From 9ebdd900a9ae05a150f85355bcf682c7cc3688ad Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Fri, 20 Mar 2026 22:57:30 +1100 Subject: [PATCH] fix: update ENC script CA certificate path - Mount vault-ca-cert secret at /opt/vault-ca-cert.crt in both deployments - Update cobbler-enc script to use correct CA certificate path - Resolves OSError about missing TLS CA certificate bundle --- apps/base/puppet/deployment_puppetserver-compiler.yaml | 6 ++++++ apps/base/puppet/deployment_puppetserver-master.yaml | 6 ++++++ apps/base/puppet/resources/cobbler-enc | 2 +- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/apps/base/puppet/deployment_puppetserver-compiler.yaml b/apps/base/puppet/deployment_puppetserver-compiler.yaml index 2ef724a..1e18d22 100644 --- a/apps/base/puppet/deployment_puppetserver-compiler.yaml +++ b/apps/base/puppet/deployment_puppetserver-compiler.yaml @@ -96,6 +96,9 @@ spec: readOnly: true - mountPath: /opt/bin/ name: puppet-shared-bins + - mountPath: /opt/vault-ca-cert.crt + name: vault-ca-cert + subPath: ca.crt initContainers: - name: copy-configmaps image: busybox:1.35 @@ -229,5 +232,8 @@ spec: - name: puppet-shared-bins persistentVolumeClaim: claimName: puppet-shared-bins + - name: vault-ca-cert + secret: + secretName: vault-ca-cert strategy: type: RollingUpdate diff --git a/apps/base/puppet/deployment_puppetserver-master.yaml b/apps/base/puppet/deployment_puppetserver-master.yaml index a6dd57b..ca1275a 100644 --- a/apps/base/puppet/deployment_puppetserver-master.yaml +++ b/apps/base/puppet/deployment_puppetserver-master.yaml @@ -95,6 +95,9 @@ spec: readOnly: true - mountPath: /opt/bin/ name: puppet-shared-bins + - mountPath: /opt/vault-ca-cert.crt + name: vault-ca-cert + subPath: ca.crt initContainers: - args: - mkdir -p /etc/puppetlabs/puppet/eyaml/keys; @@ -168,3 +171,6 @@ spec: - name: puppet-shared-bins persistentVolumeClaim: claimName: puppet-shared-bins + - name: vault-ca-cert + secret: + secretName: vault-ca-cert diff --git a/apps/base/puppet/resources/cobbler-enc b/apps/base/puppet/resources/cobbler-enc index 8943cfb..3dd9aa8 100755 --- a/apps/base/puppet/resources/cobbler-enc +++ b/apps/base/puppet/resources/cobbler-enc @@ -20,7 +20,7 @@ def fetch_enc_data(cobbler_url: str, hostname: str) -> str: """ url = f"{cobbler_url}/cblr/svc/op/puppet/hostname/{hostname}" try: - response = requests.get(url, verify='/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem') + response = requests.get(url, verify='/opt/vault-ca-cert.crt') response.raise_for_status() except requests.RequestException as e: sys.exit(f"Request failed: {e}") -- 2.47.3