-
Notifications
You must be signed in to change notification settings - Fork 1
Installation instructions
Puavo-CA installation has three steps:
- Get the sources
- Create CAs and server certificates (Puavo-CA itself needs a certificate to function properly)
- Install Rails server
The described installation uses Apache with Passenger to run the Rails application. The instructions assume that the installation is done on separate machine from other Puavo components (users and devices). Puavo-CA uses rails 3, but the other components are based on rails 2.3.x because of activeldap dependencies.
These instructions have been tested with 64-bit Ubuntu 10.04.
There are currently no release tarballs or distribution packages available for Puavo. The sources are available from the git repository in GitHub. For later steps the sources should be placed under /var/www/puavo-ca.
sudo apt-get install git-core apache2 ruby rdoc libopenssl-ruby krb5-kdc krb5-kdc-ldap libldap-ruby1.8 git clone https://github.com/opinsys/puavo-ca.git sudo mv puavo-ca /var/www/puavo-ca sudo chown -R www-data.www-data /var/www/puavo-ca
The doc directory under puavo-ca has example.org directory that contains scripts needed to manage CAs and server certificates. It should be copied to /etc/puavo-ca/yourdomain.edu where the domain is the high level domain that you’ll be using. All subdomains and server certificates are created under this domain (here everything is created under example.org – ldap1.example.org, ldap2.example.org, *.puppet.example.org, server1.orgx.example.org, etc..).
sudo mkdir /etc/puavo-ca sudo cp -R /var/www/puavo-ca/doc/example.org /etc/puavo-ca/example.org
/etc/puavo-ca/example.org/servers/SERVERLIST
ldap1 ldap ldap2 ldap ldap3 ldap wildcard.puppet puavoca
Rails installation needs newer gem versions than available in Ubuntu 10.04, other dependencies come from Ubuntu repositories:
apt-get install apache2 ruby rdoc libopenssl-ruby krb5-kdc krb5-kdc-ldap libldap-ruby1.8 \ ruby ruby-dev irb git-core apache2 libsqlite3-dev libldap2-dev libsasl2-dev build-essential apache2-dev \ libopenssl-ruby libcurl4-openssl-dev
Rubygems needs to be installed from sources as the version in Ubuntu 10.04 repositories doesn’t work with Bundler.
cd /tmp wget http://production.cf.rubygems.org/rubygems/rubygems-1.3.7.tgz tar zxf rubygems-1.3.7.tgz cd rubygems-1.3.7 ruby setup.rb ln -s /usr/bin/gem1.8 /usr/bin/gem
Passenger version in Ubuntu 10.04 does not work properly with Rails 3, so it’s best to install the newest version with gem. Bundler is also required and it is not packaged in Ubuntu 10.04.
sudo gem install passenger bundler sudo passenger-install-apache2-module -a
With the -a option mod-passenger installation is done automatically and no action is required. Apache configuration needs to be done manually.
/etc/apache2/mods-available/passenger.conf
<IfModule mod_passenger.c> PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-2.2.15 PassengerRuby /usr/bin/ruby </IfModule>
/etc/apache2/mods-available/passenger.load
LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-2.2.15/ext/apache2/mod_passenger.so
sudo a2enmod passenger sudo a2enmod ssl
/etc/apache2/sites-available/puavoca
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/puavo-ca/example.org/servers/puavoca.example.org.crt
SSLCertificateKeyFile /etc/puavo-ca/example.org/servers/puavoca.example.org.key
SSLCertificateChainFile /etc/puavo-ca/example.org/servers/ca.servers.example.org-bundle.pem
ServerAdmin [email protected]
DocumentRoot /var/www/puavo-ca/public
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
sudo a2ensite puavoca sudo a2dissite default
Initialise the session database:
cd /var/www/puavo-ca sudo -u www-data RAILS_ENV=production rake db:migrate
sudo service apache2 restart