From 9188abffbe048c9c0713ea7fb4ef22ea93ae1d80 Mon Sep 17 00:00:00 2001 From: Stefan - Zipkid - Goethals Date: Wed, 2 Oct 2024 12:02:27 +0200 Subject: [PATCH] Always apply dns alt names if set Even when when CA_ENABLED is true. The instance of the puppetserver also needs the DNS_ALT_NAMES set. This also requires CA_ALLOW_SUBJECT_ALT_NAMES to be set to true. --- puppetserver/docker-entrypoint.d/70-set-dns-alt-names.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/puppetserver/docker-entrypoint.d/70-set-dns-alt-names.sh b/puppetserver/docker-entrypoint.d/70-set-dns-alt-names.sh index cb3a52d7..37b14e38 100755 --- a/puppetserver/docker-entrypoint.d/70-set-dns-alt-names.sh +++ b/puppetserver/docker-entrypoint.d/70-set-dns-alt-names.sh @@ -2,13 +2,15 @@ set -e +config_section=main + # Allow setting dns_alt_names for the compilers certificate. This # setting will only have an effect when the container is started without # an existing certificate on the /etc/puppetlabs/puppet volume -if [ -n "${DNS_ALT_NAMES}" ] && [ "${CA_ENABLED}" != "true" ]; then +if [ -n "${DNS_ALT_NAMES}" ]; then certname=$(puppet config print certname) if test ! -f "${SSLDIR}/certs/$certname.pem" ; then - puppet config set dns_alt_names "${DNS_ALT_NAMES}" --section agent + puppet config set dns_alt_names "${DNS_ALT_NAMES}" --section "${config_section}" else actual=$(puppet config print dns_alt_names --section "${config_section}") if test "${DNS_ALT_NAMES}" != "${actual}" ; then