Page MenuHomeSoftware Heritage

defaults: Move gpg/certificate blocks to a dedicated config file

Authored by ardumont on Aug 5 2019, 6:54 PM.




  • avoid further errors when touching needed blank spaces
  • reduce the defaults.yaml's already too big size
Test Plan

bin/octocatalog <node>
Nothing new

Also tested live in staging environment and same. Nothing to complain.

Diff Detail

rSPSITE puppet-swh-site
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

ardumont created this revision.Aug 5 2019, 6:54 PM
ardumont edited the test plan for this revision. (Show Details)Aug 5 2019, 6:56 PM
ardumont added inline comments.Aug 6 2019, 10:28 AM

I don't like that name, i'll rename it to defaults_security.yaml.
We are dealing with public key/cert block, this is security related.
We are specifying that we trust those.

ardumont updated this revision to Diff 6131.Aug 6 2019, 10:31 AM

Rename defaults_gpg.yaml to defaults_security.yaml

I've checked back (after the new modification) and bin/octocatalog is still happy.
It still does not want to touch anything.


that name

was defaults_gpg.yaml...

ftigeot accepted this revision.Aug 6 2019, 10:49 AM
This revision is now accepted and ready to land.Aug 6 2019, 10:49 AM

as @anlambert mentioned to me, maybe puppet could load those blocks from files, but let's check that later ;)

anlambert accepted this revision.Aug 6 2019, 11:21 AM

Looks good to me. This is helpful as I can't count the number of times the auto-trimming feature of my text editor removed those needed spaces.

I am also wondering if each GPG key / certificate could be put in a separate file then read by puppet and integrated in the YAML file.

ardumont updated this revision to Diff 6135.Aug 6 2019, 11:24 AM

Plug to production branch

This revision was automatically updated to reflect the committed changes.