On 15.05.2013 18:24, Keith Brown wrote:
Hello. Total puppet newbie, and trying to figure out the best way to do
this.
I have a set of systems that require the SSL bundle at
/etc/pki/tls/certs/ca-bundle.ca to have an additional certificate be
added. Problem is, these are a mix of RHEL5 and 6 systems, so the
ca-bundle is handled by two different packages, and when the packages
get updated, it would obliterate the certificate we add in. In previous
environments I worked in, I'd just have a cron script grep the bundle to
see if it has the certificate, and if not, append it to the end of the
bundle.
My understanding, is normal puppet operations work on a per line basis
(append_if_no_such_line, etc), so things can get complicated when you're
dealing with something that is of this nature. If you guys could point
me in a direction, or could refer me to some material to read on this,
it'd be great.
If you're not keen on maintaining local rpm packages for the ca-bundle,
I would just copy and fix those two files into the manifest and deploy
the appropriate version depending on one of the *version facts.
You'll have to keep an eye out about security updates, but c'est la vie.
Regards, David
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
