foreman-proxy-certs-generate uses a value for --foreman-proxy-cname to add a DNS record even if it is invalid
foreman-proxy-certs-generate uses the value for --foreman-proxy-cname to add a DNS record in the SAN field regardless of that setting making sense or not. E.g. DNS: and DNS: <= empty string.
This is what foreman-proxy-certs-generate is generating for qpid-router-server.crt: (used by capsules' qdrouterd on port 5647 to listen to clients' goferds)
X509v3 Subject Alternative Name:
The DNS: comes from the default value for --foreman-proxy-cname:
[root@sat65a ~]# foreman-proxy-certs-generate --help
= Module foreman_proxy_certs:
--certs-tar Path to tar file with certs to generate (current: UNDEF)
--foreman-proxy-cname additional names of the foreman proxy (current: [""]) <========= here
--foreman-proxy-fqdn FQDN of the foreman proxy (current: "sat65a.usersys.redhat.com")
Turns out, if you use `--foreman-proxy-cname ""` with `foreman-proxy-certs-generate` it will still generate certs with DNS:<fqdn>, DNS: <==== second DNS entry empty.
The problem is that puppet-strings parses the default as the string "" rather than an empty array .
Fixes #27847 - Refactor foreman_proxy_content class
- Move $parent_fqdn to Advanced Parameters since users generally don't
- Implement stricter data types
- Use modern facts
- Work around a kafo_parsers/puppet-strings limitation by using
Refs #27847 - Set parameter mapping
In puppet-certs master the default values are loaded via params.pp to
workaround kafo limitations. This configures kafo to actually find it.
Otherwise it can't load the defaults and the values are nil.
Refs #27847 - Load CNAME default from params
3beda1df35481210b581f9beeb63d1dcafd2aca0 intended to load the variable
from params and even added it to params.pp, but missed using that
Refs #27847 - Use legacy facts
In foreman-installer we test the command inside bundler. There is only a
facter 2 gem which doesn't have the modern facts. That means
$facts['networking'] is undef and breaks, even though this won't be a
problem in production. In many places we still use legacy facts so this
reverts back to legacy facts.
#3 Updated by Ewoud Kohl van Wijngaarden about 1 year ago
- Status changed from Ready For Testing to Closed
Applied in changeset puppet-certs|3beda1df35481210b581f9beeb63d1dcafd2aca0.