Gehel has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/315934

Change subject: ssl - make sure certificates are updated "fresh"
......................................................................

ssl - make sure certificates are updated "fresh"

There has been a few cases of certs not being updated correctly after a
certificate change. In those cases, running "update-ca-certificates -f"
did fix the issue.

I'm not entirely confident that adding "-f" to update-ca-certificates is
the correct solution in all cases. Review by someone well versed in
SSL is welcomed.

Bug: T145609
Change-Id: I3e535fa8db8254f7211d665451187f2ddefc1bbb
---
M modules/sslcert/manifests/init.pp
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/34/315934/1

diff --git a/modules/sslcert/manifests/init.pp 
b/modules/sslcert/manifests/init.pp
index f3abdc1..54b27b9 100644
--- a/modules/sslcert/manifests/init.pp
+++ b/modules/sslcert/manifests/init.pp
@@ -15,7 +15,7 @@
     }
 
     exec { 'update-ca-certificates':
-        command     => '/usr/sbin/update-ca-certificates',
+        command     => '/usr/sbin/update-ca-certificates -f',
         refreshonly => true,
         require     => Package['ca-certificates'],
     }

-- 
To view, visit https://gerrit.wikimedia.org/r/315934
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I3e535fa8db8254f7211d665451187f2ddefc1bbb
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Gehel <gleder...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to