(#2848) Use `certdnsnames` when bootstrapping a local master.
a72049914b76Unpublished
Actions

Unpublished Commit · Learn More

Repository Importing: This repository is still importing.

Description

(#2848) Use certdnsnames when bootstrapping a local master.

We don't have any formal way to determine if a node is a master or not, which
makes it hard to authoritatively answer the question of "should certdnsnames
apply to this node".

However, we can assume that if you are the CA then you are also a master node.
You can't be one without the other.

We can also assume that if you are running as master, but are not a CA, you
intend to continue in that fashion. This is a weaker heuristic, but should be
effective enough for folks that start a master at the right time...

This means that the basic bootstrapping case uses that setting as it is
designed, and since we just generated the CA certificate we can fairly
confidently trust that we are doing the right thing with the request.

Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>

Details

Provenance

Daniel Pittman <daniel@puppetlabs.com>	Authored on
Nick Lewis <nick@puppetlabs.com>	Committed on Oct 21 2011, 7:17 PM
vanmeeuwen	Pushed on Jun 2 2015, 2:22 PM

Parents

rPU6e3f529c8997: (#2848) CSR subjectAltNames handling while signing.

Branches

Unknown

Tags