From: František Dvořák <valtri@civ.zcu.cz>
Date: Thu, 10 Dec 2015 19:22:47 +0000 (+0100)
Subject: Enable puppet, enable kerberos ssh.
X-Git-Tag: v1.0.0~15
X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=1dd26d4b0030bdb04f072398ea0d77e78c00615d;p=virtualization.git

Enable puppet, enable kerberos ssh.
---

diff --git a/lxc.sh b/lxc.sh
index 3de64fa..c181fe2 100755
--- a/lxc.sh
+++ b/lxc.sh
@@ -99,9 +99,13 @@ valtri@ADMIN.META
 xparak@ADMIN.META
 __EOF__
 
-  rm -rf /var/lib/puppet/ssl/* || :
+    cp -v `dirname $0`/puppet.conf etc/puppet/
+    sed -i -e 's/^\(START\)=.*/\1=yes/' /etc/default/puppet
+    rm -rf /var/lib/puppet/ssl/* || :
 
-  cd
+    sed -i -e 's/^#\(GSSAPIAuthentication\).*/\1 yes/' /etc/ssh/sshd_config
+
+    cd
 }
 
 
diff --git a/puppet.conf b/puppet.conf
new file mode 100644
index 0000000..d02e10a
--- /dev/null
+++ b/puppet.conf
@@ -0,0 +1,14 @@
+[main]
+logdir=/var/log/puppet
+vardir=/var/lib/puppet
+ssldir=/var/lib/puppet/ssl
+rundir=/var/run/puppet
+factpath=$vardir/lib/facter
+templatedir=$confdir/templates
+server = myriad7.zcu.cz
+
+[master]
+# These are needed when the puppetmaster is run by passenger
+# and can safely be removed if webrick is used.
+ssl_client_header = SSL_CLIENT_S_DN 
+ssl_client_verify_header = SSL_CLIENT_VERIFY