New certs for bridge and server
Make sure puppet remains off after the initial run
---
.../nodes/sign-bridge1.fedora.phx.redhat.com.pp | 11 ++++++-----
.../nodes/sign-vault1.fedora.phx.redhat.com.pp | 12 ++++++------
modules/sigul/files/server.conf | 2 +-
modules/sigul/templates/bridge.conf.erb | 2 +-
4 files changed, 14 insertions(+), 13 deletions(-)
diff --git a/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp b/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp
index 5251155..d710016 100644
--- a/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp
+++ b/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp
@@ -1,4 +1,5 @@
node "sign-bridge1.fedora.phx.redhat.com" {
+ $autodisablePuppet = 1
$fas_groups = [ 'sysadmin-main', 'sysadmin-releng' ]
include phx
include fas::client
@@ -13,11 +14,11 @@ node "sign-bridge1.fedora.phx.redhat.com" {
# cwd => '/',
# command => '/etc/init.d/sshd stop; /sbin/chkconfig sshd off',
# }
-# exec { "disable-puppet":
-# cwd => '/',
-# onlyif => '/bin/ls /var/run/puppet/puppetd.pid > /dev/null 2>&1',
-# command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off',
-# }
+ exec { "disable-puppet":
+ cwd => '/',
+ onlyif => '/bin/ls /var/run/puppet/puppetd.pid > /dev/null 2>&1',
+ command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off',
+ }
# Firewall Rules, allow sigul server through.
$tcpPorts = [ '44333:443334' ]
diff --git a/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp b/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp
index 20c1615..1b5641d 100644
--- a/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp
+++ b/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp
@@ -1,5 +1,5 @@
node "sign-vault1" {
-# $autodisablePuppet = 1
+ $autodisablePuppet = 1
$fas_groups = [ 'sysadmin-main', 'sysadmin-releng' ]
include phx
include fas::client
@@ -14,11 +14,11 @@ node "sign-vault1" {
# cwd => '/',
# command => '/etc/init.d/sshd stop; /sbin/chkconfig sshd off',
# }
-# exec { "disable-puppet":
-# cwd => '/',
-# onlyif => '/bin/ls /var/run/puppet/puppetd.pid > /dev/null 2>&1',
-# command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off',
-# }
+ exec { "disable-puppet":
+ cwd => '/',
+ onlyif => '/bin/ls /var/run/puppet/puppetd.pid > /dev/null 2>&1',
+ command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off',
+ }
# Need iptables blocking everything here
diff --git a/modules/sigul/files/server.conf b/modules/sigul/files/server.conf
index 9145343..6b57753 100644
--- a/modules/sigul/files/server.conf
+++ b/modules/sigul/files/server.conf
@@ -10,7 +10,7 @@ max-file-payload-size: 1073741824
# Maximum accepted size of payload stored in server's memory
max-memory-payload-size: 1048576
# Nickname of the server's certificate in the NSS database specified below
-server-cert-nickname: sigul-server - Fedora Project
+server-cert-nickname: sign-vault1 - Fedora Project
[database]
# Path to a directory containing a SQLite database
diff --git a/modules/sigul/templates/bridge.conf.erb b/modules/sigul/templates/bridge.conf.erb
index dde6bf7..f834e52 100644
--- a/modules/sigul/templates/bridge.conf.erb
+++ b/modules/sigul/templates/bridge.conf.erb
@@ -2,7 +2,7 @@
[bridge]
# Nickname of the bridge's certificate in the NSS database specified below
-bridge-cert-nickname: sigul - Fedora Project
+bridge-cert-nickname: sign-bridge1 - Fedora Project
# Port on which the bridge expects client connections
client-listen-port: 44334
# Port on which the bridge expects server connections
--
1.5.5.6
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
