Skip to content

Commit

Permalink
Refs ##35184 - Drop puppetca_puppet_cert documentation for 3.9+
Browse files Browse the repository at this point in the history 
Foreman 3.9 dropped support for old Puppet versions and with it the
puppetca_puppet_cert provider.
  • Loading branch information
@ekohl
ekohl committed Aug 13, 2024
1 parent e33fa09 commit f887413
Show file tree
Hide file tree
Showing 4 changed files with 0 additions and 148 deletions.
37 changes: 0 additions & 37 deletions _includes/manuals/3.10/4.3.7_smartproxy_puppetca.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,6 @@ Also choose the provider to use, default should be `puppetca_hostname_whitelisti
:use_provider: puppetca_hostname_whitelisting
```

Lastly the Puppet version needs to be specified. Since version 6 the `puppetca_http_api` implementation is used while on earlier versions the `puppetca_puppet_cert` implementation is used.
```yaml
:puppet_version: '6.8.0'
```

#### puppetca_hostname_whitelisting

The `puppetca_hostname_whitelisting` provider directly manages Puppet's `autosign.conf` file.
Expand Down Expand Up @@ -75,40 +70,8 @@ After deploying the script the Puppet configuration has to be changed to point t
autosign = /usr/libexec/foreman-proxy/puppet_sign.rb
```

#### puppetca_puppet_cert

**Note** this is used in Puppet 5 and earlier as determined by the `puppet_version` setting in `puppetca.yml`.

This implementation is used for managing certificates. It uses the `puppet cert` command and typically requires sudo access for the proxy.

```yaml
:ssldir: /etc/puppetlabs/puppet/ssl
#:puppetca_use_sudo: false
#:sudo_command: /usr/bin/sudo
```

The `ssldir` setting is required and can be determined with `puppet config print ssldir`. Puppet AIO defaults to using `/etc/puppetlabs/puppet/ssl`.

By default sudo is used but can be disabled with `puppetca_use_sudo` setting. The sudo command is dermined via the `PATH` variable or can be explicitly set with the `sudo_command` setting.

For sudo to work correctly, it must be configured to allow `puppet cert` with NOPASSWD and without requiretty. Under a Puppet AIO installation, configuration should be:

```
foreman-proxy ALL = NOPASSWD: /opt/puppetlabs/bin/puppet cert *
Defaults:foreman-proxy !requiretty
```

Under a non-AIO Puppet installation:

```
foreman-proxy ALL = NOPASSWD: /usr/bin/puppet cert *
Defaults:foreman-proxy !requiretty
```

#### puppetca_http_api

**Note** this is used in Puppet 6 and newer as determined by the `puppet_version` setting in `puppetca.yml`.

As the name implies, Puppetserver's HTTP API is used to manage certificates. In its configuration file `puppetca_http_api.yml` the connection details are configured:

```yaml
Expand Down
37 changes: 0 additions & 37 deletions _includes/manuals/3.11/4.3.7_smartproxy_puppetca.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,6 @@ Also choose the provider to use, default should be `puppetca_hostname_whitelisti
:use_provider: puppetca_hostname_whitelisting
```

Lastly the Puppet version needs to be specified. Since version 6 the `puppetca_http_api` implementation is used while on earlier versions the `puppetca_puppet_cert` implementation is used.
```yaml
:puppet_version: '6.8.0'
```

#### puppetca_hostname_whitelisting

The `puppetca_hostname_whitelisting` provider directly manages Puppet's `autosign.conf` file.
Expand Down Expand Up @@ -75,40 +70,8 @@ After deploying the script the Puppet configuration has to be changed to point t
autosign = /usr/libexec/foreman-proxy/puppet_sign.rb
```

#### puppetca_puppet_cert

**Note** this is used in Puppet 5 and earlier as determined by the `puppet_version` setting in `puppetca.yml`.

This implementation is used for managing certificates. It uses the `puppet cert` command and typically requires sudo access for the proxy.

```yaml
:ssldir: /etc/puppetlabs/puppet/ssl
#:puppetca_use_sudo: false
#:sudo_command: /usr/bin/sudo
```

The `ssldir` setting is required and can be determined with `puppet config print ssldir`. Puppet AIO defaults to using `/etc/puppetlabs/puppet/ssl`.

By default sudo is used but can be disabled with `puppetca_use_sudo` setting. The sudo command is dermined via the `PATH` variable or can be explicitly set with the `sudo_command` setting.

For sudo to work correctly, it must be configured to allow `puppet cert` with NOPASSWD and without requiretty. Under a Puppet AIO installation, configuration should be:

```
foreman-proxy ALL = NOPASSWD: /opt/puppetlabs/bin/puppet cert *
Defaults:foreman-proxy !requiretty
```

Under a non-AIO Puppet installation:

```
foreman-proxy ALL = NOPASSWD: /usr/bin/puppet cert *
Defaults:foreman-proxy !requiretty
```

#### puppetca_http_api

**Note** this is used in Puppet 6 and newer as determined by the `puppet_version` setting in `puppetca.yml`.

As the name implies, Puppetserver's HTTP API is used to manage certificates. In its configuration file `puppetca_http_api.yml` the connection details are configured:

