| PR 7612 added ssl cert persistence by symlinking the ssldir in /etc to the one in /opt, working around the fact that the device confdir is the same as the vardir. Not sure if that was ever a workaround for another issue, but since the deviceconfdir gets created anyway, why not use it as the confdir for the device too? For example: when you want to use csr_attributes.yaml for your devices, you need to put the file in /opt/puppetlabs/puppet/cache/devices/devicename/csr_attributes.yaml. Instead of the logical /etc/puppetlabs/puppet/devices/devicename/csr_attributes.yaml. I realize the absence of the file doesn't mean the extensions themselves get lost, they're still in the cert, but it's a real inconvenience in my opinion. As far as I can tell, the fix would be fairly small (just playing around with some parameters at the previously linked lines). It maybe even could remove the need for the symlinked ssl-dir, since it will go looking in the right dir in the first place (or am I missing something obvious here)? Either way, if setting the device confdir to puppet's vardir is a conscious choice/workaround for another issue, then this can be ignored. But if it isn't, I can make always make a PR. |
