Make sure we trust internal cdn CA

Update key paths to reflect internal CA
2024-10-10 10:19:00 +02:00 · 2024-10-10 10:17:39 +02:00
2 changed files with 7 additions and 6 deletions
--- a/global/overlay/etc/puppet/modules/cdn/manifests/mqtt.pp
+++ b/global/overlay/etc/puppet/modules/cdn/manifests/mqtt.pp
@ -9,6 +9,7 @@ class cdn::mqtt(
 )
 {
  include sunet::packages::certbot
+  include cdn::ca_trust

  package {'mosquitto': ensure => installed }

--- a/global/overlay/etc/puppet/modules/cdn/templates/mqtt/cdn.conf.erb
+++ b/global/overlay/etc/puppet/modules/cdn/templates/mqtt/cdn.conf.erb
@ -1,7 +1,7 @@
 listener 8883
-cafile /etc/mosquitto/ca_certificates/ca.crt
-certfile /etc/mosquitto/certs/<%= @networking['fqdn'] %>.crt
-keyfile /etc/mosquitto/certs/<%= @networking['fqdn'] %>.key
+cafile /etc/mosquitto/ca_certificates/chain.pem
+certfile /etc/mosquitto/certs/cert.pem
+keyfile /etc/mosquitto/certs/privkey.pem
 require_certificate true
 use_identity_as_username true
 acl_file /etc/mosquitto/aclfile
@ -12,8 +12,8 @@ log_type all
 connection <%= @dc %>-to-<%= remote_dc %>
 address <%= bridge_config['address'] %>:address <%= bridge_config['port'] %>:
 topic cdn/<%= @dc %>/purge out 1
-bridge_cafile /etc/mosquitto/ca_certificates/ca.crt
-bridge_certfile /etc/mosquitto/certs/<%= @networking['fqdn'] %>.crt
-bridge_keyfile /etc/mosquitto/certs/<%= @networking['fqdn'] %>.key
+bridge_cafile /usr/local/share/ca-certificates/step_ca_root.crt
+bridge_certfile /etc/mosquitto/certs/cert.pem
+bridge_keyfile /etc/mosquitto/certs/privkey.pem

 <% end -%>
Author	SHA1	Message	Date
Patrik Lundin	d78d8c22b1	Make sure we trust internal cdn CA	2024-10-10 10:19:00 +02:00
Patrik Lundin	b44fb5ce43	Update key paths to reflect internal CA	2024-10-10 10:17:39 +02:00