root@deployment-puppetmaster04:/var/lib/git/operations/puppet(production *+%|MERGING u+11-279)# git status On branch production Your branch and 'origin/production' have diverged, and have 11 and 279 different commits each, respectively. (use "git pull" to merge the remote branch into yours) You have unmerged paths. (fix conflicts and run "git commit") (use "git merge --abort" to abort the merge) Changes to be committed: modified: .gitignore modified: conftool-data/dbconfig-instance/instances.yaml modified: conftool-data/node/eqiad.yaml modified: hieradata/cloud.yaml modified: hieradata/cloud/codfw1dev.yaml modified: hieradata/cloud/eqiad1.yaml modified: hieradata/cloud/eqiad1/cloudinfra/common.yaml modified: hieradata/cloud/eqiad1/project-proxy/common.yaml modified: hieradata/cloud/eqiad1/quarry/common.yaml modified: hieradata/cloud/eqiad1/tools/common.yaml modified: hieradata/codfw/profile/ceph.yaml modified: hieradata/codfw/profile/ceph/auth/load_all.yaml modified: hieradata/codfw/profile/ceph/mon.yaml modified: hieradata/codfw/profile/ceph/osd.yaml modified: hieradata/codfw/profile/openstack/codfw1dev/barbican.yaml modified: hieradata/codfw/profile/openstack/codfw1dev/cinder.yaml modified: hieradata/codfw/profile/openstack/codfw1dev/cloudgw.yaml modified: hieradata/codfw/profile/openstack/codfw1dev/designate.yaml modified: hieradata/codfw/profile/openstack/codfw1dev/glance.yaml modified: hieradata/codfw/profile/openstack/codfw1dev/heat.yaml modified: hieradata/codfw/profile/openstack/codfw1dev/horizon.yaml modified: hieradata/codfw/profile/openstack/codfw1dev/keystone.yaml modified: hieradata/codfw/profile/openstack/codfw1dev/magnum.yaml modified: hieradata/codfw/profile/openstack/codfw1dev/networktests.yaml modified: hieradata/codfw/profile/openstack/codfw1dev/neutron.yaml modified: hieradata/codfw/profile/openstack/codfw1dev/nova.yaml modified: hieradata/codfw/profile/openstack/codfw1dev/pdns.yaml modified: hieradata/codfw/profile/openstack/codfw1dev/placement.yaml modified: hieradata/codfw/profile/openstack/codfw1dev/puppetmaster/encapi.yaml modified: hieradata/codfw/profile/openstack/codfw1dev/trove.yaml modified: hieradata/codfw/profile/openstack/codfw1dev/wikitech.yaml modified: hieradata/common.yaml modified: hieradata/common/profile/alertmanager/api.yaml modified: hieradata/common/profile/base/firewall.yaml modified: hieradata/common/profile/dumps.yaml modified: hieradata/common/profile/kubernetes/deployment_server.yaml modified: hieradata/common/profile/netbox.yaml modified: hieradata/common/profile/netbox/db.yaml modified: hieradata/common/profile/openstack/codfw1dev.yaml modified: hieradata/common/profile/openstack/eqiad1.yaml modified: hieradata/common/profile/openstack/eqiad1/galera.yaml modified: hieradata/common/puppetmaster.yaml modified: hieradata/common/scap/dsh.yaml modified: hieradata/common/service.yaml modified: hieradata/eqiad/profile/ceph.yaml modified: hieradata/eqiad/profile/ceph/auth/load_all.yaml modified: hieradata/eqiad/profile/ceph/mon.yaml modified: hieradata/eqiad/profile/ceph/osd.yaml modified: hieradata/eqiad/profile/openstack/eqiad1/cinder.yaml modified: hieradata/eqiad/profile/openstack/eqiad1/cloudgw.yaml modified: hieradata/eqiad/profile/openstack/eqiad1/cumin.yaml modified: hieradata/eqiad/profile/openstack/eqiad1/designate.yaml modified: hieradata/eqiad/profile/openstack/eqiad1/glance.yaml modified: