mattfinlayson/gist:1525969

## gistfile1.txt
Setup your puppet.confMake sure you have the following set in your puppetmaster’s puppet.conf:
[puppetmasterd]
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
Install apache2, passenger, and rack

yum install httpd httpd-devel ruby-devel rubygems
yum install gcc-c++
gem install -v 1.1.0 rack
gem install -v 2.2.15 passenger
passenger-install-apache2-module

hit enter and watch it build

Add the following to Apache Config

   LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-2.2.15/ext/apache2/mod_passenger.so   PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-2.2.15
   PassengerRuby /usr/bin/ruby

Create /etc/httpd/conf.d/puppetmaster.conf

Listen 8140<VirtualHost *:8140>

    SSLEngine on
    SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
    SSLCertificateFile      /var/lib/puppet/ssl/certs/puppet.vmhosted.jiveland.com.pem
    SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppet.vmhosted.jiveland.com.pem
    SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
    # CRL checking should be enabled; if you have problems with Apache complaining about the CRL, disable the next line
    SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
    SSLVerifyClient optional
    SSLVerifyDepth  1
    SSLOptions +StdEnvVars

    # The following client headers allow the same configuration to work with Pound.
    RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

    RackAutoDetect On
    DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
    <Directory /usr/share/puppet/rack/puppetmasterd/>
        Options None
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>
</VirtualHost>


mkdir -p /usr/share/puppet/rack/puppetmasterdmkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp

Create /usr/share/puppet/rack/puppetmasterd/config.ru
# a config.ru, for use with every rack-compatible webserver.
# SSL needs to be handled outside this, though.

# if puppet is not in your RUBYLIB:
# $:.unshift('/opt/puppet/lib')

$0 = "puppetmasterd"
require 'puppet'

# if you want debugging:
# ARGV << "--debug"

ARGV << "--rack"
require 'puppet/application/puppetmasterd'
# we're usually running inside a Rack::Builder.new {} block,
# therefore we need to call run *here*.
run Puppet::Application[:puppetmasterd].run


/etc/init.d/puppetmasterd stop
chkconfig puppetmaster off chkconfig httpd on
/etc/init.d/httpd restart
	Setup your puppet.confMake sure you have the following set in your puppetmaster’s puppet.conf:
	[puppetmasterd]
	ssl_client_header = SSL_CLIENT_S_DN
	ssl_client_verify_header = SSL_CLIENT_VERIFY
	Install apache2, passenger, and rack

	yum install httpd httpd-devel ruby-devel rubygems
	yum install gcc-c++
	gem install -v 1.1.0 rack
	gem install -v 2.2.15 passenger
	passenger-install-apache2-module

	hit enter and watch it build

	Add the following to Apache Config

	LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-2.2.15/ext/apache2/mod_passenger.so PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-2.2.15
	PassengerRuby /usr/bin/ruby

	Create /etc/httpd/conf.d/puppetmaster.conf

	Listen 8140<VirtualHost *:8140>

	SSLEngine on
	SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
	SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.vmhosted.jiveland.com.pem
	SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.vmhosted.jiveland.com.pem
	SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
	SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
	# CRL checking should be enabled; if you have problems with Apache complaining about the CRL, disable the next line
	SSLCARevocationFile /var/lib/puppet/ssl/ca/ca_crl.pem
	SSLVerifyClient optional
	SSLVerifyDepth 1
	SSLOptions +StdEnvVars

	# The following client headers allow the same configuration to work with Pound.
	RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
	RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
	RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

	RackAutoDetect On
	DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
	<Directory /usr/share/puppet/rack/puppetmasterd/>
	Options None
	AllowOverride None
	Order allow,deny
	allow from all
	</Directory>
	</VirtualHost>


	mkdir -p /usr/share/puppet/rack/puppetmasterdmkdir /usr/share/puppet/rack/puppetmasterd/public /usr/share/puppet/rack/puppetmasterd/tmp

	Create /usr/share/puppet/rack/puppetmasterd/config.ru
	# a config.ru, for use with every rack-compatible webserver.
	# SSL needs to be handled outside this, though.

	# if puppet is not in your RUBYLIB:
	# $:.unshift('/opt/puppet/lib')

	$0 = "puppetmasterd"
	require 'puppet'

	# if you want debugging:
	# ARGV << "--debug"

	ARGV << "--rack"
	require 'puppet/application/puppetmasterd'
	# we're usually running inside a Rack::Builder.new {} block,
	# therefore we need to call run here.
	run Puppet::Application[:puppetmasterd].run


	/etc/init.d/puppetmasterd stop
	chkconfig puppetmaster off chkconfig httpd on
	/etc/init.d/httpd restart