2 files changed, 34 insertions, 0 deletions

diff --git a/files/master/config.ru b/files/master/config.ru
new file mode 100644
index 0000000..cec2a34
--- /dev/null
+++ b/files/master/config.ru
@@ -0,0 +1,29 @@
+# a config.ru, for use with every rack-compatible webserver.
+# SSL needs to be handled outside this, though.
+
+# if puppet is not in your RUBYLIB:
+# $:.unshift('/opt/puppet/lib')
+
+$0 = "puppetmasterd"
+require 'puppet'
+
+# logs to file instead of syslog
+#Puppet::Util::Log.newdestination("/var/log/puppet/puppetmasterd.log")
+
+# if you want debugging:
+#ARGV << "--debug"
+
+ARGV << "--rack"
+
+# in some setups puppetmasterd doesn't seem to read the puppet.conf 
+# config at startup, then you need to pass these options:
+ARGV << "--vardir" << "/var/lib/puppet"
+ARGV << "--ssldir" << "/var/lib/puppet/ssl"
+
+# if you use puppet-dashboard:
+#ARGV << "--reports" << "puppet_dashboard"
+
+require 'puppet/application/puppetmasterd'
+# we're usually running inside a Rack::Builder.new {} block,
+# therefore we need to call run *here*.
+run Puppet::Application[:puppetmasterd].run
diff --git a/files/master/puppet.conf b/files/master/puppet.conf
index bcf2a23..0027e57 100644
--- a/files/master/puppet.conf
+++ b/files/master/puppet.conf
@@ -54,6 +54,11 @@
     #usage for clusters
     #ssl_client_header=HTTP_X_SSL_SUBJECT
 
+    # apache2/passenger usage: http://github.com/reductivelabs/puppet/tree/master/ext/rack
+    ssl_client_header = SSL_CLIENT_S_DN
+    ssl_client_verify_header = SSL_CLIENT_VERIFY
+
+
     # specify allowed environments
     environments=production,development