- No Ganglia in Labs;
- puppetmaster::puppetdb uses nginx, puppetmaster uses Apache, so separate hosts or if.
|Open||None||T204994 Integrate certspotter with certcentral to avoid certspotter notifying us on legitimate certs generated by our certcentral boxes|
|Open||None||T204997 certcentral: delay deployment of renewed certs to wait out skewed client clocks|
|Open||Vgutierrez||T207050 Migrate most standard public TLS certificates to CertCentral issuance|
|Open||None||T199711 Deploy a scalable service for ACME (LetsEncrypt) certificate management|
|Open||Krenair||T194962 Create and deploy a centralized letsencrypt service|
|Open||None||T152866 Make clush safer|
|Open||None||T153163 Set up and use exported resources for Tool Labs's shared knowledge|
|Resolved||Krenair||T72792 Set up puppet exported resources to collect ssh host keys for beta|
|Resolved||Krenair||T153577 Make standalone puppetmasters optionally use PuppetDB|
|Resolved||scfc||T154104 role::puppetmaster::puppetdb depends on Ganglia and cannot be used in Labs|
I'm pretty sure the patches work except that I can't get them to work on toolsbeta-puppetmaster7 due to some PostgreSQL hiccups (our puppetry for that is far too fragile for my taste). I'll set up a new puppetmaster and test that tomorrow.
I think on labs we can host it on the same instance as the puppetmaster. I got it working like that and reduces the complexity of this :).
we wont need nginx installed.
I got puppetdb working on the same host as the puppetmaster as it needs the same cert as the puppetmaster for puppetdb jetty.