|Open||None||T294906 Puppet Improvements|
|Open||jbond||T313387 investigate state of puppet 7|
|Declined||None||T273637 Puppet host certs do not contain Subject Alt Name entries|
@Kormat is this blocking something, currently there is no plan to fix this untill we upgrade to puppet server 6 (for which there is no timeline, package is still not building in Debian upstream). I would say that anything which needs SAN certificates should be migrated away from the puppet certs to the new pki service.
also noting here that we have implemented the workaround above in the cfssl::cert define
@jbond: Using the env var workaround for services works for the moment, so long as:
- we're using upstream's binary and they compile it with golang < 1.17
- we're compiling the binary ourselves and the source doesn't require golang 1.17
It gets painful for cmdline binaries, though. I guess you're stuck with moving the real binary out of $PATH, and putting in a wrapper script that sets the env var, so that all callers will have it set.
I'm currently compiling with go1.14 to avoid that mess, for now.
@jbond: Removing task assignee as this open task has been assigned for more than two years - See the email sent to task assignee on Feburary 22nd, 2023.
Please assign this task to yourself again if you still realistically [plan to] work on this task - it would be welcome! :)
If this task has been resolved in the meantime, or should not be worked on by anybody ("declined"), please update its task status via "Add Action… 🡒 Change Status".
Also see https://www.mediawiki.org/wiki/Bug_management/Assignee_cleanup for tips how to best manage your individual work in Phabricator. Thanks!