}), facter (>= 1.7.0), lsb-base Breaks: puppet (<< 0.24.7-1) Suggests: apache2 | nginx, puppet-el, vim-puppet, stompserver, ruby-stomp | libstomp-ruby1.8, rdoc, ruby-ldap | libldap-ruby1.8, puppetdb-terminus Description: Centralized configuration management - master startup and compatibility scripts This package contains the startup and compatibility scripts for the puppet master, which is the server hosting manifests and files for the puppet nodes. . Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. . Puppet's simple declarative specification language provides powerful classing abilities for drawing out the similarities between hosts while allowing them to be as specific as necessary, and it handles dependency and prerequisite relationships between objects clearly and explicitly. Package: puppetmaster-passenger Architecture: all -Depends: ${misc:Depends}, ruby | ruby-interpreter, puppetmaster-common (= ${source:Version}), facter (>= 1.7.0), lsb-base, libapache2-mod-passenger +Depends: ${misc:Depends}, ruby | ruby-interpreter, puppetmaster-common (= ${source:Version}), facter (>= 1.7.0), lsb-base, apache2, libapache2-mod-passenger Conflicts: puppetmaster (<< 2.6.1~rc2-1) Replaces: puppetmaster (<< 2.6.1~rc2-1) Description: Centralised configuration management - master setup to run under mod passenger This package provides a puppetmaster running under mod passenger. This configuration offers better performance and scalability. . Puppet lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. . Puppet's simple declarative specification language provides powerful classing abilities for drawing out the similarities between hosts while allowing them to be as specific as necessary, and it handles dependency and prerequisite relationships between objects clearly and explicitly. . Package: vim-puppet Architecture: all Depends: ${misc:Depends} Recommends: vim-addon-manager Conflicts: puppet (<< ${source:Version}) Description: syntax highlighting for puppet manifests in vim The vim-puppet package provides filetype detection and syntax highlighting for puppet manifests (files ending with ".pp"). Package: puppet-el Architecture: all Depends: ${misc:Depends}, emacsen-common Conflicts: puppet (<< ${source:Version}) Description: syntax highlighting for puppet manifests in emacs The puppet-el package provides syntax highlighting for puppet manifests Package: puppet-testsuite Architecture: all Depends: ${misc:Depends}, ruby | ruby-interpreter, puppet-common (= ${source:Version}), facter (>= 1.7.0), lsb-base, rails (>= 1.2.3-2), rdoc, ruby-ldap | libldap-ruby1.8, ruby-rspec | librspec-ruby, git-core, ruby-mocha | libmocha-ruby1.8 Recommends: cron Description: Centralized configuration management - test suite This package provides all the tests from the upstream puppet source code. The tests are used for improving the QA of the puppet package. diff --git a/ext/debian/puppetmaster-passenger.postinst b/ext/debian/puppetmaster-passenger.postinst index 019063be4..2c9f20c3f 100644 --- a/ext/debian/puppetmaster-passenger.postinst +++ b/ext/debian/puppetmaster-passenger.postinst @@ -1,66 +1,112 @@ #!/bin/sh set -e +sitename="puppetmaster" + +# The debian provided a2* utils in Apache 2.4 uses "site name" as +# argument, while the version in Apache 2.2 uses "file name". +# +# For added fun, the Apache 2.4 version requires files to have a +# ".conf" suffix, but this must be stripped when using it as argument +# for the a2* utilities. +# +# This will end in tears… +# Can be removed when we only support apache >= 2.4 +apache2_puppetmaster_sitename() { + apache2_version="$(dpkg-query --showformat='${Version}\n' --show apache2)" + if dpkg --compare-versions "$apache2_version" gt "2.4~"; then + echo "${sitename}.conf" + else + echo "${sitename}" + fi +} + +# Can be removed when we only support