```yaml
Expand Down
37 changes: 0 additions & 37 deletions _includes/manuals/3.9/4.3.7_smartproxy_puppetca.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,6 @@ Also choose the provider to use, default should be `puppetca_hostname_whitelisti
:use_provider: puppetca_hostname_whitelisting
```

Lastly the Puppet version needs to be specified. Since version 6 the `puppetca_http_api` implementation is used while on earlier versions the `puppetca_puppet_cert` implementation is used.
```yaml
:puppet_version: '6.8.0'
```

#### puppetca_hostname_whitelisting

The `puppetca_hostname_whitelisting` provider directly manages Puppet's `autosign.conf` file.
Expand Down Expand Up @@ -75,40 +70,8 @@ After deploying the script the Puppet configuration has to be changed to point t
autosign = /usr/libexec/foreman-proxy/puppet_sign.rb
```

#### puppetca_puppet_cert

**Note** this is used in Puppet 5 and earlier as determined by the `puppet_version` setting in `puppetca.yml`.

This implementation is used for managing certificates. It uses the `puppet cert` command and typically requires sudo access for the proxy.

```yaml
:ssldir: /etc/puppetlabs/puppet/ssl
#:puppetca_use_sudo: false
#:sudo_command: /usr/bin/sudo
```

The `ssldir` setting is required and can be determined with `puppet config print ssldir`. Puppet AIO defaults to using `/etc/puppetlabs/puppet/ssl`.

By default sudo is used but can be disabled with `puppetca_use_sudo` setting. The sudo command is dermined via the `PATH` variable or can be explicitly set with the `sudo_command` setting.

For sudo to work correctly, it must be configured to allow `puppet cert` with NOPASSWD and without requiretty. Under a Puppet AIO installation, configuration should be:

```
foreman-proxy ALL = NOPASSWD: /opt/puppetlabs/bin/puppet cert *
Defaults:foreman-proxy !requiretty
```

Under a non-AIO Puppet installation:

```
foreman-proxy ALL = NOPASSWD: /usr/bin/puppet cert *
Defaults:foreman-proxy !requiretty
```

#### puppetca_http_api

**Note** this is used in Puppet 6 and newer as determined by the `puppet_version` setting in `puppetca.yml`.

As the name implies, Puppetserver's HTTP API is used to manage certificates. In its configuration file `puppetca_http_api.yml` the connection details are configured:

```yaml
Expand Down
37 changes: 0 additions & 37 deletions _includes/manuals/nightly/4.3.7_smartproxy_puppetca.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,6 @@ Also choose the provider to use, default should be `puppetca_hostname_whitelisti
:use_provider: puppetca_hostname_whitelisting
```

Lastly the Puppet version needs to be specified. Since version 6 the `puppetca_http_api` implementation is used while on earlier versions the `puppetca_puppet_cert` implementation is used.
```yaml
:puppet_version: '6.8.0'
```

#### puppetca_hostname_whitelisting

The `puppetca_hostname_whitelisting` provider directly manages Puppet's `autosign.conf` file.
Expand Down Expand Up @@ -75,40 +70,8 @@ After deploying the script the Puppet configuration has to be changed to point t
autosign = /usr/libexec/foreman-proxy/puppet_sign.rb
```

#### puppetca_puppet_cert

**Note** this is used in Puppet 5 and earlier as determined by the `puppet_version` setting in `puppetca.yml`.

This implementation is used for managing certificates. It uses the `puppet cert` command and typically requires sudo access for the proxy.

```yaml
:ssldir: /etc/puppetlabs/puppet/ssl
#:puppetca_use_sudo: false
#:sudo_command: /usr/bin/sudo
```

The `ssldir` setting is required and can be determined with `puppet config print ssldir`. Puppet AIO defaults to using `/etc/puppetlabs/puppet/ssl`.

By default sudo is used but can be disabled with `puppetca_use_sudo` setting. The sudo command is dermined via the `PATH` variable or can be explicitly set with the `sudo_command` setting.

For sudo to work correctly, it must be configured to allow `puppet cert` with NOPASSWD and without requiretty. Under a Puppet AIO installation, configuration should be:

```
foreman-proxy ALL = NOPASSWD: /opt/puppetlabs/bin/puppet cert *
Defaults:foreman-proxy !requiretty
```

Under a non-AIO Puppet installation:

```
foreman-proxy ALL = NOPASSWD: /usr/bin/puppet cert *
Defaults:foreman-proxy !requiretty
```

#### puppetca_http_api

**Note** this is used in Puppet 6 and newer as determined by the `puppet_version` setting in `puppetca.yml`.

As the name implies, Puppetserver's HTTP API is used to manage certificates. In its configuration file `puppetca_http_api.yml` the connection details are configured:

```yaml
Expand Down

0 comments on commit f887413

Please sign in to comment.