RKemper added a comment.
Ah, so poking around the `certificate.manifests.d` repo I see certs that
don't necessarily follow the `discovery.wmnet` pattern. To me that implies
**Option 2** should be working, so I might be missing something. Here's an
example that doesn't use discovery:
ryankemper@puppetmaster1001:/srv/private$ cat
modules/secret/secrets/certificates/certificate.manifests.d/analytics_http_ui.certs.yaml
yarn.wikimedia.org:
authority: puppet_ca
expiry: null
alt_names: ["yarn.wikimedia.org", "hue.wikimedia.org",
"hue-next.wikimedia.org", "superset.wikimedia.org", "pivot.wikimedia.org",
"turnilo.wikimedia.org", "stats.wikimedia.org", "analytics.wikimedia.org",
"piwik.wikimedia.org", "datasets.wikimedia.org"]
key:
password: REDACTED
algorithm: ec
TASK DETAIL
https://phabricator.wikimedia.org/T266470
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: RKemper
Cc: Gehel, Lea_Lacroix_WMDE, dcausse, Aklapper, MPhamWMF, maantietaja,
Alter-paule, Beast1978, CBogen, Un1tY, Akuckartz, Hook696, Kent7301,
joker88john, CucyNoiD, Nandana, Namenlos314, Gaboe420, Giuliamocci, Cpaulf30,
Lahi, Gq86, Af420, Bsandipan, Lucas_Werkmeister_WMDE, GoranSMilovanovic,
QZanden, EBjune, merbst, LawExplorer, Lewizho99, Maathavan, _jensen,
rosalieper, Scott_WUaS, Jonas, Xmlizer, abian, jkroll, Wikidata-bugs, Jdouglas,
aude, Tobias1984, Manybubbles, Mbch331
_______________________________________________
Wikidata-bugs mailing list
Wikidata-bugs@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
