Jira (PUP-10720) Update `cadir` default to return the new location post-migration
Title: Message Title Maggie Dreyer updated an issue Puppet / PUP-10720 Update `cadir` default to return the new location post-migration Change By: Maggie Dreyer Release Notes: Deprecation Not Needed Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.375129.1602802813000.74654.1604942520039%40Atlassian.JIRA.
Jira (PUP-10720) Update `cadir` default to return the new location post-migration
Title: Message Title Maggie Dreyer updated an issue Puppet / PUP-10720 Update `cadir` default to return the new location post-migration Change By: Maggie Dreyer Release Notes Summary: Beginning in Puppet 7, the default value See SERVER-2896 for the `cadir` setting will be located in the puppetserver conf directory, specifically at /etc/puppetlabs/puppetserver/ca release notes . Previously, the default location was inside puppet's own ssldir. This change will make it safer to delete the puppet's own `ssldir` without accidentally deleting your CA certificates.The puppetserver ca cli provides a `migrate` command to move the ca directory from the puppet conf to the puppetserver conf. It will leave behind a symlink on the old ca location, pointing to the new location at /etc/puppetlabs/puppetserver/ca. This link will provide backwards compatibility for tools still expecting the cadir to exist in the old location. In a future version of puppet, the cadir setting will be removed entirely. Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an
Jira (PUP-10720) Update `cadir` default to return the new location post-migration
Title: Message Title Claire Cadman updated an issue Puppet / PUP-10720 Update `cadir` default to return the new location post-migration Change By: Claire Cadman Labels: doc_reviewed Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.375129.1602802813000.74434.1604922720025%40Atlassian.JIRA.
Jira (PUP-10720) Update `cadir` default to return the new location post-migration
Title: Message Title Josh Cooper commented on PUP-10720 Re: Update `cadir` default to return the new location post-migration Merged to main in ad5b16091d. Passed CI in f664d6a216 Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.375129.1602802813000.72117.1604533140022%40Atlassian.JIRA.
Jira (PUP-10720) Update `cadir` default to return the new location post-migration
Title: Message Title Tony Vu updated an issue Puppet / PUP-10720 Update `cadir` default to return the new location post-migration Change By: Tony Vu Release Notes: Deprecation Release Notes Summary: Beginning in Puppet 7, the default value for the `cadir` setting will be located in the puppetserver conf directory, specifically at /etc/puppetlabs/puppetserver/ca. Previously, the default location was inside puppet's own ssldir. This change will make it safer to delete the puppet's own `ssldir` without accidentally deleting your CA certificates.The puppetserver ca cli provides a `migrate` command to move the ca directory from the puppet conf to the puppetserver conf. It will leave behind a symlink on the old ca location, pointing to the new location at /etc/puppetlabs/puppetserver/ca. This link will provide backwards compatibility for tools still expecting the cadir to exist in the old location. In a future version of puppet, the cadir setting will be removed entirely. Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)
Jira (PUP-10720) Update `cadir` default to return the new location post-migration
Title: Message Title Maggie Dreyer updated an issue Puppet / PUP-10720 Update `cadir` default to return the new location post-migration Change By: Maggie Dreyer Fix Version/s: PUP 7.0.0 Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.375129.1602802813000.70773.1604440380091%40Atlassian.JIRA.
Jira (PUP-10720) Update `cadir` default to return the new location post-migration
Title: Message Title Justin Stoller updated an issue Puppet / PUP-10720 Update `cadir` default to return the new location post-migration Change By: Justin Stoller Sprint: Froyo 11/02/2020 , Froyo 11/09/2020 Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.375129.1602802813000.69916.1604356980107%40Atlassian.JIRA.
Jira (PUP-10720) Update `cadir` default to return the new location post-migration
Title: Message Title Tony Vu assigned an issue to Tony Vu Puppet / PUP-10720 Update `cadir` default to return the new location post-migration Change By: Tony Vu Assignee: Tony Vu Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.375129.1602802813000.65395.1603828500040%40Atlassian.JIRA.
Jira (PUP-10720) Update `cadir` default to return the new location post-migration
Title: Message Title Justin Stoller updated an issue Puppet / PUP-10720 Update `cadir` default to return the new location post-migration Change By: Justin Stoller Sprint: Froyo 11/02/2020 Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.375129.1602802813000.64332.1603752120551%40Atlassian.JIRA.
Jira (PUP-10720) Update `cadir` default to return the new location post-migration
Title: Message Title Justin Stoller updated an issue Puppet / PUP-10720 Update `cadir` default to return the new location post-migration Change By: Justin Stoller Story Points: 3 Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.375129.1602802813000.64270.1603750620034%40Atlassian.JIRA.
