search

SumoLogic / sumologic-collector-puppet-module

Puppet module for installing Sumo Logic's collector.
Other
11 stars 22 forks source link

Using one's own CA certs requires a tortuous workaround #48

Open tquid opened 3 years ago

tquid commented 3 years ago

Using one's own CA certs, a pretty common practice in many larger environments, causes PKI errors (the infamous "unable to find valid certification path to requested target"). This is fixable manually, but the puppet solution is not obvious. sumo::use_package must be set true and one must make a soft link to one's own cacerts:

  file { '/opt/SumoCollector/jre/lib/security/cacerts':
    ensure  => link,
    target  => '/etc/pki/ca-trust/extracted/java/cacerts',
    require => Package['collector'],
    notify  => Service['collector']
  }

I humbly suggest creating a configuration item for a cacert file location to avoid this workaround.