Packaging automation for Puppet software
OTHER License
Generate the key pair
| keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
Extract Certificate
| keytool -export -rfc -keystore keystore.jks -storepass password -alias selfsigned -file mycert.pem
Extract Cert Key to PEM format
| keytool -importkeystore -srcstoretype JKS -srckeystore keystore.jks -deststoretype PKCS12 -destkeystore mykey.der
| openssl pkcs12 -in mykey.der -nodes -out mykey.pem
Check the publishers
| pkg publisher
solaris origin online http://pkg.oracle.com/solaris/release/
Add puppetlabs.com as a publisher
| pkg set-publisher -p http://solaris-11-ips-repo.acctest.dc1.puppetlabs.net puppetlabs.com
Check that we have it correct
| pkg publisher
solaris origin online http://pkg.oracle.com/solaris/release/
puppetlabs.com origin online http://solaris-11-ips-repo.acctest.dc1.puppetlabs.net/
Verify that puppetlabs.com was set correctly,
| pkg publisher puppetlabs.com
Publisher: puppetlabs.com
Alias:
Origin URI: http://solaris-11-ips-repo.acctest.dc1.puppetlabs.net/
SSL Key: None
SSL Cert: None
Client UUID: 37084c4a-fdc6-11e1-832b-8800273bd610
Catalog Updated: September 13, 2012 08:31:25 PM
Enabled: Yes
Signature Policy: verify
Try installing puppet
| pkg install puppet
Creating Plan |
pkg install: Chain was rooted in an untrusted self-signed certificate.
The package involved is:pkg://puppetlabs.com/system/management/[email protected],5.11-6.192:20120913T212942Z
We have two choices here, first, to ignore the signature policy for both publisher and image
| pkg set-publisher --set-property=signature-policy=ignore puppetlabs.com
| pkg publisher puppetlabs.com
Publisher: puppetlabs.com
Alias:
Origin URI: http://solaris-11-ips-repo.acctest.dc1.puppetlabs.net/
SSL Key: None
SSL Cert: None
Client UUID: 140bb5c8-fe62-11e1-af70-8800273bd610
Catalog Updated: September 14, 2012 05:11:45 PM
Enabled: Yes
Signature Policy: ignore
| pkg set-property signature-policy ignore
| pkg install puppet
Or trust the self signed certificate from puppetlabs.com (this certificate needs to be published in our web site)
| pkg set-publisher --approve-ca-cert /root/mycert.pem puppetlabs.com
Verify that approve cert went well.
| pkg publisher puppetlabs.com
Publisher: puppetlabs.com
Alias:
Origin URI: http://solaris-11-ips-repo.acctest.dc1.puppetlabs.net/
SSL Key: None
SSL Cert: None
Client UUID: 37084c4a-fdc6-11e1-832b-8800273bd610
Catalog Updated: September 13, 2012 08:31:25 PM
Approved CAs: 791b5791a81e9c2eb3fb9f84f4f86f8ea6fcd672
Enabled: Yes
Signature Policy: verify
| pkg install puppet
Checking about information on the package (See the human readable version string)
| pkg info -r puppet
Name: system/management/puppet
Summary: Puppet, an automated configuration management tool
Description: Puppet, an automated configuration management tool
Category: System/Administration and Configuration
State: Not installed
Publisher: puppetlabs.com
Version: 3.0.0 (3.0.0-rc6)
Build Release: 5.11
Branch: 6.170
Packaging Date: September 14, 2012 06:11:05 PM
Size: 2.43 MB
FMRI: pkg://puppetlabs.com/system/management/[email protected],5.11-6.170:20120914T181105Z
Check license
| pkg info -r --license puppet
Puppet - Automating Configuration Management.
Copyright (C) 2005-2012 Puppet Labs Inc
Reference
http://docs.oracle.com/cd/E19963-01/html/820-6572/managepkgs.html