Dzahn has uploaded a new change for review.
https://gerrit.wikimedia.org/r/161583
Change subject: include GlobalSign CA on labs LDAP servers
......................................................................
include GlobalSign CA on labs LDAP servers
needed for new certs added in I9dfc819bdc2e706
or we have a failure when puppet tries to create
the chained cert:
<+icinga-wm> PROBLEM - Certificate expiration on labcontrol2001
is CRITICAL: SSL error: [Errno 1] _ssl.c:504: error:14090086:SSL
< mutante> bin/cat ldap-eqiad.wikimedia.org.pem GlobalSign_CA.pem
> /etc/ssl/certs/ldap-eqiad.wikimedia.org.chained.pem returned 1 instead of
> one of [0]
< mutante> /bin/cat: GlobalSign_CA.pem: No such file or directory
Change-Id: I52c2683e1a2c9d4c099777b68625d2087205044e
---
M modules/ldap/manifests/role/server.pp
1 file changed, 2 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/83/161583/1
diff --git a/modules/ldap/manifests/role/server.pp
b/modules/ldap/manifests/role/server.pp
index 3ef7764..c38a249 100644
--- a/modules/ldap/manifests/role/server.pp
+++ b/modules/ldap/manifests/role/server.pp
@@ -1,7 +1,8 @@
class ldap::role::server::labs {
include ldap::role::config::labs,
passwords::certs,
- passwords::ldap::initial_setup
+ passwords::ldap::initial_setup,
+ certificates::globalsign_ca
$certificate_location = '/var/opendj/instance'
$cert_pass = $passwords::certs::certs_default_pass
--
To view, visit https://gerrit.wikimedia.org/r/161583
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I52c2683e1a2c9d4c099777b68625d2087205044e
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
