Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/197332
Change subject: certs: don't install pkcs12 certs on all systems
......................................................................
certs: don't install pkcs12 certs on all systems
We currently provision /etc/ssl/private/${name}.p12 with a PKCS #12
bundle with a default password, for every certificate installed in a
system. Nothing actually uses those -- the only software that expects a
PKCS #12 bundle is OpenDJ and that expects it in its own filepath and
needs a separate stanza.
No need to pollute our private directories or risk sensitive contents
being left behind. Remove those files.
Change-Id: I0ed7b6756465b770325a59197b49e7582d9fa861
---
M manifests/certs.pp
1 file changed, 2 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/32/197332/1
diff --git a/manifests/certs.pp b/manifests/certs.pp
index 9342e83..f740b00 100644
--- a/manifests/certs.pp
+++ b/manifests/certs.pp
@@ -118,15 +118,15 @@
}
}
- # create_combined_cert created those
+ # create_combined_cert/create_pkcs12 created those
file { [
"/etc/ssl/private/${name}.crt",
"/etc/ssl/private/${name}.pem",
+ "/etc/ssl/private/${name}.p12",
]:
ensure => absent,
}
- create_pkcs12{ $name: }
if ( $ca ) {
$cas = $ca
} else {
--
To view, visit https://gerrit.wikimedia.org/r/197332
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I0ed7b6756465b770325a59197b49e7582d9fa861
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