Jira (PUP-10720) Update `cadir` default to return the new location post-migration
Title: Message Title
Justin Stoller updated an issue
Puppet / PUP-10720
Update `cadir` default to return the new location post-migration
Change By:
Justin Stoller
In order to make the transition to the new CA dir location as seamless as possible, we want to put some special logic into the default calculation for the {{cadir}} setting in Puppet, that will make it return the new location after the CA has been migrated, and warn otherwise.If the setting is not configured by the user ([default|https://github.com/puppetlabs/puppet/blob/e0746ca619fac312b86e26b4a1f73db70b146947/lib/puppet/defaults.rb#L1094], use a Ruby lambda /proc ): * and the files are in the old default spot, warn and prompt with a message that encourages users to migrate. Return the old default (/etc/puppetlabs/puppet/ssl/ca) * and there are no CA files (new install) or CA files in the new location, return the new location (/etc/puppetlabs/puppetserver/ca).If the setting is configured by the user (custom, use hook ([example)|https://github.com/puppetlabs/puppet/blob/main/lib/puppet/defaults.rb#L133]): * and points to a location within the SSL dir, warn with a message that encourages migration * and points to a location _outside_ the SSL dir, use it as-is.
Add Comment
This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)
Jira (PUP-10720) Update `cadir` default to return the new location post-migration
Title: Message Title
Justin Stoller updated an issue
Puppet / PUP-10720
Update `cadir` default to return the new location post-migration
Change By:
Justin Stoller
In order to make the transition to the new CA dir location as seamless as possible, we want to put some special logic into the default calculation for the {{cadir}} setting in Puppet, that will make it return the new location after the CA has been migrated, and warn otherwise.If the setting is not configured by the user ([default|https://github.com/puppetlabs/puppet/blob/e0746ca619fac312b86e26b4a1f73db70b146947/lib/puppet/defaults.rb#L1094], use lambda): * and the files are in the old default spot, warn and prompt users to migrate. Return the old default (/etc/puppetlabs/puppet/ssl/ca) * and there are no CA files (new install) or CA files in the new location, return the new location (/etc/puppetlabs/puppetserver/ca).If the setting is configured by the user (custom, use hook ([example)|https://github.com/puppetlabs/puppet/blob/main/lib/puppet/defaults.rb#L133]): * and points to a location within the SSL dir, warn and prompt with a message that encourages migration * and points to a location _outside_ the SSL dir, use it as-is.
Add Comment
This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)
Jira (PUP-10720) Update `cadir` default to return the new location post-migration
Title: Message Title Josh Cooper commented on PUP-10720 Re: Update `cadir` default to return the new location post-migration Looks great! One gotcha with hooks is 1) they may be called multiple times and 2) if the cadir setting is defined in the server section, then by default the hook will only be called if the hook is defined using :call_hook => :on_initialize_and_write. If :call_hook is unspecified, then it will default to :on_write_only, which will only call the hook if the value is set in main. I recently ran into this in PUP-9481. Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.375129.1602802813000.57231.1602867480243%40Atlassian.JIRA.
Jira (PUP-10720) Update `cadir` default to return the new location post-migration
Title: Message Title
Maggie Dreyer updated an issue
Puppet / PUP-10720
Update `cadir` default to return the new location post-migration
Change By:
Maggie Dreyer
In order to make the transition to the new CA dir location as seamless as possible, we want to put some special logic into the default calculation for the {{cadir}} setting in Puppet , that will make it return the new location after the CA has been migrated, and warn otherwise .If the setting is not configured by the user ([default|https://github.com/puppetlabs/puppet/blob/e0746ca619fac312b86e26b4a1f73db70b146947/lib/puppet/defaults.rb#L1094], use lambda): * and the files are in the old default spot, warn and prompt users to migrate. Return the old default (/etc/puppetlabs/puppet/ssl/ca) * and there are no CA files (new install) or CA files in the new location, return the new location (/etc/puppetlabs/puppetserver/ca).If the setting is configured by the user (custom, use hook ([example)|https://github.com/puppetlabs/puppet/blob/main/lib/puppet/defaults.rb#L133]): * and points to a location within the SSL dir, warn and prompt migration * and points to a location _outside_ the SSL dir, use it as-is.
Add Comment
This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)
Jira (PUP-10720) Update `cadir` default to return the new location post-migration
Title: Message Title Maggie Dreyer created an issue Puppet / PUP-10720 Update `cadir` default to return the new location post-migration Issue Type: Task Assignee: Unassigned Created: 2020/10/15 4:00 PM Priority: Normal Reporter: Maggie Dreyer In order to make the transition to the new CA dir location as seamless as possible, we want to put some special logic into the default calculation for the cadir setting in Puppet. If the setting is not configured by the user (default, use lambda): and the files are in the old default spot, warn and prompt users to migrate. Return the old default (/etc/puppetlabs/puppet/ssl/ca) and there are no CA files (new install) or CA files in the new location, return the new location (/etc/puppetlabs/puppetserver/ca). If the setting is configured by the user (custom, use hook (example)): and points to a location within the SSL dir, warn and prompt migration and points to a location outside the SSL dir, use it as-is. Add Comment
