Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use puppet-openssl and remove use of katello-certs-tool #453

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Use puppet-openssl and remove use of katello-certs-tool #453

wants to merge 2 commits into from

Conversation

ehelms
Copy link
Member

@ehelms ehelms commented May 21, 2024

No description provided.

ekohl
ekohl reviewed May 21, 2024
View reviewed changes
Copy link
Member

@ekohl ekohl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting idea. Do we today have any checks in katello-certs-tools that we would need to port over?

manifests/apache.pp
@@ -59,7 +59,7 @@
String $city = $certs::city,
String $org = $certs::org,
String $org_unit = $certs::org_unit,
String $expiration = $certs::expiration,
Variant[Integer, String] $expiration = $certs::expiration,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd be open to a PR that already changes it from Strings to Integers prior to merging this.

@ehelms
Copy link
Member Author

ehelms commented May 21, 2024

Interesting idea. Do we today have any checks in katello-certs-tools that we would need to port over?

Checks? None that I am aware of - do you have ideas of what you are thinking?

The riskiest part of this change I believe is to ensure that for existing installations the CA certificate / key / password are not regenerated. I've added a new migration test that uses a copy of what a standard looking katello-certs-tool based generated certificate looks like to check that it does not change.

@ehelms
Copy link
Member Author

ehelms commented May 21, 2024

I've opened a PR for the puppet-openssl support I am relying on here. (voxpupuli/puppet-openssl#188)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ekohl ekohl ekohl left review comments

Assignees
No one assigned
Labels
Not yet reviewed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ehelms @ekohl