apache >= 2.4 +restart_apache2() { + if [ -x "/etc/init.d/apache2" ]; then + # Seems that a restart is needed. reload breaks ssl apparently. + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d apache2 restart || exit $? + else + /etc/init.d/apache2 restart || exit $? + fi + fi +} + +# We may need to update the passenger directives in the apache vhost because +# RailsAutoDetect and RackAutoDetect were removed in passenger 4.0.0 +# see http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsautodetect_rackautodetect_and_wsgiautodetect +update_vhost_for_passenger4() { + # Get passenger version from dpkg. + # This will end in tears… + passenger_version="$(dpkg-query --showformat='${Version}\n' --show libapache2-mod-passenger)" + if dpkg --compare-versions "$passenger_version" gt "4.0~"; then + sed -r -i \ + -e "/RailsAutoDetect/d" \ + -e "/RackAutoDetect/d" \ + $tempfile + fi +} + if [ "$1" = "configure" ]; then - + # Change the owner of the rack config.ru to be the puppet user # because passenger will suid to that user, see #577366 if ! dpkg-statoverride --list /usr/share/puppet/rack/puppetmasterd/config.ru >/dev/null 2>&1 then - dpkg-statoverride --update --add puppet puppet 0644 /usr/share/puppet/rack/puppetmasterd/config.ru + dpkg-statoverride --update --add puppet puppet 0644 /usr/share/puppet/rack/puppetmasterd/config.ru fi # Setup passenger configuration if [ "$2" = "" ]; then - # Initialize puppetmaster CA and generate the master certificate + + # Check that puppet master --configprint works properly + # If it doesn't the following steps to update the vhost will produce a very unhelpful and broken vhost + if [ $(puppet master --configprint all 2>&1 | grep "Could not parse" | wc -l) != "0" ]; then + echo "Puppet config print not working properly, exiting" + exit 1 + fi + + # Initialize puppetmaster CA and generate the master certificate # only if the host doesn't already have any puppet ssl certificate. # The ssl key and cert need to be available (eg generated) before - # apache2 is configured and started since apache2 ssl configuration + # apache2 is configured and started since apache2 ssl configuration # uses the puppetmaster ssl files. - if [ ! -e "$(puppet master --configprint hostcert)" ]; then - puppet cert generate $(puppet master --configprint certname) - fi + if [ ! -e "$(puppet master --configprint hostcert)" ]; then + puppet cert generate $(puppet master --configprint certname) + fi + # Setup apache2 configuration files - APACHE2_SITE_FILE="/etc/apache2/sites-available/puppetmaster" + APACHE2_SITE_FILE="/etc/apache2/sites-available/$(apache2_puppetmaster_sitename)" if [ ! -e "${APACHE2_SITE_FILE}" ]; then - cp /usr/share/puppetmaster-passenger/apache2.site.conf.tmpl "${APACHE2_SITE_FILE}" - # Fix path to SSL files - sed -r -i "s|(SSLCertificateFile\s+).+$|\1$(puppet master --configprint hostcert)|" "${APACHE2_SITE_FILE}" - sed -r -i "s|(SSLCertificateKeyFile\s+).+$|\1$(puppet master --configprint hostprivkey)|" "${APACHE2_SITE_FILE}" - sed -r -i "s|(SSLCACertificateFile\s+).+$|\1$(puppet master --configprint localcacert)|" "${APACHE2_SITE_FILE}" - sed -r -i "s|(SSLCertificateChainFile\s+).+$|\1$(puppet master --configprint localcacert)|" "${APACHE2_SITE_FILE}" - sed -r -i "s|(SSLCARevocationFile\s+).+$|\1$(puppet master --configprint cacrl)|" "${APACHE2_SITE_FILE}" - - # Fix path to rack docroot and directory - sed -r -i "s|DocumentRoot /etc/puppet/rack/public|DocumentRoot /usr/share/puppet/rack/puppetmasterd/public|g" "${APACHE2_SITE_FILE}" - sed -r -i "s|||g" "${APACHE2_SITE_FILE}" + tempfile=$(mktemp) + sed -r \ + -e "s|(SSLCertificateFile\s+).+$|\1$(puppet master --configprint hostcert)|" \ + -e "s|(SSLCertificateKeyFile\s+).+$|\1$(puppet master --configprint hostprivkey)|" \ + -e "s|(SSLCACertificateFile\s+).