Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2225

Move puppetserver's default CA dir out of Puppet's SSL dir

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: SERVER 7.0.0
    • Component/s: None
    • Labels:
    • Template:
    • Acceptance Criteria:
      Hide
      • Puppetserver's CA directory defaults to /etc/puppetlabs/puppetserver/ca for new installs
      • Its location is configurable via a setting in puppetserver.conf
      • If the new setting is absent from the config file, we refer to the one from puppet.conf instead
      Show
      Puppetserver's CA directory defaults to /etc/puppetlabs/puppetserver/ca for new installs Its location is configurable via a setting in puppetserver.conf If the new setting is absent from the config file, we refer to the one from puppet.conf instead
    • Team:
      Froyo
    • CS Priority:
      Major
    • Zendesk Ticket IDs:
      39630,40324,41099
    • Zendesk Ticket Count:
      3
    • CS Rank:
      1,000
    • Release Notes:
      Not Needed
    • Release Notes Summary:
      See SERVER-2896 for release notes.
    • QA Risk Assessment:
      Needs Assessment

      Description

      The first major step to separating the CA and SSL dirs is to change the default location of the CA dir. The proposed new path is /etc/puppetlabs/puppetserver/ca. The new setting should be specified in puppetserver.conf, in a new section specifically for CA settings.

      For this ticket, we should only implement the most basic fallback logic, namely that we default to the CA dir from puppet.conf if the new setting is absent from the config file.

      Config files for new installations should point to the new location for the CA dir in puppetserver.conf. We need to investigate the upgrading behavior to make sure this works as expected (existing conf files are left alone).

      The migration and upgrade paths should be discussed later as part of https://tickets.puppetlabs.com/browse/PE-24530.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              maggie Maggie Dreyer
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support