search

siliconalchemy / bzed-letsencrypt

Puppet module for centralized CSR signing using Let’s Encrypt™ - keeping your keys safe on the host they belong to.
0 stars 2 forks source link

Refactor csr/cert generation for fewer steps and cluster use #1

Open siliconalchemy opened 7 years ago

siliconalchemy commented 7 years ago

Currently CSRs are generated on the client and then shipped to the puppetmaster to request the cert. It involves many puppet runs - 2 on the client for the initial CSR, 2 on the puppetmaster for the request and signing, and at least one on the client to collect the certs. Further, if a CSR is requested for the same domain from multiple nodes it will generate a duplicate resource and any further puppet runs will crash: https://github.com/bzed/bzed-letsencrypt/issues/26

Look to refactor how a CSR is generated and certs are requested and deployed, to reduce the number of steps and allow certs to be requested/deployed from multiple nodes.

siliconalchemy commented 7 years ago

https://ttboj.wordpress.com/tag/exported-resources/

siliconalchemy commented 7 years ago

https://forge.puppet.com/puppetlabs/stdlib#ensure_resources