+$|\1$(puppet master --configprint localcacert)|" \ + -e "s|(SSLCertificateChainFile\s+).+$|\1$(puppet master --configprint localcacert)|" \ + -e "s|(SSLCARevocationFile\s+).+$|\1$(puppet master --configprint cacrl)|" \ + -e "s|DocumentRoot /etc/puppet/rack/public|DocumentRoot /usr/share/puppet/rack/puppetmasterd/public|" \ + -e "s|||" \ + /usr/share/puppetmaster-passenger/apache2.site.conf.tmpl > $tempfile + update_vhost_for_passenger4 + mv $tempfile "${APACHE2_SITE_FILE}" fi + + # Enable needed modules a2enmod ssl a2enmod headers - a2ensite puppetmaster - if [ -x "/etc/init.d/apache2" ]; then - # Seems that a restart is needed. reload breaks ssl apparently. - if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - invoke-rc.d apache2 restart || exit $? - else - /etc/init.d/apache2 restart || exit $? - fi - fi + a2ensite ${sitename} + restart_apache2 fi + # Fix CRL file on upgrade to use the CA crl file instead of the host crl. if dpkg --compare-versions "$2" lt-nl "2.6.1-1"; then if [ -e /etc/apache2/sites-available/puppetmaster ]; then sed -r -i 's|SSLCARevocationFile[[:space:]]+/var/lib/puppet/ssl/crl.pem$|SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem|' /etc/apache2/sites-available/puppetmaster - if [ -x "/etc/init.d/apache2" ]; then - # Seems that a restart is needed. reload breaks ssl apparently. - if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - invoke-rc.d apache2 restart || exit $? - else - /etc/init.d/apache2 restart || exit $? - fi - fi + restart_apache2 fi fi fi #DEBHELPER# diff --git a/ext/debian/puppetmaster-passenger.postrm b/ext/debian/puppetmaster-passenger.postrm index a7f34b61e..ec86b5de1 100644 --- a/ext/debian/puppetmaster-passenger.postrm +++ b/ext/debian/puppetmaster-passenger.postrm @@ -1,33 +1,61 @@ -#!/bin/sh -e +#!/bin/sh + +set -e + +sitename="puppetmaster" + +# The debian provided a2* utils in Apache 2.4 uses "site name" as +# argument, while the version in Apache 2.2 uses "file name". +# +# For added fun, the Apache 2.4 version requires files to have a +# ".conf" suffix, but this must be stripped when using it as argument +# for the a2* utilities. +# +# This will end in tears… +# Can be removed when we only support apache >= 2.4 +apache2_puppetmaster_sitename() { + apache2_version="$(dpkg-query --showformat='${Version}\n' --show apache2)" + if dpkg --compare-versions "$apache2_version" gt "2.4~"; then + echo "${sitename}.conf" + else + echo "${sitename}" + fi +} + +# Can be removed when we only support apache >= 2.4 +restart_apache2() { + if [ -x "/etc/init.d/apache2" ]; then + # Seems that a restart is needed. reload breaks ssl apparently. + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d apache2 restart || exit $? + else + /etc/init.d/apache2 restart || exit $? + fi + fi +} case "$1" in purge) - if dpkg-statoverride --list /usr/share/puppet/rack/puppetmasterd/config.ru >/dev/null 2>&1 - then - dpkg-statoverride --remove /usr/share/puppet/rack/puppetmasterd/config.ru - fi - # Remove the puppetmaster site configuration on purge - rm -f /etc/apache2/sites-available/puppetmaster - ;; + if dpkg-statoverride --list /usr/share/puppet/rack/puppetmasterd/config.ru >/dev/null 2>&1 + then + dpkg-statoverride --remove /usr/share/puppet/rack/puppetmasterd/config.ru + fi + # Remove the puppetmaster site configuration on purge + rm -f /etc/apache2/sites-available/$(apache2_puppetmaster_sitename) + ;; remove) # Disable the puppetmaster apache2 site configuration on package removal - a2dissite puppetmaster - if [ -x "/etc/init.d/apache2" ]; then - if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then - invoke-rc.d apache2 force-reload || exit $? - else - /etc/init.d/apache2 force-reload || exit $? - fi - fi - ;; + a2dissite ${sitename} + restart_apache2 + ;; upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 esac #DEBHELPER# exit 0