Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10104

puppet device fails when using csr_attributes.yaml

    Details

    • Template:
      PUP Bug Template
    • Acceptance Criteria:
      Hide

      Create a csr_attributes.yaml file as described in https://puppet.com/docs/puppet/latest/config_file_csr_attributes.html. Run puppet agent, puppet ssl and puppet device and verify the submitted CSR on the CA contains the attributes. For example:

      $ cat attributes.yaml
      ---
      custom_attributes:
        1.2.840.113549.1.9.7: 342thbjkt82094y0uthhor289jnqthpc2290
      extension_requests:
        pp_uuid: ED803750-E3C7-44F5-BB08-41A04433FE2E
        pp_image_name: my_ami_image
        pp_preshared_key: 342thbjkt82094y0uthhor289jnqthpc2290
      $ bundle exec puppet agent -t --certname test1 --csr_attributes attributes.yaml
      Info: Creating a new SSL key for test1
      Info: csr_attributes file loading from /Users/josh/work/puppet/attributes.yaml
      Info: Creating a new SSL certificate request for test1
      Info: Certificate Request fingerprint (SHA256): F3:1F:70:8C:96:14:D6:92:33:39:62:3B:76:4E:72:39:8D:6E:D7:5E:72:73:FE:A5:6C:17:5D:CE:01:0F:78:04
      Info: Certificate for test1 has not been signed yet
      $ openssl req -in ~/.puppetlabs/etc/puppet/ssl/certificate_requests/test1.pem -noout -text
      ...
              Attributes:
                  challengePassword        :342thbjkt82094y0uthhor289jnqthpc2290
              Requested Extensions:
                  1.3.6.1.4.1.34380.1.1.1:
                      .$ED803750-E3C7-44F5-BB08-41A04433FE2E
                  1.3.6.1.4.1.34380.1.1.3:
                      ..my_ami_image
                  1.3.6.1.4.1.34380.1.1.4:
                      .$342thbjkt82094y0uthhor289jnqthpc2290
      

      Show
      Create a csr_attributes.yaml file as described in https://puppet.com/docs/puppet/latest/config_file_csr_attributes.html . Run puppet agent , puppet ssl and puppet device and verify the submitted CSR on the CA contains the attributes. For example: $ cat attributes.yaml --- custom_attributes: 1.2.840.113549.1.9.7: 342thbjkt82094y0uthhor289jnqthpc2290 extension_requests: pp_uuid: ED803750-E3C7-44F5-BB08-41A04433FE2E pp_image_name: my_ami_image pp_preshared_key: 342thbjkt82094y0uthhor289jnqthpc2290 $ bundle exec puppet agent -t --certname test1 --csr_attributes attributes.yaml Info: Creating a new SSL key for test1 Info: csr_attributes file loading from /Users/josh/work/puppet/attributes.yaml Info: Creating a new SSL certificate request for test1 Info: Certificate Request fingerprint (SHA256): F3:1F:70:8C:96:14:D6:92:33:39:62:3B:76:4E:72:39:8D:6E:D7:5E:72:73:FE:A5:6C:17:5D:CE:01:0F:78:04 Info: Certificate for test1 has not been signed yet $ openssl req -in ~/.puppetlabs/etc/puppet/ssl/certificate_requests/test1.pem -noout -text ... Attributes: challengePassword :342thbjkt82094y0uthhor289jnqthpc2290 Requested Extensions: 1.3.6.1.4.1.34380.1.1.1: .$ED803750-E3C7-44F5-BB08-41A04433FE2E 1.3.6.1.4.1.34380.1.1.3: ..my_ami_image 1.3.6.1.4.1.34380.1.1.4: .$342thbjkt82094y0uthhor289jnqthpc2290
    • Team:
      Coremunity
    • Sprint:
      Platform Core KANBAN
    • Method Found:
      Needs Assessment
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      The `csr_attributes.yaml` file can now be specified when requesting a certificate signing request for a device using "puppet device --target devicename"
    • QA Risk Assessment:
      Needs Assessment

      Description

      Whilst trying to use trusted facts for my puppet device, I noticed the `puppet device --target devicename` fail with the error "OBJ_txt2obj: first num too large". However, manually requesting the cert with `puppet ssl` does work and behaves as expected. Guessing it's related to PUP-9746, or at least a similar issue.

      Desired Behavior: First `puppet device` run should request a cert with correct extension requests

      Actual Behavior: First `puppet device` run fails with "Cannot create CSR with extension request extension_name: OBJ_txt2obj: first num too large"

        Attachments

          Activity

            People

            • Assignee:
              jonasvh Jonas Verhofsté
              Reporter:
              jonasvh Jonas Verhofsté
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support