You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Often it's helpful to check in Puppet Code if it's running on a compiler/primary or to use trusted data in node group rules. Puppet even documents the official pp_role OID. PEADM doesn't configure this. Only two attributes are set:
from a compiler:
# cat /etc/puppetlabs/puppet/csr_attributes.yaml
---
extension_requests:
1.3.6.1.4.1.34380.1.3.13: pe_compiler
1.3.6.1.4.1.34380.1.1.9813: A
from a primary:
# cat /etc/puppetlabs/puppet/csr_attributes.yaml
---
extension_requests:
1.3.6.1.4.1.34380.1.1.9812: puppet/server
1.3.6.1.4.1.34380.1.1.9813: A
On compilers we've 1.3.6.1.4.1.34380.1.3.13 (which is pp_auth_role), but no equivalent on primaries.
Describe the Solution You Would Like
I would like to see one trusted fact with distinct values for primary,replica,compiler, maybe pp_role. The fact and value should be configureable.
Describe Alternatives You've Considered
Of course I can manage CSR attributes on my own, but I think it makes sense to have sane defaults in PEADM.
Additional Context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered:
Use Case
Often it's helpful to check in Puppet Code if it's running on a compiler/primary or to use trusted data in node group rules. Puppet even documents the official pp_role OID. PEADM doesn't configure this. Only two attributes are set:
from a compiler:
from a primary:
On compilers we've
1.3.6.1.4.1.34380.1.3.13
(which ispp_auth_role
), but no equivalent on primaries.Describe the Solution You Would Like
I would like to see one trusted fact with distinct values for primary,replica,compiler, maybe pp_role. The fact and value should be configureable.
Describe Alternatives You've Considered
Of course I can manage CSR attributes on my own, but I think it makes sense to have sane defaults in PEADM.
Additional Context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: