[MediaWiki-commits] [Gerrit] operations/puppet[production]: Puppetmaster web frontend: support specifying different cert...

Andrew Bogott (Code Review) Tue, 02 Jan 2018 09:37:55 -0800

Andrew Bogott has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/399459 )


Change subject: Puppetmaster web frontend: support specifying different certs 
for a hostname
......................................................................


Puppetmaster web frontend: support specifying different certs for a hostname

Pretty much all of our puppetmasters are going to need a cert for the
'puppet' hostname, but that doesn't mean they should use the same
cert.  This change will allow us to have puppetmasters in WMCS named
'puppet' that use a different cert from the prod puppetmasters.

Bug: T183414
Change-Id: I5fe1cd21c697cd1a3308e8c162bf7680bd2da8b1
---
M modules/puppetmaster/manifests/web_frontend.pp
1 file changed, 3 insertions(+), 2 deletions(-)

Approvals:
  Andrew Bogott: Looks good to me, approved
  Alexandros Kosiaris: Looks good to me, but someone else must approve
  jenkins-bot: Verified



diff --git a/modules/puppetmaster/manifests/web_frontend.pp 
b/modules/puppetmaster/manifests/web_frontend.pp
index 1c005e1..0d55814 100644
--- a/modules/puppetmaster/manifests/web_frontend.pp
+++ b/modules/puppetmaster/manifests/web_frontend.pp
@@ -27,6 +27,7 @@
     $bind_address='*',
     $priority=90,
     $alt_names=undef,
+    $cert_secret_path = 'puppetmaster',
 ){
     $server_name = $title
     $ssldir = '/var/lib/puppet/ssl'
@@ -39,7 +40,7 @@
         # We use the private repo for the public key as well as it gets
         # generated on the puppet ca server.
         file { "${ssldir}/certs/${server_name}.pem":
-            content   => secret("puppetmaster/${server_name}_pubkey.pem"),
+            content   => 
secret("${cert_secret_path}/${server_name}_pubkey.pem"),
             owner     => 'puppet',
             group     => 'puppet',
             mode      => '0640',
@@ -48,7 +49,7 @@
         }
 
         file { "${ssldir}/private_keys/${server_name}.pem":
-            content   => secret("puppetmaster/${server_name}_privkey.pem"),
+            content   => 
secret("${cert_secret_path}/${server_name}_privkey.pem"),
             owner     => 'puppet',
             group     => 'puppet',
             mode      => '0640',

-- 
To view, visit https://gerrit.wikimedia.org/r/399459
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I5fe1cd21c697cd1a3308e8c162bf7680bd2da8b1
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Puppetmaster web frontend: support specifying different cert...

Reply via email to