Enable puppet, enable kerberos ssh.

author František Dvořák <valtri@civ.zcu.cz>

Thu, 10 Dec 2015 19:22:47 +0000 (20:22 +0100)

committer František Dvořák <valtri@civ.zcu.cz>

Thu, 10 Dec 2015 19:22:47 +0000 (20:22 +0100)
author František Dvořák <valtri@civ.zcu.cz>
Thu, 10 Dec 2015 19:22:47 +0000 (20:22 +0100)
committer František Dvořák <valtri@civ.zcu.cz>
Thu, 10 Dec 2015 19:22:47 +0000 (20:22 +0100)
diff --git a/lxc.sh b/lxc.sh

index 3de64fa..c181fe2 100755 (executable)
--- a/lxc.sh
+++ b/lxc.sh
@@ -99,9 +99,13 @@ valtri@ADMIN.META
  xparak@ADMIN.META
  __EOF__
  
-  rm -rf /var/lib/puppet/ssl/* || :
+    cp -v `dirname $0`/puppet.conf etc/puppet/
+    sed -i -e 's/^\(START\)=.*/\1=yes/' /etc/default/puppet
+    rm -rf /var/lib/puppet/ssl/* || :
  
-  cd
+    sed -i -e 's/^#\(GSSAPIAuthentication\).*/\1 yes/' /etc/ssh/sshd_config
+
+    cd
  }
  
  
diff --git a/puppet.conf b/puppet.conf

new file mode 100644 (file)

index 0000000..d02e10a
--- /dev/null
+++ b/puppet.conf
@@ -0,0 +1,14 @@
+[main]
+logdir=/var/log/puppet
+vardir=/var/lib/puppet
+ssldir=/var/lib/puppet/ssl
+rundir=/var/run/puppet
+factpath=$vardir/lib/facter
+templatedir=$confdir/templates
+server = myriad7.zcu.cz
+
+[master]
+# These are needed when the puppetmaster is run by passenger
+# and can safely be removed if webrick is used.
+ssl_client_header = SSL_CLIENT_S_DN 
+ssl_client_verify_header = SSL_CLIENT_VERIFY
author	František Dvořák <valtri@civ.zcu.cz>
	Thu, 10 Dec 2015 19:22:47 +0000 (20:22 +0100)
committer	František Dvořák <valtri@civ.zcu.cz>
	Thu, 10 Dec 2015 19:22:47 +0000 (20:22 +0100)
lxc.sh		patch \| blob \| blame \| history
puppet.conf	[new file with mode: 0644]	patch \| blob