Page MenuHomePhabricator
Create Task
Maniphest T365799

Revert back to fleet-wide acmechief config once all ACME consumers are on Puppet 7
Open, HighPublic
Actions

Description

We currently have separate acmechie installations for Puppet 5 and Puppet 7 (added via https://phabricator.wikimedia.org/T352242)

  • As such, the remaining Puppet 5 servers are configured to use acmechief1001 via the setting in hieradata/common.yaml
  • All the roles migrated to Puppet 7 (which is 90% at this time) have a role- or host-specific Hiera setting which points them to acmechief2002.

There are two remaining systems on Puppet 5 which are using an acme_chief::cert resource:

  • archiva1002
  • lists1001

Once those are on Puppet 7, we can:

  • Update hieradata/common.yaml to point to a Puppet 7 acmechief host
  • Remove the various role-specific overrides
  • Decom acmechief1001 and acmechief2001

Related Objects
Search...

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL