Jira (PDB-1085) `puppetdb ssl-setup` should allow arbitrary certnames
Title: Message Title Claudia Petty updated an issue PuppetDB / PDB-1085 `puppetdb ssl-setup` should allow arbitrary certnames Change By: Claudia Petty Labels: new-feature Add Comment This message was sent by Atlassian Jira (v8.20.21#820021-sha1:38274c8) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.62526.1419878441000.2377.1687359425317%40Atlassian.JIRA.
Jira (PDB-1085) `puppetdb ssl-setup` should allow arbitrary certnames
Title: Message Title Nick Walker commented on PDB-1085 Re: `puppetdb ssl-setup` should allow arbitrary certnames Russell Mull I believe you have to use the same cert due to puppetserver something or other. See puppetdb-behind-a-load-balancer-causes-puppet-server-errors and https://github.com/pizzaops/pizzaops-puppetdb_shared_cert But this ticket may be dated as well. I'm not sure you can use puppetdb ssl-setup in PE without causing some issues. See PE-16316 Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PDB-1085) `puppetdb ssl-setup` should allow arbitrary certnames
Title: Message Title Moses Mendoza updated an issue PuppetDB / PDB-1085 `puppetdb ssl-setup` should allow arbitrary certnames Change By: Moses Mendoza Labels: triaged Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PDB-1085) `puppetdb ssl-setup` should allow arbitrary certnames
Title: Message Title Russell Mull commented on PDB-1085 Re: `puppetdb ssl-setup` should allow arbitrary certnames Zee Alexander I'd expect dns-alt-names to be used for load balancing situations; would the ability to specify that in ssl-setup give you what you need? Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PDB-1085) `puppetdb ssl-setup` should allow arbitrary certnames
Title: Message Title Russell Mull updated an issue PuppetDB / PDB-1085 `puppetdb ssl-setup` should allow arbitrary certnames Change By: Russell Mull Labels: triaged Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PDB-1085) `puppetdb ssl-setup` should allow arbitrary certnames
Title: Message Title Zee Alexander commented on PDB-1085 Re: `puppetdb ssl-setup` should allow arbitrary certnames Kenneth Barber this is still valid. We still need to generate certificates that share common certnames for load balancing multiple PuppetDBs at this time. Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PDB-1085) `puppetdb ssl-setup` should allow arbitrary certnames
Title: Message Title Kenneth Barber updated an issue PuppetDB / PDB-1085 `puppetdb ssl-setup` should allow arbitrary certnames Change By: Kenneth Barber Story Points: 3 Add Comment This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PDB-1085) `puppetdb ssl-setup` should allow arbitrary certnames
Title: Message Title Zachary Stern created an issue PuppetDB / PDB-1085 `puppetdb ssl-setup` should allow arbitrary certnames Issue Type: New Feature Assignee: Unassigned Created: 2014/12/29 10:40 AM Priority: Normal Reporter: Zachary Stern Currently, in order to load balance PuppetDB in PE, you need to configure your multiple PuppetDBs to use a single shared certificate. The puppet_enterprise::profile::puppetdb class including with PE allows you to specify this alternate common cert to use instead of the PuppetDB node's agent cert. However, if you later use puppetdb ssl-setup, which is very commonly used in troubleshooting scenarios, this will always be overwritten, due to the way the command determines what cert to use: mycertname=`puppet master --confdir=$agent_confdir --vardir=$agent_vardir --configprint certname` orig_public_file=`puppet master --confdir=$agent_confdir --vardir=$agent_vardir --configprint hostcert`
Jira (PDB-1085) `puppetdb ssl-setup` should allow arbitrary certnames
Title: Message Title Zachary Stern commented on PDB-1085 Re: `puppetdb ssl-setup` should allow arbitrary certnames Brett Gray you might care about this. Add Comment This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PDB-1085) `puppetdb ssl-setup` should allow arbitrary certnames
Title: Message Title Brett Gray commented on PDB-1085 Re: `puppetdb ssl-setup` should allow arbitrary certnames Good call Zachary Stern, I found this issue the other day doing an engagement and clearly forgot to raise a ticket! Add Comment This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PDB-1085) `puppetdb ssl-setup` should allow arbitrary certnames
Title: Message Title
Zachary Stern updated an issue
PuppetDB / PDB-1085
`puppetdb ssl-setup` should allow arbitrary certnames
Change By:
Zachary Stern
Currently,inordertoloadbalancePuppetDBinPE,youneedtoconfigureyourmultiplePuppetDBstouseasinglesharedcertificate.The{{puppet_enterprise::profile::puppetdb}}class including included withPEallowsyoutospecifythisalternatecommoncerttouseinsteadofthePuppetDBnode'sagentcert.However,ifyoulateruse{{puppetdbssl-setup}},whichis*very*commonlyusedintroubleshootingscenarios,thiswillalwaysbeoverwritten,duetothewaythecommanddetermineswhatcerttouse:{code}mycertname=`puppetmaster--confdir=$agent_confdir--vardir=$agent_vardir--configprintcertname`orig_public_file=`puppetmaster--confdir=$agent_confdir--vardir=$agent_vardir--configprinthostcert`orig_private_file=`puppetmaster--confdir=$agent_confdir--vardir=$agent_vardir--configprinthostprivkey`orig_ca_file=`puppetmaster--confdir=$agent_confdir--vardir=$agent_vardir--configprintlocalcacert`{code}That'sdefinitelygoingtomaketroubleshootingPuppetDBissuescumbersomeforLEIcustomers.Onepotentialremediationcouldbetoincludeacommandlineflagforspecifyinganarbitrary{{certname}},somethinglike:{{puppetdbssl-setup--certnamefoobaz}}
Add Comment
This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a)
--
You received this message because you are subscribed to the Google Groups Puppet Bugs group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-bugs@googlegroups.com.
Visit this group
Jira (PDB-1085) `puppetdb ssl-setup` should allow arbitrary certnames
Title: Message Title Zachary Stern commented on PDB-1085 Re: `puppetdb ssl-setup` should allow arbitrary certnames Kenneth Barber do you have feelings about this? Add Comment This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a) -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