hieradata/eqiad/profile/openstack/eqiad1/horizon.yaml modified: hieradata/eqiad/profile/openstack/eqiad1/keystone.yaml modified: hieradata/eqiad/profile/openstack/eqiad1/networktests.yaml modified: hieradata/eqiad/profile/openstack/eqiad1/neutron.yaml modified: hieradata/eqiad/profile/openstack/eqiad1/nova.yaml modified: hieradata/eqiad/profile/openstack/eqiad1/pdns.yaml modified: hieradata/eqiad/profile/openstack/eqiad1/placement.yaml modified: hieradata/eqiad/profile/openstack/eqiad1/trove.yaml modified: hieradata/eqiad/profile/openstack/eqiad1/wikitech.yaml modified: hieradata/hosts/cloudbackup1001-dev.yaml modified: hieradata/hosts/cloudbackup1002-dev.yaml deleted: hieradata/hosts/cloudcontrol1003.yaml deleted: hieradata/hosts/cloudcontrol1004.yaml modified: hieradata/hosts/cloudcontrol1005.yaml modified: hieradata/hosts/cloudcontrol1006.yaml modified: hieradata/hosts/cloudcontrol1007.yaml modified: hieradata/hosts/cloudcontrol2003-dev.yaml modified: hieradata/hosts/cloudcontrol2004-dev.yaml new file: hieradata/hosts/cloudcontrol2005-dev.yaml new file: hieradata/hosts/cp1089.yaml new file: hieradata/hosts/cp1090.yaml modified: hieradata/hosts/cp2027.yaml new file: hieradata/hosts/cp3064.yaml new file: hieradata/hosts/cp3065.yaml modified: hieradata/hosts/db1100.yaml modified: hieradata/hosts/db1115.yaml modified: hieradata/hosts/db1118.yaml modified: hieradata/hosts/db1122.yaml modified: hieradata/hosts/db1124.yaml modified: hieradata/hosts/db1125.yaml modified: hieradata/hosts/db1130.yaml modified: hieradata/hosts/db1133.yaml modified: hieradata/hosts/db1162.yaml modified: hieradata/hosts/db1163.yaml modified: hieradata/hosts/db1169.yaml deleted: hieradata/hosts/db2079.yaml deleted: hieradata/hosts/db2089.yaml modified: hieradata/hosts/db2095.yaml modified: hieradata/hosts/db2099.yaml modified: hieradata/hosts/db2102.yaml modified: hieradata/hosts/db2114.yaml modified: hieradata/hosts/db2115.yaml modified: hieradata/hosts/db2116.yaml modified: hieradata/hosts/db2118.yaml modified: hieradata/hosts/db2119.yaml modified: hieradata/hosts/db2127.yaml modified: hieradata/hosts/db2135.yaml modified: hieradata/hosts/db2143.yaml modified: hieradata/hosts/db2165.yaml modified: hieradata/hosts/db2166.yaml modified: hieradata/hosts/db2167.yaml modified: hieradata/hosts/db2168.yaml modified: hieradata/hosts/db2177.yaml deleted: hieradata/hosts/dborch1001.yaml modified: hieradata/hosts/dbproxy2002.yaml modified: hieradata/hosts/dbproxy2003.yaml modified: hieradata/hosts/es2022.yaml modified: hieradata/hosts/es2023.yaml modified: hieradata/hosts/gitlab1003.yaml modified: hieradata/hosts/gitlab2002.yaml modified: hieradata/hosts/pc2012.yaml modified: hieradata/hosts/phab1001.yaml modified: hieradata/hosts/phab2001.yaml modified: hieradata/hosts/restbase1016.yaml new file: hieradata/hosts/sretest1002.yaml modified: hieradata/regex.yaml modified: hieradata/role/codfw/lvs/balancer.yaml modified: hieradata/role/codfw/wmcs/openstack/eqiad1/backups.yaml modified: hieradata/role/common/acme_chief.yaml modified: hieradata/role/common/alerting_host.yaml modified: hieradata/role/common/analytics_cluster/airflow/platform_eng.yaml new file: hieradata/role/common/analytics_cluster/airflow/platform_eng_legacy.yaml modified: hieradata/role/common/aqs.yaml modified: hieradata/role/common/aqs_next.yaml modified: hieradata/role/common/deployment_server/kubernetes.yaml