>From what I understand, no, puppet doesn't handle SSL. It acts a a CA and signs certificates and such, but it doesn't actually communicate over the network itself. the puppetmaster package includes the WEBrick server, which reads the created certs and uses them to do SSL. The downside of WEBrick of course, is the single threading. Apache+passenger does the same thing, but with more threads. Other people could correct me if I'm wrong, but I think that's the situation. Thus, if the standalone phusion server doesn't support SSL...
On Wednesday, February 27, 2013 2:19:28 PM UTC-8, Philip Brown wrote: > > > > On Wednesday, February 27, 2013 12:24:10 PM UTC-8, Ramin K wrote: >> >> On 2/27/2013 12:01 PM, Philip Brown wrote: >> > I've been looking around for instructions on installing puppetmaster >> > with a standalone passenger, without apache. >> > I'm a personal believer in, "the fewer layers, the better" :) >> > >> > Unfortunately, I cant find any instructions for this configuration. >> > Everything seems to be written for "puppet AND httpd and passenger". >> > >> >> No SSL at this time in Passenger standalone. >> >> >> https://groups.google.com/forum/?fromgroups=#!topic/phusion-passenger/q17v2SrxgXA >> >> >> >> > Hmm. > If "puppet + passenger == no SSL for puppet", then this seems like a bug > in puppet. > Puppet running by itself, somehow makes SSL work. So seems like it should > be able to handle the SSL side of things, even if passenger cant. > > From what I've heard of puppet's "need" for external things like > passenger, it's primarily because puppet was not written to be particularly > threadsafe/thread aware. It only handles one active connection. So it needs > something else to fork off an instance of itself, per socket connection? > > So why cant it just get a "raw socket" connection, and then deal with the > rest (ie: SSL) itself, like it normally does? > > For that matter, why cant i just run puppetmaster out of xinetd or > something? > > Is the real problem, that the ruby/rack API is inadequate? > In which case, my last question returns: why not just run puppetmaster out > of xinetd? > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
