So you'd just say manually keep a copy of the file upto date, and deploy based on that?
as far as the bundles go, well, if it was all rhel6, that'd be a better option for us, but RHEL5 has the bundle as part of openssl. That one gets updated more often, and would need to roll a package for that. I wish they'd have updated things for RHEL5 to show the split in the packages, like it is in RHEL6. Just seems like things would be easier. On Wednesday, May 15, 2013 11:37:38 AM UTC-5, David Schmitt wrote: > > On 15.05.2013 18:24, Keith Brown wrote: > > Hello. Total puppet newbie, and trying to figure out the best way to do > > this. > > > > I have a set of systems that require the SSL bundle at > > /etc/pki/tls/certs/ca-bundle.ca to have an additional certificate be > > added. Problem is, these are a mix of RHEL5 and 6 systems, so the > > ca-bundle is handled by two different packages, and when the packages > > get updated, it would obliterate the certificate we add in. In previous > > environments I worked in, I'd just have a cron script grep the bundle to > > see if it has the certificate, and if not, append it to the end of the > > bundle. > > > > My understanding, is normal puppet operations work on a per line basis > > (append_if_no_such_line, etc), so things can get complicated when you're > > dealing with something that is of this nature. If you guys could point > > me in a direction, or could refer me to some material to read on this, > > it'd be great. > > If you're not keen on maintaining local rpm packages for the ca-bundle, > I would just copy and fix those two files into the manifest and deploy > the appropriate version depending on one of the *version facts. > > You'll have to keep an eye out about security updates, but c'est la vie. > > Regards, David > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