new file: hieradata/role/common/etcd/v3/dse_k8s_etcd.yaml modified: hieradata/role/common/gerrit.yaml modified: hieradata/role/common/gerrit/migration.yaml modified: hieradata/role/common/gitlab.yaml modified: hieradata/role/common/mariadb/core_test.yaml modified: hieradata/role/common/netbox/database.yaml modified: hieradata/role/common/pki/multirootca.yaml modified: hieradata/role/common/pki/root.yaml modified: hieradata/role/common/restbase/production.yaml modified: hieradata/role/common/sretest.yaml modified: hieradata/role/common/wdqs/public.yaml modified: hieradata/role/eqiad/elasticsearch/cirrus.yaml modified: hieradata/role/eqiad/wmcs/openstack/codfw1dev/backups.yaml modified: hieradata/role/eqiad/wmcs/openstack/eqiad1/labweb.yaml modified: manifests/site.pp modified: modules/admin/data/data.yaml modified: modules/alertmanager/templates/alertmanager.yml.erb modified: modules/aptrepo/files/distributions-wikimedia modified: modules/base/lib/facter/interface_primary.rb modified: modules/cassandra/templates/cassandra.yaml-3.11.13.erb modified: modules/cassandra/templates/cassandra.yaml-3.x.erb modified: modules/ceph/manifests/config.pp modified: modules/ceph/spec/classes/ceph_config_spec.rb new file: modules/ceph/templates/ceph.conf.epp deleted: modules/ceph/templates/ceph.conf.erb modified: modules/cfssl/types/common_name.pp modified: modules/dumps/files/fetches/kiwix-rsync-cron.sh modified: modules/facilities/manifests/init.pp modified: modules/ferm/manifests/init.pp modified: modules/geoip/manifests/data/maxmind.pp modified: modules/geoip/manifests/data/maxmind/ipinfo.pp modified: modules/geoip/templates/GeoIP.conf.erb modified: modules/gerrit/files/homedir/.ssh/known_hosts modified: modules/haproxy/templates/tls_terminator.cfg.erb modified: modules/icinga/files/check_legal_html.py modified: modules/icinga/manifests/monitor/cloudgw.pp modified: modules/icinga/templates/nsca_frack.cfg.erb modified: modules/install_server/files/autoinstall/netboot.cfg modified: modules/install_server/files/autoinstall/partman/custom/gitlab-raid1.cfg modified: modules/install_server/files/autoinstall/partman/custom/ms-be.cfg modified: modules/ircecho/files/ib3_auth.py modified: modules/ircecho/files/ircecho.py modified: modules/ircecho/manifests/init.pp modified: modules/ircecho/templates/default.erb modified: modules/ircecho/templates/initscripts/ircecho.systemd.erb new file: modules/jwt_authorizer/manifests/init.pp new file: modules/jwt_authorizer/manifests/service.pp new file: modules/jwt_authorizer/templates/authorizer.service.erb modified: modules/kartotherian/manifests/init.pp modified: modules/klaxon/manifests/init.pp modified: modules/lxc/manifests/init.pp modified: modules/mediabackup/manifests/worker.pp deleted: modules/mediawiki/templates/apache/sites/main.conf deleted: modules/mediawiki/templates/apache/sites/remnant.conf deleted: modules/mediawiki/templates/apache/sites/wikimania.conf deleted: modules/mediawiki/templates/apache/sites/wikimedia.conf modified: modules/mtail/files/programs/atsbackend.mtail modified: modules/mtail/files/programs/atstls.mtail modified: modules/mtail/files/programs/cache_haproxy.mtail modified: modules/mtail/files/programs/mediawiki_access_log.mtail modified: modules/mtail/files/programs/varnishprocessing.mtail modified: modules/mtail/files/programs/varnishttfb.mtail modified: modules/mtail/files/test/ats_test.py