[MediaWiki-commits] [Gerrit] Attempting to solve puppet cert generate issue by using my o... - change (operations/puppet)

Tue, 16 Apr 2013 14:38:00 -0700 

Ottomata has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/59526


Change subject: Attempting to solve puppet cert generate issue by using my own 
exec rather than puppetmaster::ssl's.
......................................................................

Attempting to solve puppet cert generate issue by using my own exec rather than 
puppetmaster::ssl's.

Change-Id: I712c217877e603f90203b3bf27c549dc8a06966f
---
M manifests/puppetmaster.pp
1 file changed, 15 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/26/59526/1

diff --git a/manifests/puppetmaster.pp b/manifests/puppetmaster.pp
index 0c95dd2..cb892c9 100644
--- a/manifests/puppetmaster.pp
+++ b/manifests/puppetmaster.pp
@@ -567,8 +567,21 @@
                # puppetmasters.  (This sets up the ssl directories).
                class { 'puppetmaster::ssl':
                        server_name => $::fqdn,
-                       ca          => true,
-                       subscribe   => Exec['compile puppet.conf'],
+                       ca          => false,
+               }
+               # THIS IS A STOOPID HACK!
+               # puppet cert generate needs to run AFTER
+               # the compile puppet.conf exec (defined in base::puppet).
+               # I could not force the puppetmaster::ssl class (where
+               # the original generate hostcert exec is defined) to
+               # wait until the refreshonly compile puppet.conf exec
+               # runs.  ca => false on the above inclusion of puppetmaster::ssl
+               # means the cert generate won't run there, and I can run my own
+               # and add dependencies here.
+               exec { 'generate puppet::self hostcert':
+                       require => [Class['puppetmaster::ssl'], Exec['compile 
puppet.conf']],
+                       command => "/usr/bin/puppet cert generate 
${server_name}",
+                       creates => "${ssldir}/certs/${server_name}.pem",
                }
        }
        else {

-- 
To view, visit https://gerrit.wikimedia.org/r/59526
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I712c217877e603f90203b3bf27c549dc8a06966f
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ottomata <o...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to