Details
-
Task
-
Status: Closed
-
Normal
-
Resolution: Fixed
-
None
-
None
-
None
-
Deprecation
-
Description
It sounds like we are planning to pull support for the old web servers in favor of Puppet Server in a future Puppet release. We should go through and remove all of the settings from puppet.conf that would have been related to the other servers but will no longer be used.
The following can definitely be deleted:
- bindaddress
- masterhttplog
- ssl_client_header
- ssl_client_verify_header
Since webrick/rack support has been removed, and the ruby CA implementation is no longer reachable from the network. Assuming all of the cert related CLI commands are being rewritten for Puppet 6, then all of the following ca related settings will be dead:
- ca
- ca_name
- cadir
- cacert
- cakey
- capub
- cacrl
- caprivatedir
- csrdir
- signeddir
- capass
- serial
- autosign
- allow_duplicate_certs
- ca_ttl
- cert_inventory
Note when puppet is acting as an SSL client, it needs to know where the host-specific SSL files are, e.g. hostcert, so those can't be deleted.
If we are removing support for legacy auth.conf in puppet6, then we can also eliminate:
- rest_authconfig
I'm not sure if fileserverconfig can be removed also?