modified: modules/mtail/files/test/cache_haproxy_test.py modified: modules/mtail/files/test/mediawiki_access_log_test.py new file: modules/mtail/files/test/programs_test.py deleted: modules/openstack/files/monitor/fullstack/check_nova_fullstack_leaks.py modified: modules/openstack/files/nova/fullstack/nova_fullstack_test.py modified: modules/openstack/manifests/cinder/monitor.pp modified: modules/openstack/manifests/glance/monitor.pp modified: modules/openstack/manifests/nova/api/monitor.pp modified: modules/openstack/manifests/nova/fullstack/monitor.pp modified: modules/openstack/manifests/nova/placement/monitor.pp modified: modules/openstack/manifests/placement/monitor.pp new file: modules/openstack/spec/classes/nova_fullstack_monitor_spec.rb modified: modules/openstack/templates/bootstrap/glance/glance_seed.sh.erb modified: modules/openstack/templates/bootstrap/neutron/neutron_seed.sh.erb modified: modules/openstack/templates/bootstrap/nova/nova_seed.sh.erb modified: modules/openstack/templates/wallaby/cinder/cinder.conf.erb modified: modules/openstack/templates/wallaby/designate/designate.conf.erb modified: modules/openstack/templates/wallaby/heat/heat.conf.erb modified: modules/openstack/templates/wallaby/magnum/magnum.conf.erb modified: modules/openstack/templates/wallaby/neutron/neutron.conf.erb modified: modules/openstack/templates/wallaby/nova/common/nova.conf.erb modified: modules/openstack/templates/wallaby/trove/trove-guestagent.conf.erb modified: modules/openstack/templates/wallaby/trove/trove.conf.erb modified: modules/package_builder/manifests/pbuilder_hook.pp new file: modules/package_builder/templates/D04component.erb modified: modules/phabricator/files/phab_deploy_ensure_config_ownership.sh modified: modules/phabricator/manifests/init.pp modified: modules/phabricator/manifests/phd.pp modified: modules/phabricator/manifests/vcs.pp modified: modules/postgresql/files/dump_all.sh modified: modules/postgresql/manifests/backup.pp modified: modules/postgresql/manifests/slave.pp modified: modules/postgresql/templates/slave.conf.erb modified: modules/profile/files/configmaster/disc_desired_state.py modified: modules/profile/files/debdeploy/debdeploy.conf new file: modules/profile/files/firewall/defs_requestctl.tpl modified: modules/profile/files/logstash/Makefile new file: modules/profile/files/logstash/filter_scripts/set_default_values.rb modified: modules/profile/files/logstash/filters/15-filter_kubernetes_docker.conf modified: modules/profile/files/logstash/filters/20-filter_udp2log.conf modified: modules/profile/files/logstash/filters/50-filter_w3creportingapi.conf modified: modules/profile/files/logstash/filters/70-filter_routing.conf new file: modules/profile/files/logstash/filters/72-filter_loki_alerts.conf modified: modules/profile/files/logstash/filters/89-filter_diagnostics.conf modified: modules/profile/files/logstash/tests/alertmanager.yaml modified: modules/profile/files/logstash/tests/apache2-access.yaml modified: modules/profile/files/logstash/tests/apache2-error.yaml modified: modules/profile/files/logstash/tests/blackbox-exporter.yaml modified: modules/profile/files/logstash/tests/clienterror.yaml modified: modules/profile/files/logstash/tests/dlq.yaml modified: modules/profile/files/logstash/tests/eventlogging.yaml modified: modules/profile/files/logstash/tests/gerrit.yaml modified: modules/profile/files/logstash/tests/gitlab.yaml