Merge pull request #97 from voxpupuli/95-security-problem-autosign

fix: remove general autosigning and switch to server in puppet config commands
voxpupuli · Jul 19, 2024 · 2b0edf7 · 2b0edf7
2 parents ce17b34 + 46a4616
commit 2b0edf7
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 7 deletions.
diff --git a/puppetserver/Dockerfile b/puppetserver/Dockerfile
@@ -110,7 +110,6 @@ RUN apt-get update && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* && \
     gem install --no-doc r10k && \
-    puppet config set autosign true --section master && \
     cp -pr /etc/puppetlabs/puppet /var/tmp && \
     cp -pr /opt/puppetlabs/server/data/puppetserver /var/tmp && \
     rm -rf /var/tmp/puppet/ssl

diff --git a/puppetserver/docker-entrypoint.d/60-setup-autosign.sh b/puppetserver/docker-entrypoint.d/60-setup-autosign.sh
@@ -5,5 +5,5 @@ set -e
 # Configure puppet to use a certificate autosign script (if it exists)
 # AUTOSIGN=true|false|path_to_autosign.conf
 if test -n "${AUTOSIGN}" ; then
-  puppet config set autosign "$AUTOSIGN" --section master
+  puppet config set autosign "$AUTOSIGN" --section server
 fi
diff --git a/puppetserver/docker-entrypoint.d/85-setup-storeconfigs.sh b/puppetserver/docker-entrypoint.d/85-setup-storeconfigs.sh
@@ -3,24 +3,24 @@
 set -e
 
 if [ -n "$PUPPET_STORECONFIGS_BACKEND" ]; then
-  puppet config set storeconfigs_backend $PUPPET_STORECONFIGS_BACKEND --section master
+  puppet config set storeconfigs_backend $PUPPET_STORECONFIGS_BACKEND --section server
 fi
 
 if [ -n "$PUPPET_STORECONFIGS" ]; then
-  puppet config set storeconfigs $PUPPET_STORECONFIGS --section master
+  puppet config set storeconfigs $PUPPET_STORECONFIGS --section server
 fi
 
 if [ -n "$PUPPET_REPORTS" ]; then
-  puppet config set reports $PUPPET_REPORTS --section master
+  puppet config set reports $PUPPET_REPORTS --section server
 fi
 
 # reset defaults if USE_PUPPETDB is false, but don't overwrite custom settings
 if [ "$USE_PUPPETDB" = 'false' ]; then
   if [ "$PUPPET_REPORTS" = 'puppetdb' ]; then
-    puppet config set reports log --section master
+    puppet config set reports log --section server
   fi
 
   if [ "$PUPPET_STORECONFIGS_BACKEND" = 'puppetdb' ]; then
-    puppet config set storeconfigs false --section master
+    puppet config set storeconfigs false --section server
   fi
 fi