search

sous-chefs / certificate

Development repository for the certificate cookbook
https://supermarket.chef.io/cookbooks/certificate
73 stars 43 forks source link

Add note to the docs about relying on default resource attributes #35

Closed fletchowns closed 9 years ago

fletchowns commented 10 years ago

If you are setting the hostname as part of your chef converge (such as with the hostname cookbook), the certificate_manage resource does not create the expected filenames.

So if you use this:

certificate_manage "wildcard"

and your node['fqdn'] was updated during your chef run, then you end up with a file like:

/etc/pki/tls/certs/localhost.pem

(substitute localhost for whatever your original hostname was)

Instead, you have to ensure the values from the execution phase are used:

certificate_manage "wildcard" do
    cert_file lazy { "#{node['fqdn']}.pem" }
    key_file lazy { "#{node['fqdn']}.key" }
    chain_file lazy { "#{node['fqdn']}-bundle.crt" }
end

Then you end up with a filename like:

/etc/pki/tls/certs/mynode.mycompany.com.pem

I thought it might be helpful if we add a note to the readme in case anybody else gets hung up on this.

Full repro is available here.

fletchowns commented 9 years ago

Maybe the issue is outside of this certificate cookbook? I'm not sure...still trying to get everything to play nice together

https://github.com/xhost-cookbooks/system/issues/7

https://github.com/3ofcoins/chef-cookbook-hostname/issues/30