Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Allow group Puppet r/w permission to SSL key #86

Open
wants to merge 1 commit into from

4 participants

@ChineduUzoka

Allow group Puppet r/w permission to SSL key. Without this it prevents foreman_proxy service from starting

@ChineduUzoka ChineduUzoka Allow group Puppet r/w permission to SSL key
Allow group Puppet r/w permission to SSL key.  Without this it prevents foreman_proxy service from starting
dd84a66
@ekohl ekohl commented on the diff
manifests/config.pp
@@ -7,6 +7,13 @@
Class['puppet::server::config'] -> Class['foreman_proxy::config']
}
+ if $foreman_proxy::ssl and !defined(Class['puppet::server::config']) {
@ekohl Collaborator
ekohl added a note

I recall defined is dependent on parse order. @domcleal or @GregSutcliffe?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@ChineduUzoka

Yes that define complicates matters - my use case was installing foreman without puppet client and puppet master
Puppet client is necessary for foreman proxy install if foreman_proxy_ssl is "true"

File modules/puppet/templates/puppet.conf.erb has the necessary directive that sets the correct permissions if $privatekeydir/$certname.pem is used as the SSL key.

So SSL key is not created if Puppet Master is not installed - this has been picked up elsewhere.

The above code "could" read

if $foreman_proxy::ssl {
Class['puppet'] ->
file { $foreman_proxy::ssl_key:
group => $puppet::server_group,
mode => '0640',
}
}

@ares
Collaborator

I can confirm need of this patch if you need to run proxy using SSL.

@iNecas

One thing to note: Katello with Foreman uses ssl, sets up puppet server, but that necessary doesn't mean it wants puppet to issue the cert. Maybe there is parameter missing to specify if one wants puppet to handle the certs or not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Dec 20, 2013
  1. @ChineduUzoka

    Allow group Puppet r/w permission to SSL key

    ChineduUzoka authored
    Allow group Puppet r/w permission to SSL key.  Without this it prevents foreman_proxy service from starting
This page is out of date. Refresh to see the latest.
Showing with 7 additions and 0 deletions.
  1. +7 −0 manifests/config.pp
View
7 manifests/config.pp
@@ -7,6 +7,13 @@
Class['puppet::server::config'] -> Class['foreman_proxy::config']
}
+ if $foreman_proxy::ssl and !defined(Class['puppet::server::config']) {
@ekohl Collaborator
ekohl added a note

I recall defined is dependent on parse order. @domcleal or @GregSutcliffe?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
+ file { $foreman_proxy::ssl_key:
+ group => $puppet::server_group,
+ mode => '0640',
+ }
+ }
+
if $foreman_proxy::puppetca { include foreman_proxy::puppetca }
if $foreman_proxy::tftp { include foreman_proxy::tftp }
Something went wrong with that request. Please try again.