(#2848) Use `certdnsnames` when bootstrapping a local master.
363b47b29a9eUnpublished
Actions

Unpublished Commit · Learn More

Repository Importing: This repository is still importing.

Description

(#2848) Use certdnsnames when bootstrapping a local master.

We don't have any formal way to determine if a node is a master or not, which
makes it hard to authoritatively answer the question of "should certdnsnames
apply to this node".

However, we can assume that if you are the CA then you are also a master node.
You can't be one without the other.

We can also assume that if you are running as master, but are not a CA, you
intend to continue in that fashion. This is a weaker heuristic, but should be
effective enough for folks that start a master at the right time...

This means that the basic bootstrapping case uses that setting as it is
designed, and since we just generated the CA certificate we can fairly
confidently trust that we are doing the right thing with the request.

Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>

Details

Provenance

Daniel Pittman <daniel@puppetlabs.com>	Authored on
Nick Lewis <nick@puppetlabs.com>	Committed on Oct 22 2011, 12:51 AM
vanmeeuwen	Pushed on Jun 2 2015, 2:22 PM

Parents

rPU49334ff2256a: (#2848) CSR subjectAltNames handling while signing.

Branches

Unknown

Tags