Skip to content

add feature for disabling/enabling CA #91

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

add feature for disabling/enabling CA #91

wants to merge 2 commits into from

Conversation

bastelfreak
Copy link

defaults to true, this is the normal case on a master. If you run multiple master with one dedicated ca, you want to deactivate this feature on the other master

also fixed two missing quotes and added the "ensure => present" as default to Ini_setting{}

Tim Meusel added 2 commits January 26, 2015 14:22
add feature for disabling/enabling CA
73e2ce2 
defaults to true, this is the normal case on a master. If you run multiple master with one dedicated ca, you want to deactivate this feature on the other master

also fixed two missing quotes and added the "ensure => present" as default to Ini_setting{}
fix wrong tab usage
db01fd2
@joelesalas
Copy link

I'm feeling this pain right now as well. Can your PR add Apache proxy config to reach the CA host (https://docs.puppetlabs.com/guides/scaling_multiple_masters.html#option-2-proxy-certificate-traffic) or is that best served in another PR?

@stephenrjohnson
Copy link
Owner

I'm happy to merge this just waiting on the response to @joelesalas comment.

@bastelfreak
Copy link
Author

I'm not using apache so it would be great if somebody else can do another PR

@monisha-bhattacharya
Copy link

Hi Team,

Kindly let me know when this feature will be available and will it also change the passenger config accordingly?

@bastelfreak
Copy link
Author

@monisha-bhattacharya I guess @stephenrjohnson will merge it in the next hours/days. This PR just sets "ca = false" in the [master] part of a puppet.conf. It doesn't modify the apache conf. Maybe @joelesalas will create an additional PR for this. I'm working on an implementation with nginx

@EssentialMix
Copy link

"ca = false" and "generate_ssl_certs = false" not make sense without changing passenger config. Because Passenger will still require /ca/ca_crt.pem file. According PuppetLabs Passenger configuration docs in case if "ca = false" it should be:
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem

@bastelfreak
Copy link
Author

As I said, I still need Passenger/Apache in your setup, but thats not my use case. I'm running on nginx/unicorn (see my other PR #74 ), free free to implement implement your apache config changes

@bastelfreak
Copy link
Author

@stephenrjohnson could you please take a look at merge it?

@bastelfreak
Copy link
Author

added the needed nginx update to actually use this setting here:
bastelfreak@06d74a0

now it is possible to run a puppet CA on a loadbalancer, to run puppet master and CA on the same node or to run a puppet master without CA behind a loadbalancer

@bastelfreak
Copy link
Author

@stephenrjohnson could you have a look again?

@stephenrjohnson stephenrjohnson force-pushed the master branch 2 times, most recently from 7fa12de to 9f61425 Compare May 17, 2015 08:20
@stephenrjohnson
Copy link
Owner

Is everyone ok with just add that one property then?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@bastelfreak @joelesalas @stephenrjohnson @monisha-bhattacharya @EssentialMix