Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Puppet Strings Reference & Corosync Crypto #460

Merged
merged 2 commits into from
Mar 2, 2019
Merged

Puppet Strings Reference & Corosync Crypto #460

merged 2 commits into from
Mar 2, 2019

Conversation

pdemonaco
Copy link
Contributor

Pull Request (PR) description

The following enhancements are incorporated in this pull request:

  • Puppet Strings - Updated each of the existing manifest and type files to generate a REFERENCE.md
    via puppet strings. Also tweaked the wording in some places to make things clearer.
  • Corosync Crypto - Updates the mechanism to provide the authkey for Corosync secure communication and includes documentation on how to create the key. Additionally, updates the configuration file to use the crypto_hash and crypto_cipher directives instead of the deprecated secauth directive in corosync.conf. Note that this change is restricted to operating system versions which are known to run at least Corosync 2.x. Older variants continue to utilize the secauth flag and ignore the new crypto_hash and crypto_cipher directives.

Note that this PR is a partial split of changes currently in PR #458. Hopefully
separating these changes will make the features in that PR somewhat easier to work with.

This Pull Request (PR) fixes the following issues

Fixes #453

@pdemonaco
Puppet Strings Reference & Corosync Crypto
3870049 
Updated each of the existing manifest files to generate a REFERENCE.md
via puppet strings.

Corosync Crypto Update

Replaced 'secauth' in corosync.conf with the current crypto_hash and
crypto_cipher parameters and updated the main class to take the appropriate
arguments.

Note that this change is not used on older versions of
Ubuntu, RedHat/CentOS, and Debian which are still supported by this
module but utilize Corosync 1.x instead of 2.x. Those OSs which are
still supported continue to use the 'secauth' parameter and ignore the
valuse of crypto_hash and crypto_cipher.

Additionally, the documentation has been fleshed out to detail creating and
deploying a secure key for Corosync's communication based on the corosync-keygen
process. This also includes an updated to deploy the key file in a binary format
as the application does not specify which key formats are supported.
@pdemonaco
Copy link
Contributor Author

@bastelfreak @towo As requested I've split the documentation changes out to a new branch. Unfortunately the crypto changes were already squashed into that original documentation commit and I'd rather not tease them apart, particularly since it's such a small change. Instead, I've attempted to address the corosync 1.x compatibility concern. Thoughts?

Also, I didn't pull the change fixing Ruby 2.1.9 into this PR so it's going to fail on that in travis.

alexjfisher
alexjfisher reviewed Feb 28, 2019
View reviewed changes
manifests/init.pp Outdated Show resolved Hide resolved
alexjfisher
alexjfisher requested changes Feb 28, 2019
View reviewed changes
Copy link
Member

@alexjfisher alexjfisher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent work! Could you remove any duplicated type information from the puppet strings parameter docs?

@pdemonaco
Puppet String Cleanup
4c63964 
Removing redundant declaration of the type on each puppet string line.
Per the style guide here:
https://puppet.com/docs/puppet/5.5/puppet_strings_style.html#parameters
@pdemonaco pdemonaco force-pushed the documentation-rework-for-puppet-strings branch from 93210db to 4c63964 Compare February 28, 2019 15:44
@pdemonaco
Copy link
Contributor Author

Excellent work! Could you remove any duplicated type information from the puppet strings parameter docs?

@alexjfisher Should be all set

@pdemonaco pdemonaco mentioned this pull request Mar 1, 2019
Merged
@alexjfisher alexjfisher added the enhancement New feature or request label Mar 2, 2019
@alexjfisher
Copy link
Member

@pdemonaco Thanks!

@alexjfisher alexjfisher merged commit 5a13acc into voxpupuli:master Mar 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexjfisher alexjfisher alexjfisher approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add crypt_hash and crypt_cipher as secauth = deprecated
2 participants
@pdemonaco @alexjfisher