Fixes #13634 - Adding Katello cert to ca-trust #72
Conversation
| @@ -129,6 +129,7 @@ | |||
|
|
|||
| $katello_server_ca_cert = "${certs::pki_dir}/certs/${server_ca_name}.crt" | |||
|
|
|||
| class { 'trusted_ca': } -> | |||
|
Dependencies should also be in .fixtures.yml, preferably their git versions so we can spot failures sooner. |
| @@ -9,6 +9,10 @@ | |||
| "issues_url": "http://projects.theforeman.org/projects/katello/issues", | |||
| "dependencies": [ | |||
| { | |||
| "name": "evenup-trusted_ca", | |||
| "version_requirement": ">= 1.0.1" | |||
There was a problem hiding this comment.
Please add < 2.0.0 to the end to help us avoid major version breakages in the future.
| @@ -18,6 +18,12 @@ | |||
| $candlepin_consumer_summary = "Subscription-manager consumer certificate for Katello instance ${::fqdn}" | |||
| $candlepin_consumer_description = 'Consumer certificate and post installation script that configures rhsm.' | |||
|
|
|||
| class { 'trusted_ca': } | |||
There was a problem hiding this comment.
Is this needed if you are using the defined type? If it is needed, can you use include instead?
| class { ::trusted_ca } | ||
| trusted_ca::ca { 'katello_server-host-cert': | ||
| source => "${certs::pki_dir}/certs/${certs::server_ca_name}.crt", | ||
| require => File["${certs::pki_dir}/certs/${certs::server_ca_name}.crt"], |
There was a problem hiding this comment.
Is it able to resolve $::certs::katello_server_ca_cert here?
There was a problem hiding this comment.
Will test your suggestion. But I got the variables from 2 lines below this.
thanks will look into that |
parthaa
force-pushed
the
add-store
branch
2 times, most recently
from
5208286 to
2ae5f45
Compare
| @@ -4,5 +4,6 @@ fixtures: | |||
| extlib: "git://github.com/puppet-community/puppet-extlib.git" | |||
| foreman: "git://github.com/theforeman/puppet-foreman.git" | |||
| common: "git://github.com/katello/puppet-common.git" | |||
| evenup: "git@github.com:evenup/evenup-trusted_ca.git" | |||
There was a problem hiding this comment.
Please use git:// because it's anonymous.
@ekohl added |
| @@ -4,5 +4,6 @@ fixtures: | |||
| extlib: "git://github.com/puppet-community/puppet-extlib.git" | |||
| foreman: "git://github.com/theforeman/puppet-foreman.git" | |||
| common: "git://github.com/katello/puppet-common.git" | |||
| evenup: "git://github.com/evenup/evenup-trusted_ca.git" | |||
There was a problem hiding this comment.
Ideally the name here would be the name of the puppet module and not the provider of the module, i.e. trusted_ca and not evenup
|
Also tested this the following way
|
parthaa
force-pushed
the
add-store
branch
4 times, most recently
from
5aa8843 to
9018eb8
Compare
| @@ -0,0 +1,27 @@ | |||
| require 'spec_helper' | |||
There was a problem hiding this comment.
Nitpick: typically the test name follows the full manifest name as a convention, i.e. certs_katello_spec.rb
|
Just to double check, we want this to be deployed on both the main server and all Capsules is that correct? Currently, the capsule uses the |
Adding Katello Server cert to the machines local ca-trust
Cert should probably be trusted only the main server for post sync to work afaik. @jlsherrill with the nodes work do think this will be useful in a capsule? |
|
ACK - thanks @parthaa ! |
Fixes #13634 - Adding Katello cert to ca-trust
Adding Katello Server cert to the machines local ca-trust