[MediaWiki-commits] [Gerrit] operations/puppet[production]: puppetmaster: Install self signed CA into system store too
Yuvipanda has submitted this change and it was merged.
Change subject: puppetmaster: Install self signed CA into system store too
..
puppetmaster: Install self signed CA into system store too
This allows the puppetmaster to talk to itself in a trusted
way - otherwise the client doesn't recognize the server's
CA as trusted and refuses to establish connection
Change-Id: I9b57ed78a57abdf9e814fba1f1dd3d8d3ed9084e
---
M modules/role/manifests/puppetmaster/standalone.pp
1 file changed, 4 insertions(+), 0 deletions(-)
Approvals:
Yuvipanda: Verified; Looks good to me, approved
diff --git a/modules/role/manifests/puppetmaster/standalone.pp
b/modules/role/manifests/puppetmaster/standalone.pp
index 4cd50db..2df3b55 100644
--- a/modules/role/manifests/puppetmaster/standalone.pp
+++ b/modules/role/manifests/puppetmaster/standalone.pp
@@ -99,6 +99,10 @@
}),
}
+sslcert::ca { 'Puppetmaster_standalone_CA':
+source => '/var/lib/puppet/server/ssl/certs/ca.pem',
+}
+
# Update git checkout
class { 'puppetmaster::gitsync':
run_every_minutes => $git_sync_minutes,
--
To view, visit https://gerrit.wikimedia.org/r/316468
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I9b57ed78a57abdf9e814fba1f1dd3d8d3ed9084e
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda
Gerrit-Reviewer: Yuvipanda
Gerrit-Reviewer: jenkins-bot <>
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: puppetmaster: Install self signed CA into system store too
Yuvipanda has uploaded a new change for review.
https://gerrit.wikimedia.org/r/316468
Change subject: puppetmaster: Install self signed CA into system store too
..
puppetmaster: Install self signed CA into system store too
This allows the puppetmaster to talk to itself in a trusted
way - otherwise the client doesn't recognize the server's
CA as trusted and refuses to establish connection
Change-Id: I9b57ed78a57abdf9e814fba1f1dd3d8d3ed9084e
---
M modules/role/manifests/puppetmaster/standalone.pp
1 file changed, 4 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/68/316468/1
diff --git a/modules/role/manifests/puppetmaster/standalone.pp
b/modules/role/manifests/puppetmaster/standalone.pp
index 4cd50db..3e1e571 100644
--- a/modules/role/manifests/puppetmaster/standalone.pp
+++ b/modules/role/manifests/puppetmaster/standalone.pp
@@ -99,6 +99,10 @@
}),
}
+sslcert::ca { 'Puppetmaster_self_CA':
+source => "/var/lib/puppet/server/ssl/certs/ca.pem"
+}
+
# Update git checkout
class { 'puppetmaster::gitsync':
run_every_minutes => $git_sync_minutes,
--
To view, visit https://gerrit.wikimedia.org/r/316468
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I9b57ed78a57abdf9e814fba1f1dd3d8d3ed9084e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
