Issue #7926 has been updated by Nigel Kersten. Status changed from Needs Decision to Rejected Affected Puppet version deleted (2.7.0rc3)
For most people the defaults are sane. I'm not seeing why your described deployment above necessarily results in different ssldirs. If you do need to override this you have the ability to, and you have a lot of flexibility over whether you do this at the ssldir level or the key/cert level. ---------------------------------------- Bug #7926: Use different ssldir as defaults for agent and master https://projects.puppetlabs.com/issues/7926 Author: Evgeny Zislis Status: Rejected Priority: Normal Assignee: Nigel Kersten Category: SSL Target version: Affected Puppet version: Keywords: Branch: It is common to run an agent puppet on hosts that also run master puppets, while having the master run in its own user/environment. This creates two different locations for ssldir and creates a problem when the agent tries to verify the key of the client and vice versa. Since the agent and master keys locations are the same, an agent on such a host tries to verify the master with its own key. A sane solution would be to store keys of masters in their own ssldir on the agents, and vice versa without being explicit about it in the configuration - aka sane defaults. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
