--- Exec[Generate cert zuul__zuul refresh].orig
+++ Exec[Generate cert zuul__zuul refresh]
@@
- command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/zuul1001.eqiad.wmnet.pem -label zuul /etc/cfssl/csr/zuul__zuul.csr | /usr/bin/cfssljson -bare /etc/zookeeper/zuul-tls/zuul__zuul
+ command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/zuul1001.eqiad.wmnet.pem -label zuul /etc/cfssl/csr/zuul__zuul.csr | /usr/bin/cfssljson -bare /etc/cfssl/ssl/zuul__zuul/zuul__zuul
Exec[create chained cert /etc/zookeeper/zuul-tls/zuul__zookeeper.chain.pem]
- Parameters differences:
--- Exec[create chained cert /etc/zookeeper/zuul-tls/zuul__zookeeper.chain.pem].orig
+++ Exec[create chained cert /etc/zookeeper/zuul-tls/zuul__zookeeper.chain.pem]
- notify => ['Service[zookeeper]']
- Exec[Generate cert zuul__zookeeper refresh]
- Parameters differences:
--- Exec[Generate cert zuul__zookeeper refresh].orig
+++ Exec[Generate cert zuul__zookeeper refresh]
- notify => ['Service[zookeeper]']
- Exec[renew certificate - zuul__zookeeper]
- Parameters differences:
--- Exec[renew certificate - zuul__zookeeper].orig
+++ Exec[renew certificate - zuul__zookeeper]
- notify => ['Service[zookeeper]']
- Exec[renew certificate - zuul__zuul]
- Parameters differences:
--- Exec[renew certificate - zuul__zuul].orig
+++ Exec[renew certificate - zuul__zuul]
@@
- command => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/zuul1001.eqiad.wmnet.pem -label zuul /etc/zookeeper/zuul-tls/zuul__zuul.csr | /usr/bin/cfssljson -bare /etc/zookeeper/zuul-tls/zuul__zuul
+ command => /usr/bin/cfssl sign -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/zuul1001.eqiad.wmnet.pem -label zuul /etc/cfssl/ssl/zuul__zuul/zuul__zuul.csr | /usr/bin/cfssljson -bare /etc/cfssl/ssl/zuul__zuul/zuul__zuul
@@
- unless => /usr/bin/openssl x509 -in /etc/zookeeper/zuul-tls/zuul__zuul.pem -checkend 952200
+ unless => /usr/bin/openssl x509 -in /etc/cfssl/ssl/zuul__zuul/zuul__zuul.pem -checkend 952200
- File[/etc/zuul/zuul.conf]
- Content differences:
--- /etc/zuul/zuul.conf.orig
+++ /etc/zuul/zuul.conf
@@ -2,12 +2,12 @@
# vim: set ft=dosini:
[zookeeper]
hosts=10.64.32.104:2281
-tls_cert=/etc/zookeeper/zuul-tls/zuul__zuul.pem
-tls_key=/etc/zookeeper/zuul-tls/zuul__zuul-key.pem
-tls_ca=/etc/zookeeper/zuul-tls/zuul_full_chain.pem
+tls_cert=/etc/cfssl/ssl/zuul__zuul/zuul__zuul.pem
+tls_key=/etc/cfssl/ssl/zuul__zuul/zuul__zuul-key.pem
+tls_ca=
[keystore]
-password=snakeoil
+password=
[scheduler]
tenant_config=/etc/zuul/main.yaml
- Exec[Generate cert zuul__zuul]
- Parameters differences:
--- Exec[Generate cert zuul__zuul].orig
+++ Exec[Generate cert zuul__zuul]
@@
- command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/zuul1001.eqiad.wmnet.pem -label zuul /etc/cfssl/csr/zuul__zuul.csr | /usr/bin/cfssljson -bare /etc/zookeeper/zuul-tls/zuul__zuul
+ command => /usr/bin/cfssl gencert -config /etc/cfssl/client-cfssl.conf -tls-remote-ca /etc/ssl/certs/wmf-ca-certificates.crt -mutual-tls-client-cert /etc/cfssl/mutual_tls_client_cert.pem -mutual-tls-client-key /var/lib/puppet/ssl/private_keys/zuul1001.eqiad.wmnet.pem -label zuul /etc/cfssl/csr/zuul__zuul.csr | /usr/bin/cfssljson -bare /etc/cfssl/ssl/zuul__zuul/zuul__zuul
@@
- unless => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/zookeeper/zuul-tls/zuul__zuul.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/zookeeper/zuul-tls/zuul__zuul-key.pem 2>&1)"
+ unless => /usr/bin/test "$(/usr/bin/openssl x509 -in /etc/cfssl/ssl/zuul__zuul/zuul__zuul.pem -noout -pubkey 2>&1)" == "$(/usr/bin/openssl pkey -pubout -in /etc/cfssl/ssl/zuul__zuul/zuul__zuul-key.pem 2>&1)"
- File[/etc/zookeeper/zuul-tls]
- Parameters differences:
--- File[/etc/zookeeper/zuul-tls].orig
+++ File[/etc/zookeeper/zuul-tls]
@@
- require => ['Package[zookeeper]', 'User[zuul]']
+ require => ['User[zuul]']
- Exec[Generate cert zuul__zookeeper]
- Parameters differences:
--- Exec[Generate cert zuul__zookeeper].orig
+++ Exec[Generate cert zuul__zookeeper]
- notify => ['Service[zookeeper]']