modified: modules/profile/files/logstash/tests/icinga.yaml modified: modules/profile/files/logstash/tests/invalid_target_index.yaml modified: modules/profile/files/logstash/tests/knative_activator.yaml modified: modules/profile/files/logstash/tests/kubernetes_docker.yaml modified: modules/profile/files/logstash/tests/logstash.yaml modified: modules/profile/files/logstash/tests/mediawiki.yaml modified: modules/profile/files/logstash/tests/netdev.yaml modified: modules/profile/files/logstash/tests/node.yaml modified: modules/profile/files/logstash/tests/openstack.yaml modified: modules/profile/files/logstash/tests/ores.yaml modified: modules/profile/files/logstash/tests/oslo_json.yaml modified: modules/profile/files/logstash/tests/scap.yaml new file: modules/profile/files/logstash/tests/toolhub.yaml modified: modules/profile/files/logstash/tests/ulogd.yaml modified: modules/profile/files/logstash/tests/w3creportingapi.yaml modified: modules/profile/files/logstash/tests/webrequest.yaml new file: modules/profile/files/pki/intermediates/etcd.pem modified: modules/profile/files/puppet/97-last-puppet-run modified: modules/profile/files/rsyslog/lookup_table_output.json modified: modules/profile/files/trafficserver/multi-dc.lua.conf modified: modules/profile/files/trafficserver/x-wikimedia-debug-routing.lua modified: modules/profile/files/trafficserver/x-wikimedia-debug-routing_test.lua modified: modules/profile/manifests/analytics/refinery/job/data_purge.pp modified: modules/profile/manifests/analytics/refinery/job/test/data_purge.pp modified: modules/profile/manifests/base/firewall.pp modified: modules/profile/manifests/ceph/client/rbd_cloudbackup.pp modified: modules/profile/manifests/ceph/client/rbd_cloudcontrol.pp modified: modules/profile/manifests/ceph/client/rbd_glance.pp modified: modules/profile/manifests/ceph/client/rbd_libvirt.pp modified: modules/profile/manifests/ceph/mon.pp modified: modules/profile/manifests/ceph/osd.pp modified: modules/profile/manifests/dumps/distribution/server.pp modified: modules/profile/manifests/gitlab/runner.pp modified: modules/profile/manifests/kubernetes/deployment_server/mediawiki/mwdebug_deploy.pp modified: modules/profile/manifests/kubernetes/deployment_server/mediawiki/release.pp modified: modules/profile/manifests/ldap/client/labs.pp modified: modules/profile/manifests/logstash/beta.pp modified: modules/profile/manifests/logstash/production.pp modified: modules/profile/manifests/maps/apps.pp modified: modules/profile/manifests/maps/osm_master.pp modified: modules/profile/manifests/maps/osm_replica.pp modified: modules/profile/manifests/maps/postgresql_common.pp modified: modules/profile/manifests/mediawiki/deployment/server.pp modified: modules/profile/manifests/mediawiki/maintenance/wikidata.pp modified: modules/profile/manifests/mirrors/tails.pp modified: modules/profile/manifests/netbox.pp modified: modules/profile/manifests/netbox/db.pp modified: modules/profile/manifests/openstack/base/barbican.pp modified: modules/profile/manifests/openstack/base/cinder.pp modified: modules/profile/manifests/openstack/base/designate/firewall/api.pp modified: modules/profile/manifests/openstack/base/glance.pp modified: modules/profile/manifests/openstack/base/heat.pp modified: modules/profile/manifests/openstack/base/keystone/service.pp modified: modules/profile/manifests/openstack/base/neutron/service.pp