[SERVER-2760] Update puppetserver CA init code for new CA dir location - Puppet Jira Server

XML

Word

Printable

Details

Type: Task
Status: Resolved
Priority: Normal
Resolution: Done
Affects Version/s: None
Fix Version/s: SERVER 7.0.0
Component/s: None
Labels:
- platform_7

Epic Link:
Puppet 7 Server
Team:
Froyo
Story Points:
2
Sprint:
Froyo 11/02/2020, Froyo - 11/09/2020

Release Notes:
Not Needed
Release Notes Summary:
See ~~SERVER-2896~~ for release notes.

QA Risk Assessment:
Needs Assessment

Description

The easiest way to separate the CA dir from the SSL dir is to create the files in a different location (or migrate them), and then provide a symlink from the old location to the new location. This will prevent users from automatically deleting their CA files, as rm -rf will just unlink the symlink and not follow it to delete the files themselves.

When puppetserver starts, we should

if the CA is not yet initialized, create it in the new location (/etc/puppetlabs/puppetserver/ca) and create a symlink from the configured location to the new one (see ~~SERVER-2895~~ for similar change to the CLI setup command)

Attachments

Issue Links

relates to

SERVER-2894 Create `puppetserver ca migrate` command

Resolved

SERVER-2895 Update `puppetserver ca setup` to create CA files in new location w/ symlink

Resolved

SERVER-2917 Ensure symlink to old cadir has same perms as actual cadir

Resolved

SERVER-2225 Move puppetserver's default CA dir out of Puppet's SSL dir

Resolved

Activity

People

Assignee:: Justin Stoller

Reporter:: Maggie Dreyer

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 2020/03/24 8:06 AM

Updated:: 2020/11/13 5:24 PM

Resolved:: 2020/11/09 9:26 AM