Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(is_master-fact): use --ssl if --sslPEMKeyFile or --sslCAFile is s… #573

Merged
merged 2 commits into from
Feb 10, 2020
Merged

fix(is_master-fact): use --ssl if --sslPEMKeyFile or --sslCAFile is s… #573

merged 2 commits into from
Feb 10, 2020

Conversation

buchstabensalat
Copy link
Contributor

Pull Request (PR) description

When using SSL in any other mode than requireSSL and you have specified a server or ca-certificate the mongodb_is_master fact will fail.

It will generate a shell command like "mongo --quiet --sslPEMKeyFile $file" which results in an
"Failed global initialization: BadValue ssl is required when ssl.PEMKeyFile is specified".

This pull-Request ensures that "--ssl" is also set when setting --sslPEMKeyFile or --sslCAFile.

@buchstabensalat buchstabensalat force-pushed the fix_facter_allowSSL branch 2 times, most recently from b11b52d to 4cf3cdf Compare January 15, 2020 15:06
@bastelfreak bastelfreak added the bug Something isn't working label Jan 30, 2020
@bastelfreak
Copy link
Member

Thanks for the PR @buchstabensalat. Can you take a look at the used email address in the commit? It isn't associated with your github account.

@buchstabensalat
fix(mongodb.rb): make use of local fqdn for puppet connections when l…
473b602 
…istening to 0.0.0.0 or ::0 because localhost ist not part of any certificate if ssl is enabled
@buchstabensalat
Copy link
Contributor Author

Hi,

i have changed the mailaddress of the commit.
And I just found a bug that is related to this one.
If the mongodb is bound to 0.0.0.0 or ::0 127.0.0.1 or ::1 is used to connect to the database.
This does not work if ssl/tls is enabled because the local adresses are not part of the certificate (at least if not using self-signed certificates).
I therefore changed it to use the fqdn-address which should work on every system.

@bastelfreak bastelfreak merged commit 24072a9 into voxpupuli:master Feb 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ekohl ekohl Awaiting requested review from ekohl

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@buchstabensalat @bastelfreak