| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The latest version of puppet now reports these as catalog failures so
this change removes the unnecessary references and the references
should be updated.
Closes-Bug: #1702964
Change-Id: Iebc547aa92f9f40e4a633c57d79e6c9cddb5dd28
|
|
The default CA issues CRLs for 4 hours by default. So we need to change
these values to reflect this, else we'll get verification issues due to
the CRL having expired before its refreshed.
However, the nextupdate value for the CRLs might not be aligned with the
cron job. And getting this alignment is not entirely trivial. So I opted
for updating every 2 hours to address this.
Change-Id: I732b400462c5cabd7c6c18c007fc9e8c87b700d3
|
|
This will fetch the CRL file from the specified file or URL. Furtherly
it will set up a cron job to refresh the crl file once a week and notify
the needed services.
bp tls-via-certmonger
Change-Id: I38e163e8ebb80ea5f79cfb8df44a71fdcd284e04
|
|
This merely requests the certificates that will be used for libvirt's
live migration if TLS-everywhere is enabled.
bp tls-via-certmonger
Change-Id: If18206d89460f6660a81aabc4ff8b97f1f99bba7
|
|
The extract-and-trust-ca actually needs /var/lib/certmonger/local/creds
file to be created, which is created when certmonger is started, not
when package is installed.
This patch change the exec dependency to run it only when service is
started.
Also, since the service create the file, let's relax the Exec a little
bit by allowing to retry 5 times after 1s break in case the Exec fails,
for example if service takes more than 5 seconds to create this file.
It will avoid us some race condition in the deployment.
Change-Id: I4cf4a04bddb8f042e8e8f7e1d1b69f846c533e3b
|
|
This class extracts the certificate and adds it to the trusted certs.
bp tls-via-certmonger
Change-Id: I6dc1e0469cd7dbbb51659c8f29975d25b2941ec3
|
Emilien Macchi
Juan Antonio Osorio Robles