modified: modules/profile/manifests/openstack/base/nova/api/service.pp modified: modules/profile/manifests/openstack/base/nova/placement/service.pp modified: modules/profile/manifests/openstack/base/pdns/dns_floating_ip_updater.pp modified: modules/profile/manifests/openstack/base/placement.pp modified: modules/profile/manifests/openstack/base/rabbitmq.pp modified: modules/profile/manifests/openstack/base/radosgw.pp modified: modules/profile/manifests/openstack/base/trove.pp modified: modules/profile/manifests/openstack/codfw1dev/db.pp modified: modules/profile/manifests/openstack/codfw1dev/designate/firewall/api.pp modified: modules/profile/manifests/openstack/codfw1dev/glance.pp modified: modules/profile/manifests/openstack/codfw1dev/haproxy.pp modified: modules/profile/manifests/openstack/codfw1dev/trove.pp modified: modules/profile/manifests/openstack/eqiad1/cumin/target.pp modified: modules/profile/manifests/openstack/eqiad1/designate/firewall/api.pp modified: modules/profile/manifests/openstack/eqiad1/glance.pp modified: modules/profile/manifests/openstack/eqiad1/haproxy.pp modified: modules/profile/manifests/openstack/eqiad1/pdns/dns_floating_ip_updater.pp modified: modules/profile/manifests/openstack/eqiad1/trove.pp modified: modules/profile/manifests/phabricator/main.pp modified: modules/profile/manifests/puppetdb/database.pp new file: modules/profile/manifests/vopsbot.pp new file: modules/profile/manifests/wikifunctions/beta.pp modified: modules/profile/spec/classes/profile_ceph_client_rbd_glance_spec.rb modified: modules/profile/spec/classes/profile_ceph_client_rbd_libvirt_spec.rb modified: modules/profile/spec/classes/profile_ceph_mon_spec.rb modified: modules/profile/spec/classes/profile_ceph_osd_spec.rb modified: modules/profile/templates/cumin/aliases.yaml.erb modified: modules/profile/templates/netbox/netbox.wikimedia.org.erb modified: modules/profile/templates/openstack/eqiad1/cumin/userkey.erb modified: modules/profile/templates/wmcs/db/wikireplicas/maintain-views.yaml modified: modules/prometheus/manifests/blackbox/check/http.pp new file: modules/prometheus/manifests/blackbox/check/icmp.pp modified: modules/prometheus/manifests/blackbox/import_checks.pp new file: modules/prometheus/spec/defines/prometheus_blackbox_check_icmp_spec.rb modified: modules/rancid/manifests/init.pp modified: modules/role/files/logging/logspam.pl modified: modules/role/manifests/alerting_host.pp new file: modules/role/manifests/analytics_cluster/airflow/platform_eng_legacy.pp modified: modules/role/manifests/etcd/v3/dse_k8s_etcd.pp modified: modules/role/manifests/wmcs/openstack/eqiad1/control.pp modified: modules/sbuild/manifests/chroot.pp modified: modules/scap/manifests/master.pp modified: modules/scap/manifests/target.pp modified: modules/scap/templates/scap.cfg.erb modified: modules/service/templates/docker-service-shim.erb modified: modules/swift/files/codfw-prod_hosts.yaml modified: modules/swift/manifests/ring_manager.pp modified: modules/sysfs/manifests/conffile.pp modified: modules/sysfs/manifests/init.pp modified: modules/sysfs/manifests/parameters.pp modified: modules/sysfs/templates/sysfs.conf.erb modified: modules/tilerator/manifests/init.pp modified: modules/tilerator/manifests/ui.pp modified: modules/varnish/files/tests/Dockerfile modified: modules/varnish/files/tests/confd_stub_data.yaml new file: