Ottomata has uploaded a new change for review. https://gerrit.wikimedia.org/r/59526
Change subject: Attempting to solve puppet cert generate issue by using my own exec rather than puppetmaster::ssl's. ...................................................................... Attempting to solve puppet cert generate issue by using my own exec rather than puppetmaster::ssl's. Change-Id: I712c217877e603f90203b3bf27c549dc8a06966f --- M manifests/puppetmaster.pp 1 file changed, 15 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/26/59526/1 diff --git a/manifests/puppetmaster.pp b/manifests/puppetmaster.pp index 0c95dd2..cb892c9 100644 --- a/manifests/puppetmaster.pp +++ b/manifests/puppetmaster.pp @@ -567,8 +567,21 @@ # puppetmasters. (This sets up the ssl directories). class { 'puppetmaster::ssl': server_name => $::fqdn, - ca => true, - subscribe => Exec['compile puppet.conf'], + ca => false, + } + # THIS IS A STOOPID HACK! + # puppet cert generate needs to run AFTER + # the compile puppet.conf exec (defined in base::puppet). + # I could not force the puppetmaster::ssl class (where + # the original generate hostcert exec is defined) to + # wait until the refreshonly compile puppet.conf exec + # runs. ca => false on the above inclusion of puppetmaster::ssl + # means the cert generate won't run there, and I can run my own + # and add dependencies here. + exec { 'generate puppet::self hostcert': + require => [Class['puppetmaster::ssl'], Exec['compile puppet.conf']], + command => "/usr/bin/puppet cert generate ${server_name}", + creates => "${ssldir}/certs/${server_name}.pem", } } else { -- To view, visit https://gerrit.wikimedia.org/r/59526 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I712c217877e603f90203b3bf27c549dc8a06966f Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Ottomata <o...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits