I can reply to all these questions I think. But will be a few days before I can write up all the details. Christmas celebrations and stuff :)
On Mon, 22 Dec 2014 21:01 Eric Sorenson <[email protected]> wrote: > [ sorry for the double-post, I sent this to puppet-users as well, but am > posting separately here to keep the threading separate.. Damn reply-to > munging ] > > Hiya, one of the cool things in the new Puppet Server is a > re-implementation of Puppet's certificate authority code. The > implementation up to last week's 1.0.0 release is pretty strictly > backwards-compatible with the Ruby implementation, using the same > filesystem layout, same HTTP endpoints, etc., but early next year we need > to start making some changes and I wanted to solicit some feedback to see > what y'all are using. So, some questions: > > - Are you using scripts which run and parse output from `puppet cert`, > `puppet certificate`, `puppet ca`, `puppet certificate_request` and/or > `puppet certificate_revocation_list`? If so, what do the scripts do with > the commands, and what output do they expect? (As an aside one of the > problems we're aiming to fix is the multiplicity of confusingly overlapping > functionality available in these subcommands) > > - Are you using the HTTP API around certificates in your own > tooling/automation? These are endpoints like `/certificate/ca`, > `/certificate/<some host name>`, > `/<environment>/certificate_revocation_list/ca` , > `/<environment>/certificate_request/`, `/<environment>/certificate_status` > Same question -- what do you use the endpoints to accomplish, and are > there particularly important pieces of data in the output for your > use-cases? > > - Are you using any programs which load the Puppet Ruby code as a library > in order to make use of the certificate-related classes/methods directly? > Is that because there was something you couldn't do through the > command-line or REST APIs? I would be pretty surprised if anyone was doing > this but you're going to have to make the deepest changes so it's important > for me to understand what you're relying on. > > - Are you making use of stuff that lives in the CA filesystem in your own > tooling, that does NOT go through any of the Puppet APIs? If so, STOP DOING > THAT! Just kidding, sorta. But it would be very interesting to know whether > you're using things like the `serial` or `inventory.txt` files in your > scripts or workflows. > > Feel free to follow-up here or on > https://tickets.puppetlabs.com/browse/SERVER-270 > > Eric Sorenson - [email protected] - freenode #puppet: eric0 > puppet platform // coffee // techno // bicycles > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-dev/50D1D662-A11B-4CA6-8A63-0E7240C561B1%40puppetlabs.com > <https://groups.google.com/d/msgid/puppet-dev/50D1D662-A11B-4CA6-8A63-0E7240C561B1%40puppetlabs.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/CAAAzDLeUByLR2peA_oCVvZaY%3DeY0Sng6H3AxCLT%3DU37TKJShiA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