modules/varnish/files/tests/text/44-querysort.vtc modified: modules/varnish/templates/wikimedia-frontend.vcl.erb new file: modules/vopsbot/files/schema.sql new file: modules/vopsbot/manifests/init.pp new file: modules/vopsbot/templates/systemd.unit.erb new file: modules/vopsbot/types/user.pp modified: modules/wmflib/lib/puppet/parser/functions/ipresolve.rb modified: modules/wmflib/spec/functions/ipresolve_spec.rb new file: modules/wmflib/spec/type_aliases/dns_srv_spec.rb new file: modules/wmflib/types/dns/srv.pp Unmerged paths: (use "git add ..." to mark resolution) both modified: modules/profile/manifests/etcd/v3.pp Untracked files: (use "git add ..." to include in what will be committed) modules/profile/files/ssl/deployment-elastic10.deployment-prep.eqiad.wmflabs.crt modules/profile/files/ssl/deployment-elastic10.deployment-prep.eqiad1.wikimedia.cloud.crt modules/profile/files/ssl/deployment-elastic11.deployment-prep.eqiad.wmflabs.crt modules/profile/files/ssl/elastic.deployment-prep.eqiad1.wikimedia.cloud.crt root@deployment-puppetmaster04:/var/lib/git/operations/puppet(production *+%|MERGING u+11-279)# git diff diff --cc modules/profile/manifests/etcd/v3.pp index 7460714ca88,13696b9215e..00000000000 --- a/modules/profile/manifests/etcd/v3.pp +++ b/modules/profile/manifests/etcd/v3.pp @@@ -65,27 -63,36 +72,55 @@@ class profile::etcd::v3 $peers_list = $discovery $srv_dns = undef $certname = $::fqdn + file { '/etc/etcd/': + ensure => directory, + owner => 'etcd', + group => 'etcd', + require => Package['etcd-server'], + before => Service['etcd'] + } + $cert_path = '/etc/etcd/ssl/cert.pem' + $key_path = '/etc/etcd/ssl/server.key' + # In this case, just use puppet host certs + # TODO: switch everything to use profile::pki::client + puppet::expose_agent_certs { '/etc/etcd': + ensure => present, + provide_private => true, + user => 'etcd', + group => 'etcd', + require => Package['etcd-server'], + before => Service['etcd'] + } } + # TLS certs *for etcd use* in peer-to-peer communications. + # Tlsproxy will use other certificates. + + # This option uses the puppet CA based certificates + if ! $use_pki_certs { + sslcert::certificate { $certname: + skip_private => false, + group => 'etcd', + require => Package['etcd-server'], + before => Service['etcd'], + } + + $trusted_ca = '/etc/ssl/certs/Puppet_Internal_CA.pem' + $ssl_paths = { + 'chained' => "/etc/ssl/localcerts/${certname}.crt", + 'key' => "/etc/ssl/private/${certname}.key", + } + } + # This option allows the CFSSL based PKI to be used with the etcd intermediate + else { + $trusted_ca = '/etc/ssl/certs/wmf-ca-certificates.crt' + $ssl_paths = profile::pki::get_cert('etcd', $certname, { + hosts => [$facts['networking']['fqdn']], + owner => 'etcd', + outdir => '/var/lib/etcd/ssl', + } ) + } + # Service class { '::etcd::v3': cluster_name => $cluster_name, @@@ -95,11 -102,11 +130,19 @@@ use_client_certs => $use_client_certs, max_latency_ms => $max_latency, adv_client_port => $adv_client_port, ++<<<<<<< HEAD + trusted_ca => '/etc/ssl/certs/Puppet_Internal_CA.pem', + client_cert => $cert_path, + client_key => $key_path, + peer_cert => $cert_path, + peer_key => $key_path, ++======= + trusted_ca => $trusted_ca, + client_cert => $ssl_paths['chained'], + client_key => $ssl_paths['key'], + peer_cert => $ssl_paths['chained'], + peer_key => $ssl_paths['key'], ++>>>>>>> bee77e72b800b8a8f08883b89408fe11bdc0bf7b } # Monitoring