Xtigyro
commented
3 months ago @anthonysomerset Thanks for the bug report!
Same as in the other one - please feel free to send our way a PR. 🙇♂️
Closed anthonysomerset closed 2 months ago
Xtigyro
commented
3 months ago @anthonysomerset Thanks for the bug report!
Same as in the other one - please feel free to send our way a PR. 🙇♂️
Use Case
I am trying to migrate from a Foreman + Puppet (no PuppetDB) based setup to this setup in helm with PuppetDB
i want to retain my certs as much as possible because i am not comfortable with a global autosign of yes - i am however working with customentrypoints to define a custom autosign.conf file as a middle ground in the interim of manually signing 800+ new certs - SIDE NOTE - maybe i will add another feature request for tracking although its more documentation than anything else - would be good to look at puppet cert management within the solution more generally
i did try going through the exercise for import with preGeneratedCertsJob but it fails with a tar error because i don't have any PuppetDB certs and won't get past the preinstall phase as a result
Describe the Solution You Would Like
I would like to be able to import the CA only (and existing signed certs/requests etc) but for the relevant elements within the helm chart to re-generate (and sign) new server/db certs - i don't mind crafting my autosign.conf file to help with this e.g. adding
puppetdbas an entryDescribe Alternatives You've Considered
I am looking at how i could manually generate and sign a puppetdb cert without having to fully install puppetdb anywhere as a manual step - and how this could be documented within the project.
i also don't mind a manual solution to preload the ca information into the proper storage place prior to chart install