Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API change to icinga2 CA as default #495

Closed
lbetz opened this issue Oct 12, 2018 · 4 comments
Closed

API change to icinga2 CA as default #495

lbetz opened this issue Oct 12, 2018 · 4 comments
Assignees
@lbetz
Labels
enhancement
Milestone
v2.0.0

Comments

@lbetz
Copy link
Contributor

lbetz commented Oct 12, 2018

The class icinga2::feature::api uses the Puppet Cert as default. We change it to icinga2.
@lbetz lbetz added this to the v2.0.0 milestone Oct 12, 2018
@lbetz lbetz closed this as completed in 6721418 Feb 4, 2019
@lbetz lbetz self-assigned this Feb 12, 2019
@baurmatt
Copy link
Contributor

Is there a specific reason why this was done? Puppet certs was IMHO easier to set up.

@dnsmichi
Copy link

Re-using the Puppet CA for a different application implies a security problem in some scenarios with opening the matter of trust to Puppet and Icinga. Agreed on the easiness, but security matters these days and we should follow best practices imho.

@lbetz
Copy link
Contributor Author

lbetz commented May 16, 2019

Michi is right of course. With the certificate from puppet you're able to get a catalog, maybe with passwords.

@baurmatt
Copy link
Contributor

Thanks for explaining your decision, that's everything i wanted ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lbetz lbetz

Labels
enhancement
Projects
None yet
Milestone
v2.0.0
Development

No branches or pull requests
3 participants
@dnsmichi @baurmatt @lbetz