[PUP-10104] puppet device fails when using csr_attributes.yaml - Puppet Jira Server

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: PUP 6.11.0
Component/s: None
Labels:
- beginner
- resolved-issue-added

Acceptance Criteria:

Hide

Create a csr_attributes.yaml file as described in https://puppet.com/docs/puppet/latest/config_file_csr_attributes.html. Run puppet agent, puppet ssl and puppet device and verify the submitted CSR on the CA contains the attributes. For example:

$ cat attributes.yaml

---

custom_attributes:

  1.2.840.113549.1.9.7: 342thbjkt82094y0uthhor289jnqthpc2290

extension_requests:

  pp_uuid: ED803750-E3C7-44F5-BB08-41A04433FE2E

  pp_image_name: my_ami_image

  pp_preshared_key: 342thbjkt82094y0uthhor289jnqthpc2290

$ bundle exec puppet agent -t --certname test1 --csr_attributes attributes.yaml

Info: Creating a new SSL key for test1

Info: csr_attributes file loading from /Users/josh/work/puppet/attributes.yaml

Info: Creating a new SSL certificate request for test1

Info: Certificate Request fingerprint (SHA256): F3:1F:70:8C:96:14:D6:92:33:39:62:3B:76:4E:72:39:8D:6E:D7:5E:72:73:FE:A5:6C:17:5D:CE:01:0F:78:04

Info: Certificate for test1 has not been signed yet

$ openssl req -in ~/.puppetlabs/etc/puppet/ssl/certificate_requests/test1.pem -noout -text

...

        Attributes:

            challengePassword        :342thbjkt82094y0uthhor289jnqthpc2290

        Requested Extensions:

            1.3.6.1.4.1.34380.1.1.1:

                .$ED803750-E3C7-44F5-BB08-41A04433FE2E

            1.3.6.1.4.1.34380.1.1.3:

                ..my_ami_image

            1.3.6.1.4.1.34380.1.1.4:

                .$342thbjkt82094y0uthhor289jnqthpc2290

Show

Create a csr_attributes.yaml file as described in https://puppet.com/docs/puppet/latest/config_file_csr_attributes.html . Run puppet agent , puppet ssl and puppet device and verify the submitted CSR on the CA contains the attributes. For example: $ cat attributes.yaml --- custom_attributes: 1.2.840.113549.1.9.7: 342thbjkt82094y0uthhor289jnqthpc2290 extension_requests: pp_uuid: ED803750-E3C7-44F5-BB08-41A04433FE2E pp_image_name: my_ami_image pp_preshared_key: 342thbjkt82094y0uthhor289jnqthpc2290 $ bundle exec puppet agent -t --certname test1 --csr_attributes attributes.yaml Info: Creating a new SSL key for test1 Info: csr_attributes file loading from /Users/josh/work/puppet/attributes.yaml Info: Creating a new SSL certificate request for test1 Info: Certificate Request fingerprint (SHA256): F3:1F:70:8C:96:14:D6:92:33:39:62:3B:76:4E:72:39:8D:6E:D7:5E:72:73:FE:A5:6C:17:5D:CE:01:0F:78:04 Info: Certificate for test1 has not been signed yet $ openssl req -in ~/.puppetlabs/etc/puppet/ssl/certificate_requests/test1.pem -noout -text ... Attributes: challengePassword :342thbjkt82094y0uthhor289jnqthpc2290 Requested Extensions: 1.3.6.1.4.1.34380.1.1.1: .$ED803750-E3C7-44F5-BB08-41A04433FE2E 1.3.6.1.4.1.34380.1.1.3: ..my_ami_image 1.3.6.1.4.1.34380.1.1.4: .$342thbjkt82094y0uthhor289jnqthpc2290

Team:
Coremunity
Sprint:
Platform Core KANBAN
Method Found:
Needs Assessment

Release Notes:
Bug Fix
Release Notes Summary:
The `csr_attributes.yaml` file can now be specified when requesting a certificate signing request for a device using "puppet device --target devicename"

QA Risk Assessment:
Needs Assessment

Description

Whilst trying to use trusted facts for my puppet device, I noticed the `puppet device --target devicename` fail with the error "OBJ_txt2obj: first num too large". However, manually requesting the cert with `puppet ssl` does work and behaves as expected. Guessing it's related to PUP-9746, or at least a similar issue.

Desired Behavior: First `puppet device` run should request a cert with correct extension requests

Actual Behavior: First `puppet device` run fails with "Cannot create CSR with extension request extension_name: OBJ_txt2obj: first num too large"

Attachments

Activity

People

Assignee:: Jonas Verhofsté

Reporter:: Jonas Verhofsté

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2019/10/15 3:07 AM

Updated:: 2019/11/21 1:58 AM

Resolved:: 2019/11/12 5:06 PM