-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #34875: Prevent certs regeneration on every installer run #764
Conversation
forgeapi-cdn.puppet.com seems broken (I had similar results locally yesterday), shall we switch to forgeapi.puppet.com for the time being? |
Given answers are stored, if a user supplies --certs-regenerate then every installer run thereafter will regenerate certificates. Ensure this value is reset after installation run.
This is rather tricky, as it has to be done after the installation run but it requires altering and then re-saving the answers again. Here is a version that works, we should just double think about the potential issues, if any. |
What's the difference between the two? |
cdn supports v6 |
turns out, forgeapi also now points at cloudfront and does v6: https://twitter.com/zhenech/status/1523984052033933312 & https://twitter.com/binford2k/status/1524027541270540289 |
How does that affect the certs-proxy scenario, where we always want to regen stuff?
(see #608 for details) |
certs-proxy generate uses its own configuration with it's own hooks directory. So it will now encounter this post hook. |
Good, I wasn't too sure about all those configs. |
Since no hooks are defined here, it has only the default hooks directory which is rooted based on the |
Given answers are stored, if a user supplies --certs-regenerate then
every installer run thereafter will regenerate certificates. Ensure this
value is reset after installation run.