[chef] Re: Re: Chaining SSL certificates at deployment time.


Chronological Thread 
  • From: "Jason J. W. Williams" < >
  • To:
  • Subject: [chef] Re: Re: Chaining SSL certificates at deployment time.
  • Date: Thu, 7 Jul 2011 18:42:51 -0600

Hi Aaron,

Thank you very much. The :immediate flag seems to get rid of the issue. It was driving me batty trying to fix the bug. 

-J

On Thu, Jul 7, 2011 at 6:26 PM, Aaron Peterson < "> > wrote:
Yes, unless I'm missing something, each uniquely named execute
resource should have its own notifies queue, so your code should work.
 For now you might want to try:

   notifies :run, "execute[add chain certificate #{cert}]", :immediate

This will cause those actions to happen immediately after each
cookbook_file resource rather than at the end with the rest of the
delayed actions, like nginx's service restart, which you *do* only
want one of.


On Thu, Jul 7, 2011 at 16:09, Jason J. W. Williams
< "> > wrote:
> Since nginx requires that intermediate chaining certificates be concatenated
> in the same .crt file as the SSL cert for the website, I've been trying to
> write my recipe to install the SSL cert and chaining cert files separately
> and then dynamically concatenating them into a new composite cert. For
> example, I have my actual certs cert1.crt and cert2.crt, this would produce
> composite-cert1.crt and composite-cert2.crt. However, the recipe code
> (https://gist.github.com/1070755) only triggers the chaining for cert1:
> cookbook_file[/etc/nginx/ssl/cert1.crt] sending run action to execute[add
> chain certificate cert1.crt]
> ...
> cookbook_file[/etc/nginx/ssl/cert2.crt] not queuing delayed action run on
> execute[add chain certificate cert2.crt] (delayed), as it's already been
> queued
> Any pointers would be greatly appreciated.
> -J



--
Aaron Peterson < "> >
Opscode Technical Evangelist




Archive powered by MHonArc 2.6.16.

§