Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Drop apache username/password #168

Merged
merged 1 commit into from
Sep 14, 2017
Merged

Drop apache username/password #168

merged 1 commit into from
Sep 14, 2017

Conversation

ekohl
Copy link
Member

@ekohl ekohl commented Sep 7, 2017
edited
Loading

This reduces coupling to other modules and will allow much easier testing while increasing security.

Apache uses the root user to read certificates and private keys so we can tighten the permissions to root:root 0640.

In puppet-katello we already subscribe to it here and that is equal.

In puppet-foreman_proxy_content we subscribe to it here but I'm not 100% sure yet if this is equal. Ordering should be correct but if Apache is actually reloaded is not guaranteed. theforeman/puppet-foreman_proxy_content#136 will fix this.

@ekohl ekohl changed the title [WIP] Drop apache username/password Drop apache username/password Sep 7, 2017
@ekohl
Copy link
Member Author

ekohl commented Sep 7, 2017

Rebased, now with acceptance test.

sean797
sean797 reviewed Sep 13, 2017
View reviewed changes
manifests/apache.pp
cert_file => $apache_cert,
notify => Service['httpd'],
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why remove this?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd rather solve this at another layer, namely puppet-katello and puppet-foreman_proxy_content where we apply this. The benefit is that this class becomes totally self-contained. theforeman/puppet-foreman_proxy_content#138 should be merged before though. In particular theforeman/puppet-foreman_proxy_content@199b334

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, lets merge the other one first 👍 I'll review it later today.

sean797
sean797 approved these changes Sep 14, 2017
View reviewed changes
Copy link
Member

@sean797 sean797 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets merge 👍 Thanks @ekohl

@ekohl ekohl merged commit b98f9ed into theforeman:master Sep 14, 2017
@ekohl ekohl deleted the drop-apache branch September 14, 2017 11:04
@stbenjam stbenjam mentioned this pull request Jul 9, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sean797 sean797 sean797 approved these changes

@chris1984 chris1984 chris1984 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ekohl @chris1984 @sean797